diff options
Diffstat (limited to 'config')
590 files changed, 38854 insertions, 48115 deletions
diff --git a/config/anyterm/access_anyterm.php b/config/anyterm/access_anyterm.php deleted file mode 100644 index b1703932..00000000 --- a/config/anyterm/access_anyterm.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php -/* - access_anyterm.php - pfSense package (http://www.pfSense.com) - Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.org> - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -if($config['installedpackages']['anyterm']['config'][0]['stunnelport']) { - $port = $config['installedpackages']['anyterm']['config'][0]['stunnelport']; - $httpors = "https"; -} else { - $port = $config['installedpackages']['anyterm']['config'][0]['port']; - $httpors = "http"; -} - -$location = "{$_SERVER['SERVER_ADDR']}:{$port}/anyterm.html"; - -Header("Location: {$httpors}://{$location}"); - -?>
\ No newline at end of file diff --git a/config/anyterm/anyterm.inc b/config/anyterm/anyterm.inc deleted file mode 100644 index 5ec4e5f1..00000000 --- a/config/anyterm/anyterm.inc +++ /dev/null @@ -1,118 +0,0 @@ -<?php -/* - anyterm.inc - pfSense package (http://www.pfSense.com) - Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.org> - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -function anyterm_deinstall() { - global $g, $config; - conf_mount_rw(); - exec("killall anytermd"); - exec("rm /usr/local/etc/rc.d/anyterm.sh"); - exec("rm /usr/local/sbin/anytermd"); -} - -function anyterm_install() { - global $g, $config; - - conf_mount_rw(); - - // Grab latest version of executablevi / - $freebsdv=trim(`uname -r | cut -d'.' -f1`); - `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/anyterm/binaries{$freebsdv}/anytermd`; - exec("chmod a+rx /usr/local/sbin/anytermd"); - - if($config['installedpackages']['anyterm']['config'][0]['username']) - $port = " --port {$config['installedpackages']['anyterm']['config'][0]['port']}"; - - // This will bring up the pfSense style menu - $anytermd_command = "anytermd --user root --command '/etc/rc.initial' --auth trivial $port"; - - $anyterm = <<<EOD -#!/bin/sh - -# PROVIDE: anyterm -# REQUIRE: LOGIN -# KEYWORD: FreeBSD - -. /etc/rc.subr - -name="anyterm" -rcvar=`set_rcvar` -command="/usr/local/bin/anyterm" -anyterm_enable=\${anyterm-"YES"} - -start_cmd="anyterm_start" -stop_postcmd="anyterm_stop" - -load_rc_config \$name - -anyterm_start () { - if [ -f /var/etc/anyterm.conf ]; then - if [ `ps awux | grep -v grep | grep anytermd | wc -l` -gt 0 ]; then - killall anytermd - fi - /usr/bin/env \ - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ - /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF - <?php - require_once("globals.inc"); - require_once("functions.inc"); - require_once("anyterm.inc"); - anyterm_install(); - ?> -ENDOFF - - fi -} - -anyterm_stop () { - echo "Stopping anyterm." - killall anyterm -} - -run_rc_command "\$1" - -EOD; - - // Write out file - $fd = fopen("/usr/local/etc/rc.d/anyterm.sh", "w"); - fwrite($fd, $anyterm); - fclose($fd); - // Make executable - exec("chmod a+rx /usr/local/etc/rc.d/anyterm.sh"); - - // Write out Anyterm configuration file (username and password for auth) - $fd = fopen("/var/etc/anyterm.conf", "w"); - fwrite($fd, $config['installedpackages']['anyterm']['config'][0]['username'] . "\n"); - fwrite($fd, $config['installedpackages']['anyterm']['config'][0]['password'] . "\n"); - fclose($fd); - exec("chmod a-r /var/etc/anyterm.conf ; chmod ug+r /var/etc/anyterm.conf ; killall anytermd"); - exec($anytermd_command); - -} - -?>
\ No newline at end of file diff --git a/config/anyterm/binaries7/anytermd b/config/anyterm/binaries7/anytermd Binary files differdeleted file mode 100755 index ce5304e7..00000000 --- a/config/anyterm/binaries7/anytermd +++ /dev/null diff --git a/config/anyterm/binaries8/anytermd b/config/anyterm/binaries8/anytermd Binary files differdeleted file mode 100755 index 733f7197..00000000 --- a/config/anyterm/binaries8/anytermd +++ /dev/null diff --git a/config/apache_mod_security-dev/apache.template b/config/apache_mod_security-dev/apache24.template index ab981a9e..4d3fd97a 100644 --- a/config/apache_mod_security-dev/apache.template +++ b/config/apache_mod_security-dev/apache24.template @@ -1,13 +1,14 @@ <?php // Mod_security enabled? if($settings['memcachesize'] != "0") { - if(file_exists( APACHEDIR ."/libexec/apache22/mod_memcache.so")) - $mod_mem_cache = "LoadModule memcache_module libexec/apache22/mod_memcache.so\n"; + if(file_exists( APACHEDIR ."/libexec/". APACHEVERSION ."/mod_cache_disk.so")) + $mod_mem_cache = "LoadModule cache_disk_module libexec/". APACHEVERSION ."/mod_cache_disk.so\n"; } if($mods_settings['enablemodsecurity']=="on") - $mod_security_module= "LoadModule security2_module libexec/apache22/mod_security2.so\n"; + $mod_security_module= "LoadModule security2_module libexec/". APACHEVERSION ."/mod_security2.so\n"; $apache_dir=APACHEDIR; +$apache_version=APACHEVERSION; $apache_config = <<<EOF ################################################################################## # NOTE: This file was generated by the pfSense package management system. # @@ -71,64 +72,95 @@ Listen {$global_listen} # # have to place corresponding `LoadModule' lines at this location so the # LoadModule foo_module modules/mod_foo.so -LoadModule authn_file_module libexec/apache22/mod_authn_file.so -LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so -LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so -LoadModule authn_default_module libexec/apache22/mod_authn_default.so -LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so -LoadModule authz_host_module libexec/apache22/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache22/mod_authz_user.so -LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so -LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so -LoadModule authz_default_module libexec/apache22/mod_authz_default.so -LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so -LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so -LoadModule file_cache_module libexec/apache22/mod_file_cache.so -LoadModule cache_module libexec/apache22/mod_cache.so -LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so -LoadModule dumpio_module libexec/apache22/mod_dumpio.so -LoadModule include_module libexec/apache22/mod_include.so -LoadModule filter_module libexec/apache22/mod_filter.so -LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so -LoadModule deflate_module libexec/apache22/mod_deflate.so -LoadModule log_config_module libexec/apache22/mod_log_config.so -LoadModule logio_module libexec/apache22/mod_logio.so -LoadModule env_module libexec/apache22/mod_env.so -LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so -LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so -LoadModule expires_module libexec/apache22/mod_expires.so -LoadModule headers_module libexec/apache22/mod_headers.so -LoadModule usertrack_module libexec/apache22/mod_usertrack.so -LoadModule unique_id_module libexec/apache22/mod_unique_id.so -LoadModule setenvif_module libexec/apache22/mod_setenvif.so -LoadModule version_module libexec/apache22/mod_version.so -LoadModule proxy_module libexec/apache22/mod_proxy.so -LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so -LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so -LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so -LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so -LoadModule proxy_balancer_module libexec/apache22/mod_proxy_balancer.so -LoadModule ssl_module libexec/apache22/mod_ssl.so -LoadModule mime_module libexec/apache22/mod_mime.so -LoadModule status_module libexec/apache22/mod_status.so -LoadModule autoindex_module libexec/apache22/mod_autoindex.so -LoadModule asis_module libexec/apache22/mod_asis.so -LoadModule info_module libexec/apache22/mod_info.so -#LoadModule cgi_module libexec/apache22/mod_cgi.so -LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so -LoadModule negotiation_module libexec/apache22/mod_negotiation.so -LoadModule dir_module libexec/apache22/mod_dir.so -LoadModule imagemap_module libexec/apache22/mod_imagemap.so -LoadModule actions_module libexec/apache22/mod_actions.so -LoadModule speling_module libexec/apache22/mod_speling.so -LoadModule userdir_module libexec/apache22/mod_userdir.so -LoadModule alias_module libexec/apache22/mod_alias.so -LoadModule rewrite_module libexec/apache22/mod_rewrite.so -LoadModule reqtimeout_module libexec/apache22/mod_reqtimeout.so +LoadModule authn_file_module libexec/{$apache_version}/mod_authn_file.so +LoadModule authn_dbm_module libexec/{$apache_version}/mod_authn_dbm.so +LoadModule authn_anon_module libexec/{$apache_version}/mod_authn_anon.so +LoadModule authn_dbd_module libexec/{$apache_version}/mod_authn_dbd.so +#LoadModule authn_socache_module libexec/{$apache_version}/mod_authn_socache.so +LoadModule authn_core_module libexec/{$apache_version}/mod_authn_core.so +LoadModule authz_host_module libexec/{$apache_version}/mod_authz_host.so +LoadModule authz_groupfile_module libexec/{$apache_version}/mod_authz_groupfile.so +LoadModule authz_user_module libexec/{$apache_version}/mod_authz_user.so +LoadModule authz_dbm_module libexec/{$apache_version}/mod_authz_dbm.so +LoadModule authz_owner_module libexec/{$apache_version}/mod_authz_owner.so +LoadModule authz_dbd_module libexec/{$apache_version}/mod_authz_dbd.so +LoadModule authz_core_module libexec/{$apache_version}/mod_authz_core.so +LoadModule access_compat_module libexec/{$apache_version}/mod_access_compat.so +LoadModule auth_basic_module libexec/{$apache_version}/mod_auth_basic.so +LoadModule auth_form_module libexec/{$apache_version}/mod_auth_form.so +LoadModule auth_digest_module libexec/{$apache_version}/mod_auth_digest.so +#LoadModule allowmethods_module libexec/{$apache_version}/mod_allowmethods.so +LoadModule file_cache_module libexec/{$apache_version}/mod_file_cache.so +LoadModule cache_module libexec/{$apache_version}/mod_cache.so +#LoadModule cache_socache_module libexec/{$apache_version}/mod_cache_socache.so +#LoadModule socache_shmcb_module libexec/{$apache_version}/mod_socache_shmcb.so +#LoadModule socache_dbm_module libexec/{$apache_version}/mod_socache_dbm.so +#LoadModule socache_memcache_module libexec/{$apache_version}/mod_socache_memcache.so +LoadModule slotmem_shm_module libexec/{$apache_version}/mod_slotmem_shm.so +#LoadModule macro_module libexec/{$apache_version}/mod_macro.so +#LoadModule dbd_module libexec/{$apache_version}/mod_dbd.so +LoadModule dumpio_module libexec/{$apache_version}/mod_dumpio.so +LoadModule buffer_module libexec/{$apache_version}/mod_buffer.so +LoadModule ratelimit_module libexec/{$apache_version}/mod_ratelimit.so +LoadModule reqtimeout_module libexec/{$apache_version}/mod_reqtimeout.so +LoadModule ext_filter_module libexec/{$apache_version}/mod_ext_filter.so +LoadModule request_module libexec/{$apache_version}/mod_request.so +LoadModule include_module libexec/{$apache_version}/mod_include.so +LoadModule filter_module libexec/{$apache_version}/mod_filter.so +#LoadModule substitute_module libexec/{$apache_version}/mod_substitute.so +#LoadModule sed_module libexec/{$apache_version}/mod_sed.so +LoadModule deflate_module libexec/{$apache_version}/mod_deflate.so +LoadModule mime_module libexec/{$apache_version}/mod_mime.so +LoadModule log_config_module libexec/{$apache_version}/mod_log_config.so +LoadModule log_debug_module libexec/{$apache_version}/mod_log_debug.so +LoadModule logio_module libexec/{$apache_version}/mod_logio.so +LoadModule env_module libexec/{$apache_version}/mod_env.so +LoadModule mime_magic_module libexec/{$apache_version}/mod_mime_magic.so +LoadModule cern_meta_module libexec/{$apache_version}/mod_cern_meta.so +LoadModule expires_module libexec/{$apache_version}/mod_expires.so +LoadModule headers_module libexec/{$apache_version}/mod_headers.so +LoadModule unique_id_module libexec/{$apache_version}/mod_unique_id.so +LoadModule setenvif_module libexec/{$apache_version}/mod_setenvif.so +LoadModule version_module libexec/{$apache_version}/mod_version.so +LoadModule remoteip_module libexec/{$apache_version}/mod_remoteip.so +LoadModule proxy_module libexec/{$apache_version}/mod_proxy.so +LoadModule proxy_connect_module libexec/{$apache_version}/mod_proxy_connect.so +LoadModule proxy_ftp_module libexec/{$apache_version}/mod_proxy_ftp.so +LoadModule proxy_http_module libexec/{$apache_version}/mod_proxy_http.so +#LoadModule proxy_fcgi_module libexec/{$apache_version}/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module libexec/{$apache_version}/mod_proxy_scgi.so +#LoadModule proxy_wstunnel_module libexec/{$apache_version}/mod_proxy_wstunnel.so +LoadModule proxy_ajp_module libexec/{$apache_version}/mod_proxy_ajp.so +LoadModule proxy_balancer_module libexec/{$apache_version}/mod_proxy_balancer.so +#LoadModule proxy_express_module libexec/{$apache_version}/mod_proxy_express.so +LoadModule session_module libexec/{$apache_version}/mod_session.so +LoadModule session_cookie_module libexec/{$apache_version}/mod_session_cookie.so +LoadModule session_crypto_module libexec/{$apache_version}/mod_session_crypto.so +LoadModule ssl_module libexec/{$apache_version}/mod_ssl.so +LoadModule lbmethod_byrequests_module libexec/{$apache_version}/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module libexec/{$apache_version}/mod_lbmethod_bytraffic.so +LoadModule lbmethod_bybusyness_module libexec/{$apache_version}/mod_lbmethod_bybusyness.so +LoadModule unixd_module libexec/{$apache_version}/mod_unixd.so +LoadModule status_module libexec/{$apache_version}/mod_status.so +LoadModule autoindex_module libexec/{$apache_version}/mod_autoindex.so +LoadModule asis_module libexec/{$apache_version}/mod_asis.so +#LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so +#LoadModule cgid_module libexec/{$apache_version}/mod_cgid.so +#LoadModule dav_fs_module libexec/{$apache_version}/mod_dav_fs.so +LoadModule vhost_alias_module libexec/{$apache_version}/mod_vhost_alias.so +LoadModule negotiation_module libexec/{$apache_version}/mod_negotiation.so +LoadModule dir_module libexec/{$apache_version}/mod_dir.so +LoadModule imagemap_module libexec/{$apache_version}/mod_imagemap.so +LoadModule actions_module libexec/{$apache_version}/mod_actions.so +LoadModule speling_module libexec/{$apache_version}/mod_speling.so +LoadModule userdir_module libexec/{$apache_version}/mod_userdir.so +LoadModule alias_module libexec/{$apache_version}/mod_alias.so +LoadModule rewrite_module libexec/{$apache_version}/mod_rewrite.so {$mod_mem_cache} {$mod_security_module} +LoadModule mpm_worker_module libexec/{$apache_version}/mod_mpm_worker.so + <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> # @@ -181,7 +213,7 @@ ServerName {$servername} # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # -DocumentRoot "{$apache_dir}/www/apache22" +DocumentRoot "{$apache_dir}/www/{$apache_version}" # # Each directory to which Apache has access can be configured with respect @@ -327,7 +359,7 @@ LogLevel warn # # client. The same rules about trailing "/" apply to ScriptAlias # # directives as to Alias. # # -# ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/" +# ScriptAlias /cgi-bin/ "/usr/local/www/{$apache_version}/cgi-bin/" # #</IfModule> @@ -340,33 +372,22 @@ LogLevel warn #</IfModule> # -# "/usr/local/www/apache22/cgi-bin" should be changed to whatever your ScriptAliased +# "/usr/local/www/{$apache_version}/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # -#<Directory "{$apache_dir}/www/apache22/cgi-bin"> +#<Directory "{$apache_dir}/www/{$apache_version}/cgi-bin"> # AllowOverride None # Options None # Order allow,deny # Allow from all #</Directory> -# -# DefaultType: the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plainm - <IfModule mime_module> # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # - TypesConfig etc/apache22/mime.types + TypesConfig etc/{$apache_version}/mime.types # # AddType allows you to add to or override the MIME configuration @@ -414,7 +435,7 @@ DefaultType text/plainm # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # -#MIMEMagicFile etc/apache22/magic +#MIMEMagicFile etc/{$apache_version}/magic # # Customizable error responses come in three flavors: @@ -443,43 +464,43 @@ DefaultType text/plainm # Supplemental configuration # -# The configuration files in the etc/apache22/extra/ directory can be +# The configuration files in the etc/{$apache_version}/extra/ directory can be # included to add extra features or to modify the default configuration of # the server, or you may simply copy their contents here and change as # necessary. # Server-pool management (MPM specific) -#Include etc/apache22/extra/httpd-mpm.conf +Include etc/{$apache_version}/extra/httpd-mpm.conf # Multi-language error messages -#Include etc/apache22/extra/httpd-multilang-errordoc.conf +#Include etc/{$apache_version}/extra/httpd-multilang-errordoc.conf # Fancy directory listings -#Include etc/apache22/extra/httpd-autoindex.conf +#Include etc/{$apache_version}/extra/httpd-autoindex.conf # Language settings -#Include etc/apache22/extra/httpd-languages.conf +#Include etc/{$apache_version}/extra/httpd-languages.conf # User home directories -#Include etc/apache22/extra/httpd-userdir.conf +#Include etc/{$apache_version}/extra/httpd-userdir.conf # Real-time info on requests and configuration -#Include etc/apache22/extra/httpd-info.conf +#Include etc/{$apache_version}/extra/httpd-info.conf # Virtual hosts -#Include etc/apache22/extra/httpd-vhosts.conf +#Include etc/{$apache_version}/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual -#Include etc/apache22/extra/httpd-manual.conf +#Include etc/{$apache_version}/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) -#Include etc/apache22/extra/httpd-dav.conf +#Include etc/{$apache_version}/extra/httpd-dav.conf # Various default settings -#Include etc/apache22/extra/httpd-default.conf +#Include etc/{$apache_version}/extra/httpd-default.conf # Secure (SSL/TLS) connections -#Include etc/apache22/extra/httpd-ssl.conf +#Include etc/{$apache_version}/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent @@ -509,7 +530,7 @@ AcceptFilter https none # Include anything else -Include etc/apache22/Includes/*.conf +Include etc/{$apache_version}/Includes/*.conf EOF; diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index 2728e2e9..1ef78819 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -29,13 +29,18 @@ POSSIBILITY OF SUCH DAMAGE. */ +require_once("service-utils.inc"); + $shortcut_section = "apache"; // Check to find out on which system the package is running $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version > 2.0) define('APACHEDIR', '/usr/pbi/proxy_mod_security-' . php_uname("m")); else - define('APACHEDIR', '/usr/local'); + define('APACHEDIR', '/usr/local'); + +define('APACHEVERSION', 'apache24'); + // End of system check define ('MODSECURITY_DIR','crs'); // Rules directory location @@ -158,7 +163,7 @@ function apache_mod_security_resync() { if (is_array($apache_sync[row])){ $rs = $apache_sync[row]; } else { - log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no hosts to push on apache config."); + log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no local host to push on apache config."); return; } break; @@ -174,7 +179,7 @@ function apache_mod_security_resync() { $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; } else { - log_error("apache_mod_security_package: xmlrpc sync is enabled but there is no system backup hosts to push apache config."); + log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no global backup host to push apache config."); return; } break; @@ -234,6 +239,7 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; $xml['apachemodsecuritysettings'] = $config['installedpackages']['apachemodsecuritysettings']; $xml['apachebalancer'] = $config['installedpackages']['apachebalancer']; + $xml['apachelocation'] = $config['installedpackages']['apachelocation']; $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; $xml['apachelisten'] = $config['installedpackages']['apachelisten']; @@ -320,6 +326,8 @@ function generate_apache_configuration() { else $settings=array(); + log_error("apache_mod_security_package: Re-generating Apache configuration start."); + // Set global site e-mail if ($settings['globalsiteadminemail']){ $global_site_email = $settings['globalsiteadminemail']; @@ -411,7 +419,7 @@ function generate_apache_configuration() { $performance_settings .= "MaxRequestsPerChild {$settings['maxrequestsperchild']}\n"; // Setup mem_cache - if(file_exists(APACHEDIR ."/libexec/apache22/mod_memcache.so") && $settings['memcachesize'] != "0") { + if(file_exists(APACHEDIR ."/libexec/" . APACHEVERSION . "/mod_memcache.so") && $settings['memcachesize'] != "0") { //$mem_cache = "MCacheSize ".( $settings['memcachesize'] ? $settings['memcachesize'] : "100")."\n"; } @@ -442,52 +450,30 @@ function generate_apache_configuration() { #load conf template include("/usr/local/pkg/apache_balancer.template"); - #check balancer members - foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ - if (is_array($balancer['row']) && $balancer['enable'] == 'on'){ - $balancer_config.="# {$balancer['description']}\n"; - $balancer_config.="<Proxy balancer://{$balancer['name']}>\n"; - foreach($balancer['row'] as $server){ - $options =($server['port'] ? ":{$server['port']}" : ""); - - $options.=($server['routeid'] ? " route={$server['routeid']}" : ""); - $options.=($server['loadfactor'] ? " loadfactor={$server['loadfactor']}" : ""); - if (isset($server['ping']) && $server['ping']!=""){ - $options.= " ping={$server['ping']}"; - $options.=($server['ttl'] ? " ttl={$server['ttl']}" : ""); - } - $balancer_config.=" BalancerMember {$balancer['proto']}://{$server['host']}{$options}\n"; - } - #check if stick connections are set - if ($balancer['row'][0]['routeid'] !="") - $balancer_config.=" ProxySet stickysession=ROUTEID\n"; - $balancer_config.="</Proxy>\n\n"; - } - } //write balancer conf - file_put_contents(APACHEDIR."/etc/apache22/Includes/balancers.conf",$balancer_config,LOCK_EX); - } + file_put_contents(APACHEDIR."/etc/" . APACHEVERSION . "/Includes/balancers.conf",$balancer_config,LOCK_EX); + } // configure modsecurity group options //chroot apache http://forums.freebsd.org/showthread.php?t=6858 - if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ - unset($mods_group); - foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ - //RULES_DIRECTORY - foreach (split(",",$mods_groups['baserules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['optionalrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['slrrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; - } - foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ - $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; - } + if (is_array($config['installedpackages']['apachemodsecuritygroups'])){ + unset($mods_group); + foreach ($config['installedpackages']['apachemodsecuritygroups']['config'] as $mods_groups){ + //RULES_DIRECTORY + foreach (split(",",$mods_groups['baserules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/base_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['optionalrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/optional_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['slrrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/slr_rules/{$baserule}.conf\n"; + } + foreach (split(",",$mods_groups['experimentalrules']) as $baserule){ + $mods_group[$mods_groups['name']].=" Include ".RULES_DIRECTORY ."/experimental_rules/{$baserule}.conf\n"; } } + } //print "<PRE>"; //var_dump($mods_group); @@ -555,31 +541,35 @@ EOF; #check ssl if(isset($virtualhost["ssl_cert"]) && $virtualhost["ssl_cert"] !="none" && $virtualhost["proto"] == "https") { - $vh_config.= " SSLEngine on\n SSLProtocol all -SSLv2\n SSLProxyEngine on\n SSLProxyVerify none\n"; - $vh_config.= " SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\n"; + $vh_config.= " SSLEngine on\n"; + $vh_config.= " SSLProtocol ". ($virtualhost['ssl_protocol'] ? $virtualhost['ssl_protocol'] : "all -SSLv2") ."\n"; + $vh_config.= " SSLProxyEngine ". ($virtualhost['ssl_proxy_engine'] ? "on" : "off") ."\n"; + $vh_config.= " SSLProxyVerify ". ($virtualhost['ssl_proxy_verify'] ? $virtualhost['ssl_proxy_verify'] : "none") ."\n"; + $vh_config.= " SSLCipherSuite ". ($virtualhost['ssl_cipher_suite'] ? $virtualhost['ssl_cipher_suite'] : "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL") ."\n"; + $vh_config.= " SSLHonorCipherOrder ". ($virtualhost['ssl_honor_cipher_order'] ? "on" : "off") ."\n"; - $svr_cert = lookup_cert($virtualhost["ssl_cert"]); + $svr_cert = lookup_cert($virtualhost["ssl_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['crt'])) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.crt",apache_textarea_decode($svr_cert['crt']),LOCK_EX); - $vh_config.= " SSLCertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.crt",apache_textarea_decode($svr_cert['crt']),LOCK_EX); + $vh_config.= " SSLCertificateFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.crt\n"; } if(base64_decode($svr_cert['prv'])) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key",apache_textarea_decode($svr_cert['prv']),LOCK_EX); - $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.key",apache_textarea_decode($svr_cert['prv']),LOCK_EX); + $vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert"]}.key\n"; } } $svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]); if ($svr_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); - $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX); + $vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["ssl_cert_chain"]}.crt\n"; } $cli_ca =lookup_ca($virtualhost["reverse_int_ca"]); if ($cli_ca != false) { - file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); - $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n"; + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX); + $vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/" . APACHEVERSION . "/{$virtualhost["reverse_int_ca"]}.crt\n"; } - } + } #Custom Options $vh_config.= apache_textarea_decode($virtualhost['custom'])."\n\n"; @@ -587,7 +577,31 @@ EOF; foreach ($virtualhost['row'] as $be){ if ($be['location'] != "none"){ $backend=$apache_location[$be['location']]; + $vh_config.="# {$backend['name']}\n"; + foreach ($config['installedpackages']['apachebalancer']['config'] as $balancer){ + if (is_array($balancer['row']) && $balancer['enable'] == 'on' && $balancer['name'] == $backend['balancer']){ + $vh_config.="# {$balancer['description']}\n"; + $vh_config.=" <Proxy balancer://{$balancer['name']}>\n"; + foreach($balancer['row'] as $balancer_server){ + $balancer_options =($balancer_server['port'] ? ":{$balancer_server['port']}" : ""); + + $balancer_options.=($balancer_server['routeid'] ? " route={$balancer_server['routeid']}" : ""); + $balancer_options.=($balancer_server['loadfactor'] ? " loadfactor={$balancer_server['loadfactor']}" : ""); + if (isset($balancer_server['ping']) && $balancer_server['ping']!=""){ + $balancer_options.= " ping={$balancer_server['ping']}"; + $balancer_options.=($server['ttl'] ? " ttl={$balancer_server['ttl']}" : ""); + } + $vh_config.=" BalancerMember {$balancer['proto']}://{$balancer_server['host']}{$balancer_options}\n"; + } + #check if stick connections are set + if ($balancer['row'][0]['routeid'] !="") + $vh_config.=" ProxySet stickysession=ROUTEID\n"; + $vh_config.=" </Proxy>\n\n"; + break; + } + } + $vh_config.=" <Location ".($backend['sitepath'] ? $backend['sitepath'] : "/").">\n"; $vh_config.=" ProxyPass balancer://{$backend['balancer']}{$backend['backendpath']}\n"; $vh_config.=" ProxyPassReverse balancer://{$backend['balancer']}{$backend['backendpath']}\n"; @@ -613,7 +627,7 @@ EOF; } } //write balancer conf - file_put_contents(APACHEDIR."/etc/apache22/Includes/virtualhosts.conf",$vh_config,LOCK_EX); + file_put_contents(APACHEDIR."/etc/" . APACHEVERSION . "/Includes/virtualhosts.conf",$vh_config,LOCK_EX); } // check/fix perl version on mod_security util files $perl_files= array("httpd-guardian.pl","rules-updater.pl","runav.pl","arachni2modsec.pl","zap2modsec.pl","regression_tests/rulestest.pl"); @@ -704,7 +718,6 @@ EOF; foreach ($namevirtualhosts as $namevirtualhost){ // explicit bind if not global ip:port if ($namevirtualhost != $global_listen) { - $mod_proxy .= "NameVirtualHost {$namevirtualhost}\n"; $aliases .= "Listen $namevirtualhost\n"; // Automatically add this to configuration $aplisten=split(":",$namevirtualhost); @@ -806,11 +819,11 @@ EOF; if($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) { $mod_proxy .= " SSLEngine on\n"; if ($certificatefile) - $mod_proxy .= " SSLCertificateFile /usr/local/etc/apache22/$certificatefile\n"; + $mod_proxy .= " SSLCertificateFile /usr/local/etc/" . APACHEVERSION . "/$certificatefile\n"; if ($certificatekeyfile) - $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/apache22/$certificatekeyfile\n"; + $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/" . APACHEVERSION . "/$certificatekeyfile\n"; if ($certificatechainfile) - $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/apache22/$certificatechainfile\n"; + $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/" . APACHEVERSION . "/$certificatechainfile\n"; } if($sslproxyengine) $mod_proxy .= " {$sslproxyengine}\n"; @@ -849,9 +862,11 @@ EOF; #include file templates include ("/usr/local/pkg/apache_mod_security.template"); - include ("/usr/local/pkg/apache.template"); + include ("/usr/local/pkg/". APACHEVERSION .".template"); + + file_put_contents(APACHEDIR . "/etc/" . APACHEVERSION . "/httpd.conf",$apache_config,LOCK_EX); - file_put_contents(APACHEDIR . "/etc/apache22/httpd.conf",$apache_config,LOCK_EX); + log_error("apache_mod_security_package: Re-generating Apache configuration ending."); } ?> diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml index 488eb822..ca448cd2 100644 --- a/config/apache_mod_security-dev/apache_virtualhost.xml +++ b/config/apache_mod_security-dev/apache_virtualhost.xml @@ -77,7 +77,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache.template</item> + <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache24.template</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -257,6 +257,72 @@ <type>input</type> </field> <field> + <fielddescr> + <![CDATA[Location(s)]]> + </fielddescr> + <fieldname>locations</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr><![CDATA[Location]]></fielddescr> + <fieldname>location</fieldname> + <description>Server Location</description> + <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <show_disable_value>none</show_disable_value> + <type>select_source</type> + </rowhelperfield> + </rowhelper> + </field> + <field> + <name>SSL Environment</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>SSL Protocol</fielddescr> + <fieldname>ssl_protocol</fieldname> + <size>50</size> + <description><![CDATA[Enter the SSL protocol versions allowed (default: all -SSLv2)]]></description> + <type>input</type> + <default_value>all -SSLv2</default_value> + </field> + <field> + <fielddescr>SSL Cipher Suite</fielddescr> + <fieldname>ssl_cipher_suite</fieldname> + <size>50</size> + <description><![CDATA[Configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. (default: ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL)]]></description> + <type>input</type> + <default_value>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL</default_value> + </field> + <field> + <fielddescr>SSL Honor Cipher Order</fielddescr> + <fieldname>ssl_honor_cipher_order</fieldname> + <description><![CDATA[Forces the server's preferences to be used in a SSLv3/TLSv1 handshake (default: off)]]></description> + <default_value>off</default_value> + <type>checkbox</type> + </field> + <field> + <fielddescr>SSL Proxy Engine</fielddescr> + <fieldname>ssl_proxy_engine</fieldname> + <description><![CDATA[Enables the SSL proxy engine for the current virtualhost (default: on)]]></description> + <default_value>on</default_value> + <type>checkbox</type> + </field> + <field> + <fielddescr>SSL Proxy Verify</fielddescr> + <fieldname>ssl_proxy_verify</fieldname> + <description><![CDATA[When a proxy is configured to forward requests to a remote SSL server, this directive can be used to configure certificate verification of the remote server. ]]></description> + <type>select</type> + <options> + <option><name>None</name><value>none</value></option> + <option><name>Optional (remote server MAY present a valid certificate)</name><value>optional</value></option> + <option><name>Require (remote server HAS to present a valid certificate)</name><value>require</value></option> + <option><name>Optional, without CA (remote server may present a valid certificate, but it need not be (successfully) verifiable)</name><value>optional_no_ca</value></option> + </options> + <default_value>none</default_value> + </field> + <field> <fielddescr>HTTPS SSL certificate</fielddescr> <fieldname>ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> @@ -287,25 +353,6 @@ <show_disable_value>none</show_disable_value> </field> <field> - <fielddescr> - <![CDATA[Location(s)]]> - </fielddescr> - <fieldname>locations</fieldname> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr><![CDATA[Location]]></fielddescr> - <fieldname>location</fieldname> - <description>Server Location</description> - <source><![CDATA[$config['installedpackages']['apachelocation']['config']]]></source> - <source_name>name</source_name> - <source_value>name</source_value> - <show_disable_value>none</show_disable_value> - <type>select_source</type> - </rowhelperfield> - </rowhelper> - </field> - <field> <name>Logging</name> <type>listtopic</type> </field> @@ -315,7 +362,7 @@ <description><![CDATA[When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address.]]></description> <type>checkbox</type> </field> - <field> + <field> <fielddescr>Log file</fielddescr> <fieldname>logfile</fieldname> <description><![CDATA[Enable access and error log for this virtual host.]]></description> diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index 3340738a..c123861c 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -167,9 +167,7 @@ function sync_package_apcupsd(){ $apcupsd_start .= " if [ ! -d {$lockfile} ]; then \n"; $apcupsd_start .= " /bin/mkdir -p {$lockfile} \n"; $apcupsd_start .= " fi \n"; - $apcupsd_start .= " if [ -f {$lockfile}/LCK.. ]; then \n"; - $apcupsd_start .= " /bin/rm -f {$lockfile}/LCK.. \n"; - $apcupsd_start .= " fi \n"; + $apcupsd_start .= " /bin/rm -f {$lockfile}/*LCK* 2>/dev/null \n"; if ($apcupsd_config['killonpowerfail']=="on"){ $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail"; }else{ diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index 3ed95a7a..8a42f352 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,7 +40,7 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.3</version> + <version>0.3.2</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> @@ -334,12 +334,23 @@ UPSTYPE DEVICE Description <br> <option><name>Share</name><value>share</value></option> </options> </field> + <field> + <name>Notifications</name> + <type>listtopic</type> + </field> + <field> + <fieldname>notification_info</fieldname> + <type>info</type> + <description>In order to receive e-mail notifications, you need to configure + SMTP Email Notifications on Advanced/Notifications section, and also, + install mailreport package.</description> + </field> </fields> <custom_php_install_command>php_install_apcupsd();</custom_php_install_command> <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_apcupsd($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_apcupsd($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_apcupsd();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_apcupsd();</custom_php_deinstall_command> diff --git a/config/archive/clamsmtp.inc b/config/archive/clamsmtp.inc index f23a35c1..cc16cf82 100644 --- a/config/archive/clamsmtp.inc +++ b/config/archive/clamsmtp.inc @@ -20,7 +20,7 @@ function clamsmtp_install_command() { clamsmtp_resync(); } -function clamsmtp_validate_input($post, $input_errors) { +function clamsmtp_validate_input($post, &$input_errors) { if (!is_ipaddr(trim($post['smtp_server']))) $input_errors[] = 'The field \'SMTP server\' must contain a valid IP address.'; $port = trim($post['smtp_port']); diff --git a/config/jail_template.xml b/config/archive/jail_template.xml index fc6b2502..fc6b2502 100644 --- a/config/jail_template.xml +++ b/config/archive/jail_template.xml diff --git a/config/jail_template/jail_template.img.uzip b/config/archive/jail_template/jail_template.img.uzip Binary files differindex 1c92fb90..1c92fb90 100644 --- a/config/jail_template/jail_template.img.uzip +++ b/config/archive/jail_template/jail_template.img.uzip diff --git a/config/jail_template/jail_template.inc b/config/archive/jail_template/jail_template.inc index f9c00b79..f9c00b79 100644 --- a/config/jail_template/jail_template.inc +++ b/config/archive/jail_template/jail_template.inc diff --git a/config/jailctl.xml b/config/archive/jailctl.xml index ab6cf1e3..ab6cf1e3 100644 --- a/config/jailctl.xml +++ b/config/archive/jailctl.xml diff --git a/config/jailctl/jailctl b/config/archive/jailctl/jailctl index 542c2db6..542c2db6 100755 --- a/config/jailctl/jailctl +++ b/config/archive/jailctl/jailctl diff --git a/config/jailctl/jailctl-utils.inc b/config/archive/jailctl/jailctl-utils.inc index 36c50d23..36c50d23 100644 --- a/config/jailctl/jailctl-utils.inc +++ b/config/archive/jailctl/jailctl-utils.inc diff --git a/config/jailctl/jailctl.inc b/config/archive/jailctl/jailctl.inc index d6b7344c..d6b7344c 100644 --- a/config/jailctl/jailctl.inc +++ b/config/archive/jailctl/jailctl.inc diff --git a/config/jailctl/jailctl.xml b/config/archive/jailctl/jailctl.xml index 4c96f88d..4c96f88d 100644 --- a/config/jailctl/jailctl.xml +++ b/config/archive/jailctl/jailctl.xml diff --git a/config/jailctl/jailctl_defaults.xml b/config/archive/jailctl/jailctl_defaults.xml index c499abcb..c499abcb 100644 --- a/config/jailctl/jailctl_defaults.xml +++ b/config/archive/jailctl/jailctl_defaults.xml diff --git a/config/jailctl/jailctl_list.inc b/config/archive/jailctl/jailctl_list.inc index d1869bd6..d1869bd6 100644 --- a/config/jailctl/jailctl_list.inc +++ b/config/archive/jailctl/jailctl_list.inc diff --git a/config/jailctl/jailctl_settings.xml b/config/archive/jailctl/jailctl_settings.xml index ae09adaf..ae09adaf 100644 --- a/config/jailctl/jailctl_settings.xml +++ b/config/archive/jailctl/jailctl_settings.xml diff --git a/config/jailctl/sysinstall b/config/archive/jailctl/sysinstall Binary files differindex d4a05fb1..d4a05fb1 100755 --- a/config/jailctl/sysinstall +++ b/config/archive/jailctl/sysinstall diff --git a/config/archive/viralator.inc b/config/archive/viralator.inc index dc4e6041..36ceb37f 100644 --- a/config/archive/viralator.inc +++ b/config/archive/viralator.inc @@ -24,7 +24,7 @@ EOD; make_dirs(VIRALATOR_DOWNLOADDIR); } -function viralator_validate_input($post, $input_errors) { +function viralator_validate_input($post, &$input_errors) { if (trim($post['http_otherexts'])) { foreach (explode(',', $post['http_otherexts']) as $ext) { $ext = trim($ext); diff --git a/config/arpwatch.xml b/config/arpwatch.xml index f77fce34..ea3f6795 100644 --- a/config/arpwatch.xml +++ b/config/arpwatch.xml @@ -7,13 +7,10 @@ /* ========================================================================== /* arpwatch.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong + part of pfSense (https://www.pfsense.org) + Copyright (C) 2007-2014 Electric Sheep Fencing LP All rights reserved. - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. */ /* ========================================================================== */ /* diff --git a/config/arpwatch_reports.php b/config/arpwatch_reports.php index c2b4401e..9b3b1c6c 100755 --- a/config/arpwatch_reports.php +++ b/config/arpwatch_reports.php @@ -63,7 +63,6 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 313cc1ac..2511a2a1 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -2,7 +2,7 @@ /* $Id$ */ /* autoconfigbackup.inc - Copyright (C) 2008 Scott Ullrich + Copyright (C) 2008-2014 Electric Sheep Fencing LP Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -40,11 +40,20 @@ if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php")) unlink("/usr/local/pkg/parse_config/parse_config_upload.php"); /* ensures patches match */ -function custom_php_validation_command($post, $input_errors) { +function custom_php_validation_command($post, &$input_errors) { global $_POST, $savemsg, $config; + if(!$post['username']) + $input_errors[] = "Username is required."; + + if(!$post['password'] or !$post['passwordagain']) + $input_errors[] = "The subscription password is required."; + + if(!$post['crypto_password'] or !$post['crypto_password2']) + $input_errors[] = "The encryption password is required."; + if($post['password'] <> $post['passwordagain']) - $input_errors[] = "Sorry, the entered passwords do not match."; + $input_errors[] = "Sorry, the entered portal.pfsense.org passwords do not match."; if($post['crypto_password'] <> $post['crypto_password2']) $input_errors[] = "Sorry, the entered encryption passwords do not match."; @@ -59,6 +68,21 @@ function custom_php_validation_command($post, $input_errors) { unset($_POST['testconnection']); } +function configure_proxy() { + global $config; + $ret = array(); + if (!empty($config['system']['proxyurl'])) { + $ret[CURLOPT_PROXY] = $config['system']['proxyurl']; + if (!empty($config['system']['proxyport'])) + $ret[CURLOPT_PROXYPORT] = $config['system']['proxyport']; + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + $ret[CURLOPT_PROXYAUTH] = CURLAUTH_ANY | CURLAUTH_ANYSAFE; + $ret[CURLOPT_PROXYUSERPWD] = "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"; + } + } + return $ret; +} + function test_connection($post) { global $savemsg, $config, $g; @@ -93,6 +117,9 @@ function test_connection($post) { curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); curl_setopt($curl_session, CURLOPT_TIMEOUT, 30); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showbackups&hostname={$hostname}"); $data = curl_exec($curl_session); @@ -117,9 +144,6 @@ function upload_config($reasonm = "") { * This file plugs into config.inc (/usr/local/pkg/parse_config) * and runs every time the running firewall filter changes. * - * Written by Scott Ullrich - * (C) 2008 BSD Perimeter LLC - * */ if(file_exists("/tmp/acb_nooverwrite")) { @@ -130,13 +154,11 @@ function upload_config($reasonm = "") { } // Define some needed variables - if(!file_exists("/cf/conf/lastpfSbackup.txt")) { - conf_mount_rw(); - touch("/cf/conf/lastpfSbackup.txt"); - conf_mount_ro(); - } + if(file_exists("/cf/conf/lastpfSbackup.txt")) + $last_backup_date = str_replace("\n", "", file_get_contents("/cf/conf/lastpfSbackup.txt")); + else + $last_backup_date = ""; - $last_backup_date = str_replace("\n", "", file_get_contents("/cf/conf/lastpfSbackup.txt")); $last_config_change = $config['revision']['time']; $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; if($reasonm) @@ -202,7 +224,10 @@ function upload_config($reasonm = "") { curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); curl_setopt($curl_session, CURLOPT_TIMEOUT, 30); - + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/backupdebug.txt", "w"); @@ -241,4 +266,3 @@ function upload_config($reasonm = "") { } } -?>
\ No newline at end of file diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index 20f5f741..52b3eca9 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -28,6 +28,7 @@ */ require("guiconfig.inc"); +require("autoconfigbackup.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) @@ -79,7 +80,7 @@ else include("head.inc"); function get_hostnames() { - global $stats_url, $username, $password, $oper_sep; + global $stats_url, $username, $password, $oper_sep, $config, $g; // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $stats_url); @@ -88,6 +89,10 @@ function get_hostnames() { curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showstats"); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/acb_statsdebug.txt", "w"); @@ -165,6 +170,10 @@ function get_hostnames() { curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=delete" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['rmver'])); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/acb_deletedebug.txt", "w"); @@ -192,6 +201,9 @@ function get_hostnames() { curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=restore" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['newver'])); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); $data = curl_exec($curl_session); $data_split = split("\+\+\+\+", $data); $sha256 = trim($data_split[0]); // sha256 @@ -256,6 +268,9 @@ EOF; curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=restore" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['download'])); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); $data = curl_exec($curl_session); if (!tagfile_deformat($data, $data1, "config.xml")) $input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration."; @@ -306,6 +321,10 @@ EOF; curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showbackups&hostname={$hostname}"); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/acb_backupdebug.txt", "w"); @@ -338,10 +357,17 @@ EOF; <center> <b>Hostname:</b> <select id="hostname" name="hostname" onChange="document.location='autoconfigbackup.php?hostname=' + this.value;"> - <?foreach($hostnames as $hn):?> - <option value='<?=$hn?>'><?=$hn?></option> + <? + $host_not_found = true; + foreach($hostnames as $hn): + ?> + <option value='<?=$hn?>' <? if ($hn == $hostname) {echo " selected=\"selected\""; $host_not_found = false;}?>> + <?=$hn?> + </option> <?endforeach?> - <option value='<?=$hostname?>' SELECTED><?=$hostname?></option> + <? if ($host_not_found) { ?> + <option value='<?=$hostname?>' SELECTED><?=$hostname?></option> + <? } ?> </select> </td> </tr> @@ -401,4 +427,4 @@ EOF; </form> <?php include("fend.inc"); ?> </body> -</html>
\ No newline at end of file +</html> diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index 0d324d8a..eb3f7545 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -7,8 +7,8 @@ /* $Id$ */ /* autoconfigbackup.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2008 BSD Perimeter + part of pfSense (https://www.pfsense.org) + Copyright (C) 2008-2014 Electric Sheep Fencing LP All rights reserved. Redistribution and use in source and binary forms, with or without @@ -34,10 +34,10 @@ */ ]]> </copyright> - <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description> + <description>Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server. Requires Gold Subscription from https://portal.pfsense.org</description> <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> - <version>1.22</version> + <version>1.28</version> <title>Diagnostics: Auto Configuration Backup</title> <savetext>Change</savetext> <include_file>/usr/local/pkg/autoconfigbackup.inc</include_file> @@ -132,19 +132,15 @@ <fieldname>crypto_password2</fieldname> <type>password</type> </field> - <field> - <fielddescr>Test connection</fielddescr> - <description>Check this box to test the connection to portal.pfsense.org.</description> - <fieldname>testconnection</fieldname> - <type>checkbox</type> - </field> </fields> <custom_php_validation_command> - custom_php_validation_command($_POST, &$input_errors); + custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> <![CDATA[ - exec("echo > /cf/conf/lastpfSbackup.txt"); + conf_mount_rw(); + @unlink("/cf/conf/lastpfSbackup.txt"); + conf_mount_ro(); if(!function_exists("filter_configure")) require_once("filter.inc"); filter_configure(); diff --git a/config/autoconfigbackup/autoconfigbackup_backup.php b/config/autoconfigbackup/autoconfigbackup_backup.php index a65fba4d..3c5ea423 100644 --- a/config/autoconfigbackup/autoconfigbackup_backup.php +++ b/config/autoconfigbackup/autoconfigbackup_backup.php @@ -29,7 +29,7 @@ require("globals.inc"); require("guiconfig.inc"); -require("/usr/local/pkg/autoconfigbackup.inc"); +require("autoconfigbackup.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) @@ -48,7 +48,9 @@ if($_POST) { else write_config("Backup invoked via Auto Config Backup."); $config = parse_config(true); - exec("echo > /cf/conf/lastpfSbackup.txt"); + conf_mount_rw(); + @unlink("/cf/conf/lastpfSbackup.txt", ""); + conf_mount_ro(); upload_config($_REQUEST['reason']); $savemsg = "Backup completed successfully."; $donotshowheader=true; @@ -103,14 +105,6 @@ include("head.inc"); </td> </tr> <tr> - <td align="right"> - Do not overwrite previous backups for this hostname: - </td> - <td> - <input type="checkbox" name="nooverwrite"> - </td> - </tr> - <tr> <td> </td> diff --git a/config/autoconfigbackup/autoconfigbackup_stats.php b/config/autoconfigbackup/autoconfigbackup_stats.php index b991e3d3..34d96eda 100644 --- a/config/autoconfigbackup/autoconfigbackup_stats.php +++ b/config/autoconfigbackup/autoconfigbackup_stats.php @@ -29,7 +29,7 @@ require("globals.inc"); require("guiconfig.inc"); -require("/usr/local/pkg/autoconfigbackup.inc"); +require("autoconfigbackup.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) @@ -72,6 +72,10 @@ if($_REQUEST['delhostname']) { curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=deletehostname&delhostname=" . urlencode($_REQUEST['delhostname'])); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/acb_deletedebug.txt", "w"); @@ -144,6 +148,10 @@ include("head.inc"); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showstats"); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + $data = curl_exec($curl_session); if (curl_errno($curl_session)) { $fd = fopen("/tmp/acb_statsdebug.txt", "w"); diff --git a/config/autoconfigbackup/crypt_acb.php b/config/autoconfigbackup/crypt_acb.php index 49a2147a..9f897cb5 100644 --- a/config/autoconfigbackup/crypt_acb.php +++ b/config/autoconfigbackup/crypt_acb.php @@ -31,14 +31,17 @@ function crypt_data($val, $pass, $opt) { $file = tempnam("/tmp", "php-encrypt"); - $fd = fopen("$file.dec", "w"); - fwrite($fd, $val); - fclose($fd); - exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in $file.dec -out $file.enc -k {$pass}"); - $result = file_get_contents("$file.enc"); - exec("rm $file"); - exec("rm $file.dec"); - exec("rm $file.enc"); + file_put_contents("{$file}.dec", $val); + exec("/usr/bin/openssl enc {$opt} -aes-256-cbc -in {$file}.dec -out {$file}.enc -k " . escapeshellarg($pass)); + if (file_exists("{$file}.enc")) + $result = file_get_contents("{$file}.enc"); + else { + $result = ""; + log_error("Failed to encrypt/decrypt data!"); + } + @unlink($file); + @unlink("{$file}.dec"); + @unlink("{$file}.enc"); return $result; } @@ -130,4 +133,3 @@ return strpos(strtolower($str), strtolower($needle)); } -?>
\ No newline at end of file diff --git a/config/autoconfigbackup/parse_config_upload.inc b/config/autoconfigbackup/parse_config_upload.inc index ce592966..ba0b48ce 100644 --- a/config/autoconfigbackup/parse_config_upload.inc +++ b/config/autoconfigbackup/parse_config_upload.inc @@ -5,4 +5,3 @@ if(file_exists("/usr/local/pkg/autoconfigbackup.inc")) { upload_config(); } -?> diff --git a/config/autoconfigbackup/parse_config_upload.php b/config/autoconfigbackup/parse_config_upload.php index ce592966..ba0b48ce 100644 --- a/config/autoconfigbackup/parse_config_upload.php +++ b/config/autoconfigbackup/parse_config_upload.php @@ -5,4 +5,3 @@ if(file_exists("/usr/local/pkg/autoconfigbackup.inc")) { upload_config(); } -?> diff --git a/config/autoconfigbackup/upload_config_filter.php b/config/autoconfigbackup/upload_config_filter.php index ce592966..ba0b48ce 100644 --- a/config/autoconfigbackup/upload_config_filter.php +++ b/config/autoconfigbackup/upload_config_filter.php @@ -5,4 +5,3 @@ if(file_exists("/usr/local/pkg/autoconfigbackup.inc")) { upload_config(); } -?> diff --git a/config/avahi/avahi.inc b/config/avahi/avahi.inc index 7b093276..554a647c 100644 --- a/config/avahi/avahi.inc +++ b/config/avahi/avahi.inc @@ -33,7 +33,7 @@ $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { case "1.2": case "2.0": - define('AVAHI_BASE','/usr/local'); + define('AVAHI_BASE', '/usr/local'); break; default: define('AVAHI_BASE', '/usr/pbi/avahi-' . php_uname("m")); @@ -51,20 +51,8 @@ function avahi_install() { global $g, $config; conf_mount_rw(); - // This old hacky install code should only happen on 1.x - if (php_uname("m") == "i386") - $archive = (substr(trim(file_get_contents("/etc/version")),0,1) == "1") ? "avahi.tar.gz" : ""; - // Extract out libraries and avahi-daemon - if(!empty($archive) && file_exists("/root/{$archive}")) { - exec("mkdir -p " . AVAHI_BASE . "/etc/avahi/services/"); - exec("mv " . AVAHI_BASE . "/etc/avahi/*.service " . AVAHI_BASE . "/etc/avahi/services/"); - exec("/usr/bin/tar xzPUf /root/{$archive} -C /"); - unlink("/root/{$archive}"); - // Make sure everthing was extracted - if(!file_exists(AVAHI_BASE . "/sbin/avahi-daemon")) { - log_error("Sorry, something went wrong while extract avahi binaries. Please try the operation again"); - return; - } + if (!file_exists('/usr/local/etc/gnome.subr')) { + @symlink(AVAHI_BASE . '/etc/gnome.subr', '/usr/local/etc/gnome.subr'); } // Add needed users and groups @@ -115,12 +103,12 @@ function avahi_write_config() { [server] host-name={$hostname} -domain-name={$domain} -browse-domains="{$browsedomains}" +domain-name=local +browse-domains={$browsedomains} deny-interfaces={$denyinterfaces} use-ipv4={$useipv4} use-ipv6={$useipv6} -enable-dbus=no +enable-dbus=yes #check-response-ttl=no #use-iff-running=no #disallow-other-stacks=no @@ -168,20 +156,27 @@ EOF; $start .= " mkdir -p /proc\n"; $start .= " mount -t procfs procfs /proc\n"; $start .= "fi\n"; - $start .= "/usr/bin/killall avahi-daemon\n"; + $start .= "if [ ! -f /usr/local/etc/gnome.subr ]; then\n"; + $start .= " ln -sf " . AVAHI_BASE . "/etc/gnome.subr /usr/local/etc/gnome.subr\n"; + $start .= "fi\n"; + $start .= "if [ ! -d /var/run/dbus ]; then\n"; + $start .= " mkdir /var/run/dbus\n"; + $start .= " chown messagebus:messagebus /var/run/dbus\n"; + $start .= "fi\n"; + $start .= "/usr/bin/killall avahi-daemon >/dev/null 2>&1\n"; if (file_exists(AVAHI_BASE . "/etc/rc.d/dbus")) { - $start .= "/usr/bin/killall dbus-daemon\n"; - $start .= "rm /var/run/dbus/dbus.pid\n"; + $start .= AVAHI_BASE . "/etc/rc.d/dbus onestop\n"; + $start .= "rm /var/run/dbus/dbus.pid >/dev/null 2>&1\n"; $start .= AVAHI_BASE . "/etc/rc.d/dbus onestart\n"; } $start .= "sleep 5\n"; $start .= AVAHI_BASE . "/sbin/avahi-daemon -D\n"; $start .= "/etc/rc.conf_mount_ro\n"; - $stop = "/usr/bin/killall avahi-daemon\n"; + $stop = "/usr/bin/killall avahi-daemon >/dev/null 2>&1\n"; if (file_exists(AVAHI_BASE . "/etc/rc.d/dbus")) { $stop .= AVAHI_BASE . "/etc/rc.d/dbus onestop\n"; - $stop .= "rm /var/run/dbus/dbus.pid\n"; + $stop .= "rm /var/run/dbus/dbus.pid >/dev/null 2>&1\n"; } write_rcfile(array( diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index d1e58bdc..f3f98dd4 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -34,7 +34,7 @@ </copyright> <title>Services: Avahi</title> <name>avahi</name> - <version>0.6.29 pkg v1.01</version> + <version>0.6.31 pkg v1.05</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/avahi.inc</include_file> <menu> @@ -59,13 +59,13 @@ <field> <fielddescr>Browse domains (comma separated)</fielddescr> <fieldname>browsedomains</fieldname> - <description>Enter the domains that you would like proxied. (example: .local, pfsense.org, mydomain.com)</description> + <description>Enter the domains that you would like proxied. (example: local, pfsense.org, mydomain.com)</description> <type>input</type> </field> <field> <fielddescr>Deny interfaces</fielddescr> <fieldname>denyinterfaces</fieldname> - <description>Interfaces that you do NOT want Avahi to listen on. NOTE: WAN is disabled by default.</description> + <description>Interfaces that you do NOT want Avahi to listen on. NOTE: WAN is always disabled.</description> <type>interfaces_selection</type> <multiple>true</multiple> </field> diff --git a/config/bacula-client/bacula-client.inc b/config/bacula-client/bacula-client.inc index 94411809..233de4b6 100644 --- a/config/bacula-client/bacula-client.inc +++ b/config/bacula-client/bacula-client.inc @@ -59,7 +59,7 @@ function baculaclient_custom_php_deinstall_command(){ unlink_if_exists(BACULA_LOCALBASE."/etc/bacula-fd.conf"); // 2. Re-run sshd config generation script - exec("/usr/local/etc/rc.d/bacula-fd.sh stop"); + exec(BACULA_LOCALBASE . "/etc/rc.d/bacula-fd.sh stop"); conf_mount_ro(); } @@ -67,11 +67,12 @@ function baculaclient_custom_php_write_config(){ global $g, $config; conf_mount_rw(); //check config_file - $startup_file="/usr/local/etc/rc.d/bacula-fd"; + $startup_file=BACULA_LOCALBASE . "/etc/rc.d/bacula-fd"; if (file_exists($startup_file)){ $startup_script=file_get_contents($startup_file); $startup_script=preg_replace("/NO/","YES",$startup_script); $startup_script=preg_replace("@/usr/local/etc/bacula-fd.conf@",BACULA_LOCALBASE."/etc/bacula-fd.conf",$startup_script); + $startup_script=preg_replace("@" . BACULA_LOCALBASE . "/etc/bacula/bacula-fd.conf@",BACULA_LOCALBASE."/etc/bacula-fd.conf",$startup_script); file_put_contents("{$startup_file}.sh",$startup_script,LOCK_EX); // Ensure bacula-fd has a+rx exec("chmod a+rx {$startup_file}.sh"); @@ -111,10 +112,10 @@ function baculaclient_custom_php_write_config(){ } $baculaclient_conf .= "FileDaemon { \n\t Name = {$LocalDirector}-fd #\n\t FDport = {$port}\n\t WorkingDirectory = /var/db/bacula\n\t Pid Directory = /var/run\n\tMaximum Concurrent Jobs = {$jobs}\n\t}\n"; file_put_contents(BACULA_LOCALBASE."/etc/bacula-fd.conf",$baculaclient_conf,LOCK_EX); - exec("/usr/local/etc/rc.d/bacula-fd.sh restart"); + exec(BACULA_LOCALBASE . "/etc/rc.d/bacula-fd.sh restart"); // Mount Read-only conf_mount_ro(); } } - ?>
\ No newline at end of file + ?> diff --git a/config/bacula-client/bacula-client_fd.xml b/config/bacula-client/bacula-client_fd.xml index d6a6a8f0..08a64ea1 100644 --- a/config/bacula-client/bacula-client_fd.xml +++ b/config/bacula-client/bacula-client_fd.xml @@ -80,12 +80,12 @@ <required/> </field> <field> - <fielddescr>Maximun Concurrent Jobs</fielddescr> + <fielddescr>Maximum Concurrent Jobs</fielddescr> <fieldname>jobs</fieldname> <type>input</type> <size>3</size> <required/> - <description>Maximun Concurrent Jobs. Default : 20</description> + <description>Maximum Concurrent Jobs. Default : 20</description> </field> </fields> @@ -104,4 +104,4 @@ <custom_php_resync_config_command> baculaclient_custom_php_write_config(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 7cdc8006..b7ef3bbd 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -34,9 +34,15 @@ switch ($pfs_version) { case "1.2": case "2.0": define('PKG_BANDWIDTHD_BASE', '/usr/local/bandwidthd'); + define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', ''); break; - default: + case "2.1": define('PKG_BANDWIDTHD_BASE', '/usr/pbi/bandwidthd-' . php_uname("m") . '/bandwidthd'); + define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', ''); + break; + default: + define('PKG_BANDWIDTHD_BASE', '/usr/pbi/bandwidthd-' . php_uname("m") . '/local/bandwidthd'); + define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', 'LD_LIBRARY_PATH=/usr/pbi/bandwidthd-' . php_uname("m") . '/local/lib'); } // End: Check pfSense version @@ -63,6 +69,7 @@ function bandwidthd_install_config() { /* the conf file must be ./etc/bandwidthd.conf relative to the current dir */ $bandwidthd_base_dir = PKG_BANDWIDTHD_BASE; $bandwidthd_config_dir = PKG_BANDWIDTHD_BASE . "/etc"; + $bandwidthd_runtime_library_env = PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV; conf_mount_rw(); config_lock(); @@ -336,12 +343,14 @@ if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then /bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir} fi cd {$bandwidthd_nano_dir} -{$bandwidthd_nano_dir}/bandwidthd +{$bandwidthd_runtime_library_env} {$bandwidthd_nano_dir}/bandwidthd cd - EOD; } else { $rc['start'] = <<<EOD -/usr/local/bandwidthd/bandwidthd +cd {$bandwidthd_base_dir} +{$bandwidthd_runtime_library_env} {$bandwidthd_base_dir}/bandwidthd +cd - EOD; } } else { diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 7f0f12fe..fc768761 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>bandwidthd</name> - <version>2.0.1_5 pkg v.0.3</version> + <version>2.0.1_5 pkg v.0.4</version> <title>Bandwidthd</title> <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 17d171d1..54d536d0 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -47,7 +47,7 @@ else define('CHROOT_LOCALBASE','/cf/named'); -function bind_zone_validate($post, $input_errors){ +function bind_zone_validate($post, &$input_errors){ if (key_exists("mail",$_POST)) $_POST['mail']=preg_replace("/@/",".",$post['mail']); @@ -347,7 +347,7 @@ EOD; switch ($zonetype){ case "slave": $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; - $bind_conf .= "\t\tallow-transfer {none;};\n"; + $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; $bind_conf .= "\t\tnotify no;\n"; break; case "forward": @@ -876,13 +876,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$ma /* send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); if(!$resp) { - $error = "A communications error occurred while attempting bind XMLRPC sync with {$url}:{$port}."; + $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting bind XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { @@ -905,17 +905,17 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$ma $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if(!$resp) { - $error = "A communications error occurred while attempting bind XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Bind Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[Bind] An error code was received while attempting bind XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "[Bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { - log_error("Bind XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("BIND XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/bind/bind.xml b/config/bind/bind.xml index beb96589..37c13017 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -52,8 +52,8 @@ <title>Bind: Domain Named Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>Bind Server</name> - <tooltiptext>Modify Bind settings</tooltiptext> + <name>BIND Server</name> + <tooltiptext>Modify BIND settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=bind.xml</url> </menu> @@ -135,17 +135,17 @@ <fieldname>temp01</fieldname> </field> <field> - <fielddescr>Enable Bind</fielddescr> + <fielddescr>Enable BIND</fielddescr> <fieldname>enable_bind</fieldname> - <description><![CDATA[Enable DNS Bind on Server<br> - Disable Dns forwarder service on selected interfaces before enabling bind.]]></description> + <description><![CDATA[Enable BIND DNS server<br> + Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.]]></description> <type>checkbox</type> <required/> </field> <field> - <fielddescr>Listen-on</fielddescr> + <fielddescr>Listen on</fielddescr> <fieldname>listenon</fieldname> - <description><![CDATA[Enable Named to listen on.]]></description> + <description><![CDATA[Choose the interfaces on which to enable BIND.]]></description> <type>interfaces_selection</type> <showlistenall/> <showvirtualips/> @@ -160,7 +160,7 @@ <field> <fielddescr>Hide Version</fielddescr> <fieldname>bind_hide_version</fieldname> - <description>Hide the version of BIND (do not process queries to version.bind at all). This makes it more difficult to exploit the server.</description> + <description>Hide the version of BIND (ignore queries for version.bind).</description> <type>checkbox</type> </field> <field> @@ -179,14 +179,13 @@ <field> <fielddescr>Enable logging</fielddescr> <fieldname>bind_logging</fieldname> - <description><![CDATA[Enable Bind logs on status-> system logs -> resolver menu.]]></description> + <description><![CDATA[Enable BIND logs under Status > System logs, Resolver tab.]]></description> <type>checkbox</type> </field> <field> - <fielddescr>Loggin serverity</fielddescr> + <fielddescr>Logging serverity</fielddescr> <fieldname>log_severity</fieldname> - <description><![CDATA[Select logging levels for selected categories.<BR> - use CTRL+click to select/unselect.<br> + <description><![CDATA[Choose logging level for selected categories.<BR> The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace.]]></description> <type>select</type> <options> @@ -202,7 +201,7 @@ </options> </field> <field> - <fielddescr>Loggin options</fielddescr> + <fielddescr>Logging options</fielddescr> <fieldname>log_options</fieldname> <description><![CDATA[Select categories to log.<BR> use CTRL+click to select/unselect.]]></description> @@ -266,16 +265,16 @@ <fieldname>temp01</fieldname> </field> <field> - <fielddescr>Forwarder</fielddescr> + <fielddescr>Enable Forwarding</fielddescr> <fieldname>bind_forwarder</fieldname> - <description>Forwardes enable DNS Bind on Server.</description> + <description>Enable forwarding queries to other DNS servers listed below rather than this server performing its own recursion.</description> <type>checkbox</type> <enablefields>bind_forwarder_ips</enablefields> </field> <field> <fielddescr>Forwarder IPs</fielddescr> <fieldname>bind_forwarder_ips</fieldname> - <description>Enter IPs to forward. Separate by semi-colons (;). [Applies only to Forwarder mode]</description> + <description>Enter IPs of DNS servers to use for recursion. Separate by semi-colons (;). Applies only if Enable Forwarding is chosen.</description> <type>input</type> <size>80</size> </field> diff --git a/config/bind/bind_acls.xml b/config/bind/bind_acls.xml index dbd9e29d..c9b49f47 100644 --- a/config/bind/bind_acls.xml +++ b/config/bind/bind_acls.xml @@ -48,10 +48,10 @@ <faq>Currently there are no FAQ items provided.</faq> <name>bindacls</name> <version>0.1.0</version> - <title>Bind: ACLs Settings</title> + <title>BIND: ACLs Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>Bind Server</name> + <name>BIND Server</name> <tooltiptext></tooltiptext> <section>Services</section> <configfile>bind.xml</configfile> diff --git a/config/bind/bind_views.xml b/config/bind/bind_views.xml index a6c42552..505f2b0d 100644 --- a/config/bind/bind_views.xml +++ b/config/bind/bind_views.xml @@ -51,7 +51,7 @@ <title>Bind: Views Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>Bind Server</name> + <name>BIND Server</name> <tooltiptext></tooltiptext> <section>Services</section> <configfile>bind.xml</configfile> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index 3506df63..1576cd79 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -48,10 +48,10 @@ <faq>Currently there are no FAQ items provided.</faq> <name>bindzone</name> <version>none</version> - <title>Bind: Zones Settings</title> + <title>BIND: Zones Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>Bind Server</name> + <name>BIND Server</name> <tooltiptext></tooltiptext> <section>Services</section> <configfile>bind.xml</configfile> @@ -118,22 +118,22 @@ <field> <fielddescr>Disable this zone</fielddescr> <fieldname>disabled</fieldname> - <description><![CDATA[Do not Include this zone on bind config files.]]></description> + <description><![CDATA[Do not include this zone in BIND config files.]]></description> <type>checkbox</type> </field> <field> <fielddescr>Zone Name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Enter the name for zone (ex:mydomain.com)<br> - For reverse zones, include zone ip in reverse order or following your provider instructions.(Ex: 1.168.192)<br> - IN-ADDR.ARPA will be automaticaly included on conf files when reverse zone option is checked.]]></description> + <description><![CDATA[Enter the name for zone (e.g. example.com)<br> + For reverse zones, include zone IP in reverse order. (e.g. 1.168.192)<br> + IN-ADDR.ARPA will be automaticaly included in config files when reverse zone option is checked.]]></description> <type>input</type> <required/> </field> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter the description for this zone.</description> + <description>Enter a description for this zone.</description> <type>input</type> <size>70</size> </field> @@ -167,7 +167,7 @@ <type>checkbox</type> </field> <field> - <fielddescr>custom Option</fielddescr> + <fielddescr>Custom Option</fielddescr> <fieldname>custom</fieldname> <description>You can put your own custom options here.</description> <type>textarea</type> @@ -184,7 +184,7 @@ <fielddescr>Inline Signing</fielddescr> <fieldname>dnssec</fieldname> <enablefields>backupkeys</enablefields> - <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html'>Enable inline DNSSEC Signing</a> afor this zones.]]></description> + <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html'>Enable inline DNSSEC signing</a> for this zone.]]></description> <type>checkbox</type> </field> <field> @@ -194,10 +194,10 @@ <type>checkbox</type> </field> <field> - <fielddescr>DS set</fielddescr> + <fielddescr>DSSET</fielddescr> <fieldname>dsset</fieldname> - <description><![CDATA[Digest fingerprint of the Key Signing KeyResulting for this zone.<br> - Upload this ds set to your domain root server.]]></description> + <description><![CDATA[Digest fingerprint of the Key Signing Key for this zone.<br> + Upload this DSSET to your domain root server.]]></description> <type>textarea</type> <cols>75</cols> <rows>3</rows> @@ -211,7 +211,7 @@ <field> <fielddescr>Master Zone IP</fielddescr> <fieldname>slaveip</fieldname> - <description>If zone is slave, enter the IP address of the master DNS zone.</description> + <description>If this is a slave zone, enter the IP address of the master DNS server.</description> <type>input</type> </field> <field> @@ -222,7 +222,7 @@ <field> <fielddescr>Forwarders</fielddescr> <fieldname>forwarders</fieldname> - <description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description> + <description>Enter forwarder IPs for this domain. Separate by semicolons (;).</description> <type>input</type> <size>70</size> </field> @@ -245,9 +245,9 @@ <type>input</type> </field> <field> - <fielddescr>Base Domain ip</fielddescr> + <fielddescr>Base Domain IP</fielddescr> <fieldname>ipns</fieldname> - <description>Enter ip address for base domain lookup. Ex: nslookup mydomain.com</description> + <description>Enter IP address for base domain lookup. Ex: nslookup mydomain.com</description> <type>input</type> </field> <field> @@ -259,7 +259,7 @@ <field> <fielddescr>Serial</fielddescr> <fieldname>serial</fieldname> - <description>Parsed value for the slave to update the DNS Zone</description> + <description>Parsed value for the slave to update the DNS zone</description> <type>input</type> </field> <field> @@ -333,7 +333,7 @@ </field> <field> <fielddescr>Enter Domain records.</fielddescr> - <description><![CDATA[<b>"Record"</b> is the name or last octec of ip. Sample: www or pop<br> + <description><![CDATA[<b>"Record"</b> is the name or last octet of IP. Example: www or pop<br> <b>"Type"</b> is the type of the record Sample: A CNAME MX NS<br> <b>"Priority"</b> in used only in mx records to define its priority<br> <b>"Alias or IP address"</b> is the destination host or ip address.<br><br> @@ -377,7 +377,7 @@ <rowhelperfield> <fielddescr>Alias or IP address</fielddescr> <fieldname>hostdst</fieldname> - <description>Enter the IP address or CNAME destination for Domain (ex: 10.31.11.1 or mail.example.com)</description> + <description>Enter the IP address or FQDN destination for domain MX (ex: 10.31.11.1 or mail.example.com)</description> <type>input</type> <size>35</size> </rowhelperfield> @@ -398,7 +398,7 @@ <field> <fielddescr></fielddescr> <fieldname>customzonerecords</fieldname> - <description><![CDATA[Paste any custom zone records to include on this zone.<br> + <description><![CDATA[Paste any custom zone records to include in this zone.<br> This can be used for a fast migration setup.]]></description> <type>textarea</type> <cols>84</cols> @@ -409,12 +409,12 @@ </field> <field> <type>listtopic</type> - <name>Resulting Zone config file</name> + <name>Resulting zone config file</name> </field> <field> <fielddescr></fielddescr> <fieldname>resultconfig</fieldname> - <description>Resulting bind config file for this zone.</description> + <description>Resulting BIND config file for this zone.</description> <type>textarea</type> <cols>84</cols> <rows>15</rows> @@ -432,9 +432,9 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - if ($_POST['type']=="master") + if ($_POST['type']=="master" and $_POST['serial']=="") $_POST['serial']=(date("U")+ 1000000000); - bind_zone_validate($_POST, &$input_errors); + bind_zone_validate($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> bind_sync(); diff --git a/config/blinkled/blinkled.inc b/config/blinkled/blinkled.inc index 25403232..ffbc79b2 100644 --- a/config/blinkled/blinkled.inc +++ b/config/blinkled/blinkled.inc @@ -39,7 +39,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index fb0965c9..aa0c53e8 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -56,7 +56,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_blinkled(); diff --git a/config/blinkled8/binaries/blinkled b/config/blinkled8/binaries/blinkled Binary files differdeleted file mode 100755 index fe7c0e4e..00000000 --- a/config/blinkled8/binaries/blinkled +++ /dev/null diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc index f466da94..6d0da039 100644 --- a/config/blinkled8/blinkled.inc +++ b/config/blinkled8/blinkled.inc @@ -69,7 +69,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 475e88fc..ec70f392 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -2,7 +2,7 @@ <packagegui> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>0.4</version> + <version>0.4.1</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -16,11 +16,6 @@ <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/blinkled8/binaries/blinkled</item> - </additional_files_needed> <service> <name>blinkled</name> <rcfile>blinkled.sh</rcfile> @@ -61,7 +56,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_blinkled(); diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml index 120b6634..2b4f6996 100644 --- a/config/checkmk-agent/checkmk.xml +++ b/config/checkmk-agent/checkmk.xml @@ -41,7 +41,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>checkmk</name> - <version>0.5</version> + <version>0.1.1</version> <title>Check_mk Agent</title> <include_file>/usr/local/pkg/checkmk.inc</include_file> <additional_files_needed> @@ -110,7 +110,7 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - checkmk_validate_input($_POST, &$input_errors); + checkmk_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_checkmk(); diff --git a/config/clamav.inc b/config/clamav.inc index 3aaaf71d..036f69cb 100644 --- a/config/clamav.inc +++ b/config/clamav.inc @@ -108,7 +108,7 @@ EOD; } } -function clamav_before_form($pkg) { +function clamav_before_form(&$pkg) { global $config; if (is_package_installed('p3scan')) { @@ -203,15 +203,15 @@ function clamav_before_form($pkg) { } } -function clamav_validate_input($post, $input_errors) { +function clamav_validate_input($post, &$input_errors) { if ($post['scan_smtp'] == 'on') { require_once('clamsmtp.inc'); - clamsmtp_validate_input($post, &$input_errors); + clamsmtp_validate_input($post, $input_errors); } if (is_package_installed('viralator')) { require_once('viralator.inc'); - viralator_validate_input($post, &$input_errors); + viralator_validate_input($post, $input_errors); } } diff --git a/config/clamav.xml b/config/clamav.xml index 94f8c74f..aac32d1e 100644 --- a/config/clamav.xml +++ b/config/clamav.xml @@ -116,13 +116,13 @@ </field> </fields> <custom_php_command_before_form> - clamav_before_form(&$pkg); + clamav_before_form($pkg); </custom_php_command_before_form> <custom_php_resync_config_command> clamav_resync(); </custom_php_resync_config_command> <custom_php_validation_command> - clamav_validate_input($post, &$input_errors); + clamav_validate_input($post, $input_errors); </custom_php_validation_command> <custom_php_install_command> clamav_install_command(); diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 55860775..2f87259b 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -377,7 +377,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_antivirus_acl.xml b/config/dansguardian/dansguardian_antivirus_acl.xml index 563d3f13..95876032 100755 --- a/config/dansguardian/dansguardian_antivirus_acl.xml +++ b/config/dansguardian/dansguardian_antivirus_acl.xml @@ -231,9 +231,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml index e9cba862..c33b46f2 100644 --- a/config/dansguardian/dansguardian_blacklist.xml +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -163,7 +163,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index 342b52d7..399dec73 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -306,7 +306,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_content_acl.xml b/config/dansguardian/dansguardian_content_acl.xml index 8a1866af..cf5777e0 100755 --- a/config/dansguardian/dansguardian_content_acl.xml +++ b/config/dansguardian/dansguardian_content_acl.xml @@ -199,9 +199,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_file_acl.xml b/config/dansguardian/dansguardian_file_acl.xml index ed4866c6..0aa01e0e 100755 --- a/config/dansguardian/dansguardian_file_acl.xml +++ b/config/dansguardian/dansguardian_file_acl.xml @@ -239,9 +239,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index aaa9bcd6..7d62d345 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -450,9 +450,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_header_acl.xml b/config/dansguardian/dansguardian_header_acl.xml index 9ddb0c23..346ebf1a 100755 --- a/config/dansguardian/dansguardian_header_acl.xml +++ b/config/dansguardian/dansguardian_header_acl.xml @@ -219,9 +219,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_ldap.xml b/config/dansguardian/dansguardian_ldap.xml index 4c2b60f7..5876bc65 100755 --- a/config/dansguardian/dansguardian_ldap.xml +++ b/config/dansguardian/dansguardian_ldap.xml @@ -164,9 +164,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index 2c147f1b..12bc98fa 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -173,7 +173,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 97cd5b0b..326abf85 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -246,7 +246,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_phrase_acl.xml b/config/dansguardian/dansguardian_phrase_acl.xml index c32f7720..c979022c 100755 --- a/config/dansguardian/dansguardian_phrase_acl.xml +++ b/config/dansguardian/dansguardian_phrase_acl.xml @@ -262,9 +262,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_pics_acl.xml b/config/dansguardian/dansguardian_pics_acl.xml index c2f4b52c..7c192bc7 100644 --- a/config/dansguardian/dansguardian_pics_acl.xml +++ b/config/dansguardian/dansguardian_pics_acl.xml @@ -196,7 +196,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_search_acl.xml b/config/dansguardian/dansguardian_search_acl.xml index 9f9cfa49..71b0df7d 100755 --- a/config/dansguardian/dansguardian_search_acl.xml +++ b/config/dansguardian/dansguardian_search_acl.xml @@ -256,9 +256,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml index 7804d9f6..bc386e7a 100755 --- a/config/dansguardian/dansguardian_site_acl.xml +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -292,9 +292,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index 9401253c..11c13b87 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -158,7 +158,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml index 8adf46c0..8f266489 100755 --- a/config/dansguardian/dansguardian_url_acl.xml +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -343,9 +343,9 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/dansguardian/dansguardian_users_footer.template b/config/dansguardian/dansguardian_users_footer.template index 1288b919..1d1f054e 100644 --- a/config/dansguardian/dansguardian_users_footer.template +++ b/config/dansguardian/dansguardian_users_footer.template @@ -6,7 +6,7 @@ dansguardian_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - dansguardian_validate_input($_POST, &$input_errors); + dansguardian_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); diff --git a/config/filemgr/filemgr.xml b/config/filemgr/filemgr.xml index 5c44ba13..c2a7ac42 100644 --- a/config/filemgr/filemgr.xml +++ b/config/filemgr/filemgr.xml @@ -31,7 +31,7 @@ <requirements>none</requirements> <faq>https://forum.pfsense.org/index.php/topic,26974.0.html</faq> <name>File Manager</name> - <version>0.1.2</version> + <version>0.1.4</version> <title>Settings</title> <include_file>/usr/local/pkg/filemgr.inc</include_file> <menu> diff --git a/config/filemgr/rbfminc/file_editor_style.css b/config/filemgr/rbfminc/file_editor_style.css index 93b34ca7..df026a5f 100644 --- a/config/filemgr/rbfminc/file_editor_style.css +++ b/config/filemgr/rbfminc/file_editor_style.css @@ -2,8 +2,7 @@ /* CSS Document */ body,td,th { - font-family: Arial, Helvetica, sans-serif; - + font-family: Tahoma, sans-serif; color: #000000; } @@ -100,7 +99,7 @@ img { border-left: 1px solid #666666; margin: 0px; padding: 0px; - font: 11px Arial, Helvetica, sans-serif; + font: 11px Tahoma, sans-serif; } .column1 { margin: 0px; diff --git a/config/filemgr/rbfminc/rename.tmp b/config/filemgr/rbfminc/rename.tmp index 285e19d1..266e38d4 100644 --- a/config/filemgr/rbfminc/rename.tmp +++ b/config/filemgr/rbfminc/rename.tmp @@ -6,14 +6,15 @@ if($user_login == 'ok'){ include "functions.php"; -?><html> +?> +<html> <head> <title>Rename</title> </head> <body> <script type="text/javascript"> //<![CDATA[ -<? +<?php //print_r($_POST); if($_POST['o'] != $_POST['n']){ if(@rename($_POST['cf'].$_POST['o'], $_POST['cf'].$_POST['n'])){ diff --git a/config/filer/filer.xml b/config/filer/filer.xml index ecb24bcd..71821067 100644 --- a/config/filer/filer.xml +++ b/config/filer/filer.xml @@ -43,7 +43,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>filer</name> - <version>0.5</version> + <version>0.60.1</version> <title>Filer</title> <include_file>/usr/local/pkg/filer.inc</include_file> <additional_files_needed> @@ -156,7 +156,7 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - filer_validate_input($_POST, &$input_errors); + filer_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_filer(); diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index a18872fc..df231821 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -48,63 +48,67 @@ require_once("services.inc"); // Check pfSense version $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version > 2.0){ - define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m")); -} -else{ - define('FREERADIUS_BASE', '/usr/local'); +define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m")); +$bash_path = FREERADIUS_BASE . "/bin/bash"; + +if ($pfs_version == "2.1") { + define('FREERADIUS_LIB', FREERADIUS_BASE . '/lib'); + define('FREERADIUS_ETC', FREERADIUS_BASE . '/etc'); +} else { + define('FREERADIUS_LIB', FREERADIUS_BASE . '/local/lib'); + define('FREERADIUS_ETC', FREERADIUS_BASE . '/local/etc'); } // Check freeradius lib version $frlib=""; - $libfiles = scandir(FREERADIUS_BASE . "/lib/"); - foreach ($libfiles as $libfile){ - if (preg_match("/freeradius-/",$libfile)) - $frlib=FREERADIUS_BASE . "/lib/{$libfile}"; + if (file_exists(FREERADIUS_LIB)) { + $libfiles = scandir(FREERADIUS_LIB); + foreach ($libfiles as $libfile){ + if (preg_match("/freeradius-/",$libfile)) + $frlib=FREERADIUS_BASE . "/lib/{$libfile}"; + } } if ($frlib == ""){ log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_BASE."/lib"); } function freeradius_deinstall_command() { - if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { - exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`"); - exec("rm -rf " . FREERADIUS_BASE . "/etc/raddb"); - exec("rm -rf /var/run/radiusd/"); - } + return; } function freeradius_install_command() { - global $config; + global $config, $frlib; conf_mount_rw(); - // put the constant to a variable - $varFREERADIUS_BASE = FREERADIUS_BASE; - // We create here different folders for different counters. - if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); } - if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); } - - exec("mkdir " . FREERADIUS_BASE . "/etc/raddb/scripts"); + @mkdir("/var/log/radacct/datacounter/daily", 0755, true); + @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); + @mkdir("/var/log/radacct/datacounter/monthly", 0755, true); + @mkdir("/var/log/radacct/datacounter/forever", 0755, true); + @mkdir("/var/log/radacct/timecounter", 0755, true); + @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true); + + unlink_if_exists("/usr/local/etc/raddb"); + @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } - exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct"); + exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct"); // creating a backup file of the original policy.conf no matter if user checked this or not - if (!file_exists(FREERADIUS_BASE . "/etc/raddb/policy.conf.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/policy.conf.backup"); - copy(FREERADIUS_BASE . "/etc/raddb/policy.conf", FREERADIUS_BASE . "/etc/raddb/policy.conf.backup"); + if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) { + log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup"); + copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup"); } // creating a backup file of the original /modules/files no matter if user checked this or not - if (!file_exists(FREERADIUS_BASE . "/etc/raddb/files.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/files.backup"); - copy(FREERADIUS_BASE . "/etc/raddb/modules/files", FREERADIUS_BASE . "/etc/raddb/files.backup"); + if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) { + log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup"); + copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup"); } // Disable virtual-server we do not need by default - if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket"); } - if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel"); } + if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); } + if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); } // We run this here just to suppress some warnings on syslog if file doesn't exist freeradius_authorizedmacs_resync(); @@ -130,8 +134,8 @@ function freeradius_install_command() { $rcfile = array(); $rcfile['file'] = 'radiusd.sh'; - $rcfile['start'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestart'; - $rcfile['stop'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestop'; + $rcfile['start'] = FREERADIUS_ETC . '/rc.d/radiusd onestart'; + $rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop'; write_rcfile($rcfile); conf_mount_ro(); start_service("radiusd"); @@ -251,7 +255,7 @@ extended_expressions = $varsettingsextendedexpressions EOD; // Deletes virtual-server coa by default. Will be re-enabled if there is an interface-type "coa" -exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/coa"); +exec("rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/coa"); $arrinterfaces = $config['installedpackages']['freeradiusinterfaces']['config']; if (is_array($arrinterfaces) && !empty($arrinterfaces)) { @@ -278,7 +282,7 @@ EOD; // Begin "if" for interface-type = coa if ($item['varinterfacetype'] == 'coa') { // Enables virtual-server coa because interface-type is coa - exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/coa " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/"); + exec("ln -s " . FREERADIUS_ETC . "/raddb/sites-available/coa " . FREERADIUS_ETC . "/raddb/sites-enabled/"); $conf .= <<<EOD listen { type = $varinterfacetype @@ -369,7 +373,7 @@ instantiate { EOD; conf_mount_rw(); - file_put_contents(FREERADIUS_BASE . '/etc/raddb/radiusd.conf', $conf); + file_put_contents(FREERADIUS_ETC . '/raddb/radiusd.conf', $conf); conf_mount_ro(); // "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius. @@ -570,7 +574,7 @@ if (is_array($arrusers) && !empty($arrusers)) { if ($varusersmaxtotaloctets != '') { if ($varusersreplyitem != '') { $varusersreplyitem .=","; } //create exec script - $varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"'; + $varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"'; // create limit file - will be always overwritten so we can increase limit from GUI exec("`echo $varusersmaxtotaloctets > /var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername`"); // if used-octets file exist we do NOT overwrite this file!!! @@ -598,7 +602,7 @@ EOD; } //end foreach } // end if - $filename = FREERADIUS_BASE . '/etc/raddb/users'; + $filename = FREERADIUS_ETC . '/raddb/users'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -764,7 +768,7 @@ if (is_array($arrmacs) && !empty($arrmacs)) { if ($varmacsmaxtotaloctets != '') { if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } //create exec script - $varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"'; + $varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"'; // create limit file - will be always overwritten so we can increase limit from GUI exec("`echo $varmacsmaxtotaloctets > /var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress`"); // if used-octets file exist we do NOT overwrite this file!!! @@ -792,7 +796,7 @@ EOD; } //end foreach } // end if - $filename = FREERADIUS_BASE . '/etc/raddb/authorized_macs'; + $filename = FREERADIUS_ETC . '/raddb/authorized_macs'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -863,7 +867,7 @@ EOD; } conf_mount_rw(); - file_put_contents(FREERADIUS_BASE . '/etc/raddb/clients.conf', $conf); + file_put_contents(FREERADIUS_ETC . '/raddb/clients.conf', $conf); conf_mount_ro(); freeradius_sync_on_changes(); @@ -931,12 +935,12 @@ function freeradius_eapconf_resync() { // This is for enable/disbable MS SoH in EAP-PEAP and the virtuial-server "soh-server" if ($eapconf['vareapconfpeapsohenable'] == 'Enable') { $vareapconfpeapsoh = 'soh = yes' . "\n\t\t\tsoh_virtual_server = " . '"' . "soh-server" . '"'; - exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/soh " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/"); + exec("ln -s " . FREERADIUS_ETC . "/raddb/sites-available/soh " . FREERADIUS_ETC . "/raddb/sites-enabled/"); } else { $vareapconfpeapsoh = '### MS SoH Server is disabled ###'; - if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh")) { - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh"); + if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/soh")) { + exec("rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/soh"); } } @@ -950,9 +954,9 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { $ca_cert = lookup_ca($eapconf["ssl_ca_cert"]); if ($ca_cert != false) { if(base64_decode($ca_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_key.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_key.pem", base64_decode($ca_cert['prv'])); - $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_key.pem'; + $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_key.pem'; } @@ -965,24 +969,24 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { else{ $check_crl="check_crl = no"; } - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_cert.pem", base64_decode($ca_cert['crt']). $crl); - $conf['ssl_ca_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem"; + $conf['ssl_ca_cert'] = FREERADIUS_ETC . "/raddb/certs/ca_cert.pem"; } $svr_cert = lookup_cert($eapconf["ssl_server_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_key.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/server_key.pem", base64_decode($svr_cert['prv'])); - $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/server_key.pem'; + $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/server_key.pem'; } } if(base64_decode($svr_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/server_cert.pem", base64_decode($svr_cert['crt'])); - $conf['ssl_server_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem"; + $conf['ssl_server_cert'] = FREERADIUS_ETC . "/raddb/certs/server_cert.pem"; } /* Not needed anymore because pfsense can do this by default @@ -990,23 +994,23 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { $svr_cert = lookup_cert($eapconf["ssl_client_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/client_key.pem", base64_decode($svr_cert['prv'])); - $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/client_key.pem'; + $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/client_key.pem'; } } if(base64_decode($svr_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/client_cert.pem", base64_decode($svr_cert['crt'])); - $conf['ssl_client_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem"; + $conf['ssl_client_cert'] = FREERADIUS_ETC . "/raddb/certs/client_cert.pem"; } - exec("openssl pkcs12 -export -in " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem -inkey " . FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem -out " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.p12 -passout pass\:"); + exec("openssl pkcs12 -export -in " . FREERADIUS_ETC . "/raddb/certs/client_cert.pem -inkey " . FREERADIUS_ETC . "/raddb/certs/client_key.pem -out " . FREERADIUS_ETC . "/raddb/certs/client_cert.p12 -passout pass\:"); } */ - $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs'; + $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs'; } $vareapconfprivatekeyfile = 'server_key.pem'; @@ -1015,11 +1019,11 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { // generate new DH and RANDOM file // We create a single empty file just to check if there is really a change from one to another cert manager to avoid building ne DH and random files - if (!file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) { - log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs"); - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024"); - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10"); - exec("touch " . FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr"); + if (!file_exists(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr")) { + log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . FREERADIUS_ETC . "/raddb/certs"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && openssl dhparam -out dh 1024"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && dd if=/dev/urandom of=./random count=10"); + exec("touch " . FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr"); } } @@ -1114,7 +1118,7 @@ else { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/eap.conf'; + $filename = FREERADIUS_ETC . '/raddb/eap.conf'; file_put_contents($filename, $conf); chmod($filename, 0640); conf_mount_ro(); @@ -1280,7 +1284,7 @@ sql sql2 { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/sql.conf'; + $filename = FREERADIUS_ETC . '/raddb/sql.conf'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2128,7 +2132,7 @@ post-proxy { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/sites-available/default'; + $filename = FREERADIUS_ETC . '/raddb/sites-available/default'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2223,7 +2227,7 @@ authorityKeyIdentifier = keyid:always,issuer:always basicConstraints = CA:true EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/certs/ca.cnf'; + $filename = FREERADIUS_ETC . '/raddb/certs/ca.cnf'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2308,7 +2312,7 @@ emailAddress = $varcertsserveremailaddress commonName = "$varcertsservercommonname" EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/certs/server.cnf'; + $filename = FREERADIUS_ETC . '/raddb/certs/server.cnf'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2393,7 +2397,7 @@ emailAddress = $varcertsclientemailaddress commonName = "$varcertsclientcommonname" EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/certs/client.cnf'; + $filename = FREERADIUS_ETC . '/raddb/certs/client.cnf'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2426,12 +2430,12 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') { if ($arrcerts['varcertscreateclient'] == 'yes') { // delete all old certificates and keys - log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . FREERADIUS_BASE . "/etc/raddb/certs"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar"); + log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . FREERADIUS_ETC . "/raddb/certs"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.csr"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.crt"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.key"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.pem"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar"); // run fuction to create ONLY new client.cnf files based on user input from freeradiuscert.xml @@ -2439,21 +2443,21 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') { // make bootstrap executable and run to create cert based on client.cnf files - exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap"); - exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap"); + exec("chmod 0770 " . FREERADIUS_ETC . "/raddb/certs/bootstrap"); + exec(FREERADIUS_ETC . "/raddb/certs/bootstrap"); // rename client generated XX.pem to client.pem // use regex to replace spaces and so on. - $varserial = preg_replace("/\s/","",file_get_contents(FREERADIUS_BASE . '/etc/raddb/certs/serial.old')); - if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem")) - rename(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem"); + $varserial = preg_replace("/\s/","",file_get_contents(FREERADIUS_ETC . '/raddb/certs/serial.old')); + if (file_exists(FREERADIUS_ETC . "/raddb/certs/$varserial.pem")) + rename(FREERADIUS_ETC . "/raddb/certs/$varserial.pem",FREERADIUS_ETC . "/raddb/certs/client.pem"); // tar client-cert files - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); // Make all files in certs folder read/write only for root - exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/"); - log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar"); + exec("chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/"); + log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . FREERADIUS_ETC . "/raddb/certs/client.tar"); } } else { @@ -2461,18 +2465,18 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') { if ($arrcerts['varcertsdeleteall'] == 'yes') { // delete all old certificates and keys - deletes certs from pfsense cert-manager IN THIS FOLDER, too. - log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . FREERADIUS_BASE . "/etc/raddb/certs"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.der"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.p12"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/serial*"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/index*"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/dh"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/random"); - exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar"); + log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . FREERADIUS_ETC . "/raddb/certs"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.pem && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.pem && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.pem"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.der && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.der && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.der"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.csr && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.csr && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.csr"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.crt && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.crt && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.crt"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.key && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.key && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.key"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/ca.p12 && rm -f " . FREERADIUS_ETC . "/raddb/certs/server.p12 && rm -f " . FREERADIUS_ETC . "/raddb/certs/client.p12"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/serial*"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/index*"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/dh"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/random"); + exec("rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar"); // run fuctions to create new .cnf files based on user input from freeradiuscert.xml @@ -2481,28 +2485,28 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') { freeradius_clientcertcnf_resync(); // this command deletes the pfsense_cert_mgr checkfile so when we change back to pfsense cert manager a new DH + random file will be created - if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) { - unlink(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr"); + if (file_exists(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr")) { + unlink(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr"); } // generate new DH and RANDOM file - log_error("freeRADIUS: Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs"); - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024"); - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10"); + log_error("freeRADIUS: Creating new DH and random file in " . FREERADIUS_ETC . "/raddb/certs"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && openssl dhparam -out dh 1024"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && dd if=/dev/urandom of=./random count=10"); - log_error("freeRADIUS: Creating new CA, Server and Client certs in " . FREERADIUS_BASE . "/etc/raddb/certs"); + log_error("freeRADIUS: Creating new CA, Server and Client certs in " . FREERADIUS_ETC . "/raddb/certs"); // make bootstrap executable and run to create certs based on .cnf files - exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap"); - exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap"); + exec("chmod 0770 " . FREERADIUS_ETC . "/raddb/certs/bootstrap"); + exec(FREERADIUS_ETC . "/raddb/certs/bootstrap"); // rename client generated 02.pem to client.pem - if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/02.pem")) - rename(FREERADIUS_BASE . "/etc/raddb/certs/02.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem"); + if (file_exists(FREERADIUS_ETC . "/raddb/certs/02.pem")) + rename(FREERADIUS_ETC . "/raddb/certs/02.pem",FREERADIUS_ETC . "/raddb/certs/client.pem"); // tar client-cert files - exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); - exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/"); - log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar"); + exec("cd " . FREERADIUS_ETC . "/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); + exec("chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/"); + log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . FREERADIUS_ETC . "/raddb/certs/client.tar"); // If there were changes on the certificates we need to restart freeradius restart_service('radiusd'); @@ -2689,7 +2693,7 @@ function freeradius_all_after_XMLRPC_resync() { log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); - exec(FREERADIUS_BASE . "/etc/rc.d/radiusd onerestart"); + exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart"); } function freeradius_modulescounter_resync() { @@ -2812,7 +2816,7 @@ counter forever { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/counter'; + $filename = FREERADIUS_ETC . '/raddb/modules/counter'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2906,7 +2910,7 @@ nt-response=%{%{mschap:NT-Response}:-00}" } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/mschap'; + $filename = FREERADIUS_ETC . '/raddb/modules/mschap'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -2951,7 +2955,7 @@ realm ntdomain { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/realm'; + $filename = FREERADIUS_ETC . '/raddb/modules/realm'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -3004,37 +3008,37 @@ if($arrmodulesldap['varmodulesldapenabletlssupport'] == 'on') { $ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert1"]); if ($ca_cert != false) { if(base64_decode($ca_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_key.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap1_key.pem", base64_decode($ca_cert['prv'])); - $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap1_key.pem'; + $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_ldap1_key.pem'; } if(base64_decode($ca_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap1_cert.pem", base64_decode($ca_cert['crt'])); - $conf['ssl_ca_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem"; + $conf['ssl_ca_cert1'] = FREERADIUS_ETC . "/raddb/certs/ca_ldap1_cert.pem"; } $svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert1"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.key", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.key", base64_decode($svr_cert['prv'])); - $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap1_cert.key'; + $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/radius_ldap1_cert.key'; } } if(base64_decode($svr_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.crt", base64_decode($svr_cert['crt'])); - $conf['ssl_server_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt"; + $conf['ssl_server_cert1'] = FREERADIUS_ETC . "/raddb/certs/radius_ldap1_cert.crt"; } - $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs'; + $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs'; } $varmodulesldapstarttls = "yes"; } @@ -3051,37 +3055,37 @@ if($arrmodulesldap['varmodulesldap2enabletlssupport'] == 'on') { $ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert2"]); if ($ca_cert != false) { if(base64_decode($ca_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_key.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap2_key.pem", base64_decode($ca_cert['prv'])); - $conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap2_key.pem'; + $conf['ssl_ca_key'] = FREERADIUS_ETC . '/raddb/certs/ca_ldap2_key.pem'; } if(base64_decode($ca_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/ca_ldap2_cert.pem", base64_decode($ca_cert['crt'])); - $conf['ssl_ca_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem"; + $conf['ssl_ca_cert2'] = FREERADIUS_ETC . "/raddb/certs/ca_ldap2_cert.pem"; } $svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert2"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.key", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.key", base64_decode($svr_cert['prv'])); - $conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap2_cert.key'; + $conf['ssl_key'] = FREERADIUS_ETC . '/raddb/certs/radius_ldap2_cert.key'; } } if(base64_decode($svr_cert['crt'])) { - file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt", + file_put_contents(FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.crt", base64_decode($svr_cert['crt'])); - $conf['ssl_server_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt"; + $conf['ssl_server_cert2'] = FREERADIUS_ETC . "/raddb/certs/radius_ldap2_cert.crt"; } - $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs'; + $conf['ssl_cert_dir'] = FREERADIUS_ETC . '/raddb/certs'; } $varmodulesldap2starttls = "yes"; } @@ -3204,7 +3208,7 @@ else { $varmodulesldap2keepaliveidle = ($arrmodulesldap['varmodulesldap2keepaliveidle']?$arrmodulesldap['varmodulesldap2keepaliveidle']:'60'); $varmodulesldap2keepaliveprobes = ($arrmodulesldap['varmodulesldap2keepaliveprobes']?$arrmodulesldap['varmodulesldap2keepaliveprobes']:'3'); $varmodulesldap2keepaliveinterval = ($arrmodulesldap['varmodulesldap2keepaliveinterval']?$arrmodulesldap['varmodulesldap2keepaliveinterval']:'3'); -$raddb = FREERADIUS_BASE . '/etc/raddb'; +$raddb = FREERADIUS_ETC . '/raddb'; $conf .= <<<EOD # -*- text -*- # @@ -3555,7 +3559,7 @@ ldap ldap2{ } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/ldap'; + $filename = FREERADIUS_ETC . '/raddb/modules/ldap'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -3576,29 +3580,29 @@ function freeradius_plainmacauth_resync() { $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; // defining variables with filename path - $filepolicyconf = FREERADIUS_BASE . '/etc/raddb/policy.conf'; - $filepolicyconfbackup = FREERADIUS_BASE . '/etc/raddb/policy.conf.backup'; - $filemodulesfiles = FREERADIUS_BASE . '/etc/raddb/modules/files'; - $filemodulesfilesbackup = FREERADIUS_BASE . '/etc/raddb/files.backup'; + $filepolicyconf = FREERADIUS_ETC . '/raddb/policy.conf'; + $filepolicyconfbackup = FREERADIUS_ETC . '/raddb/policy.conf.backup'; + $filemodulesfiles = FREERADIUS_ETC . '/raddb/modules/files'; + $filemodulesfilesbackup = FREERADIUS_ETC . '/raddb/files.backup'; // If unchecked then plain mac auth is disabled and backups of the original files will be restored if ($varsettings['varsettingsenablemacauth'] == '') { // This is a check - only restore files if they aren't already - if (file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) { + if (file_exists(FREERADIUS_ETC . "/raddb/plain_macauth_enabled")) { log_error("FreeRADIUS: Plain-MAC-Auth disabled. Restoring the original file from {$filepolicyconfbackup} and {$filemodulesfilesbackup}"); copy($filepolicyconfbackup, $filepolicyconf); copy($filemodulesfilesbackup, $filemodulesfiles); - unlink(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled"); + unlink(FREERADIUS_ETC . "/raddb/plain_macauth_enabled"); freeradius_serverdefault_resync(); } } // If checked then plain mac auth is enabled else { // This is a check - only modify files if they aren't already - if (!file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) { + if (!file_exists(FREERADIUS_ETC . "/raddb/plain_macauth_enabled")) { freeradius_modulesfiles_resync(); freeradius_policyconf_resync(); - exec("cd " . FREERADIUS_BASE . "/etc/raddb && touch " . FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled"); + exec("cd " . FREERADIUS_ETC . "/raddb && touch " . FREERADIUS_ETC . "/raddb/plain_macauth_enabled"); log_error("FreeRADIUS: Plain-MAC-Auth enabled. Modified {$filepolicyconf} and {$filemodulesfiles}"); freeradius_serverdefault_resync(); } @@ -3660,7 +3664,7 @@ files authorized_macs { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/files'; + $filename = FREERADIUS_ETC . '/raddb/modules/files'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -3886,7 +3890,7 @@ policy { } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/policy.conf'; + $filename = FREERADIUS_ETC . '/raddb/policy.conf'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -3895,7 +3899,7 @@ EOD; } function freeradius_motp_resync() { - global $config; + global $config, $bash_path; $conf = ''; $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; @@ -3907,38 +3911,14 @@ function freeradius_motp_resync() { $varsettingsmotpchecksumtype = ($varsettings['varsettingsmotpchecksumtype']?$varsettings['varsettingsmotpchecksumtype']:'md5'); $varsettingsmotptokenlength = ($varsettings['varsettingsmotptokenlength']?$varsettings['varsettingsmotptokenlength']:'1-6'); - // check if disabled then we delete bash und otpverify.sh script + // check if disabled then we delete otpverify.sh script if ($varsettings['varsettingsmotpenable'] == '') { - if (file_exists(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh")) { - unlink(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh"); - } - if (exec("cd /var/db/pkg && ls | grep bash") == "bash-4.1.7") { - exec("cd /var/db/pkg && pkg_delete `ls | grep bash`"); - log_error('FreeRADIUS: Uninstalling package "bash-4.1.7" which comes with Mobile-One-Time-Password (motp).'); + if (file_exists(FREERADIUS_ETC . "/raddb/scripts/otpverify.sh")) { + @unlink(FREERADIUS_ETC . "/raddb/scripts/otpverify.sh"); } - if (exec("cd /var/db/pkg && ls | grep bash") == "bash-4.2.20") { - exec("cd /var/db/pkg && pkg_delete `ls | grep bash`"); - log_error('FreeRADIUS: Uninstalling package "bash-4.2.20" which comes with Mobile-One-Time-Password (motp).'); - } - } - - // check if enabled then we need to download "bash" - else { - if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { - if (exec("cd /var/db/pkg && ls | grep bash") != "bash-4.1.7") { - log_error('FreeRADIUS: Downloading and installing package "bash-4.1.7" to use Mobile-One-Time-Password (motp).'); - exec("pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/`uname -m`/packages-8.1-release/All/bash-4.1.7.tbz"); - } - } else { - if (exec("cd /var/db/pkg && ls | grep bash") != "bash-4.2.20") { - log_error('FreeRADIUS: Downloading and installing package "bash-4.2.20" to use Mobile-One-Time-Password (motp).'); - exec("pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD/ports/`uname -m`/packages-8.3-release/All/bash-4.2.20.tbz"); - } - } - - - $conf .= <<<EOD -#!/bin/bash + } else { + $conf .= <<<EOD +#!{$bash_path} # # Mobile One Time Passwords (Mobile-OTP) for Java 2 Micro Edition, J2ME # written by Matthias Straub, Heilbronn, Germany, 2003 @@ -4055,32 +4035,30 @@ exit 11 EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/scripts/otpverify.sh'; - conf_mount_rw(); - file_put_contents($filename, $conf); - chmod($filename, 0750); - conf_mount_ro(); - - // end of above 'check if enabled then we need to download "bash"' + $filename = FREERADIUS_ETC . '/raddb/scripts/otpverify.sh'; + conf_mount_rw(); + file_put_contents($filename, $conf); + chmod($filename, 0750); + conf_mount_ro(); } } function freeradius_modulesmotp_resync() { - global $config; + global $config, $bash_path; $conf = ''; // put the constant to a variable - $varFREERADIUS_BASE = FREERADIUS_BASE; + $varFREERADIUS_ETC = FREERADIUS_ETC; $conf .= <<<EOD exec motp { wait = yes - program = "/usr/local/bin/bash $varFREERADIUS_BASE/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}" + program = "{$bash_path} {$varFREERADIUS_ETC}/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}" } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/motp'; + $filename = FREERADIUS_ETC . '/raddb/modules/motp'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -4093,28 +4071,28 @@ function freeradius_modulesdatacounter_resync() { $conf = ''; // put the constant to a variable - $varFREERADIUS_BASE = FREERADIUS_BASE; + $varFREERADIUS_ETC = FREERADIUS_ETC; $conf .= <<<EOD exec datacounterdaily { wait = yes - program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" } exec datacounterweekly { wait = yes - program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" } exec datacountermonthly { wait = yes - program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" } exec datacounterforever { wait = yes - program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" } EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/modules/datacounter_acct'; + $filename = FREERADIUS_ETC . '/raddb/modules/datacounter_acct'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); @@ -4153,7 +4131,7 @@ else fi EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh'; + $filename = FREERADIUS_ETC . '/raddb/scripts/datacounter_auth.sh'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0750); @@ -4201,7 +4179,7 @@ fi EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_acct.sh'; + $filename = FREERADIUS_ETC . '/raddb/scripts/datacounter_acct.sh'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0750); @@ -4269,7 +4247,7 @@ ATTRIBUTE MOTP-Offset 902 string EOD; - $filename = FREERADIUS_BASE . '/etc/raddb/dictionary'; + $filename = FREERADIUS_ETC . '/raddb/dictionary'; conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 13b4123a..8cef9430 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -204,7 +204,7 @@ </adddeleteeditpagefields> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> @@ -280,19 +280,19 @@ <default_value>0</default_value> </field> <field> - <name>MISCELLANEOUS CONFIGURATION</name> + <name>Miscellaneous Configuration</name> <type>listtopic</type> </field> <field> <fielddescr>Number of simultaneous connections</fielddescr> <fieldname>varuserssimultaneousconnect</fieldname> - <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty. Read the documentation!]]></description> + <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with Captive Portal you should leave this empty. Read the documentation!]]></description> <type>input</type> </field> <field> <fielddescr>Redirection URL</fielddescr> <fieldname>varuserswisprredirectionurl</fieldname> - <description><![CDATA[Enter the URL the user should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description> + <description><![CDATA[Enter the URL the user should be redirected to after successful login. (e.g.: http://www.google.com)]]></description> <type>input</type> </field> <field> @@ -302,7 +302,7 @@ <type>input</type> </field> <field> - <name>NETWORK CONFIGURATION</name> + <name>Network Configuration</name> <type>listtopic</type> </field> <field> @@ -339,7 +339,7 @@ <type>input</type> </field> <field> - <name>TIME CONFIGURATION</name> + <name>Time Configuration</name> <type>listtopic</type> </field> <field> @@ -384,7 +384,7 @@ </options> </field> <field> - <name>TRAFFIC AND BANDWIDTH</name> + <name>Traffic and Bandwidth</name> <type>listtopic</type> </field> <field> @@ -425,7 +425,7 @@ <type>input</type> </field> <field> - <name>ADVANCED CONFIGURATION</name> + <name>Advanced Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index bfabd7fa..b2959783 100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -33,10 +33,10 @@ require("guiconfig.inc"); // Check to find out on which system the package is running -if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { - define('RADDB', '/usr/local/etc/raddb'); -} else { +if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.1") { define('RADDB', '/usr/pbi/freeradius-' . php_uname("m") . '/etc/raddb'); +} else { + define('RADDB', '/usr/pbi/freeradius-' . php_uname("m") . '/local/etc/raddb'); } // End of system check @@ -67,10 +67,6 @@ if ($_REQUEST['file']!=""){ get_file($_REQUEST['file']); } else{ - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version < 2.0) - $one_two = true; - $pgtitle = "FreeRADIUS: View Configuration"; include("head.inc"); @@ -78,10 +74,6 @@ else{ <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - <?php if($one_two): ?> - <p class="pgtitle"><?=$pgtitle?></font></p> - <?php endif; ?> - <?php if ($savemsg) print_info_box($savemsg); ?> <form action="freeradius_view_config.php" method="post"> diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index 05b5515a..594e7398 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -200,7 +200,7 @@ </adddeleteeditpagefields> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> @@ -227,13 +227,13 @@ <type>input</type> </field> <field> - <name>MISCELLANEOUS CONFIGURATION</name> + <name>Miscellaneous Configuration</name> <type>listtopic</type> </field> <field> <fielddescr>Redirection URL</fielddescr> <fieldname>varmacsswisprredirectionurl</fieldname> - <description><![CDATA[Enter the URL the MAC should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description> + <description><![CDATA[Enter the URL the MAC should be redirected to after successful login. (e.g.: http://www.google.com)]]></description> <type>input</type> </field> <field> @@ -250,7 +250,7 @@ <type>input</type> </field> <field> - <name>NETWORK CONFIGURATION</name> + <name>Network Configuration</name> <type>listtopic</type> </field> <field> @@ -287,7 +287,7 @@ <type>input</type> </field> <field> - <name>TIME CONFIGURATION</name> + <name>Time Configuration</name> <type>listtopic</type> </field> <field> @@ -331,7 +331,7 @@ </options> </field> <field> - <name>TRAFFIC AND BANDWIDTH</name> + <name>Traffic and Bandwidth</name> <type>listtopic</type> </field> <field> @@ -372,7 +372,7 @@ <type>input</type> </field> <field> - <name>ADVANCED CONFIGURATION</name> + <name>Advanced Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index 6108215b..4909411a 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -98,7 +98,7 @@ </tabs> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 215a751e..4e66a597 100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -132,13 +132,13 @@ </adddeleteeditpagefields> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> <fielddescr>Client IP Address</fielddescr> <fieldname>varclientip</fieldname> - <description><![CDATA[Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint).]]></description> + <description><![CDATA[Enter the IP address of the RADIUS client. This is the IP of the NAS (switch, access point, firewall, router, etc.).]]></description> <type>input</type> <required/> </field> @@ -156,19 +156,19 @@ <field> <fielddescr>Client Shortname</fielddescr> <fieldname>varclientshortname</fieldname> - <description><![CDATA[Enter shortname of the client. This is in general the hostname of the NAS (switch,accesspoint).]]></description> + <description><![CDATA[Enter a short name for the client. This is generally the hostname of the NAS.]]></description> <type>input</type> <required/> </field> <field> <fielddescr>Client Shared Secret</fielddescr> <fieldname>varclientsharedsecret</fieldname> - <description><![CDATA[Enter the shared secret of the client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description> + <description><![CDATA[Enter the shared secret of the RADIUS client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description> <type>password</type> <required/> </field> <field> - <name>MISCELLANEOUS CONFIGURATION</name> + <name>Miscellaneous Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index 8f8e4dc7..947ef6b9 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -105,7 +105,7 @@ <field> <fielddescr>Disable weak EAP types</fielddescr> <fieldname>vareapconfdisableweakeaptypes</fieldname> - <description><![CDATA[Here you disable the weak EAP types MD5, GTC and LEAP. You should do this if you want that only stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description> + <description><![CDATA[Here you can disable the weak EAP types MD5, GTC and LEAP. Check this to only allow stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description> <type>checkbox</type> </field> <field> @@ -134,7 +134,7 @@ <field> <fielddescr>Ignore Unknown EAP Types</fielddescr> <fieldname>vareapconfignoreunknowneaptypes</fieldname> - <description><![CDATA[If the RADIUS does not know the EAP type it rejects it. If set to "yes" an other module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description> + <description><![CDATA[If the RADIUS server does not know the EAP type, it rejects it. If set to "yes" another module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> @@ -161,23 +161,23 @@ <default_value>4096</default_value> </field> <field> - <name>CERTIFICATES FOR TLS</name> + <name>Certificates for TLS</name> <type>listtopic</type> </field> <field> - <fielddescr>Choose Cert-Manager</fielddescr> + <fielddescr>Choose Cert Manager</fielddescr> <fieldname>vareapconfchoosecertmanager</fieldname> <description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br> - To use the firewall's built-in Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br> - <b>uncheked</b>: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)<br> - <b>cheked</b>: Firewall Cert-Manager (recommended)]]></description> + To use the firewall's built-in Certificate Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br> + <b>unchecked</b>: FreeRADIUS Cert Manager (not recommended) (Default: unchecked)<br> + <b>checked</b>: Firewall Cert Manager (recommended)]]></description> <type>checkbox</type> <enablefields>ssl_ca_cert,ssl_ca_crl,ssl_server_cert</enablefields> </field> <field> <fielddescr>Private Key Password</fielddescr> <fieldname>vareapconfprivatekeypassword</fieldname> - <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> + <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty.]]></description> <type>password</type> <default_value>whatever</default_value> </field> @@ -306,7 +306,7 @@ <field> - <name>EAP-TLS - ENABLE CACHE</name> + <name>EAP-TLS - Enable Cache</name> <type>listtopic</type> </field> <field> @@ -334,7 +334,7 @@ <field> <fielddescr>Max Entries</fielddescr> <fieldname>vareapconfcachemaxentries</fieldname> - <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite". This could be set to the number of users who are logged in... which can be a LOT. (Default: 255)]]></description> + <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite." (Default: 255)]]></description> <type>input</type> <default_value>255</default_value> </field> @@ -470,7 +470,7 @@ <field> <fielddescr>Microsoft Statement of Health (SoH) Support</fielddescr> <fieldname>vareapconfpeapsohenable</fieldname> - <description><![CDATA[You can accept/reject clients if they have not actual windows updates and more. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package (re)installation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description> + <description><![CDATA[You can accept/reject clients based on Microsoft's Statement of Health, such as if they are missing Windows updates, don't have a firewall enabled, antivirus not in line with policy, etc. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package reinstallation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description> <type>select</type> <default_value>Disable</default_value> <options> diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index 1233f72f..5427f988 100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -120,7 +120,7 @@ </adddeleteeditpagefields> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> @@ -175,7 +175,7 @@ <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description><![CDATA[Enter any description you like for this interface.]]></description> + <description><![CDATA[Optionally enter a description here for your reference.]]></description> <type>input</type> </field> </fields> diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index 5abe85cb..e476b877 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -115,7 +115,7 @@ <type>checkbox</type> </field> <field> - <name>GENERAL CONFIGURATION - SERVER 1</name> + <name>General Configuration - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -207,7 +207,7 @@ <default_value>1</default_value> </field> <field> - <name>MISCELLANEOUS CONFIGURATION - SERVER 1</name> + <name>Miscellaneous Configuration - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -434,7 +434,7 @@ <type>checkbox</type> </field> <field> - <name>GENERAL CONFIGURATION - SERVER 2</name> + <name>General Configuration - SERVER 2</name> <type>listtopic</type> </field> <field> @@ -526,7 +526,7 @@ <default_value>1</default_value> </field> <field> - <name>MISCELLANEOUS CONFIGURATION - SERVER 2</name> + <name>Miscellaneous Configuration - SERVER 2</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 1d908ca4..78c65372 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -8,7 +8,8 @@ /* ========================================================================== */ /* freeradiussettings.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfsense.org) + Copyright (C) 2014 Electric Sheep Fencing, LP Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> All rights reserved. @@ -98,7 +99,7 @@ </tabs> <fields> <field> - <name>GENERAL CONFIGURATION</name> + <name>General Configuration</name> <type>listtopic</type> </field> <field> @@ -162,7 +163,7 @@ <field> <fielddescr>Logging Destination of RADIUS</fielddescr> <fieldname>varsettingslogdir</fieldname> - <description><![CDATA[Choose the destination where freeRADIUS should log. This will log if service started or failed but no authentication information. (Default: radius.log)]]></description> + <description><![CDATA[Choose the destination where freeRADIUS will log. This will log general service information, but no authentication information. (Default: radius.log)]]></description> <type>select</type> <default_value>syslog</default_value> <options> @@ -316,7 +317,7 @@ <field> <fielddescr>Enable Mobile-One-Time-Password</fielddescr> <fieldname>varsettingsmotpenable</fieldname> - <description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. If you enable this the first time we need to download and install package "bash-4.1.7" so the process will need some time. (Default: unchecked)]]></description> + <description><![CDATA[This enables the possibility to authenticate using a username and one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. (Default: unchecked)]]></description> <type>checkbox</type> <enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts,varsettingsmotpchecksumtype,varsettingsmotptokenlength</enablefields> </field> @@ -330,14 +331,14 @@ <field> <fielddescr>Number of invalid password attempts</fielddescr> <fieldname>varsettingsmotppasswordattempts</fieldname> - <description><![CDATA[After this the user will be locked out until the admin unlocks the user. (Default: 5)]]></description> + <description><![CDATA[After this many failed attempts, the user will be locked out until an admin unlocks the user. (Default: 5)]]></description> <type>input</type> <default_value>5</default_value> </field> <field> <fielddescr>Hash algorithm</fielddescr> <fieldname>varsettingsmotpchecksumtype</fieldname> - <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: md5)]]></description> + <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: md5)]]></description> <type>select</type> <default_value>md5</default_value> <options> @@ -349,12 +350,12 @@ <field> <fielddescr>Token Password length</fielddescr> <fieldname>varsettingsmotptokenlength</fieldname> - <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: 1-6)]]></description> + <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: 1-6)]]></description> <type>input</type> <default_value>1-6</default_value> </field> <field> - <name>MISCELLANEOUS CONFIGURATION</name> + <name>Miscellaneous Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml index bb72a07a..f8f7ebc3 100644 --- a/config/freeradius2/freeradiussqlconf.xml +++ b/config/freeradius2/freeradiussqlconf.xml @@ -98,7 +98,7 @@ </tabs> <fields> <field> - <name>ENABLE SQL DATABASE - SERVER 1</name> + <name>Enable SQL Database- Server 1</name> <type>listtopic</type> </field> <field> @@ -117,7 +117,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -129,7 +129,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -141,7 +141,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -153,12 +153,12 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> <field> - <name>SQL DATABASE CONFIGURATION - SERVER 1</name> + <name>SQL Database Configuration - Server 1</name> <type>listtopic</type> </field> <field> @@ -331,7 +331,7 @@ <field> <fielddescr>Read Clients from Database</fielddescr> <fieldname>varsqlconfreadclients</fieldname> - <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description> + <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description> <type>select</type> <default_value>yes</default_value> <options> @@ -347,7 +347,7 @@ <default_value>nas</default_value> </field> <field> - <name>ENABLE REDUNDANT SQL DATABASE SUPPORT</name> + <name>Enable Redundant SQL Database Support</name> <type>listtopic</type> </field> <field> @@ -366,7 +366,7 @@ </options> </field> <field> - <name>ENABLE SQL DATABASE - SERVER 2</name> + <name>Enable SQL Database - Server 2</name> <type>listtopic</type> </field> <field> @@ -385,7 +385,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -397,7 +397,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -409,7 +409,7 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> @@ -421,12 +421,12 @@ <type>select</type> <default_value>Disable</default_value> <options> - <option><name>Disbale</name><value>Disable</value></option> + <option><name>Disable</name><value>Disable</value></option> <option><name>Enable</name><value>Enable</value></option> </options> </field> <field> - <name>SQL DATABASE CONFIGURATION - SERVER 2</name> + <name>SQL Database Configuration - Server 2</name> <type>listtopic</type> </field> <field> @@ -599,7 +599,7 @@ <field> <fielddescr>Read Clients from Database</fielddescr> <fieldname>varsqlconf2readclients</fieldname> - <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description> + <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description> <type>select</type> <default_value>yes</default_value> <options> diff --git a/config/freeswitch/begin_recording.wav b/config/freeswitch/begin_recording.wav Binary files differdeleted file mode 100755 index 9e4992ca..00000000 --- a/config/freeswitch/begin_recording.wav +++ /dev/null diff --git a/config/freeswitch/call_forward_has_been_deleted.wav b/config/freeswitch/call_forward_has_been_deleted.wav Binary files differdeleted file mode 100644 index ebe6ed36..00000000 --- a/config/freeswitch/call_forward_has_been_deleted.wav +++ /dev/null diff --git a/config/freeswitch/call_forward_has_been_set.wav b/config/freeswitch/call_forward_has_been_set.wav Binary files differdeleted file mode 100644 index 58262852..00000000 --- a/config/freeswitch/call_forward_has_been_set.wav +++ /dev/null diff --git a/config/freeswitch/class.phpmailer.tmp b/config/freeswitch/class.phpmailer.tmp deleted file mode 100755 index 2ddc30fd..00000000 --- a/config/freeswitch/class.phpmailer.tmp +++ /dev/null @@ -1,1896 +0,0 @@ -<?php -/*~ class.phpmailer.php -.---------------------------------------------------------------------------. -| Software: PHPMailer - PHP email class | -| Version: 2.0.2 | -| Contact: via sourceforge.net support pages (also www.codeworxtech.com) | -| Info: http://phpmailer.sourceforge.net | -| Support: http://sourceforge.net/projects/phpmailer/ | -| ------------------------------------------------------------------------- | -| Author: Andy Prevost (project admininistrator) | -| Author: Brent R. Matzelle (original founder) | -| Copyright (c) 2004-2007, Andy Prevost. All Rights Reserved. | -| Copyright (c) 2001-2003, Brent R. Matzelle | -| ------------------------------------------------------------------------- | -| License: Distributed under the Lesser General Public License (LGPL) | -| http://www.gnu.org/copyleft/lesser.html | -| This program is distributed in the hope that it will be useful - WITHOUT | -| ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | -| FITNESS FOR A PARTICULAR PURPOSE. | -| ------------------------------------------------------------------------- | -| We offer a number of paid services (www.codeworxtech.com): | -| - Web Hosting on highly optimized fast and secure servers | -| - Technology Consulting | -| - Oursourcing (highly qualified programmers and graphic designers) | -'---------------------------------------------------------------------------' - -/** - * PHPMailer - PHP email transport class - * @package PHPMailer - * @author Andy Prevost - * @copyright 2004 - 2008 Andy Prevost - */ - -class PHPMailer { - - ///////////////////////////////////////////////// - // PROPERTIES, PUBLIC - ///////////////////////////////////////////////// - - /** - * Email priority (1 = High, 3 = Normal, 5 = low). - * @var int - */ - var $Priority = 3; - - /** - * Sets the CharSet of the message. - * @var string - */ - var $CharSet = 'iso-8859-1'; - - /** - * Sets the Content-type of the message. - * @var string - */ - var $ContentType = 'text/plain'; - - /** - * Sets the Encoding of the message. Options for this are "8bit", - * "7bit", "binary", "base64", and "quoted-printable". - * @var string - */ - var $Encoding = '8bit'; - - /** - * Holds the most recent mailer error message. - * @var string - */ - var $ErrorInfo = ''; - - /** - * Sets the From email address for the message. - * @var string - */ - var $From = 'root@localhost'; - - /** - * Sets the From name of the message. - * @var string - */ - var $FromName = 'Root User'; - - /** - * Sets the Sender email (Return-Path) of the message. If not empty, - * will be sent via -f to sendmail or as 'MAIL FROM' in smtp mode. - * @var string - */ - var $Sender = ''; - - /** - * Sets the Subject of the message. - * @var string - */ - var $Subject = ''; - - /** - * Sets the Body of the message. This can be either an HTML or text body. - * If HTML then run IsHTML(true). - * @var string - */ - var $Body = ''; - - /** - * Sets the text-only body of the message. This automatically sets the - * email to multipart/alternative. This body can be read by mail - * clients that do not have HTML email capability such as mutt. Clients - * that can read HTML will view the normal Body. - * @var string - */ - var $AltBody = ''; - - /** - * Sets word wrapping on the body of the message to a given number of - * characters. - * @var int - */ - var $WordWrap = 0; - - /** - * Method to send mail: ("mail", "sendmail", or "smtp"). - * @var string - */ - var $Mailer = 'mail'; - - /** - * Sets the path of the sendmail program. - * @var string - */ - var $Sendmail = '/usr/sbin/sendmail'; - - /** - * Path to PHPMailer plugins. This is now only useful if the SMTP class - * is in a different directory than the PHP include path. - * @var string - */ - var $PluginDir = ''; - - /** - * Holds PHPMailer version. - * @var string - */ - var $Version = "2.0.2"; - - /** - * Sets the email address that a reading confirmation will be sent. - * @var string - */ - var $ConfirmReadingTo = ''; - - /** - * Sets the hostname to use in Message-Id and Received headers - * and as default HELO string. If empty, the value returned - * by SERVER_NAME is used or 'localhost.localdomain'. - * @var string - */ - var $Hostname = ''; - - /** - * Sets the message ID to be used in the Message-Id header. - * If empty, a unique id will be generated. - * @var string - */ - var $MessageID = ''; - - ///////////////////////////////////////////////// - // PROPERTIES FOR SMTP - ///////////////////////////////////////////////// - - /** - * Sets the SMTP hosts. All hosts must be separated by a - * semicolon. You can also specify a different port - * for each host by using this format: [hostname:port] - * (e.g. "smtp1.example.com:25;smtp2.example.com"). - * Hosts will be tried in order. - * @var string - */ - var $Host = 'localhost'; - - /** - * Sets the default SMTP server port. - * @var int - */ - var $Port = 25; - - /** - * Sets the SMTP HELO of the message (Default is $Hostname). - * @var string - */ - var $Helo = ''; - - /** - * Sets connection prefix. - * Options are "", "ssl" or "tls" - * @var string - */ - var $SMTPSecure = ""; - - /** - * Sets SMTP authentication. Utilizes the Username and Password variables. - * @var bool - */ - var $SMTPAuth = false; - - /** - * Sets SMTP username. - * @var string - */ - var $Username = ''; - - /** - * Sets SMTP password. - * @var string - */ - var $Password = ''; - - /** - * Sets the SMTP server timeout in seconds. This function will not - * work with the win32 version. - * @var int - */ - var $Timeout = 10; - - /** - * Sets SMTP class debugging on or off. - * @var bool - */ - var $SMTPDebug = false; - - /** - * Prevents the SMTP connection from being closed after each mail - * sending. If this is set to true then to close the connection - * requires an explicit call to SmtpClose(). - * @var bool - */ - var $SMTPKeepAlive = false; - - /** - * Provides the ability to have the TO field process individual - * emails, instead of sending to entire TO addresses - * @var bool - */ - var $SingleTo = false; - - ///////////////////////////////////////////////// - // PROPERTIES, PRIVATE - ///////////////////////////////////////////////// - - var $smtp = NULL; - var $to = array(); - var $cc = array(); - var $bcc = array(); - var $ReplyTo = array(); - var $attachment = array(); - var $CustomHeader = array(); - var $message_type = ''; - var $boundary = array(); - var $language = array(); - var $error_count = 0; - var $LE = "\n"; - var $sign_key_file = ""; - var $sign_key_pass = ""; - - ///////////////////////////////////////////////// - // METHODS, VARIABLES - ///////////////////////////////////////////////// - - /** - * Sets message type to HTML. - * @param bool $bool - * @return void - */ - function IsHTML($bool) { - if($bool == true) { - $this->ContentType = 'text/html'; - } else { - $this->ContentType = 'text/plain'; - } - } - - /** - * Sets Mailer to send message using SMTP. - * @return void - */ - function IsSMTP() { - $this->Mailer = 'smtp'; - } - - /** - * Sets Mailer to send message using PHP mail() function. - * @return void - */ - function IsMail() { - $this->Mailer = 'mail'; - } - - /** - * Sets Mailer to send message using the $Sendmail program. - * @return void - */ - function IsSendmail() { - $this->Mailer = 'sendmail'; - } - - /** - * Sets Mailer to send message using the qmail MTA. - * @return void - */ - function IsQmail() { - $this->Sendmail = '/var/qmail/bin/sendmail'; - $this->Mailer = 'sendmail'; - } - - ///////////////////////////////////////////////// - // METHODS, RECIPIENTS - ///////////////////////////////////////////////// - - /** - * Adds a "To" address. - * @param string $address - * @param string $name - * @return void - */ - function AddAddress($address, $name = '') { - $cur = count($this->to); - $this->to[$cur][0] = trim($address); - $this->to[$cur][1] = $name; - } - - /** - * Adds a "Cc" address. Note: this function works - * with the SMTP mailer on win32, not with the "mail" - * mailer. - * @param string $address - * @param string $name - * @return void - */ - function AddCC($address, $name = '') { - $cur = count($this->cc); - $this->cc[$cur][0] = trim($address); - $this->cc[$cur][1] = $name; - } - - /** - * Adds a "Bcc" address. Note: this function works - * with the SMTP mailer on win32, not with the "mail" - * mailer. - * @param string $address - * @param string $name - * @return void - */ - function AddBCC($address, $name = '') { - $cur = count($this->bcc); - $this->bcc[$cur][0] = trim($address); - $this->bcc[$cur][1] = $name; - } - - /** - * Adds a "Reply-To" address. - * @param string $address - * @param string $name - * @return void - */ - function AddReplyTo($address, $name = '') { - $cur = count($this->ReplyTo); - $this->ReplyTo[$cur][0] = trim($address); - $this->ReplyTo[$cur][1] = $name; - } - - ///////////////////////////////////////////////// - // METHODS, MAIL SENDING - ///////////////////////////////////////////////// - - /** - * Creates message and assigns Mailer. If the message is - * not sent successfully then it returns false. Use the ErrorInfo - * variable to view description of the error. - * @return bool - */ - function Send() { - $header = ''; - $body = ''; - $result = true; - - if((count($this->to) + count($this->cc) + count($this->bcc)) < 1) { - $this->SetError($this->Lang('provide_address')); - return false; - } - - /* Set whether the message is multipart/alternative */ - if(!empty($this->AltBody)) { - $this->ContentType = 'multipart/alternative'; - } - - $this->error_count = 0; // reset errors - $this->SetMessageType(); - $header .= $this->CreateHeader(); - $body = $this->CreateBody(); - - if($body == '') { - return false; - } - - /* Choose the mailer */ - switch($this->Mailer) { - case 'sendmail': - $result = $this->SendmailSend($header, $body); - break; - case 'smtp': - $result = $this->SmtpSend($header, $body); - break; - case 'mail': - $result = $this->MailSend($header, $body); - break; - default: - $result = $this->MailSend($header, $body); - break; - //$this->SetError($this->Mailer . $this->Lang('mailer_not_supported')); - //$result = false; - //break; - } - - return $result; - } - - /** - * Sends mail using the $Sendmail program. - * @access private - * @return bool - */ - function SendmailSend($header, $body) { - if ($this->Sender != '') { - $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); - } else { - $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); - } - - if(!@$mail = popen($sendmail, 'w')) { - $this->SetError($this->Lang('execute') . $this->Sendmail); - return false; - } - - fputs($mail, $header); - fputs($mail, $body); - - $result = pclose($mail); - if (version_compare(phpversion(), '4.2.3') == -1) { - $result = $result >> 8 & 0xFF; - } - if($result != 0) { - $this->SetError($this->Lang('execute') . $this->Sendmail); - return false; - } - return true; - } - - /** - * Sends mail using the PHP mail() function. - * @access private - * @return bool - */ - function MailSend($header, $body) { - - $to = ''; - for($i = 0; $i < count($this->to); $i++) { - if($i != 0) { $to .= ', '; } - $to .= $this->AddrFormat($this->to[$i]); - } - - $toArr = split(',', $to); - - $params = sprintf("-oi -f %s", $this->Sender); - if ($this->Sender != '' && strlen(ini_get('safe_mode')) < 1) { - $old_from = ini_get('sendmail_from'); - ini_set('sendmail_from', $this->Sender); - if ($this->SingleTo === true && count($toArr) > 1) { - foreach ($toArr as $key => $val) { - $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - if ($this->SingleTo === true && count($toArr) > 1) { - foreach ($toArr as $key => $val) { - $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header); - } - } - - if (isset($old_from)) { - ini_set('sendmail_from', $old_from); - } - - if(!$rt) { - $this->SetError($this->Lang('instantiate')); - return false; - } - - return true; - } - - /** - * Sends mail via SMTP using PhpSMTP (Author: - * Chris Ryan). Returns bool. Returns false if there is a - * bad MAIL FROM, RCPT, or DATA input. - * @access private - * @return bool - */ - function SmtpSend($header, $body) { - include_once($this->PluginDir . 'class.smtp.php'); - $error = ''; - $bad_rcpt = array(); - - if(!$this->SmtpConnect()) { - return false; - } - - $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender; - if(!$this->smtp->Mail($smtp_from)) { - $error = $this->Lang('from_failed') . $smtp_from; - $this->SetError($error); - $this->smtp->Reset(); - return false; - } - - /* Attempt to send attach all recipients */ - for($i = 0; $i < count($this->to); $i++) { - if(!$this->smtp->Recipient($this->to[$i][0])) { - $bad_rcpt[] = $this->to[$i][0]; - } - } - for($i = 0; $i < count($this->cc); $i++) { - if(!$this->smtp->Recipient($this->cc[$i][0])) { - $bad_rcpt[] = $this->cc[$i][0]; - } - } - for($i = 0; $i < count($this->bcc); $i++) { - if(!$this->smtp->Recipient($this->bcc[$i][0])) { - $bad_rcpt[] = $this->bcc[$i][0]; - } - } - - if(count($bad_rcpt) > 0) { // Create error message - for($i = 0; $i < count($bad_rcpt); $i++) { - if($i != 0) { - $error .= ', '; - } - $error .= $bad_rcpt[$i]; - } - $error = $this->Lang('recipients_failed') . $error; - $this->SetError($error); - $this->smtp->Reset(); - return false; - } - - if(!$this->smtp->Data($header . $body)) { - $this->SetError($this->Lang('data_not_accepted')); - $this->smtp->Reset(); - return false; - } - if($this->SMTPKeepAlive == true) { - $this->smtp->Reset(); - } else { - $this->SmtpClose(); - } - - return true; - } - - /** - * Initiates a connection to an SMTP server. Returns false if the - * operation failed. - * @access private - * @return bool - */ - function SmtpConnect() { - if($this->smtp == NULL) { - $this->smtp = new SMTP(); - } - - $this->smtp->do_debug = $this->SMTPDebug; - $hosts = explode(';', $this->Host); - $index = 0; - $connection = ($this->smtp->Connected()); - - /* Retry while there is no connection */ - while($index < count($hosts) && $connection == false) { - $hostinfo = array(); - if(eregi('^(.+):([0-9]+)$', $hosts[$index], $hostinfo)) { - $host = $hostinfo[1]; - $port = $hostinfo[2]; - } else { - $host = $hosts[$index]; - $port = $this->Port; - } - - if($this->smtp->Connect(((!empty($this->SMTPSecure))?$this->SMTPSecure.'://':'').$host, $port, $this->Timeout)) { - if ($this->Helo != '') { - $this->smtp->Hello($this->Helo); - } else { - $this->smtp->Hello($this->ServerHostname()); - } - - $connection = true; - if($this->SMTPAuth) { - if(!$this->smtp->Authenticate($this->Username, $this->Password)) { - $this->SetError($this->Lang('authenticate')); - $this->smtp->Reset(); - $connection = false; - } - } - } - $index++; - } - if(!$connection) { - $this->SetError($this->Lang('connect_host')); - } - - return $connection; - } - - /** - * Closes the active SMTP session if one exists. - * @return void - */ - function SmtpClose() { - if($this->smtp != NULL) { - if($this->smtp->Connected()) { - $this->smtp->Quit(); - $this->smtp->Close(); - } - } - } - - /** - * Sets the language for all class error messages. Returns false - * if it cannot load the language file. The default language type - * is English. - * @param string $lang_type Type of language (e.g. Portuguese: "br") - * @param string $lang_path Path to the language file directory - * @access public - * @return bool - */ - function SetLanguage($lang_type, $lang_path = 'language/') { - if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php')) { - include($lang_path.'phpmailer.lang-'.$lang_type.'.php'); - } elseif (file_exists($lang_path.'phpmailer.lang-en.php')) { - include($lang_path.'phpmailer.lang-en.php'); - } else { - $this->SetError('Could not load language file'); - return false; - } - $this->language = $PHPMAILER_LANG; - - return true; - } - - ///////////////////////////////////////////////// - // METHODS, MESSAGE CREATION - ///////////////////////////////////////////////// - - /** - * Creates recipient headers. - * @access private - * @return string - */ - function AddrAppend($type, $addr) { - $addr_str = $type . ': '; - $addr_str .= $this->AddrFormat($addr[0]); - if(count($addr) > 1) { - for($i = 1; $i < count($addr); $i++) { - $addr_str .= ', ' . $this->AddrFormat($addr[$i]); - } - } - $addr_str .= $this->LE; - - return $addr_str; - } - - /** - * Formats an address correctly. - * @access private - * @return string - */ - function AddrFormat($addr) { - if(empty($addr[1])) { - $formatted = $this->SecureHeader($addr[0]); - } else { - $formatted = $this->EncodeHeader($this->SecureHeader($addr[1]), 'phrase') . " <" . $this->SecureHeader($addr[0]) . ">"; - } - - return $formatted; - } - - /** - * Wraps message for use with mailers that do not - * automatically perform wrapping and for quoted-printable. - * Original written by philippe. - * @access private - * @return string - */ - function WrapText($message, $length, $qp_mode = false) { - $soft_break = ($qp_mode) ? sprintf(" =%s", $this->LE) : $this->LE; - // If utf-8 encoding is used, we will need to make sure we don't - // split multibyte characters when we wrap - $is_utf8 = (strtolower($this->CharSet) == "utf-8"); - - $message = $this->FixEOL($message); - if (substr($message, -1) == $this->LE) { - $message = substr($message, 0, -1); - } - - $line = explode($this->LE, $message); - $message = ''; - for ($i=0 ;$i < count($line); $i++) { - $line_part = explode(' ', $line[$i]); - $buf = ''; - for ($e = 0; $e<count($line_part); $e++) { - $word = $line_part[$e]; - if ($qp_mode and (strlen($word) > $length)) { - $space_left = $length - strlen($buf) - 1; - if ($e != 0) { - if ($space_left > 20) { - $len = $space_left; - if ($is_utf8) { - $len = $this->UTF8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == "=") { - $len--; - } elseif (substr($word, $len - 2, 1) == "=") { - $len -= 2; - } - $part = substr($word, 0, $len); - $word = substr($word, $len); - $buf .= ' ' . $part; - $message .= $buf . sprintf("=%s", $this->LE); - } else { - $message .= $buf . $soft_break; - } - $buf = ''; - } - while (strlen($word) > 0) { - $len = $length; - if ($is_utf8) { - $len = $this->UTF8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == "=") { - $len--; - } elseif (substr($word, $len - 2, 1) == "=") { - $len -= 2; - } - $part = substr($word, 0, $len); - $word = substr($word, $len); - - if (strlen($word) > 0) { - $message .= $part . sprintf("=%s", $this->LE); - } else { - $buf = $part; - } - } - } else { - $buf_o = $buf; - $buf .= ($e == 0) ? $word : (' ' . $word); - - if (strlen($buf) > $length and $buf_o != '') { - $message .= $buf_o . $soft_break; - $buf = $word; - } - } - } - $message .= $buf . $this->LE; - } - - return $message; - } - - /** - * Finds last character boundary prior to maxLength in a utf-8 - * quoted (printable) encoded string. - * Original written by Colin Brown. - * @access private - * @param string $encodedText utf-8 QP text - * @param int $maxLength find last character boundary prior to this length - * @return int - */ - function UTF8CharBoundary($encodedText, $maxLength) { - $foundSplitPos = false; - $lookBack = 3; - while (!$foundSplitPos) { - $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); - $encodedCharPos = strpos($lastChunk, "="); - if ($encodedCharPos !== false) { - // Found start of encoded character byte within $lookBack block. - // Check the encoded byte value (the 2 chars after the '=') - $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); - $dec = hexdec($hex); - if ($dec < 128) { // Single byte character. - // If the encoded char was found at pos 0, it will fit - // otherwise reduce maxLength to start of the encoded char - $maxLength = ($encodedCharPos == 0) ? $maxLength : - $maxLength - ($lookBack - $encodedCharPos); - $foundSplitPos = true; - } elseif ($dec >= 192) { // First byte of a multi byte character - // Reduce maxLength to split at start of character - $maxLength = $maxLength - ($lookBack - $encodedCharPos); - $foundSplitPos = true; - } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back - $lookBack += 3; - } - } else { - // No encoded character found - $foundSplitPos = true; - } - } - return $maxLength; - } - - /** - * Set the body wrapping. - * @access private - * @return void - */ - function SetWordWrap() { - if($this->WordWrap < 1) { - return; - } - - switch($this->message_type) { - case 'alt': - /* fall through */ - case 'alt_attachments': - $this->AltBody = $this->WrapText($this->AltBody, $this->WordWrap); - break; - default: - $this->Body = $this->WrapText($this->Body, $this->WordWrap); - break; - } - } - - /** - * Assembles message header. - * @access private - * @return string - */ - function CreateHeader() { - $result = ''; - - /* Set the boundaries */ - $uniq_id = md5(uniqid(time())); - $this->boundary[1] = 'b1_' . $uniq_id; - $this->boundary[2] = 'b2_' . $uniq_id; - - $result .= $this->HeaderLine('Date', $this->RFCDate()); - if($this->Sender == '') { - $result .= $this->HeaderLine('Return-Path', trim($this->From)); - } else { - $result .= $this->HeaderLine('Return-Path', trim($this->Sender)); - } - - /* To be created automatically by mail() */ - if($this->Mailer != 'mail') { - if(count($this->to) > 0) { - $result .= $this->AddrAppend('To', $this->to); - } elseif (count($this->cc) == 0) { - $result .= $this->HeaderLine('To', 'undisclosed-recipients:;'); - } - if(count($this->cc) > 0) { - $result .= $this->AddrAppend('Cc', $this->cc); - } - } - - $from = array(); - $from[0][0] = trim($this->From); - $from[0][1] = $this->FromName; - $result .= $this->AddrAppend('From', $from); - - /* sendmail and mail() extract Cc from the header before sending */ - if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->cc) > 0)) { - $result .= $this->AddrAppend('Cc', $this->cc); - } - - /* sendmail and mail() extract Bcc from the header before sending */ - if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) { - $result .= $this->AddrAppend('Bcc', $this->bcc); - } - - if(count($this->ReplyTo) > 0) { - $result .= $this->AddrAppend('Reply-To', $this->ReplyTo); - } - - /* mail() sets the subject itself */ - if($this->Mailer != 'mail') { - $result .= $this->HeaderLine('Subject', $this->EncodeHeader($this->SecureHeader($this->Subject))); - } - - if($this->MessageID != '') { - $result .= $this->HeaderLine('Message-ID',$this->MessageID); - } else { - $result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE); - } - $result .= $this->HeaderLine('X-Priority', $this->Priority); - $result .= $this->HeaderLine('X-Mailer', 'PHPMailer (phpmailer.sourceforge.net) [version ' . $this->Version . ']'); - - if($this->ConfirmReadingTo != '') { - $result .= $this->HeaderLine('Disposition-Notification-To', '<' . trim($this->ConfirmReadingTo) . '>'); - } - - // Add custom headers - for($index = 0; $index < count($this->CustomHeader); $index++) { - $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), $this->EncodeHeader(trim($this->CustomHeader[$index][1]))); - } - if (!$this->sign_key_file) { - $result .= $this->HeaderLine('MIME-Version', '1.0'); - $result .= $this->GetMailMIME(); - } - - return $result; - } - - /** - * Returns the message MIME. - * @access private - * @return string - */ - function GetMailMIME() { - $result = ''; - switch($this->message_type) { - case 'plain': - $result .= $this->HeaderLine('Content-Transfer-Encoding', $this->Encoding); - $result .= sprintf("Content-Type: %s; charset=\"%s\"", $this->ContentType, $this->CharSet); - break; - case 'attachments': - /* fall through */ - case 'alt_attachments': - if($this->InlineImageExists()){ - $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", 'multipart/related', $this->LE, $this->LE, $this->boundary[1], $this->LE); - } else { - $result .= $this->HeaderLine('Content-Type', 'multipart/mixed;'); - $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); - } - break; - case 'alt': - $result .= $this->HeaderLine('Content-Type', 'multipart/alternative;'); - $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); - break; - } - - if($this->Mailer != 'mail') { - $result .= $this->LE.$this->LE; - } - - return $result; - } - - /** - * Assembles the message body. Returns an empty string on failure. - * @access private - * @return string - */ - function CreateBody() { - $result = ''; - if ($this->sign_key_file) { - $result .= $this->GetMailMIME(); - } - - $this->SetWordWrap(); - - switch($this->message_type) { - case 'alt': - $result .= $this->GetBoundary($this->boundary[1], '', 'text/plain', ''); - $result .= $this->EncodeString($this->AltBody, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->GetBoundary($this->boundary[1], '', 'text/html', ''); - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->EndBoundary($this->boundary[1]); - break; - case 'plain': - $result .= $this->EncodeString($this->Body, $this->Encoding); - break; - case 'attachments': - $result .= $this->GetBoundary($this->boundary[1], '', '', ''); - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE; - $result .= $this->AttachAll(); - break; - case 'alt_attachments': - $result .= sprintf("--%s%s", $this->boundary[1], $this->LE); - $result .= sprintf("Content-Type: %s;%s" . "\tboundary=\"%s\"%s", 'multipart/alternative', $this->LE, $this->boundary[2], $this->LE.$this->LE); - $result .= $this->GetBoundary($this->boundary[2], '', 'text/plain', '') . $this->LE; // Create text body - $result .= $this->EncodeString($this->AltBody, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->GetBoundary($this->boundary[2], '', 'text/html', '') . $this->LE; // Create the HTML body - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->EndBoundary($this->boundary[2]); - $result .= $this->AttachAll(); - break; - } - - if($this->IsError()) { - $result = ''; - } else if ($this->sign_key_file) { - $file = tempnam("", "mail"); - $fp = fopen($file, "w"); - fwrite($fp, $result); - fclose($fp); - $signed = tempnam("", "signed"); - - if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_key_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) { - $fp = fopen($signed, "r"); - $result = fread($fp, filesize($this->sign_key_file)); - fclose($fp); - } else { - $this->SetError($this->Lang("signing").openssl_error_string()); - $result = ''; - } - - unlink($file); - unlink($signed); - } - - return $result; - } - - /** - * Returns the start of a message boundary. - * @access private - */ - function GetBoundary($boundary, $charSet, $contentType, $encoding) { - $result = ''; - if($charSet == '') { - $charSet = $this->CharSet; - } - if($contentType == '') { - $contentType = $this->ContentType; - } - if($encoding == '') { - $encoding = $this->Encoding; - } - $result .= $this->TextLine('--' . $boundary); - $result .= sprintf("Content-Type: %s; charset = \"%s\"", $contentType, $charSet); - $result .= $this->LE; - $result .= $this->HeaderLine('Content-Transfer-Encoding', $encoding); - $result .= $this->LE; - - return $result; - } - - /** - * Returns the end of a message boundary. - * @access private - */ - function EndBoundary($boundary) { - return $this->LE . '--' . $boundary . '--' . $this->LE; - } - - /** - * Sets the message type. - * @access private - * @return void - */ - function SetMessageType() { - if(count($this->attachment) < 1 && strlen($this->AltBody) < 1) { - $this->message_type = 'plain'; - } else { - if(count($this->attachment) > 0) { - $this->message_type = 'attachments'; - } - if(strlen($this->AltBody) > 0 && count($this->attachment) < 1) { - $this->message_type = 'alt'; - } - if(strlen($this->AltBody) > 0 && count($this->attachment) > 0) { - $this->message_type = 'alt_attachments'; - } - } - } - - /* Returns a formatted header line. - * @access private - * @return string - */ - function HeaderLine($name, $value) { - return $name . ': ' . $value . $this->LE; - } - - /** - * Returns a formatted mail line. - * @access private - * @return string - */ - function TextLine($value) { - return $value . $this->LE; - } - - ///////////////////////////////////////////////// - // CLASS METHODS, ATTACHMENTS - ///////////////////////////////////////////////// - - /** - * Adds an attachment from a path on the filesystem. - * Returns false if the file could not be found - * or accessed. - * @param string $path Path to the attachment. - * @param string $name Overrides the attachment name. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return bool - */ - function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { - if(!@is_file($path)) { - $this->SetError($this->Lang('file_access') . $path); - return false; - } - - $filename = basename($path); - if($name == '') { - $name = $filename; - } - - $cur = count($this->attachment); - $this->attachment[$cur][0] = $path; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $name; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = false; // isStringAttachment - $this->attachment[$cur][6] = 'attachment'; - $this->attachment[$cur][7] = 0; - - return true; - } - - /** - * Attaches all fs, string, and binary attachments to the message. - * Returns an empty string on failure. - * @access private - * @return string - */ - function AttachAll() { - /* Return text of body */ - $mime = array(); - - /* Add all attachments */ - for($i = 0; $i < count($this->attachment); $i++) { - /* Check for string attachment */ - $bString = $this->attachment[$i][5]; - if ($bString) { - $string = $this->attachment[$i][0]; - } else { - $path = $this->attachment[$i][0]; - } - - $filename = $this->attachment[$i][1]; - $name = $this->attachment[$i][2]; - $encoding = $this->attachment[$i][3]; - $type = $this->attachment[$i][4]; - $disposition = $this->attachment[$i][6]; - $cid = $this->attachment[$i][7]; - - $mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE); - $mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $name, $this->LE); - $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE); - - if($disposition == 'inline') { - $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE); - } - - $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", $disposition, $name, $this->LE.$this->LE); - - /* Encode as string attachment */ - if($bString) { - $mime[] = $this->EncodeString($string, $encoding); - if($this->IsError()) { - return ''; - } - $mime[] = $this->LE.$this->LE; - } else { - $mime[] = $this->EncodeFile($path, $encoding); - if($this->IsError()) { - return ''; - } - $mime[] = $this->LE.$this->LE; - } - } - - $mime[] = sprintf("--%s--%s", $this->boundary[1], $this->LE); - - return join('', $mime); - } - - /** - * Encodes attachment in requested format. Returns an - * empty string on failure. - * @access private - * @return string - */ - function EncodeFile ($path, $encoding = 'base64') { - if(!@$fd = fopen($path, 'rb')) { - $this->SetError($this->Lang('file_open') . $path); - return ''; - } - $magic_quotes = get_magic_quotes_runtime(); - set_magic_quotes_runtime(0); - $file_buffer = fread($fd, filesize($path)); - $file_buffer = $this->EncodeString($file_buffer, $encoding); - fclose($fd); - set_magic_quotes_runtime($magic_quotes); - - return $file_buffer; - } - - /** - * Encodes string to requested format. Returns an - * empty string on failure. - * @access private - * @return string - */ - function EncodeString ($str, $encoding = 'base64') { - $encoded = ''; - switch(strtolower($encoding)) { - case 'base64': - /* chunk_split is found in PHP >= 3.0.6 */ - $encoded = chunk_split(base64_encode($str), 76, $this->LE); - break; - case '7bit': - case '8bit': - $encoded = $this->FixEOL($str); - if (substr($encoded, -(strlen($this->LE))) != $this->LE) - $encoded .= $this->LE; - break; - case 'binary': - $encoded = $str; - break; - case 'quoted-printable': - $encoded = $this->EncodeQP($str); - break; - default: - $this->SetError($this->Lang('encoding') . $encoding); - break; - } - return $encoded; - } - - /** - * Encode a header string to best of Q, B, quoted or none. - * @access private - * @return string - */ - function EncodeHeader ($str, $position = 'text') { - $x = 0; - - switch (strtolower($position)) { - case 'phrase': - if (!preg_match('/[\200-\377]/', $str)) { - /* Can't use addslashes as we don't know what value has magic_quotes_sybase. */ - $encoded = addcslashes($str, "\0..\37\177\\\""); - if (($str == $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { - return ($encoded); - } else { - return ("\"$encoded\""); - } - } - $x = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches); - break; - case 'comment': - $x = preg_match_all('/[()"]/', $str, $matches); - /* Fall-through */ - case 'text': - default: - $x += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches); - break; - } - - if ($x == 0) { - return ($str); - } - - $maxlen = 75 - 7 - strlen($this->CharSet); - /* Try to select the encoding which should produce the shortest output */ - if (strlen($str)/3 < $x) { - $encoding = 'B'; - if (function_exists('mb_strlen') && $this->HasMultiBytes($str)) { - // Use a custom function which correctly encodes and wraps long - // multibyte strings without breaking lines within a character - $encoded = $this->Base64EncodeWrapMB($str); - } else { - $encoded = base64_encode($str); - $maxlen -= $maxlen % 4; - $encoded = trim(chunk_split($encoded, $maxlen, "\n")); - } - } else { - $encoding = 'Q'; - $encoded = $this->EncodeQ($str, $position); - $encoded = $this->WrapText($encoded, $maxlen, true); - $encoded = str_replace('='.$this->LE, "\n", trim($encoded)); - } - - $encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded); - $encoded = trim(str_replace("\n", $this->LE, $encoded)); - - return $encoded; - } - - /** - * Checks if a string contains multibyte characters. - * @access private - * @param string $str multi-byte text to wrap encode - * @return bool - */ - function HasMultiBytes($str) { - if (function_exists('mb_strlen')) { - return (strlen($str) > mb_strlen($str, $this->CharSet)); - } else { // Assume no multibytes (we can't handle without mbstring functions anyway) - return False; - } - } - - /** - * Correctly encodes and wraps long multibyte strings for mail headers - * without breaking lines within a character. - * Adapted from a function by paravoid at http://uk.php.net/manual/en/function.mb-encode-mimeheader.php - * @access private - * @param string $str multi-byte text to wrap encode - * @return string - */ - function Base64EncodeWrapMB($str) { - $start = "=?".$this->CharSet."?B?"; - $end = "?="; - $encoded = ""; - - $mb_length = mb_strlen($str, $this->CharSet); - // Each line must have length <= 75, including $start and $end - $length = 75 - strlen($start) - strlen($end); - // Average multi-byte ratio - $ratio = $mb_length / strlen($str); - // Base64 has a 4:3 ratio - $offset = $avgLength = floor($length * $ratio * .75); - - for ($i = 0; $i < $mb_length; $i += $offset) { - $lookBack = 0; - - do { - $offset = $avgLength - $lookBack; - $chunk = mb_substr($str, $i, $offset, $this->CharSet); - $chunk = base64_encode($chunk); - $lookBack++; - } - while (strlen($chunk) > $length); - - $encoded .= $chunk . $this->LE; - } - - // Chomp the last linefeed - $encoded = substr($encoded, 0, -strlen($this->LE)); - return $encoded; - } - - /** - * Encode string to quoted-printable. - * @access private - * @return string - */ - function EncodeQP( $input = '', $line_max = 76, $space_conv = false ) { - $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); - $lines = preg_split('/(?:\r\n|\r|\n)/', $input); - $eol = "\r\n"; - $escape = '='; - $output = ''; - while( list(, $line) = each($lines) ) { - $linlen = strlen($line); - $newline = ''; - for($i = 0; $i < $linlen; $i++) { - $c = substr( $line, $i, 1 ); - $dec = ord( $c ); - if ( ( $i == 0 ) && ( $dec == 46 ) ) { // convert first point in the line into =2E - $c = '=2E'; - } - if ( $dec == 32 ) { - if ( $i == ( $linlen - 1 ) ) { // convert space at eol only - $c = '=20'; - } else if ( $space_conv ) { - $c = '=20'; - } - } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { // always encode "\t", which is *not* required - $h2 = floor($dec/16); - $h1 = floor($dec%16); - $c = $escape.$hex[$h2].$hex[$h1]; - } - if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted - $output .= $newline.$escape.$eol; // soft line break; " =\r\n" is okay - $newline = ''; - // check if newline first character will be point or not - if ( $dec == 46 ) { - $c = '=2E'; - } - } - $newline .= $c; - } // end of for - $output .= $newline.$eol; - } // end of while - return trim($output); - } - - /** - * Encode string to q encoding. - * @access private - * @return string - */ - function EncodeQ ($str, $position = 'text') { - /* There should not be any EOL in the string */ - $encoded = preg_replace("[\r\n]", '', $str); - - switch (strtolower($position)) { - case 'phrase': - $encoded = preg_replace("/([^A-Za-z0-9!*+\/ -])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); - break; - case 'comment': - $encoded = preg_replace("/([\(\)\"])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); - case 'text': - default: - /* Replace every high ascii, control =, ? and _ characters */ - $encoded = preg_replace('/([\000-\011\013\014\016-\037\075\077\137\177-\377])/e', - "'='.sprintf('%02X', ord('\\1'))", $encoded); - break; - } - - /* Replace every spaces to _ (more readable than =20) */ - $encoded = str_replace(' ', '_', $encoded); - - return $encoded; - } - - /** - * Adds a string or binary attachment (non-filesystem) to the list. - * This method can be used to attach ascii or binary data, - * such as a BLOB record from a database. - * @param string $string String attachment data. - * @param string $filename Name of the attachment. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return void - */ - function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') { - /* Append to $attachment array */ - $cur = count($this->attachment); - $this->attachment[$cur][0] = $string; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $filename; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = true; // isString - $this->attachment[$cur][6] = 'attachment'; - $this->attachment[$cur][7] = 0; - } - - /** - * Adds an embedded attachment. This can include images, sounds, and - * just about any other document. Make sure to set the $type to an - * image type. For JPEG images use "image/jpeg" and for GIF images - * use "image/gif". - * @param string $path Path to the attachment. - * @param string $cid Content ID of the attachment. Use this to identify - * the Id for accessing the image in an HTML form. - * @param string $name Overrides the attachment name. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return bool - */ - function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { - - if(!@is_file($path)) { - $this->SetError($this->Lang('file_access') . $path); - return false; - } - - $filename = basename($path); - if($name == '') { - $name = $filename; - } - - /* Append to $attachment array */ - $cur = count($this->attachment); - $this->attachment[$cur][0] = $path; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $name; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = false; - $this->attachment[$cur][6] = 'inline'; - $this->attachment[$cur][7] = $cid; - - return true; - } - - /** - * Returns true if an inline attachment is present. - * @access private - * @return bool - */ - function InlineImageExists() { - $result = false; - for($i = 0; $i < count($this->attachment); $i++) { - if($this->attachment[$i][6] == 'inline') { - $result = true; - break; - } - } - - return $result; - } - - ///////////////////////////////////////////////// - // CLASS METHODS, MESSAGE RESET - ///////////////////////////////////////////////// - - /** - * Clears all recipients assigned in the TO array. Returns void. - * @return void - */ - function ClearAddresses() { - $this->to = array(); - } - - /** - * Clears all recipients assigned in the CC array. Returns void. - * @return void - */ - function ClearCCs() { - $this->cc = array(); - } - - /** - * Clears all recipients assigned in the BCC array. Returns void. - * @return void - */ - function ClearBCCs() { - $this->bcc = array(); - } - - /** - * Clears all recipients assigned in the ReplyTo array. Returns void. - * @return void - */ - function ClearReplyTos() { - $this->ReplyTo = array(); - } - - /** - * Clears all recipients assigned in the TO, CC and BCC - * array. Returns void. - * @return void - */ - function ClearAllRecipients() { - $this->to = array(); - $this->cc = array(); - $this->bcc = array(); - } - - /** - * Clears all previously set filesystem, string, and binary - * attachments. Returns void. - * @return void - */ - function ClearAttachments() { - $this->attachment = array(); - } - - /** - * Clears all custom headers. Returns void. - * @return void - */ - function ClearCustomHeaders() { - $this->CustomHeader = array(); - } - - ///////////////////////////////////////////////// - // CLASS METHODS, MISCELLANEOUS - ///////////////////////////////////////////////// - - /** - * Adds the error message to the error container. - * Returns void. - * @access private - * @return void - */ - function SetError($msg) { - $this->error_count++; - $this->ErrorInfo = $msg; - } - - /** - * Returns the proper RFC 822 formatted date. - * @access private - * @return string - */ - function RFCDate() { - $tz = date('Z'); - $tzs = ($tz < 0) ? '-' : '+'; - $tz = abs($tz); - $tz = (int)($tz/3600)*100 + ($tz%3600)/60; - $result = sprintf("%s %s%04d", date('D, j M Y H:i:s'), $tzs, $tz); - - return $result; - } - - /** - * Returns the appropriate server variable. Should work with both - * PHP 4.1.0+ as well as older versions. Returns an empty string - * if nothing is found. - * @access private - * @return mixed - */ - function ServerVar($varName) { - global $HTTP_SERVER_VARS; - global $HTTP_ENV_VARS; - - if(!isset($_SERVER)) { - $_SERVER = $HTTP_SERVER_VARS; - if(!isset($_SERVER['REMOTE_ADDR'])) { - $_SERVER = $HTTP_ENV_VARS; // must be Apache - } - } - - if(isset($_SERVER[$varName])) { - return $_SERVER[$varName]; - } else { - return ''; - } - } - - /** - * Returns the server hostname or 'localhost.localdomain' if unknown. - * @access private - * @return string - */ - function ServerHostname() { - if ($this->Hostname != '') { - $result = $this->Hostname; - } elseif ($this->ServerVar('SERVER_NAME') != '') { - $result = $this->ServerVar('SERVER_NAME'); - } else { - $result = 'localhost.localdomain'; - } - - return $result; - } - - /** - * Returns a message in the appropriate language. - * @access private - * @return string - */ - function Lang($key) { - if(count($this->language) < 1) { - $this->SetLanguage('en'); // set the default language - } - - if(isset($this->language[$key])) { - return $this->language[$key]; - } else { - return 'Language string failed to load: ' . $key; - } - } - - /** - * Returns true if an error occurred. - * @return bool - */ - function IsError() { - return ($this->error_count > 0); - } - - /** - * Changes every end of line from CR or LF to CRLF. - * @access private - * @return string - */ - function FixEOL($str) { - $str = str_replace("\r\n", "\n", $str); - $str = str_replace("\r", "\n", $str); - $str = str_replace("\n", $this->LE, $str); - return $str; - } - - /** - * Adds a custom header. - * @return void - */ - function AddCustomHeader($custom_header) { - $this->CustomHeader[] = explode(':', $custom_header, 2); - } - - /** - * Evaluates the message and returns modifications for inline images and backgrounds - * @access public - * @return $message - */ - function MsgHTML($message,$basedir='') { - preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images); - if(isset($images[2])) { - foreach($images[2] as $i => $url) { - // do not change urls for absolute images (thanks to corvuscorax) - if (!preg_match('/^[A-z][A-z]*:\/\//',$url)) { - $filename = basename($url); - $directory = dirname($url); - ($directory == '.')?$directory='':''; - $cid = 'cid:' . md5($filename); - $fileParts = split("\.", $filename); - $ext = $fileParts[1]; - $mimeType = $this->_mime_types($ext); - if ( strlen($basedir) > 1 && substr($basedir,-1) != '/') { $basedir .= '/'; } - if ( strlen($directory) > 1 && substr($basedir,-1) != '/') { $directory .= '/'; } - $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64', $mimeType); - if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64',$mimeType) ) { - $message = preg_replace("/".$images[1][$i]."=\"".preg_quote($url, '/')."\"/Ui", $images[1][$i]."=\"".$cid."\"", $message); - } - } - } - } - $this->IsHTML(true); - $this->Body = $message; - $textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/s','',$message))); - if ( !empty($textMsg) && empty($this->AltBody) ) { - $this->AltBody = $textMsg; - } - if ( empty($this->AltBody) ) { - $this->AltBody = 'To view this email message, open the email in with HTML compatibility!' . "\n\n"; - } - } - - /** - * Gets the mime type of the embedded or inline image - * @access private - * @return mime type of ext - */ - function _mime_types($ext = '') { - $mimes = array( - 'hqx' => 'application/mac-binhex40', - 'cpt' => 'application/mac-compactpro', - 'doc' => 'application/msword', - 'bin' => 'application/macbinary', - 'dms' => 'application/octet-stream', - 'lha' => 'application/octet-stream', - 'lzh' => 'application/octet-stream', - 'exe' => 'application/octet-stream', - 'class' => 'application/octet-stream', - 'psd' => 'application/octet-stream', - 'so' => 'application/octet-stream', - 'sea' => 'application/octet-stream', - 'dll' => 'application/octet-stream', - 'oda' => 'application/oda', - 'pdf' => 'application/pdf', - 'ai' => 'application/postscript', - 'eps' => 'application/postscript', - 'ps' => 'application/postscript', - 'smi' => 'application/smil', - 'smil' => 'application/smil', - 'mif' => 'application/vnd.mif', - 'xls' => 'application/vnd.ms-excel', - 'ppt' => 'application/vnd.ms-powerpoint', - 'wbxml' => 'application/vnd.wap.wbxml', - 'wmlc' => 'application/vnd.wap.wmlc', - 'dcr' => 'application/x-director', - 'dir' => 'application/x-director', - 'dxr' => 'application/x-director', - 'dvi' => 'application/x-dvi', - 'gtar' => 'application/x-gtar', - 'php' => 'application/x-httpd-php', - 'php4' => 'application/x-httpd-php', - 'php3' => 'application/x-httpd-php', - 'phtml' => 'application/x-httpd-php', - 'phps' => 'application/x-httpd-php-source', - 'js' => 'application/x-javascript', - 'swf' => 'application/x-shockwave-flash', - 'sit' => 'application/x-stuffit', - 'tar' => 'application/x-tar', - 'tgz' => 'application/x-tar', - 'xhtml' => 'application/xhtml+xml', - 'xht' => 'application/xhtml+xml', - 'zip' => 'application/zip', - 'mid' => 'audio/midi', - 'midi' => 'audio/midi', - 'mpga' => 'audio/mpeg', - 'mp2' => 'audio/mpeg', - 'mp3' => 'audio/mpeg', - 'aif' => 'audio/x-aiff', - 'aiff' => 'audio/x-aiff', - 'aifc' => 'audio/x-aiff', - 'ram' => 'audio/x-pn-realaudio', - 'rm' => 'audio/x-pn-realaudio', - 'rpm' => 'audio/x-pn-realaudio-plugin', - 'ra' => 'audio/x-realaudio', - 'rv' => 'video/vnd.rn-realvideo', - 'wav' => 'audio/x-wav', - 'bmp' => 'image/bmp', - 'gif' => 'image/gif', - 'jpeg' => 'image/jpeg', - 'jpg' => 'image/jpeg', - 'jpe' => 'image/jpeg', - 'png' => 'image/png', - 'tiff' => 'image/tiff', - 'tif' => 'image/tiff', - 'css' => 'text/css', - 'html' => 'text/html', - 'htm' => 'text/html', - 'shtml' => 'text/html', - 'txt' => 'text/plain', - 'text' => 'text/plain', - 'log' => 'text/plain', - 'rtx' => 'text/richtext', - 'rtf' => 'text/rtf', - 'xml' => 'text/xml', - 'xsl' => 'text/xml', - 'mpeg' => 'video/mpeg', - 'mpg' => 'video/mpeg', - 'mpe' => 'video/mpeg', - 'qt' => 'video/quicktime', - 'mov' => 'video/quicktime', - 'avi' => 'video/x-msvideo', - 'movie' => 'video/x-sgi-movie', - 'doc' => 'application/msword', - 'word' => 'application/msword', - 'xl' => 'application/excel', - 'eml' => 'message/rfc822' - ); - return ( ! isset($mimes[strtolower($ext)])) ? 'application/octet-stream' : $mimes[strtolower($ext)]; - } - - /** - * Set (or reset) Class Objects (variables) - * - * Usage Example: - * $page->set('X-Priority', '3'); - * - * @access public - * @param string $name Parameter Name - * @param mixed $value Parameter Value - * NOTE: will not work with arrays, there are no arrays to set/reset - */ - function set ( $name, $value = '' ) { - if ( isset($this->$name) ) { - $this->$name = $value; - } else { - $this->SetError('Cannot set or reset variable ' . $name); - return false; - } - } - - /** - * Read a file from a supplied filename and return it. - * - * @access public - * @param string $filename Parameter File Name - */ - function getFile($filename) { - $return = ''; - if ($fp = fopen($filename, 'rb')) { - while (!feof($fp)) { - $return .= fread($fp, 1024); - } - fclose($fp); - return $return; - } else { - return false; - } - } - - /** - * Strips newlines to prevent header injection. - * @access private - * @param string $str String - * @return string - */ - function SecureHeader($str) { - $str = trim($str); - $str = str_replace("\r", "", $str); - $str = str_replace("\n", "", $str); - return $str; - } - - /** - * Set the private key file and password to sign the message. - * - * @access public - * @param string $key_filename Parameter File Name - * @param string $key_pass Password for private key - */ - function Sign($key_filename, $key_pass) { - $this->sign_key_file = $key_filename; - $this->sign_key_pass = $key_pass; - } - -} - -?> diff --git a/config/freeswitch/class.smtp.tmp b/config/freeswitch/class.smtp.tmp deleted file mode 100755 index 398c3ffb..00000000 --- a/config/freeswitch/class.smtp.tmp +++ /dev/null @@ -1,1062 +0,0 @@ -<?php -/*~ class.smtp.php -.---------------------------------------------------------------------------. -| Software: PHPMailer - PHP email class | -| Version: 2.0.2 | -| Contact: via sourceforge.net support pages (also www.codeworxtech.com) | -| Info: http://phpmailer.sourceforge.net | -| Support: http://sourceforge.net/projects/phpmailer/ | -| ------------------------------------------------------------------------- | -| Author: Andy Prevost (project admininistrator) | -| Author: Brent R. Matzelle (original founder) | -| Copyright (c) 2004-2007, Andy Prevost. All Rights Reserved. | -| Copyright (c) 2001-2003, Brent R. Matzelle | -| ------------------------------------------------------------------------- | -| License: Distributed under the Lesser General Public License (LGPL) | -| http://www.gnu.org/copyleft/lesser.html | -| This program is distributed in the hope that it will be useful - WITHOUT | -| ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | -| FITNESS FOR A PARTICULAR PURPOSE. | -| ------------------------------------------------------------------------- | -| We offer a number of paid services (www.codeworxtech.com): | -| - Web Hosting on highly optimized fast and secure servers | -| - Technology Consulting | -| - Oursourcing (highly qualified programmers and graphic designers) | -'---------------------------------------------------------------------------' - -/** - * SMTP is rfc 821 compliant and implements all the rfc 821 SMTP - * commands except TURN which will always return a not implemented - * error. SMTP also provides some utility methods for sending mail - * to an SMTP server. - * @package PHPMailer - * @author Chris Ryan - */ - -class SMTP -{ - /** - * SMTP server port - * @var int - */ - var $SMTP_PORT = 25; - - /** - * SMTP reply line ending - * @var string - */ - var $CRLF = "\r\n"; - - /** - * Sets whether debugging is turned on - * @var bool - */ - var $do_debug; # the level of debug to perform - - /** - * Sets VERP use on/off (default is off) - * @var bool - */ - var $do_verp = false; - - /**#@+ - * @access private - */ - var $smtp_conn; # the socket to the server - var $error; # error if any on the last call - var $helo_rply; # the reply the server sent to us for HELO - /**#@-*/ - - /** - * Initialize the class so that the data is in a known state. - * @access public - * @return void - */ - function SMTP() { - $this->smtp_conn = 0; - $this->error = null; - $this->helo_rply = null; - - $this->do_debug = 0; - } - - /************************************************************* - * CONNECTION FUNCTIONS * - ***********************************************************/ - - /** - * Connect to the server specified on the port specified. - * If the port is not specified use the default SMTP_PORT. - * If tval is specified then a connection will try and be - * established with the server for that number of seconds. - * If tval is not specified the default is 30 seconds to - * try on the connection. - * - * SMTP CODE SUCCESS: 220 - * SMTP CODE FAILURE: 421 - * @access public - * @return bool - */ - function Connect($host,$port=0,$tval=30) { - # set the error val to null so there is no confusion - $this->error = null; - - # make sure we are __not__ connected - if($this->connected()) { - # ok we are connected! what should we do? - # for now we will just give an error saying we - # are already connected - $this->error = array("error" => "Already connected to a server"); - return false; - } - - if(empty($port)) { - $port = $this->SMTP_PORT; - } - - #connect to the smtp server - $this->smtp_conn = fsockopen($host, # the host of the server - $port, # the port to use - $errno, # error number if any - $errstr, # error message if any - $tval); # give up after ? secs - # verify we connected properly - if(empty($this->smtp_conn)) { - $this->error = array("error" => "Failed to connect to server", - "errno" => $errno, - "errstr" => $errstr); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": $errstr ($errno)" . $this->CRLF; - } - return false; - } - - # sometimes the SMTP server takes a little longer to respond - # so we will give it a longer timeout for the first read - // Windows still does not have support for this timeout function - if(substr(PHP_OS, 0, 3) != "WIN") - socket_set_timeout($this->smtp_conn, $tval, 0); - - # get any announcement stuff - $announce = $this->get_lines(); - - # set the timeout of any socket functions at 1/10 of a second - //if(function_exists("socket_set_timeout")) - // socket_set_timeout($this->smtp_conn, 0, 100000); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $announce; - } - - return true; - } - - /** - * Performs SMTP authentication. Must be run after running the - * Hello() method. Returns true if successfully authenticated. - * @access public - * @return bool - */ - function Authenticate($username, $password) { - // Start authentication - fputs($this->smtp_conn,"AUTH LOGIN" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 334) { - $this->error = - array("error" => "AUTH not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - // Send encoded username - fputs($this->smtp_conn, base64_encode($username) . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 334) { - $this->error = - array("error" => "Username not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - // Send encoded password - fputs($this->smtp_conn, base64_encode($password) . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 235) { - $this->error = - array("error" => "Password not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return true; - } - - /** - * Returns true if connected to a server otherwise false - * @access private - * @return bool - */ - function Connected() { - if(!empty($this->smtp_conn)) { - $sock_status = socket_get_status($this->smtp_conn); - if($sock_status["eof"]) { - # hmm this is an odd situation... the socket is - # valid but we are not connected anymore - if($this->do_debug >= 1) { - echo "SMTP -> NOTICE:" . $this->CRLF . - "EOF caught while checking if connected"; - } - $this->Close(); - return false; - } - return true; # everything looks good - } - return false; - } - - /** - * Closes the socket and cleans up the state of the class. - * It is not considered good to use this function without - * first trying to use QUIT. - * @access public - * @return void - */ - function Close() { - $this->error = null; # so there is no confusion - $this->helo_rply = null; - if(!empty($this->smtp_conn)) { - # close the connection and cleanup - fclose($this->smtp_conn); - $this->smtp_conn = 0; - } - } - - /*************************************************************** - * SMTP COMMANDS * - *************************************************************/ - - /** - * Issues a data command and sends the msg_data to the server - * finializing the mail transaction. $msg_data is the message - * that is to be send with the headers. Each header needs to be - * on a single line followed by a <CRLF> with the message headers - * and the message body being seperated by and additional <CRLF>. - * - * Implements rfc 821: DATA <CRLF> - * - * SMTP CODE INTERMEDIATE: 354 - * [data] - * <CRLF>.<CRLF> - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 552,554,451,452 - * SMTP CODE FAILURE: 451,554 - * SMTP CODE ERROR : 500,501,503,421 - * @access public - * @return bool - */ - function Data($msg_data) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Data() without being connected"); - return false; - } - - fputs($this->smtp_conn,"DATA" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 354) { - $this->error = - array("error" => "DATA command not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - # the server is ready to accept data! - # according to rfc 821 we should not send more than 1000 - # including the CRLF - # characters on a single line so we will break the data up - # into lines by \r and/or \n then if needed we will break - # each of those into smaller lines to fit within the limit. - # in addition we will be looking for lines that start with - # a period '.' and append and additional period '.' to that - # line. NOTE: this does not count towards are limit. - - # normalize the line breaks so we know the explode works - $msg_data = str_replace("\r\n","\n",$msg_data); - $msg_data = str_replace("\r","\n",$msg_data); - $lines = explode("\n",$msg_data); - - # we need to find a good way to determine is headers are - # in the msg_data or if it is a straight msg body - # currently I am assuming rfc 822 definitions of msg headers - # and if the first field of the first line (':' sperated) - # does not contain a space then it _should_ be a header - # and we can process all lines before a blank "" line as - # headers. - $field = substr($lines[0],0,strpos($lines[0],":")); - $in_headers = false; - if(!empty($field) && !strstr($field," ")) { - $in_headers = true; - } - - $max_line_length = 998; # used below; set here for ease in change - - while(list(,$line) = @each($lines)) { - $lines_out = null; - if($line == "" && $in_headers) { - $in_headers = false; - } - # ok we need to break this line up into several - # smaller lines - while(strlen($line) > $max_line_length) { - $pos = strrpos(substr($line,0,$max_line_length)," "); - - # Patch to fix DOS attack - if(!$pos) { - $pos = $max_line_length - 1; - } - - $lines_out[] = substr($line,0,$pos); - $line = substr($line,$pos + 1); - # if we are processing headers we need to - # add a LWSP-char to the front of the new line - # rfc 822 on long msg headers - if($in_headers) { - $line = "\t" . $line; - } - } - $lines_out[] = $line; - - # now send the lines to the server - while(list(,$line_out) = @each($lines_out)) { - if(strlen($line_out) > 0) - { - if(substr($line_out, 0, 1) == ".") { - $line_out = "." . $line_out; - } - } - fputs($this->smtp_conn,$line_out . $this->CRLF); - } - } - - # ok all the message data has been sent so lets get this - # over with aleady - fputs($this->smtp_conn, $this->CRLF . "." . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "DATA not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Expand takes the name and asks the server to list all the - * people who are members of the _list_. Expand will return - * back and array of the result or false if an error occurs. - * Each value in the array returned has the format of: - * [ <full-name> <sp> ] <path> - * The definition of <path> is defined in rfc 821 - * - * Implements rfc 821: EXPN <SP> <string> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 550 - * SMTP CODE ERROR : 500,501,502,504,421 - * @access public - * @return string array - */ - function Expand($name) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Expand() without being connected"); - return false; - } - - fputs($this->smtp_conn,"EXPN " . $name . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "EXPN not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - # parse the reply and place in our array to return to user - $entries = explode($this->CRLF,$rply); - while(list(,$l) = @each($entries)) { - $list[] = substr($l,4); - } - - return $list; - } - - /** - * Sends the HELO command to the smtp server. - * This makes sure that we and the server are in - * the same known state. - * - * Implements from rfc 821: HELO <SP> <domain> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500, 501, 504, 421 - * @access public - * @return bool - */ - function Hello($host="") { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Hello() without being connected"); - return false; - } - - # if a hostname for the HELO was not specified determine - # a suitable one to send - if(empty($host)) { - # we need to determine some sort of appopiate default - # to send to the server - $host = "localhost"; - } - - // Send extended hello first (RFC 2821) - if(!$this->SendHello("EHLO", $host)) - { - if(!$this->SendHello("HELO", $host)) - return false; - } - - return true; - } - - /** - * Sends a HELO/EHLO command. - * @access private - * @return bool - */ - function SendHello($hello, $host) { - fputs($this->smtp_conn, $hello . " " . $host . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER: " . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => $hello . " not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - $this->helo_rply = $rply; - - return true; - } - - /** - * Gets help information on the keyword specified. If the keyword - * is not specified then returns generic help, ussually contianing - * A list of keywords that help is available on. This function - * returns the results back to the user. It is up to the user to - * handle the returned data. If an error occurs then false is - * returned with $this->error set appropiately. - * - * Implements rfc 821: HELP [ <SP> <string> ] <CRLF> - * - * SMTP CODE SUCCESS: 211,214 - * SMTP CODE ERROR : 500,501,502,504,421 - * @access public - * @return string - */ - function Help($keyword="") { - $this->error = null; # to avoid confusion - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Help() without being connected"); - return false; - } - - $extra = ""; - if(!empty($keyword)) { - $extra = " " . $keyword; - } - - fputs($this->smtp_conn,"HELP" . $extra . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 211 && $code != 214) { - $this->error = - array("error" => "HELP not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return $rply; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. - * - * Implements rfc 821: MAIL <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,421 - * @access public - * @return bool - */ - function Mail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Mail() without being connected"); - return false; - } - - $useVerp = ($this->do_verp ? "XVERP" : ""); - fputs($this->smtp_conn,"MAIL FROM:<" . $from . ">" . $useVerp . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "MAIL not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the command NOOP to the SMTP server. - * - * Implements from rfc 821: NOOP <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500, 421 - * @access public - * @return bool - */ - function Noop() { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Noop() without being connected"); - return false; - } - - fputs($this->smtp_conn,"NOOP" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "NOOP not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the quit command to the server and then closes the socket - * if there is no error or the $close_on_error argument is true. - * - * Implements from rfc 821: QUIT <CRLF> - * - * SMTP CODE SUCCESS: 221 - * SMTP CODE ERROR : 500 - * @access public - * @return bool - */ - function Quit($close_on_error=true) { - $this->error = null; # so there is no confusion - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Quit() without being connected"); - return false; - } - - # send the quit command to the server - fputs($this->smtp_conn,"quit" . $this->CRLF); - - # get any good-bye messages - $byemsg = $this->get_lines(); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $byemsg; - } - - $rval = true; - $e = null; - - $code = substr($byemsg,0,3); - if($code != 221) { - # use e as a tmp var cause Close will overwrite $this->error - $e = array("error" => "SMTP server rejected quit command", - "smtp_code" => $code, - "smtp_rply" => substr($byemsg,4)); - $rval = false; - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $e["error"] . ": " . - $byemsg . $this->CRLF; - } - } - - if(empty($e) || $close_on_error) { - $this->Close(); - } - - return $rval; - } - - /** - * Sends the command RCPT to the SMTP server with the TO: argument of $to. - * Returns true if the recipient was accepted false if it was rejected. - * - * Implements from rfc 821: RCPT <SP> TO:<forward-path> <CRLF> - * - * SMTP CODE SUCCESS: 250,251 - * SMTP CODE FAILURE: 550,551,552,553,450,451,452 - * SMTP CODE ERROR : 500,501,503,421 - * @access public - * @return bool - */ - function Recipient($to) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Recipient() without being connected"); - return false; - } - - fputs($this->smtp_conn,"RCPT TO:<" . $to . ">" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250 && $code != 251) { - $this->error = - array("error" => "RCPT not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the RSET command to abort and transaction that is - * currently in progress. Returns true if successful false - * otherwise. - * - * Implements rfc 821: RSET <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500,501,504,421 - * @access public - * @return bool - */ - function Reset() { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Reset() without being connected"); - return false; - } - - fputs($this->smtp_conn,"RSET" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "RSET failed", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in. - * - * Implements rfc 821: SEND <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function Send($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Send() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SEND FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SEND not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in and send them an email. - * - * Implements rfc 821: SAML <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function SendAndMail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called SendAndMail() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SAML FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SAML not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in or mail it to them if they are not. - * - * Implements rfc 821: SOML <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function SendOrMail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called SendOrMail() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SOML FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SOML not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * This is an optional command for SMTP that this class does not - * support. This method is here to make the RFC821 Definition - * complete for this class and __may__ be implimented in the future - * - * Implements from rfc 821: TURN <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 502 - * SMTP CODE ERROR : 500, 503 - * @access public - * @return bool - */ - function Turn() { - $this->error = array("error" => "This method, TURN, of the SMTP ". - "is not implemented"); - if($this->do_debug >= 1) { - echo "SMTP -> NOTICE: " . $this->error["error"] . $this->CRLF; - } - return false; - } - - /** - * Verifies that the name is recognized by the server. - * Returns false if the name could not be verified otherwise - * the response from the server is returned. - * - * Implements rfc 821: VRFY <SP> <string> <CRLF> - * - * SMTP CODE SUCCESS: 250,251 - * SMTP CODE FAILURE: 550,551,553 - * SMTP CODE ERROR : 500,501,502,421 - * @access public - * @return int - */ - function Verify($name) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Verify() without being connected"); - return false; - } - - fputs($this->smtp_conn,"VRFY " . $name . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250 && $code != 251) { - $this->error = - array("error" => "VRFY failed on name '$name'", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return $rply; - } - - /******************************************************************* - * INTERNAL FUNCTIONS * - ******************************************************************/ - - /** - * Read in as many lines as possible - * either before eof or socket timeout occurs on the operation. - * With SMTP we can tell if we have more lines to read if the - * 4th character is '-' symbol. If it is a space then we don't - * need to read anything else. - * @access private - * @return string - */ - function get_lines() { - $data = ""; - while($str = @fgets($this->smtp_conn,515)) { - if($this->do_debug >= 4) { - echo "SMTP -> get_lines(): \$data was \"$data\"" . - $this->CRLF; - echo "SMTP -> get_lines(): \$str is \"$str\"" . - $this->CRLF; - } - $data .= $str; - if($this->do_debug >= 4) { - echo "SMTP -> get_lines(): \$data is \"$data\"" . $this->CRLF; - } - # if the 4th character is a space then we are done reading - # so just break the loop - if(substr($str,3,1) == " ") { break; } - } - return $data; - } - -} - - - ?> diff --git a/config/freeswitch/dialplan.default.xml b/config/freeswitch/dialplan.default.xml deleted file mode 100644 index 426dedd8..00000000 --- a/config/freeswitch/dialplan.default.xml +++ /dev/null @@ -1,714 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - NOTICE: - - This context is usually accessed via authenticated callers on the sip profile on port 5060 - or transfered callers from the public context which arrived via the sip profile on port 5080. - - Authenticated users will use the user_context variable on the user to determine what context - they can access. You can also add a user in the directory with the cidr= attribute acl.conf.xml - will build the domains acl using this value. ---> -<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML --> -<include> - <context name="default"> - - <extension name="unloop"> - <condition field="${unroll_loops}" expression="^true$"/> - <condition field="${sip_looped_call}" expression="^true$"> - <action application="deflect" data="${destination_number}"/> - </condition> - </extension> - - <!-- Example of doing things based on time of day. --> - <extension name="tod_example" continue="true"> - <!-- man strftime - M-F, 9AM to 6PM --> - <condition field="${strftime(%w)}" expression="^([1-5])$"/> - <condition field="${strftime(%H%M)}" expression="^((09|1[0-7])[0-5][0-9]|1800)$"> - <action application="set" data="open=true"/> - </condition> - </extension> - - <extension name="global-intercept"> - <condition field="destination_number" expression="^\*886$"> - <action application="answer"/> - <action application="intercept" data="${hash(select/${domain_name}-last_dial/global)}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="group-intercept"> - <condition field="destination_number" expression="^\*8$"> - <action application="answer"/> - <action application="intercept" data="${hash(select/${domain_name}-last_dial/${callgroup})}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="intercept-ext"> - <condition field="destination_number" expression="^\*\*(\d+)$"> - <action application="answer"/> - <action application="intercept" data="${hash(select/${domain_name}-last_dial_ext/$1)}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="redial"> - <condition field="destination_number" expression="^\*870$"> - <action application="transfer" data="${hash(select/${domain_name}-last_dial/${caller_id_number})}"/> - </condition> - </extension> - - <extension name="global" continue="true"> - <condition field="${network_addr}" expression="^$" break="never"> - <action application="set" data="use_profile=${cond(${acl($${local_ip_v4} rfc1918)} == true ? nat : default)}"/> - <anti-action application="set" data="use_profile=${cond(${acl(${network_addr} rfc1918)} == true ? nat : default)}"/> - </condition> - <condition field="${call_debug}" expression="^true$" break="never"> - <action application="info"/> - </condition> - <!-- - This is an example of how to auto detect if telephone-event is missing and activate inband detection - --> - <!-- - <condition field="${switch_r_sdp}" expression="a=rtpmap:(\d+)\stelephone-event/8000" break="never"> - <action application="set" data="rtp_payload_number=$1"/> - <anti-action application="start_dtmf"/> - </condition> - --> - <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never"> - <action application="set" data="sip_secure_media=true"/> - <!-- Offer SRTP on outbound legs if we have it on inbound. --> - <!-- <action application="export" data="sip_secure_media=true"/> --> - </condition> - - <condition> - <action application="hash" data="insert/${domain_name}-spymap/${caller_id_number}/${uuid}"/> - <action application="hash" data="insert/${domain_name}-last_dial/${caller_id_number}/${destination_number}"/> - <action application="hash" data="insert/${domain_name}-last_dial/global/${uuid}"/> - </condition> - </extension> - - <!-- If sip_req_host is not a local domain then this has to be an external sip uri --> - <!-- - <extension name="external_sip_uri" continue="true"> - <condition field="source" expression="mod_sofia"/> - <condition field="${outside_call}" expression="^$"/> - <condition field="${domain_exists(${sip_req_host})}" expression="true"> - <anti-action application="bridge" data="sofia/${use_profile}/${sip_to_uri}"/> - </condition> - </extension> - --> - <!-- - snom button demo, call 9000 to make button 2 mapped to transfer the current call to a conference - --> - - <extension name="snom-demo-2"> - <condition field="destination_number" expression="^\*9001$"> - <action application="eval" data="${snom_bind_key(2 off DND ${sip_from_user} ${sip_from_host} ${sofia_profile_name} message notused)}"/> - <action application="transfer" data="3000"/> - </condition> - </extension> - - <extension name="snom-demo-1"> - <condition field="destination_number" expression="^\*9000$"> - <!--<key> <light> <label> <user> <host> <profile> <action_name> <action>--> - <action application="eval" data="${snom_bind_key(2 on DND ${sip_from_user} ${sip_from_host} ${sofia_profile_name} message api+uuid_transfer ${uuid} 9001)}"/> - <action application="playback" data="$${hold_music}"/> - </condition> - </extension> - - <extension name="eavesdrop"> - <condition field="destination_number" expression="^\*88(.*)$|^\*0(.*)$"> - <action application="answer"/> - <action application="eavesdrop" data="${hash(select/${domain_name}-spymap/$1)}"/> - </condition> - </extension> - - <extension name="eavesdrop"> - <condition field="destination_number" expression="^\*779$"> - <action application="answer"/> - <action application="set" data="eavesdrop_indicate_failed=tone_stream://%(500, 0, 320)"/> - <action application="set" data="eavesdrop_indicate_new=tone_stream://%(500, 0, 620)"/> - <action application="set" data="eavesdrop_indicate_idle=tone_stream://%(250, 0, 920)"/> - <action application="eavesdrop" data="all"/> - </condition> - </extension> - - <extension name="call_return"> - <condition field="destination_number" expression="^\*69$|^869$|^lcr$"> - <action application="transfer" data="${hash(select/${domain_name}-call_return/${caller_id_number})}"/> - </condition> - </extension> - - <extension name="del-group"> - <condition field="destination_number" expression="^\*80(\d{2})$"> - <action application="answer"/> - <action application="group" data="delete:$1@${domain_name}:${sofia_contact(${sip_from_user}@${domain_name})}"/> - <action application="gentones" data="%(1000, 0, 320)"/> - </condition> - </extension> - - <extension name="add-group"> - <condition field="destination_number" expression="^\*81(\d{2})$"> - <action application="answer"/> - <action application="group" data="insert:$1@${domain_name}:${sofia_contact(${sip_from_user}@${domain_name})}"/> - <action application="gentones" data="%(1000, 0, 640)"/> - </condition> - </extension> - - <extension name="call-group-simo"> - <condition field="destination_number" expression="^\*82(\d{2})$"> - <action application="bridge" data="{ignore_early_media=true}${group(call:$1@${domain_name})}"/> - </condition> - </extension> - - <extension name="call-group-order"> - <condition field="destination_number" expression="^\*83(\d{2})$"> - <action application="set" data="call_timeout=10"/> - <action application="bridge" data="{ignore_early_media=true}${group(call:$1@${domain_name}:order)}"/> - </condition> - </extension> - - <extension name="extension-intercom"> - <condition field="destination_number" expression="^\*8(10[01][0-9])$"> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="sip_auto_answer=true"/> - <action application="bridge" data="user/${dialed_extension}@${domain_name}"/> - </condition> - </extension> - - <X-PRE-PROCESS cmd="include" data="default/*.xml"/> - - <!-- - dial the extension 3, 4, or 5 digit extensions for 30 seconds and go to voicemail if the - call fails (continue_on_fail=true), otherwise hang up after a successful - bridge (hangup_after-bridge=true) - --> - <extension name="Local_Extension"> - <condition field="destination_number" expression="(^\d{5}$|^\d{4}$|^\d{3}$)"> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <!-- bind_meta_app can have these args <key> [a|b|ab] [a|b|o|s] <app> --> - <action application="bind_meta_app" data="1 b s execute_extension::dx XML features"/> - <action application="bind_meta_app" data="2 b s record_session::$${base_dir}/recordings/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/> - <action application="bind_meta_app" data="3 b s execute_extension::cf XML features"/> - <action application="set" data="ringback=${us-ring}"/> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="set" data="call_timeout=30"/> - <!-- <action application="set" data="sip_exclude_contact=${network_addr}"/> --> - <action application="set" data="hangup_after_bridge=true"/> - <!--<action application="set" data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,TIMEOUT,NO_ROUTE_DESTINATION"/> --> - <action application="set" data="continue_on_fail=true"/> - <action application="hash" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/> - <action application="hash" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/> - <action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/> - <!--<action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>--> - <action application="hash" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/> - <action application="bridge" data="user/${dialed_extension}@${domain_name}"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="group_dial_sales"> - <condition field="destination_number" expression="^\*2000$"> - <action application="bridge" data="${group_call(sales@${domain_name})}"/> - </condition> - </extension> - - <extension name="group_dial_support"> - <condition field="destination_number" expression="^\*2001$"> - <action application="bridge" data="group/support@${domain_name}"/> - </condition> - </extension> - - <extension name="group_dial_billing"> - <condition field="destination_number" expression="^\*2002$"> - <action application="bridge" data="group/billing@${domain_name}"/> - </condition> - </extension> - - <!-- voicemail operator extension --> - <!-- - <extension name="operator"> - <condition field="destination_number" expression="^\*operator$|^0$"> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="transfer" data="1000 XML features"/> - </condition> - </extension> - --> - - <!-- voicemail main2 extension --> - <extension name="vmain2"> - <condition field="destination_number" expression="^vmain2$|^\*97$|^\*4000$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="check default ${domain_name}"/> - </condition> - </extension> - - <!-- voicemail main extension --> - <extension name="vmain"> - <condition field="destination_number" expression="^vmain$|^\*98$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="check default ${domain_name} ${sip_from_user}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_5digits"> - <condition field="destination_number" expression="^\*99(\d{5})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_4digits"> - <condition field="destination_number" expression="^\*99(\d{4})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_3digits"> - <condition field="destination_number" expression="^\*99(\d{3})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <!-- dial via SIP uri --> - <extension name="sip_uri"> - <condition field="destination_number" expression="^sip:(.*)$"> - <action application="bridge" data="sofia/${use_profile}/$1"/> - </condition> - </extension> - - <!-- - start a dynamic conference with the settings of the "default" conference profile in conference.conf.xml - --> - <extension name="nb_conferences"> - <condition field="destination_number" expression="^\*(30\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@default"/> - </condition> - </extension> - - <extension name="wb_conferences"> - <condition field="destination_number" expression="^\*(31\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@wideband"/> - </condition> - </extension> - - <extension name="uwb_conferences"> - <condition field="destination_number" expression="^\*(32\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@ultrawideband"/> - </condition> - </extension> - <!-- MONO 48kHz conferences --> - <extension name="cdquality_conferences"> - <condition field="destination_number" expression="^\*(33\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@cdquality"/> - </condition> - </extension> - - <!-- dial the freeswitch conference via SIP--> - <extension name="freeswitch_public_conf_via_sip"> - <condition field="destination_number" expression="^\*9(888|1616|3232)$"> - <action application="export" data="hold_music=silence"/> - <!-- - This will take the SAS from the b-leg and send it to the display on the a-leg phone. - Known working with Polycom and Snom maybe others. - --> - <!-- - <action application="set" data="exec_after_bridge_app=${sched_api(+4 zrtp expand uuid_display ${uuid} \${uuid_getvar(\${uuid_getvar(${uuid} signal_bond)} zrtp_sas1_string )} \${uuid_getvar(\${uuid_getvar(${uuid} signal_bond)} zrtp_sas2_string )} )}"/> - <action application="export" data="nolocal:zrtp_secure_media=true"/> - --> - <action application="bridge" data="sofia/${use_profile}/$1@conference.freeswitch.org"/> - </condition> - </extension> - - <!-- - This extension will start a conference and invite a group. - At anytime the participant can dial *2 to bridge directly to the boss. - All other callers are then hung up on. - --> - <extension name="mad_boss_intercom"> - <condition field="destination_number" expression="^\*0911$"> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss1"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0911"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=mute"/> - <action application="set" data="conference_auto_outcall_prefix={sip_auto_answer=true,execute_on_answer='bind_meta_app 2 a s1 transfer::intercept:${uuid} inline'}"/> - <action application="set" data="sip_exclude_contact=${network_addr}"/> - <action application="conference_set_auto_outcall" data="${group_call(sales)}"/> - <action application="conference" data="madboss_intercom1@default+flags{endconf|deaf}"/> - </condition> - </extension> - - <!-- - This extension will start a conference and invite a few of people. - At anytime the participant can dial *2 to bridge directly to the boss. - All other callers are then hung up on. - --> - <extension name="mad_boss_intercom"> - <condition field="destination_number" expression="^\*0912$"> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss2"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0912"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=mute"/> - <action application="set" data="conference_auto_outcall_prefix={sip_auto_answer=true,execute_on_answer='bind_meta_app 2 a s1 transfer::intercept:${uuid} inline'}"/> - <action application="set" data="sip_exclude_contact=${network_addr}"/> - <action application="conference_set_auto_outcall" data="loopback/9999"/> - <action application="conference" data="madboss_intercom2@default+flags{endconf|deaf}"/> - </condition> - </extension> - - <!--This extension will start a conference and invite several people upon entering --> - <extension name="mad_boss"> - <condition field="destination_number" expression="^\*0913$"> - <!--These params effect the outcalls made once you join--> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0911"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=none"/> - <!--<action application="set" data="conference_auto_outcall_announce=say:You have been called into an emergency conference"/>--> - <!--Add as many of these as you need, These are the people you are going to call--> - <action application="conference_set_auto_outcall" data="loopback/9999"/> - <action application="conference" data="madboss3@default"/> - </condition> - </extension> - - <!-- a sample IVR --> - <extension name="ivr_demo"> - <condition field="destination_number" expression="^\*5000$"> - <action application="answer"/> - <action application="sleep" data="2000"/> - <action application="ivr" data="demo_ivr"/> - </condition> - </extension> - - <!-- Create a conference on the fly and pull someone in at the same time. --> - <extension name="dynamic_conference"> - <condition field="destination_number" expression="^\*5001$"> - <action application="conference" data="bridge:mydynaconf:sofia/${use_profile}/1234@conference.freeswitch.org"/> - </condition> - </extension> - - <extension name="rtp_multicast_page"> - <condition field="destination_number" expression="^\*pagegroup$|^\*7243"> - <action application="answer"/> - <action application="esf_page_group"/> - </condition> - </extension> - - <!-- - Parking extensions... transferring calls to 5900 will park them in a queue. - --> - <extension name="park"> - <condition field="destination_number" expression="^\*5900$"> - <action application="set" data="fifo_music=$${hold_music}"/> - <action application="fifo" data="5900@${domain_name} in"/> - </condition> - </extension> - - <!-- - Parking pickup extension. Calling 5901 will pickup the call. - --> - <extension name="unpark"> - <condition field="destination_number" expression="^\*5901$"> - <action application="answer"/> - <action application="fifo" data="5900@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - This extension is used with snom phones. - - Set a function key to park+lot (lot being a number or name.) - Set type to Park+Orbit. You can then park and pickup using - the softkey on the phone. Should work with other phones. - --> - <extension name="park"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="park\+(\d+)"> - <action application="fifo" data="$1@${domain_name} in undef $${hold_music}"/> - </condition> - </extension> - <!-- - The extension is parking pickup with a to param of the fifo we are calling - Some phones send things like orbit= and you can extract that info. - --> - <extension name="unpark"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="^parking$"/> - <condition field="${sip_to_params}" expression="fifo\=(\d+)"> - <action application="answer"/> - <action application="fifo" data="$1@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - This extension is used with linksys phones. - - Set a Phone tab option Call Park Serv to yes. You can park and - pickup using soft keys "park" and "unpark" found during - active call when moving navigation button. The other option - is to use phone's star codes (defaults to *38 and *39). - --> - <extension name="park"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="callpark"/> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:callpark@${domain_name};orbit=(\d+)>]]></expression> - <action application="fifo" data="$1@${domain_name} in undef $${hold_music}"/> - </condition> - </extension> - - <!-- - This extension is used with linksys phones. - - The extension is parking pickup with a to param of the fifo - we are calling. Linksys sends orbit=<parkingslotnumber> - and we extract that info. - --> - <extension name="unpark"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="pickup"/> - <condition field="${sip_to_params}" expression="orbit\=(\d+)"> - <action application="answer"/> - <action application="fifo" data="$1@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - Here are some examples of how to override the ringback heard by the - far end. You have two variables that you can use to override this. - - ringback - used when a call isn't answered. (early media) - transfer_ringback - used when the call is already answered. (post answer) - --> - - <!-- Demonstration of how to override the ringback in various situations --> - <extension name="wait"> - <condition field="destination_number" expression="^wait$"> - <action application="pre_answer"/> - <action application="sleep" data="20000"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="playback" data="voicemail/vm-goodbye.wav"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="fax_receive"> - <condition field="destination_number" expression="^\*9978$"> - <action application="answer" /> - <action application="playback" data="silence_stream://2000"/> - <action application="rxfax" data="/tmp/rxfax.tif"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="fax_transmit"> - <condition field="destination_number" expression="^\*9979$"> - <action application="txfax" data="/tmp/txfax.tif"/> - <action application="hangup"/> - </condition> - </extension> - - <!-- Send a 180 and let the far end generate ringback. --> - <extension name="ringback_180"> - <condition field="destination_number" expression="^\*9980$"> - <action application="ring_ready"/> - <action application="sleep" data="20000"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="playback" data="voicemail/vm-goodbye.wav"/> - <action application="hangup"/> - </condition> - </extension> - - <!-- Send a 183 and send uk-ring as the ringtone. (early media) --> - <extension name="ringback_183_uk_ring"> - <condition field="destination_number" expression="^\*9981$"> - <action application="set" data="ringback=$${uk-ring}"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Send a 183 and use music as the ringtone. (early media) --> - <extension name="ringback_183_music_ring"> - <condition field="destination_number" expression="^\*9982$"> - <action application="set" data="ringback=$${hold_music}"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Answer the call and use music as the ringtone. (post answer) --> - <extension name="ringback_post_answer_uk_ring"> - <condition field="destination_number" expression="^\*9983$"> - <action application="set" data="transfer_ringback=$${uk-ring}"/> - <action application="answer"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Answer the call and use music as the ringtone. (post answer) --> - <extension name="ringback_post_answer_music"> - <condition field="destination_number" expression="^\*9984$"> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="answer"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <extension name="ClueCon"> - <condition field="destination_number" expression="^\*9991$"> - <action application="set" data="effective_caller_id_name=ClueCon"/> - <action application="bridge" data="sofia/$${domain}/brian@bkw.org"/> - </condition> - </extension> - - <extension name="show_info"> - <condition field="destination_number" expression="^\*9992$"> - <action application="answer"/> - <action application="info"/> - <action application="sleep" data="250"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="video_record"> - <condition field="destination_number" expression="^\*9993$"> - <action application="answer"/> - <action application="record_fsv" data="/tmp/testrecord.fsv"/> - </condition> - </extension> - - <extension name="video_playback"> - <condition field="destination_number" expression="^\*9994$"> - <action application="answer"/> - <action application="play_fsv" data="/tmp/testrecord.fsv"/> - </condition> - </extension> - - <extension name="delay_echo"> - <condition field="destination_number" expression="^\*9995$"> - <action application="answer"/> - <action application="delay_echo" data="5000"/> - </condition> - </extension> - - <extension name="echo"> - <condition field="destination_number" expression="^\*9996$"> - <action application="answer"/> - <action application="echo"/> - </condition> - </extension> - - <extension name="milliwatt"> - <condition field="destination_number" expression="^\*9997$"> - <action application="answer"/> - <action application="playback" data="tone_stream://%(10000,0,1004);loops=-1"/> - </condition> - </extension> - - <extension name="tone_stream"> - <condition field="destination_number" expression="^\*9998$"> - <action application="answer"/> - <action application="playback" data="tone_stream://path=${base_dir}/conf/tetris.ttml;loops=10"/> - </condition> - </extension> - - <!-- - You will no longer hear the bong tone. The wav file is playing stating the call is secure. - The file will not play unless you have both TLS and SRTP active. - --> - - <extension name="hold_music"> - <condition field="destination_number" expression="^\*9999$"/> - <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"> - <action application="answer"/> - <action application="execute_extension" data="is_secure XML features"/> - <action application="playback" data="$${hold_music}"/> - <!-- This really should be an IVR for zrtp enrollment but this is just a demo--> - <anti-action application="set" data="zrtp_enrollment=true"/> - <anti-action application="answer"/> - <anti-action application="playback" data="$${hold_music}"/> - </condition> - </extension> - - <!-- - You can place files in the default directory to get included. - --> - <!--<X-PRE-PROCESS cmd="include" data="default/*.xml"/>--> - - <!-- - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - - Anything you put below this line will usually get ignored due to the file in - default/99999_enum.xml as it will transfer the call to the enum dialplan. - - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - --> - - <extension name="enum"> - <condition field="${module_exists(mod_enum)}" expression="true"/> - <condition field="destination_number" expression="^(.*)$"> - <action application="transfer" data="$1 enum"/> - </condition> - </extension> - - <!-- - <extension name="refer"> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:${destination_number}@${domain_name}>]]></expression> - </condition> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:(.*)@(.*)>]]></expression> - <action application="set" data="refer_user=$1"/> - <action application="set" data="refer_domain=$2"/> - <action application="info"/> - <action application="bridge" data="sofia/${use_profile}/${refer_user}@${refer_domain}"/> - </condition> - </extension> - --> - <!-- - This is an example of how to override the RURI on an outgoing invite to a registered contact. - --> - <!-- - <extension name="ruri"> - <condition field="destination_number" expression="^ruri$"> - <action application="bridge" data="sofia/${ruri_profile}/${ruri_user}${regex(${sofia_contact(${ruri_contact})}|^[^\@]+(.*)|%1)}"/> - </condition> - </extension> - - <extension name="7004"> - <condition field="destination_number" expression="^\*7004$"> - <action application="set" data="ruri_profile=default"/> - <action application="set" data="ruri_user=2000"/> - <action application="set" data="ruri_contact=1001@${domain_name}"/> - <action application="execute_extension" data="ruri"/> - </condition> - </extension> - --> - - <!-- SEE WARNING ABOVE IF YOU ARE TRYING TO ADD EXTENSIONS HERE! --> - - </context> -</include> diff --git a/config/freeswitch/dialplan.public.xml b/config/freeswitch/dialplan.public.xml deleted file mode 100644 index f30227e0..00000000 --- a/config/freeswitch/dialplan.public.xml +++ /dev/null @@ -1,69 +0,0 @@ -<!-- - NOTICE: - - This context is usually accessed via the external sip profile sitting on port 5080. - - It is recommended to have separate inbound and outbound contexts. Not only for security - but clearing up why you would need to do such a thing. You don't want outside un-authenticated - callers hitting your default context which allows dialing calls thru your providers and results - in Toll Fraud. ---> - -<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML --> -<include> - <context name="public"> - - <extension name="unloop"> - <condition field="${unroll_loops}" expression="^true$"/> - <condition field="${sip_looped_call}" expression="^true$"> - <action application="deflect" data="${destination_number}"/> - </condition> - </extension> - <!-- - Tag anything pass thru here as an outside_call so you can make sure not - to create any routing loops based on the conditions that it came from - the outside of the switch. - --> - <extension name="outside_call" continue="true"> - <condition> - <action application="set" data="outside_call=true"/> - </condition> - </extension> - - <extension name="call_debug" continue="true"> - <condition field="${call_debug}" expression="^true$" break="never"> - <action application="info"/> - </condition> - </extension> - - <!-- - <extension name="public_extensions"> - <condition field="destination_number" expression="^(10[01][0-9])$"> - <action application="transfer" data="$1 XML default"/> - </condition> - </extension> - --> - - <!-- - You can place files in the public directory to get included. - --> - <X-PRE-PROCESS cmd="include" data="public/*.xml"/> - <!-- - If you have made it this far lets challenge the caller and if they authenticate - lets try what they dialed in the default context. (commented out by default) - --> - <!-- - <extension name="check_auth" continue="true"> - <condition field="${sip_authorized}" expression="^true$" break="never"> - <anti-action application="respond" data="407"/> - </condition> - </extension> - - <extension name="transfer_to_default"> - <condition> - <action application="transfer" data="${destination_number} XML default"/> - </condition> - </extension> - --> - </context> -</include> diff --git a/config/freeswitch/disa.js b/config/freeswitch/disa.js deleted file mode 100644 index f705b79c..00000000 --- a/config/freeswitch/disa.js +++ /dev/null @@ -1,78 +0,0 @@ -include("/usr/local/freeswitch/scripts/config.js"); - - //var admin_pin = ""; //don't require a pin - //if you choose not to require a pin then then you may want to add a dialplan condition for a specific caller id - var predefined_destination = ""; //example: 9999 - //predefined_destination leave empty in most cases - //Use this to define a single destination - var digitmaxlength = 0; - var timeoutpin = 7500; - var timeouttransfer = 7500; - - function mycb( session, type, obj, arg ) { - try { - if ( type == "dtmf" ) { - console_log( "info", "digit: "+obj.digit+"\n" ); - if ( obj.digit == "#" ) { - //console_log( "info", "detected pound sign.\n" ); - exit = true; - return( false ); - } - - dtmf.digits += obj.digit; - - if ( dtmf.digits.length >= digitmaxlength ) { - exit = true; - return( false ); - } - } - } catch (e) { - console_log( "err", e+"\n" ); - } - return( true ); - } //end function mycb - - - //console_log( "info", "DISA Request\n" ); - - var dtmf = new Object( ); - dtmf.digits = ""; - - if ( session.ready( ) ) { - session.answer( ); - - if (admin_pin.length > 0) { - digitmaxlength = 6; - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav", mycb, "dtmf"); - session.collectInput( mycb, dtmf, timeoutpin ); - //console_log( "info", "DISA pin: " + dtmf.digits + "\n" ); - } - - if (dtmf.digits == admin_pin || admin_pin.length == 0) { - - //console_log( "info", "DISA pin is correct\n" ); - - us_ring = session.getVariable("us-ring"); - session.execute("set", "ringback="+us_ring); //set to ringtone - session.execute("set", "transfer_ringback="+us_ring); //set to ringtone - session.execute("set", "hangup_after_bridge=true"); - - if (predefined_destination.length == 0) { - dtmf.digits = ""; //clear dtmf digits to prepare for next dtmf request - digitmaxlength = 11; - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_phone_number.wav", mycb, "dtmf"); - session.collectInput( mycb, dtmf, timeouttransfer ); - console_log( "info", "DISA Transfer: " + dtmf.digits + "\n" ); - session.execute("transfer", dtmf.digits + " XML default"); - } - else { - session.execute("transfer", predefined_destination + " XML default"); - } - - } - else { - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav", mycb, "dtmf"); - console_log( "info", "DISA Pin: " + dtmf.digits + " is incorrect\n" ); - } - - } diff --git a/config/freeswitch/fax_to_email.tmp b/config/freeswitch/fax_to_email.tmp deleted file mode 100644 index fcd6af06..00000000 --- a/config/freeswitch/fax_to_email.tmp +++ /dev/null @@ -1,182 +0,0 @@ -<?php -/* $Id$ */ -/* - fax_to_email.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("/etc/inc/config.inc"); -require_once("/usr/local/pkg/freeswitch.inc"); -global $config; - -ob_end_clean(); -ob_start(); - -echo "\n---------------------------------\n"; - - -$phpversion = substr(phpversion(), 0, 1); -if ($phpversion == '4') { - $faxemail = $_REQUEST["email"]; - $faxextension = $_REQUEST["extension"]; - $faxname = $_REQUEST["name"]; -} -else { - $tmparray = explode("=", $_SERVER["argv"][1]); - $faxemail = $tmparray[1]; - unset($tmparray); - - $tmparray = explode("=", $_SERVER["argv"][2]); - $faxextension = $tmparray[1]; - unset($tmparray); - - $tmparray = explode("=", $_SERVER["argv"][3]); - $faxname = $tmparray[1]; - unset($tmparray); -} - -//echo "faxemail $faxemail\n"; -//echo "faxextension $faxextension\n"; -//echo "faxname $faxname\n"; -//echo "cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".png\n"; - - -$dir_fax = '/usr/local/freeswitch/storage/fax/'.$faxextension.'/inbox/'; - - -if (!file_exists($dir_fax.$faxname.".png")) { - //cd /usr/local/freeswitch/storage/fax/9975/inbox/;/usr/local/bin/tiff2png /usr/local/freeswitch/storage/fax/9975/inbox/1001-2009-06-06-01-15-11.tif - //echo "cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".tif\n"; - exec("cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".tif"); -} - -if (!file_exists($dir_fax.$faxname.".pdf")) { - //echo "cd $dir_fax; /usr/local/bin/tiff2pdf -f -o ".$faxname.".pdf ".$dir_fax.$faxname.".tif\n"; - exec("cd $dir_fax; /usr/local/bin/tiff2pdf -f -o ".$faxname.".pdf ".$dir_fax.$faxname.".tif"); -} - - -$tmp_subject = "Fax Received: ".$faxname; -$tmp_textplain = "\nFax Received:\n"; -$tmp_textplain .= "Name: ".$faxname."\n"; -$tmp_textplain .= "Extension: ".$faxextension."\n"; -$tmp_texthtml = $tmp_textplain; - - -$tmp_smtphost = $config['installedpackages']['freeswitchsettings']['config'][0]['smtphost']; -$tmp_smtpsecure = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpsecure']; //options "", "TLS", "SSL" -$tmp_smtpsecure = strtolower($tmp_smtpsecure); -$tmp_smtpauth = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpauth']; // SMTP authentication: true or false -$tmp_smtpusername = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpusername']; -$tmp_smtppassword = $config['installedpackages']['freeswitchsettings']['config'][0]['smtppassword']; -$tmp_smtpfrom = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfrom']; -$tmp_smtpfromname = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfromname']; - -ini_set(max_execution_time,900); //15 minutes -ini_set('memory_limit', '96M'); -$fd = fopen("php://stdin", "r"); - -$email = file_get_contents ("php://stdin"); - -fclose($fd); - -if($fd){ - $fp = fopen("/tmp/faxtoemail.txt", "w"); -} - - - - - - - -//send the email - - include "/usr/local/www/packages/freeswitch/class.phpmailer.php"; - include "/usr/local/www/packages/freeswitch/class.smtp.php"; // optional, gets called from within class.phpmailer.php if not already loaded - - $mail = new PHPMailer(); - - $mail->IsSMTP(); // set mailer to use SMTP - if ($tmp_smtpauth == "true") { - $mail->SMTPAuth = $tmp_smtpauth; // turn on/off SMTP authentication - } - $mail->Host = $tmp_smtphost; - if (strlen($tmp_smtpsecure)>0) { - $mail->SMTPSecure = $tmp_smtpsecure; - } - if ($tmp_smtpusername) { - $mail->Username = $tmp_smtpusername; - $mail->Password = $tmp_smtppassword; - } - $mail->SMTPDebug = 2; - - echo "tmp_smtpfrom: $tmp_smtpfrom\n"; - echo "tmp_smtpfromname: $tmp_smtpfromname\n"; - echo "tmp_subject: $tmp_subject\n"; - - $mail->From = $tmp_smtpfrom; - $mail->FromName = $tmp_smtpfromname; - $mail->Subject = $tmp_subject; - $mail->AltBody = $tmp_textplain; // optional, comment out and test - $mail->MsgHTML($tmp_texthtml); - - - $tmp_to = $faxemail; - $tmp_to = str_replace(";", ",", $tmp_to); - $tmp_to_array = split(",", $tmp_to); - foreach($tmp_to_array as $tmp_to_row) { - if (strlen($tmp_to_row) > 0) { - echo "tmp_to_row: $tmp_to_row\n"; - $mail->AddAddress($tmp_to_row); - } - } - - if (strlen($faxname) > 0) { - $mail->AddAttachment($dir_fax.$faxname.'.tif'); // tif attachment - $mail->AddAttachment($dir_fax.$faxname.'.pdf'); // pdf attachment - $mail->AddAttachment($dir_fax.$faxname.'.png'); // png attachment - //$filename='fax.tif'; $encoding = "base64"; $type = "image/tif"; - //$mail->AddStringAttachment(base64_decode($strfax),$filename,$encoding,$type); - } - - if(!$mail->Send()) { - echo "Mailer Error: " . $mail->ErrorInfo; - } - else { - echo "Message sent!"; - } - - -$content = ob_get_contents(); //get the output from the buffer -ob_end_clean(); //clean the buffer - -fwrite($fp, $content); -fclose($fp); - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch.inc b/config/freeswitch/freeswitch.inc deleted file mode 100644 index 3a2be3c2..00000000 --- a/config/freeswitch/freeswitch.inc +++ /dev/null @@ -1,3784 +0,0 @@ -<?php -/* $Id$ */ -/* -/* ========================================================================== */ -/* - freeswitch.inc - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -//ob_start("ob_gzhandler"); - -function build_menu() { - - //$script_name_array = split ("/", $_SERVER["SCRIPT_NAME"]); - //$script_name = $script_name_array[count($script_name_array)-1]; - //echo "script_name: ".$script_name."<br />"; - - $tab_array = array(); - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/pkg_edit.php?xml=freeswitch.xml&id=0") { $menu_selected = true; } - $tab_array[] = array(gettext("Settings"), $menu_selected, "/pkg_edit.php?xml=freeswitch.xml&id=0"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Dialplan"), $menu_selected, "/packages/freeswitch/freeswitch_dialplan_includes.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_extensions.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_extensions_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Extensions"), $menu_selected, "/packages/freeswitch/freeswitch_extensions.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_features.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_fax.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_fax_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr_options_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_recordings.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_recordings_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_hunt_group.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_hunt_group_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_hunt_group_destinations.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_hunt_group_destinations_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Features"), $menu_selected, "/packages/freeswitch/freeswitch_features.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_gateways.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_gateways_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Gateways"), $menu_selected, "/packages/freeswitch/freeswitch_gateways.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_profiles.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_profile_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Profiles"), $menu_selected, "/packages/freeswitch/freeswitch_profiles.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public_includes.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public_includes_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public_includes_details_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Public"), $menu_selected, "/packages/freeswitch/freeswitch_public_includes.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_status.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Status"), $menu_selected, "/packages/freeswitch/freeswitch_status.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_vars.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Vars"), $menu_selected, "/packages/freeswitch/freeswitch_vars.php"); - unset($menu_selected); - - return $tab_array; -} - - -function guid() -{ - if (function_exists('com_create_guid')){ - return com_create_guid(); - }else{ - mt_srand((double)microtime()*10000);//optional for php 4.2.0 and up. - $charid = strtoupper(md5(uniqid(rand(), true))); - $hyphen = chr(45);// "-" - $uuid = chr(123)// "{" - .substr($charid, 0, 8).$hyphen - .substr($charid, 8, 4).$hyphen - .substr($charid,12, 4).$hyphen - .substr($charid,16, 4).$hyphen - .substr($charid,20,12) - .chr(125);// "}" - return $uuid; - } -} -//echo guid(); - - -if (!function_exists("pkg_is_service_running")) { - function pkg_is_service_running($servicename) - { - //exec("/bin/ps ax | awk '{ print $5 }'", $psout); - //array_shift($psout); - //foreach($psout as $line) { - // $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line))))); - //} - //if(pkg_is_service_running($servicename, $ps) or is_process_running($servicename) ) { - return true; - //} - //else { - // return false; - //} - } -} - - -function event_socket_create($host, $port, $password) -{ - //$host has been deprecated - - //build the interface list - $i = 0; $ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - } - - //get the interface ip addresses and try to connect to them - foreach ($ifdescrs as $ifdescr => $ifname){ - $ifinfo = get_interface_info($ifdescr); - $interface_ip_address = $ifinfo['ipaddr']; - - if (strlen($interface_ip_address) > 0) { - - $fp = fsockopen($interface_ip_address, $port, $errno, $errdesc, 3); - socket_set_blocking($fp,false); - - if (!$fp) { - //connection failed continue through the loop testing other addresses - //invalid handle - } - else { - //connected to the socket return the handle - - while (!feof($fp)) { - $buffer = fgets($fp, 1024); - usleep(100); //allow time for reponse - if (trim($buffer) == "Content-Type: auth/request") { - fputs($fp, "auth $password\n\n"); - break; - } - } - return $fp; - } - - } //end if interface_ip_address - } //end foreach -} //end function - - -function event_socket_request($fp, $cmd) -{ - if ($fp) { - fputs($fp, $cmd."\n\n"); - usleep(100); //allow time for reponse - - $response = ""; - $i = 0; - $contentlength = 0; - while (!feof($fp)) { - $buffer = fgets($fp, 4096); - if ($contentlength > 0) { - $response .= $buffer; - } - - if ($contentlength == 0) { //if contentlenght is already don't process again - if (strlen(trim($buffer)) > 0) { //run only if buffer has content - $temparray = split(":", trim($buffer)); - if ($temparray[0] == "Content-Length") { - $contentlength = trim($temparray[1]); - } - } - } - - usleep(100); //allow time for reponse - - //optional because of script timeout //don't let while loop become endless - if ($i > 10000) { break; } - - if ($contentlength > 0) { //is contentlength set - //stop reading if all content has been read. - if (strlen($response) >= $contentlength) { - break; - } - } - $i++; - } - - return $response; - } - else { - echo "no handle"; - } -} - - -function event_socket_request_cmd($cmd) -{ - global $config; - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $response = event_socket_request($fp, $cmd); - fclose($fp); - } - unset($host, $port, $password); - -} - -function byte_convert( $bytes ) { - - if ($bytes<=0) - return '0 Byte'; - - $convention=1000; //[1000->10^x|1024->2^x] - $s=array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB'); - $e=floor(log($bytes,$convention)); - return round($bytes/pow($convention,$e),2).' '.$s[$e]; -} - -function ListFiles($dir) { - - if($dh = opendir($dir)) { - - $files = Array(); - $inner_files = Array(); - - while($file = readdir($dh)) { - if($file != "." && $file != ".." && $file[0] != '.') { - if(is_dir($dir . "/" . $file)) { - //$inner_files = ListFiles($dir . "/" . $file); //recursive - if(is_array($inner_files)) $files = array_merge($files, $inner_files); - } else { - array_push($files, $file); - //array_push($files, $dir . "/" . $file); - } - } - } - - closedir($dh); - return $files; - } -} - -function recording_js() -{ - - global $config; - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - - $fout = fopen("/usr/local/freeswitch/scripts/recordings.js","w"); - $tmp = " var pin = \"".$admin_pin."\";\n"; - $tmp .= " //var pin = \"\"; //don't require a pin\n"; - $tmp .= " //if you choose not to require a pin then then you may want to add a dialplan condition for a specific caller id\n"; - $tmp .= "\n"; - $tmp .= " var digitmaxlength = 0;\n"; - $tmp .= " var timeoutpin = 7500;\n"; - $tmp .= " var timeouttransfer = 7500;\n"; - $tmp .= " var objdate = new Date();\n"; - $tmp .= "\n"; - $tmp .= " var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= " var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "\n"; - $tmp .= " if (adjustoperator == \"-\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= " if (adjustoperator == \"+\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " var Hours = objdate2.getHours();\n"; - $tmp .= " var Mins = objdate2.getMinutes();\n"; - $tmp .= " var Seconds = objdate2.getSeconds();\n"; - $tmp .= " var Month = objdate2.getMonth() + 1;\n"; - $tmp .= " var Date = objdate2.getDate();\n"; - $tmp .= " var Year = objdate2.getYear()\n"; - $tmp .= " var Day = objdate2.getDay()+1;\n"; - $tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= "\n"; - $tmp .= " function mycb( session, type, data, arg ) {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " //console_log( \"info\", \"digit: \"+data.digit+\"\\n\" );\n"; - $tmp .= " if ( data.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " return( true );\n"; - $tmp .= " }\n"; - $tmp .= " dtmf.digits += data.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length < digitmaxlength ) {\n"; - $tmp .= " return( true );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //console_log( \"info\", \"Recording Request\\n\" );\n"; - $tmp .= "\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= "\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= " if (pin.length > 0) {\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Please enter your pin number now.\");\n"; - $tmp .= " digitmaxlength = 6;\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.collectInput( mycb, dtmf, timeoutpin );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " if (dtmf.digits == pin || pin.length == 0) {\n"; - //$tmp .= " //console_log( \"info\", \"Recordings pin is correct\\n\" );\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Begin recording.\");\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/begin_recording.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.execute(\"record\", \"/usr/local/freeswitch/recordings/temp\"+Year+Month+Day+Hours+Mins+Seconds+\".wav 180 200\");\n"; - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " console_log( \"info\", \"Pin: \" + dtmf.digits + \" is incorrect\\n\" );\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Your pin number is incorect, goodbye.\");\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n"; - $tmp .= " }\n"; - $tmp .= " session.hangup();\n"; - $tmp .= "\n"; - $tmp .= " }"; - fwrite($fout, $tmp); - unset($tmp); - fclose($fout); - -} - - -function sync_package_freeswitch_settings() -{ - - global $config; - if($config['installedpackages']['freeswitchsettings']['config'] != "") { - - conf_mount_rw(); - config_unlock(); - - foreach($config['installedpackages']['freeswitchsettings']['config'] as $rowhelper) { - - $fout = fopen("/usr/local/freeswitch/conf/directory/default/default.xml","w"); - $tmpxml = "<include>\n"; - $tmpxml .= " <user id=\"default\"> <!--if id is numeric mailbox param is not necessary-->\n"; - $tmpxml .= " <variables>\n"; - $tmpxml .= " <!--all variables here will be set on all inbound calls that originate from this user -->\n"; - $tmpxml .= " <!-- set these to take advantage of a dialplan localized to this user -->\n"; - $tmpxml .= " <variable name=\"numbering_plan\" value=\"" . $rowhelper['numbering_plan'] . "\"/>\n"; - $tmpxml .= " <variable name=\"default_gateway\" value=\"" . $rowhelper['default_gateway'] . "\"/>\n"; - $tmpxml .= " <variable name=\"default_area_code\" value=\"" . $rowhelper['default_area_code'] . "\"/>\n"; - $tmpxml .= " </variables>\n"; - $tmpxml .= " </user>\n"; - $tmpxml .= "</include>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml","w"); - $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <param name=\"listen-ip\" value=\"0.0.0.0\"/>\n"; - $tmpxml .= " <param name=\"listen-port\" value=\"" . $rowhelper['event_socket_port'] . "\"/>\n"; - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['event_socket_password'] . "\"/>\n"; - $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml, $event_socket_password); - fclose($fout); - - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/xml_rpc.conf","w"); - $tmpxml = "<configuration name=\"xml_rpc.conf\" description=\"XML RPC\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- The port where you want to run the http service (default 8080) -->\n"; - $tmpxml .= " <param name=\"http-port\" value=\"" . $rowhelper['xml_rpc_http_port'] . "\"/>\n"; - $tmpxml .= " <!-- if all 3 of the following params exist all http traffic will require auth -->\n"; - $tmpxml .= " <param name=\"auth-realm\" value=\"" . $rowhelper['xml_rpc_auth_realm'] . "\"/>\n"; - $tmpxml .= " <param name=\"auth-user\" value=\"" . $rowhelper['xml_rpc_auth_user'] . "\"/>\n"; - $tmpxml .= " <param name=\"auth-pass\" value=\"" . $rowhelper['xml_rpc_auth_pass'] . "\"/>\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - recording_js(); - - //shout.conf.xml - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/shout.conf.xml","w"); - $tmpxml = "<configuration name=\"shout.conf\" description=\"mod shout config\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- Don't change these unless you are insane -->\n"; - $tmpxml .= " <param name=\"decoder\" value=\"" . $rowhelper['mod_shout_decoder'] . "\"/>\n"; - $tmpxml .= " <param name=\"volume\" value=\"" . $rowhelper['mod_shout_volume'] . "\"/>\n"; - $tmpxml .= " <!--<param name=\"outscale\" value=\"8192\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - //config.js - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - $fout = fopen("/usr/local/freeswitch/scripts/config.js","w"); - $tmp = "//javascript include\n\n"; - $tmp .= "var admin_pin = \"" . $admin_pin . "\";\n"; - fwrite($fout, $tmp); - unset($tmp); - fclose($fout); - - } - - conf_mount_ro(); - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - } -} - - -function sync_package_freeswitch_dialplan() -{ - - global $config; - conf_mount_rw(); - config_unlock(); - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['dialplan_default_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml']) == 0) { - /* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */ - //$filename = "/usr/local/freeswitch/conf/dialplan/default.xml"; - //$fout = fopen($filename,"r"); - //$tmpxml = fread($fout, filesize($filename)); - //$config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml'] = base64_encode($tmpxml); - //unset($filename, $dialplan); - //fclose($fout); - //} - //else { - /* found the dialplan in the pfsense config.xml save it to default.xml. */ - //$fout = fopen("/usr/local/freeswitch/conf/dialplan/default.xml","w"); - //$tmpxml = $config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml']; - //fwrite($fout, base64_decode($tmpxml)); - //fclose($fout); - //unset($tmpxml); - //} - - conf_mount_ro(); - //$cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_freeswitch_extensions() -{ - - global $config; - if($config['installedpackages']['freeswitchextensions']['config'] != "") { - - conf_mount_rw(); - config_unlock(); - - /* delete all old extensions to prepare for new ones */ - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/1*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/2*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/3*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/4*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/5*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/6*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/7*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/8*.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/9*.xml"); - - foreach($config['installedpackages']['freeswitchextensions']['config'] as $rowhelper) { - if ($rowhelper['enabled'] != "false") { - $fout = fopen("/usr/local/freeswitch/conf/directory/default/".$rowhelper['extension'].".xml","w"); - - $tmpxml = "<include>\n"; - if (strlen($rowhelper['cidr']) == 0) { - $tmpxml .= " <user id=\"" . $rowhelper['extension'] . "\" mailbox=\"" . $rowhelper['mailbox'] . "\">\n"; - } - else { - $tmpxml .= " <user id=\"" . $rowhelper['extension'] . "\" mailbox=\"" . $rowhelper['mailbox'] . "\" cidr=\"" . $rowhelper['cidr'] . "\">\n"; - } - $tmpxml .= " <params>\n"; - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['password'] . "\"/>\n"; - $tmpxml .= " <param name=\"vm-password\" value=\"" . $rowhelper['vm-password'] . "\"/>\n"; - if (strlen($rowhelper['vm-mailto']) > 0) { - $tmpxml .= " <param name=\"vm-email-all-messages\" value=\"true\"/>\n"; - - switch ($rowhelper['vm-attach-file']) { - case "true": - $tmpxml .= " <param name=\"vm-attach-file\" value=\"true\"/>\n"; - break; - case "false": - $tmpxml .= " <param name=\"vm-attach-file\" value=\"false\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"vm-attach-file\" value=\"true\"/>\n"; - } - switch ($rowhelper['vm-keep-local-after-email']) { - case "true": - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"true\"/>\n"; - break; - case "false": - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"false\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"true\"/>\n"; - } - $tmpxml .= " <param name=\"vm-mailto\" value=\"" . $rowhelper['vm-mailto'] . "\"/>\n"; - } - if (strlen($rowhelper['auth-acl']) > 0) { - $tmpxml .= " <param name=\"auth-acl\" value=\"" . $rowhelper['auth-acl'] . "\"/>\n"; - } - $tmpxml .= " </params>\n"; - $tmpxml .= " <variables>\n"; - $tmpxml .= " <variable name=\"toll_allow\" value=\"domestic,international,local\"/>\n"; - $tmpxml .= " <variable name=\"accountcode\" value=\"" . $rowhelper['accountcode'] . "\"/>\n"; - $tmpxml .= " <variable name=\"user_context\" value=\"" . $rowhelper['user_context'] . "\"/>\n"; - if (strlen($rowhelper['effective_caller_id_number']) > 0) { - $tmpxml .= " <variable name=\"effective_caller_id_name\" value=\"" . $rowhelper['effective_caller_id_name'] . "\"/>\n"; - $tmpxml .= " <variable name=\"effective_caller_id_number\" value=\"" . $rowhelper['effective_caller_id_number'] . "\"/>\n"; - } - if (strlen($rowhelper['outbound_caller_id_number']) > 0) { - $tmpxml .= " <variable name=\"outbound_caller_id_name\" value=\"" . $rowhelper['outbound_caller_id_name'] . "\"/>\n"; - $tmpxml .= " <variable name=\"outbound_caller_id_number\" value=\"" . $rowhelper['outbound_caller_id_number'] . "\"/>\n"; - } - if (strlen($rowhelper['sip-force-contact']) > 0) { - $tmpxml .= " <variable name=\"sip-force-contact\" value=\"" . $rowhelper['sip-force-contact'] . "\"/>\n"; - } - $tmpxml .= " </variables>\n"; - $tmpxml .= " </user>\n"; - $tmpxml .= "</include>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - } - - conf_mount_ro(); - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - - } -} - - -function sync_package_freeswitch_gateways() -{ - - global $config; - if($config['installedpackages']['freeswitchgateways']['config'] != "") { - - conf_mount_rw(); - config_unlock(); - - /* delete all old gateways to prepare for new ones */ - unlink_if_exists("/usr/local/freeswitch/conf/sip_profiles/external/*.xml"); - - foreach($config['installedpackages']['freeswitchgateways']['config'] as $rowhelper) { - - if ($rowhelper['enabled'] != "false") { - $fout = fopen("/usr/local/freeswitch/conf/sip_profiles/external/".$rowhelper['gateway'].".xml","w"); - - $tmpxml .= "<include>\n"; - $tmpxml .= " <gateway name=\"" . $rowhelper['gateway'] . "\">\n"; - if (strlen($rowhelper['username']) > 0) { - $tmpxml .= " <param name=\"username\" value=\"" . $rowhelper['username'] . "\"/>\n"; - } - if (strlen($rowhelper['auth-username']) > 0) { - $tmpxml .= " <param name=\"auth-username\" value=\"" . $rowhelper['auth-username'] . "\"/>\n"; - } - if (strlen($rowhelper['password']) > 0) { - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['password'] . "\"/>\n"; - } - if (strlen($rowhelper['realm']) > 0) { - $tmpxml .= " <param name=\"realm\" value=\"" . $rowhelper['realm'] . "\"/>\n"; - } - if (strlen($rowhelper['from-user']) > 0) { - $tmpxml .= " <param name=\"from-user\" value=\"" . $rowhelper['from-user'] . "\"/>\n"; - } - if (strlen($rowhelper['from-domain']) > 0) { - $tmpxml .= " <param name=\"from-domain\" value=\"" . $rowhelper['from-domain'] . "\"/>\n"; - } - if (strlen($rowhelper['proxy']) > 0) { - $tmpxml .= " <param name=\"proxy\" value=\"" . $rowhelper['proxy'] . "\"/>\n"; - } - if (strlen($rowhelper['expire-seconds']) > 0) { - $tmpxml .= " <param name=\"expire-seconds\" value=\"" . $rowhelper['expire-seconds'] . "\"/>\n"; - } - if (strlen($rowhelper['register']) > 0) { - $tmpxml .= " <param name=\"register\" value=\"" . $rowhelper['register'] . "\"/>\n"; - } - - if (strlen($rowhelper['register-transport']) > 0) { - switch ($rowhelper['register-transport']) { - case "udp": - $tmpxml .= " <param name=\"register-transport\" value=\"udp\"/>\n"; - break; - case "tcp": - $tmpxml .= " <param name=\"register-transport\" value=\"tcp\"/>\n"; - break; - case "tls": - $tmpxml .= " <param name=\"register-transport\" value=\"tls\"/>\n"; - $tmpxml .= " <param name=\"contact-params\" value=\"transport=tls\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"register-transport\" value=\"" . $rowhelper['register-transport'] . "\"/>\n"; - } - } - - if (strlen($rowhelper['retry-seconds']) > 0) { - $tmpxml .= " <param name=\"retry-seconds\" value=\"" . $rowhelper['retry-seconds'] . "\"/>\n"; - } - if (strlen($rowhelper['extension']) > 0) { - $tmpxml .= " <param name=\"extension\" value=\"" . $rowhelper['extension'] . "\"/>\n"; - } - if (strlen($rowhelper['ping']) > 0) { - $tmpxml .= " <param name=\"ping\" value=\"" . $rowhelper['ping'] . "\"/>\n"; - } - if (strlen($rowhelper['context']) > 0) { - $tmpxml .= " <param name=\"context\" value=\"" . $rowhelper['context'] . "\"/>\n"; - } - if (strlen($rowhelper['caller-id-in-from']) > 0) { - $tmpxml .= " <param name=\"caller-id-in-from\" value=\"" . $rowhelper['caller-id-in-from'] . "\"/>\n"; - } - if (strlen($rowhelper['supress-cng']) > 0) { - $tmpxml .= " <param name=\"supress-cng\" value=\"" . $rowhelper['supress-cng'] . "\"/>\n"; - } - - $tmpxml .= " </gateway>\n"; - $tmpxml .= "</include>"; - - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - - } - - conf_mount_ro(); - $cmd = "api sofia profile external restart reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - - } - -} - - -function sync_package_freeswitch_modules() -{ - - global $config; - conf_mount_rw(); - config_unlock(); - - foreach($config['installedpackages']['freeswitchmodules']['config'] as $rowhelper) { - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/modules.conf.xml","w"); - - $tmpxml =""; - $tmpxml .= "<configuration name=\"modules.conf\" description=\"Modules\">\n"; - $tmpxml .= " <modules>\n"; - $tmpxml .= "\n"; - $tmpxml .= " <!-- Loggers (I'd load these first) -->\n"; - if ($rowhelper['mod_console'] == "enable"){ $tmpxml .= " <load module=\"mod_console\"/>\n"; } - if ($rowhelper['mod_logfile'] == "enable"){ $tmpxml .= " <load module=\"mod_logfile\"/>\n"; } - if ($rowhelper['mod_syslog'] == "enable"){ $tmpxml .= " <load module=\"mod_syslog\"/>\n"; } - $tmpxml .= "\n"; - if ($rowhelper['mod_yaml'] == "enable"){ $tmpxml .= " <load module=\"mod_yaml\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Multi-Faceted -->\n"; - $tmpxml .= " <!-- mod_enum is a dialplan interface, an application interface and an api command interface -->\n"; - if ($rowhelper['mod_enum'] == "enable"){ $tmpxml .= " <load module=\"mod_enum\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- XML Interfaces -->\n"; - if ($rowhelper['mod_xml_rpc'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_rpc\"/>\n"; } - if ($rowhelper['mod_xml_curl'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_curl\"/>\n"; } - if ($rowhelper['mod_xml_cdr'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_cdr\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Event Handlers -->\n"; - if ($rowhelper['mod_cdr_csv'] == "enable"){ $tmpxml .= " <load module=\"mod_cdr_csv\"/>\n"; } - if ($rowhelper['mod_event_multicast'] == "enable"){ $tmpxml .= " <load module=\"mod_event_multicast\"/>\n"; } - if ($rowhelper['mod_event_socket'] == "enable"){ $tmpxml .= " <load module=\"mod_event_socket\"/>\n"; } - if ($rowhelper['mod_zeroconf'] == "enable"){ $tmpxml .= " <load module=\"mod_zeroconf\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Directory Interfaces -->\n"; - if ($rowhelper['mod_ldap'] == "enable"){ $tmpxml .= " <load module=\"mod_ldap\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Endpoints -->\n"; - if ($rowhelper['mod_dingaling'] == "enable"){ $tmpxml .= " <load module=\"mod_dingaling\"/>\n"; } - if ($rowhelper['mod_iax'] == "enable"){ $tmpxml .= " <load module=\"mod_iax\"/>\n"; } - if ($rowhelper['mod_portaudio'] == "enable"){ $tmpxml .= " <load module=\"mod_portaudio\"/>\n"; } - if ($rowhelper['mod_alsa'] == "enable"){ $tmpxml .= " <load module=\"mod_alsa\"/>\n"; } - if ($rowhelper['mod_sofia'] == "enable"){ $tmpxml .= " <load module=\"mod_sofia\"/>\n"; } - if ($rowhelper['mod_loopback'] == "enable"){ $tmpxml .= " <load module=\"mod_loopback\"/>\n"; } - if ($rowhelper['mod_wanpipe'] == "enable"){ $tmpxml .= " <load module=\"mod_wanpipe\"/>\n"; } - if ($rowhelper['mod_woomera'] == "enable"){ $tmpxml .= " <load module=\"mod_woomera\"/>\n"; } - if ($rowhelper['mod_openzap'] == "enable"){ $tmpxml .= " <load module=\"mod_openzap\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Applications -->\n"; - if ($rowhelper['mod_commands'] == "enable"){ $tmpxml .= " <load module=\"mod_commands\"/>\n"; } - if ($rowhelper['mod_conference'] == "enable"){ $tmpxml .= " <load module=\"mod_conference\"/>\n"; } - if ($rowhelper['mod_dptools'] == "enable"){ $tmpxml .= " <load module=\"mod_dptools\"/>\n"; } - if ($rowhelper['mod_expr'] == "enable"){ $tmpxml .= " <load module=\"mod_expr\"/>\n"; } - if ($rowhelper['mod_fax'] == "enable"){ $tmpxml .= " <load module=\"mod_fax\"/>\n"; } - if ($rowhelper['mod_fifo'] == "enable"){ $tmpxml .= " <load module=\"mod_fifo\"/>\n"; } - if ($rowhelper['mod_voicemail'] == "enable"){ $tmpxml .= " <load module=\"mod_voicemail\"/>\n"; } - if ($rowhelper['mod_limit'] == "enable"){ $tmpxml .= " <load module=\"mod_limit\"/>\n"; } - if ($rowhelper['mod_esf'] == "enable"){ $tmpxml .= " <load module=\"mod_esf\"/>\n"; } - if ($rowhelper['mod_fsv'] == "enable"){ $tmpxml .= " <load module=\"mod_fsv\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- SNOM Module -->\n"; - if ($rowhelper['mod_snom'] == "enable"){ $tmpxml .= " <load module=\"mod_snom\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Dialplan Interfaces -->\n"; - if ($rowhelper['mod_dialplan_directory'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_directory\"/>\n"; } - if ($rowhelper['mod_dialplan_xml'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_xml\"/>\n"; } - if ($rowhelper['mod_dialplan_asterisk'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_asterisk\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Codec Interfaces -->\n"; - if ($rowhelper['mod_voipcodecs'] == "enable"){ $tmpxml .= " <load module=\"mod_voipcodecs\"/>\n"; } - if ($rowhelper['mod_g723_1'] == "enable"){ $tmpxml .= " <load module=\"mod_g723_1\"/>\n"; } - if ($rowhelper['mod_g729'] == "enable"){ $tmpxml .= " <load module=\"mod_g729\"/>\n"; } - if ($rowhelper['mod_amr'] == "enable"){ $tmpxml .= " <load module=\"mod_amr\"/>\n"; } - if ($rowhelper['mod_ilbc'] == "enable"){ $tmpxml .= " <load module=\"mod_ilbc\"/>\n"; } - if ($rowhelper['mod_speex'] == "enable"){ $tmpxml .= " <load module=\"mod_speex\"/>\n"; } - if ($rowhelper['mod_siren'] == "enable"){ $tmpxml .= " <load module=\"mod_siren\"/>\n"; } - if ($rowhelper['mod_celt'] == "enable"){ $tmpxml .= " <load module=\"mod_celt\"/>\n"; } - if ($rowhelper['mod_h26x'] == "enable"){ $tmpxml .= " <load module=\"mod_h26x\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- File Format Interfaces -->\n"; - if ($rowhelper['mod_sndfile'] == "enable"){ $tmpxml .= " <load module=\"mod_sndfile\"/>\n"; } - if ($rowhelper['mod_native_file'] == "enable"){ $tmpxml .= " <load module=\"mod_native_file\"/>\n"; } - $tmpxml .= " <!--For icecast/mp3 streams/files-->\n"; - if ($rowhelper['mod_shout'] == "enable"){ $tmpxml .= " <load module=\"mod_shout\"/>\n"; } - $tmpxml .= " <!--For local streams (play all the files in a directory)-->\n"; - if ($rowhelper['mod_local_stream'] == "enable"){ $tmpxml .= " <load module=\"mod_local_stream\"/>\n"; } - if ($rowhelper['mod_tone_stream'] == "enable"){ $tmpxml .= " <load module=\"mod_tone_stream\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Timers -->\n"; - $tmpxml .= "\n"; - $tmpxml .= " <!-- Languages -->\n"; - if ($rowhelper['mod_spidermonkey'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey\"/>\n"; } - if ($rowhelper['mod_spidermonkey_odbc'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_odbc\"/>\n"; } - if ($rowhelper['mod_perl'] == "enable"){ $tmpxml .= " <load module=\"mod_perl\"/>\n"; } - if ($rowhelper['mod_python'] == "enable"){ $tmpxml .= " <load module=\"mod_python\"/>\n"; } - if ($rowhelper['mod_java'] == "enable"){ $tmpxml .= " <load module=\"mod_java\"/>\n"; } - if ($rowhelper['mod_lua'] == "enable"){ $tmpxml .= " <load module=\"mod_lua\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- ASR /TTS -->\n"; - if ($rowhelper['mod_flite'] == "enable"){ $tmpxml .= " <load module=\"mod_flite\"/>\n"; } - if ($rowhelper['mod_pocketsphinx'] == "enable"){ $tmpxml .= " <load module=\"mod_pocketsphinx\"/>\n"; } - if ($rowhelper['mod_cepstral'] == "enable"){ $tmpxml .= " <load module=\"mod_cepstral\"/>\n"; } - if ($rowhelper['mod_openmrcp'] == "enable"){ $tmpxml .= " <load module=\"mod_openmrcp\"/>\n"; } - if ($rowhelper['mod_rss'] == "enable"){ $tmpxml .= " <load module=\"mod_rss\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Say -->\n"; - if ($rowhelper['mod_say_en'] == "enable"){ $tmpxml .= " <load module=\"mod_say_en\"/>\n"; } - if ($rowhelper['mod_say_de'] == "enable"){ $tmpxml .= " <load module=\"mod_say_de\"/>\n"; } - if ($rowhelper['mod_say_es'] == "enable"){ $tmpxml .= " <load module=\"mod_say_es\"/>\n"; } - if ($rowhelper['mod_say_fr'] == "enable"){ $tmpxml .= " <load module=\"mod_say_fr\"/>\n"; } - if ($rowhelper['mod_say_it'] == "enable"){ $tmpxml .= " <load module=\"mod_say_it\"/>\n"; } - if ($rowhelper['mod_say_nl'] == "enable"){ $tmpxml .= " <load module=\"mod_say_nl\"/>\n"; } - if ($rowhelper['mod_say_ru'] == "enable"){ $tmpxml .= " <load module=\"mod_say_ru\"/>\n"; } - if ($rowhelper['mod_say_zh'] == "enable"){ $tmpxml .= " <load module=\"mod_say_zh\"/>\n"; } - $tmpxml .= " </modules>\n"; - $tmpxml .= "</configuration>"; - - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - - conf_mount_ro(); - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_freeswitch_public() -{ - - global $config; - conf_mount_rw(); - config_unlock(); - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchpublic']['config'][0]['public_xml']) == 0) { - // /* dialplan_public_xml not found in the pfsense config.xml get the default public.xml and save to config.xml. */ - // $filename = "/usr/local/freeswitch/conf/dialplan/public.xml"; - // $fout = fopen($filename,"r"); - // $tmpxml = fread($fout, filesize($filename)); - // $tmpxml = str_replace("<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>", "<!--<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>-->", $tmpxml); - // $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml'] = base64_encode($tmpxml); - - // unset($filename, $tmpxml); - // fclose($fout); - //} - //else { - // /* found dialplan_public_xml in the pfsense config.xml save it to public.xml. */ - // $fout = fopen("/usr/local/freeswitch/conf/dialplan/public.xml","w"); - // $tmpxml = $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml']; - // fwrite($fout, base64_decode($tmpxml)); - // fclose($fout); - // unset($tmpxml); - //} - - conf_mount_ro(); - //$cmd = "api reloadxml"; - ////event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_freeswitch_vars() -{ - - global $config; - conf_mount_rw(); - config_unlock(); - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['vars_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchvars']['config'][0]['vars_xml']) == 0) { - // /* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */ - // $filename = "/usr/local/freeswitch/conf/vars.xml"; - // $fout = fopen($filename,"r"); - // $tmpxml = fread($fout, filesize($filename)); - // $config['installedpackages']['freeswitchvars']['config'][0]['vars_xml'] = base64_encode($tmpxml); - // unset($filename, $dialplan); - // fclose($fout); - //} - //else { - // /* found the dialplan in the pfsense config.xml save it to default.xml. */ - // $fout = fopen("/usr/local/freeswitch/conf/vars.xml","w"); - // $tmpxml = $config['installedpackages']['freeswitchvars']['config'][0]['vars_xml']; - // fwrite($fout, base64_decode($tmpxml)); - // fclose($fout); - // unset($tmpxml); - //} - - conf_mount_ro(); - //$cmd = "api reloadxml"; - ////event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_freeswitch_internal() -{ - global $config; - conf_mount_rw(); - config_unlock(); - - if(strlen($config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml']) == 0) { - /* internal_xml not found in the pfsense config.xml get the internal.xml and save to config.xml. */ - $filename = "/usr/local/freeswitch/conf/sip_profiles/internal.xml"; - $fout = fopen($filename,"r"); - $tmpxml = fread($fout, filesize($filename)); - $config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml'] = base64_encode($tmpxml); - unset($filename, $dialplan); - fclose($fout); - } - else { - /* found the internal_xml in the pfsense config.xml save it to internal.xml. */ - $fout = fopen("/usr/local/freeswitch/conf/sip_profiles/internal.xml","w"); - $tmpxml = $config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml']; - fwrite($fout, base64_decode($tmpxml)); - fclose($fout); - unset($tmpxml); - } - - conf_mount_ro(); - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_freeswitch_external() -{ - global $config; - conf_mount_rw(); - config_unlock(); - - if(strlen($config['installedpackages']['freeswitchexternal']['config'][0]['external_xml']) == 0) { - /* external_xml not found in the pfsense config.xml get the external.xml and save to config.xml. */ - $filename = "/usr/local/freeswitch/conf/sip_profiles/external.xml"; - $fout = fopen($filename,"r"); - $tmpxml = fread($fout, filesize($filename)); - $config['installedpackages']['freeswitchexternal']['config'][0]['external_xml'] = base64_encode($tmpxml); - unset($filename, $dialplan); - fclose($fout); - } - else { - /* found the external_xml in the pfsense config.xml save it to external.xml. */ - $fout = fopen("/usr/local/freeswitch/conf/sip_profiles/external.xml","w"); - $tmpxml = $config['installedpackages']['freeswitchexternal']['config'][0]['external_xml']; - fwrite($fout, base64_decode($tmpxml)); - fclose($fout); - unset($tmpxml); - } - - conf_mount_ro(); - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_freeswitch_hunt_group() -{ - - //Hunt Group Javascript Notes: - //get the domain - //loop through all Hunt Groups - //get the Hunt Group information such as the name and description - //add each Hunt Group to the dialplan - //get the list of destinations then build the Hunt Group javascript - - - global $config; - conf_mount_rw(); - config_lock(); - - - //get the domain - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $host = $config['interfaces']['lan']['ipaddr']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $cmd = "api global_getvar domain"; - $domain = trim(event_socket_request($fp, $cmd)); - } - - $tmp = ""; - $tmp .= "\n"; - $tmp .= " var domain = \"".$domain."\"; //by default this is the ipv4 address of FreeSWITCH used for transfer to voicemail\n"; - //$tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= "\n"; - - //loop through all Hunt Groups - $x = 0; - $a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; - if (count($a_hunt_group) > 0) { - foreach($a_hunt_group as $rowhelper) { - - //get the Hunt Group information such as the name and description - //$rowhelper['huntgroupid'] - //$rowhelper['huntgroupextension'] - //$rowhelper['huntgroupname'] - //$rowhelper['huntgrouptype'] - //$rowhelper['huntgrouptimeout'] - //$rowhelper['huntgroupcontext'] - //$rowhelper['huntgroupringback'] - //$rowhelper['huntgroupcidnameprefix'] - //$rowhelper['huntgrouppin'] - //$rowhelper['huntgroupcallerannounce'] - //$rowhelper['huntgroupdescr'] - - //add each Hunt Group to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - if (strlen($rowhelper['huntgroupid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "huntgroupid" && $row['opt1value'] == $rowhelper['huntgroupid']) { - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - } - $i++; - } - unset($i); - } - - - $ent = array(); - if ($action == 'add') { - //create huntgroup extension in the dialplan - $ent = array(); - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'huntgroup'; - $ent['opt1name'] = 'huntgroupid'; - $ent['opt1value'] = $rowhelper['huntgroupid']; - - $a_dialplan_includes[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['huntgroupextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $huntgroupid = str_replace(array("{", "}"), "", $rowhelper['huntgroupid']); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'huntgroup_'.$huntgroupid.'.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($huntgroupid); - - } - if ($action == 'update') { - //update the huntgroup - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $descr; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - unset($action); - unset($dialplanincludeid); - - //check whether the fifo queue exists already - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "huntgroupfifoid" && $row['opt1value'] == $rowhelper['huntgroupid']) { - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - } - $i++; - } - unset($i); - } - - if ($action == 'add') { - - //create a fifo queue for each huntgroup - $ent = array(); - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname'].'.park'; - $ent['order'] = '9999'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'fifo '.$rowhelper['huntgroupextension']; - $ent['opt1name'] = 'huntgroupfifoid'; - $ent['opt1value'] = $rowhelper['huntgroupid']; - $a_dialplan_includes[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*'.$rowhelper['huntgroupextension'].'$'; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_music=$${hold_music}'; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $huntgrouptimeouttype = $rowhelper['huntgrouptimeouttype']; - $huntgrouptimeoutdestination = $rowhelper['huntgrouptimeoutdestination']; - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeoutdestination = '***'.$huntgrouptimeoutdestination; } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_orbit_exten='.$huntgrouptimeoutdestination.':'.$rowhelper['huntgrouptimeout']; - $ent['fieldorder'] = '002'; - $a_dialplan_include_details[] = $ent; - unset($ent); //add to the config - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'fifo'; - $ent['fielddata'] = $rowhelper['huntgroupextension'].'@${domain_name} in'; - $ent['fieldorder'] = '003'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - } - if ($action == 'update') { - //update the huntgroup - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname'].'.park'; - $ent['order'] = $order; - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = $enabled; - $ent['descr'] = 'fifo '.$rowhelper['huntgroupextension']; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - - //delete dialplan include details - if (count($a_dialplan_include_details) > 0) { - foreach($a_dialplan_include_details as $row) { - if ($row['dialplanincludeid'] == $dialplanincludeid) { - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*'.$rowhelper['huntgroupextension'].'$'; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_music=$${hold_music}'; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $huntgrouptimeouttype = $rowhelper['huntgrouptimeouttype']; - $huntgrouptimeoutdestination = $rowhelper['huntgrouptimeoutdestination']; - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeoutdestination = '***'.$huntgrouptimeoutdestination; } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_orbit_exten='.$huntgrouptimeoutdestination.':'.$rowhelper['huntgrouptimeout']; - $ent['fieldorder'] = '002'; - $a_dialplan_include_details[] = $ent; - unset($ent); //add to the config - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'fifo'; - $ent['fielddata'] = $rowhelper['huntgroupextension'].'@${domain_name} in'; - $ent['fieldorder'] = '003'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - } - - write_config(); - sync_package_freeswitch_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen huntgroupid; add the Hunt Group to the dialplan - - - //Get the list of destinations then build the Hunt Group javascript - $tmp = ""; - $tmp .= "\n"; - $tmp .= "session.answer();\n"; - $tmp .= "var domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= "var extension = '".$rowhelper['huntgroupextension']."';\n"; - $tmp .= "var result;\n"; - $tmp .= "var timeoutpin = 7500;\n"; - $tmp .= "\n"; - $tmp .= "var objdate = new Date();\n"; - $tmp .= "var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= "var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "if (adjustoperator == \"-\") {\n"; - $tmp .= "var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= "}\n"; - $tmp .= "if (adjustoperator == \"+\") {\n"; - $tmp .= "var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= "}\n"; - $tmp .= "var Hours = objdate2.getHours();\n"; - $tmp .= "var Mins = objdate2.getMinutes();\n"; - $tmp .= "var Seconds = objdate2.getSeconds();\n"; - $tmp .= "var Month = objdate2.getMonth() + 1;\n"; - $tmp .= "var Date = objdate2.getDate();\n"; - $tmp .= "var Year = objdate2.getYear()\n"; - $tmp .= "var Day = objdate2.getDay()+1;\n"; - $tmp .= "var exit = false;\n"; - $tmp .= "\n"; - - $tmp .= " function get_sofia_contact(extension,domain_name, profile){\n"; - $tmp .= " if (profile == \"auto\") {\n"; - $i = 0; - foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - if ($i == 0) { - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - } - else { - $tmp .= "\n"; - $tmp .= " if (sofia_contact == \"error/user_not_registered\") {\n"; - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - } - $i++; - } - unset ($i); - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - $tmp .= " console_log( \"info\", \"sofia_contact \"+profile+\": \"+sofia_contact+\".\\n\" );\n"; - $tmp .= " return sofia_contact;\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= " function mycb( session, type, obj, arg ) {\n"; - $tmp .= " try {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " console_log( \"info\", \"digit: \"+obj.digit+\"\\n\" );\n"; - $tmp .= " if ( obj.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " dtmf.digits += obj.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length >= digitmaxlength ) {\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " } catch (e) {\n"; - $tmp .= " console_log( \"err\", e+\"\\n\" );\n"; - $tmp .= " }\n"; - $tmp .= " return( true );\n"; - $tmp .= " } //end function mycb\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= "dialed_extension = session.getVariable(\"dialed_extension\");\n"; - $tmp .= "domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= "domain = session.getVariable(\"domain\");\n"; - $tmp .= "us_ring = session.getVariable(\"us-ring\");\n"; - $tmp .= "caller_id_name = session.getVariable(\"caller_id_name\");\n"; - $tmp .= "caller_id_number = session.getVariable(\"caller_id_number\");\n"; - $tmp .= "effective_caller_id_name = session.getVariable(\"effective_caller_id_name\");\n"; - $tmp .= "effective_caller_id_number = session.getVariable(\"effective_caller_id_number\");\n"; - $tmp .= "outbound_caller_id_name = session.getVariable(\"outbound_caller_id_name\");\n"; - $tmp .= "outbound_caller_id_number = session.getVariable(\"outbound_caller_id_number\");\n"; - $tmp .= "\n"; - - - //pin number requested from caller if provided - if (strlen($rowhelper['huntgrouppin']) > 0) { - $tmp .= "var pin = '".$rowhelper['huntgrouppin']."';\n"; - $tmp .= "if (pin.length > 0) {\n"; - $tmp .= " var dtmf = new Object();\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " digitmaxlength = 6;\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.collectInput( mycb, dtmf, timeoutpin );\n"; - $tmp .= "\n"; - $tmp .= " if (dtmf.digits == pin || pin.length == 0) {\n"; - $tmp .= " //continue\n"; - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " console_log( \"info\", \"Pin: \" + dtmf.digits + \" is incorrect\\n\" );\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.hangup();\n"; - $tmp .= " }\n"; - $tmp .= "}\n"; - $tmp .= "\n"; - } - - //caller announce requested from caller if provided - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $tmp .= "function originate(session, sipuri, extension, caller_announce, caller_id_name, caller_id_number) {\n"; - $tmp .= " caller_id_name = caller_id_name.replace(\" \", \"+\");\n"; - $tmp .= " apiExecute(\"jsrun\", \"originate.js \"+session.uuid+\" \"+sipuri+\" \"+extension+\" \"+caller_announce+\" \"+caller_id_name+\" \"+caller_id_number);\n"; - $tmp .= "}"; - $tmp .= "\n"; - $tmp .= "var caller_announce = extension+\"_\"+Year+Month+Day+Hours+Mins+Seconds+\".wav\";\n"; - $tmp .= "session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/please_say_your_name_and_reason_for_calling.wav\");\n"; - $tmp .= "session.execute(\"gentones\", \"%(1000, 0, 640)\");\n"; - $tmp .= "session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= "session.execute(\"record\", \"/tmp/\"+caller_announce+\" 180 200\");\n"; - $tmp .= "\n"; - $tmp .= "result = session.setAutoHangup(false);\n"; - $tmp .= "session.execute(\"transfer\", \"*\"+extension+\" XML default\");\n"; - $tmp .= "\n"; - } - - //set caller id prefix - if (strlen($rowhelper['huntgroupcidnameprefix'])> 0) { - $tmp .= "session.execute(\"set\", \"caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"effective_caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+effective_caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"outbound_caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+outbound_caller_id_name);\n"; - } - - //set ring back - if (isset($rowhelper['huntgroupringback'])){ - if ($rowhelper['huntgroupringback'] == "ring"){ - $tmp .= "session.execute(\"set\", \"ringback=\"+us_ring); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\"+us_ring); //set to ringtone\n"; - } - if ($rowhelper['huntgroupringback'] == "music"){ - $tmp .= "session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - } - else { - $tmp .= "session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - - if ($rowhelper['huntgrouptimeout'] > 0) { - $tmp .= "session.execute(\"set\", \"call_timeout=".$rowhelper['huntgrouptimeout']."\");\n"; - $tmp .= "session.execute(\"set\", \"continue_on_fail=true\");\n"; - } - $tmp .= "session.execute(\"set\", \"hangup_after_bridge=true\");\n"; - $tmp .= "\n"; - $tmp .= "//console_log( \"info\", \"dialed extension:\"+dialed_extension+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain: \"+domain+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"us_ring: \"+us_ring+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain: \"+domain+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain_name: \"+domain_name+\".\\n\" );\n"; - $tmp .= "\n"; - - $tmp .= "//console_log( \"info\", \"action call now don't wait for dtmf\\n\" );\n"; - if ($rowhelper['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= "if ( session.ready() ) {\n"; - $tmp .= " session.answer();\n"; - } - $tmp .= "\n"; - - $a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; - if (isset($id) && $a_hunt_group[0]) { - $huntgrouptimeout = $a_hunt_group[$id]['huntgrouptimeout']; - $huntgrouptimeoutdestination = $a_hunt_group[$id]['huntgrouptimeoutdestination']; - } - - //order the array - if (!function_exists(cmp_hunt_group_order)) { - function cmp_hunt_group_order($a, $b) { - if ($a["destinationorder"] > $b["destinationorder"]) { - return 1; - } - else { - return 0; - } - } - } - - - $a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - if (count($a_hunt_group_destinations) > 0) { usort($a_hunt_group_destinations, "cmp_hunt_group_order"); } - if (count($a_hunt_group_destinations) > 0) { - - $i = 0; - foreach($a_hunt_group_destinations as $row) { - - /* - $row['huntgroupid'] - $row['destinationnumber'] - $row['destinationtype'] - $row['destinationprofile'] - $row['destinationorder'] - $row['destinationdescr'] - */ - - if ($row['huntgroupid'] == $rowhelper['huntgroupid']) { - - //set the default profile - if (strlen($row['destinationnumber']) == 0) { $row['destinationnumber'] = "internal"; } - - if ($row['destinationtype'] == "extension") { - $tmp .= "sofia_contact_".$row['destinationnumber']." = get_sofia_contact(\"".$row['destinationnumber']."\",domain_name, \"".$row['destinationprofile']."\");\n"; - $tmp_sub_array["application"] = "bridge"; - $tmp_sub_array["data"] = "sofia_contact_".$row['destinationnumber']; - $tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - if ($row['destinationtype'] == "voicemail") { - $tmp_sub_array["application"] = "voicemail"; - $tmp .= "session.execute(\"voicemail\", \"default \${domain} ".$row['destinationnumber']."\");\n"; - //$tmp_sub_array["application"] = "voicemail"; - //$tmp_sub_array["data"] = "default \${domain} ".$row['destinationnumber']; - //$tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - if ($row['destinationtype'] == "sip uri") { - $tmp_sub_array["application"] = "bridge"; - $tmp_sub_array["data"] = "\"".$row['destinationnumber']."\""; - $tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - $i++; - - } //end huntgroupid - - } //end for each - unset($i); - } //if count - - $i = 0; - if(count($tmp_array) > 0) { - foreach ($tmp_array as $row) { - $tmpdata = $row["data"]; - if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - if ($i < 1) { - $tmp_buffer = $tmpdata; - } - else { - $tmp_buffer .= "+\",\"+".$tmpdata; - } - $i++; - } - } - unset($i); - $delimiter = ","; - $tmp_application = $tmp_array[0]["application"]; - - switch ($rowhelper['huntgrouptype']) { - case "simultaneous": - //print_r($tmp_array); - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $i = 0; - if (count($tmp_array) > 0) { - foreach ($tmp_array as $row) { - $tmpdata = $row["data"]; - if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - $tmp .= " result = originate (session, ".$tmpdata.", extension, caller_announce, caller_id_name, caller_id_number);\n"; - } - } - } - else { - $tmp .= "\n"; - $tmp .= " session.execute(\"".$tmp_application."\", $tmp_buffer);\n"; - //$tmp .= " session.execute(\"bridge\", sofia_contact_100+\",\"+sofia_contact_101+\",\"+sofia_contact_102+\",\"+sofia_contact_103+\",\"+sofia_contact_104);\n"; - //$tmp .= " //session.execute(\"bridge\", \"sofia/gateway/flowroute.com/12081231234,\"+sofia_contact_101);\n"; - } - unset($tmp_array); - break; - case "sequentially": - - $tmp .= "\n"; - //print_r($tmp_array); - $i = 0; - if (count($tmp_array) > 0) { - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $i = 0; - if (count($tmp_array) > 0) { - //foreach ($tmp_array as $row) { - //$tmpdata = $row["data"]; - //if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - $tmp .= " result = originate (session, ".$tmp_buffer.", extension, caller_announce, caller_id_name, caller_id_number);\n"; - //} - } - } - else { - foreach ($tmp_array as $row) { - $tmp .= " session.execute(\"".$row["application"]."\", ".$row["data"].");\n"; - } - } - unset($tmp_array); - } - - break; - } - - //set the timeout destination - $huntgrouptimeoutdestination = $a_hunt_group[$x]['huntgrouptimeoutdestination']; - $huntgrouptimeouttype = $a_hunt_group[$x]['huntgrouptimeouttype']; - if ($huntgrouptimeouttype == "extension") { $huntgrouptimeouttype = "bridge"; } - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeouttype = "transfer"; $huntgrouptimeoutdestination = "*99".$huntgrouptimeoutdestination; } - if ($huntgrouptimeouttype == "sip uri") { $huntgrouptimeouttype = "bridge"; } - $tmp .= "\n"; - if ($row['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= " //timeout\n"; - $tmp .= " session.execute(\"".$huntgrouptimeouttype."\", \"".$huntgrouptimeoutdestination."\");\n"; - } - - $tmp .= "\n"; - $tmp .= " //clear variables\n"; - $tmp .= " dialed_extension = \"\";\n"; - $tmp .= " new_extension = \"\";\n"; - $tmp .= " domain_name = \"\";\n"; - $tmp .= " domain = \"\";"; - - $tmp .= "\n"; - if ($rowhelper['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= "} //end if session.ready\n"; - } - $tmp .= "\n"; - - if (strlen($rowhelper['huntgroupid']) > 0) { - $huntgroupfilename = "huntgroup_".str_replace(array("{", "}"), "", $rowhelper['huntgroupid']).".js"; - $fout = fopen("/usr/local/freeswitch/scripts/".$huntgroupfilename,"w"); - fwrite($fout, $tmp); - unset($huntgroupfilename); - fclose($fout); - } - - $x++; - } //end foreach - } //end if count - conf_mount_ro(); - config_unlock(); - -} //end function - - -function sync_package_freeswitch_fax() -{ - - global $config; - conf_mount_rw(); - config_lock(); - - //loop through all faxes - $a_fax = &$config['installedpackages']['freeswitchfax']['config']; - if (count($a_fax) > 0) { - foreach($a_fax as $rowhelper) { - - //get the fax information such as the name and description - //$rowhelper['faxid'] - //$rowhelper['faxextension'] - //$rowhelper['faxname'] - //$rowhelper['faxemail'] - //$rowhelper['faxdomain'] - //$rowhelper['faxdescription'] - - //add each fax extension to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //determine if the entry should be an add, or update to the dialplan - if (strlen($rowhelper['faxid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['faxid']; - //$row['faxname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "faxid" && $row['opt1value'] == $rowhelper['faxid']) { - //update - $action = 'update'; - - $dialplanincludeid = $rowhelper['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - //echo "update".$i."<br />\n"; - - if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$extensionname.".xml")){ - unlink("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$extensionname.".xml"); - } - } - $i++; - - } - } - - $ent = array(); - if ($action == 'add') { - $faxid = $rowhelper['faxid']; - if (strlen($rowhelper['faxname']) > 0) { - $ent['dialplanincludeid'] = $faxid; - $ent['extensionname'] = $rowhelper['faxname']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = "default"; - //$ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'fax'; - $ent['opt1name'] = 'faxid'; - $ent['opt1value'] = $rowhelper['faxid']; - - //add to the config - $a_dialplan_includes[] = $ent; - unset($ent); - - //<!-- default ${domain_name} --> - //<condition field="destination_number" expression="^\*9978$"> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldorder'] = '000'; - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['faxextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="answer" /> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '001'; - $ent['fieldtype'] = 'answer'; - $ent['fielddata'] = ''; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="playback" data="silence_stream://2000"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '002'; - $ent['fieldtype'] = 'playback'; - $ent['fielddata'] = 'silence_stream://2000'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="set" data="last_fax=${caller_id_number}-${strftime(%Y-%m-%d-%H-%M-%S)}"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '003'; - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'last_fax=${caller_id_number}-${strftime(%Y-%m-%d-%H-%M-%S)}'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="rxfax" data="/usr/local/freeswitch/storage/fax/inbox/${last_fax}.tif"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '004'; - $ent['fieldtype'] = 'rxfax'; - $ent['fielddata'] = '/usr/local/freeswitch/storage/fax/'.$rowhelper['faxextension'].'/inbox/${last_fax}.tif'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="system" data="/opt/freeswitch/scripts/emailfax.sh USER DOMAIN /usr/local/freeswitch/storage/fax/inbox/9872/${last_fax}.tif"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '005'; - $ent['fieldtype'] = 'system'; - $ent['fielddata'] = '/usr/local/bin/php /usr/local/www/packages/freeswitch/fax_to_email.php email='.$rowhelper['faxemail'].' extension='.$rowhelper['faxextension'].' name=${last_fax} >> /tmp/fax.txt'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="hangup"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '006'; - $ent['fieldtype'] = 'hangup'; - $ent['fielddata'] = ''; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - - unset($faxid); - - } - if ($action == 'update') { - - $ent['dialplanincludeid'] = $rowhelper['faxid']; - $ent['extensionname'] = $rowhelper['faxname']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $faxdescription; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - write_config(); - - sync_package_freeswitch_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen faxid; add the fax to the dialplan - - } //end foreach - } //end if count - conf_mount_ro(); - config_unlock(); - -} //end function - - -function get_recording_filename($id) -{ - global $config; - $a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - if (count($a_recordings) > 0) { - global $config; - foreach($a_recordings as $rowhelper) { - if ($rowhelper['recordingid'] == $id) { - return $rowhelper['filename']; - } - } - } -} - - -function sync_package_freeswitch_ivr() -{ - - global $config; - conf_mount_rw(); - config_lock(); - - $a_ivr = &$config['installedpackages']['freeswitchivr']['config']; - if (count($a_ivr) > 0) { - foreach($a_ivr as $rowhelper) { - - /* - $rowhelper['ivrid'] - $rowhelper['ivrextension'] - $rowhelper['ivrname'] - $rowhelper['recordingid'] - $rowhelper['ivrtimeout'] - $rowhelper['ivrcalltimeout'] - $rowhelper['ivrcontext'] - $rowhelper['ivrdirectdial'] - $rowhelper['ivrconditionjs'] - $rowhelper['ivrringback'] - $rowhelper['ivrcidnameprefix'] - $rowhelper['ivrdescr'] - */ - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - - //add the IVR to the dialplan - if (strlen($rowhelper['ivrid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - //echo "if (".$row['opt1name']." == \"ivrid\" && ".$row['opt1value']." == ".$rowhelper['ivrid'].") \n"; - - if ($row['opt1name'] == "ivrid" && $row['opt1value'] == $rowhelper['ivrid']) { - //update - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - //echo "update".$i."<br />\n"; - - } - $i++; - - } //end foreach - } //if count - - - $ent = array(); - if ($action == 'add') { - - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['ivrextension']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['ivrcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'IVR'; - $ent['opt1name'] = 'ivrid'; - $ent['opt1value'] = $rowhelper['ivrid']; - - //add to the config - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['ivrextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ivrid = str_replace(array("{", "}"), "", $rowhelper['ivrid']); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'ivr_'.$ivrid.'.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($ivrid); - - } - if ($action == 'update') { - - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['ivrextension']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $descr; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - write_config(); - - sync_package_freeswitch_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen ivrid; add the IVR to the dialplan - - // Build the IVR javascript - $recording_action_filename = get_recording_filename($rowhelper['recordingidaction']); - $recording_antiaction_filename = get_recording_filename($rowhelper['recordingidantiaction']); - - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $cmd = "api global_getvar domain"; - $domain = trim(event_socket_request($fp, $cmd)); - } - - - $tmp = ""; //make sure the variable starts with no value - $tmp .= "\n"; - $tmp .= " var condition = true;\n"; - $tmp .= "\n"; - $tmp .= " var domain = \"".$domain."\"; //by default this is the ipv4 address of FreeSWITCH used for transfer to voicemail\n"; - $tmp .= " var digitmaxlength = 0;\n"; - $tmp .= " var objdate = new Date();\n"; - $tmp .= "\n"; - $tmp .= " var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= " var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "\n"; - $tmp .= " if (adjustoperator == \"-\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= " if (adjustoperator == \"+\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " var Hours = objdate2.getHours();\n"; - $tmp .= " var Mins = objdate2.getMinutes();\n"; - $tmp .= " var Seconds = objdate2.getSeconds();\n"; - $tmp .= " var Month = objdate2.getMonth() + 1;\n"; - $tmp .= " var Date = objdate2.getDate();\n"; - $tmp .= " var Year = objdate2.getYear()\n"; - $tmp .= " var Day = objdate2.getDay()+1;\n"; - $tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= " dialed_extension = session.getVariable(\"dialed_extension\");\n"; - $tmp .= " domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= " domain = session.getVariable(\"domain\");\n"; - $tmp .= " us_ring = session.getVariable(\"us-ring\");\n"; - $tmp .= " caller_id_name = session.getVariable(\"caller_id_name\");\n"; - $tmp .= " caller_id_number = session.getVariable(\"caller_id_number\");\n"; - $tmp .= " effective_caller_id_name = session.getVariable(\"effective_caller_id_name\");\n"; - $tmp .= " effective_caller_id_number = session.getVariable(\"effective_caller_id_number\");\n"; - $tmp .= " outbound_caller_id_name = session.getVariable(\"outbound_caller_id_name\");\n"; - $tmp .= " outbound_caller_id_number = session.getVariable(\"outbound_caller_id_number\");\n"; - $tmp .= "\n"; - - //set caller id prefix - if (strlen($rowhelper['ivrcidnameprefix'])> 0) { - $tmp .= "session.execute(\"set\", \"caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"effective_caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+effective_caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"outbound_caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+outbound_caller_id_name);\n"; - } - - $tmp .= "\n"; - - $tmp .= " session.execute(\"set\", \"continue_on_fail=true\");\n"; - if (strlen($rowhelper['ivrcalltimeout']) == 0){ - $tmp .= " session.execute(\"set\", \"call_timeout=30\");\n"; //ivrcalltimeout - } - else { - $tmp .= " session.execute(\"set\", \"call_timeout=".$rowhelper['ivrcalltimeout']."\");\n"; //ivrcalltimeout - } - - if (isset($rowhelper['ivrringback'])){ - if ($rowhelper['ivrringback'] == "ring"){ - $tmp .= " session.execute(\"set\", \"ringback=\"+us_ring); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\"+us_ring); //set to ringtone\n"; - } - if ($rowhelper['ivrringback'] == "music"){ - $tmp .= " session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - } - else { - $tmp .= " session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - $tmp .= "\n"; - $tmp .= "//console_log( \"info\", \"IVR Server Time is: \"+Hours+\":\"+Mins+\" \\n\" );\n"; - $tmp .= "\n"; - - $tmp .= " function get_sofia_contact(extension,domain_name, profile){\n"; - $tmp .= " if (profile == \"auto\") {\n"; - $i = 0; - foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - if ($i == 0) { - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - } - else { - $tmp .= "\n"; - $tmp .= " if (sofia_contact == \"error/user_not_registered\") {\n"; - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - } - $i++; - } - unset ($i); - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - $tmp .= " console_log( \"info\", \"sofia_contact \"+profile+\": \"+sofia_contact+\".\\n\" );\n"; - $tmp .= " return sofia_contact;\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - - $tmp .= " function mycb( session, type, obj, arg ) {\n"; - $tmp .= " try {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " console_log( \"info\", \"digit: \"+obj.digit+\"\\n\" );\n"; - $tmp .= " if ( obj.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " dtmf.digits += obj.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length >= digitmaxlength ) {\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " } catch (e) {\n"; - $tmp .= " console_log( \"err\", e+\"\\n\" );\n"; - $tmp .= " }\n"; - $tmp .= " return( true );\n"; - $tmp .= " } //end function mycb\n"; - - $tmp .= "\n"; - $tmp .= base64_decode($rowhelper['ivrconditionjs']); - $tmp .= "\n"; - $tmp .= "\n"; - - //$tmp .= " //condition = true; //debugging\n"; - - $actiondirect = false; - $actiondefault = false; - $actioncount = 0; - foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) { - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "action") { - $actioncount++; - if (strtolower($row['optionnumber']) == "n") { //direct the call now don't wait for dtmf - //echo "now found\n"; - $actiondirect = true; - $actiondirecttype = $row['optiontype']; - $actiondirectprofile = $row['optionprofile']; - $actiondirectdest = $row['optiondest']; - } - if (strtolower($row['optionnumber']) == "d") { //default option used when dtmf doesn't match any other option - //echo "default found\n"; - $actiondefault = true; - $actiondefaulttype = $row['optiontype']; - $actiondefaultprofile = $row['optionprofile']; - $actiondefaultdest = $row['optiondest']; - } - } - } - } - //$tmp .= "action count: ".$actioncount."<br />\n"; - if ($actioncount > 0) { - if ($actiondirect) { - $tmp .= " if (condition) {\n"; - $tmp .= " //direct\n"; - $tmp .= " //console_log( \"info\", \"action direct\\n\" );\n"; - if ($actiondirecttype == "extension") { - $tmp .= " sofia_contact_".$actiondirectdest." = get_sofia_contact(\"".$actiondirectdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$actiondirectdest."); //".$actiondirectdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - } - if ($actiondirecttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - } - if ($actiondirecttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$actiondirectdest."\"); //".$actiondirectdest."\n"; - - } - - $tmp .= "}\n"; - - } - else { - $tmp .= " if (condition) {\n"; - $tmp .= " //action\n"; - $tmp .= "\n"; - $tmp .= " //console_log( \"info\", \"action call now don't wait for dtmf\\n\" );\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - $tmp .= " digitmaxlength = 1;\n"; - $tmp .= " while (session.ready() && ! exit ) {\n"; - $tmp .= " //session.streamFile( \"C:/Program Files/FreeSWITCH/sounds/".$recording_action_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/recordings/".$recording_action_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " if (session.ready()) {\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - $tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - //$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n"; - - $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - //find the timeout IVR options with the correct action - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "action") { - if (strtolower($row['optionnumber']) == "t") { - if ($row['optiontype'] == "extension") { - $tmp .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - } //end anti-action - - } //end ivrid - - } //end for each - } //if count - - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " break; //dtmf found end the while loop\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //pickup the remaining digits\n"; - //$tmp .= " //http://wiki.freeswitch.org/wiki/Session_getDigits\n"; - //$tmp .= " //getDigits(length, terminators, timeout, digit_timeout, abs_timeout)\n"; - //$tmp .= " //dtmf.digits += session.getDigits(2, \"#\", 3000); //allow up to 3 digits\n"; - $tmp .= " dtmf.digits += session.getDigits(4, \"#\", 3000); //allow up to 5 digits\n"; - $tmp .= "\n"; - $tmp .= "\n"; - //$tmp .= " console_log( \"info\", \"IVR Digit Pressed: \" + dtmf.digits + \"\\n\" );\n"; - - - //action - $tmpaction = ""; - - $tmp .= " if ( dtmf.digits.length > \"0\" ) {\n"; - $x = 0; - $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - /* - $row['ivrid'] - $row['optionnumber'] - $row['optiontype'] - $row['optionaction'] - $row['optiondest'] - $row['optiondescr'] - */ - - $tmpactiondefault = ""; - - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']){ - - if ($row['optionaction'] == "action") { - //$tmpaction .= "\n"; - - switch ($row['optionnumber']) { - //case "t": - // break; - //case "d": - // break; - default: - //$tmpaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n"; - if ($x == 0) { - $tmpaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - else { - $tmpaction .= " else if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - if ($row['optiontype'] == "extension") { - $tmpaction .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmpaction .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmpaction .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - - $tmpaction .= " }\n"; - - } - - $x++; - } //end if action - - } //end ivrid - - - } //end foreach - } //end if count - - $tmp .= $tmpaction; - if ($rowhelper['ivrdirectdial'] == "true") { - $tmp .= " else {\n"; - $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= $tmpactiondefault; - $tmp .= " }\n"; - } - else { - if ($actiondefault) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"default option when there is no matching dtmf found\\n\" );\n"; - if ($actiondefaulttype == "extension") { - $tmp .= " sofia_contact_".$actiondefaultdest." = get_sofia_contact(\"".$actiondefaultdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$actiondefaultdest."); //".$actiondefaultdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - } - if ($actiondefaulttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - } - if ($actiondefaulttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$actiondefaultdest."\"); //".$actiondefaultdest."\n"; - } - $tmp .= " }\n"; - - } - } - - $tmp .= "\n"; - unset($tmpaction); - - - $tmp .= " } \n"; - //$tmp .= " else if ( dtmf.digits.length == \"4\" ) {\n"; - //$tmp .= " //Transfer to the extension the caller\n"; - //$tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= " } else {\n"; - //$tmp .= $tmpactiondefault; - //$tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " } //end if session.ready\n"; - $tmp .= "\n"; - $tmp .= " }\n"; //end if condition - - } //if ($actiondirect) - } //actioncount - - $antiactiondirect = false; - $antiactiondefault = false; - $antiactioncount = 0; - foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) { - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - if ($row['optionaction'] == "anti-action") { - $antiactioncount++; - if (strtolower($row['optionnumber']) == "n") { //direct the call now don't wait for dtmf - $antiactiondirect = true; - $antiactiondirecttype = $row['optiontype']; - $antiactiondirectdest = $row['optiondest']; - $antiactiondirectprofile = $row['optionprofile']; - } - if (strtolower($row['optionnumber']) == "d") { //default option used when an dtmf doesn't match any option - $antiactiondefault = true; - $antiactiondefaulttype = $row['optiontype']; - $antiactiondefaultdest = $row['optiondest']; - $antiactiondefaultprofile = $row['optionprofile']; - } - } - } - } - //$tmp .= "anti-action count: ".$antiactioncount."<br />\n"; - - - if ($antiactioncount > 0) { - if ($antiactiondirect) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"anti-action call now don't wait for dtmf\\n\" );\n"; - - if ($antiactiondirecttype == "extension") { - $tmp .= " sofia_contact_".$antiactiondirectdest." = get_sofia_contact(\"".$antiactiondirectdest."\",domain_name, \"".$antiactiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$antiactiondirectdest."); //".$antiactiondirectdest."\n"; - if ($antiactiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - } - if ($antiactiondirecttype == "voicemail") { - if ($antiactiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - } - if ($antiactiondirecttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$antiactiondirectdest."\"); //".$antiactiondirectdest."\n"; - } - $tmp .= "}\n"; - } - else { - $tmp .= " else {\n"; - $tmp .= " //anti-action\n"; - $tmp .= " //console_log( \"info\", \"anti-action options\\n\" );\n"; - $tmp .= "\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - $tmp .= " digitmaxlength = 1;\n"; - $tmp .= " while (session.ready() && ! exit ) {\n"; - $tmp .= " session.streamFile( \"/usr/local/freeswitch/recordings/".$recording_antiaction_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " if (session.ready()) {\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - $tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - //$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n"; - - - //find the timeout IVR options with the correct action - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "anti-action") { - if (strtolower($row['optionnumber']) == "t") { - if ($row['optiontype'] == "extension") { - $tmp .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - - } //end anti-action - - } //end ivrid - - } //end for each - } //if count - - - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " break; //dtmf found end the while loop\n"; - $tmp .= " }\n"; - - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //pickup the remaining digits\n"; - $tmp .= " //http://wiki.freeswitch.org/wiki/Session_getDigits\n"; - $tmp .= " //getDigits(length, terminators, timeout, digit_timeout, abs_timeout)\n"; - $tmp .= " dtmf.digits += session.getDigits(4, \"#\", 3000);\n"; - $tmp .= "\n"; - $tmp .= " console_log( \"info\", \"IVR Digit Pressed: \" + dtmf.digits + \"\\n\" );\n"; - $tmp .= "\n"; - - - $tmpantiaction = ""; - $tmp .= " if ( dtmf.digits.length > \"0\" ) {\n"; - - $x = 0; - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - /* - $row['ivrid'] - $row['optionnumber'] - $row['optiontype'] - $row['optionaction'] - $row['optiondest'] - $row['optiondescr'] - */ - //$tmpantiactiondefault = ""; - - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "anti-action") { - - switch ($row['optionnumber']) { - //case "t": - // //break; - //case "d": - // //break; - default: - //$tmpantiaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n"; - - if ($x == 0) { - $tmpantiaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - else { - $tmpantiaction .= " else if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - - if ($row['optiontype'] == "extension") { - $tmpantiaction .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmpantiaction .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmpantiaction .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - $tmpantiaction .= " }\n"; - - } //end switch - - $x++; - } //end anti-action - - } //end ivrid - - - } //end for each - } //if count - - $tmp .= $tmpantiaction; - if ($rowhelper['ivrdirectdial'] == "true") { - $tmp .= " else {\n"; - $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= $tmpantiactiondefault; - $tmp .= " }\n"; - } - else { - if ($antiactiondefault) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"default option used when dtmf doesn't match any other option\\n\" );\n"; - - if ($antiactiondefaulttype == "extension") { - $tmp .= " sofia_contact_".$antiactiondefaultdest." = get_sofia_contact(\"".$antiactiondefaultdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$antiactiondefaultdest."); //".$antiactiondefaultdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - } - if ($antiactiondefaulttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - } - if ($antiactiondefaulttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$antiactiondefaultdest."\"); //".$antiactiondefaultdest."\n"; - } - $tmp .= " }\n"; - } - } - $tmp .= "\n"; - unset($tmpantiaction); - - $tmp .= " } \n"; - //$tmp .= " else if ( dtmf.digits.length == \"3\" ) {\n"; - //$tmp .= " //Transfer to the extension the caller chose\n"; - //$tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\"); \n"; - //$tmp .= " }\n"; - //$tmp .= " else {\n"; - //$tmp .= $tmpantiactiondefault; - //$tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " } //end if session.ready\n"; - $tmp .= "\n"; - $tmp .= " } //end if condition"; - - } //if ($antiactiondirect) - } //antiactioncount - unset($tmpactiondefault); - unset($tmpantiactiondefault); - - if (strlen($rowhelper['ivrid']) > 0) { - $ivrfilename = "ivr_".str_replace(array("{", "}"), "", $rowhelper['ivrid']).".js"; - $fout = fopen("/usr/local/freeswitch/scripts/".$ivrfilename,"w"); - fwrite($fout, $tmp); - unset($ivrfilename); - fclose($fout); - } - - } //end foreach - } //end if count - conf_mount_ro(); - config_unlock(); - -} //end function - - - -function sync_package_freeswitch_dialplan_includes() -{ - - global $config; - conf_mount_rw(); - config_lock(); - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //order the array - if (!function_exists('cmp_number_dialplan_details')) { - function cmp_number_dialplan_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - } - - if (count($a_dialplan_includes) > 0) { - foreach($config['installedpackages']['freeswitchdialplanincludes']['config'] as $rowhelper) { - $tmp = ""; - $tmp .= "\n"; - - //$rowhelper['dialplanincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n"; - - if (count($a_dialplan_include_details) > 0) { - - if (count($a_dialplan_include_details) > 0) { usort($a_dialplan_include_details, "cmp_number_dialplan_details"); } - - $conditioncount = 0; - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $conditioncount++; - $i++; - } - } - - $i = 1; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - if ($conditioncount == 1) { //single condition - //start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - else { //more than one condition - if ($i < $conditioncount) { - //all tags should be self-closing except the last one - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n"; - } - else { - //for the last tag use the start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - } - $i++; - } - } //end for each - - } //end if count - - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - //if (count($a_dialplan_include_details) > 0) { - //foreach ($a_dialplan_include_details as $ent) { - // $i = 0; - // if ($ent['tag'] == "param" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - //$ent['tag'] - //$ent['fieldtype'] - //$ent['fielddata'] - // } - // $i++; - // } - //} - - if ($conditioncount > 0) { - $tmp .= " </condition>\n"; - } - unset ($conditioncount); - $tmp .= "</extension>\n"; - - - if ($rowhelper['enabled'] == "true") { - $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - $fout = fopen("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename,"w"); - fwrite($fout, $tmp); - fclose($fout); - } - unset($dialplanincludefilename); - unset($tmp); - - - } //end foreach - } //if array count - - conf_mount_ro(); - config_unlock(); - -} - - -function sync_package_freeswitch_public_includes() -{ - - global $config; - conf_mount_rw(); - config_lock(); - - $a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; - $a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - if (count($a_public_includes) > 0) { - - //order the array - function cmp_number_public_include_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - - - foreach($a_public_includes as $rowhelper) { - $tmp = ""; - $tmp .= "\n"; - - //$rowhelper['publicincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n"; - - if (count($a_public_include_details) > 0) { - - if (count($a_public_include_details) > 0) { usort($a_public_include_details, "cmp_number_public_include_details"); } - - $conditioncount = 0; - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $conditioncount++; - $i++; - } - } - - $i = 1; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - if ($conditioncount == 1) { //single condition - //start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - else { //more than one condition - if ($i < $conditioncount) { - //all tags should be self-closing except the last one - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n"; - } - else { - //for the last tag use the start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - } - $i++; - } - } //end for each - - } //end if count - - - if (count($a_public_include_details) > 0) { - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - if (count($a_public_include_details) > 0) { - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - //if (count($a_public_include_details) > 0) { - //foreach ($a_public_include_details as $ent) { - // $i = 0; - // if ($ent['tag'] == "param" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - //$ent['tag'] - //$ent['fieldtype'] - //$ent['fielddata'] - // } - // $i++; - // } - //} - - if ($conditioncount > 0) { - $tmp .= " </condition>\n"; - } - unset ($conditioncount); - $tmp .= "</extension>\n"; - - - if ($rowhelper['enabled'] == "true") { - $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - $fout = fopen("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename,"w"); - fwrite($fout, $tmp); - fclose($fout); - } - unset($publicincludefilename); - unset($tmp); - - - } //end foreach - } //end if count - conf_mount_ro(); - config_unlock(); - -} - - -function sync_package_freeswitch() -{ - global $config; - sync_package_freeswitch_settings(); - sync_package_freeswitch_dialplan(); - sync_package_freeswitch_dialplan_includes(); - sync_package_freeswitch_extensions(); - sync_package_freeswitch_gateways(); - sync_package_freeswitch_modules(); - sync_package_freeswitch_public(); - sync_package_freeswitch_public_includes(); - sync_package_freeswitch_vars(); - sync_package_freeswitch_internal(); - sync_package_freeswitch_external(); - //sync_package_freeswitch_recordings(); - if (pkg_is_service_running('freeswitch')) { - sync_package_freeswitch_ivr(); - } - -} - - -function freeswitch_php_install_command() -{ - global $config; - //exec("/etc/./rc.conf_mount_rw"); - - $freeswitch_package_version = "0.9.51"; - $freeswitch_build_version = "1.0.4 pre 8"; - $freeswitch_build_revision = "13784"; - - //set script execution time limit to 24 hours - set_time_limit (86400); - ini_set(max_execution_time,86400); - - //hide errors - ini_set('display_errors', '0'); - - //used with fax to png, and fax to pdf conversion - exec("pkg_add -r tiff2png"); - - //add sqlite package - exec("pkg_add -r sqlite34"); - - clearstatcache(); - if (!is_dir('/usr/local/www/packages/')) { - exec("mkdir /usr/local/www/packages/"); - } - - if (!is_dir('/usr/local/www/packages/freeswitch/')) { - exec("mkdir /usr/local/www/packages/freeswitch/"); - } - - //$struname = exec('uname -v'); - //if (stristr($struname, 'FreeBSD 7.2')) { - // $freebsd_version = "7.2"; - //} - - $download_path = 'https://packages.pfsense.org/packages/config/freeswitch/'; - //exec("cd /tmp/;fetch ".$download_path."freeswitch.tgz"); //handled by freeswitch.xml - exec("tar zxvf /tmp/freeswitch.tgz -C /usr/local/"); - unlink_if_exists("/tmp/freeswitch.tgz"); - - if (!is_dir('/usr/local/freeswitch/storage/fax/')) { - exec("mkdir /usr/local/freeswitch/storage/fax/"); - } - - if (!is_dir('/usr/local/freeswitch/storage/fax/receive/')) { - exec("mkdir /usr/local/freeswitch/storage/fax/receive/"); - } - - //download the dialplan default.xml - exec("cd /tmp/;fetch ".$download_path."dialplan.default.xml"); - exec("cp /tmp/dialplan.default.xml /usr/local/freeswitch/conf/dialplan/default.xml"); - unlink_if_exists("/tmp/dialplan.default.xml"); - - //download the dialplan public.xml - exec("cd /tmp/;fetch ".$download_path."dialplan.public.xml"); - exec("cp /tmp/dialplan.public.xml /usr/local/freeswitch/conf/dialplan/public.xml"); - unlink_if_exists("/tmp/dialplan.public.xml"); - - //make a backup copy of the default config used with the 'Restore Default' buttons on the text areas. - exec("cp -R /usr/local/freeswitch/conf /usr/local/freeswitch/conf.orig"); - - //remove some default config files that are not needed - unlink_if_exists("/usr/local/freeswitch/conf/dialplan/default/01_example.com.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/dialplan/public/00_inbound_did.xml"); - - if (!is_dir('/usr/local/freeswitch/sounds/custom/')) { - exec("mkdir /usr/local/freeswitch/sounds/custom/"); - } - - if (!is_dir('/usr/local/freeswitch/sounds/custom/8000/')) { - exec("mkdir /usr/local/freeswitch/sounds/custom/8000/"); - } - - //copy audio files - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."please_enter_your_pin_number.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."please_enter_the_pin_number.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."please_enter_the_extension_number.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."please_enter_the_phone_number.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."call_forward_has_been_set.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."call_forward_has_been_deleted.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."begin_recording.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."your_pin_number_is_incorect_goodbye.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."please_say_your_name_and_reason_for_calling.wav"); - exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch ".$download_path."press_1_to_accept_2_to_reject_or_3_for_voicemail.wav"); - - //mod_fax - exec("cd /usr/local/freeswitch/mod/;fetch ".$download_path."mod_fax.so"); - - //download lib files - exec("cd /usr/local/lib/;fetch ".$download_path."libtinfo.so.5.6"); - exec("cd /usr/local/lib/;fetch ".$download_path."libncurses.so.5.6"); - exec("cd /usr/local/lib/;fetch ".$download_path."libncurses.so.5.7"); - exec("cd /usr/local/lib/;fetch ".$download_path."libogg.so.5.3"); - exec("cp /usr/local/lib/libogg.so.5.3 /usr/local/lib/libogg.so.5"); - exec("cd /usr/local/lib/;fetch ".$download_path."libvorbis.so.4"); - exec("cd /usr/local/lib/;fetch ".$download_path."libcurl.so.5"); - exec("cd /usr/local/lib/;fetch ".$download_path."libodbc.so.1"); - exec("cd /usr/local/lib/;fetch ".$download_path."libiconv.so.3"); - exec("cd /usr/local/lib/;fetch ".$download_path."libspandsp.so.1"); - exec("cp /usr/local/lib/libspandsp.so.1 /usr/local/lib/libspandsp.so.2"); - - //download xml package files - exec("cd /usr/local/pkg/;fetch ".$download_path."freeswitch_modules.xml"); - - - //misc files - if (!is_dir('/usr/local/www/edit_area/')) { - exec("cd /tmp/;fetch ".$download_path."edit_area.tgz"); - system('cd /usr/local/www; tar xvpfz /tmp/edit_area.tgz edit_area'); - unlink_if_exists("/tmp/edit_area.tgz"); - } - - - //rename PHP files from .tmp to .php - exec("cd /tmp/;fetch ".$download_path."index.tmp"); - exec("cp /tmp/index.tmp /usr/local/www/packages/freeswitch/index.php"); - unlink_if_exists("/tmp/index.tmp"); - - exec("cd /tmp/;fetch ".$download_path."class.smtp.tmp"); - exec("cp /tmp/class.smtp.tmp /usr/local/www/packages/freeswitch/class.smtp.php"); - unlink_if_exists("/tmp/class.smtp.tmp"); - - exec("cd /tmp/;fetch ".$download_path."class.phpmailer.tmp"); - exec("cp /tmp/class.phpmailer.tmp /usr/local/www/packages/freeswitch/class.phpmailer.php"); - unlink_if_exists("/tmp/class.phpmailer.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_cmd.tmp"); - exec("cp /tmp/freeswitch_cmd.tmp /usr/local/www/packages/freeswitch/freeswitch_cmd.php"); - unlink_if_exists("/tmp/freeswitch_cmd.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_dialplan.tmp"); - exec("cp /tmp/freeswitch_dialplan.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan.php"); - unlink_if_exists("/tmp/freeswitch_dialplan.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_dialplan_includes_details.tmp"); - exec("cp /tmp/freeswitch_dialplan_includes_details.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details.php"); - unlink_if_exists("/tmp/freeswitch_dialplan_includes_details.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_dialplan_includes_details_edit.tmp"); - exec("cp /tmp/freeswitch_dialplan_includes_details_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php"); - unlink_if_exists("/tmp/freeswitch_dialplan_includes_details_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_dialplan_includes.tmp"); - exec("cp /tmp/freeswitch_dialplan_includes.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes.php"); - unlink_if_exists("/tmp/freeswitch_dialplan_includes.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_dialplan_includes_edit.tmp"); - exec("cp /tmp/freeswitch_dialplan_includes_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_edit.php"); - unlink_if_exists("/tmp/freeswitch_dialplan_includes_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_extensions.tmp"); - exec("cp /tmp/freeswitch_extensions.tmp /usr/local/www/packages/freeswitch/freeswitch_extensions.php"); - unlink_if_exists("/tmp/freeswitch_extensions.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_extensions_edit.tmp"); - exec("cp /tmp/freeswitch_extensions_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_extensions_edit.php"); - unlink_if_exists("/tmp/freeswitch_extensions_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_fax.tmp"); - exec("cp /tmp/freeswitch_fax.tmp /usr/local/www/packages/freeswitch/freeswitch_fax.php"); - unlink_if_exists("/tmp/freeswitch_fax.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_fax_edit.tmp"); - exec("cp /tmp/freeswitch_fax_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_fax_edit.php"); - unlink_if_exists("/tmp/freeswitch_fax_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."fax_to_email.tmp"); - exec("cp /tmp/fax_to_email.tmp /usr/local/www/packages/freeswitch/fax_to_email.php"); - unlink_if_exists("/tmp/fax_to_email.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_features.tmp"); - exec("cp /tmp/freeswitch_features.tmp /usr/local/www/packages/freeswitch/freeswitch_features.php"); - unlink_if_exists("/tmp/freeswitch_features.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_gateways.tmp"); - exec("cp /tmp/freeswitch_gateways.tmp /usr/local/www/packages/freeswitch/freeswitch_gateways.php"); - unlink_if_exists("/tmp/freeswitch_gateways.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_gateways_edit.tmp"); - exec("cp /tmp/freeswitch_gateways_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_gateways_edit.php"); - unlink_if_exists("/tmp/freeswitch_gateways_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_hunt_group.tmp"); - exec("cp /tmp/freeswitch_hunt_group.tmp /usr/local/www/packages/freeswitch/freeswitch_hunt_group.php"); - unlink_if_exists("/tmp/freeswitch_hunt_group.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_hunt_group_edit.tmp"); - exec("cp /tmp/freeswitch_hunt_group_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_hunt_group_edit.php"); - unlink_if_exists("/tmp/freeswitch_hunt_group_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_hunt_group_destinations.tmp"); - exec("cp /tmp/freeswitch_hunt_group_destinations.tmp /usr/local/www/packages/freeswitch/freeswitch_hunt_group_destinations.php"); - unlink_if_exists("/tmp/freeswitch_hunt_group_destinations.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_hunt_group_destinations_edit.tmp"); - exec("cp /tmp/freeswitch_hunt_group_destinations_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_hunt_group_destinations_edit.php"); - unlink_if_exists("/tmp/freeswitch_hunt_group_destinations_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_ivr.tmp"); - exec("cp /tmp/freeswitch_ivr.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr.php"); - unlink_if_exists("/tmp/freeswitch_ivr.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_ivr_edit.tmp"); - exec("cp /tmp/freeswitch_ivr_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_edit.php"); - unlink_if_exists("/tmp/freeswitch_ivr_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_ivr_options.tmp"); - exec("cp /tmp/freeswitch_ivr_options.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_options.php"); - unlink_if_exists("/tmp/freeswitch_ivr_options.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_ivr_options_edit.tmp"); - exec("cp /tmp/freeswitch_ivr_options_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_options_edit.php"); - unlink_if_exists("/tmp/freeswitch_ivr_options_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_profiles.tmp"); - exec("cp /tmp/freeswitch_profiles.tmp /usr/local/www/packages/freeswitch/freeswitch_profiles.php"); - unlink_if_exists("/tmp/freeswitch_profiles.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_profile_edit.tmp"); - exec("cp /tmp/freeswitch_profile_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_profile_edit.php"); - unlink_if_exists("/tmp/freeswitch_profile_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_public.tmp"); - exec("cp /tmp/freeswitch_public.tmp /usr/local/www/packages/freeswitch/freeswitch_public.php"); - unlink_if_exists("/tmp/freeswitch_public.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_public_includes.tmp"); - exec("cp /tmp/freeswitch_public_includes.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes.php"); - unlink_if_exists("/tmp/freeswitch_public_includes.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_public_includes_edit.tmp"); - exec("cp /tmp/freeswitch_public_includes_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_edit.php"); - unlink_if_exists("/tmp/freeswitch_public_includes_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_public_includes_details.tmp"); - exec("cp /tmp/freeswitch_public_includes_details.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_details.php"); - unlink_if_exists("/tmp/freeswitch_public_includes_details.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_public_includes_details_edit.tmp"); - exec("cp /tmp/freeswitch_public_includes_details_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_details_edit.php"); - unlink_if_exists("/tmp/freeswitch_public_includes_details_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_mailto.tmp"); - exec("cp /tmp/freeswitch_mailto.tmp /usr/local/www/packages/freeswitch/freeswitch_mailto.php"); - unlink_if_exists("/tmp/freeswitch_mailto.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_recordings.tmp"); - exec("cp /tmp/freeswitch_recordings.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings.php"); - unlink_if_exists("/tmp/freeswitch_recordings.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_recordings_edit.tmp"); - exec("cp /tmp/freeswitch_recordings_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings_edit.php"); - unlink_if_exists("/tmp/freeswitch_recordings_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_recordings_play.tmp"); - exec("cp /tmp/freeswitch_recordings_play.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings_play.php"); - unlink_if_exists("/tmp/freeswitch_recordings_play.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_status.tmp"); - exec("cp /tmp/freeswitch_status.tmp /usr/local/www/packages/freeswitch/freeswitch_status.php"); - unlink_if_exists("/tmp/freeswitch_status.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_time_conditions.tmp"); - exec("cp /tmp/freeswitch_time_conditions.tmp /usr/local/www/packages/freeswitch/freeswitch_time_conditions.php"); - unlink_if_exists("/tmp/freeswitch_time_conditions.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_time_conditions_edit.tmp"); - exec("cp /tmp/freeswitch_time_conditions_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_time_conditions_edit.php"); - unlink_if_exists("/tmp/freeswitch_time_conditions_edit.tmp"); - - exec("cd /tmp/;fetch ".$download_path."freeswitch_vars.tmp"); - exec("cp /tmp/freeswitch_vars.tmp /usr/local/www/packages/freeswitch/freeswitch_vars.php"); - unlink_if_exists("/tmp/freeswitch_vars.tmp"); - - exec("cd /usr/local/freeswitch/scripts/;fetch ".$download_path."disa.js"); - exec("cd /usr/local/freeswitch/scripts/;fetch ".$download_path."originate.js"); - exec("cp /usr/local/freeswitch/htdocs/slim.swf /usr/local/www/packages/freeswitch/slim.swf"); - - /* freeswitch settings defaults */ - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan'] = "US"; - } - if(strlen($config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password'] = "ClueCon"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port'] = "8021"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port'] = "8787"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm'] = "freeswitch"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user'] = "freeswitch"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass'] = "works"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'] = "7575"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder'] = "i386"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume'] = "0.3"; - } - - $numbering_plan = $config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan']; - $event_socket_password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $event_socket_port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $xml_rpc_http_port = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port']; - $xml_rpc_auth_realm = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm']; - $xml_rpc_auth_user = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user']; - $xml_rpc_auth_pass = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass']; - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - - //write the recording.js script - recording_js(); - - //add recording.js to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete dialplan recording from the previous install - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach ($a_dialplan_includes as $ent) { - if ($ent['extensionname'] == "Recordings") { - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the recording dialplan details - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['fielddata'] == "^732673$") { - unset($a_dialplan_include_details[$i]); - } - if ($ent['fielddata'] == "recordings.js") { - unset($a_dialplan_include_details[$i]); - } - $i++; - } - } - - //add recording to the dialplan - $dialplanincludeid = guid(); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = 'Recordings'; - $ent['order'] = '9000'; - $ent['context'] = 'default'; - $ent['enabled'] = 'true'; - $ent['descr'] = '*732673 Default system recordings tool'; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*(732673)$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'recordings.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - - //delete dialplan DISA from the previous install - $disa_enabled = 'false'; - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach ($a_dialplan_includes as $ent) { - if ($ent['extensionname'] == "DISA") { - $disa_enabled = $ent['enabled']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //add the DISA to the dialplan - $dialplanincludeid = guid(); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = 'DISA'; - $ent['order'] = '000'; - $ent['context'] = 'default'; - $ent['enabled'] = $disa_enabled; - $ent['descr'] = '*3472 Direct Inward System Access'; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction, set - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*(3472)$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction, set - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'disa.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - write_config(); - - //prepare switch.conf.xml for voicemail to email - $filename = "/usr/local/freeswitch/conf/autoload_configs/switch.conf.xml"; - $handle = fopen($filename,"rb"); - $contents = fread($handle, filesize($filename)); - fclose($handle); - - $handle = fopen($filename,"w"); - $contents = str_replace("<param name=\"mailer-app\" value=\"sendmail\"/>", "<param name=\"mailer-app\" value=\"/usr/local/bin/php\"/>", $contents); - $contents = str_replace("<param name=\"mailer-app-args\" value=\"-t\"/>", "<param name=\"mailer-app-args\" value=\"/usr/local/www/packages/freeswitch/freeswitch_mailto.php\"/>", $contents); - fwrite($handle, $contents); - unset($contents); - fclose($handle); - unset($filename); - - //prepare shout.conf.xml for mod_shout - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/shout.conf.xml","w"); - $tmpxml = "<configuration name=\"shout.conf\" description=\"mod shout config\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- Don't change these unless you are insane -->\n"; - $tmpxml .= " <param name=\"decoder\" value=\"i586\"/>\n"; - $tmpxml .= " <!--<param name=\"volume\" value=\".1\"/>-->\n"; - $tmpxml .= " <!--<param name=\"outscale\" value=\"8192\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml","w"); - $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <param name=\"listen-ip\" value=\"". $config['interfaces']['lan']['ipaddr'] ."\"/>\n"; - $tmpxml .= " <param name=\"listen-port\" value=\"". $event_socket_port ."\"/>\n"; - $tmpxml .= " <param name=\"password\" value=\"". $event_socket_password ."\"/>\n"; - $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - /* freeswitch modules defaults */ - - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_console']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_console'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_logfile']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_logfile'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_syslog']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_syslog'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_yaml']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_yaml'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_enum']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_enum'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_rpc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_rpc'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_cdr_csv']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_cdr_csv'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_multicast']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_multicast'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_socket']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_socket'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_zeroconf']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_zeroconf'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_ldap']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_ldap'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dingaling']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dingaling'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_iax']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_iax'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_portaudio']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_portaudio'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_alsa']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_alsa'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_sofia']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_sofia'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_loopback']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_loopback'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_wanpipe']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_wanpipe'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_woomera']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_woomera'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_openzap']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_openzap'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_commands']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_commands'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_conference']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_conference'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dptools']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dptools'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_expr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_expr'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fax']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fax'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fifo']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fifo'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_voicemail']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_voicemail'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_limit']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_limit'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_esf']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_esf'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fsv']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fsv'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_snom']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_snom'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_directory']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_directory'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_xml']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_xml'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_asterisk']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_asterisk'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_voipcodecs']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_voipcodecs'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_g723_1']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_g723_1'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_g729']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_g729'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_speex']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_speex'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_siren']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_siren'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_celt']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_celt'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_h26x']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_h26x'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_sndfile']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_sndfile'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_native_file']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_native_file'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_shout']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_shout'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_local_stream']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_local_stream'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_tone_stream']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_tone_stream'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey_odbc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey_odbc'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_perl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_perl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_python']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_python'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_java']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_java'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_lua']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_lua'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_flite']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_flite'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_pocketsphinx']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_pocketsphinx'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_cepstral']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_cepstral'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_openmrcp']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_openmrcp'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_rss']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_rss'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_en']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_en'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_de']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_de'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_es']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_es'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_fr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_fr'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_it']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_it'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_nl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_nl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_ru']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_ru'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_zh']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_zh'] = "disable"; - } - - //create the backup directory - if (!is_dir('/root/backup/')) { - exec("mkdir /root/backup/"); - } - - //extract a specific directory to /usr/local/freeswitch - $filename = 'freeswitch.bak.tgz'; - if (file_exists('/root/backup/'.$filename)) { - //echo "The file $filename exists"; - - exec("rm -R /usr/local/freeswitch/conf/sip_profiles/"); - exec("rm -R /usr/local/freeswitch/sounds/music/"); - - //Recommended - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/db/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/log/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/recordings/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/scripts/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/storage/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/custom/8000/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/music/8000/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/ssl/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/sip_profiles/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/vars.xml'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/default.xml'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/public.xml'); - - //Optional - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/'); - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/grammar/'); - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/htdocs/'); - - unset($filename); - } - - - exec("rm -R /freeswitch"); - exec("cp /usr/local/freeswitch/conf/directory/default/brian.xml /usr/local/freeswitch/conf/directory/default/brian.xml.noload"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/brian.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/directory/default/example.com.xml"); - unlink_if_exists("/usr/local/freeswitch/conf/dialplan/default/99999_enum.xml"); - - write_rcfile(array( - "file" => "freeswitch.sh", - "start" => "/usr/local/freeswitch/bin/./freeswitch -nc", - "stop" => "/usr/local/freeswitch/bin/./freeswitch -stop" - ) - ); - - sync_package_freeswitch(); - $handle = popen("/usr/local/etc/rc.d/freeswitch.sh start", "r"); - pclose($handle); - - if (pkg_is_service_running('freeswitch')) { - sync_package_freeswitch_ivr(); - } - - $config['installedpackages']['freeswitchsettings']['config'][0]['freeswitch_version'] = $freeswitch_build_version." revision ".$freeswitch_build_revision."."; - $config['installedpackages']['freeswitchsettings']['config'][0]['freeswitch_package_version'] = $freeswitch_package_version; - - conf_mount_ro(); - config_unlock(); - -} - - -function freeswitch_deinstall_command() -{ - - conf_mount_rw(); - config_lock(); - - exec("killall -9 freeswitch"); - unlink_if_exists("/usr/local/pkg/freeswitch.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch.inc"); - unlink_if_exists("/usr/local/pkg/freeswitch_dialplan.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_extensions.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_external.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_internal.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_modules.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_public.xml"); - unlink_if_exists("/usr/local/pkg/freeswitch_vars.xml"); - - unlink_if_exists("/usr/local/www/packages/freeswitch/class.smtp.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/class.phpmailer.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_cmd.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_extensions.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_extensions_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_options_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_options.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_gateways.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_gateways_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_mailto.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_details.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_details_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings_play.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_time_conditions.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_time_conditions_edit.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_status.php"); - unlink_if_exists("/usr/local/www/packages/freeswitch/slim.swf"); - - exec("rm -R /usr/local/freeswitch/"); - exec("rm -R /usr/local/www/packages/freeswitch/"); - unlink_if_exists("/usr/local/etc/rc.d/freeswitch.sh"); - unlink_if_exists("/tmp/freeswitch.tar.gz"); - unlink_if_exists("/tmp/pkg_mgr_FreeSWITCH.log"); - - conf_mount_ro(); - config_unlock(); - -} - -?> diff --git a/config/freeswitch/freeswitch.xml b/config/freeswitch/freeswitch.xml deleted file mode 100644 index dc5cfc36..00000000 --- a/config/freeswitch/freeswitch.xml +++ /dev/null @@ -1,267 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - freeswitch.xml - Copyright (C) 2008 Mark J Crane - All rights reserved - - FreeSWITCH (TM) - http://www.freeswitch.org/ -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/* ========================================================================== */ - ]]> - </copyright> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>FreeSWITCH Settings</name> - <version>0.9.5.8</version> - <title>FreeSWITCH: Settings</title> - <include_file>/usr/local/pkg/freeswitch.inc</include_file> - <menu> - <name>FreeSWITCH</name> - <tooltiptext>Modify FreeSWITCH settings.</tooltiptext> - <section>Services</section> - <configfile>freeswitch.xml</configfile> - <url>/pkg_edit.php?xml=freeswitch.xml&id=0</url> - </menu> - <service> - <name>freeswitch</name> - <rcfile>freeswitch.sh</rcfile> - <executable>freeswitch</executable> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=freeswitch.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Dialplan</text> - <url>/packages/freeswitch/freeswitch_dialplan_includes.php</url> - </tab> - <tab> - <text>Extensions</text> - <url>/packages/freeswitch/freeswitch_extensions.php</url> - </tab> - <tab> - <text>Features</text> - <url>/packages/freeswitch/freeswitch_features.php</url> - </tab> - <tab> - <text>Gateways</text> - <url>/packages/freeswitch/freeswitch_gateways.php</url> - </tab> - <tab> - <text>Profiles</text> - <url>/packages/freeswitch/freeswitch_profiles.php</url> - </tab> - <tab> - <text>Public</text> - <url>/packages/freeswitch/freeswitch_public_includes.php</url> - </tab> - <tab> - <text>Status</text> - <url>/packages/freeswitch/freeswitch_status.php</url> - </tab> - <tab> - <text>Vars</text> - <url>/packages/freeswitch/freeswitch_vars.php</url> - </tab> - </tabs> - <configpath>installedpackages->package->$packagename->configuration->freeswitchsettings</configpath> - <additional_files_needed> - <prefix>/tmp/</prefix> - <chmod>0755</chmod> - <item>http://portableusbapps.com/packages/config/freeswitch/freeswitch.tgz</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeswitch/freeswitch.inc</item> - </additional_files_needed> - <fields> - <field> - <fielddescr>Numbering Plan</fielddescr> - <fieldname>numbering_plan</fieldname> - <description>Enter the numbering plan here. example: US</description> - <type>input</type> - </field> - <field> - <fielddescr>Default Gateway</fielddescr> - <fieldname>default_gateway</fieldname> - <description>Enter the default gateway name here.</description> - <type>input</type> - </field> - <field> - <fielddescr>Default Area Code</fielddescr> - <fieldname>default_area_code</fieldname> - <description>Enter the area code here. example: 918</description> - <type>input</type> - </field> - <field> - <fielddescr>Event Socket Port</fielddescr> - <fieldname>event_socket_port</fieldname> - <description>Enter the event socket port here. default: 8021</description> - <type>input</type> - </field> - <field> - <fielddescr>Event Socket Password</fielddescr> - <fieldname>event_socket_password</fieldname> - <description>Enter the event socket password here. default: ClueCon</description> - <type>password</type> - </field> - <field> - <fielddescr>XML RPC HTTP Port</fielddescr> - <fieldname>xml_rpc_http_port</fieldname> - <description>Enter the XML RPC HTTP Port here. default: 8787</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth Realm</fielddescr> - <fieldname>xml_rpc_auth_realm</fieldname> - <description>Enter the XML RPC Auth Realm here. default: freeswitch</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth User</fielddescr> - <fieldname>xml_rpc_auth_user</fieldname> - <description>Enter the XML RPC Auth User here. default: freeswitch</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth Password</fielddescr> - <fieldname>xml_rpc_auth_pass</fieldname> - <description>Enter the XML RPC Auth Password here. default: works</description> - <type>password</type> - </field> - <field> - <fielddescr>Admin PIN Number</fielddescr> - <fieldname>admin_pin</fieldname> - <description>Enter a admin pin number. Used to authenticate the admin from the phone.</description> - <type>password</type> - </field> - <field> - <fielddescr>SMTP Host</fielddescr> - <fieldname>smtphost</fieldname> - <description>Enter the SMTP host address. If you using a different port append it on the end with a colon. e.g. smtp.gmail.com:465</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP Secure</fielddescr> - <fieldname>smtpsecure</fieldname> - <description>Select the SMTP security. None, TLS, SSL</description> - <type>select</type> - <options> - <option> - <name>none</name> - <value></value> - </option> - <option> - <name>tls</name> - <value>tls</value> - </option> - <option> - <name>ssl</name> - <value>ssl</value> - </option> - </options> - </field> - <field> - <fielddescr>SMTP Auth</fielddescr> - <fieldname>smtpauth</fieldname> - <description>Use SMTP Authentication true or false.</description> - <type>select</type> - <options> - <option> - <name>true</name> - <value>true</value> - </option> - <option> - <name>false</name> - <value>false</value> - </option> - </options> - </field> - <field> - <fielddescr>SMTP Username</fielddescr> - <fieldname>smtpusername</fieldname> - <description>Enter the SMTP authentication username.</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP Password</fielddescr> - <fieldname>smtppassword</fieldname> - <description>Enter the SMTP authentication password.</description> - <type>password</type> - </field> - <field> - <fielddescr>SMTP From</fielddescr> - <fieldname>smtpfrom</fieldname> - <description>Enter the SMTP From email address.</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP From Name</fielddescr> - <fieldname>smtpfromname</fieldname> - <description>Enter the SMTP From Name.</description> - <type>input</type> - </field> - <field> - <fielddescr>Mod Shout Decoder</fielddescr> - <fieldname>mod_shout_decoder</fieldname> - <description>Enter the Decoder. default: i386</description> - <type>input</type> - </field> - <field> - <fielddescr>Mod Shout Volume</fielddescr> - <fieldname>mod_shout_volume</fieldname> - <description>Enter the Volume. default: 0.3</description> - <type>input</type> - </field> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_package_freeswitch_settings(); - </custom_php_resync_config_command> - <custom_delete_php_command> - sync_package_freeswitch_settings(); - </custom_delete_php_command> - <custom_php_install_command> - freeswitch_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - freeswitch_deinstall_command(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/freeswitch/freeswitch_cmd.tmp b/config/freeswitch/freeswitch_cmd.tmp deleted file mode 100644 index 21dba508..00000000 --- a/config/freeswitch/freeswitch_cmd.tmp +++ /dev/null @@ -1,49 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_cmd.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); -$cmd = $_GET['cmd']; - - -$password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; -$port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; -$host = ''; - -$fp = event_socket_create($host, $port, $password); -$response = event_socket_request($fp, $cmd); -fclose($fp); - -header("Location: /packages/freeswitch/freeswitch_status.php?savemsg=".urlencode($response)); - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_dialplan.tmp b/config/freeswitch/freeswitch_dialplan.tmp deleted file mode 100644 index fcfb3192..00000000 --- a/config/freeswitch/freeswitch_dialplan.tmp +++ /dev/null @@ -1,163 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_dialplan.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp /usr/local/freeswitch/conf.orig/dialplan/default.xml /usr/local/freeswitch/conf/dialplan/default.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen("/usr/local/freeswitch/conf/dialplan/default.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen("/usr/local/freeswitch/conf/dialplan/default.xml", "r"); -$content = fread($fd, filesize("/usr/local/freeswitch/conf/dialplan/default.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Dialplan</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_dialplan.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Default Dialplan<br> - </strong></span> - The default dialplan is used to setup call destinations based on conditions and context. - You can use the dialplan to send calls to gateways, IVRs, external numbers, to scripts, or any destination. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td>/usr/local/freeswitch/conf/dialplan/default.xml</td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_dialplan.php?a=default&f=default.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_dialplan_includes.tmp b/config/freeswitch/freeswitch_dialplan_includes.tmp deleted file mode 100644 index 55379ea5..00000000 --- a/config/freeswitch/freeswitch_dialplan_includes.tmp +++ /dev/null @@ -1,278 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_dialplan_includes.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -//freeswitchdialplanincludes - //dialplanincludeid - //extensionname - //context - //default - //enabled - //descr - -//freeswitchdialplanincludedetails - - //dialplanincludeid - //tag - //condition - //action - //antiaction - //param - //tagorder - //1-20 - //fieldtype - - //fielddata - - -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludes') { - - if ($a_dialplan_includes[$_GET['id']]) { - - $dialplanincludeid = $a_dialplan_includes[$_GET['id']][dialplanincludeid]; - - $extensionname = $a_dialplan_includes[$_GET['id']][extensionname]; - $order = $a_dialplan_includes[$_GET['id']][order]; - $dialplanincludefilename = $order."_".$extensionname.".xml"; - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $dialplanincludeid) { - //echo "child id: ".$i."<br />\n"; - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - //if the dialplan include xml file exists then delete it - if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename)) { - unlink("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename); - } - - unset($dialplanincludefilename); - unset($a_dialplan_includes[$_GET['id']]); - write_config(); - sync_package_freeswitch_dialplan_includes(); - header("Location: freeswitch_dialplan_includes.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Dialplan</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_dialplan_includes.php" method="post" name="iform" id="iform"> -<?php - - -//echo "<pre>"; -//print_r ($a_dialplan_includes); -//echo "</pre>"; - - -//if ($config_change == 1) { -// write_config(); -// $config_change = 0; -//} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("This has been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td><span class="vexpl"><span class="red"><strong>Dialplan - </strong></span></span> - </td> - <td align='right'> - <input type='button' value='default.xml' onclick="document.location.href='/packages/freeswitch/freeswitch_dialplan.php';"> - </td> - </tr> - <tr> - <td colspan='2'> - <span class="vexpl"> - The dialplan is used to setup call destinations based on conditions and context. You can use the dialplan to send calls to gateways, IVRs, external numbers, to scripts, or any destination. - </span> - </td> - - </tr> - </table> - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension Name</td> - <td width="25%" class="listhdrr">Order</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_dialplan_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach ($a_dialplan_includes as $ent) { - $a_dialplan_includes[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["order"] > $b["order"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_includes) > 0) { usort($a_dialplan_includes, "cmp_number"); } - - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach ($a_dialplan_includes as $ent) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['extensionname']?> - </td> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['order']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_dialplan_includes.php?type=dialplanincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_dialplan_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -/usr/local/freeswitch/conf/dialplan/default/ -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_dialplan_includes_details.tmp b/config/freeswitch/freeswitch_dialplan_includes_details.tmp deleted file mode 100755 index 1504d590..00000000 --- a/config/freeswitch/freeswitch_dialplan_includes_details.tmp +++ /dev/null @@ -1,53 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_dialplan_includes_details.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludedetails') { - if ($a_dialplan_include_details[$_GET['id']]) { - unset($a_dialplan_include_details[$_GET['id']]); - write_config(); - sync_package_freeswitch_dialplan_includes(); - //touch($d_hostsdirty_path); - header("Location: freeswitch_dialplan_includes_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp b/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp deleted file mode 100644 index f3cbf71d..00000000 --- a/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp +++ /dev/null @@ -1,389 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_dialplan_includes_details_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$dialplanincludeid = $_GET['dialplanincludeid']; -if (isset($_POST['dialplanincludeid'])) { - $dialplanincludeid = $_POST['dialplanincludeid']; -} - - - //dialplanincludeid - //tag - //condition - //action - //antiaction - //param - //fieldorder - //1-20 - //fieldtype - - //fielddata - - -if (isset($id) && $a_dialplan_includes_details[$id]) { - $pconfig['dialplanincludeid'] = $a_dialplan_includes_details[$id]['dialplanincludeid']; - $pconfig['tag'] = $a_dialplan_includes_details[$id]['tag']; - $pconfig['fieldorder'] = $a_dialplan_includes_details[$id]['fieldorder']; - $pconfig['fieldtype'] = $a_dialplan_includes_details[$id]['fieldtype']; - $pconfig['fielddata'] = $a_dialplan_includes_details[$id]['fielddata']; -} -//else { -// if (isset($_GET['a'])) { -// if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } -// if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } -// } -//} - - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $ent = array(); - $ent['dialplanincludeid'] = $_POST['dialplanincludeid']; - $ent['tag'] = $_POST['tag']; - $ent['fieldorder'] = $_POST['fieldorder']; - $ent['fieldtype'] = $_POST['fieldtype']; - $ent['fielddata'] = $_POST['fielddata']; - - - if (isset($id) && $a_dialplan_includes_details[$id]) { - //update - $a_dialplan_includes_details[$id] = $ent; - } - else { - //add - $a_dialplan_includes_details[] = $ent; - } - - write_config(); - sync_package_freeswitch_dialplan_includes(); - - header("Location: freeswitch_dialplan_includes_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Dialplan: Details: Edit</p> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="freeswitch_dialplan_includes_details_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Tag</td> - <td width="78%" class="vtable"> - <script type="text/javascript"> - function dialplan_include_details_tag_onchange() { - var tag = document.getElementById("form_tag").value; - if (tag == "condition") { - document.getElementById("label_fieldtype").innerHTML = "Field"; - document.getElementById("label_fielddata").innerHTML = "Expression"; - } - else if (tag == "action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "anti-action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "param") { - document.getElementById("label_fieldtype").innerHTML = "Name"; - document.getElementById("label_fielddata").innerHTML = "Value"; - } - if (tag == "") { - document.getElementById("label_fieldtype").innerHTML = "Type"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - } - </script> - <?php - echo " <select name='tag' class='formfld' id='form_tag' onchange='dialplan_include_details_tag_onchange();'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['tag'])) { - case "condition": - echo " <option selected='yes'>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "action": - echo " <option>condition</option>\n"; - echo " <option selected='yes'>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "anti-action": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option selected='yes'>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "param": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option selected='yes'>param</option>\n"; - break; - default: - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - } - echo " </select>\n"; - - //condition - //field expression - //action - //application - //data - //antiaction - //application - //data - //param - //name - //value - - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td> - <td width="78%" class="vtable"> - <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td> - <td width="78%" class="vtable"> - <input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>"> - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='fieldorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['fieldorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['fieldorder'])."'>".htmlspecialchars($pconfig['fieldorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="dialplanincludeid" type="hidden" value="<?=$dialplanincludeid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_dialplan_includes_details[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br /> - <br /> - <b>Additional Information</b> - <br /> - <br /> - <a href='http://wiki.freeswitch.org/wiki/Dialplan_XML' target='_blank'>http://wiki.freeswitch.org/wiki/Dialplan_XML</a> - - <br /> - <br /> - <br /> - <br /> - - <b>Conditions</b> - <br /> - <br /> - Conditions are pattern matching tags that help FreeSwitch decide if the current call should be processed in this extension or not. When matching conditions against the current call you have several <b>fields</b> that you can compare against. - <ul> - <li><b>context</b></li> - <li><b>rdnis</b> Redirected Number, the directory number to which the call was last presented.</li> - <li><b>destination_number</b> Called Number, the number this call is trying to reach (within a given context)</li> - <li><b>dialplan</b> Name of the dialplan module that are used, the name is provided by each dialplan module. Example: XML</li> - <li><b>caller_id_name</b> Name of the caller (provided by the User Agent that has called us).</li> - <li><b>caller_id_number</b> Directory Number of the party who called (callee) -- can be masked (hidden)</li> - <li><b>ani</b> Automatic Number Identification, the number of the calling party (callee) -- cannot be masked</li> - <li><b>ani2</b> The type of device placing the call [1]</li> - <li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li> - <li><b>source</b> Name of the FreeSwitch module that received the call (e.g. PortAudio)</li> - <li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li> - <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li> - </ul> - In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args} - <br /> - <br /> - Variables may be used in either the field or the expression, as follows - - <br /> - <br /> - <br /> - <br /> - - <b>Action and Anti-Actions</b> - <br /> - <br /> - Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>. - Additional information on applications for Actions and Anti-Actions.<br /> - <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a> - <br /> - <a href='http://wiki.freeswitch.org/wiki/Dialplan_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/Dialplan_Functions</a> - <br /> - <br /> - <br /> - The following is a partial list of <b>applications</b>. - <ul> - <li><b>answer</b> answer the call</li> - <li><b>bridge</b> bridge the call<li> - <li><b>cond</b></li> - <li><b>db</b> is a a runtime database either sqlite by default or odbc</li> - <li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li> - <li><b>group</b> allows grouping of several extensions for things like ring groups</li> - <li><b>expr</b></li> - <li><b>hangup</b> hangs up the call</li> - <li><b>info</b> sends call info to the console</li> - <li><b>javascript</b> run javascript .js files</li> - <li><b>playback</b></li> - <li><b>reject</b> reject the call</li> - <li><b>respond</b></li> - <li><b>ring_ready</b></li> - <li><b>set</b> set a variable</li> - <li><b>set_user</b></li> - <li><b>sleep</b></li> - <li><b>sofia_contact</b></li> - <li><b>transfer</b> transfer the call to another extension or number<li> - <li><b>voicemail</b> send the call to voicemail</li> - </ul> - - - <br /> - <br /> - - <!-- - <b>Param</b> - Example parameters by name and value - <br /> - <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a> - <ul> - <li><b>codec-ms</b> 20</li> - <li><b>codec-prefs</b> PCMU@20i</li> - <li><b>debug</b> 1</li> - <li><b>dialplan</b> XML</li> - <li><b>dtmf-duration</b> 100</li> - <li><b>rfc2833-pt</b>" 101</li> - <li><b>sip-port</b> 5060</li> - <li><b>use-rtp-timer</b> true</li> - </ul> - <br /> - <br /> - --> - - - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_dialplan_includes_edit.tmp b/config/freeswitch/freeswitch_dialplan_includes_edit.tmp deleted file mode 100644 index a6118042..00000000 --- a/config/freeswitch/freeswitch_dialplan_includes_edit.tmp +++ /dev/null @@ -1,543 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_dialplan_includes_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -//freeswitchdialplanincludes - //dialplanincludeid - //extensionname - //context - //default - //enabled - //descr - -// - - - -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - -if (isset($id) && $a_dialplan_includes[$id]) { - $pconfig['dialplanincludeid'] = $a_dialplan_includes[$id]['dialplanincludeid']; - $dialplanincludeid = $a_dialplan_includes[$id]['dialplanincludeid']; - $pconfig['extensionname'] = $a_dialplan_includes[$id]['extensionname']; - $pconfig['order'] = $a_dialplan_includes[$id]['order']; - $pconfig['context'] = $a_dialplan_includes[$id]['context']; - $pconfig['enabled'] = $a_dialplan_includes[$id]['enabled']; - $pconfig['descr'] = $a_dialplan_includes[$id]['descr']; - $pconfig['opt1name'] = $a_dialplan_includes[$id]['opt1name']; - $pconfig['opt1value'] = $a_dialplan_includes[$id]['opt1value']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludedetails') { - if ($a_dialplan_include_details[$_GET['id']]) { - unset($a_dialplan_include_details[$_GET['id']]); - write_config(); - sync_package_freeswitch_dialplan_includes(); - header("Location: freeswitch_dialplan_include_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['dialplanincludeid']) > 0) { - //update - $ent['dialplanincludeid'] = $_POST['dialplanincludeid']; - } - else { - //add - $ent['dialplanincludeid'] = guid(); - } - $ent['extensionname'] = $_POST['extensionname']; - $ent['order'] = $_POST['order']; - //$ent['context'] = $_POST['context']; - $ent['context'] = 'default'; - $ent['enabled'] = $_POST['enabled']; - $ent['descr'] = $_POST['descr']; - $ent['opt1name'] = $_POST['opt1name']; - $ent['opt1value'] = $_POST['opt1value']; - - - if (isset($id) && $a_dialplan_includes[$id]) { - - if (count($a_dialplan_includes)>0) { - foreach($a_dialplan_includes as $rowhelper) { - - //$rowhelper['dialplanincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $filenamechanged = false; - if ($rowhelper['dialplanincludeid'] == $_POST['dialplanincludeid']) { - - if ($rowhelper['extensionname'] != $_POST['extensionname']) { - //if the extension name has changed then remove the current dialplan xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($rowhelper['order'] != $_POST['order']) { - //if the order has changed then remove the current dialplan xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($_POST['enabled'] == "false") { - //if the extension name is disabled then remove the dialplan xml file - $filenamechanged = true; - } - if ($filenamechanged){ - $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename)) { - unlink("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename); - } - unset($dialplanincludefilename); - } - - } - unset($filenamechanged); - - } //end foreach - } //end count - - //update the config - $a_dialplan_includes[$id] = $ent; - } - else { - //add to the config - $a_dialplan_includes[] = $ent; - } - - - write_config(); - sync_package_freeswitch_dialplan_includes(); - - header("Location: freeswitch_dialplan_includes.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Dialplan: Edit</p> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Dialplan:<br> - </strong></span> - Dialplan Include general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_dialplan_includes_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension Name</td> - <td width="78%" class="vtable"> - <input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>"> - <br /> - Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'. - </td> - </tr> - <!-- - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br /> - e.g. default - </td> - </tr> - --> - - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Order</td> - <td width="78%" class="vtable"> - <?php - - echo " <select name='order' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['order']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each dialplan include is determined by this order. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="dialplanincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['dialplanincludeid']);?>"> - <?php - if (strlen($id) > 0 && $a_dialplan_includes[$id]) { - echo "\n"; - echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n"; - echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n"; - echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n"; - } - ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="freeswitch_dialplan_includes_edit.php" method="post" name="iform2" id="iform2"> - <?php - - //echo "<pre>"; - //print_r ($a_dialplan_includes); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - //create a temporary id for the array - $i = 0; - if (count($a_dialplan_include_details) > 0) { - foreach ($a_dialplan_include_details as $ent) { - $a_dialplan_include_details[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_dialplan_include_details) > 0) { usort($a_dialplan_include_details, "cmp_number"); } - - ?> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br /> - </strong></span> - The following conditions, actions and anti-actions are used in the dialplan to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Tag</td> - <td width="40" class="listhdrr">Type</td> - <td width="50%" class="listhdrr">Data</td> - <td width="40" class="listhdrr">Order</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "action" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "param" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_dialplan_includes_details_edit.php?parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_extensions.tmp b/config/freeswitch/freeswitch_extensions.tmp deleted file mode 100644 index b1db2702..00000000 --- a/config/freeswitch/freeswitch_extensions.tmp +++ /dev/null @@ -1,220 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_extensions.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'extensions') { - if ($a_extensions[$_GET['id']]) { - $tmp_file_name = "/usr/local/freeswitch/conf/directory/default/".$_GET['extension'].".xml"; - if (file_exists($tmp_file_name)) { - unlink($tmp_file_name); - } - unset($a_extensions[$_GET['id']]); - write_config(); - header("Location: freeswitch_extensions.php"); - exit; - } - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Extensions</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_extensions.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH extensions have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Extensions<br> - </strong></span> - Use this to configure your SIP extensions. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Mail To</td> - <td width="25%" class="listhdrr">Call Group</td> - <td width="25%" class="listhdr">Description</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_extensions_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - - //create a temporary id for the array - $i = 0; - if (count($a_extensions) > 0) { - foreach ($a_extensions as $ent) { - $a_extensions[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["extension"] > $b["extension"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_extensions) > 0) { usort($a_extensions, "cmp_number"); } - - $i = 0; - if (count($a_extensions) > 0) { - - foreach ($a_extensions as $ent) { - - ?> - <tr> - <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['extension'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['vm-mailto'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['callgroup'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_extensions_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_extensions.php?type=extensions&act=del&id=<?=$ent['id'];?>&extension=<?=$ent['extension'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_extensions_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -/usr/local/freeswitch/conf/directory/default/ -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_extensions_edit.tmp b/config/freeswitch/freeswitch_extensions_edit.tmp deleted file mode 100644 index de98d447..00000000 --- a/config/freeswitch/freeswitch_extensions_edit.tmp +++ /dev/null @@ -1,417 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_extensions_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_extensions[$id]) { - - $pconfig['extension'] = $a_extensions[$id]['extension']; - $pconfig['password'] = $a_extensions[$id]['password']; - $pconfig['mailbox'] = $a_extensions[$id]['mailbox']; - $pconfig['vm-password'] = $a_extensions[$id]['vm-password']; - $pconfig['accountcode'] = $a_extensions[$id]['accountcode']; - $pconfig['effective_caller_id_name'] = $a_extensions[$id]['effective_caller_id_name']; - $pconfig['effective_caller_id_number'] = $a_extensions[$id]['effective_caller_id_number']; - $pconfig['effective_caller_id_number'] = $a_extensions[$id]['effective_caller_id_number']; - $pconfig['outbound_caller_id_name'] = $a_extensions[$id]['outbound_caller_id_name']; - $pconfig['outbound_caller_id_number'] = $a_extensions[$id]['outbound_caller_id_number']; - $pconfig['vm-mailto'] = $a_extensions[$id]['vm-mailto']; - $pconfig['vm-attach-file'] = $a_extensions[$id]['vm-attach-file']; - $pconfig['vm-keep-local-after-email'] = $a_extensions[$id]['vm-keep-local-after-email']; - $pconfig['user_context'] = $a_extensions[$id]['user_context']; - $pconfig['callgroup'] = $a_extensions[$id]['callgroup']; - $pconfig['auth-acl'] = $a_extensions[$id]['auth-acl']; - $pconfig['cidr'] = $a_extensions[$id]['cidr']; - $pconfig['sip-force-contact'] = $a_extensions[$id]['sip-force-contact']; - $pconfig['enabled'] = $a_extensions[$id]['enabled']; - $pconfig['description'] = $a_extensions[$id]['description']; - -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $effective_caller_id_number = $_POST['effective_caller_id_number']; - $outbound_caller_id_number = $_POST['outbound_caller_id_number']; - $replace_array = array("(", ")", " ", "-"); - $effective_caller_id_number = str_replace($replace_array, "", $effective_caller_id_number); - $outbound_caller_id_number = str_replace($replace_array, "", $outbound_caller_id_number); - - $ent = array(); - $ent['extension'] = $_POST['extension']; - $ent['password'] = $_POST['password']; - $ent['mailbox'] = $_POST['mailbox']; - $ent['vm-password'] = $_POST['vm-password']; - $ent['accountcode'] = $_POST['accountcode']; - $ent['effective_caller_id_name'] = $_POST['effective_caller_id_name']; - $ent['effective_caller_id_number'] = $effective_caller_id_number; - $ent['outbound_caller_id_name'] = $_POST['outbound_caller_id_name']; - $ent['outbound_caller_id_number'] = $outbound_caller_id_number; - $ent['vm-mailto'] = $_POST['vm-mailto']; - $ent['vm-attach-file'] = $_POST['vm-attach-file']; - $ent['vm-keep-local-after-email'] = $_POST['vm-keep-local-after-email']; - $ent['user_context'] = $_POST['user_context']; - $ent['callgroup'] = $_POST['callgroup']; - $ent['auth-acl'] = $_POST['auth-acl']; - $ent['cidr'] = $_POST['cidr']; - $ent['sip-force-contact'] = $_POST['sip-force-contact']; - $ent['enabled'] = $_POST['enabled']; - $ent['description'] = $_POST['description']; - - if (isset($id) && $a_extensions[$id]) { - //update - $a_extensions[$id] = $ent; - } - else { - //add - $a_extensions[] = $ent; - } - - write_config(); - sync_package_freeswitch_extensions(); - - header("Location: freeswitch_extensions.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Extensions: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Extension Setup<br> - </strong></span> - /usr/local/freeswitch/conf/directory/default/ - </p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_extensions_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - - <tr> - <td width="25%" valign="top" class="vncellreq">Extension</td> - <td width="75%" class="vtable"> - <input name="extension" type="text" class="formfld unknown" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>"> - <br><span class="vexpl">Enter the extension here. The default configuration 3 or 4 digit extensions.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Password</td> - <td width="75%" class="vtable"> - <input name="password" type="password" class="formfld pwd" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>"> - <br><span class="vexpl">Enter the password here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Mailbox</td> - <td width="75%" class="vtable"> - <input name="mailbox" type="text" class="formfld unknown" id="mailbox" size="40" value="<?=htmlspecialchars($pconfig['mailbox']);?>"> - <br><span class="vexpl">Enter the mailbox here. Example: extension 1001 then mailbox 1001<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Voicemail Password</td> - <td width="75%" class="vtable"> - <input name="vm-password" type="password" class="formfld pwd" id="vm-password" size="40" value="<?=htmlspecialchars($pconfig['vm-password']);?>"> - <br><span class="vexpl">Enter the voicemail password here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Account Code</td> - <td width="75%" class="vtable"> - <input name="accountcode" type="text" class="formfld unknown" id="accountcode" size="40" value="<?=htmlspecialchars($pconfig['accountcode']);?>"> - <br><span class="vexpl">Enter the account code here. Example: extension 1001 then accountcode 1001<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Name</td> - <td width="75%" class="vtable"> - <input name="effective_caller_id_name" type="text" class="formfld unknown" id="effective_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_name']);?>"> - <br><span class="vexpl">Enter the effective caller id name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Number</td> - <td width="75%" class="vtable"> - <input name="effective_caller_id_number" type="text" class="formfld unknown" id="effective_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_number']);?>"> - <br><span class="vexpl">Enter the effective caller id number here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Mail To</td> - <td width="75%" class="vtable"> - <input name="vm-mailto" type="text" class="formfld unknown" id="vm-mailto" size="40" value="<?=htmlspecialchars($pconfig['vm-mailto']);?>"> - <br><span class="vexpl">Optional: Enter the email address to send voicemail to.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Attach File</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='vm-attach-file' class='formfld unknown'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-attach-file'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to attach the file to the email. - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>VM Keep Local After Email</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='vm-keep-local-after-email' class='formfld unknown'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-keep-local-after-email'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Keep local file after sending the email. - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">User Context</td> - <td width="75%" class="vtable"> - <input name="user_context" type="text" class="formfld unknown" id="user_context" size="40" value="<?=htmlspecialchars($pconfig['user_context']);?>"> - <br><span class="vexpl">Enter the user context here. Example: default<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Call Group</td> - <td width="75%" class="vtable"> - <input name="callgroup" type="text" class="formfld unknown" id="callgroup" size="40" value="<?=htmlspecialchars($pconfig['callgroup']);?>"> - <br><span class="vexpl">Enter the user call group here. Example: sales, support<br></span> - </td> - </tr> - </table> - - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Show Advanced</td> - <td width="75%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Auth-ACL</td> - <td width="75%" class="vtable"> - <input name="auth-acl" type="text" class="formfld unknown" id="auth-acl" size="40" value="<?=htmlspecialchars($pconfig['auth-acl']);?>"> - <br> <span class="vexpl">Enter the auth acl here.<br></span> - </td> - </tr> - <tr> - <td valign="top" class="vncell">CIDR</td> - <td class="vtable"> - <input name="cidr" type="text" class="formfld unknown" id="cidr" size="40" value="<?=htmlspecialchars($pconfig['cidr']);?>"> - <br> <span class="vexpl">Enter the cidr here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell" nowrap>Outbound Caller ID Name</td> - <td width="75%" class="vtable"> - <input name="outbound_caller_id_name" type="text" class="formfld unknown" id="outbound_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_name']);?>"> - <br><span class="vexpl">Enter the outbound caller id name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell" nowrap>Outbound Caller ID Number</td> - <td width="75%" class="vtable"> - <input name="outbound_caller_id_number" type="text" class="formfld unknown" id="outbound_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_number']);?>"> - <br><span class="vexpl">Enter the outbound caller id number here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">SIP-Force-Contact</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='sip-force-contact' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['sip-force-contact'])) { - case "NDLB-connectile-dysfunction": - echo " <option value='NDLB-connectile-dysfunction' selected='yes'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction'>Rewrite contact port</option>\n"; - break; - case "NDLB-tls-connectile-dysfunction": - echo " <option value='NDLB-connectile-dysfunction'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction' selected='yes'>Rewrite contact port</option>\n"; - default: - echo " <option value='NDLB-connectile-dysfunction'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction'>Rewrite contact port</option>\n"; - } - echo " </select>\n"; - ?> - <br /> - Choose sip-force-contact can be used to NDLB-connectile-dysfunction rewrites contact IP and port, <br />and NDLB-tls-connectile-dysfunction rewrites the contact port.<br /> - </td> - </tr> - </table> - </div> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Extension Description</td> - <td width="75%" class="vtable"> - <input name="description" type="text" class="formfld unknown" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br><span class="vexpl">Enter the description of the extension here.<br></span> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_extensions[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_fax.tmp b/config/freeswitch/freeswitch_fax.tmp deleted file mode 100644 index 38992663..00000000 --- a/config/freeswitch/freeswitch_fax.tmp +++ /dev/null @@ -1,305 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_fax.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_fax = &$config['installedpackages']['freeswitchfax']['config']; -$dir_fax = '/usr/local/freeswitch/storage/fax/inbox/'; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax') { - if ($a_fax[$_GET['id']]) { - - $faxid = $a_fax[$_GET['id']][faxid]; - $faxname = $a_fax[$_GET['id']][faxname]; - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete the dialplan include - if (count($a_dialplan_includes) > 0) { - $i=0; - foreach($a_dialplan_includes as $row) { - if ($row["dialplanincludeid"] == $faxid) { - $order = $row['order']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $faxid) { - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$faxname.".xml")){ - unlink("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$faxname.".xml"); - } - - //remove fax entries - unset($a_fax[$_GET['id']]); - - write_config(); - header("Location: freeswitch_fax.php"); - exit; - } - } -} - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] = "fax_file") { - if (file_exists($dir_fax.$_GET['filename'])) { - $fd = fopen($dir_fax.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax.$_GET['filename'])); - fpassthru($fd); - } - } - - exit; -} -else { - //echo $dir_fax.$_GET['filename']; -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_file') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax.$file_name.".pdf"); - unlink_if_exists($dir_fax.$file_name.".png"); - unlink_if_exists($dir_fax.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: freeswitch_fax.php"); - exit; - //} - } - -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: FAX</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_fax.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH fax have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>FAX<br> - </strong></span> - To receive a FAX setup a fax extension and then direct the incoming FAX with a dedicated number or you can detect the FAX tone by using <a href='http://wiki.freeswitch.org/wiki/Misc._Dialplan_Tools_tone_detect' target='_blank'>tone detection</a> on the Public tab. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Extension</td> - <td width="40" class="listhdrr" nowrap>Name</td> - <td width="40%" class="listhdrr" nowrap>Email</td> - <td width="40" class="listhdrr">Domain</td> - <td width="50%" class="listhdr">Description</td> - <td width="40" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_fax_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - - //create a temporary id for the array - $i = 0; - if (count($a_fax) > 0) { - foreach ($a_fax as $ent) { - $a_fax[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["faxextension"] > $b["faxextension"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_fax) > 0) { usort($a_fax, "cmp_number"); } - - $i = 0; - if (count($a_fax) > 0) { - - foreach ($a_fax as $ent) { - if (strlen($ent['faxextension']) > 0) { - ?> - <tr> - <td class="listr" ondblclick="document.location='freeswitch_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxextension'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxname'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxemail'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxdomain'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_fax_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['faxdescription']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_fax_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_fax.php?type=fax&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_fax_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -<br /> -<br /> -<br /> -<br /> - - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_fax_edit.tmp b/config/freeswitch/freeswitch_fax_edit.tmp deleted file mode 100644 index 43b22cf3..00000000 --- a/config/freeswitch/freeswitch_fax_edit.tmp +++ /dev/null @@ -1,723 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_fax_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_fax = &$config['installedpackages']['freeswitchfax']['config']; - -$id = $_GET['id']; -if (strlen($id) == 0) { - $id = $_POST['id']; -} -$parentid = $id; - -if (isset($id) && $a_fax[$id]) { - $pconfig['faxid'] = $a_fax[$id]['faxid']; - $faxid = $a_fax[$id]['faxid']; - $pconfig['faxextension'] = $a_fax[$id]['faxextension']; - $pconfig['faxname'] = $a_fax[$id]['faxname']; - $pconfig['faxemail'] = $a_fax[$id]['faxemail']; - $pconfig['faxdomain'] = $a_fax[$id]['faxdomain']; - $pconfig['faxdescription'] = $a_fax[$id]['faxdescription']; -} - - -$dir_fax_inbox = '/usr/local/freeswitch/storage/fax/'.$pconfig['faxextension'].'/inbox/'; -$dir_fax_sent = '/usr/local/freeswitch/storage/fax/'.$pconfig['faxextension'].'/sent/'; -$dir_fax_temp = '/usr/local/freeswitch/storage/fax/'.$pconfig['faxextension'].'/temp/'; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax') { - if ($a_fax[$_GET['id']]) { - - $faxid = $a_fax[$_GET['id']][faxid]; - $faxname = $a_fax[$_GET['id']][faxname]; - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete the dialplan include - if (count($a_dialplan_includes) > 0) { - $i=0; - foreach($a_dialplan_includes as $row) { - if ($row["dialplanincludeid"] == $faxid) { - $order = $row['order']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $faxid) { - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$faxname.".xml")){ - unlink("/usr/local/freeswitch/conf/dialplan/default/".$order."_".$faxname.".xml"); - } - - //remove fax entries - unset($a_fax[$_GET['id']]); - - write_config(); - header("Location: freeswitch_fax.php"); - exit; - } - } -} - -if (($_POST['type'] == "fax_send") && is_uploaded_file($_FILES['fax_file']['tmp_name'])) { - - $fax_number = $_POST['fax_number']; - $fax_name = $_FILES['fax_file']['name']; - $fax_name = str_replace(".tif", "", $fax_name); - $fax_name = str_replace(".tiff", "", $fax_name); - $fax_name = str_replace(".pdf", "", $fax_name); - $fax_gateway = $_POST['fax_gateway']; - - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - //upload the file - move_uploaded_file($_FILES['fax_file']['tmp_name'], $dir_fax_temp.$_FILES['fax_file']['name']); - - $fax_file_extension = substr($dir_fax_temp.$_FILES['fax_file']['name'], -4); - if ($fax_file_extension == ".pdf") { - exec("cd ".$dir_fax_temp.";gs -q -sDEVICE=tiffg3 -r204x98 -dNOPAUSE -sOutputFile=".$fax_name.".tif -- ".$fax_name.".pdf -c quit"); - //exec("rm ".$dir_fax_temp.$fax_name.".pdf"); - } - if ($fax_file_extension == ".tiff") { - exec("cp ".$dir_fax_temp.$fax_name.".tiff ".$dir_fax_temp.$fax_name.".tif"); - exec("rm ".$dir_fax_temp.$fax_name.".tiff"); - } - - //send the fax - $fp = event_socket_create($host, $port, $password); - $cmd = "api originate [absolute_codec_string=PCMU]sofia/gateway/".$fax_gateway."/".$fax_number." &txfax(".$dir_fax_temp.$fax_name.".tif)"; - $response = event_socket_request($fp, $cmd); - $response = str_replace("\n", "", $response); - $uuid = str_replace("+OK ", "", $response); - fclose($fp); - - //if ($response >= 1) { - // $fp = event_socket_create($host, $port, $password); - // $cmd = "api uuid_getvar ".$uuid." fax_result_text"; - // echo $cmd."\n"; - // $response = event_socket_request($fp, $cmd); - // $response = trim($response); - // fclose($fp); - //} - - sleep(5); - - //copy the .tif to the sent directory - exec("cp ".$dir_fax_temp.$fax_name.".tif ".$dir_fax_sent.$fax_name.".tif"); - - //delete the .tif from the temp directory - //exec("rm ".$dir_fax_temp.$fax_name.".tif"); - - //convert the tif to pdf and png - exec("cd $dir_fax_sent; /usr/local/bin/tiff2png ".$dir_fax_sent.$fax_name.".tif"); - exec("cd $dir_fax_sent; /usr/local/bin/tiff2pdf -f -o ".$fax_name.".pdf ".$dir_fax_sent.$fax_name.".tif"); - - header("Location: freeswitch_fax_edit.php?id=".$id."&msg=".$response); - exit; -} - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] == "fax_inbox") { - - if (file_exists($dir_fax_inbox.$_GET['filename'])) { - - $fd = fopen($dir_fax_inbox.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax_inbox.$_GET['filename'])); - fpassthru($fd); - } - else { - echo "not found"; - } - exit; - } - -} -else { - //echo $dir_fax_inbox.$_GET['filename']; -} - - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] == "fax_sent") { - if (file_exists($dir_fax_sent.$_GET['filename'])) { - $fd = fopen($dir_fax_sent.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax_sent.$_GET['filename'])); - fpassthru($fd); - } - - } - - exit; -} -else { - //echo $dir_fax_inbox.$_GET['filename']; -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_inbox') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax_inbox.$file_name.".pdf"); - unlink_if_exists($dir_fax_inbox.$file_name.".png"); - unlink_if_exists($dir_fax_inbox.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: freeswitch_fax.php"); - exit; - //} - } -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_sent') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax_sent.$file_name.".pdf"); - unlink_if_exists($dir_fax_sent.$file_name.".png"); - unlink_if_exists($dir_fax_sent.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: freeswitch_fax.php"); - exit; - //} - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['faxid']) > 0) { - $ent['faxid'] = $_POST['faxid']; - } - else { - $ent['faxid'] = guid(); - } - $ent['faxextension'] = $_POST['faxextension']; - $ent['faxname'] = $_POST['faxname']; - $ent['faxemail'] = $_POST['faxemail']; - $ent['faxdomain'] = $_POST['faxdomain']; - $ent['faxdescription'] = $_POST['faxdescription']; - - if (isset($id) && $a_fax[$id]) { - //update - $a_fax[$id] = $ent; - } - else { - //add - $a_fax[] = $ent; - } - - if (!is_dir('/usr/local/freeswitch/storage/fax/')) { - exec("mkdir /usr/local/freeswitch/storage/fax/"); - } - - $faxfolder = '/usr/local/freeswitch/storage/fax/'.$_POST['faxextension']; - if (!is_dir($faxfolder)) { - exec('mkdir '.$faxfolder); - } - if (!is_dir($faxfolder.'/inbox/')) { - exec('mkdir '.$faxfolder.'/inbox/'); - } - if (!is_dir($faxfolder.'/sent/')) { - exec('mkdir '.$faxfolder.'/sent/'); - } - if (!is_dir($faxfolder.'/temp/')) { - exec('mkdir '.$faxfolder.'/temp/'); - } - write_config(); - sync_package_freeswitch_fax(); - - header("Location: freeswitch_fax.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: FAX: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>FAX Setup<br> - </strong></span> - </p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_fax_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Extension</td> - <td width="75%" class="vtable"> - <input name="faxextension" type="text" class="formfld unknown" id="faxextension" size="40" value="<?=htmlspecialchars($pconfig['faxextension']);?>"> - <br><span class="vexpl">Enter the fax extension here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Name</td> - <td width="75%" class="vtable"> - <input name="faxname" type="text" class="formfld unknown" id="faxname" size="40" value="<?=htmlspecialchars($pconfig['faxname']);?>"> - <br><span class="vexpl">Enter the name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Email</td> - <td width="75%" class="vtable"> - <input name="faxemail" type="text" class="formfld unknown" id="faxemail" size="40" value="<?=htmlspecialchars($pconfig['faxemail']);?>"> - <br><span class="vexpl">Optional: Enter the email address to send the FAX to.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Domain</td> - <td width="75%" class="vtable"> - <input name="faxdomain" type="text" class="formfld unknown" id="faxdomain" size="40" value="<?=htmlspecialchars($pconfig['faxdomain']);?>"> - <br><span class="vexpl">Enter the domain here.<br></span> - </td> - </tr> - <!-- - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Attach File</td> - <td width="75%" class="vtable"> - <?php - /* - echo " <select name='vm-attach-file' class='formfld unknown'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-attach-file'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - */ - ?> - Choose whether to attach the file to the email. - </td> - </tr> - --> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Description</td> - <td width="75%" class="vtable"> - <input name="faxdescription" type="text" class="formfld unknown" id="faxdescription" size="40" value="<?=htmlspecialchars($pconfig['faxdescription']);?>"> - <br><span class="vexpl">Enter the description here.<br></span> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td> - <input name="faxid" type="hidden" value="<?=htmlspecialchars($pconfig['faxid']);?>"> - <?php if (isset($id) && $a_fax[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br /> - <br /> - <br /> - <br /> - - - <table width="100%" border="0" cellpadding="3" cellspacing="0"> - <tr> - <td width='30%'> - <span class="vexpl"><span class="red"><strong>Send</strong></span> - </td> - </tr> - <tr> - <td> - To send a fax you can upload a .tif file or if ghost script has been installed then you can also send a fax by uploading a PDF. (pkg_add -r ghostscript8-nox11; rehash) - When sending a fax you can view status of the transmission by viewing the logs from the Status tab or by watching the response from the FreeSWITCH console. - </td> - </tr> - <tr> - <td align='right' nowrap> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0' cellpadding='3' cellspacing='0' width='100%'> - <tr> - <td valign="middle" class="label"> - Fax Number - </td> - <td valign="top" class="label"> - <input type="text" name="fax_number" value=""> - </td> - <td align="left">Upload:</td> - <td valign="top" class="label"> - <input name="id" type="hidden" value="$id"> - <input name="type" type="hidden" value="fax_send"> - <input name="fax_file" type="file" class="button" id="fax_file"> - </td> - <td valign="middle" class="label"> - Gateway - </td> - <td valign="top" class="label"> - - <?php - //create a temporary id for the array - $a_gateways = &$config['installedpackages']['freeswitchgateways']['config']; - - $i = 0; - if (count($a_gateways) > 0) { - foreach ($a_gateways as $ent) { - $a_gateways[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_string($a, $b) { - return strcmp($a["gateway"], $b["gateway"]); - } - if (count($a_gateways) > 0) { usort($a_gateways, "cmp_string"); } - - echo "<select name='fax_gateway' class='formfld'>"; - $i = 0; - if (count($a_gateways) > 0) { - - foreach ($a_gateways as $ent) { - echo "<option>".$ent['gateway']."</option>\n"; - } - } - echo "</select>\n"; - - ?> - </td> - <td> - <input name="submit" type="submit" class="button" id="upload" value="Send FAX"> - </td> - </tr> - </table> - </div> - </form> - </td> - </tr> - </table> - - - - <br /> - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <span class="vexpl"><span class="red"><strong>Inbox</strong></span> - </td> - <td align='right'> - <b>location:</b> <?php echo $dir_fax_inbox; ?> - </td> - </tr> - </table> - - <div id="niftyOutter"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">File Name (download)</td> - <td width="10%" class="listhdrr">Download</td> - <td width="10%" class="listhdrr">View</td> - <td width="20%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_fax_inbox)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_fax_inbox.$file)) { - - $tmp_filesize = filesize($dir_fax_inbox.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - $tmp_file_array = split("\.",$file); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - - if ($file_ext == "tif") { - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=bin&filename=".$file_name.".pdf\">\n"; - echo " pdf"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=png&filename=".$file_name.".png\" target=\"_blank\">\n"; - echo " png"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_fax_inbox.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"freeswitch_fax_edit.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"freeswitch_fax_edit.php?id=".$id."&type=fax_inbox&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - } - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - <br /> - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <span class="vexpl"><span class="red"><strong>Sent</strong></span> - </td> - <td align='right'> - <b>location:</b> <?php echo $dir_fax_sent; ?> - </td> - </tr> - </table> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">File Name (download)</td> - <td width="10%" class="listhdrr">Download</td> - <td width="10%" class="listhdrr">View</td> - <td width="20%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_fax_sent)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_fax_sent.$file)) { - - $tmp_filesize = filesize($dir_fax_sent.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - $tmp_file_array = split("\.",$file); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - - if ($file_ext == "tif") { - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=bin&filename=".$file_name.".pdf\">\n"; - echo " pdf"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=png&filename=".$file_name.".png\" target=\"_blank\">\n"; - echo " png"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_fax_sent.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"freeswitch_fax_edit.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"freeswitch_fax_edit.php?id=".$id."&type=fax_sent&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - } - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - - <br /> - <br /> - <br /> - <br /> - - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_features.tmp b/config/freeswitch/freeswitch_features.tmp deleted file mode 100644 index 1a2ed969..00000000 --- a/config/freeswitch/freeswitch_features.tmp +++ /dev/null @@ -1,216 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_extensions.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'extensions') { - if ($a_extensions[$_GET['id']]) { - unset($a_extensions[$_GET['id']]); - write_config(); - header("Location: freeswitch_extensions.php"); - exit; - } - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Extensions</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Features<br> - </strong></span> - List of a few of the features. - </p></td> - </tr> - </table> - <br />--> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Auto Attendant</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='freeswitch_ivr.php'>Open</a></td> - <td class="vtable"> - An interactive voice response (IVR) often refered to as an Auto Attendant. - It associates a recording to multiple options that can be used to direct - calls to extensions, voicemail, queues, other IVR applications, and external - phone numbers. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Direct Inward System Access</td> - </tr> - <tr> - <td width='10%' class="vncell"></td> - <td class="vtable"> - Direct Inward System Access (DISA) allows inbound callers to make internal or external calls. For security reasons it is disabled by default. - To enable it first set a secure pin number from the Settings->Admin PIN Number. - Then go to Dialplan tab and find the DISA entry and edit it to set 'Enabled' to 'true'. - To use DISA dial *3427 (disa) enter the admin pin code and the extension or phone number you wish to call. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>FAX</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='freeswitch_fax.php'>Open</a></td> - <td class="vtable"> - Transmit and View Received Faxes. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Hunt Group</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='freeswitch_hunt_group.php'>Open</a></td> - <td class="vtable"> - Hunt Group is a group of destinations to call at once or in succession. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Modules</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='/pkg_edit.php?xml=freeswitch_modules.xml&id=0'>Open</a></td> - <td class="vtable"> - Modules add additional features and can be enabled or disabled to provide the desired features. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Music on Hold</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='freeswitch_recordings.php'>Open</a></td> - <td class="vtable"> - Music on hold can be in WAV or MP3 format. To play an MP3 files you must have mod_shout enabled on the 'Modules' tab. - For best performance upload 16bit 8khz/16khz Mono WAV files. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Recordings</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='freeswitch_recordings.php'>Open</a></td> - <td class="vtable"> - To make a recording dial *732673 (record) or you can make a 16bit 8khz/16khz - Mono WAV file then copy it to the following directory then refresh the page to play - it back. Click on the 'Filename' to download it or the 'Recording Name' to play the audio. - </td> - </tr> - </table> - -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_gateways.tmp b/config/freeswitch/freeswitch_gateways.tmp deleted file mode 100644 index 16d933fd..00000000 --- a/config/freeswitch/freeswitch_gateways.tmp +++ /dev/null @@ -1,214 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_gateways.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_gateways = &$config['installedpackages']['freeswitchgateways']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'gateways') { - if ($a_gateways[$_GET['id']]) { - $tmp_file_name = "/usr/local/freeswitch/conf/sip_profiles/external/".$_GET['gateway'].".xml"; - if (file_exists($tmp_file_name)) { - unlink($tmp_file_name); - } - unset($a_gateways[$_GET['id']]); - write_config(); - header("Location: freeswitch_gateways.php"); - exit; - } - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Gateways</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_gateways.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH gateways have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Gateways<br> - </strong></span> - Use this to configure your SIP gateways also known as providers. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Gateway</td> - <td width="25%" class="listhdrr">Context</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="25%" class="listhdr">Description</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_gateways_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_gateways) > 0) { - foreach ($a_gateways as $ent) { - $a_gateways[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_string($a, $b) { - return strcmp($a["gateway"], $b["gateway"]); - } - if (count($a_gateways) > 0) { usort($a_gateways, "cmp_string"); } - - $i = 0; - if (count($a_gateways) > 0) { - - foreach ($a_gateways as $ent) { - - ?> - <tr> - <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['gateway'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['context'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_gateways_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_gateways.php?type=gateways&act=del&id=<?=$ent['id'];?>&gateway=<?=$ent['gateway'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_gateways_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -/usr/local/freeswitch/conf/sip_profiles/external/ -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_gateways_edit.tmp b/config/freeswitch/freeswitch_gateways_edit.tmp deleted file mode 100644 index 977e562e..00000000 --- a/config/freeswitch/freeswitch_gateways_edit.tmp +++ /dev/null @@ -1,694 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_gateways_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_gateways = &$config['installedpackages']['freeswitchgateways']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_gateways[$id]) { - - $pconfig['gatewayid'] = $a_gateways[$id]['gatewayid']; - $gatewayid = $a_gateways[$id]['gatewayid']; - $pconfig['gateway'] = $a_gateways[$id]['gateway']; - $pconfig['username'] = $a_gateways[$id]['username']; - $pconfig['auth-username'] = $a_gateways[$id]['auth-username']; - $pconfig['password'] = $a_gateways[$id]['password']; - $pconfig['realm'] = $a_gateways[$id]['realm']; - $pconfig['from-user'] = $a_gateways[$id]['from-user']; - $pconfig['from-domain'] = $a_gateways[$id]['from-domain']; - $pconfig['proxy'] = $a_gateways[$id]['proxy']; - $pconfig['expire-seconds'] = $a_gateways[$id]['expire-seconds']; - $pconfig['register'] = $a_gateways[$id]['register']; - $pconfig['register-transport'] = $a_gateways[$id]['register-transport']; - $pconfig['retry-seconds'] = $a_gateways[$id]['retry-seconds']; - $pconfig['extension'] = $a_gateways[$id]['extension']; - $pconfig['ping'] = $a_gateways[$id]['ping']; - $pconfig['caller-id-in-from'] = $a_gateways[$id]['caller-id-in-from']; - $pconfig['supress-cng'] = $a_gateways[$id]['supress-cng']; - - $pconfig['effective_caller_id_name'] = $a_gateways[$id]['effective_caller_id_name']; - $pconfig['effective_caller_id_number'] = $a_gateways[$id]['effective_caller_id_number']; - $pconfig['outbound_caller_id_name'] = $a_gateways[$id]['outbound_caller_id_name']; - $pconfig['outbound_caller_id_number'] = $a_gateways[$id]['outbound_caller_id_number']; - - $pconfig['context'] = $a_gateways[$id]['context']; - $pconfig['enabled'] = $a_gateways[$id]['enabled']; - $pconfig['description'] = $a_gateways[$id]['description']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $effective_caller_id_number = $_POST['effective_caller_id_number']; - $outbound_caller_id_number = $_POST['outbound_caller_id_number']; - $replace_array = array("(", ")", " ", "-"); - $effective_caller_id_number = str_replace($replace_array, "", $effective_caller_id_number); - $outbound_caller_id_number = str_replace($replace_array, "", $outbound_caller_id_number); - - $ent = array(); - if (strlen($_POST['ivrid']) > 0) { - $ent['gatewayid'] = $_POST['ivrid']; - } - else { - $ent['gatewayid'] = guid(); - } - $ent['gateway'] = $_POST['gateway']; - $ent['username'] = $_POST['username']; - $ent['auth-username'] = $_POST['auth-username']; - $ent['password'] = $_POST['password']; - $ent['realm'] = $_POST['realm']; - $ent['from-user'] = $_POST['from-user']; - $ent['from-domain'] = $_POST['from-domain']; - $ent['proxy'] = $_POST['proxy']; - $ent['expire-seconds'] = $_POST['expire-seconds']; - $ent['register'] = $_POST['register']; - $ent['register-transport'] = $_POST['register-transport']; - $ent['retry-seconds'] = $_POST['retry-seconds']; - $ent['extension'] = $_POST['extension']; - $ent['ping'] = $_POST['ping']; - $ent['caller-id-in-from'] = $_POST['caller-id-in-from']; - $ent['supress-cng'] = $_POST['supress-cng']; - - $ent['effective_caller_id_name'] = $_POST['effective_caller_id_name']; - $ent['effective_caller_id_number'] = $effective_caller_id_number; - $ent['outbound_caller_id_name'] = $_POST['outbound_caller_id_name']; - $ent['outbound_caller_id_number'] = $outbound_caller_id_number; - - $ent['context'] = $_POST['context']; - $ent['enabled'] = $_POST['enabled']; - $ent['description'] = $_POST['description']; - - if (isset($id) && $a_gateways[$id]) { - //update - $a_gateways[$id] = $ent; - } - else { - //add - $a_gateways[] = $ent; - } - - - if (strlen(trim($_POST['dialplan_expression']))> 0) { - - $gatewayid = $_POST['gatewayid']; - $gateway = $_POST['gateway']; - $context = $_POST['context']; - - $default_area_code = &$config['installedpackages']['freeswitchsettings']['config'][0]['default_area_code']; - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - - $tmp_array = split("\\\n", $_POST['dialplan_expression']); - - foreach($tmp_array as $dialplan_expression) { - - $dialplan_expression = trim($dialplan_expression); - if (strlen($dialplan_expression)>0) { - - switch ($dialplan_expression) { - case "^(\d{7})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "7 digits"; - $abbrv = "7d"; - break; - case "^(\d{10})$": - $action_data = "sofia/gateway/".$gateway."/1\$1"; - $label = "10 digits"; - $abbrv = "10d"; - break; - case "^(\d{11})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "11 digits"; - $abbrv = "11d"; - break; - case "^(311)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "311"; - $abbrv = "311"; - break; - case "^(411)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "411"; - $abbrv = "411"; - break; - case "^(911)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "911"; - $abbrv = "911"; - break; - case "^9(\d{3})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 3 digits"; - $abbrv = "9.3d"; - break; - case "^9(\d{4})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 4 digits"; - $abbrv = "9.4d"; - break; - case "^9(\d{7})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 7 digits"; - $abbrv = "9.7d"; - break; - case "^9(\d{10})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "dial 9, 10 digits"; - $abbrv = "9.10d"; - break; - case "^9(\d{11})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "dial 9, 11 digits"; - $abbrv = "9.11d"; - break; - case "^1?(8(00|55|66|77|88)[2-9]\d{6})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "toll free"; - $abbrv = "tollfree"; - break; - default: - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = $dialplan_expression; - $abbrv = $dialplan_expression; - } - - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $gateway.".".$abbrv; - $ent['order'] = '9002'; //if update use the existing order number and extension name and desc - $ent['context'] = $context; - $ent['enabled'] = 'true'; - $ent['descr'] = $label.' '.$gateway; - $ent['opt1name'] = 'gatewayid'; - $ent['opt1value'] = $gatewayid; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = $dialplan_expression; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - if (strlen($effective_caller_id_name) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'effective_caller_id_name='.$effective_caller_id_name; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($effective_caller_id_number) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'effective_caller_id_number='.$effective_caller_id_number; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($outbound_caller_id_name) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'outbound_caller_id_name='.$outbound_caller_id_name; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($outbound_caller_id_number) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'outbound_caller_id_number='.$outbound_caller_id_number; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'bridge'; - $ent['fielddata'] = $action_data; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($label); - unset($abbrv); - unset($dialplan_expression); - unset($action_data); - } //if strlen - } //end for each - } - - write_config(); - sync_package_freeswitch_gateways(); - sync_package_freeswitch_dialplan_includes(); - - header("Location: freeswitch_gateways.php"); - exit; - } -} - -include("head.inc"); - -?> - - -<script type="text/javascript" language="JavaScript"> - -function enable_change(enable_over) { - var endis; - endis = !(document.iform.enable.checked || enable_over); - document.iform.range_from.disabled = endis; - document.iform.range_to.disabled = endis; -} - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Gateways: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Gateway Setup<br> - </strong></span> - The 'SIP Provider Examples' from the FreeSWITCH wiki can be used as reference to get started. <br /> - <a href='http://wiki.freeswitch.org/wiki/SIP_Provider_Examples' target='_blank'>http://wiki.freeswitch.org/wiki/SIP_Provider_Examples</a> - </p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_gateways_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Gateway</td> - <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld" id="gateway" size="40" value="<?=htmlspecialchars($pconfig['gateway']);?>"> - <br><span class="vexpl">Enter the gateway name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Username</td> - <td width="78%" class="vtable"> - <input name="username" type="text" class="formfld" id="username" size="40" value="<?=htmlspecialchars($pconfig['username']);?>"> - <br><span class="vexpl">Enter the username here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Password</td> - <td width="78%" class="vtable"> - <input name="password" type="password" class="formfld" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>"> - <br><span class="vexpl">Enter the password here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">From-user</td> - <td width="78%" class="vtable"> - <input name="from-user" type="text" class="formfld" id="from-user" size="40" value="<?=htmlspecialchars($pconfig['from-user']);?>"> - <br><span class="vexpl">Enter the from-user here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">From-domain</td> - <td width="78%" class="vtable"> - <input name="from-domain" type="text" class="formfld" id="from-domain" size="40" value="<?=htmlspecialchars($pconfig['from-domain']);?>"> - <br><span class="vexpl">Enter the from-domain here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Proxy</td> - <td width="78%" class="vtable"> - <input name="proxy" type="text" class="formfld" id="proxy" size="40" value="<?=htmlspecialchars($pconfig['proxy']);?>"> - <br><span class="vexpl">Enter the proxy here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Realm</td> - <td width="78%" class="vtable"> - <input name="realm" type="text" class="formfld" id="realm" size="40" value="<?=htmlspecialchars($pconfig['realm']);?>"> - <br><span class="vexpl">Enter the realm here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Expire-seconds</td> - <td width="78%" class="vtable"> - <input name="expire-seconds" type="text" class="formfld" id="expire-seconds" size="40" value="<?=htmlspecialchars($pconfig['expire-seconds']);?>"> - <br><span class="vexpl">Enter the expire-seconds here. Example: 600<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Register</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='register' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['register'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to register. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Retry-seconds</td> - <td width="78%" class="vtable"> - <input name="retry-seconds" type="text" class="formfld" id="retry-seconds" size="40" value="<?=htmlspecialchars($pconfig['retry-seconds']);?>"> - <br> <span class="vexpl">Enter the retry_seconds here. Example: 30<br></span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Effective Caller ID Name</td> - <td width="78%" class="vtable"> - <input name="effective_caller_id_name" type="text" class="formfld" id="effective_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_name']);?>"> - <br> <span class="vexpl">Enter the effective caller ID name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Effective Caller ID Number</td> - <td width="78%" class="vtable"> - <input name="effective_caller_id_number" type="text" class="formfld" id="effective_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_number']);?>"> - <br> <span class="vexpl">Enter the effective caller ID number here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Outbound Caller ID Name</td> - <td width="78%" class="vtable"> - <input name="outbound_caller_id_name" type="text" class="formfld" id="outbound_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_name']);?>"> - <br> <span class="vexpl">Enter the outbound caller ID name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Outbound Caller ID Number</td> - <td width="78%" class="vtable"> - <input name="outbound_caller_id_number" type="text" class="formfld" id="outbound_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_number']);?>"> - <br> <span class="vexpl">Enter the outbound caller ID number here.<br></span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br> <span class="vexpl">Enter the context here. Example: public<br></span> - </td> - </tr> - </table> - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncell">Show Advanced</td> - <td width="78%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncell">Auth-username</td> - <td width="78%" class="vtable"> - <input name="auth-username" type="text" class="formfld" id="auth-username" size="40" value="<?=htmlspecialchars($pconfig['auth-username']);?>"> - <br> <span class="vexpl">Enter the auth-username here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Register-transport</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='register-transport' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['register-transport'])) { - case "udp": - echo " <option value='udp' selected='yes'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - break; - case "tcp": - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp' selected='yes'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - case "tls": - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls' selected='yes'>tls</option>\n"; - break; - default: - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to register-transport. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Extension</td> - <td width="78%" class="vtable"> - <input name="extension" type="text" class="formfld" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>"> - <br> <span class="vexpl">Enter the extension here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Ping</td> - <td width="78%" class="vtable"> - <input name="ping" type="text" class="formfld" id="ping" size="40" value="<?=htmlspecialchars($pconfig['ping']);?>"> - <br> <span class="vexpl">Enter the ping interval here in seconds.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Caller-id-in-from</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='caller-id-in-from' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['caller-id-in-from'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Supress-cng</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='supress-cng' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['supress-cng'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - </table> - - </div> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Dialplan Expression</td> - <td width="78%" class="vtable"> - <?php - echo "<textarea name=\"dialplan_expression\" id=\"dialplan_expression\" cols=\"30\" rows=\"4\" wrap=\"off\"></textarea>\n"; - ?> - <br> - <select name='dialplan_expression_select' id='dialplan_expression_select' onchange="document.getElementById('dialplan_expression').value += document.getElementById('dialplan_expression_select').value + '\n';" class='formfld'> - <option></option> - <option value='^(\d{7})$'>7 digits local</option> - <option value='^(\d{10})$'>10 digits long distance</option> - <option value='^(\d{11})$'>11 digits long distance</option> - <option value='^011(.*)$'>011 International</option> - <option value='^311$'>311 information</option> - <option value='^411$'>411 information</option> - <option value='^911$'>911 emergency</option> - <option value='^1?(8(00|55|66|77|88)[2-9]\d{6})$'>toll free</option> - <option value='^9(\d{3})$'>Dial 9 then 3 digits</option> - <option value='^9(\d{4})$'>Dial 9 then 4 digits</option> - <option value='^9(\d{7})$'>Dial 9 then 7 digits</option> - <option value='^9(\d{10})$'>Dial 9 then 10 digits</option> - <option value='^9(\d{11})$'>Dial 9 then 11 digits</option> - </select> - <span class="vexpl"> - <br /> - Shortcut to create the outbound dialplan entries for this Gateway. The entries are saved to and edited from the 'Dialplan' tab. - </span></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Gateway Description</td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br> <span class="vexpl">Enter the description of the gateway here.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_gateways[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <input name="gatewayid" type="hidden" value="<?=htmlspecialchars($pconfig['gatewayid']);?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_hunt_group.tmp b/config/freeswitch/freeswitch_hunt_group.tmp deleted file mode 100644 index ea3fe44d..00000000 --- a/config/freeswitch/freeswitch_hunt_group.tmp +++ /dev/null @@ -1,206 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_hunt_group.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'huntgroup') { - if ($a_hunt_group[$_GET['id']]) { - if (file_exists("/usr/local/freeswitch/scripts/huntgroup_".$_GET['huntgroupid'].".js")) { - unlink("/usr/local/freeswitch/scripts/huntgroup_".$_GET['huntgroupid'].".js"); - } - /* - //delete dialplan include details - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach($a_dialplan_includes as $row) { - echo $row['opt1value']." == {".$_GET['huntgroupid']."}<br />\n"; - if ($row['opt1value'] == '{'.$_GET['huntgroupid'].'}') { - $dialplanincludeid = $row['dialplanincludeid']; - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - - //delete dialplan include details - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach($a_dialplan_include_details as $row) { - if ($row['dialplanincludeid'] == $dialplanincludeid) { - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - */ - unset($a_hunt_group[$_GET['id']]); - write_config(); - sync_package_freeswitch_hunt_group(); - header("Location: freeswitch_hunt_group.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Hunt Group</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_hunt_group.php" method="post" name="iform" id="iform"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Hunt Group<br /> - </strong></span> - Hunt Group is a group of destinations to call at once or in succession. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Name</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_hunt_group_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_hunt_group) > 0) { - foreach ($a_hunt_group as $ent) { - if (strlen($ent['huntgroupid']) > 0) { - - $huntgroupid = str_replace(array("{", "}"), "", $ent['huntgroupid']); - - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_hunt_group_edit.php?id=<?=$i;?>'"> - <?=$ent['huntgroupextension']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_hunt_group_edit.php?id=<?=$i;?>';"> - <?=$ent['huntgroupname'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_hunt_group_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['huntgroupdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_hunt_group_edit.php?id=<?=$i;?>&huntgroupid=<?php echo $ent['huntgroupid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_hunt_group.php?type=huntgroup&act=del&id=<?=$i;?>&huntgroupid=<?php echo $huntgroupid; ?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_hunt_group_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -/usr/local/freeswitch/scripts/ -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_hunt_group_destinations.tmp b/config/freeswitch/freeswitch_hunt_group_destinations.tmp deleted file mode 100644 index 7f1adaf0..00000000 --- a/config/freeswitch/freeswitch_hunt_group_destinations.tmp +++ /dev/null @@ -1,52 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_hunt_group_destinations.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'huntgroupdestinations') { - if ($a_hunt_group_destinations[$_GET['id']]) { - unset($a_hunt_group_destinations[$_GET['id']]); - write_config(); - sync_package_freeswitch_hunt_group(); - header("Location: freeswitch_hunt_group_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_hunt_group_destinations_edit.tmp b/config/freeswitch/freeswitch_hunt_group_destinations_edit.tmp deleted file mode 100644 index 4d6d1c01..00000000 --- a/config/freeswitch/freeswitch_hunt_group_destinations_edit.tmp +++ /dev/null @@ -1,269 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_hunt_group_destinations_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$huntgroupid = $_GET['huntgroupid']; -if (isset($_POST['huntgroupid'])) { - $huntgroupid = $_POST['huntgroupid']; -} - - -if (isset($id) && $a_hunt_group_destinations[$id]) { - $pconfig['destinationnumber'] = $a_hunt_group_destinations[$id]['destinationnumber']; - $pconfig['destinationtype'] = $a_hunt_group_destinations[$id]['destinationtype']; - $pconfig['destinationprofile'] = $a_hunt_group_destinations[$id]['destinationprofile']; - $pconfig['destinationorder'] = $a_hunt_group_destinations[$id]['destinationorder']; - $pconfig['destinationdescr'] = $a_hunt_group_destinations[$id]['destinationdescr']; -} -else { - if (isset($_GET['a'])) { - //if ($_GET['a'] == "action"){ $pconfig['destinationaction'] = "action"; } - //if ($_GET['a'] == "antiaction"){ $pconfig['destinationaction'] = "anti-action"; } - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $huntgroupdestinationent = array(); - $huntgroupdestinationent['huntgroupid'] = $_POST['huntgroupid']; - $huntgroupdestinationent['destinationnumber'] = $_POST['destinationnumber']; - $huntgroupdestinationent['destinationtype'] = $_POST['destinationtype']; - $huntgroupdestinationent['destinationprofile'] = $_POST['destinationprofile']; - $huntgroupdestinationent['destinationorder'] = $_POST['destinationorder']; - $huntgroupdestinationent['destinationdescr'] = $_POST['destinationdescr']; - - if (isset($id) && $a_hunt_group_destinations[$id]) { - //update - $a_hunt_group_destinations[$id] = $huntgroupdestinationent; - } - else { - //add - $a_hunt_group_destinations[] = $huntgroupdestinationent; - } - - - write_config(); - sync_package_freeswitch_hunt_group(); - - header("Location: freeswitch_hunt_group_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Hunt Group: Destinations: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="freeswitch_hunt_group_destinations_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Destination</td> - <td width="78%" class="vtable"> - <input name="destinationnumber" type="text" class="formfld" id="destinationnumber" size="40" value="<?=htmlspecialchars($pconfig['destinationnumber']);?>"> - <br> - <span class="vexpl"> - <!--<b>examples:</b><br />--> - extension: 1001<br /> - voicemail: 1001<br /> - sip uri (voicemail): sofia/internal/*98@${domain}<br /> - sip uri (external number): sofia/gateway/gatewayname/12081231234<br /> - sip uri (auto attendant): sofia/internal/5002@${domain}<br /> - </span> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationtype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['destinationtype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['destinationtype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['destinationtype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Profile</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationprofile' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['destinationprofile']) == "auto") { - echo " <option selected='yes'>auto</option>\n"; - } - else { - echo " <option>auto</option>\n"; - } - foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - - if (htmlspecialchars($pconfig['destinationprofile']) == $sip_profile_name) { - echo " <option selected='yes'>$sip_profile_name</option>\n"; - } - else { - echo " <option>$sip_profile_name</option>\n"; - } - } - echo " </select>\n"; - - - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['destinationorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['destinationorder'])."'>".htmlspecialchars($pconfig['destinationorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each destination is determined by this order. - - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="destinationdescr" type="text" class="formfld" id="destinationdescr" size="40" value="<?=htmlspecialchars($pconfig['destinationdescr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="huntgroupid" type="hidden" value="<?=$huntgroupid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_hunt_group_destinations[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_hunt_group_edit.tmp b/config/freeswitch/freeswitch_hunt_group_edit.tmp deleted file mode 100644 index fe22a78e..00000000 --- a/config/freeswitch/freeswitch_hunt_group_edit.tmp +++ /dev/null @@ -1,509 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_hunt_group_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - - -if (isset($id) && $a_hunt_group[$id]) { - $pconfig['huntgroupid'] = $a_hunt_group[$id]['huntgroupid']; - $huntgroupid = $a_hunt_group[$id]['huntgroupid']; - $pconfig['huntgroupextension'] = $a_hunt_group[$id]['huntgroupextension']; - $pconfig['huntgroupname'] = $a_hunt_group[$id]['huntgroupname']; - $pconfig['huntgrouptype'] = $a_hunt_group[$id]['huntgrouptype']; - $pconfig['huntgroupcontext'] = $a_hunt_group[$id]['huntgroupcontext']; - $pconfig['huntgrouptimeout'] = $a_hunt_group[$id]['huntgrouptimeout']; - $pconfig['huntgrouptimeoutdestination'] = $a_hunt_group[$id]['huntgrouptimeoutdestination']; - $pconfig['huntgrouptimeouttype'] = $a_hunt_group[$id]['huntgrouptimeouttype']; - $pconfig['huntgroupringback'] = $a_hunt_group[$id]['huntgroupringback']; - $pconfig['huntgroupcidnameprefix'] = $a_hunt_group[$id]['huntgroupcidnameprefix']; - $pconfig['huntgrouppin'] = $a_hunt_group[$id]['huntgrouppin']; - $pconfig['huntgroupcallerannounce'] = $a_hunt_group[$id]['huntgroupcallerannounce']; - $pconfig['huntgroupdescr'] = $a_hunt_group[$id]['huntgroupdescr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'destinations') { - if ($a_hunt_group_destinations[$_GET['optionid']]) { - unset($a_hunt_group_destinations[$_GET['optionid']]); - write_config(); - sync_package_freeswitch_hunt_group(); - header("Location: freeswitch_hunt_group_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $huntgroupent = array(); - if (strlen($_POST['huntgroupid']) > 0) { - $huntgroupent['huntgroupid'] = $_POST['huntgroupid']; - } - else { - $huntgroupent['huntgroupid'] = guid(); - } - $huntgroupent['huntgroupextension'] = $_POST['huntgroupextension']; - $huntgroupent['huntgroupname'] = $_POST['huntgroupname']; - $huntgroupent['huntgrouptype'] = $_POST['huntgrouptype']; - $huntgroupent['huntgroupcontext'] = $_POST['huntgroupcontext']; - $huntgroupent['huntgrouptimeout'] = $_POST['huntgrouptimeout']; - $huntgroupent['huntgrouptimeoutdestination'] = $_POST['huntgrouptimeoutdestination']; - $huntgroupent['huntgrouptimeouttype'] = $_POST['huntgrouptimeouttype']; - $huntgroupent['huntgroupringback'] = $_POST['huntgroupringback']; - $huntgroupent['huntgroupcidnameprefix'] = $_POST['huntgroupcidnameprefix']; - $huntgroupent['huntgrouppin'] = $_POST['huntgrouppin']; - $huntgroupent['huntgroupcallerannounce'] = $_POST['huntgroupcallerannounce']; - $huntgroupent['huntgroupdescr'] = $_POST['huntgroupdescr']; - - if (isset($id) && $a_hunt_group[$id]) { - //update - $a_hunt_group[$id] = $huntgroupent; - } - else { - //add - $a_hunt_group[] = $huntgroupent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_freeswitch_hunt_group(); - - header("Location: freeswitch_hunt_group.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Hunt Group: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>General Settings:<br> - </strong></span> - Hunt Group general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_hunt_group_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension</td> - <td width="78%" class="vtable"> - <input name="huntgroupextension" type="text" class="formfld" id="huntgroupextension" size="40" value="<?=htmlspecialchars($pconfig['huntgroupextension']);?>"> - <br> <span class="vexpl">e.g. <em>7002</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Hunt Group Name</td> - <td width="78%" class="vtable"> - <input name="huntgroupname" type="text" class="formfld" id="huntgroupname" size="40" value="<?=htmlspecialchars($pconfig['huntgroupname']);?>"> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgrouptype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgrouptype']) == "simultaneous") { - echo " <option selected='yes'>simultaneous</option>\n"; - } - else { - echo " <option>simultaneous</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptype']) == "sequentially") { - echo " <option selected='yes'>sequentially</option>\n"; - } - else { - echo " <option>sequentially</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <?php - if (strlen($pconfig['huntgrouptimeout']) == 0) { - $pconfig['huntgrouptimeout'] = 30; //set a default timeout - } - ?> - <tr> - <td width="22%" valign="top" class="vncell">Context</td> - <td width="78%" class="vtable"> - <input name="huntgroupcontext" type="text" class="formfld" id="huntgroupextension" size="40" value="<?=htmlspecialchars($pconfig['huntgroupcontext']);?>"> - <br> <span class="vexpl">e.g. <em>default</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout</td> - <td width="78%" class="vtable"> - <input name="huntgrouptimeout" type="text" class="formfld" id="huntgrouptimeout" size="40" value="<?=htmlspecialchars($pconfig['huntgrouptimeout']);?>"> - <br> - <span class="vexpl"> - The timeout sets the time in seconds to continue to call before timing out. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgrouptimeouttype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout Destination</td> - <td width="78%" class="vtable"> - <input name="huntgrouptimeoutdestination" type="text" class="formfld" id="huntgrouptimeoutdestination" size="40" value="<?=htmlspecialchars($pconfig['huntgrouptimeoutdestination']);?>"> - <br> <span class="vexpl">Destination<br> - e.g. <em>1001</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Ring Back</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgroupringback' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgroupringback']) == "ring") { - echo " <option selected='yes'>ring</option>\n"; - } - else { - echo " <option>ring</option>\n"; - } - if (htmlspecialchars($pconfig['huntgroupringback']) == "music") { - echo " <option selected='yes'>music</option>\n"; - } - else { - echo " <option>music</option>\n"; - } - echo " </select>\n"; - ?> - <br> - <span class="vexpl"> - Defines what the caller will hear while destination is being called. The choices are music - (music on hold) ring (ring tone.) default: music - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">CID Prefix</td> - <td width="78%" class="vtable"> - <input name="huntgroupcidnameprefix" type="text" class="formfld" id="huntgroupcidnameprefix" size="40" value="<?=htmlspecialchars($pconfig['huntgroupcidnameprefix']);?>"> - <br> - <span class="vexpl"> - Set a prefix on the caller ID name. (optional) - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">PIN</td> - <td width="78%" class="vtable"> - <input name="huntgrouppin" type="text" class="formfld" id="huntgrouppin" size="40" value="<?=htmlspecialchars($pconfig['huntgrouppin']);?>"> - <br> - <span class="vexpl"> - If this is provided then the caller will be required to enter the PIN number. (optional) - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Caller Announce</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgroupcallerannounce' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgroupcallerannounce']) == "true") { - echo " <option selected='yes'>true</option>\n"; - } - else { - echo " <option>true</option>\n"; - } - if (htmlspecialchars($pconfig['huntgroupcallerannounce']) == "false") { - echo " <option selected='yes'>false</option>\n"; - } - else { - echo " <option>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="huntgroupdescr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['huntgroupdescr']);?>"> - <br> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <input name="huntgroupid" type="hidden" value="<?=htmlspecialchars($pconfig['huntgroupid']);?>"> - <?php if (isset($id) && $a_hunt_group[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="freeswitch_hunt_group_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_hunt_group); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Destinations<br /> - </strong></span> - The following destinations will be called. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40%" class="listhdrr">Destination</td> - <td width="40" class="listhdrr">Type</td> - <td width="40" class="listhdrr">Profile</td> - <td width="40" class="listhdrr">Order</td> - <td width="45%" class="listhdr">Description</td> - <td width="30" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($huntgroupid) > 1) { ?> - <a href="freeswitch_hunt_group_destinations_edit.php?parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - <?php } ?> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_hunt_group_destinations) > 0) { - foreach ($a_hunt_group_destinations as $ent) { - $a_hunt_group_destinations[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["destinationorder"] > $b["destinationorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_hunt_group_destinations) > 0) { usort($a_hunt_group_destinations, "cmp_number"); } - - $i = 0; - if (count($a_hunt_group_destinations) > 0) { - foreach ($a_hunt_group_destinations as $ent) { - if ($huntgroupid == $ent['huntgroupid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>'"> - <?=$ent['destinationnumber']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationprofile'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationorder'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['destinationdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <?php - if (strlen($huntgroupid) > 1) { - echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - echo " <td valign=\"middle\"><a href=\"freeswitch_hunt_group_destinations_edit.php?id=".$ent['id']."&parentid=".$parentid."&huntgroupid=".$huntgroupid."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"freeswitch_hunt_group_destinations.php?type=huntgroupdestinations&act=del&id=".$ent['id']."&parentid=".$parentid."&huntgroupid=".$huntgroupid."\" onclick=\"return confirm('Do you really want to delete this recording?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo "</table>\n"; - } - ?> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($huntgroupid) > 1) { ?> - <a href="freeswitch_hunt_group_destinations_edit.php?parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_ivr.tmp b/config/freeswitch/freeswitch_ivr.tmp deleted file mode 100644 index c1e53dff..00000000 --- a/config/freeswitch/freeswitch_ivr.tmp +++ /dev/null @@ -1,177 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_ivr.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr = &$config['installedpackages']['freeswitchivr']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'ivr') { - if ($a_ivr[$_GET['id']]) { - unlink("/usr/local/freeswitch/scripts/ivr_".$_GET['ivrid'].".js"); - unset($a_ivr[$_GET['id']]); - write_config(); - sync_package_freeswitch_ivr(); - header("Location: freeswitch_ivr.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: IVR</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_ivr.php" method="post" name="iform" id="iform"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>IVR<br /> - </strong></span> - An interactive voice response (IVR) often refered to as an Auto Attendant. - It associates a recording to multiple options that can be used to direct calls - to extensions, voicemail, queues, other IVR applications, and external - phone numbers. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Name</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_ivr_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr) > 0) { - foreach ($a_ivr as $ent) { - if (strlen($ent['ivrid']) > 0) { - - $ivrid = str_replace(array("{", "}"), "", $ent['ivrid']); - - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>'"> - <?=$ent['ivrextension']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';"> - <?=$ent['ivrname'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['ivrdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_ivr_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_ivr.php?type=ivr&act=del&id=<?=$i;?>&ivrid=<?php echo $ivrid; ?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_ivr_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -/usr/local/freeswitch/scripts/ -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_ivr_edit.tmp b/config/freeswitch/freeswitch_ivr_edit.tmp deleted file mode 100644 index 6b64994e..00000000 --- a/config/freeswitch/freeswitch_ivr_edit.tmp +++ /dev/null @@ -1,697 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_ivr_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr = &$config['installedpackages']['freeswitchivr']['config']; -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - -//set default $ivrconditionjs - $ivrconditionjs = "function isholiday( Month, Date ) {\n"; - $ivrconditionjs .= " var Holiday = 0; //default false\n"; - $ivrconditionjs .= " if (Month == \"12\" && Date == \"25\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Month == \"7\" && Date == \"4\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Month == \"1\" && Date == \"1\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Holiday == 1) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isweekday( Day ) {\n"; - $ivrconditionjs .= " if (Day > 1 && Day < 7) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isweekend( Day ) {\n"; - $ivrconditionjs .= " if (Day > 1 && Day < 7) {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isofficehours( Hours ) {\n"; - $ivrconditionjs .= " if (Hours >= 9 && Hours < 17) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isafterhours( Hours ) {\n"; - $ivrconditionjs .= " if (Hours >= 9 && Hours < 17) {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//set default\n"; - $ivrconditionjs .= "condition = true;\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//Holiday?\n"; - $ivrconditionjs .= "if (isholiday( Month, Date )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"holiday\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//Weekend?\n"; - $ivrconditionjs .= "if (isweekend( Day )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"weekend\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "// After Hours?\n"; - $ivrconditionjs .= "if (isafterhours( Hours )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"after hours\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - - -if (isset($id) && $a_ivr[$id]) { - $pconfig['ivrid'] = $a_ivr[$id]['ivrid']; - $ivrid = $a_ivr[$id]['ivrid']; - $pconfig['ivrextension'] = $a_ivr[$id]['ivrextension']; - $pconfig['ivrname'] = $a_ivr[$id]['ivrname']; - $pconfig['recordingidaction'] = $a_ivr[$id]['recordingidaction']; - $pconfig['recordingidantiaction'] = $a_ivr[$id]['recordingidantiaction']; - $pconfig['ivrtimeout'] = $a_ivr[$id]['ivrtimeout']; - $pconfig['ivrcalltimeout'] = $a_ivr[$id]['ivrcalltimeout']; - $pconfig['ivrcontext'] = $a_ivr[$id]['ivrcontext']; - $pconfig['ivrdirectdial'] = $a_ivr[$id]['ivrdirectdial']; - $pconfig['ivrringback'] = $a_ivr[$id]['ivrringback']; - $pconfig['ivrcidnameprefix'] = $a_ivr[$id]['ivrcidnameprefix']; - $pconfig['ivrconditionjs'] = ($a_ivr[$id]['ivrconditionjs']); - $pconfig['ivrdescr'] = $a_ivr[$id]['ivrdescr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'options') { - if ($a_ivroptions[$_GET['optionid']]) { - unset($a_ivr_options[$_GET['optionid']]); - write_config(); - sync_package_freeswitch_ivr(); - header("Location: freeswitch_ivr_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ivrent = array(); - if (strlen($_POST['ivrid']) > 0) { - $ivrent['ivrid'] = $_POST['ivrid']; - } - else { - $ivrent['ivrid'] = guid(); - } - $ivrent['ivrextension'] = $_POST['ivrextension']; - $ivrent['ivrname'] = $_POST['ivrname']; - $ivrent['recordingidaction'] = $_POST['recordingidaction']; - $ivrent['recordingidantiaction'] = $_POST['recordingidantiaction']; - $ivrent['ivrtimeout'] = $_POST['ivrtimeout']; - $ivrent['ivrcalltimeout'] = $_POST['ivrcalltimeout']; - $ivrent['ivrcontext'] = $_POST['ivrcontext']; - $ivrent['ivrdirectdial'] = $_POST['ivrdirectdial']; - $ivrent['ivrringback'] = $_POST['ivrringback']; - $ivrent['ivrcidnameprefix'] = $_POST['ivrcidnameprefix']; - $ivrent['ivrconditionjs'] = base64_encode($_POST['ivrconditionjs']); - $ivrent['ivrdescr'] = $_POST['ivrdescr']; - - if (isset($id) && $a_ivr[$id]) { - //update - $a_ivr[$id] = $ivrent; - } - else { - //add - $a_ivr[] = $ivrent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_freeswitch_ivr(); - - header("Location: freeswitch_ivr.php"); - exit; - } -} - -include("head.inc"); - -?> -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "ivrconditionjs" // id of the textarea to transform - ,start_highlight: true - ,allow_toggle: false - ,language: "en" - ,syntax: "js" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: IVR: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>General Settings:<br> - </strong></span> - Interactive voice response general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_ivr_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension</td> - <td width="78%" class="vtable"> - <input name="ivrextension" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrextension']);?>"> - <br> <span class="vexpl">e.g. <em>5002</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">IVR Name</td> - <td width="78%" class="vtable"> - <input name="ivrname" type="text" class="formfld" id="ivrname" size="40" value="<?=htmlspecialchars($pconfig['ivrname']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Action</td> - <td width="78%" class="vtable"> - <?php - $a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - echo " <select name='recordingidaction' class='formfld'>\n"; - echo " <option></option>\n"; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $ent) { - if (htmlspecialchars($pconfig['recordingidaction']) == $ent['recordingid']) { - echo " <option value='".$ent['recordingid']."' selected='yes'>".$ent['recordingname']."</option>\n"; - } - else { - echo " <option value='".$ent['recordingid']."'>".$ent['recordingname']."</option>\n"; - } - } - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Anti-Action</td> - <td width="78%" class="vtable"> - <?php - //$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - echo " <select name='recordingidantiaction' class='formfld'>\n"; - echo " <option></option>\n"; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $ent) { - if (htmlspecialchars($pconfig['recordingidantiaction']) == $ent['recordingid']) { - echo " <option value='".$ent['recordingid']."' selected='yes'>".$ent['recordingname']."</option>\n"; - } - else { - echo " <option value='".$ent['recordingid']."'>".$ent['recordingname']."</option>\n"; - } - } - } - echo " </select>\n"; - ?> - </td> - </tr> - <?php - if (strlen($pconfig['ivrtimeout']) == 0) { - $pconfig['ivrtimeout'] = 10; //set a default timeout - } - ?> - <tr> - <td width="22%" valign="top" class="vncellreq">IVR Timeout</td> - <td width="78%" class="vtable"> - <input name="ivrtimeout" type="text" class="formfld" id="ivrtimeout" size="40" value="<?=htmlspecialchars($pconfig['ivrtimeout']);?>"> - <br> - <span class="vexpl">After the recording concludes the - timeout sets the time in seconds to continue to wait for DTMF. - If the DTMF is <br />not detected during that time the 't' - timeout option is executed. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Call Timeout</td> - <td width="78%" class="vtable"> - <input name="ivrcalltimeout" type="text" class="formfld" id="ivrcalltimeout" size="40" value="<?=htmlspecialchars($pconfig['ivrcalltimeout']);?>"> - <br> - <span class="vexpl"> - Call timeout is the time in seconds to ring the destination. After this time is exceeded calls - to extensions will be sent to voicemail. default: 30 seconds - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="ivrcontext" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrcontext']);?>"> - <br> <span class="vexpl">e.g. <em>default</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Direct Dial</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='ivrdirectdial' class='formfld'>\n"; - echo " <option></option>\n"; - if (strlen($pconfig['ivrdirectdial']) == 0) { //set default - echo " <option value='true'>enable</option>\n"; - echo " <option selected='yes' value='false'>disabled</option>\n"; - } - else { - if (htmlspecialchars($pconfig['ivrdirectdial']) == "true") { - echo " <option selected='yes' value='true'>enabled</option>\n"; - } - else { - echo " <option value='true'>enable</option>\n"; - } - if (htmlspecialchars($pconfig['ivrdirectdial']) == "false") { - echo " <option selected='yes' value='false'>disabled</option>\n"; - } - else { - echo " <option value='false'>disable</option>\n"; - } - } - - echo " </select>\n"; - ?> - <br><span class="vexpl">Allows callers to dial directly to extensions and feature codes that are up to 5 digits in length.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Ring Back</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='ivrringback' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['ivrringback']) == "ring") { - echo " <option selected='yes'>ring</option>\n"; - } - else { - echo " <option>ring</option>\n"; - } - if (htmlspecialchars($pconfig['ivrringback']) == "music") { - echo " <option selected='yes'>music</option>\n"; - } - else { - echo " <option>music</option>\n"; - } - echo " </select>\n"; - ?> - <br> - <span class="vexpl"> - Defines what the caller will hear while destination is being called. The choices are music - (music on hold) ring (ring tone.) default: music - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">CID Prefix</td> - <td width="78%" class="vtable"> - <input name="ivrcidnameprefix" type="text" class="formfld" id="ivrcidnameprefix" size="40" value="<?=htmlspecialchars($pconfig['ivrcidnameprefix']);?>"> - <br> <span class="vexpl">Set a prefix on the caller ID name. (optional)</span></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> - <td width="78%" class="vtable"> - <input name="ivrdescr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['ivrdescr']);?>"> - <br> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Javascript Condition</td> - <td width="78%" class="vtable"> - <?php - if (strlen(htmlspecialchars(base64_decode($pconfig['ivrconditionjs']))) == 0) { - echo "<textarea name=\"ivrconditionjs\" id=\"ivrconditionjs\" cols=\"75\" rows=\"10\" wrap=\"off\">".$ivrconditionjs."</textarea>\n"; - } - else { - echo "<textarea name=\"ivrconditionjs\" id=\"ivrconditionjs\" cols=\"75\" rows=\"10\" wrap=\"off\">".htmlspecialchars(base64_decode($pconfig['ivrconditionjs']))."</textarea>\n"; - } - ?> - <br> <span class="vexpl">A simple valid condition is: - condition=true; To re-populate the default simply empty the - textarea and click on save. The following javascript variables - have been defined: Hours, Mins, Seconds, Month, Date, Year, - and Day.</span></td> - </tr> - - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <input name="ivrid" type="hidden" value="<?=htmlspecialchars($pconfig['ivrid']);?>"> - <?php if (isset($id) && $a_ivr[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="freeswitch_ivr_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_ivr); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong><br> - </strong></span> - Options are the choices that are available to the caller when they - are calling the auto attendant. If the caller presses 2 then the call - is directed to the corresponding destination. - </span></p></td> - </tr> - </table> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Action<br /> - </strong></span> - The options that are executed when the <b>condition matches.</b> - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30" class="listhdrr">Option</td> - <td width="30" class="listhdrr">Type</td> - <td width="30" class="listhdrr">Profile</td> - <td width="150" class="listhdrr">Destination</td> - <td width="30%" class="listhdr">Description</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="freeswitch_ivr_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr_options) > 0) { - foreach ($a_ivr_options as $ent) { - if ($ent['optionaction'] == "action" && $ivrid == $ent['ivrid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>'"> - <?=$ent['optionnumber']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiontype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optionprofile'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiondest'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_ivr_options.php?type=ivroptions&act=del&id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>" onclick="return confirm('Do you really want to delete this recording?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="freeswitch_ivr_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - <form action="freeswitch_ivr_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_ivr); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Anti-Action<br /> - </strong></span> - The options that are executed when the <b>condition does NOT match.</b> - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30" class="listhdrr">Option</td> - <td width="30" class="listhdrr">Type</td> - <td width="30" class="listhdrr">Profile</td> - <td width="150" class="listhdrr">Destination</td> - <td width="30%" class="listhdr">Description</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="freeswitch_ivr_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=antiaction"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr_options) > 0) { - foreach ($a_ivr_options as $ent) { - if ($ent['optionaction'] == "anti-action" && $ivrid == $ent['ivrid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>'"> - <?=$ent['optionnumber']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiontype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optionprofile'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiondest'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_ivr_options.php?type=ivroptions&act=del&id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>" onclick="return confirm('Do you really want to delete this recording?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="freeswitch_ivr_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=antiaction"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <? } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_ivr_options.tmp b/config/freeswitch/freeswitch_ivr_options.tmp deleted file mode 100755 index 096e5b6e..00000000 --- a/config/freeswitch/freeswitch_ivr_options.tmp +++ /dev/null @@ -1,52 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_ivr_options.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'ivroptions') { - if ($a_ivr_options[$_GET['id']]) { - unset($a_ivr_options[$_GET['id']]); - write_config(); - sync_package_freeswitch_ivr(); - header("Location: freeswitch_ivr_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_ivr_options_edit.tmp b/config/freeswitch/freeswitch_ivr_options_edit.tmp deleted file mode 100644 index 894064e3..00000000 --- a/config/freeswitch/freeswitch_ivr_options_edit.tmp +++ /dev/null @@ -1,248 +0,0 @@ -<?php -/* $Id$ */ -/* - - freeswitch_recordings_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$ivrid = $_GET['ivrid']; -if (isset($_POST['ivrid'])) { - $ivrid = $_POST['ivrid']; -} - - -if (isset($id) && $a_ivr_options[$id]) { - $pconfig['optionaction'] = $a_ivr_options[$id]['optionaction']; - $pconfig['optionnumber'] = $a_ivr_options[$id]['optionnumber']; - $pconfig['optiontype'] = $a_ivr_options[$id]['optiontype']; - $pconfig['optionprofile'] = $a_ivr_options[$id]['optionprofile']; - $pconfig['optiondest'] = $a_ivr_options[$id]['optiondest']; - $pconfig['optiondescr'] = $a_ivr_options[$id]['optiondescr']; -} -else { - if (isset($_GET['a'])) { - if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } - if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $ivroptionent = array(); - $ivroptionent['ivrid'] = $_POST['ivrid']; - $ivroptionent['optionnumber'] = $_POST['optionnumber']; - $ivroptionent['optiontype'] = $_POST['optiontype']; - $ivroptionent['optionprofile'] = $_POST['optionprofile']; - $ivroptionent['optionaction'] = $_POST['optionaction']; - $ivroptionent['optiondest'] = $_POST['optiondest']; - $ivroptionent['optiondescr'] = $_POST['optiondescr']; - - if (isset($id) && $a_ivr_options[$id]) { - //update - $a_ivr_options[$id] = $ivroptionent; - } - else { - //add - $a_ivr_options[] = $ivroptionent; - } - - - write_config(); - sync_package_freeswitch_ivr(); - - header("Location: freeswitch_ivr_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: IVR: Options: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="freeswitch_ivr_options_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Option Number</td> - <td width="78%" class="vtable"> - <input name="optionnumber" type="text" class="formfld" id="optionnumber" size="40" value="<?=htmlspecialchars($pconfig['optionnumber']);?>"> - <br> <span class="vexpl">Option Number<br> - e.g. <em>1</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='optiontype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['optiontype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['optiontype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['optiontype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Profile</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='optionprofile' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['optionprofile']) == "auto") { - echo " <option selected='yes'>auto</option>\n"; - } - else { - echo " <option>auto</option>\n"; - } - foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - - if (htmlspecialchars($pconfig['optionprofile']) == $sip_profile_name) { - echo " <option selected='yes'>$sip_profile_name</option>\n"; - } - else { - echo " <option>$sip_profile_name</option>\n"; - } - } - echo " </select>\n"; - - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Destination</td> - <td width="78%" class="vtable"> - <input name="optiondest" type="text" class="formfld" id="optiondest" size="40" value="<?=htmlspecialchars($pconfig['optiondest']);?>"> - <br> - <span class="vexpl"> - <!--<b>examples:</b><br />--> - extension: 1001<br /> - voicemail: 1001<br /> - sip uri (voicemail): sofia/internal/*98@${domain}<br /> - sip uri (external number): sofia/gateway/gatewayname/12081231234<br /> - sip uri (auto attendant): sofia/internal/5002@${domain}<br /> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="optiondescr" type="text" class="formfld" id="optiondescr" size="40" value="<?=htmlspecialchars($pconfig['optiondescr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="ivrid" type="hidden" value="<?=$ivrid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <input name="optionaction" type="hidden" value="<?=$pconfig['optionaction'];?>"> - <?php if (isset($id) && $a_ivr_options[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_mailto.tmp b/config/freeswitch/freeswitch_mailto.tmp deleted file mode 100644 index fa27ff68..00000000 --- a/config/freeswitch/freeswitch_mailto.tmp +++ /dev/null @@ -1,243 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_mailto.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("/etc/inc/config.inc"); -require_once("/usr/local/pkg/freeswitch.inc"); -global $config; - -$tmp_smtphost = $config['installedpackages']['freeswitchsettings']['config'][0]['smtphost']; -$tmp_smtpsecure = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpsecure']; //options "", "TLS", "SSL" -$tmp_smtpsecure = strtolower($tmp_smtpsecure); -$tmp_smtpauth = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpauth']; // SMTP authentication: true or false -$tmp_smtpusername = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpusername']; -$tmp_smtppassword = $config['installedpackages']['freeswitchsettings']['config'][0]['smtppassword']; -$tmp_smtpfrom = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfrom']; -$tmp_smtpfromname = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfromname']; - - -ini_set(max_execution_time,900); //15 minutes -ini_set('memory_limit', '96M'); -$fd = fopen("php://stdin", "r"); - -$email = file_get_contents ("php://stdin"); - -fclose($fd); - -if($fd){ - $fp = fopen("/tmp/voicemailtoemail.txt", "w"); -} - - -ob_end_clean(); -ob_start(); - - -//get main header and body - $tmparray = split("\n\n", $email); - $mainheader = $tmparray[0]; - $maincontent = substr($email, strlen($mainheader), strlen($email)); - -//get the boundary - $tmparray = split("\n", $mainheader); - $contenttmp = $tmparray[1]; //Content-Type: multipart/mixed; boundary="XXXX_boundary_XXXX" - $tmparray = split('; ', $contenttmp); //boundary="XXXX_boundary_XXXX" - $contenttmp = $tmparray[1]; - $tmparray = split('=', $contenttmp); //"XXXX_boundary_XXXX" - $boundary = $tmparray[1]; - $boundary = trim($boundary,'"'); - //echo "boundary: $boundary\n"; - -//put the main headers into an array - $mainheaderarray = split("\n", $mainheader); - //print_r($mainheaderarray); - foreach ($mainheaderarray as $val) { - $tmparray = split(': ', $val); - //print_r($tmparray); - $var[$tmparray[0]] = trim($tmparray[1]); - } - - $var['To'] = str_replace("<", "", $var['To']); - $var['To'] = str_replace(">", "", $var['To']); - - echo "To: ".$var['To']."\n"; - echo "From: ".$var['From']."\n"; - echo "Subject: ".$var['Subject']."\n"; - //print_r($var); - echo "\n\n"; - - -// split mime type multi-part into each part - $maincontent = str_replace($boundary."--", $boundary, $maincontent); - $tmparray = split("--".$boundary, $maincontent); - -// loop through each mime part - $i=0; - foreach ($tmparray as $mimepart) { - - $mimearray = split("\n\n", $mimepart); - $subheader = $mimearray[0]; - $headermimearray = split("\n", trim($subheader)); - - $x=0; - foreach ($headermimearray as $val) { - if(stristr($val, ':') === FALSE) { - $tmparray = split('=', $val); //':' not found - if (trim($tmparray[0]) == "boundary") { - $subboundary = $tmparray[1]; - $subboundary = trim($subboundary,'"'); - //echo "subboundary: ".$subboundary."\n"; - } - } - else { - $tmparray = split(':', $val); //':' found - } - - //print_r($tmparray); - $var[trim($tmparray[0])] = trim($tmparray[1]); - } - //print_r($var); - - - $contenttypearray = split(' ', $headermimearray[0]); - - if ($contenttypearray[0] == "Content-Type:") { - $contenttype = trim($contenttypearray[1]); - - switch ($contenttype) { - case "multipart/alternative;": - - //echo "type: ".$contenttype."\n"; - $content = trim(substr($mimepart, strlen($subheader), strlen($mimepart))); - - $content = str_replace($subboundary."--", $subboundary, $content); - $tmpsubarray = split("--".$subboundary, $content); - foreach ($tmpsubarray as $mimesubsubpart) { - - $mimesubsubarray = split("\n\n", $mimesubsubpart); - $subsubheader = $mimesubsubarray[0]; - - $headersubsubmimeearray = split("\n", trim($subsubheader)); - $subsubcontenttypearray = split(' ', $headersubsubmimeearray[0]); - //echo "subsubcontenttypearray[0] ".$subsubcontenttypearray[0]."\n"; - - if ($subsubcontenttypearray[0] == "Content-Type:") { - $subsubcontenttype = trim($subsubcontenttypearray[1]); - switch ($subsubcontenttype) { - case "text/plain;": - $textplain = trim(substr($mimesubsubpart, strlen($subsubheader), strlen($mimesubsubpart))); - //echo "text/plain: $textplain\n"; - break; - case "text/html;": - $texthtml = trim(substr($mimesubsubpart, strlen($subsubheader), strlen($mimesubsubpart))); - //echo "text/html: $texthtml\n"; - break; - } - } //end if - - - } //end foreach - - break; - case "audio/wav;": - //echo "type: ".$contenttype."\n"; - $strwav = trim(substr($mimepart, strlen($subheader), strlen($mimepart))); - //echo "\n*** begin wav ***\n".$strwav."\n*** end wav ***\n"; - break; - - }//end switch - } //end if - - $i++; - - } //end foreach - - -//send the email - - include "/usr/local/www/packages/freeswitch/class.phpmailer.php"; - include "/usr/local/www/packages/freeswitch/class.smtp.php"; // optional, gets called from within class.phpmailer.php if not already loaded - - $mail = new PHPMailer(); - - $mail->IsSMTP(); // set mailer to use SMTP - if ($tmp_smtpauth == "true") { - $mail->SMTPAuth = $tmp_smtpauth; // turn on/off SMTP authentication - } - $mail->Host = $tmp_smtphost; - if (strlen($tmp_smtpsecure)>0) { - $mail->SMTPSecure = $tmp_smtpsecure; - } - if ($tmp_smtpusername) { - $mail->Username = $tmp_smtpusername; - $mail->Password = $tmp_smtppassword; - } - $mail->SMTPDebug = 2; - - - $mail->From = $tmp_smtpfrom; - $mail->FromName = $tmp_smtpfromname; - $mail->Subject = $var['Subject']; - $mail->AltBody = $textplain; // optional, comment out and test - $mail->MsgHTML($texthtml); - - - $tmp_to = $var['To']; - $tmp_to = str_replace(";", ",", $tmp_to); - $tmp_to_array = split(",", $tmp_to); - foreach($tmp_to_array as $tmp_to_row) { - if (strlen($tmp_to_row) > 0) { - $mail->AddAddress($tmp_to_row); - } - } - - if (strlen($strwav) > 0) { - //$mail->AddAttachment("/usr/local/freeswitch/data/domain/example.wav"); // attachment - $filename='voicemail.wav'; $encoding = "base64"; $type = "audio/wav"; - $mail->AddStringAttachment(base64_decode($strwav),$filename,$encoding,$type); - } - unset($strwav); - - if(!$mail->Send()) { - echo "Mailer Error: " . $mail->ErrorInfo; - } - else { - echo "Message sent!"; - } - - -$content = ob_get_contents(); //get the output from the buffer -ob_end_clean(); //clean the buffer - -fwrite($fp, $content); -fclose($fp); - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_modules.xml b/config/freeswitch/freeswitch_modules.xml deleted file mode 100644 index 8c211820..00000000 --- a/config/freeswitch/freeswitch_modules.xml +++ /dev/null @@ -1,1203 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - freeswitch_modules.xml - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>FreeSWITCH Modules</name> - <version>0.2</version> - <title>FreeSWITCH: Modules</title> - <include_file>/usr/local/pkg/freeswitch.inc</include_file> - <menu> - <name>FreeSWITCH</name> - <tooltiptext>Modify FreeSWITCH Modules.</tooltiptext> - <section>Services</section> - <configfile>freeswitch.xml</configfile> - <url>/pkg_edit.php?xml=freeswitch.xml&id=0</url> - </menu> - <service> - <name>freeswitch</name> - <rcfile>freeswitch.sh</rcfile> - <executable>freeswitch</executable> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=freeswitch.xml&id=0</url> - </tab> - <tab> - <text>Dialplan</text> - <url>/packages/freeswitch/freeswitch_dialplan_includes.php</url> - </tab> - <tab> - <text>Extensions</text> - <url>/packages/freeswitch/freeswitch_extensions.php</url> - </tab> - <tab> - <text>Features</text> - <url>/packages/freeswitch/freeswitch_features.php</url> - </tab> - <tab> - <text>Gateways</text> - <url>/packages/freeswitch/freeswitch_gateways.php</url> - </tab> - <tab> - <text>Profiles</text> - <url>/packages/freeswitch/freeswitch_profiles.php</url> - </tab> - <tab> - <text>Public</text> - <url>/packages/freeswitch/freeswitch_public_includes.php</url> - </tab> - <tab> - <text>Status</text> - <url>/packages/freeswitch/freeswitch_status.php</url> - </tab> - <tab> - <text>Vars</text> - <url>/packages/freeswitch/freeswitch_vars.php</url> - </tab> - </tabs> - <configpath>installedpackages->package->$packagename->configuration->freeswitchmodules</configpath> - <fields> - <field> - <fielddescr><b>Loggers</b></fielddescr> - <fieldname>loggers</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_console</fielddescr> - <fieldname>mod_console</fieldname> - <description>Send logs to the console.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_logfile</fielddescr> - <fieldname>mod_logfile</fieldname> - <description>Send logs to the local file system.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_syslog</fielddescr> - <fieldname>mod_syslog</fieldname> - <description>Send logs to a remote syslog server.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Multi-Faceted</b></fielddescr> - <fieldname>multi-faceted</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_enum</fielddescr> - <fieldname>mod_enum</fieldname> - <description>Route PSTN numbers over internet according to ENUM servers, such as e164.org.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>XML Interfaces</b></fielddescr> - <fieldname>xml_interfaces</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_xml_rpc</fielddescr> - <fieldname>mod_xml_rpc</fieldname> - <description>XML Remote Procedure Calls. Issue commands from your web application.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_xml_curl</fielddescr> - <fieldname>mod_xml_curl</fieldname> - <description>XML Gateway Code. Configure FreeSWITCH from a web server on boot and on the fly.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_xml_cdr</fielddescr> - <fieldname>mod_xml_cdr</fieldname> - <description>XML based call detail record handler.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Event Handlers</b></fielddescr> - <fieldname>event_handlers</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_cdr_csv</fielddescr> - <fieldname>mod_cdr_csv</fieldname> - <description>CSV call detail record handler.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_event_multicast</fielddescr> - <fieldname>mod_event_multicast</fieldname> - <description>Broadcasts events to netmask.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_event_socket</fielddescr> - <fieldname>mod_event_socket</fieldname> - <description>Sends events via a single socket.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_zeroconf</fielddescr> - <fieldname>mod_zeroconf</fieldname> - <description>Support for zeroconf.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Directory Interfaces</b></fielddescr> - <fieldname>directory_interfaces</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_ldap</fielddescr> - <fieldname>mod_ldap</fieldname> - <description>LDAP module made to obtain dialplans, user accounts, etc.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Endpoints</b></fielddescr> - <fieldname>endpoints</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_dingaling</fielddescr> - <fieldname>mod_dingaling</fieldname> - <description>Jabber/GoogleTalk Talk integration module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_iax</fielddescr> - <fieldname>mod_iax</fieldname> - <description>IAX2.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_portaudio</fielddescr> - <fieldname>mod_portaudio</fieldname> - <description>Voice through a local soundcard.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_alsa</fielddescr> - <fieldname>mod_alsa</fieldname> - <description></description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_sofia</fielddescr> - <fieldname>mod_sofia</fieldname> - <description>SIP module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_loopback</fielddescr> - <fieldname>mod_loopback</fieldname> - <description>A loopback channel driver to make an outbound call as an inbound call.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_wanpipe</fielddescr> - <fieldname>mod_wanpipe</fieldname> - <description>T1/E1 Sangoma Card module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_woomera</fielddescr> - <fieldname>mod_woomera</fieldname> - <description>H.323/Woomera module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_openzap</fielddescr> - <fieldname>mod_openzap</fieldname> - <description>Interface to Zaptel hardware.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Applications</b></fielddescr> - <fieldname>applications</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_commands</fielddescr> - <fieldname>mod_commands</fieldname> - <description>A mass plethora of API interface commands.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_conference</fielddescr> - <fieldname>mod_conference</fieldname> - <description>Conference room module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_dptools</fielddescr> - <fieldname>mod_dptools</fieldname> - <description>Dialplan Tools: provides a number of apps and utilities for the dialplan.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_expr</fielddescr> - <fieldname>mod_expr</fieldname> - <description>Brian Allen Vanderburgs expression evaluation library.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_fax</fielddescr> - <fieldname>mod_fax</fieldname> - <description>FAX provides fax send and receive.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_fifo</fielddescr> - <fieldname>mod_fifo</fieldname> - <description>FIFO provides custom call queues including call park.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_voicemail</fielddescr> - <fieldname>mod_voicemail</fieldname> - <description>Full featured voicemail module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_limit</fielddescr> - <fieldname>mod_limit</fieldname> - <description>Resource limitation module.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_esf</fielddescr> - <fieldname>mod_esf</fieldname> - <description>Holds the multi cast paging application for SIP.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_fsv</fielddescr> - <fieldname>mod_fsv</fieldname> - <description>FreeSWITCH Video application (Recording and playback).</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>SNOM Module</b></fielddescr> - <fieldname>snom_module</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_snom</fielddescr> - <fieldname>mod_snom</fieldname> - <description></description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Dialplan Interfaces</b></fielddescr> - <fieldname>dialplan_interfaces</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_dialplan_directory</fielddescr> - <fieldname>mod_dialplan_directory</fieldname> - <description>Allows you to obtain a dialplan from a directory resource.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_dialplan_xml</fielddescr> - <fieldname>mod_dialplan_xml</fieldname> - <description>Allows you to program dialplans in XML format.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_dialplan_asterisk</fielddescr> - <fieldname>mod_dialplan_asterisk</fieldname> - <description>Allows you to create dialplans the old-fashioned way.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_yaml</fielddescr> - <fieldname>mod_yaml</fieldname> - <description>Allows you to program dialplans in YAML format.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Codec Interfaces</b></fielddescr> - <fieldname>codec_interfaces</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_voipcodecs</fielddescr> - <fieldname>mod_voipcodecs</fieldname> - <description></description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_g723_1</fielddescr> - <fieldname>mod_g723_1</fieldname> - <description>G.723.1 codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_g729</fielddescr> - <fieldname>mod_g729</fieldname> - <description>G729 codec is only supported in passthrough mode.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_amr</fielddescr> - <fieldname>mod_amr</fieldname> - <description>amr codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_ilbc</fielddescr> - <fieldname>mod_ilbc</fieldname> - <description>ILBC codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_speex</fielddescr> - <fieldname>mod_speex</fieldname> - <description>Speex codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_siren</fielddescr> - <fieldname>mod_siren</fieldname> - <description>Siren codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_celt</fielddescr> - <fieldname>mod_celt</fieldname> - <description>Celt codec.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_h26x</fielddescr> - <fieldname>mod_h26x</fieldname> - <description>H26X signed linear codec. Video Pass-thru.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>File Format Interfaces</b></fielddescr> - <fieldname>file_format_interfaces</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_sndfile</fielddescr> - <fieldname>mod_sndfile</fieldname> - <description>Multi-format file format transcoder (WAV, etc).</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_native_file</fielddescr> - <fieldname>mod_native_file</fieldname> - <description>File interface for codec specific file formats.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Streams/Files</b></fielddescr> - <fieldname>streams_files</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_shout</fielddescr> - <fieldname>mod_shout</fieldname> - <description>mp3 files and shoutcast streams.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_local_stream</fielddescr> - <fieldname>mod_local_stream</fieldname> - <description>For local streams (play all the files in a directory).</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_tone_stream</fielddescr> - <fieldname>mod_tone_stream</fieldname> - <description>Generate tone streams.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Languages</b></fielddescr> - <fieldname>languages</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_spidermonkey</fielddescr> - <fieldname>mod_spidermonkey</fieldname> - <description>JavaScript support.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_perl</fielddescr> - <fieldname>mod_perl</fieldname> - <description>Perl support.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_python</fielddescr> - <fieldname>mod_python</fieldname> - <description>Python support.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_java</fielddescr> - <fieldname>mod_java</fieldname> - <description>Java support.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_lua</fielddescr> - <fieldname>mod_lua</fieldname> - <description>Lua support.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>ASR /TTS</b></fielddescr> - <fieldname>asr_tts</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_flite</fielddescr> - <fieldname>mod_flite</fieldname> - <description>Free open source Text to Speech.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_pocketsphinx</fielddescr> - <fieldname>mod_pocketsphinx</fieldname> - <description>Free open source Speech Recognition.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_cepstral</fielddescr> - <fieldname>mod_cepstral</fieldname> - <description>Links into Cepstral for dynamic sound output. Not available on this build.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_openmrcp</fielddescr> - <fieldname>mod_openmrcp</fieldname> - <description>Module for an open MRCP implementation.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_rss</fielddescr> - <fieldname>mod_rss</fieldname> - <description>Reads RSS feeds via a TTS engine.</description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr><b>Say</b></fielddescr> - <fieldname>say</fieldname> - <description></description> - <type>listtopic</type> - </field> - <field> - <fielddescr>mod_say_en</fielddescr> - <fieldname>mod_say_en</fieldname> - <description></description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - <field> - <fielddescr>mod_say_zh</fielddescr> - <fieldname>mod_say_zh</fieldname> - <description></description> - <type>select</type> - <options> - <option> - <name>enable</name> - <value>enable</value> - </option> - <option> - <name>disable</name> - <value>disable</value> - </option> - </options> - </field> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_package_freeswitch_modules(); - </custom_php_resync_config_command> - <custom_delete_php_command> - sync_package_freeswitch_modules(); - </custom_delete_php_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_profile_edit.tmp b/config/freeswitch/freeswitch_profile_edit.tmp deleted file mode 100644 index 2466f115..00000000 --- a/config/freeswitch/freeswitch_profile_edit.tmp +++ /dev/null @@ -1,143 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_profile_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -$fd = fopen("/usr/local/freeswitch/conf/sip_profiles/".$_GET['f'], "r"); -$content = fread($fd, filesize("/usr/local/freeswitch/conf/sip_profiles/".$_GET['f'])); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Edit Profile</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_profiles.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Edit Profile<br> - </strong></span> - Use this to configure your SIP profiles. - </p> - </td> - <td align='right' valign='middle'>Filename: <input type="text" name="f" value="<?php echo $_GET['f']; ?>" /><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td>/usr/local/freeswitch/conf/sip_profiles/<?php echo $_GET['f']; ?></td> - <td align='right'> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_profiles.php?a=default&f=".$_GET['f']."';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_profiles.tmp b/config/freeswitch/freeswitch_profiles.tmp deleted file mode 100644 index 188619f4..00000000 --- a/config/freeswitch/freeswitch_profiles.tmp +++ /dev/null @@ -1,214 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_profiles.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp /usr/local/freeswitch/conf.orig/sip_profiles/".$_GET['f']." /usr/local/freeswitch/conf/sip_profiles/".$_GET['f']); - $savemsg = "Restore Default"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen("/usr/local/freeswitch/conf/sip_profiles/".$_POST['f'], "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -if ($_GET['a'] == "del") { - if ($_GET['type'] == 'profile') { - //if ($a_profiles[$_GET['id']]) { - //unset($a_extensions[$_GET['id']]); - //write_config(); - - exec("rm /usr/local/freeswitch/conf/sip_profiles/".$_GET['f']); - header("Location: freeswitch_profiles.php"); - exit; - //} - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Profiles</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_profiles.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Profiles<br> - </strong></span> - Use this to configure your SIP profiles. - </p></td> - </tr> - </table> - <br /> - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="25%" class="listhdrr">Name</td> - <td width="70%" class="listhdr">Description</td> - <td width="5%" class="list"> - </td> - </tr> - - - <?php - - foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$file){ - ?> - <tr> - <td class="listr" ondblclick="document.location='freeswitch_profile_edit.php?f=<?=$file;?>';" valign="middle"> - <?=$file;?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_profile_edit.php?f=<?=$file;?>';"> - <?php - - switch ($file) { - case "internal.xml": - echo "<font color='#FFFFFF'>"; - echo "The Internal profile by default requires registration which is most often used for extensions. "; - echo "By default the Internal profile binds to the WAN IP which is accessible to the internal network. "; - echo "A rule can be set from PFSense -> Firewall -> Rules -> WAN to the the WAN IP for port 5060 which "; - echo "enables phones register from outside the network."; - echo ""; - echo "</font>"; - echo " "; - break; - case "internal-ipv6.xml": - echo "<font color='#FFFFFF'>The Internal IPV6 profile binds to the IP version 6 address and is similar to the Internal profile.</font> "; - break; - case "external.xml": - echo "<font color='#FFFFFF'>"; - echo "The External profile handles outbound registrations to a SIP provider or other SIP Server. The SIP provider sends calls to you, and you "; - echo "send calls to your provider, through the external profile. The external profile allows anonymous calling, which is "; - echo "required as your provider will never authenticate with you to send you a call. Calls can be sent using a SIP URL \"my.domain.com:5080\" "; - echo "</font> "; - break; - case "lan.xml": - echo "<font color='#FFFFFF'>The LAN profile is the same as the Internal profile except that it is bound to the LAN IP.</font> "; - break; - default: - echo "<font color='#FFFFFF'>default</font> "; - } - ?> - </td> - <td valign="middle" nowrap class="list" valign="top"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_profile_edit.php?type=profile&f=<?=$file;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_profiles.php?type=profile&a=del&f=<?=$file;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - $i++; - } - - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -/usr/local/freeswitch/conf/sip_profiles -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_public.tmp b/config/freeswitch/freeswitch_public.tmp deleted file mode 100644 index 0c05fe47..00000000 --- a/config/freeswitch/freeswitch_public.tmp +++ /dev/null @@ -1,162 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_public.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp /usr/local/freeswitch/conf.orig/dialplan/public.xml /usr/local/freeswitch/conf/dialplan/public.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen("/usr/local/freeswitch/conf/dialplan/public.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen("/usr/local/freeswitch/conf/dialplan/public.xml", "r"); -$content = fread($fd, filesize("/usr/local/freeswitch/conf/dialplan/public.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Public</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_public.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Public<br> - </strong></span> - Directs inbound calls to extensions, IVRs, external numbers, and scripts. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td>/usr/local/freeswitch/conf/dialplan/public.xml</td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_public.php?a=default&f=public.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_public_includes.tmp b/config/freeswitch/freeswitch_public_includes.tmp deleted file mode 100644 index 51a535d4..00000000 --- a/config/freeswitch/freeswitch_public_includes.tmp +++ /dev/null @@ -1,282 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_public_includes.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -//freeswitchpublicincludes - //publicincludeid - //extensionname - //context - //default - //enabled - //descr - -//freeswitchpublicincludedetails - - //publicincludeid - //tag - //condition - //action - //antiaction - //param - //tagorder - //1-20 - //fieldtype - - //fielddata - - -$a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; -$a_public_includes_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludes') { - - if ($a_public_includes[$_GET['id']]) { - - $publicincludeid = $a_public_includes[$_GET['id']][publicincludeid]; - - $extensionname = $a_public_includes[$_GET['id']][extensionname]; - $order = $a_public_includes[$_GET['id']][order]; - $publicincludefilename = $order."_".$extensionname.".xml"; - - //delete the public include details. aka. child data - if (count($a_public_includes_details) > 0) { - $i=0; - if (count($a_public_includes_details) > 0) { - foreach($a_public_includes_details as $row) { - if ($row["publicincludeid"] == $publicincludeid) { - //echo "child id: ".$i."<br />\n"; - unset($a_public_includes_details[$i]); - } - $i++; - } - } - } - - //if the public include xml file exists then delete it - if (file_exists("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename)) { - unlink("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename); - } - - unset($publicincludefilename); - unset($a_public_includes[$_GET['id']]); - write_config(); - sync_package_freeswitch_public_includes(); - header("Location: freeswitch_public_includes.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Public</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_public_includes.php" method="post" name="iform" id="iform"> -<?php - - -//echo "<pre>"; -//print_r ($a_public_includes); -//echo "</pre>"; - - -//if ($config_change == 1) { -// write_config(); -// $config_change = 0; -//} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td><span class="vexpl"><span class="red"><strong>Public - </strong></span></span> - </td> - <td align='right'> - <input type='button' value='public.xml' alt='' onclick="document.location.href='/packages/freeswitch/freeswitch_public.php';"> - </td> - </tr> - <tr> - <td colspan='2'> - <span class="vexpl"> - The public dialplan is used to route incoming calls to destinations based on conditions and context. It can send incoming calls to IVRs, extensions, external numbers, and scripts. - </span> - </td> - - </tr> - </table> - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension Name</td> - <td width="25%" class="listhdrr">Order</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_public_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_public_includes) > 0) { - foreach ($a_public_includes as $ent) { - $a_public_includes[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["order"] > $b["order"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_includes) > 0) { usort($a_public_includes, "cmp_number"); } - - $i = 0; - if (count($a_public_includes) > 0) { - foreach ($a_public_includes as $ent) { - if (strlen($ent['extensionname'].$ent['enabled']) > 0) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['extensionname']?> - </td> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['order']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_public_includes.php?type=publicincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } //end if strlen - $i++; - } //end for each - } //end if count - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_public_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -/usr/local/freeswitch/conf/dialplan/public/ -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_public_includes_details.tmp b/config/freeswitch/freeswitch_public_includes_details.tmp deleted file mode 100755 index 3b3130b0..00000000 --- a/config/freeswitch/freeswitch_public_includes_details.tmp +++ /dev/null @@ -1,53 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_public_includes_details.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludedetails') { - if ($a_public_include_details[$_GET['id']]) { - unset($a_public_include_details[$_GET['id']]); - write_config(); - sync_package_freeswitch_public_includes(); - //touch($d_hostsdirty_path); - header("Location: freeswitch_public_includes_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch/freeswitch_public_includes_details_edit.tmp b/config/freeswitch/freeswitch_public_includes_details_edit.tmp deleted file mode 100644 index c6cba5be..00000000 --- a/config/freeswitch/freeswitch_public_includes_details_edit.tmp +++ /dev/null @@ -1,419 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_public_includes_details_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_public_includes_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$publicincludeid = $_GET['publicincludeid']; -if (isset($_POST['publicincludeid'])) { - $publicincludeid = $_POST['publicincludeid']; -} - - - //publicincludeid - //tag - //condition - //action - //antiaction - //param - //fieldtype - //fielddata - //fieldorder - //000-999 - -if (isset($id) && $a_public_includes_details[$id]) { - $pconfig['publicincludeid'] = $a_public_includes_details[$id]['publicincludeid']; - $pconfig['tag'] = $a_public_includes_details[$id]['tag']; - $pconfig['fieldtype'] = $a_public_includes_details[$id]['fieldtype']; - $pconfig['fielddata'] = $a_public_includes_details[$id]['fielddata']; - $pconfig['fieldorder'] = $a_public_includes_details[$id]['fieldorder']; -} -//else { -// if (isset($_GET['a'])) { -// if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } -// if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } -// } -//} - - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ent = array(); - $ent['publicincludeid'] = $_POST['publicincludeid']; - $ent['tag'] = $_POST['tag']; - $ent['fieldtype'] = $_POST['fieldtype']; - $ent['fielddata'] = $_POST['fielddata']; - $ent['fieldorder'] = $_POST['fieldorder']; - - if (isset($id) && $a_public_includes_details[$id]) { - //update - $a_public_includes_details[$id] = $ent; - } - else { - //add - $a_public_includes_details[] = $ent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_freeswitch_public_includes(); - - header("Location: freeswitch_public_includes_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Public: Details: Edit</p> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="freeswitch_public_includes_details_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Tag</td> - <td width="78%" class="vtable"> - <script type="text/javascript"> - function public_include_details_tag_onchange() { - var tag = document.getElementById("form_tag").value; - if (tag == "condition") { - document.getElementById("label_fieldtype").innerHTML = "Field"; - document.getElementById("label_fielddata").innerHTML = "Expression"; - } - else if (tag == "action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "anti-action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "param") { - document.getElementById("label_fieldtype").innerHTML = "Name"; - document.getElementById("label_fielddata").innerHTML = "Value"; - } - if (tag == "") { - document.getElementById("label_fieldtype").innerHTML = "Type"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - } - </script> - <?php - echo " <select name='tag' class='formfld' id='form_tag' onchange='public_include_details_tag_onchange();'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['tag'])) { - case "condition": - echo " <option selected='yes'>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "action": - echo " <option>condition</option>\n"; - echo " <option selected='yes'>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "anti-action": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option selected='yes'>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "param": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option selected='yes'>param</option>\n"; - break; - default: - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - } - echo " </select>\n"; - - //condition - //field expression - //action - //application - //data - //antiaction - //application - //data - //param - //name - //value - - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td> - <td width="78%" class="vtable"> - <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td> - <td width="78%" class="vtable"> - <input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>"> - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='fieldorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['fieldorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['fieldorder'])."'>".htmlspecialchars($pconfig['fieldorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="publicincludeid" type="hidden" value="<?=$publicincludeid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_public_includes_details[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - - <br /> - <br /> - <b>Example</b> - <br /> - <br /> - If the inbound call matches the DID 12085551234 then proceed to the action. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">condition</td></tr> - <tr><th class="vncellreq" align="left">Type:</th><td class="vtable">destination_number</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">^(12085551234)$</td></tr> - </table> - - <br /> - <br /> - - Transfer the inbound call to an IVR with extension of 5000. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr> - <tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">5000 XML default</td></tr> - </table> - - <br /> - <br /> - - Or transfer the inbound call to extension 1001. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr> - <tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">1001 XML default</td></tr> - </table> - - - <br /> - <br /> - <br /> - <br /> - - - <b>Conditions</b> - <br /> - <br /> - Conditions are pattern matching tags that help FreeSwitch decide if the current call should be processed in this extension or not. When matching conditions against the current call you have several <b>fields</b> that you can compare against. - <ul> - <li><b>context</b></li> - <li><b>rdnis</b> Redirected Number, the directory number to which the call was last presented.</li> - <li><b>destination_number</b> Called Number, the number this call is trying to reach (within a given context)</li> - <li><b>public</b> Name of the public module that are used, the name is provided by each public module. Example: XML</li> - <li><b>caller_id_name</b> Name of the caller (provided by the User Agent that has called us).</li> - <li><b>caller_id_number</b> Directory Number of the party who called (callee) -- can be masked (hidden)</li> - <li><b>ani</b> Automatic Number Identification, the number of the calling party (callee) -- cannot be masked</li> - <li><b>ani2</b> The type of device placing the call [1]</li> - <li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li> - <li><b>source</b> Name of the FreeSwitch module that received the call (e.g. PortAudio)</li> - <li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li> - <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li> - </ul> - In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args} - <br /> - <br /> - Variables may be used in either the field or the expression, as follows - - <br /> - <br /> - <br /> - <br /> - - <b>Action and Anti-Actions</b> - <br /> - <br /> - Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>. - Additional information on applications for Actions and Anti-Actions.<br /> - <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a> - <br /> - <a href='http://wiki.freeswitch.org/wiki/public_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/public_Functions</a> - <br /> - <br /> - <br /> - The following is a partial list of <b>applications</b>. - <ul> - <li><b>answer</b> answer the call</li> - <li><b>bridge</b> bridge the call<li> - <li><b>cond</b></li> - <li><b>db</b> is a a runtime database either sqlite by default or odbc</li> - <li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li> - <li><b>group</b> allows grouping of several extensions for things like ring groups</li> - <li><b>expr</b></li> - <li><b>hangup</b> hangs up the call</li> - <li><b>info</b> sends call info to the console</li> - <li><b>javascript</b> run javascript .js files</li> - <li><b>playback</b></li> - <li><b>reject</b> reject the call</li> - <li><b>respond</b></li> - <li><b>ring_ready</b></li> - <li><b>set</b> set a variable</li> - <li><b>set_user</b></li> - <li><b>sleep</b></li> - <li><b>sofia_contact</b></li> - <li><b>transfer</b> transfer the call to another extension or number<li> - <li><b>voicemail</b> send the call to voicemail</li> - </ul> - - - <br /> - <br /> - - <!-- - <b>Param</b> - Example parameters by name and value - <br /> - <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a> - <ul> - <li><b>codec-ms</b> 20</li> - <li><b>codec-prefs</b> PCMU@20i</li> - <li><b>debug</b> 1</li> - <li><b>public</b> XML</li> - <li><b>dtmf-duration</b> 100</li> - <li><b>rfc2833-pt</b>" 101</li> - <li><b>sip-port</b> 5060</li> - <li><b>use-rtp-timer</b> true</li> - </ul> - <br /> - <br /> - --> - - - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_public_includes_edit.tmp b/config/freeswitch/freeswitch_public_includes_edit.tmp deleted file mode 100644 index e98dedeb..00000000 --- a/config/freeswitch/freeswitch_public_includes_edit.tmp +++ /dev/null @@ -1,543 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_public_includes_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - - -//freeswitchpublicincludes - //publicincludeid - //extensionname - //context - //default - //enabled - //descr - -// - - - -$a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; -$a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - - -if (isset($id) && $a_public_includes[$id]) { - $pconfig['publicincludeid'] = $a_public_includes[$id]['publicincludeid']; - $publicincludeid = $a_public_includes[$id]['publicincludeid']; - $pconfig['extensionname'] = $a_public_includes[$id]['extensionname']; - $pconfig['order'] = $a_public_includes[$id]['order']; - $pconfig['context'] = $a_public_includes[$id]['context']; - $pconfig['enabled'] = $a_public_includes[$id]['enabled']; - $pconfig['descr'] = $a_public_includes[$id]['descr']; - $pconfig['opt1name'] = $a_public_includes[$id]['opt1name']; - $pconfig['opt1value'] = $a_public_includes[$id]['opt1value']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludedetails') { - if ($a_public_include_details[$_GET['id']]) { - unset($a_public_include_details[$_GET['id']]); - write_config(); - sync_package_freeswitch_public_includes(); - header("Location: freeswitch_public_include_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['publicincludeid']) > 0) { - //update - $ent['publicincludeid'] = $_POST['publicincludeid']; - } - else { - //add - $ent['publicincludeid'] = guid(); - } - $ent['extensionname'] = $_POST['extensionname']; - $ent['order'] = $_POST['order']; - //$ent['context'] = $_POST['context']; - $ent['context'] = 'default'; - $ent['enabled'] = $_POST['enabled']; - $ent['descr'] = $_POST['descr']; - $ent['opt1name'] = $_POST['opt1name']; - $ent['opt1value'] = $_POST['opt1value']; - - - - if (isset($id) && $a_public_includes[$id]) { - $a_public_includes = $config['installedpackages']['freeswitchpublicincludes']['config']; - if (count($a_public_includes) > 0) { - foreach($a_public_includes as $rowhelper) { - - //$rowhelper['publicincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $filenamechanged = false; - if ($rowhelper['publicincludeid'] == $_POST['publicincludeid']) { - - if ($rowhelper['extensionname'] != $_POST['extensionname']) { - //if the extension name has changed then remove the current public xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($rowhelper['order'] != $_POST['order']) { - //if the order has changed then remove the current public xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($_POST['enabled'] == "false") { - //if the extension name is disabled then remove the public xml file - $filenamechanged = true; - } - if ($filenamechanged){ - $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - if (file_exists("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename)) { - unlink("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename); - } - unset($publicincludefilename); - } - - } - unset($filenamechanged); - - } //end foreach - } //end if count - - //update the config - $a_public_includes[$id] = $ent; - } - else { - //add to the config - $a_public_includes[] = $ent; - } - - - write_config(); - sync_package_freeswitch_public_includes(); - - header("Location: freeswitch_public_includes.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Public: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Public:<br> - </strong></span> - Public Include general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="freeswitch_public_includes_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension Name</td> - <td width="78%" class="vtable"> - <input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>"> - <br /> - Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'. - </td> - </tr> - <!-- - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br /> - e.g. default - </td> - </tr> - --> - - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Order</td> - <td width="78%" class="vtable"> - <?php - - echo " <select name='order' class='formfld'>\n"; - echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['order']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each public include is determined by this order. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="publicincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['publicincludeid']);?>"> - <?php - if (strlen($id) > 0 && $a_public_includes[$id]) { - echo "\n"; - echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n"; - echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n"; - echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n"; - } - ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="freeswitch_public_includes_edit.php" method="post" name="iform2" id="iform2"> - <?php - - //echo "<pre>"; - //print_r ($a_public_includes); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - //create a temporary id for the array - $i = 0; - if (count($a_public_include_details) > 0) { - foreach ($a_public_include_details as $ent) { - $a_public_include_details[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number_public_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_include_details) > 0) { usort($a_public_include_details, "cmp_number_public_details"); } - - ?> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br /> - </strong></span> - The following conditions, actions and anti-actions are used in the public to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Tag</td> - <td width="40" class="listhdrr">Type</td> - <td width="50%" class="listhdrr">Data</td> - <td width="40" class="listhdrr">Order</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "action" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "param" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_public_includes_details_edit.php?parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_recordings.tmp b/config/freeswitch/freeswitch_recordings.tmp deleted file mode 100644 index 7d504d15..00000000 --- a/config/freeswitch/freeswitch_recordings.tmp +++ /dev/null @@ -1,494 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_recordings.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; -$dir_recordings = '/usr/local/freeswitch/recordings/'; -$dir_music_on_hold_8000 = '/usr/local/freeswitch/sounds/music/8000/'; - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] = "rec") { - if (file_exists($dir_recordings.$_GET['filename'])) { - $fd = fopen($dir_recordings.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - header("Content-Type: audio/x-wav"); - } - if ($file_ext == "mp3") { - header("Content-Type: audio/mp3"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_recordings.$_GET['filename'])); - fpassthru($fd); - } - } - - if ($_GET['type'] = "moh") { - if (file_exists($dir_music_on_hold_8000.$_GET['filename'])) { - $fd = fopen($dir_music_on_hold_8000.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - header("Content-Type: audio/x-wav"); - } - if ($file_ext == "mp3") { - header("Content-Type: audio/mp3"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_music_on_hold_8000.$_GET['filename'])); - fpassthru($fd); - } - } - - exit; -} -else { - //echo $dir_recordings.$_GET['filename']; -} - -if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { - - if ($_POST['type'] == 'moh') { - move_uploaded_file($_FILES['ulfile']['tmp_name'], $dir_music_on_hold_8000 . $_FILES['ulfile']['name']); - $savemsg = "Uploaded file to $dir_music_on_hold_8000" . htmlentities($_FILES['ulfile']['name']); - //system('chmod -R 744 $dir_music_on_hold_8000*'); - unset($_POST['txtCommand']); - } - if ($_POST['type'] == 'rec') { - move_uploaded_file($_FILES['ulfile']['tmp_name'], $dir_recordings . $_FILES['ulfile']['name']); - $savemsg = "Uploaded file to $dir_recordings" . htmlentities($_FILES['ulfile']['name']); - //system('chmod -R 744 $dir_recordings*'); - unset($_POST['txtCommand']); - } -} - - - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'rec') { - if ($a_recordings[$_GET['id']]) { - unlink_if_exists('/usr/local/freeswitch/recordings/'.$a_recordings[$_GET['id']]['filename']); - unset($a_recordings[$_GET['id']]); - write_config(); - header("Location: freeswitch_recordings.php"); - exit; - } - } - - if ($_GET['type'] == 'moh') { - unlink_if_exists($dir_music_on_hold_8000.$_GET['filename']); - header("Location: freeswitch_recordings.php"); - exit; - } - -} - - - -include("head.inc"); - -?> - -<script> -function EvalSound(soundobj) { - var thissound= eval("document."+soundobj); - thissound.Play(); -} -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Recordings</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<?php - - -//build a list of recordings from the config.xml -$config_recording_list = ''; -$i = 0; -if (count($a_recordings) > 0) { - foreach ($a_recordings as $recordingent) { - $config_recording_list .= $recordingent['filename']."|"; - $i++; - } -} - - - -$config_change = 0; -if (is_dir($dir_recordings)) { - if ($dh = opendir($dir_recordings)) { - while (($file = readdir($dh)) !== false) { - if (filetype($dir_recordings . $file) == "file") { - - if (strpos($config_recording_list, $file) === false) { - - //$handle = fopen($dir_recordings.$file,'rb'); - //$file_content = fread($handle,filesize($dir_recordings.$file)); - //fclose($handle); - - $a_file = split("\.", $file); - - $recordingent = array(); - $recordingent['filename'] = $file; - $recordingent['recordingname'] = $a_file[0]; - $recordingent['recordingid'] = guid(); - //$recordingent['filecontent'] = base64_encode($file_content); - $recordingent['descr'] = 'Auto'; - - $a_recordings[] = $recordingent; - write_config(); - - unset($file_content); - - } - else { - //echo "The file was found.<br/>"; - } - - } - } - closedir($dh); - } -} - - - -//saved for future use if and when config.xml scales well - //enough to save the files inside it -//$i = 0; -//if (count($a_recordings) > 0) { -// foreach ($a_recordings as $recordingent) { - -// if (!is_file($dir_recordings.$recordingent['filename'])) { - //echo "not found: ".$recordingent['filename']."<br />"; - - //recording not found restore the file from the config.xml - //$file_content = $recordingent['filecontent']; - //$handle = fopen($dir_recordings.$recordingent['filename'],'w'); - //fwrite ($handle, base64_decode($file_content)); - //unset($file_content); - //fclose($handle); - //$recordingent['filecontent'] = base64_encode($file_content); - - // loop through recordings in the config.xml - // if the file does not exist remove it from the file system. - //unset($a_recordings[$i]); - -// $config_change = 1; -// } -// else { - //echo "found: ".$recordingent['filename']."<br />"; -// } - -// $i++; -// } -//} - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Recordings:<br> - </strong></span> - To make a recording dial *732673 (record) or you can make a - 16bit 8khz/16khz Mono WAV file then copy it to the - following directory then refresh the page to play it back. - Click on the 'Filename' to download it or the 'Recording Name' to - play the audio. - </span></p></td> - </tr> - </table> - - <br /> - - <div id="niftyOutter"> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0'> - <tr> - <td width='50%'><b>location:</b> <?php echo $dir_recordings; ?></td> - <td valign="top" class="label"> - <input name="type" type="hidden" value="rec"> - </td> - <td align="right">File to upload:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="button" id="ulfile"> - <input name="submit" type="submit" class="button" id="upload" value="Upload"> - </td> - </tr> - </table> - </div> - </form> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30%" class="listhdrr">Filename (download)</td> - <td width="30%" class="listhdrr">Recording Name (play)</td> - <td width="30%" class="listhdr">Description</td> - <td width="10%" class="list"> - <!-- - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_recordings_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - --> - </td> - </tr> - - <?php - $i = 0; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $recordingent) { - if (strlen($recordingent['filename']) > 0) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_recordings_edit.php?id=<?=$i;?>'"> - <a href="freeswitch_recordings.php?a=download&type=rec&t=bin&filename=<?=$recordingent['filename'];?>"> - <?=$recordingent['filename']?> - </a> - </td> - <td class="listr" ondblclick="document.location='freeswitch_recordings_edit.php?id=<?=$i;?>';"> - <a href="javascript:void(0);" onclick="window.open('freeswitch_recordings_play.php?a=download&type=rec&filename=<?=$recordingent['filename'];?>', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')"> - <?=$recordingent['recordingname'];?> - </a> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_recordings_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($recordingent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_recordings_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_recordings.php?type=rec&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - else { - //clean up blank entries - unset($a_recordings[$i]); - write_config(); - } - - $i++; - } //end for each - } //end count - ?> - - <!-- - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_recordings_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - --> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Music on Hold:<br> - </strong></span> - Music on hold can be in WAV or MP3 format. To play an MP3 file you must have - mod_shout enabled on the 'Modules' tab. You can adjust the volume of the MP3 - audio from the 'Settings' tab. For best performance upload 16bit 8khz/16khz Mono WAV files. - <!--Click on the 'Filename' to download it or the 'Recording Name' to - play the audio.--> - </span></p></td> - </tr> - </table> - - <br /> - - <div id="niftyOutter"> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0'> - <tr> - <td width='50%'><b>location:</b> <?php echo $dir_music_on_hold_8000; ?></td> - <td valign="top" class="label"> - <input name="type" type="hidden" value="moh"> - </td> - <td align="right">File to upload:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="button" id="ulfile"> - <input name="submit" type="submit" class="button" id="upload" value="Upload"> - </td> - </tr> - </table> - </div> - </form> - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="28%" class="listhdrr">File Name (download)</td> - <td width="28%" class="listhdrr">Name (play)</td> - <td width="25%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_music_on_hold_8000)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_music_on_hold_8000.$file)) { - - $tmp_filesize = filesize($dir_music_on_hold_8000.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"freeswitch_recordings.php?a=download&type=moh&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"javascript:void(0);\" onclick=\"window.open('freeswitch_recordings_play.php?a=download&type=moh&filename=".$file."', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')\">\n"; - $tmp_file_array = split("\.",$file); - echo " ".$tmp_file_array[0]; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_music_on_hold_8000.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"freeswitch_recordings.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"freeswitch_recordings.php?type=moh&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_recordings_edit.tmp b/config/freeswitch/freeswitch_recordings_edit.tmp deleted file mode 100644 index e53c44fc..00000000 --- a/config/freeswitch/freeswitch_recordings_edit.tmp +++ /dev/null @@ -1,172 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_recordings_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_recordings[$id]) { - $pconfig['filename'] = $a_recordings[$id]['filename']; - $pconfig['recordingname'] = $a_recordings[$id]['recordingname']; - $pconfig['recordingid'] = $a_recordings[$id]['recordingid']; - $pconfig['descr'] = $a_recordings[$id]['descr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - - $recordingent = array(); - $recordingent['recordingname'] = $_POST['recordingname']; - $recordingent['descr'] = $_POST['descr']; - - - if (isset($id) && $a_recordings[$id]) { - //update - if (strlen($_POST['recordingid']) > 0) { - $recordingent['recordingid'] = $_POST['recordingid']; - } - else { - $recordingent['recordingid'] = guid(); - } - - $recordingent['filename'] = $_POST['filename']; - - //if file name is not the same then rename the file - if ($_POST['filename'] != $_POST['filename_orig']) { - rename('/usr/local/freeswitch/recordings/'.$_POST['filename_orig'], '/usr/local/freeswitch/recordings/'.$_POST['filename']); - } - $a_recordings[$id] = $recordingent; - } - else { - //add - $recordingent['filename'] = $_POST['filename']; - $a_recordings[] = $recordingent; - } - - write_config(); - - header("Location: freeswitch_recordings.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Recordings: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="freeswitch_recordings_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Filename</td> - <td width="78%" class="vtable"> - <input name="filename" type="text" class="formfld" id="filename" size="40" value="<?=htmlspecialchars($pconfig['filename']);?>"> - <br> <span class="vexpl">Name of the file<br> - e.g. <em>example.wav</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Name</td> - <td width="78%" class="vtable"> - <input name="recordingname" type="text" class="formfld" id="recordingname" size="40" value="<?=htmlspecialchars($pconfig['recordingname']);?>"> - <br> <span class="vexpl">Recording Name<br> - e.g. <em>recordingx</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_recordings[$id]): ?> - <input name="filename_orig" type="hidden" value="<?=htmlspecialchars($pconfig['filename']);?>"> - <input name="id" type="hidden" value="<?=$id;?>"> - <input name="recordingid" type="hidden" value="<?=htmlspecialchars($pconfig['recordingid']);?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_recordings_play.tmp b/config/freeswitch/freeswitch_recordings_play.tmp deleted file mode 100755 index 1c63b592..00000000 --- a/config/freeswitch/freeswitch_recordings_play.tmp +++ /dev/null @@ -1,70 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_recordings_play.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$filename = $_GET['filename']; -$type = $_GET['type']; //moh //rec - -?> -<html> -<head> -</head> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align='center'> - <b>file: <?=$filename?></b> - </td> - </tr> - <tr> - <td align='center'> - <?php - - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - echo "<embed src=\"freeswitch_recordings.php?a=download&type=".$type."&filename=".$filename."\" autostart=true width=200 height=40 name=\"sound".$$filename."\" enablejavascript=\"true\">\n"; - } - if ($file_ext == "mp3") { - echo "<object type=\"application/x-shockwave-flash\" width=\"400\" height=\"17\" data=\"slim.swf?autoplay=true&song_title=".urlencode($filename)."&song_url=".urlencode("/freeswitch/freeswitch_recordings.php?a=download&type=".$type."&filename=".$filename)."\">\n"; - echo "<param name=\"movie\" value=\"slim.swf?autoplay=true&song_url=".urlencode("/freeswitch/freeswitch_recordings.php?a=download&type=".$type."&filename=".$filename)."\" />\n"; - echo "<param name=\"quality\" value=\"high\"/>\n"; - echo "<param name=\"bgcolor\" value=\"#E6E6E6\"/>\n"; - echo "</object>\n"; - } - - ?> - </td> - </tr> -</table> - -</body> -</html> diff --git a/config/freeswitch/freeswitch_status.tmp b/config/freeswitch/freeswitch_status.tmp deleted file mode 100644 index 4fa4181a..00000000 --- a/config/freeswitch/freeswitch_status.tmp +++ /dev/null @@ -1,339 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_status.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -if ($_GET['a'] == "download") { - if ($_GET['t'] == "logs") { - $tmp = '/usr/local/freeswitch/log/'; - $filename = 'freeswitch.log'; - } - if ($_GET['t'] == "cdrcsv") { - $tmp = '/usr/local/freeswitch/log/cdr-csv/'; - $filename = 'Master.csv'; - } - if ($_GET['t'] == "backup") { - $tmp = '/root/backup/'; - $filename = 'freeswitch.bak.tgz'; - if (!is_dir('/root/backup/')) { - exec("mkdir /root/backup/"); - } - system('cd /usr/local/;tar cvzf /root/backup/freeswitch.bak.tgz freeswitch'); - } - session_cache_limiter('public'); - $fd = fopen($tmp.$filename, "rb"); - header("Content-Type: binary/octet-stream"); - header("Content-Length: " . filesize($tmp.$filename)); - header('Content-Disposition: attachment; filename="'.$filename.'"'); - fpassthru($fd); - exit; -} - -if ($_GET['a'] == "other") { - if ($_GET['t'] == "restore") { - $tmp = '/root/backup/'; - $filename = 'freeswitch.bak.tgz'; - - //extract a specific directory to /usr/local/freeswitch - if (file_exists('/root/backup/'.$filename)) { - //echo "The file $filename exists"; - - //Recommended - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/db/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/log/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/recordings/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/scripts/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/storage/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/custom/8000/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/music/8000/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/ssl'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/sip_profiles/'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/vars.xml'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/default.xml'); - system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/public.xml'); - - //Optional - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/'); - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/grammar/'); - //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/htdocs/'); - - header( 'Location: freeswitch_status.php?savemsg=Backup+has+been+restored.' ) ; - } - else { - header( 'Location: freeswitch_status.php?savemsg=Restore+failed.+Backup+file+not+found.' ) ; - } - - exit; - } -} - -include("head.inc"); - -$password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; -$port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; -$host = $config['interfaces']['lan']['ipaddr']; - -$savemsg = $_GET["savemsg"]; - -//if freeswitch is not running then start it -if (!pkg_is_service_running('freeswitch')) { - $handle = popen("/usr/local/etc/rc.d/freeswitch.sh start", "r"); - pclose($handle); - //give freeswitch time to load - sleep(7); -} -?> - -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "log" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: true - ,display: "later" - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<p class="pgtitle">FreeSWITCH: Status</font></p> - -<?php -if ($savemsg) { - print_info_box($savemsg); -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<?php - -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api sofia status"; -$response = event_socket_request($fp, $cmd); -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo " <b>sofia status</b> \n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='reloadxml' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+reloadxml';\" />\n"; -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<pre style=\"font-size: 9pt;\">\n"; -echo $response; -echo "</pre>\n"; -fclose($fp); -echo "<br /><br />\n\n"; - -foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){ - - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - $fp = event_socket_create($host, $port, $password); - $cmd = "api sofia status profile ".$sip_profile_name; - $response = event_socket_request($fp, $cmd); - echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; - echo "<tr>\n"; - echo "<td width='50%'>\n"; - echo " <b>sofia status profile $sip_profile_name</b> \n"; - echo "</td>\n"; - echo "<td width='50%' align='right'>\n"; - echo " <input type='button' value='start' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+start';\" />\n"; - echo " <input type='button' value='stop' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+stop';\" />\n"; - echo " <input type='button' value='restart' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+restart';\" />\n"; - if ($sip_profile_name == "external") { - echo " <input type='button' value='rescan' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+rescan';\" />\n"; - } - else { - echo " <input type='button' value='flush_inbound_reg' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+flush_inbound_reg';\" />\n"; - } - echo "</td>\n"; - echo "</tr>\n"; - echo "</table>\n"; - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; - fclose($fp); - echo "<br /><br />\n\n"; - -} - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api status"; -$response = event_socket_request($fp, $cmd); -echo "<b>status</b><br />\n"; -echo "<pre style=\"font-size: 9pt;\">\n"; -echo $response; -echo "</pre>\n"; -fclose($fp); -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api show channels"; -$response = event_socket_request($fp, $cmd); -echo "<b>show channels</b><br />\n"; -if (strlen($response) > 40) { - echo "<textarea cols='85' rows='10' wrap='off'>\n"; - echo $response; - echo "</textarea>\n"; -} -else { - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; -} -fclose($fp); -echo "<br /><br />\n\n"; -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api show calls"; -$response = event_socket_request($fp, $cmd); -echo "<b>show calls</b><br />\n"; -if (strlen($response) > 40) { - echo "<textarea cols='85' rows='10' wrap='off'>\n"; - echo $response; - echo "</textarea>\n"; -} -else { - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; -} -fclose($fp); -echo "<br /><br />\n\n"; -echo "<br /><br />\n\n"; - - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='80%'>\n"; -echo "<b>Backup / Restore</b><br />\n"; -echo "The 'backup' button will tar gzip /usr/local/freeswitch/ to /root/backup/freeswitch.bak.tgz it then presents a file to download. \n"; -echo "If the backup file does not exist in /root/backup/freeswitch.bak.tgz then the 'restore' button will be hidden. \n"; -echo "Use Diagnostics->Command->File to upload: to browse to the file and then click on upload it now ready to be restored. \n"; -echo "<br /><br />\n"; -echo "</td>\n"; -echo "<td width='20%' valign='middle' align='right'>\n"; -echo " <input type='button' value='backup' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=backup';\" />\n"; -if (file_exists('/root/backup/freeswitch.bak.tgz')) { - echo " <input type='button' value='restore' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=other&t=restore';\" />\n"; -} -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo "<b>Call Detail Records</b><br />\n"; -echo "/usr/local/freeswitch/log/cdr-csv/Master.csv<br /><br />\n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='download cdr csv' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=cdrcsv';\" />\n";echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo "<b>Logs</b><br />\n"; -echo "/usr/local/freeswitch/log/cdr-csv/freeswitch.log<br /><br />\n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='download logs' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=logs';\" />\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - - -echo "<b>tail -n 500 /usr/local/freeswitch/log/freeswitch.log</b><br />\n"; -echo "<textarea id='log' name='log' cols='93' rows='30' wrap='off'>\n"; -echo system("tail -n 500 /usr/local/freeswitch/log/freeswitch.log"); -echo "</textarea>\n"; -echo "<br /><br />\n\n"; - - -//$fp = event_socket_create($host, $port, $password); -//$cmd = "api sofia "; -//$response = event_socket_request($fp, $cmd); -//echo "<b>api sofia</b><br />\n"; -//echo "<pre style=\"font-size: 9pt;\">\n"; -//echo $response; -//echo "</pre>\n"; -//fclose($fp); -//echo "<br /><br />\n\n"; - -?> - - </td> - </tr> -</table> - -</div> -<?php include("fend.inc"); ?> - -</body> -</html> diff --git a/config/freeswitch/freeswitch_time_conditions.tmp b/config/freeswitch/freeswitch_time_conditions.tmp deleted file mode 100644 index 17787ad3..00000000 --- a/config/freeswitch/freeswitch_time_conditions.tmp +++ /dev/null @@ -1,178 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_time_conditions.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'ivroptions') { - if ($a_ivr_options[$_GET['id']]) { - unset($a_ivr_options[$_GET['id']]); - write_config(); - //touch($d_hostsdirty_path); - header("Location: freeswitch_ivr_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: IVR: Options</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_ivr_options.php" method="post" name="iform" id="iform"> -<?php - - -//echo "<pre>"; -//print_r ($a_ivr); -//echo "</pre>"; - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span> - To make a recording dial extension 700 or you can make a - 16bit 8khz/16khz Mono WAV file then copy it to the - following directory then refresh the page to play it back. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Filename</td> - <td width="25%" class="listhdrr">Name</td> - <td width="25%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_ivr_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php $i = 0; foreach ($a_ivr as $ivrent): ?> - <tr> - <td class="listlr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>'"> - <a href="javascript:void(0)" onclick="window.open('freeswitch_recordings_play.php?a=download&filename=<?=$recordingent['filename'];?>', 'play',' width=300,height=40,menubar=no,status=no,toolbar=no')"> - <?=$ivrent['filename']?> - </a> - </td> - <td class="listr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';"> - <?=$ivrent['recordingname'];?> - </td> - <td class="listbg" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($recordingent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="freeswitch_ivr_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="freeswitch_ivr_options.php?type=ivroption&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="freeswitch_ivr_options_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_time_conditions_edit.tmp b/config/freeswitch/freeswitch_time_conditions_edit.tmp deleted file mode 100644 index 45631929..00000000 --- a/config/freeswitch/freeswitch_time_conditions_edit.tmp +++ /dev/null @@ -1,201 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_time_conditions_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchtimeconditions']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -//$parentid = $_GET['parentid']; -//if (isset($_POST['parentid'])) { -// $parentid = $_POST['parentid']; -//} - -//$ivrid = $_GET['ivrid']; -//if (isset($_POST['ivrid'])) { -// $ivrid = $_POST['ivrid']; -//} - -if (isset($id) && $a_ivr_options[$id]) { - $pconfig['conditionname'] = $a_ivr_options[$id]['conditionname']; - $pconfig['conditionstartday'] = $a_ivr_options[$id]['conditionstartday']; - $pconfig['conditionstarthrs'] = $a_ivr_options[$id]['conditionstarthrs']; - $pconfig['conditionstartmin'] = $a_ivr_options[$id]['conditionstartmin']; - - $pconfig['conditionendday'] = $a_ivr_options[$id]['conditionendday']; - $pconfig['conditionendhrs'] = $a_ivr_options[$id]['conditionstarthrs']; - $pconfig['conditionendmin'] = $a_ivr_options[$id]['conditionendmin']; - - $pconfig['conditionaction'] = $a_ivr_options[$id]['conditionaction']; - $pconfig['conditionantiaction'] = $a_ivr_options[$id]['conditionantiaction']; - $pconfig['conditionjavascript'] = $a_ivr_options[$id]['conditionjavascript']; - $pconfig['conditiondescr'] = $a_ivr_options[$id]['conditiondescr']; -} - - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ivroptionent = array(); - $ivroptionent['ivrid'] = $_POST['ivrid']; - $ivroptionent['optionnumber'] = $_POST['optionnumber']; - $ivroptionent['optiontype'] = $_POST['optiontype']; - $ivroptionent['optiondest'] = $_POST['optiondest']; - $ivroptionent['optiondescr'] = $_POST['optiondescr']; - - if (isset($id) && $a_ivr_options[$id]) { - //update - $a_ivr_options[$id] = $ivroptionent; - } - else { - //add - $a_ivr_options[] = $ivroptionent; - } - - //touch($d_hostsdirty_path); - write_config(); - - header("Location: freeswitch_ivr_edit.php?id=".$parentid); - exit; - } -} - -$pgtitle = "FreeSWITCH: IVR: Options: Edit"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle"><?=$pgtitle?></p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <form action="freeswitch_ivr_options_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Option Number</td> - <td width="78%" class="vtable"> - <input name="optionnumber" type="text" class="formfld" id="optionnumber" size="40" value="<?=htmlspecialchars($pconfig['optionnumber']);?>"> - <br> <span class="vexpl">Option Number<br> - e.g. <em>1</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='optiontype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['optiontype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['optiontype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Destination</td> - <td width="78%" class="vtable"> - <input name="optiondest" type="text" class="formfld" id="optiondest" size="40" value="<?=htmlspecialchars($pconfig['optiondest']);?>"> - <br> <span class="vexpl">Destination<br> - e.g. <em>1001</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="optiondescr" type="text" class="formfld" id="optiondescr" size="40" value="<?=htmlspecialchars($pconfig['optiondescr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="ivrid" type="hidden" value="<?=$ivrid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_ivr_options[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/freeswitch_vars.tmp b/config/freeswitch/freeswitch_vars.tmp deleted file mode 100644 index 5e7a5744..00000000 --- a/config/freeswitch/freeswitch_vars.tmp +++ /dev/null @@ -1,162 +0,0 @@ -<?php -/* $Id$ */ -/* - freeswitch_vars.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/freeswitch.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp /usr/local/freeswitch/conf.orig/vars.xml /usr/local/freeswitch/conf/vars.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen("/usr/local/freeswitch/conf/vars.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen("/usr/local/freeswitch/conf/vars.xml", "r"); -$content = fread($fd, filesize("/usr/local/freeswitch/conf/vars.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php include("fbegin.inc"); ?> -<p class="pgtitle">FreeSWITCH: Variables</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -display_top_tabs(build_menu()); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="freeswitch_vars.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Variables<br> - </strong></span> - Define preprocessor variables here. Can be accessed in the xml configation with $${var_name}. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td>/usr/local/freeswitch/conf/vars.xml</td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_vars.php?a=default&f=vars.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch/index.tmp b/config/freeswitch/index.tmp deleted file mode 100644 index 68984113..00000000 --- a/config/freeswitch/index.tmp +++ /dev/null @@ -1,5 +0,0 @@ -<?php - -header( 'Location: /' ); - -?>
\ No newline at end of file diff --git a/config/freeswitch/libcurl.so.5 b/config/freeswitch/libcurl.so.5 Binary files differdeleted file mode 100755 index 3d57856f..00000000 --- a/config/freeswitch/libcurl.so.5 +++ /dev/null diff --git a/config/freeswitch/libiconv.so.3 b/config/freeswitch/libiconv.so.3 Binary files differdeleted file mode 100755 index f207e92c..00000000 --- a/config/freeswitch/libiconv.so.3 +++ /dev/null diff --git a/config/freeswitch/libncurses.so.5.6 b/config/freeswitch/libncurses.so.5.6 Binary files differdeleted file mode 100755 index 3b40374c..00000000 --- a/config/freeswitch/libncurses.so.5.6 +++ /dev/null diff --git a/config/freeswitch/libncurses.so.5.7 b/config/freeswitch/libncurses.so.5.7 Binary files differdeleted file mode 100755 index 3b40374c..00000000 --- a/config/freeswitch/libncurses.so.5.7 +++ /dev/null diff --git a/config/freeswitch/libodbc.so.1 b/config/freeswitch/libodbc.so.1 Binary files differdeleted file mode 100755 index eb7cb3af..00000000 --- a/config/freeswitch/libodbc.so.1 +++ /dev/null diff --git a/config/freeswitch/libogg.so.5.3 b/config/freeswitch/libogg.so.5.3 Binary files differdeleted file mode 100755 index d230b68e..00000000 --- a/config/freeswitch/libogg.so.5.3 +++ /dev/null diff --git a/config/freeswitch/libspandsp.so.1 b/config/freeswitch/libspandsp.so.1 Binary files differdeleted file mode 100755 index 177b8c22..00000000 --- a/config/freeswitch/libspandsp.so.1 +++ /dev/null diff --git a/config/freeswitch/libtinfo.so.5.6 b/config/freeswitch/libtinfo.so.5.6 Binary files differdeleted file mode 100755 index 1263ec79..00000000 --- a/config/freeswitch/libtinfo.so.5.6 +++ /dev/null diff --git a/config/freeswitch/libvorbis.so.4 b/config/freeswitch/libvorbis.so.4 Binary files differdeleted file mode 100755 index ec91ac85..00000000 --- a/config/freeswitch/libvorbis.so.4 +++ /dev/null diff --git a/config/freeswitch/originate.js b/config/freeswitch/originate.js deleted file mode 100644 index a7c6fa2e..00000000 --- a/config/freeswitch/originate.js +++ /dev/null @@ -1,84 +0,0 @@ -var uuid = argv[0]; -var sipuri = argv[1]; -var extension = argv[2]; -var caller_announce = argv[3]; -var caller_id_name = argv[4]; -var caller_id_number = argv[5]; -var tmp_sipuri; - -caller_id_name = caller_id_name.replace("+", " "); -//console_log( "info", "caller_announce: "+caller_announce+"\n" ); - -function originate (session, sipuri, extension, caller_announce, caller_id_name, caller_id_number) { - - var dtmf = new Object(); - var cid; - dtmf.digits = ""; - cid = ",origination_caller_id_name="+caller_id_name+",origination_caller_id_number="+caller_id_number; - - new_session = new Session("{ignore_early_media=true"+cid+"}"+sipuri); - new_session.execute("set", "call_timeout=30"); - - if ( new_session.ready() ) { - - console_log( "info", "followme: new_session uuid "+new_session.uuid+"\n" ); - console_log( "info", "followme: no dtmf detected\n" ); - - digitmaxlength = 1; - while (new_session.ready()) { - - if (caller_announce.length > 0) { - new_session.streamFile( "/tmp/"+caller_announce); - } - new_session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav"); - if (new_session.ready()) { - if (dtmf.digits.length == 0) { - dtmf.digits += new_session.getDigits(1, "#", 10000); // 10 seconds - if (dtmf.digits.length == 0) { - - } - else { - break; //dtmf found end the while loop - } - } - } - } - - if ( dtmf.digits.length > "0" ) { - if ( dtmf.digits == "1" ) { - console_log( "info", "followme: call accepted\n" ); //accept - new_session.execute("fifo", extension+"@${domain_name} out nowait"); - return true; - } - else if ( dtmf.digits == "2" ) { - console_log( "info", "followme: call rejected\n" ); //reject - new_session.hangup; - return false; - } - else if ( dtmf.digits == "3" ) { - console_log( "info", "followme: call sent to voicemail\n" ); //reject - new_session.hangup; - exit; - return true; - } - - } - else { - console_log( "info", "followme: no dtmf detected\n" ); //reject - new_session.hangup; - return false; - } - - } -} - -sipuri_array = sipuri.split(","); -for (i = 0; i < sipuri_array.length; i++){ - tmp_sipuri = sipuri_array[i]; - console_log("info", "tmp_sipuri: "+tmp_sipuri); - result = originate (session, tmp_sipuri, extension, caller_announce, caller_id_name, caller_id_number); - if (result) { - break; - exit; - } -}
\ No newline at end of file diff --git a/config/freeswitch/please_enter_the_extension_number.wav b/config/freeswitch/please_enter_the_extension_number.wav Binary files differdeleted file mode 100644 index d9384b0f..00000000 --- a/config/freeswitch/please_enter_the_extension_number.wav +++ /dev/null diff --git a/config/freeswitch/please_enter_the_phone_number.wav b/config/freeswitch/please_enter_the_phone_number.wav Binary files differdeleted file mode 100644 index 9cb4057b..00000000 --- a/config/freeswitch/please_enter_the_phone_number.wav +++ /dev/null diff --git a/config/freeswitch/please_enter_the_pin_number.wav b/config/freeswitch/please_enter_the_pin_number.wav Binary files differdeleted file mode 100644 index 107728a5..00000000 --- a/config/freeswitch/please_enter_the_pin_number.wav +++ /dev/null diff --git a/config/freeswitch/please_enter_your_pin_number.wav b/config/freeswitch/please_enter_your_pin_number.wav Binary files differdeleted file mode 100755 index 46263917..00000000 --- a/config/freeswitch/please_enter_your_pin_number.wav +++ /dev/null diff --git a/config/freeswitch/please_say_your_name_and_reason_for_calling.wav b/config/freeswitch/please_say_your_name_and_reason_for_calling.wav Binary files differdeleted file mode 100644 index 325a879d..00000000 --- a/config/freeswitch/please_say_your_name_and_reason_for_calling.wav +++ /dev/null diff --git a/config/freeswitch/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav b/config/freeswitch/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav Binary files differdeleted file mode 100644 index 9c01616a..00000000 --- a/config/freeswitch/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav +++ /dev/null diff --git a/config/freeswitch/your_pin_number_is_incorect_goodbye.wav b/config/freeswitch/your_pin_number_is_incorect_goodbye.wav Binary files differdeleted file mode 100755 index 5683bb8e..00000000 --- a/config/freeswitch/your_pin_number_is_incorect_goodbye.wav +++ /dev/null diff --git a/config/freeswitch_dev/begin_recording.wav b/config/freeswitch_dev/begin_recording.wav Binary files differdeleted file mode 100755 index 9e4992ca..00000000 --- a/config/freeswitch_dev/begin_recording.wav +++ /dev/null diff --git a/config/freeswitch_dev/call_forward_has_been_deleted.wav b/config/freeswitch_dev/call_forward_has_been_deleted.wav Binary files differdeleted file mode 100644 index ebe6ed36..00000000 --- a/config/freeswitch_dev/call_forward_has_been_deleted.wav +++ /dev/null diff --git a/config/freeswitch_dev/call_forward_has_been_set.wav b/config/freeswitch_dev/call_forward_has_been_set.wav Binary files differdeleted file mode 100644 index 58262852..00000000 --- a/config/freeswitch_dev/call_forward_has_been_set.wav +++ /dev/null diff --git a/config/freeswitch_dev/class.phpmailer.tmp b/config/freeswitch_dev/class.phpmailer.tmp deleted file mode 100755 index 2ddc30fd..00000000 --- a/config/freeswitch_dev/class.phpmailer.tmp +++ /dev/null @@ -1,1896 +0,0 @@ -<?php -/*~ class.phpmailer.php -.---------------------------------------------------------------------------. -| Software: PHPMailer - PHP email class | -| Version: 2.0.2 | -| Contact: via sourceforge.net support pages (also www.codeworxtech.com) | -| Info: http://phpmailer.sourceforge.net | -| Support: http://sourceforge.net/projects/phpmailer/ | -| ------------------------------------------------------------------------- | -| Author: Andy Prevost (project admininistrator) | -| Author: Brent R. Matzelle (original founder) | -| Copyright (c) 2004-2007, Andy Prevost. All Rights Reserved. | -| Copyright (c) 2001-2003, Brent R. Matzelle | -| ------------------------------------------------------------------------- | -| License: Distributed under the Lesser General Public License (LGPL) | -| http://www.gnu.org/copyleft/lesser.html | -| This program is distributed in the hope that it will be useful - WITHOUT | -| ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | -| FITNESS FOR A PARTICULAR PURPOSE. | -| ------------------------------------------------------------------------- | -| We offer a number of paid services (www.codeworxtech.com): | -| - Web Hosting on highly optimized fast and secure servers | -| - Technology Consulting | -| - Oursourcing (highly qualified programmers and graphic designers) | -'---------------------------------------------------------------------------' - -/** - * PHPMailer - PHP email transport class - * @package PHPMailer - * @author Andy Prevost - * @copyright 2004 - 2008 Andy Prevost - */ - -class PHPMailer { - - ///////////////////////////////////////////////// - // PROPERTIES, PUBLIC - ///////////////////////////////////////////////// - - /** - * Email priority (1 = High, 3 = Normal, 5 = low). - * @var int - */ - var $Priority = 3; - - /** - * Sets the CharSet of the message. - * @var string - */ - var $CharSet = 'iso-8859-1'; - - /** - * Sets the Content-type of the message. - * @var string - */ - var $ContentType = 'text/plain'; - - /** - * Sets the Encoding of the message. Options for this are "8bit", - * "7bit", "binary", "base64", and "quoted-printable". - * @var string - */ - var $Encoding = '8bit'; - - /** - * Holds the most recent mailer error message. - * @var string - */ - var $ErrorInfo = ''; - - /** - * Sets the From email address for the message. - * @var string - */ - var $From = 'root@localhost'; - - /** - * Sets the From name of the message. - * @var string - */ - var $FromName = 'Root User'; - - /** - * Sets the Sender email (Return-Path) of the message. If not empty, - * will be sent via -f to sendmail or as 'MAIL FROM' in smtp mode. - * @var string - */ - var $Sender = ''; - - /** - * Sets the Subject of the message. - * @var string - */ - var $Subject = ''; - - /** - * Sets the Body of the message. This can be either an HTML or text body. - * If HTML then run IsHTML(true). - * @var string - */ - var $Body = ''; - - /** - * Sets the text-only body of the message. This automatically sets the - * email to multipart/alternative. This body can be read by mail - * clients that do not have HTML email capability such as mutt. Clients - * that can read HTML will view the normal Body. - * @var string - */ - var $AltBody = ''; - - /** - * Sets word wrapping on the body of the message to a given number of - * characters. - * @var int - */ - var $WordWrap = 0; - - /** - * Method to send mail: ("mail", "sendmail", or "smtp"). - * @var string - */ - var $Mailer = 'mail'; - - /** - * Sets the path of the sendmail program. - * @var string - */ - var $Sendmail = '/usr/sbin/sendmail'; - - /** - * Path to PHPMailer plugins. This is now only useful if the SMTP class - * is in a different directory than the PHP include path. - * @var string - */ - var $PluginDir = ''; - - /** - * Holds PHPMailer version. - * @var string - */ - var $Version = "2.0.2"; - - /** - * Sets the email address that a reading confirmation will be sent. - * @var string - */ - var $ConfirmReadingTo = ''; - - /** - * Sets the hostname to use in Message-Id and Received headers - * and as default HELO string. If empty, the value returned - * by SERVER_NAME is used or 'localhost.localdomain'. - * @var string - */ - var $Hostname = ''; - - /** - * Sets the message ID to be used in the Message-Id header. - * If empty, a unique id will be generated. - * @var string - */ - var $MessageID = ''; - - ///////////////////////////////////////////////// - // PROPERTIES FOR SMTP - ///////////////////////////////////////////////// - - /** - * Sets the SMTP hosts. All hosts must be separated by a - * semicolon. You can also specify a different port - * for each host by using this format: [hostname:port] - * (e.g. "smtp1.example.com:25;smtp2.example.com"). - * Hosts will be tried in order. - * @var string - */ - var $Host = 'localhost'; - - /** - * Sets the default SMTP server port. - * @var int - */ - var $Port = 25; - - /** - * Sets the SMTP HELO of the message (Default is $Hostname). - * @var string - */ - var $Helo = ''; - - /** - * Sets connection prefix. - * Options are "", "ssl" or "tls" - * @var string - */ - var $SMTPSecure = ""; - - /** - * Sets SMTP authentication. Utilizes the Username and Password variables. - * @var bool - */ - var $SMTPAuth = false; - - /** - * Sets SMTP username. - * @var string - */ - var $Username = ''; - - /** - * Sets SMTP password. - * @var string - */ - var $Password = ''; - - /** - * Sets the SMTP server timeout in seconds. This function will not - * work with the win32 version. - * @var int - */ - var $Timeout = 10; - - /** - * Sets SMTP class debugging on or off. - * @var bool - */ - var $SMTPDebug = false; - - /** - * Prevents the SMTP connection from being closed after each mail - * sending. If this is set to true then to close the connection - * requires an explicit call to SmtpClose(). - * @var bool - */ - var $SMTPKeepAlive = false; - - /** - * Provides the ability to have the TO field process individual - * emails, instead of sending to entire TO addresses - * @var bool - */ - var $SingleTo = false; - - ///////////////////////////////////////////////// - // PROPERTIES, PRIVATE - ///////////////////////////////////////////////// - - var $smtp = NULL; - var $to = array(); - var $cc = array(); - var $bcc = array(); - var $ReplyTo = array(); - var $attachment = array(); - var $CustomHeader = array(); - var $message_type = ''; - var $boundary = array(); - var $language = array(); - var $error_count = 0; - var $LE = "\n"; - var $sign_key_file = ""; - var $sign_key_pass = ""; - - ///////////////////////////////////////////////// - // METHODS, VARIABLES - ///////////////////////////////////////////////// - - /** - * Sets message type to HTML. - * @param bool $bool - * @return void - */ - function IsHTML($bool) { - if($bool == true) { - $this->ContentType = 'text/html'; - } else { - $this->ContentType = 'text/plain'; - } - } - - /** - * Sets Mailer to send message using SMTP. - * @return void - */ - function IsSMTP() { - $this->Mailer = 'smtp'; - } - - /** - * Sets Mailer to send message using PHP mail() function. - * @return void - */ - function IsMail() { - $this->Mailer = 'mail'; - } - - /** - * Sets Mailer to send message using the $Sendmail program. - * @return void - */ - function IsSendmail() { - $this->Mailer = 'sendmail'; - } - - /** - * Sets Mailer to send message using the qmail MTA. - * @return void - */ - function IsQmail() { - $this->Sendmail = '/var/qmail/bin/sendmail'; - $this->Mailer = 'sendmail'; - } - - ///////////////////////////////////////////////// - // METHODS, RECIPIENTS - ///////////////////////////////////////////////// - - /** - * Adds a "To" address. - * @param string $address - * @param string $name - * @return void - */ - function AddAddress($address, $name = '') { - $cur = count($this->to); - $this->to[$cur][0] = trim($address); - $this->to[$cur][1] = $name; - } - - /** - * Adds a "Cc" address. Note: this function works - * with the SMTP mailer on win32, not with the "mail" - * mailer. - * @param string $address - * @param string $name - * @return void - */ - function AddCC($address, $name = '') { - $cur = count($this->cc); - $this->cc[$cur][0] = trim($address); - $this->cc[$cur][1] = $name; - } - - /** - * Adds a "Bcc" address. Note: this function works - * with the SMTP mailer on win32, not with the "mail" - * mailer. - * @param string $address - * @param string $name - * @return void - */ - function AddBCC($address, $name = '') { - $cur = count($this->bcc); - $this->bcc[$cur][0] = trim($address); - $this->bcc[$cur][1] = $name; - } - - /** - * Adds a "Reply-To" address. - * @param string $address - * @param string $name - * @return void - */ - function AddReplyTo($address, $name = '') { - $cur = count($this->ReplyTo); - $this->ReplyTo[$cur][0] = trim($address); - $this->ReplyTo[$cur][1] = $name; - } - - ///////////////////////////////////////////////// - // METHODS, MAIL SENDING - ///////////////////////////////////////////////// - - /** - * Creates message and assigns Mailer. If the message is - * not sent successfully then it returns false. Use the ErrorInfo - * variable to view description of the error. - * @return bool - */ - function Send() { - $header = ''; - $body = ''; - $result = true; - - if((count($this->to) + count($this->cc) + count($this->bcc)) < 1) { - $this->SetError($this->Lang('provide_address')); - return false; - } - - /* Set whether the message is multipart/alternative */ - if(!empty($this->AltBody)) { - $this->ContentType = 'multipart/alternative'; - } - - $this->error_count = 0; // reset errors - $this->SetMessageType(); - $header .= $this->CreateHeader(); - $body = $this->CreateBody(); - - if($body == '') { - return false; - } - - /* Choose the mailer */ - switch($this->Mailer) { - case 'sendmail': - $result = $this->SendmailSend($header, $body); - break; - case 'smtp': - $result = $this->SmtpSend($header, $body); - break; - case 'mail': - $result = $this->MailSend($header, $body); - break; - default: - $result = $this->MailSend($header, $body); - break; - //$this->SetError($this->Mailer . $this->Lang('mailer_not_supported')); - //$result = false; - //break; - } - - return $result; - } - - /** - * Sends mail using the $Sendmail program. - * @access private - * @return bool - */ - function SendmailSend($header, $body) { - if ($this->Sender != '') { - $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); - } else { - $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); - } - - if(!@$mail = popen($sendmail, 'w')) { - $this->SetError($this->Lang('execute') . $this->Sendmail); - return false; - } - - fputs($mail, $header); - fputs($mail, $body); - - $result = pclose($mail); - if (version_compare(phpversion(), '4.2.3') == -1) { - $result = $result >> 8 & 0xFF; - } - if($result != 0) { - $this->SetError($this->Lang('execute') . $this->Sendmail); - return false; - } - return true; - } - - /** - * Sends mail using the PHP mail() function. - * @access private - * @return bool - */ - function MailSend($header, $body) { - - $to = ''; - for($i = 0; $i < count($this->to); $i++) { - if($i != 0) { $to .= ', '; } - $to .= $this->AddrFormat($this->to[$i]); - } - - $toArr = split(',', $to); - - $params = sprintf("-oi -f %s", $this->Sender); - if ($this->Sender != '' && strlen(ini_get('safe_mode')) < 1) { - $old_from = ini_get('sendmail_from'); - ini_set('sendmail_from', $this->Sender); - if ($this->SingleTo === true && count($toArr) > 1) { - foreach ($toArr as $key => $val) { - $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - if ($this->SingleTo === true && count($toArr) > 1) { - foreach ($toArr as $key => $val) { - $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); - } - } else { - $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header); - } - } - - if (isset($old_from)) { - ini_set('sendmail_from', $old_from); - } - - if(!$rt) { - $this->SetError($this->Lang('instantiate')); - return false; - } - - return true; - } - - /** - * Sends mail via SMTP using PhpSMTP (Author: - * Chris Ryan). Returns bool. Returns false if there is a - * bad MAIL FROM, RCPT, or DATA input. - * @access private - * @return bool - */ - function SmtpSend($header, $body) { - include_once($this->PluginDir . 'class.smtp.php'); - $error = ''; - $bad_rcpt = array(); - - if(!$this->SmtpConnect()) { - return false; - } - - $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender; - if(!$this->smtp->Mail($smtp_from)) { - $error = $this->Lang('from_failed') . $smtp_from; - $this->SetError($error); - $this->smtp->Reset(); - return false; - } - - /* Attempt to send attach all recipients */ - for($i = 0; $i < count($this->to); $i++) { - if(!$this->smtp->Recipient($this->to[$i][0])) { - $bad_rcpt[] = $this->to[$i][0]; - } - } - for($i = 0; $i < count($this->cc); $i++) { - if(!$this->smtp->Recipient($this->cc[$i][0])) { - $bad_rcpt[] = $this->cc[$i][0]; - } - } - for($i = 0; $i < count($this->bcc); $i++) { - if(!$this->smtp->Recipient($this->bcc[$i][0])) { - $bad_rcpt[] = $this->bcc[$i][0]; - } - } - - if(count($bad_rcpt) > 0) { // Create error message - for($i = 0; $i < count($bad_rcpt); $i++) { - if($i != 0) { - $error .= ', '; - } - $error .= $bad_rcpt[$i]; - } - $error = $this->Lang('recipients_failed') . $error; - $this->SetError($error); - $this->smtp->Reset(); - return false; - } - - if(!$this->smtp->Data($header . $body)) { - $this->SetError($this->Lang('data_not_accepted')); - $this->smtp->Reset(); - return false; - } - if($this->SMTPKeepAlive == true) { - $this->smtp->Reset(); - } else { - $this->SmtpClose(); - } - - return true; - } - - /** - * Initiates a connection to an SMTP server. Returns false if the - * operation failed. - * @access private - * @return bool - */ - function SmtpConnect() { - if($this->smtp == NULL) { - $this->smtp = new SMTP(); - } - - $this->smtp->do_debug = $this->SMTPDebug; - $hosts = explode(';', $this->Host); - $index = 0; - $connection = ($this->smtp->Connected()); - - /* Retry while there is no connection */ - while($index < count($hosts) && $connection == false) { - $hostinfo = array(); - if(eregi('^(.+):([0-9]+)$', $hosts[$index], $hostinfo)) { - $host = $hostinfo[1]; - $port = $hostinfo[2]; - } else { - $host = $hosts[$index]; - $port = $this->Port; - } - - if($this->smtp->Connect(((!empty($this->SMTPSecure))?$this->SMTPSecure.'://':'').$host, $port, $this->Timeout)) { - if ($this->Helo != '') { - $this->smtp->Hello($this->Helo); - } else { - $this->smtp->Hello($this->ServerHostname()); - } - - $connection = true; - if($this->SMTPAuth) { - if(!$this->smtp->Authenticate($this->Username, $this->Password)) { - $this->SetError($this->Lang('authenticate')); - $this->smtp->Reset(); - $connection = false; - } - } - } - $index++; - } - if(!$connection) { - $this->SetError($this->Lang('connect_host')); - } - - return $connection; - } - - /** - * Closes the active SMTP session if one exists. - * @return void - */ - function SmtpClose() { - if($this->smtp != NULL) { - if($this->smtp->Connected()) { - $this->smtp->Quit(); - $this->smtp->Close(); - } - } - } - - /** - * Sets the language for all class error messages. Returns false - * if it cannot load the language file. The default language type - * is English. - * @param string $lang_type Type of language (e.g. Portuguese: "br") - * @param string $lang_path Path to the language file directory - * @access public - * @return bool - */ - function SetLanguage($lang_type, $lang_path = 'language/') { - if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php')) { - include($lang_path.'phpmailer.lang-'.$lang_type.'.php'); - } elseif (file_exists($lang_path.'phpmailer.lang-en.php')) { - include($lang_path.'phpmailer.lang-en.php'); - } else { - $this->SetError('Could not load language file'); - return false; - } - $this->language = $PHPMAILER_LANG; - - return true; - } - - ///////////////////////////////////////////////// - // METHODS, MESSAGE CREATION - ///////////////////////////////////////////////// - - /** - * Creates recipient headers. - * @access private - * @return string - */ - function AddrAppend($type, $addr) { - $addr_str = $type . ': '; - $addr_str .= $this->AddrFormat($addr[0]); - if(count($addr) > 1) { - for($i = 1; $i < count($addr); $i++) { - $addr_str .= ', ' . $this->AddrFormat($addr[$i]); - } - } - $addr_str .= $this->LE; - - return $addr_str; - } - - /** - * Formats an address correctly. - * @access private - * @return string - */ - function AddrFormat($addr) { - if(empty($addr[1])) { - $formatted = $this->SecureHeader($addr[0]); - } else { - $formatted = $this->EncodeHeader($this->SecureHeader($addr[1]), 'phrase') . " <" . $this->SecureHeader($addr[0]) . ">"; - } - - return $formatted; - } - - /** - * Wraps message for use with mailers that do not - * automatically perform wrapping and for quoted-printable. - * Original written by philippe. - * @access private - * @return string - */ - function WrapText($message, $length, $qp_mode = false) { - $soft_break = ($qp_mode) ? sprintf(" =%s", $this->LE) : $this->LE; - // If utf-8 encoding is used, we will need to make sure we don't - // split multibyte characters when we wrap - $is_utf8 = (strtolower($this->CharSet) == "utf-8"); - - $message = $this->FixEOL($message); - if (substr($message, -1) == $this->LE) { - $message = substr($message, 0, -1); - } - - $line = explode($this->LE, $message); - $message = ''; - for ($i=0 ;$i < count($line); $i++) { - $line_part = explode(' ', $line[$i]); - $buf = ''; - for ($e = 0; $e<count($line_part); $e++) { - $word = $line_part[$e]; - if ($qp_mode and (strlen($word) > $length)) { - $space_left = $length - strlen($buf) - 1; - if ($e != 0) { - if ($space_left > 20) { - $len = $space_left; - if ($is_utf8) { - $len = $this->UTF8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == "=") { - $len--; - } elseif (substr($word, $len - 2, 1) == "=") { - $len -= 2; - } - $part = substr($word, 0, $len); - $word = substr($word, $len); - $buf .= ' ' . $part; - $message .= $buf . sprintf("=%s", $this->LE); - } else { - $message .= $buf . $soft_break; - } - $buf = ''; - } - while (strlen($word) > 0) { - $len = $length; - if ($is_utf8) { - $len = $this->UTF8CharBoundary($word, $len); - } elseif (substr($word, $len - 1, 1) == "=") { - $len--; - } elseif (substr($word, $len - 2, 1) == "=") { - $len -= 2; - } - $part = substr($word, 0, $len); - $word = substr($word, $len); - - if (strlen($word) > 0) { - $message .= $part . sprintf("=%s", $this->LE); - } else { - $buf = $part; - } - } - } else { - $buf_o = $buf; - $buf .= ($e == 0) ? $word : (' ' . $word); - - if (strlen($buf) > $length and $buf_o != '') { - $message .= $buf_o . $soft_break; - $buf = $word; - } - } - } - $message .= $buf . $this->LE; - } - - return $message; - } - - /** - * Finds last character boundary prior to maxLength in a utf-8 - * quoted (printable) encoded string. - * Original written by Colin Brown. - * @access private - * @param string $encodedText utf-8 QP text - * @param int $maxLength find last character boundary prior to this length - * @return int - */ - function UTF8CharBoundary($encodedText, $maxLength) { - $foundSplitPos = false; - $lookBack = 3; - while (!$foundSplitPos) { - $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); - $encodedCharPos = strpos($lastChunk, "="); - if ($encodedCharPos !== false) { - // Found start of encoded character byte within $lookBack block. - // Check the encoded byte value (the 2 chars after the '=') - $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); - $dec = hexdec($hex); - if ($dec < 128) { // Single byte character. - // If the encoded char was found at pos 0, it will fit - // otherwise reduce maxLength to start of the encoded char - $maxLength = ($encodedCharPos == 0) ? $maxLength : - $maxLength - ($lookBack - $encodedCharPos); - $foundSplitPos = true; - } elseif ($dec >= 192) { // First byte of a multi byte character - // Reduce maxLength to split at start of character - $maxLength = $maxLength - ($lookBack - $encodedCharPos); - $foundSplitPos = true; - } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back - $lookBack += 3; - } - } else { - // No encoded character found - $foundSplitPos = true; - } - } - return $maxLength; - } - - /** - * Set the body wrapping. - * @access private - * @return void - */ - function SetWordWrap() { - if($this->WordWrap < 1) { - return; - } - - switch($this->message_type) { - case 'alt': - /* fall through */ - case 'alt_attachments': - $this->AltBody = $this->WrapText($this->AltBody, $this->WordWrap); - break; - default: - $this->Body = $this->WrapText($this->Body, $this->WordWrap); - break; - } - } - - /** - * Assembles message header. - * @access private - * @return string - */ - function CreateHeader() { - $result = ''; - - /* Set the boundaries */ - $uniq_id = md5(uniqid(time())); - $this->boundary[1] = 'b1_' . $uniq_id; - $this->boundary[2] = 'b2_' . $uniq_id; - - $result .= $this->HeaderLine('Date', $this->RFCDate()); - if($this->Sender == '') { - $result .= $this->HeaderLine('Return-Path', trim($this->From)); - } else { - $result .= $this->HeaderLine('Return-Path', trim($this->Sender)); - } - - /* To be created automatically by mail() */ - if($this->Mailer != 'mail') { - if(count($this->to) > 0) { - $result .= $this->AddrAppend('To', $this->to); - } elseif (count($this->cc) == 0) { - $result .= $this->HeaderLine('To', 'undisclosed-recipients:;'); - } - if(count($this->cc) > 0) { - $result .= $this->AddrAppend('Cc', $this->cc); - } - } - - $from = array(); - $from[0][0] = trim($this->From); - $from[0][1] = $this->FromName; - $result .= $this->AddrAppend('From', $from); - - /* sendmail and mail() extract Cc from the header before sending */ - if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->cc) > 0)) { - $result .= $this->AddrAppend('Cc', $this->cc); - } - - /* sendmail and mail() extract Bcc from the header before sending */ - if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) { - $result .= $this->AddrAppend('Bcc', $this->bcc); - } - - if(count($this->ReplyTo) > 0) { - $result .= $this->AddrAppend('Reply-To', $this->ReplyTo); - } - - /* mail() sets the subject itself */ - if($this->Mailer != 'mail') { - $result .= $this->HeaderLine('Subject', $this->EncodeHeader($this->SecureHeader($this->Subject))); - } - - if($this->MessageID != '') { - $result .= $this->HeaderLine('Message-ID',$this->MessageID); - } else { - $result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE); - } - $result .= $this->HeaderLine('X-Priority', $this->Priority); - $result .= $this->HeaderLine('X-Mailer', 'PHPMailer (phpmailer.sourceforge.net) [version ' . $this->Version . ']'); - - if($this->ConfirmReadingTo != '') { - $result .= $this->HeaderLine('Disposition-Notification-To', '<' . trim($this->ConfirmReadingTo) . '>'); - } - - // Add custom headers - for($index = 0; $index < count($this->CustomHeader); $index++) { - $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), $this->EncodeHeader(trim($this->CustomHeader[$index][1]))); - } - if (!$this->sign_key_file) { - $result .= $this->HeaderLine('MIME-Version', '1.0'); - $result .= $this->GetMailMIME(); - } - - return $result; - } - - /** - * Returns the message MIME. - * @access private - * @return string - */ - function GetMailMIME() { - $result = ''; - switch($this->message_type) { - case 'plain': - $result .= $this->HeaderLine('Content-Transfer-Encoding', $this->Encoding); - $result .= sprintf("Content-Type: %s; charset=\"%s\"", $this->ContentType, $this->CharSet); - break; - case 'attachments': - /* fall through */ - case 'alt_attachments': - if($this->InlineImageExists()){ - $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", 'multipart/related', $this->LE, $this->LE, $this->boundary[1], $this->LE); - } else { - $result .= $this->HeaderLine('Content-Type', 'multipart/mixed;'); - $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); - } - break; - case 'alt': - $result .= $this->HeaderLine('Content-Type', 'multipart/alternative;'); - $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); - break; - } - - if($this->Mailer != 'mail') { - $result .= $this->LE.$this->LE; - } - - return $result; - } - - /** - * Assembles the message body. Returns an empty string on failure. - * @access private - * @return string - */ - function CreateBody() { - $result = ''; - if ($this->sign_key_file) { - $result .= $this->GetMailMIME(); - } - - $this->SetWordWrap(); - - switch($this->message_type) { - case 'alt': - $result .= $this->GetBoundary($this->boundary[1], '', 'text/plain', ''); - $result .= $this->EncodeString($this->AltBody, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->GetBoundary($this->boundary[1], '', 'text/html', ''); - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->EndBoundary($this->boundary[1]); - break; - case 'plain': - $result .= $this->EncodeString($this->Body, $this->Encoding); - break; - case 'attachments': - $result .= $this->GetBoundary($this->boundary[1], '', '', ''); - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE; - $result .= $this->AttachAll(); - break; - case 'alt_attachments': - $result .= sprintf("--%s%s", $this->boundary[1], $this->LE); - $result .= sprintf("Content-Type: %s;%s" . "\tboundary=\"%s\"%s", 'multipart/alternative', $this->LE, $this->boundary[2], $this->LE.$this->LE); - $result .= $this->GetBoundary($this->boundary[2], '', 'text/plain', '') . $this->LE; // Create text body - $result .= $this->EncodeString($this->AltBody, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->GetBoundary($this->boundary[2], '', 'text/html', '') . $this->LE; // Create the HTML body - $result .= $this->EncodeString($this->Body, $this->Encoding); - $result .= $this->LE.$this->LE; - $result .= $this->EndBoundary($this->boundary[2]); - $result .= $this->AttachAll(); - break; - } - - if($this->IsError()) { - $result = ''; - } else if ($this->sign_key_file) { - $file = tempnam("", "mail"); - $fp = fopen($file, "w"); - fwrite($fp, $result); - fclose($fp); - $signed = tempnam("", "signed"); - - if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_key_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) { - $fp = fopen($signed, "r"); - $result = fread($fp, filesize($this->sign_key_file)); - fclose($fp); - } else { - $this->SetError($this->Lang("signing").openssl_error_string()); - $result = ''; - } - - unlink($file); - unlink($signed); - } - - return $result; - } - - /** - * Returns the start of a message boundary. - * @access private - */ - function GetBoundary($boundary, $charSet, $contentType, $encoding) { - $result = ''; - if($charSet == '') { - $charSet = $this->CharSet; - } - if($contentType == '') { - $contentType = $this->ContentType; - } - if($encoding == '') { - $encoding = $this->Encoding; - } - $result .= $this->TextLine('--' . $boundary); - $result .= sprintf("Content-Type: %s; charset = \"%s\"", $contentType, $charSet); - $result .= $this->LE; - $result .= $this->HeaderLine('Content-Transfer-Encoding', $encoding); - $result .= $this->LE; - - return $result; - } - - /** - * Returns the end of a message boundary. - * @access private - */ - function EndBoundary($boundary) { - return $this->LE . '--' . $boundary . '--' . $this->LE; - } - - /** - * Sets the message type. - * @access private - * @return void - */ - function SetMessageType() { - if(count($this->attachment) < 1 && strlen($this->AltBody) < 1) { - $this->message_type = 'plain'; - } else { - if(count($this->attachment) > 0) { - $this->message_type = 'attachments'; - } - if(strlen($this->AltBody) > 0 && count($this->attachment) < 1) { - $this->message_type = 'alt'; - } - if(strlen($this->AltBody) > 0 && count($this->attachment) > 0) { - $this->message_type = 'alt_attachments'; - } - } - } - - /* Returns a formatted header line. - * @access private - * @return string - */ - function HeaderLine($name, $value) { - return $name . ': ' . $value . $this->LE; - } - - /** - * Returns a formatted mail line. - * @access private - * @return string - */ - function TextLine($value) { - return $value . $this->LE; - } - - ///////////////////////////////////////////////// - // CLASS METHODS, ATTACHMENTS - ///////////////////////////////////////////////// - - /** - * Adds an attachment from a path on the filesystem. - * Returns false if the file could not be found - * or accessed. - * @param string $path Path to the attachment. - * @param string $name Overrides the attachment name. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return bool - */ - function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { - if(!@is_file($path)) { - $this->SetError($this->Lang('file_access') . $path); - return false; - } - - $filename = basename($path); - if($name == '') { - $name = $filename; - } - - $cur = count($this->attachment); - $this->attachment[$cur][0] = $path; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $name; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = false; // isStringAttachment - $this->attachment[$cur][6] = 'attachment'; - $this->attachment[$cur][7] = 0; - - return true; - } - - /** - * Attaches all fs, string, and binary attachments to the message. - * Returns an empty string on failure. - * @access private - * @return string - */ - function AttachAll() { - /* Return text of body */ - $mime = array(); - - /* Add all attachments */ - for($i = 0; $i < count($this->attachment); $i++) { - /* Check for string attachment */ - $bString = $this->attachment[$i][5]; - if ($bString) { - $string = $this->attachment[$i][0]; - } else { - $path = $this->attachment[$i][0]; - } - - $filename = $this->attachment[$i][1]; - $name = $this->attachment[$i][2]; - $encoding = $this->attachment[$i][3]; - $type = $this->attachment[$i][4]; - $disposition = $this->attachment[$i][6]; - $cid = $this->attachment[$i][7]; - - $mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE); - $mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $name, $this->LE); - $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE); - - if($disposition == 'inline') { - $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE); - } - - $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", $disposition, $name, $this->LE.$this->LE); - - /* Encode as string attachment */ - if($bString) { - $mime[] = $this->EncodeString($string, $encoding); - if($this->IsError()) { - return ''; - } - $mime[] = $this->LE.$this->LE; - } else { - $mime[] = $this->EncodeFile($path, $encoding); - if($this->IsError()) { - return ''; - } - $mime[] = $this->LE.$this->LE; - } - } - - $mime[] = sprintf("--%s--%s", $this->boundary[1], $this->LE); - - return join('', $mime); - } - - /** - * Encodes attachment in requested format. Returns an - * empty string on failure. - * @access private - * @return string - */ - function EncodeFile ($path, $encoding = 'base64') { - if(!@$fd = fopen($path, 'rb')) { - $this->SetError($this->Lang('file_open') . $path); - return ''; - } - $magic_quotes = get_magic_quotes_runtime(); - set_magic_quotes_runtime(0); - $file_buffer = fread($fd, filesize($path)); - $file_buffer = $this->EncodeString($file_buffer, $encoding); - fclose($fd); - set_magic_quotes_runtime($magic_quotes); - - return $file_buffer; - } - - /** - * Encodes string to requested format. Returns an - * empty string on failure. - * @access private - * @return string - */ - function EncodeString ($str, $encoding = 'base64') { - $encoded = ''; - switch(strtolower($encoding)) { - case 'base64': - /* chunk_split is found in PHP >= 3.0.6 */ - $encoded = chunk_split(base64_encode($str), 76, $this->LE); - break; - case '7bit': - case '8bit': - $encoded = $this->FixEOL($str); - if (substr($encoded, -(strlen($this->LE))) != $this->LE) - $encoded .= $this->LE; - break; - case 'binary': - $encoded = $str; - break; - case 'quoted-printable': - $encoded = $this->EncodeQP($str); - break; - default: - $this->SetError($this->Lang('encoding') . $encoding); - break; - } - return $encoded; - } - - /** - * Encode a header string to best of Q, B, quoted or none. - * @access private - * @return string - */ - function EncodeHeader ($str, $position = 'text') { - $x = 0; - - switch (strtolower($position)) { - case 'phrase': - if (!preg_match('/[\200-\377]/', $str)) { - /* Can't use addslashes as we don't know what value has magic_quotes_sybase. */ - $encoded = addcslashes($str, "\0..\37\177\\\""); - if (($str == $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { - return ($encoded); - } else { - return ("\"$encoded\""); - } - } - $x = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches); - break; - case 'comment': - $x = preg_match_all('/[()"]/', $str, $matches); - /* Fall-through */ - case 'text': - default: - $x += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches); - break; - } - - if ($x == 0) { - return ($str); - } - - $maxlen = 75 - 7 - strlen($this->CharSet); - /* Try to select the encoding which should produce the shortest output */ - if (strlen($str)/3 < $x) { - $encoding = 'B'; - if (function_exists('mb_strlen') && $this->HasMultiBytes($str)) { - // Use a custom function which correctly encodes and wraps long - // multibyte strings without breaking lines within a character - $encoded = $this->Base64EncodeWrapMB($str); - } else { - $encoded = base64_encode($str); - $maxlen -= $maxlen % 4; - $encoded = trim(chunk_split($encoded, $maxlen, "\n")); - } - } else { - $encoding = 'Q'; - $encoded = $this->EncodeQ($str, $position); - $encoded = $this->WrapText($encoded, $maxlen, true); - $encoded = str_replace('='.$this->LE, "\n", trim($encoded)); - } - - $encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded); - $encoded = trim(str_replace("\n", $this->LE, $encoded)); - - return $encoded; - } - - /** - * Checks if a string contains multibyte characters. - * @access private - * @param string $str multi-byte text to wrap encode - * @return bool - */ - function HasMultiBytes($str) { - if (function_exists('mb_strlen')) { - return (strlen($str) > mb_strlen($str, $this->CharSet)); - } else { // Assume no multibytes (we can't handle without mbstring functions anyway) - return False; - } - } - - /** - * Correctly encodes and wraps long multibyte strings for mail headers - * without breaking lines within a character. - * Adapted from a function by paravoid at http://uk.php.net/manual/en/function.mb-encode-mimeheader.php - * @access private - * @param string $str multi-byte text to wrap encode - * @return string - */ - function Base64EncodeWrapMB($str) { - $start = "=?".$this->CharSet."?B?"; - $end = "?="; - $encoded = ""; - - $mb_length = mb_strlen($str, $this->CharSet); - // Each line must have length <= 75, including $start and $end - $length = 75 - strlen($start) - strlen($end); - // Average multi-byte ratio - $ratio = $mb_length / strlen($str); - // Base64 has a 4:3 ratio - $offset = $avgLength = floor($length * $ratio * .75); - - for ($i = 0; $i < $mb_length; $i += $offset) { - $lookBack = 0; - - do { - $offset = $avgLength - $lookBack; - $chunk = mb_substr($str, $i, $offset, $this->CharSet); - $chunk = base64_encode($chunk); - $lookBack++; - } - while (strlen($chunk) > $length); - - $encoded .= $chunk . $this->LE; - } - - // Chomp the last linefeed - $encoded = substr($encoded, 0, -strlen($this->LE)); - return $encoded; - } - - /** - * Encode string to quoted-printable. - * @access private - * @return string - */ - function EncodeQP( $input = '', $line_max = 76, $space_conv = false ) { - $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); - $lines = preg_split('/(?:\r\n|\r|\n)/', $input); - $eol = "\r\n"; - $escape = '='; - $output = ''; - while( list(, $line) = each($lines) ) { - $linlen = strlen($line); - $newline = ''; - for($i = 0; $i < $linlen; $i++) { - $c = substr( $line, $i, 1 ); - $dec = ord( $c ); - if ( ( $i == 0 ) && ( $dec == 46 ) ) { // convert first point in the line into =2E - $c = '=2E'; - } - if ( $dec == 32 ) { - if ( $i == ( $linlen - 1 ) ) { // convert space at eol only - $c = '=20'; - } else if ( $space_conv ) { - $c = '=20'; - } - } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { // always encode "\t", which is *not* required - $h2 = floor($dec/16); - $h1 = floor($dec%16); - $c = $escape.$hex[$h2].$hex[$h1]; - } - if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted - $output .= $newline.$escape.$eol; // soft line break; " =\r\n" is okay - $newline = ''; - // check if newline first character will be point or not - if ( $dec == 46 ) { - $c = '=2E'; - } - } - $newline .= $c; - } // end of for - $output .= $newline.$eol; - } // end of while - return trim($output); - } - - /** - * Encode string to q encoding. - * @access private - * @return string - */ - function EncodeQ ($str, $position = 'text') { - /* There should not be any EOL in the string */ - $encoded = preg_replace("[\r\n]", '', $str); - - switch (strtolower($position)) { - case 'phrase': - $encoded = preg_replace("/([^A-Za-z0-9!*+\/ -])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); - break; - case 'comment': - $encoded = preg_replace("/([\(\)\"])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); - case 'text': - default: - /* Replace every high ascii, control =, ? and _ characters */ - $encoded = preg_replace('/([\000-\011\013\014\016-\037\075\077\137\177-\377])/e', - "'='.sprintf('%02X', ord('\\1'))", $encoded); - break; - } - - /* Replace every spaces to _ (more readable than =20) */ - $encoded = str_replace(' ', '_', $encoded); - - return $encoded; - } - - /** - * Adds a string or binary attachment (non-filesystem) to the list. - * This method can be used to attach ascii or binary data, - * such as a BLOB record from a database. - * @param string $string String attachment data. - * @param string $filename Name of the attachment. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return void - */ - function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') { - /* Append to $attachment array */ - $cur = count($this->attachment); - $this->attachment[$cur][0] = $string; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $filename; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = true; // isString - $this->attachment[$cur][6] = 'attachment'; - $this->attachment[$cur][7] = 0; - } - - /** - * Adds an embedded attachment. This can include images, sounds, and - * just about any other document. Make sure to set the $type to an - * image type. For JPEG images use "image/jpeg" and for GIF images - * use "image/gif". - * @param string $path Path to the attachment. - * @param string $cid Content ID of the attachment. Use this to identify - * the Id for accessing the image in an HTML form. - * @param string $name Overrides the attachment name. - * @param string $encoding File encoding (see $Encoding). - * @param string $type File extension (MIME) type. - * @return bool - */ - function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { - - if(!@is_file($path)) { - $this->SetError($this->Lang('file_access') . $path); - return false; - } - - $filename = basename($path); - if($name == '') { - $name = $filename; - } - - /* Append to $attachment array */ - $cur = count($this->attachment); - $this->attachment[$cur][0] = $path; - $this->attachment[$cur][1] = $filename; - $this->attachment[$cur][2] = $name; - $this->attachment[$cur][3] = $encoding; - $this->attachment[$cur][4] = $type; - $this->attachment[$cur][5] = false; - $this->attachment[$cur][6] = 'inline'; - $this->attachment[$cur][7] = $cid; - - return true; - } - - /** - * Returns true if an inline attachment is present. - * @access private - * @return bool - */ - function InlineImageExists() { - $result = false; - for($i = 0; $i < count($this->attachment); $i++) { - if($this->attachment[$i][6] == 'inline') { - $result = true; - break; - } - } - - return $result; - } - - ///////////////////////////////////////////////// - // CLASS METHODS, MESSAGE RESET - ///////////////////////////////////////////////// - - /** - * Clears all recipients assigned in the TO array. Returns void. - * @return void - */ - function ClearAddresses() { - $this->to = array(); - } - - /** - * Clears all recipients assigned in the CC array. Returns void. - * @return void - */ - function ClearCCs() { - $this->cc = array(); - } - - /** - * Clears all recipients assigned in the BCC array. Returns void. - * @return void - */ - function ClearBCCs() { - $this->bcc = array(); - } - - /** - * Clears all recipients assigned in the ReplyTo array. Returns void. - * @return void - */ - function ClearReplyTos() { - $this->ReplyTo = array(); - } - - /** - * Clears all recipients assigned in the TO, CC and BCC - * array. Returns void. - * @return void - */ - function ClearAllRecipients() { - $this->to = array(); - $this->cc = array(); - $this->bcc = array(); - } - - /** - * Clears all previously set filesystem, string, and binary - * attachments. Returns void. - * @return void - */ - function ClearAttachments() { - $this->attachment = array(); - } - - /** - * Clears all custom headers. Returns void. - * @return void - */ - function ClearCustomHeaders() { - $this->CustomHeader = array(); - } - - ///////////////////////////////////////////////// - // CLASS METHODS, MISCELLANEOUS - ///////////////////////////////////////////////// - - /** - * Adds the error message to the error container. - * Returns void. - * @access private - * @return void - */ - function SetError($msg) { - $this->error_count++; - $this->ErrorInfo = $msg; - } - - /** - * Returns the proper RFC 822 formatted date. - * @access private - * @return string - */ - function RFCDate() { - $tz = date('Z'); - $tzs = ($tz < 0) ? '-' : '+'; - $tz = abs($tz); - $tz = (int)($tz/3600)*100 + ($tz%3600)/60; - $result = sprintf("%s %s%04d", date('D, j M Y H:i:s'), $tzs, $tz); - - return $result; - } - - /** - * Returns the appropriate server variable. Should work with both - * PHP 4.1.0+ as well as older versions. Returns an empty string - * if nothing is found. - * @access private - * @return mixed - */ - function ServerVar($varName) { - global $HTTP_SERVER_VARS; - global $HTTP_ENV_VARS; - - if(!isset($_SERVER)) { - $_SERVER = $HTTP_SERVER_VARS; - if(!isset($_SERVER['REMOTE_ADDR'])) { - $_SERVER = $HTTP_ENV_VARS; // must be Apache - } - } - - if(isset($_SERVER[$varName])) { - return $_SERVER[$varName]; - } else { - return ''; - } - } - - /** - * Returns the server hostname or 'localhost.localdomain' if unknown. - * @access private - * @return string - */ - function ServerHostname() { - if ($this->Hostname != '') { - $result = $this->Hostname; - } elseif ($this->ServerVar('SERVER_NAME') != '') { - $result = $this->ServerVar('SERVER_NAME'); - } else { - $result = 'localhost.localdomain'; - } - - return $result; - } - - /** - * Returns a message in the appropriate language. - * @access private - * @return string - */ - function Lang($key) { - if(count($this->language) < 1) { - $this->SetLanguage('en'); // set the default language - } - - if(isset($this->language[$key])) { - return $this->language[$key]; - } else { - return 'Language string failed to load: ' . $key; - } - } - - /** - * Returns true if an error occurred. - * @return bool - */ - function IsError() { - return ($this->error_count > 0); - } - - /** - * Changes every end of line from CR or LF to CRLF. - * @access private - * @return string - */ - function FixEOL($str) { - $str = str_replace("\r\n", "\n", $str); - $str = str_replace("\r", "\n", $str); - $str = str_replace("\n", $this->LE, $str); - return $str; - } - - /** - * Adds a custom header. - * @return void - */ - function AddCustomHeader($custom_header) { - $this->CustomHeader[] = explode(':', $custom_header, 2); - } - - /** - * Evaluates the message and returns modifications for inline images and backgrounds - * @access public - * @return $message - */ - function MsgHTML($message,$basedir='') { - preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images); - if(isset($images[2])) { - foreach($images[2] as $i => $url) { - // do not change urls for absolute images (thanks to corvuscorax) - if (!preg_match('/^[A-z][A-z]*:\/\//',$url)) { - $filename = basename($url); - $directory = dirname($url); - ($directory == '.')?$directory='':''; - $cid = 'cid:' . md5($filename); - $fileParts = split("\.", $filename); - $ext = $fileParts[1]; - $mimeType = $this->_mime_types($ext); - if ( strlen($basedir) > 1 && substr($basedir,-1) != '/') { $basedir .= '/'; } - if ( strlen($directory) > 1 && substr($basedir,-1) != '/') { $directory .= '/'; } - $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64', $mimeType); - if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64',$mimeType) ) { - $message = preg_replace("/".$images[1][$i]."=\"".preg_quote($url, '/')."\"/Ui", $images[1][$i]."=\"".$cid."\"", $message); - } - } - } - } - $this->IsHTML(true); - $this->Body = $message; - $textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/s','',$message))); - if ( !empty($textMsg) && empty($this->AltBody) ) { - $this->AltBody = $textMsg; - } - if ( empty($this->AltBody) ) { - $this->AltBody = 'To view this email message, open the email in with HTML compatibility!' . "\n\n"; - } - } - - /** - * Gets the mime type of the embedded or inline image - * @access private - * @return mime type of ext - */ - function _mime_types($ext = '') { - $mimes = array( - 'hqx' => 'application/mac-binhex40', - 'cpt' => 'application/mac-compactpro', - 'doc' => 'application/msword', - 'bin' => 'application/macbinary', - 'dms' => 'application/octet-stream', - 'lha' => 'application/octet-stream', - 'lzh' => 'application/octet-stream', - 'exe' => 'application/octet-stream', - 'class' => 'application/octet-stream', - 'psd' => 'application/octet-stream', - 'so' => 'application/octet-stream', - 'sea' => 'application/octet-stream', - 'dll' => 'application/octet-stream', - 'oda' => 'application/oda', - 'pdf' => 'application/pdf', - 'ai' => 'application/postscript', - 'eps' => 'application/postscript', - 'ps' => 'application/postscript', - 'smi' => 'application/smil', - 'smil' => 'application/smil', - 'mif' => 'application/vnd.mif', - 'xls' => 'application/vnd.ms-excel', - 'ppt' => 'application/vnd.ms-powerpoint', - 'wbxml' => 'application/vnd.wap.wbxml', - 'wmlc' => 'application/vnd.wap.wmlc', - 'dcr' => 'application/x-director', - 'dir' => 'application/x-director', - 'dxr' => 'application/x-director', - 'dvi' => 'application/x-dvi', - 'gtar' => 'application/x-gtar', - 'php' => 'application/x-httpd-php', - 'php4' => 'application/x-httpd-php', - 'php3' => 'application/x-httpd-php', - 'phtml' => 'application/x-httpd-php', - 'phps' => 'application/x-httpd-php-source', - 'js' => 'application/x-javascript', - 'swf' => 'application/x-shockwave-flash', - 'sit' => 'application/x-stuffit', - 'tar' => 'application/x-tar', - 'tgz' => 'application/x-tar', - 'xhtml' => 'application/xhtml+xml', - 'xht' => 'application/xhtml+xml', - 'zip' => 'application/zip', - 'mid' => 'audio/midi', - 'midi' => 'audio/midi', - 'mpga' => 'audio/mpeg', - 'mp2' => 'audio/mpeg', - 'mp3' => 'audio/mpeg', - 'aif' => 'audio/x-aiff', - 'aiff' => 'audio/x-aiff', - 'aifc' => 'audio/x-aiff', - 'ram' => 'audio/x-pn-realaudio', - 'rm' => 'audio/x-pn-realaudio', - 'rpm' => 'audio/x-pn-realaudio-plugin', - 'ra' => 'audio/x-realaudio', - 'rv' => 'video/vnd.rn-realvideo', - 'wav' => 'audio/x-wav', - 'bmp' => 'image/bmp', - 'gif' => 'image/gif', - 'jpeg' => 'image/jpeg', - 'jpg' => 'image/jpeg', - 'jpe' => 'image/jpeg', - 'png' => 'image/png', - 'tiff' => 'image/tiff', - 'tif' => 'image/tiff', - 'css' => 'text/css', - 'html' => 'text/html', - 'htm' => 'text/html', - 'shtml' => 'text/html', - 'txt' => 'text/plain', - 'text' => 'text/plain', - 'log' => 'text/plain', - 'rtx' => 'text/richtext', - 'rtf' => 'text/rtf', - 'xml' => 'text/xml', - 'xsl' => 'text/xml', - 'mpeg' => 'video/mpeg', - 'mpg' => 'video/mpeg', - 'mpe' => 'video/mpeg', - 'qt' => 'video/quicktime', - 'mov' => 'video/quicktime', - 'avi' => 'video/x-msvideo', - 'movie' => 'video/x-sgi-movie', - 'doc' => 'application/msword', - 'word' => 'application/msword', - 'xl' => 'application/excel', - 'eml' => 'message/rfc822' - ); - return ( ! isset($mimes[strtolower($ext)])) ? 'application/octet-stream' : $mimes[strtolower($ext)]; - } - - /** - * Set (or reset) Class Objects (variables) - * - * Usage Example: - * $page->set('X-Priority', '3'); - * - * @access public - * @param string $name Parameter Name - * @param mixed $value Parameter Value - * NOTE: will not work with arrays, there are no arrays to set/reset - */ - function set ( $name, $value = '' ) { - if ( isset($this->$name) ) { - $this->$name = $value; - } else { - $this->SetError('Cannot set or reset variable ' . $name); - return false; - } - } - - /** - * Read a file from a supplied filename and return it. - * - * @access public - * @param string $filename Parameter File Name - */ - function getFile($filename) { - $return = ''; - if ($fp = fopen($filename, 'rb')) { - while (!feof($fp)) { - $return .= fread($fp, 1024); - } - fclose($fp); - return $return; - } else { - return false; - } - } - - /** - * Strips newlines to prevent header injection. - * @access private - * @param string $str String - * @return string - */ - function SecureHeader($str) { - $str = trim($str); - $str = str_replace("\r", "", $str); - $str = str_replace("\n", "", $str); - return $str; - } - - /** - * Set the private key file and password to sign the message. - * - * @access public - * @param string $key_filename Parameter File Name - * @param string $key_pass Password for private key - */ - function Sign($key_filename, $key_pass) { - $this->sign_key_file = $key_filename; - $this->sign_key_pass = $key_pass; - } - -} - -?> diff --git a/config/freeswitch_dev/class.smtp.tmp b/config/freeswitch_dev/class.smtp.tmp deleted file mode 100755 index 398c3ffb..00000000 --- a/config/freeswitch_dev/class.smtp.tmp +++ /dev/null @@ -1,1062 +0,0 @@ -<?php -/*~ class.smtp.php -.---------------------------------------------------------------------------. -| Software: PHPMailer - PHP email class | -| Version: 2.0.2 | -| Contact: via sourceforge.net support pages (also www.codeworxtech.com) | -| Info: http://phpmailer.sourceforge.net | -| Support: http://sourceforge.net/projects/phpmailer/ | -| ------------------------------------------------------------------------- | -| Author: Andy Prevost (project admininistrator) | -| Author: Brent R. Matzelle (original founder) | -| Copyright (c) 2004-2007, Andy Prevost. All Rights Reserved. | -| Copyright (c) 2001-2003, Brent R. Matzelle | -| ------------------------------------------------------------------------- | -| License: Distributed under the Lesser General Public License (LGPL) | -| http://www.gnu.org/copyleft/lesser.html | -| This program is distributed in the hope that it will be useful - WITHOUT | -| ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | -| FITNESS FOR A PARTICULAR PURPOSE. | -| ------------------------------------------------------------------------- | -| We offer a number of paid services (www.codeworxtech.com): | -| - Web Hosting on highly optimized fast and secure servers | -| - Technology Consulting | -| - Oursourcing (highly qualified programmers and graphic designers) | -'---------------------------------------------------------------------------' - -/** - * SMTP is rfc 821 compliant and implements all the rfc 821 SMTP - * commands except TURN which will always return a not implemented - * error. SMTP also provides some utility methods for sending mail - * to an SMTP server. - * @package PHPMailer - * @author Chris Ryan - */ - -class SMTP -{ - /** - * SMTP server port - * @var int - */ - var $SMTP_PORT = 25; - - /** - * SMTP reply line ending - * @var string - */ - var $CRLF = "\r\n"; - - /** - * Sets whether debugging is turned on - * @var bool - */ - var $do_debug; # the level of debug to perform - - /** - * Sets VERP use on/off (default is off) - * @var bool - */ - var $do_verp = false; - - /**#@+ - * @access private - */ - var $smtp_conn; # the socket to the server - var $error; # error if any on the last call - var $helo_rply; # the reply the server sent to us for HELO - /**#@-*/ - - /** - * Initialize the class so that the data is in a known state. - * @access public - * @return void - */ - function SMTP() { - $this->smtp_conn = 0; - $this->error = null; - $this->helo_rply = null; - - $this->do_debug = 0; - } - - /************************************************************* - * CONNECTION FUNCTIONS * - ***********************************************************/ - - /** - * Connect to the server specified on the port specified. - * If the port is not specified use the default SMTP_PORT. - * If tval is specified then a connection will try and be - * established with the server for that number of seconds. - * If tval is not specified the default is 30 seconds to - * try on the connection. - * - * SMTP CODE SUCCESS: 220 - * SMTP CODE FAILURE: 421 - * @access public - * @return bool - */ - function Connect($host,$port=0,$tval=30) { - # set the error val to null so there is no confusion - $this->error = null; - - # make sure we are __not__ connected - if($this->connected()) { - # ok we are connected! what should we do? - # for now we will just give an error saying we - # are already connected - $this->error = array("error" => "Already connected to a server"); - return false; - } - - if(empty($port)) { - $port = $this->SMTP_PORT; - } - - #connect to the smtp server - $this->smtp_conn = fsockopen($host, # the host of the server - $port, # the port to use - $errno, # error number if any - $errstr, # error message if any - $tval); # give up after ? secs - # verify we connected properly - if(empty($this->smtp_conn)) { - $this->error = array("error" => "Failed to connect to server", - "errno" => $errno, - "errstr" => $errstr); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": $errstr ($errno)" . $this->CRLF; - } - return false; - } - - # sometimes the SMTP server takes a little longer to respond - # so we will give it a longer timeout for the first read - // Windows still does not have support for this timeout function - if(substr(PHP_OS, 0, 3) != "WIN") - socket_set_timeout($this->smtp_conn, $tval, 0); - - # get any announcement stuff - $announce = $this->get_lines(); - - # set the timeout of any socket functions at 1/10 of a second - //if(function_exists("socket_set_timeout")) - // socket_set_timeout($this->smtp_conn, 0, 100000); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $announce; - } - - return true; - } - - /** - * Performs SMTP authentication. Must be run after running the - * Hello() method. Returns true if successfully authenticated. - * @access public - * @return bool - */ - function Authenticate($username, $password) { - // Start authentication - fputs($this->smtp_conn,"AUTH LOGIN" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 334) { - $this->error = - array("error" => "AUTH not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - // Send encoded username - fputs($this->smtp_conn, base64_encode($username) . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 334) { - $this->error = - array("error" => "Username not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - // Send encoded password - fputs($this->smtp_conn, base64_encode($password) . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($code != 235) { - $this->error = - array("error" => "Password not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return true; - } - - /** - * Returns true if connected to a server otherwise false - * @access private - * @return bool - */ - function Connected() { - if(!empty($this->smtp_conn)) { - $sock_status = socket_get_status($this->smtp_conn); - if($sock_status["eof"]) { - # hmm this is an odd situation... the socket is - # valid but we are not connected anymore - if($this->do_debug >= 1) { - echo "SMTP -> NOTICE:" . $this->CRLF . - "EOF caught while checking if connected"; - } - $this->Close(); - return false; - } - return true; # everything looks good - } - return false; - } - - /** - * Closes the socket and cleans up the state of the class. - * It is not considered good to use this function without - * first trying to use QUIT. - * @access public - * @return void - */ - function Close() { - $this->error = null; # so there is no confusion - $this->helo_rply = null; - if(!empty($this->smtp_conn)) { - # close the connection and cleanup - fclose($this->smtp_conn); - $this->smtp_conn = 0; - } - } - - /*************************************************************** - * SMTP COMMANDS * - *************************************************************/ - - /** - * Issues a data command and sends the msg_data to the server - * finializing the mail transaction. $msg_data is the message - * that is to be send with the headers. Each header needs to be - * on a single line followed by a <CRLF> with the message headers - * and the message body being seperated by and additional <CRLF>. - * - * Implements rfc 821: DATA <CRLF> - * - * SMTP CODE INTERMEDIATE: 354 - * [data] - * <CRLF>.<CRLF> - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 552,554,451,452 - * SMTP CODE FAILURE: 451,554 - * SMTP CODE ERROR : 500,501,503,421 - * @access public - * @return bool - */ - function Data($msg_data) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Data() without being connected"); - return false; - } - - fputs($this->smtp_conn,"DATA" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 354) { - $this->error = - array("error" => "DATA command not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - # the server is ready to accept data! - # according to rfc 821 we should not send more than 1000 - # including the CRLF - # characters on a single line so we will break the data up - # into lines by \r and/or \n then if needed we will break - # each of those into smaller lines to fit within the limit. - # in addition we will be looking for lines that start with - # a period '.' and append and additional period '.' to that - # line. NOTE: this does not count towards are limit. - - # normalize the line breaks so we know the explode works - $msg_data = str_replace("\r\n","\n",$msg_data); - $msg_data = str_replace("\r","\n",$msg_data); - $lines = explode("\n",$msg_data); - - # we need to find a good way to determine is headers are - # in the msg_data or if it is a straight msg body - # currently I am assuming rfc 822 definitions of msg headers - # and if the first field of the first line (':' sperated) - # does not contain a space then it _should_ be a header - # and we can process all lines before a blank "" line as - # headers. - $field = substr($lines[0],0,strpos($lines[0],":")); - $in_headers = false; - if(!empty($field) && !strstr($field," ")) { - $in_headers = true; - } - - $max_line_length = 998; # used below; set here for ease in change - - while(list(,$line) = @each($lines)) { - $lines_out = null; - if($line == "" && $in_headers) { - $in_headers = false; - } - # ok we need to break this line up into several - # smaller lines - while(strlen($line) > $max_line_length) { - $pos = strrpos(substr($line,0,$max_line_length)," "); - - # Patch to fix DOS attack - if(!$pos) { - $pos = $max_line_length - 1; - } - - $lines_out[] = substr($line,0,$pos); - $line = substr($line,$pos + 1); - # if we are processing headers we need to - # add a LWSP-char to the front of the new line - # rfc 822 on long msg headers - if($in_headers) { - $line = "\t" . $line; - } - } - $lines_out[] = $line; - - # now send the lines to the server - while(list(,$line_out) = @each($lines_out)) { - if(strlen($line_out) > 0) - { - if(substr($line_out, 0, 1) == ".") { - $line_out = "." . $line_out; - } - } - fputs($this->smtp_conn,$line_out . $this->CRLF); - } - } - - # ok all the message data has been sent so lets get this - # over with aleady - fputs($this->smtp_conn, $this->CRLF . "." . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "DATA not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Expand takes the name and asks the server to list all the - * people who are members of the _list_. Expand will return - * back and array of the result or false if an error occurs. - * Each value in the array returned has the format of: - * [ <full-name> <sp> ] <path> - * The definition of <path> is defined in rfc 821 - * - * Implements rfc 821: EXPN <SP> <string> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 550 - * SMTP CODE ERROR : 500,501,502,504,421 - * @access public - * @return string array - */ - function Expand($name) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Expand() without being connected"); - return false; - } - - fputs($this->smtp_conn,"EXPN " . $name . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "EXPN not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - # parse the reply and place in our array to return to user - $entries = explode($this->CRLF,$rply); - while(list(,$l) = @each($entries)) { - $list[] = substr($l,4); - } - - return $list; - } - - /** - * Sends the HELO command to the smtp server. - * This makes sure that we and the server are in - * the same known state. - * - * Implements from rfc 821: HELO <SP> <domain> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500, 501, 504, 421 - * @access public - * @return bool - */ - function Hello($host="") { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Hello() without being connected"); - return false; - } - - # if a hostname for the HELO was not specified determine - # a suitable one to send - if(empty($host)) { - # we need to determine some sort of appopiate default - # to send to the server - $host = "localhost"; - } - - // Send extended hello first (RFC 2821) - if(!$this->SendHello("EHLO", $host)) - { - if(!$this->SendHello("HELO", $host)) - return false; - } - - return true; - } - - /** - * Sends a HELO/EHLO command. - * @access private - * @return bool - */ - function SendHello($hello, $host) { - fputs($this->smtp_conn, $hello . " " . $host . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER: " . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => $hello . " not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - $this->helo_rply = $rply; - - return true; - } - - /** - * Gets help information on the keyword specified. If the keyword - * is not specified then returns generic help, ussually contianing - * A list of keywords that help is available on. This function - * returns the results back to the user. It is up to the user to - * handle the returned data. If an error occurs then false is - * returned with $this->error set appropiately. - * - * Implements rfc 821: HELP [ <SP> <string> ] <CRLF> - * - * SMTP CODE SUCCESS: 211,214 - * SMTP CODE ERROR : 500,501,502,504,421 - * @access public - * @return string - */ - function Help($keyword="") { - $this->error = null; # to avoid confusion - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Help() without being connected"); - return false; - } - - $extra = ""; - if(!empty($keyword)) { - $extra = " " . $keyword; - } - - fputs($this->smtp_conn,"HELP" . $extra . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 211 && $code != 214) { - $this->error = - array("error" => "HELP not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return $rply; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. - * - * Implements rfc 821: MAIL <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,421 - * @access public - * @return bool - */ - function Mail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Mail() without being connected"); - return false; - } - - $useVerp = ($this->do_verp ? "XVERP" : ""); - fputs($this->smtp_conn,"MAIL FROM:<" . $from . ">" . $useVerp . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "MAIL not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the command NOOP to the SMTP server. - * - * Implements from rfc 821: NOOP <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500, 421 - * @access public - * @return bool - */ - function Noop() { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Noop() without being connected"); - return false; - } - - fputs($this->smtp_conn,"NOOP" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "NOOP not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the quit command to the server and then closes the socket - * if there is no error or the $close_on_error argument is true. - * - * Implements from rfc 821: QUIT <CRLF> - * - * SMTP CODE SUCCESS: 221 - * SMTP CODE ERROR : 500 - * @access public - * @return bool - */ - function Quit($close_on_error=true) { - $this->error = null; # so there is no confusion - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Quit() without being connected"); - return false; - } - - # send the quit command to the server - fputs($this->smtp_conn,"quit" . $this->CRLF); - - # get any good-bye messages - $byemsg = $this->get_lines(); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $byemsg; - } - - $rval = true; - $e = null; - - $code = substr($byemsg,0,3); - if($code != 221) { - # use e as a tmp var cause Close will overwrite $this->error - $e = array("error" => "SMTP server rejected quit command", - "smtp_code" => $code, - "smtp_rply" => substr($byemsg,4)); - $rval = false; - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $e["error"] . ": " . - $byemsg . $this->CRLF; - } - } - - if(empty($e) || $close_on_error) { - $this->Close(); - } - - return $rval; - } - - /** - * Sends the command RCPT to the SMTP server with the TO: argument of $to. - * Returns true if the recipient was accepted false if it was rejected. - * - * Implements from rfc 821: RCPT <SP> TO:<forward-path> <CRLF> - * - * SMTP CODE SUCCESS: 250,251 - * SMTP CODE FAILURE: 550,551,552,553,450,451,452 - * SMTP CODE ERROR : 500,501,503,421 - * @access public - * @return bool - */ - function Recipient($to) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Recipient() without being connected"); - return false; - } - - fputs($this->smtp_conn,"RCPT TO:<" . $to . ">" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250 && $code != 251) { - $this->error = - array("error" => "RCPT not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Sends the RSET command to abort and transaction that is - * currently in progress. Returns true if successful false - * otherwise. - * - * Implements rfc 821: RSET <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE ERROR : 500,501,504,421 - * @access public - * @return bool - */ - function Reset() { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Reset() without being connected"); - return false; - } - - fputs($this->smtp_conn,"RSET" . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "RSET failed", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in. - * - * Implements rfc 821: SEND <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function Send($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Send() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SEND FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SEND not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in and send them an email. - * - * Implements rfc 821: SAML <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function SendAndMail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called SendAndMail() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SAML FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SAML not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * Starts a mail transaction from the email address specified in - * $from. Returns true if successful or false otherwise. If True - * the mail transaction is started and then one or more Recipient - * commands may be called followed by a Data command. This command - * will send the message to the users terminal if they are logged - * in or mail it to them if they are not. - * - * Implements rfc 821: SOML <SP> FROM:<reverse-path> <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE SUCCESS: 552,451,452 - * SMTP CODE SUCCESS: 500,501,502,421 - * @access public - * @return bool - */ - function SendOrMail($from) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called SendOrMail() without being connected"); - return false; - } - - fputs($this->smtp_conn,"SOML FROM:" . $from . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250) { - $this->error = - array("error" => "SOML not accepted from server", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return true; - } - - /** - * This is an optional command for SMTP that this class does not - * support. This method is here to make the RFC821 Definition - * complete for this class and __may__ be implimented in the future - * - * Implements from rfc 821: TURN <CRLF> - * - * SMTP CODE SUCCESS: 250 - * SMTP CODE FAILURE: 502 - * SMTP CODE ERROR : 500, 503 - * @access public - * @return bool - */ - function Turn() { - $this->error = array("error" => "This method, TURN, of the SMTP ". - "is not implemented"); - if($this->do_debug >= 1) { - echo "SMTP -> NOTICE: " . $this->error["error"] . $this->CRLF; - } - return false; - } - - /** - * Verifies that the name is recognized by the server. - * Returns false if the name could not be verified otherwise - * the response from the server is returned. - * - * Implements rfc 821: VRFY <SP> <string> <CRLF> - * - * SMTP CODE SUCCESS: 250,251 - * SMTP CODE FAILURE: 550,551,553 - * SMTP CODE ERROR : 500,501,502,421 - * @access public - * @return int - */ - function Verify($name) { - $this->error = null; # so no confusion is caused - - if(!$this->connected()) { - $this->error = array( - "error" => "Called Verify() without being connected"); - return false; - } - - fputs($this->smtp_conn,"VRFY " . $name . $this->CRLF); - - $rply = $this->get_lines(); - $code = substr($rply,0,3); - - if($this->do_debug >= 2) { - echo "SMTP -> FROM SERVER:" . $this->CRLF . $rply; - } - - if($code != 250 && $code != 251) { - $this->error = - array("error" => "VRFY failed on name '$name'", - "smtp_code" => $code, - "smtp_msg" => substr($rply,4)); - if($this->do_debug >= 1) { - echo "SMTP -> ERROR: " . $this->error["error"] . - ": " . $rply . $this->CRLF; - } - return false; - } - return $rply; - } - - /******************************************************************* - * INTERNAL FUNCTIONS * - ******************************************************************/ - - /** - * Read in as many lines as possible - * either before eof or socket timeout occurs on the operation. - * With SMTP we can tell if we have more lines to read if the - * 4th character is '-' symbol. If it is a space then we don't - * need to read anything else. - * @access private - * @return string - */ - function get_lines() { - $data = ""; - while($str = @fgets($this->smtp_conn,515)) { - if($this->do_debug >= 4) { - echo "SMTP -> get_lines(): \$data was \"$data\"" . - $this->CRLF; - echo "SMTP -> get_lines(): \$str is \"$str\"" . - $this->CRLF; - } - $data .= $str; - if($this->do_debug >= 4) { - echo "SMTP -> get_lines(): \$data is \"$data\"" . $this->CRLF; - } - # if the 4th character is a space then we are done reading - # so just break the loop - if(substr($str,3,1) == " ") { break; } - } - return $data; - } - -} - - - ?> diff --git a/config/freeswitch_dev/dialplan.default.xml b/config/freeswitch_dev/dialplan.default.xml deleted file mode 100644 index 5fe1d4a4..00000000 --- a/config/freeswitch_dev/dialplan.default.xml +++ /dev/null @@ -1,717 +0,0 @@ -<!-- - NOTICE: - - This context is usually accessed via authenticated callers on the sip profile on port 5060 - or transfered callers from the public context which arrived via the sip profile on port 5080. - - Authenticated users will use the user_context variable on the user to determine what context - they can access. You can also add a user in the directory with the cidr= attribute acl.conf.xml - will build the domains acl using this value. ---> - -<?xml version="1.0" encoding="utf-8"?> -<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML --> -<include> - <context name="default"> - - <extension name="unloop"> - <condition field="${unroll_loops}" expression="^true$"/> - <condition field="${sip_looped_call}" expression="^true$"> - <action application="deflect" data="${destination_number}"/> - </condition> - </extension> - - <!-- Example of doing things based on time of day. --> - <extension name="tod_example" continue="true"> - <!-- man strftime - M-F, 9AM to 6PM --> - <condition field="${strftime(%w)}" expression="^([1-5])$"/> - <condition field="${strftime(%H%M)}" expression="^((09|1[0-7])[0-5][0-9]|1800)$"> - <action application="set" data="open=true"/> - </condition> - </extension> - - <extension name="global-intercept"> - <condition field="destination_number" expression="^\*886$"> - <action application="answer"/> - <action application="intercept" data="${db(select/${domain_name}-last_dial/global)}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="group-intercept"> - <condition field="destination_number" expression="^\*8$"> - <action application="answer"/> - <action application="intercept" data="${db(select/${domain_name}-last_dial/${callgroup})}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="intercept-ext"> - <condition field="destination_number" expression="^\*\*(\d+)$"> - <action application="answer"/> - <action application="intercept" data="${db(select/${domain_name}-last_dial_ext/$1)}"/> - <action application="sleep" data="2000"/> - </condition> - </extension> - - <extension name="redial"> - <condition field="destination_number" expression="^\*870$"> - <action application="transfer" data="${db(select/${domain_name}-last_dial/${caller_id_number})}"/> - </condition> - </extension> - - <extension name="global" continue="true"> - <condition field="${network_addr}" expression="^$" break="never"> - <action application="set" data="use_profile=${cond(${acl($${local_ip_v4} rfc1918)} == true ? nat : default)}"/> - <anti-action application="set" data="use_profile=${cond(${acl(${network_addr} rfc1918)} == true ? nat : default)}"/> - </condition> - <!-- This will setup some variables if the user isn't authenticated. --> - <condition field="${numbering_plan}" expression="^$" break="never"> - <action application="set_user" data="default@${domain_name}"/> - </condition> - <condition field="${call_debug}" expression="^true$" break="never"> - <action application="info"/> - </condition> - <!-- - This is an example of how to auto detect if telephone-event is missing and activate inband detection - --> - <!-- - <condition field="${switch_r_sdp}" expression="a=rtpmap:(\d+)\stelephone-event/8000" break="never"> - <action application="set" data="rtp_payload_number=$1"/> - <anti-action application="start_dtmf"/> - </condition> - --> - <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never"> - <action application="set" data="sip_secure_media=true"/> - <!-- Offer SRTP on outbound legs if we have it on inbound. --> - <!-- <action application="export" data="sip_secure_media=true"/> --> - </condition> - <condition> - <action application="db" data="insert/${domain_name}-spymap/${caller_id_number}/${uuid}"/> - <action application="db" data="insert/${domain_name}-last_dial/${caller_id_number}/${destination_number}"/> - <action application="db" data="insert/${domain_name}-last_dial/global/${uuid}"/> - </condition> - </extension> - - <!-- If sip_req_host is not a local domain then this has to be an external sip uri --> - <!-- - <extension name="external_sip_uri" continue="true"> - <condition field="source" expression="mod_sofia"/> - <condition field="${outside_call}" expression="^$"/> - <condition field="${domain_exists(${sip_req_host})}" expression="true"> - <anti-action application="bridge" data="sofia/${use_profile}/${sip_to_uri}"/> - </condition> - </extension> - --> - <!-- - snom button demo, call 9000 to make button 2 mapped to transfer the current call to a conference - --> - - <extension name="snom-demo-2"> - <condition field="destination_number" expression="^\*9001$"> - <action application="eval" data="${snom_bind_key(2 off DND ${sip_from_user} ${sip_from_host} ${sofia_profile_name} message notused)}"/> - <action application="transfer" data="3000"/> - </condition> - </extension> - - <extension name="snom-demo-1"> - <condition field="destination_number" expression="^\*9000$"> - <!--<key> <light> <label> <user> <host> <profile> <action_name> <action>--> - <action application="eval" data="${snom_bind_key(2 on DND ${sip_from_user} ${sip_from_host} ${sofia_profile_name} message api+uuid_transfer ${uuid} 9001)}"/> - <action application="playback" data="$${hold_music}"/> - </condition> - </extension> - - <extension name="eavesdrop"> - <condition field="destination_number" expression="^\*88(.*)$|^\*0(.*)$"> - <action application="answer"/> - <action application="eavesdrop" data="${db(select/${domain_name}-spymap/$1)}"/> - </condition> - </extension> - - <extension name="eavesdrop"> - <condition field="destination_number" expression="^\*779$"> - <action application="answer"/> - <action application="set" data="eavesdrop_indicate_failed=tone_stream://%(500, 0, 320)"/> - <action application="set" data="eavesdrop_indicate_new=tone_stream://%(500, 0, 620)"/> - <action application="set" data="eavesdrop_indicate_idle=tone_stream://%(250, 0, 920)"/> - <action application="eavesdrop" data="all"/> - </condition> - </extension> - - <extension name="call_return"> - <condition field="destination_number" expression="^\*69$|^869$|^lcr$"> - <action application="transfer" data="${db(select/${domain_name}-call_return/${caller_id_number})}"/> - </condition> - </extension> - - <extension name="del-group"> - <condition field="destination_number" expression="^\*80(\d{2})$"> - <action application="answer"/> - <action application="group" data="delete:$1@${domain_name}:${sofia_contact(${sip_from_user}@${domain_name})}"/> - <action application="gentones" data="%(1000, 0, 320)"/> - </condition> - </extension> - - <extension name="add-group"> - <condition field="destination_number" expression="^\*81(\d{2})$"> - <action application="answer"/> - <action application="group" data="insert:$1@${domain_name}:${sofia_contact(${sip_from_user}@${domain_name})}"/> - <action application="gentones" data="%(1000, 0, 640)"/> - </condition> - </extension> - - <extension name="call-group-simo"> - <condition field="destination_number" expression="^\*82(\d{2})$"> - <action application="bridge" data="{ignore_early_media=true}${group(call:$1@${domain_name})}"/> - </condition> - </extension> - - <extension name="call-group-order"> - <condition field="destination_number" expression="^\*83(\d{2})$"> - <action application="set" data="call_timeout=10"/> - <action application="bridge" data="{ignore_early_media=true}${group(call:$1@${domain_name}:order)}"/> - </condition> - </extension> - - <extension name="extension-intercom"> - <condition field="destination_number" expression="^\*8(10[01][0-9])$"> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="sip_auto_answer=true"/> - <action application="bridge" data="user/${dialed_extension}@${domain_name}"/> - </condition> - </extension> - - <X-PRE-PROCESS cmd="include" data="default/*.xml"/> - - <!-- - dial the extension 3, 4, or 5 digit extensions for 30 seconds and go to voicemail if the - call fails (continue_on_fail=true), otherwise hang up after a successful - bridge (hangup_after-bridge=true) - --> - <extension name="Local_Extension"> - <condition field="destination_number" expression="(^\d{5}$|^\d{4}$|^\d{3}$)"> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <!-- bind_meta_app can have these args <key> [a|b|ab] [a|b|o|s] <app> --> - <action application="bind_meta_app" data="1 b s execute_extension::dx XML features"/> - <action application="bind_meta_app" data="2 b s record_session::$${base_dir}/recordings/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/> - <action application="bind_meta_app" data="3 b s execute_extension::cf XML features"/> - <action application="set" data="ringback=${us-ring}"/> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="set" data="call_timeout=30"/> - <!-- <action application="set" data="sip_exclude_contact=${network_addr}"/> --> - <action application="set" data="hangup_after_bridge=true"/> - <!--<action application="set" data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,USER_BUSY,NO_ANSWER,TIMEOUT,NO_ROUTE_DESTINATION"/> --> - <action application="set" data="continue_on_fail=true"/> - <action application="db" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/> - <action application="db" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/> - <action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/> - <!--<action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>--> - <action application="db" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/> - <action application="bridge" data="user/${dialed_extension}@${domain_name}"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="group_dial_sales"> - <condition field="destination_number" expression="^\*2000$"> - <action application="bridge" data="${group_call(sales@${domain_name})}"/> - </condition> - </extension> - - <extension name="group_dial_support"> - <condition field="destination_number" expression="^\*2001$"> - <action application="bridge" data="group/support@${domain_name}"/> - </condition> - </extension> - - <extension name="group_dial_billing"> - <condition field="destination_number" expression="^\*2002$"> - <action application="bridge" data="group/billing@${domain_name}"/> - </condition> - </extension> - - <!-- voicemail operator extension --> - <extension name="operator"> - <condition field="destination_number" expression="^operator$|^0$"> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="transfer" data="1000 XML features"/> - </condition> - </extension> - - <!-- voicemail main2 extension --> - <extension name="vmain2"> - <condition field="destination_number" expression="^vmain2$|^\*97$|^\*4000$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="check default ${domain_name}"/> - </condition> - </extension> - - <!-- voicemail main extension --> - <extension name="vmain"> - <condition field="destination_number" expression="^vmain$|^\*98$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="voicemail" data="check default ${domain_name} ${sip_from_user}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_5digits"> - <condition field="destination_number" expression="^\*99(\d{5})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_4digits"> - <condition field="destination_number" expression="^\*99(\d{4})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <extension name="send_to_voicemail_3digits"> - <condition field="destination_number" expression="^\*99(\d{3})$"> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="set" data="dialed_extension=$1"/> - <action application="export" data="dialed_extension=$1"/> - <action application="voicemail" data="default ${domain_name} ${dialed_extension}"/> - </condition> - </extension> - - <!-- dial via SIP uri --> - <extension name="sip_uri"> - <condition field="destination_number" expression="^sip:(.*)$"> - <action application="bridge" data="sofia/${use_profile}/$1"/> - </condition> - </extension> - - <!-- - start a dynamic conference with the settings of the "default" conference profile in conference.conf.xml - --> - <extension name="nb_conferences"> - <condition field="destination_number" expression="^\*(30\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@default"/> - </condition> - </extension> - - <extension name="wb_conferences"> - <condition field="destination_number" expression="^\*(31\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@wideband"/> - </condition> - </extension> - - <extension name="uwb_conferences"> - <condition field="destination_number" expression="^\*(32\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@ultrawideband"/> - </condition> - </extension> - <!-- MONO 48kHz conferences --> - <extension name="cdquality_conferences"> - <condition field="destination_number" expression="^\*(33\d{2})$"> - <action application="answer"/> - <action application="conference" data="$1-${domain_name}@cdquality"/> - </condition> - </extension> - - <!-- dial the freeswitch conference via SIP--> - <extension name="freeswitch_public_conf_via_sip"> - <condition field="destination_number" expression="^\*9(888|1616|3232)$"> - <action application="export" data="hold_music=silence"/> - <action application="bridge" data="sofia/${use_profile}/$1@conference.freeswitch.org"/> - </condition> - </extension> - - <!-- - This extension will start a conference and invite a group. - At anytime the participant can dial *2 to bridge directly to the boss. - All other callers are then hung up on. - --> - <extension name="mad_boss_intercom"> - <condition field="destination_number" expression="^\*0911$"> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss1"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0911"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=mute"/> - <action application="set" data="conference_auto_outcall_prefix={sip_auto_answer=true,execute_on_answer='bind_meta_app 2 a s1 transfer::intercept:${uuid} inline'}"/> - <action application="set" data="sip_exclude_contact=${network_addr}"/> - <action application="conference_set_auto_outcall" data="${group_call(sales)}"/> - <action application="conference" data="madboss_intercom1@default+flags{endconf|deaf}"/> - </condition> - </extension> - - <!-- - This extension will start a conference and invite a few of people. - At anytime the participant can dial *2 to bridge directly to the boss. - All other callers are then hung up on. - --> - <extension name="mad_boss_intercom"> - <condition field="destination_number" expression="^\*0912$"> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss2"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0912"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=mute"/> - <action application="set" data="conference_auto_outcall_prefix={sip_auto_answer=true,execute_on_answer='bind_meta_app 2 a s1 transfer::intercept:${uuid} inline'}"/> - <action application="set" data="sip_exclude_contact=${network_addr}"/> - <action application="conference_set_auto_outcall" data="loopback/9999"/> - <action application="conference" data="madboss_intercom2@default+flags{endconf|deaf}"/> - </condition> - </extension> - - <!--This extension will start a conference and invite several people upon entering --> - <extension name="mad_boss"> - <condition field="destination_number" expression="^\*0913$"> - <!--These params effect the outcalls made once you join--> - <action application="set" data="conference_auto_outcall_caller_id_name=Mad Boss"/> - <action application="set" data="conference_auto_outcall_caller_id_number=0911"/> - <action application="set" data="conference_auto_outcall_timeout=60"/> - <action application="set" data="conference_auto_outcall_flags=none"/> - <!--<action application="set" data="conference_auto_outcall_announce=say:You have been called into an emergency conference"/>--> - <!--Add as many of these as you need, These are the people you are going to call--> - <action application="conference_set_auto_outcall" data="loopback/9999"/> - <action application="conference" data="madboss3@default"/> - </condition> - </extension> - - <!-- a sample IVR --> - <extension name="ivr_demo"> - <condition field="destination_number" expression="^\*5000$"> - <action application="answer"/> - <action application="sleep" data="2000"/> - <action application="ivr" data="demo_ivr"/> - </condition> - </extension> - - <!-- Create a conference on the fly and pull someone in at the same time. --> - <extension name="dynamic_conference"> - <condition field="destination_number" expression="^\*5001$"> - <action application="conference" data="bridge:mydynaconf:sofia/${use_profile}/1234@conference.freeswitch.org"/> - </condition> - </extension> - - <extension name="rtp_multicast_page"> - <condition field="destination_number" expression="^\*pagegroup$|^\*7243"> - <action application="answer"/> - <action application="esf_page_group"/> - </condition> - </extension> - - <!-- - Parking extensions... transferring calls to 5900 will park them in a queue. - --> - <extension name="park"> - <condition field="destination_number" expression="^\*5900$"> - <action application="set" data="fifo_music=$${hold_music}"/> - <action application="fifo" data="5900@${domain_name} in"/> - </condition> - </extension> - - <!-- - Parking pickup extension. Calling 5901 will pickup the call. - --> - <extension name="unpark"> - <condition field="destination_number" expression="^\*5901$"> - <action application="answer"/> - <action application="fifo" data="5900@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - This extension is used with snom phones. - - Set a function key to park+lot (lot being a number or name.) - Set type to Park+Orbit. You can then park and pickup using - the softkey on the phone. Should work with other phones. - --> - <extension name="park"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="park\+(\d+)"> - <action application="fifo" data="$1@${domain_name} in undef $${hold_music}"/> - </condition> - </extension> - <!-- - The extension is parking pickup with a to param of the fifo we are calling - Some phones send things like orbit= and you can extract that info. - --> - <extension name="unpark"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="^parking$"/> - <condition field="${sip_to_params}" expression="fifo\=(\d+)"> - <action application="answer"/> - <action application="fifo" data="$1@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - This extension is used with linksys phones. - - Set a Phone tab option Call Park Serv to yes. You can park and - pickup using soft keys "park" and "unpark" found during - active call when moving navigation button. The other option - is to use phone's star codes (defaults to *38 and *39). - --> - <extension name="park"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="callpark"/> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:callpark@${domain_name};orbit=(\d+)>]]></expression> - <action application="fifo" data="$1@${domain_name} in undef $${hold_music}"/> - </condition> - </extension> - - <!-- - This extension is used with linksys phones. - - The extension is parking pickup with a to param of the fifo - we are calling. Linksys sends orbit=<parkingslotnumber> - and we extract that info. - --> - <extension name="unpark"> - <condition field="source" expression="mod_sofia"/> - <condition field="destination_number" expression="pickup"/> - <condition field="${sip_to_params}" expression="orbit\=(\d+)"> - <action application="answer"/> - <action application="fifo" data="$1@${domain_name} out nowait"/> - </condition> - </extension> - - <!-- - Here are some examples of how to override the ringback heard by the - far end. You have two variables that you can use to override this. - - ringback - used when a call isn't answered. (early media) - transfer_ringback - used when the call is already answered. (post answer) - --> - - <!-- Demonstration of how to override the ringback in various situations --> - <extension name="wait"> - <condition field="destination_number" expression="^wait$"> - <action application="pre_answer"/> - <action application="sleep" data="20000"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="playback" data="voicemail/vm-goodbye.wav"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="fax_receive"> - <condition field="destination_number" expression="^\*9978$"> - <action application="answer" /> - <action application="playback" data="silence_stream://2000"/> - <action application="rxfax" data="/tmp/rxfax.tif"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="fax_transmit"> - <condition field="destination_number" expression="^\*9979$"> - <action application="txfax" data="/tmp/txfax.tif"/> - <action application="hangup"/> - </condition> - </extension> - - <!-- Send a 180 and let the far end generate ringback. --> - <extension name="ringback_180"> - <condition field="destination_number" expression="^\*9980$"> - <action application="ring_ready"/> - <action application="sleep" data="20000"/> - <action application="answer"/> - <action application="sleep" data="1000"/> - <action application="playback" data="voicemail/vm-goodbye.wav"/> - <action application="hangup"/> - </condition> - </extension> - - <!-- Send a 183 and send uk-ring as the ringtone. (early media) --> - <extension name="ringback_183_uk_ring"> - <condition field="destination_number" expression="^\*9981$"> - <action application="set" data="ringback=$${uk-ring}"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Send a 183 and use music as the ringtone. (early media) --> - <extension name="ringback_183_music_ring"> - <condition field="destination_number" expression="^\*9982$"> - <action application="set" data="ringback=$${hold_music}"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Answer the call and use music as the ringtone. (post answer) --> - <extension name="ringback_post_answer_uk_ring"> - <condition field="destination_number" expression="^\*9983$"> - <action application="set" data="transfer_ringback=$${uk-ring}"/> - <action application="answer"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <!-- Answer the call and use music as the ringtone. (post answer) --> - <extension name="ringback_post_answer_music"> - <condition field="destination_number" expression="^\*9984$"> - <action application="set" data="transfer_ringback=$${hold_music}"/> - <action application="answer"/> - <action application="bridge" data="loopback/wait"/> - </condition> - </extension> - - <extension name="ClueCon"> - <condition field="destination_number" expression="^\*9991$"> - <action application="set" data="effective_caller_id_name=ClueCon"/> - <action application="bridge" data="sofia/$${domain}/brian@bkw.org"/> - </condition> - </extension> - - <extension name="show_info"> - <condition field="destination_number" expression="^\*9992$"> - <action application="answer"/> - <action application="info"/> - <action application="sleep" data="250"/> - <action application="hangup"/> - </condition> - </extension> - - <extension name="video_record"> - <condition field="destination_number" expression="^\*9993$"> - <action application="answer"/> - <action application="record_fsv" data="/tmp/testrecord.fsv"/> - </condition> - </extension> - - <extension name="video_playback"> - <condition field="destination_number" expression="^\*9994$"> - <action application="answer"/> - <action application="play_fsv" data="/tmp/testrecord.fsv"/> - </condition> - </extension> - - <extension name="delay_echo"> - <condition field="destination_number" expression="^\*9995$"> - <action application="answer"/> - <action application="delay_echo" data="5000"/> - </condition> - </extension> - - <extension name="echo"> - <condition field="destination_number" expression="^\*9996$"> - <action application="answer"/> - <action application="echo"/> - </condition> - </extension> - - <extension name="milliwatt"> - <condition field="destination_number" expression="^\*9997$"> - <action application="answer"/> - <action application="playback" data="tone_stream://%(10000,0,1004);loops=-1"/> - </condition> - </extension> - - <extension name="tone_stream"> - <condition field="destination_number" expression="^\*9998$"> - <action application="answer"/> - <action application="playback" data="tone_stream://path=${base_dir}/conf/tetris.ttml;loops=10"/> - </condition> - </extension> - - <!-- install zrtp_agent.lua into scripts (ZRTP == 9787) --> - <extension name="zrtp_enrollement"> - <condition field="destination_number" expression="^9787$"> - <action application="answer"/> - <action application="lua" data="zrtp_agent.lua"/> - </condition> - </extension> - - <!-- - You will no longer hear the bong tone. The wav file is playing stating the call is secure. - The file will not play unless you have both TLS and SRTP active. - --> - - <extension name="hold_music"> - <condition field="destination_number" expression="^\*9999$"/> - <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"> - <action application="answer"/> - <action application="execute_extension" data="is_secure XML features"/> - <action application="playback" data="$${hold_music}"/> - <anti-action application="set" data="zrtp_secure_media=true"/> - <anti-action application="answer"/> - <anti-action application="playback" data="silence_stream://2000"/> - <anti-action application="execute_extension" data="is_zrtp_secure XML features"/> - <anti-action application="playback" data="$${hold_music}"/> - </condition> - </extension> - - <!-- - You can place files in the default directory to get included. - --> - <!--<X-PRE-PROCESS cmd="include" data="default/*.xml"/>--> - - <!-- - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - - Anything you put below this line will usually get ignored due to the file in - default/99999_enum.xml as it will transfer the call to the enum dialplan. - - WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - --> - - <extension name="enum"> - <condition field="${module_exists(mod_enum)}" expression="true"/> - <condition field="destination_number" expression="^(.*)$"> - <action application="transfer" data="$1 enum"/> - </condition> - </extension> - - <!-- - <extension name="refer"> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:${destination_number}@${domain_name}>]]></expression> - </condition> - <condition field="${sip_refer_to}"> - <expression><![CDATA[<sip:(.*)@(.*)>]]></expression> - <action application="set" data="refer_user=$1"/> - <action application="set" data="refer_domain=$2"/> - <action application="info"/> - <action application="bridge" data="sofia/${use_profile}/${refer_user}@${refer_domain}"/> - </condition> - </extension> - --> - <!-- - This is an example of how to override the RURI on an outgoing invite to a registered contact. - --> - <!-- - <extension name="ruri"> - <condition field="destination_number" expression="^ruri$"> - <action application="bridge" data="sofia/${ruri_profile}/${ruri_user}${regex(${sofia_contact(${ruri_contact})}|^[^\@]+(.*)|%1)}"/> - </condition> - </extension> - - <extension name="7004"> - <condition field="destination_number" expression="^\*7004$"> - <action application="set" data="ruri_profile=default"/> - <action application="set" data="ruri_user=2000"/> - <action application="set" data="ruri_contact=1001@${domain_name}"/> - <action application="execute_extension" data="ruri"/> - </condition> - </extension> - --> - - <!-- SEE WARNING ABOVE IF YOU ARE TRYING TO ADD EXTENSIONS HERE! --> - - </context> -</include> diff --git a/config/freeswitch_dev/dialplan.public.xml b/config/freeswitch_dev/dialplan.public.xml deleted file mode 100644 index f30227e0..00000000 --- a/config/freeswitch_dev/dialplan.public.xml +++ /dev/null @@ -1,69 +0,0 @@ -<!-- - NOTICE: - - This context is usually accessed via the external sip profile sitting on port 5080. - - It is recommended to have separate inbound and outbound contexts. Not only for security - but clearing up why you would need to do such a thing. You don't want outside un-authenticated - callers hitting your default context which allows dialing calls thru your providers and results - in Toll Fraud. ---> - -<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML --> -<include> - <context name="public"> - - <extension name="unloop"> - <condition field="${unroll_loops}" expression="^true$"/> - <condition field="${sip_looped_call}" expression="^true$"> - <action application="deflect" data="${destination_number}"/> - </condition> - </extension> - <!-- - Tag anything pass thru here as an outside_call so you can make sure not - to create any routing loops based on the conditions that it came from - the outside of the switch. - --> - <extension name="outside_call" continue="true"> - <condition> - <action application="set" data="outside_call=true"/> - </condition> - </extension> - - <extension name="call_debug" continue="true"> - <condition field="${call_debug}" expression="^true$" break="never"> - <action application="info"/> - </condition> - </extension> - - <!-- - <extension name="public_extensions"> - <condition field="destination_number" expression="^(10[01][0-9])$"> - <action application="transfer" data="$1 XML default"/> - </condition> - </extension> - --> - - <!-- - You can place files in the public directory to get included. - --> - <X-PRE-PROCESS cmd="include" data="public/*.xml"/> - <!-- - If you have made it this far lets challenge the caller and if they authenticate - lets try what they dialed in the default context. (commented out by default) - --> - <!-- - <extension name="check_auth" continue="true"> - <condition field="${sip_authorized}" expression="^true$" break="never"> - <anti-action application="respond" data="407"/> - </condition> - </extension> - - <extension name="transfer_to_default"> - <condition> - <action application="transfer" data="${destination_number} XML default"/> - </condition> - </extension> - --> - </context> -</include> diff --git a/config/freeswitch_dev/disa.js b/config/freeswitch_dev/disa.js deleted file mode 100644 index f705b79c..00000000 --- a/config/freeswitch_dev/disa.js +++ /dev/null @@ -1,78 +0,0 @@ -include("/usr/local/freeswitch/scripts/config.js"); - - //var admin_pin = ""; //don't require a pin - //if you choose not to require a pin then then you may want to add a dialplan condition for a specific caller id - var predefined_destination = ""; //example: 9999 - //predefined_destination leave empty in most cases - //Use this to define a single destination - var digitmaxlength = 0; - var timeoutpin = 7500; - var timeouttransfer = 7500; - - function mycb( session, type, obj, arg ) { - try { - if ( type == "dtmf" ) { - console_log( "info", "digit: "+obj.digit+"\n" ); - if ( obj.digit == "#" ) { - //console_log( "info", "detected pound sign.\n" ); - exit = true; - return( false ); - } - - dtmf.digits += obj.digit; - - if ( dtmf.digits.length >= digitmaxlength ) { - exit = true; - return( false ); - } - } - } catch (e) { - console_log( "err", e+"\n" ); - } - return( true ); - } //end function mycb - - - //console_log( "info", "DISA Request\n" ); - - var dtmf = new Object( ); - dtmf.digits = ""; - - if ( session.ready( ) ) { - session.answer( ); - - if (admin_pin.length > 0) { - digitmaxlength = 6; - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav", mycb, "dtmf"); - session.collectInput( mycb, dtmf, timeoutpin ); - //console_log( "info", "DISA pin: " + dtmf.digits + "\n" ); - } - - if (dtmf.digits == admin_pin || admin_pin.length == 0) { - - //console_log( "info", "DISA pin is correct\n" ); - - us_ring = session.getVariable("us-ring"); - session.execute("set", "ringback="+us_ring); //set to ringtone - session.execute("set", "transfer_ringback="+us_ring); //set to ringtone - session.execute("set", "hangup_after_bridge=true"); - - if (predefined_destination.length == 0) { - dtmf.digits = ""; //clear dtmf digits to prepare for next dtmf request - digitmaxlength = 11; - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_phone_number.wav", mycb, "dtmf"); - session.collectInput( mycb, dtmf, timeouttransfer ); - console_log( "info", "DISA Transfer: " + dtmf.digits + "\n" ); - session.execute("transfer", dtmf.digits + " XML default"); - } - else { - session.execute("transfer", predefined_destination + " XML default"); - } - - } - else { - session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav", mycb, "dtmf"); - console_log( "info", "DISA Pin: " + dtmf.digits + " is incorrect\n" ); - } - - } diff --git a/config/freeswitch_dev/fax_to_email.tmp b/config/freeswitch_dev/fax_to_email.tmp deleted file mode 100644 index fcd6af06..00000000 --- a/config/freeswitch_dev/fax_to_email.tmp +++ /dev/null @@ -1,182 +0,0 @@ -<?php -/* $Id$ */ -/* - fax_to_email.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - FreeSWITCH (TM) - http://www.freeswitch.org/ - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("/etc/inc/config.inc"); -require_once("/usr/local/pkg/freeswitch.inc"); -global $config; - -ob_end_clean(); -ob_start(); - -echo "\n---------------------------------\n"; - - -$phpversion = substr(phpversion(), 0, 1); -if ($phpversion == '4') { - $faxemail = $_REQUEST["email"]; - $faxextension = $_REQUEST["extension"]; - $faxname = $_REQUEST["name"]; -} -else { - $tmparray = explode("=", $_SERVER["argv"][1]); - $faxemail = $tmparray[1]; - unset($tmparray); - - $tmparray = explode("=", $_SERVER["argv"][2]); - $faxextension = $tmparray[1]; - unset($tmparray); - - $tmparray = explode("=", $_SERVER["argv"][3]); - $faxname = $tmparray[1]; - unset($tmparray); -} - -//echo "faxemail $faxemail\n"; -//echo "faxextension $faxextension\n"; -//echo "faxname $faxname\n"; -//echo "cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".png\n"; - - -$dir_fax = '/usr/local/freeswitch/storage/fax/'.$faxextension.'/inbox/'; - - -if (!file_exists($dir_fax.$faxname.".png")) { - //cd /usr/local/freeswitch/storage/fax/9975/inbox/;/usr/local/bin/tiff2png /usr/local/freeswitch/storage/fax/9975/inbox/1001-2009-06-06-01-15-11.tif - //echo "cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".tif\n"; - exec("cd $dir_fax; /usr/local/bin/tiff2png ".$dir_fax.$faxname.".tif"); -} - -if (!file_exists($dir_fax.$faxname.".pdf")) { - //echo "cd $dir_fax; /usr/local/bin/tiff2pdf -f -o ".$faxname.".pdf ".$dir_fax.$faxname.".tif\n"; - exec("cd $dir_fax; /usr/local/bin/tiff2pdf -f -o ".$faxname.".pdf ".$dir_fax.$faxname.".tif"); -} - - -$tmp_subject = "Fax Received: ".$faxname; -$tmp_textplain = "\nFax Received:\n"; -$tmp_textplain .= "Name: ".$faxname."\n"; -$tmp_textplain .= "Extension: ".$faxextension."\n"; -$tmp_texthtml = $tmp_textplain; - - -$tmp_smtphost = $config['installedpackages']['freeswitchsettings']['config'][0]['smtphost']; -$tmp_smtpsecure = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpsecure']; //options "", "TLS", "SSL" -$tmp_smtpsecure = strtolower($tmp_smtpsecure); -$tmp_smtpauth = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpauth']; // SMTP authentication: true or false -$tmp_smtpusername = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpusername']; -$tmp_smtppassword = $config['installedpackages']['freeswitchsettings']['config'][0]['smtppassword']; -$tmp_smtpfrom = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfrom']; -$tmp_smtpfromname = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfromname']; - -ini_set(max_execution_time,900); //15 minutes -ini_set('memory_limit', '96M'); -$fd = fopen("php://stdin", "r"); - -$email = file_get_contents ("php://stdin"); - -fclose($fd); - -if($fd){ - $fp = fopen("/tmp/faxtoemail.txt", "w"); -} - - - - - - - -//send the email - - include "/usr/local/www/packages/freeswitch/class.phpmailer.php"; - include "/usr/local/www/packages/freeswitch/class.smtp.php"; // optional, gets called from within class.phpmailer.php if not already loaded - - $mail = new PHPMailer(); - - $mail->IsSMTP(); // set mailer to use SMTP - if ($tmp_smtpauth == "true") { - $mail->SMTPAuth = $tmp_smtpauth; // turn on/off SMTP authentication - } - $mail->Host = $tmp_smtphost; - if (strlen($tmp_smtpsecure)>0) { - $mail->SMTPSecure = $tmp_smtpsecure; - } - if ($tmp_smtpusername) { - $mail->Username = $tmp_smtpusername; - $mail->Password = $tmp_smtppassword; - } - $mail->SMTPDebug = 2; - - echo "tmp_smtpfrom: $tmp_smtpfrom\n"; - echo "tmp_smtpfromname: $tmp_smtpfromname\n"; - echo "tmp_subject: $tmp_subject\n"; - - $mail->From = $tmp_smtpfrom; - $mail->FromName = $tmp_smtpfromname; - $mail->Subject = $tmp_subject; - $mail->AltBody = $tmp_textplain; // optional, comment out and test - $mail->MsgHTML($tmp_texthtml); - - - $tmp_to = $faxemail; - $tmp_to = str_replace(";", ",", $tmp_to); - $tmp_to_array = split(",", $tmp_to); - foreach($tmp_to_array as $tmp_to_row) { - if (strlen($tmp_to_row) > 0) { - echo "tmp_to_row: $tmp_to_row\n"; - $mail->AddAddress($tmp_to_row); - } - } - - if (strlen($faxname) > 0) { - $mail->AddAttachment($dir_fax.$faxname.'.tif'); // tif attachment - $mail->AddAttachment($dir_fax.$faxname.'.pdf'); // pdf attachment - $mail->AddAttachment($dir_fax.$faxname.'.png'); // png attachment - //$filename='fax.tif'; $encoding = "base64"; $type = "image/tif"; - //$mail->AddStringAttachment(base64_decode($strfax),$filename,$encoding,$type); - } - - if(!$mail->Send()) { - echo "Mailer Error: " . $mail->ErrorInfo; - } - else { - echo "Message sent!"; - } - - -$content = ob_get_contents(); //get the output from the buffer -ob_end_clean(); //clean the buffer - -fwrite($fp, $content); -fclose($fp); - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/freeswitch.xml b/config/freeswitch_dev/freeswitch.xml deleted file mode 100644 index ed6f2320..00000000 --- a/config/freeswitch_dev/freeswitch.xml +++ /dev/null @@ -1,262 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - freeswitch.xml - Copyright (C) 2008 Mark J Crane - All rights reserved - - FreeSWITCH (TM) - http://www.freeswitch.org/ -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/* ========================================================================== */ - ]]> - </copyright> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Settings</name> - <version>0.9.7.25</version> - <title>Settings</title> - <include_file>/usr/local/pkg/v_config.inc</include_file> - <menu> - <name>FreeSWITCH</name> - <tooltiptext>Modify FreeSWITCH settings.</tooltiptext> - <section>Services</section> - <configfile>freeswitch.xml</configfile> - <url>/packages/freeswitch/v_settings.php</url> - </menu> - <service> - <name>freeswitch</name> - <rcfile>freeswitch.sh</rcfile> - <executable>freeswitch</executable> - <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/packages/freeswitch/v_settings.php</url> - <active/> - </tab> - <tab> - <text>Dialplan</text> - <url>/packages/freeswitch/v_dialplan_includes.php</url> - </tab> - <tab> - <text>Extensions</text> - <url>/packages/freeswitch/v_extensions.php</url> - </tab> - <tab> - <text>Features</text> - <url>/packages/freeswitch/v_features.php</url> - </tab> - <tab> - <text>Gateways</text> - <url>/packages/freeswitch/v_gateways.php</url> - </tab> - <tab> - <text>Profiles</text> - <url>/packages/freeswitch/v_profiles.php</url> - </tab> - <tab> - <text>Public</text> - <url>/packages/freeswitch/v_public_includes.php</url> - </tab> - <tab> - <text>Status</text> - <url>/packages/freeswitch/v_status.php</url> - </tab> - <tab> - <text>Vars</text> - <url>/packages/freeswitch/v_vars.php</url> - </tab> - </tabs> - <configpath>installedpackages->package->$packagename->configuration->freeswitchsettings</configpath> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/freeswitch_dev/v_config.inc</item> - </additional_files_needed> - <fields> - <field> - <fielddescr>Numbering Plan</fielddescr> - <fieldname>numbering_plan</fieldname> - <description>Enter the numbering plan here. example: US</description> - <type>input</type> - </field> - <field> - <fielddescr>Default Gateway</fielddescr> - <fieldname>default_gateway</fieldname> - <description>Enter the default gateway name here.</description> - <type>input</type> - </field> - <field> - <fielddescr>Default Area Code</fielddescr> - <fieldname>default_area_code</fieldname> - <description>Enter the area code here. example: 918</description> - <type>input</type> - </field> - <field> - <fielddescr>Event Socket Port</fielddescr> - <fieldname>event_socket_port</fieldname> - <description>Enter the event socket port here. default: 8021</description> - <type>input</type> - </field> - <field> - <fielddescr>Event Socket Password</fielddescr> - <fieldname>event_socket_password</fieldname> - <description>Enter the event socket password here. default: ClueCon</description> - <type>password</type> - </field> - <field> - <fielddescr>XML RPC HTTP Port</fielddescr> - <fieldname>xml_rpc_http_port</fieldname> - <description>Enter the XML RPC HTTP Port here. default: 8787</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth Realm</fielddescr> - <fieldname>xml_rpc_auth_realm</fieldname> - <description>Enter the XML RPC Auth Realm here. default: freeswitch</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth User</fielddescr> - <fieldname>xml_rpc_auth_user</fieldname> - <description>Enter the XML RPC Auth User here. default: freeswitch</description> - <type>input</type> - </field> - <field> - <fielddescr>XML RPC Auth Password</fielddescr> - <fieldname>xml_rpc_auth_pass</fieldname> - <description>Enter the XML RPC Auth Password here. default: works</description> - <type>password</type> - </field> - <field> - <fielddescr>Admin PIN Number</fielddescr> - <fieldname>admin_pin</fieldname> - <description>Enter a admin pin number. Used to authenticate the admin from the phone.</description> - <type>password</type> - </field> - <field> - <fielddescr>SMTP Host</fielddescr> - <fieldname>smtphost</fieldname> - <description>Enter the SMTP host address. If you using a different port append it on the end with a colon. e.g. smtp.gmail.com:465</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP Secure</fielddescr> - <fieldname>smtpsecure</fieldname> - <description>Select the SMTP security. None, TLS, SSL</description> - <type>select</type> - <options> - <option> - <name>none</name> - <value></value> - </option> - <option> - <name>tls</name> - <value>tls</value> - </option> - <option> - <name>ssl</name> - <value>ssl</value> - </option> - </options> - </field> - <field> - <fielddescr>SMTP Auth</fielddescr> - <fieldname>smtpauth</fieldname> - <description>Use SMTP Authentication true or false.</description> - <type>select</type> - <options> - <option> - <name>true</name> - <value>true</value> - </option> - <option> - <name>false</name> - <value>false</value> - </option> - </options> - </field> - <field> - <fielddescr>SMTP Username</fielddescr> - <fieldname>smtpusername</fieldname> - <description>Enter the SMTP authentication username.</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP Password</fielddescr> - <fieldname>smtppassword</fieldname> - <description>Enter the SMTP authentication password.</description> - <type>password</type> - </field> - <field> - <fielddescr>SMTP From</fielddescr> - <fieldname>smtpfrom</fieldname> - <description>Enter the SMTP From email address.</description> - <type>input</type> - </field> - <field> - <fielddescr>SMTP From Name</fielddescr> - <fieldname>smtpfromname</fieldname> - <description>Enter the SMTP From Name.</description> - <type>input</type> - </field> - <field> - <fielddescr>Mod Shout Decoder</fielddescr> - <fieldname>mod_shout_decoder</fieldname> - <description>Enter the Decoder. default: i386</description> - <type>input</type> - </field> - <field> - <fielddescr>Mod Shout Volume</fielddescr> - <fieldname>mod_shout_volume</fieldname> - <description>Enter the Volume. default: 0.3</description> - <type>input</type> - </field> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_package_v_settings(); - </custom_php_resync_config_command> - <custom_delete_php_command> - sync_package_v_settings(); - </custom_delete_php_command> - <custom_php_install_command> - v_install_phase_1(); - </custom_php_install_command> - <custom_php_deinstall_command> - v_deinstall_command(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/freeswitch_dev/index.tmp b/config/freeswitch_dev/index.tmp deleted file mode 100644 index 68984113..00000000 --- a/config/freeswitch_dev/index.tmp +++ /dev/null @@ -1,5 +0,0 @@ -<?php - -header( 'Location: /' ); - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/libcurl.so.5 b/config/freeswitch_dev/libcurl.so.5 Binary files differdeleted file mode 100755 index 3d57856f..00000000 --- a/config/freeswitch_dev/libcurl.so.5 +++ /dev/null diff --git a/config/freeswitch_dev/libiconv.so.3 b/config/freeswitch_dev/libiconv.so.3 Binary files differdeleted file mode 100755 index f207e92c..00000000 --- a/config/freeswitch_dev/libiconv.so.3 +++ /dev/null diff --git a/config/freeswitch_dev/libncurses.so.5.6 b/config/freeswitch_dev/libncurses.so.5.6 Binary files differdeleted file mode 100755 index 3b40374c..00000000 --- a/config/freeswitch_dev/libncurses.so.5.6 +++ /dev/null diff --git a/config/freeswitch_dev/libncurses.so.5.7 b/config/freeswitch_dev/libncurses.so.5.7 Binary files differdeleted file mode 100755 index 3b40374c..00000000 --- a/config/freeswitch_dev/libncurses.so.5.7 +++ /dev/null diff --git a/config/freeswitch_dev/libodbc.so.1 b/config/freeswitch_dev/libodbc.so.1 Binary files differdeleted file mode 100755 index eb7cb3af..00000000 --- a/config/freeswitch_dev/libodbc.so.1 +++ /dev/null diff --git a/config/freeswitch_dev/libogg.so.5.3 b/config/freeswitch_dev/libogg.so.5.3 Binary files differdeleted file mode 100755 index d230b68e..00000000 --- a/config/freeswitch_dev/libogg.so.5.3 +++ /dev/null diff --git a/config/freeswitch_dev/libspandsp.so.1 b/config/freeswitch_dev/libspandsp.so.1 Binary files differdeleted file mode 100755 index 177b8c22..00000000 --- a/config/freeswitch_dev/libspandsp.so.1 +++ /dev/null diff --git a/config/freeswitch_dev/libtinfo.so.5.6 b/config/freeswitch_dev/libtinfo.so.5.6 Binary files differdeleted file mode 100755 index 1263ec79..00000000 --- a/config/freeswitch_dev/libtinfo.so.5.6 +++ /dev/null diff --git a/config/freeswitch_dev/libvorbis.so.4 b/config/freeswitch_dev/libvorbis.so.4 Binary files differdeleted file mode 100755 index ec91ac85..00000000 --- a/config/freeswitch_dev/libvorbis.so.4 +++ /dev/null diff --git a/config/freeswitch_dev/originate.js b/config/freeswitch_dev/originate.js deleted file mode 100644 index a7c6fa2e..00000000 --- a/config/freeswitch_dev/originate.js +++ /dev/null @@ -1,84 +0,0 @@ -var uuid = argv[0]; -var sipuri = argv[1]; -var extension = argv[2]; -var caller_announce = argv[3]; -var caller_id_name = argv[4]; -var caller_id_number = argv[5]; -var tmp_sipuri; - -caller_id_name = caller_id_name.replace("+", " "); -//console_log( "info", "caller_announce: "+caller_announce+"\n" ); - -function originate (session, sipuri, extension, caller_announce, caller_id_name, caller_id_number) { - - var dtmf = new Object(); - var cid; - dtmf.digits = ""; - cid = ",origination_caller_id_name="+caller_id_name+",origination_caller_id_number="+caller_id_number; - - new_session = new Session("{ignore_early_media=true"+cid+"}"+sipuri); - new_session.execute("set", "call_timeout=30"); - - if ( new_session.ready() ) { - - console_log( "info", "followme: new_session uuid "+new_session.uuid+"\n" ); - console_log( "info", "followme: no dtmf detected\n" ); - - digitmaxlength = 1; - while (new_session.ready()) { - - if (caller_announce.length > 0) { - new_session.streamFile( "/tmp/"+caller_announce); - } - new_session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav"); - if (new_session.ready()) { - if (dtmf.digits.length == 0) { - dtmf.digits += new_session.getDigits(1, "#", 10000); // 10 seconds - if (dtmf.digits.length == 0) { - - } - else { - break; //dtmf found end the while loop - } - } - } - } - - if ( dtmf.digits.length > "0" ) { - if ( dtmf.digits == "1" ) { - console_log( "info", "followme: call accepted\n" ); //accept - new_session.execute("fifo", extension+"@${domain_name} out nowait"); - return true; - } - else if ( dtmf.digits == "2" ) { - console_log( "info", "followme: call rejected\n" ); //reject - new_session.hangup; - return false; - } - else if ( dtmf.digits == "3" ) { - console_log( "info", "followme: call sent to voicemail\n" ); //reject - new_session.hangup; - exit; - return true; - } - - } - else { - console_log( "info", "followme: no dtmf detected\n" ); //reject - new_session.hangup; - return false; - } - - } -} - -sipuri_array = sipuri.split(","); -for (i = 0; i < sipuri_array.length; i++){ - tmp_sipuri = sipuri_array[i]; - console_log("info", "tmp_sipuri: "+tmp_sipuri); - result = originate (session, tmp_sipuri, extension, caller_announce, caller_id_name, caller_id_number); - if (result) { - break; - exit; - } -}
\ No newline at end of file diff --git a/config/freeswitch_dev/please_enter_the_extension_number.wav b/config/freeswitch_dev/please_enter_the_extension_number.wav Binary files differdeleted file mode 100644 index d9384b0f..00000000 --- a/config/freeswitch_dev/please_enter_the_extension_number.wav +++ /dev/null diff --git a/config/freeswitch_dev/please_enter_the_phone_number.wav b/config/freeswitch_dev/please_enter_the_phone_number.wav Binary files differdeleted file mode 100644 index 9cb4057b..00000000 --- a/config/freeswitch_dev/please_enter_the_phone_number.wav +++ /dev/null diff --git a/config/freeswitch_dev/please_enter_the_pin_number.wav b/config/freeswitch_dev/please_enter_the_pin_number.wav Binary files differdeleted file mode 100644 index 107728a5..00000000 --- a/config/freeswitch_dev/please_enter_the_pin_number.wav +++ /dev/null diff --git a/config/freeswitch_dev/please_enter_your_pin_number.wav b/config/freeswitch_dev/please_enter_your_pin_number.wav Binary files differdeleted file mode 100755 index 46263917..00000000 --- a/config/freeswitch_dev/please_enter_your_pin_number.wav +++ /dev/null diff --git a/config/freeswitch_dev/please_say_your_name_and_reason_for_calling.wav b/config/freeswitch_dev/please_say_your_name_and_reason_for_calling.wav Binary files differdeleted file mode 100644 index 325a879d..00000000 --- a/config/freeswitch_dev/please_say_your_name_and_reason_for_calling.wav +++ /dev/null diff --git a/config/freeswitch_dev/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav b/config/freeswitch_dev/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav Binary files differdeleted file mode 100644 index 9c01616a..00000000 --- a/config/freeswitch_dev/press_1_to_accept_2_to_reject_or_3_for_voicemail.wav +++ /dev/null diff --git a/config/freeswitch_dev/v_auto_attendant.tmp b/config/freeswitch_dev/v_auto_attendant.tmp deleted file mode 100644 index 63e79978..00000000 --- a/config/freeswitch_dev/v_auto_attendant.tmp +++ /dev/null @@ -1,183 +0,0 @@ -<?php -/* $Id$ */ -/* - v_auto_attendant.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_ivr = &$config['installedpackages']['freeswitchivr']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'ivr') { - if ($a_ivr[$_GET['id']]) { - unlink($v_scripts_dir."/ivr_".$_GET['ivrid'].".js"); - unset($a_ivr[$_GET['id']]); - write_config(); - sync_package_v_ivr(); - header("Location: v_auto_attendant.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Auto Attendant</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_auto_attendant.php" method="post" name="iform" id="iform"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Auto Attendant<br /> - </strong></span> - Auto Attendant provides callers the ability to choose between multiple options that direct - calls to extensions, voicemail, conferences, queues, other auto attendants, and external phone numbers. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Name</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_auto_attendant_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr) > 0) { - foreach ($a_ivr as $ent) { - if (strlen($ent['ivrid']) > 0) { - - $ivrid = str_replace(array("{", "}"), "", $ent['ivrid']); - - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_auto_attendant_edit.php?id=<?=$i;?>'"> - <?=$ent['ivrextension']?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_edit.php?id=<?=$i;?>';"> - <?=$ent['ivrname'];?> - </td> - <td class="listbg" ondblclick="document.location='v_auto_attendant_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['ivrdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_auto_attendant_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_auto_attendant.php?type=ivr&act=del&id=<?=$i;?>&ivrid=<?php echo $ivrid; ?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_auto_attendant_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> - -<?php -if ($v_path_show) { - echo $v_scripts_dir."\n"; -} -?> - -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_auto_attendant_edit.tmp b/config/freeswitch_dev/v_auto_attendant_edit.tmp deleted file mode 100644 index 3dfaa628..00000000 --- a/config/freeswitch_dev/v_auto_attendant_edit.tmp +++ /dev/null @@ -1,701 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_auto_attendant_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_ivr = &$config['installedpackages']['freeswitchivr']['config']; -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - -//set default $ivrconditionjs - $ivrconditionjs = "function isholiday( Month, Date ) {\n"; - $ivrconditionjs .= " var Holiday = 0; //default false\n"; - $ivrconditionjs .= " if (Month == \"12\" && Date == \"25\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Month == \"7\" && Date == \"4\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Month == \"1\" && Date == \"1\") {\n"; - $ivrconditionjs .= " Holiday = 1; //true\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " if (Holiday == 1) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isweekday( Day ) {\n"; - $ivrconditionjs .= " if (Day > 1 && Day < 7) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isweekend( Day ) {\n"; - $ivrconditionjs .= " if (Day > 1 && Day < 7) {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isofficehours( Hours ) {\n"; - $ivrconditionjs .= " if (Hours >= 9 && Hours < 17) {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "function isafterhours( Hours ) {\n"; - $ivrconditionjs .= " if (Hours >= 9 && Hours < 17) {\n"; - $ivrconditionjs .= " return false;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= " else {\n"; - $ivrconditionjs .= " return true;\n"; - $ivrconditionjs .= " }\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//set default\n"; - $ivrconditionjs .= "condition = true;\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//Holiday?\n"; - $ivrconditionjs .= "if (isholiday( Month, Date )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"holiday\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "//Weekend?\n"; - $ivrconditionjs .= "if (isweekend( Day )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"weekend\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - $ivrconditionjs .= "// After Hours?\n"; - $ivrconditionjs .= "if (isafterhours( Hours )) {\n"; - $ivrconditionjs .= " console_log( \"info\", \"after hours\\n\" );\n"; - $ivrconditionjs .= " condition = false;\n"; - $ivrconditionjs .= "}\n"; - $ivrconditionjs .= "\n"; - - -if (isset($id) && $a_ivr[$id]) { - $pconfig['ivrid'] = $a_ivr[$id]['ivrid']; - $ivrid = $a_ivr[$id]['ivrid']; - $pconfig['ivrextension'] = $a_ivr[$id]['ivrextension']; - $pconfig['ivrname'] = $a_ivr[$id]['ivrname']; - $pconfig['recordingidaction'] = $a_ivr[$id]['recordingidaction']; - $pconfig['recordingidantiaction'] = $a_ivr[$id]['recordingidantiaction']; - $pconfig['ivrtimeout'] = $a_ivr[$id]['ivrtimeout']; - $pconfig['ivrcalltimeout'] = $a_ivr[$id]['ivrcalltimeout']; - $pconfig['ivrcontext'] = $a_ivr[$id]['ivrcontext']; - $pconfig['ivrdirectdial'] = $a_ivr[$id]['ivrdirectdial']; - $pconfig['ivrringback'] = $a_ivr[$id]['ivrringback']; - $pconfig['ivrcidnameprefix'] = $a_ivr[$id]['ivrcidnameprefix']; - $pconfig['ivrconditionjs'] = ($a_ivr[$id]['ivrconditionjs']); - $pconfig['ivrdescr'] = $a_ivr[$id]['ivrdescr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'options') { - if ($a_ivroptions[$_GET['optionid']]) { - unset($a_ivr_options[$_GET['optionid']]); - write_config(); - sync_package_v_ivr(); - header("Location: v_auto_attendant_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ivrent = array(); - if (strlen($_POST['ivrid']) > 0) { - $ivrent['ivrid'] = $_POST['ivrid']; - } - else { - $ivrent['ivrid'] = guid(); - } - $ivrent['ivrextension'] = $_POST['ivrextension']; - $ivrent['ivrname'] = $_POST['ivrname']; - $ivrent['recordingidaction'] = $_POST['recordingidaction']; - $ivrent['recordingidantiaction'] = $_POST['recordingidantiaction']; - $ivrent['ivrtimeout'] = $_POST['ivrtimeout']; - $ivrent['ivrcalltimeout'] = $_POST['ivrcalltimeout']; - $ivrent['ivrcontext'] = $_POST['ivrcontext']; - $ivrent['ivrdirectdial'] = $_POST['ivrdirectdial']; - $ivrent['ivrringback'] = $_POST['ivrringback']; - $ivrent['ivrcidnameprefix'] = $_POST['ivrcidnameprefix']; - $ivrent['ivrconditionjs'] = base64_encode($_POST['ivrconditionjs']); - $ivrent['ivrdescr'] = $_POST['ivrdescr']; - - if (isset($id) && $a_ivr[$id]) { - //update - $a_ivr[$id] = $ivrent; - } - else { - //add - $a_ivr[] = $ivrent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_v_ivr(); - - header("Location: v_auto_attendant.php"); - exit; - } -} - -include("head.inc"); - -?> -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "ivrconditionjs" // id of the textarea to transform - ,start_highlight: true - ,allow_toggle: false - ,language: "en" - ,syntax: "js" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php - -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Auto Attendant: Edit</p>\n"; -} - -if ($input_errors) print_input_errors($input_errors); - -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Settings:<br> - </strong></span> - Auto Attendant general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="v_auto_attendant_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension</td> - <td width="78%" class="vtable"> - <input name="ivrextension" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrextension']);?>"> - <br> <span class="vexpl">e.g. <em>5002</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">IVR Name</td> - <td width="78%" class="vtable"> - <input name="ivrname" type="text" class="formfld" id="ivrname" size="40" value="<?=htmlspecialchars($pconfig['ivrname']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Action</td> - <td width="78%" class="vtable"> - <?php - $a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - echo " <select name='recordingidaction' class='formfld'>\n"; - echo " <option></option>\n"; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $ent) { - if (htmlspecialchars($pconfig['recordingidaction']) == $ent['recordingid']) { - echo " <option value='".$ent['recordingid']."' selected='yes'>".$ent['recordingname']."</option>\n"; - } - else { - echo " <option value='".$ent['recordingid']."'>".$ent['recordingname']."</option>\n"; - } - } - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Anti-Action</td> - <td width="78%" class="vtable"> - <?php - //$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - echo " <select name='recordingidantiaction' class='formfld'>\n"; - echo " <option></option>\n"; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $ent) { - if (htmlspecialchars($pconfig['recordingidantiaction']) == $ent['recordingid']) { - echo " <option value='".$ent['recordingid']."' selected='yes'>".$ent['recordingname']."</option>\n"; - } - else { - echo " <option value='".$ent['recordingid']."'>".$ent['recordingname']."</option>\n"; - } - } - } - echo " </select>\n"; - ?> - </td> - </tr> - <?php - if (strlen($pconfig['ivrtimeout']) == 0) { - $pconfig['ivrtimeout'] = 10; //set a default timeout - } - ?> - <tr> - <td width="22%" valign="top" class="vncellreq">IVR Timeout</td> - <td width="78%" class="vtable"> - <input name="ivrtimeout" type="text" class="formfld" id="ivrtimeout" size="40" value="<?=htmlspecialchars($pconfig['ivrtimeout']);?>"> - <br> - <span class="vexpl">After the recording concludes the - timeout sets the time in seconds to continue to wait for DTMF. - If the DTMF is <br />not detected during that time the 't' - timeout option is executed. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Call Timeout</td> - <td width="78%" class="vtable"> - <input name="ivrcalltimeout" type="text" class="formfld" id="ivrcalltimeout" size="40" value="<?=htmlspecialchars($pconfig['ivrcalltimeout']);?>"> - <br> - <span class="vexpl"> - Call timeout is the time in seconds to ring the destination. After this time is exceeded calls - to extensions will be sent to voicemail. default: 30 seconds - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="ivrcontext" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrcontext']);?>"> - <br> <span class="vexpl">e.g. <em>default</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Direct Dial</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='ivrdirectdial' class='formfld'>\n"; - echo " <option></option>\n"; - if (strlen($pconfig['ivrdirectdial']) == 0) { //set default - echo " <option value='true'>enable</option>\n"; - echo " <option selected='yes' value='false'>disabled</option>\n"; - } - else { - if (htmlspecialchars($pconfig['ivrdirectdial']) == "true") { - echo " <option selected='yes' value='true'>enabled</option>\n"; - } - else { - echo " <option value='true'>enable</option>\n"; - } - if (htmlspecialchars($pconfig['ivrdirectdial']) == "false") { - echo " <option selected='yes' value='false'>disabled</option>\n"; - } - else { - echo " <option value='false'>disable</option>\n"; - } - } - - echo " </select>\n"; - ?> - <br><span class="vexpl">Allows callers to dial directly to extensions and feature codes that are up to 5 digits in length.</span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Ring Back</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='ivrringback' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['ivrringback']) == "ring") { - echo " <option selected='yes'>ring</option>\n"; - } - else { - echo " <option>ring</option>\n"; - } - if (htmlspecialchars($pconfig['ivrringback']) == "music") { - echo " <option selected='yes'>music</option>\n"; - } - else { - echo " <option>music</option>\n"; - } - echo " </select>\n"; - ?> - <br> - <span class="vexpl"> - Defines what the caller will hear while destination is being called. The choices are music - (music on hold) ring (ring tone.) default: music - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">CID Prefix</td> - <td width="78%" class="vtable"> - <input name="ivrcidnameprefix" type="text" class="formfld" id="ivrcidnameprefix" size="40" value="<?=htmlspecialchars($pconfig['ivrcidnameprefix']);?>"> - <br> <span class="vexpl">Set a prefix on the caller ID name. (optional)</span></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> - <td width="78%" class="vtable"> - <input name="ivrdescr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['ivrdescr']);?>"> - <br> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Javascript Condition</td> - <td width="78%" class="vtable"> - <?php - if (strlen(htmlspecialchars(base64_decode($pconfig['ivrconditionjs']))) == 0) { - echo "<textarea name=\"ivrconditionjs\" id=\"ivrconditionjs\" cols=\"75\" rows=\"10\" wrap=\"off\">".$ivrconditionjs."</textarea>\n"; - } - else { - echo "<textarea name=\"ivrconditionjs\" id=\"ivrconditionjs\" cols=\"75\" rows=\"10\" wrap=\"off\">".htmlspecialchars(base64_decode($pconfig['ivrconditionjs']))."</textarea>\n"; - } - ?> - <br> <span class="vexpl">A simple valid condition is: - condition=true; To re-populate the default simply empty the - textarea and click on save. The following javascript variables - have been defined: Hours, Mins, Seconds, Month, Date, Year, - and Day.</span></td> - </tr> - - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <input name="ivrid" type="hidden" value="<?=htmlspecialchars($pconfig['ivrid']);?>"> - <?php if (isset($id) && $a_ivr[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="v_auto_attendant_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_ivr); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong><br> - </strong></span> - Options are the choices that are available to the caller when they - are calling the auto attendant. If the caller presses 2 then the call - is directed to the corresponding destination. - </span></p></td> - </tr> - </table> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Action<br /> - </strong></span> - The options that are executed when the <b>condition matches.</b> - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30" class="listhdrr">Option</td> - <td width="30" class="listhdrr">Type</td> - <td width="30" class="listhdrr">Profile</td> - <td width="150" class="listhdrr">Destination</td> - <td width="30%" class="listhdr">Description</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="v_auto_attendant_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr_options) > 0) { - foreach ($a_ivr_options as $ent) { - if ($ent['optionaction'] == "action" && $ivrid == $ent['ivrid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>'"> - <?=$ent['optionnumber']?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiontype'];?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optionprofile'];?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiondest'];?> - </td> - <td class="listbg" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_auto_attendant_options.php?type=ivroptions&act=del&id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>" onclick="return confirm('Do you really want to delete this recording?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="v_auto_attendant_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - <form action="v_auto_attendant_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_ivr); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Anti-Action<br /> - </strong></span> - The options that are executed when the <b>condition does NOT match.</b> - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30" class="listhdrr">Option</td> - <td width="30" class="listhdrr">Type</td> - <td width="30" class="listhdrr">Profile</td> - <td width="150" class="listhdrr">Destination</td> - <td width="30%" class="listhdr">Description</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="v_auto_attendant_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=antiaction"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_ivr_options) > 0) { - foreach ($a_ivr_options as $ent) { - if ($ent['optionaction'] == "anti-action" && $ivrid == $ent['ivrid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>'"> - <?=$ent['optionnumber']?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiontype'];?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optionprofile'];?> - </td> - <td class="listr" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <?=$ent['optiondest'];?> - </td> - <td class="listbg" ondblclick="document.location='v_auto_attendant_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_auto_attendant_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_auto_attendant_options.php?type=ivroptions&act=del&id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>" onclick="return confirm('Do you really want to delete this recording?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($ivrid) > 1) { ?> - <a href="v_auto_attendant_options_edit.php?parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>&a=antiaction"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <? } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_auto_attendant_options.tmp b/config/freeswitch_dev/v_auto_attendant_options.tmp deleted file mode 100755 index f92a59d5..00000000 --- a/config/freeswitch_dev/v_auto_attendant_options.tmp +++ /dev/null @@ -1,49 +0,0 @@ -<?php -/* $Id$ */ -/* - v_auto_attendant_options.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'ivroptions') { - if ($a_ivr_options[$_GET['id']]) { - unset($a_ivr_options[$_GET['id']]); - write_config(); - sync_package_v_ivr(); - header("Location: v_auto_attendant_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_auto_attendant_options_edit.tmp b/config/freeswitch_dev/v_auto_attendant_options_edit.tmp deleted file mode 100644 index d91a077b..00000000 --- a/config/freeswitch_dev/v_auto_attendant_options_edit.tmp +++ /dev/null @@ -1,252 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_auto_attendant_options_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$ivrid = $_GET['ivrid']; -if (isset($_POST['ivrid'])) { - $ivrid = $_POST['ivrid']; -} - - -if (isset($id) && $a_ivr_options[$id]) { - $pconfig['optionaction'] = $a_ivr_options[$id]['optionaction']; - $pconfig['optionnumber'] = $a_ivr_options[$id]['optionnumber']; - $pconfig['optiontype'] = $a_ivr_options[$id]['optiontype']; - $pconfig['optionprofile'] = $a_ivr_options[$id]['optionprofile']; - $pconfig['optiondest'] = $a_ivr_options[$id]['optiondest']; - $pconfig['optiondescr'] = $a_ivr_options[$id]['optiondescr']; -} -else { - if (isset($_GET['a'])) { - if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } - if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $ivroptionent = array(); - $ivroptionent['ivrid'] = $_POST['ivrid']; - $ivroptionent['optionnumber'] = $_POST['optionnumber']; - $ivroptionent['optiontype'] = $_POST['optiontype']; - $ivroptionent['optionprofile'] = $_POST['optionprofile']; - $ivroptionent['optionaction'] = $_POST['optionaction']; - $ivroptionent['optiondest'] = $_POST['optiondest']; - $ivroptionent['optiondescr'] = $_POST['optiondescr']; - - if (isset($id) && $a_ivr_options[$id]) { - //update - $a_ivr_options[$id] = $ivroptionent; - } - else { - //add - $a_ivr_options[] = $ivroptionent; - } - - - write_config(); - sync_package_v_ivr(); - - header("Location: v_auto_attendant_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Auto Attendant: Options: Edit</p>\n"; -} -if ($input_errors) print_input_errors($input_errors); - -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="v_auto_attendant_options_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Option Number</td> - <td width="78%" class="vtable"> - <input name="optionnumber" type="text" class="formfld" id="optionnumber" size="40" value="<?=htmlspecialchars($pconfig['optionnumber']);?>"> - <br> <span class="vexpl">Option Number<br> - e.g. <em>1</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='optiontype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['optiontype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['optiontype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['optiontype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Profile</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='optionprofile' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['optionprofile']) == "auto") { - echo " <option selected='yes'>auto</option>\n"; - } - else { - echo " <option>auto</option>\n"; - } - - foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - - if (htmlspecialchars($pconfig['optionprofile']) == $sip_profile_name) { - echo " <option selected='yes'>$sip_profile_name</option>\n"; - } - else { - echo " <option>$sip_profile_name</option>\n"; - } - } - echo " </select>\n"; - - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Destination</td> - <td width="78%" class="vtable"> - <input name="optiondest" type="text" class="formfld" id="optiondest" size="40" value="<?=htmlspecialchars($pconfig['optiondest']);?>"> - <br> - <span class="vexpl"> - <!--<b>examples:</b><br />--> - extension: 1001<br /> - voicemail: 1001<br /> - sip uri (voicemail): sofia/internal/*98@${domain}<br /> - sip uri (external number): sofia/gateway/gatewayname/12081231234<br /> - sip uri (auto attendant): sofia/internal/5002@${domain}<br /> - sip uri (user): /user/1001@${domain}<br /> - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="optiondescr" type="text" class="formfld" id="optiondescr" size="40" value="<?=htmlspecialchars($pconfig['optiondescr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="ivrid" type="hidden" value="<?=$ivrid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <input name="optionaction" type="hidden" value="<?=$pconfig['optionaction'];?>"> - <?php if (isset($id) && $a_ivr_options[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_cmd.tmp b/config/freeswitch_dev/v_cmd.tmp deleted file mode 100644 index 2c84a8d9..00000000 --- a/config/freeswitch_dev/v_cmd.tmp +++ /dev/null @@ -1,45 +0,0 @@ -<?php -/* $Id$ */ -/* - v_cmd.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); -$cmd = $_GET['cmd']; - - -$password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; -$port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; -$host = ''; - -$fp = event_socket_create($host, $port, $password); -$response = event_socket_request($fp, $cmd); -fclose($fp); - -header("Location: /packages/freeswitch/v_status.php?savemsg=".urlencode($response)); - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_config.inc b/config/freeswitch_dev/v_config.inc deleted file mode 100644 index 67c9fce9..00000000 --- a/config/freeswitch_dev/v_config.inc +++ /dev/null @@ -1,3974 +0,0 @@ -<?php -/* $Id$ */ -/* -/* ========================================================================== */ -/* - v_config.inc - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once('config.inc'); -require_once('globals.inc'); -require_once('service-utils.inc'); - - - -//preferences - $v_label_show = true; - $v_path_show = true; - $v_menu_tab_show = true; - $v_fax_show = true; - - -function v_settings() -{ - global $config; - $config['installedpackages']['freeswitchsettings']['config'][0]['php_dir'] = '/usr/local/bin/php'; - $config['installedpackages']['freeswitchsettings']['config'][0]['tmp_dir'] = '/tmp'; - $config['installedpackages']['freeswitchsettings']['config'][0]['bin_dir'] = '/usr/local/bin'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_startup_script_dir'] = '/usr/local/etc/rc.d'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_package_version'] = "0.9.7.26"; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_build_version'] = "1.0.4"; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_build_revision'] = "Release"; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_label'] = 'FreeSWITCH'; //FreeSWITCH (TM) http://www.freeswitch.org/ - $config['installedpackages']['freeswitchsettings']['config'][0]['v_name'] = 'freeswitch'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_dir'] = '/usr/local/freeswitch'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_parent_dir'] = '/usr/local/'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_backup_dir'] = '/root/backup'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_web_dir'] = '/usr/local/www/packages/freeswitch'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_web_root'] = '/usr/local/www/'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_relative_url'] = '/packages/freeswitch'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_conf_dir'] = '/usr/local/freeswitch/conf'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_db_dir'] = '/usr/local/freeswitch/db'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_htdocs_dir'] = '/usr/local/freeswitch/htdocs'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_log_dir'] = '/usr/local/freeswitch/log'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_mod_dir'] = '/usr/local/freeswitch/mod'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_scripts_dir'] = '/usr/local/freeswitch/scripts'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_storage_dir'] = '/usr/local/freeswitch/storage'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_recordings_dir'] = '/usr/local/freeswitch/recordings'; - $config['installedpackages']['freeswitchsettings']['config'][0]['v_download_path'] = 'https://packages.pfsense.org/packages/config/freeswitch_dev'; - -} -//Update the settings -// v_settings(); -// write_config(); - -$v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; -foreach($v_settings_array as $name => $value) { - $$name = $value; -} - -function build_menu() { - - global $v_menu_tab_show; - - if ($v_menu_tab_show) { - global $config; - $v_relative_url = $config['installedpackages']['freeswitchsettings']['config'][0]['v_relative_url']; - - //$script_name_array = split ("/", $_SERVER["SCRIPT_NAME"]); - //$script_name = $script_name_array[count($script_name_array)-1]; - //echo "script_name: ".$script_name."<br />"; - - $tab_array = array(); - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_settings.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Settings"), $menu_selected, $v_relative_url."/v_settings.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_dialplan_includes.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_dialplan.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_dialplan_includes_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_dialplan_includes_details_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Dialplan"), $menu_selected, $v_relative_url."/v_dialplan_includes.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_extensions.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_extensions_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Extensions"), $menu_selected, $v_relative_url."/v_extensions.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_features.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_fax.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_fax_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_hunt_group.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_hunt_group_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_hunt_group_destinations.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_hunt_group_destinations_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_auto_attendant.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_auto_attendant_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_auto_attendant_options_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_modules.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_recordings.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_recordings_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Features"), $menu_selected, $v_relative_url."/v_features.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_gateways.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_gateways_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Gateways"), $menu_selected, $v_relative_url."/v_gateways.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_profiles.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_profile_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Profiles"), $menu_selected, $v_relative_url."/v_profiles.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_public.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_public_includes.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_public_includes_edit.php") { $menu_selected = true; } - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_public_includes_details_edit.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Public"), $menu_selected, $v_relative_url."/v_public_includes.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_status.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Status"), $menu_selected, $v_relative_url."/v_status.php"); - unset($menu_selected); - - $menu_selected = false; - if ($_SERVER["SCRIPT_NAME"] == $v_relative_url."/v_vars.php") { $menu_selected = true; } - $tab_array[] = array(gettext("Vars"), $menu_selected, $v_relative_url."/v_vars.php"); - unset($menu_selected); - - display_top_tabs($tab_array); - } - -} - - -function guid() -{ - if (function_exists('com_create_guid')){ - return com_create_guid(); - }else{ - mt_srand((double)microtime()*10000);//optional for php 4.2.0 and up. - $charid = strtoupper(md5(uniqid(rand(), true))); - $hyphen = chr(45);// "-" - $uuid = chr(123)// "{" - .substr($charid, 0, 8).$hyphen - .substr($charid, 8, 4).$hyphen - .substr($charid,12, 4).$hyphen - .substr($charid,16, 4).$hyphen - .substr($charid,20,12) - .chr(125);// "}" - return $uuid; - } -} -//echo guid(); - - -if (!function_exists("pkg_is_service_running")) { - function pkg_is_service_running($servicename) - { - //exec("/bin/ps ax | awk '{ print $5 }'", $psout); - //array_shift($psout); - //foreach($psout as $line) { - // $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line))))); - //} - //if(pkg_is_service_running($servicename, $ps) or is_process_running($servicename) ) { - return true; - //} - //else { - // return false; - //} - } -} - - -function event_socket_create($host, $port, $password) -{ - //$host has been deprecated - - //build the interface list - $i = 0; $ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - } - - //get the interface ip addresses and try to connect to them - foreach ($ifdescrs as $ifdescr => $ifname){ - $ifinfo = get_interface_info($ifdescr); - $interface_ip_address = $ifinfo['ipaddr']; - - if (strlen($interface_ip_address) > 0) { - - $fp = fsockopen($interface_ip_address, $port, $errno, $errdesc, 3); - socket_set_blocking($fp,false); - - if (!$fp) { - //connection failed continue through the loop testing other addresses - //invalid handle - } - else { - //connected to the socket return the handle - - while (!feof($fp)) { - $buffer = fgets($fp, 1024); - usleep(100); //allow time for reponse - if (trim($buffer) == "Content-Type: auth/request") { - fputs($fp, "auth $password\n\n"); - break; - } - } - return $fp; - } - - } //end if interface_ip_address - } //end foreach -} //end function - - -function event_socket_request($fp, $cmd) -{ - if ($fp) { - fputs($fp, $cmd."\n\n"); - usleep(100); //allow time for reponse - - $response = ""; - $i = 0; - $contentlength = 0; - while (!feof($fp)) { - $buffer = fgets($fp, 4096); - if ($contentlength > 0) { - $response .= $buffer; - } - - if ($contentlength == 0) { //if contentlenght is already don't process again - if (strlen(trim($buffer)) > 0) { //run only if buffer has content - $temparray = split(":", trim($buffer)); - if ($temparray[0] == "Content-Length") { - $contentlength = trim($temparray[1]); - } - } - } - - usleep(100); //allow time for reponse - - //optional because of script timeout //don't let while loop become endless - if ($i > 1000) { break; } - - if ($contentlength > 0) { //is contentlength set - //stop reading if all content has been read. - if (strlen($response) >= $contentlength) { - break; - } - } - $i++; - } - - return $response; - } - else { - echo "no handle"; - } -} - - -function event_socket_request_cmd($cmd) -{ - global $config; - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $response = event_socket_request($fp, $cmd); - fclose($fp); - } - unset($host, $port, $password); - -} - -function byte_convert( $bytes ) { - - if ($bytes<=0) - return '0 Byte'; - - $convention=1000; //[1000->10^x|1024->2^x] - $s=array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB'); - $e=floor(log($bytes,$convention)); - $e=floor(log($bytes,$convention)); - return round($bytes/pow($convention,$e),2).' '.$s[$e]; -} - -function ListFiles($dir) { - - if($dh = opendir($dir)) { - - $files = Array(); - $inner_files = Array(); - - while($file = readdir($dh)) { - if($file != "." && $file != ".." && $file[0] != '.') { - if(is_dir($dir . "/" . $file)) { - //$inner_files = ListFiles($dir . "/" . $file); //recursive - if(is_array($inner_files)) $files = array_merge($files, $inner_files); - } else { - array_push($files, $file); - //array_push($files, $dir . "/" . $file); - } - } - } - - closedir($dh); - return $files; - } -} - - -function recording_js() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - - $fout = fopen($v_scripts_dir."/recordings.js","w"); - $tmp = " var pin = \"".$admin_pin."\";\n"; - $tmp .= " //var pin = \"\"; //don't require a pin\n"; - $tmp .= " //if you choose not to require a pin then then you may want to add a dialplan condition for a specific caller id\n"; - $tmp .= "\n"; - $tmp .= " var digitmaxlength = 0;\n"; - $tmp .= " var timeoutpin = 7500;\n"; - $tmp .= " var timeouttransfer = 7500;\n"; - $tmp .= " var objdate = new Date();\n"; - $tmp .= "\n"; - $tmp .= " var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= " var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "\n"; - $tmp .= " if (adjustoperator == \"-\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= " if (adjustoperator == \"+\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " var Hours = objdate2.getHours();\n"; - $tmp .= " var Mins = objdate2.getMinutes();\n"; - $tmp .= " var Seconds = objdate2.getSeconds();\n"; - $tmp .= " var Month = objdate2.getMonth() + 1;\n"; - $tmp .= " var Date = objdate2.getDate();\n"; - $tmp .= " var Year = objdate2.getYear()\n"; - $tmp .= " var Day = objdate2.getDay()+1;\n"; - $tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= "\n"; - $tmp .= " function mycb( session, type, data, arg ) {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " //console_log( \"info\", \"digit: \"+data.digit+\"\\n\" );\n"; - $tmp .= " if ( data.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " return( true );\n"; - $tmp .= " }\n"; - $tmp .= " dtmf.digits += data.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length < digitmaxlength ) {\n"; - $tmp .= " return( true );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //console_log( \"info\", \"Recording Request\\n\" );\n"; - $tmp .= "\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= "\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= " if (pin.length > 0) {\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Please enter your pin number now.\");\n"; - $tmp .= " digitmaxlength = 6;\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.streamFile( \"".$v_dir."/sounds/custom/8000/please_enter_the_pin_number.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.collectInput( mycb, dtmf, timeoutpin );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " if (dtmf.digits == pin || pin.length == 0) {\n"; - //$tmp .= " //console_log( \"info\", \"Recordings pin is correct\\n\" );\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Begin recording.\");\n"; - $tmp .= " session.streamFile( \"".$v_dir."/sounds/custom/8000/begin_recording.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.execute(\"record\", \"".$v_recordings_dir."/temp\"+Year+Month+Day+Hours+Mins+Seconds+\".wav 180 200\");\n"; - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " console_log( \"info\", \"Pin: \" + dtmf.digits + \" is incorrect\\n\" );\n"; - //$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n"; - //$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n"; - //$tmp .= " session.execute(\"speak\", \"Your pin number is incorect, goodbye.\");\n"; - $tmp .= " session.streamFile( \"".$v_dir."/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n"; - $tmp .= " }\n"; - $tmp .= " session.hangup();\n"; - $tmp .= "\n"; - $tmp .= " }"; - fwrite($fout, $tmp); - unset($tmp); - fclose($fout); - -} - - -function sync_package_v_settings() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - if($config['installedpackages']['freeswitchsettings']['config'] != "") { - - foreach($config['installedpackages']['freeswitchsettings']['config'] as $rowhelper) { - - $fout = fopen($v_conf_dir."/directory/default/default.xml","w"); - $tmpxml = "<include>\n"; - $tmpxml .= " <user id=\"default\"> <!--if id is numeric mailbox param is not necessary-->\n"; - $tmpxml .= " <variables>\n"; - $tmpxml .= " <!--all variables here will be set on all inbound calls that originate from this user -->\n"; - $tmpxml .= " <!-- set these to take advantage of a dialplan localized to this user -->\n"; - $tmpxml .= " <variable name=\"numbering_plan\" value=\"" . $rowhelper['numbering_plan'] . "\"/>\n"; - $tmpxml .= " <variable name=\"default_gateway\" value=\"" . $rowhelper['default_gateway'] . "\"/>\n"; - $tmpxml .= " <variable name=\"default_area_code\" value=\"" . $rowhelper['default_area_code'] . "\"/>\n"; - $tmpxml .= " </variables>\n"; - $tmpxml .= " </user>\n"; - $tmpxml .= "</include>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - $fout = fopen($v_conf_dir."/autoload_configs/event_socket.conf.xml","w"); - $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <param name=\"listen-ip\" value=\"0.0.0.0\"/>\n"; - $tmpxml .= " <param name=\"listen-port\" value=\"" . $rowhelper['event_socket_port'] . "\"/>\n"; - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['event_socket_password'] . "\"/>\n"; - $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml, $event_socket_password); - fclose($fout); - - $fout = fopen($v_conf_dir."/autoload_configs/xml_rpc.conf.xml","w"); - $tmpxml = "<configuration name=\"xml_rpc.conf\" description=\"XML RPC\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- The port where you want to run the http service (default 8080) -->\n"; - $tmpxml .= " <param name=\"http-port\" value=\"" . $rowhelper['xml_rpc_http_port'] . "\"/>\n"; - $tmpxml .= " <!-- if all 3 of the following params exist all http traffic will require auth -->\n"; - $tmpxml .= " <param name=\"auth-realm\" value=\"" . $rowhelper['xml_rpc_auth_realm'] . "\"/>\n"; - $tmpxml .= " <param name=\"auth-user\" value=\"" . $rowhelper['xml_rpc_auth_user'] . "\"/>\n"; - $tmpxml .= " <param name=\"auth-pass\" value=\"" . $rowhelper['xml_rpc_auth_pass'] . "\"/>\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - recording_js(); - - //shout.conf.xml - $fout = fopen($v_conf_dir."/autoload_configs/shout.conf.xml","w"); - $tmpxml = "<configuration name=\"shout.conf\" description=\"mod shout config\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- Don't change these unless you are insane -->\n"; - $tmpxml .= " <param name=\"decoder\" value=\"" . $rowhelper['mod_shout_decoder'] . "\"/>\n"; - $tmpxml .= " <param name=\"volume\" value=\"" . $rowhelper['mod_shout_volume'] . "\"/>\n"; - $tmpxml .= " <!--<param name=\"outscale\" value=\"8192\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - //config.js - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - $fout = fopen($v_scripts_dir."/config.js","w"); - $tmp = "//javascript include\n\n"; - $tmp .= "var admin_pin = \"" . $admin_pin . "\";\n"; - fwrite($fout, $tmp); - unset($tmp); - fclose($fout); - - } - - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - } -} - - -function sync_package_v_dialplan() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['dialplan_default_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml']) == 0) { - /* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */ - //$filename = $v_conf_dir."/dialplan/default.xml"; - //$fout = fopen($filename,"r"); - //$tmpxml = fread($fout, filesize($filename)); - //$config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml'] = base64_encode($tmpxml); - //unset($filename, $dialplan); - //fclose($fout); - //} - //else { - /* found the dialplan in the pfsense config.xml save it to default.xml. */ - //$fout = fopen($v_conf_dir."/dialplan/default.xml","w"); - //$tmpxml = $config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml']; - //fwrite($fout, base64_decode($tmpxml)); - //fclose($fout); - //unset($tmpxml); - //} - - //$cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_v_extensions() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - if($config['installedpackages']['freeswitchextensions']['config'] != "") { - - /* delete all old extensions to prepare for new ones */ - unlink_if_exists($v_conf_dir."/directory/default/1*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/2*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/3*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/4*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/5*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/6*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/7*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/8*.xml"); - unlink_if_exists($v_conf_dir."/directory/default/9*.xml"); - - foreach($config['installedpackages']['freeswitchextensions']['config'] as $rowhelper) { - if ($rowhelper['enabled'] != "false") { - $fout = fopen($v_conf_dir."/directory/default/".$rowhelper['extension'].".xml","w"); - - $tmpxml = "<include>\n"; - if (strlen($rowhelper['cidr']) == 0) { - $tmpxml .= " <user id=\"" . $rowhelper['extension'] . "\" mailbox=\"" . $rowhelper['mailbox'] . "\">\n"; - } - else { - $tmpxml .= " <user id=\"" . $rowhelper['extension'] . "\" mailbox=\"" . $rowhelper['mailbox'] . "\" cidr=\"" . $rowhelper['cidr'] . "\">\n"; - } - $tmpxml .= " <params>\n"; - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['password'] . "\"/>\n"; - $tmpxml .= " <param name=\"vm-password\" value=\"" . $rowhelper['vm-password'] . "\"/>\n"; - if (strlen($rowhelper['vm-mailto']) > 0) { - $tmpxml .= " <param name=\"vm-email-all-messages\" value=\"true\"/>\n"; - - switch ($rowhelper['vm-attach-file']) { - case "true": - $tmpxml .= " <param name=\"vm-attach-file\" value=\"true\"/>\n"; - break; - case "false": - $tmpxml .= " <param name=\"vm-attach-file\" value=\"false\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"vm-attach-file\" value=\"true\"/>\n"; - } - switch ($rowhelper['vm-keep-local-after-email']) { - case "true": - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"true\"/>\n"; - break; - case "false": - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"false\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"vm-keep-local-after-email\" value=\"true\"/>\n"; - } - $tmpxml .= " <param name=\"vm-mailto\" value=\"" . $rowhelper['vm-mailto'] . "\"/>\n"; - } - if (strlen($rowhelper['auth-acl']) > 0) { - $tmpxml .= " <param name=\"auth-acl\" value=\"" . $rowhelper['auth-acl'] . "\"/>\n"; - } - $tmpxml .= " </params>\n"; - $tmpxml .= " <variables>\n"; - $tmpxml .= " <variable name=\"toll_allow\" value=\"domestic,international,local\"/>\n"; - $tmpxml .= " <variable name=\"accountcode\" value=\"" . $rowhelper['accountcode'] . "\"/>\n"; - $tmpxml .= " <variable name=\"user_context\" value=\"" . $rowhelper['user_context'] . "\"/>\n"; - if (strlen($rowhelper['effective_caller_id_number']) > 0) { - $tmpxml .= " <variable name=\"effective_caller_id_name\" value=\"" . $rowhelper['effective_caller_id_name'] . "\"/>\n"; - $tmpxml .= " <variable name=\"effective_caller_id_number\" value=\"" . $rowhelper['effective_caller_id_number'] . "\"/>\n"; - } - if (strlen($rowhelper['outbound_caller_id_number']) > 0) { - $tmpxml .= " <variable name=\"outbound_caller_id_name\" value=\"" . $rowhelper['outbound_caller_id_name'] . "\"/>\n"; - $tmpxml .= " <variable name=\"outbound_caller_id_number\" value=\"" . $rowhelper['outbound_caller_id_number'] . "\"/>\n"; - } - if (strlen($rowhelper['sip-force-contact']) > 0) { - $tmpxml .= " <variable name=\"sip-force-contact\" value=\"" . $rowhelper['sip-force-contact'] . "\"/>\n"; - } - $tmpxml .= " </variables>\n"; - $tmpxml .= " </user>\n"; - $tmpxml .= "</include>\n"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - } - - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - - } -} - - -function sync_package_v_gateways() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - if($config['installedpackages']['freeswitchgateways']['config'] != "") { - - /* delete all old gateways to prepare for new ones */ - unlink_if_exists($v_conf_dir."/sip_profiles/external/*.xml"); - - foreach($config['installedpackages']['freeswitchgateways']['config'] as $rowhelper) { - - if ($rowhelper['enabled'] != "false") { - $fout = fopen($v_conf_dir."/sip_profiles/external/".$rowhelper['gateway'].".xml","w"); - - $tmpxml .= "<include>\n"; - $tmpxml .= " <gateway name=\"" . $rowhelper['gateway'] . "\">\n"; - if (strlen($rowhelper['username']) > 0) { - $tmpxml .= " <param name=\"username\" value=\"" . $rowhelper['username'] . "\"/>\n"; - } - if (strlen($rowhelper['auth-username']) > 0) { - $tmpxml .= " <param name=\"auth-username\" value=\"" . $rowhelper['auth-username'] . "\"/>\n"; - } - if (strlen($rowhelper['password']) > 0) { - $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['password'] . "\"/>\n"; - } - if (strlen($rowhelper['realm']) > 0) { - $tmpxml .= " <param name=\"realm\" value=\"" . $rowhelper['realm'] . "\"/>\n"; - } - if (strlen($rowhelper['from-user']) > 0) { - $tmpxml .= " <param name=\"from-user\" value=\"" . $rowhelper['from-user'] . "\"/>\n"; - } - if (strlen($rowhelper['from-domain']) > 0) { - $tmpxml .= " <param name=\"from-domain\" value=\"" . $rowhelper['from-domain'] . "\"/>\n"; - } - if (strlen($rowhelper['proxy']) > 0) { - $tmpxml .= " <param name=\"proxy\" value=\"" . $rowhelper['proxy'] . "\"/>\n"; - } - if (strlen($rowhelper['expire-seconds']) > 0) { - $tmpxml .= " <param name=\"expire-seconds\" value=\"" . $rowhelper['expire-seconds'] . "\"/>\n"; - } - if (strlen($rowhelper['register']) > 0) { - $tmpxml .= " <param name=\"register\" value=\"" . $rowhelper['register'] . "\"/>\n"; - } - - if (strlen($rowhelper['register-transport']) > 0) { - switch ($rowhelper['register-transport']) { - case "udp": - $tmpxml .= " <param name=\"register-transport\" value=\"udp\"/>\n"; - break; - case "tcp": - $tmpxml .= " <param name=\"register-transport\" value=\"tcp\"/>\n"; - break; - case "tls": - $tmpxml .= " <param name=\"register-transport\" value=\"tls\"/>\n"; - $tmpxml .= " <param name=\"contact-params\" value=\"transport=tls\"/>\n"; - break; - default: - $tmpxml .= " <param name=\"register-transport\" value=\"" . $rowhelper['register-transport'] . "\"/>\n"; - } - } - - if (strlen($rowhelper['retry-seconds']) > 0) { - $tmpxml .= " <param name=\"retry-seconds\" value=\"" . $rowhelper['retry-seconds'] . "\"/>\n"; - } - if (strlen($rowhelper['extension']) > 0) { - $tmpxml .= " <param name=\"extension\" value=\"" . $rowhelper['extension'] . "\"/>\n"; - } - if (strlen($rowhelper['ping']) > 0) { - $tmpxml .= " <param name=\"ping\" value=\"" . $rowhelper['ping'] . "\"/>\n"; - } - if (strlen($rowhelper['context']) > 0) { - $tmpxml .= " <param name=\"context\" value=\"" . $rowhelper['context'] . "\"/>\n"; - } - if (strlen($rowhelper['caller-id-in-from']) > 0) { - $tmpxml .= " <param name=\"caller-id-in-from\" value=\"" . $rowhelper['caller-id-in-from'] . "\"/>\n"; - } - if (strlen($rowhelper['supress-cng']) > 0) { - $tmpxml .= " <param name=\"supress-cng\" value=\"" . $rowhelper['supress-cng'] . "\"/>\n"; - } - - $tmpxml .= " </gateway>\n"; - $tmpxml .= "</include>"; - - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - - } - - $cmd = "api sofia profile external restart reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - - } - -} - - -function sync_package_v_modules() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - foreach($config['installedpackages']['freeswitchmodules']['config'] as $rowhelper) { - $fout = fopen($v_conf_dir."/autoload_configs/modules.conf.xml","w"); - - $tmpxml =""; - $tmpxml .= "<configuration name=\"modules.conf\" description=\"Modules\">\n"; - $tmpxml .= " <modules>\n"; - $tmpxml .= "\n"; - $tmpxml .= " <!-- Loggers (I'd load these first) -->\n"; - if ($rowhelper['mod_console'] == "enable"){ $tmpxml .= " <load module=\"mod_console\"/>\n"; } - if ($rowhelper['mod_logfile'] == "enable"){ $tmpxml .= " <load module=\"mod_logfile\"/>\n"; } - if ($rowhelper['mod_syslog'] == "enable"){ $tmpxml .= " <load module=\"mod_syslog\"/>\n"; } - $tmpxml .= "\n"; - if ($rowhelper['mod_yaml'] == "enable"){ $tmpxml .= " <load module=\"mod_yaml\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Multi-Faceted -->\n"; - $tmpxml .= " <!-- mod_enum is a dialplan interface, an application interface and an api command interface -->\n"; - if ($rowhelper['mod_enum'] == "enable"){ $tmpxml .= " <load module=\"mod_enum\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- XML Interfaces -->\n"; - if ($rowhelper['mod_xml_rpc'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_rpc\"/>\n"; } - if ($rowhelper['mod_xml_curl'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_curl\"/>\n"; } - if ($rowhelper['mod_xml_cdr'] == "enable"){ $tmpxml .= " <load module=\"mod_xml_cdr\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Event Handlers -->\n"; - if ($rowhelper['mod_cdr_csv'] == "enable"){ $tmpxml .= " <load module=\"mod_cdr_csv\"/>\n"; } - if ($rowhelper['mod_event_multicast'] == "enable"){ $tmpxml .= " <load module=\"mod_event_multicast\"/>\n"; } - if ($rowhelper['mod_event_socket'] == "enable"){ $tmpxml .= " <load module=\"mod_event_socket\"/>\n"; } - if ($rowhelper['mod_zeroconf'] == "enable"){ $tmpxml .= " <load module=\"mod_zeroconf\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Directory Interfaces -->\n"; - if ($rowhelper['mod_ldap'] == "enable"){ $tmpxml .= " <load module=\"mod_ldap\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Endpoints -->\n"; - if ($rowhelper['mod_dingaling'] == "enable"){ $tmpxml .= " <load module=\"mod_dingaling\"/>\n"; } - if ($rowhelper['mod_iax'] == "enable"){ $tmpxml .= " <load module=\"mod_iax\"/>\n"; } - if ($rowhelper['mod_portaudio'] == "enable"){ $tmpxml .= " <load module=\"mod_portaudio\"/>\n"; } - if ($rowhelper['mod_alsa'] == "enable"){ $tmpxml .= " <load module=\"mod_alsa\"/>\n"; } - if ($rowhelper['mod_sofia'] == "enable"){ $tmpxml .= " <load module=\"mod_sofia\"/>\n"; } - if ($rowhelper['mod_loopback'] == "enable"){ $tmpxml .= " <load module=\"mod_loopback\"/>\n"; } - if ($rowhelper['mod_wanpipe'] == "enable"){ $tmpxml .= " <load module=\"mod_wanpipe\"/>\n"; } - if ($rowhelper['mod_woomera'] == "enable"){ $tmpxml .= " <load module=\"mod_woomera\"/>\n"; } - if ($rowhelper['mod_openzap'] == "enable"){ $tmpxml .= " <load module=\"mod_openzap\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Applications -->\n"; - if ($rowhelper['mod_cidlookup'] == "enable"){ $tmpxml .= " <load module=\"mod_cidlookup\"/>\n"; } - if ($rowhelper['mod_dptools'] == "enable"){ $tmpxml .= " <load module=\"mod_dptools\"/>\n"; } - if ($rowhelper['mod_commands'] == "enable"){ $tmpxml .= " <load module=\"mod_commands\"/>\n"; } - if ($rowhelper['mod_conference'] == "enable"){ $tmpxml .= " <load module=\"mod_conference\"/>\n"; } - if ($rowhelper['mod_easyroute'] == "enable"){ $tmpxml .= " <load module=\"mod_easyroute\"/>\n"; } - if ($rowhelper['mod_esf'] == "enable"){ $tmpxml .= " <load module=\"mod_esf\"/>\n"; } - if ($rowhelper['mod_expr'] == "enable"){ $tmpxml .= " <load module=\"mod_expr\"/>\n"; } - if ($rowhelper['mod_fax'] == "enable"){ $tmpxml .= " <load module=\"mod_fax\"/>\n"; } - if ($rowhelper['mod_fifo'] == "enable"){ $tmpxml .= " <load module=\"mod_fifo\"/>\n"; } - if ($rowhelper['mod_file_string'] == "enable"){ $tmpxml .= " <load module=\"mod_file_string\"/>\n"; } - if ($rowhelper['mod_fsv'] == "enable"){ $tmpxml .= " <load module=\"mod_fsv\"/>\n"; } - if ($rowhelper['mod_lcr'] == "enable"){ $tmpxml .= " <load module=\"mod_lcr\"/>\n"; } - if ($rowhelper['mod_limit'] == "enable"){ $tmpxml .= " <load module=\"mod_limit\"/>\n"; } - if ($rowhelper['mod_soundtouch'] == "enable"){ $tmpxml .= " <load module=\"mod_soundtouch\"/>\n"; } - if ($rowhelper['mod_spy'] == "enable"){ $tmpxml .= " <load module=\"mod_spy\"/>\n"; } - if ($rowhelper['mod_vmd'] == "enable"){ $tmpxml .= " <load module=\"mod_vmd\"/>\n"; } - if ($rowhelper['mod_voicemail'] == "enable"){ $tmpxml .= " <load module=\"mod_voicemail\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- SNOM Module -->\n"; - if ($rowhelper['mod_snom'] == "enable"){ $tmpxml .= " <load module=\"mod_snom\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Dialplan Interfaces -->\n"; - if ($rowhelper['mod_dialplan_directory'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_directory\"/>\n"; } - if ($rowhelper['mod_dialplan_xml'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_xml\"/>\n"; } - if ($rowhelper['mod_dialplan_asterisk'] == "enable"){ $tmpxml .= " <load module=\"mod_dialplan_asterisk\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Codec Interfaces -->\n"; - if ($rowhelper['mod_voipcodecs'] == "enable"){ $tmpxml .= " <load module=\"mod_voipcodecs\"/>\n"; } - if ($rowhelper['mod_g723_1'] == "enable"){ $tmpxml .= " <load module=\"mod_g723_1\"/>\n"; } - if ($rowhelper['mod_g729'] == "enable"){ $tmpxml .= " <load module=\"mod_g729\"/>\n"; } - if ($rowhelper['mod_amr'] == "enable"){ $tmpxml .= " <load module=\"mod_amr\"/>\n"; } - if ($rowhelper['mod_amrwb'] == "enable"){ $tmpxml .= " <load module=\"mod_amrwb\"/>\n"; } - if ($rowhelper['mod_ilbc'] == "enable"){ $tmpxml .= " <load module=\"mod_ilbc\"/>\n"; } - if ($rowhelper['mod_speex'] == "enable"){ $tmpxml .= " <load module=\"mod_speex\"/>\n"; } - if ($rowhelper['mod_siren'] == "enable"){ $tmpxml .= " <load module=\"mod_siren\"/>\n"; } - if ($rowhelper['mod_celt'] == "enable"){ $tmpxml .= " <load module=\"mod_celt\"/>\n"; } - if ($rowhelper['mod_h26x'] == "enable"){ $tmpxml .= " <load module=\"mod_h26x\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- File Format Interfaces -->\n"; - if ($rowhelper['mod_sndfile'] == "enable"){ $tmpxml .= " <load module=\"mod_sndfile\"/>\n"; } - if ($rowhelper['mod_native_file'] == "enable"){ $tmpxml .= " <load module=\"mod_native_file\"/>\n"; } - $tmpxml .= " <!--For icecast/mp3 streams/files-->\n"; - if ($rowhelper['mod_shout'] == "enable"){ $tmpxml .= " <load module=\"mod_shout\"/>\n"; } - $tmpxml .= " <!--For local streams (play all the files in a directory)-->\n"; - if ($rowhelper['mod_local_stream'] == "enable"){ $tmpxml .= " <load module=\"mod_local_stream\"/>\n"; } - if ($rowhelper['mod_tone_stream'] == "enable"){ $tmpxml .= " <load module=\"mod_tone_stream\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Timers -->\n"; - $tmpxml .= "\n"; - $tmpxml .= " <!-- Languages -->\n"; - if ($rowhelper['mod_spidermonkey'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey\"/>\n"; } - if ($rowhelper['mod_spidermonkey_core_db'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_core_db\"/>\n"; } - if ($rowhelper['mod_spidermonkey_curl'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_curl\"/>\n"; } - if ($rowhelper['mod_spidermonkey_odbc'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_odbc\"/>\n"; } - if ($rowhelper['mod_spidermonkey_socket'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_socket\"/>\n"; } - if ($rowhelper['mod_spidermonkey_teletone'] == "enable"){ $tmpxml .= " <load module=\"mod_spidermonkey_teletone\"/>\n"; } - if ($rowhelper['mod_perl'] == "enable"){ $tmpxml .= " <load module=\"mod_perl\"/>\n"; } - if ($rowhelper['mod_python'] == "enable"){ $tmpxml .= " <load module=\"mod_python\"/>\n"; } - if ($rowhelper['mod_java'] == "enable"){ $tmpxml .= " <load module=\"mod_java\"/>\n"; } - if ($rowhelper['mod_lua'] == "enable"){ $tmpxml .= " <load module=\"mod_lua\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- ASR /TTS -->\n"; - if ($rowhelper['mod_flite'] == "enable"){ $tmpxml .= " <load module=\"mod_flite\"/>\n"; } - if ($rowhelper['mod_pocketsphinx'] == "enable"){ $tmpxml .= " <load module=\"mod_pocketsphinx\"/>\n"; } - if ($rowhelper['mod_cepstral'] == "enable"){ $tmpxml .= " <load module=\"mod_cepstral\"/>\n"; } - if ($rowhelper['mod_openmrcp'] == "enable"){ $tmpxml .= " <load module=\"mod_openmrcp\"/>\n"; } - if ($rowhelper['mod_rss'] == "enable"){ $tmpxml .= " <load module=\"mod_rss\"/>\n"; } - $tmpxml .= "\n"; - $tmpxml .= " <!-- Say -->\n"; - if ($rowhelper['mod_say_de'] == "enable"){ $tmpxml .= " <load module=\"mod_say_de\"/>\n"; } - if ($rowhelper['mod_say_en'] == "enable"){ $tmpxml .= " <load module=\"mod_say_en\"/>\n"; } - if ($rowhelper['mod_say_es'] == "enable"){ $tmpxml .= " <load module=\"mod_say_es\"/>\n"; } - if ($rowhelper['mod_say_fr'] == "enable"){ $tmpxml .= " <load module=\"mod_say_fr\"/>\n"; } - if ($rowhelper['mod_say_it'] == "enable"){ $tmpxml .= " <load module=\"mod_say_it\"/>\n"; } - if ($rowhelper['mod_say_nl'] == "enable"){ $tmpxml .= " <load module=\"mod_say_nl\"/>\n"; } - if ($rowhelper['mod_say_ru'] == "enable"){ $tmpxml .= " <load module=\"mod_say_ru\"/>\n"; } - if ($rowhelper['mod_say_zh'] == "enable"){ $tmpxml .= " <load module=\"mod_say_zh\"/>\n"; } - $tmpxml .= " </modules>\n"; - $tmpxml .= "</configuration>"; - - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - } - - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_v_public() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchpublic']['config'][0]['public_xml']) == 0) { - // /* dialplan_public_xml not found in the pfsense config.xml get the default public.xml and save to config.xml. */ - // $filename = $v_conf_dir."/dialplan/public.xml"; - // $fout = fopen($filename,"r"); - // $tmpxml = fread($fout, filesize($filename)); - // $tmpxml = str_replace("<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>", "<!--<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>-->", $tmpxml); - // $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml'] = base64_encode($tmpxml); - - // unset($filename, $tmpxml); - // fclose($fout); - //} - //else { - // /* found dialplan_public_xml in the pfsense config.xml save it to public.xml. */ - // $fout = fopen($v_conf_dir."/dialplan/public.xml","w"); - // $tmpxml = $config['installedpackages']['freeswitchpublic']['config'][0]['public_xml']; - // fwrite($fout, base64_decode($tmpxml)); - // fclose($fout); - // unset($tmpxml); - //} - - //$cmd = "api reloadxml"; - ////event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_v_vars() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - //using backup files rather than pfsense config.xml for this file - $config['installedpackages']['freeswitchpublic']['config'][0]['vars_xml'] = ""; - - //if(strlen($config['installedpackages']['freeswitchvars']['config'][0]['vars_xml']) == 0) { - // /* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */ - // $filename = $v_conf_dir."/vars.xml"; - // $fout = fopen($filename,"r"); - // $tmpxml = fread($fout, filesize($filename)); - // $config['installedpackages']['freeswitchvars']['config'][0]['vars_xml'] = base64_encode($tmpxml); - // unset($filename, $dialplan); - // fclose($fout); - //} - //else { - // /* found the dialplan in the pfsense config.xml save it to default.xml. */ - // $fout = fopen($v_conf_dir."/vars.xml","w"); - // $tmpxml = $config['installedpackages']['freeswitchvars']['config'][0]['vars_xml']; - // fwrite($fout, base64_decode($tmpxml)); - // fclose($fout); - // unset($tmpxml); - //} - - //$cmd = "api reloadxml"; - ////event_socket_request_cmd($cmd); - //unset($cmd); - -} - - -function sync_package_v_internal() -{ - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - if(strlen($config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml']) == 0) { - /* internal_xml not found in the pfsense config.xml get the internal.xml and save to config.xml. */ - $filename = $v_conf_dir."/sip_profiles/internal.xml"; - $fout = fopen($filename,"r"); - $tmpxml = fread($fout, filesize($filename)); - $config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml'] = base64_encode($tmpxml); - unset($filename, $dialplan); - fclose($fout); - } - else { - /* found the internal_xml in the pfsense config.xml save it to internal.xml. */ - $fout = fopen($v_conf_dir."/sip_profiles/internal.xml","w"); - $tmpxml = $config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml']; - fwrite($fout, base64_decode($tmpxml)); - fclose($fout); - unset($tmpxml); - } - - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_v_external() -{ - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - if(strlen($config['installedpackages']['freeswitchexternal']['config'][0]['external_xml']) == 0) { - /* external_xml not found in the pfsense config.xml get the external.xml and save to config.xml. */ - $filename = $v_conf_dir."/sip_profiles/external.xml"; - $fout = fopen($filename,"r"); - $tmpxml = fread($fout, filesize($filename)); - $config['installedpackages']['freeswitchexternal']['config'][0]['external_xml'] = base64_encode($tmpxml); - unset($filename, $dialplan); - fclose($fout); - } - else { - /* found the external_xml in the pfsense config.xml save it to external.xml. */ - $fout = fopen($v_conf_dir."/sip_profiles/external.xml","w"); - $tmpxml = $config['installedpackages']['freeswitchexternal']['config'][0]['external_xml']; - fwrite($fout, base64_decode($tmpxml)); - fclose($fout); - unset($tmpxml); - } - - $cmd = "api reloadxml"; - //event_socket_request_cmd($cmd); - unset($cmd); - -} - - -function sync_package_v_hunt_group() -{ - - //Hunt Group Javascript Notes: - //get the domain - //loop through all Hunt Groups - //get the Hunt Group information such as the name and description - //add each Hunt Group to the dialplan - //get the list of destinations then build the Hunt Group javascript - - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - //get the domain - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $host = $config['interfaces']['lan']['ipaddr']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $cmd = "api global_getvar domain"; - $domain = trim(event_socket_request($fp, $cmd)); - } - - $tmp = ""; - $tmp .= "\n"; - $tmp .= " var domain = \"".$domain."\"; //by default this is the ipv4 address of FreeSWITCH used for transfer to voicemail\n"; - //$tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= "\n"; - - //loop through all Hunt Groups - $x = 0; - $a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; - if (count($a_hunt_group) > 0) { - foreach($a_hunt_group as $rowhelper) { - - //get the Hunt Group information such as the name and description - //$rowhelper['huntgroupid'] - //$rowhelper['huntgroupextension'] - //$rowhelper['huntgroupname'] - //$rowhelper['huntgrouptype'] - //$rowhelper['huntgrouptimeout'] - //$rowhelper['huntgroupcontext'] - //$rowhelper['huntgroupringback'] - //$rowhelper['huntgroupcidnameprefix'] - //$rowhelper['huntgrouppin'] - //$rowhelper['huntgroupcallerannounce'] - //$rowhelper['huntgroupdescr'] - - //add each Hunt Group to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - if (strlen($rowhelper['huntgroupid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "huntgroupid" && $row['opt1value'] == $rowhelper['huntgroupid']) { - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - } - $i++; - } - unset($i); - } - - - $ent = array(); - if ($action == 'add') { - //create huntgroup extension in the dialplan - $ent = array(); - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'huntgroup'; - $ent['opt1name'] = 'huntgroupid'; - $ent['opt1value'] = $rowhelper['huntgroupid']; - - $a_dialplan_includes[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['huntgroupextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $huntgroupid = str_replace(array("{", "}"), "", $rowhelper['huntgroupid']); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'huntgroup_'.$huntgroupid.'.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($huntgroupid); - - } - if ($action == 'update') { - //update the huntgroup - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $descr; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - unset($action); - unset($dialplanincludeid); - - //check whether the fifo queue exists already - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "huntgroupfifoid" && $row['opt1value'] == $rowhelper['huntgroupid']) { - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - } - $i++; - } - unset($i); - } - - if ($action == 'add') { - - //create a fifo queue for each huntgroup - $ent = array(); - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname'].'.park'; - $ent['order'] = '9999'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'fifo '.$rowhelper['huntgroupextension']; - $ent['opt1name'] = 'huntgroupfifoid'; - $ent['opt1value'] = $rowhelper['huntgroupid']; - $a_dialplan_includes[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*'.$rowhelper['huntgroupextension'].'$'; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_music=$${hold_music}'; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $huntgrouptimeouttype = $rowhelper['huntgrouptimeouttype']; - $huntgrouptimeoutdestination = $rowhelper['huntgrouptimeoutdestination']; - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeoutdestination = '***'.$huntgrouptimeoutdestination; } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_orbit_exten='.$huntgrouptimeoutdestination.':'.$rowhelper['huntgrouptimeout']; - $ent['fieldorder'] = '002'; - $a_dialplan_include_details[] = $ent; - unset($ent); //add to the config - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'fifo'; - $ent['fielddata'] = $rowhelper['huntgroupextension'].'@${domain_name} in'; - $ent['fieldorder'] = '003'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - } - if ($action == 'update') { - //update the huntgroup - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['huntgroupname'].'.park'; - $ent['order'] = $order; - $ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = $enabled; - $ent['descr'] = 'fifo '.$rowhelper['huntgroupextension']; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - - //delete dialplan include details - if (count($a_dialplan_include_details) > 0) { - foreach($a_dialplan_include_details as $row) { - if ($row['dialplanincludeid'] == $dialplanincludeid) { - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*'.$rowhelper['huntgroupextension'].'$'; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_music=$${hold_music}'; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - - $huntgrouptimeouttype = $rowhelper['huntgrouptimeouttype']; - $huntgrouptimeoutdestination = $rowhelper['huntgrouptimeoutdestination']; - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeoutdestination = '***'.$huntgrouptimeoutdestination; } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'fifo_orbit_exten='.$huntgrouptimeoutdestination.':'.$rowhelper['huntgrouptimeout']; - $ent['fieldorder'] = '002'; - $a_dialplan_include_details[] = $ent; - unset($ent); //add to the config - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'fifo'; - $ent['fielddata'] = $rowhelper['huntgroupextension'].'@${domain_name} in'; - $ent['fieldorder'] = '003'; - $a_dialplan_include_details[] = $ent; //add to the config - unset($ent); - } - - write_config(); - sync_package_v_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen huntgroupid; add the Hunt Group to the dialplan - - - - //Get the list of destinations then build the Hunt Group javascript - $tmp = ""; - $tmp .= "\n"; - $tmp .= "session.answer();\n"; - $tmp .= "var domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= "var extension = '".$rowhelper['huntgroupextension']."';\n"; - $tmp .= "var result;\n"; - $tmp .= "var timeoutpin = 7500;\n"; - $tmp .= "\n"; - $tmp .= "var objdate = new Date();\n"; - $tmp .= "var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= "var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "if (adjustoperator == \"-\") {\n"; - $tmp .= "var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= "}\n"; - $tmp .= "if (adjustoperator == \"+\") {\n"; - $tmp .= "var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= "}\n"; - $tmp .= "var Hours = objdate2.getHours();\n"; - $tmp .= "var Mins = objdate2.getMinutes();\n"; - $tmp .= "var Seconds = objdate2.getSeconds();\n"; - $tmp .= "var Month = objdate2.getMonth() + 1;\n"; - $tmp .= "var Date = objdate2.getDate();\n"; - $tmp .= "var Year = objdate2.getYear()\n"; - $tmp .= "var Day = objdate2.getDay()+1;\n"; - $tmp .= "var exit = false;\n"; - $tmp .= "\n"; - - $tmp .= " function get_sofia_contact(extension,domain_name, profile){\n"; - $tmp .= " if (profile == \"auto\") {\n"; - $i = 0; - foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - if ($i == 0) { - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - } - else { - $tmp .= "\n"; - $tmp .= " if (sofia_contact == \"error/user_not_registered\") {\n"; - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - } - $i++; - } - unset ($i); - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - $tmp .= " console_log( \"info\", \"sofia_contact \"+profile+\": \"+sofia_contact+\".\\n\" );\n"; - $tmp .= " return sofia_contact;\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= " function mycb( session, type, obj, arg ) {\n"; - $tmp .= " try {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " console_log( \"info\", \"digit: \"+obj.digit+\"\\n\" );\n"; - $tmp .= " if ( obj.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " dtmf.digits += obj.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length >= digitmaxlength ) {\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " } catch (e) {\n"; - $tmp .= " console_log( \"err\", e+\"\\n\" );\n"; - $tmp .= " }\n"; - $tmp .= " return( true );\n"; - $tmp .= " } //end function mycb\n"; - $tmp .= "\n"; - - $tmp .= "\n"; - $tmp .= "dialed_extension = session.getVariable(\"dialed_extension\");\n"; - $tmp .= "domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= "domain = session.getVariable(\"domain\");\n"; - $tmp .= "us_ring = session.getVariable(\"us-ring\");\n"; - $tmp .= "caller_id_name = session.getVariable(\"caller_id_name\");\n"; - $tmp .= "caller_id_number = session.getVariable(\"caller_id_number\");\n"; - $tmp .= "effective_caller_id_name = session.getVariable(\"effective_caller_id_name\");\n"; - $tmp .= "effective_caller_id_number = session.getVariable(\"effective_caller_id_number\");\n"; - $tmp .= "outbound_caller_id_name = session.getVariable(\"outbound_caller_id_name\");\n"; - $tmp .= "outbound_caller_id_number = session.getVariable(\"outbound_caller_id_number\");\n"; - $tmp .= "\n"; - - - //pin number requested from caller if provided - if (strlen($rowhelper['huntgrouppin']) > 0) { - $tmp .= "var pin = '".$rowhelper['huntgrouppin']."';\n"; - $tmp .= "if (pin.length > 0) {\n"; - $tmp .= " var dtmf = new Object();\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " digitmaxlength = 6;\n"; - $tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= " session.streamFile( \"".$v_dir."/sounds/custom/8000/please_enter_the_pin_number.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.collectInput( mycb, dtmf, timeoutpin );\n"; - $tmp .= "\n"; - $tmp .= " if (dtmf.digits == pin || pin.length == 0) {\n"; - $tmp .= " //continue\n"; - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " console_log( \"info\", \"Pin: \" + dtmf.digits + \" is incorrect\\n\" );\n"; - $tmp .= " session.streamFile( \"".$v_conf_dir."/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n"; - $tmp .= " session.hangup();\n"; - $tmp .= " }\n"; - $tmp .= "}\n"; - $tmp .= "\n"; - } - - //caller announce requested from caller if provided - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $tmp .= "function originate(session, sipuri, extension, caller_announce, caller_id_name, caller_id_number) {\n"; - $tmp .= " caller_id_name = caller_id_name.replace(\" \", \"+\");\n"; - $tmp .= " apiExecute(\"jsrun\", \"originate.js \"+session.uuid+\" \"+sipuri+\" \"+extension+\" \"+caller_announce+\" \"+caller_id_name+\" \"+caller_id_number);\n"; - $tmp .= "}"; - $tmp .= "\n"; - $tmp .= "var caller_announce = extension+\"_\"+Year+Month+Day+Hours+Mins+Seconds+\".wav\";\n"; - $tmp .= "session.streamFile( \"".$v_dir."/sounds/custom/8000/please_say_your_name_and_reason_for_calling.wav\");\n"; - $tmp .= "session.execute(\"gentones\", \"%(1000, 0, 640)\");\n"; - $tmp .= "session.execute(\"set\", \"playback_terminators=#\");\n"; - $tmp .= "session.execute(\"record\", \"".$tmp_dir."/\"+caller_announce+\" 180 200\");\n"; - $tmp .= "\n"; - $tmp .= "result = session.setAutoHangup(false);\n"; - $tmp .= "session.execute(\"transfer\", \"*\"+extension+\" XML default\");\n"; - $tmp .= "\n"; - } - - //set caller id prefix - if (strlen($rowhelper['huntgroupcidnameprefix'])> 0) { - $tmp .= "session.execute(\"set\", \"caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"effective_caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+effective_caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"outbound_caller_id_name=".$rowhelper['huntgroupcidnameprefix']."\"+outbound_caller_id_name);\n"; - } - - //set ring back - if (isset($rowhelper['huntgroupringback'])){ - if ($rowhelper['huntgroupringback'] == "ring"){ - $tmp .= "session.execute(\"set\", \"ringback=\"+us_ring); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\"+us_ring); //set to ringtone\n"; - } - if ($rowhelper['huntgroupringback'] == "music"){ - $tmp .= "session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - } - else { - $tmp .= "session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= "session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - - if ($rowhelper['huntgrouptimeout'] > 0) { - $tmp .= "session.execute(\"set\", \"call_timeout=".$rowhelper['huntgrouptimeout']."\");\n"; - $tmp .= "session.execute(\"set\", \"continue_on_fail=true\");\n"; - } - $tmp .= "session.execute(\"set\", \"hangup_after_bridge=true\");\n"; - $tmp .= "\n"; - $tmp .= "//console_log( \"info\", \"dialed extension:\"+dialed_extension+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain: \"+domain+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"us_ring: \"+us_ring+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain: \"+domain+\".\\n\" );\n"; - $tmp .= "//console_log( \"info\", \"domain_name: \"+domain_name+\".\\n\" );\n"; - $tmp .= "\n"; - - $tmp .= "//console_log( \"info\", \"action call now don't wait for dtmf\\n\" );\n"; - if ($rowhelper['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= "if ( session.ready() ) {\n"; - $tmp .= " session.answer();\n"; - } - $tmp .= "\n"; - - $a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; - if (isset($id) && $a_hunt_group[0]) { - $huntgrouptimeout = $a_hunt_group[$id]['huntgrouptimeout']; - $huntgrouptimeoutdestination = $a_hunt_group[$id]['huntgrouptimeoutdestination']; - } - - //order the array - if (!function_exists(cmp_hunt_group_order)) { - function cmp_hunt_group_order($a, $b) { - if ($a["destinationorder"] > $b["destinationorder"]) { - return 1; - } - else { - return 0; - } - } - } - - - $a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - if (count($a_hunt_group_destinations) > 0) { usort($a_hunt_group_destinations, "cmp_hunt_group_order"); } - if (count($a_hunt_group_destinations) > 0) { - - $i = 0; - foreach($a_hunt_group_destinations as $row) { - - /* - $row['huntgroupid'] - $row['destinationnumber'] - $row['destinationtype'] - $row['destinationprofile'] - $row['destinationorder'] - $row['destinationdescr'] - */ - - if ($row['huntgroupid'] == $rowhelper['huntgroupid']) { - - //set the default profile - if (strlen($row['destinationnumber']) == 0) { $row['destinationnumber'] = "internal"; } - - if ($row['destinationtype'] == "extension") { - $tmp .= "sofia_contact_".$row['destinationnumber']." = get_sofia_contact(\"".$row['destinationnumber']."\",domain_name, \"".$row['destinationprofile']."\");\n"; - $tmp_sub_array["application"] = "bridge"; - $tmp_sub_array["data"] = "sofia_contact_".$row['destinationnumber']; - $tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - if ($row['destinationtype'] == "voicemail") { - $tmp_sub_array["application"] = "voicemail"; - $tmp .= "session.execute(\"voicemail\", \"default \${domain} ".$row['destinationnumber']."\");\n"; - //$tmp_sub_array["application"] = "voicemail"; - //$tmp_sub_array["data"] = "default \${domain} ".$row['destinationnumber']; - //$tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - if ($row['destinationtype'] == "sip uri") { - $tmp_sub_array["application"] = "bridge"; - $tmp_sub_array["data"] = "\"".$row['destinationnumber']."\""; - $tmp_array[$i] = $tmp_sub_array; - unset($tmp_sub_array); - } - $i++; - - } //end huntgroupid - - } //end for each - unset($i); - } //if count - - $i = 0; - if(count($tmp_array) > 0) { - foreach ($tmp_array as $row) { - $tmpdata = $row["data"]; - if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - if ($i < 1) { - $tmp_buffer = $tmpdata; - } - else { - $tmp_buffer .= "+\",\"+".$tmpdata; - } - $i++; - } - } - unset($i); - $delimiter = ","; - $tmp_application = $tmp_array[0]["application"]; - - switch ($rowhelper['huntgrouptype']) { - case "simultaneous": - //print_r($tmp_array); - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $i = 0; - if (count($tmp_array) > 0) { - foreach ($tmp_array as $row) { - $tmpdata = $row["data"]; - if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - $tmp .= " result = originate (session, ".$tmpdata.", extension, caller_announce, caller_id_name, caller_id_number);\n"; - } - } - } - else { - $tmp .= "\n"; - $tmp .= " session.execute(\"".$tmp_application."\", $tmp_buffer);\n"; - //$tmp .= " session.execute(\"bridge\", sofia_contact_100+\",\"+sofia_contact_101+\",\"+sofia_contact_102+\",\"+sofia_contact_103+\",\"+sofia_contact_104);\n"; - //$tmp .= " //session.execute(\"bridge\", \"sofia/gateway/flowroute.com/12081231234,\"+sofia_contact_101);\n"; - } - unset($tmp_array); - break; - case "sequentially": - - $tmp .= "\n"; - //print_r($tmp_array); - $i = 0; - if (count($tmp_array) > 0) { - if ($rowhelper['huntgroupcallerannounce'] == "true") { - $i = 0; - if (count($tmp_array) > 0) { - //foreach ($tmp_array as $row) { - //$tmpdata = $row["data"]; - //if ($row["application"] == "voicemail") { $tmpdata = "***".$tmpdata; } - $tmp .= " result = originate (session, ".$tmp_buffer.", extension, caller_announce, caller_id_name, caller_id_number);\n"; - //} - } - } - else { - foreach ($tmp_array as $row) { - $tmp .= " session.execute(\"".$row["application"]."\", ".$row["data"].");\n"; - } - } - unset($tmp_array); - } - - break; - } - - //set the timeout destination - $huntgrouptimeoutdestination = $a_hunt_group[$x]['huntgrouptimeoutdestination']; - $huntgrouptimeouttype = $a_hunt_group[$x]['huntgrouptimeouttype']; - if ($huntgrouptimeouttype == "extension") { $huntgrouptimeouttype = "bridge"; } - if ($huntgrouptimeouttype == "voicemail") { $huntgrouptimeouttype = "transfer"; $huntgrouptimeoutdestination = "*99".$huntgrouptimeoutdestination; } - if ($huntgrouptimeouttype == "sip uri") { $huntgrouptimeouttype = "bridge"; } - $tmp .= "\n"; - if ($row['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= " //timeout\n"; - $tmp .= " session.execute(\"".$huntgrouptimeouttype."\", \"".$huntgrouptimeoutdestination."\");\n"; - } - - $tmp .= "\n"; - $tmp .= " //clear variables\n"; - $tmp .= " dialed_extension = \"\";\n"; - $tmp .= " new_extension = \"\";\n"; - $tmp .= " domain_name = \"\";\n"; - $tmp .= " domain = \"\";"; - - $tmp .= "\n"; - if ($rowhelper['huntgroupcallerannounce'] == "true") { - //do nothing - } - else { - $tmp .= "} //end if session.ready\n"; - } - $tmp .= "\n"; - - if (strlen($rowhelper['huntgroupid']) > 0) { - $huntgroupfilename = "huntgroup_".str_replace(array("{", "}"), "", $rowhelper['huntgroupid']).".js"; - $fout = fopen($v_scripts_dir."/".$huntgroupfilename,"w"); - fwrite($fout, $tmp); - unset($huntgroupfilename); - fclose($fout); - } - - $x++; - } //end foreach - } //end if count - -} //end function - - -function sync_package_v_fax() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - //loop through all faxes - $a_fax = &$config['installedpackages']['freeswitchfax']['config']; - if (count($a_fax) > 0) { - foreach($a_fax as $rowhelper) { - - //get the fax information such as the name and description - //$rowhelper['faxid'] - //$rowhelper['faxextension'] - //$rowhelper['faxname'] - //$rowhelper['faxemail'] - //$rowhelper['faxdomain'] - //$rowhelper['faxdescription'] - - //add each fax extension to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //determine if the entry should be an add, or update to the dialplan - if (strlen($rowhelper['faxid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - - foreach($a_dialplan_includes as $row) { - - //$row['faxid']; - //$row['faxname']; - //$row['context']; - //$row['enabled']; - - if ($row['opt1name'] == "faxid" && $row['opt1value'] == $rowhelper['faxid']) { - //update - $action = 'update'; - - $dialplanincludeid = $rowhelper['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - //echo "update".$i."<br />\n"; - - if (file_exists($v_conf_dir."/dialplan/default/".$order."_".$extensionname.".xml")){ - unlink($v_conf_dir."/dialplan/default/".$order."_".$extensionname.".xml"); - } - } - $i++; - - } - } - - $ent = array(); - if ($action == 'add') { - $faxid = $rowhelper['faxid']; - if (strlen($rowhelper['faxname']) > 0) { - $ent['dialplanincludeid'] = $faxid; - $ent['extensionname'] = $rowhelper['faxname']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = "default"; - //$ent['context'] = $rowhelper['huntgroupcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'fax'; - $ent['opt1name'] = 'faxid'; - $ent['opt1value'] = $rowhelper['faxid']; - - //add to the config - $a_dialplan_includes[] = $ent; - unset($ent); - - //<!-- default ${domain_name} --> - //<condition field="destination_number" expression="^\*9978$"> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldorder'] = '000'; - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['faxextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="answer" /> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '001'; - $ent['fieldtype'] = 'answer'; - $ent['fielddata'] = ''; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="playback" data="silence_stream://2000"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '002'; - $ent['fieldtype'] = 'playback'; - $ent['fielddata'] = 'silence_stream://2000'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="set" data="last_fax=${caller_id_number}-${strftime(%Y-%m-%d-%H-%M-%S)}"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '003'; - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'last_fax=${caller_id_number}-${strftime(%Y-%m-%d-%H-%M-%S)}'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="rxfax" data="$v_storage_dir/fax/inbox/${last_fax}.tif"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '004'; - $ent['fieldtype'] = 'rxfax'; - $ent['fielddata'] = $v_storage_dir.'/fax/'.$rowhelper['faxextension'].'/inbox/${last_fax}.tif'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="system" data="$v_scripts_dir/emailfax.sh USER DOMAIN $v_storage_dir/fax/inbox/9872/${last_fax}.tif"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '005'; - $ent['fieldtype'] = 'system'; - $ent['fielddata'] = $php_dir.' '.$v_web_dir.'/fax_to_email.php email='.$rowhelper['faxemail'].' extension='.$rowhelper['faxextension'].' name=${last_fax} >> '.$tmp_dir.'/fax.txt'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - //<action application="hangup"/> - $ent = array(); - $ent['dialplanincludeid'] = $faxid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldorder'] = '006'; - $ent['fieldtype'] = 'hangup'; - $ent['fielddata'] = ''; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - - unset($faxid); - - } - if ($action == 'update') { - - $ent['dialplanincludeid'] = $rowhelper['faxid']; - $ent['extensionname'] = $rowhelper['faxname']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $faxdescription; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - write_config(); - - sync_package_v_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen faxid; add the fax to the dialplan - - } //end foreach - } //end if count - -} //end function - - -function get_recording_filename($id) -{ - global $config; - $a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - if (count($a_recordings) > 0) { - foreach($a_recordings as $rowhelper) { - if ($rowhelper['recordingid'] == $id) { - return $rowhelper['filename']; - } - } - } -} - - -function sync_package_v_ivr() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $a_ivr = &$config['installedpackages']['freeswitchivr']['config']; - if (count($a_ivr) > 0) { - foreach($a_ivr as $rowhelper) { - - /* - $rowhelper['ivrid'] - $rowhelper['ivrextension'] - $rowhelper['ivrname'] - $rowhelper['recordingid'] - $rowhelper['ivrtimeout'] - $rowhelper['ivrcalltimeout'] - $rowhelper['ivrcontext'] - $rowhelper['ivrdirectdial'] - $rowhelper['ivrconditionjs'] - $rowhelper['ivrringback'] - $rowhelper['ivrcidnameprefix'] - $rowhelper['ivrdescr'] - */ - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - - //add the IVR to the dialplan - if (strlen($rowhelper['ivrid']) > 0) { - $action = 'add'; //set default action to add - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach($a_dialplan_includes as $row) { - - //$row['dialplanincludeid']; - //$row['extensionname']; - //$row['context']; - //$row['enabled']; - //echo "if (".$row['opt1name']." == \"ivrid\" && ".$row['opt1value']." == ".$rowhelper['ivrid'].") \n"; - - if ($row['opt1name'] == "ivrid" && $row['opt1value'] == $rowhelper['ivrid']) { - //update - $action = 'update'; - $dialplanincludeid = $row['dialplanincludeid']; - $extensionname = $row['extensionname']; - $order = $row['order']; - $context = $row['context']; - $enabled = $row['enabled']; - $descr = $row['descr']; - $opt1name = $row['opt1name']; - $opt1value = $row['opt1value']; - $id = $i; - //echo "update".$i."<br />\n"; - - } - $i++; - - } //end foreach - } //if count - - - $ent = array(); - if ($action == 'add') { - - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['ivrextension']; - $ent['order'] = '9001'; //if update use the existing order number and extension name and desc - $ent['context'] = $rowhelper['ivrcontext']; - $ent['enabled'] = 'true'; - $ent['descr'] = 'IVR'; - $ent['opt1name'] = 'ivrid'; - $ent['opt1value'] = $rowhelper['ivrid']; - - //add to the config - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^'.$rowhelper['ivrextension'].'$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ivrid = str_replace(array("{", "}"), "", $rowhelper['ivrid']); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'ivr_'.$ivrid.'.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($ivrid); - - } - if ($action == 'update') { - - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $rowhelper['ivrextension']; - $ent['order'] = $order; - $ent['context'] = $context; - $ent['enabled'] = $enabled; - $ent['descr'] = $descr; - $ent['opt1name'] = $opt1name; - $ent['opt1value'] = $opt1value; - - //update the config - $a_dialplan_includes[$id] = $ent; - - unset($ent); - unset($extensionname); - unset($order); - unset($context); - unset($enabled); - unset($descr); - unset($opt1name); - unset($opt1value); - unset($id); - } - write_config(); - - sync_package_v_dialplan_includes(); - unset($dialplanincludeid); - - } //end if strlen ivrid; add the IVR to the dialplan - - // Build the IVR javascript - $recording_action_filename = get_recording_filename($rowhelper['recordingidaction']); - $recording_antiaction_filename = get_recording_filename($rowhelper['recordingidantiaction']); - - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - if (pkg_is_service_running('freeswitch')) { - $fp = event_socket_create($host, $port, $password); - $cmd = "api global_getvar domain"; - $domain = trim(event_socket_request($fp, $cmd)); - } - - - $tmp = ""; //make sure the variable starts with no value - $tmp .= "\n"; - $tmp .= " var condition = true;\n"; - $tmp .= "\n"; - $tmp .= " var domain = \"".$domain."\"; //by default this is the ipv4 address of FreeSWITCH used for transfer to voicemail\n"; - $tmp .= " var digitmaxlength = 0;\n"; - $tmp .= " var objdate = new Date();\n"; - $tmp .= "\n"; - $tmp .= " var adjusthours = 0; //Adjust Server time that is set to GMT 7 hours\n"; - $tmp .= " var adjustoperator = \"-\"; //+ or -\n"; - $tmp .= "\n"; - $tmp .= " if (adjustoperator == \"-\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() - adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= " if (adjustoperator == \"+\") {\n"; - $tmp .= " var objdate2 = new Date(objdate.getFullYear(),objdate.getMonth(),objdate.getDate(),(objdate.getHours() + adjusthours),objdate.getMinutes(),objdate.getSeconds());\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " var Hours = objdate2.getHours();\n"; - $tmp .= " var Mins = objdate2.getMinutes();\n"; - $tmp .= " var Seconds = objdate2.getSeconds();\n"; - $tmp .= " var Month = objdate2.getMonth() + 1;\n"; - $tmp .= " var Date = objdate2.getDate();\n"; - $tmp .= " var Year = objdate2.getYear()\n"; - $tmp .= " var Day = objdate2.getDay()+1;\n"; - $tmp .= " var exit = false;\n"; - $tmp .= "\n"; - $tmp .= " dialed_extension = session.getVariable(\"dialed_extension\");\n"; - $tmp .= " domain_name = session.getVariable(\"domain_name\");\n"; - $tmp .= " domain = session.getVariable(\"domain\");\n"; - $tmp .= " us_ring = session.getVariable(\"us-ring\");\n"; - $tmp .= " caller_id_name = session.getVariable(\"caller_id_name\");\n"; - $tmp .= " caller_id_number = session.getVariable(\"caller_id_number\");\n"; - $tmp .= " effective_caller_id_name = session.getVariable(\"effective_caller_id_name\");\n"; - $tmp .= " effective_caller_id_number = session.getVariable(\"effective_caller_id_number\");\n"; - $tmp .= " outbound_caller_id_name = session.getVariable(\"outbound_caller_id_name\");\n"; - $tmp .= " outbound_caller_id_number = session.getVariable(\"outbound_caller_id_number\");\n"; - $tmp .= "\n"; - - //set caller id prefix - if (strlen($rowhelper['ivrcidnameprefix'])> 0) { - $tmp .= "session.execute(\"set\", \"caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"effective_caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+effective_caller_id_name);\n"; - $tmp .= "session.execute(\"set\", \"outbound_caller_id_name=".$rowhelper['ivrcidnameprefix']."\"+outbound_caller_id_name);\n"; - } - - $tmp .= "\n"; - - $tmp .= " session.execute(\"set\", \"continue_on_fail=true\");\n"; - if (strlen($rowhelper['ivrcalltimeout']) == 0){ - $tmp .= " session.execute(\"set\", \"call_timeout=30\");\n"; //ivrcalltimeout - } - else { - $tmp .= " session.execute(\"set\", \"call_timeout=".$rowhelper['ivrcalltimeout']."\");\n"; //ivrcalltimeout - } - - if (isset($rowhelper['ivrringback'])){ - if ($rowhelper['ivrringback'] == "ring"){ - $tmp .= " session.execute(\"set\", \"ringback=\"+us_ring); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\"+us_ring); //set to ringtone\n"; - } - if ($rowhelper['ivrringback'] == "music"){ - $tmp .= " session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - } - else { - $tmp .= " session.execute(\"set\", \"ringback=\${hold_music}\"); //set to ringtone\n"; - $tmp .= " session.execute(\"set\", \"transfer_ringback=\${hold_music}\"); //set to ringtone\n"; - } - $tmp .= "\n"; - $tmp .= "//console_log( \"info\", \"IVR Server Time is: \"+Hours+\":\"+Mins+\" \\n\" );\n"; - $tmp .= "\n"; - - $tmp .= " function get_sofia_contact(extension,domain_name, profile){\n"; - $tmp .= " if (profile == \"auto\") {\n"; - $i = 0; - foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - if ($i == 0) { - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - } - else { - $tmp .= "\n"; - $tmp .= " if (sofia_contact == \"error/user_not_registered\") {\n"; - $tmp .= " profile = \"".$sip_profile_name."\";\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - } - $i++; - } - unset ($i); - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " session.execute(\"set\", \"sofia_contact_\"+extension+\"=\${sofia_contact(\"+profile+\"/\"+extension+\"@\"+domain_name+\")}\");\n"; - $tmp .= " sofia_contact = session.getVariable(\"sofia_contact_\"+extension);\n"; - $tmp .= " }\n"; - $tmp .= " console_log( \"info\", \"sofia_contact \"+profile+\": \"+sofia_contact+\".\\n\" );\n"; - $tmp .= " return sofia_contact;\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - - $tmp .= " function mycb( session, type, obj, arg ) {\n"; - $tmp .= " try {\n"; - $tmp .= " if ( type == \"dtmf\" ) {\n"; - $tmp .= " console_log( \"info\", \"digit: \"+obj.digit+\"\\n\" );\n"; - $tmp .= " if ( obj.digit == \"#\" ) {\n"; - $tmp .= " //console_log( \"info\", \"detected pound sign.\\n\" );\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " dtmf.digits += obj.digit;\n"; - $tmp .= "\n"; - $tmp .= " if ( dtmf.digits.length >= digitmaxlength ) {\n"; - $tmp .= " exit = true;\n"; - $tmp .= " return( false );\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " } catch (e) {\n"; - $tmp .= " console_log( \"err\", e+\"\\n\" );\n"; - $tmp .= " }\n"; - $tmp .= " return( true );\n"; - $tmp .= " } //end function mycb\n"; - - $tmp .= "\n"; - $tmp .= base64_decode($rowhelper['ivrconditionjs']); - $tmp .= "\n"; - $tmp .= "\n"; - - //$tmp .= " //condition = true; //debugging\n"; - - $actiondirect = false; - $actiondefault = false; - $actioncount = 0; - foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) { - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "action") { - $actioncount++; - if (strtolower($row['optionnumber']) == "n") { //direct the call now don't wait for dtmf - //echo "now found\n"; - $actiondirect = true; - $actiondirecttype = $row['optiontype']; - $actiondirectprofile = $row['optionprofile']; - $actiondirectdest = $row['optiondest']; - } - if (strtolower($row['optionnumber']) == "d") { //default option used when dtmf doesn't match any other option - //echo "default found\n"; - $actiondefault = true; - $actiondefaulttype = $row['optiontype']; - $actiondefaultprofile = $row['optionprofile']; - $actiondefaultdest = $row['optiondest']; - } - } - } - } - //$tmp .= "action count: ".$actioncount."<br />\n"; - if ($actioncount > 0) { - if ($actiondirect) { - $tmp .= " if (condition) {\n"; - $tmp .= " //direct\n"; - $tmp .= " //console_log( \"info\", \"action direct\\n\" );\n"; - if ($actiondirecttype == "extension") { - $tmp .= " sofia_contact_".$actiondirectdest." = get_sofia_contact(\"".$actiondirectdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$actiondirectdest."); //".$actiondirectdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - } - if ($actiondirecttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondirectdest."\");\n"; - } - } - if ($actiondirecttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$actiondirectdest."\"); //".$actiondirectdest."\n"; - - } - - $tmp .= "}\n"; - - } - else { - $tmp .= " if (condition) {\n"; - $tmp .= " //action\n"; - $tmp .= "\n"; - $tmp .= " //console_log( \"info\", \"action call now don't wait for dtmf\\n\" );\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - $tmp .= " digitmaxlength = 1;\n"; - $tmp .= " while (session.ready() && ! exit ) {\n"; - $tmp .= " //session.streamFile( \"".$v_dir."/sounds/".$recording_action_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " session.streamFile( \"".$v_recordings_dir."/".$recording_action_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " if (session.ready()) {\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - $tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - //$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n"; - - $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - //find the timeout IVR options with the correct action - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "action") { - if (strtolower($row['optionnumber']) == "t") { - if ($row['optiontype'] == "extension") { - $tmp .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - } //end anti-action - - } //end ivrid - - } //end for each - } //if count - - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " break; //dtmf found end the while loop\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //pickup the remaining digits\n"; - //$tmp .= " //http://wiki.freeswitch.org/wiki/Session_getDigits\n"; - //$tmp .= " //getDigits(length, terminators, timeout, digit_timeout, abs_timeout)\n"; - //$tmp .= " //dtmf.digits += session.getDigits(2, \"#\", 3000); //allow up to 3 digits\n"; - $tmp .= " dtmf.digits += session.getDigits(4, \"#\", 3000); //allow up to 5 digits\n"; - $tmp .= "\n"; - $tmp .= "\n"; - //$tmp .= " console_log( \"info\", \"IVR Digit Pressed: \" + dtmf.digits + \"\\n\" );\n"; - - - //action - $tmpaction = ""; - - $tmp .= " if ( dtmf.digits.length > \"0\" ) {\n"; - $x = 0; - $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config']; - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - /* - $row['ivrid'] - $row['optionnumber'] - $row['optiontype'] - $row['optionaction'] - $row['optiondest'] - $row['optiondescr'] - */ - - $tmpactiondefault = ""; - - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']){ - - if ($row['optionaction'] == "action") { - //$tmpaction .= "\n"; - - switch ($row['optionnumber']) { - //case "t": - // break; - //case "d": - // break; - default: - //$tmpaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n"; - if ($x == 0) { - $tmpaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - else { - $tmpaction .= " else if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - if ($row['optiontype'] == "extension") { - $tmpaction .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmpaction .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmpaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmpaction .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - - $tmpaction .= " }\n"; - - } - - $x++; - } //end if action - - } //end ivrid - - - } //end foreach - } //end if count - - $tmp .= $tmpaction; - if ($rowhelper['ivrdirectdial'] == "true") { - $tmp .= " else {\n"; - $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= $tmpactiondefault; - $tmp .= " }\n"; - } - else { - if ($actiondefault) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"default option when there is no matching dtmf found\\n\" );\n"; - if ($actiondefaulttype == "extension") { - $tmp .= " sofia_contact_".$actiondefaultdest." = get_sofia_contact(\"".$actiondefaultdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$actiondefaultdest."); //".$actiondefaultdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - } - if ($actiondefaulttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$actiondefaultdest."\");\n"; - } - } - if ($actiondefaulttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$actiondefaultdest."\"); //".$actiondefaultdest."\n"; - } - $tmp .= " }\n"; - - } - } - - $tmp .= "\n"; - unset($tmpaction); - - - $tmp .= " } \n"; - //$tmp .= " else if ( dtmf.digits.length == \"4\" ) {\n"; - //$tmp .= " //Transfer to the extension the caller\n"; - //$tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= " } else {\n"; - //$tmp .= $tmpactiondefault; - //$tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " } //end if session.ready\n"; - $tmp .= "\n"; - $tmp .= " }\n"; //end if condition - - } //if ($actiondirect) - } //actioncount - - $antiactiondirect = false; - $antiactiondefault = false; - $antiactioncount = 0; - foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) { - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - if ($row['optionaction'] == "anti-action") { - $antiactioncount++; - if (strtolower($row['optionnumber']) == "n") { //direct the call now don't wait for dtmf - $antiactiondirect = true; - $antiactiondirecttype = $row['optiontype']; - $antiactiondirectdest = $row['optiondest']; - $antiactiondirectprofile = $row['optionprofile']; - } - if (strtolower($row['optionnumber']) == "d") { //default option used when an dtmf doesn't match any option - $antiactiondefault = true; - $antiactiondefaulttype = $row['optiontype']; - $antiactiondefaultdest = $row['optiondest']; - $antiactiondefaultprofile = $row['optionprofile']; - } - } - } - } - //$tmp .= "anti-action count: ".$antiactioncount."<br />\n"; - - - if ($antiactioncount > 0) { - if ($antiactiondirect) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"anti-action call now don't wait for dtmf\\n\" );\n"; - - if ($antiactiondirecttype == "extension") { - $tmp .= " sofia_contact_".$antiactiondirectdest." = get_sofia_contact(\"".$antiactiondirectdest."\",domain_name, \"".$antiactiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$antiactiondirectdest."); //".$antiactiondirectdest."\n"; - if ($antiactiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - } - if ($antiactiondirecttype == "voicemail") { - if ($antiactiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondirectdest."\");\n"; - } - } - if ($antiactiondirecttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$antiactiondirectdest."\"); //".$antiactiondirectdest."\n"; - } - $tmp .= "}\n"; - } - else { - $tmp .= " else {\n"; - $tmp .= " //anti-action\n"; - $tmp .= " //console_log( \"info\", \"anti-action options\\n\" );\n"; - $tmp .= "\n"; - $tmp .= " var dtmf = new Object( );\n"; - $tmp .= " dtmf.digits = \"\";\n"; - $tmp .= " if ( session.ready( ) ) {\n"; - $tmp .= " session.answer( );\n"; - $tmp .= "\n"; - $tmp .= " digitmaxlength = 1;\n"; - $tmp .= " while (session.ready() && ! exit ) {\n"; - $tmp .= " session.streamFile( \"".$v_recordings_dir."/".$recording_antiaction_filename."\", mycb, \"dtmf ".$rowhelper['ivrtimeout']."\" );\n"; - $tmp .= " if (session.ready()) {\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - $tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n"; - $tmp .= " if (dtmf.digits.length == 0) {\n"; - //$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n"; - - - //find the timeout IVR options with the correct action - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "anti-action") { - if (strtolower($row['optionnumber']) == "t") { - if ($row['optiontype'] == "extension") { - $tmp .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - - } //end anti-action - - } //end ivrid - - } //end for each - } //if count - - - $tmp .= " }\n"; - $tmp .= " else {\n"; - $tmp .= " break; //dtmf found end the while loop\n"; - $tmp .= " }\n"; - - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " //pickup the remaining digits\n"; - $tmp .= " //http://wiki.freeswitch.org/wiki/Session_getDigits\n"; - $tmp .= " //getDigits(length, terminators, timeout, digit_timeout, abs_timeout)\n"; - $tmp .= " dtmf.digits += session.getDigits(4, \"#\", 3000);\n"; - $tmp .= "\n"; - $tmp .= " console_log( \"info\", \"IVR Digit Pressed: \" + dtmf.digits + \"\\n\" );\n"; - $tmp .= "\n"; - - - $tmpantiaction = ""; - $tmp .= " if ( dtmf.digits.length > \"0\" ) {\n"; - - $x = 0; - if (count($a_ivr_options) > 0) { - foreach($a_ivr_options as $row) { - - /* - $row['ivrid'] - $row['optionnumber'] - $row['optiontype'] - $row['optionaction'] - $row['optiondest'] - $row['optiondescr'] - */ - //$tmpantiactiondefault = ""; - - //find the correct IVR options with the correct action - if ($row['ivrid'] == $rowhelper['ivrid']) { - - if ($row['optionaction'] == "anti-action") { - - switch ($row['optionnumber']) { - //case "t": - // //break; - //case "d": - // //break; - default: - //$tmpantiaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n"; - - if ($x == 0) { - $tmpantiaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - else { - $tmpantiaction .= " else if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n"; - } - - if ($row['optiontype'] == "extension") { - $tmpantiaction .= " sofia_contact_".$row['optiondest']." = get_sofia_contact(\"".$row['optiondest']."\",domain_name, \"".$row['optionprofile']."\");\n"; - $tmpantiaction .= " session.execute(\"bridge\", sofia_contact_".$row['optiondest']."); //".$row['optiondescr']."\n"; - if ($row['optionprofile'] == "auto") { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - else { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\");\n"; - } - } - if ($row['optiontype'] == "voicemail") { - if ($row['optionprofile'] == "auto") { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - else { - $tmpantiaction .= " session.execute(\"voicemail\", \"default \${domain} ".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - } - if ($row['optiontype'] == "sip uri") { - $tmpantiaction .= " session.execute(\"bridge\", \"".$row['optiondest']."\"); //".$row['optiondescr']."\n"; - } - $tmpantiaction .= " }\n"; - - } //end switch - - $x++; - } //end anti-action - - } //end ivrid - - - } //end for each - } //if count - - $tmp .= $tmpantiaction; - if ($rowhelper['ivrdirectdial'] == "true") { - $tmp .= " else {\n"; - $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n"; - //$tmp .= $tmpantiactiondefault; - $tmp .= " }\n"; - } - else { - if ($antiactiondefault) { - $tmp .= " else {\n"; - $tmp .= " //console_log( \"info\", \"default option used when dtmf doesn't match any other option\\n\" );\n"; - - if ($antiactiondefaulttype == "extension") { - $tmp .= " sofia_contact_".$antiactiondefaultdest." = get_sofia_contact(\"".$antiactiondefaultdest."\",domain_name, \"".$actiondirectprofile."\");\n"; - $tmp .= " session.execute(\"bridge\", sofia_contact_".$antiactiondefaultdest."); //".$antiactiondefaultdest."\n"; - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - } - if ($antiactiondefaulttype == "voicemail") { - if ($actiondirectprofile == "auto") { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - else { - $tmp .= " session.execute(\"voicemail\", \"default \${domain} ".$antiactiondefaultdest."\");\n"; - } - } - if ($antiactiondefaulttype == "sip uri") { - $tmp .= " session.execute(\"bridge\", \"".$antiactiondefaultdest."\"); //".$antiactiondefaultdest."\n"; - } - $tmp .= " }\n"; - } - } - $tmp .= "\n"; - unset($tmpantiaction); - - $tmp .= " } \n"; - //$tmp .= " else if ( dtmf.digits.length == \"3\" ) {\n"; - //$tmp .= " //Transfer to the extension the caller chose\n"; - //$tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\"); \n"; - //$tmp .= " }\n"; - //$tmp .= " else {\n"; - //$tmp .= $tmpantiactiondefault; - //$tmp .= " }\n"; - $tmp .= "\n"; - $tmp .= " } //end if session.ready\n"; - $tmp .= "\n"; - $tmp .= " } //end if condition"; - - } //if ($antiactiondirect) - } //antiactioncount - unset($tmpactiondefault); - unset($tmpantiactiondefault); - - if (strlen($rowhelper['ivrid']) > 0) { - $ivrfilename = "ivr_".str_replace(array("{", "}"), "", $rowhelper['ivrid']).".js"; - $fout = fopen($v_scripts_dir."/".$ivrfilename,"w"); - fwrite($fout, $tmp); - unset($ivrfilename); - fclose($fout); - } - - } //end foreach - } //end if count - -} //end function - - - -function sync_package_v_dialplan_includes() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //order the array - if (!function_exists('cmp_number_dialplan_details')) { - function cmp_number_dialplan_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - } - - if (count($a_dialplan_includes) > 0) { - foreach($config['installedpackages']['freeswitchdialplanincludes']['config'] as $rowhelper) { - $tmp = ""; - $tmp .= "\n"; - - //$rowhelper['dialplanincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n"; - - if (count($a_dialplan_include_details) > 0) { - - if (count($a_dialplan_include_details) > 0) { usort($a_dialplan_include_details, "cmp_number_dialplan_details"); } - - $conditioncount = 0; - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $conditioncount++; - $i++; - } - } - - $i = 1; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - if ($conditioncount == 1) { //single condition - //start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - else { //more than one condition - if ($i < $conditioncount) { - //all tags should be self-closing except the last one - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n"; - } - else { - //for the last tag use the start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - } - $i++; - } - } //end for each - - } //end if count - - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - $tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - //if (count($a_dialplan_include_details) > 0) { - //foreach ($a_dialplan_include_details as $ent) { - // $i = 0; - // if ($ent['tag'] == "param" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) { - //$ent['tag'] - //$ent['fieldtype'] - //$ent['fielddata'] - // } - // $i++; - // } - //} - - if ($conditioncount > 0) { - $tmp .= " </condition>\n"; - } - unset ($conditioncount); - $tmp .= "</extension>\n"; - - - if ($rowhelper['enabled'] == "true") { - $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - $fout = fopen($v_conf_dir."/dialplan/default/".$dialplanincludefilename,"w"); - fwrite($fout, $tmp); - fclose($fout); - } - unset($dialplanincludefilename); - unset($tmp); - - - } //end foreach - } //if array count - -} - - -function sync_package_v_public_includes() -{ - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; - $a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - if (count($a_public_includes) > 0) { - - //order the array - function cmp_number_public_include_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - - - foreach($a_public_includes as $rowhelper) { - $tmp = ""; - $tmp .= "\n"; - - //$rowhelper['publicincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n"; - - if (count($a_public_include_details) > 0) { - - if (count($a_public_include_details) > 0) { usort($a_public_include_details, "cmp_number_public_include_details"); } - - $conditioncount = 0; - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $conditioncount++; - $i++; - } - } - - $i = 1; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - if ($conditioncount == 1) { //single condition - //start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - else { //more than one condition - if ($i < $conditioncount) { - //all tags should be self-closing except the last one - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n"; - } - else { - //for the last tag use the start tag - $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n"; - } - } - $i++; - } - } //end for each - - } //end if count - - - if (count($a_public_include_details) > 0) { - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - if (count($a_public_include_details) > 0) { - $i = 0; - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - $tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n"; - } - $i++; - } - } - - //if (count($a_public_include_details) > 0) { - //foreach ($a_public_include_details as $ent) { - // $i = 0; - // if ($ent['tag'] == "param" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) { - //$ent['tag'] - //$ent['fieldtype'] - //$ent['fielddata'] - // } - // $i++; - // } - //} - - if ($conditioncount > 0) { - $tmp .= " </condition>\n"; - } - unset ($conditioncount); - $tmp .= "</extension>\n"; - - - if ($rowhelper['enabled'] == "true") { - $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - $fout = fopen($v_conf_dir."/dialplan/public/".$publicincludefilename,"w"); - fwrite($fout, $tmp); - fclose($fout); - } - unset($publicincludefilename); - unset($tmp); - - } //end foreach - } //end count - -} - - -function sync_package_freeswitch() -{ - global $config; - sync_package_v_settings(); - sync_package_v_dialplan(); - sync_package_v_dialplan_includes(); - sync_package_v_extensions(); - sync_package_v_gateways(); - sync_package_v_modules(); - sync_package_v_public(); - sync_package_v_public_includes(); - sync_package_v_vars(); - sync_package_v_internal(); - sync_package_v_external(); - //sync_package_v_recordings(); - if (pkg_is_service_running('freeswitch')) { - sync_package_v_ivr(); - } - -} - -function pkg_add($pkg_download_path, $pkg_name) -{ - - if (!is_dir('/usr/pkgs/')) { - exec("mkdir /usr/pkgs/"); - } - - $pkg_array = split("\.", $pkg_name); - //if the package is not installed then download and install it - if (!strlen(exec('pkg_info | grep '.$pkg_array[0])) > 0) { - chdir('/usr/pkgs/'); - exec("fetch ".$pkg_download_path.'/'.$pkg_name); - exec("pkg_add -F ".$pkg_name); - exec("rm ".$pkg_name); - } - -} - -function v_install_phase_2() { - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $handle = fopen($tmp_dir.'/freeswitch_pkg.txt', "a"); - -// $static_output = 'Downloading Package Files'; -// update_output_window($static_output); - - clearstatcache(); //clear file status cache - fwrite($handle, "v_web_root: ".$v_web_root."/packages/\n"); - if (!is_dir($v_web_root.'/packages/')) { - exec("mkdir ".$v_web_root."/packages/"); - } - fwrite($handle, "v_web_dir: ".$v_web_dir."\n"); - if (!is_dir($v_web_dir)) { - exec("mkdir ".$v_web_dir); - } - - if (!is_dir($v_dir.'/sounds/custom/')) { - exec("mkdir ".$v_dir."/sounds/custom/"); - } - - if (!is_dir($v_dir.'/sounds/custom/8000/')) { - exec("mkdir ".$v_dir."/sounds/custom/8000/"); - } - - if (!is_dir($v_storage_dir.'/fax/')) { - exec("mkdir -p ".$v_storage_dir."/fax/"); - } - - //download the dialplan default.xml - chdir($tmp_dir.'/'); - exec("cd ".$tmp_dir."/;fetch ".$v_download_path."dialplan.default.xml"); - exec("cp ".$tmp_dir."/dialplan.default.xml ".$v_conf_dir."/dialplan/default.xml"); - unlink_if_exists($tmp_dir."/dialplan.default.xml"); - - //download the dialplan public.xml - chdir($tmp_dir.'/'); - exec("fetch ".$v_download_path."dialplan.public.xml"); - exec("cp ".$tmp_dir."/dialplan.public.xml ".$v_conf_dir."/dialplan/public.xml"); - unlink_if_exists($tmp_dir."/dialplan.public.xml"); - - //misc files - if (!is_dir($v_web_root.'/edit_area/')) { - chdir($tmp_dir); - exec("fetch ".$v_download_path."edit_area.tgz"); - chdir($v_web_root); - system('tar xvpfz ".tmp_dir."/edit_area.tgz edit_area'); - unlink_if_exists($tmp_dir."/edit_area.tgz"); - } - - fwrite($handle, 'tmp_dir: '.$tmp_dir."\n"); - fwrite($handle, "fetch ".$v_download_path."/v_dialplan.tmp\n"); - fwrite($handle, "cp ".$tmp_dir."/v_dialplan.tmp ".$v_web_dir."/v_dialplan.php\n"); - fwrite($handle, $tmp_dir."/v_dialplan.tmp\n"); - - //rename PHP files from .tmp to .php - chdir($tmp_dir.'/'); - exec("fetch ".$v_download_path."/index.tmp"); - exec("cp ".$tmp_dir."/index.tmp ".$v_web_dir."/index.php"); - unlink_if_exists($tmp_dir."/index.tmp"); - - exec("fetch ".$v_download_path."/class.smtp.tmp"); - exec("cp ".$tmp_dir."/class.smtp.tmp ".$v_web_dir."/class.smtp.php"); - unlink_if_exists($tmp_dir."/class.smtp.tmp"); - - exec("fetch ".$v_download_path."/class.phpmailer.tmp"); - exec("cp ".$tmp_dir."/class.phpmailer.tmp ".$v_web_dir."/class.phpmailer.php"); - unlink_if_exists($tmp_dir."/class.phpmailer.tmp"); - - exec("fetch ".$v_download_path."/v_cmd.tmp"); - exec("cp ".$tmp_dir."/v_cmd.tmp ".$v_web_dir."/v_cmd.php"); - unlink_if_exists($tmp_dir."/v_cmd.tmp"); - - exec("fetch ".$v_download_path."/v_dialplan.tmp"); - exec("cp ".$tmp_dir."/v_dialplan.tmp ".$v_web_dir."/v_dialplan.php"); - unlink_if_exists($tmp_dir."/v_dialplan.tmp"); - - exec("fetch ".$v_download_path."/v_dialplan_includes_details.tmp"); - exec("cp ".$tmp_dir."/v_dialplan_includes_details.tmp ".$v_web_dir."/v_dialplan_includes_details.php"); - unlink_if_exists($tmp_dir."/v_dialplan_includes_details.tmp"); - - exec("fetch ".$v_download_path."/v_dialplan_includes_details_edit.tmp"); - exec("cp ".$tmp_dir."/v_dialplan_includes_details_edit.tmp ".$v_web_dir."/v_dialplan_includes_details_edit.php"); - unlink_if_exists($tmp_dir."/v_dialplan_includes_details_edit.tmp"); - - exec("fetch ".$v_download_path."/v_dialplan_includes.tmp"); - exec("cp ".$tmp_dir."/v_dialplan_includes.tmp ".$v_web_dir."/v_dialplan_includes.php"); - unlink_if_exists($tmp_dir."/v_dialplan_includes.tmp"); - - exec("fetch ".$v_download_path."/v_dialplan_includes_edit.tmp"); - exec("cp ".$tmp_dir."/v_dialplan_includes_edit.tmp ".$v_web_dir."/v_dialplan_includes_edit.php"); - unlink_if_exists($tmp_dir."/v_dialplan_includes_edit.tmp"); - - exec("fetch ".$v_download_path."/v_extensions.tmp"); - exec("cp ".$tmp_dir."/v_extensions.tmp ".$v_web_dir."/v_extensions.php"); - unlink_if_exists($tmp_dir."/v_extensions.tmp"); - - exec("fetch ".$v_download_path."/v_extensions_edit.tmp"); - exec("cp ".$tmp_dir."/v_extensions_edit.tmp ".$v_web_dir."/v_extensions_edit.php"); - unlink_if_exists($tmp_dir."/v_extensions_edit.tmp"); - - exec("fetch ".$v_download_path."/v_fax.tmp"); - exec("cp ".$tmp_dir."/v_fax.tmp ".$v_web_dir."/v_fax.php"); - unlink_if_exists($tmp_dir."/v_fax.tmp"); - - exec("fetch ".$v_download_path."/v_fax_edit.tmp"); - exec("cp ".$tmp_dir."/v_fax_edit.tmp ".$v_web_dir."/v_fax_edit.php"); - unlink_if_exists($tmp_dir."/v_fax_edit.tmp"); - - exec("fetch ".$v_download_path."/fax_to_email.tmp"); - exec("cp ".$tmp_dir."/fax_to_email.tmp ".$v_web_dir."/fax_to_email.php"); - unlink_if_exists($tmp_dir."/fax_to_email.tmp"); - - exec("fetch ".$v_download_path."/v_features.tmp"); - exec("cp ".$tmp_dir."/v_features.tmp ".$v_web_dir."/v_features.php"); - unlink_if_exists($tmp_dir."/v_features.tmp"); - - exec("fetch ".$v_download_path."/v_gateways.tmp"); - exec("cp ".$tmp_dir."/v_gateways.tmp ".$v_web_dir."/v_gateways.php"); - unlink_if_exists($tmp_dir."/v_gateways.tmp"); - - exec("fetch ".$v_download_path."/v_gateways_edit.tmp"); - exec("cp ".$tmp_dir."/v_gateways_edit.tmp ".$v_web_dir."/v_gateways_edit.php"); - unlink_if_exists($tmp_dir."/v_gateways_edit.tmp"); - - exec("fetch ".$v_download_path."/v_hunt_group.tmp"); - exec("cp ".$tmp_dir."/v_hunt_group.tmp ".$v_web_dir."/v_hunt_group.php"); - unlink_if_exists($tmp_dir."/v_hunt_group.tmp"); - - exec("fetch ".$v_download_path."/v_hunt_group_edit.tmp"); - exec("cp ".$tmp_dir."/v_hunt_group_edit.tmp ".$v_web_dir."/v_hunt_group_edit.php"); - unlink_if_exists($tmp_dir."/v_hunt_group_edit.tmp"); - - exec("fetch ".$v_download_path."/v_hunt_group_destinations.tmp"); - exec("cp ".$tmp_dir."/v_hunt_group_destinations.tmp ".$v_web_dir."/v_hunt_group_destinations.php"); - unlink_if_exists($tmp_dir."/v_hunt_group_destinations.tmp"); - - exec("fetch ".$v_download_path."/v_hunt_group_destinations_edit.tmp"); - exec("cp ".$tmp_dir."/v_hunt_group_destinations_edit.tmp ".$v_web_dir."/v_hunt_group_destinations_edit.php"); - unlink_if_exists($tmp_dir."/v_hunt_group_destinations_edit.tmp"); - - exec("fetch ".$v_download_path."/v_auto_attendant.tmp"); - exec("cp ".$tmp_dir."/v_auto_attendant.tmp ".$v_web_dir."/v_auto_attendant.php"); - unlink_if_exists($tmp_dir."/v_auto_attendant.tmp"); - - exec("fetch ".$v_download_path."/v_auto_attendant_edit.tmp"); - exec("cp ".$tmp_dir."/v_auto_attendant_edit.tmp ".$v_web_dir."/v_auto_attendant_edit.php"); - unlink_if_exists($tmp_dir."/v_auto_attendant_edit.tmp"); - - exec("fetch ".$v_download_path."/v_auto_attendant_options.tmp"); - exec("cp ".$tmp_dir."/v_auto_attendant_options.tmp ".$v_web_dir."/v_auto_attendant_options.php"); - unlink_if_exists($tmp_dir."/v_auto_attendant_options.tmp"); - - exec("fetch ".$v_download_path."/v_auto_attendant_options_edit.tmp"); - exec("cp ".$tmp_dir."/v_auto_attendant_options_edit.tmp ".$v_web_dir."/v_auto_attendant_options_edit.php"); - unlink_if_exists($tmp_dir."/v_auto_attendant_options_edit.tmp"); - - exec("fetch ".$v_download_path."/v_profiles.tmp"); - exec("cp ".$tmp_dir."/v_profiles.tmp ".$v_web_dir."/v_profiles.php"); - unlink_if_exists($tmp_dir."/v_profiles.tmp"); - - exec("fetch ".$v_download_path."/v_profile_edit.tmp"); - exec("cp ".$tmp_dir."/v_profile_edit.tmp ".$v_web_dir."/v_profile_edit.php"); - unlink_if_exists($tmp_dir."/v_profile_edit.tmp"); - - exec("fetch ".$v_download_path."/v_public.tmp"); - exec("cp ".$tmp_dir."/v_public.tmp ".$v_web_dir."/v_public.php"); - unlink_if_exists($tmp_dir."/v_public.tmp"); - - exec("fetch ".$v_download_path."/v_public_includes.tmp"); - exec("cp ".$tmp_dir."/v_public_includes.tmp ".$v_web_dir."/v_public_includes.php"); - unlink_if_exists($tmp_dir."/v_public_includes.tmp"); - - exec("fetch ".$v_download_path."/v_public_includes_edit.tmp"); - exec("cp ".$tmp_dir."/v_public_includes_edit.tmp ".$v_web_dir."/v_public_includes_edit.php"); - unlink_if_exists($tmp_dir."/v_public_includes_edit.tmp"); - - exec("fetch ".$v_download_path."/v_public_includes_details.tmp"); - exec("cp ".$tmp_dir."/v_public_includes_details.tmp ".$v_web_dir."/v_public_includes_details.php"); - unlink_if_exists($tmp_dir."/v_public_includes_details.tmp"); - - exec("fetch ".$v_download_path."/v_public_includes_details_edit.tmp"); - exec("cp ".$tmp_dir."/v_public_includes_details_edit.tmp ".$v_web_dir."/v_public_includes_details_edit.php"); - unlink_if_exists($tmp_dir."/v_public_includes_details_edit.tmp"); - - exec("fetch ".$v_download_path."/v_mailto.tmp"); - exec("cp ".$tmp_dir."/v_mailto.tmp ".$v_web_dir."/v_mailto.php"); - unlink_if_exists($tmp_dir."/v_mailto.tmp"); - - exec("fetch ".$v_download_path."/v_modules.tmp"); - exec("cp ".$tmp_dir."/v_modules.tmp ".$v_web_dir."/v_modules.php"); - unlink_if_exists($tmp_dir."/v_modules.tmp"); - - exec("fetch ".$v_download_path."/v_recordings.tmp"); - exec("cp ".$tmp_dir."/v_recordings.tmp ".$v_web_dir."/v_recordings.php"); - unlink_if_exists($tmp_dir."/v_recordings.tmp"); - - exec("fetch ".$v_download_path."/v_recordings_edit.tmp"); - exec("cp ".$tmp_dir."/v_recordings_edit.tmp ".$v_web_dir."/v_recordings_edit.php"); - unlink_if_exists($tmp_dir."/v_recordings_edit.tmp"); - - exec("fetch ".$v_download_path."/v_recordings_play.tmp"); - exec("cp ".$tmp_dir."/v_recordings_play.tmp ".$v_web_dir."/v_recordings_play.php"); - unlink_if_exists($tmp_dir."/v_recordings_play.tmp"); - - exec("fetch ".$v_download_path."/v_settings.tmp"); - exec("cp ".$tmp_dir."/v_settings.tmp ".$v_web_dir."/v_settings.php"); - unlink_if_exists($tmp_dir."/v_settings.tmp"); - - exec("fetch ".$v_download_path."/v_status.tmp"); - exec("cp ".$tmp_dir."/v_status.tmp ".$v_web_dir."/v_status.php"); - unlink_if_exists($tmp_dir."/v_status.tmp"); - - exec("fetch ".$v_download_path."/v_vars.tmp"); - exec("cp ".$tmp_dir."/v_vars.tmp ".$v_web_dir."/v_vars.php"); - unlink_if_exists($tmp_dir."/v_vars.tmp"); - - chdir($v_scripts_dir); - exec("fetch ".$v_download_path."disa.js"); - exec("fetch ".$v_download_path."originate.js"); - exec("cp ".$v_htdocs_dir."/slim.swf ".$v_web_dir."/slim.swf"); - - - fclose($handle); -} - - -function v_install_phase_1() -{ - - conf_mount_rw(); - config_lock(); - - global $config; - v_settings(); - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - $handle = fopen($tmp_dir.'/freeswitch_pkg.txt', "a"); - - - //set script execution time limit to 24 hours - set_time_limit (86400); - ini_set(max_execution_time,86400); - - - //hide errors - ini_set('display_errors', '0'); - - clearstatcache(); //clear file status cache - - - //$struname = exec('uname -v'); - //if (stristr($struname, 'FreeBSD 7.2')) { - // $freebsd_version = "7.2"; - //} - -// $static_output = 'Extracting'; -// update_output_window($static_output); - - - //exec("fetch ".$download_path."freeswitch.tgz"); //handled by freeswitch.xml - //exec("tar zxvf ".$tmp_dir."/freeswitch.tgz -C ".$v_parent_dir); - //unlink_if_exists($tmp_dir."/freeswitch.tgz"); - - -// $static_output = 'Downloading Files'; -// update_output_window($static_output); - - - //download and install the packages - $pkg_download_path = $v_download_path."/freebsd7.2/1_0_4"; - - //if the package is not installed then install it - if(stristr(exec('pkg_info | grep freeswitch'), 'freeswitch') === FALSE) { - pkg_add($pkg_download_path, "libpri-1.4.1.tbz"); - pkg_add($pkg_download_path, "png-1.2.37.tbz"); - pkg_add($pkg_download_path, "pcre-7.9.tbz"); - pkg_add($pkg_download_path, "libiconv-1.13.1.tbz"); - pkg_add($pkg_download_path, "libslang2-2.1.4_1.tbz"); - pkg_add($pkg_download_path, "gettext-0.17_1.tbz"); - pkg_add($pkg_download_path, "popt-1.14.tbz"); - pkg_add($pkg_download_path, "newt-0.51.0_8.tbz"); - pkg_add($pkg_download_path, "zaptel-1.4.11_1.tbz"); - pkg_add($pkg_download_path, "libogg-1.1.4,4.tbz"); - pkg_add($pkg_download_path, "libvorbis-1.2.3,3.tbz"); - pkg_add($pkg_download_path, "bash-4.0.24.tbz"); - pkg_add($pkg_download_path, "unixODBC-2.2.14_1.tbz"); - pkg_add($pkg_download_path, "db42-4.2.52_5.tbz"); - pkg_add($pkg_download_path, "gdbm-1.8.3_3.tbz"); - pkg_add($pkg_download_path, "ncurses-5.7.tbz"); - pkg_add($pkg_download_path, "pkg-config-0.23_1.tbz"); - pkg_add($pkg_download_path, "ca_root_nss-3.11.9_2.tbz"); - pkg_add($pkg_download_path, "curl-7.19.5_1.tbz"); - pkg_add($pkg_download_path, "jpeg-7.tbz"); - pkg_add($pkg_download_path, "tiff-3.8.2_4.tbz"); - pkg_add($pkg_download_path, "tiff2png-0.91_1,1.tbz"); - pkg_add($pkg_download_path, "libgpg-error-1.7.tbz"); - pkg_add($pkg_download_path, "libgcrypt-1.4.4.tbz"); - pkg_add($pkg_download_path, "gnutls-2.6.5.tbz"); - pkg_add($pkg_download_path, "freeswitch-1.0.4.tbz"); - //pkg_add($pkg_download_path, "p5-gettext-1.05_2.tbz"); //requirement for perl - //pkg_add($pkg_download_path, "perl-5.8.9_3.tbz"); - fwrite($handle, 'packages have been installed'); - } - - //add sqlite package - //exec("pkg_add -r sqlite34"); - - - //make a backup copy of the default config used with the 'Restore Default' buttons on the text areas. - exec("cp -R ".$v_conf_dir." ".$v_conf_dir.".orig"); - - //remove some default config files that are not needed - unlink_if_exists($v_conf_dir."/dialplan/default/01_example.com.xml"); - unlink_if_exists($v_conf_dir."/dialplan/public/00_inbound_did.xml"); - - //mod_fax - //chdir($v_mod_dir.'/mod/'); - //exec("fetch ".$download_path."mod_fax.so"); - - //download and install additional files - fwrite($handle, "starting phase 2\n"); - fclose($handle); - - v_install_phase_2(); - $handle = fopen($tmp_dir.'/freeswitch_pkg.txt', "a"); - - fwrite($handle, "starting phase 3\n"); - fwrite($handle, "downloading audio files\n"); - $static_output = "Downloading Audio Files\n"; - update_output_window($static_output); - - //copy audio files - chdir($v_dir.'/sounds/custom/8000/'); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."please_enter_your_pin_number.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."please_enter_the_pin_number.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."please_enter_the_extension_number.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."please_enter_the_phone_number.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."call_forward_has_been_set.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."call_forward_has_been_deleted.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."begin_recording.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."your_pin_number_is_incorect_goodbye.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."please_say_your_name_and_reason_for_calling.wav"); - exec("cd ".$v_dir."/sounds/custom/8000/;fetch ".$download_path."press_1_to_accept_2_to_reject_or_3_for_voicemail.wav"); - - - /* freeswitch settings defaults */ - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan'] = "US"; - } - if(strlen($config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password'] = "7e4d3i"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port'] = "8021"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port'] = "8787"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm'] = $v_name; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user'] = "xmlrpc"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass'] = "7e4d3i"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'] = "7575"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder'] = "i386"; - } - if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume']) == 0) { - $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume'] = "0.3"; - } - - v_settings(); - - $numbering_plan = $config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan']; - $event_socket_password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $event_socket_port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $xml_rpc_http_port = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_http_port']; - $xml_rpc_auth_realm = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_realm']; - $xml_rpc_auth_user = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user']; - $xml_rpc_auth_pass = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass']; - $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']; - - //write the recording.js script - recording_js(); - - //add recording.js to the dialplan - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete dialplan recording from the previous install - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach ($a_dialplan_includes as $ent) { - if ($ent['extensionname'] == "Recordings") { - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the recording dialplan details - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach ($a_dialplan_include_details as $ent) { - if ($ent['fielddata'] == "^732673$") { - unset($a_dialplan_include_details[$i]); - } - if ($ent['fielddata'] == "recordings.js") { - unset($a_dialplan_include_details[$i]); - } - $i++; - } - } - - //add recording to the dialplan - $dialplanincludeid = guid(); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = 'Recordings'; - $ent['order'] = '9000'; - $ent['context'] = 'default'; - $ent['enabled'] = 'true'; - $ent['descr'] = '*732673 Default system recordings tool'; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*(732673)$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'recordings.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - - //delete dialplan DISA from the previous install - $disa_enabled = 'false'; - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach ($a_dialplan_includes as $ent) { - if ($ent['extensionname'] == "DISA") { - $disa_enabled = $ent['enabled']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //add the DISA to the dialplan - $dialplanincludeid = guid(); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = 'DISA'; - $ent['order'] = '000'; - $ent['context'] = 'default'; - $ent['enabled'] = $disa_enabled; - $ent['descr'] = '*3472 Direct Inward System Access'; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction, set - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = '^\*(3472)$'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction, set - $ent['fieldtype'] = 'javascript'; - $ent['fielddata'] = 'disa.js'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - write_config(); - - //prepare switch.conf.xml for voicemail to email - $filename = $v_conf_dir."/autoload_configs/switch.conf.xml"; - $handle = fopen($filename,"rb"); - $contents = fread($handle, filesize($filename)); - fclose($handle); - - $handle = fopen($filename,"w"); - $contents = str_replace("<param name=\"mailer-app\" value=\"sendmail\"/>", "<param name=\"mailer-app\" value=\"".$php_dir."\"/>", $contents); - $contents = str_replace("<param name=\"mailer-app-args\" value=\"-t\"/>", "<param name=\"mailer-app-args\" value=\"".$v_web_dir."/v_mailto.php\"/>", $contents); - fwrite($handle, $contents); - unset($contents); - fclose($handle); - unset($filename); - - //prepare shout.conf.xml for mod_shout - $fout = fopen($v_conf_dir."/autoload_configs/shout.conf.xml","w"); - $tmpxml = "<configuration name=\"shout.conf\" description=\"mod shout config\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <!-- Don't change these unless you are insane -->\n"; - $tmpxml .= " <param name=\"decoder\" value=\"i586\"/>\n"; - $tmpxml .= " <!--<param name=\"volume\" value=\".1\"/>-->\n"; - $tmpxml .= " <!--<param name=\"outscale\" value=\"8192\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - $fout = fopen($v_conf_dir."/autoload_configs/event_socket.conf.xml","w"); - $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n"; - $tmpxml .= " <settings>\n"; - $tmpxml .= " <param name=\"listen-ip\" value=\"". $config['interfaces']['lan']['ipaddr'] ."\"/>\n"; - $tmpxml .= " <param name=\"listen-port\" value=\"". $event_socket_port ."\"/>\n"; - $tmpxml .= " <param name=\"password\" value=\"". $event_socket_password ."\"/>\n"; - $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n"; - $tmpxml .= " </settings>\n"; - $tmpxml .= "</configuration>"; - fwrite($fout, $tmpxml); - unset($tmpxml); - fclose($fout); - - /* freeswitch modules defaults */ - /* freeswitch modules defaults */ - - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_console']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_console'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_logfile']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_logfile'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_syslog']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_syslog'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_yaml']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_yaml'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_enum']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_enum'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_rpc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_rpc'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_cdr_csv']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_cdr_csv'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_multicast']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_multicast'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_socket']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_event_socket'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_zeroconf']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_zeroconf'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_ldap']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_ldap'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dingaling']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dingaling'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_iax']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_iax'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_portaudio']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_portaudio'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_alsa']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_alsa'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_sofia']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_sofia'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_loopback']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_loopback'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_wanpipe']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_wanpipe'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_woomera']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_woomera'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_openzap']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_openzap'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_commands']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_commands'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_conference']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_conference'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dptools']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dptools'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_expr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_expr'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fax']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fax'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fifo']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fifo'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_voicemail']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_voicemail'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_limit']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_limit'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_esf']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_esf'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_fsv']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_fsv'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_snom']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_snom'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_directory']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_directory'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_xml']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_xml'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_asterisk']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_dialplan_asterisk'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_voipcodecs']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_voipcodecs'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_g723_1']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_g723_1'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_g729']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_g729'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_speex']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_speex'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_siren']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_siren'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_celt']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_celt'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_h26x']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_h26x'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_sndfile']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_sndfile'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_native_file']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_native_file'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_shout']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_shout'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_local_stream']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_local_stream'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_tone_stream']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_tone_stream'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey_odbc']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_spidermonkey_odbc'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_perl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_perl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_python']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_python'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_java']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_java'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_lua']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_lua'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_flite']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_flite'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_pocketsphinx']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_pocketsphinx'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_cepstral']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_cepstral'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_openmrcp']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_openmrcp'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_rss']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_rss'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_en']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_en'] = "enable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_de']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_de'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_es']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_es'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_fr']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_fr'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_it']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_it'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_nl']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_nl'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_ru']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_ru'] = "disable"; - } - if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_zh']) == 0) { - $config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_zh'] = "disable"; - } - - - //create the backup directory - if (!is_dir($v_backup_dir.'/')) { - exec("mkdir ".$v_backup_dir."/"); - } - - //extract a specific directory - $filename = $v_name.'.bak.tgz'; - if (file_exists($v_backup_dir.$filename)) { - $static_output = 'Restore the Backup'; - update_output_window($static_output); - - //echo "The file $filename exists"; - - exec("rm -R ".$v_conf_dir."/sip_profiles/"); - exec("rm -R ".$v_dir."/sounds/music/"); - - //Recommended - chdir($v_parent_dir); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/db/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/log/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/recordings/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/scripts/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/storage/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/sounds/custom/8000/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/sounds/music/8000/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/ssl'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/sip_profiles/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/vars.xml'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/dialplan/default.xml'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/dialplan/public.xml'); - - //Optional - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/'); - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/grammar/'); - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/htdocs/'); - - unset($filename); - - if (!is_dir($v_storage_dir.'/fax/')) { - exec("mkdir -p ".$v_storage_dir."/fax/"); - } - } - - - exec("rm -R /freeswitch"); - exec("cp ".$v_conf_dir."/directory/default/brian.xml ".$v_conf_dir."/directory/default/brian.xml.noload"); - unlink_if_exists($v_conf_dir."/directory/default/brian.xml"); - unlink_if_exists($v_conf_dir."/directory/default/example.com.xml"); - unlink_if_exists($v_conf_dir."/dialplan/default/99999_enum.xml"); - - write_rcfile(array( - "file" => $v_name.".sh", - "start" => $v_dir."/bin/./".$v_name." -nc", - "stop" => $v_dir."/bin/./".$v_name." -stop" - ) - ); - - - $static_output = 'Synchronize the config'; - update_output_window($static_output); - - sync_package_freeswitch(); - - $static_output = 'Start the Service'; - update_output_window($static_output); - $handle = popen($v_startup_script_dir."/freeswitch.sh start", "r"); - pclose($handle); - - //if (pkg_is_service_running('freeswitch')) { - // sync_package_v_ivr(); - //} - - conf_mount_ro(); - config_unlock(); - -} - - -function v_deinstall_command() -{ - - conf_mount_rw(); - config_lock(); - - global $config; - $v_settings_array = $config['installedpackages']['freeswitchsettings']['config'][0]; - foreach($v_settings_array as $name => $value) { - $$name = $value; - } - - exec("killall -9 freeswitch"); - - exec("pkg_delete freeswitch-1.0.4"); - exec("pkg_delete gnutls-2.6.5"); - exec("pkg_delete libgcrypt-1.4.4"); - exec("pkg_delete libgpg-error-1.7"); - exec("pkg_delete tiff2png-0.91_1,1"); - exec("pkg_delete tiff-3.8.2_4"); - exec("pkg_delete jpeg-7"); - //exec("pkg_delete curl-7.19.5_1"); //do not remove required for pfsense - //exec("pkg_delete ca_root_nss-3.11.9_2"); //do not remove required for pfsense - exec("pkg_delete pkg-config-0.23_1"); - //exec("pkg_delete ncurses-5.7"); //do not remove required for pfsense - exec("pkg_delete gdbm-1.8.3_3"); - exec("pkg_delete db42-4.2.52_5"); - exec("pkg_delete unixODBC-2.2.14_1"); - exec("pkg_delete bash-4.0.24"); - exec("pkg_delete libvorbis-1.2.3,3"); - exec("pkg_delete libogg-1.1.4,4"); - exec("pkg_delete zaptel-1.4.11_1"); - exec("pkg_delete newt-0.51.0_8"); - exec("pkg_delete popt-1.14"); - //exec("pkg_delete gettext-0.17_1"); //do not remove required for pfsense - exec("pkg_delete libslang2-2.1.4_1"); - //exec("pkg_delete libiconv-1.13.1"); //do not remove required for pfsense - //exec("pkg_delete pcre-7.9"); //do not remove required for pfsense - //exec("pkg_delete png-1.2.37"); - exec("pkg_delete libpri-1.4.1"); - - exec("pkg_delete sqlite34"); - - unlink_if_exists($v_parent_dir."/pkg/".$v_name.".xml"); - unlink_if_exists($v_parent_dir."/pkg/v_config.inc"); - - exec("rm -R ".$v_dir); - exec("rm -R ".$v_web_dir); - unlink_if_exists($v_startup_script_dir."/".$v_name.".sh"); - //unlink_if_exists($tmp_dir."/".$v_name.".tar.gz"); - unlink_if_exists($tmp_dir."/pkg_mgr_".$v_label.".log"); - - conf_mount_ro(); - config_unlock(); - -} - -?> diff --git a/config/freeswitch_dev/v_dialplan.tmp b/config/freeswitch_dev/v_dialplan.tmp deleted file mode 100644 index e15108e3..00000000 --- a/config/freeswitch_dev/v_dialplan.tmp +++ /dev/null @@ -1,171 +0,0 @@ -<?php -/* $Id$ */ -/* - v_dialplan.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = $config['installedpackages']['freeswitchprofiles']['config']; - - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp ".$v_conf_dir.".orig/dialplan/default.xml ".$v_conf_dir."/dialplan/default.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen($v_conf_dir."/dialplan/default.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen($v_conf_dir."/dialplan/default.xml", "r"); -$content = fread($fd, filesize($v_conf_dir."/dialplan/default.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Dialplan</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_dialplan.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Default Dialplan<br> - </strong></span> - The default dialplan is used to setup call destinations based on conditions and context. - You can use the dialplan to send calls to gateways, auto attendants, external numbers, to scripts, or any destination. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <?php - if ($v_path_show) { - echo $v_conf_dir."/dialplan/default.xml\n"; - } - ?> - </td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='v_dialplan.php?a=default&f=default.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_dialplan_includes.tmp b/config/freeswitch_dev/v_dialplan_includes.tmp deleted file mode 100644 index 0377d148..00000000 --- a/config/freeswitch_dev/v_dialplan_includes.tmp +++ /dev/null @@ -1,287 +0,0 @@ -<?php -/* $Id$ */ -/* - v_dialplan_includes.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -//freeswitchdialplanincludes - //dialplanincludeid - //extensionname - //context - //default - //enabled - //descr - -//freeswitchdialplanincludedetails - - //dialplanincludeid - //tag - //condition - //action - //antiaction - //param - //tagorder - //1-20 - //fieldtype - - //fielddata - - -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludes') { - - if ($a_dialplan_includes[$_GET['id']]) { - - $dialplanincludeid = $a_dialplan_includes[$_GET['id']][dialplanincludeid]; - - $extensionname = $a_dialplan_includes[$_GET['id']][extensionname]; - $order = $a_dialplan_includes[$_GET['id']][order]; - $dialplanincludefilename = $order."_".$extensionname.".xml"; - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $dialplanincludeid) { - //echo "child id: ".$i."<br />\n"; - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - //if the dialplan include xml file exists then delete it - if (file_exists($v_conf_dir."/dialplan/default/".$dialplanincludefilename)) { - unlink($v_conf_dir."/dialplan/default/".$dialplanincludefilename); - } - - unset($dialplanincludefilename); - unset($a_dialplan_includes[$_GET['id']]); - write_config(); - sync_package_v_dialplan_includes(); - header("Location: v_dialplan_includes.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Dialplan</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_dialplan_includes.php" method="post" name="iform" id="iform"> -<?php - - -//echo "<pre>"; -//print_r ($a_dialplan_includes); -//echo "</pre>"; - - -//if ($config_change == 1) { -// write_config(); -// $config_change = 0; -//} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("This has been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td><span class="vexpl"><span class="red"><strong>Dialplan - </strong></span></span> - </td> - <td align='right'> - <input type='button' value='default.xml' onclick="document.location.href='v_dialplan.php';"> - </td> - </tr> - <tr> - <td colspan='2'> - <span class="vexpl"> - The dialplan is used to setup call destinations based on conditions and context. - You can use the dialplan to send calls to gateways, auto attendants, external numbers, - to scripts, or any destination. - </span> - </td> - - </tr> - </table> - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension Name</td> - <td width="25%" class="listhdrr">Order</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_dialplan_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach ($a_dialplan_includes as $ent) { - $a_dialplan_includes[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["order"] > $b["order"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_includes) > 0) { usort($a_dialplan_includes, "cmp_number"); } - - $i = 0; - if (count($a_dialplan_includes) > 0) { - foreach ($a_dialplan_includes as $ent) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['extensionname']?> - </td> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['order']?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='v_dialplan_includes_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_dialplan_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_dialplan_includes.php?type=dialplanincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_dialplan_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<?php -if ($v_path_show) { - echo $v_conf_dir."/dialplan/default/\n"; -} -?> - -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_dialplan_includes_details.tmp b/config/freeswitch_dev/v_dialplan_includes_details.tmp deleted file mode 100755 index 6cfb3753..00000000 --- a/config/freeswitch_dev/v_dialplan_includes_details.tmp +++ /dev/null @@ -1,50 +0,0 @@ -<?php -/* $Id$ */ -/* - v_dialplan_includes_details.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludedetails') { - if ($a_dialplan_include_details[$_GET['id']]) { - unset($a_dialplan_include_details[$_GET['id']]); - write_config(); - sync_package_v_dialplan_includes(); - //touch($d_hostsdirty_path); - header("Location: v_dialplan_includes_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_dialplan_includes_details_edit.tmp b/config/freeswitch_dev/v_dialplan_includes_details_edit.tmp deleted file mode 100644 index d3c3aeba..00000000 --- a/config/freeswitch_dev/v_dialplan_includes_details_edit.tmp +++ /dev/null @@ -1,403 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_dialplan_includes_details_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$dialplanincludeid = $_GET['dialplanincludeid']; -if (isset($_POST['dialplanincludeid'])) { - $dialplanincludeid = $_POST['dialplanincludeid']; -} - - - //dialplanincludeid - //tag - //condition - //action - //antiaction - //param - //fieldorder - //1-20 - //fieldtype - - //fielddata - - -if (isset($id) && $a_dialplan_includes_details[$id]) { - $pconfig['dialplanincludeid'] = $a_dialplan_includes_details[$id]['dialplanincludeid']; - $pconfig['tag'] = $a_dialplan_includes_details[$id]['tag']; - $pconfig['fieldorder'] = $a_dialplan_includes_details[$id]['fieldorder']; - $pconfig['fieldtype'] = $a_dialplan_includes_details[$id]['fieldtype']; - $pconfig['fielddata'] = $a_dialplan_includes_details[$id]['fielddata']; -} -//else { -// if (isset($_GET['a'])) { -// if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } -// if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } -// } -//} - - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $ent = array(); - $ent['dialplanincludeid'] = $_POST['dialplanincludeid']; - $ent['tag'] = $_POST['tag']; - $ent['fieldorder'] = $_POST['fieldorder']; - $ent['fieldtype'] = $_POST['fieldtype']; - $ent['fielddata'] = $_POST['fielddata']; - - - if (isset($id) && $a_dialplan_includes_details[$id]) { - //update - $a_dialplan_includes_details[$id] = $ent; - } - else { - //add - $a_dialplan_includes_details[] = $ent; - } - - write_config(); - sync_package_v_dialplan_includes(); - - header("Location: v_dialplan_includes_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Dialplan: Details: Edit</p>\n"; -} -?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="v_dialplan_includes_details_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Tag</td> - <td width="78%" class="vtable"> - <script type="text/javascript"> - function dialplan_include_details_tag_onchange() { - var tag = document.getElementById("form_tag").value; - if (tag == "condition") { - document.getElementById("label_fieldtype").innerHTML = "Field"; - document.getElementById("label_fielddata").innerHTML = "Expression"; - } - else if (tag == "action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "anti-action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "param") { - document.getElementById("label_fieldtype").innerHTML = "Name"; - document.getElementById("label_fielddata").innerHTML = "Value"; - } - if (tag == "") { - document.getElementById("label_fieldtype").innerHTML = "Type"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - } - </script> - <?php - echo " <select name='tag' class='formfld' id='form_tag' onchange='dialplan_include_details_tag_onchange();'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['tag'])) { - case "condition": - echo " <option selected='yes'>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "action": - echo " <option>condition</option>\n"; - echo " <option selected='yes'>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "anti-action": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option selected='yes'>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "param": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option selected='yes'>param</option>\n"; - break; - default: - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - } - echo " </select>\n"; - - //condition - //field expression - //action - //application - //data - //antiaction - //application - //data - //param - //name - //value - - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td> - <td width="78%" class="vtable"> - <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td> - <td width="78%" class="vtable"> - <input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>"> - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='fieldorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['fieldorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['fieldorder'])."'>".htmlspecialchars($pconfig['fieldorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="dialplanincludeid" type="hidden" value="<?=$dialplanincludeid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_dialplan_includes_details[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - - <?php - if ($v_path_show) { - echo "<br />\n"; - echo "<br />\n"; - echo "<b>Additional Information</b>\n"; - echo "<br />\n"; - echo "<br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/Dialplan_XML' target='_blank'>http://wiki.freeswitch.org/wiki/Dialplan_XML</a>"; - } - ?> - <br /> - <br /> - <br /> - <br /> - - <b>Conditions</b> - <br /> - <br /> - Conditions are pattern matching tags that help decide if the current call should be processed in this extension or not. When matching conditions against the current call you have several <b>fields</b> that you can compare against. - <ul> - <li><b>context</b></li> - <li><b>rdnis</b> Redirected Number, the directory number to which the call was last presented.</li> - <li><b>destination_number</b> Called Number, the number this call is trying to reach (within a given context)</li> - <li><b>dialplan</b> Name of the dialplan module that are used, the name is provided by each dialplan module. Example: XML</li> - <li><b>caller_id_name</b> Name of the caller (provided by the User Agent that has called us).</li> - <li><b>caller_id_number</b> Directory Number of the party who called (callee) -- can be masked (hidden)</li> - <li><b>ani</b> Automatic Number Identification, the number of the calling party (callee) -- cannot be masked</li> - <li><b>ani2</b> The type of device placing the call [1]</li> - <li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li> - <li><b>source</b> Name of the module that received the call (e.g. PortAudio)</li> - <li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li> - <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li> - </ul> - In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args} - <br /> - <br /> - Variables may be used in either the field or the expression, as follows - - <br /> - <br /> - <br /> - <br /> - - <b>Action and Anti-Actions</b> - <br /> - <br /> - Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>. - <?php - if ($v_path_show) { - echo "Additional information on applications for Actions and Anti-Actions.<br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>\n"; - echo "<br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/Dialplan_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/Dialplan_Functions</a>\n"; - } - ?> - <br /> - <br /> - <br /> - The following is a partial list of <b>applications</b>. - <ul> - <li><b>answer</b> answer the call</li> - <li><b>bridge</b> bridge the call<li> - <li><b>cond</b></li> - <li><b>db</b> is a a runtime database either sqlite by default or odbc</li> - <li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li> - <li><b>group</b> allows grouping of several extensions for things like ring groups</li> - <li><b>expr</b></li> - <li><b>hangup</b> hangs up the call</li> - <li><b>info</b> sends call info to the console</li> - <li><b>javascript</b> run javascript .js files</li> - <li><b>playback</b></li> - <li><b>reject</b> reject the call</li> - <li><b>respond</b></li> - <li><b>ring_ready</b></li> - <li><b>set</b> set a variable</li> - <li><b>set_user</b></li> - <li><b>sleep</b></li> - <li><b>sofia_contact</b></li> - <li><b>transfer</b> transfer the call to another extension or number<li> - <li><b>voicemail</b> send the call to voicemail</li> - </ul> - - - <br /> - <br /> - - <!-- - <b>Param</b> - Example parameters by name and value - <br /> - <?php - if ($v_path_show) { - echo "<a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>\n"; - } - ?> - <ul> - <li><b>codec-ms</b> 20</li> - <li><b>codec-prefs</b> PCMU@20i</li> - <li><b>debug</b> 1</li> - <li><b>dialplan</b> XML</li> - <li><b>dtmf-duration</b> 100</li> - <li><b>rfc2833-pt</b>" 101</li> - <li><b>sip-port</b> 5060</li> - <li><b>use-rtp-timer</b> true</li> - </ul> - <br /> - <br /> - --> - - - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_dialplan_includes_edit.tmp b/config/freeswitch_dev/v_dialplan_includes_edit.tmp deleted file mode 100644 index 1355c412..00000000 --- a/config/freeswitch_dev/v_dialplan_includes_edit.tmp +++ /dev/null @@ -1,545 +0,0 @@ -<?php -/* $Id$ */ -/* - v_dialplan_includes_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -//freeswitchdialplanincludes - //dialplanincludeid - //extensionname - //context - //default - //enabled - //descr - -// - - - -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - -if (isset($id) && $a_dialplan_includes[$id]) { - $pconfig['dialplanincludeid'] = $a_dialplan_includes[$id]['dialplanincludeid']; - $dialplanincludeid = $a_dialplan_includes[$id]['dialplanincludeid']; - $pconfig['extensionname'] = $a_dialplan_includes[$id]['extensionname']; - $pconfig['order'] = $a_dialplan_includes[$id]['order']; - $pconfig['context'] = $a_dialplan_includes[$id]['context']; - $pconfig['enabled'] = $a_dialplan_includes[$id]['enabled']; - $pconfig['descr'] = $a_dialplan_includes[$id]['descr']; - $pconfig['opt1name'] = $a_dialplan_includes[$id]['opt1name']; - $pconfig['opt1value'] = $a_dialplan_includes[$id]['opt1value']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'dialplanincludedetails') { - if ($a_dialplan_include_details[$_GET['id']]) { - unset($a_dialplan_include_details[$_GET['id']]); - write_config(); - sync_package_v_dialplan_includes(); - header("Location: v_dialplan_include_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['dialplanincludeid']) > 0) { - //update - $ent['dialplanincludeid'] = $_POST['dialplanincludeid']; - } - else { - //add - $ent['dialplanincludeid'] = guid(); - } - $ent['extensionname'] = $_POST['extensionname']; - $ent['order'] = $_POST['order']; - //$ent['context'] = $_POST['context']; - $ent['context'] = 'default'; - $ent['enabled'] = $_POST['enabled']; - $ent['descr'] = $_POST['descr']; - $ent['opt1name'] = $_POST['opt1name']; - $ent['opt1value'] = $_POST['opt1value']; - - - if (isset($id) && $a_dialplan_includes[$id]) { - - if (count($a_dialplan_includes)>0) { - foreach($a_dialplan_includes as $rowhelper) { - - //$rowhelper['dialplanincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $filenamechanged = false; - if ($rowhelper['dialplanincludeid'] == $_POST['dialplanincludeid']) { - - if ($rowhelper['extensionname'] != $_POST['extensionname']) { - //if the extension name has changed then remove the current dialplan xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($rowhelper['order'] != $_POST['order']) { - //if the order has changed then remove the current dialplan xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($_POST['enabled'] == "false") { - //if the extension name is disabled then remove the dialplan xml file - $filenamechanged = true; - } - if ($filenamechanged){ - $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - if (file_exists($v_conf_dir."/dialplan/default/".$dialplanincludefilename)) { - unlink($v_conf_dir."/dialplan/default/".$dialplanincludefilename); - } - unset($dialplanincludefilename); - } - - } - unset($filenamechanged); - - } //end foreach - } //end count - - //update the config - $a_dialplan_includes[$id] = $ent; - } - else { - //add to the config - $a_dialplan_includes[] = $ent; - } - - - write_config(); - sync_package_v_dialplan_includes(); - - header("Location: v_dialplan_includes.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Dialplan: Edit</p>\n"; -} -?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Dialplan:<br> - </strong></span> - Dialplan Include general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="v_dialplan_includes_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension Name</td> - <td width="78%" class="vtable"> - <input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>"> - <br /> - Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'. - </td> - </tr> - <!-- - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br /> - e.g. default - </td> - </tr> - --> - - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Order</td> - <td width="78%" class="vtable"> - <?php - - echo " <select name='order' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['order']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each dialplan include is determined by this order. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="dialplanincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['dialplanincludeid']);?>"> - <?php - if (strlen($id) > 0 && $a_dialplan_includes[$id]) { - echo "\n"; - echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n"; - echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n"; - echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n"; - } - ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="v_dialplan_includes_edit.php" method="post" name="iform2" id="iform2"> - <?php - - //echo "<pre>"; - //print_r ($a_dialplan_includes); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - //create a temporary id for the array - $i = 0; - if (count($a_dialplan_include_details) > 0) { - foreach ($a_dialplan_include_details as $ent) { - $a_dialplan_include_details[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_dialplan_include_details) > 0) { usort($a_dialplan_include_details, "cmp_number"); } - - ?> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br /> - </strong></span> - The following conditions, actions and anti-actions are used in the dialplan to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Tag</td> - <td width="40" class="listhdrr">Type</td> - <td width="50%" class="listhdrr">Data</td> - <td width="40" class="listhdrr">Order</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "condition" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "action" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_dialplan_include_details) > 0) { - - foreach ($a_dialplan_include_details as $ent) { - if ($ent['tag'] == "param" && $dialplanincludeid == $ent['dialplanincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_dialplan_includes_details.php?type=dialplanincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_dialplan_includes_details_edit.php?parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_extensions.tmp b/config/freeswitch_dev/v_extensions.tmp deleted file mode 100644 index 2eb5a554..00000000 --- a/config/freeswitch_dev/v_extensions.tmp +++ /dev/null @@ -1,226 +0,0 @@ -<?php -/* $Id$ */ -/* - v_extensions.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'extensions') { - if ($a_extensions[$_GET['id']]) { - $tmp_file_name = $v_conf_dir."/directory/default/".$_GET['extension'].".xml"; - if (file_exists($tmp_file_name)) { - unlink($tmp_file_name); - } - unset($a_extensions[$_GET['id']]); - write_config(); - header("Location: v_extensions.php"); - exit; - } - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Extensions</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_extensions.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH extensions have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Extensions<br> - </strong></span> - Use this to configure your SIP extensions. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Mail To</td> - <td width="25%" class="listhdrr">Call Group</td> - <td width="25%" class="listhdr">Description</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_extensions_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - - //create a temporary id for the array - $i = 0; - if (count($a_extensions) > 0) { - foreach ($a_extensions as $ent) { - $a_extensions[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["extension"] > $b["extension"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_extensions) > 0) { usort($a_extensions, "cmp_number"); } - - $i = 0; - if (count($a_extensions) > 0) { - - foreach ($a_extensions as $ent) { - - ?> - <tr> - <td class="listr" ondblclick="document.location='v_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['extension'];?> - </td> - <td class="listr" ondblclick="document.location='v_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['vm-mailto'];?> - </td> - <td class="listr" ondblclick="document.location='v_extensions_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['callgroup'];?> - </td> - <td class="listbg" ondblclick="document.location='v_extensions_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_extensions_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_extensions.php?type=extensions&act=del&id=<?=$ent['id'];?>&extension=<?=$ent['extension'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_extensions_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<?php -if ($v_path_show) { - echo $v_conf_dir."/directory/default/\n"; -} -?> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_extensions_edit.tmp b/config/freeswitch_dev/v_extensions_edit.tmp deleted file mode 100644 index 490a96db..00000000 --- a/config/freeswitch_dev/v_extensions_edit.tmp +++ /dev/null @@ -1,424 +0,0 @@ -<?php -/* $Id$ */ -/* - v_extensions_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_extensions[$id]) { - - $pconfig['extension'] = $a_extensions[$id]['extension']; - $pconfig['password'] = $a_extensions[$id]['password']; - $pconfig['mailbox'] = $a_extensions[$id]['mailbox']; - $pconfig['vm-password'] = $a_extensions[$id]['vm-password']; - $pconfig['accountcode'] = $a_extensions[$id]['accountcode']; - $pconfig['effective_caller_id_name'] = $a_extensions[$id]['effective_caller_id_name']; - $pconfig['effective_caller_id_number'] = $a_extensions[$id]['effective_caller_id_number']; - $pconfig['effective_caller_id_number'] = $a_extensions[$id]['effective_caller_id_number']; - $pconfig['outbound_caller_id_name'] = $a_extensions[$id]['outbound_caller_id_name']; - $pconfig['outbound_caller_id_number'] = $a_extensions[$id]['outbound_caller_id_number']; - $pconfig['vm-mailto'] = $a_extensions[$id]['vm-mailto']; - $pconfig['vm-attach-file'] = $a_extensions[$id]['vm-attach-file']; - $pconfig['vm-keep-local-after-email'] = $a_extensions[$id]['vm-keep-local-after-email']; - $pconfig['user_context'] = $a_extensions[$id]['user_context']; - $pconfig['callgroup'] = $a_extensions[$id]['callgroup']; - $pconfig['auth-acl'] = $a_extensions[$id]['auth-acl']; - $pconfig['cidr'] = $a_extensions[$id]['cidr']; - $pconfig['sip-force-contact'] = $a_extensions[$id]['sip-force-contact']; - $pconfig['enabled'] = $a_extensions[$id]['enabled']; - $pconfig['description'] = $a_extensions[$id]['description']; - -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $effective_caller_id_number = $_POST['effective_caller_id_number']; - $outbound_caller_id_number = $_POST['outbound_caller_id_number']; - $replace_array = array("(", ")", " ", "-"); - $effective_caller_id_number = str_replace($replace_array, "", $effective_caller_id_number); - $outbound_caller_id_number = str_replace($replace_array, "", $outbound_caller_id_number); - - $ent = array(); - $ent['extension'] = $_POST['extension']; - $ent['password'] = $_POST['password']; - $ent['mailbox'] = $_POST['mailbox']; - $ent['vm-password'] = $_POST['vm-password']; - $ent['accountcode'] = $_POST['accountcode']; - $ent['effective_caller_id_name'] = $_POST['effective_caller_id_name']; - $ent['effective_caller_id_number'] = $effective_caller_id_number; - $ent['outbound_caller_id_name'] = $_POST['outbound_caller_id_name']; - $ent['outbound_caller_id_number'] = $outbound_caller_id_number; - $ent['vm-mailto'] = $_POST['vm-mailto']; - $ent['vm-attach-file'] = $_POST['vm-attach-file']; - $ent['vm-keep-local-after-email'] = $_POST['vm-keep-local-after-email']; - $ent['user_context'] = $_POST['user_context']; - $ent['callgroup'] = $_POST['callgroup']; - $ent['auth-acl'] = $_POST['auth-acl']; - $ent['cidr'] = $_POST['cidr']; - $ent['sip-force-contact'] = $_POST['sip-force-contact']; - $ent['enabled'] = $_POST['enabled']; - $ent['description'] = $_POST['description']; - - if (isset($id) && $a_extensions[$id]) { - //update - $a_extensions[$id] = $ent; - } - else { - //add - $a_extensions[] = $ent; - } - - write_config(); - sync_package_v_extensions(); - - header("Location: v_extensions.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Extensions: Edit</p>\n"; -} -?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Extension Setup<br> - </strong></span> - <?php - if ($v_path_show) { - echo $v_conf_dir."/directory/default/\n"; - } - ?> - </p></td> - </tr> - </table> - <br /> - - <form action="v_extensions_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - - <tr> - <td width="25%" valign="top" class="vncellreq">Extension</td> - <td width="75%" class="vtable"> - <input name="extension" type="text" class="formfld" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>"> - <br><span class="vexpl">Enter the extension here. The default configuration allows 3, 4, or 5 digit extensions.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Password</td> - <td width="75%" class="vtable"> - <input name="password" type="password" class="formfld" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>"> - <br><span class="vexpl">Enter the password here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Mailbox</td> - <td width="75%" class="vtable"> - <input name="mailbox" type="text" class="formfld" id="mailbox" size="40" value="<?=htmlspecialchars($pconfig['mailbox']);?>"> - <br><span class="vexpl">Enter the mailbox here. Example: extension 1001 then mailbox 1001<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Voicemail Password</td> - <td width="75%" class="vtable"> - <input name="vm-password" type="password" class="formfld" id="vm-password" size="40" value="<?=htmlspecialchars($pconfig['vm-password']);?>"> - <br><span class="vexpl">Enter the voicemail password here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Account Code</td> - <td width="75%" class="vtable"> - <input name="accountcode" type="text" class="formfld" id="accountcode" size="40" value="<?=htmlspecialchars($pconfig['accountcode']);?>"> - <br><span class="vexpl">Enter the account code here. Example: extension 1001 then accountcode 1001<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Name</td> - <td width="75%" class="vtable"> - <input name="effective_caller_id_name" type="text" class="formfld" id="effective_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_name']);?>"> - <br><span class="vexpl">Enter the effective caller id name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Number</td> - <td width="75%" class="vtable"> - <input name="effective_caller_id_number" type="text" class="formfld" id="effective_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_number']);?>"> - <br><span class="vexpl">Enter the effective caller id number here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Mail To</td> - <td width="75%" class="vtable"> - <input name="vm-mailto" type="text" class="formfld" id="vm-mailto" size="40" value="<?=htmlspecialchars($pconfig['vm-mailto']);?>"> - <br><span class="vexpl">Optional: Enter the email address to send voicemail to.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Attach File</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='vm-attach-file' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-attach-file'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to attach the file to the email. - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>VM Keep Local After Email</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='vm-keep-local-after-email' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-keep-local-after-email'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Keep local file after sending the email. - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">User Context</td> - <td width="75%" class="vtable"> - <input name="user_context" type="text" class="formfld" id="user_context" size="40" value="<?=htmlspecialchars($pconfig['user_context']);?>"> - <br><span class="vexpl">Enter the user context here. Example: default<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Call Group</td> - <td width="75%" class="vtable"> - <input name="callgroup" type="text" class="formfld" id="callgroup" size="40" value="<?=htmlspecialchars($pconfig['callgroup']);?>"> - <br><span class="vexpl">Enter the user call group here. Example: sales, support<br></span> - </td> - </tr> - </table> - - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Show Advanced</td> - <td width="75%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Auth-ACL</td> - <td width="75%" class="vtable"> - <input name="auth-acl" type="text" class="formfld" id="auth-acl" size="40" value="<?=htmlspecialchars($pconfig['auth-acl']);?>"> - <br> <span class="vexpl">Enter the auth acl here.<br></span> - </td> - </tr> - <tr> - <td valign="top" class="vncell">CIDR</td> - <td class="vtable"> - <input name="cidr" type="text" class="formfld" id="cidr" size="40" value="<?=htmlspecialchars($pconfig['cidr']);?>"> - <br> <span class="vexpl">Enter the cidr here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell" nowrap>Outbound Caller ID Name</td> - <td width="75%" class="vtable"> - <input name="outbound_caller_id_name" type="text" class="formfld" id="outbound_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_name']);?>"> - <br><span class="vexpl">Enter the outbound caller id name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell" nowrap>Outbound Caller ID Number</td> - <td width="75%" class="vtable"> - <input name="outbound_caller_id_number" type="text" class="formfld" id="outbound_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_number']);?>"> - <br><span class="vexpl">Enter the outbound caller id number here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">SIP-Force-Contact</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='sip-force-contact' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['sip-force-contact'])) { - case "NDLB-connectile-dysfunction": - echo " <option value='NDLB-connectile-dysfunction' selected='yes'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction'>Rewrite contact port</option>\n"; - break; - case "NDLB-tls-connectile-dysfunction": - echo " <option value='NDLB-connectile-dysfunction'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction' selected='yes'>Rewrite contact port</option>\n"; - default: - echo " <option value='NDLB-connectile-dysfunction'>Rewrite contact IP and port</option>\n"; - echo " <option value='NDLB-tls-connectile-dysfunction'>Rewrite contact port</option>\n"; - } - echo " </select>\n"; - ?> - <br /> - Choose sip-force-contact can be used to NDLB-connectile-dysfunction rewrites contact IP and port, <br />and NDLB-tls-connectile-dysfunction rewrites the contact port.<br /> - </td> - </tr> - </table> - </div> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Extension Description</td> - <td width="75%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br><span class="vexpl">Enter the description of the extension here.<br></span> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_extensions[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_fax.tmp b/config/freeswitch_dev/v_fax.tmp deleted file mode 100644 index 5085614f..00000000 --- a/config/freeswitch_dev/v_fax.tmp +++ /dev/null @@ -1,316 +0,0 @@ -<?php -/* $Id$ */ -/* - v_fax.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_fax = &$config['installedpackages']['freeswitchfax']['config']; -$dir_fax = $v_storage_dir.'/fax/inbox/'; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax') { - if ($a_fax[$_GET['id']]) { - - $faxid = $a_fax[$_GET['id']][faxid]; - $faxname = $a_fax[$_GET['id']][faxname]; - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete the dialplan include - if (count($a_dialplan_includes) > 0) { - $i=0; - foreach($a_dialplan_includes as $row) { - if ($row["dialplanincludeid"] == $faxid) { - $order = $row['order']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $faxid) { - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - if (file_exists($v_conf_dir."/dialplan/default/".$order."_".$faxname.".xml")){ - unlink($v_conf_dir."/dialplan/default/".$order."_".$faxname.".xml"); - } - - //remove fax entries - unset($a_fax[$_GET['id']]); - - write_config(); - header("Location: v_fax.php"); - exit; - } - } -} - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] = "fax_file") { - if (file_exists($dir_fax.$_GET['filename'])) { - $fd = fopen($dir_fax.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax.$_GET['filename'])); - fpassthru($fd); - } - } - - exit; -} -else { - //echo $dir_fax.$_GET['filename']; -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_file') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax.$file_name.".pdf"); - unlink_if_exists($dir_fax.$file_name.".png"); - unlink_if_exists($dir_fax.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: v_fax.php"); - exit; - //} - } - -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: FAX</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_fax.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH fax have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>FAX<br> - </strong></span> - To receive a FAX setup a fax extension and then direct the incoming FAX with a dedicated number or you can detect the FAX tone by using - <?php - if ($v_path_show) { - echo "<a href='http://wiki.freeswitch.org/wiki/Misc._Dialplan_Tools_tone_detect' target='_blank'>tone detection</a>\n"; - } - else { - echo "tone detection\n"; - } - ?> - on the Public tab. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Extension</td> - <td width="40" class="listhdrr" nowrap>Name</td> - <td width="40%" class="listhdrr" nowrap>Email</td> - <td width="40" class="listhdrr">Domain</td> - <td width="50%" class="listhdr">Description</td> - <td width="40" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_fax_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - - //create a temporary id for the array - $i = 0; - if (count($a_fax) > 0) { - foreach ($a_fax as $ent) { - $a_fax[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["faxextension"] > $b["faxextension"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_fax) > 0) { usort($a_fax, "cmp_number"); } - - $i = 0; - if (count($a_fax) > 0) { - - foreach ($a_fax as $ent) { - if (strlen($ent['faxextension']) > 0) { - ?> - <tr> - <td class="listr" ondblclick="document.location='v_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxextension'];?> - </td> - <td class="listr" ondblclick="document.location='v_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxname'];?> - </td> - <td class="listr" ondblclick="document.location='v_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxemail'];?> - </td> - <td class="listr" ondblclick="document.location='v_fax_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['faxdomain'];?> - </td> - <td class="listbg" ondblclick="document.location='v_fax_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['faxdescription']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_fax_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_fax.php?type=fax&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_fax_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -<br /> -<br /> -<br /> -<br /> - - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_fax_edit.tmp b/config/freeswitch_dev/v_fax_edit.tmp deleted file mode 100644 index 603e72c4..00000000 --- a/config/freeswitch_dev/v_fax_edit.tmp +++ /dev/null @@ -1,760 +0,0 @@ -<?php -/* $Id$ */ -/* - v_fax_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_fax = &$config['installedpackages']['freeswitchfax']['config']; - -$id = $_GET['id']; -if (strlen($id) == 0) { - $id = $_POST['id']; -} -$parentid = $id; - -if (isset($id) && $a_fax[$id]) { - $pconfig['faxid'] = $a_fax[$id]['faxid']; - $faxid = $a_fax[$id]['faxid']; - $pconfig['faxextension'] = $a_fax[$id]['faxextension']; - $pconfig['faxname'] = $a_fax[$id]['faxname']; - $pconfig['faxemail'] = $a_fax[$id]['faxemail']; - $pconfig['faxdomain'] = $a_fax[$id]['faxdomain']; - $pconfig['faxdescription'] = $a_fax[$id]['faxdescription']; - - if (!is_dir($v_storage_dir)) { - exec("mkdir ".$v_storage_dir); - } - - if (!is_dir($v_storage_dir.'/fax/')) { - exec("mkdir ".$v_storage_dir."/fax/"); - } - - $faxfolder = $v_storage_dir.'/fax/'.$a_fax[$id]['faxextension']; - if (!is_dir($faxfolder)) { - exec('mkdir '.$faxfolder); - } - if (!is_dir($faxfolder.'/inbox/')) { - exec('mkdir '.$faxfolder.'/inbox/'); - } - if (!is_dir($faxfolder.'/sent/')) { - exec('mkdir '.$faxfolder.'/sent/'); - } - if (!is_dir($faxfolder.'/temp/')) { - exec('mkdir '.$faxfolder.'/temp/'); - } -} - -clearstatcache(); //clear file status cache -$dir_fax_inbox = $v_storage_dir.'/fax/'.$pconfig['faxextension'].'/inbox/'; -$dir_fax_sent = $v_storage_dir.'/fax/'.$pconfig['faxextension'].'/sent/'; -$dir_fax_temp = $v_storage_dir.'/fax/'.$pconfig['faxextension'].'/temp/'; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax') { - if ($a_fax[$_GET['id']]) { - - $faxid = $a_fax[$_GET['id']][faxid]; - $faxname = $a_fax[$_GET['id']][faxname]; - - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - //delete the dialplan include - if (count($a_dialplan_includes) > 0) { - $i=0; - foreach($a_dialplan_includes as $row) { - if ($row["dialplanincludeid"] == $faxid) { - $order = $row['order']; - unset($a_dialplan_includes[$i]); - } - $i++; - } - } - - //delete the dialplan include details. aka. child data - if (count($a_dialplan_includes_details) > 0) { - $i=0; - foreach($a_dialplan_includes_details as $row) { - if ($row["dialplanincludeid"] == $faxid) { - unset($a_dialplan_includes_details[$i]); - } - $i++; - } - } - - if (file_exists($v_conf_dir."/dialplan/default/".$order."_".$faxname.".xml")){ - unlink($v_conf_dir."/dialplan/default/".$order."_".$faxname.".xml"); - } - - //remove fax entries - unset($a_fax[$_GET['id']]); - - write_config(); - header("Location: v_fax.php"); - exit; - } - } -} - -if (($_POST['type'] == "fax_send") && is_uploaded_file($_FILES['fax_file']['tmp_name'])) { - - $fax_number = $_POST['fax_number']; - $fax_name = $_FILES['fax_file']['name']; - $fax_name = str_replace(".tif", "", $fax_name); - $fax_name = str_replace(".tiff", "", $fax_name); - $fax_name = str_replace(".pdf", "", $fax_name); - $fax_gateway = $_POST['fax_gateway']; - - $password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; - $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; - $host = $config['interfaces']['lan']['ipaddr']; - - //upload the file - move_uploaded_file($_FILES['fax_file']['tmp_name'], $dir_fax_temp.$_FILES['fax_file']['name']); - - $fax_file_extension = substr($dir_fax_temp.$_FILES['fax_file']['name'], -4); - if ($fax_file_extension == ".pdf") { - exec("cd ".$dir_fax_temp.";gs -q -sDEVICE=tiffg3 -r204x98 -dNOPAUSE -sOutputFile=".$fax_name.".tif -- ".$fax_name.".pdf -c quit"); - //exec("rm ".$dir_fax_temp.$fax_name.".pdf"); - } - if ($fax_file_extension == ".tiff") { - exec("cp ".$dir_fax_temp.$fax_name.".tiff ".$dir_fax_temp.$fax_name.".tif"); - exec("rm ".$dir_fax_temp.$fax_name.".tiff"); - } - - //send the fax - $fp = event_socket_create($host, $port, $password); - $cmd = "api originate [absolute_codec_string=PCMU]sofia/gateway/".$fax_gateway."/".$fax_number." &txfax(".$dir_fax_temp.$fax_name.".tif)"; - $response = event_socket_request($fp, $cmd); - $response = str_replace("\n", "", $response); - $uuid = str_replace("+OK ", "", $response); - fclose($fp); - - //if ($response >= 1) { - // $fp = event_socket_create($host, $port, $password); - // $cmd = "api uuid_getvar ".$uuid." fax_result_text"; - // echo $cmd."\n"; - // $response = event_socket_request($fp, $cmd); - // $response = trim($response); - // fclose($fp); - //} - - sleep(5); - - //copy the .tif to the sent directory - exec("cp ".$dir_fax_temp.$fax_name.".tif ".$dir_fax_sent.$fax_name.".tif"); - - //delete the .tif from the temp directory - //exec("rm ".$dir_fax_temp.$fax_name.".tif"); - - //convert the tif to pdf and png - exec("cd $dir_fax_sent; ".bin_dir."/tiff2png ".$dir_fax_sent.$fax_name.".tif"); - exec("cd $dir_fax_sent; ".bin_dir."/tiff2pdf -f -o ".$fax_name.".pdf ".$dir_fax_sent.$fax_name.".tif"); - - header("Location: v_fax_edit.php?id=".$id."&msg=".$response); - exit; -} - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] == "fax_inbox") { - - if (file_exists($dir_fax_inbox.$_GET['filename'])) { - - $fd = fopen($dir_fax_inbox.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax_inbox.$_GET['filename'])); - fpassthru($fd); - } - else { - echo "not found"; - } - exit; - } - -} -else { - //echo $dir_fax_inbox.$_GET['filename']; -} - - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] == "fax_sent") { - if (file_exists($dir_fax_sent.$_GET['filename'])) { - $fd = fopen($dir_fax_sent.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "png") { - header("Content-Type: image/png"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_fax_sent.$_GET['filename'])); - fpassthru($fd); - } - - } - - exit; -} -else { - //echo $dir_fax_inbox.$_GET['filename']; -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_inbox') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax_inbox.$file_name.".pdf"); - unlink_if_exists($dir_fax_inbox.$file_name.".png"); - unlink_if_exists($dir_fax_inbox.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: v_fax.php"); - exit; - //} - } -} - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'fax_sent') { - //if ($a_fax[$_GET['id']]) { - $tmp_file_array = split("\.",$_GET['filename']); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - unlink_if_exists($dir_fax_sent.$file_name.".pdf"); - unlink_if_exists($dir_fax_sent.$file_name.".png"); - unlink_if_exists($dir_fax_sent.$file_name.".tif"); - //unset($a_fax[$_GET['id']]); - write_config(); - header("Location: v_fax.php"); - exit; - //} - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['faxid']) > 0) { - $ent['faxid'] = $_POST['faxid']; - } - else { - $ent['faxid'] = guid(); - } - $ent['faxextension'] = $_POST['faxextension']; - $ent['faxname'] = $_POST['faxname']; - $ent['faxemail'] = $_POST['faxemail']; - $ent['faxdomain'] = $_POST['faxdomain']; - $ent['faxdescription'] = $_POST['faxdescription']; - - if (isset($id) && $a_fax[$id]) { - //update - $a_fax[$id] = $ent; - } - else { - //add - $a_fax[] = $ent; - } - - if (!is_dir($v_storage_dir)) { - exec("mkdir ".$v_storage_dir); - } - - if (!is_dir($v_storage_dir.'/fax/')) { - exec("mkdir ".$v_storage_dir."/fax/"); - } - - $faxfolder = $v_storage_dir.'/fax/'.$_POST['faxextension']; - if (!is_dir($faxfolder)) { - exec('mkdir '.$faxfolder); - } - if (!is_dir($faxfolder.'/inbox/')) { - exec('mkdir '.$faxfolder.'/inbox/'); - } - if (!is_dir($faxfolder.'/sent/')) { - exec('mkdir '.$faxfolder.'/sent/'); - } - if (!is_dir($faxfolder.'/temp/')) { - exec('mkdir '.$faxfolder.'/temp/'); - } - write_config(); - sync_package_v_fax(); - - header("Location: v_fax.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: FAX: Edit</p>\n"; -} -if ($input_errors) print_input_errors($input_errors); -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>FAX Setup<br> - </strong></span> - </p></td> - </tr> - </table> - <br /> - - <form action="v_fax_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Extension</td> - <td width="75%" class="vtable"> - <input name="faxextension" type="text" class="formfld unknown" id="faxextension" size="40" value="<?=htmlspecialchars($pconfig['faxextension']);?>"> - <br><span class="vexpl">Enter the fax extension here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Name</td> - <td width="75%" class="vtable"> - <input name="faxname" type="text" class="formfld unknown" id="faxname" size="40" value="<?=htmlspecialchars($pconfig['faxname']);?>"> - <br><span class="vexpl">Enter the name here.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Email</td> - <td width="75%" class="vtable"> - <input name="faxemail" type="text" class="formfld unknown" id="faxemail" size="40" value="<?=htmlspecialchars($pconfig['faxemail']);?>"> - <br><span class="vexpl">Optional: Enter the email address to send the FAX to.<br></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncellreq">Domain</td> - <td width="75%" class="vtable"> - <input name="faxdomain" type="text" class="formfld unknown" id="faxdomain" size="40" value="<?=htmlspecialchars($pconfig['faxdomain']);?>"> - <br><span class="vexpl">Enter the domain here.<br></span> - </td> - </tr> - <!-- - <tr> - <td width="25%" valign="top" class="vncellreq" nowrap>Attach File</td> - <td width="75%" class="vtable"> - <?php - /* - echo " <select name='vm-attach-file' class='formfld unknown'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['vm-attach-file'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - */ - ?> - Choose whether to attach the file to the email. - </td> - </tr> - --> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Description</td> - <td width="75%" class="vtable"> - <input name="faxdescription" type="text" class="formfld unknown" id="faxdescription" size="40" value="<?=htmlspecialchars($pconfig['faxdescription']);?>"> - <br><span class="vexpl">Enter the description here.<br></span> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td> - <input name="faxid" type="hidden" value="<?=htmlspecialchars($pconfig['faxid']);?>"> - <?php if (isset($id) && $a_fax[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br /> - <br /> - <br /> - <br /> - - - <table width="100%" border="0" cellpadding="3" cellspacing="0"> - <tr> - <td width='30%'> - <span class="vexpl"><span class="red"><strong>Send</strong></span> - </td> - </tr> - <tr> - <td> - To send a fax you can upload a .tif file or if ghost script has been installed then you can also send a fax by uploading a PDF. (pkg_add -r ghostscript8-nox11; rehash) - When sending a fax you can view status of the transmission by viewing the logs from the Status tab or by watching the response from the FreeSWITCH console. - </td> - </tr> - <tr> - <td align='right' nowrap> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0' cellpadding='3' cellspacing='0' width='100%'> - <tr> - <td valign="middle" class="label"> - Fax Number - </td> - <td valign="top" class="label"> - <input type="text" name="fax_number" value=""> - </td> - <td align="left">Upload:</td> - <td valign="top" class="label"> - <input name="id" type="hidden" value="$id"> - <input name="type" type="hidden" value="fax_send"> - <input name="fax_file" type="file" class="button" id="fax_file"> - </td> - <td valign="middle" class="label"> - Gateway - </td> - <td valign="top" class="label"> - - <?php - //create a temporary id for the array - $a_gateways = &$config['installedpackages']['freeswitchgateways']['config']; - - $i = 0; - if (count($a_gateways) > 0) { - foreach ($a_gateways as $ent) { - $a_gateways[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_string($a, $b) { - return strcmp($a["gateway"], $b["gateway"]); - } - if (count($a_gateways) > 0) { usort($a_gateways, "cmp_string"); } - - echo "<select name='fax_gateway' class='formfld'>"; - $i = 0; - if (count($a_gateways) > 0) { - - foreach ($a_gateways as $ent) { - echo "<option>".$ent['gateway']."</option>\n"; - } - } - echo "</select>\n"; - - ?> - </td> - <td> - <input name="submit" type="submit" class="button" id="upload" value="Send FAX"> - </td> - </tr> - </table> - </div> - </form> - </td> - </tr> - </table> - - - - <br /> - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <span class="vexpl"><span class="red"><strong>Inbox</strong></span> - </td> - <td align='right'> - <?php - if ($v_path_show) { - echo "<b>location:</b> "; - echo $dir_fax_inbox; - } - ?> - </td> - </tr> - </table> - - <div id="niftyOutter"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">File Name (download)</td> - <td width="10%" class="listhdrr">Download</td> - <td width="10%" class="listhdrr">View</td> - <td width="20%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_fax_inbox)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_fax_inbox.$file)) { - - $tmp_filesize = filesize($dir_fax_inbox.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - $tmp_file_array = split("\.",$file); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - - if ($file_ext == "tif") { - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=bin&filename=".$file_name.".pdf\">\n"; - echo " pdf"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_inbox&t=png&filename=".$file_name.".png\" target=\"_blank\">\n"; - echo " png"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_fax_inbox.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"v_fax_edit.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"v_fax_edit.php?id=".$id."&type=fax_inbox&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - } - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - <br /> - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <span class="vexpl"><span class="red"><strong>Sent</strong></span> - </td> - <td align='right'> - <?php - if ($v_path_show) { - echo "<b>location:</b> "; - echo $dir_fax_sent; - } - ?> - </td> - </tr> - </table> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">File Name (download)</td> - <td width="10%" class="listhdrr">Download</td> - <td width="10%" class="listhdrr">View</td> - <td width="20%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_fax_sent)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_fax_sent.$file)) { - - $tmp_filesize = filesize($dir_fax_sent.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - $tmp_file_array = split("\.",$file); - $file_name = $tmp_file_array[0]; - $file_ext = $tmp_file_array[1]; - - if ($file_ext == "tif") { - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=bin&filename=".$file_name.".pdf\">\n"; - echo " pdf"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_fax_edit.php?id=".$id."&a=download&type=fax_sent&t=png&filename=".$file_name.".png\" target=\"_blank\">\n"; - echo " png"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_fax_sent.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"v_fax_edit.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"v_fax_edit.php?id=".$id."&type=fax_sent&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - } - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - - <br /> - <br /> - <br /> - <br /> - - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_features.tmp b/config/freeswitch_dev/v_features.tmp deleted file mode 100644 index d9ecf48f..00000000 --- a/config/freeswitch_dev/v_features.tmp +++ /dev/null @@ -1,223 +0,0 @@ -<?php -/* $Id$ */ -/* - v_features.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -//if ($_GET['act'] == "del") { -// if ($_GET['type'] == 'extensions') { -// if ($a_extensions[$_GET['id']]) { -// unset($a_extensions[$_GET['id']]); -// write_config(); -// header("Location: v_extensions.php"); -// exit; -// } -// } -//} - - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Features</p>\n"; -} -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Features<br> - </strong></span> - List of a few of the features. - </p></td> - </tr> - </table> - <br />--> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Auto Attendant</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_auto_attendant.php'>Open</a></td> - <td class="vtable"> - Auto Attendant provides callers the ability to choose between multiple options that direct calls to extensions, - voicemail, conferences, queues, other auto attendants, and external phone numbers. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Direct Inward System Access</td> - </tr> - <tr> - <td width='10%' class="vncell"></td> - <td class="vtable"> - Direct Inward System Access (DISA) allows inbound callers to make internal or external calls. For security reasons - it is disabled by default. To enable it first set a secure pin number from the Settings->Admin PIN Number. - Then go to Dialplan tab and find the DISA entry and edit it to set 'Enabled' to 'true'. - To use DISA dial *3472 (disa) enter the admin pin code and the extension or phone number you wish to call. - </td> - </tr> - </table> - - <br /> - <br /> - <?php - if ($v_fax_show) { - ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>FAX</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_fax.php'>Open</a></td> - <td class="vtable"> - Transmit and View Received Faxes. - </td> - </tr> - </table> - - <br /> - <br /> - <?php - } - ?> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Hunt Group</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_hunt_group.php'>Open</a></td> - <td class="vtable"> - Hunt Group is a group of destinations to call at once or in succession. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Modules</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_modules.php'>Open</a></td> - <td class="vtable"> - Modules add additional features and can be enabled or disabled to provide the desired features. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Music on Hold</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_recordings.php'>Open</a></td> - <td class="vtable"> - Music on hold can be in WAV or MP3 format. To play an MP3 files you must have mod_shout enabled on the 'Modules' tab. - For best performance upload 16bit 8khz/16khz Mono WAV files. - </td> - </tr> - </table> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic" colspan='2'>Recordings</td> - </tr> - <tr> - <td width='10%' class="vncell"><a href='v_recordings.php'>Open</a></td> - <td class="vtable"> - To make a recording dial *732673 (record) or you can make a 16bit 8khz/16khz - Mono WAV file then copy it to the following directory then refresh the page to play - it back. Click on the 'Filename' to download it or the 'Recording Name' to play the audio. - </td> - </tr> - </table> - -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_gateways.tmp b/config/freeswitch_dev/v_gateways.tmp deleted file mode 100644 index b47f5b89..00000000 --- a/config/freeswitch_dev/v_gateways.tmp +++ /dev/null @@ -1,220 +0,0 @@ -<?php -/* $Id$ */ -/* - v_gateways.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_gateways = $config['installedpackages']['freeswitchgateways']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'gateways') { - if ($a_gateways[$_GET['id']]) { - $tmp_file_name = $v_conf_dir."/sip_profiles/external/".$_GET['gateway'].".xml"; - if (file_exists($tmp_file_name)) { - unlink($tmp_file_name); - } - unset($a_gateways[$_GET['id']]); - write_config(); - header("Location: v_gateways.php"); - exit; - } - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Gateways</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_gateways.php" method="post" name="iform" id="iform"> -<?php - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The gateways have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Gateways<br> - </strong></span> - Gateways provide access into other voice networks. These can be voice providers or other systems that require SIP registration. - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Gateway</td> - <td width="25%" class="listhdrr">Context</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="25%" class="listhdr">Description</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_gateways_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_gateways) > 0) { - foreach ($a_gateways as $ent) { - $a_gateways[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_string($a, $b) { - return strcmp($a["gateway"], $b["gateway"]); - } - if (count($a_gateways) > 0) { usort($a_gateways, "cmp_string"); } - - $i = 0; - if (count($a_gateways) > 0) { - - foreach ($a_gateways as $ent) { - - ?> - <tr> - <td class="listr" ondblclick="document.location='v_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['gateway'];?> - </td> - <td class="listr" ondblclick="document.location='v_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['context'];?> - </td> - <td class="listr" ondblclick="document.location='v_gateways_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='v_gateways_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_gateways_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_gateways.php?type=gateways&act=del&id=<?=$ent['id'];?>&gateway=<?=$ent['gateway'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - - $i++; - } - } - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_gateways_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<?php -if ($v_path_show) { - echo $v_conf_dir."/sip_profiles/external/\n"; -} -?> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_gateways_edit.tmp b/config/freeswitch_dev/v_gateways_edit.tmp deleted file mode 100644 index 5444d7e8..00000000 --- a/config/freeswitch_dev/v_gateways_edit.tmp +++ /dev/null @@ -1,700 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_gateways_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_gateways = &$config['installedpackages']['freeswitchgateways']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_gateways[$id]) { - - $pconfig['gatewayid'] = $a_gateways[$id]['gatewayid']; - $gatewayid = $a_gateways[$id]['gatewayid']; - $pconfig['gateway'] = $a_gateways[$id]['gateway']; - $pconfig['username'] = $a_gateways[$id]['username']; - $pconfig['auth-username'] = $a_gateways[$id]['auth-username']; - $pconfig['password'] = $a_gateways[$id]['password']; - $pconfig['realm'] = $a_gateways[$id]['realm']; - $pconfig['from-user'] = $a_gateways[$id]['from-user']; - $pconfig['from-domain'] = $a_gateways[$id]['from-domain']; - $pconfig['proxy'] = $a_gateways[$id]['proxy']; - $pconfig['expire-seconds'] = $a_gateways[$id]['expire-seconds']; - $pconfig['register'] = $a_gateways[$id]['register']; - $pconfig['register-transport'] = $a_gateways[$id]['register-transport']; - $pconfig['retry-seconds'] = $a_gateways[$id]['retry-seconds']; - $pconfig['extension'] = $a_gateways[$id]['extension']; - $pconfig['ping'] = $a_gateways[$id]['ping']; - $pconfig['caller-id-in-from'] = $a_gateways[$id]['caller-id-in-from']; - $pconfig['supress-cng'] = $a_gateways[$id]['supress-cng']; - - $pconfig['effective_caller_id_name'] = $a_gateways[$id]['effective_caller_id_name']; - $pconfig['effective_caller_id_number'] = $a_gateways[$id]['effective_caller_id_number']; - $pconfig['outbound_caller_id_name'] = $a_gateways[$id]['outbound_caller_id_name']; - $pconfig['outbound_caller_id_number'] = $a_gateways[$id]['outbound_caller_id_number']; - - $pconfig['context'] = $a_gateways[$id]['context']; - $pconfig['enabled'] = $a_gateways[$id]['enabled']; - $pconfig['description'] = $a_gateways[$id]['description']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $effective_caller_id_number = $_POST['effective_caller_id_number']; - $outbound_caller_id_number = $_POST['outbound_caller_id_number']; - $replace_array = array("(", ")", " ", "-"); - $effective_caller_id_number = str_replace($replace_array, "", $effective_caller_id_number); - $outbound_caller_id_number = str_replace($replace_array, "", $outbound_caller_id_number); - - $ent = array(); - if (strlen($_POST['ivrid']) > 0) { - $ent['gatewayid'] = $_POST['ivrid']; - } - else { - $ent['gatewayid'] = guid(); - } - $ent['gateway'] = $_POST['gateway']; - $ent['username'] = $_POST['username']; - $ent['auth-username'] = $_POST['auth-username']; - $ent['password'] = $_POST['password']; - $ent['realm'] = $_POST['realm']; - $ent['from-user'] = $_POST['from-user']; - $ent['from-domain'] = $_POST['from-domain']; - $ent['proxy'] = $_POST['proxy']; - $ent['expire-seconds'] = $_POST['expire-seconds']; - $ent['register'] = $_POST['register']; - $ent['register-transport'] = $_POST['register-transport']; - $ent['retry-seconds'] = $_POST['retry-seconds']; - $ent['extension'] = $_POST['extension']; - $ent['ping'] = $_POST['ping']; - $ent['caller-id-in-from'] = $_POST['caller-id-in-from']; - $ent['supress-cng'] = $_POST['supress-cng']; - - $ent['effective_caller_id_name'] = $_POST['effective_caller_id_name']; - $ent['effective_caller_id_number'] = $effective_caller_id_number; - $ent['outbound_caller_id_name'] = $_POST['outbound_caller_id_name']; - $ent['outbound_caller_id_number'] = $outbound_caller_id_number; - - $ent['context'] = $_POST['context']; - $ent['enabled'] = $_POST['enabled']; - $ent['description'] = $_POST['description']; - - if (isset($id) && $a_gateways[$id]) { - //update - $a_gateways[$id] = $ent; - } - else { - //add - $a_gateways[] = $ent; - } - - - if (strlen(trim($_POST['dialplan_expression']))> 0) { - - $gatewayid = $_POST['gatewayid']; - $gateway = $_POST['gateway']; - $context = $_POST['context']; - - $default_area_code = &$config['installedpackages']['freeswitchsettings']['config'][0]['default_area_code']; - $a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; - $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - - - $tmp_array = split("\\\n", $_POST['dialplan_expression']); - - foreach($tmp_array as $dialplan_expression) { - - $dialplan_expression = trim($dialplan_expression); - if (strlen($dialplan_expression)>0) { - - switch ($dialplan_expression) { - case "^(\d{7})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "7 digits"; - $abbrv = "7d"; - break; - case "^(\d{10})$": - $action_data = "sofia/gateway/".$gateway."/1\$1"; - $label = "10 digits"; - $abbrv = "10d"; - break; - case "^(\d{11})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "11 digits"; - $abbrv = "11d"; - break; - case "^(311)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "311"; - $abbrv = "311"; - break; - case "^(411)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "411"; - $abbrv = "411"; - break; - case "^(911)$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "911"; - $abbrv = "911"; - break; - case "^9(\d{3})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 3 digits"; - $abbrv = "9.3d"; - break; - case "^9(\d{4})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 4 digits"; - $abbrv = "9.4d"; - break; - case "^9(\d{7})$": - $action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1"; - $label = "dial 9, 7 digits"; - $abbrv = "9.7d"; - break; - case "^9(\d{10})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "dial 9, 10 digits"; - $abbrv = "9.10d"; - break; - case "^9(\d{11})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "dial 9, 11 digits"; - $abbrv = "9.11d"; - break; - case "^1?(8(00|55|66|77|88)[2-9]\d{6})$": - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = "toll free"; - $abbrv = "tollfree"; - break; - default: - $action_data = "sofia/gateway/".$gateway."/\$1"; - $label = $dialplan_expression; - $abbrv = $dialplan_expression; - } - - $dialplanincludeid = guid(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['extensionname'] = $gateway.".".$abbrv; - $ent['order'] = '9002'; //if update use the existing order number and extension name and desc - $ent['context'] = $context; - $ent['enabled'] = 'true'; - $ent['descr'] = $label.' '.$gateway; - $ent['opt1name'] = 'gatewayid'; - $ent['opt1value'] = $gatewayid; - $a_dialplan_includes[] = $ent; - unset($ent); - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'condition'; //condition, action, antiaction - $ent['fieldtype'] = 'destination_number'; - $ent['fielddata'] = $dialplan_expression; - $ent['fieldorder'] = '000'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - if (strlen($effective_caller_id_name) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'effective_caller_id_name='.$effective_caller_id_name; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($effective_caller_id_number) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'effective_caller_id_number='.$effective_caller_id_number; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($outbound_caller_id_name) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'outbound_caller_id_name='.$outbound_caller_id_name; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - if (strlen($outbound_caller_id_number) > 0) { - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'set'; - $ent['fielddata'] = 'outbound_caller_id_number='.$outbound_caller_id_number; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - } - - $ent = array(); - $ent['dialplanincludeid'] = $dialplanincludeid; - $ent['tag'] = 'action'; //condition, action, antiaction - $ent['fieldtype'] = 'bridge'; - $ent['fielddata'] = $action_data; - $ent['fieldorder'] = '001'; - $a_dialplan_include_details[] = $ent; - unset($ent); - - unset($label); - unset($abbrv); - unset($dialplan_expression); - unset($action_data); - } //if strlen - } //end for each - } - - write_config(); - sync_package_v_gateways(); - sync_package_v_dialplan_includes(); - - header("Location: v_gateways.php"); - exit; - } -} - -include("head.inc"); - -?> - - -<script type="text/javascript" language="JavaScript"> - -function enable_change(enable_over) { - var endis; - endis = !(document.iform.enable.checked || enable_over); - document.iform.range_from.disabled = endis; - document.iform.range_to.disabled = endis; -} - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Gateways: Edit</p>\n"; -} - -if ($input_errors) print_input_errors($input_errors); -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Gateway Setup<br> - </strong></span> - <?php - if ($v_path_show) { - echo "The 'SIP Provider Examples' from the FreeSWITCH wiki can be used as reference to get started. <br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/SIP_Provider_Examples' target='_blank'>http://wiki.freeswitch.org/wiki/SIP_Provider_Examples</a>\n"; - } - ?> - </p></td> - </tr> - </table> - <br /> - - <form action="v_gateways_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Gateway</td> - <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld" id="gateway" size="40" value="<?=htmlspecialchars($pconfig['gateway']);?>"> - <br><span class="vexpl">Enter the gateway name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Username</td> - <td width="78%" class="vtable"> - <input name="username" type="text" class="formfld" id="username" size="40" value="<?=htmlspecialchars($pconfig['username']);?>"> - <br><span class="vexpl">Enter the username here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Password</td> - <td width="78%" class="vtable"> - <input name="password" type="password" class="formfld" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>"> - <br><span class="vexpl">Enter the password here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">From-user</td> - <td width="78%" class="vtable"> - <input name="from-user" type="text" class="formfld" id="from-user" size="40" value="<?=htmlspecialchars($pconfig['from-user']);?>"> - <br><span class="vexpl">Enter the from-user here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">From-domain</td> - <td width="78%" class="vtable"> - <input name="from-domain" type="text" class="formfld" id="from-domain" size="40" value="<?=htmlspecialchars($pconfig['from-domain']);?>"> - <br><span class="vexpl">Enter the from-domain here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Proxy</td> - <td width="78%" class="vtable"> - <input name="proxy" type="text" class="formfld" id="proxy" size="40" value="<?=htmlspecialchars($pconfig['proxy']);?>"> - <br><span class="vexpl">Enter the proxy here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Realm</td> - <td width="78%" class="vtable"> - <input name="realm" type="text" class="formfld" id="realm" size="40" value="<?=htmlspecialchars($pconfig['realm']);?>"> - <br><span class="vexpl">Enter the realm here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Expire-seconds</td> - <td width="78%" class="vtable"> - <input name="expire-seconds" type="text" class="formfld" id="expire-seconds" size="40" value="<?=htmlspecialchars($pconfig['expire-seconds']);?>"> - <br><span class="vexpl">Enter the expire-seconds here. Example: 600<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Register</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='register' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['register'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to register. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Retry-seconds</td> - <td width="78%" class="vtable"> - <input name="retry-seconds" type="text" class="formfld" id="retry-seconds" size="40" value="<?=htmlspecialchars($pconfig['retry-seconds']);?>"> - <br> <span class="vexpl">Enter the retry_seconds here. Example: 30<br></span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Effective Caller ID Name</td> - <td width="78%" class="vtable"> - <input name="effective_caller_id_name" type="text" class="formfld" id="effective_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_name']);?>"> - <br> <span class="vexpl">Enter the effective caller ID name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Effective Caller ID Number</td> - <td width="78%" class="vtable"> - <input name="effective_caller_id_number" type="text" class="formfld" id="effective_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_number']);?>"> - <br> <span class="vexpl">Enter the effective caller ID number here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Outbound Caller ID Name</td> - <td width="78%" class="vtable"> - <input name="outbound_caller_id_name" type="text" class="formfld" id="outbound_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_name']);?>"> - <br> <span class="vexpl">Enter the outbound caller ID name here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Outbound Caller ID Number</td> - <td width="78%" class="vtable"> - <input name="outbound_caller_id_number" type="text" class="formfld" id="outbound_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_number']);?>"> - <br> <span class="vexpl">Enter the outbound caller ID number here.<br></span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br> <span class="vexpl">Enter the context here. Example: public<br></span> - </td> - </tr> - </table> - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncell">Show Advanced</td> - <td width="78%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncell">Auth-username</td> - <td width="78%" class="vtable"> - <input name="auth-username" type="text" class="formfld" id="auth-username" size="40" value="<?=htmlspecialchars($pconfig['auth-username']);?>"> - <br> <span class="vexpl">Enter the auth-username here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Register-transport</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='register-transport' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['register-transport'])) { - case "udp": - echo " <option value='udp' selected='yes'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - break; - case "tcp": - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp' selected='yes'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - case "tls": - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls' selected='yes'>tls</option>\n"; - break; - default: - echo " <option value='udp'>udp</option>\n"; - echo " <option value='tcp'>tcp</option>\n"; - echo " <option value='tls'>tls</option>\n"; - } - echo " </select>\n"; - ?> - Choose whether to register-transport. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Extension</td> - <td width="78%" class="vtable"> - <input name="extension" type="text" class="formfld" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>"> - <br> <span class="vexpl">Enter the extension here.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Ping</td> - <td width="78%" class="vtable"> - <input name="ping" type="text" class="formfld" id="ping" size="40" value="<?=htmlspecialchars($pconfig['ping']);?>"> - <br> <span class="vexpl">Enter the ping interval here in seconds.<br></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Caller-id-in-from</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='caller-id-in-from' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['caller-id-in-from'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Supress-cng</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='supress-cng' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['supress-cng'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - </table> - - </div> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Dialplan Expression</td> - <td width="78%" class="vtable"> - <?php - echo "<textarea name=\"dialplan_expression\" id=\"dialplan_expression\" cols=\"30\" rows=\"4\" wrap=\"off\"></textarea>\n"; - ?> - <br> - <select name='dialplan_expression_select' id='dialplan_expression_select' onchange="document.getElementById('dialplan_expression').value += document.getElementById('dialplan_expression_select').value + '\n';" class='formfld'> - <option></option> - <option value='^(\d{7})$'>7 digits local</option> - <option value='^(\d{10})$'>10 digits long distance</option> - <option value='^(\d{11})$'>11 digits long distance</option> - <option value='^011(.*)$'>011 International</option> - <option value='^311$'>311 information</option> - <option value='^411$'>411 information</option> - <option value='^911$'>911 emergency</option> - <option value='^1?(8(00|55|66|77|88)[2-9]\d{6})$'>toll free</option> - <option value='^9(\d{3})$'>Dial 9 then 3 digits</option> - <option value='^9(\d{4})$'>Dial 9 then 4 digits</option> - <option value='^9(\d{7})$'>Dial 9 then 7 digits</option> - <option value='^9(\d{10})$'>Dial 9 then 10 digits</option> - <option value='^9(\d{11})$'>Dial 9 then 11 digits</option> - </select> - <span class="vexpl"> - <br /> - Shortcut to create the outbound dialplan entries for this Gateway. The entries are saved to and edited from the 'Dialplan' tab. - </span></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Gateway Description</td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br> <span class="vexpl">Enter the description of the gateway here.</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_gateways[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <input name="gatewayid" type="hidden" value="<?=htmlspecialchars($pconfig['gatewayid']);?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_hunt_group.tmp b/config/freeswitch_dev/v_hunt_group.tmp deleted file mode 100644 index 6441ea12..00000000 --- a/config/freeswitch_dev/v_hunt_group.tmp +++ /dev/null @@ -1,213 +0,0 @@ -<?php -/* $Id$ */ -/* - v_hunt_group.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; -$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config']; -$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config']; - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'huntgroup') { - if ($a_hunt_group[$_GET['id']]) { - if (file_exists($v_scripts_dir."/huntgroup_".$_GET['huntgroupid'].".js")) { - unlink($v_scripts_dir."/huntgroup_".$_GET['huntgroupid'].".js"); - } - /* - //delete dialplan include details - if (count($a_dialplan_includes) > 0) { - $i = 0; - foreach($a_dialplan_includes as $row) { - echo $row['opt1value']." == {".$_GET['huntgroupid']."}<br />\n"; - if ($row['opt1value'] == '{'.$_GET['huntgroupid'].'}') { - $dialplanincludeid = $row['dialplanincludeid']; - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - - //delete dialplan include details - if (count($a_dialplan_include_details) > 0) { - $i = 0; - foreach($a_dialplan_include_details as $row) { - if ($row['dialplanincludeid'] == $dialplanincludeid) { - $id = $i; - unset($a_dialplan_include_details[$id]); - } - $i++; - } - unset($i); - } - */ - unset($a_hunt_group[$_GET['id']]); - write_config(); - sync_package_v_hunt_group(); - header("Location: v_hunt_group.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Hunt Group</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_hunt_group.php" method="post" name="iform" id="iform"> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Hunt Group<br /> - </strong></span> - Hunt Group is a group of destinations to call at once or in succession. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension</td> - <td width="25%" class="listhdrr">Name</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_hunt_group_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - $i = 0; - if (count($a_hunt_group) > 0) { - foreach ($a_hunt_group as $ent) { - if (strlen($ent['huntgroupid']) > 0) { - - $huntgroupid = str_replace(array("{", "}"), "", $ent['huntgroupid']); - - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_hunt_group_edit.php?id=<?=$i;?>'"> - <?=$ent['huntgroupextension']?> - </td> - <td class="listr" ondblclick="document.location='v_hunt_group_edit.php?id=<?=$i;?>';"> - <?=$ent['huntgroupname'];?> - </td> - <td class="listbg" ondblclick="document.location='v_hunt_group_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['huntgroupdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_hunt_group_edit.php?id=<?=$i;?>&huntgroupid=<?php echo $ent['huntgroupid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_hunt_group.php?type=huntgroup&act=del&id=<?=$i;?>&huntgroupid=<?php echo $huntgroupid; ?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_hunt_group_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -<?php -if ($v_path_show) { - echo $v_scripts_dir."\n"; -} -?> - -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_hunt_group_destinations.tmp b/config/freeswitch_dev/v_hunt_group_destinations.tmp deleted file mode 100644 index 9d953147..00000000 --- a/config/freeswitch_dev/v_hunt_group_destinations.tmp +++ /dev/null @@ -1,49 +0,0 @@ -<?php -/* $Id$ */ -/* - v_hunt_group_destinations.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'huntgroupdestinations') { - if ($a_hunt_group_destinations[$_GET['id']]) { - unset($a_hunt_group_destinations[$_GET['id']]); - write_config(); - sync_package_v_hunt_group(); - header("Location: v_hunt_group_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_hunt_group_destinations_edit.tmp b/config/freeswitch_dev/v_hunt_group_destinations_edit.tmp deleted file mode 100644 index 6c02a898..00000000 --- a/config/freeswitch_dev/v_hunt_group_destinations_edit.tmp +++ /dev/null @@ -1,272 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_hunt_group_destinations_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$huntgroupid = $_GET['huntgroupid']; -if (isset($_POST['huntgroupid'])) { - $huntgroupid = $_POST['huntgroupid']; -} - - -if (isset($id) && $a_hunt_group_destinations[$id]) { - $pconfig['destinationnumber'] = $a_hunt_group_destinations[$id]['destinationnumber']; - $pconfig['destinationtype'] = $a_hunt_group_destinations[$id]['destinationtype']; - $pconfig['destinationprofile'] = $a_hunt_group_destinations[$id]['destinationprofile']; - $pconfig['destinationorder'] = $a_hunt_group_destinations[$id]['destinationorder']; - $pconfig['destinationdescr'] = $a_hunt_group_destinations[$id]['destinationdescr']; -} -else { - if (isset($_GET['a'])) { - //if ($_GET['a'] == "action"){ $pconfig['destinationaction'] = "action"; } - //if ($_GET['a'] == "antiaction"){ $pconfig['destinationaction'] = "anti-action"; } - } -} - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $huntgroupdestinationent = array(); - $huntgroupdestinationent['huntgroupid'] = $_POST['huntgroupid']; - $huntgroupdestinationent['destinationnumber'] = $_POST['destinationnumber']; - $huntgroupdestinationent['destinationtype'] = $_POST['destinationtype']; - $huntgroupdestinationent['destinationprofile'] = $_POST['destinationprofile']; - $huntgroupdestinationent['destinationorder'] = $_POST['destinationorder']; - $huntgroupdestinationent['destinationdescr'] = $_POST['destinationdescr']; - - if (isset($id) && $a_hunt_group_destinations[$id]) { - //update - $a_hunt_group_destinations[$id] = $huntgroupdestinationent; - } - else { - //add - $a_hunt_group_destinations[] = $huntgroupdestinationent; - } - - - write_config(); - sync_package_v_hunt_group(); - - header("Location: v_hunt_group_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Hunt Group: Destinations: Edit</p>\n"; -} -if ($input_errors) print_input_errors($input_errors); -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="v_hunt_group_destinations_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Destination</td> - <td width="78%" class="vtable"> - <input name="destinationnumber" type="text" class="formfld" id="destinationnumber" size="40" value="<?=htmlspecialchars($pconfig['destinationnumber']);?>"> - <br> - <span class="vexpl"> - <!--<b>examples:</b><br />--> - extension: 1001<br /> - voicemail: 1001<br /> - sip uri (voicemail): sofia/internal/*98@${domain}<br /> - sip uri (external number): sofia/gateway/gatewayname/12081231234<br /> - sip uri (auto attendant): sofia/internal/5002@${domain}<br /> - sip uri (user): /user/1001@${domain}<br /> - </span> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationtype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['destinationtype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['destinationtype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['destinationtype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Profile</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationprofile' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['destinationprofile']) == "auto") { - echo " <option selected='yes'>auto</option>\n"; - } - else { - echo " <option>auto</option>\n"; - } - foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$sip_profile_file){ - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - - if (htmlspecialchars($pconfig['destinationprofile']) == $sip_profile_name) { - echo " <option selected='yes'>$sip_profile_name</option>\n"; - } - else { - echo " <option>$sip_profile_name</option>\n"; - } - } - echo " </select>\n"; - - - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='destinationorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['destinationorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['destinationorder'])."'>".htmlspecialchars($pconfig['destinationorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each destination is determined by this order. - - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="destinationdescr" type="text" class="formfld" id="destinationdescr" size="40" value="<?=htmlspecialchars($pconfig['destinationdescr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="huntgroupid" type="hidden" value="<?=$huntgroupid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_hunt_group_destinations[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_hunt_group_edit.tmp b/config/freeswitch_dev/v_hunt_group_edit.tmp deleted file mode 100644 index f72769bb..00000000 --- a/config/freeswitch_dev/v_hunt_group_edit.tmp +++ /dev/null @@ -1,512 +0,0 @@ -<?php -/* $Id$ */ -/* - - v_hunt_group_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc");; - - -$a_hunt_group = &$config['installedpackages']['freeswitchhuntgroup']['config']; -$a_hunt_group_destinations = &$config['installedpackages']['freeswitchhuntgroupdestinations']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - - -if (isset($id) && $a_hunt_group[$id]) { - $pconfig['huntgroupid'] = $a_hunt_group[$id]['huntgroupid']; - $huntgroupid = $a_hunt_group[$id]['huntgroupid']; - $pconfig['huntgroupextension'] = $a_hunt_group[$id]['huntgroupextension']; - $pconfig['huntgroupname'] = $a_hunt_group[$id]['huntgroupname']; - $pconfig['huntgrouptype'] = $a_hunt_group[$id]['huntgrouptype']; - $pconfig['huntgroupcontext'] = $a_hunt_group[$id]['huntgroupcontext']; - $pconfig['huntgrouptimeout'] = $a_hunt_group[$id]['huntgrouptimeout']; - $pconfig['huntgrouptimeoutdestination'] = $a_hunt_group[$id]['huntgrouptimeoutdestination']; - $pconfig['huntgrouptimeouttype'] = $a_hunt_group[$id]['huntgrouptimeouttype']; - $pconfig['huntgroupringback'] = $a_hunt_group[$id]['huntgroupringback']; - $pconfig['huntgroupcidnameprefix'] = $a_hunt_group[$id]['huntgroupcidnameprefix']; - $pconfig['huntgrouppin'] = $a_hunt_group[$id]['huntgrouppin']; - $pconfig['huntgroupcallerannounce'] = $a_hunt_group[$id]['huntgroupcallerannounce']; - $pconfig['huntgroupdescr'] = $a_hunt_group[$id]['huntgroupdescr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'destinations') { - if ($a_hunt_group_destinations[$_GET['optionid']]) { - unset($a_hunt_group_destinations[$_GET['optionid']]); - write_config(); - sync_package_v_hunt_group(); - header("Location: v_hunt_group_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $huntgroupent = array(); - if (strlen($_POST['huntgroupid']) > 0) { - $huntgroupent['huntgroupid'] = $_POST['huntgroupid']; - } - else { - $huntgroupent['huntgroupid'] = guid(); - } - $huntgroupent['huntgroupextension'] = $_POST['huntgroupextension']; - $huntgroupent['huntgroupname'] = $_POST['huntgroupname']; - $huntgroupent['huntgrouptype'] = $_POST['huntgrouptype']; - $huntgroupent['huntgroupcontext'] = $_POST['huntgroupcontext']; - $huntgroupent['huntgrouptimeout'] = $_POST['huntgrouptimeout']; - $huntgroupent['huntgrouptimeoutdestination'] = $_POST['huntgrouptimeoutdestination']; - $huntgroupent['huntgrouptimeouttype'] = $_POST['huntgrouptimeouttype']; - $huntgroupent['huntgroupringback'] = $_POST['huntgroupringback']; - $huntgroupent['huntgroupcidnameprefix'] = $_POST['huntgroupcidnameprefix']; - $huntgroupent['huntgrouppin'] = $_POST['huntgrouppin']; - $huntgroupent['huntgroupcallerannounce'] = $_POST['huntgroupcallerannounce']; - $huntgroupent['huntgroupdescr'] = $_POST['huntgroupdescr']; - - if (isset($id) && $a_hunt_group[$id]) { - //update - $a_hunt_group[$id] = $huntgroupent; - } - else { - //add - $a_hunt_group[] = $huntgroupent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_v_hunt_group(); - - header("Location: v_hunt_group.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Hunt Group: Edit</p>\n"; -} -if ($input_errors) print_input_errors($input_errors); - -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>General Settings:<br> - </strong></span> - Hunt Group general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="v_hunt_group_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension</td> - <td width="78%" class="vtable"> - <input name="huntgroupextension" type="text" class="formfld" id="huntgroupextension" size="40" value="<?=htmlspecialchars($pconfig['huntgroupextension']);?>"> - <br> <span class="vexpl">e.g. <em>7002</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Hunt Group Name</td> - <td width="78%" class="vtable"> - <input name="huntgroupname" type="text" class="formfld" id="huntgroupname" size="40" value="<?=htmlspecialchars($pconfig['huntgroupname']);?>"> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgrouptype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgrouptype']) == "simultaneous") { - echo " <option selected='yes'>simultaneous</option>\n"; - } - else { - echo " <option>simultaneous</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptype']) == "sequentially") { - echo " <option selected='yes'>sequentially</option>\n"; - } - else { - echo " <option>sequentially</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <?php - if (strlen($pconfig['huntgrouptimeout']) == 0) { - $pconfig['huntgrouptimeout'] = 30; //set a default timeout - } - ?> - <tr> - <td width="22%" valign="top" class="vncell">Context</td> - <td width="78%" class="vtable"> - <input name="huntgroupcontext" type="text" class="formfld" id="huntgroupextension" size="40" value="<?=htmlspecialchars($pconfig['huntgroupcontext']);?>"> - <br> <span class="vexpl">e.g. <em>default</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout</td> - <td width="78%" class="vtable"> - <input name="huntgrouptimeout" type="text" class="formfld" id="huntgrouptimeout" size="40" value="<?=htmlspecialchars($pconfig['huntgrouptimeout']);?>"> - <br> - <span class="vexpl"> - The timeout sets the time in seconds to continue to call before timing out. - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout Type</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgrouptimeouttype' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "extension") { - echo " <option selected='yes'>extension</option>\n"; - } - else { - echo " <option>extension</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "voicemail") { - echo " <option selected='yes'>voicemail</option>\n"; - } - else { - echo " <option>voicemail</option>\n"; - } - if (htmlspecialchars($pconfig['huntgrouptimeouttype']) == "sip uri") { - echo " <option selected='yes'>sip uri</option>\n"; - } - else { - echo " <option>sip uri</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Timeout Destination</td> - <td width="78%" class="vtable"> - <input name="huntgrouptimeoutdestination" type="text" class="formfld" id="huntgrouptimeoutdestination" size="40" value="<?=htmlspecialchars($pconfig['huntgrouptimeoutdestination']);?>"> - <br> <span class="vexpl">Destination<br> - e.g. <em>1001</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Ring Back</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgroupringback' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgroupringback']) == "ring") { - echo " <option selected='yes'>ring</option>\n"; - } - else { - echo " <option>ring</option>\n"; - } - if (htmlspecialchars($pconfig['huntgroupringback']) == "music") { - echo " <option selected='yes'>music</option>\n"; - } - else { - echo " <option>music</option>\n"; - } - echo " </select>\n"; - ?> - <br> - <span class="vexpl"> - Defines what the caller will hear while destination is being called. The choices are music - (music on hold) ring (ring tone.) default: music - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">CID Prefix</td> - <td width="78%" class="vtable"> - <input name="huntgroupcidnameprefix" type="text" class="formfld" id="huntgroupcidnameprefix" size="40" value="<?=htmlspecialchars($pconfig['huntgroupcidnameprefix']);?>"> - <br> - <span class="vexpl"> - Set a prefix on the caller ID name. (optional) - </span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">PIN</td> - <td width="78%" class="vtable"> - <input name="huntgrouppin" type="text" class="formfld" id="huntgrouppin" size="40" value="<?=htmlspecialchars($pconfig['huntgrouppin']);?>"> - <br> - <span class="vexpl"> - If this is provided then the caller will be required to enter the PIN number. (optional) - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Caller Announce</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='huntgroupcallerannounce' class='formfld'>\n"; - echo " <option></option>\n"; - if (htmlspecialchars($pconfig['huntgroupcallerannounce']) == "true") { - echo " <option selected='yes'>true</option>\n"; - } - else { - echo " <option>true</option>\n"; - } - if (htmlspecialchars($pconfig['huntgroupcallerannounce']) == "false") { - echo " <option selected='yes'>false</option>\n"; - } - else { - echo " <option>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="huntgroupdescr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['huntgroupdescr']);?>"> - <br> - <span class="vexpl"> - You may enter a description here for your reference (not parsed). - </span> - </td> - </tr> - - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <input name="huntgroupid" type="hidden" value="<?=htmlspecialchars($pconfig['huntgroupid']);?>"> - <?php if (isset($id) && $a_hunt_group[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="v_hunt_group_edit.php" method="post" name="iform2" id="iform2"> - <?php - - - //echo "<pre>"; - //print_r ($a_hunt_group); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - ?> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Destinations<br /> - </strong></span> - The following destinations will be called. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40%" class="listhdrr">Destination</td> - <td width="40" class="listhdrr">Type</td> - <td width="40" class="listhdrr">Profile</td> - <td width="40" class="listhdrr">Order</td> - <td width="45%" class="listhdr">Description</td> - <td width="30" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($huntgroupid) > 1) { ?> - <a href="v_hunt_group_destinations_edit.php?parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - <?php } ?> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_hunt_group_destinations) > 0) { - foreach ($a_hunt_group_destinations as $ent) { - $a_hunt_group_destinations[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["destinationorder"] > $b["destinationorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_hunt_group_destinations) > 0) { usort($a_hunt_group_destinations, "cmp_number"); } - - $i = 0; - if (count($a_hunt_group_destinations) > 0) { - foreach ($a_hunt_group_destinations as $ent) { - if ($huntgroupid == $ent['huntgroupid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>'"> - <?=$ent['destinationnumber']?> - </td> - <td class="listr" ondblclick="document.location='v_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationprofile'];?> - </td> - <td class="listr" ondblclick="document.location='v_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <?=$ent['destinationorder'];?> - </td> - <td class="listbg" ondblclick="document.location='v_hunt_group_destinations_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['destinationdescr']);?> - </td> - <td valign="middle" nowrap class="list"> - <?php - if (strlen($huntgroupid) > 1) { - echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - echo " <td valign=\"middle\"><a href=\"v_hunt_group_destinations_edit.php?id=".$ent['id']."&parentid=".$parentid."&huntgroupid=".$huntgroupid."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"v_hunt_group_destinations.php?type=huntgroupdestinations&act=del&id=".$ent['id']."&parentid=".$parentid."&huntgroupid=".$huntgroupid."\" onclick=\"return confirm('Do you really want to delete this recording?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo "</table>\n"; - } - ?> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"> - <?php if (strlen($huntgroupid) > 1) { ?> - <a href="v_hunt_group_destinations_edit.php?parentid=<?=$parentid;?>&huntgroupid=<?=$huntgroupid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a> - <?php } ?> - </td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="5"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - - - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_mailto.tmp b/config/freeswitch_dev/v_mailto.tmp deleted file mode 100644 index 407123aa..00000000 --- a/config/freeswitch_dev/v_mailto.tmp +++ /dev/null @@ -1,240 +0,0 @@ -<?php -/* $Id$ */ -/* - v_mailto.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("/etc/inc/config.inc"); -require("/usr/local/pkg/v_config.inc"); -global $config; - -$tmp_smtphost = $config['installedpackages']['freeswitchsettings']['config'][0]['smtphost']; -$tmp_smtpsecure = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpsecure']; //options "", "TLS", "SSL" -$tmp_smtpsecure = strtolower($tmp_smtpsecure); -$tmp_smtpauth = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpauth']; // SMTP authentication: true or false -$tmp_smtpusername = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpusername']; -$tmp_smtppassword = $config['installedpackages']['freeswitchsettings']['config'][0]['smtppassword']; -$tmp_smtpfrom = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfrom']; -$tmp_smtpfromname = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfromname']; - - -ini_set(max_execution_time,900); //15 minutes -ini_set('memory_limit', '96M'); -$fd = fopen("php://stdin", "r"); - -$email = file_get_contents ("php://stdin"); - -fclose($fd); - -if($fd){ - $fp = fopen($tmp_dir."/voicemailtoemail.txt", "w"); -} - - -ob_end_clean(); -ob_start(); - - -//get main header and body - $tmparray = split("\n\n", $email); - $mainheader = $tmparray[0]; - $maincontent = substr($email, strlen($mainheader), strlen($email)); - -//get the boundary - $tmparray = split("\n", $mainheader); - $contenttmp = $tmparray[1]; //Content-Type: multipart/mixed; boundary="XXXX_boundary_XXXX" - $tmparray = split('; ', $contenttmp); //boundary="XXXX_boundary_XXXX" - $contenttmp = $tmparray[1]; - $tmparray = split('=', $contenttmp); //"XXXX_boundary_XXXX" - $boundary = $tmparray[1]; - $boundary = trim($boundary,'"'); - //echo "boundary: $boundary\n"; - -//put the main headers into an array - $mainheaderarray = split("\n", $mainheader); - //print_r($mainheaderarray); - foreach ($mainheaderarray as $val) { - $tmparray = split(': ', $val); - //print_r($tmparray); - $var[$tmparray[0]] = trim($tmparray[1]); - } - - $var['To'] = str_replace("<", "", $var['To']); - $var['To'] = str_replace(">", "", $var['To']); - - echo "To: ".$var['To']."\n"; - echo "From: ".$var['From']."\n"; - echo "Subject: ".$var['Subject']."\n"; - //print_r($var); - echo "\n\n"; - - -// split mime type multi-part into each part - $maincontent = str_replace($boundary."--", $boundary, $maincontent); - $tmparray = split("--".$boundary, $maincontent); - -// loop through each mime part - $i=0; - foreach ($tmparray as $mimepart) { - - $mimearray = split("\n\n", $mimepart); - $subheader = $mimearray[0]; - $headermimearray = split("\n", trim($subheader)); - - $x=0; - foreach ($headermimearray as $val) { - if(stristr($val, ':') === FALSE) { - $tmparray = split('=', $val); //':' not found - if (trim($tmparray[0]) == "boundary") { - $subboundary = $tmparray[1]; - $subboundary = trim($subboundary,'"'); - //echo "subboundary: ".$subboundary."\n"; - } - } - else { - $tmparray = split(':', $val); //':' found - } - - //print_r($tmparray); - $var[trim($tmparray[0])] = trim($tmparray[1]); - } - //print_r($var); - - - $contenttypearray = split(' ', $headermimearray[0]); - - if ($contenttypearray[0] == "Content-Type:") { - $contenttype = trim($contenttypearray[1]); - - switch ($contenttype) { - case "multipart/alternative;": - - //echo "type: ".$contenttype."\n"; - $content = trim(substr($mimepart, strlen($subheader), strlen($mimepart))); - - $content = str_replace($subboundary."--", $subboundary, $content); - $tmpsubarray = split("--".$subboundary, $content); - foreach ($tmpsubarray as $mimesubsubpart) { - - $mimesubsubarray = split("\n\n", $mimesubsubpart); - $subsubheader = $mimesubsubarray[0]; - - $headersubsubmimeearray = split("\n", trim($subsubheader)); - $subsubcontenttypearray = split(' ', $headersubsubmimeearray[0]); - //echo "subsubcontenttypearray[0] ".$subsubcontenttypearray[0]."\n"; - - if ($subsubcontenttypearray[0] == "Content-Type:") { - $subsubcontenttype = trim($subsubcontenttypearray[1]); - switch ($subsubcontenttype) { - case "text/plain;": - $textplain = trim(substr($mimesubsubpart, strlen($subsubheader), strlen($mimesubsubpart))); - //echo "text/plain: $textplain\n"; - break; - case "text/html;": - $texthtml = trim(substr($mimesubsubpart, strlen($subsubheader), strlen($mimesubsubpart))); - //echo "text/html: $texthtml\n"; - break; - } - } //end if - - - } //end foreach - - break; - case "audio/wav;": - //echo "type: ".$contenttype."\n"; - $strwav = trim(substr($mimepart, strlen($subheader), strlen($mimepart))); - //echo "\n*** begin wav ***\n".$strwav."\n*** end wav ***\n"; - break; - - }//end switch - } //end if - - $i++; - - } //end foreach - - -//send the email - - include $v_web_dir."/class.phpmailer.php"; - include $v_web_dir."/class.smtp.php"; // optional, gets called from within class.phpmailer.php if not already loaded - - $mail = new PHPMailer(); - - $mail->IsSMTP(); // set mailer to use SMTP - if ($tmp_smtpauth == "true") { - $mail->SMTPAuth = $tmp_smtpauth; // turn on/off SMTP authentication - } - $mail->Host = $tmp_smtphost; - if (strlen($tmp_smtpsecure)>0) { - $mail->SMTPSecure = $tmp_smtpsecure; - } - if ($tmp_smtpusername) { - $mail->Username = $tmp_smtpusername; - $mail->Password = $tmp_smtppassword; - } - $mail->SMTPDebug = 2; - - - $mail->From = $tmp_smtpfrom; - $mail->FromName = $tmp_smtpfromname; - $mail->Subject = $var['Subject']; - $mail->AltBody = $textplain; // optional, comment out and test - $mail->MsgHTML($texthtml); - - - $tmp_to = $var['To']; - $tmp_to = str_replace(";", ",", $tmp_to); - $tmp_to_array = split(",", $tmp_to); - foreach($tmp_to_array as $tmp_to_row) { - if (strlen($tmp_to_row) > 0) { - $mail->AddAddress($tmp_to_row); - } - } - - if (strlen($strwav) > 0) { - //$mail->AddAttachment($v_dir."/data/domain/example.wav"); // attachment - $filename='voicemail.wav'; $encoding = "base64"; $type = "audio/wav"; - $mail->AddStringAttachment(base64_decode($strwav),$filename,$encoding,$type); - } - unset($strwav); - - if(!$mail->Send()) { - echo "Mailer Error: " . $mail->ErrorInfo; - } - else { - echo "Message sent!"; - } - - -$content = ob_get_contents(); //get the output from the buffer -ob_end_clean(); //clean the buffer - -fwrite($fp, $content); -fclose($fp); - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_modules.tmp b/config/freeswitch_dev/v_modules.tmp deleted file mode 100644 index b640a2cc..00000000 --- a/config/freeswitch_dev/v_modules.tmp +++ /dev/null @@ -1,2384 +0,0 @@ -<?php -/* $Id$ */ -/* - v_modules.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); -$config['installedpackages']['freeswitchmodules']['config'][$id]['mod_console']; - -$a_modules = &$config['installedpackages']['freeswitchmodules']['config']; - -//$id = $_GET['id']; -//if (isset($_POST['id'])) { -// $id = $_POST['id']; -//} -$id = 0; - - -if (isset($id) && $a_modules[$id]) { - - //Loggers - $pconfig['mod_console'] = $a_modules[$id]['mod_console']; - $pconfig['mod_logfile'] = $a_modules[$id]['mod_logfile']; - $pconfig['mod_syslog'] = $a_modules[$id]['mod_syslog']; - - //Multi-Faceted - $pconfig['mod_enum'] = $a_modules[$id]['mod_enum']; - - //XML Interfaces - $pconfig['mod_xml_rpc'] = $a_modules[$id]['mod_xml_rpc']; - $pconfig['mod_xml_curl'] = $a_modules[$id]['mod_xml_curl']; - $pconfig['mod_xml_cdr'] = $a_modules[$id]['mod_xml_cdr']; - - //Event Handlers - $pconfig['mod_cdr_csv'] = $a_modules[$id]['mod_cdr_csv']; - $pconfig['mod_event_multicast'] = $a_modules[$id]['mod_event_multicast']; - $pconfig['mod_event_socket'] = $a_modules[$id]['mod_event_socket']; - $pconfig['mod_zeroconf'] = $a_modules[$id]['mod_zeroconf']; - - //Directory Interfaces - $pconfig['mod_ldap'] = $a_modules[$id]['mod_ldap']; - - //Endpoints - //$pconfig['mod_dingaling'] = $a_modules[$id]['mod_dingaling']; - $pconfig['mod_iax'] = $a_modules[$id]['mod_iax']; - $pconfig['mod_portaudio'] = $a_modules[$id]['mod_portaudio']; - $pconfig['mod_alsa'] = $a_modules[$id]['mod_alsa']; - $pconfig['mod_sofia'] = $a_modules[$id]['mod_sofia']; - $pconfig['mod_loopback'] = $a_modules[$id]['mod_loopback']; - $pconfig['mod_wanpipe'] = $a_modules[$id]['mod_wanpipe']; - $pconfig['mod_woomera'] = $a_modules[$id]['mod_woomera']; - $pconfig['mod_openzap'] = $a_modules[$id]['mod_openzap']; - - //Applications - $pconfig['mod_cidlookup'] = $a_modules[$id]['mod_cidlookup']; - $pconfig['mod_commands'] = $a_modules[$id]['mod_commands']; - $pconfig['mod_conference'] = $a_modules[$id]['mod_conference']; - $pconfig['mod_dptools'] = $a_modules[$id]['mod_dptools']; - $pconfig['mod_easyroute'] = $a_modules[$id]['mod_easyroute']; - $pconfig['mod_esf'] = $a_modules[$id]['mod_esf']; - $pconfig['mod_expr'] = $a_modules[$id]['mod_expr']; - $pconfig['mod_fax'] = $a_modules[$id]['mod_fax']; - $pconfig['mod_fifo'] = $a_modules[$id]['mod_fifo']; - $pconfig['mod_file_string'] = $a_modules[$id]['mod_file_string']; - $pconfig['mod_fsv'] = $a_modules[$id]['mod_fsv']; - $pconfig['mod_voicemail'] = $a_modules[$id]['mod_voicemail']; - $pconfig['mod_lcr'] = $a_modules[$id]['mod_lcr']; - $pconfig['mod_limit'] = $a_modules[$id]['mod_limit']; - $pconfig['mod_soundtouch'] = $a_modules[$id]['mod_soundtouch']; - $pconfig['mod_spy'] = $a_modules[$id]['mod_spy']; - $pconfig['mod_vmd'] = $a_modules[$id]['mod_vmd']; - - //Snom - $pconfig['mod_snom'] = $a_modules[$id]['mod_snom']; - - //Dialplan Interfaces - $pconfig['mod_dialplan_directory'] = $a_modules[$id]['mod_dialplan_directory']; - $pconfig['mod_dialplan_xml'] = $a_modules[$id]['mod_dialplan_xml']; - $pconfig['mod_dialplan_asterisk'] = $a_modules[$id]['mod_dialplan_asterisk']; - $pconfig['mod_yaml'] = $a_modules[$id]['mod_yaml']; - - //Codec Interfaces - $pconfig['mod_voipcodecs'] = $a_modules[$id]['mod_voipcodecs']; - $pconfig['mod_g723_1'] = $a_modules[$id]['mod_g723_1']; - $pconfig['mod_g729'] = $a_modules[$id]['mod_g729']; - $pconfig['mod_amr'] = $a_modules[$id]['mod_amr']; - $pconfig['mod_amrwb'] = $a_modules[$id]['mod_amrwb']; - $pconfig['mod_ilbc'] = $a_modules[$id]['mod_ilbc']; - $pconfig['mod_speex'] = $a_modules[$id]['mod_speex']; - $pconfig['mod_siren'] = $a_modules[$id]['mod_siren']; - $pconfig['mod_celt'] = $a_modules[$id]['mod_celt']; - $pconfig['mod_h26x'] = $a_modules[$id]['mod_h26x']; - - //File Format Interfaces - $pconfig['mod_sndfile'] = $a_modules[$id]['mod_sndfile']; - $pconfig['mod_native_file'] = $a_modules[$id]['mod_native_file']; - - //Streams / Files - $pconfig['mod_shout'] = $a_modules[$id]['mod_shout']; - $pconfig['mod_local_stream'] = $a_modules[$id]['mod_local_stream']; - $pconfig['mod_tone_stream'] = $a_modules[$id]['mod_tone_stream']; - - //Languages - $pconfig['mod_spidermonkey'] = $a_modules[$id]['mod_spidermonkey']; - $pconfig['mod_spidermonkey_core_db'] = $a_modules[$id]['mod_spidermonkey_core_db']; - $pconfig['mod_spidermonkey_curl'] = $a_modules[$id]['mod_spidermonkey_curl']; - $pconfig['mod_spidermonkey_odbc'] = $a_modules[$id]['mod_spidermonkey_odbc']; - $pconfig['mod_spidermonkey_socket'] = $a_modules[$id]['mod_spidermonkey_socket']; - $pconfig['mod_spidermonkey_teletone'] = $a_modules[$id]['mod_spidermonkey_teletone']; - $pconfig['mod_perl'] = $a_modules[$id]['mod_perl']; - $pconfig['mod_python'] = $a_modules[$id]['mod_python']; - $pconfig['mod_java'] = $a_modules[$id]['mod_java']; - $pconfig['mod_lua'] = $a_modules[$id]['mod_lua']; - - //ASR / TTS - $pconfig['mod_flite'] = $a_modules[$id]['mod_flite']; - $pconfig['mod_pocketsphinx'] = $a_modules[$id]['mod_pocketsphinx']; - $pconfig['mod_cepstral'] = $a_modules[$id]['mod_cepstral']; - $pconfig['mod_openmrcp'] = $a_modules[$id]['mod_openmrcp']; - $pconfig['mod_rss'] = $a_modules[$id]['mod_rss']; - - //Say - $pconfig['mod_say_de'] = $a_modules[$id]['mod_say_de']; - $pconfig['mod_say_en'] = $a_modules[$id]['mod_say_en']; - $pconfig['mod_say_es'] = $a_modules[$id]['mod_say_es']; - $pconfig['mod_say_fr'] = $a_modules[$id]['mod_say_fr']; - $pconfig['mod_say_it'] = $a_modules[$id]['mod_say_it']; - $pconfig['mod_say_nl'] = $a_modules[$id]['mod_say_nl']; - $pconfig['mod_say_ru'] = $a_modules[$id]['mod_say_ru']; - $pconfig['mod_say_zh'] = $a_modules[$id]['mod_say_zh']; - -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ent = array(); - //$ent['zzz'] = $_POST['zzz']; - - //Loggers - $ent['mod_console'] = $_POST['mod_console']; - $ent['mod_logfile'] = $_POST['mod_logfile']; - $ent['mod_syslog'] = $_POST['mod_syslog']; - - //Multi-Faceted - $ent['mod_enum'] = $_POST['mod_enum']; - - //XML Interfaces - $ent['mod_xml_rpc'] = $_POST['mod_xml_rpc']; - $ent['mod_xml_curl'] = $_POST['mod_xml_curl']; - $ent['mod_xml_cdr'] = $_POST['mod_xml_cdr']; - $ent['mod_cdr_csv'] = $_POST['mod_cdr_csv']; - - //Event Handlers - $ent['mod_event_multicast'] = $_POST['mod_event_multicast']; - $ent['mod_event_socket'] = $_POST['mod_event_socket']; - $ent['mod_zeroconf'] = $_POST['mod_zeroconf']; - - //Directory Interfaces - $ent['mod_ldap'] = $_POST['mod_ldap']; - - //Endpoints - $ent['mod_dingaling'] = $_POST['mod_dingaling']; - $ent['mod_iax'] = $_POST['mod_iax']; - $ent['mod_portaudio'] = $_POST['mod_portaudio']; - $ent['mod_alsa'] = $_POST['mod_alsa']; - $ent['mod_sofia'] = $_POST['mod_sofia']; - $ent['mod_loopback'] = $_POST['mod_loopback']; - $ent['mod_wanpipe'] = $_POST['mod_wanpipe']; - $ent['mod_woomera'] = $_POST['mod_woomera']; - $ent['mod_openzap'] = $_POST['mod_openzap']; - - //Applications - $ent['mod_cidlookup'] = $_POST['mod_cidlookup']; - $ent['mod_commands'] = $_POST['mod_commands']; - $ent['mod_conference'] = $_POST['mod_conference']; - $ent['mod_dptools'] = $_POST['mod_dptools']; - $ent['mod_esf'] = $_POST['mod_esf']; - $ent['mod_easyroute'] = $_POST['mod_easyroute']; - $ent['mod_expr'] = $_POST['mod_expr']; - $ent['mod_fax'] = $_POST['mod_fax']; - $ent['mod_fsv'] = $_POST['mod_fsv']; - $ent['mod_fifo'] = $_POST['mod_fifo']; - $ent['mod_file_string'] = $_POST['mod_file_string']; - $ent['mod_lcr'] = $_POST['mod_lcr']; - $ent['mod_limit'] = $_POST['mod_limit']; - $ent['mod_soundtouch'] = $_POST['mod_soundtouch']; - $ent['mod_spy'] = $_POST['mod_spy']; - $ent['mod_vmd'] = $_POST['mod_vmd']; - $ent['mod_voicemail'] = $_POST['mod_voicemail']; - - //SNOM - $ent['mod_snom'] = $_POST['mod_snom']; - - //Dialplan Interfaces - $ent['mod_dialplan_directory'] = $_POST['mod_dialplan_directory']; - $ent['mod_dialplan_xml'] = $_POST['mod_dialplan_xml']; - $ent['mod_dialplan_asterisk'] = $_POST['mod_dialplan_asterisk']; - $ent['mod_yaml'] = $_POST['mod_yaml']; - - //Codec Interfaces - $ent['mod_voipcodecs'] = $_POST['mod_voipcodecs']; - $ent['mod_g723_1'] = $_POST['mod_g723_1']; - $ent['mod_g729'] = $_POST['mod_g729']; - $ent['mod_amr'] = $_POST['mod_amr']; - $ent['mod_amrwb'] = $_POST['mod_amrwb']; - $ent['mod_ilbc'] = $_POST['mod_ilbc']; - $ent['mod_speex'] = $_POST['mod_speex']; - $ent['mod_siren'] = $_POST['mod_siren']; - $ent['mod_celt'] = $_POST['mod_celt']; - $ent['mod_h26x'] = $_POST['mod_h26x']; - - //File Format Interfaces - $ent['mod_sndfile'] = $_POST['mod_sndfile']; - $ent['mod_native_file'] = $_POST['mod_native_file']; - - //Streams / Files - $ent['mod_shout'] = $_POST['mod_shout']; - $ent['mod_local_stream'] = $_POST['mod_local_stream']; - $ent['mod_tone_stream'] = $_POST['mod_tone_stream']; - - //Languages - $ent['mod_spidermonkey'] = $_POST['mod_spidermonkey']; - $ent['mod_spidermonkey_core_db'] = $_POST['mod_spidermonkey_core_db']; - $ent['mod_spidermonkey_curl'] = $_POST['mod_spidermonkey_curl']; - $ent['mod_spidermonkey_odbc'] = $_POST['mod_spidermonkey_odbc']; - $ent['mod_spidermonkey_socket'] = $_POST['mod_spidermonkey_socket']; - $ent['mod_spidermonkey_teletone'] = $_POST['mod_spidermonkey_teletone']; - $ent['mod_perl'] = $_POST['mod_perl']; - $ent['mod_python'] = $_POST['mod_python']; - $ent['mod_java'] = $_POST['mod_java']; - $ent['mod_lua'] = $_POST['mod_lua']; - - //ASR / TTS - $ent['mod_flite'] = $_POST['mod_flite']; - $ent['mod_pocketsphinx'] = $_POST['mod_pocketsphinx']; - $ent['mod_cepstral'] = $_POST['mod_cepstral']; - $ent['mod_openmrcp'] = $_POST['mod_openmrcp']; - $ent['mod_rss'] = $_POST['mod_rss']; - - //Say - $ent['mod_say_de'] = $_POST['mod_say_de']; - $ent['mod_say_en'] = $_POST['mod_say_en']; - $ent['mod_say_es'] = $_POST['mod_say_es']; - $ent['mod_say_fr'] = $_POST['mod_say_fr']; - $ent['mod_say_it'] = $_POST['mod_say_it']; - $ent['mod_say_nl'] = $_POST['mod_say_nl']; - $ent['mod_say_ru'] = $_POST['mod_say_ru']; - $ent['mod_say_zh'] = $_POST['mod_say_zh']; - - if (isset($id) && $a_modules[$id]) { - //update - $a_modules[$id] = $ent; - } - else { - //add - $a_modules[] = $ent; - } - - write_config(); - sync_package_v_modules(); - - //header("Location: v_zzz.php"); - //exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Modules</p>\n"; -} -?> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Modules<br /> - </strong></span> - <?php - if ($v_path_show) { - echo $v_mod_dir."\n"; - } - ?> - </p></td> - </tr> - </table> - --> - <br /> - - <form action="v_modules.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - -<?php - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Loggers</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>console</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_console' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_console'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Send logs to the console. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>logfile</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_logfile' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_logfile'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Send logs to the local file system. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>syslog</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_syslog' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_syslog'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Send logs to a remote syslog server. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Multi-Faceted</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>enum</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_enum' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_enum'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Route PSTN numbers over internet according to ENUM servers, such as e164.org. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>XML Interfaces</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>xml rpc</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_xml_rpc' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_xml_rpc'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "XML Remote Procedure Calls. Issue commands from your web application. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>xml curl</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_xml_curl' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_xml_curl'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "XML Gateway Code. Configure FreeSWITCH from a web server on boot and on the fly. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>xml cdr</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_xml_cdr' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_xml_cdr'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "XML based call detail record handler. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Event Handlers</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>cdr csv</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_cdr_csv' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_cdr_csv'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "CSV call detail record handler. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>event multicast</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_event_multicast' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_event_multicast'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Broadcasts events to netmask. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>event socket</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_event_socket' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_event_socket'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Sends events via a single socket. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>zeroconf</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_zeroconf' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_zeroconf'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Support for zeroconf. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Directory Interfaces</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>ldap</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_ldap' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_ldap'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "LDAP module made to obtain dialplans, user accounts, etc. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Endpoints</td></tr>\n"; - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>dingaling</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_dingaling' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_dingaling'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Jabber/GoogleTalk Talk integration module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>iax</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_iax' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_iax'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "IAX2. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>portaudio</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_portaudio' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_portaudio'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Voice through a local soundcard. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>alsa</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_alsa' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_alsa'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>sofia</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_sofia' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_sofia'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "SIP module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>loopback</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_loopback' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_loopback'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "A loopback channel driver to make an outbound call as an inbound call. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>wanpipe</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_wanpipe' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_wanpipe'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "T1/E1 Sangoma Card module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>woomera</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_woomera' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_woomera'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "H.323/Woomera module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>openzap</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_openzap' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_openzap'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Interface to Zaptel hardware. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Applications</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>cid lookup</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_cidlookup' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_cidlookup'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Lookup Caller ID. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>commands</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_commands' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_commands'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "A plethora of API interface commands. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>conference</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_conference' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_conference'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Conference room module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>dptools</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_dptools' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_dptools'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Provides a number of apps and utilities for the dialplan. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>easyroute</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_easyroute' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_easyroute'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "DID routing engine that uses a database lookup to determine how to route an incoming call. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>esf</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_esf' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_esf'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Holds the multi cast paging application for SIP. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>exp</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_expr' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_expr'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Brian Allen Vanderburgs expression evaluation library. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>fax</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_fax' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_fax'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "FAX provides fax send and receive. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>fifo</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_fifo' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_fifo'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "FIFO provides custom call queues including call park. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>file string</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_file_string' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_file_string'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>fsv</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_fsv' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_fsv'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "FreeSWITCH Video application (Recording and playback). <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>lcr</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_lcr' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_lcr'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Least Cost Routing. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>limit</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_limit' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_limit'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Resource limitation module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>soundtouch</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_soundtouch' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_soundtouch'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "modify pitch and other sound effects. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spy</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spy' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spy'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>vmd</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_vmd' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_vmd'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Voicemail Beep Detection. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>voicemail</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_voicemail' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_voicemail'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Full featured voicemail module. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>SNOM Module</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>snom</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_snom' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_snom'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Dialplan Interfaces</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>dialplan directory</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_dialplan_directory' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_dialplan_directory'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Allows you to obtain a dialplan from a directory resource. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>dialplan xml</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_dialplan_xml' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_dialplan_xml'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Allows you to program dialplans in XML format. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>dialplan asterisk</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_dialplan_asterisk' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_dialplan_asterisk'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Allows you to create dialplans the old-fashioned way. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>yaml</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_yaml' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_yaml'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Allows you to program dialplans in YAML format. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Codec Interfaces</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>voipcodecs</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_voipcodecs' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_voipcodecs'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>g723_1</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_g723_1' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_g723_1'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "G.723.1 codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>g729</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_g729' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_g729'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "G729 codec is only supported in passthrough mode. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>amr</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_amr' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_amr'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "amr codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>amrwb</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_amrwb' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_amrwb'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "amrwb codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>ilbc</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_ilbc' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_ilbc'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "ILBC codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>speex</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_speex' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_speex'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Speex codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>siren</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_siren' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_siren'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Siren codec.<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>celt</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_celt' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_celt'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Celt codec. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>h26x</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_h26x' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_h26x'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "H26X signed linear codec. Video Pass-thru. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>File Format Interfaces</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>sndfile</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_sndfile' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_sndfile'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Multi-format file format transcoder (WAV, etc). <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>native file</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_native_file' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_native_file'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "File interface for codec specific file formats. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Streams / Files</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>shout</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_shout' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_shout'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "mp3 files and shoutcast streams. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>local stream</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_local_stream' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_local_stream'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "For local streams (play all the files in a directory). <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>tone stream</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_tone_stream' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_tone_stream'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Generate tone streams. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Languages</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey core db</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey_core_db' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey_core_db'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript SQLite support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey curl</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey_curl' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey_curl'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript CURL support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey odbc</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey_odbc' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey_odbc'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript ODBC support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey socket</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey_socket' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey_socket'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript SOCKET support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>spidermonkey teletone</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_spidermonkey_teletone' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_spidermonkey_teletone'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "JavaScript Teletone support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>perl</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_perl' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_perl'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Perl support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>python</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_python' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_python'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Python support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>java</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_java' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_java'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Java support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>lua</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_lua' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_lua'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Lua support. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>ASR / TTS</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>flite</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_flite' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_flite'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Free open source Text to Speech. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>pocketsphinx</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_pocketsphinx' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_pocketsphinx'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Free open source Speech Recognition. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>cepstral</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_cepstral' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_cepstral'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Links into Cepstral for dynamic sound output. Not available on this build. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - /* - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>openmrcp</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_openmrcp' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_openmrcp'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Module for an open MRCP implementation. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - */ - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>rss</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_rss' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_rss'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "Reads RSS feeds via a TTS engine. <br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - echo " <tr><td> </td></tr><tr><td class='listtopic' colspan='2'>Say</td></tr>\n"; - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say de</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_de' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_de'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say en</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_en' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_en'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say es</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_es' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_es'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say fr</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_fr' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_fr'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say it</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_it' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_it'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say nl</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_nl' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_nl'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say ru</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_ru' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_ru'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - - - echo " <tr>\n"; - echo " <td width='22%' valign='top' class='vncell'>say zh</td>\n"; - echo " <td width='78%' class='vtable'>\n"; - echo " <select name='mod_say_zh' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['mod_say_zh'])) { - case "enable": - echo " <option value='enable' selected='yes'>enable</option>\n"; - echo " <option value='disable'>disable</option>\n"; - break; - case "disable": - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - break; - default: - echo " <option value='enable'>enable</option>\n"; - echo " <option value='disable' selected='yes'>disable</option>\n"; - } - echo " </select><br />\n"; - echo "<br />\n"; - echo " </td>\n"; - echo " </tr>\n"; - -?> - - </table> - <!-- - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Show Advanced</td> - <td width="75%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">zzz</td> - <td width="75%" class="vtable"> - <input name="zzz" type="text" class="formfld" id="zzz" size="40" value="<?=htmlspecialchars($pconfig['zzz']);?>"> - <br /> <span class="vexpl">zzz<br /></span> - </td> - </tr> - </table> - </div> - --> - <br /><br /> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top"> </td> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php - $id = 0; - if (isset($id) && $a_modules[$id]) { - echo "<input name=\"id\" type=\"hidden\" value=\"".$id."\">\n"; - } - ?> - </td> - </tr> - </table> - </form> - - <br /> - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_profile_edit.tmp b/config/freeswitch_dev/v_profile_edit.tmp deleted file mode 100644 index 8058dcab..00000000 --- a/config/freeswitch_dev/v_profile_edit.tmp +++ /dev/null @@ -1,149 +0,0 @@ -<?php -/* $Id$ */ -/* - v_profile_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -$fd = fopen($v_conf_dir."/sip_profiles/".$_GET['f'], "r"); -$content = fread($fd, filesize($v_conf_dir."/sip_profiles/".$_GET['f'])); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Edit Profile</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_profiles.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Edit Profile<br> - </strong></span> - Use this to configure your SIP profiles. - </p> - </td> - <td align='right' valign='middle'>Filename: <input type="text" name="f" value="<?php echo $_GET['f']; ?>" /><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <?php - if ($v_path_show) { - echo $v_conf_dir."/sip_profiles/".$_GET['f']."</td>"; - } - ?> - <td align='right'> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='v_profiles.php?a=default&f=".$_GET['f']."';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_profiles.tmp b/config/freeswitch_dev/v_profiles.tmp deleted file mode 100644 index f3bdc873..00000000 --- a/config/freeswitch_dev/v_profiles.tmp +++ /dev/null @@ -1,221 +0,0 @@ -<?php -/* $Id$ */ -/* - v_profiles.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchextensions']['config']; - - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp ".$v_conf_dir.".orig/sip_profiles/".$_GET['f']." ".$v_conf_dir."/sip_profiles/".$_GET['f']); - $savemsg = "Restore Default"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen($v_conf_dir."/sip_profiles/".$_POST['f'], "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -if ($_GET['a'] == "del") { - if ($_GET['type'] == 'profile') { - //if ($a_profiles[$_GET['id']]) { - //unset($a_extensions[$_GET['id']]); - //write_config(); - - exec("rm ".$v_conf_dir."/sip_profiles/".$_GET['f']); - header("Location: v_profiles.php"); - exit; - //} - } -} - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Profiles</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_profiles.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Profiles<br> - </strong></span> - Use this to configure your SIP profiles. - </p></td> - </tr> - </table> - <br /> - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="25%" class="listhdrr">Name</td> - <td width="70%" class="listhdr">Description</td> - <td width="5%" class="list"> - </td> - </tr> - - - <?php - - foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$file){ - ?> - <tr> - <td class="listr" ondblclick="document.location='v_profile_edit.php?f=<?=$file;?>';" valign="middle"> - <?=$file;?> - </td> - <td class="listbg" ondblclick="document.location='v_profile_edit.php?f=<?=$file;?>';"> - <?php - - switch ($file) { - case "internal.xml": - echo "<font color='#FFFFFF'>"; - echo "The Internal profile by default requires registration which is most often used for extensions. "; - echo "By default the Internal profile binds to the WAN IP which is accessible to the internal network. "; - echo "A rule can be set from PFSense -> Firewall -> Rules -> WAN to the the WAN IP for port 5060 which "; - echo "enables phones register from outside the network."; - echo ""; - echo "</font>"; - echo " "; - break; - case "internal-ipv6.xml": - echo "<font color='#FFFFFF'>The Internal IPV6 profile binds to the IP version 6 address and is similar to the Internal profile.</font> "; - break; - case "external.xml": - echo "<font color='#FFFFFF'>"; - echo "The External profile handles outbound registrations to a SIP provider or other SIP Server. The SIP provider sends calls to you, and you "; - echo "send calls to your provider, through the external profile. The external profile allows anonymous calling, which is "; - echo "required as your provider will never authenticate with you to send you a call. Calls can be sent using a SIP URL \"my.domain.com:5080\" "; - echo "</font> "; - break; - case "lan.xml": - echo "<font color='#FFFFFF'>The LAN profile is the same as the Internal profile except that it is bound to the LAN IP.</font> "; - break; - default: - echo "<font color='#FFFFFF'>default</font> "; - } - ?> - </td> - <td valign="middle" nowrap class="list" valign="top"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_profile_edit.php?type=profile&f=<?=$file;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_profiles.php?type=profile&a=del&f=<?=$file;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - $i++; - } - - ?> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> - -<br> -<br> -<?php -if ($v_path_show) { - echo $v_conf_dir."/sip_profiles\n"; -} -?> -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_public.tmp b/config/freeswitch_dev/v_public.tmp deleted file mode 100644 index 3399f974..00000000 --- a/config/freeswitch_dev/v_public.tmp +++ /dev/null @@ -1,170 +0,0 @@ -<?php -/* $Id$ */ -/* - v_public.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = $config['installedpackages']['freeswitchprofiles']['config']; - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp ".$v_conf_dir.".orig/dialplan/public.xml ".$v_conf_dir."/dialplan/public.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen($v_conf_dir."/dialplan/public.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen($v_conf_dir."/dialplan/public.xml", "r"); -$content = fread($fd, filesize($v_conf_dir."/dialplan/public.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Public</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_public.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Public<br> - </strong></span> - Directs inbound calls to extensions, auto attendants, hunt groups, external numbers, voicemail, and scripts. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <?php - if ($v_path_show) { - echo $v_conf_dir."/dialplan/public.xml</td>"; - } - ?> - </td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='v_public.php?a=default&f=public.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_public_includes.tmp b/config/freeswitch_dev/v_public_includes.tmp deleted file mode 100644 index 8498329c..00000000 --- a/config/freeswitch_dev/v_public_includes.tmp +++ /dev/null @@ -1,289 +0,0 @@ -<?php -/* $Id$ */ -/* - v_public_includes.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -//v_public_includes - //publicincludeid - //extensionname - //context - //default - //enabled - //descr - -//v_public_include_details - - //publicincludeid - //tag - //condition - //action - //antiaction - //param - //tagorder - //1-20 - //fieldtype - - //fielddata - - -$a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; -$a_public_includes_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludes') { - - if ($a_public_includes[$_GET['id']]) { - - $publicincludeid = $a_public_includes[$_GET['id']][publicincludeid]; - - $extensionname = $a_public_includes[$_GET['id']][extensionname]; - $order = $a_public_includes[$_GET['id']][order]; - $publicincludefilename = $order."_".$extensionname.".xml"; - - //delete the public include details. aka. child data - if (count($a_public_includes_details) > 0) { - $i=0; - if (count($a_public_includes_details) > 0) { - foreach($a_public_includes_details as $row) { - if ($row["publicincludeid"] == $publicincludeid) { - //echo "child id: ".$i."<br />\n"; - unset($a_public_includes_details[$i]); - } - $i++; - } - } - } - - //if the public include xml file exists then delete it - if (file_exists($v_conf_dir."/dialplan/public/".$publicincludefilename)) { - unlink($v_conf_dir."/dialplan/public/".$publicincludefilename); - } - - unset($publicincludefilename); - unset($a_public_includes[$_GET['id']]); - write_config(); - sync_package_v_public_includes(); - header("Location: v_public_includes.php"); - exit; - } - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Public</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_public_includes.php" method="post" name="iform" id="iform"> -<?php - - -//echo "<pre>"; -//print_r ($a_public_includes); -//echo "</pre>"; - - -//if ($config_change == 1) { -// write_config(); -// $config_change = 0; -//} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The recordings have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td><span class="vexpl"><span class="red"><strong>Public - </strong></span></span> - </td> - <td align='right'> - <?php - echo "<input type='button' value='public.xml' alt='' onclick=\"document.location.href='".$v_relative_url."/v_public.php';\">\n"; - ?> - </td> - </tr> - <tr> - <td colspan='2'> - <span class="vexpl"> - The public dialplan is used to route incoming calls to destinations based on conditions and context. It can send incoming calls to IVRs, extensions, external numbers, and scripts. - </span> - </td> - - </tr> - </table> - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr">Extension Name</td> - <td width="25%" class="listhdrr">Order</td> - <td width="25%" class="listhdrr">Enabled</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_public_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - //create a temporary id for the array - $i = 0; - if (count($a_public_includes) > 0) { - foreach ($a_public_includes as $ent) { - $a_public_includes[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number($a, $b) { - if ($a["order"] > $b["order"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_includes) > 0) { usort($a_public_includes, "cmp_number"); } - - $i = 0; - if (count($a_public_includes) > 0) { - foreach ($a_public_includes as $ent) { - if (strlen($ent['extensionname'].$ent['enabled']) > 0) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_public_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['extensionname']?> - </td> - <td class="listlr" ondblclick="document.location='v_public_includes_edit.php?id=<?=$ent['id'];?>'"> - <?=$ent['order']?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_edit.php?id=<?=$ent['id'];?>';"> - <?=$ent['enabled'];?> - </td> - <td class="listbg" ondblclick="document.location='v_public_includes_edit.php?id=<?=$ent['id'];?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_public_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_public_includes.php?type=publicincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } //end if strlen - $i++; - } //end for each - } //end if count - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_public_includes_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - -</form> -<?php -if ($v_path_show) { - echo $v_conf_dir."/dialplan/public/"; -} -?> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_public_includes_details.tmp b/config/freeswitch_dev/v_public_includes_details.tmp deleted file mode 100755 index 680832e6..00000000 --- a/config/freeswitch_dev/v_public_includes_details.tmp +++ /dev/null @@ -1,50 +0,0 @@ -<?php -/* $Id$ */ -/* - v_public_includes_details.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludedetails') { - if ($a_public_include_details[$_GET['id']]) { - unset($a_public_include_details[$_GET['id']]); - write_config(); - sync_package_v_public_includes(); - //touch($d_hostsdirty_path); - header("Location: v_public_includes_edit.php?id=".$_GET['parentid']); - exit; - } - } -} - -?>
\ No newline at end of file diff --git a/config/freeswitch_dev/v_public_includes_details_edit.tmp b/config/freeswitch_dev/v_public_includes_details_edit.tmp deleted file mode 100644 index af5d723f..00000000 --- a/config/freeswitch_dev/v_public_includes_details_edit.tmp +++ /dev/null @@ -1,454 +0,0 @@ -<?php -/* $Id$ */ -/* - v_public_includes_details_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_public_includes_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -$parentid = $_GET['parentid']; -if (isset($_POST['parentid'])) { - $parentid = $_POST['parentid']; -} - -$publicincludeid = $_GET['publicincludeid']; -if (isset($_POST['publicincludeid'])) { - $publicincludeid = $_POST['publicincludeid']; -} - - - //publicincludeid - //tag - //condition - //action - //antiaction - //param - //fieldtype - //fielddata - //fieldorder - //000-999 - -if (isset($id) && $a_public_includes_details[$id]) { - $pconfig['publicincludeid'] = $a_public_includes_details[$id]['publicincludeid']; - $pconfig['tag'] = $a_public_includes_details[$id]['tag']; - $pconfig['fieldtype'] = $a_public_includes_details[$id]['fieldtype']; - $pconfig['fielddata'] = $a_public_includes_details[$id]['fielddata']; - $pconfig['fieldorder'] = $a_public_includes_details[$id]['fieldorder']; -} -//else { -// if (isset($_GET['a'])) { -// if ($_GET['a'] == "action"){ $pconfig['optionaction'] = "action"; } -// if ($_GET['a'] == "antiaction"){ $pconfig['optionaction'] = "anti-action"; } -// } -//} - - - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if (!$input_errors) { - - $ent = array(); - $ent['publicincludeid'] = $_POST['publicincludeid']; - $ent['tag'] = $_POST['tag']; - $ent['fieldtype'] = $_POST['fieldtype']; - $ent['fielddata'] = $_POST['fielddata']; - $ent['fieldorder'] = $_POST['fieldorder']; - - if (isset($id) && $a_public_includes_details[$id]) { - //update - $a_public_includes_details[$id] = $ent; - } - else { - //add - $a_public_includes_details[] = $ent; - } - - //touch($d_hostsdirty_path); - write_config(); - sync_package_v_public_includes(); - - header("Location: v_public_includes_edit.php?id=".$parentid); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Public: Details: Edit</p>\n"; -} - -if ($input_errors) { print_input_errors($input_errors); } - -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="v_public_includes_details_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Tag</td> - <td width="78%" class="vtable"> - <script type="text/javascript"> - function public_include_details_tag_onchange() { - var tag = document.getElementById("form_tag").value; - if (tag == "condition") { - document.getElementById("label_fieldtype").innerHTML = "Field"; - document.getElementById("label_fielddata").innerHTML = "Expression"; - } - else if (tag == "action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "anti-action") { - document.getElementById("label_fieldtype").innerHTML = "Application"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - else if (tag == "param") { - document.getElementById("label_fieldtype").innerHTML = "Name"; - document.getElementById("label_fielddata").innerHTML = "Value"; - } - if (tag == "") { - document.getElementById("label_fieldtype").innerHTML = "Type"; - document.getElementById("label_fielddata").innerHTML = "Data"; - } - } - </script> - <?php - echo " <select name='tag' class='formfld' id='form_tag' onchange='public_include_details_tag_onchange();'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['tag'])) { - case "condition": - echo " <option selected='yes'>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "action": - echo " <option>condition</option>\n"; - echo " <option selected='yes'>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "anti-action": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option selected='yes'>anti-action</option>\n"; - //echo " <option>param</option>\n"; - break; - case "param": - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option selected='yes'>param</option>\n"; - break; - default: - echo " <option>condition</option>\n"; - echo " <option>action</option>\n"; - echo " <option>anti-action</option>\n"; - //echo " <option>param</option>\n"; - } - echo " </select>\n"; - - //condition - //field expression - //action - //application - //data - //antiaction - //application - //data - //param - //name - //value - - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td> - <td width="78%" class="vtable"> - <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td> - <td width="78%" class="vtable"> - <input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>"> - <br> <span class="vexpl"></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Order</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='fieldorder' class='formfld'>\n"; - //echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['fieldorder']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['fieldorder'])."'>".htmlspecialchars($pconfig['fieldorder'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="publicincludeid" type="hidden" value="<?=$publicincludeid;?>"> - <input name="parentid" type="hidden" value="<?=$parentid;?>"> - <?php if (isset($id) && $a_public_includes_details[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - - <br /> - <br /> - <b>Example</b> - <br /> - <br /> - If the inbound call matches the DID 12085551234 then proceed to the action. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">condition</td></tr> - <tr><th class="vncellreq" align="left">Type:</th><td class="vtable">destination_number</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">^(12085551234)$</td></tr> - </table> - - <br /> - <br /> - - Transfer the inbound call to an auto attendant with extension of 5000. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr> - <tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">5000 XML default</td></tr> - </table> - - <br /> - <br /> - - Or transfer the inbound call to extension 1001. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr> - <tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">1001 XML default</td></tr> - </table> - - <br /> - <br /> - - Or bridge the inbound call a SIP URI. - <br /> - <br /> - <table cellpadding='3'> - <tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr> - <tr><th class="vncellreq" align="left">Application:</th><td class="vtable">bridge</td></tr> - <tr><th class="vncellreq" align="left">Data:</th><td class="vtable">sofia/internal/*98@${domain}</td></tr> - </table> - - <br /> - <br /> - <br /> - - <br /> - <b>SIP URI examples:</b> - <br /> - <br /> - voicemail: sofia/internal/*98@${domain}<br /> - external number: sofia/gateway/gatewayname/12081231234<br /> - auto attendant: sofia/internal/5002@${domain}<br /> - user: /user/1001@${domain}<br /> - <br /> - <br /> - <br /> - - <b>Conditions</b> - <br /> - <br /> - Conditions are pattern matching tags that help FreeSwitch decide if the current call should be processed in this extension or not. When matching conditions against the current call you have several <b>fields</b> that you can compare against. - <ul> - <li><b>context</b></li> - <li><b>rdnis</b> Redirected Number, the directory number to which the call was last presented.</li> - <li><b>destination_number</b> Called Number, the number this call is trying to reach (within a given context)</li> - <li><b>public</b> Name of the public module that are used, the name is provided by each public module. Example: XML</li> - <li><b>caller_id_name</b> Name of the caller (provided by the User Agent that has called us).</li> - <li><b>caller_id_number</b> Directory Number of the party who called (callee) -- can be masked (hidden)</li> - <li><b>ani</b> Automatic Number Identification, the number of the calling party (callee) -- cannot be masked</li> - <li><b>ani2</b> The type of device placing the call [1]</li> - <li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li> - <li><b>source</b> Name of the FreeSwitch module that received the call (e.g. PortAudio)</li> - <li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li> - <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li> - </ul> - In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args} - <br /> - <br /> - Variables may be used in either the field or the expression, as follows - - <br /> - <br /> - <br /> - <br /> - - <b>Action and Anti-Actions</b> - <br /> - <br /> - Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>. - <?php - if ($v_path_show) { - echo "Additional information on applications for Actions and Anti-Actions.<br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>\n"; - echo "<br />\n"; - echo "<a href='http://wiki.freeswitch.org/wiki/public_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/public_Functions</a>\n"; - } - ?> - - - <br /> - <br /> - <br /> - The following is a partial list of <b>applications</b>. - <ul> - <li><b>answer</b> answer the call</li> - <li><b>bridge</b> bridge the call<li> - <li><b>cond</b></li> - <li><b>db</b> is a a runtime database either sqlite by default or odbc</li> - <li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li> - <li><b>group</b> allows grouping of several extensions for things like ring groups</li> - <li><b>expr</b></li> - <li><b>hangup</b> hangs up the call</li> - <li><b>info</b> sends call info to the console</li> - <li><b>javascript</b> run javascript .js files</li> - <li><b>playback</b></li> - <li><b>reject</b> reject the call</li> - <li><b>respond</b></li> - <li><b>ring_ready</b></li> - <li><b>set</b> set a variable</li> - <li><b>set_user</b></li> - <li><b>sleep</b></li> - <li><b>sofia_contact</b></li> - <li><b>transfer</b> transfer the call to another extension or number<li> - <li><b>voicemail</b> send the call to voicemail</li> - </ul> - - - <br /> - <br /> - - <!-- - <b>Param</b> - Example parameters by name and value<br /> - - <?php - if ($v_path_show) { - echo "<a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>\n"; - } - ?> - <ul> - <li><b>codec-ms</b> 20</li> - <li><b>codec-prefs</b> PCMU@20i</li> - <li><b>debug</b> 1</li> - <li><b>public</b> XML</li> - <li><b>dtmf-duration</b> 100</li> - <li><b>rfc2833-pt</b>" 101</li> - <li><b>sip-port</b> 5060</li> - <li><b>use-rtp-timer</b> true</li> - </ul> - <br /> - <br /> - --> - - - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_public_includes_edit.tmp b/config/freeswitch_dev/v_public_includes_edit.tmp deleted file mode 100644 index cf6bc88a..00000000 --- a/config/freeswitch_dev/v_public_includes_edit.tmp +++ /dev/null @@ -1,546 +0,0 @@ -<?php -/* $Id$ */ -/* - v_public_includes_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - - -//freeswitchpublicincludes - //publicincludeid - //extensionname - //context - //default - //enabled - //descr - -// - - - -$a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config']; -$a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config']; - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} -$parentid = $id; - - - -if (isset($id) && $a_public_includes[$id]) { - $pconfig['publicincludeid'] = $a_public_includes[$id]['publicincludeid']; - $publicincludeid = $a_public_includes[$id]['publicincludeid']; - $pconfig['extensionname'] = $a_public_includes[$id]['extensionname']; - $pconfig['order'] = $a_public_includes[$id]['order']; - $pconfig['context'] = $a_public_includes[$id]['context']; - $pconfig['enabled'] = $a_public_includes[$id]['enabled']; - $pconfig['descr'] = $a_public_includes[$id]['descr']; - $pconfig['opt1name'] = $a_public_includes[$id]['opt1name']; - $pconfig['opt1value'] = $a_public_includes[$id]['opt1value']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - if ($_GET['act'] == "del") { - if ($_GET['type'] == 'publicincludedetails') { - if ($a_public_include_details[$_GET['id']]) { - unset($a_public_include_details[$_GET['id']]); - write_config(); - sync_package_v_public_includes(); - header("Location: v_public_include_edit.php?id=".$_GET['id']); - exit; - } - } - } - - - if (!$input_errors) { - - $ent = array(); - if (strlen($_POST['publicincludeid']) > 0) { - //update - $ent['publicincludeid'] = $_POST['publicincludeid']; - } - else { - //add - $ent['publicincludeid'] = guid(); - } - $ent['extensionname'] = $_POST['extensionname']; - $ent['order'] = $_POST['order']; - //$ent['context'] = $_POST['context']; - $ent['context'] = 'default'; - $ent['enabled'] = $_POST['enabled']; - $ent['descr'] = $_POST['descr']; - $ent['opt1name'] = $_POST['opt1name']; - $ent['opt1value'] = $_POST['opt1value']; - - - - if (isset($id) && $a_public_includes[$id]) { - $a_public_includes = $config['installedpackages']['freeswitchpublicincludes']['config']; - if (count($a_public_includes) > 0) { - foreach($a_public_includes as $rowhelper) { - - //$rowhelper['publicincludeid']; - //$rowhelper['extensionname']; - //$rowhelper['context']; - //$rowhelper['enabled']; - - $filenamechanged = false; - if ($rowhelper['publicincludeid'] == $_POST['publicincludeid']) { - - if ($rowhelper['extensionname'] != $_POST['extensionname']) { - //if the extension name has changed then remove the current public xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($rowhelper['order'] != $_POST['order']) { - //if the order has changed then remove the current public xml file - //to prepare for the new file - $filenamechanged = true; - } - if ($_POST['enabled'] == "false") { - //if the extension name is disabled then remove the public xml file - $filenamechanged = true; - } - if ($filenamechanged){ - $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml"; - if (file_exists($v_conf_dir."/dialplan/public/".$publicincludefilename)) { - unlink($v_conf_dir."/dialplan/public/".$publicincludefilename); - } - unset($publicincludefilename); - } - - } - unset($filenamechanged); - - } //end foreach - } //end if count - - //update the config - $a_public_includes[$id] = $ent; - } - else { - //add to the config - $a_public_includes[] = $ent; - } - - - write_config(); - sync_package_v_public_includes(); - - header("Location: v_public_includes.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Public: Edit</p>\n"; -} - -if ($input_errors) print_input_errors($input_errors); - -?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Public:<br> - </strong></span> - Public Include general settings. - </span></p></td> - </tr> - </table> - <br /> - - <form action="v_public_includes_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Extension Name</td> - <td width="78%" class="vtable"> - <input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>"> - <br /> - Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'. - </td> - </tr> - <!-- - <tr> - <td width="22%" valign="top" class="vncellreq">Context</td> - <td width="78%" class="vtable"> - <input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>"> - <br /> - e.g. default - </td> - </tr> - --> - - <tr> - <td width="22%" valign="top" class="vncellreq">Enabled</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='enabled' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['enabled'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select>\n"; - ?> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq">Order</td> - <td width="78%" class="vtable"> - <?php - - echo " <select name='order' class='formfld'>\n"; - echo " <option></option>\n"; - if (strlen(htmlspecialchars($pconfig['order']))> 0) { - echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n"; - } - $i=0; - while($i<=999) { - if (strlen($i) == 1) { - echo " <option value='00$i'>00$i</option>\n"; - } - if (strlen($i) == 2) { - echo " <option value='0$i'>0$i</option>\n"; - } - if (strlen($i) == 3) { - echo " <option value='$i'>$i</option>\n"; - } - - $i++; - } - echo " </select>\n"; - ?> - <br /> - Processing of each public include is determined by this order. - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="publicincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['publicincludeid']);?>"> - <?php - if (strlen($id) > 0 && $a_public_includes[$id]) { - echo "\n"; - echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n"; - echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n"; - echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n"; - } - ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - - <form action="v_public_includes_edit.php" method="post" name="iform2" id="iform2"> - <?php - - //echo "<pre>"; - //print_r ($a_public_includes); - //echo "</pre>"; - - //if ($savemsg) print_info_box($savemsg); - //if (file_exists($d_hostsdirty_path)): echo"<p>"; - //print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); - //echo"<br />"; - //endif; - - //create a temporary id for the array - $i = 0; - if (count($a_public_include_details) > 0) { - foreach ($a_public_include_details as $ent) { - $a_public_include_details[$i]['id'] = $i; - $i++; - } - } - - //order the array - function cmp_number_public_details($a, $b) { - if ($a["fieldorder"] > $b["fieldorder"]) { - return 1; - } - else { - return 0; - } - } - if (count($a_public_include_details) > 0) { usort($a_public_include_details, "cmp_number_public_details"); } - - ?> - - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br /> - </strong></span> - The following conditions, actions and anti-actions are used in the public to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension. - </span></p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40" class="listhdrr">Tag</td> - <td width="40" class="listhdrr">Type</td> - <td width="50%" class="listhdrr">Data</td> - <td width="40" class="listhdrr">Order</td> - <td width="40" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_public_includes_details_edit.php?parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - <?php - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "condition" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "action" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "anti-action" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - - $i = 0; - if (count($a_public_include_details) > 0) { - - foreach ($a_public_include_details as $ent) { - if ($ent['tag'] == "param" && $publicincludeid == $ent['publicincludeid']) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>'"> - <?=$ent['tag']?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldtype'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fielddata'];?> - </td> - <td class="listr" ondblclick="document.location='v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';"> - <?=$ent['fieldorder'];?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_public_includes_details_edit.php?id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_public_includes_details.php?type=publicincludedetails&act=del&id=<?=$ent['id'];?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - $i++; - } - } - ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_public_includes_details_edit.php?parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>&a=action"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="4"></td> - <td class="list"></td> - </tr> - </table> - - </form> - - - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_recordings.tmp b/config/freeswitch_dev/v_recordings.tmp deleted file mode 100644 index b8b58419..00000000 --- a/config/freeswitch_dev/v_recordings.tmp +++ /dev/null @@ -1,508 +0,0 @@ -<?php -/* $Id$ */ -/* - v_recordings.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; -$dir_music_on_hold_8000 = $v_dir.'/sounds/music/8000/'; - -if ($_GET['a'] == "download") { - - session_cache_limiter('public'); - - if ($_GET['type'] = "rec") { - if (file_exists($v_recordings_dir.'/'.$_GET['filename'])) { - $fd = fopen($v_recordings_dir.'/'.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - header("Content-Type: audio/x-wav"); - } - if ($file_ext == "mp3") { - header("Content-Type: audio/mp3"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($v_recordings_dir.'/'.$_GET['filename'])); - fpassthru($fd); - } - } - - if ($_GET['type'] = "moh") { - if (file_exists($dir_music_on_hold_8000.$_GET['filename'])) { - $fd = fopen($dir_music_on_hold_8000.$_GET['filename'], "rb"); - if ($_GET['t'] == "bin") { - header("Content-Type: application/force-download"); - header("Content-Type: application/octet-stream"); - header("Content-Type: application/download"); - header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); - } - else { - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - header("Content-Type: audio/x-wav"); - } - if ($file_ext == "mp3") { - header("Content-Type: audio/mp3"); - } - } - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Content-Length: " . filesize($dir_music_on_hold_8000.$_GET['filename'])); - fpassthru($fd); - } - } - - exit; -} -else { - //echo $v_recordings_dir.'/'.$_GET['filename']; -} - -if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { - - if ($_POST['type'] == 'moh') { - move_uploaded_file($_FILES['ulfile']['tmp_name'], $dir_music_on_hold_8000 . $_FILES['ulfile']['name']); - $savemsg = "Uploaded file to $dir_music_on_hold_8000" . htmlentities($_FILES['ulfile']['name']); - //system('chmod -R 744 $dir_music_on_hold_8000*'); - unset($_POST['txtCommand']); - } - if ($_POST['type'] == 'rec') { - move_uploaded_file($_FILES['ulfile']['tmp_name'], $v_recordings_dir.'/' . $_FILES['ulfile']['name']); - $savemsg = "Uploaded file to ".$v_recordings_dir."/". htmlentities($_FILES['ulfile']['name']); - //system('chmod -R 744 $v_recordings_dir*'); - unset($_POST['txtCommand']); - } -} - - - - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'rec') { - if ($_GET['id']) { - unlink_if_exists($v_recordings_dir."/".$_GET['filename']); - unset($a_recordings[$_GET['id']]); - write_config(); - header("Location: v_recordings.php"); - exit; - } - } - - if ($_GET['type'] == 'moh') { - unlink_if_exists($dir_music_on_hold_8000.$_GET['filename']); - header("Location: v_recordings.php"); - exit; - } - -} - - - -include("head.inc"); - -?> - -<script> -function EvalSound(soundobj) { - var thissound= eval("document."+soundobj); - thissound.Play(); -} -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Recordings</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<?php - - -//build a list of recordings from the config.xml -$config_recording_list = ''; -$i = 0; -if (count($a_recordings) > 0) { - foreach ($a_recordings as $recordingent) { - $config_recording_list .= $recordingent['filename']."|"; - $i++; - } -} - - - -$config_change = 0; -if (is_dir($v_recordings_dir.'/')) { - if ($dh = opendir($v_recordings_dir.'/')) { - while (($file = readdir($dh)) !== false) { - if (filetype($v_recordings_dir.'/' . $file) == "file") { - - if (strpos($config_recording_list, $file) === false) { - - //$handle = fopen($v_recordings_dir.'/'.$file,'rb'); - //$file_content = fread($handle,filesize($v_recordings_dir.'/'.$file)); - //fclose($handle); - - $a_file = split("\.", $file); - - $recordingent = array(); - $recordingent['filename'] = $file; - $recordingent['recordingname'] = $a_file[0]; - $recordingent['recordingid'] = guid(); - //$recordingent['filecontent'] = base64_encode($file_content); - $recordingent['descr'] = 'Auto'; - - $a_recordings[] = $recordingent; - write_config(); - - unset($file_content); - - } - else { - //echo "The file was found.<br/>"; - } - - } - } - closedir($dh); - } -} - - - -//saved for future use if and when config.xml scales well - //enough to save the files inside it -//$i = 0; -//if (count($a_recordings) > 0) { -// foreach ($a_recordings as $recordingent) { - -// if (!is_file($v_recordings_dir.'/'.$recordingent['filename'])) { - //echo "not found: ".$recordingent['filename']."<br />"; - - //recording not found restore the file from the config.xml - //$file_content = $recordingent['filecontent']; - //$handle = fopen($v_recordings_dir.'/'.$recordingent['filename'],'w'); - //fwrite ($handle, base64_decode($file_content)); - //unset($file_content); - //fclose($handle); - //$recordingent['filecontent'] = base64_encode($file_content); - - // loop through recordings in the config.xml - // if the file does not exist remove it from the file system. - //unset($a_recordings[$i]); - -// $config_change = 1; -// } -// else { - //echo "found: ".$recordingent['filename']."<br />"; -// } - -// $i++; -// } -//} - -if ($config_change == 1) { - write_config(); - $config_change = 0; -} - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Recordings:<br> - </strong></span> - To make a recording dial *732673 (record) or you can make a - 16bit 8khz/16khz Mono WAV file then copy it to the - following directory then refresh the page to play it back. - Click on the 'Filename' to download it or the 'Recording Name' to - play the audio. - </span></p></td> - </tr> - </table> - - <br /> - - <div id="niftyOutter"> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0'> - <tr> - <td width='50%'> - <?php - if ($v_path_show) { - echo "<b>location:</b>"; - echo $v_recordings_dir.'/'; - } - ?> - </td> - <td valign="top" class="label"> - <input name="type" type="hidden" value="rec"> - </td> - <td align="right">File to upload:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="button" id="ulfile"> - <input name="submit" type="submit" class="button" id="upload" value="Upload"> - </td> - </tr> - </table> - </div> - </form> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="30%" class="listhdrr">Filename (download)</td> - <td width="30%" class="listhdrr">Recording Name (play)</td> - <td width="30%" class="listhdr">Description</td> - <td width="10%" class="list"> - <!-- - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_recordings_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - --> - </td> - </tr> - - <?php - $i = 0; - if (count($a_recordings) > 0) { - foreach ($a_recordings as $recordingent) { - if (strlen($recordingent['filename']) > 0) { - ?> - <tr> - <td class="listlr" ondblclick="document.location='v_recordings_edit.php?id=<?=$i;?>'"> - <a href="v_recordings.php?a=download&type=rec&t=bin&filename=<?=$recordingent['filename'];?>"> - <?=$recordingent['filename']?> - </a> - </td> - <td class="listr" ondblclick="document.location='v_recordings_edit.php?id=<?=$i;?>';"> - <a href="javascript:void(0);" onclick="window.open('v_recordings_play.php?a=download&type=rec&filename=<?=$recordingent['filename'];?>', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')"> - <?=$recordingent['recordingname'];?> - </a> - </td> - <td class="listbg" ondblclick="document.location='v_recordings_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"><?=htmlspecialchars($recordingent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="v_recordings_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="v_recordings.php?type=rec&act=del&id=<?=$i;?>&filename=<?=$recordingent['filename'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php - } - else { - //clean up blank entries - unset($a_recordings[$i]); - write_config(); - } - - $i++; - } //end for each - } //end count - ?> - - <!-- - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="v_recordings_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - --> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - - - - <br /> - <br /> - <br /> - - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Music on Hold:<br> - </strong></span> - Music on hold can be in WAV or MP3 format. To play an MP3 file you must have - mod_shout enabled on the 'Modules' tab. You can adjust the volume of the MP3 - audio from the 'Settings' tab. For best performance upload 16bit 8khz/16khz Mono WAV files. - <!--Click on the 'Filename' to download it or the 'Recording Name' to - play the audio.--> - </span></p></td> - </tr> - </table> - - <br /> - - <div id="niftyOutter"> - <form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> - <table border='0'> - <tr> - <td width='50%'> - <?php - if ($v_path_show) { - echo "<b>location:</b>"; - echo $dir_music_on_hold_8000; - } - ?> - </td> - <td valign="top" class="label"> - <input name="type" type="hidden" value="moh"> - </td> - <td align="right">File to upload:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="button" id="ulfile"> - <input name="submit" type="submit" class="button" id="upload" value="Upload"> - </td> - </tr> - </table> - </div> - </form> - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="28%" class="listhdrr">File Name (download)</td> - <td width="28%" class="listhdrr">Name (play)</td> - <td width="25%" class="listhdr">Last Modified</td> - <td width="10%" class="listhdr" nowrap>Size</td> - </tr> - - <?php - - if ($handle = opendir($dir_music_on_hold_8000)) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != ".." && is_file($dir_music_on_hold_8000.$file)) { - - $tmp_filesize = filesize($dir_music_on_hold_8000.$file); - $tmp_filesize = byte_convert($tmp_filesize); - - echo "<tr>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"v_recordings.php?a=download&type=moh&t=bin&filename=".$file."\">\n"; - echo " $file"; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " <a href=\"javascript:void(0);\" onclick=\"window.open('v_recordings_play.php?a=download&type=moh&filename=".$file."', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')\">\n"; - $tmp_file_array = split("\.",$file); - echo " ".$tmp_file_array[0]; - echo " </a>"; - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo date ("F d Y H:i:s", filemtime($dir_music_on_hold_8000.$file)); - echo " </td>\n"; - echo " <td class=\"listlr\" ondblclick=\"\">\n"; - echo " ".$tmp_filesize; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - //echo " <td valign=\"middle\"><a href=\"v_recordings.php?id=$i\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"v_recordings.php?type=moh&act=del&filename=".$file."\" onclick=\"return confirm('Do you really want to delete this file?')\"><img src=\"/themes/". $g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo "</tr>\n"; - - } - } - closedir($handle); - } - ?> - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_recordings_edit.tmp b/config/freeswitch_dev/v_recordings_edit.tmp deleted file mode 100644 index f5547ba3..00000000 --- a/config/freeswitch_dev/v_recordings_edit.tmp +++ /dev/null @@ -1,174 +0,0 @@ -<?php -/* $Id$ */ -/* - v_recordings_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config']; - - -$id = $_GET['id']; -if (isset($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_recordings[$id]) { - $pconfig['filename'] = $a_recordings[$id]['filename']; - $pconfig['recordingname'] = $a_recordings[$id]['recordingname']; - $pconfig['recordingid'] = $a_recordings[$id]['recordingid']; - $pconfig['descr'] = $a_recordings[$id]['descr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - - $recordingent = array(); - $recordingent['recordingname'] = $_POST['recordingname']; - $recordingent['descr'] = $_POST['descr']; - - - if (isset($id) && $a_recordings[$id]) { - //update - if (strlen($_POST['recordingid']) > 0) { - $recordingent['recordingid'] = $_POST['recordingid']; - } - else { - $recordingent['recordingid'] = guid(); - } - - $recordingent['filename'] = $_POST['filename']; - - //if file name is not the same then rename the file - if ($_POST['filename'] != $_POST['filename_orig']) { - rename($v_recordings_dir.$_POST['filename_orig'], $v_recordings_dir.$_POST['filename']); - } - $a_recordings[$id] = $recordingent; - } - else { - //add - $recordingent['filename'] = $_POST['filename']; - $a_recordings[] = $recordingent; - } - - write_config(); - - header("Location: v_recordings.php"); - exit; - } -} - -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Recordings: Edit</p>\n"; -} -?> - -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <br /> - <form action="v_recordings_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Filename</td> - <td width="78%" class="vtable"> - <input name="filename" type="text" class="formfld" id="filename" size="40" value="<?=htmlspecialchars($pconfig['filename']);?>"> - <br> <span class="vexpl">Name of the file<br> - e.g. <em>example.wav</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Recording Name</td> - <td width="78%" class="vtable"> - <input name="recordingname" type="text" class="formfld" id="recordingname" size="40" value="<?=htmlspecialchars($pconfig['recordingname']);?>"> - <br> <span class="vexpl">Recording Name<br> - e.g. <em>recordingx</em></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_recordings[$id]): ?> - <input name="filename_orig" type="hidden" value="<?=htmlspecialchars($pconfig['filename']);?>"> - <input name="id" type="hidden" value="<?=$id;?>"> - <input name="recordingid" type="hidden" value="<?=htmlspecialchars($pconfig['recordingid']);?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_recordings_play.tmp b/config/freeswitch_dev/v_recordings_play.tmp deleted file mode 100644 index 1794b036..00000000 --- a/config/freeswitch_dev/v_recordings_play.tmp +++ /dev/null @@ -1,69 +0,0 @@ -<?php -/* $Id$ */ -/* - v_recordings_play.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("/usr/local/pkg/v_config.inc"); - -$filename = $_GET['filename']; -$type = $_GET['type']; //moh //rec - -?> -<html> -<head> -</head> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align='center'> - <b>file: <?=$filename?></b> - </td> - </tr> - <tr> - <td align='center'> - <?php - - $file_ext = substr($_GET['filename'], -3); - if ($file_ext == "wav") { - echo "<embed src=\"v_recordings.php?a=download&type=".$type."&filename=".$filename."\" autostart=true width=200 height=40 name=\"sound".$$filename."\" enablejavascript=\"true\">\n"; - } - if ($file_ext == "mp3") { - echo "<object type=\"application/x-shockwave-flash\" width=\"400\" height=\"17\" data=\"slim.swf?autoplay=true&song_title=".urlencode($filename)."&song_url=".urlencode($v_relative_url."/v_recordings.php?a=download&type=".$type."&filename=".$filename)."\">\n"; - echo "<param name=\"movie\" value=\"slim.swf?autoplay=true&song_url=".urlencode($v_relative_url."/v_recordings.php?a=download&type=".$type."&filename=".$filename)."\" />\n"; - echo "<param name=\"quality\" value=\"high\"/>\n"; - echo "<param name=\"bgcolor\" value=\"#E6E6E6\"/>\n"; - echo "</object>\n"; - } - - ?> - </td> - </tr> -</table> - -</body> -</html> diff --git a/config/freeswitch_dev/v_settings.tmp b/config/freeswitch_dev/v_settings.tmp deleted file mode 100644 index b9cad0e8..00000000 --- a/config/freeswitch_dev/v_settings.tmp +++ /dev/null @@ -1,396 +0,0 @@ -<?php -/* $Id$ */ -/* - v_settings.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -$a_settings = &$config['installedpackages']['freeswitchsettings']['config']; - -//$id = $_GET['id']; -//if (isset($_POST['id'])) { -// $id = $_POST['id']; -//} -$id = 0; - -if (isset($id) && $a_settings[$id]) { - - $pconfig['numbering_plan'] = $a_settings[$id]['numbering_plan']; - $pconfig['default_gateway'] = $a_settings[$id]['default_gateway']; - $pconfig['default_area_code'] = $a_settings[$id]['default_area_code']; - $pconfig['event_socket_port'] = $a_settings[$id]['event_socket_port']; - $pconfig['event_socket_password'] = $a_settings[$id]['event_socket_password']; - $pconfig['xml_rpc_http_port'] = $a_settings[$id]['xml_rpc_http_port']; - $pconfig['xml_rpc_auth_realm'] = $a_settings[$id]['xml_rpc_auth_realm']; - $pconfig['xml_rpc_auth_user'] = $a_settings[$id]['xml_rpc_auth_user']; - $pconfig['xml_rpc_auth_pass'] = $a_settings[$id]['xml_rpc_auth_pass']; - $pconfig['admin_pin'] = $a_settings[$id]['admin_pin']; - $pconfig['smtphost'] = $a_settings[$id]['smtphost']; - $pconfig['smtpsecure'] = $a_settings[$id]['smtpsecure']; - $pconfig['smtpauth'] = $a_settings[$id]['smtpauth']; - $pconfig['smtpusername'] = $a_settings[$id]['smtpusername']; - $pconfig['smtppassword'] = $a_settings[$id]['smtppassword']; - $pconfig['smtpfrom'] = $a_settings[$id]['smtpfrom']; - $pconfig['smtpfromname'] = $a_settings[$id]['smtpfromname']; - $pconfig['mod_shout_decoder'] = $a_settings[$id]['mod_shout_decoder']; - $pconfig['mod_shout_volume'] = $a_settings[$id]['mod_shout_volume']; - -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - - if (!$input_errors) { - - $ent = array(); - $ent['numbering_plan'] = $_POST['numbering_plan']; - $ent['default_gateway'] = $_POST['default_gateway']; - $ent['default_area_code'] = $_POST['default_area_code']; - $ent['event_socket_port'] = $_POST['event_socket_port']; - $ent['event_socket_password'] = $_POST['event_socket_password']; - $ent['xml_rpc_http_port'] = $_POST['xml_rpc_http_port']; - $ent['xml_rpc_auth_realm'] = $_POST['xml_rpc_auth_realm']; - $ent['xml_rpc_auth_user'] = $_POST['xml_rpc_auth_user']; - $ent['xml_rpc_auth_pass'] = $_POST['xml_rpc_auth_pass']; - $ent['admin_pin'] = $_POST['admin_pin']; - $ent['smtphost'] = $_POST['smtphost']; - $ent['smtpsecure'] = $_POST['smtpsecure']; - $ent['smtpauth'] = $_POST['smtpauth']; - $ent['smtpusername'] = $_POST['smtpusername']; - $ent['smtppassword'] = $_POST['smtppassword']; - $ent['smtpfrom'] = $_POST['smtpfrom']; - $ent['smtpfromname'] = $_POST['smtpfromname']; - $ent['mod_shout_decoder'] = $_POST['mod_shout_decoder']; - $ent['mod_shout_volume'] = $_POST['mod_shout_volume']; - - - if (isset($id) && $a_settings[$id]) { - //update - $a_settings[$id] = $ent; - } - else { - //add - $a_settings[] = $ent; - } - v_settings(); //add the global variables - write_config(); - sync_package_v_settings(); - - //header("Location: v_extensions.php"); - //exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -} - -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Settings</p>\n"; -} -?> -<?php if ($input_errors) print_input_errors($input_errors); ?> - - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>Settings<br /> - </strong></span> - <?php - //if ($v_path_show) { - // echo $v_conf_dir."/directory/default/\n"; - //} - ?> - </p></td> - </tr> - </table> - --> - <br /> - - <form action="v_settings.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - - <tr> - <td width="25%" valign="top" class="vncell">Numbering Plan</td> - <td width="75%" class="vtable"> - <input name="numbering_plan" type="text" class="formfld" id="numbering_plan" size="40" value="<?=htmlspecialchars($pconfig['numbering_plan']);?>"> - <br /><span class="vexpl">Enter the numbering plan here. example: US<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Default Gateway</td> - <td width="75%" class="vtable"> - <input name="default_gateway" type="text" class="formfld" id="default_gateway" size="40" value="<?=htmlspecialchars($pconfig['default_gateway']);?>"> - <br /><span class="vexpl">Enter the default gateway name here.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Default Area Code</td> - <td width="75%" class="vtable"> - <input name="default_area_code" type="text" class="formfld" id="default_area_code" size="40" value="<?=htmlspecialchars($pconfig['default_area_code']);?>"> - <br /><span class="vexpl">Enter the area code here. example: 208<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Event Socket Port</td> - <td width="75%" class="vtable"> - <input name="event_socket_port" type="text" class="formfld" id="event_socket_port" size="40" value="<?=htmlspecialchars($pconfig['event_socket_port']);?>"> - <br /><span class="vexpl">Enter the event socket port here. default: 8021<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Event Socket Password</td> - <td width="75%" class="vtable"> - <input name="event_socket_password" type="password" class="formfld" id="event_socket_password" size="40" value="<?=htmlspecialchars($pconfig['event_socket_password']);?>"> - <br /><span class="vexpl">Enter the event socket password here. default: 7e4d3i<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">XML RPC HTTP Port</td> - <td width="75%" class="vtable"> - <input name="xml_rpc_http_port" type="text" class="formfld" id="xml_rpc_http_port" size="40" value="<?=htmlspecialchars($pconfig['xml_rpc_http_port']);?>"> - <br /><span class="vexpl">Enter the XML RPC HTTP Port here. default: 8787<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">XML RPC Auth Realm</td> - <td width="75%" class="vtable"> - <input name="xml_rpc_auth_realm" type="text" class="formfld" id="xml_rpc_auth_realm" size="40" value="<?=htmlspecialchars($pconfig['xml_rpc_auth_realm']);?>"> - <br /><span class="vexpl">Enter the XML RPC Auth Realm here. default: <?php echo $v_name; ?><br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">XML RPC Auth User</td> - <td width="75%" class="vtable"> - <input name="xml_rpc_auth_user" type="text" class="formfld" id="xml_rpc_auth_user" size="40" value="<?=htmlspecialchars($pconfig['xml_rpc_auth_user']);?>"> - <br /><span class="vexpl">Enter the XML RPC Auth User here. default: xmlrpc<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">XML RPC Auth Password</td> - <td width="75%" class="vtable"> - <input name="xml_rpc_auth_pass" type="password" class="formfld" id="xml_rpc_auth_pass" size="40" value="<?=htmlspecialchars($pconfig['xml_rpc_auth_pass']);?>"> - <br /><span class="vexpl">Enter the XML RPC Auth Password here. default: 7e4d3i<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Admin PIN Number</td> - <td width="75%" class="vtable"> - <input name="admin_pin" type="password" class="formfld" id="admin_pin" size="40" value="<?=htmlspecialchars($pconfig['admin_pin']);?>"> - <br /><span class="vexpl">Enter a admin pin number. Used to authenticate the admin from the phone.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">SMTP Host</td> - <td width="75%" class="vtable"> - <input name="smtphost" type="text" class="formfld2" id="smtphost" size="40" value="<?=htmlspecialchars($pconfig['smtphost']);?>"> - <br /><span class="vexpl">Enter the SMTP host address. example: smtp.gmail.com:465<br /></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">SMTP Secure</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='smtpsecure' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['smtpsecure'])) { - case "none": - echo " <option value='none' selected='yes'>none</option>\n"; - echo " <option value='tls'>tls</option>\n"; - echo " <option value='ssl'>ssl</option>\n"; - break; - case "tls": - echo " <option value='none'>none</option>\n"; - echo " <option value='tls' selected='yes'>tls</option>\n"; - echo " <option value='ssl'>ssl</option>\n"; - break; - case "ssl": - echo " <option value='none'>none</option>\n"; - echo " <option value='tls'>tls</option>\n"; - echo " <option value='ssl' selected='yes'>ssl</option>\n"; - break; - default: - echo " <option value='' selected='yes'>none</option>\n"; - echo " <option value='tls'>tls</option>\n"; - echo " <option value='ssl'>ssl</option>\n"; - } - echo " </select><br />\n"; - echo "Select the SMTP security. None, TLS, SSL<br />"; - ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">SMTP Auth</td> - <td width="78%" class="vtable"> - <?php - echo " <select name='smtpauth' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($pconfig['smtpauth'])) { - case "true": - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - break; - case "false": - echo " <option value='true'>true</option>\n"; - echo " <option value='false' selected='yes'>false</option>\n"; - - break; - default: - echo " <option value='true' selected='yes'>true</option>\n"; - echo " <option value='false'>false</option>\n"; - } - echo " </select><br />\n"; - echo "Use SMTP Authentication true or false.<br />"; - ?> - </td> - </tr> - - <tr> - <td width="25%" valign="top" class="vncell">SMTP Username</td> - <td width="75%" class="vtable"> - <input name="smtpusername" type="text" class="formfld" id="smtpusername" size="40" value="<?=htmlspecialchars($pconfig['smtpusername']);?>"> - <br /><span class="vexpl">Enter the SMTP authentication username.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">SMTP Password</td> - <td width="75%" class="vtable"> - <input name="smtppassword" type="password" class="formfld" id="smtppassword" size="40" value="<?=htmlspecialchars($pconfig['smtppassword']);?>"> - <br /><span class="vexpl">Enter the SMTP authentication password.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">SMTP From</td> - <td width="75%" class="vtable"> - <input name="smtpfrom" type="text" class="formfld" id="smtpfrom" size="40" value="<?=htmlspecialchars($pconfig['smtpfrom']);?>"> - <br /><span class="vexpl">Enter the SMTP From email address.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">SMTP From Name</td> - <td width="75%" class="vtable"> - <input name="smtpfromname" type="text" class="formfld" id="smtpfromname" size="40" value="<?=htmlspecialchars($pconfig['smtpfromname']);?>"> - <br /><span class="vexpl">Enter the SMTP From Name.<br /></span> - </td> - </tr> - <tr> - <td width="25%" valign="top" class="vncell">Mod Shout Decoder</td> - <td width="75%" class="vtable"> - <input name="mod_shout_decoder" type="text" class="formfld" id="mod_shout_decoder" size="40" value="<?=htmlspecialchars($pconfig['mod_shout_decoder']);?>"> - <br /><span class="vexpl">Enter the Decoder. default: i386<br /></span> - </td> - </tr> - </table> - <!-- - <div id="showadvancedbox"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">Show Advanced</td> - <td width="75%" class="vtable"> - <input type="button" onClick="show_advanced_config()" value="Advanced"></input></a> - </td> - </tr> - </table> - </div> - <div id="showadvanced" style="display:none"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncell">zzz</td> - <td width="75%" class="vtable"> - <input name="zzz" type="text" class="formfld" id="zzz" size="40" value="<?=htmlspecialchars($pconfig['zzz']);?>"> - <br /> <span class="vexpl">zzz<br /></span> - </td> - </tr> - </table> - </div> - --> - <br /><br /> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top"> </td> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - <?php - $id = 0; - if (isset($id) && $a_settings[$id]) { - echo "<input name=\"id\" type=\"hidden\" value=\"".$id."\">\n"; - } - ?> - </td> - </tr> - </table> - </form> - - <br /> - <br /> - <br /> - <br /> - <br /> - <br /> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/v_status.tmp b/config/freeswitch_dev/v_status.tmp deleted file mode 100644 index 3a3d6097..00000000 --- a/config/freeswitch_dev/v_status.tmp +++ /dev/null @@ -1,380 +0,0 @@ -<?php -/* $Id$ */ -/* - v_status.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - - -if ($_GET['a'] == "download") { - if ($_GET['t'] == "logs") { - $tmp = $v_log_dir.'/'; - $filename = $v_name.'.log'; - } - if ($_GET['t'] == "cdrcsv") { - $tmp = $v_log_dir.'/cdr-csv/'; - $filename = 'Master.csv'; - } - if ($_GET['t'] == "backup") { - $tmp = $v_backup_dir.'/'; - $filename = $v_name.'.bak.tgz'; - if (!is_dir($v_backup_dir.'/')) { - exec("mkdir ".$v_backup_dir."/"); - } - chdir($v_parent_dir); - system('tar cvzf '.$v_backup_dir.'/'.$v_name.'.bak.tgz '.$v_name); - } - session_cache_limiter('public'); - $fd = fopen($tmp.$filename, "rb"); - header("Content-Type: binary/octet-stream"); - header("Content-Length: " . filesize($tmp.$filename)); - header('Content-Disposition: attachment; filename="'.$filename.'"'); - fpassthru($fd); - exit; -} - -if ($_GET['a'] == "update") { - if ($_GET['t'] == "gui_phase_1") { - - //chdir('/tmp/'); - chdir($v_parent_dir.'/pkg/'); - exec("fetch ".$v_download_path."v_config.inc"); - //exec("cp ".$tmp_dir."/v_config.tmp ".$v_parent_dir."/pkg/v_config.php"); - //unlink_if_exists($tmp_dir."/v_config.tmp"); - - header( 'Location: v_status.php?a=update&t=gui_phase_2' ) ; - exit; - } -} - -if ($_GET['a'] == "update") { - if ($_GET['t'] == "gui_phase_2") { - v_install_phase_2(); //needs to run on the new page so that it uses the new v_config.inc file - header( 'Location: v_status.php?savemsg=Update+Completed.' ) ; - exit; - } -} - -if ($_GET['a'] == "other") { - if ($_GET['t'] == "restore") { - $tmp = '/root/backup/'; - $filename = $v_name.'.bak.tgz'; - - //extract a specific directory - if (file_exists($v_backup_dir.'/'.$filename)) { - //echo "The file $filename exists"; - - //Clear the following directories to prepare for the Restore - exec("rm -R ".$v_conf_dir."/sip_profiles/"); - exec("rm -R ".$v_dir."/sounds/music/"); - - //Recommended - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/db/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/log/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/recordings/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/scripts/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/storage/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/sounds/custom/8000/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/sounds/music/8000/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/ssl'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/sip_profiles/'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/vars.xml'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/dialplan/default.xml'); - system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/dialplan/public.xml'); - - //Optional - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/conf/'); - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/grammar/'); - //system('cd /usr/local; tar xvpfz '.$v_backup_dir.'/'.$filename.' '.$v_name.'/htdocs/'); - - //Synchronize Package - sync_package_freeswitch(); - - header( 'Location: v_status.php?savemsg=Backup+has+been+restored.' ) ; - } - else { - header( 'Location: v_status.php?savemsg=Restore+failed.+Backup+file+not+found.' ) ; - } - - exit; - } -} - -include("head.inc"); - -$password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password']; -$port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port']; -$host = $config['interfaces']['lan']['ipaddr']; - -$savemsg = $_GET["savemsg"]; - -//if service is not running then start it -if (!pkg_is_service_running($v_name)) { - $handle = popen($v_startup_script_dir."/".$v_name.".sh start", "r"); - pclose($handle); - //give time for the service to load - sleep(7); -} -?> - -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "log" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: true - ,display: "later" - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Status</p>\n"; -} - -if ($savemsg) { - print_info_box($savemsg); -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<?php - -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api sofia status"; -$response = event_socket_request($fp, $cmd); -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo " <b>sofia status</b> \n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='reloadxml' onclick=\"document.location.href='v_cmd.php?cmd=api+reloadxml';\" />\n"; -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<pre style=\"font-size: 9pt;\">\n"; -echo $response; -echo "</pre>\n"; -fclose($fp); -echo "<br /><br />\n\n"; - -foreach (ListFiles($v_conf_dir.'/sip_profiles') as $key=>$sip_profile_file){ - - $sip_profile_name = str_replace(".xml", "", $sip_profile_file); - $fp = event_socket_create($host, $port, $password); - $cmd = "api sofia status profile ".$sip_profile_name; - $response = event_socket_request($fp, $cmd); - echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; - echo "<tr>\n"; - echo "<td width='50%'>\n"; - echo " <b>sofia status profile $sip_profile_name</b> \n"; - echo "</td>\n"; - echo "<td width='50%' align='right'>\n"; - echo " <input type='button' value='start' onclick=\"document.location.href='v_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+start';\" />\n"; - echo " <input type='button' value='stop' onclick=\"document.location.href='v_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+stop';\" />\n"; - echo " <input type='button' value='restart' onclick=\"document.location.href='v_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+restart';\" />\n"; - if ($sip_profile_name == "external") { - echo " <input type='button' value='rescan' onclick=\"document.location.href='v_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+rescan';\" />\n"; - } - else { - echo " <input type='button' value='flush_inbound_reg' onclick=\"document.location.href='v_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+flush_inbound_reg';\" />\n"; - } - echo "</td>\n"; - echo "</tr>\n"; - echo "</table>\n"; - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; - fclose($fp); - echo "<br /><br />\n\n"; - -} - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api status"; -$response = event_socket_request($fp, $cmd); -echo "<b>status</b><br />\n"; -echo "<pre style=\"font-size: 9pt;\">\n"; -echo $response; -echo "</pre>\n"; -fclose($fp); -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api show channels"; -$response = event_socket_request($fp, $cmd); -echo "<b>show channels</b><br />\n"; -if (strlen($response) > 40) { - echo "<textarea cols='85' rows='10' wrap='off'>\n"; - echo $response; - echo "</textarea>\n"; -} -else { - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; -} -fclose($fp); -echo "<br /><br />\n\n"; -echo "<br /><br />\n\n"; - - -$fp = event_socket_create($host, $port, $password); -$cmd = "api show calls"; -$response = event_socket_request($fp, $cmd); -echo "<b>show calls</b><br />\n"; -if (strlen($response) > 40) { - echo "<textarea cols='85' rows='10' wrap='off'>\n"; - echo $response; - echo "</textarea>\n"; -} -else { - echo "<pre style=\"font-size: 9pt;\">\n"; - echo $response; - echo "</pre>\n"; -} -fclose($fp); -echo "<br /><br />\n\n"; -echo "<br /><br />\n\n"; - - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='80%'>\n"; -echo "<b>Backup / Restore</b><br />\n"; -echo "The 'backup' button will tar gzip ".$v_dir." to ".$v_backup_dir."/".$v_name.".bak.tgz it then presents a file to download. \n"; -echo "If the backup file does not exist in ".$v_backup_dir."/".$v_name.".bak.tgz then the 'restore' button will be hidden. \n"; -echo "Use Diagnostics->Command->File to upload: to browse to the file and then click on upload it now ready to be restored. \n"; -echo "<br /><br />\n"; -echo "</td>\n"; -echo "<td width='20%' valign='middle' align='right'>\n"; -echo " <input type='button' value='backup' onclick=\"document.location.href='v_status.php?a=download&t=backup';\" />\n"; -if (file_exists($v_backup_dir.'/'.$v_name.'.bak.tgz')) { - echo " <input type='button' value='restore' onclick=\"document.location.href='v_status.php?a=other&t=restore';\" />\n"; -} -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo "<b>Call Detail Records</b><br />\n"; -echo $v_log_dir."/cdr-csv/Master.csv<br /><br />\n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='download cdr csv' onclick=\"document.location.href='v_status.php?a=download&t=cdrcsv';\" />\n"; -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo "<b>Web Interface</b><br />\n"; -echo "Use the following button to update the web interface.<br /><br />\n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='update' onclick=\"document.location.href='v_status.php?a=update&t=gui_phase_1';\" />\n"; -echo "</td>\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - -echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n"; -echo "<tr>\n"; -echo "<td width='50%'>\n"; -echo "<b>Logs</b><br />\n"; -echo $v_log_dir."/cdr-csv/".$v_name.".log<br /><br />\n"; -echo "</td>\n"; -echo "<td width='50%' align='right'>\n"; -echo " <input type='button' value='download logs' onclick=\"document.location.href='v_status.php?a=download&t=logs';\" />\n"; -echo "</tr>\n"; -echo "</table>\n"; -echo "<br /><br />\n\n"; - - -echo "<b>tail -n 500 ".$v_log_dir."/".$v_name.".log</b><br />\n"; -echo "<textarea id='log' name='log' style='width:99%'; rows='30' wrap='off'>\n"; -echo system("tail -n 500 ".$v_log_dir."/".$v_name.".log"); -echo "</textarea>\n"; -echo "<br /><br />\n\n"; - - -//$fp = event_socket_create($host, $port, $password); -//$cmd = "api sofia "; -//$response = event_socket_request($fp, $cmd); -//echo "<b>api sofia</b><br />\n"; -//echo "<pre style=\"font-size: 9pt;\">\n"; -//echo $response; -//echo "</pre>\n"; -//fclose($fp); -//echo "<br /><br />\n\n"; - -?> - - </td> - </tr> -</table> - -</div> -<?php include("fend.inc"); ?> - -</body> -</html> diff --git a/config/freeswitch_dev/v_vars.tmp b/config/freeswitch_dev/v_vars.tmp deleted file mode 100644 index d713d9e3..00000000 --- a/config/freeswitch_dev/v_vars.tmp +++ /dev/null @@ -1,169 +0,0 @@ -<?php -/* $Id$ */ -/* - v_vars.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/v_config.inc"); - -//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config']; - -if ($_GET['a'] == "default") { - conf_mount_rw(); - exec("cp ".$v_conf_dir.".orig/vars.xml ".$v_conf_dir."/vars.xml"); - $savemsg = "Default Restored"; - conf_mount_ro(); -} - -if ($_POST['a'] == "save") { - conf_mount_rw(); - $content = ereg_replace("\r","",$_POST['code']); - $fd = fopen($v_conf_dir."/vars.xml", "w"); - fwrite($fd, $content); - fclose($fd); - $savemsg = "Saved"; - conf_mount_ro(); -} - - -$fd = fopen($v_conf_dir."/vars.xml", "r"); -$content = fread($fd, filesize($v_conf_dir."/vars.xml")); -fclose($fd); - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<script language="Javascript"> -function sf() { document.forms[0].savetopath.focus(); } -</script> -<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> -<script language="Javascript" type="text/javascript"> - // initialisation - editAreaLoader.init({ - id: "code" // id of the textarea to transform - ,start_highlight: false - ,allow_toggle: false - ,language: "en" - ,syntax: "html" - ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" - ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" - ,show_line_colors: true - }); -</script> - -<?php -include("fbegin.inc"); -if ($v_label_show) { - echo "<p class=\"pgtitle\">$v_label: Variables</p>\n"; -} -?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - -build_menu(); - -?> -</td></tr> -</table> - - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="v_vars.php" method="post" name="iform" id="iform"> -<?php - -?> - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width='90%'><p><span class="vexpl"><span class="red"><strong>Variables<br> - </strong></span> - Define preprocessor variables here. Can be accessed in the xml configation with $${var_name}. - </p> - </td> - <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td> - </tr> - </table> - <br /> - <br /> - - <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> - <br /> - <br /> - - <table width="98%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td> - <?php - if ($v_path_show) { - echo $v_conf_dir."/vars.xml\n"; - } - ?> - </td> - <td align='right'> - <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> - <input type="hidden" name="a" value="save" /> - <?php - echo "<input type='button' value='Restore Default' onclick=\"document.location.href='v_vars.php?a=default&f=vars.xml';\" />"; - ?> - </td> - </tr> - </table> - -</form> - -<br> -<br> - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/freeswitch_dev/your_pin_number_is_incorect_goodbye.wav b/config/freeswitch_dev/your_pin_number_is_incorect_goodbye.wav Binary files differdeleted file mode 100755 index 5683bb8e..00000000 --- a/config/freeswitch_dev/your_pin_number_is_incorect_goodbye.wav +++ /dev/null diff --git a/config/gwled/gwled.inc b/config/gwled/gwled.inc index 7bb25147..dad6fe69 100644 --- a/config/gwled/gwled.inc +++ b/config/gwled/gwled.inc @@ -36,7 +36,7 @@ function gwled_stop() { exec("/bin/pkill -9 -f gwled"); } -function validate_form_gwled($post, $input_errors) { +function validate_form_gwled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['gw_led2']) && ($post['gw_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index 4237454b..015ab3bb 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -66,7 +66,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_gwled($_POST, &$input_errors); + validate_form_gwled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_gwled(); diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 1d85cc51..9b758370 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -32,40 +32,69 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); +require_once("filter.inc"); require_once("haproxy_utils.inc"); require_once("haproxy_xmlrpcsyncclient.inc"); $d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty"; +global $a_frontendmode; +$a_frontendmode = array(); +$a_frontendmode['http'] = array('name' => "http / https(offloading)", 'shortname' => "http/https"); +$a_frontendmode['https'] = array('name' => "ssl / https(TCP mode)", 'shortname' => "ssl/https"); +$a_frontendmode['tcp'] = array('name' => "tcp", 'shortname' => "tcp"); +$a_frontendmode['health'] = array('name' => "health", 'shortname' => "health"); + global $a_acltypes; $a_acltypes = array(); -$a_acltypes["host_starts_with"] = array('name' => 'Host starts with', +$a_acltypes["host_starts_with"] = array('name' => 'Host starts with:', 'mode' => 'http', 'syntax' => 'hdr_beg(host) -i %1$s'); -$a_acltypes["host_ends_with"] = array('name' => 'Host ends with', +$a_acltypes["host_ends_with"] = array('name' => 'Host ends with:', 'mode' =>'http', 'syntax' => 'hdr_end(host) -i %1$s'); -$a_acltypes["host_matches"] = array('name' => 'Host matches', +$a_acltypes["host_matches"] = array('name' => 'Host matches:', 'mode' =>'http', 'syntax' => 'hdr(host) -i %1$s'); -$a_acltypes["host_regex"] = array('name' => 'Host regex', +$a_acltypes["host_regex"] = array('name' => 'Host regex:', 'mode' =>'http', 'syntax' => 'hdr_reg(host) -i %1$s'); -$a_acltypes["host_contains"] = array('name' => 'Host contains', +$a_acltypes["host_contains"] = array('name' => 'Host contains:', 'mode' => 'http', 'syntax' => 'hdr_dir(host) -i %1$s'); -$a_acltypes["path_starts_with"] = array('name' => 'Path starts with', +$a_acltypes["path_starts_with"] = array('name' => 'Path starts with:', 'mode' => 'http', 'syntax' => 'path_beg -i %1$s'); -$a_acltypes["path_ends_with"] = array('name' => 'Path ends with', +$a_acltypes["path_ends_with"] = array('name' => 'Path ends with:', 'mode' => 'http', 'syntax' => 'path_end -i %1$s'); -$a_acltypes["path_matches"] = array('name' => 'Path matches', +$a_acltypes["path_matches"] = array('name' => 'Path matches:', 'mode' => 'http', 'syntax' => 'path -i %1$s'); -$a_acltypes["path_regex"] = array('name' => 'Path regex', +$a_acltypes["path_regex"] = array('name' => 'Path regex:', 'mode' => 'http', 'syntax' => 'path_reg -i %1$s'); -$a_acltypes["path_contains"] = array('name' => 'Path contains', +$a_acltypes["path_contains"] = array('name' => 'Path contains:', 'mode' => 'http', 'syntax' => 'path_dir -i %1$s'); -$a_acltypes["source_ip"] = array('name' => 'Source IP', +$a_acltypes["ssl_c_verify_code"] = array('name' => 'SSL Client certificate verify error result:', + 'mode' => 'http', 'syntax' => 'ssl_fc_has_crt ssl_c_verify %1$s'); + // ssl_c_verify result codes: https://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS +$a_acltypes["ssl_c_verify"] = array('name' => 'SSL Client certificate valid.', + 'mode' => 'http', 'syntax' => 'ssl_fc_has_crt ssl_c_verify 0 '); +$a_acltypes["ssl_c_ca_commonname"] = array('name' => 'SSL Client issued by CA common-name:', + 'mode' => 'http', 'syntax' => 'ssl_c_i_dn(CN) %1$s'); +$a_acltypes["source_ip"] = array('name' => 'Source IP matches IP or Alias:', 'mode' => '', 'syntax' => 'src %1$s'); -$a_acltypes["backendservercount"] = array('name' => 'Minimum count usable servers', +$a_acltypes["backendservercount"] = array('name' => 'Minimum count usable servers:', 'mode' => '', 'syntax' => 'nbsrv(%2$s) ge %1$d', 'parameters' => 'value,backendname'); +$a_acltypes["traffic_is_http"] = array('name' => 'Traffic is http (no value needed):', 'inspect-delay' => '5', + 'mode' => 'tcp', 'syntax' => 'req.proto_http', 'advancedoptions' => "tcp-request content accept if { req.proto_http }"); +$a_acltypes["traffic_is_ssl"] = array('name' => 'Traffic is ssl (no value needed):', 'inspect-delay' => '5', + 'mode' => 'tcp', 'syntax' => 'req.ssl_ver gt 0', 'advancedoptions' => "tcp-request content accept if { req.ssl_ver gt 0 }"); // 'ssl_sni_matches' was added in HAProxy1.5dev17 -$a_acltypes["ssl_sni_matches"] = array('name' => 'Server Name Indication TLS extension matches', - 'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }"); +$a_acltypes["ssl_sni_matches"] = array('name' => 'Server Name Indication TLS extension matches:', 'inspect-delay' => '5', + 'mode' => 'https', 'syntax' => 'req.ssl_sni -i %1$s', 'advancedoptions' => "tcp-request content accept if { req.ssl_hello_type 1 }"); +$a_acltypes["ssl_sni_contains"] = array('name' => 'Server Name Indication TLS extension contains:', 'inspect-delay' => '5', + 'mode' => 'https', 'syntax' => 'req.ssl_sni -m sub -i %1$s', 'advancedoptions' => "tcp-request content accept if { req.ssl_hello_type 1 }"); +$a_acltypes["ssl_sni_starts_with"] = array('name' => 'Server Name Indication TLS extension starts with:', 'inspect-delay' => '5', + 'mode' => 'https', 'syntax' => 'req.ssl_sni -m beg -i %1$s', 'advancedoptions' => "tcp-request content accept if { req.ssl_hello_type 1 }"); +$a_acltypes["ssl_sni_ends_with"] = array('name' => 'Server Name Indication TLS extension ends with:', 'inspect-delay' => '5', + 'mode' => 'https', 'syntax' => 'req.ssl_sni -m end -i %1$s', 'advancedoptions' => "tcp-request content accept if { req.ssl_hello_type 1 }"); +$a_acltypes["ssl_sni_ends_with"] = array('name' => 'Server Name Indication TLS extension regex:', 'inspect-delay' => '5', + 'mode' => 'https', 'syntax' => 'req.ssl_sni -m reg -i %1$s', 'advancedoptions' => "tcp-request content accept if { req.ssl_hello_type 1 }"); +$a_acltypes["custom"] = array('name' => 'Custom acl:', + 'mode' => '', 'syntax' => '%1$s'); global $a_checktypes; $a_checktypes = array(); @@ -78,7 +107,7 @@ $a_checktypes['HTTP'] = array('name' => 'HTTP', 'syntax' => 'httpchk', // 'Agent' was added in HAProxy1.5dev18, and removed in 1.5dev20, in favor of the seperate agent-check option. $a_checktypes['Agent'] = array('name' => 'Agent', 'syntax' => 'lb-agent-chk', 'usedifferenport' => 'yes', 'descr' => 'Use a TCP connection to read an ASCII string of the form 100%,75%,drain,down (others in haproxy manual)', - deprecated => true); + 'deprecated' => true); $a_checktypes['LDAP'] = array('name' => 'LDAP', 'syntax' => 'ldap-check', 'descr' => 'Use LDAPv3 health checks for server testing'); $a_checktypes['MySQL'] = array('name' => 'MySQL', 'syntax' => 'mysql-check', @@ -106,16 +135,18 @@ $a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE'); global $a_closetypes; $a_closetypes = array(); -$a_closetypes['none'] = array('name' => 'none', 'syntax' => '', - 'descr' => 'No close headers will be changed.'); +//$a_closetypes['none'] = array('name' => 'none', 'syntax' => '', +// 'descr' => 'No close headers will be changed.'); +$a_closetypes['http-keep-alive'] = array('name' => 'http-keep-alive (default)', 'syntax' => 'http-keep-alive', + 'descr' => 'By default HAProxy operates in keep-alive mode with regards to persistent connections: for each connection it processes each request and response, and leaves the connection idle on both sides between the end of a response and the start of a new request.'); +$a_closetypes['http-tunnel'] = array('name' => 'http-tunnel', 'syntax' => 'http-tunnel', + 'descr' => 'Option "http-tunnel" disables any HTTP processing past the first request and the first response. This is the mode which was used by default in versions 1.0 to 1.5-dev21. It is the mode with the lowest processing overhead, which is normally not needed anymore unless in very specific cases such as when using an in-house protocol that looks like HTTP but is not compatible, or just to log one request per client in order to reduce log size. Note that everything which works at the HTTP level, including header parsing/addition, cookie processing or content switching will only work for the first request and will be ignored after the first response.'); $a_closetypes['httpclose'] = array('name' => 'httpclose', 'syntax' => 'httpclose', 'descr' => 'The "httpclose" option removes any "Connection" header both ways, and adds a "Connection: close" header in each direction. This makes it easier to disable HTTP keep-alive than the previous 4-rules block.'); $a_closetypes['http-server-close'] = array('name' => 'http-server-close', 'syntax' => 'http-server-close', 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-server-close" enables HTTP connection-close mode on the server side while keeping the ability to support HTTP keep-alive and pipelining on the client side. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side to save server resources.'); $a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forceclose', 'descr' => 'Some HTTP servers do not necessarily close the connections when they receive the "Connection: close" set by "option httpclose", and if the client does not close either, then the connection remains open till the timeout expires. This causes high number of simultaneous connections on the servers and shows high global session times in the logs. Note that this option also enables the parsing of the full request and response, which means we can close the connection to the server very quickly, releasing some resources earlier than with httpclose.'); -$a_closetypes['http-keep-alive'] = array('name' => 'http-keep-alive', 'syntax' => 'http-keep-alive', - 'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-keep-alive" enables HTTP keep-alive mode on the client- and server- sides. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side at the expense of maintaining idle connections to the servers. In general, it is possible with this option to achieve approximately twice the request rate that the "http-server-close" option achieves on small objects. There are mainly two situations where this option may be useful : - when the server is non-HTTP compliant and authenticates the connection instead of requests (eg: NTLM authentication) - when the cost of establishing the connection to the server is significant compared to the cost of retrieving the associated object from the server.'); global $a_servermodes; $a_servermodes = array(); @@ -165,6 +196,19 @@ $a_sticky_type['stick_rdp_cookie'] = array('name' => 'Stick on RDP-cookie', 'descr' => "Uses a RDP-Cookie send by the mstsc client, note that not all clients send this.", 'cookiedescr' => 'EXAMPLE: msts or mstshash'); + +global $a_error; +$a_error = array(); +$a_error['200'] = array('descr' => "stats or monitoring requests"); +$a_error['400'] = array('descr' => "request invalid or too large"); +$a_error['401'] = array('descr' => "authentication is required to perform the action"); +$a_error['403'] = array('descr' => "request is forbidden"); +$a_error['408'] = array('descr' => "timeout before the request is complete"); +$a_error['500'] = array('descr' => "internal error"); +$a_error['502'] = array('descr' => "server response invalid or blocked"); +$a_error['503'] = array('descr' => "no server was available to handle the request"); +$a_error['504'] = array('descr' => "timeout before the server responds"); + if(!function_exists('group_ports')){ // function group_ports() is present in pfSense 2.2 in util.inc /* create ranges of sequential port numbers (200:215) and remove duplicates */ @@ -215,10 +259,11 @@ function group_ports($ports) { return $result; } } - + function haproxy_portoralias_to_list($port_or_alias) { // input: a port or aliasname: 80 https MyPortAlias // returns: a array of ports and portranges 80 443 8000:8010 + global $aliastable; $portresult = array(); if (alias_get_type($port_or_alias) == "port") { @@ -231,15 +276,63 @@ function haproxy_portoralias_to_list($port_or_alias) { return $portresult; } else if (is_portrange($port_or_alias)) { return (array)$port_or_alias; - } else if (is_port($port_or_alias)) { - if (getservbyname($port_or_alias, "tcp")) - return (array)getservbyname($port_or_alias, "tcp"); - if (getservbyname($port_or_alias, "udp")) - return (array)getservbyname($port_or_alias, "udp"); - return (array)$port_or_alias; + } else { + $ports = explode(",", $port_or_alias); + foreach($ports as $port){ + if (is_port($port)) { + if (getservbyname($port, "tcp")) + $port = getservbyname($port, "tcp"); + if (getservbyname($port, "udp")) + $port = getservbyname($port, "udp"); + $portresult[] = $port; + } + } + return $portresult; } - else - return null; +} +function haproxy_addressoralias_to_list($address_or_alias) { + global $aliastable; + $result = array(); + $alias_type = alias_get_type($address_or_alias); + if (!empty($alias_type)) { + $alias = $aliastable[$address_or_alias]; + if ($alias_type == "url") { + $result = explode(' ',$alias); + } else + if ($alias_type == "network") { + //$result = explode(' ',$alias); + } else + if ($alias_type == "host") { + $result = explode(' ',$alias); + } + } else { + $result[] = $address_or_alias; + } + return $result; +} + +function haproxy_hostoralias_to_list($host_or_alias) { + if (is_alias($host_or_alias)){ + $result = filter_expand_alias_array($host_or_alias); + } else { + $result = array(); + $result[] = $host_or_alias; + } + return $result; +} + +function haproxy_get_fileslist() { + // returns the files array with 'keys'. + $result = array(); + global $config; + // create a copy to not modify the original 'keyless' array + $a_files = $config['installedpackages']['haproxy']['files']['item']; + if (!is_array($a_files)) $a_files = array(); + foreach($a_files as $file) { + $key = $file['name']; + $result[$key] = $file; + } + return $result; } function haproxy_custom_php_deinstall_command() { @@ -330,103 +423,139 @@ EOD; fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); - - $static_output .= "HAProxy, update configuration\n"; update_output_window($static_output); + // make sure the version stays 'comparable' + if (is_arrayset($config,'installedpackages','haproxy') && isset($config['installedpackages']['haproxy']['configversion'])) + $configversion = $config['installedpackages']['haproxy']['configversion']; + else + $configversion = "00.12"; + + $static_output .= "HAProxy, from version $configversion\n"; + update_output_window($static_output); + $writeconfigupdate = false; - /* Do XML upgrade from haproxy 0.31 to haproxy-dev */ - if (is_array($config['installedpackages']['haproxy']['ha_servers'])) { + if ($configversion < "00.13") { + /* Do XML upgrade from haproxy 0.31 to haproxy-dev */ + if (is_array($config['installedpackages']['haproxy']['ha_servers'])) { + $static_output .= "HAProxy, Do XML upgrade from haproxy 0.31 to haproxy-dev\n"; + update_output_window($static_output); + /* We have an old config */ - $config['installedpackages']['haproxy']['ha_pools']['item'] = array(); - $a_global = &$config['installedpackages']['haproxy']; - $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - $a_oldservers = &$config['installedpackages']['haproxy']['ha_servers']['item']; - $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; - - foreach ($a_backends as $id => $be) { - $a_backends[$id]['status'] = 'active'; - } - $id = 0; - foreach ($a_oldservers as $oldserver) { - $pool=$oldserver; - /* make server sub array */ - $server=array(); - $server['name'] = $oldserver['name']; - $server['address'] = $oldserver['address']; - $server['port'] = $oldserver['port']; - $server['weight'] = $oldserver['weight']; - $a_servers=array(); - $a_servers[]=$server; - /* set new pool */ - $pool['name'] = "pool$id"; - $id++; - $pool['ha_servers']['item']=$a_servers; - /* link to frontend */ + $config['installedpackages']['haproxy']['ha_pools']['item'] = array(); + $a_global = &$config['installedpackages']['haproxy']; + $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $a_oldservers = &$config['installedpackages']['haproxy']['ha_servers']['item']; + $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; + foreach ($a_backends as $id => $be) { - if ($a_backends[$id]['name'] == $oldserver['backend']) { - $a_backends[$id]['backend_serverpool'] = $pool['name']; - $pool['monitor_uri'] = $be['monitor_uri']; - unset($a_backends[$id]['monitor_uri']); - break; + $a_backends[$id]['status'] = 'active'; + } + $id = 0; + foreach ($a_oldservers as $oldserver) { + $pool=$oldserver; + /* make server sub array */ + $server=array(); + $server['name'] = $oldserver['name']; + $server['address'] = $oldserver['address']; + $server['port'] = $oldserver['port']; + $server['weight'] = $oldserver['weight']; + $a_servers=array(); + $a_servers[]=$server; + /* set new pool */ + $pool['name'] = "pool$id"; + $id++; + $pool['ha_servers']['item']=$a_servers; + /* link to frontend */ + foreach ($a_backends as $id => $be) { + if ($a_backends[$id]['name'] == $oldserver['backend']) { + $a_backends[$id]['backend_serverpool'] = $pool['name']; + $pool['monitor_uri'] = $be['monitor_uri']; + unset($a_backends[$id]['monitor_uri']); + break; + } } + unset($pool['backend']); + unset($pool['address']); + unset($pool['port']); + unset($pool['weight']); + $a_pools[] = $pool; } - unset($pool['backend']); - unset($pool['address']); - unset($pool['port']); - unset($pool['weight']); - $a_pools[] = $pool; + unset($config['installedpackages']['haproxy']['ha_servers']); + $writeconfigupdate = true; } - unset($config['installedpackages']['haproxy']['ha_servers']); - $writeconfigupdate = true; - } - - /* XML update to: pkg v1.3 and 'pool' changed to 'backend_serverpool' because 'pool' was added to listtags() in xmlparse.inc */ - if (is_array($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool'])) - { - foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) - { - $backend_serverpool = $frontend['pool'][0]; - $frontend['backend_serverpool'] = $backend_serverpool; - unset($frontend['pool']); + + /* XML update to: pkg v1.3 and 'pool' changed to 'backend_serverpool' because 'pool' was added to listtags() in xmlparse.inc */ + if (is_arrayset($config,'installedpackages','haproxy','ha_backends','item',0,'pool')) { + $static_output .= "HAProxy, Do XML upgrade, change to backend_serverpool from pool array\n"; + update_output_window($static_output); + + foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) + { + $backend_serverpool = $frontend['pool'][0]; + $frontend['backend_serverpool'] = $backend_serverpool; + unset($frontend['pool']); + } + $writeconfigupdate = true; } - $writeconfigupdate = true; - } - //also move setting for existing 2.0 installations as only the new variable is used - if (isset($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool'])) - { - foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) - { - $backend_serverpool = $frontend['pool']; - $frontend['backend_serverpool'] = $backend_serverpool; - unset($frontend['pool']); + //also move setting for existing 2.0 installations as only the new variable is used + if (is_arrayset($config,'installedpackages','haproxy','ha_backends','item',0) && + isset($config['installedpackages']['haproxy']['ha_backends']['item'][0]['pool'])) { + $static_output .= "HAProxy, Do XML upgrade, change to backend_serverpool from pool\n"; + update_output_window($static_output); + foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) + { + $backend_serverpool = $frontend['pool']; + $frontend['backend_serverpool'] = $backend_serverpool; + unset($frontend['pool']); + } + $writeconfigupdate = true; + } + // update config to "haproxy-devel 1.5-dev19 pkg v0.5" + if(is_arrayset($config,'installedpackages','haproxy','ha_backends','item')) { + $static_output .= "HAProxy, Do XML upgrade, update frontend options\n"; + update_output_window($static_output); + foreach ($config['installedpackages']['haproxy']['ha_backends']['item'] as &$bind) { + if($bind['httpclose'] && $bind['httpclose'] == "yes" ) { + $bind['httpclose'] = "httpclose"; + $writeconfigupdate = true; + } + if (!$bind['extaddr']){ + $bind['extaddr'] = "wan_ipv4"; + $writeconfigupdate = true; + } + if ($bind['extaddr'] == "localhost"){ + $bind['extaddr'] = "localhost_ipv4"; + $writeconfigupdate = true; + } + if ($bind['extaddr'] == "any"){ + $bind['extaddr'] = "any_ipv4"; + $writeconfigupdate = true; + } + } } - $writeconfigupdate = true; } - // update config to "haproxy-devel 1.5-dev19 pkg v0.5" - if(is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + if ($configversion == "00.12") { + // update config to "haproxy-devel 1.5-dev19 pkg v0.13" foreach ($config['installedpackages']['haproxy']['ha_backends']['item'] as &$bind) { - if($bind['httpclose'] && $bind['httpclose'] == "yes" ) { - $bind['httpclose'] = "httpclose"; - $writeconfigupdate = true; - } - if (!$bind['extaddr']){ - $bind['extaddr'] = "wan_ipv4"; - $writeconfigupdate = true; - } - if ($bind['extaddr'] == "localhost"){ - $bind['extaddr'] = "localhost_ipv4"; - $writeconfigupdate = true; - } - if ($bind['extaddr'] == "any"){ - $bind['extaddr'] = "any_ipv4"; - $writeconfigupdate = true; + if (isset($bind['extaddr'])) { + $new['extaddr'] = $bind['extaddr']; + $new['extaddr_port'] = $bind['port']; + $new['extaddr_ssl'] = $bind['ssloffload']; + $bind['a_extaddr']['item'][] = $new; } + unset($bind['extaddr']); + unset($bind['port']); + //unset($bind['ssloffload']); } + $configversion = "00.13"; } + + $writeconfigupdate = $config['installedpackages']['haproxy']['configversion'] <> $configversion; if ($writeconfigupdate) { - $static_output .= "HAProxy, write updated config\n"; + $config['installedpackages']['haproxy']['configversion'] = $configversion; + $static_output .= "HAProxy, write updated config to version: $configversion\n"; update_output_window($static_output); write_config("HAProxy, update xml config version"); } @@ -498,14 +627,13 @@ function haproxy_find_acl($name) { } } -function write_backend($fd, $name, $pool, $frontend) { +function write_backend($configpath, $fd, $name, $pool, $frontend) { if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; - global $a_checktypes, $a_cookiemode; + global $a_checktypes, $a_cookiemode, $a_files_cache, $a_error; $a_servers = &$pool['ha_servers']['item']; $frontendtype = $frontend['type']; - $frontend_ip = haproxy_interface_ip($frontend['extaddr']); fwrite ($fd, "backend " . $name . "\n"); // https is an alias for tcp for clarity purposes @@ -515,8 +643,11 @@ function write_backend($fd, $name, $pool, $frontend) { $backend_mode = $frontendtype; } fwrite ($fd, "\tmode\t\t\t" . $backend_mode . "\n"); - + if ($pool['log-health-checks'] == 'yes') + fwrite ($fd, "\toption\t\t\tlog-health-checks\n"); + if ($frontendtype == "http") { + // actions that read/write http headers only work when 'mode http' is used if ($pool["persist_cookie_enabled"] == "yes") { $cookie_mode = $pool["persist_cookie_mode"]; $cookie_cachable = $pool["persist_cookie_cachable"]; @@ -525,14 +656,69 @@ function write_backend($fd, $name, $pool, $frontend) { $cookie .= $cookie_cachable == "yes" ? "" : " nocache"; fwrite ($fd, "\t" . $cookie . "\n"); } - } + + if ($pool["strict_transport_security"] && is_numeric($pool["strict_transport_security"])){ + fwrite ($fd, "\trspadd Strict-Transport-Security:\\ max-age={$pool["strict_transport_security"]};\n"); + } + + if ($pool["cookie_attribute_secure"] == 'yes'){ + fwrite ($fd, "\trspirep ^(Set-Cookie:((?!;\\ secure).)*)$ \\1;\ secure if { ssl_fc }\n"); + } + + if($pool['stats_enabled']=='yes') { + fwrite ($fd, "\tstats\t\t\tenable\n"); + if($pool['stats_uri']) + fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); + if($pool['stats_realm']) + fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n"); + else + fwrite ($fd, "\tstats\t\t\trealm .\n"); + + if ($pool['stats_username'] && $pool['stats_password']) + fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); + + if($pool['stats_admin']=='yes') + fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n"); + + if($pool['stats_node']) + fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); + if($pool['stats_desc']) + fwrite ($fd, "\tstats\t\t\tshow-desc " . haproxy_escapestring($pool['stats_desc']) . "\n"); + if($pool['stats_refresh']) + fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n"); + + if ($pool['stats_scope']) { + $scope_items = explode(",", $pool['stats_scope']); + foreach($scope_items as $scope_item) + fwrite ($fd, "\tstats\t\t\tscope " . $scope_item . "\n"); + } + } + + if (is_arrayset($pool,'errorfiles','item')) { + foreach($pool['errorfiles']['item'] as $errorfile) { + if (!is_array($a_files_cache))// load only once + $a_files_cache = haproxy_get_fileslist(); + $file = $errorfile['errorfile']; + $errorcodes = explode(",",$errorfile['errorcode']); + foreach($errorcodes as $errorcode) { + $filename = "$configpath/errorfile_{$name}_{$errorcode}_{$file}"; + $content = base64_decode($a_files_cache[$file]['content']); + $content = str_replace('{errormsg}', $a_error[$errorcode]['descr'], $content); + $content = str_replace('{errorcode}', $errorcode, $content); + file_put_contents($filename, $content); + fwrite ($fd, "\terrorfile\t\t\t" . $errorcode ." " . $filename . "\n"); + } + } + } + } + switch($pool["persist_sticky_type"]) { case 'stick_sslsessionid': if ($frontendtype == "https") { fwrite ($fd, "\ttcp-request inspect-delay 5s\n"); fwrite ($fd, "\tstick-table type binary len 32 size ".$pool["persist_stick_tablesize"]." expire ".$pool["persist_stick_expire"]."\n"); - fwrite ($fd, "\tacl clienthello req_ssl_hello_type 1\n"); - fwrite ($fd, "\tacl serverhello rep_ssl_hello_type 2\n"); + fwrite ($fd, "\tacl clienthello req.ssl_hello_type 1\n"); + fwrite ($fd, "\tacl serverhello res.ssl_hello_type 2\n"); fwrite ($fd, "\ttcp-request content accept if clienthello\n"); fwrite ($fd, "\ttcp-response content accept if serverhello\n"); fwrite ($fd, "\tstick on payload_lv(43,1) if clienthello\n"); @@ -564,8 +750,7 @@ function write_backend($fd, $name, $pool, $frontend) { unset($checkport); $check_type = $pool['check_type']; - if ($check_type != 'none') - { + if ($check_type != 'none') { $optioncheck = $a_checktypes[$check_type]['syntax']; if ($check_type == "MySQL" || $check_type == "PostgreSQL") $optioncheck .= " user " . $pool['monitor_username']; @@ -599,36 +784,19 @@ function write_backend($fd, $name, $pool, $frontend) { $pool['retries'] = 3; fwrite ($fd, "\tretries\t\t\t" . $pool['retries'] . "\n"); - if ($pool['transparent_clientip']) - fwrite ($fd, "\tsource 0.0.0.0 usesrc clientip\n"); - - if($pool['stats_enabled']=='yes') { - fwrite ($fd, "\tstats\t\t\tenable\n"); - if($pool['stats_uri']) - fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); - if($pool['stats_realm']) - fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n"); - else - fwrite ($fd, "\tstats\t\t\trealm .\n"); - - if ($pool['stats_username'] && $pool['stats_password']) - fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); - - if($pool['stats_admin']=='yes') - fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n"); - - if($pool['stats_node']) - fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); - if($pool['stats_desc']) - fwrite ($fd, "\tstats\t\t\tshow-desc " . haproxy_escapestring($pool['stats_desc']) . "\n"); - if($pool['stats_refresh']) - fwrite ($fd, "\tstats\t\t\trefresh " . $pool['stats_refresh'] . "\n"); - - if ($pool['stats_scope']) { - $scope_items = explode(",", $pool['stats_scope']); - foreach($scope_items as $scope_item) - fwrite ($fd, "\tstats\t\t\tscope " . $scope_item . "\n"); - } + $uses_ipv6 = false; + $ips = get_frontend_ipport($frontend); + foreach($ips as $ip){ + $uses_ipv6 = is_ipaddrv6($ip['addr']); + if ($uses_ipv6) + break; + } + + if ($pool['transparent_clientip']) { + if ($uses_ipv6) + fwrite ($fd, "\tsource ipv6@ usesrc clientip\n"); + else + fwrite ($fd, "\tsource 0.0.0.0 usesrc clientip\n"); } $uri = $pool['monitor_uri']; @@ -639,10 +807,6 @@ function write_backend($fd, $name, $pool, $frontend) { if ($optioncheck) fwrite ($fd, "\toption\t\t\t{$optioncheck}\n"); - - if ($pool["strict_transport_security"] && is_numeric($pool["strict_transport_security"])){ - fwrite ($fd, "\trspadd Strict-Transport-Security:\ max-age={$pool["strict_transport_security"]};\n"); - } if ($pool['advanced_backend']) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); @@ -690,15 +854,57 @@ function write_backend($fd, $name, $pool, $frontend) { $isbackup = ""; } $ssl = ""; + $cafile = ""; + $crlfile = ""; + $crtfile = ""; + $verifynone = ""; + $verifyhost = ""; if ($be['ssl'] == 'yes') { $ssl = $frontendtype == "http" ? ' ssl' : ' check-ssl'; + + if ($be['sslserververify'] != 'yes') { + $verifynone = " verify none"; + } else { + $verifyhost = isset($be['verifyhost']) && $be['verifyhost'] != "" ? " verifyhost {$be['verifyhost']}" : ""; + + $ca = $be['ssl-server-ca']; + $filename = "$configpath/ca_$ca.pem"; + haproxy_write_certificate_crt($filename, $ca); + $cafile = " ca-file $filename"; + + $crl = $be['ssl-server-crl']; + if ($crl && $crl != "") { + $filename = "$configpath/crl_$crl.pem"; + haproxy_write_certificate_crl($filename, $crl); + $crlfile = " crl-file $filename"; + } + } + + $server_clientcert = $be['ssl-server-clientcert']; + if ($server_clientcert && $server_clientcert != "") { + $filename = "$configpath/server_clientcert_$server_clientcert.pem"; + haproxy_write_certificate_crt($filename, $server_clientcert, true); + $crtfile = " crt $filename"; + } + } $weight = ""; if (is_numeric($be['weight'])){ $weight = " weight " . $be['weight']; } - fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $be['address'].":" . $be['port'] . "$ssl$cookie$checkinter$checkport$agentcheck $isbackup$weight{$advanced_txt} {$be['advanced']}\n"); + $maxconn = ""; + if (is_numeric($be['maxconn'])){ + $maxconn = " maxconn " . $be['maxconn']; + } + + if ($be['forwardto'] && $be['forwardto'] != "") { + $server = "/{$be['forwardto']}.socket send-proxy-v2-ssl-cn"; + } else + $server = $be['address'].":" . $be['port']; + + + fwrite ($fd, "\tserver\t\t\t" . $be['name'] . " " . $server . "$ssl$cookie$checkinter$checkport$agentcheck $isbackup$weight$maxconn$cafile$crlfile$verifynone$verifyhost$crtfile{$advanced_txt} {$be['advanced']}\n"); } } fwrite ($fd, "\n"); @@ -735,24 +941,59 @@ function haproxy_check_and_run(&$messages, $reload) { } return $ok; } -function haproxy_write_certificate_file($filename, $certid) { - $cert = lookup_cert($certid); +function haproxy_lookup_cert($certid) { + $res = lookup_ca($certid); + if (!$res) + $res = lookup_cert($certid); + return $res; +} + +function haproxy_write_certificate_crt($filename, $certid, $include_psk = false, $append = false) { + $cert = haproxy_lookup_cert($certid); $certcontent = base64_decode($cert['crt']); - $certcontent .= "\r\n".base64_decode($cert['prv']); + if ($include_psk && isset($cert['prv'])) + $certcontent .= "\r\n".base64_decode($cert['prv']); + $flags = $append ? FILE_APPEND : 0; + file_put_contents($filename, $certcontent, $flags); + unset($certcontent); + unset($cert); +} + +function haproxy_write_certificate_crl($filename, $crlid, $append = false) { + $crl = lookup_crl($crlid); + $content = base64_decode($crl['text']); + $flags = $append ? FILE_APPEND : 0; + file_put_contents($filename, $content, $flags); + unset($content); + unset($crl); +} + +function haproxy_write_certificate_fullchain($filename, $certid, $append = false) { + $cert = haproxy_lookup_cert($certid); + + $certcontent = base64_decode($cert['crt']); + if (isset($cert['prv'])) + $certcontent .= "\r\n".base64_decode($cert['prv']); $certchaincontent = ca_chain($cert); if ($certchaincontent != "") { $certcontent .= "\r\n" . $certchaincontent; } unset($certchaincontent); - file_put_contents($filename, $certcontent); + $flags = $append ? FILE_APPEND : 0; + file_put_contents($filename, $certcontent, $flags); unset($certcontent); unset($cert); } function haproxy_writeconf($configpath) { global $config; + global $aliastable; + if (!isset($aliastable)) + alias_make_table($config); + $chroot_dir = "/tmp/haproxy_chroot"; // can contain socket to forward connection from backend to frontend. "/var/empty" + make_dirs($chroot_dir); $configfile = $configpath . "/haproxy.cfg"; @@ -782,10 +1023,15 @@ function haproxy_writeconf($configpath) { else $numprocs ="1"; fwrite ($fd, "\tnbproc\t\t\t$numprocs\n"); - fwrite ($fd, "\tchroot\t\t\t/var/empty\n"); + fwrite ($fd, "\tchroot\t\t\t$chroot_dir\n"); fwrite ($fd, "\tdaemon\n"); - fwrite ($fd, "\tssl-server-verify none\n"); + //fwrite ($fd, "\tssl-server-verify none\n"); + if($a_global['ssldefaultdhparam']) + fwrite ($fd, "\ttune.ssl.default-dh-param\t{$a_global['ssldefaultdhparam']}\n"); + if($a_global['log-send-hostname']) + fwrite ($fd, "\tlog-send-hostname\t\t{$a_global['log-send-hostname']}\n"); + // Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added if($a_global['advanced']) { $adv = explode("\n", base64_decode($a_global['advanced'])); @@ -818,56 +1064,42 @@ function haproxy_writeconf($configpath) { if(is_array($a_frontends)) { foreach ($a_frontends as $frontend) { if($frontend['status'] != 'active') - { - unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); continue; - } if(!$frontend['backend_serverpool']) - { - unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); continue; - } $primaryfrontend = get_primaryfrontend($frontend); - $bname = get_frontend_ipport($frontend); + + $bname = $primaryfrontend['name']; + if (!is_array($a_bind[$bname])) { + $a_bind[$bname] = array(); + $a_bind[$bname] = $primaryfrontend; + $a_bind[$bname]['config'] = array(); + } //check ssl info - if (strtolower($primaryfrontend['type']) == "http" && $frontend['ssloffload']){ + $ssl = get_frontend_uses_ssl($frontend); + + if ($ssl) { //ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem - $filename = "$configpath/{$frontend['name']}.{$frontend['port']}.pem"; + $filename = "$configpath/{$frontend['name']}.pem"; $ssl_crt = " crt $filename"; - haproxy_write_certificate_file($filename, $frontend['ssloffloadcert']); - $subfolder = "$configpath/{$frontend['name']}.{$frontend['port']}"; + haproxy_write_certificate_fullchain($filename, $frontend['ssloffloadcert']); + $subfolder = "$configpath/{$frontend['name']}"; $certs = $frontend['ha_certificates']['item']; if (is_array($certs)){ if (count($certs) > 0){ make_dirs($subfolder); foreach($certs as $cert){ - haproxy_write_certificate_file("$subfolder/{$cert['ssl_certificate']}.pem", $cert['ssl_certificate']); + haproxy_write_certificate_fullchain("$subfolder/{$cert['ssl_certificate']}.pem", $cert['ssl_certificate']); } $ssl_crt .= " crt $subfolder"; } } }else{ $ssl_crt=""; - unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt"); + unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt");//cleanup for possible old haproxy package version } - if (!is_array($a_bind[$bname])) { - $a_bind[$bname] = array(); - $a_bind[$bname]['config'] = array(); - // Settings which are used only from the primary frontend - $a_bind[$bname]['name'] = $primaryfrontend['name']; - $a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr']; - $a_bind[$bname]['port'] = $primaryfrontend['port']; - $a_bind[$bname]['type'] = $primaryfrontend['type']; - $a_bind[$bname]['forwardfor'] = $primaryfrontend['forwardfor']; - $a_bind[$bname]['httpclose'] = $primaryfrontend['httpclose']; - $a_bind[$bname]['max_connections'] = $primaryfrontend['max_connections']; - $a_bind[$bname]['client_timeout'] = $primaryfrontend['client_timeout']; - $a_bind[$bname]['advanced'] = $primaryfrontend['advanced']; - $a_bind[$bname]['ssloffload'] = $primaryfrontend['ssloffload']; - $a_bind[$bname]['advanced_bind'] = $primaryfrontend['advanced_bind']; - } $b = &$a_bind[$bname]; if (($frontend['secondary'] != 'yes') && ($frontend['name'] != $b['name'])) { @@ -898,37 +1130,77 @@ function haproxy_writeconf($configpath) { $advancedextra = array(); + $ca_file = ""; + $first = true; + if (is_array($bind['clientcert_ca']['item'])){ + foreach($bind['clientcert_ca']['item'] as $ca){ + $filename = "$configpath/clientca_{$bind['name']}.pem"; + haproxy_write_certificate_crt($filename, $ca['cert_ca'], false, !$first); + $first = false; + } + $ca_file = " ca-file $filename verify optional"; + } + $crl_file = ""; + $first = true; + if (is_array($bind['clientcert_crl']['item'])){ + foreach($bind['clientcert_crl']['item'] as $ca){ + $filename = "$configpath/clientcrl_{$bind['name']}.pem"; + haproxy_write_certificate_crl($filename, $ca['cert_crl'], !$first); + $first = false; + } + $crl_file = " crl-file $filename"; + } + // Prepare ports for processing by splitting - $portss = "{$bind['port']},"; - $ports = split(",", $portss); + //$portss = "{$bind['port']},"; + //$ports = split(",", $portss); if($bind['type'] == "http") { // ssl offloading is only possible in http mode. - $ssl_info = $bind['ssl_info']; + $ssl_info = $bind['ssl_info'].$ca_file.$crl_file; $advanced_bind = $bind['advanced_bind']; } else { $ssl_info = ""; $advanced_bind = ""; } + + fwrite ($fd, "{$frontendinfo}"); + // Initialize variable $listenip = ""; // Process and add bind directives for ports - $ip = haproxy_interface_ip($bind['extaddr']); - if ($ip){ - foreach($ports as $alias_or_port) { - if($alias_or_port) { - $portsnumeric = group_ports(haproxy_portoralias_to_list($alias_or_port)); - foreach($portsnumeric as $portnumeric) { - $portnumeric = str_replace(":","-",$portnumeric); - $listenip .= "\tbind\t\t\t$ip:{$portnumeric} {$ssl_info} {$advanced_bind}\n"; + if (isset($bind['a_extaddr'])) { + foreach($bind['a_extaddr']['item'] as $extaddr) { + $a_ip = array(); + if (isset($extaddr['extaddr']) && $extaddr['extaddr'] != "custom") { + $a_ip[] = haproxy_interface_ip($extaddr['extaddr']); + } else { + $iporalias = $extaddr['extaddr_custom']; + $a_ip = haproxy_addressoralias_to_list($iporalias); + } + + if ($extaddr['extaddr_ssl'] == 'yes') + $ssl = $ssl_info; + else + $ssl = ""; + + foreach($a_ip as $ip) { + $portsnumeric = group_ports(haproxy_portoralias_to_list($extaddr['extaddr_port'])); + if (is_array($portsnumeric)) { + foreach($portsnumeric as $portnumeric) { + $portnumeric = str_replace(":","-",$portnumeric); + $listenip .= "\tbind\t\t\t$ip:{$portnumeric} {$ssl} {$advanced_bind} {$extaddr['extaddr_advanced']}\n"; + } } } } } - - fwrite ($fd, "{$frontendinfo}"); fwrite ($fd, "{$listenip}"); + + if (use_frontend_as_unixsocket($bind['name'])){ + fwrite ($fd, "\tbind /tmp/haproxy_chroot/{$bind['name']}.socket accept-proxy {$ssl_info} {$advanced_bind}\n"); + } // Advanced pass thru if($bind['advanced']) { @@ -949,7 +1221,19 @@ function haproxy_writeconf($configpath) { fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n"); fwrite ($fd, "\tlog\t\t\tglobal\n"); - fwrite ($fd, "\toption\t\t\tdontlognull\n"); + + if ($bind['dontlognull'] == 'yes') + fwrite ($fd, "\toption\t\t\tdontlognull\n"); + if ($bind['dontlog-normal'] == 'yes') + fwrite ($fd, "\toption\t\t\tdontlog-normal\n"); + if ($bind['log-separate-errors'] == 'yes') + fwrite ($fd, "\toption\t\t\tlog-separate-errors\n"); + if ($bind['log-detailed'] == 'yes'){ + if ($backend_type == 'http') + fwrite ($fd, "\toption\t\t\thttplog\n"); + else + fwrite ($fd, "\toption\t\t\ttcplog\n"); + } if ($backend_type == 'http') { @@ -958,10 +1242,9 @@ function haproxy_writeconf($configpath) { if($bind['forwardfor']) { fwrite ($fd, "\toption\t\t\tforwardfor\n"); - if($bind['ssloffload'] == "yes") - fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https\n"); - else - fwrite ($fd, "\treqadd X-Forwarded-Proto:\ http\n"); + fwrite ($fd, "\tacl https ssl_fc\n"); + fwrite ($fd, "\treqadd X-Forwarded-Proto:\ http if !https\n"); + fwrite ($fd, "\treqadd X-Forwarded-Proto:\ https if https\n"); } } @@ -976,6 +1259,8 @@ function haproxy_writeconf($configpath) { // Combine the rest of the frontend configs $default_backend = ""; + $config_usebackend = ""; + $inspectdelay = 0; $i = 0; foreach ($bind['config'] as $frontend) { $a_acl = get_frontend_acls($frontend); @@ -1011,25 +1296,41 @@ function haproxy_writeconf($configpath) { // Filter out acls for different modes if ($acl['mode'] != '' && $acl['mode'] != strtolower($bind['type'])) continue; - - $expr = sprintf($acl['syntax'],$entry['value'],$poolname); + if (($entry['expression'] == "source_ip") && is_alias($entry['value'])) { + $filename = "$configpath/ipalias_{$entry['value']}.lst"; + $listitems = haproxy_hostoralias_to_list($entry['value']); + $fd_alias = fopen("$filename", "w"); + foreach($listitems as $item) + fwrite($fd_alias, $item."\r\n"); + fclose($fd_alias); + $expr = "src -f $filename"; + } else + $expr = sprintf($acl['syntax'],$entry['value'],$poolname); $aclname = $i . "_" . $entry['name']; $aclnames .= $aclname." "; - fwrite ($fd, "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"); + $config_usebackend .= "\tacl\t\t\t" . $aclname . "\t" . $expr . "\n"; + + if ($acl['inspect-delay'] != '') + $inspectdelay = $acl['inspect-delay']; if ($acl['advancedoptions'] != '') $advancedextra[$acl['syntax']] = $acl['advancedoptions']."\n"; $i++; } - fwrite ($fd, "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"); + $config_usebackend .= "\tuse_backend\t\t" . $poolname . " if " . $aclnames . "\n"; } } + if ($inspectdelay > 0) + fwrite ($fd, "\ttcp-request inspect-delay\t" . $inspectdelay . "\n"); + foreach($advancedextra as $extra) + fwrite ($fd, "\t".$extra."\n"); + + fwrite ($fd, $config_usebackend); + if ($default_backend) fwrite ($fd, "\tdefault_backend\t\t" . $default_backend . "\n"); - foreach($advancedextra as $extra) - fwrite ($fd, "\t".$extra."\n"); fwrite ($fd, "\n"); } } @@ -1038,7 +1339,7 @@ function haproxy_writeconf($configpath) { foreach ($a_pendingpl as $pending) { foreach ($a_backends as $pool) { if ($pending['backend'] == $pool['name']) { - write_backend($fd, $pending['name'], $pool, $pending['frontend']); + write_backend($configpath, $fd, $pending['name'], $pool, $pending['frontend']); } } } @@ -1071,17 +1372,21 @@ function haproxy_is_running() { } function haproxy_load_modules() { - // On FreeBSD 8 ipfw is needed to allow 'transparent' proxying (getting reply's to a non-local ip to pass back to the client-socket).. - // On FreeBSD 9 it is probably possible to do the same with the pf option "divert-reply" + // On FreeBSD 8 ipfw is needed to allow 'transparent' proxying (getting reply's to a non-local ip to pass back to the client-socket). + // On FreeBSD 9 and 10 it should have been possible to do the same with the pf(4) option "divert-reply" however that is not implemented. + // FreeBSD 10 patch proposal: http://lists.freebsd.org/pipermail/freebsd-bugs/2014-April/055823.html + mute_kernel_msgs(); - if (!is_module_loaded("ipfw.ko")) { - mwexec("/sbin/kldload ipfw"); - /* make sure ipfw is not on pfil hooks */ - mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" . - " net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\""); - } + if (!is_module_loaded("ipfw.ko")) { + mwexec("/sbin/kldload ipfw"); + /* make sure ipfw is not on pfil hooks */ + mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" . + " net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\""); + } + /* Activate layer2 filtering */ - mwexec("/sbin/sysctl net.link.ether.ipfw=1"); + mwexec("/sbin/sysctl net.link.ether.ipfw=1 net.inet.ip.fw.one_pass=1"); + unmute_kernel_msgs(); } @@ -1108,21 +1413,19 @@ function haproxy_get_transparent_backends(){ continue; $real_if = get_real_interface($backend["transparent_interface"]); $a_servers = &$backend['ha_servers']['item']; - foreach($a_servers as $server) { - if (is_array($a_servers)) { - - foreach($a_servers as $be) { - if (!$be['status'] == "inactive") - continue; - if (!is_ipaddr($be['address'])) - continue; - $item = array(); - $item['name'] = $be['name']; - $item['interface'] = $real_if; - $item['address'] = $be['address']; - $item['port'] = $be['port']; - $transparent_backends[] = $item; - } + if (is_array($a_servers)) { + foreach($a_servers as $be) { + if (!$be['status'] == "inactive") + continue; + if (!is_ipaddr($be['address'])) + continue; + $item = array(); + $item['name'] = $be['name']; + $item['interface'] = $real_if; + $item['forwardto'] = $be['forwardto']; + $item['address'] = $be['address']; + $item['port'] = $be['port']; + $transparent_backends[] = $item; } } } @@ -1135,12 +1438,19 @@ function haproxy_generate_rules($type) { $rules = ""; switch($type) { case 'filter': + // Sloppy pf rules are needed because of ipfw is used to 'catch' return traffic, and pf would otherwise terminate the connection after a few packets.. $transparent_backends = haproxy_get_transparent_backends(); - foreach($transparent_backends as $tb){ - // This sloppy rule is needed because of ipfw is used to 'catch' return traffic. + if (count($transparent_backends) > 0) { $rules .= "# allow HAProxy transparent traffic\n"; - $rules .= "pass out quick on {$tb['interface']} inet proto tcp from any to {$tb['address']} port {$tb['port']} flags S/SA keep state ( sloppy ) label \"HAPROXY_transparent_rule_{$tb['name']}\"\n"; - } + foreach($transparent_backends as $tb){ + if (is_ipaddrv4($tb['address'])) + $rules .= "pass out quick on {$tb['interface']} inet proto tcp from any to {$tb['address']} port {$tb['port']} flags S/SA keep state ( sloppy ) label \"HAPROXY_transparent_rule_{$tb['name']}\"\n"; + if (is_ipaddrv6($tb['address'])) { + list ($addr, $scope) = explode("%", $tb['address']); + $rules .= "pass out quick on {$tb['interface']} inet6 proto tcp from any to {$addr} port {$tb['port']} flags S/SA keep state ( sloppy ) label \"HAPROXY_transparent_rule_{$tb['name']}\"\n"; + } + } + } break; } return $rules; @@ -1149,7 +1459,11 @@ function haproxy_generate_rules($type) { function load_ipfw_rules() { // On FreeBSD 8 pf does not support "divert-reply" so ipfw is needed. global $g, $config; - $ipfw_zone_haproxy = "haproxy"; + if (haproxy_utils::$pf_version < 2.2) { + $ipfw_zone_haproxy = "haproxy"; + } else { + $ipfw_zone_haproxy = "4000"; // seems that 4000 is a safe zone number to avoid conflicts with captive portal.. and 4095 is the max? + } $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; @@ -1162,22 +1476,39 @@ function load_ipfw_rules() { $interface = $transparent_backend['interface']; $transparent_interfaces[$interface] = 1; } - mwexec("/usr/local/sbin/ipfw_context -a $ipfw_zone_haproxy", true); - foreach($transparent_interfaces as $transparent_if => $value) { - mwexec("/usr/local/sbin/ipfw_context -a $ipfw_zone_haproxy -n $transparent_if", true); + if (haproxy_utils::$pf_version < 2.2) { + // pfSense 2.1 FreeBSD 8.3 + mwexec("/usr/local/sbin/ipfw_context -a $ipfw_zone_haproxy", true); + + foreach($transparent_interfaces as $transparent_if => $value) { + mwexec("/usr/local/sbin/ipfw_context -a $ipfw_zone_haproxy -n $transparent_if", true); + } + } else { + // pfSense 2.2 FreeBSD 10 + mwexec("/sbin/ipfw zone $ipfw_zone_haproxy create", true); + foreach($transparent_interfaces as $transparent_if => $value) { + mwexec("/sbin/ipfw zone $ipfw_zone_haproxy madd $transparent_if", true); + } } $rulenum = 64000; // why that high? captiveportal.inc also does it... $rules = "flush\n"; foreach($transparent_backends as $transparent_be) { - $rules .= "add $rulenum fwd localhost tcp from {$transparent_be["address"]} {$transparent_be["port"]} to any in recv {$transparent_be["interface"]}\n"; + if (is_ipaddrv4($transparent_be["address"])) + $rules .= "add $rulenum fwd localhost tcp from {$transparent_be["address"]} {$transparent_be["port"]} to any in recv {$transparent_be["interface"]}\n"; + else if (is_ipaddrv6($transparent_be["address"])) { + list ($addr, $scope) = explode("%", $transparent_be['address']); + $rules .= "add $rulenum fwd ::1 tcp from {$addr} {$transparent_be["port"]} to any in recv {$transparent_be["interface"]}\n"; + } + $rulenum++; } file_put_contents("{$g['tmp_path']}/ipfw_{$ipfw_zone_haproxy}.haproxy.rules", $rules); - mwexec("/usr/local/sbin/ipfw_context -s $ipfw_zone_haproxy", true); + if (haproxy_utils::$pf_version < 2.2) + mwexec("/usr/local/sbin/ipfw_context -s $ipfw_zone_haproxy", true); mwexec("/sbin/ipfw -x $ipfw_zone_haproxy -q {$g['tmp_path']}/ipfw_{$ipfw_zone_haproxy}.haproxy.rules", true); } @@ -1192,6 +1523,35 @@ function haproxy_plugin_carp($pluginparams) { haproxy_check_run(0); } +function haproxy_plugin_certificates($pluginparams) { + global $config; + $result = array(); + if ($pluginparams['type'] == 'certificates' && $pluginparams['event'] == 'used_certificates') { + $result['pkgname'] = "HAProxy"; + $result['certificatelist'] = array(); + // return a array of used certificates. + foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) { + if (get_frontend_uses_ssl($frontend)) { + if ($frontend['ssloffloadacl']){ + $item = array(); + $cert = $frontend['ssloffloadcert']; + $item['usedby'] = $frontend['name']; + $result['certificatelist'][$cert][] = $item; + } + if ($frontend['ssloffloadacladditional']){ + foreach($frontend['ha_certificates']['item'] as $certref){ + $item = array(); + $cert = $certref['ssl_certificate']; + $item['usedby'] = $frontend['name']; + $result['certificatelist'][$cert][] = $item; + } + } + } + } + } + return $result; +} + function haproxy_check_run($reload) { global $config, $g, $haproxy_run_message; @@ -1227,18 +1587,38 @@ function haproxy_check_run($reload) { if(use_transparent_clientip_proxying()) { filter_configure(); load_ipfw_rules(); + } else { + if (haproxy_utils::$pf_version < 2.2) { + mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + } else { + $ipfw_zone_haproxy = 4000; + mwexec("/sbin/ipfw zone $ipfw_zone_haproxy destroy", true); + } + } + + if (file_exists('/var/run/haproxy.pid')){ + $old_pid = file_get_contents('/var/run/haproxy.pid'); } else - mwexec("/usr/local/sbin/ipfw_context -d haproxy", true); + $old_pid = 'none'; if (haproxy_is_running()) { if (isset($a_global['terminate_on_reload'])) $sf_st = "-st";//terminate old process as soon as the new process is listening else $sf_st = "-sf";//finish serving existing connections exit when done, and the new process is listening + + syslog(LOG_NOTICE, "haproxy: reload old pid:$old_pid"); exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid $sf_st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); } else { + syslog(LOG_NOTICE, "haproxy: starting old pid:$old_pid"); exec("/usr/local/sbin/haproxy -f {$configpath}/haproxy.cfg -p /var/run/haproxy.pid -D 2>&1", $output, $errcode); } + if (file_exists('/var/run/haproxy.pid')){ + $new_pid = file_get_contents('/var/run/haproxy.pid'); + } else + $new_pid = 'none'; + syslog(LOG_NOTICE, "haproxy: started new pid:$new_pid"); + foreach($output as $line) $haproxy_run_message .= "<br/>" . htmlspecialchars($line) . "\n"; } else { @@ -1267,13 +1647,16 @@ function killprocesses($processname, $pidfile, $signal = "KILL") { function haproxy_sync_xmlrpc_settings() { global $config; // preserve 'old' sync settings, that should not be overwritten by xmlrpc-sync. + $old_config = $config['installedpackages']['haproxy']; $enable = isset($config['installedpackages']['haproxy']['enablesync']); $config['installedpackages']['haproxy'] = $config['installedpackages']['haproxysyncpkg']; unset($config['installedpackages']['haproxysyncpkg']); + $new_config = &$config['installedpackages']['haproxy']; // restore 'old' settings. $config['installedpackages']['haproxy']['enablesync'] = $enable ? true : false; + $new_config['log-send-hostname'] = $old_config['log-send-hostname']; write_config("haproxy, xmlrpc config synced"); // Write new 'merged' configuration } @@ -1309,33 +1692,57 @@ function haproxy_xmlrpc_sync_configure() { function get_frontend_id($name) { global $config; - $a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; $i = 0; - foreach($a_backend as $backend) + foreach($a_frontend as $frontend) { - if ($backend['name'] == $name) + if ($frontend['name'] == $name) return $i; $i++; } return null; } +function haproxy_is_frontendname($name) { + if ($name[0] == '!') + $name = substr($name, 1); + return get_frontend_id($name) != null; +} + function get_primaryfrontend($frontend) { global $config; - $a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; if ($frontend['secondary'] == 'yes') - $mainfrontend = $a_backend[get_frontend_id($frontend['primary_frontend'])]; + $mainfrontend = $a_frontend[get_frontend_id($frontend['primary_frontend'])]; else $mainfrontend = $frontend; return $mainfrontend; } -function get_frontend_ipport($frontend,$userfriendly=false) { +function get_frontend_ipport($frontend, $userfriendly=false) { $mainfrontend = get_primaryfrontend($frontend); - $result = haproxy_interface_ip($mainfrontend['extaddr'], $userfriendly); - if ($userfriendly and is_ipaddrv6($result)) - $result = "[{$result}]"; - return $result . ":" . $mainfrontend['port']; + $newline = ""; + $result = array(); + if (!is_arrayset($mainfrontend,"a_extaddr","item")) + return $result; + foreach($mainfrontend['a_extaddr']['item'] as $extaddr) { + if ($extaddr['extaddr'] == 'custom'){ + $addr = $extaddr['extaddr_custom']; + } else { + $addr = haproxy_interface_ip($extaddr['extaddr'], $userfriendly); + } + if ($userfriendly and is_ipaddrv6($addr)) + $addr = "[{$addr}]"; + + $port = $extaddr['extaddr_port']; + $newitem = array(); + $newitem['addr'] = $addr; + $newitem['port'] = $port; + $newitem['ssl'] = $extaddr['extaddr_ssl']; + $result[$addr.$port] = $newitem; + } + ksort($result); + return $result; } function haproxy_check_config() { @@ -1348,17 +1755,20 @@ function haproxy_check_config() { foreach($a_backends as $frontend) { if (($frontend['status'] != 'active') || ($frontend['secondary'] == 'yes')) continue; - $ipport = get_frontend_ipport($frontend); - if (isset($activefrontends[$ipport])) - $issues['P_'.$ipport] = "Multiple primary frontends with IP:Port \"$ipport\""; - else - $activefrontends[$ipport] = true; + $ipports = get_frontend_ipport($frontend); + foreach($ipports as $ipport) { + $id = "{$ipport['addr']}:{$ipport['port']}"; + if (isset($activefrontends[$id])) + $issues['P_'.$id] = "Multiple primary frontends with IP:Port \"$id\", use Shared-Frontends instead."; + else + $activefrontends[$id] = true; + } } foreach($a_backends as $frontend) { if (($frontend['status'] != 'active') || ($frontend['secondary'] != 'yes')) continue; - $ipport = get_frontend_ipport($frontend); - if (!isset($activefrontends[$ipport])) + $mainfrontend = get_primaryfrontend($frontend); + if (!isset($mainfrontend)) $issues['S_'.$frontend['name']] = "Secondary frontend \"{$frontend['name']}\" without active primary frontend."; } foreach ($issues as $item) @@ -1370,6 +1780,8 @@ function get_haproxy_frontends($excludeitem="") { global $config; $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; $result = array(); + if(!is_array($a_frontend)) + return $result; foreach($a_frontend as &$frontend) { if ($frontend['secondary']) @@ -1377,14 +1789,45 @@ function get_haproxy_frontends($excludeitem="") { if ($frontend['name'] == $excludeitem) continue; - $serveradress = "{$frontend['extaddr']}:{$frontend['port']}"; - $result[$frontend['name']]['name'] = "{$frontend['name']} - {$frontend['type']} ({$serveradress})"; + $serveraddress = get_frontend_ipport($frontend, true); + $serveradresstext = null; + foreach($serveraddress as $addr) { + $serveradresstext .=($serveradresstext == null ? "" : ", ") . "{$addr['addr']}:{$addr['port']}"; + } + $result[$frontend['name']]['name'] = "{$frontend['name']} - {$frontend['type']} ({$serveradresstext})"; $result[$frontend['name']]['ref'] = &$frontend; } - asort($result, SORT_STRING); + uasort($result, haproxy_compareByName); return $result; } +function get_frontend_uses_ssl($frontend) { + $mainfrontend = get_primaryfrontend($frontend); + $ssl = false; + if (is_arrayset($mainfrontend,'a_extaddr','item')) { + foreach($mainfrontend['a_extaddr']['item'] as $extaddr) { + if ($extaddr['extaddr_ssl'] == 'yes') { + $ssl = true; + break; + } + } + } + if ($mainfrontend['name'] != $frontend['name']) + $ssl = $ssl && $frontend['ssloffload'] == 'yes'; + return $ssl; +} + +function get_frontend_uses_ssl_only($frontend) { + $mainfrontend = get_primaryfrontend($frontend); + if (is_arrayset($mainfrontend,'a_extaddr','item')) { + foreach($mainfrontend['a_extaddr']['item'] as $extaddr) { + if ($extaddr['extaddr_ssl'] != 'yes') + return false; + } + } + return true; +} + function get_frontend_acls($frontend) { $mainfrontend = get_primaryfrontend($frontend); $result = array(); @@ -1408,24 +1851,34 @@ function get_frontend_acls($frontend) { } } - if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) { + if (get_frontend_uses_ssl($frontend)) { $a_acl = &$frontend['ha_acls']['item']; if(!is_array($a_acl)) $a_acl=array(); $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']); $aclname = "SNI_" . $poolname; - if ($frontend['ssloffloadacl']){ + + if (ifset($frontend['ssloffloadacl']) == 'yes' || ifset($frontend['ssloffloadaclnondefault']) == 'yes') { $cert = lookup_cert($frontend['ssloffloadcert']); $cert_cn = cert_get_cn($cert['crt']); $descr = haproxy_escape_acl_name($cert['descr']); unset($cert); + $acl_item = array(); - $acl_item['descr'] = "Certificate ACL ".$cert_cn; - $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + if (ifset($frontend['ssloffloadacl']) == 'yes' && ifset($frontend['ssloffloadaclnondefault']) == 'yes') { + $acl_item['descr'] = "Certificate ACL match regex: ^{$cert_cn}(:([0-9]){1,5})?$"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_regex', 'value' => "^{$cert_cn}(:([0-9]){1,5})?$"); + } elseif (ifset($frontend['ssloffloadaclnondefault']) == 'yes') { + $acl_item['descr'] = "Certificate ACL starts with: {$cert_cn}:"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_starts_with', 'value' => $cert_cn.":"); + } else { + $acl_item['descr'] = "Certificate ACL match: {$cert_cn}"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + } $result[] = $acl_item; } - if ($frontend['ssloffloadacladditional']){ + if (ifset($frontend['ssloffloadacladditional']) == 'yes' || ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { $certs = $frontend['ha_certificates']['item']; if (is_array($certs)){ foreach($certs as $certref){ @@ -1433,9 +1886,18 @@ function get_frontend_acls($frontend) { $cert_cn = cert_get_cn($cert['crt']); $descr = haproxy_escape_acl_name($cert['descr']); unset($cert); + $acl_item = array(); - $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn; - $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + if (ifset($frontend['ssloffloadacladditional']) == 'yes' && ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { + $acl_item['descr'] = "Certificate ACL match regex: ^{$cert_cn}(:([0-9]){1,5})?$"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_regex', 'value' => "^({$cert_cn}(($)|(:.*)))"); + } elseif (ifset($frontend['ssloffloadacladditionalnondefault']) == 'yes') { + $acl_item['descr'] = "Certificate ACL starts with: {$cert_cn}:"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_starts_with', 'value' => $cert_cn.":"); + } else { + $acl_item['descr'] = "Certificate ACL match: {$cert_cn}"; + $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn); + } $result[] = $acl_item; } } @@ -1444,18 +1906,43 @@ function get_frontend_acls($frontend) { return $result; } -function get_backend($name) { +function get_backend_id($name) { global $config; $a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $i = 0; if(is_array($a_backend)) - foreach($a_backend as $key => $backend) - { + foreach($a_backend as $key => $backend) { if ($backend['name'] == $name) - return $backend; + return $i; + $i++; } return null; } +function get_backend($name) { + global $config; + $a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $id = get_backend_id($name); + if (is_numeric($id)) + return $a_backend[$id]; + return null; +} + +function use_frontend_as_unixsocket($name) { + global $config; + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + foreach ($a_backends as $backend) { + $a_servers = &$backend['ha_servers']['item']; + if (is_array($a_servers)) { + foreach($a_servers as $server) { + if ($server['forwardto'] && $server['forwardto'] == $name) + return true; + } + } + } + return false; +} + function haproxy_escapestring($configurationsting) { $result = str_replace('\\', '\\\\', $configurationsting); $result = str_replace(' ', '\\ ', $result); @@ -1476,13 +1963,17 @@ function haproxy_find_create_certificate($certificatename) { $cert = array(); $cert['refid'] = uniqid(); $cert['descr'] = gettext($certificatename); - mwexec("/usr/local/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key"); - mwexec("/usr/local/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt"); - $crt = file_get_contents("{$g['tmp_path']}/ssl.crt"); - $key = file_get_contents("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.key"); - unlink("{$g['tmp_path']}/ssl.crt"); - cert_import($cert, $crt, $key); + + $new_cert = array(); + $dn = array( + "organizationName" => "haproxy-pfsense", + "commonName" => "haproxy-pfsense" + ); + $new_cert = array(); + ca_create($new_cert, 1024, 2000, $dn); + $crt = base64_decode($new_cert['crt']); + $prv = base64_decode($new_cert['prv']); + cert_import($cert, $crt, $prv); $a_cert[] = $cert; return $cert; } diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 5c534522..da2b4648 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -62,6 +62,9 @@ <item> <type>plugin_carp</type> </item> + <item> + <type>plugin_certificates</type> + </item> </plugins> <configpath>installedpackages->haproxy->config</configpath> <additional_files_needed> @@ -87,6 +90,11 @@ <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_files.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_pools.php</item> </additional_files_needed> <additional_files_needed> @@ -100,6 +108,11 @@ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_templates.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_socketinfo.inc</item> diff --git a/config/haproxy-devel/haproxy_files.php b/config/haproxy-devel/haproxy_files.php new file mode 100644 index 00000000..4946a7be --- /dev/null +++ b/config/haproxy-devel/haproxy_files.php @@ -0,0 +1,176 @@ +<?php +/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */ +/* + haproxy_pools.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2014 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$shortcut_section = "haproxy"; +require_once("guiconfig.inc"); +require_once("haproxy.inc"); +require_once("pkg_haproxy_tabs.inc"); +require_once("haproxy_htmllist.inc"); + +$a_files = &$config['installedpackages']['haproxy']['files']['item']; +if (!is_array($a_files)) $a_files = array(); +$a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; +if (!is_array($a_pools)) $a_pools = array(); + + +$fields_files = array(); +$fields_files[0]['name']="name"; +$fields_files[0]['columnheader']="Name"; +$fields_files[0]['colwidth']="30%"; +$fields_files[0]['type']="textbox"; +$fields_files[0]['size']="20"; + +$fields_files[1]['name']="content"; +$fields_files[1]['columnheader']="content"; +$fields_files[1]['colwidth']="70%"; +$fields_files[1]['type']="textarea"; +$fields_files[1]['size']="70"; + +$fileslist = new HaproxyHtmlList("table_files", $fields_files); +$fileslist->keyfield = "name"; + +if ($_POST) { + $pconfig = $_POST; + + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } else { + $a_files = $fileslist->haproxy_htmllist_get_values($fields_files); + $filedupcheck = array(); + + foreach($a_files as $key => $file) { + $name = $file['name']; + if (!preg_match("/^[a-zA-Z][a-zA-Z0-9\.\-_]*$/", $file['name'])) + $input_errors[] = "The field 'Name' (".htmlspecialchars($file['name']).") contains invalid characters. Use only: a-zA-Z0-9.-_ and start with a letter"; + if (isset($filedupcheck[$name])) + $input_errors[] = "Duplicate names are not allowed: " . htmlspecialchars($name); + $filedupcheck[$name] = true; + } + + // replace references in backends to renamed 'files' + foreach($a_pools as &$backend) { + if (is_arrayset($backend,'errorfiles','item')) + foreach($backend['errorfiles']['item'] as &$errorfile) { + $found = false; + foreach($a_files as $key => $file) { + if ($errorfile['errorfile'] == $key) { + $errorfile['errorfile'] = $file['name']; + $found = true; + } + } + if (!$found) + $input_errors[] = "Errorfile marked for deletion: " . $errorfile['errorfile'] . " which is used in backend " . $backend['name']; + } + } + if (!$input_errors) { + // save config when no errors found + touch($d_haproxyconfdirty_path); + write_config($changedesc); + header("Location: haproxy_files.php"); + exit; + } + } +} + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + +$pgtitle = "Services: HAProxy: Files"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="haproxy_files.php" method="post"> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> +<?php endif; ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "files"); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + Files can be used for errorfiles, that can return custom error pages in + case haproxy reports a error (like no available backend). The content needs + to be less than the buffer size which is typically 8kb. + There are 2 possible variables to use inside the template: + Put these variables in the content of the errorfile templates and they will be replaced by the actual errorcode / message. (include the curly braces around the text)<br/> + <b>{errorcode}</b> this represents the errorcode<br/> + <b>{errormsg}</b> this represents the human readable error<br/> + </td> + </tr> + <tr> + <td> + + </td> + </tr> + <tr> + <td> + <? + $counter=0; + $fileslist->Draw($a_files); + ?> + </td> + </tr> + <tr> + <td> + + </td> + </tr> + <tr> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)" /> + </td> + </tr> + </table> + </div> + </table> + </form> +<script type="text/javascript"> + totalrows = <?php echo $counter; ?>; +<? + phparray_to_javascriptarray($fields_files,"fields_files",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); +?> +</script> + +<?php +haproxy_htmllist_js(); +include("fend.inc"); ?> +</body> +</html> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 50472d9f..cad3795a 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -36,7 +36,7 @@ require_once("haproxy_utils.inc"); require_once("globals.inc"); require_once("pkg_haproxy_tabs.inc"); -$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime'); +$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime','log-send-hostname','ssldefaultdhparam'); if (!is_array($config['installedpackages']['haproxy'])) $config['installedpackages']['haproxy'] = array(); @@ -268,55 +268,6 @@ function enable_change(enable_change) { </tr> <tr> <td valign="top" class="vncell"> - Remote syslog host - </td> - <td class="vtable"> - <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>" /><br/> - To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.) - </td> - </tr> - <tr> - <td valign="top" class="vncell"> - Syslog facility - </td> - <td class="vtable"> - <select name="logfacility" class="formfld"> - <?php - $facilities = array("kern", "user", "mail", "daemon", "auth", "syslog", "lpr", - "news", "uucp", "cron", "auth2", "ftp", "ntp", "audit", "alert", "cron2", - "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7"); - foreach ($facilities as $f): - ?> - <option value="<?=$f;?>" <?php if ($f == $pconfig['logfacility']) echo "selected"; ?>> - <?=$f;?> - </option> - <?php - endforeach; - ?> - </select> - </td> - </tr> - <tr> - <td valign="top" class="vncell"> - Syslog level - </td> - <td class="vtable"> - <select name="loglevel" class="formfld"> - <?php - $levels = array("emerg", "alert", "crit", "err", "warning", "notice", "info", "debug"); - foreach ($levels as $l): - ?> - <option value="<?=$l;?>" <?php if ($l == $pconfig['loglevel']) echo "selected"; ?>> - <?=$l;?> - </option> - <?php - endforeach; - ?> - </select> - </td> - </tr> - <tr> - <td valign="top" class="vncell"> Carp monitor </td> <td class="vtable"> @@ -374,6 +325,77 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td colspan="2" valign="top" class="listtopic">Logging</td> + </tr> + <tr> + <td valign="top" class="vncell"> + Remote syslog host + </td> + <td class="vtable"> + <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>" /><br/> + To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.) + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Syslog facility + </td> + <td class="vtable"> + <select name="logfacility" class="formfld"> + <?php + $facilities = array("kern", "user", "mail", "daemon", "auth", "syslog", "lpr", + "news", "uucp", "cron", "auth2", "ftp", "ntp", "audit", "alert", "cron2", + "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7"); + foreach ($facilities as $f): + ?> + <option value="<?=$f;?>" <?php if ($f == $pconfig['logfacility']) echo "selected"; ?>> + <?=$f;?> + </option> + <?php + endforeach; + ?> + </select> + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Syslog level + </td> + <td class="vtable"> + <select name="loglevel" class="formfld"> + <?php + $levels = array("emerg", "alert", "crit", "err", "warning", "notice", "info", "debug"); + foreach ($levels as $l): + ?> + <option value="<?=$l;?>" <?php if ($l == $pconfig['loglevel']) echo "selected"; ?>> + <?=$l;?> + </option> + <?php + endforeach; + ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Log hostname</td> + <td width="78%" class="vtable"> + <input name="log-send-hostname" type="text" <?if(isset($pconfig['log-send-hostname'])) echo "value=\"{$pconfig['log-send-hostname']}\"";?> size="18" maxlength="50" /> EXAMPLE: HaproxyMasterNode<br/>Sets the hostname field in the syslog header. If empty defaults to the system hostname. + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Tuning</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Max SSL Diffie-Hellman size</td> + <td width="78%" class="vtable"> + <input name="ssldefaultdhparam" type="text" <?if(isset($pconfig['ssldefaultdhparam'])) echo "value=\"{$pconfig['ssldefaultdhparam']}\"";?> size="10" maxlength="5" /> EXAMPLE: 2048<br/>Sets the maximum size of the Diffie-Hellman parameters used for generating +the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. +Minimum and default value is: 1024, bigger values might increase CPU usage.<br/> + For more information about the <b>"tune.ssl.default-dh-param"</b> option please see <b><a href='http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#3.2-tune.ssl.default-dh-param' target='_blank'>HAProxy Documentation</a></b><br/> + NOTE: HAProxy will emit a warning when starting when this setting is used but not configured. + </td> + </tr> + <tr> <td colspan="2" valign="top" class="listtopic">Global Advanced pass thru</td> </tr> <tr> diff --git a/config/haproxy-devel/haproxy_htmllist.inc b/config/haproxy-devel/haproxy_htmllist.inc index ae46ffd4..f873028e 100644 --- a/config/haproxy-devel/haproxy_htmllist.inc +++ b/config/haproxy-devel/haproxy_htmllist.inc @@ -34,113 +34,272 @@ require_once("config.inc"); require_once("haproxy_utils.inc"); -function haproxy_htmllist_get_values($html_list){ - $values = array(); - for($x=0; $x<99; $x++) { - $value = array(); - $add_item = false; - foreach($html_list as $item){ - $itemname = $item['name']; - $value[$itemname] = $_POST[$itemname.$x]; - $add_item |= isset($_POST[$itemname.$x]); +class HaproxyHtmlList +{ + /* + javascript 'events': + <tableId>_row_added(tableId, rowNr) + <tableId>_field_changed(tableId, rowNr, fieldId, field) + */ + + private $tablename = ""; + private $fields = array(); + public $editmode = false; + public $fields_details = null; + public $keyfield = ""; + + public function HaproxyHtmlList($tablename, $fields){ + $this->tablename = $tablename; + $this->fields = $fields; + } + + public function Draw($data){ + $this->haproxy_htmllist($data, $this->fields, $this->editmode, $this->fields_details); + } + + function haproxy_htmllist_get_values(){ + $values = array(); + for($x=0; $x<99; $x++) { + $value = array(); + $add_item = false; + foreach($this->fields as $item){ + $itemname = $item['name']; + $value[$itemname] = $_POST[$itemname.$x]; + if ($item['type'] == 'textarea') + $value[$itemname] = base64_encode($value[$itemname]); + $add_item |= isset($_POST[$itemname.$x]); + } + if ($add_item) { + if ($this->keyfield != "") { + if (isset($_POST[$this->tablename."_key".$x])) + $key = $_POST[$this->tablename."_key".$x]; + else + $key = $_POST[$this->keyfield.$x]; + + } else + $key = ""; + + if (isset($values[$key])) + $values[] = $value; + else + $values[$key] = $value; + } } - if ($add_item) - $values[] = $value; + return $values; } - return $values; -} -function haproxy_htmllist($tablename,$values,$items,$editstate=false){ - global $g, $counter; - echo "<table class='' width='100%' cellpadding='0' cellspacing='0' id='$tablename'> - <tr>"; - foreach($items as $item){ - echo "<td width='{$item['colwidth']}' class='listhdrr'>{$item['columnheader']}</td>"; + private function haproxy_htmllist_drawcell($item, $itemvalue, $editable, $itemname, $counter) { + $itemnamenr = $itemname . $counter; + $itemtype = $item['type']; + if ($editable) { + $itemtype = $item['type']; + if ($itemtype == "select"){ + echo_html_select($itemnamenr, $item['items'], $itemvalue,"","html_listitem_change(\"{$this->tablename}\",\"{$itemname}\",\"{$counter}\",this);", "width:{$item['size']}"); + } else + if ($itemtype == "checkbox"){ + $checked = $itemvalue=='yes' ? " checked" : ""; + echo "<input onclick='html_listitem_change(\"{$this->tablename}\",\"{$itemname}\",\"{$counter}\",this);' name='$itemnamenr' id='$itemnamenr' type='checkbox'$checked value='yes' size='{$item['size']}' />"; + } else + if ($itemtype == "textarea"){ + echo "<textarea name='$itemnamenr' id='$itemnamenr' type='text' cols='{$item['size']}' rows='10'>"; + echo htmlspecialchars(base64_decode($itemvalue)); + echo "</textarea>"; + } else + echo "<input name='$itemnamenr' id='$itemnamenr' type='text' value='{$itemvalue}' size='{$item['size']}' />"; + } else { + if ($itemtype == "select"){ + echo $item['items'][$itemvalue]['name']; + } else + if ($itemtype == "checkbox"){ + echo $itemvalue=='yes' ? gettext('yes') : gettext('no'); + } else + if ($itemtype == "textarea"){ + echo htmlspecialchars(base64_decode($itemvalue)); + } else + echo htmlspecialchars($itemvalue); + } } - echo "<td width='5%' class=''></td> - </tr>"; - if (is_array($values)){ - foreach($values as $value){ - if (!$editstate) { - echo "<tr id='tr_view_$counter' ondblclick='editRow($counter); return false;' >"; - $leftitem = true; + + function haproxy_htmllist($rowvalues,$items,$editstate=false,$itemdetails=null){ + $tablename = $this->tablename; + global $g, $counter; + echo "<table class='' width='100%' cellpadding='0' cellspacing='0' id='$tablename'> + <tr>"; + foreach($items as $item){ + echo "<td width='{$item['colwidth']}' class='listhdrr'>{$item['columnheader']}</td>"; + } + echo "<td width='5%' class=''></td> + </tr>"; + if (is_array($rowvalues)){ + foreach($rowvalues as $keyid => $value){ + if ($this->keyfield != "") { + if (preg_match("/[^0-9]/", $keyid)) + $itemvalue = $keyid; + else + $itemvalue = $value[$this->keyfield]; + $key = "<input name='{$tablename}_key{$counter}' id='{$tablename}_key{$counter}' type='hidden' value='{$itemvalue}'>"; + } else + $key = ""; + + if (!$editstate) { + echo "<tr id='tr_view_$counter' ondblclick='editRow($counter); return false;' >"; + $leftitem = true; + foreach($items as $item) { + $tdclass = $leftitem ? "vtable listlr" : "vtable listr"; + echo "<td class='$tdclass'>"; + $itemname = $item['name']; + $itemvalue = $value[$itemname]; + if (isset($item['customdrawcell'])) { + $item['customdrawcell']($item, $itemvalue, false); + } else + $this->haproxy_htmllist_drawcell($item, $itemvalue, false, $itemname, $counter); + echo "</td>"; + $leftitem = false; + + } + echo " + <td class='list'> + <table border='0' cellspacing='0' cellpadding='1'><tr> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_e.gif' title='edit entry' width='17' height='17' border='0' onclick='editRow($counter); return false;' /> + </td> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='deleteRow($counter, \"$tablename\"); return false;' /> + </td> + <td valign='middle'> + <img src='/themes/{$g['theme']}/images/icons/icon_plus.gif' title='duplicate entry' width='17' height='17' border='0' onclick='dupRow($counter, \"$tablename\"); return false;' /> + </td></tr></table> + </td>"; + echo "</tr>"; + } + $displaystyle = $editstate ? "" : "display: none;"; + echo "<tr id='tr_edit_$counter' style='$displaystyle'>"; foreach($items as $item){ - $tdclass = $leftitem ? "vtable listlr" : "vtable listr"; - echo "<td class='$tdclass'>"; $itemname = $item['name']; - $itemtype = $item['type']; - $itemvalue = $value[$itemname]; - if ($itemtype == "select"){ - echo $item['items'][$itemvalue]['name']; + $itemvalue = $value[$itemname]; + echo "<td class='vtable'>".$key; + if (isset($item['customdrawcell'])) { + $item['customdrawcell']($item, $itemvalue, true, $item['name'].$counter); } else - if ($itemtype == "checkbox"){ - echo $itemvalue=='yes' ? gettext('yes') : gettext('no'); - } else - echo $itemvalue; + $this->haproxy_htmllist_drawcell($item, $itemvalue, true, $itemname, $counter); echo "</td>"; - $leftitem = false; + $key = ""; } echo " <td class='list'> <table border='0' cellspacing='0' cellpadding='1'><tr> <td valign='middle'> - <img src='/themes/{$g['theme']}/images/icons/icon_e.gif' title='edit entry' width='17' height='17' border='0' onclick='editRow($counter); return false;' /> - </td> - <td valign='middle'> - <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='deleteRow($counter, \"$tablename\"); return false;' /> + <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='removeRow(this); return false;' /> </td> <td valign='middle'> <img src='/themes/{$g['theme']}/images/icons/icon_plus.gif' title='duplicate entry' width='17' height='17' border='0' onclick='dupRow($counter, \"$tablename\"); return false;' /> </td></tr></table> </td>"; echo "</tr>"; - } - $displaystyle = $editstate ? "" : "display: none;"; - echo "<tr id='tr_edit_$counter' style='$displaystyle'>"; - foreach($items as $item){ - $itemname = $item['name']; - $itemtype = $item['type']; - $itemvalue = $value[$itemname]; - $itemnamenr = $itemname.$counter; - echo "<td class='vtable'>"; - if ($itemtype == "select"){ - echo_html_select($itemnamenr, $item['items'], $itemvalue,"","updatevisibility();", "width:{$item['size']}"); - } else - if ($itemtype == "checkbox"){ - $checked = $itemvalue=='yes' ? " checked" : ""; - echo "<input name='$itemnamenr' id='$itemnamenr' type='checkbox'$checked value='yes' size='{$item['size']}' />"; - - } else - echo "<input name='$itemnamenr' id='$itemnamenr' type='text' value='{$itemvalue}' size='{$item['size']}' />"; - echo "</td>"; + if (isset($itemdetails)) { + $colspan = count($items)-1; + echo "<tr id='tr_viewdetail_$counter'>"; + ?> + <td class='vtable listlr' style='border-bottom-width: medium;vertical-align:top;'> + <div style="position:relative;float:right;width:11px;height:11px;"> + <a onclick="htmltable_toggle_details('<?="htmltable_{$tablename}_{$counter}_details"?>')"> + <img id="htmltable_<?="{$tablename}_{$counter}"?>_details_off" alt="Expand advanced server settings" + src="tree/plus.gif" style="clip:rect(19px 13px 30px 2px); top:-19px;position:absolute;"/> + </a> + </div> + </td> + <? + echo "<td class='vtable listr' colspan='$colspan' style='border-bottom-width: medium;'>"; + $itemnr = 0; + echo "<div id='htmltable_{$tablename}_{$counter}_details_view'>"; + $itemcount = count($itemdetails); + foreach($itemdetails as $item) { + echo "<div style='float: left;padding-right: 2px;'>"; + $tdclass = "";//$leftitem ? "vtable listlr" : "vtable listr"; + echo $item['columnheader'] . ": "; + $itemname = $item['name']; + $itemvalue = $value[$itemname]; + if (isset($item['customdrawcell'])) { + $item['customdrawcell']($item, $itemvalue, false); + } else + $this->haproxy_htmllist_drawcell($item, $itemvalue, false, $itemname, $counter); + $leftitem = false; + $itemnr++; + if ($itemcount != $itemnr) + echo ", "; + echo "</div>"; + } + echo "</div>"; + echo "<div id='htmltable_{$tablename}_{$counter}_details_edit' style='display:none;'>"; + echo "<table class='tabcont' style='border-collapse:collapse' border='1' cellspacing='0' >"; + $leftitem = true; + foreach($itemdetails as $item) { + echo "<tr id='tr_edititemdetails_$counter' ondblclick='editRow($counter); return false;'>"; + $tdclass = "";//$leftitem ? "vtable listlr" : "vtable listr"; + echo "<td style='border-right:0' class='$tdclass'>"; + echo "{$item['columnheader']}: "; + echo "</td>"; + echo "<td style='border-left:0' class='$tdclass'>"; + $itemname = $item['name']; + $itemvalue = $value[$itemname]; + echo "{$item['description']}<br/>"; + if (isset($item['customdrawcell'])) { + $item['customdrawcell']($item, $itemvalue, true, $itemname . $counter); + } else + $this->haproxy_htmllist_drawcell($item, $itemvalue, true, $itemname, $counter); + echo "</td>"; + $leftitem = false; + echo "</tr>"; + } + echo "</table>"; + echo "</div>"; + echo "</td>"; + echo "</tr>"; + } + if (isset($itemdetails)) { + $colspan = count($items)-1; + echo "<tr id='htmltable_{$tablename}_{$counter}_details' style='$displaystyle' >"; + echo "<td class='vtable listlr' style='border-bottom-width: medium;'> </td>"; + echo "<td class='vtable listr' colspan='$colspan' style='border-bottom-width: medium;'>"; + echo "</td>"; + echo "</tr>"; + } + + $counter++; } - echo " - <td class='list'> - <table border='0' cellspacing='0' cellpadding='1'><tr> - <td valign='middle'> - <img src='/themes/{$g['theme']}/images/icons/icon_x.gif' title='delete entry' width='17' height='17' border='0' onclick='removeRow(this); return false;' /> - </td> - <td valign='middle'> - <img src='/themes/{$g['theme']}/images/icons/icon_plus.gif' title='duplicate entry' width='17' height='17' border='0' onclick='dupRow($counter, \"$tablename\"); return false;' /> - </td></tr></table> - </td>"; - echo "</tr>"; - $counter++; } + echo "</table> + <a onclick='javascript:addRowTo(\"$tablename\"); return false;' href='#'> + <img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='' title='add another entry' /> + </a>"; } - echo "</table> - <a onclick='javascript:addRowTo(\"$tablename\"); return false;' href='#'> - <img border='0' src='/themes/{$g['theme']}/images/icons/icon_plus.gif' alt='' title='add another entry' /> - </a>"; +} + +function haproxy_htmllist($tablename,$rowvalues,$items,$editstate=false,$itemdetails=null){ + $list = new HaproxyHtmlList($tablename, $items); + $list->haproxy_htmllist($rowvalues, $items, $editstate, $itemdetails); +} + +function haproxy_htmllist_get_values($html_list){ + $list = new HaproxyHtmlList("-", $html_list); + return $list->haproxy_htmllist_get_values(); } function haproxy_htmllist_js(){ -?><script type="text/javascript"> - function htmllist_get_select_items(tableId) { +?><script type="text/javascript"> + function html_listitem_change(tableId, fieldId, rowNr, field) { + javascript_event = tableId + "_listitem_change"; + var fn = window[javascript_event]; + if (typeof fn === 'function'){ + fn(tableId, fieldId, rowNr, field); + } + } + + function htmllist_get_select_items(prefix,tableId) { var items; var i = tableId.lastIndexOf('_'); - var items_name = "fields_"+tableId.substr(i+1); - items = eval(items_name); + var items_name = prefix+"_"+tableId.substr(i+1); + items = eval("typeof "+items_name+" !== 'undefined' ? "+items_name+" : {}"); return items; } @@ -150,8 +309,7 @@ function haproxy_htmllist_js(){ var btable, btbody, btr, btd; d = document; - items = htmllist_get_select_items(tableId); - seltext = htmllist_get_select_options(tableId); + items = htmllist_get_select_items('fields',tableId); tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); tr = d.createElement("tr"); @@ -164,13 +322,21 @@ function haproxy_htmllist_js(){ td.innerHTML="<input size='" + items[i]['size'] + "' name='" + items[i]['name'] + totalrows + "' id='" + items[i]['name'] + totalrows + "'><\/input> "; + } else if(items[i]['type'] == 'textarea') { + td.innerHTML="<textarea cols='" + items[i]['size'] + "' rows='30' name='" + items[i]['name'] + totalrows + + "' id='" + items[i]['name'] + totalrows + + "'><\/textarea> "; } else if(items[i]['type'] == 'select') { + seltext = htmllist_get_select_options(tableId, items[i]['name']); td.innerHTML="<select style='width:" + items[i]['size'] + "' name='" + items[i]['name'] + totalrows + - "' id='" + items[i]['name'] + totalrows + - "'>" + seltext + "<\/select> "; + "' id='" + items[i]['name'] + totalrows + "' "+ + "onchange='html_listitem_change(\""+tableId+"\",\""+items[i]['name']+"\",\""+totalrows+"\",this);' " + + ">" + seltext + "<\/select> "; } else { - td.innerHTML="<input type='checkbox' name='" + items[i]['name'] + totalrows + - "' id='" + items[i]['name'] + totalrows + "' value='yes'><\/input> "; + td.innerHTML="<input type='checkbox' name='" + items[i]['name'] + totalrows +"'"+ + "id='" + items[i]['name'] + totalrows + "' "+ + "onclick='html_listitem_change(\""+tableId+"\",\""+items[i]['name']+"\",\""+totalrows+"\",this);' " + + "value='yes'><\/input> "; } tr.appendChild(td); } @@ -178,6 +344,13 @@ function haproxy_htmllist_js(){ td.rowSpan = "1"; td.setAttribute("class","list"); + items = htmllist_get_select_items('fields_details',tableId); + for (var i in items) { + td.innerHTML=td.innerHTML+"<input type='hidden' name='" + items[i]['name'] + totalrows + + "' id='" + items[i]['name'] + totalrows + + "'><\/input> "; + } + // Recreate the button table. btable = document.createElement("table"); btable.setAttribute("border", "0"); @@ -198,13 +371,19 @@ function haproxy_htmllist_js(){ td.appendChild(btable); tr.appendChild(td); tbody.appendChild(tr); + + javascript_row_added = tableId + "_row_added"; + var fn = window[javascript_row_added]; + if (typeof fn === 'function'){ + fn(tableId, totalrows); + } }); })(); function dupRow(rowId, tableId) { var dupEl; var newEl; addRowTo(tableId); - items = htmllist_get_select_items(tableId); + items = htmllist_get_select_items('fields',tableId); for (var i in items) { dupEl = document.getElementById(items[i]['name'] + rowId); newEl = document.getElementById(items[i]['name'] + totalrows); @@ -214,6 +393,21 @@ function haproxy_htmllist_js(){ else newEl.value = dupEl.value; } + items = htmllist_get_select_items('fields_details',tableId); + for (var i in items) { + dupEl = document.getElementById(items[i]['name'] + rowId); + newEl = document.getElementById(items[i]['name'] + totalrows); + if (dupEl && newEl) + if(items[i]['type'] == 'checkbox') + newEl.value = dupEl.checked ? 'yes' : ''; + else + newEl.value = dupEl.value; + } + javascript_row_added = tableId + "_row_added"; + var fn = window[javascript_row_added]; + if (typeof fn === 'function'){ + fn(tableId, totalrows); + } } function editRow(num) { var trview = document.getElementById('tr_view_' + num); @@ -223,9 +417,14 @@ function haproxy_htmllist_js(){ } function deleteRow(rowId, tableId) { var view = document.getElementById("tr_view_" + rowId); + var viewdetail = document.getElementById("tr_viewdetail_" + rowId); var edit = document.getElementById("tr_edit_" + rowId); - view.parentNode.removeChild(view); - edit.parentNode.removeChild(edit); + if (view) + view.parentNode.removeChild(view); + if (viewdetail) + viewdetail.parentNode.removeChild(viewdetail); + if (edit) + edit.parentNode.removeChild(edit); } function removeRow(el) { var cel; @@ -240,6 +439,16 @@ function haproxy_htmllist_js(){ el.parentNode.removeChild(el); } } + + function htmltable_toggle_details(table_row_detail_id) { + tredit = document.getElementById(table_row_detail_id+'_off'); + trviewdetail = document.getElementById(table_row_detail_id+'_edit'); + treditdetail = document.getElementById(table_row_detail_id+'_view'); + current_on = tredit.style.display == 'none'; + tredit.style.display=current_on ? '' : 'none'; + trviewdetail.style.display=current_on ? 'none' : ''; + treditdetail.style.display=current_on ? '' : 'none'; + } </script><? } diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php index 7022ec34..301dd253 100644 --- a/config/haproxy-devel/haproxy_listeners.php +++ b/config/haproxy-devel/haproxy_listeners.php @@ -124,22 +124,26 @@ include("head.inc"); $a_frontend_grouped = array(); foreach($a_frontend as &$frontend2) { $mainfrontend = get_primaryfrontend($frontend2); + $mainname = $mainfrontend['name']; $ipport = get_frontend_ipport($frontend2, true); $frontend2['ipport'] = $ipport; $frontend2['type'] = $mainfrontend['type']; - $a_frontend_grouped[$ipport][] = $frontend2; + $a_frontend_grouped[$mainname][] = $frontend2; } ksort($a_frontend_grouped); $img_cert = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; $img_adv = "/themes/{$g['theme']}/images/icons/icon_advanced.gif"; $img_acl = "/themes/{$g['theme']}/images/icons/icon_ts_rule.gif"; + $textgray = ""; + $first = true; $last_frontend_shared = false; foreach ($a_frontend_grouped as $a_frontend) { usort($a_frontend,'sort_sharedfrontends'); - if (count($a_frontend) > 1 || $last_frontend_shared) { + if ((count($a_frontend) > 1 || $last_frontend_shared) && !$first) { ?> <tr class="<?=$textgray?>"><td colspan="7"> </td></tr> <? } + $first = false; $last_frontend_shared = count($a_frontend) > 1; foreach ($a_frontend as $frontend) { $frontendname = $frontend['name']; @@ -151,11 +155,19 @@ include("head.inc"); </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> <? - if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']) { + $acls = get_frontend_acls($frontend); + $isaclset = ""; + foreach ($acls as $acl) { + $isaclset .= " " . htmlspecialchars($acl['descr']); + } + if ($isaclset) + echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />"; + + if (get_frontend_uses_ssl($frontend)) { $cert = lookup_cert($frontend['ssloffloadcert']); $descr = htmlspecialchars($cert['descr']); - $certs = $frontend['ha_certificates']['item']; - if (is_array($certs)){ + if (is_array($frontend['ha_certificates']) && is_array($frontend['ha_certificates']['item'])) { + $certs = $frontend['ha_certificates']['item']; if (count($certs) > 0){ foreach($certs as $certitem){ $cert = lookup_cert($certitem['ssl_certificate']); @@ -166,29 +178,24 @@ include("head.inc"); echo '<img src="'.$img_cert.'" title="SSL offloading cert: '.$descr.'" alt="SSL offloading" border="0" height="16" width="16" />'; } - $acls = get_frontend_acls($frontend); - $isaclset = ""; - foreach ($acls as $acl) { - $isaclset .= " " . htmlspecialchars($acl['descr']); - } - - if ($isaclset) - echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />"; - $isadvset = ""; if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: ".htmlspecialchars($frontend['advanced_bind'])."\r\n"; if ($frontend['advanced']) $isadvset .= "Advanced pass thru setting used\r\n"; if ($isadvset) echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />"; + $backend_serverpool_hint = ""; $backend_serverpool = $frontend['backend_serverpool']; - $backend = get_backend($backend_serverpool ); - if ($backend && is_array($backend['ha_servers']['item'])){ + $backend = get_backend($backend_serverpool); + if ($backend && is_array($backend['ha_servers']) && is_array($backend['ha_servers']['item'])){ $servers = $backend['ha_servers']['item']; $backend_serverpool_hint = gettext("Servers in pool:"); if (is_array($servers)){ foreach($servers as $server){ - $backend_serverpool_hint .= "\n".$server['address'].":".$server['port']; + if (isset($server['forwardto']) && $server['forwardto'] != "") + $backend_serverpool_hint .= "\n[".$server['forwardto']."]"; + else + $backend_serverpool_hint .= "\n".$server['address'].":".$server['port']; } } } @@ -201,14 +208,41 @@ include("head.inc"); <?=$frontend['desc'];?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> - <?=str_replace(" "," ",$frontend['ipport']);?> + <? + $first = true; + foreach($frontend['ipport'] as $addr) { + if (!$first) + print "<br/>"; + print "<div style='white-space:nowrap;'>"; + print "{$addr['addr']}:{$addr['port']}"; + if ($addr['ssl'] == 'yes') { + echo '<img src="'.$img_cert.'" title="SSL offloading" alt="SSL" border="0" height="11" width="11" />'; + } + print "</div"; + $first = false; + } + ?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> - <?=$frontend['type']?> + <? + if ($frontend['type'] == 'http') { + $mainfrontend = get_primaryfrontend($frontend); + $sslused = get_frontend_uses_ssl($mainfrontend); + $httpused = !get_frontend_uses_ssl_only($frontend); + if ($httpused) + echo "http"; + if ($sslused) { + echo ($httpused ? "/" : "") . "https"; + } + } else + echo $a_frontendmode[$frontend['type']]['shortname']; + ?> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> <div title='<?=$backend_serverpool_hint;?>'> + <a href="haproxy_pool_edit.php?id=<?=$frontend['backend_serverpool']?>"> <?=$frontend['backend_serverpool']?> + </a> </div> </td> <td class="listlr" ondblclick="document.location='haproxy_listeners_edit.php?id=<?=$frontendname;?>';"> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 6731731d..a818fcfb 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -52,7 +52,7 @@ function haproxy_js_acl_select($mode) { $seltext = ''; foreach ($a_acltypes as $key => $expr) { if ($expr['mode'] == '' || $expr['mode'] == $mode) - $seltext .= "<option value='" . $key . "'>" . $expr['name'] .":<\/option>"; + $seltext .= "<option value='" . $key . "'>" . $expr['name'] ."<\/option>"; } return $seltext; } @@ -63,10 +63,15 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { $a_backend = &$config['installedpackages']['haproxy']['ha_backends']['item']; $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; +if (!is_array($a_pools)) + $a_pools = array(); +uasort($a_pools, haproxy_compareByName); global $simplefields; $simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool', - 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind','ssloffloadacladditional'); + 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','ssloffloadaclnondefault','advanced_bind', + 'ssloffloadacladditional','ssloffloadacladditionalnondefault', + 'dontlognull','dontlog-normal','log-separate-errors','log-detailed'); if (isset($_POST['id'])) $id = $_POST['id']; @@ -82,10 +87,13 @@ if (!is_numeric($id)) { //default value for new items. $pconfig['ssloffloadacl'] = "yes"; + $new_item = array(); + $new_item['extaddr'] = "wan_ipv4"; + $new_item['extaddr_port'] = "80"; + $pconfig['a_extaddr'][] = $new_item; } -$servercerts = get_certificates_server(); - +$servercerts = haproxy_get_certificates('server,user'); $fields_sslCertificates=array(); $fields_sslCertificates[0]['name']="ssl_certificate"; $fields_sslCertificates[0]['columnheader']="Certificates"; @@ -94,6 +102,28 @@ $fields_sslCertificates[0]['type']="select"; $fields_sslCertificates[0]['size']="500px"; $fields_sslCertificates[0]['items']=&$servercerts; +$certs_ca = haproxy_get_certificates('ca'); +$ca_none['']['name']="None"; +$certs_ca = $ca_none + $certs_ca; +$fields_caCertificates=array(); +$fields_caCertificates[0]['name']="cert_ca"; +$fields_caCertificates[0]['columnheader']="Certificates authorities"; +$fields_caCertificates[0]['colwidth']="95%"; +$fields_caCertificates[0]['type']="select"; +$fields_caCertificates[0]['size']="500px"; +$fields_caCertificates[0]['items']=&$certs_ca; + +$certs_crl = haproxy_get_crls(); +$ca_none['']['name']="None"; +$certs_crl = $ca_none + $certs_crl; +$fields_crlCertificates=array(); +$fields_crlCertificates[0]['name']="cert_crl"; +$fields_crlCertificates[0]['columnheader']="Certificate revocation lists"; +$fields_crlCertificates[0]['colwidth']="95%"; +$fields_crlCertificates[0]['type']="select"; +$fields_crlCertificates[0]['size']="500px"; +$fields_crlCertificates[0]['items']=&$certs_crl; + $fields_aclSelectionList=array(); $fields_aclSelectionList[0]['name']="name"; $fields_aclSelectionList[0]['columnheader']="Name"; @@ -114,17 +144,54 @@ $fields_aclSelectionList[2]['colwidth']="35%"; $fields_aclSelectionList[2]['type']="textbox"; $fields_aclSelectionList[2]['size']="35"; +$interfaces = haproxy_get_bindable_interfaces(); +$interfaces_custom['custom']['name']="Use custom address:"; +$interfaces = $interfaces_custom + $interfaces; + +$fields_externalAddress=array(); +$fields_externalAddress[0]['name']="extaddr"; +$fields_externalAddress[0]['columnheader']="Listen address"; +$fields_externalAddress[0]['colwidth']="25%"; +$fields_externalAddress[0]['type']="select"; +$fields_externalAddress[0]['size']="200px"; +$fields_externalAddress[0]['items']=&$interfaces; +$fields_externalAddress[1]['name']="extaddr_custom"; +$fields_externalAddress[1]['columnheader']="Custom address"; +$fields_externalAddress[1]['colwidth']="25%"; +$fields_externalAddress[1]['type']="textbox"; +$fields_externalAddress[1]['size']="30"; +$fields_externalAddress[2]['name']="extaddr_port"; +$fields_externalAddress[2]['columnheader']="Port"; +$fields_externalAddress[2]['colwidth']="5%"; +$fields_externalAddress[2]['type']="textbox"; +$fields_externalAddress[2]['size']="5"; +$fields_externalAddress[3]['name']="extaddr_ssl"; +$fields_externalAddress[3]['columnheader']="SSL Offloading"; +$fields_externalAddress[3]['colwidth']="10%"; +$fields_externalAddress[3]['type']="checkbox"; +$fields_externalAddress[3]['size']="50px"; +$fields_externalAddress[4]['name']="extaddr_advanced"; +$fields_externalAddress[4]['columnheader']="Advanced"; +$fields_externalAddress[4]['colwidth']="20%"; +$fields_externalAddress[4]['type']="textbox"; +$fields_externalAddress[4]['size']="30"; if (isset($id) && $a_backend[$id]) { $pconfig['a_acl']=&$a_backend[$id]['ha_acls']['item']; $pconfig['a_certificates']=&$a_backend[$id]['ha_certificates']['item']; + $pconfig['clientcert_ca']=&$a_backend[$id]['clientcert_ca']['item']; + $pconfig['clientcert_crl']=&$a_backend[$id]['clientcert_crl']['item']; + $pconfig['a_extaddr']=&$a_backend[$id]['a_extaddr']['item']; $pconfig['advanced'] = base64_decode($a_backend[$id]['advanced']); foreach($simplefields as $stat) $pconfig[$stat] = $a_backend[$id][$stat]; } -if (isset($_GET['dup'])) +if (isset($_GET['dup'])) { unset($id); + if ($pconfig['secondary'] != 'yes') + $pconfig['primary_frontend'] = $pconfig['name']; +} $changedesc = "Services: HAProxy: Frontend"; $changecount = 0; @@ -135,16 +202,19 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if ($pconfig['secondary'] != "yes") { - $reqdfields = explode(" ", "name type port"); - $reqdfieldsn = explode(",", "Name,Type,Port"); + $reqdfields = explode(" ", "name type"); + $reqdfieldsn = explode(",", "Name,Type"); } else { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; @@ -169,10 +239,18 @@ if ($_POST) { $a_certificates = haproxy_htmllist_get_values($fields_sslCertificates); $pconfig['a_certificates'] = $a_certificates; + $a_clientcert_ca = haproxy_htmllist_get_values($fields_caCertificates); + $pconfig['a_clientcert_ca'] = $a_clientcert_ca; + $a_clientcert_crl = haproxy_htmllist_get_values($fields_crlCertificates); + $pconfig['a_clientcert_crl'] = $a_clientcert_crl; $a_acl = haproxy_htmllist_get_values($fields_aclSelectionList); $pconfig['a_acl'] = $a_acl; + $a_extaddr = haproxy_htmllist_get_values($fields_externalAddress); + $pconfig['a_extaddr'] = $a_extaddr; + + foreach($a_acl as $acl) { $acl_name = $acl['name']; $acl_value = $acl['value']; @@ -210,6 +288,9 @@ if ($_POST) { update_if_changed("advanced", $backend['advanced'], base64_encode($_POST['advanced'])); $backend['ha_acls']['item'] = $a_acl; $backend['ha_certificates']['item'] = $a_certificates; + $backend['clientcert_ca']['item'] = $a_clientcert_ca; + $backend['clientcert_crl']['item'] = $a_clientcert_crl; + $backend['a_extaddr']['item'] = $a_extaddr; if (isset($id) && $a_backend[$id]) { $a_backend[$id] = $backend; @@ -238,7 +319,6 @@ include("head.inc"); if (!isset($_GET['dup'])) $excludefrontend = $pconfig['name']; $primaryfrontends = get_haproxy_frontends($excludefrontend); -$interfaces = haproxy_get_bindable_interfaces(); ?> <style type="text/css"> @@ -258,7 +338,7 @@ $interfaces = haproxy_get_bindable_interfaces(); <?php endif; ?> <script type="text/javascript"> - function htmllist_get_select_options(tableId) { + function htmllist_get_select_options(tableId, fieldname) { var seltext; seltext = ""; var type; @@ -286,6 +366,15 @@ $interfaces = haproxy_get_bindable_interfaces(); if (tableId == 'tableA_sslCertificates'){ seltext = "<?=haproxy_js_select_options($servercerts);?>"; } + if (tableId == 'table_clientcert_ca'){ + seltext = "<?=haproxy_js_select_options($certs_ca);?>"; + } + if (tableId == 'table_clientcert_crl'){ + seltext = "<?=haproxy_js_select_options($certs_crl);?>"; + } + if (tableId == 'table_extaddr'){ + seltext = "<?=haproxy_js_select_options($interfaces);?>"; + } return seltext; } @@ -300,20 +389,26 @@ $interfaces = haproxy_get_bindable_interfaces(); } } } - function updatevisibility() { d = document; + ssl = false; ssloffload = d.getElementById("ssloffload"); + for (i = 0; i < 99; i++) { + customEdit = document.getElementById("extaddr_ssl"+i); + if (customEdit && customEdit.checked) + ssl = true; + } var type; var secondary = d.getElementById("secondary"); var primary_frontend = d.getElementById("primary_frontend"); - if ((secondary !== null) && (secondary.checked)) + if ((secondary !== null) && (secondary.checked)) { type = primaryfrontends[primary_frontend.value]['ref']['type']; - else + ssl = ssloffload.checked; + } else type = d.getElementById("type").value; - setCSSdisplay(".haproxy_ssloffloading_enabled", ssloffload.checked); + setCSSdisplay(".haproxy_ssloffloading_enabled", ssl); setCSSdisplay(".haproxy_mode_http", type == "http"); if (secondary !== null) { setCSSdisplay(".haproxy_primary", !secondary.checked); @@ -438,25 +533,45 @@ $interfaces = haproxy_get_bindable_interfaces(); <tr class="haproxy_primary"> <td width="22%" valign="top" class="vncellreq">External address</td> <td width="78%" class="vtable"> - <? - echo_html_select('extaddr', $interfaces, $pconfig['extaddr']); - ?> + <? + $counter=0; + $a_extaddr = $pconfig['a_extaddr']; + $htmllist_extadd = new HaproxyHtmlList("table_extaddr", $fields_externalAddress); + $htmllist_extadd->editmode = true; + $htmllist_extadd->Draw($a_extaddr); + ?> + <script type="text/javascript"> + function table_extaddr_row_added(tableid, rowid){ + new AutoSuggestControl(document.getElementById("extaddr_custom"+rowid), new StateSuggestions(address_array)); + new AutoSuggestControl(document.getElementById("extaddr_port"+rowid), new StateSuggestions(port_array)); + table_extaddr_listitem_change(tableid,"",rowid, null);//disables address when not set to custom. + } + + function table_extaddr_listitem_change(tableId, fieldId, rowNr, field) { + if (fieldId == "extaddr" || fieldId == "") { + field = field || document.getElementById("extaddr"+rowNr); + customEdit = document.getElementById("extaddr_custom"+rowNr); + customdisabled = field.value == "custom" ? 0 : 1; + customEdit.disabled = customdisabled; + } + if (fieldId == "extaddr_ssl") { + updatevisibility(); + } + } + + </script> <br /> <span class="vexpl"> If you want this rule to apply to another IP address than the IP address of the interface chosen above, select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option. + + In the port to listen to, if you want to specify multiple ports, separate them with a comma (,). EXAMPLE: 80,8000 + Or to listen on both 80 and 443 create 2 rows in the table. </span> </td> </tr> <tr class="haproxy_primary" align="left"> - <td width="22%" valign="top" class="vncellreq">External port</td> - <td width="78%" class="vtable" colspan="2"> - <input name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" /> - <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,8000</div> - </td> - </tr> - <tr class="haproxy_primary" align="left"> <td width="22%" valign="top" class="vncell">Max connections</td> <td width="78%" class="vtable" colspan="2"> <input name="max_connections" type="text" <?if(isset($pconfig['max_connections'])) echo "value=\"{$pconfig['max_connections']}\"";?> size="10" maxlength="10" /> @@ -483,8 +598,8 @@ $interfaces = haproxy_get_bindable_interfaces(); <td width="22%" valign="top" class="vncellreq">Type</td> <td width="78%" class="vtable" colspan="2"> <select name="type" id="type" onchange="updatevisibility();"> - <option value="http"<?php if($pconfig['type'] == "http") echo " SELECTED"; ?>>HTTP</option> - <option value="https"<?php if($pconfig['type'] == "https") echo " SELECTED"; ?>>HTTPS</option> + <option value="http"<?php if($pconfig['type'] == "http") echo " SELECTED"; ?>>HTTP / HTTPS(offloading)</option> + <option value="https"<?php if($pconfig['type'] == "https") echo " SELECTED"; ?>>SSL / HTTPS(TCP mode)</option> <option value="tcp"<?php if($pconfig['type'] == "tcp") echo " SELECTED"; ?>>TCP</option> <option value="health"<?php if($pconfig['type'] == "health") echo " SELECTED"; ?>>Health</option> </select><br/> @@ -498,7 +613,6 @@ $interfaces = haproxy_get_bindable_interfaces(); <td width="22%" valign="top" class="vncell">Access Control lists</td> <td width="78%" class="vtable" colspan="2" valign="top"> <? - $counter=0; $a_acl = $pconfig['a_acl']; haproxy_htmllist("tableA_acltable", $a_acl, $fields_aclSelectionList, true); ?> @@ -507,6 +621,48 @@ $interfaces = haproxy_get_bindable_interfaces(); For more information about ACL's please see <a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_blank'>HAProxy Documentation</a> Section 7 - Using ACL's </td> </tr> + <tr class="haproxy_primary"><td> </td></tr> + <tr class="haproxy_primary"> + <td colspan="2" valign="top" class="listtopic">Logging options</td> + </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncell">Dont log null</td> + <td width="78%" class="vtable" colspan="2"> + <input id="dontlognull" name="dontlognull" type="checkbox" value="yes" <?php if ($pconfig['dontlognull']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + A connection on which no data has been transferred will not be logged. + <div>To skip logging probes from monitoring systems that otherwise would pollute the logging. (It is generally recommended not to use this option in uncontrolled environments (eg: internet), otherwise scans and other malicious activities would not be logged.)</div> + </td> + </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncell">Dont log normal</td> + <td width="78%" class="vtable" colspan="2"> + <input id="dontlog-normal" name="dontlog-normal" type="checkbox" value="yes" <?php if ($pconfig['dontlog-normal']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Don't log connections in which no anomalies are found. + <div>Setting this option ensures that + normal connections, those which experience no error, no timeout, no retry nor + redispatch, will not be logged.</div> + </td> + </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncell">Raise level for errors</td> + <td width="78%" class="vtable" colspan="2"> + <input id="log-separate-errors" name="log-separate-errors" type="checkbox" value="yes" <?php if ($pconfig['log-separate-errors']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Change the level changes from "info" to "err" for potentially interesting information. + <div>This option makes haproxy raise the level of logs containing potentially interesting information such + as errors, timeouts, retries, redispatches, or HTTP status codes 5xx. </div> + </td> + </tr> + <tr class="haproxy_primary" align="left"> + <td width="22%" valign="top" class="vncell">Detailed logging</td> + <td width="78%" class="vtable" colspan="2"> + <input id="log-detailed" name="log-detailed" type="checkbox" value="yes" <?php if ($pconfig['log-detailed']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + If checked provides more detailed logging. + <div>Each log line turns into a much richer format including, but + not limited to, the connection timers, the session status, the connections + numbers, the frontend, backend and server name, and of course the source + address and ports. In http mode also the HTTP request and captured headers and cookies will be logged.</div> + </td> + </tr> </table> <br/> <br/> <table class="haproxy_primary" width="100%" border="0" cellpadding="6" cellspacing="0"> @@ -569,16 +725,19 @@ $interfaces = haproxy_get_bindable_interfaces(); <td colspan="2" valign="top" class="listtopic">SSL Offloading</td> </tr> <tr align="left"> - <td width="22%" valign="top" class="vncell">Use Offloading</td> <td width="78%" class="vtable" colspan="2"> - <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();" /><strong>Use Offloading</strong> - <br/> SSL Offloading will reduce web servers load by maintaining and encrypting connection with users on internet while sending and retrieving data without encrytion to internal servers. Also more ACL rules and http logging may be configured when this option is used. Certificates can be imported into the <a href="/system_camanager.php" target="_blank">pfSense "Certificate Authority Manager"</a> Please be aware this possibly will not work with all web applications. Some applications will require setting the SSL checkbox on the backend server configurations so the connection to the webserver will also be a encrypted connection, in that case there will be a slight overall performance loss. </td> </tr> + <tr align="left" class="haproxy_secondary" > + <td width="22%" valign="top" class="vncell">Use Offloading</td> + <td width="78%" class="vtable" colspan="2"> + <input id="ssloffload" name="ssloffload" type="checkbox" value="yes" <?php if ($pconfig['ssloffload']=='yes') echo "checked";?> onclick="updatevisibility();" /><strong>Use Offloading</strong> + </td> + </tr> <tr class="haproxy_ssloffloading_enabled" align="left"> <td width="22%" valign="top" class="vncell">Certificate</td> <td width="78%" class="vtable" colspan="2"> @@ -588,7 +747,8 @@ $interfaces = haproxy_get_bindable_interfaces(); <br/> NOTE: choose the cert to use on this frontend. <br/> - <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. + <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. (host header matches 'CN')<br/> + <input id="ssloffloadaclnondefault" name="ssloffloadaclnondefault" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadaclnondefault']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName for nondefault ports. (host header starts with 'CN:') </td> </tr> <tr class="haproxy_ssloffloading_enabled"> @@ -600,7 +760,8 @@ $interfaces = haproxy_get_bindable_interfaces(); haproxy_htmllist("tableA_sslCertificates", $a_certificates, $fields_sslCertificates); ?> <br/> - <input id="ssloffloadacladditional" name="ssloffloadacladditional" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacladditional']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. + <input id="ssloffloadacladditional" name="ssloffloadacladditional" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacladditional']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName. (host header matches 'CN')<br/> + <input id="ssloffloadacladditionalnondefault" name="ssloffloadacladditionalnondefault" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacladditionalnondefault']=='yes') echo "checked";?> onclick="updatevisibility();" />Add ACL for certificate CommonName for nondefault ports. (host header starts with 'CN:') </td> </tr> <tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left"> @@ -612,6 +773,30 @@ $interfaces = haproxy_get_bindable_interfaces(); some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets </td> </tr> + <tr class="haproxy_ssloffloading_enabled haproxy_primary"> + <td class="vncell" colspan="2"><b>Client certificate verification options, leave this empty if you do not want to ask for a client certificate</b><br/> + The users that visit this site will need to load the client cert signed by the ca's listed below imported into their browser.</td> + </tr> + <tr class="haproxy_ssloffloading_enabled haproxy_primary"> + <td width="22%" valign="top" class="vncell">Client verification CA certificates</td> + <td width="78%" class="vtable" colspan="2" valign="top"> + Client certificate will be verified against these CA certificates. + <? + $a_certificates = $pconfig['clientcert_ca']; + haproxy_htmllist("table_clientcert_ca", $a_certificates, $fields_caCertificates); + ?> + </td> + </tr> + <tr class="haproxy_ssloffloading_enabled haproxy_primary"> + <td width="22%" valign="top" class="vncell">Client verification CRL</td> + <td width="78%" class="vtable" colspan="2" valign="top"> + Client certificate will be verified against these CRL revocation lists. + <? + $a_certificates = $pconfig['clientcert_crl']; + haproxy_htmllist("table_clientcert_crl", $a_certificates, $fields_crlCertificates); + ?> + </td> + </tr> <tr> <td> </td> </tr> @@ -641,15 +826,27 @@ $interfaces = haproxy_get_bindable_interfaces(); phparray_to_javascriptarray($primaryfrontends,"primaryfrontends",Array('/*','/*/name','/*/ref','/*/ref/type','/*/ref/ssloffload')); phparray_to_javascriptarray($a_closetypes,"closetypes",Array('/*','/*/name','/*/descr')); phparray_to_javascriptarray($fields_sslCertificates,"fields_sslCertificates",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); + phparray_to_javascriptarray($fields_caCertificates,"fields_ca",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); + phparray_to_javascriptarray($fields_crlCertificates,"fields_crl",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); phparray_to_javascriptarray($fields_aclSelectionList,"fields_acltable",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); + phparray_to_javascriptarray($fields_externalAddress,"fields_extaddr",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); ?> </script> <script type="text/javascript"> totalrows = <?php echo $counter; ?>; - updatevisibility(); - var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; - var oTextbox1 = new AutoSuggestControl(document.getElementById("port"), new StateSuggestions(customarray)); + var port_array = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>; + var address_array = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>; + + + for(i=0;i < <?=count($a_extaddr)?>;i++){ + new AutoSuggestControl(document.getElementById('extaddr_custom'+i), new StateSuggestions(address_array)); + new AutoSuggestControl(document.getElementById('extaddr_port'+i), new StateSuggestions(port_array)); + // Initially set fields disabled where needed + table_extaddr_listitem_change('table_extaddr','',i,null); + } + + updatevisibility(); </script> <?php haproxy_htmllist_js(); diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 49eb4271..5c7f66b9 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -42,10 +42,16 @@ if (!is_array($config['installedpackages']['haproxy']['ha_pools']['item'])) { $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; +$a_files = haproxy_get_fileslist(); + if (isset($_POST['id'])) $id = $_POST['id']; else $id = $_GET['id']; + +$tmp = get_backend_id($id); +if (is_numeric($tmp)) + $id = $tmp; if (isset($_GET['dup'])) $id = $_GET['dup']; @@ -53,57 +59,133 @@ if (isset($_GET['dup'])) global $simplefields; $simplefields = array( "name","balance","transparent_clientip","transparent_interface", -"check_type","checkinter","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport", +"check_type","checkinter","log-health-checks","httpcheck_method","monitor_uri","monitor_httpversion","monitor_username","monitor_domain","monitor_agentport", "agent_check","agent_port","agent_inter", "connection_timeout","server_timeout","retries", "stats_enabled","stats_username","stats_password","stats_uri","stats_scope","stats_realm","stats_admin","stats_node","stats_desc","stats_refresh", "persist_stick_expire","persist_stick_tablesize","persist_stick_length","persist_stick_cookiename","persist_sticky_type", "persist_cookie_enabled","persist_cookie_name","persist_cookie_mode","persist_cookie_cachable", -"strict_transport_security" +"strict_transport_security","cookie_attribute_secure" ); +$primaryfrontends = get_haproxy_frontends(); +$none = array(); +$none['']['name']="Address+Port:"; +$primaryfrontends = $none + $primaryfrontends; + $fields_servers=array(); $fields_servers[0]['name']="status"; $fields_servers[0]['columnheader']="Mode"; $fields_servers[0]['colwidth']="5%"; $fields_servers[0]['type']="select"; -$fields_servers[0]['size']="5"; +$fields_servers[0]['size']="70px"; $fields_servers[0]['items']=&$a_servermodes; $fields_servers[1]['name']="name"; $fields_servers[1]['columnheader']="Name"; $fields_servers[1]['colwidth']="20%"; $fields_servers[1]['type']="textbox"; $fields_servers[1]['size']="30"; -$fields_servers[2]['name']="address"; -$fields_servers[2]['columnheader']="Address"; -$fields_servers[2]['colwidth']="10%"; -$fields_servers[2]['type']="textbox"; -$fields_servers[2]['size']="20"; -$fields_servers[3]['name']="port"; -$fields_servers[3]['columnheader']="Port"; -$fields_servers[3]['colwidth']="5%"; +$fields_servers[2]['name']="forwardto"; +$fields_servers[2]['columnheader']="Forwardto"; +$fields_servers[2]['colwidth']="15%"; +$fields_servers[2]['type']="select"; +$fields_servers[2]['size']="100px"; +$fields_servers[2]['items']=&$primaryfrontends; +$fields_servers[3]['name']="address"; +$fields_servers[3]['columnheader']="Address"; +$fields_servers[3]['colwidth']="10%"; $fields_servers[3]['type']="textbox"; -$fields_servers[3]['size']="5"; -$fields_servers[4]['name']="ssl"; -$fields_servers[4]['columnheader']="SSL"; +$fields_servers[3]['size']="20"; +$fields_servers[4]['name']="port"; +$fields_servers[4]['columnheader']="Port"; $fields_servers[4]['colwidth']="5%"; -$fields_servers[4]['type']="checkbox"; -$fields_servers[4]['size']="30"; -$fields_servers[5]['name']="weight"; -$fields_servers[5]['columnheader']="Weight"; -$fields_servers[5]['colwidth']="8%"; -$fields_servers[5]['type']="textbox"; -$fields_servers[5]['size']="5"; -$fields_servers[6]['name']="cookie"; -$fields_servers[6]['columnheader']="Cookie"; -$fields_servers[6]['colwidth']="10%"; +$fields_servers[4]['type']="textbox"; +$fields_servers[4]['size']="5"; +$fields_servers[5]['name']="ssl"; +$fields_servers[5]['columnheader']="SSL"; +$fields_servers[5]['colwidth']="5%"; +$fields_servers[5]['type']="checkbox"; +$fields_servers[5]['size']="30"; +$fields_servers[6]['name']="weight"; +$fields_servers[6]['columnheader']="Weight"; +$fields_servers[6]['colwidth']="8%"; $fields_servers[6]['type']="textbox"; -$fields_servers[6]['size']="10"; -$fields_servers[7]['name']="advanced"; -$fields_servers[7]['columnheader']="Advanced"; -$fields_servers[7]['colwidth']="15%"; -$fields_servers[7]['type']="textbox"; -$fields_servers[7]['size']="20"; +$fields_servers[6]['size']="5"; + +$listitem_none['']['name']="None"; + +$certs_ca = haproxy_get_certificates('ca'); +$certs_ca = $listitem_none + $certs_ca; +$certs_client = haproxy_get_certificates('server,user'); +$certs_client = $listitem_none + $certs_client; +$certs_crl = haproxy_get_crls(); +$certs_crl = $listitem_none + $certs_crl; + +$fields_servers_details=array(); +$fields_servers_details[0]['name']="sslserververify"; +$fields_servers_details[0]['columnheader']="Check certificate"; +$fields_servers_details[0]['description']="SSL servers only, The server certificate will be verified against the CA and CRL certificate configured below."; +$fields_servers_details[0]['colwidth']="5%"; +$fields_servers_details[0]['type']="checkbox"; +$fields_servers_details[0]['size']="5"; +$fields_servers_details[1]['name']="verifyhost"; +$fields_servers_details[1]['columnheader']="Certificate check CN"; +$fields_servers_details[1]['description']="SSL servers only, when set, must match the hostnames in the subject and subjectAlternateNames of the certificate provided by the server."; +$fields_servers_details[1]['colwidth']="5%"; +$fields_servers_details[1]['type']="textbox"; +$fields_servers_details[1]['size']="50"; +$fields_servers_details[2]['name']="ssl-server-ca"; +$fields_servers_details[2]['columnheader']="CA"; +$fields_servers_details[2]['description']="SSL servers only, Select the CA authority to check the server certificate against."; +$fields_servers_details[2]['colwidth']="15%"; +$fields_servers_details[2]['type']="select"; +$fields_servers_details[2]['size']="200px"; +$fields_servers_details[2]['items']=$certs_ca; +$fields_servers_details[3]['name']="ssl-server-crl"; +$fields_servers_details[3]['columnheader']="CRL"; +$fields_servers_details[3]['description']="SSL servers only, Select the CRL to check revoked certificates."; +$fields_servers_details[3]['colwidth']="15%"; +$fields_servers_details[3]['type']="select"; +$fields_servers_details[3]['size']="200px"; +$fields_servers_details[3]['items']=$certs_crl; +$fields_servers_details[4]['name']="ssl-server-clientcert"; +$fields_servers_details[4]['columnheader']="Client certificate"; +$fields_servers_details[4]['description']="SSL servers only, This certificate will be sent if the server send a client certificate request."; +$fields_servers_details[4]['colwidth']="15%"; +$fields_servers_details[4]['type']="select"; +$fields_servers_details[4]['size']="200px"; +$fields_servers_details[4]['items']=$certs_client; +$fields_servers_details[5]['name']="cookie"; +$fields_servers_details[5]['columnheader']="Cookie"; +$fields_servers_details[5]['description']="Persistence only, Used to identify server when cookie persistence is configured for the backend."; +$fields_servers_details[5]['colwidth']="10%"; +$fields_servers_details[5]['type']="textbox"; +$fields_servers_details[5]['size']="10"; +$fields_servers_details[6]['name']="maxconn"; +$fields_servers_details[6]['columnheader']="Max conn"; +$fields_servers_details[6]['description']="Tuning, If the number of incoming concurrent requests goes higher than this value, they will be queued"; +$fields_servers_details[6]['colwidth']="15%"; +$fields_servers_details[6]['type']="textbox"; +$fields_servers_details[6]['size']="10"; +$fields_servers_details[7]['name']="advanced"; +$fields_servers_details[7]['columnheader']="Advanced"; +$fields_servers_details[7]['description']="Advanced, Allows for adding custom HAProxy settings to the server. These are passed as written, use escaping where needed."; +$fields_servers_details[7]['colwidth']="15%"; +$fields_servers_details[7]['type']="textbox"; +$fields_servers_details[7]['size']="80"; + +$fields_errorfile = array(); +$fields_errorfile[0]['name']="errorcode"; +$fields_errorfile[0]['columnheader']="errorcode(s)"; +$fields_errorfile[0]['colwidth']="15%"; +$fields_errorfile[0]['type']="textbox"; +$fields_errorfile[0]['size']="70px"; +$fields_errorfile[1]['name']="errorfile"; +$fields_errorfile[1]['columnheader']="Error Page"; +$fields_errorfile[1]['colwidth']="30%"; +$fields_errorfile[1]['type']="select"; +$fields_errorfile[1]['size']="170px"; +$fields_errorfile[1]['items']=&$a_files; if (isset($id) && $a_pools[$id]) { $pconfig['advanced'] = base64_decode($a_pools[$id]['advanced']); @@ -112,6 +194,9 @@ if (isset($id) && $a_pools[$id]) { foreach($simplefields as $stat) $pconfig[$stat] = $a_pools[$id][$stat]; + + $a_errorfiles = &$a_pools[$id]['errorfiles']['item']; + if (!is_array($a_errorfiles)) $a_errorfiles = array(); } if (isset($_GET['dup'])) @@ -128,16 +213,17 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['stats_enabled']) { $reqdfields = explode(" ", "name stats_uri"); $reqdfieldsn = explode(",", "Name,Stats Uri"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['stats_username']) { $reqdfields = explode(" ", "stats_password stats_realm"); $reqdfieldsn = explode(",", "Stats Password,Stats Realm"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); } } @@ -172,7 +258,7 @@ if ($_POST) { if (($_POST['name'] == $config['installedpackages']['haproxy']['ha_pools']['item'][$i]['name']) && ($i != $id)) $input_errors[] = "This pool name has already been used. Pool names must be unique."; - $a_servers = haproxy_htmllist_get_values($fields_servers); + $a_servers = haproxy_htmllist_get_values(array_merge($fields_servers,$fields_servers_details)); foreach($a_servers as $server){ $server_name = $server['name']; $server_address = $server['address']; @@ -182,8 +268,14 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $server_name)) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_ipaddr($server_address) && !is_hostname($server_address)) - $input_errors[] = "The field 'Address' is not a valid ip address or hostname."; + if (!isset($server['forwardto']) || $server['forwardto'] == "") { + if (!is_ipaddr($server_address) && !is_hostname($server_address) && !haproxy_is_frontendname($server_address)) + $input_errors[] = "The field 'Address' for server $server_name is not a valid ip address or hostname." . $server_address; + } else { + if ( ($server_address && $server_address != "") || ($server_port && !is_numeric($server_port))) { + $input_errors[] = "'Address' and 'port' should be empty when a 'Forwardto' frontend is chosen other than 'Address+Port'."; + } + } if (!preg_match("/.{2,}/", $server_name)) $input_errors[] = "The field 'Name' is required (and must be at least 2 characters)."; @@ -195,10 +287,12 @@ if ($_POST) { $input_errors[] = "The field 'Port' value is not a number."; } + $a_errorfiles = haproxy_htmllist_get_values($fields_errorfile); + if ($_POST['strict_transport_security'] !== "" && !is_numeric($_POST['strict_transport_security'])) $input_errors[] = "The field 'Strict-Transport-Security' is not empty or a number."; - if (!$input_errors) { +// if (!$input_errors) { $pool = array(); if(isset($id) && $a_pools[$id]) $pool = $a_pools[$id]; @@ -233,7 +327,7 @@ if ($_POST) { } else { $a_pools[] = $pool; } - + if (!isset($input_errors)) { if ($changecount > 0) { touch($d_haproxyconfdirty_path); write_config($changedesc); @@ -250,10 +344,6 @@ if ($_POST) { $pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item']; } -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; - $closehead = false; $pgtitle = "HAProxy: Backend server pool: Edit"; include("head.inc"); @@ -265,6 +355,7 @@ foreach($simplefields as $field){ ?> <style type="text/css"> + .tableA_servers_details_visible{display:none;} .haproxy_stats_visible{display:none;} .haproxy_check_enabled{display:none;} .haproxy_check_http{display:none;} @@ -281,8 +372,14 @@ foreach($simplefields as $field){ </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <script type="text/javascript"> - function htmllist_get_select_options(tableId) { - return "<?=haproxy_js_select_options($a_servermodes);?>"; + function htmllist_get_select_options(tableId, fieldname) { + if (fieldname == 'forwardto') + return "<?=haproxy_js_select_options($primaryfrontends);?>"; + else + if (fieldname == 'errorfile') + return "<?=haproxy_js_select_options($a_files);?>"; + else + return "<?=haproxy_js_select_options($a_servermodes);?>"; } function clearcombo(){ @@ -320,6 +417,7 @@ foreach($simplefields as $field){ function updatevisibility() { d = document; + setCSSdisplay(".tableA_servers_details_visible", server_advanced_options_visible.checked); setCSSdisplay(".haproxy_stats_visible", stats_enabled.checked); setCSSdisplay(".haproxy_cookie_visible", persist_cookie_enabled.checked); @@ -364,10 +462,7 @@ foreach($simplefields as $field){ } </script> <?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></p> -<?php endif; ?> +<?php if (isset($input_errors)) print_input_errors($input_errors); ?> <form action="haproxy_pool_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -390,14 +485,14 @@ foreach($simplefields as $field){ </td> </tr> <tr align="left"> - <td class="vncell" colspan="3"><strong>Server list</strong> + <td class="vncell" colspan="3"><strong>Server list</strong><input id="server_advanced_options_visible" name="server_advanced_options_visible" type='checkbox' onclick="updatevisibility();">Show advanced options(servers need to first be saved to configure these settings)</input> <span style="float:right;"> Toggle serverlist help. <a onclick="toggleCSSdisplay('.haproxy_help_serverlist');" title="<?php echo gettext("Help"); ?>"><img style="vertical-align:middle" src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_help.gif" border="0" alt="help" /></a> </span> <? $counter=0; $a_servers = $pconfig['a_servers']; - haproxy_htmllist("tableA_servers", $a_servers, $fields_servers); + haproxy_htmllist("tableA_servers", $a_servers, $fields_servers, null, $fields_servers_details); ?> <table class="haproxy_help_serverlist" style="border:1px dashed green" cellspacing="0"> <tr><td class="vncell"> @@ -510,10 +605,11 @@ foreach($simplefields as $field){ </div> <br/> Connect transparently to the backend server's so the connection seams to come straight from the client ip address. - For proper workings this requires the reply's traffic to pass through pfSense by means of correct routing. - (uses the option "source 0.0.0.0 usesrc clientip") + To work properly this requires the reply traffic to pass through pfSense by means of correct routing.<br/> + When using IPv6 only routable ip addresses can be used, host names or link-local addresses (FE80) will not work.<br/> + (uses the option "source 0.0.0.0 usesrc clientip" or "source ipv6@ usesrc clientip") <br/><br/> - Note : When this is enabled for a single backend HAProxy will run as 'root' instead of chrooting to a lower privileged user, this reduces security in case of a a bit. + Note : When this is enabled for any backend HAProxy will run as 'root' instead of chrooting to a lower privileged user, this reduces security in case a vulnerability is found. </td> </tr> <tr align="left"> @@ -554,6 +650,15 @@ foreach($simplefields as $field){ <br/>For HTTP/HTTPS defaults to 1000 if left blank. For TCP no check will be performed if left empty. </td> </tr> + <tr align="left" class="haproxy_check_enabled"> + <td width="22%" valign="top" class="vncell">Log checks</td> + <td width="78%" class="vtable" colspan="2"> + <input id="log-health-checks" name="log-health-checks" type="checkbox" value="yes" <?php if ($pconfig['log-health-checks']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + When this option is enabled, any change of the health check status or to the server's health will be logged. + <br/> + By default, failed health check are logged if server is UP and successful health checks are logged if server is DOWN, so the amount of additional information is limited. + </td> + </tr> <tr align="left" class="haproxy_check_http"> <td width="22%" valign="top" class="vncell">Http check method</td> <td width="78%" class="vtable" colspan="2"> @@ -763,6 +868,7 @@ set by the 'retries' parameter.</div> <td width="22%" valign="top" class="vncell">Stats Enabled</td> <td width="78%" class="vtable" colspan="2"> <input id="stats_enabled" name="stats_enabled" type="checkbox" value="yes" <?php if ($pconfig['stats_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Enables the haproxy statistics page (only used on 'http' frontends) </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_uri_row'> @@ -837,12 +943,27 @@ set by the 'retries' parameter.</div> </tr> <tr><td> </td></tr> <tr> + <td colspan="2" valign="top" class="listtopic">Error files</td> + </tr> + <tr class="" align="left" id='errorfiles'> + <td colspan="2" valign="top" class="vtable"> + Use these to replace the error pages that haproxy can generate by custom pages created on the files tab. + For example haproxy will generate a 503 error page when no backend is available, you can replace that page here. + <br/> + <br/> + <? + haproxy_htmllist("table_errorfile", $a_errorfiles, $fields_errorfile); + ?> + </td> + </tr> + <tr><td> </td></tr> + <tr> <td colspan="2" valign="top" class="listtopic">Advanced</td> </tr> <tr class="" align="left" id='Strict-Transport-Security'> <td width="22%" valign="top" class="vncell">Strict-Transport-Security</td> <td width="78%" class="vtable" colspan="2"> - When configured enables "HTTP Strict Transport Security" leave empty to disable.<br/> + When configured enables "HTTP Strict Transport Security" leave empty to disable. (only used on 'http' frontends)<br/> <b>WARNING! the domain will only work over https with a valid certificate!</b><br/> <input id="strict_transport_security" name="strict_transport_security" type="text" <?if(isset($pconfig['strict_transport_security'])) echo "value=\"{$pconfig['strict_transport_security']}\"";?> size="20" /> Seconds<br/> If configured clients that requested the page with this setting active will not be able to visit this domain over a unencrypted http connection. @@ -850,6 +971,14 @@ set by the 'retries' parameter.</div> EXAMPLE: 60 for testing if you are absolutely sure you want this 31536000 (12 months) would be good for production. </td> </tr> + <tr class="" align="left"> + <td width="22%" valign="top" class="vncell">Cookie protection.</td> + <td width="78%" class="vtable" colspan="2"> + <input id="cookie_attribute_secure" name="cookie_attribute_secure" type="checkbox" value="yes" <?php if ($pconfig['cookie_attribute_secure']=='yes') echo "checked"; ?> onclick='updatevisibility();' /> + Set 'secure' attribure on cookies (only used on 'http' frontends)<br/> + This configuration option sets up the Secure attribute on cookies if it has not been setup by the application server while the client was browsing the application over a ciphered connection. + </td> + </tr> <tr><td> </td></tr> <tr align="left"> <td width="22%" valign="top"> </td> @@ -869,9 +998,12 @@ set by the 'retries' parameter.</div> <script type="text/javascript"> <? phparray_to_javascriptarray($fields_servers,"fields_servers",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); + phparray_to_javascriptarray($fields_servers_details,"fields_details_servers",Array('/*','/*/name','/*/type')); + phparray_to_javascriptarray($fields_errorfile,"fields_errorfile",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); phparray_to_javascriptarray($a_checktypes,"checktypes",Array('/*','/*/name','/*/descr')); phparray_to_javascriptarray($a_cookiemode,"cookiemode",Array('/*','/*/name','/*/descr')); phparray_to_javascriptarray($a_sticky_type,"sticky_type",Array('/*','/*/descr','/*/cookiedescr')); + phparray_to_javascriptarray($a_files,"a_files",Array('/*','/*/name','/*/descr')); ?> browser_InnerText_support = (document.getElementsByTagName("body")[0].innerText != undefined) ? true : false; diff --git a/config/haproxy-devel/haproxy_socketinfo.inc b/config/haproxy-devel/haproxy_socketinfo.inc index 6beb17c5..cbfb131b 100644 --- a/config/haproxy-devel/haproxy_socketinfo.inc +++ b/config/haproxy-devel/haproxy_socketinfo.inc @@ -122,6 +122,8 @@ function haproxy_get_clients($show_traffic = false){// "show sess" $clients=array(); $sessions = haproxy_socket_command("show sess"); foreach($sessions as $line) { + if (trim($line) == "") + continue; list($sessid,$proto,$src,$fe,$be,$srv,$ts,$age,$calls,$rq,$rp,$s0,$s1,$exp) = explode(" ", $line); #Retrieve data $sessid = explode(":", $sessid); @@ -149,10 +151,10 @@ function haproxy_get_clients($show_traffic = false){// "show sess" $session_data = haproxy_socket_command("show sess {$client['sessid']}"); $client['session_data'] = $session_data; - $req = explode(" ",$session_data[13]); + $req = explode(" ",$session_data[12]); $x = explode("=",$req[7]); $client['session_datareq'] = $x[1]; - $res = explode(" ",$session_data[16]); + $res = explode(" ",$session_data[15]); $x = explode("=",$res[7]); $client['session_datares'] = $x[1]; } diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php index 10dd136a..302793b6 100644 --- a/config/haproxy-devel/haproxy_stats.php +++ b/config/haproxy-devel/haproxy_stats.php @@ -32,6 +32,10 @@ require_once("haproxy_socketinfo.inc"); $pconfig = $config['installedpackages']['haproxy']; if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && isset($_POST['action']))){ + if (!(isset($pconfig['enable']) && $pconfig['localstatsport'] && is_numeric($pconfig['localstatsport']))){ + print 'In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.'; + return; + } $fail = false; try{ $request = ""; @@ -79,48 +83,6 @@ if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { } $a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; -function haproxy_add_stats_example() { - global $config, $d_haproxyconfdirty_path; - $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; - $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; - $webcert = haproxy_find_create_certificate("HAProxy stats default"); - - $backend = array(); - $backend["name"] = "HAProxy_stats_ssl_backend"; - $backend["stats_enabled"] = "yes"; - $backend["stats_uri"] = "/"; - $backend["stats_refresh"] = "10"; - $a_backends[] = $backend; - $changecount++; - - $frontend = array(); - $frontend["name"] = "HAProxy_stats_ssl_frontend"; - $frontend["status"] = "active"; - $frontend["type"] = "http"; - $frontend["port"] = "444"; - $frontend["extaddr"] = "lan_ipv4"; - $frontend["ssloffload"] = "yes"; - $frontend["ssloffloadcert"] = $webcert['refid']; - $frontend["backend_serverpool"] = $backend["name"]; - $a_frontends[] = $frontend; - $changecount++; - $changedesc = "add new HAProxy stats example"; - - if ($changecount > 0) { - echo "touching: $d_haproxyconfdirty_path"; - touch($d_haproxyconfdirty_path); - write_config($changedesc); - } -} - -if (isset($_GET['add_stats_example'])) { - haproxy_add_stats_example(); - write_config(); - touch($d_haproxyconfdirty_path); - header("Location: haproxy_listeners.php"); - exit; -} - if ($_POST) { if ($_POST['apply']) { $result = haproxy_check_and_run($savemsg, true); @@ -177,31 +139,16 @@ echo "</td>"; <br/> As the page is forwarded through the pfSense gui, this might cause some functionality to not work.<br/> Though the normal haproxy stats page can be tweaked more, and doesn't use a user/pass from pfSense itself.<br/> - Some examples are configurable automatic page refresh,<br/> - only showing certain servers, not providing admin options, and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/> - To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'. - Or create a backend specifically for serving stats, for that you can start with the 'stats example' template below.<br/> + Some examples are configurable automatic page refresh, only showing certain servers, not providing admin options,<br/> + and can be accessed from wherever the associated frontend is accessible.(as long as rules permit access)<br/> + To use this or for simply an example how to use SSL-offloading configure stats on either a real backend while utilizing the 'stats uri'.<br/> + Or create a backend specifically for serving stats, for that you can start with the 'stats example' from the template tab.<br/> </td> </tr> <tr> <td> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic">Stats example template</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Example</td> - <td class="vtable"> - As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> - <a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/> - <br/> - After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a> - </td> - </tr> - <tr> - <td> </td> - </tr> - <tr> <td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td> </tr> <tr> @@ -241,7 +188,7 @@ echo "</td>"; <iframe id="frame_haproxy_stats" width="1000px" height="1500px" seamless=1 src="/haproxy_stats.php?haproxystats=1<?=$request;?>"></iframe> <? } else { ?> <br/> - In the "Settings" configure a internal stats port and enable haproxy for this to be functional.<br/> + In the "Settings" configure a internal stats port and enable haproxy for this to be functional. Also make sure the service is running.<br/> <br/> <? } ?> <?}?> diff --git a/config/haproxy-devel/haproxy_templates.php b/config/haproxy-devel/haproxy_templates.php new file mode 100644 index 00000000..478c83a3 --- /dev/null +++ b/config/haproxy-devel/haproxy_templates.php @@ -0,0 +1,220 @@ +<?php +/* + haproxy_templates.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2014 PiBa-NL + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("authgui.inc"); +require_once("config.inc"); + +$pconfig = $config['installedpackages']['haproxy']; +require_once("guiconfig.inc"); +$shortcut_section = "haproxy"; +require_once("haproxy.inc"); +require_once("certs.inc"); +require_once("haproxy_utils.inc"); +require_once("pkg_haproxy_tabs.inc"); + +if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) { + $config['installedpackages']['haproxy']['ha_backends']['item'] = array(); +} +$a_frontend = &$config['installedpackages']['haproxy']['ha_backends']['item']; + +function haproxy_add_stats_example() { + global $config, $d_haproxyconfdirty_path; + $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; + $webcert = haproxy_find_create_certificate("HAProxy stats default"); + + $backend = array(); + $backend["name"] = "HAProxy_stats_ssl_backend"; + $backend["stats_enabled"] = "yes"; + $backend["stats_uri"] = "/"; + $backend["stats_refresh"] = "10"; + $a_backends[] = $backend; + $changecount++; + + $frontend = array(); + $frontend["name"] = "HAProxy_stats_ssl_frontend"; + $frontend["status"] = "active"; + $frontend["type"] = "http"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr"] = "lan_ipv4"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_port"] = "444"; + $frontend["a_extaddr"]["item"]["stats_name"]["extaddr_ssl"] = "yes"; + $frontend["ssloffloadcert"] = $webcert['refid']; + $frontend["backend_serverpool"] = $backend["name"]; + $a_frontends[] = $frontend; + $changecount++; + $changedesc = "add new HAProxy stats example"; + + if ($changecount > 0) { + header("Location: haproxy_listeners.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +function template_errorfile() { + global $config, $d_haproxyconfdirty_path, $savemsg; + + $a_files = &$config['installedpackages']['haproxy']['files']['item']; + if (!is_array($a_files)) $a_files = array(); + + $a_files_cache = haproxy_get_fileslist(); + if (!isset($a_files_cache["ExampleErrorfile"])) { + $errorfile = <<<EOD +HTTP/1.0 503 Service Unavailable +Cache-Control: no-cache +Connection: close +Content-Type: text/html + +<html> + <head> + <title>Sorry the webserver you are trying to contact is currently not available.</title> + </head> + <body style="font-family:Arial,Helvetica,sans-serif;"> + <div style="margin: 0 auto; width: 960px;"> + <h2>Sorry the webserver you are trying to contact is currently not available.</h2> + </div> +The error returned is [<i>{errorcode} {errormsg}</i>] please try again later. + </body> +</html> +EOD; + $newfile = array(); + $newfile['name'] = "ExampleErrorfile"; + $newfile['content'] = base64_encode($errorfile); + $a_files[] = $newfile; + $changecount++; + $changedesc = "Errorfile added from template"; + } else { + $savemsg = "File 'ExampleErrorfile' is already configured on the Files tab."; + } + + if ($changecount > 0) { + header("Location: haproxy_files.php"); + echo "touching: $d_haproxyconfdirty_path"; + touch($d_haproxyconfdirty_path); + write_config($changedesc); + exit; + } +} + +if (isset($_GET['add_stats_example'])) { + $templateid = $_GET['add_stats_example']; + switch ($templateid) { + case "1": + haproxy_add_stats_example(); + break; + case "2": + template_errorfile(); + break; + } +} + +if ($_POST) { + if ($_POST['apply']) { + $result = haproxy_check_and_run($savemsg, true); + if ($result) + unlink_if_exists($d_haproxyconfdirty_path); + } +} + +$pgtitle = "Services: HAProxy: Templates"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="haproxy_templates.php" method="post"> +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php endif; ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (file_exists($d_haproxyconfdirty_path)): ?> +<?php print_info_box_np("The haproxy configuration has been changed.<br/>You must apply the changes in order for them to take effect.");?><br/> +<?php endif; ?> +</form> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> + <?php + haproxy_display_top_tabs_active($haproxy_tab_array['haproxy'], "templates"); + ?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" height="100%" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Templates</td> + </tr> + <tr> + <td colspan="2">This page contains some templates that can be added into the haproxy configuration to possible ways to configure haproxy using this the webgui from this package.</td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Stats SSL frontent+backend</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <a href="haproxy_templates.php?add_stats_example=1">Create configuration</a> + </td> + <td class="vtable"> + As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> + TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl<br/> + <br/> + After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?=get_interface_ip("lan");?>:444">https://pfSense-LAN-ip:444/</a> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Errorfile</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <a href="haproxy_templates.php?add_stats_example=2">Create configuration</a> + </td> + <td class="vtable"> + As an basic example of an errorfile with name 'ExampleErrorfile' will be added if it does not exist. + This file can then be used in the 'Error files' in the backend settings. + </td> + </tr> + <tr> + <td> </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc index 03bd434f..08906bb0 100644 --- a/config/haproxy-devel/haproxy_utils.inc +++ b/config/haproxy-devel/haproxy_utils.inc @@ -33,6 +33,39 @@ require_once("config.inc"); +class haproxy_utils { + public static $pf_version; +} +haproxy_utils::$pf_version = substr(trim(file_get_contents("/etc/version")),0,3); + +if(!function_exists('ifset')){ + function ifset(&$var, $default = ''){ + return isset($var) ? $var : $default; + }; +} + +if(!function_exists('is_arrayset')){ + function is_arrayset(&$array, $items){ + if (!isset($array)) + return false; + $item = $array; + $arg = func_get_args(); + for($i = 1; $i < count($arg); $i++) { + + $itemindex = $arg[$i]; + if (!isset($item[$itemindex]) || !is_array($item[$itemindex])) + return false; + $item = $item[$itemindex]; + + } + return true; + } +} + +function haproxy_compareByName($a, $b) { + return strcasecmp($a['name'], $b['name']); +} + function haproxy_interface_ip($interfacebindname,$userfriendly=false){ $list = haproxy_get_bindable_interfaces(); $item = $list[$interfacebindname]; @@ -203,20 +236,11 @@ function haproxy_cert_signed_by($cert, $signedbycert) { return $authoritykeyid == $subjectid; } -function haproxy_get_certificates(){ - global $config; - $allcerts = array(); - foreach($config['cert'] as &$cert) - $allcerts[] = &$cert; - foreach($config['ca'] as &$cert) - $allcerts[] = &$cert; - return $allcerts; -} function haproxy_recalculate_certifcate_chain(){ // and set "selfsigned" for certificates that where used to sign themselves // recalculate the "caref" for all certificates where it is currently unkown. - $allcertificates = haproxy_get_certificates(); + $allcertificates = haproxy_get_certificates('ca,server,user',true); $items_recalculated = 0; foreach($allcertificates as &$cert){ $recalculate=false; @@ -251,7 +275,7 @@ function get_certificat_usage($refid) { $usage = array(); $cert = lookup_cert($refid); if (is_cert_revoked($cert)) - $usage[] = "Revoked"; + $usage[] = "*Revoked"; if (is_webgui_cert($refid)) $usage[] = "webConfigurator"; if (is_user_cert($refid)) @@ -260,56 +284,87 @@ function get_certificat_usage($refid) { $usage[] = "OpenVPN Server"; if (is_openvpn_client_cert($refid)) $usage[] = "OpenVPN Client"; - if (is_ipsec_cert($cert['refid'])) + if (is_ipsec_cert($refid)) $usage[] = "IPsec Tunnel"; if (function_exists("is_captiveportal_cert")) if (is_captiveportal_cert($refid)) $usage[] = "Captive Portal"; - return $usage; } -function get_certificates_server($get_includeWebCert=false) { + +function haproxy_get_certificate_descriptivename($cert) { + $usage = get_certificat_usage($cert['crt']); + foreach($usage as $use){ + $usagestr .= " " . $use; + } + if ($usagestr != "") + $usagestr = " (".trim($usagestr).")"; + + $purpose = cert_get_purpose($cert['crt']); + $certserverpurpose = $purpose['server'] == 'Yes' ? " [Server cert]" : ""; + + $caname = ""; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + + return $cert['descr'] . $caname . $certserverpurpose . $usagestr; +} + +function haproxy_get_certificates($type = 'server,user', $get_includeWebCert=false) { + // $type one or multiple of these separated by a comma: ca,server,user + // $get_includeWebCert if the webgui certificate may be included. + // This function (is intended to) provide a uniform way to retrieve a list of server certificates global $config; - $certificates=array(); - $a_cert = &$config['cert']; - foreach ($a_cert as $cert) - { - if ($get_ca == false && is_webgui_cert($cert['refid'])) - continue; + $type = ",$type,"; + $certificates = array(); + if (strpos($type,',server,') !== false || strpos($type,',user,') !== false ) { + if (is_array($config['cert'])) { + $a_cert = &$config['cert']; + foreach ($a_cert as $cert) { + $purpose = cert_get_purpose($cert['crt']); + + $ok = false; + $ok |= stristr($type,',server,') && $purpose['server'] == 'Yes'; + $ok |= stristr($type,',user,') && $purpose['server'] != 'Yes'; + if (!$ok) + continue; + if ($get_includeWebCert == false && is_webgui_cert($cert['refid'])) + continue; + $certificates[$cert['refid']]['name'] = haproxy_get_certificate_descriptivename($cert); + } + } + } + if (strpos($type,',ca,') !== false) { + if (is_array($config['ca'])) { + $a_cert = &$config['ca']; + foreach ($a_cert as $cert) { + $certificates[$cert['refid']]['name'] = haproxy_get_certificate_descriptivename($cert); + } + } + } + uasort($certificates, haproxy_compareByName); + return $certificates; +} - $purpose = cert_get_purpose($cert['crt']); - //$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : ""; - $certserverpurpose = ""; - - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; - - $usagestr=""; - $usage = get_certificat_usage($cert['refid']); - foreach($usage as $use){ - $usagestr .= " " . $use; - } - if ($usagestr != "") - $usagestr = " (".trim($usagestr).")"; +function haproxy_get_crls() { + global $config; + $certificates=array(); + if (is_array($config['crl'])) { + foreach ($config['crl'] as $crl) { + $caname = ""; + $ca = lookup_ca($crl['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; - $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr; + $certificates[$crl['refid']]['name'] = $crl['descr'] . $caname; + } } + uasort($certificates, haproxy_compareByName); return $certificates; } - function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { $offset = str_repeat(' ',$nestID); $itemName = "item$nestID"; diff --git a/config/haproxy-devel/pkg_haproxy_tabs.inc b/config/haproxy-devel/pkg_haproxy_tabs.inc index 8cb280f8..a74ee20a 100644 --- a/config/haproxy-devel/pkg_haproxy_tabs.inc +++ b/config/haproxy-devel/pkg_haproxy_tabs.inc @@ -12,7 +12,10 @@ $haproxy_tab_array['haproxy'] = array(); $haproxy_tab_array['haproxy']['settings'] = Array(name => "Settings", url => "haproxy_global.php"); $haproxy_tab_array['haproxy']['frontend'] = Array(name => "Frontend", url => "haproxy_listeners.php"); $haproxy_tab_array['haproxy']['backend'] = Array(name => "Backend", url => "haproxy_pools.php"); +$haproxy_tab_array['haproxy']['files'] = Array(name => "Files", url => "haproxy_files.php"); $haproxy_tab_array['haproxy']['stats'] = Array(name => "Stats", url => "haproxy_stats.php"); +$haproxy_tab_array['haproxy']['statsfs'] = Array(name => "Stats FS", url => "haproxy_stats.php?haproxystats=1"); +$haproxy_tab_array['haproxy']['templates'] = Array(name => "Templates", url => "haproxy_templates.php"); function haproxy_display_top_tabs_active($top_tabs, $activetab) { $tab_array = array(); diff --git a/config/haproxy-legacy/haproxy_frontends_edit.php b/config/haproxy-legacy/haproxy_frontends_edit.php index db1c71be..b32cb762 100755 --- a/config/haproxy-legacy/haproxy_frontends_edit.php +++ b/config/haproxy-legacy/haproxy_frontends_edit.php @@ -96,12 +96,19 @@ if ($_POST) { $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); $reqdfields = explode(" ", "name type port max_connections client_timeout"); $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy-legacy/haproxy_global.php b/config/haproxy-legacy/haproxy_global.php index 509fdfe2..4ea03c75 100755 --- a/config/haproxy-legacy/haproxy_global.php +++ b/config/haproxy-legacy/haproxy_global.php @@ -57,7 +57,11 @@ if ($_POST) { $reqdfieldsn = explode(",", "Maximum connections"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; diff --git a/config/haproxy-legacy/haproxy_servers_edit.php b/config/haproxy-legacy/haproxy_servers_edit.php index 86431992..843ecca5 100755 --- a/config/haproxy-legacy/haproxy_servers_edit.php +++ b/config/haproxy-legacy/haproxy_servers_edit.php @@ -70,7 +70,11 @@ if ($_POST) { $reqdfields = explode(" ", "name address weight"); $reqdfieldsn = explode(",", "Name,Address,Weight"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy-stable/haproxy_global.php b/config/haproxy-stable/haproxy_global.php index c8b05d52..47c8d1ec 100755 --- a/config/haproxy-stable/haproxy_global.php +++ b/config/haproxy-stable/haproxy_global.php @@ -56,7 +56,11 @@ if ($_POST) { $reqdfieldsn = explode(",", "Maximum connections"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; diff --git a/config/haproxy-stable/haproxy_listeners_edit.php b/config/haproxy-stable/haproxy_listeners_edit.php index e9c6187c..3c698d4e 100755 --- a/config/haproxy-stable/haproxy_listeners_edit.php +++ b/config/haproxy-stable/haproxy_listeners_edit.php @@ -113,12 +113,20 @@ if ($_POST) { $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); $reqdfields = explode(" ", "name type port max_connections client_timeout"); $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy-stable/haproxy_pool_edit.php b/config/haproxy-stable/haproxy_pool_edit.php index 1e9958eb..51eb4e28 100755 --- a/config/haproxy-stable/haproxy_pool_edit.php +++ b/config/haproxy-stable/haproxy_pool_edit.php @@ -72,7 +72,11 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php index 16f5152d..40b5cd90 100755 --- a/config/haproxy/haproxy_global.php +++ b/config/haproxy/haproxy_global.php @@ -59,7 +59,11 @@ if ($_POST) { if ($_POST['carpdev'] == "disabled") unset($_POST['carpdev']); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; diff --git a/config/haproxy/haproxy_listeners_edit.php b/config/haproxy/haproxy_listeners_edit.php index 2b71c7ea..be45fd8b 100755 --- a/config/haproxy/haproxy_listeners_edit.php +++ b/config/haproxy/haproxy_listeners_edit.php @@ -113,12 +113,19 @@ if ($_POST) { $reqdfieldsn = explode(",", "Name,Connection timeout,Server timeout"); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); $reqdfields = explode(" ", "name type port max_connections client_timeout"); $reqdfieldsn = explode(",", "Name,Type,Port,Max connections,Client timeout"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/haproxy/haproxy_pool_edit.php b/config/haproxy/haproxy_pool_edit.php index 4da508f2..6feab2ff 100755 --- a/config/haproxy/haproxy_pool_edit.php +++ b/config/haproxy/haproxy_pool_edit.php @@ -71,7 +71,11 @@ if ($_POST) { $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; diff --git a/config/havp/antivirus.php b/config/havp/antivirus.php index 0d8cda1d..0d66a6b3 100644 --- a/config/havp/antivirus.php +++ b/config/havp/antivirus.php @@ -176,6 +176,11 @@ if ($_POST['startupdate'] != '') { # else echo "No 'start_antivirus_scanner' function found."; } +/* Clear havp access log */ +if ($_POST['clearlog_x'] != '') { + file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); +} + # ------------------------------------------------------------------------------ ?> @@ -199,6 +204,7 @@ if (pfsense_version_A() == '1') { $tab_array[] = array(gettext("General page"), true, "antivirus.php"); $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); + $tab_array[] = array(gettext("Log"), false, "havp_log.php"); display_top_tabs($tab_array); ?> @@ -356,7 +362,7 @@ if (pfsense_version_A() == '1') { } else echo "<tr><td $stl>Not found</td></tr>"; ?> - <tr class="listr"><td class="listr" colspan="4"><?php echo get_av_statistic(); ?></td></tr> + <tr class="listr"><td class="listr" colspan="4"><?php echo get_av_statistic(); ?><?php echo "<div style='float:right;'><input title='Clear antivirus log' name='clearlog' type='image' value='havp' border=0 src='./themes/".$g['theme']."/images/icons/icon_x.gif'>"; ?><font size="-1"> Clear log</font></div></td></tr> </tbody></table> </td> </tr> diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 29a109ba..8118f695 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -48,7 +48,7 @@ if(!function_exists("filter_configure")) define('HV_DEBUG', 'false'); # use Clamd daemon (another - use libclam) -define('HV_USE_CLAMD', 'true'); +# define('HV_USE_CLAMD', 'true'); define('HV_CLAMD_TCPSOCKET', 'true'); # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -151,6 +151,7 @@ define('HV_SCANTEMPFILE', 'hv_scan_tempfile'); # XML fields # ------------------------------------------------------------------------------ define('F_ENABLE', 'enable'); +define('F_USECLAMD', 'useclamd'); define('F_PROXYMODE', 'proxymode'); define('F_PROXYINTERFACE', 'proxyinterface'); define('F_PROXYBINDIFACE', 'proxybindiface'); # internal var @@ -234,11 +235,11 @@ function havp_deinstall() # ============================================================================== # before form # ------------------------------------------------------------------------------ -function havp_before_form($pkg) +function havp_before_form(&$pkg) { } # ------------------------------------------------------------------------------ -function havp_fscan_before_form($pkg) +function havp_fscan_before_form(&$pkg) { if(is_array($pkg['fields']['field'])) { foreach($pkg['fields']['field'] as $key => $field) { @@ -252,7 +253,7 @@ function havp_fscan_before_form($pkg) # ------------------------------------------------------------------------------ # validation # ------------------------------------------------------------------------------ -function havp_validate_settings($post, $input_errors) +function havp_validate_settings($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; @@ -515,6 +516,8 @@ function havp_convert_pfxml_xml() # === GUI Fields === $havp_config[F_ENABLE] = ( $pfconf[F_ENABLE] === 'on' ? 'true' : 'false' ); + # ClamAV mode + $havp_config[F_USECLAMD] = $pfconf[F_USECLAMD]; # proxy $havp_config[F_PROXYMODE] = ( !empty($pfconf[F_PROXYMODE]) ? $pfconf[F_PROXYMODE] : 'standard' ); # ToDo: add check squid transparent @@ -710,9 +713,9 @@ function havp_config_havp() $conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}"; # $conf[] = "\n# ClamAV Library Scanner (libclamav) "; - $conf[] = "ENABLECLAMLIB " . (HV_USE_CLAMD !== 'true' ? "true" : "false"); + $conf[] = "ENABLECLAMLIB " . ($havp_config[F_USECLAMD] !== 'true' ? "true" : "false"); # use clamd, if configured - if (HV_USE_CLAMD === 'true') { + if ($havp_config[F_USECLAMD] === 'true') { $conf[] = "\n# Clamd scanner (Clam daemon)"; $conf[] = "ENABLECLAMD true"; # clamd socket @@ -1342,7 +1345,7 @@ function havp_startup_script() $s[] = "\t# start"; $s[] = "\tif [ -z \"`{$havpchk}`\" ];then"; - if (HV_USE_CLAMD === 'true') { + if ($havp_config[F_USECLAMD] === 'true') { $clampid_dir = HVDEF_CLAM_RUNDIR; $s[] = "\t\t# start clamd before (to be sure)"; $s[] = "\t\t" . HVDEF_CLAM_STARTUP_SCRIPT . " start"; @@ -1563,7 +1566,7 @@ function start_antivirus_scanner($filename) $param[] = "--max-dir-recursion=255"; # Maximum directory recursion level $param = implode(" ", $param); - if (HV_USE_CLAMD === 'true') + if ($havp_config[F_USECLAMD] === 'true') $param = "clamdscan $param $filename"; # use clamd daemon (more quickly) else $param = "clamscan $param $filename"; @@ -1702,7 +1705,7 @@ function havp_get_av_viruslog() $log = explode("\n", $log); $count = 0; foreach($log as $ln) { - if (substr_count(strtolower($ln), "virus clamd:")) + if (substr_count(strtolower($ln), "virus clam")) $s[] = $ln; } } @@ -1716,7 +1719,7 @@ function havp_get_av_statistic() if (file_exists(HVDEF_HAVP_ACCESSLOG)) { $log = file_get_contents(HVDEF_HAVP_ACCESSLOG); - $count = substr_count(strtolower($log), "virus clamd:"); + $count = substr_count(strtolower($log), "virus clam"); $s = "Found $count viruses (total)."; } diff --git a/config/havp/havp.xml b/config/havp/havp.xml index 1e50eb5e..51356862 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -3,7 +3,7 @@ <name>havp</name> <title>Antivirus: HTTP proxy (havp + clamav)</title> <category>Status</category> - <version>0.88_03</version> + <version>1.02</version> <include_file>/usr/local/pkg/havp.inc</include_file> <menu> <name>Antivirus</name> @@ -55,6 +55,10 @@ <text>Settings</text> <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> </tab> + <tab> + <text>Log</text> + <url>/havp_log.php</url> + </tab> </tabs> <fields> <field> @@ -64,6 +68,21 @@ <type>checkbox</type> </field> <field> + <fielddescr>ClamAV mode</fielddescr> + <fieldname>useclamd</fieldname> + <description> + Select ClamAV running mode:<br> + <b>Daemon</b> - HAVP will use ClamAV as socket scanner daemon. Default option.<br> + <b>Library</b> - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.<br> + </description> + <type>select</type> + <default_value>true</default_value> + <options> + <option><value>true</value><name>Daemon</name></option> + <option><value>false</value><name>Library</name></option> + </options> + </field> + <field> <fielddescr>Proxy mode</fielddescr> <fieldname>proxymode</fieldname> <description> @@ -288,10 +307,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_resync(); @@ -302,4 +321,4 @@ <custom_php_deinstall_command> havp_deinstall(); </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml index 3cea9b76..1b0d5c5d 100644 --- a/config/havp/havp_avset.xml +++ b/config/havp/havp_avset.xml @@ -23,6 +23,10 @@ <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> <active/> </tab> + <tab> + <text>Log</text> + <url>/havp_log.php</url> + </tab> </tabs> <fields> <field> @@ -92,10 +96,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_avset_resync(); @@ -104,4 +108,4 @@ </custom_php_install_command> <custom_php_deinstall_command> </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml index 1f0ca8dc..91dce25c 100644 --- a/config/havp/havp_fscan.xml +++ b/config/havp/havp_fscan.xml @@ -36,10 +36,10 @@ </field> </fields> <custom_php_command_before_form> - havp_fscan_before_form(&$pkg); + havp_fscan_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> </custom_php_resync_config_command> diff --git a/config/havp/havp_log.php b/config/havp/havp_log.php new file mode 100644 index 00000000..60c02fbf --- /dev/null +++ b/config/havp/havp_log.php @@ -0,0 +1,105 @@ +<?php +/* $Id$ */ +/* + havp_log.php + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (file_exists("/usr/local/pkg/havp.inc")) + require_once("/usr/local/pkg/havp.inc"); +else echo "No havp.inc found"; + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) + file_put_contents(HVDEF_HAVP_ERRORLOG, ''); + +function dump_havp_errorlog($logfile, $tail) { + global $g, $config; + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + $logarr = ""; + $grepline = " "; + if (is_dir($logfile)) { + $logarr = array("File $logfile is a directory."); + } elseif(file_exists($logfile) && filesize($logfile) == 0) { + $logarr = array(" ... Log file is empty."); + } else { + exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); + } + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 3); + echo "<tr valign=\"top\">\n"; + $entry_date_time = htmlspecialchars($logent[0] . " " . $logent[1]); + $entry_text = htmlspecialchars($logent[2]); + echo "<td class=\"listlr nowrap\" width=\"130\">{$entry_date_time}</td>\n"; + echo "<td class=\"listr\">{$entry_text}</td>\n"; + echo "</tr>\n"; + } +} + +$pgtitle = "Antivirus: HAVP log"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("General page"), false, "antivirus.php"); + $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); + $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); + $tab_array[] = array(gettext("Log"), true, "havp_log.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td colspan="2" class="listtopic"> + <?php printf(gettext("Last %s HAVP log entries"), $nentries);?></td> + </tr> + <?php dump_havp_errorlog(HVDEF_HAVP_ERRORLOG, $nentries); ?> + <tr><td><br/> + <form action="havp_log.php" method="post"> + <input name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log"); ?>" /></form></td></tr> + </table> + </div> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc index 7ade2e68..89fbda2b 100644 --- a/config/imspector/imspector.inc +++ b/config/imspector/imspector.inc @@ -35,9 +35,8 @@ require_once("service-utils.inc"); /* IMSpector */ - define('IMSPECTOR_RCFILE', '/usr/local/etc/rc.d/imspector.sh'); - define('IMSPECTOR_ETC', '/usr/local/etc/imspector'); + define('IMSPECTOR_ETC', "/usr/pbi/imspector-" . php_uname("m") . "/local/etc/imspector"); define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf'); function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); } @@ -91,7 +90,7 @@ } } - function validate_form_imspector($post, $input_errors) { + function validate_form_imspector($post, &$input_errors) { if($post['iface_array']) foreach($post['iface_array'] as $iface) if($iface == 'wanx') @@ -543,4 +542,4 @@ function imspector_do_xmlrpc_sync($sync_to_ip, $password) { } } -?> +?>
\ No newline at end of file diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml index fad8d656..11d5e7ad 100644 --- a/config/imspector/imspector.xml +++ b/config/imspector/imspector.xml @@ -43,7 +43,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>imspector</name> - <version>20111108</version> + <version>20111108_1 pkg v 0.3.2</version> <title>Services: IMSpector</title> <savetext>Save</savetext> <include_file>/usr/local/pkg/imspector.inc</include_file> @@ -239,7 +239,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_imspector($_POST, &$input_errors); + validate_form_imspector($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_imspector(); diff --git a/config/imspector/imspector_acls.xml b/config/imspector/imspector_acls.xml index a8aeecc9..79feb64e 100644 --- a/config/imspector/imspector_acls.xml +++ b/config/imspector/imspector_acls.xml @@ -161,7 +161,7 @@ </fields> <custom_php_validation_command> - validate_form_imspector($_POST, &$input_errors); + validate_form_imspector($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_imspector(); diff --git a/config/imspector/imspector_replacements.xml b/config/imspector/imspector_replacements.xml index 7f53bbd4..65e3d078 100644 --- a/config/imspector/imspector_replacements.xml +++ b/config/imspector/imspector_replacements.xml @@ -175,7 +175,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_imspector($_POST, &$input_errors); + validate_form_imspector($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_imspector(); diff --git a/config/iperf.xml b/config/iperf.xml index f64500d9..3b17f549 100644 --- a/config/iperf.xml +++ b/config/iperf.xml @@ -150,13 +150,12 @@ $iperf_options = ""; if($_POST['protocol'] == "udp") $iperf_options .= " -u"; if($_POST['format'] == "bytes") $iperf_options .= " -f A"; - if($_POST['interval'] != "") $iperf_options .= " -i {$_POST['interval']}"; - if($_POST['length'] != "") $iperf_options .= " -l {$_POST['length']}"; - if($_POST['window'] != "") $iperf_options .= " -w {$_POST['window']}"; - if($_POST['udpbandwidth'] != "") $iperf_options .= " -b {$_POST['udpbandwidth']}"; - if($_POST['port'] != "") $iperf_options .= " -p {$_POST['port']}"; - $iperf_options .= " -c {$_POST['hostname']}"; + if($_POST['interval'] != "") $iperf_options .= " -i " . escapeshellarg($_POST['interval']); + if($_POST['length'] != "") $iperf_options .= " -l " . escapeshellarg($_POST['length']); + if($_POST['window'] != "") $iperf_options .= " -w " . escapeshellarg($_POST['window']); + if($_POST['udpbandwidth'] != "") $iperf_options .= " -b " . escapeshellarg($_POST['udpbandwidth']); + if($_POST['port'] != "") $iperf_options .= " -p " . escapeshellarg($_POST['port']); + $iperf_options .= " -c " . escapeshellarg($_POST['hostname']); system("/usr/local/bin/iperf" . $iperf_options); </custom_add_php_command> -</packagegui> - +</packagegui>
\ No newline at end of file diff --git a/config/iperfserver.xml b/config/iperfserver.xml index 493c41c8..f0dc074a 100644 --- a/config/iperfserver.xml +++ b/config/iperfserver.xml @@ -130,10 +130,10 @@ $iperf_options = ""; if($_POST['protocol'] == "udp") $iperf_options .= " -u"; if($_POST['format'] == "bytes") $iperf_options .= " -f A"; - if($_POST['interval'] != "") $iperf_options .= " -i {$_POST['interval']}"; - if($_POST['length'] != "") $iperf_options .= " -l {$_POST['length']}"; - if($_POST['window'] != "") $iperf_options .= " -w {$_POST['window']}"; - if($_POST['port'] != "") $iperf_options .= " -p {$_POST['port']}"; + if($_POST['interval'] != "") $iperf_options .= " -i " . escapeshellarg($_POST['interval']); + if($_POST['length'] != "") $iperf_options .= " -l " . escapeshellarg($_POST['length']); + if($_POST['window'] != "") $iperf_options .= " -w " . escapeshellarg($_POST['window']); + if($_POST['port'] != "") $iperf_options .= " -p " . escapeshellarg($_POST['port']); $iperf_options .= " -s"; mwexec_bg("/usr/local/bin/iperf" . $iperf_options); </custom_add_php_command> diff --git a/config/ladvd/ladvd.xml b/config/ladvd/ladvd.xml index 50f9b568..0367a19a 100644 --- a/config/ladvd/ladvd.xml +++ b/config/ladvd/ladvd.xml @@ -35,7 +35,7 @@ <version>1.0.2</version> <category>Network Management</category> <title>Services: LADVD</title> - <savetext>ladvd</savetext> + <savetext>Save</savetext> <include_file>/usr/local/pkg/ladvd.inc</include_file> <aftersaveredirect>/pkg_edit.php?xml=ladvd.xml&id=0</aftersaveredirect> <additional_files_needed> diff --git a/config/lcdproc-dev/lcdproc.inc b/config/lcdproc-dev/lcdproc.inc index 8b3ce28f..73827721 100644 --- a/config/lcdproc-dev/lcdproc.inc +++ b/config/lcdproc-dev/lcdproc.inc @@ -58,17 +58,17 @@ fclose($handle); chmod($file, 0755); } - function before_form_lcdproc($pkg) { + function before_form_lcdproc(&$pkg) { global $config; config_lock(); config_unlock(); } - function before_form_lcdproc_screens($pkg) { + function before_form_lcdproc_screens(&$pkg) { global $config; config_lock(); config_unlock(); } - function validate_form_lcdproc($post, $input_errors) { + function validate_form_lcdproc($post, &$input_errors) { if($post['comport']) { switch($post['comport']) { case "none": @@ -126,7 +126,7 @@ } } } - function validate_form_lcdproc_screens($post, $input_errors) { + function validate_form_lcdproc_screens($post, &$input_errors) { // No validation required ?! } function sync_package_lcdproc_screens() { @@ -308,7 +308,8 @@ $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "driverpath=/usr/local/lib/lcdproc/\n"; $config_text .= "ConnectionType={$lcdproc_config['connection_type']}\n"; - $config_text .= "Device={$realport}\n"; + if($lcdproc_config['comport'] != "none") + $config_text .= "Device={$realport}\n"; $config_text .= "Port=0x378\n"; $config_text .= "Speed=0\n"; $config_text .= "Keypad=yes\n"; @@ -502,7 +503,7 @@ EOD; restart_service(LCDPROC_SERVICE_NAME); } } - if((! $lcdproc_config['driver']) || ($lcdproc_config['comport'] == "none")) { + if((! $lcdproc_config['driver']) || (! $lcdproc_config['comport'])) { /* no parameters user does not want lcdproc running */ /* lets stop the service and remove the rc file */ if(file_exists(LCDPROC_RCFILE)) { diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index cf816d53..588b898b 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> - <title>Services: LCDproc 0.5.6 pkg v. 0.9.7</title> + <title>Services: LCDproc 0.5.6 pkg v. 0.9.9</title> <name>lcdproc</name> - <version>0.5.6 pkg v. 0.9.7</version> + <version>0.5.6 pkg v. 0.9.9</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> @@ -658,10 +658,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_lcdproc(&$pkg); + before_form_lcdproc($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_lcdproc($_POST, &$input_errors); + validate_form_lcdproc($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_lcdproc(); diff --git a/config/lcdproc-dev/lcdproc_client.php b/config/lcdproc-dev/lcdproc_client.php index 3337052c..922ed14e 100644 --- a/config/lcdproc-dev/lcdproc_client.php +++ b/config/lcdproc-dev/lcdproc_client.php @@ -513,6 +513,7 @@ 1 = All gateway up */ global $g; global $config; + $a_gateways = return_gateways_array(); $gateways_status = array(); $gateways_status = return_gateways_status(true); foreach ($a_gateways as $gname => $gateway) @@ -553,11 +554,11 @@ /* format speed in bits/sec, input: bytes/sec Code from: graph.php ported to PHP*/ if ($speed < 125000) - {return sprintf("%3d.1 Kbps", $speed / 125);} + {return sprintf("%5.1f Kbps", $speed / 125);} if ($speed < 125000000) - {return sprintf("%3d.1 Mbps", $speed / 125000);} + {return sprintf("%5.1f Mbps", $speed / 125000);} // else - return sprintf("%3d.1 Gbps", $speed / 125000000); + return sprintf("%5.1f Gbps", $speed / 125000000); } function add_summary_declaration(&$lcd_cmds, $name) { diff --git a/config/lcdproc-dev/lcdproc_screens.xml b/config/lcdproc-dev/lcdproc_screens.xml index f7c70086..9f4a8e2e 100644 --- a/config/lcdproc-dev/lcdproc_screens.xml +++ b/config/lcdproc-dev/lcdproc_screens.xml @@ -106,10 +106,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_lcdproc_screens(&$pkg); + before_form_lcdproc_screens($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_lcdproc_screens($_POST, &$input_errors); + validate_form_lcdproc_screens($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_lcdproc_screens(); diff --git a/config/lcdproc/lcdproc.inc b/config/lcdproc/lcdproc.inc index 1c628c6a..760732df 100644 --- a/config/lcdproc/lcdproc.inc +++ b/config/lcdproc/lcdproc.inc @@ -72,7 +72,7 @@ chmod($file, 0755); } - function before_form_lcdproc($pkg) { + function before_form_lcdproc(&$pkg) { global $config; config_lock(); @@ -80,7 +80,7 @@ config_unlock(); } - function before_form_lcdproc_screens($pkg) { + function before_form_lcdproc_screens(&$pkg) { global $config; config_lock(); @@ -88,7 +88,7 @@ config_unlock(); } - function validate_form_lcdproc($post, $input_errors) { + function validate_form_lcdproc($post, &$input_errors) { if($post['comport']) { switch($post['comport']) { case "none": @@ -155,7 +155,7 @@ } } } - function validate_form_lcdproc_screens($post, $input_errors) { + function validate_form_lcdproc_screens($post, &$input_errors) { // No validation required ?! } diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml index ba46e941..8f268b49 100644 --- a/config/lcdproc/lcdproc.xml +++ b/config/lcdproc/lcdproc.xml @@ -2,7 +2,7 @@ <packagegui> <title>Services: LCDproc</title> <name>lcdproc</name> - <version>0.5.2_1-p12</version> + <version>0.5.5 pkg.v.1.0.1</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> @@ -363,10 +363,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_lcdproc(&$pkg); + before_form_lcdproc($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_lcdproc($_POST, &$input_errors); + validate_form_lcdproc($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_lcdproc(); diff --git a/config/lcdproc/lcdproc_screens.xml b/config/lcdproc/lcdproc_screens.xml index b807d9f0..d8cc2382 100644 --- a/config/lcdproc/lcdproc_screens.xml +++ b/config/lcdproc/lcdproc_screens.xml @@ -90,10 +90,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_lcdproc_screens(&$pkg); + before_form_lcdproc_screens($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_lcdproc_screens($_POST, &$input_errors); + validate_form_lcdproc_screens($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_lcdproc_screens(); diff --git a/config/lightsquid/sqstat.class.php b/config/lightsquid/sqstat.class.php index 03695a47..5707e051 100644 --- a/config/lightsquid/sqstat.class.php +++ b/config/lightsquid/sqstat.class.php @@ -70,7 +70,7 @@ class squidstat{ $this->squidhost = '127.0.0.1'; $this->squidport = '3128'; - $This->group_by = 'host'; + $this->group_by = 'host'; $this->resolveip = true; $this->hosts_file = ''; $this->autorefresh = 0; @@ -580,4 +580,4 @@ class squidstat{ } } -?>
\ No newline at end of file +?> diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc index aa2bc3ce..6dddf7cd 100644 --- a/config/mailreport/mail_reports.inc +++ b/config/mailreport/mail_reports.inc @@ -35,13 +35,13 @@ require_once("filter.inc"); require_once("rrd.inc"); $graph_length = array( - "8hour" => 28800, + "eighthour" => 28800, "day" => 86400, "week" => 604800, "month" => 2764800, "quarter" => 8035200, "year" => 31622400, - "4year" => 126489600); + "fouryear" => 126489600); $logfile_friendly = array( "dhcpd" => "DHCP", @@ -88,6 +88,7 @@ function get_dates($curperiod, $graph) { $offset = 0; } switch($graph) { + case "eighthour": case "8hour": if($curhour < 24) $starthour = 16; @@ -142,6 +143,7 @@ function get_dates($curperiod, $graph) { if($offset != 0) $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); break; + case "fouryear": case "4year": $start = mktime(0, 0, 0, 1, 0, (($curyear - 3) + $offset)); if($offset != 0) @@ -240,7 +242,9 @@ function mail_report_generate_graph($database, $style, $graph, $start, $end) { require_once("filter.inc"); require_once("shaper.inc"); require_once("rrd.inc"); + require_once("util.inc"); global $g; + $g['theme'] = get_current_theme(); $pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer")); @@ -1241,7 +1245,13 @@ function mail_report_get_log($logfile, $tail, $grepfor) { if(isset($config['system']['usefifolog'])) { exec("/usr/sbin/fifolog_reader {$logfile}{$grepline} | /usr/bin/tail -n {$tail}", $logarr); } else { - exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -n {$tail}", $logarr); + if (is_executable("/usr/local/sbin/clog")) { + exec("/usr/local/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -n {$tail}", $logarr); + } elseif (is_executable("/usr/sbin/clog")) { + exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -n {$tail}", $logarr); + } else { + $logarr = array("Cannot locate clog which is required for reading log files."); + } } } return($logarr); @@ -1255,4 +1265,15 @@ function get_friendly_log_name($logfile) { return $friendly; } +function fixup_graph_timespan($timespan) { + switch ($timespan) { + case "8hour": + return "eighthour"; + case "4year": + return "fouryear"; + default: + return $timespan; + } +} + ?> diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml index fe0b98b6..803e205b 100644 --- a/config/mailreport/mailreport.xml +++ b/config/mailreport/mailreport.xml @@ -37,7 +37,7 @@ ]]> </copyright> <name>mailreport</name> - <version>2.0.10</version> + <version>2.1</version> <title>Status: Email Reports</title> <additional_files_needed> <prefix>/usr/local/bin/</prefix> diff --git a/config/mailreport/status_mail_report_add_graph.php b/config/mailreport/status_mail_report_add_graph.php index 3f629d56..d6f0d362 100644 --- a/config/mailreport/status_mail_report_add_graph.php +++ b/config/mailreport/status_mail_report_add_graph.php @@ -130,16 +130,16 @@ $custom_databases = array_merge($dbheader_custom, $databases); $styles = array('inverse' => gettext('Inverse'), 'absolute' => gettext('Absolute')); -$graphs = array("8hour", "day", "week", "month", "quarter", "year", "4year"); +$graphs = array("eighthour", "day", "week", "month", "quarter", "year", "fouryear"); $periods = array("absolute" => gettext("Absolute Timespans"), "current" => gettext("Current Period"), "previous" => gettext("Previous Period")); $graph_length = array( - "8hour" => 28800, + "eighthour" => 28800, "day" => 86400, "week" => 604800, "month" => 2764800, "quarter" => 8035200, "year" => 31622400, - "4year" => 126489600); + "fouryear" => 126489600); if ($_POST) { unset($_POST['__csrf_magic']); @@ -219,6 +219,7 @@ include("head.inc"); <select name="timespan" class="formselect" style="z-index: -10;"> <?php foreach (array_keys($graph_length) as $timespan) { + $pconfig['timespan'] = fixup_graph_timespan($pconfig['timespan']); echo "<option value=\"$timespan\""; if ($timespan == $pconfig['timespan']) echo " selected"; echo ">" . htmlspecialchars(ucwords($timespan)) . "</option>\n"; diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index 0147bb2e..8418c85c 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -1,8 +1,8 @@ <?php /* - postfix.inc + mailscanner.inc part of the Postfix package for pfSense - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,21 +29,22 @@ */ $shortcut_section = "mailscanner"; require_once("util.inc"); -require("globals.inc"); +require_once("globals.inc"); #require("guiconfig.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('MAILSCANNER_LOCALBASE', '/usr/pbi/mailscanner-' . php_uname("m")); +define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m")); +if ($pf_version == "2.1") + define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX); else - define('MAILSCANNER_LOCALBASE','/usr/local'); + define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local'); $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); - + function ms_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); + return preg_replace('/\r\n/', "\n",base64_decode($text)); } function sync_package_mailscanner($via_rpc=false) { @@ -62,7 +63,7 @@ function sync_package_mailscanner($via_rpc=false) { #check default config $load_samples=0; - + #assign xml arrays if (!is_array($config['installedpackages']['mailscanner'])){ $config['installedpackages']['mailscanner']['config'][0]=array( 'max_children'=> '5', @@ -130,7 +131,7 @@ function sync_package_mailscanner($via_rpc=false) { $antispam=$config['installedpackages']['msantispam']['config'][0]; if (is_array($config['installedpackages']['msalerts'])) $alert=$config['installedpackages']['msalerts']['config'][0]; - + #General options $info =($mailscanner['orgname']?'%org-name% = '.$mailscanner['orgname']."\n":'%org-name% = Pfsense'."\n"); $info .=($mailscanner['longorgname']?'%org-long-name% = '.$mailscanner['longorgname']."\n":'%org-long-name% = Pfsense Inc.'."\n"); @@ -165,7 +166,7 @@ function sync_package_mailscanner($via_rpc=false) { #Attachment options $max_size=($attachments['max_sizes']?$attachments['max_sizes']:'-1'); - $archive_depth=($attachments['archive_depth']?$attachments['archive_depth']:'8'); + $archive_depth=($attachments['archive_depth']?$attachments['archive_depth']:'8'); $expand_tnef=(preg_match('/ExpandTNEF/',$attachments['features'])?"yes":"no"); $deliver_tnef=(preg_match('/DeliverUnparsableTNEF/',$attachments['features'])?"yes":"no"); $find_archive=(preg_match('/FindArchiveByContent/',$attachments['features'])?"yes":"no"); @@ -188,7 +189,7 @@ function sync_package_mailscanner($via_rpc=false) { $allow_password=(preg_match('/AllowPassword-ProtectedArchives/',$antivirus['features'])?"yes":"no"); $check_filenames=(preg_match('/CheckFilenamesInPassword-ProtectedArchives/',$antivirus['features'])?"yes":"no"); $custom_antivirus_options=ms_text_area_decode($antivirus['custom']); - + #content $dangerous_content=(preg_match('/DangerousContentScanning/',$content['checks'])?"yes":"no"); $partial_messages=(preg_match('/AllowPartialMessages/',$content['checks'])?"yes":"no"); @@ -199,7 +200,7 @@ function sync_package_mailscanner($via_rpc=false) { $highlight_phishing=(preg_match('/HighlightPhishingFraud/',$content['checks'])?"yes":"no"); $dangerous_html=(preg_match('/ConvertDangerousHTMLToText/',$content['checks'])?"yes":"no"); $html_to_text=(preg_match('/ConvertHTMLToText/',$content['checks'])?"yes":"no"); - + #reports and responses $include_scanner_name=(preg_match('/IncludeScannerNameInReports/',$report['features'])?"yes":"no"); $hide_incoming_work_dir=(preg_match('/HideIncomingWorkDir/',$report['features'])?"yes":"no"); @@ -225,7 +226,7 @@ function sync_package_mailscanner($via_rpc=false) { $notice_from=($report['notice_from']?$report['notice_from']:"MailScanner"); $notice_to=($report['notice_to']?$report['notice_to']:"MailScanner"); $notice_signature=($report['notice_signature']?$report['notice_signature']:'-- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info'); - + #antispa- spam assassin $use_sa=(preg_match('/use_sa/',$antispam['safeatures'])?"yes":"no"); $sa_auto_whitelist=(preg_match('/sa_auto_whitelist/',$antispam['safeatures'])?"yes":"no"); @@ -248,7 +249,7 @@ function sync_package_mailscanner($via_rpc=false) { $is_not_mcp=(preg_match('/is_not_mcp/',$antispam['mcp_features'])?"yes":"no"); $mcp_is_high_score=(preg_match('/mcp_is_high_score/',$antispam['mcp_features'])?"yes":"no"); $include_mcp_report=(preg_match('/include_mcp_report/',$antispam['mcp_features'])?"yes":"no"); - $detailled_mcp_report=(preg_match('/detailled_mcp_report/',$antispam['mcp_features'])?"yes":"no"); + $detailled_mcp_report=(preg_match('/detailled_mcp_report/',$antispam['mcp_features'])?"yes":"no"); $score_mcp_report=(preg_match('/score_mcp_report/',$antispam['mcp_features'])?"yes":"no"); $log_mcp=(preg_match('/log_mcp/',$antispam['mcp_features'])?"yes":"no"); $mcp_score=($antispam['mcp_score']?$antispam['mcp_score']:"1"); @@ -256,14 +257,14 @@ function sync_package_mailscanner($via_rpc=false) { $mcp_action=($antispam['mcp_action']?preg_replace("/,/"," ",$antispam['mcp_action']):"deliver"); $mcp_hi_action=($antispam['mcp_hi_action']?preg_replace("/,/"," ",$antispam['mcp_hi_action']):"delete"); $mcp_max=($antispam['mcp_max']?$antispam['mcp_max']:"200k"); - + /* Language Strings = %report-dir%/languages.conf */ #check files $mailscanner_dir=MAILSCANNER_LOCALBASE ."/etc/MailScanner"; - + if($attachments['filename_rules'] == ""){ $config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($mailscanner_dir.'/archives.filename.rules.conf.sample')); $load_samples++; @@ -279,7 +280,7 @@ Language Strings = %report-dir%/languages.conf if($content['phishing_bad'] == ""){ $config['installedpackages']['mscontent']['config'][0]['phishing_bad']=base64_encode(file_get_contents($mailscanner_dir.'/phishing.bad.sites.conf.sample')); $load_samples++; - } + } if($content['country_domains'] == ""){ $config['installedpackages']['mscontent']['config'][0]['country_domains']=base64_encode(file_get_contents($mailscanner_dir.'/country.domains.conf.sample')); $load_samples++; @@ -310,9 +311,8 @@ Language Strings = %report-dir%/languages.conf $config['installedpackages']['msantispam']['config'][0]['max_message_size']=base64_encode(file_get_contents($mailscanner_dir.'/rules/max.message.size.rules.sample')); $load_samples++; } - - //$report_dir=MAILSCANNER_LOCALBASE."/share/MailScanner/reports/".strtolower($report['language']); - $report_dir="/usr/local/share/MailScanner/reports/".strtolower($report['language']); + + $report_dir=MAILSCANNER_LOCALBASE."/share/MailScanner/reports/".strtolower($report['language']); #CHECK REPORT FILES $report_files= array('deletedbadcontent' => 'deleted.content.message.txt', 'deletedbadfilename' => 'deleted.filename.message.txt', @@ -335,7 +335,7 @@ Language Strings = %report-dir%/languages.conf 'recipientmcp'=>'recipient.mcp.report.txt', 'recipientspam'=>'recipient.spam.report.txt', 'rejection' =>'rejection.report.txt'); - + foreach ($report_files as $key_r => $file_r){ if ($report[$key_r] == ""){ #$input_errors[]= $key; @@ -346,7 +346,7 @@ Language Strings = %report-dir%/languages.conf } } #print $key_r ."X $file_r X". base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')) ."<br>"; - + if ($alert['sig']){ if($alert['sig_html'] == ""){ $config['installedpackages']['msalerts']['config'][0]['sig_html']=base64_encode(file_get_contents($report_dir.'/inline.sig.html')); @@ -368,8 +368,8 @@ Language Strings = %report-dir%/languages.conf $load_samples++; } } - - + + } #exit; if($load_samples > 0) @@ -381,7 +381,7 @@ Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf */ #get mailscanner version - $msc_bin=MAILSCANNER_LOCALBASE. "/sbin/mailscanner"; + $msc_bin=MAILSCANNER_PREFIX. "/sbin/mailscanner"; if (file_exists($msc_bin)){ $msc_bin_file=file_get_contents($msc_bin); if (preg_match("/MailScannerVersion = '(\S+)'/",$msc_bin_file,$msv_matches)) @@ -404,23 +404,23 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } if (is_dir('/var/spool/postfix')) chown ('/var/spool/postfix','postfix'); - + $mlang=strtolower($report['language']); $mfiles[]= MAILSCANNER_LOCALBASE. "/etc/MailScanner/virus.scanners.conf"; $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/inline.spam.warning.txt"; $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/languages.conf"; - + foreach ($mfiles as $mfile) if (! file_exists ($mfile) && file_exists($mfile.".sample")) copy($mfile.".sample",$mfile); - + #update spam.assassin.prefs.conf $sa_temp=ms_text_area_decode($config['installedpackages']['msantispam']['config'][0]['sa_pref_file']); $pattern[]='/#ifplugin/'; $pattern[]='/#dcc_path/'; $pattern[]='/#endif/'; - + $replacement[]="ifplugin"; $replacement[]="dcc_path"; $replacement[]="endif"; @@ -443,12 +443,12 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf if (preg_match('/use_pyzor/',$antispam['safeatures'])){ $pattern[]='/#pyzor_path/'; $pattern[]="/\S+yzor_disabled/"; - $pattern[]='/usr.bin.pyzor/'; + $pattern[]='/\/usr.bin.pyzor/'; $pattern[]='/use_pyzor/'; $pattern[]="/\S+o_not_use_pyzor/"; $replacement[]="pyzor_path"; $replacement[]="pyzor_path"; - $replacement[]="usr/local/bin/pyzor"; + $replacement[]=MAILSCANNER_PREFIX . "/bin/pyzor"; $replacement[]="use_pyzor"; $replacement[]="use_pyzor"; } @@ -494,13 +494,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf $replacement[]="bayes_ignore_header ".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner"; $pattern[]='/envelope_sender_header X([a-zA-Z0-9_.-]+)MailScanner-From/'; $replacement[]="envelope_sender_header X-".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner-From"; - - + + $sa_temp=preg_replace($pattern,$replacement,$sa_temp); #rint "pre".$sa_temp;exit; $config['installedpackages']['msantispam']['config'][0]['sa_pref_file']=base64_encode($sa_temp); write_config(); - + file_put_contents($mailscanner_dir."/MailScanner.conf", $mc, LOCK_EX); file_put_contents($mailscanner_dir."/filename.rules.conf",ms_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); file_put_contents($mailscanner_dir."/filetype.rules.conf",ms_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); @@ -515,10 +515,10 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($mailscanner_dir.'/rules/bounce.rules',ms_text_area_decode($config['installedpackages']['msantispam']['config'][0]['bounce']),LOCK_EX); file_put_contents($mailscanner_dir.'/rules/max.message.size.rules',ms_text_area_decode($config['installedpackages']['msantispam']['config'][0]['max_message_size']),LOCK_EX); file_put_contents($mailscanner_dir.'/rules/spam.whitelist.rules',ms_text_area_decode($config['installedpackages']['msantispam']['config'][0]['spam_whitelist']),LOCK_EX); - + foreach ($report_files as $key_r => $file_r) file_put_contents($report_dir.'/'.$file_r,ms_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); - + if ($alert['sig']){ $sig_html=ms_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_html']); $sig_txt=ms_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_txt']);} @@ -536,7 +536,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf $warning_txt="";} file_put_contents($report_dir.'/inline.warning.txt',$warning_txt,LOCK_EX); file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX); - + #check virus_scanner options $libexec_dir=MAILSCANNER_LOCALBASE. "/libexec/MailScanner/"; if ($virus_scanning == "yes"){ @@ -562,7 +562,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf chmod ($libexec_dir.'clamav-autoupdate',0755); copy($libexec_dir.'clamav-wrapper.sample',$libexec_dir.'clamav-wrapper'); chmod ($libexec_dir.'clamav-autoupdate',0755); - + #clamav-wrapper file $cconf=$libexec_dir."clamav-wrapper"; if (file_exists($cconf)){ @@ -572,7 +572,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($cconf, $cconf_file, LOCK_EX); } } - + #freshclam conf file $cconf=MAILSCANNER_LOCALBASE. "/etc/freshclam.conf"; if (file_exists($cconf)){ @@ -582,7 +582,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($cconf, $cconf_file, LOCK_EX); } } - + #clamd conf file $cconf=MAILSCANNER_LOCALBASE. "/etc/clamd.conf"; if (file_exists($cconf)){ @@ -617,7 +617,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf else{ log_error("Starting clamav-clamd daemon"); mwexec_bg("$script start"); - } + } } else{ if (is_process_running('clamd')){ @@ -626,20 +626,20 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } } } - + #check clamav database if (!file_exists('/var/db/clamav/main.cvd')){ log_error('No clamav database found, running freshclam in background.'); mwexec_bg(MAILSCANNER_LOCALBASE. '/bin/freshclam --config-file='.MAILSCANNER_LOCALBASE.'/etc/freshclam.conf --user=root'); } - + } } else{ unlink_if_exists($libexec_dir.'clamav-autoupdate'); unlink_if_exists($libexec_dir.'clamav-wrapper'); } - + #check dcc config file $script=MAILSCANNER_LOCALBASE. '/dcc/dcc_conf'; if (file_exists($script)){ @@ -649,7 +649,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($script, $script_file, LOCK_EX); } } - + #check dcc startup script $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/dccifd'; if (file_exists($script)){ @@ -659,21 +659,21 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($script, $script_file, LOCK_EX); chmod ($script,0755); } - + if($config['installedpackages']['mailscanner']['config'][0]['enable']){ if(is_process_running('dccifd')){ log_error("Restarting dccifd"); - mwexec("$script restart"); + mwexec("$script restart"); } else{ log_error("Starting dccifd"); mwexec("$script start"); - } + } } else{ if(is_process_running('dccifd')){ log_error("Stopping dccifd"); - mwexec("$script stop"); + mwexec("$script stop"); } } } @@ -681,29 +681,29 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/mailscanner'; #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/mailscanner - $cconf=MAILSCANNER_LOCALBASE. "/sbin/mailscanner"; + $cconf=MAILSCANNER_PREFIX. "/sbin/mailscanner"; if (file_exists($cconf)){ - + $perl_bin="perl_mailscanner"; - if(file_exists(MAILSCANNER_LOCALBASE . '/bin/perl') && !file_exists(MAILSCANNER_LOCALBASE . "/bin/{$perl_bin}")){ - link(MAILSCANNER_LOCALBASE . '/bin/perl',MAILSCANNER_LOCALBASE . '/bin/perl_mailscanner'); + if(file_exists(MAILSCANNER_PREFIX . '/bin/perl') && !file_exists(MAILSCANNER_PREFIX . "/bin/{$perl_bin}")){ + link(MAILSCANNER_PREFIX . '/bin/perl',MAILSCANNER_PREFIX . "/bin/{$perl_bin}"); } - if (file_exists(MAILSCANNER_LOCALBASE . "/bin/{$perl_bin}")){ + if (file_exists(MAILSCANNER_PREFIX . "/bin/{$perl_bin}")){ $cconf_file=file_get_contents($cconf); $pattern2[0]='@#!/usr\S+bin/perl.*I@'; //$pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='#!'.MAILSCANNER_LOCALBASE. "/bin/{$perl_bin} -U -I"; + $replacement2[0]='#!'.MAILSCANNER_PREFIX. "/bin/{$perl_bin} -U -I"; //$replacement2[1]=' #my $current = config MIME::ToolUtils'; if (preg_match('@#!/usr\S+bin/perl.*I@',$cconf_file)){ $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); - } + } } - + } #check spam assassin rules - $saupdate="/usr/local/bin/sa-update"; + $saupdate=MAILSCANNER_PREFIX . "/bin/sa-update"; if (file_exists($saupdate)){ $rules_found=0; if (file_exists("/var/db/spamassassin")){ @@ -714,7 +714,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf log_error("Mailscanner- No spamassassin rules found, forcing sa-update."); mwexec($saupdate); } - } + } if (file_exists($script)){ $script_file=file_get_contents($script); @@ -765,8 +765,8 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])){ + $system_carp=$config['hasync']; $rs[0]['ipaddress']=$system_carp['synchronizetoip']; $rs[0]['username']=$system_carp['username']; $rs[0]['password']=$system_carp['password']; @@ -780,7 +780,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf log_error("[Mailscanner] xmlrpc sync is enabled but there is no system backup hosts to push mailscanner config."); return; } - break; + break; default: return; break; @@ -846,7 +846,7 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$ if(!$synctimeout) $synctimeout=120; - + $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; @@ -855,9 +855,9 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$ $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; } $synchronizetoip .= $sync_to_ip; @@ -868,6 +868,7 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$ if ($sync_xml){ log_error("Include mailscanner config"); $xml['mailscanner'] = $config['installedpackages']['mailscanner']; + $xml['msattachments'] = $config['installedpackages']['msattachments']; $xml['msreport'] = $config['installedpackages']['msreport']; $xml['mscontent'] = $config['installedpackages']['mscontent']; $xml['msantivirus'] = $config['installedpackages']['msantivirus']; @@ -880,7 +881,7 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$ XML_RPC_encode($password), XML_RPC_encode($xml) ); - + /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning mailscanner XMLRPC sync to {$url}:{$port}."); @@ -905,18 +906,18 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$ } else { log_error("mailscanner XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/mailscanner.inc');\n"; $execcmd .= "sync_package_mailscanner(true);"; - + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("mailscanner XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index a7115a5c..62f318cb 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -347,7 +347,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_alerts.xml b/config/mailscanner/mailscanner_alerts.xml index 9d80bae6..ddc1112b 100644 --- a/config/mailscanner/mailscanner_alerts.xml +++ b/config/mailscanner/mailscanner_alerts.xml @@ -150,7 +150,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antispam.xml b/config/mailscanner/mailscanner_antispam.xml index 26295059..2902f36d 100644 --- a/config/mailscanner/mailscanner_antispam.xml +++ b/config/mailscanner/mailscanner_antispam.xml @@ -445,7 +445,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_antivirus.xml b/config/mailscanner/mailscanner_antivirus.xml index 590a61f6..a6b08f8c 100644 --- a/config/mailscanner/mailscanner_antivirus.xml +++ b/config/mailscanner/mailscanner_antivirus.xml @@ -181,7 +181,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_attachments.xml b/config/mailscanner/mailscanner_attachments.xml index e89fbd46..bcd14163 100644 --- a/config/mailscanner/mailscanner_attachments.xml +++ b/config/mailscanner/mailscanner_attachments.xml @@ -212,7 +212,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_content.xml b/config/mailscanner/mailscanner_content.xml index 07342dce..1efe84f5 100644 --- a/config/mailscanner/mailscanner_content.xml +++ b/config/mailscanner/mailscanner_content.xml @@ -234,7 +234,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_report.xml b/config/mailscanner/mailscanner_report.xml index e12ed341..2e0ca449 100644 --- a/config/mailscanner/mailscanner_report.xml +++ b/config/mailscanner/mailscanner_report.xml @@ -524,7 +524,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/mailscanner/mailscanner_sync.xml b/config/mailscanner/mailscanner_sync.xml index 46f7dbfe..2bcca7d0 100644 --- a/config/mailscanner/mailscanner_sync.xml +++ b/config/mailscanner/mailscanner_sync.xml @@ -151,7 +151,7 @@ mailscanner_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - mailscanner_validate_input($_POST, &$input_errors); + mailscanner_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_mailscanner(); diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index 272f27ef..f66f6be9 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -28,6 +28,28 @@ POSSIBILITY OF SUCH DAMAGE. */ +function nmap_install() { + $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + switch ($pfs_version) { + case "1.2": + case "2.0": + return null; + case "2.1": + $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/share/nmap/nmap-mac-prefixes"; + break; + default: + $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/local/share/nmap/nmap-mac-prefixes"; + } + /* Only copy the file if it doesn't exist */ + if (file_exists($source_file) && !file_exists($destination_file)) { + if (!is_dir(dirname($destination_file))) { + @mkdir(dirname($destination_file), 0644, true); + } + @symlink($source_file, $destination_file); + } +} + function nmap_custom_php_validation_command($post, & $input_errors) { global $_POST, $savemsg, $config; if (empty($_POST['hostname'])) { diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index b07b3982..ad0f8e0a 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nmap</name> - <version>6.40_2 pkg v1.2.1</version> + <version>6.40_2 pkg v1.3</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -122,4 +122,7 @@ <custom_php_validation_command> nmap_custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> + <custom_php_install_command> + nmap_install(); + </custom_php_install_command> </packagegui> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index 25964b16..c515ab99 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -47,6 +47,7 @@ function nrpe2_custom_php_install_command() { $config['installedpackages']['nrpe2']['config'][0]['server_address'] = $ip; $config['installedpackages']['nrpe2']['config'][0]['server_port'] = 5666; $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] = "127.0.0.1"; + $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] = "on"; } if (!is_array($config['installedpackages']['nrpe2']['config'][0]['row'])) { @@ -169,24 +170,32 @@ function nrpe2_custom_php_write_config() { $commands = implode($cmds); $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port']; - $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address']; $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts']; + $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe']; + if ($config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on") { + $dont_blame_nrpe = 1; + } else { + $dont_blame_nrpe = 0; + } $fd = fopen(NRPE_CONFIG_DIR . '/nrpe.cfg', 'w'); $nrpe_cfg = <<<EOD log_facility=daemon pid_file=/var/run/nrpe2.pid server_port={$server_port} -server_address={$server_address} nrpe_user=nagios nrpe_group=nagios allowed_hosts={$allowed_hosts} -dont_blame_nrpe=0 +dont_blame_nrpe={$dont_blame_nrpe} debug=0 command_timeout=60 connection_timeout=300 {$commands} EOD; + if (defined($config['installedpackages']['nrpe2']['config'][0]['server_address'])) { + $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address']; + $nrpe_cfg .= "server_address={$server_address}"; + } fwrite($fd, $nrpe_cfg); fclose($fd); conf_mount_ro(); diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index 8d65c97b..8d6f0b09 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -52,9 +52,8 @@ <field> <fielddescr>Bind IP Address</fielddescr> <fieldname>server_address</fieldname> - <description>Set this to the IP address of the interface you want the daemon to listen on.</description> + <description>Set this to the IP address of the interface you want the daemon to listen on. (optional)</description> <type>input</type> - <required/> </field> <field> <fielddescr>Nagios Server(s)</fielddescr> @@ -64,6 +63,13 @@ <required/> </field> <field> + <fielddescr>Allow Arguments (dont_blame_nrpe)</fielddescr> + <fieldname>dont_blame_nrpe</fieldname> + <description>Check this to enable accept NRPE arguments (Default: 0)</description> + <type>checkbox</type> + </field> + + <field> <type>listtopic</type> <name>Commands</name> <fieldname>temp</fieldname> @@ -110,7 +116,7 @@ <required/> </rowhelperfield> <rowhelperfield> - <fielddescr>Extra Options</fielddescr> + <fielddescr>Extra Options (Example: -s Z \$ARG1\$ \$ARG2\$)</fielddescr> <fieldname>extra</fieldname> <description>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</description> <type>input</type> diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml new file mode 100644 index 00000000..b656e483 --- /dev/null +++ b/config/ntopng/ntopng.xml @@ -0,0 +1,252 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + ntopng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2014 ESF, LLC + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <name>ntopng</name> + <version>1.1 v0.1</version> + <title>Diagnostics: ntopng Settings</title> + <savetext>Change</savetext> + <aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect> + <menu> + <name>ntopng Settings</name> + <tooltiptext>Set ntopng settings such as password and port.</tooltiptext> + <section>Diagnostics</section> + <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + </menu> + <menu> + <name>ntopng</name> + <tooltiptext>Access ntopng</tooltiptext> + <section>Diagnostics</section> + <url>http://$myurl:3000</url> + <depends_on_service>ntopng</depends_on_service> + </menu> + <service> + <name>ntopng</name> + <rcfile>ntopng.sh</rcfile> + <executable>ntopng</executable> + <description>ntopng bandwidth monitoring/graphing</description> + </service> + <tabs> + <tab> + <text>ntopng Settings</text> + <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Access ntopng</text> + <url>http://$myurl:3000</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>ntopng Admin Password</fielddescr> + <fieldname>password</fieldname> + <description>Enter the password for the ntopng GUI. Minimum 5 characters, defaults to admin.</description> + <type>password</type> + </field> + <field> + <fielddescr>Confirm ntopng Admin Password</fielddescr> + <fieldname>passwordagain</fieldname> + <type>password</type> + </field> + <field> + <fielddescr>Interface</fielddescr> + <fieldname>interface_array</fieldname> + <type>interfaces_selection</type> + <size>3</size> + <value>lan</value> + <multiple>true</multiple> + </field> + <field> + <fielddescr>DNS Mode</fielddescr> + <fieldname>dns_mode</fieldname> + <description>Configures how name resolution is handled</description> + <type>select</type> + <default_value>0</default_value> + <options> + <option><value>0</value><name>Decode DNS responses and resolve local numeric IPs only (default)</name></option> + <option><value>1</value><name>Decode DNS responses and resolve all numeric IPs</name></option> + <option><value>2</value><name>Decode DNS responses and don't resolve numeric IPs</name></option> + <option><value>3</value><name>Don't decode DNS responses and don't resolve numeric IPs</name></option> + </options> + </field> + <field> + <fielddescr>Local Networks</fielddescr> + <fieldname>local_networks</fieldname> + <description>Configures how Local Networks are defined</description> + <type>select</type> + <default_value>rfc1918</default_value> + <options> + <option><value>rfc1918</value><name>Consider all RFC1918 networks local</name></option> + <option><value>selected</value><name>Consider selected interface networks local</name></option> + <option><value>lanonly</value><name>Consider only LAN interface local</name></option> + </options> + </field> + <field> + <fielddescr>Historical Data Storage</fielddescr> + <fieldname>dump_flows</fieldname> + <description>Turn historical data storages on</description> + <type>checkbox</type> + </field> + </fields> + <custom_php_global_functions> + <![CDATA[ + function sync_package_ntopng() { + conf_mount_rw(); + config_lock(); + global $config; + global $input_errors; + if ($_POST) { + $config['installedpackages']['ntopng']['config'] = array(); + $config['installedpackages']['ntopng']['config'][0] = $_POST; + } + $ntopng_config =& $config['installedpackages']['ntopng']['config'][0]; + $if_final = ""; + $ifaces_final = ""; + system("/bin/mkdir -p /var/db/ntopng"); + system("/bin/mkdir -p /var/db/ntopng/rrd"); + system("/bin/mkdir -p /var/db/ntopng/rrd/graphics"); + system("/bin/chmod -R 755 /var/db/ntopng"); + system("/usr/sbin/chown -R nobody:nobody /var/db/ntopng"); + system("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/"); + $first = 0; + foreach($ntopng_config['interface_array'] as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + if ($if) { + $ifaces .= " -i " . escapeshellarg("{$if}"); + } + } + + // DNS Mode + if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) { + $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']); + } + + // Local Networks > + switch ($ntopng_config['local_networks']) { + case "selected": + $nets = array(); + foreach ($ntopng_config['interface_array'] as $iface) { + if (is_ipaddr(get_interface_ip($iface))) { + $nets[] = gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . '/' . get_interface_subnet($iface); + } + } + if (!empty($nets)) + $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets)); + break; + case "lanonly": + if (is_ipaddr(get_interface_ip('lan'))) { + $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'),get_interface_subnet('lan')) . '/' . get_interface_subnet('lan')); + } + break; + case "rfc1918": + default: + $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'"; + break; + } + + // Historical Data Storage, Dump expired flows + if ($ntopng_config['dump_flows'] >= on) { + $dump_flows = "-F"; + } + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version >= 2.2) { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } else { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } + + $start = "ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib\n"; + $start .= "\t{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb &\n"; + // TODO: + // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse, + // --dump-timeline (on/off) --http-port, --https-port + + $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &"; + write_rcfile(array( + "file" => "ntopng.sh", + "start" => $start, + "stop" => "/usr/bin/killall ntopng redis-cli redis-server" + ) + ); + if (is_service_running("ntopng")) { + stop_service("ntopng"); + // Wait for ntopng to shut down cleanly. + sleep(20); + } + start_service("ntopng"); + sleep(2); + + if (empty($ntopng_config['password'])) + $ntopng_config['password'] = "admin"; + $password = md5($ntopng_config['password']); + mwexec_bg("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password)); + mwexec_bg("{$redis_path}/redis-cli save"); + conf_mount_ro(); + config_unlock(); + } + ]]> + </custom_php_global_functions> + <custom_add_php_command> + sync_package_ntopng(); + </custom_add_php_command> + <custom_php_resync_config_command> + sync_package_ntopng(); + </custom_php_resync_config_command> + <custom_php_install_command> + <![CDATA[ + mwexec_bg("/usr/pbi/ntopng-" . php_uname("m") . "/bin/geoipupdate.sh"); + sync_package_ntopng(); + ]]> + </custom_php_install_command> + <custom_php_deinstall_command> + exec("rm /usr/local/etc/rc.d/ntopng*"); + </custom_php_deinstall_command> + <custom_php_validation_command> + <![CDATA[ + if ($_POST) { + if (empty($_POST['password']) || empty($_POST['passwordagain'])) + $input_errors[] = "You must provide (and confirm) ntopng's password."; + if ($_POST['password'] != $_POST['passwordagain']) + $input_errors[] = "The provided passwords did not match."; + } + ]]> + </custom_php_validation_command> +</packagegui> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 793e24fd..aa0bbe13 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -35,7 +35,8 @@ define('NUT_RCFILE', '/usr/local/etc/rc.d/nut.sh'); - if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + if ($pfs_version == "2.0") { define('NUT_DIR','/usr/local/etc/nut'); } else { define('NUT_DIR', '/usr/pbi/nut-' . php_uname("m") . '/etc/nut'); @@ -97,7 +98,7 @@ return true; } - function before_form_nut($pkg) { + function before_form_nut(&$pkg) { /* return available serial ports */ $serial_types = array("sio", "cua", "tty"); @@ -136,7 +137,7 @@ $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } - function validate_form_nut($post, $input_errors) { + function validate_form_nut($post, &$input_errors) { global $config; /* monitor remote validation */ @@ -184,6 +185,7 @@ $remoteuser = nut_config('remoteuser'); $remotepass = nut_config('remotepass'); $shutdownflag = (nut_config('powerdown') == 'on') ? '-p' : '-h'; + $custom_upsmonconf = str_replace(";", "\n", nut_config('custom_upsmonconf')); if(!($remotename && $remoteaddr && $remoteuser && $remotepass)) return false; @@ -194,6 +196,7 @@ MONITOR {$remotename}@{$remoteaddr} 1 {$remoteuser} {$remotepass} slave MINSUPPLIES 1 SHUTDOWNCMD "/sbin/shutdown {$shutdownflag} +0" POWERDOWNFLAG /etc/killpower +{$custom_upsmonconf} EOD; $stop = <<<EOD @@ -222,6 +225,8 @@ EOD; } function sync_package_nut_local() { + global $pfs_version; + $name = nut_config('name'); $driver = nut_config_sub('driver', 2); $port = nut_config('port'); @@ -230,6 +235,10 @@ EOD; $allowuser = nut_config('allowuser'); $allowpass = nut_config('allowpass'); $shutdownflag = (nut_config('powerdown') == 'on') ? '-p' : '-h'; + $custom_upsconf = str_replace(";", "\n", nut_config('custom_upsconf')); + $custom_upsdconf = str_replace(";", "\n", nut_config('custom_upsdconf')); + $custom_upsdusers = str_replace(";", "\n", nut_config('custom_upsdusers')); + $custom_upsmonconf = str_replace(";", "\n", nut_config('custom_upsmonconf')); if(!($name && $driver && $port)) @@ -262,10 +271,12 @@ EOD; $ups_conf .= "cable={$cable}\n"; if($upstype) $ups_conf .= "upstype={$upstype}\n"; + $ups_conf .= "{$custom_upsconf}"; /* upsd.conf */ $upsd_conf = "LISTEN 127.0.0.1\n"; $upsd_conf .= "LISTEN ::1\n"; + $upsd_conf .= "{$custom_upsdconf}"; $password = uniqid("nut"); /* upsd.users */ @@ -277,6 +288,12 @@ EOD; $upsd_users .= "password = $allowpass\n"; $upsd_users .= "upsmon master\n"; } + $upsd_users .= "{$custom_upsdusers}"; + + if ($pfs_version == "2.1") + $upsdrvctl = "/usr/local/libexec/nut/upsdrvctl"; + else + $upsdrvctl = "/usr/local/sbin/upsdrvctl"; /* upsmon.conf */ $upsmon_conf = <<<EOD @@ -284,6 +301,7 @@ MONITOR {$name}@localhost 1 monuser {$password} master MINSUPPLIES 1 SHUTDOWNCMD "/sbin/shutdown {$shutdownflag} +0" POWERDOWNFLAG /etc/killpower +{$custom_upsmonconf} EOD; $stop = <<<EOD @@ -300,7 +318,7 @@ EOD; fi if [ `pgrep {$driver} | wc -l` != 0 ]; then echo stopping {$driver} - /usr/local/libexec/nut/upsdrvctl stop + {$upsdrvctl} stop fi sleep 1 if [ `pgrep {$driver} | wc -l` != 0 ]; then @@ -319,7 +337,7 @@ if [ `pgrep {$driver} | wc -l` != 0 ]; then fi {$port_set} echo starting {$driver} - if /usr/local/libexec/nut/upsdrvctl start; then + if {$upsdrvctl} start; then echo starting upsd /usr/local/sbin/upsd {$ovr_user} echo starting upsmon @@ -358,6 +376,10 @@ EOD; $snmpdisabletransfer = (nut_config('snmpdisabletransfer') == 'on'); $allowuser = nut_config('allowuser'); $allowpass = nut_config('allowpass'); + $custom_upsconf = str_replace(";", "\n", nut_config('custom_upsconf')); + $custom_upsdconf = str_replace(";", "\n", nut_config('custom_upsdconf')); + $custom_upsdusers = str_replace(";", "\n", nut_config('custom_upsdusers')); + $custom_upsmonconf = str_replace(";", "\n", nut_config('custom_upsmonconf')); if(!($name && $driver && $port)) return false; @@ -378,10 +400,12 @@ EOD; $ups_conf .= "pollfreq={$snmpfreq}\n"; if($snmpdisabletransfer) $ups_conf .= "notransferoids=true\n"; + $ups_conf .= "{$custom_upsconf}"; /* upsd.conf */ $upsd_conf = "LISTEN 127.0.0.1\n"; $upsd_conf .= "LISTEN ::1\n"; + $upsd_conf .= "{$custom_upsdconf}"; $password = uniqid("nut"); /* upsd.users */ @@ -393,6 +417,12 @@ EOD; $upsd_users .= "password = $allowpass\n"; $upsd_users .= "upsmon master\n"; } + $upsd_users .= "{$custom_upsdusers}"; + + if ($pfs_version == "2.1") + $upsdrvctl = "/usr/local/libexec/nut/upsdrvctl"; + else + $upsdrvctl = "/usr/local/sbin/upsdrvctl"; /* upsmon.conf */ $upsmon_conf = <<<EOD @@ -400,6 +430,7 @@ MONITOR {$name}@localhost 1 monuser {$password} master MINSUPPLIES 1 SHUTDOWNCMD "/sbin/shutdown {$shutdownflag} +0" POWERDOWNFLAG /etc/killpower +{$custom_upsmonconf} EOD; $stop = <<<EOD @@ -416,7 +447,7 @@ EOD; fi if [ `pgrep {$driver} | wc -l` != 0 ]; then echo stopping {$driver} - /usr/local/libexec/nut/upsdrvctl stop + {$upsdrvctl} stop fi sleep 1 if [ `pgrep {$driver} | wc -l` != 0 ]; then @@ -435,7 +466,7 @@ if [ `pgrep {$driver} | wc -l` != 0 ]; then fi {$port_set} echo starting {$driver} - if /usr/local/libexec/nut/upsdrvctl start; then + if {$upsdrvctl} start; then echo starting upsd /usr/local/sbin/upsd {$ovr_user} echo starting upsmon diff --git a/config/nut/nut.xml b/config/nut/nut.xml index b78c9dba..d1496a16 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nut</name> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <title>Services: NUT</title> <savetext>Change</savetext> <aftersaveredirect>/status_nut.php</aftersaveredirect> @@ -84,6 +84,7 @@ <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item> </additional_files_needed> + <advanced_options>enabled</advanced_options> <fields> <field> <name>General Settings</name> @@ -119,6 +120,42 @@ <type>checkbox</type> </field> <field> + <fielddescr>ups.conf options</fielddescr> + <fieldname>custom_upsconf</fieldname> + <description>Write there any custom options for ups.conf. All options must be separated by semi-colons (;).</description> + <type>textarea</type> + <cols>65</cols> + <rows>5</rows> + <advancedfield/> + </field> + <field> + <fielddescr>upsd.conf options</fielddescr> + <fieldname>custom_upsdconf</fieldname> + <description>Write there any custom options for upsd.conf. All options must be separated by semi-colons (;).</description> + <type>textarea</type> + <cols>65</cols> + <rows>5</rows> + <advancedfield/> + </field> + <field> + <fielddescr>upsd.users options</fielddescr> + <fieldname>custom_upsdusers</fieldname> + <description>Write there any custom options for upsd.users. All options must be separated by semi-colons (;).</description> + <type>textarea</type> + <cols>65</cols> + <rows>5</rows> + <advancedfield/> + </field> + <field> + <fielddescr>upsmon.conf options</fielddescr> + <fieldname>custom_upsmonconf</fieldname> + <description>Write there any custom options for upsmon.conf. All options must be separated by semi-colons (;).</description> + <type>textarea</type> + <cols>65</cols> + <rows>5</rows> + <advancedfield/> + </field> + <field> <name>Remote Access Settings - Used for Local and SNMP Types to allow access</name> <type>listtopic</type> </field> @@ -646,10 +683,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_nut(&$pkg); + before_form_nut($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_nut($_POST, &$input_errors); + validate_form_nut($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_nut(); diff --git a/config/olsrd.inc b/config/olsrd.inc index 9db79f1f..9eee0196 100644 --- a/config/olsrd.inc +++ b/config/olsrd.inc @@ -138,11 +138,6 @@ UseHysteresis no LinkQualityLevel {$olsrd['enablelqe']} -# Link quality window size -# Defaults to 10 - -LinkQualityWinSize 10 - # Polling rate in seconds(float). # Default value 0.05 sec diff --git a/config/open-vm-tools/open-vm-tools.inc b/config/open-vm-tools/open-vm-tools.inc index 5db7de3f..76e8c212 100644 --- a/config/open-vm-tools/open-vm-tools.inc +++ b/config/open-vm-tools/open-vm-tools.inc @@ -42,7 +42,7 @@ checkvm_cmd="/usr/local/bin/vmware-checkvm > /dev/null" # VMware guest daemon name="vmware_guestd" -rcvar=`set_rcvar` +rcvar="\${name}_enable" start_precmd="\${checkvm_cmd}" unset start_cmd stop_precmd="\${checkvm_cmd}" @@ -100,7 +100,7 @@ vmware_guest_vmhgfs_start() # VMware kernel module: vmmemctl name="vmware_guest_vmmemctl" -rcvar=`set_rcvar` +rcvar="\${name}_enable" start_precmd="\${checkvm_cmd}" start_cmd="vmware_guest_vmmemctl_start" stop_precmd="\${checkvm_cmd}" @@ -112,7 +112,7 @@ run_rc_command "\$1" # VMware kernel module: vmxnet name="vmware_guest_vmxnet" -rcvar=`set_rcvar` +rcvar="\${name}_enable" start_precmd="\${checkvm_cmd}" start_cmd="vmware_guest_vmxnet_start" stop_precmd="\${checkvm_cmd}" @@ -124,7 +124,7 @@ run_rc_command "\$1" # VMware kernel module: vmblock name="vmware_guest_vmblock" -rcvar=`set_rcvar` +rcvar="\${name}_enable" start_precmd="\${checkvm_cmd}" start_cmd="vmware_guest_vmblock_start" stop_precmd="\${checkvm_cmd}" @@ -136,7 +136,7 @@ run_rc_command "\$1" # VMware kernel module: vmhgfs name="vmware_guest_vmhgfs" -rcvar=`set_rcvar` +rcvar="\${name}_enable" start_precmd="\${checkvm_cmd}" start_cmd="vmware_guest_vmhgfs_start" stop_precmd="\${checkvm_cmd}" diff --git a/config/open-vm-tools/open-vm-tools.xml b/config/open-vm-tools/open-vm-tools.xml index c705f0e9..b4b1c0e8 100644 --- a/config/open-vm-tools/open-vm-tools.xml +++ b/config/open-vm-tools/open-vm-tools.xml @@ -8,13 +8,9 @@ /* open-vm-tools.xml part of pfSense (http://www.pfSense.org) - Copyright (C) 2008 BSD Perimeter LLC + Copyright (C) 2008-2014 Electric Sheep Fencing LP All rights reserved. - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2008 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ /* ========================================================================== */ /* Redistribution and use in source and binary forms, with or without @@ -66,4 +62,4 @@ conf_mount_ro(); </custom_php_deinstall_command> <include_file>/usr/local/pkg/open-vm-tools.inc</include_file> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/open-vm-tools_2/open-vm-tools.xml b/config/open-vm-tools_2/open-vm-tools.xml index 02247242..1e823eed 100644 --- a/config/open-vm-tools_2/open-vm-tools.xml +++ b/config/open-vm-tools_2/open-vm-tools.xml @@ -8,13 +8,9 @@ /* open-vm-tools.xml part of pfSense (http://www.pfSense.org) - Copyright (C) 2008 BSD Perimeter LLC + Copyright (C) 2008-2014 Electric Sheep Fencing LP All rights reserved. - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2008 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ /* ========================================================================== */ /* Redistribution and use in source and binary forms, with or without @@ -66,4 +62,4 @@ conf_mount_ro(); </custom_php_deinstall_command> <include_file>/usr/local/pkg/open-vm-tools.inc</include_file> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 76aeb54f..907f6b8c 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -129,10 +129,13 @@ function openbgpd_install_conf() { $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) - $conffile .= "\t\tlocal-address {$openbgpd_conf['listenip']}\n"; - else - $conffile .= "\t\tlocal-address 0.0.0.0\n"; + if ($setlocaladdr == true) { + if (!empty($openbgpd_conf['listenip'])) { + $conffile .= "\t\tlocal-address {$openbgpd_conf['listenip']}\n"; + } else { + $conffile .= "\t\tlocal-address 0.0.0.0\n"; + } + } $conffile .= "}\n"; } diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 1a34c260..f635bbd0 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -38,9 +38,14 @@ require_once("shaper.inc"); require_once("util.inc"); require_once("pfsense-utils.inc"); +global $current_openvpn_version, $current_openvpn_version_rev; +$current_openvpn_version = "2.3.6"; +$current_openvpn_version_rev = "01"; + function openvpn_client_export_install() { + global $current_openvpn_version; conf_mount_rw(); - $tarpath = "/usr/local/pkg/openvpn-client-export.tgz"; + $tarpath = "/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"; $phpfile = "vpn_openvpn_export.php"; $ovpndir = "/usr/local/share/openvpn"; $workdir = "{$ovpndir}/client-export"; @@ -53,6 +58,7 @@ function openvpn_client_export_install() { } function openvpn_client_export_deinstall() { + global $current_openvpn_version; conf_mount_rw(); $phpfile = "vpn_openvpn_export.php"; $phpfile2 = "vpn_openvpn_export_shared.php"; @@ -61,6 +67,7 @@ function openvpn_client_export_deinstall() { unlink_if_exists("/usr/local/www/{$phpfile}"); unlink_if_exists("/usr/local/www/{$phpfile2}"); + unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"); exec("/bin/rm -r {$workdir}"); conf_mount_ro(); } @@ -478,19 +485,25 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys } } -function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "2.1") { - global $config, $g, $input_errors; +function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, $outpass, $proxy, $openvpnmanager, $advancedoptions, $openvpn_version = "x86-xp") { + global $config, $g, $input_errors, $current_openvpn_version, $current_openvpn_version_rev; $uname_p = trim(exec("uname -p")); switch ($openvpn_version) { - case "2.3-x86": - $client_install_exe = "openvpn-install-2.3-i686.exe"; + case "x86-xp": + $client_install_exe = "openvpn-install-{$current_openvpn_version}-I0{$current_openvpn_version_rev}-i686.exe"; + break; + case "x64-xp": + $client_install_exe = "openvpn-install-{$current_openvpn_version}-I0{$current_openvpn_version_rev}-x86_64.exe"; + break; + case "x86-win6": + $client_install_exe = "openvpn-install-{$current_openvpn_version}-I6{$current_openvpn_version_rev}-i686.exe"; break; - case "2.3-x64": - $client_install_exe = "openvpn-install-2.3-x86_64.exe"; + case "x64-win6": + $client_install_exe = "openvpn-install-{$current_openvpn_version}-I6{$current_openvpn_version_rev}-x86_64.exe"; break; default: - $client_install_exe = "openvpn-install-2.3-i686.exe"; + $client_install_exe = "openvpn-install-{$current_openvpn_version}-I0{$current_openvpn_version_rev}-i686.exe"; } $ovpndir = "/usr/local/share/openvpn"; diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index a6a46649..15986428 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.9</version> + <version>1.2.15</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> @@ -27,7 +27,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export.tgz</item> + <item>https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export-2.3.6.tgz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> diff --git a/config/openvpn-client-export/readme.txt b/config/openvpn-client-export/readme.txt index 071b6d59..b9310283 100755 --- a/config/openvpn-client-export/readme.txt +++ b/config/openvpn-client-export/readme.txt @@ -2,7 +2,7 @@ pfSense OpenVPN Client Export Package ------------------------------------- This package includes a webConfigurator interface that allows for easy -expory of user based OpenVPN configurations and pre-configured windows +export of user based OpenVPN configurations and pre-configured windows installer packages. Contents @@ -34,7 +34,7 @@ root package directory using the following command ... tar zcvf openvpn-client-export.tgz client-export -With the archive created, you will have three relevent files in the +With the archive created, you will have three relevant files in the root package directory ... openvpn-client-export.inc diff --git a/config/openvpn-client-export/source/openvpn-postinstall.nsi b/config/openvpn-client-export/source/openvpn-postinstall.nsi index fb4356e0..70057f6d 100755 --- a/config/openvpn-client-export/source/openvpn-postinstall.nsi +++ b/config/openvpn-client-export/source/openvpn-postinstall.nsi @@ -37,7 +37,7 @@ Var /GLOBAL mui.FinishPage.Run !define WELCOME_TITLE 'Welcome to OpenVPN installer.' !define WELCOME_TEXT "This wizard will guide you through the installation of the OpenVPN client and configuration.$\r$\n$\r$\n\ -This wil automaticaly install the configuration files needed for your connection. \ +This will automatically install the configuration files needed for your connection. \ And if needed install the required DotNet2 framework." !define MUI_WELCOMEPAGE_TITLE '${WELCOME_TITLE}' ;!define MUI_WELCOMEPAGE_TITLE_3LINES diff --git a/config/openvpn-client-export/source/openvpn-postinstall64.nsi b/config/openvpn-client-export/source/openvpn-postinstall64.nsi index b962ddff..720ab663 100644 --- a/config/openvpn-client-export/source/openvpn-postinstall64.nsi +++ b/config/openvpn-client-export/source/openvpn-postinstall64.nsi @@ -38,7 +38,7 @@ Var /GLOBAL mui.FinishPage.Run !define WELCOME_TITLE 'Welcome to OpenVPN installer.' !define WELCOME_TEXT "This wizard will guide you through the installation of the OpenVPN client and configuration.$\r$\n$\r$\n\ -This wil automaticaly install the configuration files needed for your connection. \ +This will automatically install the configuration files needed for your connection. \ And if needed install the required DotNet2 framework." !define MUI_WELCOMEPAGE_TITLE '${WELCOME_TITLE}' ;!define MUI_WELCOMEPAGE_TITLE_3LINES diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 8d002397..12ce01d0 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -34,6 +34,8 @@ require("globals.inc"); require("guiconfig.inc"); require("openvpn-client-export.inc"); +global $current_openvpn_version, $current_openvpn_version_rev; + $pgtitle = array("OpenVPN", "Client Export Utility"); if (!is_array($config['openvpn']['openvpn-server'])) @@ -131,10 +133,14 @@ if (!empty($act)) { else $nokeys = false; - if (empty($_GET['useaddr'])) { + $useaddr = ''; + if (isset($_GET['useaddr']) && !empty($_GET['useaddr'])) + $useaddr = trim($_GET['useaddr']); + + if (!(is_ipaddr($useaddr) || is_hostname($useaddr) || + in_array($useaddr, array("serveraddr", "servermagic", "servermagichost", "serverhostname")))) $input_errors[] = "You need to specify an IP or hostname."; - } else - $useaddr = $_GET['useaddr']; + $advancedoptions = $_GET['advancedoptions']; $openvpnmanager = $_GET['openvpnmanager']; @@ -358,7 +364,7 @@ function download_begin(act, i, j) { var proxyconf = document.getElementById("proxyconf").value; if (useproxypass) { if (!proxyuser) { - alert("Please fill the proxy username and passowrd."); + alert("Please fill the proxy username and password."); return; } if (!proxypass || !proxyconf) { @@ -437,11 +443,15 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ", -1)'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others<\/a>"; - cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; + cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-xp\"," + i + ", -1)'>x86-xp<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-xp\"," + i + ", -1)'>x64-xp<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-win6\"," + i + ", -1)'>x86-win6<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-win6\"," + i + ", -1)'>x64-win6<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>"; @@ -472,11 +482,15 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\", -1," + j + ")'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others<\/a>"; - cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; + cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-xp\", -1," + j + ")'>x86-xp<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-xp\", -1," + j + ")'>x64-xp<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-win6\", -1," + j + ")'>x86-win6<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-win6\", -1," + j + ")'>x64-win6<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle<\/a>"; @@ -514,11 +528,15 @@ function server_changed() { cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>"; - cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; + cell2.innerHTML += "<br\/>- Windows Installers (<?php echo $current_openvpn_version . '-Ix' . $current_openvpn_version_rev;?>):<br\/>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-xp\"," + i + ")'>x86-xp<\/a>"; + cell2.innerHTML += " "; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-xp\"," + i + ")'>x64-xp<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x86-win6\"," + i + ")'>x86-win6<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-x64-win6\"," + i + ")'>x64-win6<\/a>"; cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle<\/a>"; @@ -867,7 +885,11 @@ function useproxy_changed(obj) { </table> <table width="100%" border="0" cellpadding="0" cellspacing="5" summary="note"> <tr> - <td align="right" valign="top" width="5%"><?= gettext("NOTE:") ?></td> + <td align="right" valign="top" width="5%"><?= gettext("NOTES:") ?></td> + <td><?= gettext("The "XP" Windows installers work on Windows XP and later versions. The "win6" Windows installers include a new tap-windows6 driver that works only on Windows Vista and later.") ?></td> + </tr> + <tr> + <td> </td> <td><?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?></td> </tr> <tr> diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php index da77870a..26efc1ed 100644 --- a/config/openvpn-client-export/vpn_openvpn_export_shared.php +++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php @@ -1,6 +1,6 @@ <?php /* - vpn_openvpn_export.php + vpn_openvpn_export_shared.php Copyright (C) 2008 Shrew Soft Inc. Copyright (C) 2010 Ermal Luçi @@ -202,7 +202,7 @@ function download_begin(act) { var proxyconf = document.getElementById("proxyconf").value; if (useproxypass) { if (!proxyuser) { - alert("Please fill the proxy username and passowrd."); + alert("Please fill the proxy username and password."); return; } if (!proxypass || !proxyconf) { diff --git a/config/pf-blocker/pfblocker.php b/config/pf-blocker/pfblocker.php index 17fb10e7..50214142 100644 --- a/config/pf-blocker/pfblocker.php +++ b/config/pf-blocker/pfblocker.php @@ -249,7 +249,7 @@ $xml= <<<EOF pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input(\$_POST, &\$input_errors); + pfblocker_validate_input(\$_POST, \$input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml index 44658bcb..ffc138f5 100755 --- a/config/pf-blocker/pfblocker.xml +++ b/config/pf-blocker/pfblocker.xml @@ -241,7 +241,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_lists.xml b/config/pf-blocker/pfblocker_lists.xml index f1798d36..50782ea1 100755 --- a/config/pf-blocker/pfblocker_lists.xml +++ b/config/pf-blocker/pfblocker_lists.xml @@ -246,7 +246,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_sync.xml b/config/pf-blocker/pfblocker_sync.xml index e2e19567..67b49db1 100644 --- a/config/pf-blocker/pfblocker_sync.xml +++ b/config/pf-blocker/pfblocker_sync.xml @@ -138,7 +138,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pf-blocker/pfblocker_topspammers.xml b/config/pf-blocker/pfblocker_topspammers.xml index 2536cf80..e7d95e21 100644 --- a/config/pf-blocker/pfblocker_topspammers.xml +++ b/config/pf-blocker/pfblocker_topspammers.xml @@ -158,7 +158,7 @@ pfblocker_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - pfblocker_validate_input($_POST, &$input_errors); + pfblocker_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_pfblocker(); diff --git a/config/pfblockerng/countrycodes.tar.bz2 b/config/pfblockerng/countrycodes.tar.bz2 Binary files differnew file mode 100644 index 00000000..afebf58a --- /dev/null +++ b/config/pfblockerng/countrycodes.tar.bz2 diff --git a/config/pfblockerng/geoipupdate.sh b/config/pfblockerng/geoipupdate.sh new file mode 100644 index 00000000..4b8fbb63 --- /dev/null +++ b/config/pfblockerng/geoipupdate.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# +# pfBlockerNG MaxMind GeoLite GeoIP Updater Script - By BBcan177@gmail.com +# Copyright (C) 2014 BBcan177@gmail.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License Version 2 as +# published by the Free Software Foundation. You may not use, modify or +# distribute this program under any other version of the GNU General +# Public License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# The GeoLite databases by MaxMind Inc., are distributed under the Creative Commons +# Attribution-ShareAlike 3.0 Unported License. The attribution requirement +# may be met by including the following in all advertising and documentation +# mentioning features of or use of this database. + +# Folder Locations +pathfetch=/usr/bin/fetch +pathtar=/usr/bin/tar +pathgunzip=/usr/bin/gunzip + +# File Locations +pathdb=/var/db/pfblockerng +pathlog=/var/log/pfblockerng +errorlog=$pathlog/geoip.log +pathgeoipdatgz=$pathdb/GeoIP.dat.gz +pathgeoipdatgzv6=$pathdb/GeoIPv6.dat.gz +pathgeoipdat=$pathdb/GeoIP.dat +pathgeoipdatv6=$pathdb/GeoIPv6.dat +pathgeoipcc=$pathdb/country_continent.csv +pathgeoipcsv4=$pathdb/GeoIPCountryCSV.zip +pathgeoipcsvfinal4=$pathdb/GeoIPCountryWhois.csv +pathgeoipcsv6=$pathdb/GeoIPv6.csv.gz +pathgeoipcsvfinal6=$pathdb/GeoIPv6.csv + +if [ ! -d $pathdb ]; then mkdir $pathdb; fi +if [ ! -d $pathlog ]; then mkdir $pathlog; fi + +now=$(date) +echo; echo "$now - Updating pfBlockerNG - Country Database Files" +echo "pfBlockerNG uses GeoLite data created by MaxMind, available from http://www.maxmind.com"; echo + +#Function to update MaxMind GeoIP Binary (For Reputation Process) +binaryupdate() { + +# Download Part 1 - GeoLite IPv4 Binary Database + +echo " ** Downloading MaxMind GeoLite IPv4 Binary Database (For Reputation/Alerts Processes) **"; echo +URL="http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" +$pathfetch -v -o $pathgeoipdatgz -T 20 $URL +if [ "$?" -eq "0" ]; then + $pathgunzip -f $pathgeoipdatgz + echo; echo " ( MaxMind IPv4 GeoIP.dat has been updated )"; echo + echo "Current Date/Timestamp:" + /bin/ls -alh $pathgeoipdat + echo +else + echo; echo " => MaxMind IPv4 GeoIP.dat Update [ FAILED ]"; echo + echo "MaxMind IPV4 Binary Update FAIL [ $now ]" >> $errorlog +fi + +# Download Part 2 - GeoLite IPv6 Binary Database + +echo; echo " ** Downloading MaxMind GeoLite IPv6 Binary Database (For Reputation/Alerts Processes) **"; echo +URL="http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz" +$pathfetch -v -o $pathgeoipdatgzv6 -T 20 $URL +if [ "$?" -eq "0" ]; then + $pathgunzip -f $pathgeoipdatgzv6 + echo; echo " ( MaxMind IPv6 GeoIPv6.dat has been updated )"; echo + echo "Current Date/Timestamp:" + /bin/ls -alh $pathgeoipdatv6 + echo +else + echo; echo " => MaxMind IPv6 GeoIPv6.dat Update [ FAILED ]"; echo + echo "MaxMind IPv6 Binary Update FAIL [ $now ]" >> $errorlog +fi +} + + +#Function to update MaxMind Country Code Files +csvupdate() { + +# Download Part 1 - CSV IPv4 Database + +echo; echo " ** Downloading MaxMind GeoLite IPv4 CSV Database **"; echo +URL="http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip" +$pathfetch -v -o $pathgeoipcsv4 -T 20 $URL +if [ "$?" -eq "0" ]; then + $pathtar -zxvf $pathgeoipcsv4 -C $pathdb + if [ "$?" -eq "0" ]; then + echo; echo " ( MaxMind GeoIPCountryWhois has been updated )"; echo + echo "Current Date/Timestamp:" + /bin/ls -alh $pathgeoipcsvfinal4 + echo + else + echo; echo " => MaxMind IPv4 GeoIPCountryWhois [ FAILED ]"; echo + echo "MaxMind CSV Database Update FAIL - Tar extract [ $now ]" >> $errorlog + fi +else + echo; echo " => MaxMind IPv4 CSV Download [ FAILED ]"; echo + echo "MaxMind CSV Database Update FAIL [ $now ]" >> $errorlog +fi + +# Download Part 2 - Country Definitions + +echo; echo " ** Downloading MaxMind GeoLite Database Country Definition File **"; echo +URL="http://dev.maxmind.com/static/csv/codes/country_continent.csv" +$pathfetch -v -o $pathgeoipcc -T 20 $URL +if [ "$?" -eq "0" ]; then + echo; echo " ( MaxMind ISO 3166 Country Codes has been updated. )"; echo + echo "Current Date/Timestamp:" + /bin/ls -alh $pathgeoipcc + echo +else + echo; echo " => MaxMind ISO 3166 Country Codes Update [ FAILED ]"; echo + echo "MaxMind ISO 3166 Country Code Update FAIL [ $now ]" >> $errorlog +fi + +# Download Part 3 - Country Definitions IPV6 + +echo " ** Downloading MaxMind GeoLite IPv6 CSV Database **"; echo +URL="http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz" +$pathfetch -v -o $pathgeoipcsv6 -T 20 $URL +if [ "$?" -eq "0" ]; then + $pathgunzip -f $pathgeoipcsv6 + echo; echo " ( MaxMind GeoIPv6.csv has been updated )"; echo + echo "Current Date/Timestamp:" + /bin/ls -alh $pathgeoipcsvfinal6 + echo +else + echo; echo " => MaxMind GeoLite IPv6 Update [ FAILED ]"; echo + echo "MaxMind GeoLite IPv6 Update FAIL [ $now ]" >> $errorlog +fi +} + + +# CALL APPROPRIATE PROCESSES using Script Argument $1 +case $1 in + bu) + binaryupdate + ;; + cu) + csvupdate + ;; + all) + binaryupdate + csvupdate + ;; + *) + exit + ;; +esac +exit
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc new file mode 100644 index 00000000..bc2ccfe1 --- /dev/null +++ b/config/pfblockerng/pfblockerng.inc @@ -0,0 +1,2505 @@ +<?php +/* + pfBlockerNG.inc + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + part of the Postfix package for pfSense + Copyright (C) 2010 Erik Fonnesbeck + Based upon pfBlocker by + Copyright (C) 2011-2012 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +//error_reporting(E_ALL); + +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("pfsense-utils.inc"); +require_once("globals.inc"); +require_once("services.inc"); + +# [ $pfb ] pfBlockerNG Global Array for Paths and Variables. This needs to be called to get the Updated Settings. +function pfb_global() { + + global $g,$config,$pfb; + + # Folders + $pfb['dbdir'] = "{$g['vardb_path']}/pfblockerng"; + $pfb['aliasdir'] = "{$g['vardb_path']}/aliastables"; + $pfb['logdir'] = "{$g['varlog_path']}/pfblockerng"; + $pfb['etdir'] = "{$pfb['dbdir']}/ET"; + $pfb['ccdir'] = "{$pfb['dbdir']}/cc"; + $pfb['nativedir'] = "{$pfb['dbdir']}/native"; + $pfb['denydir'] = "{$pfb['dbdir']}/deny"; + $pfb['matchdir'] = "{$pfb['dbdir']}/match"; + $pfb['permitdir'] = "{$pfb['dbdir']}/permit"; + $pfb['origdir'] = "{$pfb['dbdir']}/original"; + + # Create Folders if not Exist. + $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}","{$pfb['origdir']}","{$pfb['nativedir']}","{$pfb['denydir']}","{$pfb['matchdir']}","{$pfb['permitdir']}","{$pfb['aliasdir']}"); + foreach ($folder_array as $folder) { + safe_mkdir ("{$folder}",0755); + } + + # Files + $pfb['master'] = "{$pfb['dbdir']}/masterfile"; + $pfb['errlog'] = "{$pfb['logdir']}/error.log"; + $pfb['geolog'] = "{$pfb['logdir']}/geoip.log"; + $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log"; + $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt"; + $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; + + # Collect pfSense Version + $pfb['pfsenseversion'] = substr(trim(file_get_contents("/etc/version")),0,3); + + # General Variables + $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; + + # Enable/Disable of pfBlockerNG + $pfb['enable'] = $pfb['config']['enable_cb']; + # Keep Blocklists on pfBlockerNG Disable + $pfb['keep'] = $pfb['config']['pfb_keep']; + # Enable Suppression + $pfb['supp'] = $pfb['config']['suppression']; + # Max Lines in pfblockerng.log file + $pfb['logmax'] = $pfb['config']['log_maxlines']; + $pfb['iplocal'] = $config['interfaces']['lan']['ipaddr']; + # Disable Country Database CRON Updates + $pfb['cc'] = $pfb['config']['database_cc']; + + # Set pfBlockerNG to Disabled on 'Re-Install' + if (isset($pfb['install']) && $pfb['install']) { + $pfb['enable'] = ""; + $pfb['install'] = FALSE; + } +} + +pfb_global(); + +# Set Max PHP Memory Setting +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') + ini_set('memory_limit', '256M'); + + +# Function to decode to Alias Custom Entry Box. +function pfbng_text_area_decode($text) { + return preg_replace('/\r\n/', "\n",base64_decode($text)); +} + + +# Manage Log File Line Limit +function pfb_log_mgmt() { + global $pfb; + pfb_global(); + + if ($pfb['logmax'] == "nolimit") { + # Skip Log Mgmt + } else { + exec("/usr/bin/tail -n {$pfb['logmax']} {$pfb['log']} > /tmp/pfblog; /bin/mv -f /tmp/pfblog {$pfb['log']}"); + } +} + + +# Record Log Messsages to pfBlockerNG Log File and/or Error Log File. +function pfb_logger($log, $type) { + global $g,$pfb,$pfbarr; + + $now = date("m/d/y G:i:s", time()); + + # Only log timestamp if new + if (preg_match("/NOW/", $log)) { + if ($now == $pfb['pnow']) { + $log = str_replace("[ NOW ]", "", "{$log}"); + } else { + $log = str_replace("NOW", $now, "{$log}"); + } + $pfb['pnow'] = "{$now}"; + } + + if ($type == 2) { + @file_put_contents("{$pfb['log']}", "{$log}", FILE_APPEND); + @file_put_contents("{$pfb['errlog']}", "{$log}", FILE_APPEND); + } elseif ($type == 3) { + @file_put_contents("{$pfb['geolog']}", "{$log}", FILE_APPEND); + } else { + @file_put_contents("{$pfb['log']}", "{$log}", FILE_APPEND); + } +} + + +# Determine Folder Location for 'List' +function pfb_determine_list_detail($list) { + global $g,$pfb,$pfbarr; + $pfbarr = array(); + + if (in_array($list,array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { + $pfbarr['skip'] = FALSE; + $pfbarr['folder'] = "{$pfb['matchdir']}"; + } elseif (in_array($list,array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))) { + $pfbarr['skip'] = FALSE; + $pfbarr['folder'] = "{$pfb['permitdir']}"; + } elseif ($list == "Alias_Native") { + $pfbarr['skip'] = FALSE; + $pfbarr['folder'] = "{$pfb['nativedir']}"; + } else { + # Deny + $pfbarr['skip'] = TRUE; + $pfbarr['folder'] = "{$pfb['denydir']}"; + } + + // Collect proper Alias Table Description (Alias Only vs AutoRules) + if (preg_match("/Alias/", $list)) { + $pfbarr['descr'] = ""; + } else { + $pfbarr['descr'] = " Auto "; + } + + return $pfbarr; +} + +# Create Suppression Alias +function pfb_create_suppression_alias() { + global $config; + + // Collect existing pfsense alias(s) + if (is_array($config['aliases']['alias'])) { + foreach($config['aliases']['alias'] as $exalias) { + $new_aliases[] = $exalias; + } + } + // Create New pfBlockerNGSuppress Alias + $new_aliases[] = array( "name" => "pfBlockerNGSuppress", + "address" => "", + "descr" => "pfBlockerNG Suppression List (24|32 CIDR only)", + "type" => "network", + "detail" => "" + ); + $config['aliases']['alias'] = $new_aliases; + write_config(); +} + + +# Create Suppression file from Alias +function pfb_create_suppression_file() { + global $config,$pfb; + + // Find pfBlockerNGSuppress Array ID Number + $pfb['found'] = FALSE; + if (is_array($config['aliases']['alias'])) { + $pfb_id = 0; + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == "pfBlockerNGSuppress") { + $pfb['found'] = TRUE; + break; + } + $pfb_id++; + } + + if ($pfb['found']) { + $pfb_suppress = str_replace(" ", "\n", $config['aliases']['alias'][$pfb_id]['address']); + if (!empty($pfb_suppress)) + @file_put_contents("{$pfb['supptxt']}",$pfb_suppress, LOCK_EX); + } else { + # Delete Suppression File if Alias is Empty. + unlink_if_exists("{$pfb['supptxt']}"); + } + } + + // Call Function to Create Suppression Alias. + if (!$pfb['found']) + pfb_create_suppression_alias(); +} + + +# Main pfBlockerNG Function +function sync_package_pfblockerng($cron = "") { + + global $g,$config,$pfb,$pfbarr; + pfb_global(); + + # Detect Boot Process or Update via CRON + if (isset($_POST) && $cron == "") { + if (!preg_match("/\w+/",$_POST['__csrf_magic'])) { + log_error("[pfBlockerNG] Sync terminated during boot process."); + return; + } + } + log_error("[pfBlockerNG] Starting sync process."); + + # Start of pfBlockerNG Logging to 'pfblockerng.log' + if ($pfb['enable'] == "on" && !$pfb['save']) { + $log = " UPDATE PROCESS START [ NOW ]\n"; + } else { + $log = "\n**Saving Configuration [ NOW ] ...\n"; + } + pfb_logger("{$log}","1"); + + # TBC if Required ! (Fetch Timeout in 2.2) + + #apply fetch timeout to pfsense-utils.inc + $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc'); + $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils); + if ($new_pfsense_utils != $pfsense_utils) { + @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX); + } + + # Collect pfSense Max Table Size Entry + $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000"); + + # If Table limit not defined, set Default to 2M + $config['system']['maximumtableentries'] = "{$pfb['table_limit']}"; + + # Collect local web gui configuration + $pfb['weblocal'] = ($config['system']['webgui']['protocol'] != "" ? $config['system']['webgui']['protocol'] : "http"); + $pfb['port'] = $config['system']['webgui']['port']; + if ($pfb['port'] == "") { + if ($config['system']['webgui']['protocol'] == "http") { + $pfb['port'] = "80"; + } else { + $pfb['port'] = "443"; + } + } + $pfb['weblocal'] .= "://127.0.0.1:{$pfb['port']}/pfblockerng/pfblockerng.php"; + + # Define Inbound/Outbound Action is not user selected. + $pfb['deny_action_inbound'] = ($pfb['config']['inbound_deny_action'] != "" ? $pfb['config']['inbound_deny_action'] : "block"); + $pfb['deny_action_outbound'] = ($pfb['config']['outbound_deny_action'] != "" ? $pfb['config']['outbound_deny_action'] : "reject"); + + # Validation check to see if the Original pfBlocker package is Enabled + $pfb['validate']= $pfb['config']['pfblocker_cb']; + # User Defined CRON Start Minute + $pfb['min'] = $pfb['config']['pfb_min']; + # Reloads Existing Blocklists without Downloading New Lists + $pfb['reuse'] = $pfb['config']['pfb_reuse']; + # Enable OpenVPN AutoRules + $pfb['openvpn'] = $pfb['config']['openvpn_action']; + # Enable/Disable Floating Auto-Rules + $pfb['float'] = $pfb['config']['enable_float']; + # Enable Remove of Duplicate IPs utilizing Grepcidr + $pfb['dup'] = $pfb['config']['enable_dup']; + # Order of the Auto-Rules + $pfb['order'] = $pfb['config']['pass_order']; + # Suffix used for Auto-Rules + $pfb['suffix'] = $pfb['config']['autorule_suffix']; + + # Reputation Variables + $pfb['config_rep'] = $config['installedpackages']['pfblockerngreputation']['config'][0]; + + # Enable/Disable Reputation + $pfb['rep'] = $pfb['config_rep']['enable_rep']; + # Enable/Disable 'pDup' + $pfb['pdup'] = $pfb['config_rep']['enable_pdup']; + # Enable/Disable 'dDup' + $pfb['dedup'] = ($pfb['config_rep']['enable_dedup'] != "" ? $pfb['config_rep']['enable_dedup'] : "x"); + # 'Max' variable setting for Reputation + $pfb['max'] = ($pfb['config_rep']['p24_max_var'] != "" ? $pfb['config_rep']['p24_max_var'] : "x"); + # 'dMax' variable setting for Reputation + $pfb['dmax'] = ($pfb['config_rep']['p24_dmax_var'] != "" ? $pfb['config_rep']['p24_dmax_var'] : "x"); + # 'pMax' variable setting for Reputation + $pfb['pmax'] = ($pfb['config_rep']['p24_pmax_var'] != "" ? $pfb['config_rep']['p24_pmax_var'] : "x"); + # Action for Whitelist Country Category + $pfb['ccwhite'] = $pfb['config_rep']['ccwhite']; + # Action for Blacklist Country Category + $pfb['ccblack'] = $pfb['config_rep']['ccblack']; + # List of Countries in the Whitelist Category + $pfb['ccexclude']= ($pfb['config_rep']['ccexclude'] != "" ? $pfb['config_rep']['ccexclude'] : "x"); + # Emerging Threats IQRisk Block Categories + $pfb['etblock'] = ($pfb['config_rep']['etblock'] != "" ? $pfb['config_rep']['etblock'] : "x"); + # Emerging Threats IQRisk Match Categories + $pfb['etmatch'] = ($pfb['config_rep']['etmatch'] != "" ? $pfb['config_rep']['etmatch'] : "x"); + # Perform a Force Update on ET Categories + $pfb['etupdate']= $pfb['config_rep']['et_update']; + + # Variables + + # Starting Variable to Skip rep, pdup and dedeup functions if no changes are required + $pfb['dupcheck'] = FALSE; + ## $pfb['save'] is used to determine if User pressed "Save" Button to avoid Collision with CRON. + ## This is defined in each pfBlockerNG XML Files + + # Validation Check to ensure pfBlocker and pfBlockerNG are not running at the same time. + if ($pfb['validate'] == "") { + # Collect pfBlocker Enabled Status from config file + $pfb['validate_chk'] = $config['installedpackages']['pfblocker']['config'][0]['enable_cb']; + if ($pfb['validate_chk'] == "on") { + $log = "\n The Package 'pfBlocker' is currently Enabled. Either Disable pfBlocker, or 'Disable Validation Check' in pfBlockerNG \n"; + pfb_logger("{$log}","1"); + return; + } + } + + + ############################################# + # Configure ARRAYS # + ############################################# + + $continents = array ( "Africa" => "pfB_Africa", + "Antartica" => "pfB_Antartica", + "Asia" => "pfB_Asia", + "Europe" => "pfB_Europe", + "North America" => "pfB_NAmerica", + "Oceania" => "pfB_Oceania", + "South America" => "pfB_SAmerica", + "Top Spammers" => "pfB_Top" + ); + + #create rules vars and arrays + # Array used to Collect Changes to Aliases to be saved to Config + $new_aliases = array(); + $new_aliases_list = array(); + $continent_existing = array(); + $continent_new = array(); + $permit_inbound = array(); + $permit_outbound = array(); + $deny_inbound = array(); + $deny_outbound = array(); + # An Array of all Aliases (Active and non-Active) + $aliases_list = array(); + # This is an Array of Aliases that Have Updated Lists via CRON/Force Update when 'Reputation' disabled. + $pfb_alias_lists = array(); + # This is an Array of All Active Aliases used when 'Reputation' enabled + $pfb_alias_lists_all = array(); + + # Base Rule Array + $base_rule_reg = array( "id" => "", + "tag" => "", + "tagged" => "", + "max" => "", + "max-src-nodes" => "", + "max-src-conn" => "", + "max-src-states"=> "", + "statetimeout" => "", + "statetype" => "keep state", + "os" => "" + ); + + # Floating Rules, Base Rule Array + $base_rule_float = array("id" => "", + "tag" => "", + "tagged" => "", + "quick" => "yes", + "floating" => "yes", + "max" => "", + "max-src-nodes" => "", + "max-src-conn" => "", + "max-src-states"=> "", + "statetimeout" => "", + "statetype" => "keep state", + "os" => "" + ); + + + ############################################# + # Configure Rule Suffix # + ############################################# + + # Discover if any Rules are AutoRules (If no AutoRules found, $pfb['autorules'] is FALSE, Skip Rules Re-Order ) + # To configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules + $pfb['autorules'] = FALSE; + $pfb['found'] = FALSE; + foreach ($continents as $continent => $pfb_alias) { + if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { + $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; + if ($continent_config['action'] != "Disabled" && in_array($continent_config['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + $pfb['autorules'] = TRUE; + $pfb['found'] = TRUE; + break; + } + } + } + + $list_type = array ("pfblockernglistsv4", "pfblockernglistsv6"); + foreach ($list_type as $ip_type) { + if ($config['installedpackages'][$ip_type]['config'] != "" && !$pfb['found']) { + foreach($config['installedpackages'][$ip_type]['config'] as $list) { + if ($list['action'] != "Disabled" && in_array($list['action'],array('Deny_Both','Deny_Inbound','Deny_Outbound','Match_Both','Match_Inbound','Match_Outbound','Permit_Both','Permit_Inbound','Permit_Outbound'))) { + $pfb['autorules'] = TRUE; + break; + } + } + } + } + + #Configure Auto Rule Suffix. pfBlockerNG must be disabled to change Suffix and to avoid Duplicate Rules + # Count Number of Rules with 'pfB_' + $count = 0; + if (is_array($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + # Collect any pre-existing Suffix + if (preg_match("/pfB_\w+(\s.*)/",$rule['descr'], $pfb_suffix_real) && $count == 0) { + $pfb_suffix_match = $pfb_suffix_real[1]; + } + # Query for Existing pfB Rules + if (preg_match("/pfB_/",$rule['descr'])) { + $count++; + break; + } + } + } + + # Change Suffix only if No pfB Rules Found and Auto Rules are Enabled. + if ($pfb['autorules'] && $count == 0) { + switch ($pfb['suffix']) { + case "autorule": + $pfb['suffix'] = " auto rule"; + break; + case "standard": + $pfb['suffix'] = ""; + break; + case "ar": + $pfb['suffix'] = " AR"; + break; + } + } else { + if ($pfb['autorules']) { + # Use existing Suffix Match + $pfb['suffix'] = $pfb_suffix_match; + } else { + # Leave Rule Suffix 'Blank' + $pfb['suffix'] = ""; + } + } + + + ############################################# + # Configure INBOUND/OUTBOUND INTERFACES # + ############################################# + + # Collect pfSense Interface Order + $ifaces = get_configured_interface_list(); + + if (!empty($pfb['config']['inbound_interface'])) { + # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. + $selected_interfaces = explode(",",$pfb['config']['inbound_interface']); + # Sort pfBlockerNG Interface order to pfSense Interface Order + $sort_interfaces = array_intersect($ifaces, $selected_interfaces); + $implode_interfaces = ltrim(implode(",",$sort_interfaces), ","); + # CSV String for Inbound Interfaces for 'pfB_' Match Rules + $pfb['inbound_floating'] = $implode_interfaces; + $pfb['inbound_interfaces_float'] = explode(" ",$implode_interfaces); + + # Assign Inbound Base Rule/Interfaces + if ($pfb['float'] == "on") { + # Define Base Firewall Floating Rules Settings + $base_rule = $base_rule_float; + $pfb['inbound_interfaces'] = $pfb['inbound_interfaces_float']; + } else { + # Define Base Firewall Rules Settings + $base_rule = $base_rule_reg; + $pfb['inbound_interfaces'] = explode(",",$pfb['config']['inbound_interface']); + } + } else { + # Define Empty Variable/Array + $pfb['inbound_interfaces_float'] = ""; + $pfb['inbound_interfaces'] = array(); + } + + if (!empty($pfb['config']['outbound_interface'])) { + # Sort Interface Array to match pfSense Interface order to allow Floating Rules to populate. + $selected_interfaces = explode(",",$pfb['config']['outbound_interface']); + # Sort pfBlockerNG Interface order to pfSense Interface Order + $sort_interfaces = array_intersect($ifaces, $selected_interfaces); + // If OpenVPN Interfaces are not in dropdown menu + if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client']) + if (!in_array("openvpn",$sort_interfaces)) + array_push($sort_interfaces, "openvpn"); + $implode_interfaces = ltrim(implode(",",$sort_interfaces), ","); + # CSV String for Outbound Interfaces for 'pfB_' Match Rules + $pfb['outbound_floating'] = $implode_interfaces; + $pfb['outbound_interfaces_float'] = explode(" ",$implode_interfaces); + + # Assign Outbound Base Rule/Interfaces + if ($pfb['float'] == "on") { + $base_rule = $base_rule_float; + $pfb['outbound_interfaces'] = $pfb['outbound_interfaces_float']; + } else { + $base_rule = $base_rule_reg; + $pfb['outbound_interfaces'] = explode(",",$pfb['config']['outbound_interface']); + // If OpenVPN Interfaces are not in dropdown menu + if ($pfb['openvpn'] == "on" && $config['openvpn']['openvpn-server'] || $pfb['openvpn'] == "on" && $config['openvpn']['openvpn-client']) + if (!in_array("openvpn",$sort_interfaces)) + array_push($pfb['outbound_interfaces'], "openvpn"); + } + } else { + # Define Empty Variable/Array + $pfb['outbound_interfaces_float'] = ""; + $pfb['outbound_interfaces'] = array(); + } + + + ############################################# + # Clear Removed Lists from Masterfiles # + ############################################# + + # Process to keep Masterfiles in Sync with Valid Lists from config.conf file. + $pfb['sync_master'] = TRUE; + + # Don't execute this function when pfBlockerNG is Disabled and 'Keep Blocklists' is enabled. + if ($pfb['enable'] == "" && $pfb['keep'] == "on") + $pfb['sync_master'] = FALSE; + + if ($pfb['sync_master']) { + $pfb['existing']['match']['type'] = "match"; + $pfb['existing']['permit']['type'] = "permit"; + $pfb['existing']['deny']['type'] = "deny"; + $pfb['existing']['native']['type'] = "native"; + $pfb['existing']['match']['folder'] = "{$pfb['matchdir']}"; + $pfb['existing']['permit']['folder'] = "{$pfb['permitdir']}"; + $pfb['existing']['deny']['folder'] = "{$pfb['denydir']}"; + $pfb['existing']['native']['folder'] = "{$pfb['nativedir']}"; + $pfb['actual']['match']['type'] = "match"; + $pfb['actual']['permit']['type'] = "permit"; + $pfb['actual']['deny']['type'] = "deny"; + $pfb['actual']['native']['type'] = "native"; + $pfb['actual']['match']['folder'] = "{$pfb['matchdir']}"; + $pfb['actual']['permit']['folder'] = "{$pfb['permitdir']}"; + $pfb['actual']['deny']['folder'] = "{$pfb['denydir']}"; + $pfb['actual']['native']['folder'] = "{$pfb['nativedir']}"; + + // Find all Enabled Continents Lists + foreach ($continents as $continent => $pfb_alias) { + if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config']) && $pfb['enable'] == "on") { + $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; + if ($continent_config['action'] != "Disabled") { + $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); + foreach ($cont_type as $c_type => $vtype) { + if ($continent_config[$c_type] != "") { + # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' + if (in_array($continent_config['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { + $pfb['existing']['match'][] = "{$pfb_alias}{$vtype}"; + } elseif (in_array($continent_config['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))){ + $pfb['existing']['permit'][] = "{$pfb_alias}{$vtype}"; + } elseif ($continent_config['action'] == "Alias_Native") { + $pfb['existing']['native'][] = "{$pfb_alias}{$vtype}"; + } else { + $pfb['existing']['deny'][] = "{$pfb_alias}{$vtype},"; // Add Trailing ',' + } + } + } + } + } + } + + # Find all Enabled IPv4/IPv6 Lists + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + if (is_array($list['row']) && $list['action'] != "Disabled") { + foreach ($list['row'] as $row) { + if ($vtype == "_v4") { + $pfb_alias = "{$row['header']}"; + } else { + $pfb_alias = "{$row['header']}_v6"; + } + # Collect Enabled Lists + if ($row['url'] != "" && $row['state'] != "Disabled") { + # Set Parameters for 'Match', 'Permit', 'Native' and 'Deny' + if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { + $pfb['existing']['match'][] = "{$pfb_alias}"; + } elseif (in_array($list['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))) { + $pfb['existing']['permit'][] = "{$pfb_alias}"; + } elseif ($list['action'] == "Alias_Native") { + $pfb['existing']['native'][] = "{$pfb_alias}"; + } else { + $pfb['existing']['deny'][] = "{$pfb_alias},"; // Add Trailing ',' + } + } + } + } + } + } + } + + # Find all Enabled IPv4 'Custom List' Header Names and Check if 'Emerging Threats Update' and 'Custom List Update' Needs Force Updating + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { + $count = -1; + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + if (is_array($list['row']) && $list['action'] != "Disabled") { + $count++; + # Check if 'Emerging Threats Update' Needs Updating before next CRON Event. + if (is_array($list['row']) && $row['state'] != "Disabled" && $pfb['etupdate'] == "enabled" && $vtype == "_v4") { + foreach ($list['row'] as $row) { + $aliasname = $row['header']; + if ($row['format'] == "et") { + unlink_if_exists("{$pfb['denydir']}/{$aliasname}.txt"); + $config['installedpackages']['pfblockerngreputation']['config'][0]['et_update'] = "disabled"; + break; + } + } + } + } + + # Collect Enabled Custom List Box Aliases + if (pfbng_text_area_decode($list['custom']) != "") { + if ($vtype == "_v4") { + $pfb_alias = "{$list['aliasname']}_custom"; + } else { + $pfb_alias = "{$list['aliasname']}_custom_v6"; + } + # Determine Folder Location for 'List' + if (in_array($list['action'],array('Match_Both','Match_Inbound','Match_Outbound','Alias_Match'))) { + $pfb['existing']['match'][] = "{$pfb_alias}"; + $pfbfolder = "{$pfb['matchdir']}"; + } elseif (in_array($list['action'],array('Permit_Both','Permit_Inbound','Permit_Outbound','Alias_Permit'))) { + $pfb['existing']['permit'][] = "{$pfb_alias}"; + $pfbfolder = "{$pfb['permitdir']}"; + } elseif ($list['action'] == "Alias_Native") { + $pfb['existing']['native'][] = "{$pfb_alias}"; + $pfbfolder = "{$pfb['nativedir']}"; + } else { + $pfb['existing']['deny'][] = "{$pfb_alias},"; // Add Trailing ',' + $pfbfolder = "{$pfb['denydir']}"; + } + # Determine if 'Custom List' Needs Force Updating before next CRON Event. + if ($list['custom_update'] == "enabled") { + unlink_if_exists("{$pfbfolder}/{$pfb_alias}.txt"); + # Uncheck 'Enabled' in List 'Custom_update' Setting + $config['installedpackages'][$ip_type]['config'][$count]['custom_update'] = "disabled"; + } + } + } + } + } + + # Collect all .txt file Names for each List Type + $list_types = array('match' => $pfb['matchdir'], 'permit' => $pfb['permitdir'], 'deny' => $pfb['denydir'], 'native' => $pfb['nativedir']); + foreach ($list_types as $type => $pfbfolder) { + $pfb_files = glob("$pfbfolder/*.txt"); + foreach ($pfb_files as $pfb_list) { + $pfb_file = basename($pfb_list,".txt"); + if ($type == "deny") { + $pfb['actual'][$type][] = "{$pfb_file},"; // Add Trailing ',' + } else { + $pfb['actual'][$type][] = "{$pfb_file}"; + } + } + } + + # Flag to execute pfctl and Rules Ordering + $pfb['remove'] = FALSE; + # Execute Final Summary as a List was Removed + $pfb['summary'] = FALSE; + + # Process to Remove Lists from Masterfile/DB Folder if they do not Exist + if (isset($pfb['existing'])) { + foreach ($pfb['existing'] as $pfb_exist) { + $existing_type = $pfb_exist['type']; + $pfbfolder = $pfb_exist['folder']; + foreach ($pfb['actual'] as $pfb_act) { + $actual_type = $pfb_act['type']; + if ($existing_type == $actual_type) { + switch ($existing_type) { + case "deny": + $results = array_diff($pfb_act, $pfb_exist); + $f_result = implode($results); + if ($f_result != "") { + $log = "[ Removing List(s) : {$f_result} ]\n"; + pfb_logger("{$log}","1"); + # Script to Remove un-associated Lists + exec ("{$pfb['script']} remove x x x {$f_result} >> {$pfb['log']} 2>&1"); + $pfb['summary'] = TRUE; + $pfb['remove'] = TRUE; + } + break; + case "match": + case "permit": + case "native": + $results = array_diff($pfb_act, $pfb_exist); + # This variable ($f_result) used in next section below. + $f_result = implode($results); + if (!empty($results)) { + foreach ($results as $pfb_results) { + $log = "[ Removing List(s) : {$pfb_results} ]\n"; + pfb_logger("{$log}","1"); + unlink_if_exists("{$pfbfolder}/{$pfb_results}.txt"); + } + $pfb['summary'] = TRUE; + $pfb['remove'] = TRUE; + } + break; + } + + # Allow Rebuilding of Changed Aliase to purge 'SKIP' Lists (when pfBlockerNG is Enabled) + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($f_result != "" && $pfb['enable'] == "on") { + foreach ($results as $removed_header) { + if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); + if (is_array($list['row'])) { + foreach ($list['row'] as $row) { + $removed = rtrim($removed_header, ','); + if ($row['header'] == $removed) { + $pfb['summary'] = TRUE; + $pfb['remove'] = TRUE; + # Add Alias to Update Array + $pfb_alias_lists[] = "{$alias}"; + $pfb_alias_lists_all[] = "{$alias}"; + } + } + } + } + } + } + } + } + } + } + } + } + } + + ############################################## + # Clear Match/Pass/ET/Original Files/Folders # + ############################################## + + # When pfBlockerNG is Disabled and 'Keep Blocklists' is Disabled. + if ($pfb['enable'] == "" && $pfb['keep'] == "" && !$pfb['install']) { + $log = "\n Removing DB Files/Folders \n"; + pfb_logger("{$log}","1"); + + unlink_if_exists("{$pfb['dbdir']}/masterfile"); + unlink_if_exists("{$pfb['dbdir']}/mastercat"); + unlink_if_exists("{$pfb['supptxt']}"); + rmdir_recursive("{$pfb['origdir']}"); + rmdir_recursive("{$pfb['matchdir']}"); + rmdir_recursive("{$pfb['permitdir']}"); + rmdir_recursive("{$pfb['denydir']}"); + rmdir_recursive("{$pfb['nativedir']}"); + rmdir_recursive("{$pfb['etdir']}"); + } + + + ############################################# + # Create Suppression Txt File # + ############################################# + + if ($pfb['enable'] == "on" && $pfb['supp'] == "on") + pfb_create_suppression_file(); + + + ############################################# + # Assign Countries # + ############################################# + + foreach ($continents as $continent => $pfb_alias) { + if (is_array($config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'])) { + $continent_config = $config['installedpackages']['pfblockerng' . strtolower(preg_replace('/ /','',$continent))]['config'][0]; + if ($continent_config['action'] != "Disabled" && $pfb['enable'] == "on") { + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($continent_config['action']); + $pfb['skip'] = $pfbarr['skip']; + $pfb_descr = $pfbarr['descr']; + $pfbfolder = $pfbarr['folder']; + + // Determine if Continent Lists require Action (IPv4 and IPv6) + $cont_type = array ("countries4" => "_v4", "countries6" => "_v6"); + foreach ($cont_type as $c_type => $vtype) { + + $continent = ""; + if ($continent_config[$c_type] != "") { + + // Collect Selected ISO Country Files + foreach (explode(",", $continent_config[$c_type]) as $iso) { + if ($iso != "" && file_exists($pfb['ccdir'] .'/' . $iso . $vtype . '.txt')) { + $continent .= file_get_contents ($pfb['ccdir'] . '/' . $iso . $vtype . '.txt'); + } + } + + if (file_exists($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig')) + $continent_existing = preg_replace('/\s/', '', file ($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig')); + + // Collect New Continent Data for comparison. Cleanup Array for Comparison + $continent_new = preg_split ('/$\R?^/m', $continent); + $line = count ( $continent_new ) - 1; + $match = $continent_new[$line]; + $continent_new[$line] = rtrim($match, "\n"); + + # Check if pfBlockerNG pfctl Continent Tables are Empty (pfBlockerNG was Disabled w/ "keep", then Re-enabled) + $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$pfb_alias}{$vtype} | awk '/Addresses/ {s+=$2}; END {print s}'"); + if (empty($pfctlck) && file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) { + $file_cont = file_get_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt'); + @file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$file_cont, LOCK_EX); + # PFCTL - Update Only Aliases that have been updated. ('Reputation' Disabled) + $pfb_alias_lists[] = "{$pfb_alias}{$vtype}"; + } + + # Collect Active Alias Lists (Used for pfctl Update when 'Reputation' is enabled). + $pfb_alias_lists_all[] = "{$pfb_alias}{$vtype}"; + + // Compare Existing (Original File) and New Continent Data + if ($continent_new === $continent_existing && !empty($pfctlck) && file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt') && $pfb['reuse'] == "") { + # Format Log into clean Tab Spaces + $string_final = "{$pfb_alias}{$vtype}"; + if (strlen($string_final) > 10) { + $log_tab = "\t"; + } else { + $log_tab = "\t\t"; + } + + if (!$pfb['save']) { + $log = "\n[ {$pfb_alias}{$vtype} ] {$log_tab} exists, Reloading File [ NOW ]\n"; + pfb_logger("{$log}","1"); + } + } else { + // Do not proceed with Changes on User 'Save' + if (!$pfb['save']) { + $log = "\n[ {$pfb_alias}{$vtype} ] {$log_tab} Changes Found... Updating \n"; + pfb_logger("{$log}","1"); + + # Test to Skip d-dup and p-dup functions when changes are found. + $pfb['dupcheck'] = TRUE; + + $pfb_alias_lists[] = "{$pfb_alias}{$vtype}"; + + // Script to call Duplication Check Process only on IPv4 + if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") { + // Copy Continent Data to 'lists' folder for duplication processing + @file_put_contents($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig',$continent, LOCK_EX); + @file_put_contents($pfb['denydir'] . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX); + exec ("{$pfb['script']} continent {$pfb_alias}{$vtype} >> {$pfb['log']} 2>&1"); + $continent = file_get_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt'); + @file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX); + } else { + @file_put_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX); + @file_put_contents($pfb['origdir'] . '/' . $pfb_alias . $vtype . '.orig',$continent, LOCK_EX); + @file_put_contents($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt',$continent, LOCK_EX); + } + + # Check if File Exists and is >0 in Size and Save alias file + $file_chk = "0"; + $cont_chk = "{$pfbfolder}/{$pfb_alias}{$vtype}.txt"; + if (file_exists($cont_chk) && @filesize($cont_chk) >0) + $file_chk = exec ("/usr/bin/grep -cv '^#\|^$' {$cont_chk}"); + + if ($file_chk == "0" || $file_chk == "1") { + $new_file = "1.1.1.1\n"; + @file_put_contents($pfbfolder . '/' . $pfb_alias . $vtype . '.txt', $new_file, LOCK_EX); + @file_put_contents($pfb['aliasdir'] . "/" . $pfb_alias . $vtype . ".txt", $new_file, LOCK_EX); + $log = "[ {$pfb_alias}{$vtype} ] Found no Unique IPs, Adding '1.1.1.1' to avoid Empty File\n"; + pfb_logger("{$log}","1"); + } + } + } + + + if (file_exists($pfbfolder . '/' . $pfb_alias . $vtype . '.txt')) { + #Create alias config + $new_aliases_list[] = "{$pfb_alias}{$vtype}"; + + $pfb_contlog = $continent_config['aliaslog']; + + $new_aliases[] = array( "name" => "{$pfb_alias}{$vtype}", + "url" => "{$pfb['weblocal']}?pfb={$pfb_alias}{$vtype}", + "updatefreq" => "32", + "address" => "", + "descr" => "pfBlockerNG {$vtype} {$pfb_descr} Country Alias", + "type" => "urltable", + "detail" => "DO NOT EDIT THIS ALIAS" + ); + + #Create rule if action permits + switch ($continent_config['action']) { + case "Deny_Both": + case "Deny_Outbound": + $rule = $base_rule; + $rule['type'] = "{$pfb['deny_action_outbound']}"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr']= "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array("any" => ""); + $rule['destination'] = array ("address" => "{$pfb_alias}{$vtype}"); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $deny_outbound[] = $rule; + if ($continent_config['action'] != "Deny_Both") + break; + case "Deny_Inbound": + $rule = $base_rule; + $rule['type'] = "{$pfb['deny_action_inbound']}"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array("address" => "{$pfb_alias}{$vtype}"); + $rule['destination'] = array ("any" => ""); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $deny_inbound[] = $rule; + break; + case "Permit_Both": + case "Permit_Outbound": + $rule = $base_rule; + $rule['type'] = "pass"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array ("any" => ""); + $rule['destination'] = array("address" => "{$pfb_alias}{$vtype}"); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $permit_outbound[] = $rule; + if ($continent_config['action'] != "Permit_Both") + break; + case "Permit_Inbound": + $rule = $base_rule; + $rule['type'] = "pass"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array("address"=> "{$pfb_alias}{$vtype}"); + $rule['destination'] = array ("any" => ""); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $permit_inbound[] = $rule; + break; + case "Match_Both": + case "Match_Outbound": + $rule = $base_rule_float; + $rule['type'] = "match"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + $rule['direction'] = "any"; + $rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array ("any" => ""); + $rule['destination'] = array ("address" => "{$pfb_alias}{$vtype}"); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $match_outbound[] = $rule; + if ($list['action'] != "Match_Both") + break; + case "Match_Inbound": + $rule = $base_rule_float; + $rule['type'] = "match"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + $rule['direction'] = "any"; + $rule['descr'] = "{$pfb_alias}{$vtype}{$pfb['suffix']}"; + $rule['source'] = array ("address" => "{$pfb_alias}{$vtype}"); + $rule['destination'] = array ( "any" => ""); + if ($pfb['config']['enable_log'] == "on" || $pfb_contlog == "enabled") + $rule['log'] = ""; + $match_inbound[] = $rule; + break; + } + } else { + #unlink continent list if any + unlink_if_exists($pfb['aliasdir'] . '/' . $pfb_alias . $vtype . '.txt'); + } + } + } + } + #mark pfctl aliastable for cleanup + if (!in_array($pfb_alias, $aliases_list)) { + $aliases_list[] = "{$pfb_alias}{$vtype}"; + } + } + } + # UNSET variables + unset ($continent, $continent_existing, $continent_new); + + ############################################# + # Download and Collect IPv4/IPv6 lists # + ############################################# + + # IPv4 REGEX Definitions + $pfb['range'] = '/((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))-((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))/'; + $pfb['block'] = '/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[ 0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.([0]{1})\s+/'; + $pfb['cidr'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)?\/[0-9]{2}/'; + $pfb['single'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\s+/'; + $pfb['s_html'] = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/'; + + # IPv4 preg_replace Regex Filter array + $pfb_ipreg = array(); + $pfb_ipreg[0] = '/\b0+(?=\d)/'; # Remove any Leading Zeros in each Octet + $pfb_ipreg[1] = '/\s/'; # Remove any Whitespaces + $pfb_ipreg[2] = '/127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/'; # Remove any Loopback Addresses 127/8 + $pfb_ipreg[3] = '/0\.0\.0\.0/'; # Remove 0.0.0.0 + + # IPv6 REGEX Definitions -- ** Still Needs some Adjustment on Regex Definition for IPv6 ** + # https://mebsd.com/coding-snipits/php-regex-ipv6-with-preg_match.html + $pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}'; + $pattern2 = '([A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}'; + $pattern3 = '([A-Fa-f0-9]{1,4}:){2}:([A-Fa-f0-9]{1,4}:){0,4}[A-Fa-f0-9]{1,4}'; + $pattern4 = '([A-Fa-f0-9]{1,4}:){3}:([A-Fa-f0-9]{1,4}:){0,3}[A-Fa-f0-9]{1,4}'; + $pattern5 = '([A-Fa-f0-9]{1,4}:){4}:([A-Fa-f0-9]{1,4}:){0,2}[A-Fa-f0-9]{1,4}'; + $pattern6 = '([A-Fa-f0-9]{1,4}:){5}:([A-Fa-f0-9]{1,4}:){0,1}[A-Fa-f0-9]{1,4}'; + $pattern7 = '([A-Fa-f0-9]{1,4}:){6}:[A-Fa-f0-9]{1,4}'; + $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$/"; + + $pfb['supp_update'] = FALSE; + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "") { + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + if ($list['action'] != "Disabled" && $pfb['enable'] == "on" && !$pfb['save'] && is_array($list['row'])) { + # Capture Alias Name + $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); + foreach ($list['row'] as $row) { + if ($row['url'] != "" && $row['state'] != "Disabled") { + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($list['action']); + $pfb['skip'] = $pfbarr['skip']; + $pfbfolder = $pfbarr['folder']; + + if ($vtype == "_v4") { + $header_url = "{$row['header']}"; + } else { + $header_url = "{$row['header']}_v6"; + } + + # Format Log into clean Tab Spaces + if (strlen($header_url) > 10) { + $log_tab = "\t"; + } else { + $log_tab = "\t\t"; + } + + # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + $pfb_alias_lists_all[] = "{$alias}"; + + // Empty Header Field Validation Check + if (empty($header_url)) { + $log = "\n [ {$row['url']} ] {$log_tab} Header Field cannot be Empty. *Skipping* \n"; + pfb_logger("{$log}","2"); + continue; + } + + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $pfb['reuse'] == "") { + if ($row['state'] == "Hold") { + $log = "\n[ {$header_url} ] {$log_tab} Static Hold [ NOW ]\n"; + } else { + $log = "\n[ {$header_url} ] {$log_tab} exists, Reloading File [ NOW ]\n"; + } + pfb_logger("{$log}","1"); + } else { + if ($pfb['reuse'] == "on" && file_exists($pfb['origdir'] . '/' . $header_url . '.orig')) { + $log = "\n[ {$header_url} ] {$log_tab} Using Previously Downloaded File [ NOW ]\n"; + } else { + $log = "\n[ {$header_url} ] {$log_tab} Downloading New File [ NOW ]\n"; + } + pfb_logger("{$log}","1"); + + # Perform Remote URL Date/Time Stamp checks + $host = @parse_url($row['url']); + $list_url = "{$row['url']}"; + if ($row['format'] != "rsync" || $row['format'] != "html") { + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + $remote_tds = "local"; + } else { + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); + $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); + } + } + + $url_list = array(); + if ($row['format'] == "gz" || $row['format'] == "gz_2") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_gz = "{$row['url']}"; + $file_gz = @file_get_contents($url_gz); + @file_put_contents($file_dwn, $file_gz, LOCK_EX); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + $url_list = @gzfile($file_dwn); + } + + # IBlock Large Files mixed with IPs and Domains. PHP mem of 256M can't handle very large Files. + if ($row['format'] == "gz_lg") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_gz = "{$row['url']}"; + $file_gz = @file_get_contents($url_gz); + @file_put_contents($file_dwn, $file_gz, LOCK_EX); + exec ("/usr/bin/gunzip -c {$file_dwn} | /usr/bin/sed 's/^.*://' | /usr/bin/grep -v '[a-zA-Z]\|^$\|^#' > {$pfb['origdir']}/{$header_url}.orig"); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + $url_list = @file($pfb['origdir'] . '/' . $header_url . '.orig'); + } + + elseif ($row['format'] == "zip") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.zip"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_zip = "{$row['url']}"; + if (!$file_zip = @file_get_contents($url_zip)) { + $error = error_get_last(); + $log = "\n [ {$header_url} ] {$error['message']} \n"; + pfb_logger("{$log}","2"); + } else { + @file_put_contents($file_dwn, $file_zip, LOCK_EX); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + } + $zip_out = "{$pfb['origdir']}/{$header_url}.orig"; + exec ("/usr/bin/tar -xOf {$file_dwn} | tr ',' '\n' > {$zip_out}"); + $url_list = @file($zip_out); + } + + elseif ($row['format'] == "et") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.gz"; + # Script to Call ET IQRISK Process + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_et = "{$row['url']}"; + $file_et = @file_get_contents($url_et); + @file_put_contents($file_dwn, $file_et, LOCK_EX); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + exec ("{$pfb['script']} et {$header_url} x x x x x {$pfb['etblock']} {$pfb['etmatch']} >> {$pfb['log']} 2>&1"); + $url_list = @file($pfb['origdir'] . '/' . $header_url . '.orig'); + } + + elseif ($row['format'] == "xlsx") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.zip"; + # Script to Call XLSX Process + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_xlsx = "{$row['url']}"; + $file_xlsx = @file_get_contents($url_xlsx); + @file_put_contents($file_dwn, $file_xlsx, LOCK_EX); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + exec ("{$pfb['script']} xlsx {$header_url} >> {$pfb['log']} 2>&1"); + $url_list = @file($pfb['origdir'] . '/' . $header_url . '.orig'); + } + + elseif ($row['format'] == "txt") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.orig"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + $url_list = @file($file_dwn); + } else { + $url_other = @file($row['url']); + $url_list = $url_other; + @file_put_contents($file_dwn, $url_other, LOCK_EX); + if ($remote_tds == "local") + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($file_dwn)); + $remote_stamp = strtotime($remote_tds); + if (!empty($remote_stamp) && file_exists($file_dwn)) + touch ($file_dwn, $remote_stamp); + } + } + + elseif ($row['format'] == "html" || $row['format'] == "block") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.raw"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + $return = 0; + } else { + $url_html = "{$row['url']}"; + exec ("/usr/bin/fetch -v -o {$file_dwn} -T 20 {$url_html}",$output,$return); + } + if ($return == 0) + $url_list = @file($file_dwn); + } + + elseif ($row['format'] == "rsync") { + $file_dwn = "{$pfb['origdir']}/{$header_url}.orig"; + if ($pfb['reuse'] == "on" && file_exists($file_dwn)) { + # File Exists/Reuse + } else { + $url_rsync = "{$row['url']}"; + exec ("/usr/local/bin/rsync --timeout=5 {$url_rsync} {$file_dwn}"); + } + $url_list = @file($file_dwn); + } + + #extract range lists + $new_file = ""; + if (!empty($url_list)) { + if ($row['format'] == "gz" && $vtype == "_v4") { + foreach ($url_list as $line) { + # Network range 192.168.0.0-192.168.0.254 + if (preg_match($pfb['range'],$line,$matches)) { + $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]); + if (!empty($a_cidr)) { + foreach ($a_cidr as $cidr) { + $new_file .= preg_replace($pfb_ipreg,'',$cidr) . "\n"; + } + } + } + } + } + + elseif ($row['format'] == "block" && $vtype == "_v4") { + foreach ($url_list as $line) { + # Block Type '218.77.79.0 218.77.79.255 24' + if (preg_match($pfb['block'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "/24\n"; + } + } + } + + elseif ($row['format'] == "html" && $vtype == "_v4") { + foreach ($url_list as $line) { + # CIDR format 192.168.0.0/16 + if (preg_match($pfb['cidr'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Single ip addresses + elseif (preg_match($pfb['s_html'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + } + } + + elseif ($vtype == "_v6") { + foreach ($url_list as $line) { + # IPv6 Regex Match + if (preg_match($pfb['ipv6'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + } + } + + else { + foreach ($url_list as $line) { + # CIDR format 192.168.0.0/16 + if (preg_match($pfb['cidr'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Single ip addresses + elseif (preg_match($pfb['single'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + } + } + } + + # Check to see if Blocklist actually Failed Download or has no IPs listed. + if ($row['format'] == "html" || $row['format'] == "block") { + $url_chk = $file_dwn; + } else { + $url_chk = "{$pfb['origdir']}/{$header_url}.orig"; + } + + # Check if File Exists and is >0 in Size + $file_chk = ""; + if (file_exists($url_chk) && @filesize($url_chk) >0) + $file_chk = exec ("/usr/bin/grep -cv '^#\|^$' {$url_chk}"); + + if ($file_chk == "0") { + $new_file = "1.1.1.1\n"; + $url_other = $new_file; + $log = "[ {$header_url} ] Found no IPs, Adding '1.1.1.1' to avoid Download FAIL\n"; + pfb_logger("{$log}","1"); + } + + if ($new_file != "") { + if ($row['format'] == "gz" || $row['format'] == "gz_2" || $row['format'] == "html" || $row['format'] == "block") { + # Re-Save these formats as original file + $url_other = $new_file; + @file_put_contents($pfb['origdir'] . '/' . $header_url . '.orig',$url_other, LOCK_EX); + } + + # Save List to '.txt' format in appropriate Folder + @file_put_contents($pfbfolder . '/' .$header_url . '.txt',$new_file, LOCK_EX); + + if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") { + # Script to Call p24 Process + exec ("{$pfb['script']} p24 {$header_url} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); + } + + if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") { + # Script to call Duplication Check Process + exec ("{$pfb['script']} duplicate {$header_url} >> {$pfb['log']} 2>&1"); + } + + # PFCTL - Update Only Aliases that have been updated only. + $pfb_alias_lists[] = "{$alias}"; + # Launch d-dup and p-dup functions when changes are found. + if ($pfb['skip'] && $vtype == "_v4") + $pfb['dupcheck'] = TRUE; + # Enable Suppression Process due to Updates + if ($pfb['supp'] == "on" && $vtype == "_v4") + $pfb['supp_update'] = TRUE; + + } else { + # Log FAILED Downloads and Check if Firewall or Snort/Suricata is Blocking Host + $log = "\n [ {$alias} {$header_url} ] Download FAIL [ NOW ]\n"; + pfb_logger("{$log}","2"); + + # Rebuild Previous List File from contents of Masterfile + if ($pfb['skip'] && $vtype == "_v4") { + # Search with trailing Whitespace to match exact Header in Masterfile + $header_url2 = $header_url . "[[:space:]]"; + $file_chk = exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | grep -c ^"); + + if (!file_exists($pfbfolder . '/' . $header_url . '.txt') && @$file_chk > 0 && file_exists($pfb['master'])) { + $log = " [ {$alias} {$header_url} ] Found: {$file_chk} Line(s), Restoring previous List from Master \n"; + pfb_logger("{$log}","2"); + exec ("/usr/bin/grep {$header_url2} {$pfb['master']} | cut -d' ' -f2 > {$pfbfolder}/{$header_url}.txt"); + } + } + # A "Space" string Variable + $sp = " "; + $ip = @gethostbyname($host['host']); + $ip2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", "\"^$1\.$2\.$3\.\"", $ip); + + # Only Perform these Checks if they are not "localfiles" + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + $log = " [ {$alias} {$header_url} ] Local File Failure \n"; + pfb_logger("{$log}","2"); + } else { + # only perform these steps if an 'IP' is found. + if (!empty($ip)) { + // Query for Exact IP Match + $result_b1 = array(); + $pfb_b1 = exec ("/usr/bin/grep ^{$ip} {$pfbfolder}/*", $result_b1); + // Query for First Three IP Octet Matches + $result_b2 = array(); + $pfb_b2 = exec ("/usr/bin/grep {$ip2} {$pfbfolder}/*", $result_b2); + // Query Snort/Suricata snort2c IP Block Table + $snort_pfb = exec("/sbin/pfctl -t snort2c -T show | grep {$ip}"); + + # If an exact IP Match is not found report any First Three IP Octets. + if (!empty($result_b1)) { + $final_b1 = implode("\n ", $result_b1); + $log = " [ {$alias} {$header_url}, {$ip} ] Firewall IP Block Found in : \n{$sp}{$final_b1}\n"; + pfb_logger("{$log}","2"); + } else { + if (!empty($result_b2)) { + $final_b2 = implode("\n ", $result_b2); + $log = " [ {$alias} {$header_url}, {$ip} ] *Potential* Firewall IP Block Found in : \n{$sp}{$final_b2}\n"; + pfb_logger("{$log}","2"); + } + } + if (!empty($snort_pfb)) { + $log = " [ {$alias} {$header_url}, {$ip} ] snort2c IP Block Found in : [ {$snort_pfb} ]\n"; + pfb_logger("{$log}","2"); + } + } else { + $log = " [ {$alias} {$header_url} ] No host IP found \n"; + pfb_logger("{$log}","2"); + } + } + } + # UNSET variables + unset ($file_gz,$file_zip,$file_et,$file_xlsx,$url_other,$url_list); + } + } + } + #check custom network list + if (pfbng_text_area_decode($list['custom']) != "") { + + if ($vtype == "_v4") { + $aliascustom = "{$list['aliasname']}_custom"; + } else { + $aliascustom = "{$list['aliasname']}_custom_v6"; + } + + # Format Log into clean Tab Spaces + if (strlen($aliascustom) > 10) { + $log_tab = "\t"; + } else { + $log_tab = "\t\t"; + } + + # Collect Active Alias List (Used for pfctl Update when 'Reputation' is enabled. + $pfb_alias_lists_all[] = "{$alias}"; + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($list['action']); + $pfb['skip'] = $pfbarr['skip']; + $pfbfolder = $pfbarr['folder']; + + if (file_exists($pfbfolder . '/' . $aliascustom . '.txt') && $pfb['reuse'] == "") { + $log = "\n[ {$aliascustom} ] {$log_tab} exists, Reloading File [ NOW ]\n"; + pfb_logger("{$log}","1"); + } else { + $url_list = array(); + $log = "\n[ {$aliascustom} ] {$log_tab} Loading Custom File [ NOW ]\n"; + pfb_logger("{$log}","1"); + + $custom_list = pfbng_text_area_decode($list['custom']) . "\n"; + @file_put_contents($pfb['origdir'] . '/' . $aliascustom . '.orig', $custom_list, LOCK_EX); + $url_list = @file($pfb['origdir'] . '/' . $aliascustom . '.orig'); + + $new_file = ""; + if (!empty($url_list)) { + foreach ($url_list as $line) { + if ($vtype == "_v4") { + # CIDR format 192.168.0.0/16 + if (preg_match($pfb['cidr'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Single ip addresses + elseif (preg_match($pfb['s_html'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + # Network range 192.168.0.0-192.168.0.254 + elseif (preg_match($pfb['range'],$line,$matches)) { + $a_cidr = ip_range_to_subnet_array($matches[1],$matches[2]); + if (!empty($a_cidr)) { + foreach ($a_cidr as $cidr) { + $new_file .= preg_replace($pfb_ipreg, '',$cidr) . "\n"; + } + } + } + } else { + # IPv6 Regex + if (preg_match($pfb['ipv6'],$line,$matches)) { + $new_file .= preg_replace($pfb_ipreg, '',$matches[0]) . "\n"; + } + } + } + + } + if ($new_file != "") { + # PFCTL - Collect Only Aliases that have been updated only. + $pfb_alias_lists[] = "{$alias}"; + # Collect Updated lists for Suppression Process + @file_put_contents($pfbfolder . '/'. $aliascustom . '.txt',$new_file, LOCK_EX); + # Enable Suppression Process due to Updates + if ($pfb['supp'] == "on" && $vtype == "_v4") + $pfb['supp_update'] = TRUE; + if ($pfb['rep'] == "on" && $pfb['skip'] && $vtype == "_v4") { + # Script to Call p24 Process + exec ("{$pfb['script']} p24 {$aliascustom} {$pfb['max']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); + } + if ($pfb['dup'] == "on" && $pfb['skip'] && $vtype == "_v4") { + # Script to call Duplication Check Process + exec ("{$pfb['script']} duplicate {$aliascustom} >> {$pfb['log']} 2>&1"); + } + } else { + $log = "[ {$aliascustom} ] Custom List Error ]\n"; + pfb_logger("{$log}","1"); + } + } + } + } + } + } + } + + + ############################################# + # REPUTATION PROCESSES # + ############################################# + + # IP Reputation processes (pdup and ddup) + if ($pfb['pdup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") { + # Script to run pdup process + exec ("{$pfb['script']} pdup x {$pfb['pmax']} >> {$pfb['log']} 2>&1"); + } + if ($pfb['dedup'] == "on" && $pfb['dupcheck'] && !$pfb['save'] && $pfb['enable'] == "on") { + # Script to run dedup process + exec ("{$pfb['script']} dedup x {$pfb['dmax']} {$pfb['dedup']} {$pfb['ccexclude']} {$pfb['ccwhite']} {$pfb['ccblack']} >> {$pfb['log']} 2>&1"); + } + + ############################################# + # CONFIGURE ALIASES # + ############################################# + + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "" && $pfb['enable'] == "on") { + $runonce = 0; + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + $alias = "pfB_" . preg_replace("/\W/","",$list['aliasname']); + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($list['action']); + $pfb['skip'] = $pfbarr['skip']; + $pfb_descr = $pfbarr['descr']; + $pfbfolder = $pfbarr['folder']; + + // Re-Save Only Aliases that have been updated only. + // When 'Reputation' is used, all Aliases need to be Updated. + $final_alias = array(); + if ($pfb['dedup'] == "on" || $pfb['pdup'] == "on") { + if (!empty($pfb_alias_lists_all)) + $final_alias = array_unique($pfb_alias_lists_all); + } else { + if (!empty($pfb_alias_lists)) + $final_alias = array_unique($pfb_alias_lists); + } + + if ($list['action'] != "Disabled") { + #remove empty lists files if any + if (is_array($list['row'])) { + $update = 0; + ${$alias} = ""; + foreach ($list['row'] as $row) { + if ($row['url'] != "" && $row['state'] != "Disabled") { + if ($vtype == "_v4") { + $header_url = "{$row['header']}"; + } else { + $header_url = "{$row['header']}_v6"; + } + $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'"); + + # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. + if (file_exists($pfbfolder . "/" . $header_url . ".txt") && in_array($alias, $final_alias) || file_exists($pfbfolder . "/" . $header_url . ".txt") && empty($pfctlck)) { + # Script to run Suppression process (Print Header Only) + if ($pfb['supp'] == "on" && $vtype == "_v4" && $runonce == 0 && $pfb['supp_update']) { + exec ("{$pfb['script']} suppress x x x suppressheader >> {$pfb['log']} 2>&1"); + $runonce++; + } + # Script to run Suppression Process (Body) + if ($pfb['supp'] == "on" && $vtype == "_v4" && $pfb['supp_update']) { + if ($pfb['dup'] == "on" || !$pfb['skip']) { + # Execute if Duplication Process is Enabled or List is Permit or Match + exec ("{$pfb['script']} suppress x x x {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1"); + } else { + # Execute if Duplication Process is Disabled + exec ("{$pfb['script']} suppress x x off {$header_url}\|{$pfbfolder}/ >> {$pfb['log']} 2>&1"); + } + } + ${$alias} .= file_get_contents($pfbfolder . '/' . $header_url . '.txt'); + $update++; + } + } + } + } + + #check custom network list + if ($vtype == "_v4") { + $aliasname = "{$list['aliasname']}_custom"; + } else { + $aliasname = "{$list['aliasname']}_custom_v6"; + } + + # Update Alias if List File Exists and its been updated or if the Alias URL Table is Empty. + $pfctlck = exec ("/sbin/pfctl -vvsTables | grep -A1 {$alias} | awk '/Addresses/ {s+=$2}; END {print s}'"); + + if (pfbng_text_area_decode($list['custom']) != "") { + if (file_exists($pfbfolder . "/" . $aliasname . ".txt") && in_array($alias, $final_alias) || file_exists($pfbfolder . "/" . $aliasname . ".txt") && empty($pfctlck)) { + ${$alias} .= file_get_contents($pfbfolder . '/' . $aliasname . '.txt'); + $update++; + } + } + # Determine Validity of Alias URL Tables/Rules. ie: Don't create Empty URL Tables or Aliases + if (${$alias} == "" && empty($pfctlck)) { + unlink_if_exists($pfb['aliasdir'] . '/' . $alias. '.txt'); + } else { + // Save Only Aliases that have been updated. + if ($update > 0) { + @file_put_contents($pfb['aliasdir'] . '/' . $alias. '.txt',${$alias}, LOCK_EX); + } + + $alias_log = $list['aliaslog']; + #create alias + $new_aliases_list[] = "{$alias}"; + + $new_aliases[] = array( "name" => "{$alias}", + "url" => "{$pfb['weblocal']}?pfb={$alias}", + "updatefreq" => "32", + "address" => "", + "descr" => "pfBlockerNG {$pfb_descr} List Alias", + "type" => "urltable", + "detail" => "DO NOT EDIT THIS ALIAS" + ); + + #Create rule if action permits + switch ($list['action']) { + case "Deny_Both": + case "Deny_Outbound": + $rule = $base_rule; + $rule['type'] = "{$pfb['deny_action_outbound']}"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array ("any" => ""); + $rule['destination'] = array ("address" => "{$alias}"); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $deny_outbound[] = $rule; + if ($list['action'] != "Deny_Both") + break; + case "Deny_Inbound": + $rule = $base_rule; + $rule['type'] = "{$pfb['deny_action_inbound']}"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array("address" => "{$alias}"); + $rule['destination'] = array ("any" => ""); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $deny_inbound[] = $rule; + break; + case "Permit_Both": + case "Permit_Outbound": + $rule = $base_rule; + $rule['type'] = "pass"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array ("any" => ""); + $rule['destination'] = array ("address" => "{$alias}"); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $permit_outbound[] = $rule; + if ($list['action'] != "Permit_Both") + break; + case "Permit_Inbound": + $rule = $base_rule; + $rule['type'] = "pass"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + if ($pfb['float'] == "on") + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array ("address" => "{$alias}"); + $rule['destination'] = array ("any" => ""); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $permit_inbound[] = $rule; + break; + case "Match_Both": + case "Match_Outbound": + $rule = $base_rule_float; + $rule['type'] = "match"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array ("any" => ""); + $rule['destination'] = array ("address" => "{$alias}"); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $match_outbound[] = $rule; + if ($list['action'] != "Match_Both") + break; + case "Match_Inbound": + $rule = $base_rule_float; + $rule['type'] = "match"; + if ($vtype == "_v6") + $rule['ipprotocol'] = "inet6"; + $rule['direction'] = "any"; + $rule['descr'] = "{$alias}{$pfb['suffix']}"; + $rule['source'] = array ("address" => "{$alias}"); + $rule['destination'] = array ("any" => ""); + if ($pfb['config']['enable_log'] == "on" || $alias_log == "enabled") + $rule['log'] = ""; + $match_inbound[] = $rule; + break; + } + } + #mark pfctl aliastable for cleanup + if (!in_array($alias, $aliases_list)) { + $aliases_list[] = "{$alias}"; + } + } else { + #unlink previous pfblockerNG alias list if any + unlink_if_exists($pfb['aliasdir'] . '/' . $alias . '.txt'); + } + } + } + } + # Clear Variables + ${$alias} = ""; + + + ############################################# + # UPDATE PfSENSE ALIAS TABLES # + ############################################# + + #update pfsense alias table + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $cbalias) { + if (preg_match("/pfB_/",$cbalias['name'])) { + #mark pfctl aliastable for cleaning + if (!in_array($cbalias['name'], $aliases_list)) { + $aliases_list[] = $cbalias['name']; #mark aliastable for cleaning + } + #remove previous aliastable file if alias is not defined any more + if (!in_array($cbalias['name'], $new_aliases_list)) { + unlink_if_exists($pfb['aliasdir'] . '/' . $cbalias['name'] . ".txt"); + } + } else { + $new_aliases[] = $cbalias; + + # Check Table Size + if (file_exists($pfb['aliasdir'] . '/' . $alias . '.txt') && $message == "") { + preg_match("/(\d+)/",exec("/usr/bin/grep -c ^ " . $pfb['aliasdir'] . '/' . $alias . '.txt'),$matches); + } + if (($matches[1] * 2.1) >= $pfb['table_limit']) { + #alias table too large + $message = "{$alias} alias table is too large. Reduce networks in list or increase 'Firewall Maximum Table Entries' value to at least " . (int)($matches[1] * 2.1) . ' in "system - advanced - Firewall/NAT" . '; + } + } + } + } + + #apply new alias table to xml + if ($message == "") { + $config['aliases']['alias'] = $new_aliases; + } + # UNSET Variables + unset($new_aliases, $cbalias); + + + ############################################# + # Assign rules # + ############################################# + + # Only Execute if AutoRules are defined or if an Alias has been removed. + if ($pfb['autorules'] || $pfb['enable'] == "" || $pfb['remove']) { + if (count($deny_inbound) > 0 || count($permit_inbound) > 0 || count($match_inbound) > 0) { + if ($pfb['inbound_interfaces'] == "") { + $message = "Unable to apply rules. Inbound Interface option not configured."; + } + } + if (count($deny_outbound) > 0 || count($permit_outbound) > 0 || count($match_outbound) > 0) { + if ($pfb['outbound_interfaces'] == "") { + $message = "Unable to apply rules. Outbound Interface option not configured."; + } + } + + if ($message == "") { + $new_rules = array(); + $permit_rules = array(); + $match_rules = array(); + $other_rules = array(); + $fpermit_rules = array(); + $fmatch_rules = array(); + $fother_rules = array(); + + # Collect All Existing Rules + $rules = $config['filter']['rule']; + # Collect Existing pfSense Rules 'Pass', 'Match' and 'Other' pfSense rules into new Arrays. + if (!empty($rules)) { + foreach ($rules as $rule) { + if (!preg_match("/pfB_.*" . $pfb['suffix'] . "/",$rule['descr'])) { + // Floating rules collection 'Floating Pass/Match'. Balance to 'other' + if ($pfb['float'] == "on") { + if ($rule['type'] == "pass" && $rule['floating'] == "yes") { + $fpermit_rules[] = $rule; + } elseif ($rule['type'] == "match" && $rule['floating'] == "yes") { + $fmatch_rules[] = $rule; + } elseif ($rule['floating'] == "yes") { + $fother_rules[] = $rule; + } else { + $other_rules[] = $rule; + } + } else { + // Collect only 'Selected Inbound and Outbound Interfaces'. Balance to 'Other' + if (in_array($rule['interface'],$pfb['inbound_interfaces']) || in_array($rule['interface'],$pfb['outbound_interfaces'])) { + // Floating Rules 'off'. Collect 'Floating Other', Balance to 'Other' + if ($rule['floating'] == "yes") { + $fother_rules[] = $rule; + } elseif ($rule['type'] == "pass") { + if ($pfb['order'] == "order_0") { + $other_rules[] = $rule; + } else { + $permit_rules[] = $rule; + } + } elseif ($rule['type'] == "match") { + if ($pfb['order'] == "order_0") { + $other_rules[] = $rule; + } else { + $match_rules[] = $rule; + } + } else { + $other_rules[] = $rule; + } + } else { + if ($rule['floating'] == "yes") { + $fother_rules[] = $rule; + } else { + $other_rules[] = $rule; + } + } + } + } + } + } + + ################################################################################# + # PASS/MATCH RULES ORDER(p/m) # + # ORDER 0 - pfBlockerNG / All other Rules # + # ORDER 1 - pfSense (p/m) / pfBlockerNG (p/m) / pfBlockerNG Block/Reject # + # ORDER 2 - pfBlockerNG (p/m) / pfSense (p/m) / pfBlockerNG Block/Reject # + # ORDER 3 - pfBlockerNG (p/m) / pfBlockerNG Block/Reject / pfSense (p/m) # + ################################################################################# + + if ($pfb['float'] == "") { + if (!empty($fother_rules)) { + foreach ($fother_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + } + if (!empty($fpermit_rules) && $pfb['order'] == "order_1") { + foreach ($fpermit_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($fmatch_rules) && $pfb['order'] == "order_1") { + foreach ($fmatch_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + + # Define Inbound Interface Rules + if (!empty($pfb['inbound_interfaces'])) { + $counter = 0; + foreach ($pfb['inbound_interfaces'] as $inbound_interface) { + if (!empty($permit_rules) && $pfb['order'] == "order_1") { + foreach ($permit_rules as $cb_rules) { + if ($cb_rules['interface'] == $inbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($match_rules) && $pfb['order'] == "order_1") { + foreach ($match_rules as $cb_rules) { + if ($cb_rules['interface'] == $inbound_interface) + $new_rules[] = $cb_rules; + } + } + # Match Inbound Rules defined as Floating Only. + if (!empty($match_inbound) && $counter == 0) { + foreach ($match_inbound as $cb_rules) { + $cb_rules['interface'] = $pfb['inbound_floating']; + $new_rules[] = $cb_rules; + $counter ++; + } + } + if (!empty($permit_inbound)) { + foreach ($permit_inbound as $cb_rules) { + $cb_rules['interface'] = $inbound_interface; + $new_rules[] = $cb_rules; + } + } + if (!empty($fpermit_rules) && $pfb['order'] == "order_2") { + foreach ($fpermit_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($fmatch_rules) && $pfb['order'] == "order_2") { + foreach ($fmatch_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($permit_rules) && $pfb['order'] == "order_2") { + foreach ($permit_rules as $cb_rules) { + if ($cb_rules['interface'] == $inbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($match_rules) && $pfb['order'] == "order_2") { + foreach ($match_rules as $cb_rules) { + if ($cb_rules['interface'] == $inbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($deny_inbound)) { + foreach ($deny_inbound as $cb_rules) { + $cb_rules['interface'] = $inbound_interface; + $new_rules[] = $cb_rules; + } + } + } + } + + # Define Outbound Interface Rules + if (!empty($pfb['outbound_interfaces'])) { + $counter = 0; + foreach ($pfb['outbound_interfaces'] as $outbound_interface) { + if (!empty($permit_rules) && $pfb['order'] == "order_1") { + foreach ($permit_rules as $cb_rules) { + if ($cb_rules['interface'] == $outbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($match_rules) && $pfb['order'] == "order_1") { + foreach ($match_rules as $cb_rules) { + if ($cb_rules['interface'] == $outbound_interface) + $new_rules[] = $cb_rules; + } + } + # Match Outbound Rules defined as Floating Only. + if (!empty($match_outbound) && $counter == 0) { + foreach ($match_outbound as $cb_rules) { + $cb_rules['interface'] = $pfb['outbound_floating']; + $new_rules[] = $cb_rules; + $counter++; + } + } + if (!empty($permit_outbound)) { + foreach ($permit_outbound as $cb_rules) { + $cb_rules['interface'] = $outbound_interface; + $new_rules[] = $cb_rules; + } + } + if (!empty($permit_rules) && $pfb['order'] == "order_2") { + foreach ($permit_rules as $cb_rules) { + if ($cb_rules['interface'] == $outbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($match_rules) && $pfb['order'] == "order_2") { + foreach ($match_rules as $cb_rules) { + if ($cb_rules['interface'] == $outbound_interface) + $new_rules[] = $cb_rules; + } + } + if (!empty($deny_outbound)) { + foreach ($deny_outbound as $cb_rules) { + $cb_rules['interface'] = $outbound_interface; + $new_rules[] = $cb_rules; + } + } + } + } + + if (!empty($fpermit_rules) && $pfb['order'] == "order_0") { + foreach ($fpermit_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($fmatch_rules) && $pfb['order'] == "order_0") { + foreach ($fmatch_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($fpermit_rules) && $pfb['order'] == "order_3") { + foreach ($fpermit_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($fmatch_rules) && $pfb['order'] == "order_3") { + foreach ($fmatch_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($permit_rules) && $pfb['order'] == "order_3") { + foreach ($permit_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if (!empty($match_rules) && $pfb['order'] == "order_3") { + foreach ($match_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + if ($pfb['float'] == "on") { + if (!empty($fother_rules)) { + foreach ($fother_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + } + if (!empty($other_rules)) { + foreach ($other_rules as $cb_rules) { + $new_rules[] = $cb_rules; + } + } + + # Save New Rule Order to Config + $config['filter']['rule'] = $new_rules; + } + $log = "\n {$message} \n"; + pfb_logger("{$log}","1"); + + # UNSET arrays + unset ($cb_rules,$permit_inbound,$permit_outbound,$deny_inbound,$deny_outbound,$match_inbound,$match_outbound); + unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); + } + + ############################################# + # Define/Apply CRON Jobs # + ############################################# + + # Clear any existing pfBlockerNG Cron Jobs + install_cron_job("pfblockerng.php cron", false); + + # Replace Cron job with any User Changes to $pfb_min + if ($pfb['enable'] == "on") { + # Define pfBlockerNG CRON Job + $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; + # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) + $pfb_hour = "*"; + $pfb_mday = "*"; + $pfb_month = "*"; + $pfb_wday = "*"; + $pfb_who = "root"; + + install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); + } + + # Clear any existing pfBlockerNG MaxMind CRON Job + install_cron_job("pfblockerng.php dc", false); + + if ($pfb['enable'] == "on") { + # Define pfBlockerNG MaxMind CRON Job + $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['geolog']} 2>&1"; + + # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website + + $pfb_gmin = "0"; + $pfb_ghour = rand(0,23); + $pfb_gmday = "1,2,3,4,5,6,7"; + $pfb_gmonth = "*"; + $pfb_gwday = "2"; + $pfb_gwho = "root"; + + install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); + } + + + ############################################# + # Closing Processes # + ############################################# + + #uncheck Reusing Existing Downloads Check box + if (!$pfb['save'] && $pfb['enable'] == "on") + $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = ""; + + # Save all Changes to pfSense config file + write_config(); + + # If 'Rule Changes' are found, utilize the 'filter_configure()' function, if not, utilize 'pfctl replace' command + if ($pfb['autorules'] && $rules != $new_rules || $pfb['enable'] == "" || $pfb['remove']) { + require_once("filter.inc"); + + $log = "\n===[ Aliastables / Rules ]================================\n\n"; + pfb_logger("{$log}","1"); + + $log = "Firewall Rule Changes Found, Applying Filter Reload \n"; + pfb_logger("{$log}","1"); + + # Remove all pfBlockerNG Alias tables + if (!empty($aliases_list)) { + foreach ($aliases_list as $table) { + exec ("/sbin/pfctl -t " . escapeshellarg($table) . " -T kill 2>&1", $pfb_null); + } + } + + #load filter file which will create the pfctl tables + filter_configure(); + } else { + # Don't Execute on User 'Save' + if (!$pfb['save']) { + + $log = "\n===[ Aliastables / Rules ]================================\n\n"; + pfb_logger("{$log}","1"); + + $log = "No Changes to Firewall Rules, Skipping Filter Reload \n"; + pfb_logger("{$log}","1"); + + // Re-Save Only Aliases that have been updated only. + // When 'Reputation' is used, all Aliases Need to be Updated. + $final_alias = array(); + if ($pfb['dedup'] == "on" || $pfb['pdup'] == "on") { + if (!empty($pfb_alias_lists_all)) + $final_alias = array_unique($pfb_alias_lists_all); + } else { + if (!empty($pfb_alias_lists)) + $final_alias = array_unique($pfb_alias_lists); + } + + if (!empty($final_alias)) { + foreach ($final_alias as $final) { + $log = "\n Updating: {$final} \n"; + pfb_logger("{$log}","1"); + $result_pfctl = ""; + exec ("/sbin/pfctl -t " . escapeshellarg($final) . " -T replace -f " . $pfb['aliasdir'] . "/" . escapeshellarg($final) . ".txt 2>&1", $result_pfctl); + $log = implode($result_pfctl); + pfb_logger("{$log}","1"); + } + } else { + $log = "\n No Changes to Aliases, Skipping pfctl Update \n"; + pfb_logger("{$log}","1"); + } + } + } + # UNSET Variables + unset($rules, $new_rules); + + #sync config + pfblockerng_sync_on_changes(); + + ############################################# + # FINAL REPORTING # + ############################################# + + # Only run with CRON or Force Invoked Process + if ((!$pfb['save'] && $pfb['dupcheck'] && $pfb['enable'] == "on") || $pfb['summary']) { + # Script to run Final Script Processes. + exec ("{$pfb['script']} closing {$pfb['dup']} >> {$pfb['log']} 2>&1"); + } + + if ($pfb['enable'] == "on" && !$pfb['save']) { + $log = "\n\n UPDATE PROCESS ENDED [ NOW ]\n"; + pfb_logger("{$log}","1"); + } +} + + +function pfblockerng_validate_input($post, &$input_errors) { + global $config; + foreach ($post as $key => $value) { + if (empty($value)) + continue; + if ($key == "message_size_limit" && !is_numeric($value)) + $input_errors[] = "Message size limit must be numeric."; + if ($key == "process_limit" && !is_numeric($value)) + $input_errors[] = "Process limit must be numeric."; + if ($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) + $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; + if (substr($key, 0, 2) == "dc" && !is_hostname($value)) + $input_errors[] = "{$value} is not a valid host name."; + if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { + if (!is_domain($value)) + $input_errors[] = "{$value} is not a valid domain name."; + } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { + if (empty($post['domain' . substr($key, 12)])) + $input_errors[] = "Domain for {$value} cannot be blank."; + if (!is_ipaddr($value) && !is_hostname($value)) + $input_errors[] = "{$value} is not a valid IP address or host name."; + } + } +} + + +function pfblockerng_php_install_command() { + require_once("/usr/local/www/pfblockerng/pfblockerng.php"); + global $config,$pfb; + pfb_global(); + + # Uncompress Country Code File and delete Archive after extraction. + exec("cd /{$pfb['ccdir']}; /usr/bin/tar -jxvf {$pfb['ccdir']}/countrycodes.tar.bz2"); + unlink_if_exists("{$pfb['ccdir']}/countrycodes.tar.bz2"); + # Download MaxMind Files and Create Country Code files and Build Continent XML Files + update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); + exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + update_output_window(gettext("MaxMind Country Database downloads completed...")); + update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); + pfblockerng_uc_countries(); + update_output_window(gettext("Creating pfBlockerNG Continenet XML Files...")); + pfblockerng_get_countries(); + update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); + + # Add Widget to Dashboard + update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); + if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { + // Restore previous Widget setting if "Keep" is enabled. + $config['widgets']['sequence'] = $pfb['widgets']; + } else { + $widgets = $config['widgets']['sequence']; + if (!preg_match("/pfblockerng-container/", $widgets)) { + if (empty($widgets)) { + $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; + } else { + $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; + } + } + } +} + + +function pfblockerng_php_deinstall_command() { + require_once("config.inc"); + global $config,$pfb; + + # Set these two variables to Disable pfBlockerNG on De-Install + $pfb['save'] = TRUE; + $pfb['install'] = TRUE; + sync_package_pfblockerng(); + rmdir_recursive("/usr/local/pkg/pfblockerng"); + rmdir_recursive("/usr/local/www/pfblockerng"); + + # Maintain pfBlockerNG Settings and Database Files if $pfb['keep'] is ON. + if ($pfb['keep'] != "on") { + # Remove pfBlockerNG Log and DB Folder + rmdir_recursive("{$pfb['dbdir']}"); + rmdir_recursive("{$pfb['logdir']}"); + + # Remove Settings from Config + if (is_array($config['installedpackages']['pfblockerng'])) + unset($config['installedpackages']['pfblockerng']); + if (is_array($config['installedpackages']['pfblockerngglobal'])) + unset($config['installedpackages']['pfblockerngglobal']); + if (is_array($config['installedpackages']['pfblockerngsync'])) + unset($config['installedpackages']['pfblockerngsync']); + if (is_array($config['installedpackages']['pfblockerngreputation'])) + unset($config['installedpackages']['pfblockerngreputation']); + if (is_array($config['installedpackages']['pfblockernglistsv4'])) + unset($config['installedpackages']['pfblockernglistsv4']); + if (is_array($config['installedpackages']['pfblockernglistsv6'])) + unset($config['installedpackages']['pfblockernglistsv6']); + if (is_array($config['installedpackages']['pfblockerngafrica'])) + unset($config['installedpackages']['pfblockerngafrica']); + if (is_array($config['installedpackages']['pfblockerngantartica'])) + unset($config['installedpackages']['pfblockerngantartica']); + if (is_array($config['installedpackages']['pfblockerngasia'])) + unset($config['installedpackages']['pfblockerngasia']); + if (is_array($config['installedpackages']['pfblockerngeurope'])) + unset($config['installedpackages']['pfblockerngeurope']); + if (is_array($config['installedpackages']['pfblockerngnorthamerica'])) + unset($config['installedpackages']['pfblockerngnorthamerica']); + if (is_array($config['installedpackages']['pfblockerngoceania'])) + unset($config['installedpackages']['pfblockerngoceania']); + if (is_array($config['installedpackages']['pfblockerngsouthamerica'])) + unset($config['installedpackages']['pfblockerngsouthamerica']); + if (is_array($config['installedpackages']['pfblockerngtopspammers'])) + unset($config['installedpackages']['pfblockerngtopspammers']); + } + + # Remove Widget (code from Snort deinstall) + $pfb['widgets'] = $config['widgets']['sequence']; + if (!empty($pfb['widgets'])) { + $widgetlist = explode(",", $pfb['widgets']); + foreach ($widgetlist as $key => $widget) { + if (strstr($widget, "pfblockerng-container")) { + unset($widgetlist[$key]); + break; + } + } + $config['widgets']['sequence'] = implode(",", $widgetlist); + } + update_output_window(gettext("pfBlockerNG has been Uninstalled")); +} + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function pfblockerng_sync_on_changes() { + global $config, $g, $pfb_sync; + + // Create Array of Sync Settings and exit if Sync is Disabled. + if (is_array($config['installedpackages']['pfblockerngsync']['config'][0])) { + $pfb_sync = $config['installedpackages']['pfblockerngsync']['config'][0]; + if ($pfb_sync['varsynconchanges'] == "disabled" || $pfb_sync['varsynconchanges'] == "") + return; + + $synctimeout = $pfb_sync['varsynctimeout']; + } else { + return; + } + + log_error("[pfBlockerNG] XMLRPC sync is starting."); + + if (is_array($config['installedpackages']['pfblockerngsync']['config'])) { + switch ($pfb_sync['varsynconchanges']) { + case "manual": + if (is_array($pfb_sync[row])) { + $rs = $pfb_sync[row]; + } else { + log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['varsyncprotocol'] = "http"; + } else { + $rs[0]['varsyncprotocol'] = "https"; + } + + if ($system_carp['synchronizetoip'] == "") { + log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured."); + return; + } + } else { + log_error("[pfBlockerNG] XMLRPC sync is enabled but there are no replication targets configured."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)) { + foreach ($rs as $sh) { + // Only Sync Enabled Replication Targets + if ($sh['varsyncdestinenable'] == "ON") { + $sync_to_ip = $sh['varsyncipaddress']; + $port = $sh['varsyncport']; + $password = htmlspecialchars($sh['varsyncpassword']); + $protocol = $sh['varsyncprotocol']; + + if (!empty($sh['varsyncusername'])) { + $username = $sh['varsyncusername']; + } else { + $username = "admin"; + } + + pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } + } + if ($success) + log_error("[pfBlockerNG] XMLRPC sync completed successfully."); + } + } +} + + +/* Do the actual XMLRPC sync */ +function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { + global $config, $g, $pfb_sync; + $success = TRUE; + + /* Exit on missing parameters */ + if (empty($sync_to_ip) || empty($password)) { + log_error("[pfBlockerNG] XMLRPC sync parameter missing (host IP or password) ... aborting xmlrpc sync"); + $success = FALSE; + return $success; + } + + /* Do not attempt a package sync while booting up or installing package */ + if ($g['booting'] || $g['pfblockerng_postinstall']) { + log_error("[pfBlockerNG] XMLRPC sync to Replication targets terminated during boot up or during package reinstallation."); + $success = FALSE; + return $success; + } + + // Validate Replication Target IP Address and Port Settings + if (!is_ipaddr($sync_to_ip) || !is_port($port)) { + log_error("[pfBlockerNG] XMLRPC sync terminated due to mis-configured Replication Target IP Address or Port settings."); + $success = FALSE; + return $success; + } + + /* Test key variables and set defaults if empty */ + if (empty($synctimeout)) + $synctimeout = 150; + + $url = "{$protocol}://{$sync_to_ip}"; + + if ($port == "") { $port = $config['system']['webgui']['port']; }; + /* If port is empty lets rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { + $port = "80"; + } else { + $port = "443"; + } + } + /* xml will hold the sections to sync */ + $xml = array(); + // If User Disabled, remove 'General Tab Customizations' from Sync + if ($config['installedpackages']['pfblockerngsync']['config'][0]['syncinterfaces'] == "") + $xml['pfblockerng'] = $config['installedpackages']['pfblockerng']; + $xml['pfblockerngreputation'] = $config['installedpackages']['pfblockerngreputation']; + $xml['pfblockernglistsv4'] = $config['installedpackages']['pfblockernglistsv4']; + $xml['pfblockernglistsv6'] = $config['installedpackages']['pfblockernglistsv6']; + $xml['pfblockerngtopspammers'] = $config['installedpackages']['pfblockerngtopspammers']; + $xml['pfblockerngafrica'] = $config['installedpackages']['pfblockerngafrica']; + $xml['pfblockerngantartica'] = $config['installedpackages']['pfblockerngantartica']; + $xml['pfblockerngasia'] = $config['installedpackages']['pfblockerngasia']; + $xml['pfblockerngeurope'] = $config['installedpackages']['pfblockerngeurope']; + $xml['pfblockerngnorthamerica'] = $config['installedpackages']['pfblockerngnorthamerica']; + $xml['pfblockerngoceania'] = $config['installedpackages']['pfblockerngoceania']; + $xml['pfblockerngsouthamerica'] = $config['installedpackages']['pfblockerngsouthamerica']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + log_error("[pfBlockerNG] XMLRPC syncing to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + + /* send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if (!$resp) { + log_error("[pfBlockerNG] XMLRPC communications error occurred while attempting sync with {$url}:{$port}."); + file_notice("sync_settings", $error, "pfBlockerNG Settings Sync", ""); + $success = FALSE; + return $success; + } elseif ($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + log_error("[pfBlockerNG] XMLRPC Error received while attempting sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString()); + file_notice("sync_settings", $error, "pfBlockerNG Settings Sync", ""); + $success = FALSE; + return $success; + } else { + log_error("[pfBlockerNG] XMLRPC sync successfully completed with {$url}:{$port}."); + } + return $success; +} +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.js b/config/pfblockerng/pfblockerng.js new file mode 100644 index 00000000..cef0ce3b --- /dev/null +++ b/config/pfblockerng/pfblockerng.js @@ -0,0 +1,79 @@ +/* pfBlockerNG update engine */ + +// Part of pfBlockerNG by BBCan177@gmail.com (c) 2014 +// +// Javascript and Integration modifications by J. Nieuwenhuizen + + +var pfBlockerNGtimer; + +function pfBlockerNG_fetch_new_rules_callback(callback_data) { + var data_split; + var new_data_to_add = Array(); + var data = callback_data; + + data_split = data.split("\n"); + + // Loop through rows and generate replacement HTML + if (data_split.length > 1) { + for(var x=0; x<data_split.length-1; x++) { + row_split = data_split[x].split("||"); + if (row_split.length > 3) { + var line = ''; + line = '<td class="listMRr ellipsis">' + row_split[0] + '</td>'; + line += '<td class="listMRr" align="center">' + row_split[1] + '</td>'; + line += '<td class="listMRr" align="center">' + row_split[2] + '</td>'; + line += '<td class="listMRr" align="center">' + row_split[3] + '</td>'; + line += '<td class="listMRr" align="center">' + row_split[4] + '</td>'; + new_data_to_add[new_data_to_add.length] = line; + } + } + if (new_data_to_add.length > 0) { + pfBlockerNG_update_div_rows(new_data_to_add); + } + } +} + + +function pfBlockerNG_update_div_rows(data) { + var rows = jQuery('#pfbNG-entries>tr'); + + // Number of rows to move by + var move = rows.length + data.length; + if (move < 0) + move = 0; + + for (var i = rows.length - 1; i >= move; i--) { + jQuery(rows[i]).html(jQuery(rows[i - move]).html()); + } + + var tbody = jQuery('#pfbNG-entries'); + for (var i = data.length - 1; i >= 0; i--) { + if (i < rows.length) { + jQuery(rows[i]).html(data[i]); + } else { + jQuery(tbody).prepend('<tr>' + data[i] + '</tr>'); + } + } + + // Add the even/odd class to each of the rows now + // they have all been added. + rows = jQuery('#pfbNG-entries>tr'); + for (var i = 0; i < rows.length; i++) { + rows[i].className = i % 2 == 0 ? 'listMRodd' : 'listMReven'; + } +} + + +function fetch_new_pfBlockerNGcounts() { + jQuery.ajax('/widgets/widgets/pfblockerng.widget.php?getNewCounts=' + new Date().getTime(), { + type: 'GET', + dataType: 'text', + success: function(data) { + pfBlockerNG_fetch_new_rules_callback(data); + } + }); +} + +/* start local AJAX engine */ +pfBlockerNGtimer = setInterval('fetch_new_pfBlockerNGcounts()', pfBlockerNGupdateDelay);
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php new file mode 100644 index 00000000..20080aa4 --- /dev/null +++ b/config/pfblockerng/pfblockerng.php @@ -0,0 +1,1579 @@ +<?php +/* + pfBlockerNG.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfBlocker by + Copyright (C) 2011-2012 Marcello Coutinho + All rights reserved. + + Hour Schedule Convertor code by + Snort Package + Copyright (c) 2014 Bill Meeks + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); +require_once("services.inc"); +require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + +pfb_global(); + +// IPv6 Range to CIDR function used courtesey from: +// https://github.com/stilez/pfsense-leases/blob/50cc0fa81dba5fe91bcddaea016c245d1b8479cc/etc/inc/util.inc +function ip_range_to_subnet_array_temp($ip1, $ip2) { + + if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { + $proto = 'ipv4'; // for clarity + $bits = 32; + $ip1bin = decbin(ip2long32($ip1)); + $ip2bin = decbin(ip2long32($ip2)); + } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { + $proto = 'ipv6'; + $bits = 128; + $ip1bin = Net_IPv6::_ip2Bin($ip1); + $ip2bin = Net_IPv6::_ip2Bin($ip2); + } else + return array(); + + // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant + $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT); + $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT); + + if ($ip1bin === $ip2bin) + return array($ip1 . '/' . $bits); + + if (strcmp($ip1bin, $ip2bin) > 0) + list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap contents of ip1 <= ip2 + + $rangesubnets = array(); + $netsize = 0; + + do { + // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround) + // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe" + + // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it) + + if (substr($ip1bin, -1, 1) == '1') { + // the start ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip1bin, '0'); //can't be all 1's + $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1 + } + + // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap) + + if (substr($ip2bin, -1, 1) == '0') { + // the end ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip2bin, '1'); //can't be all 0's + $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1 + // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe + } + + // this is the only edge case arising from increment/decrement. + // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now) + + if (strcmp($ip2bin, $ip1bin) < 0) + continue; + + // step #3 the start and end ip MUST now end in '0's and '1's respectively + // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes. + + $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2 + $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift); + $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift); + $netsize += $shift; + if ($ip1bin === $ip2bin) { + // we're done. + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + continue; + } + + // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle. + } while (strcmp($ip1bin, $ip2bin) < 0); + + // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6 + + ksort($rangesubnets, SORT_STRING); + $out = array(); + + foreach ($rangesubnets as $ip => $netmask) { + if ($proto == 'ipv4') { + $i = str_split($ip, 8); + $out[] = implode('.', array( bindec($i[0]),bindec($i[1]),bindec($i[2]),bindec($i[3]))) . '/' . $netmask; + } else + $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; + } + + return $out; +} + +# Set php Memory Limit +$uname = posix_uname(); +if ($uname['machine'] == "amd64") + ini_set('memory_limit', '256M'); + +function pfb_update_check($header_url, $list_url, $url_format) { + global $pfb; + + if ($url_format == "rsync" || $url_format == "html") { + $log = "[ {$header_url} ]\n Skipping timestamp query\n"; + pfb_logger("{$log}","1"); + return TRUE; + } + + switch ($url_format) { + case "gz": + case "gz_2": + case "gz_lg": + case "et": + $type = '.gz'; + break; + case "zip": + case "xlsx": + $type = '.zip'; + break; + case "txt": + $type = '.orig'; + break; + case "html": + case "block": + $type = '.raw'; + break; + } + + $log = "[ {$header_url} ]\n"; + pfb_logger("{$log}","1"); + $host = @parse_url($list_url); + $local_file = "{$pfb['origdir']}/{$header_url}{$type}"; + if (file_exists($local_file)) { + // Determine if URL is Remote or Local + if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + } else { + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); + $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); + } + + $log = " Remote timestamp: {$remote_tds}\n"; + pfb_logger("{$log}","1"); + $local_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + $log = " Local timestamp: {$local_tds}\n"; + pfb_logger("{$log}","1"); + if ("{$remote_tds}" != "{$local_tds}") { + return TRUE; + } else { + $log = " Remote file unchanged. Download Terminated\n"; + pfb_logger("{$log}","1"); + return FALSE; + } + } else { + return TRUE; + } +} + + +if ($argv[1] == 'update') { + sync_package_pfblockerng("cron"); +} + +if ($argv[1] == 'dc') { + # (Options - 'bu' Binary Update for Reputation/Alerts Page, 'all' for Country update and 'bu' options. + if ($pfb['cc'] == "") { + exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + } else { + exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh bu >> {$pfb['geolog']} 2>&1"); + } + pfblockerng_uc_countries(); + pfblockerng_get_countries(); +} + +if ($argv[1] == 'uc') { + pfblockerng_uc_countries(); +} + +if ($argv[1] == 'gc') { + pfblockerng_get_countries(); +} + +if ($argv[1] == 'cron') { + $hour = date('H'); + $dow = date('N'); + + # Start hour of the 'Once a day' Schedule + $pfb['dailystart'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_dailystart']; + # Start hour of the Scheduler + if ($config['installedpackages']['pfblockerng']['config'][0]['pfb_hour'] != "") { + $pfb['hour'] = $config['installedpackages']['pfblockerng']['config'][0]['pfb_hour']; + } else { + $pfb['hour'] = "1"; + } + $updates = 0; + + # 2 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch2 = strval($shour); + for ($i=0; $i<11; $i++) { + $shour += 2; + if ($shour > 24) + $shour -= 24; + $sch2 .= "," . strval($shour); + } + + # 3 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch3 = strval($shour); + for ($i=0; $i<7; $i++) { + $shour += 3; + if ($shour > 24) + $shour -= 24; + $sch3 .= "," . strval($shour); + } + + # 4 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch4 = strval($shour); + for ($i=0; $i<5; $i++) { + $shour += 4; + if ($shour > 24) + $shour -= 24; + $sch4 .= "," . strval($shour); + } + + # 6 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch6 = strval($shour); + for ($i=0; $i<3; $i++) { + $shour += 6; + if ($shour > 24) + $shour -= 24; + $sch6 .= "," . strval($shour); + } + + # 8 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch8 = strval($shour); + for ($i=0; $i<2; $i++) { + $shour += 8; + if ($shour > 24) + $shour -= 24; + $sch8 .= "," . strval($shour); + } + + # 12 Hour Schedule Converter + $shour = intval(substr($pfb['hour'], 0, 2)); + $sch12 = strval($shour) . ","; + $shour += 12; + if ($shour > 24) + $shour -= 24; + $sch12 .= strval($shour); + + $e_sch2 = explode(",", $sch2); + $e_sch3 = explode(",", $sch3); + $e_sch4 = explode(",", $sch4); + $e_sch6 = explode(",", $sch6); + $e_sch8 = explode(",", $sch8); + $e_sch12 = explode(",", $sch12); + + $log = " CRON PROCESS START [ NOW ]\n"; + pfb_logger("{$log}","1"); + + $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); + foreach ($list_type as $ip_type => $vtype) { + if ($config['installedpackages'][$ip_type]['config'] != "") { + foreach ($config['installedpackages'][$ip_type]['config'] as $list) { + if (is_array($list['row']) && $list['action'] != "Disabled") { + foreach ($list['row'] as $row) { + if ($row['url'] != "" && $row['state'] != "Disabled") { + + if ($vtype == "_v4") { + $header_url = "{$row['header']}"; + } else { + $header_url = "{$row['header']}_v6"; + } + + # Determine Folder Location for Alias (return array $pfbarr) + pfb_determine_list_detail($list['action']); + $pfbfolder = $pfbarr['folder']; + + $list_cron = $list['cron']; + $list_url = $row['url']; + $header_dow = $list['dow']; + $url_format = $row['format']; + + // Bypass update if state is defined as "Hold" and list file exists + if (file_exists($pfbfolder . '/' . $header_url . '.txt') && $row['state'] == "Hold") { + continue; + } + + # Check if List file exists, if not found run Update + if (!file_exists($pfbfolder . '/' . $header_url . '.txt')) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + $updates++; + continue; + } + + switch ($list_cron) { + case "01hour": + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + break; + case "02hours": + if (in_array($hour, $e_sch2)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "03hours": + if (in_array($hour, $e_sch3)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "04hours": + if (in_array($hour, $e_sch4)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "06hours": + if (in_array($hour, $e_sch6)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "08hours": + if (in_array($hour, $e_sch8)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "12hours": + if (in_array($hour, $e_sch12)) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "EveryDay": + if ($hour == $pfb['dailystart']) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + case "Weekly": + if ($hour == $pfb['dailystart'] && $dow == $header_dow) { + if (pfb_update_check($header_url, $list_url, $url_format)) { + $log = " Updates Found\n"; + pfb_logger("{$log}","1"); + unlink_if_exists($pfbfolder . '/' . $header_url . '.txt'); + $updates++; + } + } + break; + default: { + } + break; + } + } + } + } + } + } + } + + if ($updates > 0) { + sync_package_pfblockerng("cron"); + } else { + $log = "\n No Updates required. \n\n"; + pfb_logger("{$log}","1"); + } + + $log = " CRON PROCESS ENDED [ NOW ]\n"; + pfb_logger("{$log}","1"); + + # Call Log Mgmt Function + // If Update GUI 'Manual view' is selected. Last output will be missed. So sleep for 5 secs. + sleep(5); + pfb_log_mgmt(); +} + + +function pfblockerng_uc_countries() { + + global $g,$pfb; + pfb_global(); + + $maxmind_cont = "{$pfb['dbdir']}/country_continent.csv"; + $maxmind_cc4 = "{$pfb['dbdir']}/GeoIPCountryWhois.csv"; + $maxmind_cc6 = "{$pfb['dbdir']}/GeoIPv6.csv"; + + # Create Folders if not Exist + $folder_array = array ("{$pfb['dbdir']}","{$pfb['logdir']}","{$pfb['ccdir']}"); + foreach ($folder_array as $folder) { + safe_mkdir ("{$folder}",0755); + } + + $now = date("m/d/y G:i:s", time()); + $log = "Country Code Update Start - [ NOW ]\n\n"; + print "Country Code Update Start - [ $now ]\n\n"; + pfb_logger("{$log}","3"); + + if (!file_exists($maxmind_cont) || !file_exists($maxmind_cc4) || !file_exists($maxmind_cc6)) { + $log = " [ MAXMIND UPDATE FAIL, CSV Missing, using Previous Country Code Database \n"; + print $log; + pfb_logger("{$log}","3"); + return; + } + + # Save Date/Time Stamp to MaxMind version file + $maxmind_ver = "MaxMind GeoLite Date/Time Stamps \n\n"; + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip"))); + $maxmind_ver .= "MaxMind_v4 \t" . $remote_tds . "\n"; + $local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc4)); + $maxmind_ver .= "Local_v4 \tLast-Modified: " . $local_tds . "\n\n"; + $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz"))); + $maxmind_ver .= "MaxMind_v6 \t" . $remote_tds . "\n"; + $local_tds = @gmdate ("D, d M Y H:i:s T", filemtime($maxmind_cc6)); + $maxmind_ver .= "Local_v6 \tLast-Modified: " . $local_tds . "\n"; + $maxmind_ver .= "\nThese Timestamps should *match* \n"; + @file_put_contents("{$pfb['logdir']}/maxmind_ver", $maxmind_ver); + + + // Collect ISO Codes for Each Continent + $log = "Processing Continent Data \n"; + print $log; + pfb_logger("{$log}","3"); + + $cont_array = array ( array($AF),array($AS),array($EU),array($NA),array($OC),array($SA)); + if (($handle = fopen("{$maxmind_cont}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $cc_key = $cc[0]; + $cont_key = $cc[1]; + switch ($cont_key) { + case "AF": + $cont_array[0]['continent'] = "Africa"; + $cont_array[0]['iso'] .= "{$cc_key},"; + $cont_array[0]['file4'] = "{$pfb['ccdir']}/Africa_v4.txt"; + $cont_array[0]['file6'] = "{$pfb['ccdir']}/Africa_v6.txt"; + break; + case "AS": + $cont_array[1]['continent'] = "Asia"; + $cont_array[1]['iso'] .= "{$cc_key},"; + $cont_array[1]['file4'] = "{$pfb['ccdir']}/Asia_v4.txt"; + $cont_array[1]['file6'] = "{$pfb['ccdir']}/Asia_v6.txt"; + break; + case "EU": + $cont_array[2]['continent'] = "Europe"; + $cont_array[2]['iso'] .= "{$cc_key},"; + $cont_array[2]['file4'] = "{$pfb['ccdir']}/Europe_v4.txt"; + $cont_array[2]['file6'] = "{$pfb['ccdir']}/Europe_v6.txt"; + break; + case "NA": + $cont_array[3]['continent'] = "North America"; + $cont_array[3]['iso'] .= "{$cc_key},"; + $cont_array[3]['file4'] = "{$pfb['ccdir']}/North_America_v4.txt"; + $cont_array[3]['file6'] = "{$pfb['ccdir']}/North_America_v6.txt"; + break; + case "OC": + $cont_array[4]['continent'] = "Oceania"; + $cont_array[4]['iso'] .= "{$cc_key},"; + $cont_array[4]['file4'] = "{$pfb['ccdir']}/Oceania_v4.txt"; + $cont_array[4]['file6'] = "{$pfb['ccdir']}/Oceania_v6.txt"; + break; + case "SA": + $cont_array[5]['continent'] = "South America"; + $cont_array[5]['iso'] .= "{$cc_key},"; + $cont_array[5]['file4'] = "{$pfb['ccdir']}/South_America_v4.txt"; + $cont_array[5]['file6'] = "{$pfb['ccdir']}/South_America_v6.txt"; + break; + } + } + } + unset($cc); + fclose($handle); + + // Collect Country ISO Data IPv4 and Sort to Continent Array + $log = "Processing ISO IPv4 Continent/Country Data \n"; + print $log; + pfb_logger("{$log}","3"); + + if (($handle = fopen("{$maxmind_cc4}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $ip1_key = $cc[0]; + $ip2_key = $cc[1]; + $var1_key = $cc[2]; + $var2_key = $cc[3]; + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key]['ip4'] .= $a_cidr . ","; + $cont_array[$counter][$cc_key]['country'] = $country_key; + continue; + } + $counter++; + } + } + } + unset($cc); + fclose($handle); + + // Build Continent IPv4 CIDR Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv4: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter]['file4']; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key]['ip4'], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key]['ip4']); + $iso[$key]['ip4'] = ""; + } + } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); + } + + + // Collect Country ISO Data IPv6 and Sort to Continent Array + $log = "Processing ISO IPv6 Continent/Country Data \n"; + print $log; + pfb_logger("{$log}","3"); + + if (($handle = fopen("{$maxmind_cc6}",'r')) !== FALSE) { + while (($cc = fgetcsv($handle)) !== FALSE) { + + $ip1_key = $cc[0]; + $ip2_key = $cc[1]; + $var1_key = $cc[2]; + $var2_key = $cc[3]; + $cc_key = $cc[4]; + $country_key = $cc[5]; + $a_cidr = implode(",", ip_range_to_subnet_array_temp($cc[0],$cc[1])); + + $counter = 0; + foreach ($cont_array as $iso) { + if (preg_match("/\b$cc_key\b/", $iso['iso'])) { + $cont_array[$counter][$cc_key]['ip6'] .= $a_cidr . ","; + continue; + } + $counter++; + } + } + } + unset($cc); + fclose($handle); + + // Build Continent IPv6 Files + $counter = 0; + foreach ($cont_array as $iso) { + $header = ""; + $pfb_file = ""; + $iso_key = ""; + + $header .= "# Generated from MaxMind Inc. on: " . date("m/d/y G:i:s", time()) . "\n"; + $header .= "# Continent IPv6: " . $cont_array[$counter]['continent'] . "\n"; + $pfb_file = $cont_array[$counter]['file6']; + $iso_key = array_keys($iso); + foreach ($iso_key as $key) { + if (preg_match("/[A-Z]{2}/", $key)) { + $header .= "# Country: " . $iso[$key]['country'] . "\n"; + $header .= "# ISO Code: " . $key . "\n"; + $header .= "# Total Networks: " . substr_count($iso[$key]['ip6'], ",") . "\n"; + $header .= str_replace(",", "\n", $iso[$key]['ip6']); + $iso[$key]['ip6'] = ""; + } + } + $counter++; + @file_put_contents($pfb_file, $header, LOCK_EX); + } + unset($cont_array); +} + + +function pfblockerng_get_countries() { + + global $g,$pfb; + pfb_global(); + + # These arrays are used to collect the <option> tags for the XML Continent Files + $roptions4 = array(); + $coptions4 = array(); + $roptions6 = array(); + $coptions6 = array(); + + $files4 = array ( "Africa" => "{$pfb['ccdir']}/Africa_v4.txt", + "Asia" => "{$pfb['ccdir']}/Asia_v4.txt", + "Europe" => "{$pfb['ccdir']}/Europe_v4.txt", + "North America" => "{$pfb['ccdir']}/North_America_v4.txt", + "Oceania" => "{$pfb['ccdir']}/Oceania_v4.txt", + "South America" => "{$pfb['ccdir']}/South_America_v4.txt" + ); + + # IPv4 Collect Data to generate new continent XML Files. + $log = "Building pfBlockerNG XML Files \n"; + print $log; + pfb_logger("{$log}","3"); + + foreach ($files4 as $cont => $file) { + $log = "IPv4 " . $cont . "\n"; + print $log; + pfb_logger("{$log}","3"); + $ips = file_get_contents($file); + $convert = explode("\n", $ips); + $cont_name = preg_replace("/ /","",$cont); + $cont_name_lower = strtolower($cont_name); + $active = array( "$cont" => '<active/>'); + $total4 = 0; + $pfb['complete'] = FALSE; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + $coptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + $roptions4[] = $Country . '-' . $ISOCode . ' ('. $total4 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + + // Save ISO IPv4 Data + @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v4.txt',$pfb_v4,LOCK_EX); + + // Clear Variables and Restart Continent Collection process + $total4 = 0; + $pfb_v4 = ""; + $pfb['complete'] = FALSE; + } + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} + } elseif (!preg_match("/#/",$line)) { + $total4++; + if (!empty($line)) + $pfb_v4 .= $line . "\n"; + $pfb['complete'] = TRUE; + } + } + unset ($ips, $convert); + + // Sort IPv4 Countries Alphabetically and Build XML <option> Data for Continents Tab + sort($coptions4, SORT_STRING); + $ftotal4 = count($coptions4); + $count = 1; + $options4 = ""; + + foreach ($coptions4 as $option4) { + if ($count == 1) { $options4 .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue;} + if ($ftotal4 == $count) { + $options4 .= "\t\t\t\t" . '<option><name>' . $option4; + } else { + $options4 .= "\t\t\t\t" . '<option><name>' . $option4 . "\n"; + } + $count++; + } + unset ($coptions4); + + // IPv6 Collect Data to generate new continent XML Files. + $file6 = preg_replace("/v4/", "v6", $file); + $ips = file_get_contents($file6); + $convert = explode("\n", $ips); + $log = "IPv6 " . $cont . "\n"; + pfb_logger("{$log}","3"); + $total6 = 0; + $pfb['complete'] = FALSE; + + foreach ($convert as $line) { + if (preg_match("/#/",$line)) { + if ($pfb['complete']) { + $coptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + $roptions6[] = $Country . '-' . $ISOCode . ' ('. $total6 .') ' . ' </name><value>' . $ISOCode . '</value></option>'; + + // Save ISO IPv6 Data + @file_put_contents($pfb['ccdir'] . '/' . $ISOCode . '_v6.txt',$pfb_v6,LOCK_EX); + + // Clear Variables and Restart Continent Collection process + $total6 = 0; + $pfb_v6 = ""; + $pfb['complete'] = FALSE; + } + if (preg_match("/Country:\s(.*)/",$line, $matches)) { $Country = $matches[1];} + if (preg_match("/ISO Code:\s(.*)/",$line, $matches)) { $ISOCode = $matches[1];} + } elseif (!preg_match("/#/",$line)) { + $total6++; + if (!empty($line)) + $pfb_v6 .= $line . "\n"; + $pfb['complete'] = TRUE; + } + } + + // Sort IPv6 Countries Alphabetically for Continents Tab + sort($coptions6, SORT_STRING); + $ftotal6 = count($coptions6); + $count = 1; + $options6 = ""; + + foreach ($coptions6 as $option6) { + if ($count == 1) { $options6 .= "\t" . '<option><name>' . $option6 . "\n"; $count++; continue;} + if ($ftotal6 == $count) { + $options6 .= "\t\t\t\t" . '<option><name>' . $option6; + } else { + $options6 .= "\t\t\t\t" . '<option><name>' . $option6 . "\n"; + } + $count++; + } + unset ($coptions6); + + +$xml = <<<EOF +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* \$Id\$ */ +/* ========================================================================== */ +/* + pfblockerng_{$cont_name}.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS`` AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerng{$cont_name_lower}</name> + <version>1.0</version> + <title>pfBlockerNG: {$cont}</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG: {$cont_name}</name> + <tooltiptext>Configure pfBlockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng_{$cont_name_lower}.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + {$active['top']} + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + {$active['Africa']} + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + {$active['Asia']} + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + {$active['Europe']} + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + {$active['North America']} + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + {$active['Oceania']} + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + {$active['South America']} + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name><![CDATA[Continent {$cont} (Geolite Data by MaxMind Inc. - ISO 3166)]]></name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname></fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Countries]]></fielddescr> + <fieldname>countries4</fieldname> + <description> + <![CDATA[Select IPv4 Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$options4} + </options> + <size>{$ftotal4}</size> + <multiple/> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv6</strong><br />Countries]]></fielddescr> + <fieldname>countries6</fieldname> + <description> + <![CDATA[Select IPv6 Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$options6} + </options> + <size>{$ftotal6}</size> + <multiple/> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + <option><name>Alias Native</name><value>Alias_Native</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )<br /> + This can be overriden by the 'Global Logging' Option in the General Tab.]]></description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]> + </name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input(\$_POST, \$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global \$pfb; + \$pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui> +EOF; + + // Update Each Continent XML file. + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_'.$cont_name.'.xml',$xml,LOCK_EX); + + } // End foreach 'Six Continents' Update XML Process + + + // Sort Countries IPv4 Alphabetically and Build XML <option> Data for Reputation Tab (IPv6 not used by ET IQRisk) + sort($roptions4, SORT_STRING); + $eoa = count($roptions4); + $count = 1; + $options4 = ""; + + foreach ($roptions4 as $option4) { + if ($count == 1) { $et_options .= "\t" . '<option><name>' . $option4 . "\n"; $count++; continue; } + if ($eoa == $count) { + $et_options .= "\t\t\t\t" . '<option><name>' . $option4; + } else { + $et_options .= "\t\t\t\t" . '<option><name>' . $option4 . "\n"; + } + $count++; + } + + +// Update pfBlockerNG_Reputation.xml file with Country Code Changes + + +$xmlrep = <<<EOF +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* \$Id\$ */ +/* ========================================================================== */ +/* + pfBlockerNG_Reputation.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. + +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerngreputation</name> + <version>1.0</version> + <title>pfBlockerNG: IPv4 Reputation</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext>Configure pfblockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + <active/> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name>IPv4 Reputation Preface</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname></fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<strong>Why Reputation Matters:</strong>]]></fielddescr> + <fieldname></fieldname> + <type>info</type> + <description><![CDATA[By Enabling '<strong>Reputation</strong>', each Blocklist will be analyzed for Repeat Offenders in each IP Range. + <ul>Example: x.x.x.1, x.x.x.2, x.x.x.3, x.x.x.4, x.x.x.5<br /> + No. of <strong> Repeat Offending IPs </strong> [ <strong>5</strong> ], in a Blocklist within the same IP Range.</ul> + With '<strong>Reputation</strong> enabled, these 5 IPs will be removed and a single + <strong>x.x.x.0/24</strong> Block is used.<br /> + This will completely Block/Reject this particular range from your Firewall.<br /><br /> + Selecting Blocklists from various Threat Sources will help to highlight Repeat Offending IP Ranges,<br /> + Its Important to select a Broad Range of Blocklists that cover different types of Malicious Activity.<br /><br /> + You *may* experience some False Positives. Add any False Positive IPs manually to the<br /> + <strong>pfBlockerNGSuppress Alias</strong> or use the "+" suppression Icon in the Alerts TAB<br /><br /> + To help mitigate False Positives 'Countries' can be '<strong>Excluded</strong>' from this Process. (Refer to Country Code Settings) + <br /><br />Enabling <strong>De-Duplication</strong> is highly recommended before utilizing 'Reputation' processes.]]> + </description> + </field> + <field> + <name>Reputation Settings:</name> + <type>listtopic</type> + </field> + <field> + <fieldname></fieldname> + <fielddescr><![CDATA[<br /><strong>Individual List Reputation</strong><br /><br />]]></fielddescr> + <type>info</type> + <description></description> + </field> + <field> + <fielddescr><![CDATA[Enable Max]]></fielddescr> + <fieldname>enable_rep</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in a /24 Range on <strong>Each Individual Blocklist</strong>]]></description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>Max</strong> ] Setting]]></fielddescr> + <fieldname>p24_max_var</fieldname> + <description><![CDATA[Default: <strong>5</strong><br /> + Maximum number of Repeat Offenders allowed in a Single IP Range]]></description> + <type>select</type> + <options> + <option><name>5</name><value>5</value></option> + <option><name>10</name><value>10</value></option> + <option><name>15</name><value>15</value></option> + <option><name>20</name><value>20</value></option> + <option><name>25</name><value>25</value></option> + <option><name>50</name><value>50</value></option> + </options> + </field> + <field> + <fieldname></fieldname> + <fielddescr><![CDATA[<br /><strong>Collective List Reputation</strong><br /><br />]]></fielddescr> + <type>info</type> + <description></description> + </field> + <field> + <fieldname></fieldname> + <type>info</type> + <description><![CDATA[Once all Blocklists are Downloaded, these two 'additional' processes <strong>[ pMax ] and [ dMax ]</strong><br /> + Can be used to Further analyze for Repeat Offenders.<br /> + <ul>Analyzing All Blocklists as a Whole:</ul> + <ul><strong>[ pMax ]</strong> will analyze for Repeat Offenders in each IP Range but will not use the Country Exclusion.<br /> + Default is 50 IPs in any Range. Having 50 Repeat Offenders IPs in any Range will Block the entire Range.<br /><br /></ul> + <ul><strong>[ dMax ]</strong> will analyze for Repeat Offenders in each IP Range. Country Exclusions will be applied.<br /> + Default is 5 IPs in any Range.</ul> + Note: <strong>MAX</strong> performs on individual Blocklists, while <strong>pMAX / dMAX</strong> + perform on all Lists together.<br />]]> + </description> + </field> + <field> + <fielddescr>Enable pMAX</fielddescr> + <fieldname>enable_pdup</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in All BlockLists, <strong>Without</strong> Country Code Exclusion]]> + </description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>pMax</strong> ] Setting]]></fielddescr> + <fieldname>p24_pmax_var</fieldname> + <description><![CDATA[Default: <strong>50</strong><br />Maximum number of Repeat Offenders]]></description> + <type>select</type> + <options> + <option><name>50</name><value>50</value></option> + <option><name>25</name><value>25</value></option> + <option><name>20</name><value>20</value></option> + <option><name>15</name><value>15</value></option> + <option><name>10</name><value>10</value></option> + <option><name>5</name><value>5</value></option> + </options> + </field> + <field> + <fielddescr>Enable dMAX</fielddescr> + <fieldname>enable_dedup</fieldname> + <type>checkbox</type> + <description><![CDATA[Enables Search for Repeat Offenders in All BlockLists <strong>Using</strong> Country Code Exclusion]]> + </description> + </field> + <field> + <fielddescr><![CDATA[ [ <strong>dMax</strong> ] Setting]]></fielddescr> + <fieldname>p24_dmax_var</fieldname> + <description><![CDATA[Default: <strong>5</strong><br /> + Maximum number of Repeat Offenders]]></description> + <type>select</type> + <options> + <option><name>5</name><value>5</value></option> + <option><name>10</name><value>10</value></option> + <option><name>15</name><value>15</value></option> + <option><name>20</name><value>20</value></option> + <option><name>25</name><value>25</value></option> + <option><name>50</name><value>50</value></option> + </options> + </field> + <field> + <name>Country Code Settings</name> + <type>listtopic</type> + </field> + <field> + <fieldname>INFO</fieldname> + <type>info</type> + <description><![CDATA[When performing Queries for Repeat Offenders, you can choose to <strong>ignore</strong> Repeat Offenders in select + Countries. The Original Blocklisted IPs remain intact. All other Repeat Offending Country Ranges will be processed.<br /><br /> + Define Repeat Offending Ranges [ <strong>Action</strong> ] Available settings are:<br /> + <ul><strong>Ignore</strong>: Repeat Offenders that are in the 'ccwhite' category will be 'Ignored' (Default)</ul> + <ul><strong>Block:</strong> Repeat Offenders are set to Block the entire Repeat Offending Range(s)</ul> + <ul><strong>Match:</strong> Repeat Offenders are added to a 'Match' List which can be used in a Floating Match Rule<br /> + Selecting 'Match' will consume more processing time, so only select this option if you enable Rules for it.</ul> + '<strong>ccwhite</strong>' are Countries that are Selected to be excluded from the Repeat Offenders Search.<br /> + '<strong>ccblack</strong>' are all other Countries that are not selected.<br /><br /> + To use '<strong>Match</strong>' Lists, Create a new 'Alias' + and select one of the <strong>Action 'Match'</strong> Formats and<br /> enter the 'Localfile' as: + <ul>/var/db/pfblockerng/match/matchdedup.txt</ul>]]> + </description> + </field> + <field> + <fielddescr>ccwhite Action:</fielddescr> + <fieldname>ccwhite</fieldname> + <description><![CDATA[Default: <strong>Ignore</strong><br /> + Select the 'Action' format for ccwhite]]> + </description> + <type>select</type> + <options> + <option><name>Ignore</name><value>ignore</value></option> + <option><name>Match</name><value>match</value></option> + </options> + </field> + <field> + <fielddescr>ccblack Action:</fielddescr> + <fieldname>ccblack</fieldname> + <description><![CDATA[Default: <strong>Block</strong><br /> + Select the 'Action' format for ccblack]]> + </description> + <type>select</type> + <options> + <option><name>Block</name><value>block</value></option> + <option><name>Match</name><value>match</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>IPv4</strong><br />Country Exclusion<br /> + <br />Geolite Data by:<br />MaxMind Inc. (ISO 3166)]]></fielddescr> + <fieldname>ccexclude</fieldname> + <description> + <![CDATA[Select Countries you want to <strong>Exclude</strong> from the Reputation Process.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + {$et_options} + </options> + <size>20</size> + <multiple/> + </field> + <field> + <name>Emerging Threats IQRISK IPv4 Reputation</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Subscription Pro. Blocklist</fielddescr> + <fieldname>ETINFO</fieldname> + <type>info</type> + <description><![CDATA[<strong>Emerging Threats IQRisk</strong> is a Subscription Professional Reputation List.<br /><br /> + ET IQRisk Blocklist must be entered in the Lists Tab using the following example: + <ul>https://rules.emergingthreatspro.com/XXXXXXXXXXXXXXXX/reputation/iprepdata.txt.gz</ul> + Select the <strong>ET IQRisk'</strong> format. The URL should use the .gz File Type.<br /> + Enter your "ETPRO" code in URL. Further information can be found @ + <a target=_new href='http://emergingthreats.net/solutions/iqrisk-suite/'>ET IQRisk IP Reputation</a><br /><br /> + To use <strong>'Match'</strong> Lists, Create a new 'Alias' and select one of the <strong> + Action 'Match'</strong> Formats and <br /> + enter the 'Localfile' as: <ul>/var/db/pfblockerng/match/ETMatch.txt</ul> + ET IQRisk Individual Match Lists can be found in the following folder:<br /> + <ul>/var/db/pfblockerng/ET</ul> ]]> + </description> + </field> + <field> + <fielddescr>ET IQRisk Header Name</fielddescr> + <fieldname>et_header</fieldname> + <type>input</type> + <description><![CDATA[Enter the 'Header Name' referenced in the IPv4 List TAB for ET IQRisk IPRep.<br /> + This will be used to improve the Alerts TAB reporting for ET IPRep.]]> + </description> + </field> + <field> + <fielddescr>ET IQRISK BLOCK LISTS</fielddescr> + <fieldname>etblock</fieldname> + <description> + <![CDATA[Select Lists you want to BLOCK.<br /> + <strong>Use CTRL + CLICK to unselect Categories</strong> + <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]> + </description> + <type>select</type> + <options> + <option><name>ET CNC</name><value>ET_Cnc</value></option> + <option><name>ET BOT</name><value>ET_Bot</value></option> + <option><name>ET SPAM</name><value>ET_Spam</value></option> + <option><name>ET DROP</name><value>ET_Drop</value></option> + <option><name>ET Spyware CNC</name><value>ET_Spywarecnc</value></option> + <option><name>ET Online Gaming</name><value>ET_Onlinegaming</value></option> + <option><name>ET DrivebySRC</name><value>ET_Drivebysrc</value></option> + <option><name>ET Chat Server</name><value>ET_Chatserver</value></option> + <option><name>ET TOR Node</name><value>ET_Tornode</value></option> + <option><name>ET Compromised</name><value>ET_Compromised</value></option> + <option><name>ET P2P</name><value>ET_P2P</value></option> + <option><name>ET Proxy</name><value>ET_Proxy</value></option> + <option><name>ET IP Check</name><value>ET_Ipcheck</value></option> + <option><name>ET Utility</name><value>ET_Utility</value></option> + <option><name>ET DOS</name><value>ET_DDos</value></option> + <option><name>ET Scanner</name><value>ET_Scanner</value></option> + <option><name>ET Brute</name><value>ET_Brute</value></option> + <option><name>ET Fake AV</name><value>ET_Fakeav</value></option> + <option><name>ET DYN DNS</name><value>ET_Dyndns</value></option> + <option><name>ET Undersireable</name><value>ET_Undesireable</value></option> + <option><name>ET Abuse TLD</name><value>ET_Abusedtld</value></option> + <option><name>ET SelfSigned SSL</name><value>ET_Selfsignedssl</value></option> + <option><name>ET Blackhole</name><value>ET_Blackhole</value></option> + <option><name>ET RAS</name><value>ET_RAS</value></option> + <option><name>ET P2P CNC</name><value>ET_P2Pcnc</value></option> + <option><name>ET Shared Hosting</name><value>ET_Sharedhosting</value></option> + <option><name>ET Parking</name><value>ET_Parking</value></option> + <option><name>ET VPN</name><value>ET_VPN</value></option> + <option><name>ET EXE Source</name><value>ET_Exesource</value></option> + <option><name>ET Mobile CNC</name><value>ET_Mobilecnc</value></option> + <option><name>ET Mobile Spyware</name><value>ET_Mobilespyware</value></option> + <option><name>ET Skype Node</name><value>ET_Skypenode</value></option> + <option><name>ET Bitcoin</name><value>ET_Bitcoin</value></option> + <option><name>ET DOS Attack</name><value>ET_DDosattack</value></option> + <option><name>Unknown</name><value>ET_Unknown</value></option> + </options> + <size>35</size> + <multiple/> + </field> + <field> + <fielddescr>ET IQRISK Match LISTS</fielddescr> + <fieldname>etmatch</fieldname> + <description> + <![CDATA[Select Lists you want to MATCH.<br /> + <strong>Use CTRL + CLICK to unselect Categories</strong> + <br /><br />Any Changes will take effect at the Next Scheduled CRON Task]]> + </description> + <type>select</type> + <options> + <option><name>ET CNC</name><value>ET_Cnc</value></option> + <option><name>ET BOT</name><value>ET_Bot</value></option> + <option><name>ET SPAM</name><value>ET_Spam</value></option> + <option><name>ET DROP</name><value>ET_Drop</value></option> + <option><name>ET Spyware CNC</name><value>ET_Spywarecnc</value></option> + <option><name>ET Online Gaming</name><value>ET_Onlinegaming</value></option> + <option><name>ET DrivebySRC</name><value>ET_Drivebysrc</value></option> + <option><name>ET Chat Server</name><value>ET_Chatserver</value></option> + <option><name>ET TOR Node</name><value>ET_Tornode</value></option> + <option><name>ET Compromised</name><value>ET_Compromised</value></option> + <option><name>ET P2P</name><value>ET_P2P</value></option> + <option><name>ET Proxy</name><value>ET_Proxy</value></option> + <option><name>ET IP Check</name><value>ET_Ipcheck</value></option> + <option><name>ET Utility</name><value>ET_Utility</value></option> + <option><name>ET DOS</name><value>ET_DDos</value></option> + <option><name>ET Scanner</name><value>ET_Scanner</value></option> + <option><name>ET Brute</name><value>ET_Brute</value></option> + <option><name>ET Fake AV</name><value>ET_Fakeav</value></option> + <option><name>ET DYN DNS</name><value>ET_Dyndns</value></option> + <option><name>ET Undersireable</name><value>ET_Undesireable</value></option> + <option><name>ET Abuse TLD</name><value>ET_Abusedtld</value></option> + <option><name>ET SelfSigned SSL</name><value>ET_Selfsignedssl</value></option> + <option><name>ET Blackhole</name><value>ET_Blackhole</value></option> + <option><name>ET RAS</name><value>ET_RAS</value></option> + <option><name>ET P2P CNC</name><value>ET_P2Pcnc</value></option> + <option><name>ET Shared Hosting</name><value>ET_Sharedhosting</value></option> + <option><name>ET Parking</name><value>ET_Parking</value></option> + <option><name>ET VPN</name><value>ET_VPN</value></option> + <option><name>ET EXE Source</name><value>ET_Exesource</value></option> + <option><name>ET Mobile CNC</name><value>ET_Mobilecnc</value></option> + <option><name>ET Mobile Spyware</name><value>ET_Mobilespyware</value></option> + <option><name>ET Skype Node</name><value>ET_Skypenode</value></option> + <option><name>ET Bitcoin</name><value>ET_Bitcoin</value></option> + <option><name>ET DOS Attack</name><value>ET_DDosattack</value></option> + <option><name>Unknown</name><value>ET_Unknown</value></option> + </options> + <size>35</size> + <multiple/> + </field> + <field> + <fielddescr>Update ET Categories</fielddescr> + <fieldname>et_update</fieldname> + <description><![CDATA[Default:<strong>Disable</strong><br /> + Select - Enable ET Update if Category Changes are Made.<br /> + You can perform a 'Force Update' to enable these changes.<br /> + Cron will also resync this list at the next Scheduled Update.]]> + </description> + <type>select</type> + <options> + <option><name>Disable</name><value>disabled</value></option> + <option><name>Enable</name><value>enabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input(\$_POST, \$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global \$pfb; + \$pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui> +EOF; + # Unset Arrays + unset ($options4, $options6, $et_options); + + $log = "Saving pfBlockerNG Reputation TAB \n"; + print $log; + pfb_logger("{$log}","3"); + + // Save pfBlockerng_reputation.xml file + @file_put_contents('/usr/local/pkg/pfblockerng/pfblockerng_reputation.xml',$xmlrep,LOCK_EX); + $log = "\n Country Code - XML File Update completed.\n"; + print $log; + pfb_logger("{$log}","3"); + + $now = date("m/d/y G.i:s", time()); + $log = "Country Code Update Ended - [ NOW ]\n"; + print "Country Code Update Ended - [ $now ]\n"; + pfb_logger("{$log}","3"); +} +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.priv.inc b/config/pfblockerng/pfblockerng.priv.inc new file mode 100644 index 00000000..092c34ae --- /dev/null +++ b/config/pfblockerng/pfblockerng.priv.inc @@ -0,0 +1,29 @@ +<?php + +global $priv_list; + +$priv_list['page-firewall-pfblockerng'] = array(); +$priv_list['page-firewall-pfblockerng']['name'] = "WebCfg - Firewall: pfBlockerNG"; +$priv_list['page-firewall-pfblockerng']['descr'] = "Allow access to pfBlockerNG package gui"; +$priv_list['page-firewall-pfblockerng']['match'] = array(); +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_reputation.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_v4lists.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_v6lists.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_top20.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Africa.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Asia.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Europe.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_NorthAmerica.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_Oceania.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_SouthAmerica.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pkg_edit.php?xml=pfblockerng/pfblockerng_sync.xml*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_update.php*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_alerts.php*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_log.php*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_diag_dns.php*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "widgets/javascript/pfblockerng.js*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "widgets/include/widget-pfblockerng.inc*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "widgets/widgets/pfblockerng.widget.php*"; +$priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng.inc*"; +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh new file mode 100644 index 00000000..c09d52e1 --- /dev/null +++ b/config/pfblockerng/pfblockerng.sh @@ -0,0 +1,927 @@ +#!/bin/sh +# pfBlockerNG IP Reputation Script - By BBcan177@gmail.com - 04-12-14 +# Copyright (C) 2014 BBcan177@gmail.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License Version 2 as +# published by the Free Software Foundation. You may not use, modify or +# distribute this program under any other version of the GNU General +# Public License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +now=$(/bin/date +%m/%d/%y' '%T) +mtype=$(/usr/bin/uname -m); + +# Application Paths +pathgrepcidr="/usr/pbi/pfblockerng-$mtype/bin/grepcidr" +pathgeoip="/usr/pbi/pfblockerng-$mtype/bin/geoiplookup" + +pathtar=/usr/bin/tar +pathgunzip=/usr/bin/gunzip +pathpfctl=/sbin/pfctl + +# Script Arguments +alias=$2 +max=$3 +dedup=$4 +cc=$(echo $5 | sed 's/,/, /g') +ccwhite=$(echo $6 | tr '[A-Z]' '[a-z]') +ccblack=$(echo $7 | tr '[A-Z]' '[a-z]') +etblock=$(echo $8 | sed 's/,/, /g') +etmatch=$(echo $9 | sed 's/,/, /g') + +# File Locations +pathgeoipdat=/var/db/pfblockerng/GeoIP.dat +pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt +masterfile=/var/db/pfblockerng/masterfile +mastercat=/var/db/pfblockerng/mastercat +geoiplog=/var/log/pfblockerng/geoip.log +errorlog=/var/log/pfblockerng/error.log + +# Folder Locations +etdir=/var/db/pfblockerng/ET +tmpxlsx=/tmp/xlsx/ + +pfbdeny=/var/db/pfblockerng/deny/ +pfborig=/var/db/pfblockerng/original/ +pfbmatch=/var/db/pfblockerng/match/ +pfbpermit=/var/db/pfblockerng/permit/ +pfbnative=/var/db/pfblockerng/native/ +pfsense_alias_dir=/var/db/aliastables/ + +# Store "Match" d-dedups in matchdedup.txt file +matchdedup=matchdedup.txt + +tempfile=/tmp/pfbtempfile +tempfile2=/tmp/pfbtempfile2 +dupfile=/tmp//pfbduptemp +dedupfile=/tmp/pfbdeduptemp +addfile=/tmp/pfBaddfile +syncfile=/tmp/pfbsyncfile +matchfile=/tmp/pfbmatchfile +tempmatchfile=/tmp/pfbtempmatchfile + +if [ ! -f $masterfile ]; then touch $masterfile; fi +if [ ! -f $mastercat ]; then touch $mastercat; fi +if [ ! -f $tempfile ]; then touch $tempfile; fi +if [ ! -f $tempfile2 ]; then touch $tempfile2; fi +if [ ! -f $dupfile ]; then touch $dupfile; fi +if [ ! -f $dedupfile ]; then touch $dedupfile; fi +if [ ! -f $addfile ]; then touch $addfile; fi +if [ ! -f $syncfile ]; then touch $syncfile; fi +if [ ! -f $matchfile ]; then touch $matchfile; fi +if [ ! -f $tempmatchfile ]; then touch $tempmatchfile; fi +if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi +if [ ! -d $etdir ]; then mkdir $etdir; fi +if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi + +########## +# Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group. +process24() { + +if [ ! -x $pathgeoip ]; then + echo "Process24 - Application [ GeoIP ] Not found. Can't proceed." + echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +# Download MaxMind GeoIP.dat Binary on first Install. +if [ ! -f $pathgeoipdat ]; then + echo "Downloading [ MaxMind GeoIP.dat ] [ $now ]" >> $geoiplog + /usr/local/pkg/pfblockerng/geoipupdate.sh bu +fi +# Exit if GeoIP.dat is not found. +if [ ! -f $pathgeoipdat ]; then + echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." + echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +count=$(grep -c ^ $pfbdeny$alias".txt") +echo; echo "Original File Count [ $count ]" + +grep -Ev "^(#|$)" $pfbdeny$alias".txt" | sort | uniq > $tempfile +> $dupfile; > $tempfile2; > $matchfile; > $tempmatchfile +data="$(cut -d '.' -f 1-3 $tempfile | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}')" +count=$(echo "$data" | grep -c ^); mcount=0; dcount=0; safe=0 +if [ "$data" == "" ]; then count=0; fi +matchoutfile="match"$header".txt" +# Classify Repeat Offenders by Country Code +if [ -f $pathgeoipdat ]; then + for ip in $data; do + ccheck=$($pathgeoip -f $pathgeoipdat "$ip.1" | cut -c 24-25) + case "$cc" in + *$ccheck*) + safe=$(($safe + 1)) + if [ "$ccwhite" == "match" -o "$ccblack" == "match" ]; then + echo "$ip." >> $matchfile + fi + ;; + *) + echo "$ip." >> $dupfile + ;; + esac + done +else + echo; echo "MaxMind Binary Database Missing [ $pathgeoipdat ], skipping p24 Process"; echo + echo "MaxMind Binary Database Missing [ $pathgeoipdat ], skipping p24 Process [ $now ]" >> $errorlog +fi +# Collect Match File Details +if [ -s "$matchfile" -a ! "$dedup" == "on" -a "$ccwhite" == "match" ]; then + mon=$(sed -e 's/^/^/' -e 's/\./\\\./g' $matchfile) + for ip in $mon; do + grep $ip $tempfile >> $tempfile2 + done + mcount=$(grep -c ^ $tempfile2) + if [ "$ccwhite" == "match" ]; then + sed 's/$/0\/24/' $matchfile >> $tempmatchfile + sed 's/^/\!/' $tempfile2 >> $tempmatchfile + fi +fi + +# If no Matches found remove previous Matchoutfile if exists. +if [ ! -s "$tempmatchfile" -a -f $matchoutfile ]; then rm -r $matchoutfile; fi +# Move Match File to the Match Folder by Individual Blocklist Name +if [ -s "$tempmatchfile" ]; then mv -f $tempmatchfile $pfbmatch$matchoutfile; fi + +# Find Repeat Offenders in each individual Blocklist Outfile +if [ -s "$dupfile" ]; then + > $tempfile2 + dup=$(sed -e 's/^/^/' -e 's/\./\\\./g' $dupfile) + for ip in $dup; do + grep $ip $tempfile >> $tempfile2 + done + dcount=$(grep -c ^ $tempfile2) + if [ "$ccblack" == "block" ]; then + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile2 $tempfile > $pfbdeny$alias".txt" + sed 's/$/0\/24/' $dupfile >> $pfbdeny$alias".txt" + elif [ "$ccblack" == "match" ]; then + sed 's/$/0\/24/' $dupfile >> $tempmatchfile + sed 's/^/\!/' $tempfile2 >> $tempmatchfile + else + : + fi +fi +if [ "$count" == "0" -a "$safe" == "0" ]; then echo; echo " Process /24 Stats [ $alias ] [ $now ] "; echo "------------------------------------------------"; fi +if [ "$count" == "0" ]; then echo "Found [ 0 ] IP range(s) over the threshold of [ $max ] p24 - CC Blacklist"; fi +if [ "$safe" == "0" ]; then echo "Found [ 0 ] IP range(s) over the threshold of [ $max ] p24 - CC Whitelist"; fi + +if [ -s "$dupfile" -o -s "$matchfile" ]; then +echo +echo " Process /24 Stats [ $alias ] [ $now ]" +echo "--------------------------------------------------------" +echo "Found [ $count ] IP range(s) over the threshold of [ $max ] on the CC Blacklist" +echo "Found [ $safe ] IP range(s) over the threshold of [ $max ] on the CC Whitelist" +echo +echo "Found [ $dcount ] CC Blacklisted IP Address(es) are being set to [ $ccblack ]" +# Skip Match Process if dedup=yes as it will create duplicates +if [ "$dedup" == "on" ]; then mcount=Skipped; fi +echo "Found [ $mcount ] CC Whitelisted IP Address(es) are being set to [ $ccwhite ]" +if [ "$ccblack" == "block" ]; then + echo; echo "Removed the following IP Ranges" + cat $dupfile | tr '\n' '|'; echo +else + echo "Skipped, CCBlack set to [ $ccblack ]" +fi +sort $pfbdeny$alias".txt" | uniq > $tempfile; mv -f $tempfile $pfbdeny$alias".txt" +echo "-------------------------------------------------------" +cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt") +echo "Post /24 Count [ $cocount ]"; echo +fi +} + + +########## +process255() { +# Remove IPs if exists over 255 IPs in a Range and replace with a single /24 Block +cp $pfbdeny$alias".txt" $tempfile; > $dedupfile + +data255="$(cut -d '.' -f 1-3 $tempfile | awk '{a[$0]++}END{for(i in a){if(a[i] > 255){print i}}}')" +if [ ! -z "$data255" ]; then + for ip in $data255; do + ii=$(echo "^$ip" | sed 's/\./\\\./g') + grep $ii $tempfile >> $dedupfile + done + awk 'FNR==NR{a[$0];next}!($0 in a)' $dedupfile $tempfile > $pfbdeny$alias".txt" + for ip in $data255; do echo $ip"0/24" >> $pfbdeny$alias".txt"; done +fi +} + + +########## +continent() { + +dupcheck=yes +# Check if Masterfile is Empty +hcheck=$(grep -c ^ $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi +# Check if Alias exists in Masterfile +lcheck=$(grep -m 1 "$alias " $masterfile ); if [ "$lcheck" == "" ]; then dupcheck=no; fi + +if [ "$dupcheck" == "yes" ]; then + # Grep Alias with a trailing Space character + grep "$alias[[:space:]]" $masterfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + cut -d' ' -f2 $masterfile > $mastercat +fi + +grep -Ev "^(#|$)" $pfbdeny$alias".txt" | sort | uniq > $tempfile + +if [ ! "$hcheck" -eq "0" ]; then + $pathgrepcidr -vf $mastercat $pfbdeny$alias".txt" > $tempfile; mv -f $tempfile $pfbdeny$alias".txt" +fi + +sed -e 's/^/'$alias' /' $pfbdeny$alias".txt" >> $masterfile +cut -d' ' -f2 $masterfile > $mastercat + +countg=$(grep -c ^ $pfborig$alias".orig") +countm=$(grep -c "$alias " $masterfile); counto=$(grep -c ^ $pfbdeny$alias".txt") +if [ "$countm" == "$counto" ]; then sanity="Passed"; else sanity=" ==> FAILED <== "; fi +echo "----------------------------------------------------------" +echo; echo " Post Duplication count [ $now ]" +echo "----------------------------------------------------------" +printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Check" +echo "----------------------------------------------------------" +printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" +echo "----------------------------------------------------------" +} + + +########## +# Process to remove Suppressed Entries and RFC 1918 and Misc IPs on each downloaded Blocklist +suppress() { + +if [ ! -x $pathgrepcidr ]; then + echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" + echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog + exit +fi + +if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then + # Find '/24' Blocked IPs that are single addresses in the Suppressed IP Address List. + # These '/24' Are converted to single Addresses excluding the Suppressed IPs. + data="$(cat $pfbsuppression)" + if [ ! -z "$data" -a ! -z "$cc" ]; then + # Loop thru each Updated List to remove Suppression and RFC1918 Addresses + if [ "$cc" == "suppressheader" ]; then + echo; echo "===[ Suppression Stats ]========================================"; echo + printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" + echo "----------------------------------------------------------------" + exit + fi + + for i in $cc; do + counter=0 + > $dupfile + alias=$(echo "${i%|*}") + pfbfolder=$(echo "${i#*|}") + + if [ ! "$alias" == "" ]; then + # Count (PRE) + countg=$(grep -c ^ $pfbfolder$alias".txt") + + grep -Ev "^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|#|$)" $pfbfolder$alias".txt" | + sort | uniq > $tempfile + # Count (Post RFC1918) + countm=$(grep -c ^ $tempfile) + + for ip in $data; do + found=""; ddcheck=""; + iptrim=$(echo $ip | cut -d '.' -f 1-3) + mask=$(echo $ip | cut -d"/" -f2) + found=$(grep -m1 $iptrim".0/24" $tempfile) + # If a Suppression is '/32' and a Blocklist has a full '/24' Block execute the following. + if [ ! "$found" == "" -a "$mask" == "32" ]; then + echo " Suppression $alias: $iptrim.0/24" + octet4=$(echo $ip | cut -d '.' -f 4 | sed 's/\/.*//') + dcheck=$(grep $iptrim".0/24" $dupfile) + if [ "$dcheck" == "" ]; then + echo $iptrim".0" >> $tempfile + echo $iptrim".0/24" >> $dupfile + counter=$(($counter + 1)) + # Add Individual IP addresses from Range excluding Suppressed IP + for i in $(/usr/bin/jot 255); do + if [ "$i" != "$octet4" ]; then + echo $iptrim"."$i >> $tempfile + counter=$(($counter + 1)) + fi + done + fi + fi + done + if [ -s $dupfile ]; then + # Remove '/24' Suppressed Ranges + awk 'FNR==NR{a[$0];next}!($0 in a)' $dupfile $tempfile > $tempfile2; mv -f $tempfile2 $tempfile + fi + # Remove All other Suppressions from Lists + $pathgrepcidr -vf $pfbsuppression $tempfile > $pfbfolder$alias".txt" + # Update Masterfiles. Don't execute if Duplication Process is Disabled + if [ "$dedup" == "x" ]; then + # Dont execute if Alias doesnt exist in Masterfile + lcheck=$(grep -m1 "$alias " $masterfile) + if [ ! "$lcheck" == "" ]; then + # Replace Masterfile with changes to List. + grep "$alias[[:space:]]" $masterfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + sed -e 's/^/'$alias' /' $pfbfolder$alias".txt" >> $masterfile + cut -d' ' -f2 $masterfile > $mastercat + fi + fi + countk=$(grep -c ^ $masterfile) + countx=$(grep -c ^ $pfbfolder$alias".txt") + counto=$(($countx - $counter)) + printf "%-20s %-10s %-10s %-10s %-10s\n" "$alias" "$countg" "$countm" "$counto" "$countk" + fi + done + fi +else + if [ "$cc" == "suppressheader" ]; then + echo "===[ Suppression Stats ]========================================"; echo + printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" + echo "----------------------------------------------------------------" + exit + fi + for i in $cc; do + alias=$(echo "${i%|*}") + pfbfolder=$(echo "${i#*|}") + + if [ ! "$alias" == "" ]; then + countg=$(grep -c ^ $pfbfolder$alias".txt") + grep -Ev "^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|#|$)" $pfbfolder$alias".txt" | + sort | uniq > $tempfile; mv -f $tempfile $pfbfolder$alias".txt" + countx=$(grep -c ^ $pfbfolder$alias".txt") + # Update Masterfiles. Don't execute if Duplication Process is Disabled or if No Suppression Changes Found + if [ "$dedup" == "x" -a "$countg" != "$countx" ]; then + # Dont execute if Alias doesnt exist in Masterfile + lcheck=$(grep -m1 "$alias " $masterfile) + if [ ! "$lcheck" == "" ]; then + # Replace Masterfile with changes to List. + grep "$alias[[:space:]]" $masterfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + sed -e 's/^/'$alias' /' $pfbfolder$alias".txt" >> $masterfile + cut -d' ' -f2 $masterfile > $mastercat + fi + fi + countm=$(grep -c ^ $pfbfolder$alias".txt") + counto=" - " + countk=$(grep -c ^ $masterfile) + printf "%-20s %-10s %-10s %-10s %-10s\n" "$alias" "$countg" "$countm" "$counto" "$countk" + fi + done +fi +} + + +########## +# Process to remove Duplicate Entries on each downloaded Blocklist Individually +duplicate() { + +if [ ! -x $pathgrepcidr ]; then + echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" + echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog + exit +fi + +dupcheck=yes +# Check if Masterfile is Empty +hcheck=$(grep -cv "^$" $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi +# Check if Alias exists in Masterfile +lcheck=$(grep -m1 "$alias " $masterfile); if [ "$lcheck" == "" ]; then dupcheck=no; fi + +if [ "$dupcheck" == "yes" ]; then + # Grep Alias with a trailing Space character + grep "$alias[[:space:]]" $masterfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + cut -d' ' -f2 $masterfile > $mastercat +fi + +grep -Ev "^(#|$)" $pfbdeny$alias".txt" | sort | uniq > $tempfile; mv -f $tempfile $pfbdeny$alias".txt" + +if [ ! "$hcheck" -eq "0" ]; then + $pathgrepcidr -vf $mastercat $pfbdeny$alias".txt" > $tempfile; mv -f $tempfile $pfbdeny$alias".txt" +fi + +sed -e 's/^/'$alias' /' $pfbdeny$alias".txt" >> $masterfile +cut -d' ' -f2 $masterfile > $mastercat + +countg=$(grep -c ^ $pfborig$alias".orig") +countm=$(grep -c "$alias " $masterfile); counto=$(grep -c ^ $pfbdeny$alias".txt") +if [ "$countm" == "$counto" ]; then sanity="Passed"; else sanity=" ==> FAILED <== "; fi +echo "----------------------------------------------------------" +printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Duplication count ]" +echo "----------------------------------------------------------" +printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" +echo "----------------------------------------------------------" +} + + +########## +# De-Duplication utilizing MaxMind GeoIP Country Code Whitelisting ("dmax" variable) +deduplication() { + +if [ ! -x $pathgeoip ]; then + echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed." + echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +# Download MaxMind GeoIP.dat on first Install. +if [ ! -f $pathgeoipdat ]; then + echo "Downloading [ MaxMind GeoIP.dat ] [ $now ]" >> $geoiplog + /usr/local/pkg/pfblockerng/geoipupdate.sh bu +fi + +# Exit if GeoIP.dat is not found +if [ ! -f $pathgeoipdat ]; then + echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." + echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 +echo; echo "Querying for Repeat Offenders" +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | + awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" +count=$(echo "$data" | grep -c ^) +if [ "$data" == "" ]; then count=0; fi +safe=0 +# Classify Repeat Offenders by Country Code +if [ -f $pathgeoipdat ]; then + echo "Classifying Repeat Offenders by GeoIP" + for ip in $data; do + ccheck=$($pathgeoip -f $pathgeoipdat "$ip.1" | cut -c 24-25) + case "$cc" in + *$ccheck*) + safe=$(($safe + 1)) + if [ "$ccwhite" == "match" -o "$ccblack" == "match" ]; then + echo "$ip." >> $matchfile + fi + ;; + *) + echo "$ip." >> $dupfile + ;; + esac + done +else + echo; echo "MaxMind Binary Database Missing [ $pathgeoipdat ], skipping d-dedup Process"; echo + echo "MaxMind Binary Database Missing [ $pathgeoipdat ], skipping d-dedup Process [ $now ]" >> $errorlog +fi +if [ -s "$matchfile" -a "$ccwhite" == "match" ]; then + echo "Processing [ Match ] IPs" + match=$(sed -e 's/^/^/' -e 's/\./\\\./g' $matchfile) + for mfile in $match; do + grep $mfile $pfbdeny*.txt >> $tempfile + done + sed 's/$/0\/24/' $matchfile >> $tempmatchfile + sed -e 's/.*://' -e 's/^/\!/' $tempfile >> $tempmatchfile + mv -f $tempmatchfile $pfbmatch$matchdedup + mcount=$(grep -c ^ $tempfile) + mmcount=$(($mcount + $mmcount)) +fi +# Find Repeat Offenders in each individual Blocklist Outfile +if [ -s "$dupfile" ]; then + echo "Processing [ Block ] IPs" + dup=$(cat $dupfile) + for ip in $dup; do + pcount=1; ii=$(echo "^$ip" | sed 's/\./\\\./g') + list=$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs grep -al $ii) + for blfile in $list; do + header=$(echo "${blfile##*/}" | cut -d '.' -f1) + grep $ii $blfile > $tempfile + if [ "$ccblack" == "block" ]; then + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $blfile > $tempfile2; mv -f $tempfile2 $blfile + if [ "$pcount" -eq "1" ]; then + echo $ip"0/24" >> $blfile + echo $header" "$ip >> $dedupfile + echo $header" "$ip"0/24" >> $addfile + pcount=2 + else + echo $header" "$ip >> $dedupfile + fi + else + if [ "$pcount" -eq "1" ]; then + matchoutfile="match"$header".txt" + echo $ip"0/24" >> $pfbmatch$matchoutfile + sed 's/^/\!/' $tempfile >> $pfbmatch$matchoutfile + mcount=$(grep -c ^ $pfbmatch$matchoutfile) + mmcount=$(($mcount + $mmcount)) + pcount=2 + fi + fi + done + done + # Remove Repeat Offenders in Masterfiles + if [ -s "$dedupfile" ]; then + echo "Removing [ Block ] IPs" + > $tempfile; > $tempfile2 + sed 's/\./\\\./g' $dedupfile > $tempfile2 + while IFS=' ' read -r ips; do grep "$ips" $masterfile >> $tempfile; done < $tempfile2 + dcount=$(grep -c ^ $tempfile) + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + cat $addfile >> $masterfile + cut -d' ' -f2 $masterfile > $mastercat + fi +fi + +echo; echo "d-Duplication Process [ $now ]"; echo "------------------------------------------------" +echo; echo "Found [ $count ] IP range(s) over the threshold of dmax= [ $max ]" +echo "Found [ $safe ] IP range(s) classified as Whitelisted" +echo; echo "Found [ $dcount ] CC Blacklisted IP Address(es) are being set to [ $ccblack ]" +echo "Found [ $mmcount ] CC Whitelisted IP Address(es) are being set to [ $ccwhite ]"; echo +if [ -s "$addfile" ]; then + echo; echo "Removed the following IP Ranges" + sed -e 's/^.* //' -e 's/0\/24//' $addfile | tr '\n' '|'; echo +fi +count=$(grep -c ^ $masterfile) +echo " [ Post d-Deduplication count ] [ $count ]"; echo + +# Write "1.1.1.1" to empty Final Blocklist Files +emptyfiles=$(find $pfbdeny -size 0) +for i in $emptyfiles; do echo "1.1.1.1" > $i; done +} + + +########## +# Process to perform a final De-Duplication on all of the BlockLists (Excluding Country Whitelist) ("pmax" variable). +pdeduplication(){ + +if [ ! -x $pathgeoip ]; then + echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed." + echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +# Download MaxMind GeoIP.dat on first Install. +if [ ! -f $pathgeoipdat ]; then + echo "Downloading [ MaxMind GeoIP.dat ] [ $now ]" >> $geoiplog + /usr/local/pkg/pfblockerng/geoipupdate.sh bu +fi +# Exit if GeoIP.dat is not found. +if [ ! -f $pathgeoipdat ]; then + echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." + echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog + exit +fi + +> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 +echo; echo "=====================================================================" +echo; echo "Querying for Repeat Offenders" +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | + awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" +count=$(echo "$data" | grep -c ^) +if [ "$data" == "" ]; then count=0; fi +# Find Repeat Offenders in each individual Blocklist Outfile +echo "Processing [ Block ] IPs" +for ip in $data; do + pcount=1; ii=$(echo "^$ip." | sed 's/\./\\\./g') + list=$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs grep -al $ii) + for blfile in $list; do + header=$(echo "${blfile##*/}" | cut -d '.' -f1) + grep $ii $blfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $blfile > $tempfile2; mv -f $tempfile2 $blfile + if [ "$pcount" -eq "1" ]; then + echo $ip".0/24" >> $blfile + echo $header" $ip." >> $dedupfile + echo $header" "$ip".0/24" >> $addfile + pcount=2 + else + echo $header" $ip." >> $dedupfile + fi + done +done +# Remove Repeat Offenders in Masterfile +if [ -s "$dedupfile" ]; then + echo "Removing [ Block ] IPs" + > $tempfile; > $tempfile2 + sed 's/\./\\\./g' $dedupfile > $tempfile2 + while IFS=' ' read -r ips; do grep "$ips" $masterfile >> $tempfile; done < $tempfile2 + dcount=$(grep -c ^ $tempfile) + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + cat $addfile >> $masterfile + cut -d' ' -f2 $masterfile > $mastercat +fi + +echo; echo "p-Duplication Process [ $now ]"; echo "------------------------------------------------" +echo "Found [ $dcount ] IP Address(es) are being set to [ block ]" +if [ -s "$addfile" ]; then + echo; echo "Removed the following IP Ranges" + sed -e 's/^.* //' -e 's/0\/24//' $addfile | tr '\n' '|'; echo +fi +count=$(grep -c ^ $masterfile) +echo; echo " [ Post p-Deduplication count ] [ $count ]" + +# Write "1.1.1.1" to empty Final Blocklist Files +emptyfiles=$(find $pfbdeny -size 0) +for i in $emptyfiles; do echo "1.1.1.1" > $i; done +} + + +########## +# Process to Split ET Pro IPREP into Category Files and Compile selected Blocked categories into Outfile +processet() { + +if [ ! -x $pathgunzip ]; then + echo "Application [ Gunzip ] Not found, Can't proceed." + echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog + exit +fi + +if [ -s $pfborig$alias".gz" ]; then + evar="ET_*" + # Remove Previous ET IPRep Files + [ -d $etdir ] && [ "$(ls -A $etdir)" ] && rm -r $etdir/$evar + > $tempfile; > $tempfile2 + + $pathgunzip -c $pfborig$alias".gz" > $pfborig$alias".raw" + + # ET CSV Format (IP, Category, Score) + echo; echo "Processing [ $alias ]" + while IFS="," read a b c; do + # Some ET Categories are not in use (For Future Use) + case "$b" in + 1) echo $a >> $etdir/ET_Cnc;; + 2) echo $a >> $etdir/ET_Bot;; + 3) echo $a >> $etdir/ET_Spam;; + 4) echo $a >> $etdir/ET_Drop;; + 5) echo $a >> $etdir/ET_Spywarecnc;; + 6) echo $a >> $etdir/ET_Onlinegaming;; + 7) echo $a >> $etdir/ET_Drivebysrc;; + 8) echo $a >> $etdir/ET_Cat8;; + 9) echo $a >> $etdir/ET_Chatserver;; + 10) echo $a >> $etdir/ET_Tornode;; + 11) echo $a >> $etdir/ET_Cat11;; + 12) echo $a >> $etdir/ET_Cat12;; + 13) echo $a >> $etdir/ET_Compromised;; + 14) echo $a >> $etdir/ET_Cat14;; + 15) echo $a >> $etdir/ET_P2P;; + 16) echo $a >> $etdir/ET_Proxy;; + 17) echo $a >> $etdir/ET_Ipcheck;; + 18) echo $a >> $etdir/ET_Cat18;; + 19) echo $a >> $etdir/ET_Utility;; + 20) echo $a >> $etdir/ET_DDos;; + 21) echo $a >> $etdir/ET_Scanner;; + 22) echo $a >> $etdir/ET_Cat22;; + 23) echo $a >> $etdir/ET_Brute;; + 24) echo $a >> $etdir/ET_Fakeav;; + 25) echo $a >> $etdir/ET_Dyndns;; + 26) echo $a >> $etdir/ET_Undesireable;; + 27) echo $a >> $etdir/ET_Abusedtld;; + 28) echo $a >> $etdir/ET_Selfsignedssl;; + 29) echo $a >> $etdir/ET_Blackhole;; + 30) echo $a >> $etdir/ET_RAS;; + 31) echo $a >> $etdir/ET_P2Pcnc;; + 32) echo $a >> $etdir/ET_Sharedhosting;; + 33) echo $a >> $etdir/ET_Parking;; + 34) echo $a >> $etdir/ET_VPN;; + 35) echo $a >> $etdir/ET_Exesource;; + 36) echo $a >> $etdir/ET_Cat36;; + 37) echo $a >> $etdir/ET_Mobilecnc;; + 38) echo $a >> $etdir/ET_Mobilespyware;; + 39) echo $a >> $etdir/ET_Skypenode;; + 40) echo $a >> $etdir/ET_Bitcoin;; + 41) echo $a >> $etdir/ET_DDosattack;; + *) echo $a >> $etdir/ET_Unknown;; + esac + done <"$pfborig$alias.raw" + data=$(ls $etdir) + echo "Compiling ET IP IQRisk REP Lists based upon User Selected Categories" + printf "%-10s %-25s\n" " Action" "Category" + echo "-------------------------------------------" + + for list in $data; do + case "$etblock" in + *$list*) + printf "%-10s %-25s\n" " Block: " "$list" + cat $etdir/$list >> $tempfile + ;; + esac + case "$etmatch" in + *$list*) + printf "%-10s %-25s\n" " Match: " "$list" + cat $etdir/$list >> $tempfile2 + ;; + esac + done + echo "-------------------------------------------" + + if [ -f $tempfile ]; then mv -f $tempfile $pfborig$alias".orig"; fi + if [ "$etmatch" != "x" ]; then mv -f $tempfile2 $pfbmatch/ETMatch.txt; fi + cicount=$(cat $etdir/$evar | grep -cv '^#\|^$'); cocount=$(grep -cv "^1\.1\.1\.1" $pfborig$alias".orig") + echo; echo "ET Folder count [ $cicount ] Outfile count [ $cocount ]" +else + echo; echo "No ET .GZ File Found!" +fi +} + +# Process to extract IP addresses from XLSX Files +processxlsx() { + +if [ ! -x $pathtar ]; then + echo "Application [ TAR ] Not found, Can't proceed." + echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog + exit +fi + +if [ -s $pfborig$alias".zip" ]; then + + $pathtar -xf $pfborig$alias".zip" -C $tmpxlsx + $pathtar -xOf $tmpxlsx*.[xX][lL][sS][xX] xl/sharedStrings.xml | + grep -aoEw "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | sort | uniq > $pfborig$alias".orig" + rm -r $tmpxlsx* + + cocount=$(grep -cv "^1\.1\.1\.1" $pfborig$alias".orig") + echo; echo "Download file count [ ZIP file ] Outfile count [ $cocount ]" +else + echo "XLSX Download File Missing" + echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog +fi +} + +closingprocess() { + +# Write "1.1.1.1" to empty Final Blocklist Files +emptyfiles=$(find $pfbdeny -size 0) +for i in $emptyfiles; do echo "1.1.1.1" > $i; done + +if [ -d "$pfborig" ] && [ "$(ls -A $pfborig)" ]; then + fcount=$(find $pfborig*.orig | xargs cat | grep -cv '^#\|^$') +else + fcount=0 +fi + +if [ "$alias" == "on" ]; then + sort -o $masterfile $masterfile + sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n $mastercat > $tempfile; mv -f $tempfile $mastercat + + echo; echo; echo "===[ FINAL Processing ]====================================="; echo + echo " [ Original count ] [ $fcount ]" + count=$(grep -c ^ $masterfile) + echo; echo " [ Processed Count ] [ $count ]"; echo + + s1=$(grep -cv "1\.1\.1\.1" $masterfile) + s2=$(find $pfbdeny ! -name "*_v6.txt" -type f | xargs cat | grep -cv "^1\.1\.1\.1") + s3=$(sort $mastercat | uniq -d | tail -30) + s4=$(find $pfbdeny ! -name "*_v6.txt" -type f | xargs cat | sort | uniq -d | tail -30 | grep -v "^1\.1\.1\.1") + + if [ -d "$pfbpermit" ] && [ "$(ls -A $pfbpermit)" ]; then + echo; echo "===[ Permit List IP Counts ]========================="; echo + wc -l $pfbpermit* | sort -n -r + fi + if [ -d "$pfbmatch" ] && [ "$(ls -A $pfbmatch)" ]; then + echo; echo "===[ Match List IP Counts ]=========================="; echo + wc -l $pfbmatch* | sort -n -r + fi + if [ -d "$pfbdeny" ] && [ "$(ls -A $pfbdeny)" ]; then + echo; echo "===[ Deny List IP Counts ]==========================="; echo + wc -l $pfbdeny* | sort -n -r + fi + if [ -d "$pfbnative" ] && [ "$(ls -A $pfbnative)" ]; then + echo; echo "===[ Native List IP Counts ] ==================================="; echo + wc -l $pfbnative* | sort -n -r + fi + if [ -d "$pfbdeny" ] && [ "$(ls -A $pfbdeny)" ]; then + emptylists=$(grep "1\.1\.1\.1" $pfbdeny* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:1.1.1.1/ /') + if [ ! -z "$emptylists" ]; then + echo; echo "====================[ Empty Lists w/1.1.1.1 ]=================="; echo + for list in $emptylists; do + echo $list + done + fi + fi + if [ -d "$pfborig" ] && [ "$(ls -A $pfborig)" ]; then + echo; echo "====================[ Last Updated List Summary ]=============="; echo + ls -lahtr $pfborig* | sed -e 's/\/.*\// /' -e 's/.orig//' | awk -v OFS='\t' '{print $6" "$7,$8,$9}' + fi + echo "==============================================================="; echo + echo "Sanity Check (Not Including IPv6) ** These two Counts should Match! **" + echo "------------" + echo "Masterfile Count [ $s1 ]" + echo "Deny folder Count [ $s2 ]"; echo + echo "Duplication Sanity Check (Pass=No IPs reported)" + echo "------------------------" + echo "Masterfile/Deny Folder Uniq check" + if [ ! -z "$s3" ]; then echo $s3; fi + echo "Deny Folder/Masterfile Uniq check" + if [ ! -z "$s4" ]; then echo $s4; fi + echo; echo "Sync Check (Pass=No IPs reported)" + echo "----------" +else + echo; echo "===[ FINAL Processing ]============================================="; echo + echo " [ Original count ] [ $fcount ]" + if [ -d "$pfbpermit" ] && [ "$(ls -A $pfbpermit)" ]; then + echo; echo "===[ Permit List IP Counts ]========================="; echo + wc -l $pfbpermit* | sort -n -r + fi + if [ -d "$pfbmatch" ] && [ "$(ls -A $pfbmatch)" ]; then + echo; echo "===[ Match List IP Counts ]=========================="; echo + wc -l $pfbmatch* | sort -n -r + fi + if [ -d "$pfbdeny" ] && [ "$(ls -A $pfbdeny)" ]; then + echo; echo "===[ Deny List IP Counts ]==========================="; echo + wc -l $pfbdeny* | sort -n -r + fi + if [ -d "$pfbnative" ] && [ "$(ls -A $pfbnative)" ]; then + echo; echo "===[ Native List IP Counts ] ==================================="; echo + wc -l $pfbnative* | sort -n -r + fi + if [ -d "$pfbdeny" ] && [ "$(ls -A $pfbdeny)" ]; then + emptylists=$(grep "1\.1\.1\.1" $pfbdeny* | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:1.1.1.1/ /') + if [ ! -z "$emptylists" ]; then + echo; echo "====================[ Empty Lists w/1.1.1.1 ]=================="; echo + for list in $emptylists; do + echo $list + done + fi + fi + if [ -d "$pfborig" ] && [ "$(ls -A $pfborig)" ]; then + echo; echo "====================[ Last Updated List Summary ]=============="; echo + ls -lahtr $pfborig* | sed -e 's/\/.*\// /' -e 's/.orig//' | awk -v OFS='\t' '{print $6" "$7,$8,$9}' + echo "===============================================================" + fi +fi + +echo; echo "IPv4 Alias Table IP Total"; echo "-----------------------------" +find $pfsense_alias_dir ! -name "*_v6.txt" -type f | xargs cat | grep -c ^ + +echo; echo "IPv6 Alias Table IP Total"; echo "-----------------------------" +find $pfsense_alias_dir -name "*_v6.txt" -type f | xargs cat | grep -c ^ + +echo; echo "Alias Table IP Counts"; echo "-----------------------------" +wc -l $pfsense_alias_dir*.txt | sort -n -r + +echo; echo "pfSense Table Stats"; echo "-------------------" +$pathpfctl -s memory | grep "table-entries" +pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}') +echo "Table Usage Count " $pfctlcount +} + +remove() { +# Remove Lists from Masterfiles and Delete Associated Files +echo +for i in $cc; do + header=$(echo "${i%*,}") + if [ ! "$header" == "" ]; then + # Make sure that Alias Exists in Masterfile before removal. + masterchk=$(grep -m1 "$header[[:space:]]" $masterfile) + if [ ! -z "$masterchk" ]; then + # Grep Header with a Trailing Space character + grep "$header[[:space:]]" $masterfile > $tempfile + awk 'FNR==NR{a[$0];next}!($0 in a)' $tempfile $masterfile > $tempfile2; mv -f $tempfile2 $masterfile + cut -d' ' -f2 $masterfile > $mastercat + fi + rm -rf $pfborig$header*; rm -rf $pfbdeny$header*; rm -rf $pfbmatch$header*; rm -rf $pfbpermit$header*; rm -rf $pfbnative$header* + echo "The Following list has been REMOVED [ $header ]" + fi + echo +done + +# Delete Masterfiles if they are empty +emptychk=$(find $masterfile -size 0) +if [ ! "$emptychk" == "" ]; then + rm -r $masterfile; rm -r $mastercat +fi +} + + +########## +# CALL APPROPRIATE PROCESSES using Script Argument $1 +case $1 in + continent) + continent + ;; + duplicate) + process255 + duplicate + ;; + suppress) + suppress + ;; + p24) + process24 + ;; + dedup) + deduplication + ;; + pdup) + pdeduplication + ;; + et) + processet + ;; + xlsx) + processxlsx + ;; + closing) + closingprocess + ;; + remove) + remove + ;; + *) + exit + ;; +esac +exit
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.widget.php b/config/pfblockerng/pfblockerng.widget.php new file mode 100644 index 00000000..647017ff --- /dev/null +++ b/config/pfblockerng/pfblockerng.widget.php @@ -0,0 +1,280 @@ +<?php +/* + pfBlockerNG.widget.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based Upon pfblocker : + Copyright 2011 Thomas Schaefer - Tomschaefer.org + Copyright 2011 Marcello Coutinho + Part of pfSense widgets (www.pfsense.org) + + Adapted From: + snort_alerts.widget.php + Copyright (C) 2009 Jim Pingle + mod 24-07-2012 + mod 28-02-2014 by Bill Meeks + + Javascript and Integration modifications by J. Nieuwenhuizen + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +@require_once("/usr/local/www/widgets/include/widget-pfblockerng.inc"); +@require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); +@require_once("guiconfig.inc"); +@require_once("globals.inc"); +@require_once("pfsense-utils.inc"); +@require_once("functions.inc"); + +pfb_global(); + +// Ackwnowlege Failed Downloads +if (isset($_POST['pfblockerngack'])) { + $clear = exec("/usr/bin/sed -i '' 's/FAIL/Fail/g' {$pfb['errlog']}"); + header("Location: ../../index.php"); +} + +// This function will create the counts +function pfBlockerNG_get_counts() { + global $config, $g, $pfb; + + // Collect Alias Count and Update Date/Time + $pfb_table = array(); + $out = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' title=\"No Rules are Defined using this Alias\" alt=\"\" />"; + $in = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' title=\"Rules are Defined using this Alias\" alt=\"\" />"; + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $cbalias) { + if (preg_match("/pfB_/", $cbalias['name'])) { + if (file_exists("{$pfb['aliasdir']}/{$cbalias['name']}.txt")) { + preg_match("/(\d+)/", exec("/usr/bin/grep -cv \"^1\.1\.1\.1\" {$pfb['aliasdir']}/{$cbalias['name']}.txt"), $matches); + $pfb_table[$cbalias['name']] = array("count" => $matches[1], "img" => $out); + $updates = exec("ls -ld {$pfb['aliasdir']}/{$cbalias['name']}.txt | awk '{ print $6,$7,$8 }'", $update); + $pfb_table[$cbalias['name']]['up'] = $updates; + } + } + } + } + + // Collect if Rules are defined using pfBlockerNG Aliases. + if (is_array($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + if (preg_match("/pfB_/",$rule['source']['address']) || preg_match("/pfb_/",$rule['source']['address'])) { + $pfb_table[$rule['source']['address']]['img'] = $in; + } + if (preg_match("/pfB_/",$rule['destination']['address']) || preg_match("/pfb_/",$rule['destination']['address'])) { + $pfb_table[$rule['destination']['address']]['img'] = $in; + } + } + return $pfb_table; + } +} + +// Status Indicator if pfBlockerNG is Enabled/Disabled +if ("{$pfb['enable']}" == "on") { + $pfb_status = "/themes/{$g['theme']}/images/icons/icon_pass.gif"; + $pfb_msg = "pfBlockerNG is Active."; +} else { + $pfb_status = "/themes/{$g['theme']}/images/icons/icon_block.gif"; + $pfb_msg = "pfBlockerNG is Disabled."; +} + +// Collect Total IP/Cidr Counts +$dcount = exec("cat {$pfb['denydir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); +$pcount = exec("cat {$pfb['permitdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); +$mcount = exec("cat {$pfb['matchdir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); +$ncount = exec("cat {$pfb['nativedir']}/*.txt | grep -cv '^#\|^$\|^1\.1\.1\.1'"); + +// Collect Number of Suppressed Hosts +if (file_exists("{$pfb['supptxt']}")) { + $pfbsupp_cnt = exec ("/usr/bin/grep -c ^ {$pfb['supptxt']}"); +} else { + $pfbsupp_cnt = 0; +} + +#check rule count +#(label, evaluations,packets total, bytes total, packets in, bytes in,packets out, bytes out) +$packets = exec("/sbin/pfctl -s labels", $debug); +if (!empty($debug)) { + foreach ($debug as $line) { + // Auto-Rules start with 'pfB_', Alias Rules should start with 'pfb_' and exact spelling of Alias Name. + $line = str_replace("pfb_","pfB_",$line); + if ("{$pfb['pfsenseversion']}" >= '2.2') { + #USER_RULE: pfB_Top auto rule 8494 17 900 17 900 0 0 0 + if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/", $line, $matches)) { + if (isset($matches)) { + ${$matches[1]}+=$matches[2]; + } else { + ${$matches[1]} = 'Err'; + } + } + } else { + #USER_RULE: pfB_Top auto rule 1656 0 0 0 0 0 0 + if (preg_match("/USER_RULE: (\w+).*\s+\d+\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+/", $line, $matches)) { + if (isset($matches)) { + ${$matches[1]}+=$matches[2]; + } else { + ${$matches[1]} = 'Err'; + } + } + } + } +} + +// Called by Ajax to update alerts table contents +if (isset($_GET['getNewCounts'])) { + $response = ""; + $pfb_table = pfBlockerNG_get_counts(); + if (!empty($pfb_table)) { + foreach ($pfb_table as $alias => $values){ + if (!isset(${$alias})) { ${$alias} = "-";} + $response .= $alias . "||" . $values['count'] . "||" . ${$alias} . "||" . $values['up'] . "||" . $values['img'] . "\n"; + } + echo $response; + return; + } +} + +// Report any Failed Downloads +$results = array(); +$fails = exec("grep $(date +%m/%d/%y) {$pfb['errlog']} | grep 'FAIL'", $results); + +// Print widget Status Bar Items +?> + <div class="marinarea"> + <table border="0" cellspacing="0" cellpadding="0"> + <thead> + <tr> + <td valign="middle"> <img src="<?= $pfb_status ?>" width="13" height="13" border="0" title="<?=gettext($pfb_msg) ?>" alt="" /></td> + <td valign="middle"> </td> + <td valign="middle" p style="font-size:10px"> + <?php if ($dcount != 0): ?> + <?=gettext("Deny:"); echo(" <strong>" . $dcount . "</strong>") ?> + <?php endif; ?> + <?php if ($pcount != 0): ?> + <?=gettext(" Permit:"); echo(" <strong>" . $pcount . "</strong>") ?> + <?php endif; ?> + <?php if ($mcount != 0): ?> + <?=gettext(" Match:"); echo(" <strong>" . $mcount . "</strong>"); ?> + <?php endif; ?> + <?php if ($ncount != 0): ?> + <?=gettext(" Native:"); echo(" <strong>" . $ncount . "</strong>"); ?> + <?php endif; ?> + <?php if ($pfbsupp_cnt != 0): ?> + <?=gettext(" Supp:"); echo(" <strong>" . $pfbsupp_cnt . "</strong>"); ?> + <?php endif; ?></td> + <td valign="middle"> </td> + <td valign="top"><a href="pfblockerng/pfblockerng_log.php"><img src="/themes/<?=$g['theme']; ?>/images/icons/icon_logs.gif" width="13" height="13" border="0" title="<?=gettext("View pfBlockerNG Logs TAB") ?>" alt="" /></a> + <td valign="top"> + <?php if (!empty($results)): ?> <!--Hide "Ack" Button when Failed Downloads are Empty--> + <form action="/widgets/widgets/pfblockerng.widget.php" method="post" name="widget_pfblockerng_ack"> + <input type="hidden" value="clearack" name="pfblockerngack" /> + <input class="vexpl" type="image" name="pfblockerng_ackbutton" src="/themes/<?=$g['theme']; ?>/images/icons/icon_x.gif" width="14" height="14" border="0" title="<?=gettext("Clear Failed Downloads") ?>"/> + </form> + <?php endif; ?> + </td> + </tr> + </thead> + </table> + </div> + + <table id="pfb-tblfails" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tbody id="pfb-fails"> +<?php + +if ("{$pfb['pfsenseversion']}" > '2.0') { + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; + $alertColClass = "listMRr"; +} else { + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; + $alertColClass = "listr"; +} + +# Last errors first +$results = array_reverse($results); + +$counter = 0; +# Max errors to display +$maxfailcount = 3; +if (!empty($results)) { + foreach ($results as $result) { + $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; + if (!isset(${$alias})) { ${$alias} = "-";} + echo(" <tr class='" . $alertRowClass . "'><td class='" . $alertColClass . "'>" . $result . "</td><tr>"); + $counter++; + if ($counter > $maxfailcount) { + # To many errors stop displaying + echo(" <tr class='" . $alertRowClass . "'><td class='" . $alertColClass . "'>" . (count($results) - $maxfailcount) . " more error(s)...</td><tr>"); + break; + } + } +} + +// Print Main Table Header +?> + </tbody> + </table> + <table id="pfb-tbl" width="100%" border="0" cellspacing="0" cellpadding="0"> + <thead> + <tr> + <th class="widgetsubheader" align="center"><?=gettext("Alias");?></th> + <th title="The count can be a mixture of Single IPs or CIDR values" class="widgetsubheader" align="center"><?=gettext("Count");?></th> + <th title="Packet Counts can be cleared by the pfSense filter_configure() function. Make sure Rule Descriptions start with 'pfB_'" class="widgetsubheader" align="center"><?=gettext("Packets");?></th> + <th title="Last Update (Date/Time) of the Alias " class="widgetsubheader" align="center"><?=gettext("Updated");?></th> + <th class="widgetsubheader" align="center"><?php echo $out; ?><?php echo $in; ?></th> + </tr> + </thead> + <tbody id="pfbNG-entries"> +<?php +// Print Main Table Body +$pfb_table = pfBlockerNG_get_counts(); +$counter=0; +if (is_array($pfb_table)) { + foreach ($pfb_table as $alias => $values) { + $evenRowClass = $counter % 2 ? " listMReven" : " listMRodd"; + if (!isset(${$alias})) { ${$alias} = "-";} + echo(" <tr class='" . $evenRowClass . "'> + <td class='listMRr ellipsis'>{$alias}</td> + <td class='listMRr' align='center'>{$values['count']}</td> + <td class='listMRr' align='center'>{${$alias}}</td> + <td class='listMRr' align='center'>{$values['up']}</td> + <td class='listMRr' align='center'>{$values['img']}</td> + </tr>"); + $counter++; + } +} + +?> +</tbody> +</table> + +<script type="text/javascript"> +//<![CDATA[ + var pfBlockerNGupdateDelay = 10000; // update every 10000 ms +//]]> +</script>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml new file mode 100644 index 00000000..9442bc7f --- /dev/null +++ b/config/pfblockerng/pfblockerng.xml @@ -0,0 +1,491 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ======================================================================================= */ +/* + pfBlockerNG.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +/* +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +/* +/* ====================================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerng</name> + <version>1.0</version> + <title>pfBlockerNG: General Settings</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <configfile>pfblockerng.xml</configfile> + <tooltiptext>Configure pfBlockerNG</tooltiptext> + <section>Firewall</section> + <url>/pkg_edit.php?xml=pfblockerng.xml</url> + </menu> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.inc</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_alerts.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_update.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_log.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_diag_dns.php</item> + <prefix>/usr/local/www/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.widget.php</item> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/widget-pfblockerng.inc</item> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.js</item> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_top20.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_v4lists.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_v6lists.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_sync.xml</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0644</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/countrycodes.tar.bz2</item> + <prefix>/var/db/pfblockerng/cc/</prefix> + <chmod>0444</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.sh</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/geoipupdate.sh</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name>pfBlockerNG General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname></fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]></description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<strong>Enable pfBlockerNG</strong>]]></fielddescr> + <fieldname>enable_cb</fieldname> + <type>checkbox</type> + <description><![CDATA[Note - with "Keep settings" enabled, pfBlockerNG will maintain run state on Installation/Upgrade<br /> + If "Keep Settings" is not "enabled" on pkg Install/De-Install, all Settings will be Wiped!]]></description> + </field> + <field> + <fielddescr>CRON MIN Start Time</fielddescr> + <fieldname>pfb_min</fieldname> + <description><![CDATA[Default: <strong> : 00</strong><br /> + Select Cron Update Minute ]]></description> + <type>select</type> + <options> + <option><name> : 00</name><value>0</value></option> + <option><name> : 15</name><value>15</value></option> + <option><name> : 30</name><value>30</value></option> + <option><name> : 45</name><value>45</value></option> + </options> + </field> + <field> + <fielddescr>CRON Base Hour Start Time</fielddescr> + <fieldname>pfb_hour</fieldname> + <description><![CDATA[Default: <strong> 1 </strong><br /> + Select Cron Base Start Hour ]]></description> + <type>select</type> + <options> + <option><name>1</name><value>0</value></option> + <option><name>0</name><value>1</value></option> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> + <option><name>4</name><value>4</value></option> + <option><name>5</name><value>5</value></option> + <option><name>6</name><value>6</value></option> + <option><name>7</name><value>7</value></option> + <option><name>8</name><value>8</value></option> + <option><name>9</name><value>9</value></option> + <option><name>10</name><value>10</value></option> + <option><name>11</name><value>11</value></option> + <option><name>12</name><value>12</value></option> + <option><name>13</name><value>13</value></option> + <option><name>14</name><value>14</value></option> + <option><name>15</name><value>15</value></option> + <option><name>16</name><value>16</value></option> + <option><name>17</name><value>17</value></option> + <option><name>18</name><value>18</value></option> + <option><name>19</name><value>19</value></option> + <option><name>20</name><value>20</value></option> + <option><name>21</name><value>21</value></option> + <option><name>22</name><value>22</value></option> + <option><name>23</name><value>23</value></option> + </options> + </field> + <field> + <fielddescr>'Daily/Weekly' Start Hour</fielddescr> + <fieldname>pfb_dailystart</fieldname> + <description><![CDATA[Default: <strong> 1 </strong><br /> + Select 'Daily' Schedule Start Hour <br /> + This is used for the 'Daily/Weekly' Scheduler Only.]]></description> + <type>select</type> + <options> + <option><name>1</name><value>0</value></option> + <option><name>0</name><value>1</value></option> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> + <option><name>4</name><value>4</value></option> + <option><name>5</name><value>5</value></option> + <option><name>6</name><value>6</value></option> + <option><name>7</name><value>7</value></option> + <option><name>8</name><value>8</value></option> + <option><name>9</name><value>9</value></option> + <option><name>10</name><value>10</value></option> + <option><name>11</name><value>11</value></option> + <option><name>12</name><value>12</value></option> + <option><name>13</name><value>13</value></option> + <option><name>14</name><value>14</value></option> + <option><name>15</name><value>15</value></option> + <option><name>16</name><value>16</value></option> + <option><name>17</name><value>17</value></option> + <option><name>18</name><value>18</value></option> + <option><name>19</name><value>19</value></option> + <option><name>20</name><value>20</value></option> + <option><name>21</name><value>21</value></option> + <option><name>22</name><value>22</value></option> + <option><name>23</name><value>23</value></option> + </options> + </field> + <field> + <fielddescr>Enable De-Duplication</fielddescr> + <fieldname>enable_dup</fieldname> + <type>checkbox</type> + <description>Only for IPv4 Lists</description> + </field> + <field> + <fielddescr>Enable Suppression</fielddescr> + <fieldname>suppression</fieldname> + <type>checkbox</type> + <description><![CDATA[This will prevent Selected IPs from being Blocked. Only for IPv4 Lists (/32 and /24).<br /> + Country Blocking Lists cannot be Suppressed.<br /> + This will also remove any RFC1918 addresses from all Lists.<br /><br /> + Alerts can be Suppressed using the '+' icon in the Alerts Tab and IPs added to the 'pfBlockerNGSuppress' Alias<br /> + A Blocked IP in a CIDR other than /24 will need to be Suppressed by an 'Permit Outbound' Firewall Rule]]> + </description> + </field> + <field> + <fielddescr><![CDATA[<strong>Keep Settings</strong>/Lists After Disable/Re-Install/De-Install]]></fielddescr> + <fieldname>pfb_keep</fieldname> + <type>checkbox</type> + <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> + </field> + <field> + <fielddescr>Global Enable Logging</fielddescr> + <fieldname>enable_log</fieldname> + <type>checkbox</type> + <description>Enable Global Logging to Status: System Logs: FIREWALL ( Log ). This overrides any Log Settings in the Alias Tabs.</description> + </field> + <field> + <fielddescr>Disable MaxMind Country Database CRON Updates</fielddescr> + <fieldname>database_cc</fieldname> + <type>checkbox</type> + <description><![CDATA[This will Disable the MaxMind Monthly Country Database Cron Update.<br /> + This does not affect the MaxMind Binary Cron Task]]> + </description> + </field> + <field> + <fielddescr>Logfile Size</fielddescr> + <fieldname>log_maxlines</fieldname> + <description><![CDATA[Default:<strong>20000</strong><br /> + Select number of Lines to Keep in Log File]]></description> + <type>select</type> + <options> + <option><name>20000</name><value>20000</value></option> + <option><name>40000</name><value>40000</value></option> + <option><name>60000</name><value>60000</value></option> + <option><name>80000</name><value>80000</value></option> + <option><name>100000</name><value>100000</value></option> + <option><name>No Limit</name><value>nolimit</value></option> + </options> + </field> + <field> + <name><![CDATA[Interface/Rules Configuration]]> </name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Inbound Interface(s)</fielddescr> + <fieldname>inbound_interface</fieldname> + <description>Select the Inbound interface(s) you want to Apply Auto Rules to</description> + <type>interfaces_selection</type> + <hideinterfaceregex>loopback</hideinterfaceregex> + <required/> + <multiple/> + </field> + <field> + <fielddescr> - Rule Action</fielddescr> + <fieldname>inbound_deny_action</fieldname> + <description><![CDATA[Default:<strong>Block</strong><br /> + Select 'Rule Action' for Inbound Rules]]></description> + <type>select</type> + <options> + <option><name>Block</name><value>block</value></option> + <option><name>Reject</name><value>reject</value></option> + </options> + </field> + <field> + <fielddescr>Outbound Interface(s)</fielddescr> + <fieldname>outbound_interface</fieldname> + <description>Select the Outbound interface(s) you want to Apply Auto Rules to</description> + <type>interfaces_selection</type> + <hideinterfaceregex>loopback</hideinterfaceregex> + <required/> + <multiple/> + </field> + <field> + <fielddescr> - Rule Action</fielddescr> + <fieldname>outbound_deny_action</fieldname> + <description><![CDATA[Default:<strong>Reject</strong><br /> + Select 'Rule Action' for Outbound rules]]></description> + <type>select</type> + <options> + <option><name>Reject</name><value>reject</value></option> + <option><name>Block</name><value>block</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[<strong>OpenVPN Interface</strong>]]></fielddescr> + <fieldname>openvpn_action</fieldname> + <type>checkbox</type> + <description>Select to add Auto-Rules for OpenVPN. These will be added to 'Floating Rules' or OpenVPN Rules Tab.</description> + </field> + <field> + <fielddescr><![CDATA[<strong>Floating Rules</strong>]]></fielddescr> + <fieldname>enable_float</fieldname> + <type>checkbox</type> + <description><![CDATA[<strong>Enabled: </strong> Auto-Rules will be generated in the 'Floating Rules' Tab<br /><br /> + <strong>Disabled:</strong> Auto-Rules will be generated in the Selected Inbound/Outbound Interfaces<br /><br /> + <strong>Rules will be ordered by the selection below.</strong>]]></description> + </field> + <field> + <fielddescr><![CDATA[<strong>Rule Order</strong>]]></fielddescr> + <fieldname>pass_order</fieldname> + <description><![CDATA[<br />Default Order: <strong> | pfB_Block/Reject | All other Rules | (original format)<br /></strong><br /> + Select The '<strong>Order</strong>' of the Rules<br /> + Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.<br /> + Selecting any other 'Order' will re-order <strong>all the Rules to the format indicated!</strong>]]></description> + <type>select</type> + <options> + <option><name>| pfB_Block/Reject | All other Rules | (original format)</name><value>order_0</value></option> + <option><name>| pfSense Pass/Match | pfB_Pass/Match | pfB_Block/Reject |</name><value>order_1</value></option> + <option><name>| pfB_Pass/Match | pfSense Pass/Match | pfB_Block/Reject |</name><value>order_2</value></option> + <option><name>| pfB_Pass/Match | pfB_Block/Reject | pfSense Pass/Match |</name><value>order_3</value></option> + </options> + </field> + <field> + <fielddescr><![CDATA[<strong>Auto Rule Suffix</strong>]]></fielddescr> + <fieldname>autorule_suffix</fieldname> + <description><![CDATA[Default:<strong>auto rule</strong><br /> + Select 'Auto Rule' Description Suffix for Auto Defined rules. pfBlockerNG Must be Disabled to Modify Suffix]]></description> + <type>select</type> + <options> + <option><name>auto rule</name><value>autorule</value></option> + <option><name>Null (no suffix)</name><value>standard</value></option> + <option><name>AR</name><value>ar</value></option> + </options> + </field> + <field> + <name><![CDATA[Acknowledgements]]> </name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Credits</fielddescr> + <fieldname>credits</fieldname> + <type>info</type> + <description><![CDATA[<strong> + pfBlockerNG</strong> Created in 2014 by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=238481'>BBcan177.</a> + <br /><br />Based upon pfBlocker by Marcello Coutinho and Tom Schaefer.<br /> + Country Database GeoLite distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License by: + MaxMind Inc. @ <a target=_new href='http://www.maxmind.com'>MaxMind.com</a>. + The Database is Automatically Updated the First Tuesday of Each Month]]></description> + </field> + <field> + <fielddescr>pfBlocker Validation Check</fielddescr> + <fieldname>pfblocker_cb</fieldname> + <type>checkbox</type> + <description>Disable pfBlockerNG if the pfBlocker package is Enabled. Click to Disable this validation check.</description> + </field> + <field> + <fielddescr>Gold Membership</fielddescr> + <type>info</type> + <description><![CDATA[If you like this package, please Support pfSense by subscribing to a <a target=_new href='https://portal.pfsense.org/gold-subscription.php'>Gold Membership</a><br /> or support the developer @ BBCan177@gmail.com]]></description> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php new file mode 100644 index 00000000..541d1e03 --- /dev/null +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -0,0 +1,768 @@ +<?php +/* + pfBlockerNG_Alerts.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Portions of this code are based on original work done for + pfSense from the following contributors: + + Parts based on works from Snort_alerts.php + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Javascript Hostname Lookup modifications by J. Nieuwenhuizen + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("util.inc"); +require_once("guiconfig.inc"); +require_once("globals.inc"); +require_once("filter_log.inc"); +require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + +pfb_global(); + +// Application Paths +$pathgeoip = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup"; +$pathgeoip6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/bin/geoiplookup6"; + +// Define File Locations +$filter_logfile = "{$g['varlog_path']}/filter.log"; +$pathgeoipdat = "{$pfb['dbdir']}/GeoIP.dat"; +$pathgeoipdat6 = "{$pfb['dbdir']}/GeoIPv6.dat"; + +// Emerging Threats IQRisk Header Name Reference +$pfb['et_header'] = TRUE; +$et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; +if (empty($et_header)) + $pfb['et_header'] = FALSE; + +// Collect pfBlockerNGSuppress Alias and Create pfbsuppression.txt +if ($pfb['supp'] == "on") + pfb_create_suppression_file(); + +// Collect Number of Suppressed Hosts +if (file_exists("{$pfb['supptxt']}")) { + $pfbsupp_cnt = exec ("/usr/bin/grep -c ^ {$pfb['supptxt']}"); +} else { + $pfbsupp_cnt = 0; +} + +// Collect pfBlockerNG Rule Names and Number +$rule_list = array(); +$results = array(); +$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); + +if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; +if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; +if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; +if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) + $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; +if (empty($config['installedpackages']['pfblockerngglobal']['hostlookup'])) + $config['installedpackages']['pfblockerngglobal']['hostlookup'] = 'off'; + +if (isset($_POST['save'])) { + if (!is_array($config['installedpackages']['pfblockerngglobal'])) + $config['installedpackages']['pfblockerngglobal'] = array(); + $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = $_POST['alertrefresh'] ? 'on' : 'off'; + $config['installedpackages']['pfblockerngglobal']['hostlookup'] = $_POST['hostlookup'] ? 'on' : 'off'; + if (is_numeric($_POST['pfbdenycnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = $_POST['pfbdenycnt']; + if (is_numeric($_POST['pfbpermitcnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = $_POST['pfbpermitcnt']; + if (is_numeric($_POST['pfbmatchcnt'])) + $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = $_POST['pfbmatchcnt']; + + write_config("pfBlockerNG pkg: updated ALERTS tab settings."); + header("Location: " . $_SERVER['PHP_SELF']); + exit; +} + +if (is_array($config['installedpackages']['pfblockerngglobal'])) { + $alertrefresh = $config['installedpackages']['pfblockerngglobal']['alertrefresh']; + $hostlookup = $config['installedpackages']['pfblockerngglobal']['hostlookup']; + $pfbdenycnt = $config['installedpackages']['pfblockerngglobal']['pfbdenycnt']; + $pfbpermitcnt = $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']; + $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; +} + +// Collect pfBlockerNG Firewall Rules +if (!empty($results)) { + foreach ($results as $result) { + + # Find Rule Descriptions + $descr = ""; + if (preg_match("/USER_RULE: (\w+)/",$result,$desc)) + $descr = $desc[1]; + + if ($pfb['pfsenseversion'] >= '2.2') { + preg_match ("/@(\d+)\(/",$result, $rule); + } else { + preg_match ("/@(\d+)\s/",$result, $rule); + } + + $id = $rule[1]; + # Create array of Rule Description and pfctl Rule Number + $rule_list['id'][] = $id; + $rule_list[$id]['name'] = $descr; + } +} + +// Add IP to the Suppression Alias +if (isset($_POST['addsuppress'])) { + $ip = ""; + if (isset($_POST['ip'])) { + $ip = $_POST['ip']; + $table = $_POST['table']; + $descr = $_POST['descr']; + $cidr = $_POST['cidr']; + + // If Description or CIDR field is empty, exit. + if (empty($descr) || empty($cidr)) { + header("Location: " . $_SERVER['PHP_SELF']); + exit; + } + + if (is_ipaddr($ip)) { + + $savemsg1 = "Host IP address {$ip}"; + if (is_ipaddrv4($ip)) { + $iptrim1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.0/24', $ip); + $iptrim2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$1.$2.$3.', $ip); + $iptrim3 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$4', $ip); + + if ($cidr == "32") { + $pfb_pfctl = exec ("/sbin/pfctl -t {$table} -T show | grep {$iptrim1} 2>&1"); + + if ($pfb_pfctl == "") { + $savemsg2 = " : Removed /32 entry"; + exec ("/sbin/pfctl -t {$table} -T delete {$ip}"); + } else { + $savemsg2 = " : Removed /24 entry, added 254 addr"; + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1}"); + for ($add_ip=0; $add_ip <= 255; $add_ip++){ + if ($add_ip != $iptrim3) { + exec ("/sbin/pfctl -t {$table} -T add {$iptrim2}{$add_ip}"); + } + } + } + } else { + $cidr = 24; + $savemsg2 = " : Removed /24 entry"; + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim1} 2>&1", $pfb_pfctl); + if (!preg_grep("/1\/1 addresses deleted/", $pfb_pfctl)) { + $savemsg2 = " : Removed all entries"; + // Remove 0-255 IP Address from Alias Table + for ($del_ip=0; $del_ip <= 255; $del_ip++){ + exec ("/sbin/pfctl -t {$table} -T delete {$iptrim2}{$del_ip}"); + } + } + } + } + + // Collect pfBlockerNGSuppress Alias Contents + $pfb_sup_list = array(); + $pfb_sup_array = array(); + $pfb['found'] = FALSE; + $pfb['update'] = FALSE; + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == "pfBlockerNGSuppress") { + $data = $alias['address']; + $data2 = $alias['detail']; + $arr1 = explode(" ",$data); + $arr2 = explode("||",$data2); + + if (!empty($data)) { + $row = 0; + foreach ($arr1 as $host) { + $pfb_sup_list[] = $host; + $pfb_sup_array[$row]['host'] = $host; + $row++; + } + $row = 0; + foreach ($arr2 as $detail) { + $pfb_sup_array[$row]['detail'] = $detail; + $row++; + } + } + $pfb['found'] = TRUE; + } + } + } + + // Call Function to Create Suppression Alias if not found. + if (!$pfb['found']) + pfb_create_suppression_alias(); + + // Save New Suppress IP to pfBlockerNGSuppress Alias + if (in_array($ip . '/' . $cidr, $pfb_sup_list)) { + $savemsg = gettext("Host IP address {$ip} already exists in the pfBlockerNG Suppress Table."); + } else { + if (!$pfb['found'] && empty($pfb_sup_list)) { + $next_id = 0; + } else { + $next_id = count($pfb_sup_list); + } + $pfb_sup_array[$next_id]['host'] = $ip . '/' . $cidr; + $pfb_sup_array[$next_id]['detail'] = $descr; + + $address = ""; + $detail = ""; + foreach ($pfb_sup_array as $pfb_sup) { + $address .= $pfb_sup['host'] . " "; + $detail .= $pfb_sup['detail'] . "||"; + } + + // Find pfBlockerNGSuppress Array ID Number + if (is_array($config['aliases']['alias'])) { + $pfb_id = 0; + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name'] == "pfBlockerNGSuppress") { + break; + } + $pfb_id++; + } + } + + $config['aliases']['alias'][$pfb_id]['address'] = rtrim($address, " "); + $config['aliases']['alias'][$pfb_id]['detail'] = rtrim($detail, "||"); + $savemsg = gettext($savemsg1) . gettext($savemsg2) . gettext(" and added Host to the pfBlockerNG Suppress Table."); + $pfb['update'] = TRUE; + } + + if ($pfb['found'] || $pfb['update']) { + // Save all Changes to pfsense config file + write_config(); + } + } + } +} + +// Auto-Resolve Hostnames +if (isset($_REQUEST['getpfhostname'])) { + $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + if ($hostname == $getpfhostname) { + $hostname = 'unknown'; + } + echo $hostname; + die; +} + + +// Host Resolve Function lookup +function getpfbhostname($type = 'src', $hostip, $countme = 0) { + $hostnames['src'] = ''; + $hostnames['dst'] = ''; + $hostnames[$type] = '<div id="gethostname_' . $countme . '" name="' . $hostip . '"></div>'; + return $hostnames; +} + + +// Determine if Alert Host 'Dest' is within the Local Lan IP Range. +function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { + $result = check_subnets_overlap($lan_ip, $lan_mask, $dest_ip, $dest_mask); + return $result; +} + + +$pgtitle = gettext("pfBlockerNG: Alerts"); +include_once("head.inc"); +?> +<body link="#000000" vlink="#0000CC" alink="#000000"> +<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> +<input type="hidden" name="ip" id="ip" value=""/> +<input type="hidden" name="table" id="table" value=""/> +<input type="hidden" name="descr" id="descr" value=""/> +<input type="hidden" name="cidr" id="cidr" value=""/> +<?php + +include_once("fbegin.inc"); + +/* refresh every 60 secs */ +if ($alertrefresh == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url={$_SERVER['PHP_SELF']}\" />\n"; +if ($savemsg) { + print_info_box($savemsg); +} + +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=pfblockerng.xml&id=0"); + $tab_array[] = array(gettext("Update"), false, "/pfblockerng/pfblockerng_update.php"); + $tab_array[] = array(gettext("Alerts"), true, "/pfblockerng/pfblockerng_alerts.php"); + $tab_array[] = array(gettext("Reputation"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0"); + $tab_array[] = array(gettext("IPv4"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml"); + $tab_array[] = array(gettext("IPv6"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml"); + $tab_array[] = array(gettext("Top 20"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0"); + $tab_array[] = array(gettext("Africa"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0"); + $tab_array[] = array(gettext("Asia"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0"); + $tab_array[] = array(gettext("Europe"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0"); + $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); + $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tr> + <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> + <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> + <a href='/firewall_rules.php' target="_blank"><?php echo gettext("Firewall Rules"); ?></a> + <a href='/diag_logs_filter.php' target="_blank"><?php echo gettext("Firewall Logs"); ?></a><br /></td> + </tr> + <tr> + <td width="10%" class="vncell"><?php echo gettext('Alert Settings'); ?></td> + <td width="90%" class="vtable"> + <input name="pfbdenycnt" type="text" class="formfld unknown" id="pdbdenycnt" size="1" title="Enter the number of 'Deny' Alerts to Show" value="<?=htmlspecialchars($pfbdenycnt);?>"/> + <?php printf(gettext('%sDeny%s. ') , '<strong>', '</strong>'); ?> + <input name="pfbpermitcnt" type="text" class="formfld unknown" id="pdbpermitcnt" size="1" title="Enter the number of 'Permit' Alerts to Show" value="<?=htmlspecialchars($pfbpermitcnt);?>"/> + <?php printf(gettext('%sPermit%s. '), '<strong>', '</strong>'); ?> + <input name="pfbmatchcnt" type="text" class="formfld unknown" id="pdbmatchcnt" size="1" title="Enter the number of 'Match' Alerts to Show" value="<?=htmlspecialchars($pfbmatchcnt); ?>"/> + <?php printf(gettext('%sMatch%s.'), '<strong>', '</strong>'); ?> + + <?php echo gettext(' Click to Auto-Refresh');?> <input name="alertrefresh" type="checkbox" value="on" title="Click to enable Auto-Refresh of this Tab once per minute" + <?php if ($config['installedpackages']['pfblockerngglobal']['alertrefresh']=="on") echo "checked"; ?>/> + + <?php echo gettext(' Click to Auto-Resolve');?> <input name="hostlookup" type="checkbox" value="on" title="Click to enable Auto-Resolve of Hostnames. Country Blocks/Permit/Match Lists will not auto-resolve" + <?php if ($config['installedpackages']['pfblockerngglobal']['hostlookup']=="on") echo "checked"; ?>/> + <input name="save" type="submit" class="formbtns" value="Save" title="<?=gettext('Save settings');?>"/><br /> + + <?php printf(gettext('Enter number of log entries to view.')); ?> + <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> + </td> + </tr> +<!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): + switch($type) { + case "Deny": + $rtype = "block"; + $pfbentries = "{$pfbdenycnt}"; + break; + case "Permit": + $rtype = "pass"; + $pfbentries = "{$pfbpermitcnt}"; + break; + case "Match": + if ($pfb['pfsenseversion'] >= '2.2') { + $rtype = "unkn(%u)"; + } else { + $rtype = "unkn(11)"; + } + $pfbentries = "{$pfbmatchcnt}"; + break; + } + +?> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tr> + <!--Print Table Info--> + <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."), "{$pfbentries}"); ?> + <?php if ($pfb['pfsenseversion'] >= '2.2'): ?> + <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> + <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> + <?php endif; ?> + <?php else: ?> + <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> + <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> + <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> + <?php endif; ?> + <?php endif; ?> + </td> + </tr> + +<td width="100%" colspan="2"> +<table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="8%" align="center" axis="date"> + <col width="6%" align="center" axis="string"> + <col width="16%" align="center" axis="string"> + <col width="6%" align="center" axis="string"> + <col width="20%" align="center" axis="string"> + <col width="20%" align="center" axis="string"> + <col width="3%" align="center" axis="string"> + <col width="13%" align="center" axis="string"> + </colgroup> + <thead> + <tr class="sortableHeaderRowIdentifier"> + <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("IF"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Rule"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("CC"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("List"); ?></th> + </tr> + </thead> + <tbody> +<?php + +$pfb['runonce'] = TRUE; +if (isset($pfb['load'])) + $pfb['runonce'] = FALSE; + +// Execute the following once per refresh +if ($pfb['runonce']) { + $pfb['load'] = TRUE; + $fields_array = array(); + + // pfSense versions below 2.2 have the Logfiles in two lines. + if ($pfb['pfsenseversion'] >= '2.2') { + $pfblines = exec("/usr/bin/grep -c ^ {$filter_logfile}"); + } else { + $pfblines = (exec("/usr/bin/grep -c ^ {$filter_logfile}") /2 ); + } + $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); + + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + + $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; + $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; + $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; + + // Array of all Local IPs for Alert Analysis + $pfb_local = array(); + + // Collect Gateway IP Addresses for Inbound/Outbound List matching + $int_gateway = get_interfaces_with_gateway(); + if (is_array($int_gateway)) { + foreach ($int_gateway as $gateway) { + $convert = get_interface_ip($gateway); + $pfb_local[] = $convert; + } + } + + // Collect Virtual IP Aliases for Inbound/Outbound List Matching + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $list) { + $pfb_local[] = $list['subnet']; + } + } + // Collect NAT IP Addresses for Inbound/Outbound List Matching + if (is_array($config['nat']['rule'])) { + foreach ($config['nat']['rule'] as $natent) { + $pfb_local[] = $natent['target']; + } + } + + // Collect 1:1 NAT IP Addresses for Inbound/Outbound List Matching + if(is_array($config['nat']['onetoone'])) { + foreach ($config['nat']['onetoone'] as $onetoone) { + $pfb_local[] = $onetoone['source']['address']; + } + } + + // Convert any 'Firewall Aliases' to IP Address Format + if (is_array($config['aliases']['alias'])) { + for ($cnt = 0; $cnt <= count($pfb_local); $cnt++) { + foreach ($config['aliases']['alias'] as $i=> $alias) { + if (isset($alias['name']) && isset($pfb_local[$cnt])) { + if ($alias['name'] == $pfb_local[$cnt]) { + $pfb_local[$cnt] = $alias['address']; + } + } + } + } + } + // Remove any Duplicate IPs + $pfb_local = array_unique($pfb_local); + + // Determine Lan IP Address and Mask + if (is_array($config['interfaces']['lan'])) { + $lan_ip = $config['interfaces']['lan']['ipaddr']; + $lan_mask = $config['interfaces']['lan']['subnet']; + } +} + +$counter = 0; +// Process Fields_array and generate Output +if (!empty($fields_array)) { + foreach ($fields_array as $fields) { + $rulenum = ""; + $alert_ip = ""; + $supp_ip = ""; + $pfb_query = ""; + + $rulenum = $fields['rulenum']; + if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { + + // Skip Repeated Events + if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { + continue; + } + + $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + + // Cleanup Port Output + if ($fields['proto'] == "ICMP") { + $srcport = $fields['srcport']; + $dstport = $fields['dstport']; + } else { + $srcport = " :" . $fields['srcport']; + $dstport = " :" . $fields['dstport']; + } + + // Don't add Suppress Icon to Country Block Lines + if (in_array(substr($rule_list[$rulenum]['name'], 0, -3), $continents)) { + $pfb_query = "Country"; + } + + // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. + if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + // Destination is Gateway/NAT/VIP + $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; + $host = $fields['srcip']; + + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); + } + + $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); + $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; + $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; + + if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { + $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; + } + + if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { + $hostname = getpfbhostname('src', $fields['srcip'], $counter); + } else { + $hostname = ""; + } + + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; + $scc = $country; + $dcc = ""; + } else { + // Outbound + $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; + $host = $fields['dstip']; + + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); + } + + $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); + $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; + $alert_ip .= "alt=\"Icon Reverse Resolve with DNS\" style=\"cursor: pointer;\"/></a>"; + + if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { + $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; + } + + if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { + $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + } else { + $hostname = ""; + } + + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + $scc = ""; + $dcc = $country; + } + + # IP Query Grep Exclusion + $pfb_ex1 = "grep -v 'pfB\_\|\_v6\.txt'"; + $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; + + // Find List which contains Blocked IP Host + if ($pfb_query == "Country") { + # Skip + } else { + // Search for exact IP Match + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + // Search for IP in /24 CIDR + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + } + // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). + // Skip (Country Lists) or /32,/24 Addresses. + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.', $host); + $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); + for ($cnt = 1; $cnt <= 5; $cnt++) { + $host3 = $host2 - $cnt . '\''; + $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + // Break out of loop if found. + if (!empty($pfb_query)) + $cnt = 6; + } + } + // Search for First Three Octets + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Search for First Two Octets + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); + $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + } + // Report Specific ET IQRisk Details + if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); + $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + if (empty($pfb_query)) { + $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); + $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + } + } + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; + } + + # Split List Column into Two lines. + unset ($pfb_match); + if ($pfb_query == "No Match") { + $pfb_match[1] = "{$pfb_query}"; + $pfb_match[2] = ""; + } else { + preg_match ("/(.*)\s(.*)/", $pfb_query, $pfb_match); + if ($pfb_match[1] == "") { + $pfb_match[1] = "{$pfb_query}"; + $pfb_match[2] = ""; + } + } + + // Print Alternating Line Shading + if ($pfb['pfsenseversion'] > '2.0') { + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; + } else { + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $fields['srcip'] . $fields['srcport']; + $previous_dstip = $fields['dstip'] . $fields['dstport']; + $countrycode = trim($scc . $dcc); + + $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; + echo "<tr class='{$alertRowClass}'> + <td class='listMRr' align='center'>{$fields['time']}</td> + <td class='listMRr' align='center'>{$fields['interface']}</td> + <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> + <td class='listMRr' align='center'>{$proto}</td> + <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center'>{$countrycode}</td> + <td class='listbg' align='center' title='Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; + $counter++; + if ($counter > 0 && $rtype == "block") { + $mycounter = $counter; + } + } + } +} +?> + </tbody> + </table> + </table> +<?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +</td></tr> +</table> + +</div> +</td> + +<script type="text/javascript"> +//<![CDATA[ + +// This function stuffs the passed HOST, Table values into hidden Form Fields for postback. +function hostruleid(host,table) { + document.getElementById("ip").value = host; + document.getElementById("table").value = table; + + var description = prompt("Please enter Suppression Description"); + document.getElementById("descr").value = description; + + if (description.value != "") { + var cidr = prompt("Please enter CIDR [ 32 or 24 CIDR only supported ]","32"); + document.getElementById("cidr").value = cidr; + } +} + +// Auto-Resolve of Alerted Hostnames +function findhostnames(counter) { + getip = jQuery('#gethostname_' + counter).attr('name'); + geturl = "<?php echo $_SERVER['PHP_SELF']; ?>"; + jQuery.get( geturl, { "getpfhostname": getip } ) + .done(function( data ) { + jQuery('#gethostname_' + counter).prop('title' , data ); + var str = data; + if(str.length > 32) str = str.substring(0,29)+"..."; + jQuery('#gethostname_' + counter).html( str ); + } + ) +} + + var lines = <?php echo $mycounter; ?>; + for (i = 0; i < lines; i++) { + findhostnames(i); + } + +//]]> +</script> +<?php include("fend.inc"); ?> +</form> +</body> +</html>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_diag_dns.php b/config/pfblockerng/pfblockerng_diag_dns.php new file mode 100644 index 00000000..b2f07464 --- /dev/null +++ b/config/pfblockerng/pfblockerng_diag_dns.php @@ -0,0 +1,318 @@ +<?php +/* + pfBlockerNG_diag_dns.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Original Code by: + Copyright (C) 2009 Jim Pingle (jpingle@gmail.com) + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array(gettext("pfBlockerNG"),gettext("DNS/Threat Source Lookup")); +require("guiconfig.inc"); + +$host = trim($_REQUEST['host'], " \t\n\r\0\x0B[];\"'"); +$host_esc = escapeshellarg($host); + +if (is_array($config['aliases']['alias'])) { + $a_aliases = &$config['aliases']['alias']; +} else { + $a_aliases = array(); +} +$aliasname = str_replace(array(".","-"), "_", $host); +$alias_exists = false; +$counter=0; +foreach($a_aliases as $a) { + if($a['name'] == $aliasname) { + $alias_exists = true; + $id=$counter; + } + $counter++; +} + +# Collect pfSense Version +$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + +if ($pfs_version > '2.2') { + $cmd = '/usr/bin/drill'; +} else { + $cmd = '/usr/bin/dig'; +} + + +if(isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { + if($_POST['override']) + $override = true; + $resolved = gethostbyname($host); + $type = "hostname"; + if($resolved) { + $resolved = array(); + exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); + $isfirst = true; + foreach($resolved as $re) { + if($re <> "") { + if(!$isfirst) + $addresses .= " "; + $addresses .= rtrim($re) . "/32"; + $isfirst = false; + } + } + $newalias = array(); + if($override) + $alias_exists = false; + if($alias_exists == false) { + $newalias['name'] = $aliasname; + $newalias['type'] = "network"; + $newalias['address'] = $addresses; + $newalias['descr'] = "Created from Diagnostics-> DNS Lookup"; + if($override) + $a_aliases[$id] = $newalias; + else + $a_aliases[] = $newalias; + write_config(); + $createdalias = true; + } + } +} + +if ($_POST) { + unset($input_errors); + + $reqdfields = explode(" ", "host"); + $reqdfieldsn = explode(",", "Host"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (!is_hostname($host) && !is_ipaddr($host)) { + $input_errors[] = gettext("Host must be a valid hostname or IP address."); + } else { + // Test resolution speed of each DNS server. + $dns_speeds = array(); + $dns_servers = array(); + exec("/usr/bin/grep nameserver /etc/resolv.conf | /usr/bin/cut -f2 -d' '", $dns_servers); + foreach ($dns_servers as $dns_server) { + $query_time = exec("{$cmd} {$host_esc} " . escapeshellarg("@" . trim($dns_server)) . " | /usr/bin/grep Query | /usr/bin/cut -d':' -f2"); + if($query_time == "") + $query_time = gettext("No response"); + $new_qt = array(); + $new_qt['dns_server'] = $dns_server; + $new_qt['query_time'] = $query_time; + $dns_speeds[] = $new_qt; + unset($new_qt); + } + } + + $type = "unknown"; + $resolved = ""; + $ipaddr = ""; + $hostname = ""; + if (!$input_errors) { + if (is_ipaddr($host)) { + $type = "ip"; + $resolved = gethostbyaddr($host); + $ipaddr = $host; + if ($host != $resolved) + $hostname = $resolved; + } elseif (is_hostname($host)) { + $type = "hostname"; + $resolved = gethostbyname($host); + if($resolved) { + $resolved = array(); + exec("{$cmd} {$host_esc} A | /usr/bin/grep {$host_esc} | /usr/bin/grep -v ';' | /usr/bin/awk '{ print $5 }'", $resolved); + } + $hostname = $host; + if ($host != $resolved) + $ipaddr = $resolved[0]; + } + + if ($host == $resolved) { + $resolved = gettext("No record found"); + } + } +} + +function display_host_results ($address,$hostname,$dns_speeds) { + $map_lengths = function($element) { return strlen($element[0]); }; + + echo gettext("IP Address") . ": {$address} \n"; + echo gettext("Host Name") . ": {$hostname} \n"; + echo "\n"; + $text_table = array(); + $text_table[] = array(gettext("Server"), gettext("Query Time")); + if (is_array($dns_speeds)) { + foreach ($dns_speeds as $qt) { + $text_table[] = array(trim($qt['dns_server']), trim($qt['query_time'])); + } + } + $col0_padlength = max(array_map($map_lengths, $text_table)) + 4; + foreach ($text_table as $text_row) { + echo str_pad($text_row[0], $col0_padlength) . $text_row[1] . "\n"; + } +} + +include("head.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="/pfblockerng/pfblockerng_diag_dns.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"> <?=gettext("Resolve DNS hostname or IP");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP");?></td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?> + <table> + <tr><td valign="top"> + <input name="host" type="text" class="formfld" id="host" size="20" value="<?=htmlspecialchars($host);?>"> + </td> + <td> + <?php if ($resolved && $type) { ?> + = <font size="+1"> +<?php + $found = 0; + if(is_array($resolved)) { + foreach($resolved as $hostitem) { + if($hostitem <> "") { + echo $hostitem . "<br/>"; + $found++; + } + } + } else { + echo $resolved; + } + if($found > 0) { ?> + <br/><font size='-2'> + <?PHP if($alias_exists) { ?> + An alias already exists for the hostname <?= htmlspecialchars($host) ?>. <br /> + <input type="hidden" name="override" value="true"/> + <input type="submit" name="create_alias" value="Overwrite Alias"/> + <?PHP } else { + if(!$createdalias) { ?> + <input type="submit" name="create_alias" value="Create Alias from These Entries"/> + <?PHP } else { ?> + Alias created with name <?= htmlspecialchars($newalias['name']) ?> + <?PHP } + } + } +?> + <font size="-1"> + + <? } ?> + </td></tr></table> + </td> + </tr> +<?php if($_POST): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Resolution time per server");?></td> + <td width="78%" class="vtable"> + <table width="170" border="1" cellpadding="2" style="border-width: 1px 1px 1px 1px; border-collapse: collapse;"> + <tr> + <td> + <b><?=gettext("Server");?></b> + </td> + <td> + <b><?=gettext("Query time");?></b> + </td> + </tr> +<?php + if(is_array($dns_speeds)) + foreach($dns_speeds as $qt): +?> + <tr> + <td> + <?=$qt['dns_server']?> + </td> + <td> + <?=$qt['query_time']?> + </td> + </tr> +<?php + endforeach; +?> + </table> + </td> + </tr> + <?php endif; ?> + <?php if (!$input_errors && $ipaddr) { ?> + <tr> + + <td width="22%" valign="top" class="vncell"><?=gettext("More Information:");?></td> + <td width="78%" class="vtable"> + <a target="_new" href ="/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3"><?=gettext("Ping");?></a> <br/> + <a target="_new" href ="/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18"><?=gettext("Traceroute");?></a> + <p/> + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> + <a target="_new" href="http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP WHOIS @ DNS Stuff");?></a><br /> + <a target="_new" href="http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Info @ DNS Stuff");?></a> + + <?=gettext("NOTE: The following links are to external services, so their reliability cannot be guaranteed.");?><br/><br/> + <a target="_new" href="http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>"><?=gettext("BOTHunter");?></a><br/> + <a target="_new" href="http://www.ipvoid.com/scan/<?php echo $ipaddr; ?>/"><?=gettext("IPVOID");?></a><br/> + <a target="_new" href="http://www.tcpiputils.com/browse/ip-address/<?php echo $ipaddr; ?>/"><?=gettext("TCPUtils");?></a><br/> + <a target="_new" href="https://www.herdprotect.com/ip-address-<?php echo $ipaddr; ?>.aspx"><?=gettext("Herd Protect");?></a><br/> + <a target="_new" href="https://www.senderbase.org/lookup/ip/?search_string=<?php echo $ipaddr; ?>"><?=gettext("SenderBase");?></a><br/> + <a target="_new" href="http://www.ip-tracker.org/locator/ip-lookup.php?ip=<?php echo $ipaddr; ?>"><?=gettext("IP Tracker");?></a><br/> + + <a target="_new" href="https://www.fortiguard.com/ip_rep/index.php?data=/<?php echo $ipaddr; ?>?"><?=gettext("FortiGuard");?></a><br/> + <a target="_new" href="https://www.projecthoneypot.org/ip_<?php echo $ipaddr; ?>"><?=gettext("Project HoneyPot");?></a><br/> + <a target="_new" href="https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information"><?=gettext("VirusTotal Info");?></a><br/> + <a target="_new" href="https://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=<?php echo $ipaddr; ?>"><?=gettext("McAfee Threat Center");?></a><br/> + <a target="_new" href="http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>"><?=gettext("Securi SiteCheck");?></a><br/> + <a target="_new" href="https://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>"><?=gettext("DShield Threat Lookup");?></a><br/> + <a target="_new" href="https://isc.sans.edu/ipinfo.html?ip=<?php echo $ipaddr; ?>"><?=gettext("Internet Storm Center");?></a><br/> + <a target="_new" href="https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>"><?=gettext("Web of Trust (WOT) Scorecard");?></a><br/> + <a target="_new" href="https://quttera.com/sitescan/<?php echo $ipaddr; ?>"><?=gettext("Quattera");?></a><br/> + <a target="_new" href="https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>"><?=gettext("I-Block List");?></a><br/> + <p/> + <?=gettext("NOTE: Mail Server DNSRBL Lookups");?><br/><br/> + <a target="_new" href="https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go"><?=gettext("SenderScore");?></a><br/> + <a target="_new" href="http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>"><?=gettext("Spamhaus Blocklist");?></a><br/> + <a target="_new" href="http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>"><?=gettext("SPAMcop Blocklist");?></a><br/> + <a target="_new" href="http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html"><?=gettext("multirbl RBL Lookup");?></a><br/> + <a target="_new" href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage"><?=gettext("MXToolbox");?></a><br/> + + </td> + </tr> + <?php } ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <br/> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("DNS Lookup");?>"> + </td> + </tr> + </table> +</td></tr></table> +</form> +<?php include("fend.inc"); ?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_log.php b/config/pfblockerng/pfblockerng_log.php new file mode 100644 index 00000000..39f9eb06 --- /dev/null +++ b/config/pfblockerng/pfblockerng_log.php @@ -0,0 +1,421 @@ +<?php +/* + pfBlockerNG_Log.php + + pfBlockerNG + Copyright (c) 2014 BBcan177@gmail.com + All rights reserved. + + Portions of this code are based on original work done for the + Snort package for pfSense from the following contributors: + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya Sr. Developer + Copyright (C) 2012 Ermal Luci + All rights reserved. + + Adapted for Suricata by: + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Javascript and Integration modifications by J. Nieuwenhuizen + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("globals.inc"); +require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + +pfb_global(); + +# Get log files from directory +function getlogs($logdir, $log_extentions = array('log')) { + if (!is_array($log_extentions)) { + $log_extentions = array($log_extentions); + } + + # Get logfiles + $log_filenames = array(); + foreach ($log_extentions as $extention) { + if ($extention <> '*') { + $log_filenames = array_merge($log_filenames, glob($logdir . "*." . $extention)); + } else { + $log_filenames = array_merge($log_filenames, glob($logdir . "*")); + } + } + + # Convert to filenames only + if (count($log_filenames) > 0) { + $log_totalfiles = count($log_filenames); + for ($cnt = 0; $cnt < $log_totalfiles; $cnt++) { + $log_filenames[$cnt] = basename($log_filenames[$cnt]); + } + } + + # Sort the filename + asort($log_filenames); + + # Done + return $log_filenames; +} + +# Define logtypes +# name => Displayname of the type +# ext => Log extentions (array for multiple extentions) +# logdir=> Log directory +# clear => Add clear button (TRUE/FALSE) +$pfb_logtypes = array( 'defaultlogs' => array('name' => 'Log Files', + 'logdir' => "{$pfb['logdir']}/", + 'logs' => array("pfblockerng.log", "error.log", "geoip.log", "maxmind_ver"), + 'download' => TRUE, + 'clear' => TRUE + ), + 'masterfiles' => array('name' => 'Masterfiles', + 'logdir' => "{$pfb['dbdir']}/", + 'logs' => array("masterfile", "mastercat"), + 'download' => TRUE, + 'clear' => FALSE + ), + 'originallogs' => array('name' => 'Original Files', + 'ext' => array('orig', 'raw'), + 'logdir' => "{$pfb['origdir']}/", + 'download' => TRUE, + 'clear' => TRUE + ), + 'denylogs' => array('name' => 'Deny Files', + 'ext' => 'txt', + 'txt' => 'deny', + 'logdir' => "{$pfb['denydir']}/", + 'download' => TRUE, + 'clear' => TRUE + ), + 'permitlogs' => array('name' => 'Permit Files', + 'ext' => 'txt', + 'txt' => 'permit', + 'logdir' => "{$pfb['permitdir']}/", + 'download' => TRUE, + 'clear' => TRUE + ), + 'matchlogs' => array('name' => 'Match Files', + 'ext' => 'txt', + 'txt' => 'match', + 'logdir' => "{$pfb['matchdir']}/", + 'download' => TRUE, + 'clear' => TRUE + ), + 'nativelogs' => array('name' => 'Native Files', + 'ext' => 'txt', + 'logdir' => "{$pfb['nativedir']}/", + 'download' => TRUE, + 'clear' => TRUE + ), + 'aliaslogs' => array('name' => 'Alias Files', + 'ext' => 'txt', + 'logdir' => "{$pfb['aliasdir']}/", + 'download' => TRUE, + 'clear' => FALSE + ), + 'etiprep' => array('name' => 'ET IPRep Files', + 'ext' => '*', + 'logdir' => "{$pfb['etdir']}/", + 'download' => TRUE, + 'clear' => FALSE + ) + ); + +# Check logtypes +$logtypeid = 'defaultlogs'; +if (isset($_POST['logtype'])) { + $logtypeid = $_POST['logtype']; +} elseif (isset($_GET['logtype'])) { + $logtypeid = htmlspecialchars($_GET['logtype']); +} + +# Check if POST has been set +if (isset($_POST['file'])) { + clearstatcache(); + $pfb_logfilename = $_POST['file']; + $pfb_ext = pathinfo($pfb_logfilename, PATHINFO_EXTENSION); + + # Load log + if ($_POST['action'] == 'load') { + if (!is_file($pfb_logfilename)) { + echo "|3|" . gettext("Log file is empty or does not exist") . ".|"; + } else { + $data = file_get_contents($pfb_logfilename); + if ($data === false) { + echo "|1|" . gettext("Failed to read log file") . ".|"; + } else { + $data = base64_encode($data); + echo "|0|" . $pfb_logfilename . "|" . $data . "|"; + } + } + exit; + } +} + +if (isset($_POST['logFile'])) { + $s_logfile = $_POST['logFile']; + + # Clear selected file + if (isset($_POST['clear'])) { + unlink_if_exists($s_logfile); + } + + # Download log + if (isset($_POST['download'])) { + if (file_exists($s_logfile)) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize($s_logfile)); + header("Content-disposition: attachment; filename = " . basename($s_logfile)); + ob_end_clean(); //important or other post will fail + readfile($s_logfile); + } + } +} else { + $s_logfile = ""; +} + +$pgtitle = gettext("pfBlockerNG: Log Browser"); +include_once("head.inc"); +?> + +<body link="#000000" vlink="#0000CC" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if ($input_errors) { + print_input_errors($input_errors); +} +?> +<script type="text/javascript" src="/javascript/base64.js"></script> +<script type="text/javascript"> +//<![CDATA[ + + function loadFile() { + jQuery("#fileStatus").html("<?=gettext("Loading file"); ?> ..."); + jQuery("#fileStatusBox").show(250); + jQuery("#filePathBox").show(250); + jQuery("#fbTarget").html(""); + + jQuery.ajax( + "<?=$_SERVER['SCRIPT_NAME'];?>", { + type: 'POST', + data: "instance=" + jQuery("#instance").val() + "&action=load&file=" + jQuery("#logFile").val(), + complete: loadComplete + } + ) + } + + function loadComplete(req) { + jQuery("#fileContent").show(250); + var values = req.responseText.split("|"); + values.shift(); values.pop(); + + if(values.shift() == "0") { + var file = values.shift(); + var fileContent = Base64.decode(values.join("|")); + jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>."); + jQuery("#fbTarget").html(file); + jQuery("#fileRefreshBtn").show(); + jQuery("#fileContent").prop("disabled", false); + jQuery("#fileContent").val(fileContent); + } else { + jQuery("#fileStatus").html(values[0]); + jQuery("#fbTarget").html(""); + jQuery("#fileRefreshBtn").hide(); + jQuery("#fileContent").val(""); + jQuery("#fileContent").prop("disabled", true); + } + } +//]]> +</script> + +<?php +echo("<form action='" . $_SERVER['PHP_SELF'] . "' method='post' id='formbrowse'>"); +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=pfblockerng.xml&id=0"); + $tab_array[] = array(gettext("Update"), false, "/pfblockerng/pfblockerng_update.php"); + $tab_array[] = array(gettext("Alerts"), false, "/pfblockerng/pfblockerng_alerts.php"); + $tab_array[] = array(gettext("Reputation"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0"); + $tab_array[] = array(gettext("IPv4"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml"); + $tab_array[] = array(gettext("IPv6"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml"); + $tab_array[] = array(gettext("Top 20"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0"); + $tab_array[] = array(gettext("Africa"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0"); + $tab_array[] = array(gettext("Asia"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0"); + $tab_array[] = array(gettext("Europe"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0"); + $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); + $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Logs"), true, "/pfblockerng/pfblockerng_log.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Log/File Browser Selections"); ?></td> + </tr> + <tr> + <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> + <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> + <a href='/firewall_rules.php' target="_blank"><?php echo gettext("Firewall Rules"); ?></a> + <a href='/diag_logs_filter.php' target="_blank"><?php echo gettext("Firewall Logs"); ?></a><br /></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Log/File type:'); ?></td> + <td width="78%" class="vtable"> + <select name="logtype" id="logtype" class="formselect" onChange="document.getElementById('formbrowse').method='post';document.getElementById('formbrowse').submit()"> + <?php + $clearable = FALSE; + $downloadable = FALSE; + foreach ($pfb_logtypes as $id => $logtype) { + $selected = ""; + if ($id == $logtypeid) { + $selected = " selected"; + $clearable = $logtype['clear']; + $downloadable = $logtype['download']; + } + echo("<option value='" . $id . "'" . $selected . ">" . $logtype['name'] . "</option>\n"); + } + ?> + </select> <?php echo gettext('Choose which type of log/file you want to view.'); ?> + </td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Log/File selection:'); ?></td> + <td width="78%" class="vtable"> + <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> + <?php + if (isset($pfb_logtypes[$logtypeid]['logs'])) { + $logs = $pfb_logtypes[$logtypeid]['logs']; + } else { + $logs = getlogs($pfb_logtypes[$logtypeid]['logdir'], $pfb_logtypes[$logtypeid]['ext']); + } + foreach ($logs as $log) { + $selected = ""; + if ($log == $pfb_logfilename) { + $selected = " selected"; + } + echo("<option value='" . $pfb_logtypes[$logtypeid]['logdir'] . $log . "'" . $selected . ">" . $log . "</option>\n"); + } + ?> + </select> <?php echo gettext('Choose which log/file you want to view.'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Log/File Contents"); ?></td> + </tr> + <tr> + <td colspan="2"> + <table width="100%"> + <tbody> + <tr> + <td width="75%"> + <div style="display:none; " id="fileStatusBox"> + <div class="list" style="padding-left:15px;"> + <strong id="fileStatus"></strong> + </div> + </div> + <div style="padding-left:15px; display:none;" id="filePathBox"> + <strong><?=gettext("Log/File Path"); ?>:</strong> + <div class="list" style="display:inline;" id="fbTarget"></div> + </div> + </td> + <td align="right"> + <div style="padding-right:15px; display:none;" id="fileRefreshBtn"> + <?php + echo("<img src='../tree/page-file.png' onclick='loadFile()' title='" . gettext("Refresh current display") . "' alt='refresh' width='17' height='17' border='0' /> "); + if ($downloadable) { + echo("<input type='image' src='../tree/page-file_play.gif' name='download[]' id='download' value='Download' title='" . gettext("Download current logfile") . "' alt='download' width='17' height='17' border='0' /> "); + } + if ($clearable) { + echo("<input type='image' src='../tree/page-file_x.gif' name='clear[]' id='clear' value='Clear' title='" . gettext("Clear current logfile") . "' alt='clear' width='17' height='17' border='0' />"); + } + ?> + </div> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2"> + <table width="100%"> + <tbody> + <tr> + <td valign="top" class="label"> + <div style="background:#eeeeee;" id="fileOutput"> + <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off" disabled></textarea> + </div> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </div> + </td> + </tr> +</table> +</form> + +<?php if (!isset($_POST['file'])): ?> +<script type="text/javascript"> +//<![CDATA[ + document.getElementById("logFile").selectedIndex=-1; +//]]> +</script> +<?php endif; ?> +<?php include("fend.inc"); ?> +</body> +</html>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_sync.xml b/config/pfblockerng/pfblockerng_sync.xml new file mode 100644 index 00000000..856af2f4 --- /dev/null +++ b/config/pfblockerng/pfblockerng_sync.xml @@ -0,0 +1,242 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + pfBlockerNG_sync.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerngsync</name> + <version>1.0</version> + <title>pfBlockerNG: XMLRPC Sync</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext>Configure pfBlockerNG</tooltiptext> + <section>Services</section> + <url>pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <name>pfBlockerNG XMLRPC Sync Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr>Enable Sync</fielddescr> + <fieldname>varsynconchanges</fieldname> + <description><![CDATA[When enabled, this will sync all configuration settings to the Replication Targets.<br /><br /> + <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C + <br /> but <b>do not</b> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]> + </description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + </options> + </field> + <field> + <fielddescr>XMLRPC Timeout</fielddescr> + <fieldname>varsynctimeout</fieldname> + <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> + <type>input</type> + <default_value>150</default_value> + <size>5</size> + </field> + <field> + <fielddescr><![CDATA[Disable 'General Tab' sync]]></fielddescr> + <fieldname>syncinterfaces</fieldname> + <description>When selected, the 'General' Tab Customizations will not be sync'd</description> + <type>checkbox</type> + </field> + <field> + <name>pfBlockerNG XMLRPC Replication Targets</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Replication Targets</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>varsyncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>varsyncprotocol</fieldname> + <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Target IP Address</fielddescr> + <fieldname>varsyncipaddress</fieldname> + <description><![CDATA[IP Address of the destination host.]]></description> + <type>input</type> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Target Port</fielddescr> + <fieldname>varsyncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Target Username (admin)</fielddescr> + <fieldname>varsyncusername</fieldname> + <description><![CDATA[Enter the Username Account for Authentication]]></description> + <type>input</type> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Target Password</fielddescr> + <fieldname>varsyncpassword</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + write_config("[pfBlockerNG] XMLRPC sync configurations saved."); + pfblockerng_sync_on_changes(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml new file mode 100644 index 00000000..4974c488 --- /dev/null +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -0,0 +1,290 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + pfBlockerNG_Top20.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerngtopspammers</name> + <version>1.0</version> + <title>pfBlockerNG: Top 20 Spammer Countries</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext>Configure pfblockerNG</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name><![CDATA[TOP 20 - Spammer Countries (Geolite Data by Maxmind Inc. - ISO 3166)]]></name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>Top 20 IPv4</strong><br />Spammer Countries]]></fielddescr> + <fieldname>countries4</fieldname> + <description> + <![CDATA[Select Top IPv4 Spammer Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + <option><name>China-CN</name><value>CN</value></option> + <option><name>Russia-RU</name><value>RU</value></option> + <option><name>Japan-JP</name><value>JP</value></option> + <option><name>Ukraine-UA</name><value>UA</value></option> + <option><name>United Kingdom-GB</name><value>GB</value></option> + <option><name>Germany-DE</name><value>DE</value></option> + <option><name>Brazil-BR</name><value>BR</value></option> + <option><name>France-FR</name><value>FR</value></option> + <option><name>India-IN</name><value>IN</value></option> + <option><name>Turkey-TR</name><value>TR</value></option> + <option><name>Italy-IT</name><value>IT</value></option> + <option><name>South Korea-KR</name><value>KR</value></option> + <option><name>Poland-PL</name><value>PL</value></option> + <option><name>Spain-ES</name><value>ES</value></option> + <option><name>Vietnam-VN</name><value>VN</value></option> + <option><name>Argentina-AR</name><value>AR</value></option> + <option><name>Columbia-CO</name><value>CO</value></option> + <option><name>Taiwan-TW</name><value>TW</value></option> + <option><name>Mexico-MX</name><value>MX</value></option> + <option><name>Chilie-CL</name><value>CL</value></option> + </options> + <size>20</size> + <multiple/> + </field> + <field> + <fielddescr><![CDATA[<br /><strong>Top 20 IPv6</strong><br />Spammer Countries]]></fielddescr> + <fieldname>countries6</fieldname> + <description> + <![CDATA[Select Top IPv6 Spammer Countries you want to take an action on.<br /> + <strong>Use CTRL + CLICK to unselect countries</strong>]]> + </description> + <type>select</type> + <options> + <option><name>China-CN</name><value>CN</value></option> + <option><name>Russia-RU</name><value>RU</value></option> + <option><name>Japan-JP</name><value>JP</value></option> + <option><name>Ukraine-UA</name><value>UA</value></option> + <option><name>United Kingdom-GB</name><value>GB</value></option> + <option><name>Germany-DE</name><value>DE</value></option> + <option><name>Brazil-BR</name><value>BR</value></option> + <option><name>France-FR</name><value>FR</value></option> + <option><name>India-IN</name><value>IN</value></option> + <option><name>Turkey-TR</name><value>TR</value></option> + <option><name>Italy-IT</name><value>IT</value></option> + <option><name>South Korea-KR</name><value>KR</value></option> + <option><name>Poland-PL</name><value>PL</value></option> + <option><name>Spain-ES</name><value>ES</value></option> + <option><name>Vietnam-VN</name><value>VN</value></option> + <option><name>Argentina-AR</name><value>AR</value></option> + <option><name>Columbia-CO</name><value>CO</value></option> + <option><name>Taiwan-TW</name><value>TW</value></option> + <option><name>Mexico-MX</name><value>MX</value></option> + <option><name>Chilie-CL</name><value>CL</value></option> + </options> + <size>20</size> + <multiple/> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction. </li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )]]> + </description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]> </name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php new file mode 100644 index 00000000..dc0fab85 --- /dev/null +++ b/config/pfblockerng/pfblockerng_update.php @@ -0,0 +1,425 @@ +<?php + +/* pfBlockerNG_Update.php + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Portions of this code are based on original work done for + pfSense from the following contributors: + + pkg_mgr_install.php + Part of pfSense (https://www.pfsense.org) + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2005 Colin Smith + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("globals.inc"); +require_once("pfsense-utils.inc"); +require_once("functions.inc"); +require_once("util.inc"); +require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); + +pfb_global(); + +// Collect pfBlockerNG log file and post Live output to Terminal window. +function pfbupdate_output($text) { + $text = preg_replace("/\n/", "\\n", $text); + echo "\n<script type=\"text/javascript\">"; + echo "\n//<![CDATA["; + echo "\nthis.document.forms[0].pfb_output.value = \"" . $text . "\";"; + echo "\nthis.document.forms[0].pfb_output.scrollTop = this.document.forms[0].pfb_output.scrollHeight;"; + echo "\n//]]>"; + echo "\n</script>"; + /* ensure that contents are written out */ + ob_flush(); +} + +// Post Status Message to Terminal window. +function pfbupdate_status($status) { + $status = preg_replace("/\n/", "\\n", $status); + echo "\n<script type=\"text/javascript\">"; + echo "\n//<![CDATA["; + echo "\nthis.document.forms[0].pfb_status.value=\"" . $status . "\";"; + echo "\n//]]>"; + echo "\n</script>"; + /* ensure that contents are written out */ + ob_flush(); +} + + +// Function to perform a Force Update, Cron or Reload +function pfb_cron_update($type) { + + global $pfb; + + // Query for any Active pfBlockerNG CRON Jobs + $result_cron = array(); + $cron_event = exec ("/bin/ps -wx", $result_cron); + if (preg_grep("/pfblockerng[.]php\s+cron/", $result_cron) || preg_grep("/pfblockerng[.]php\s+update/", $result_cron)) { + pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task")); + exit; + } + + if (!file_exists("{$pfb['log']}")) + touch("{$pfb['log']}"); + + // Update Status Window with correct Task + if ($type == "update") { + pfbupdate_status(gettext("Running Force Update Task")); + } elseif ($type == "reload") { + pfbupdate_status(gettext("Running Force Reload Task")); + $type = "update"; + } else { + pfbupdate_status(gettext("Running Force CRON Task")); + } + + // Remove any existing pfBlockerNG CRON Jobs + install_cron_job("pfblockerng.php cron", false); + write_config(); + + // Execute PHP Process in the Background + mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1"); + + // Start at EOF + $lastpos_old = ""; + $len = filesize("{$pfb['log']}"); + $lastpos = $len; + + while (true) { + usleep(300000); //0.3s + clearstatcache(false,$pfb['log']); + $len = filesize("{$pfb['log']}"); + if ($len < $lastpos) { + //file deleted or reset + $lastpos = $len; + } else { + $f = fopen($pfb['log'], "rb"); + if ($f === false) + die(); + fseek($f, $lastpos); + + while (!feof($f)) { + + $pfb_buffer = fread($f, 2048); + $pfb_output .= str_replace( "\r", "", $pfb_buffer); + + // Refresh on new lines only. This allows Scrolling. + if ($lastpos != $lastpos_old) + pfbupdate_output($pfb_output); + $lastpos_old = $lastpos; + ob_flush(); + flush(); + } + $lastpos = ftell($f); + fclose($f); + } + // Capture Remaining Output before closing File + if (preg_match("/(UPDATE PROCESS ENDED)/",$pfb_output)) { + $f = fopen($pfb['log'], "rb"); + fseek($f, $lastpos); + $pfb_buffer = fread($f, 2048); + $pfb_output .= str_replace( "\r", "", $pfb_buffer); + pfbupdate_output($pfb_output); + clearstatcache(false,$pfb['log']); + ob_flush(); + flush(); + fclose($f); + # Call Log Mgmt Function + pfb_log_mgmt(); + die(); + } + } +} + + +$pgtitle = gettext("pfBlockerNG: Update"); +include_once("head.inc"); +?> +<body link="#000000" vlink="#0000CC" alink="#000000"> +<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> +<?php include_once("fbegin.inc"); ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=pfblockerng.xml&id=0"); + $tab_array[] = array(gettext("Update"), true, "/pfblockerng/pfblockerng_update.php"); + $tab_array[] = array(gettext("Alerts"), false, "/pfblockerng/pfblockerng_alerts.php"); + $tab_array[] = array(gettext("Reputation"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0"); + $tab_array[] = array(gettext("IPv4"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml"); + $tab_array[] = array(gettext("IPv6"), false, "/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml"); + $tab_array[] = array(gettext("Top 20"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0"); + $tab_array[] = array(gettext("Africa"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0"); + $tab_array[] = array(gettext("Asia"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0"); + $tab_array[] = array(gettext("Europe"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0"); + $tab_array[] = array(gettext("N.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Oceania"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0"); + $tab_array[] = array(gettext("S.A."), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0"); + $tab_array[] = array(gettext("Logs"), false, "/pfblockerng/pfblockerng_log.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + </table> + <div id="mainareapkg"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="2"> + <tr> + <td colspan="2" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> + <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> + <a href='/firewall_rules.php' target="_blank"><?php echo gettext("Firewall Rules"); ?></a> + <a href='/diag_logs_filter.php' target="_blank"><?php echo gettext("Firewall Logs"); ?></a><br /> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("CRON Status"); ?></td> + </tr> + <tr> + <td colspan="2" class="listr"> + <?php + // Collect Existing CRON settings + if (is_array($config['cron']['item'])) { + foreach ($config['cron']['item'] as $cron) { + if (preg_match("/usr.local.www.pfblockerng.pfblockerng.php cron/",$cron["command"])) { + $pfb_min = "{$cron['minute']}"; + break; + } + } + } + // Calculate Minutes Remaining till next CRON Event. + $currentmin = date('i'); + switch ($pfb_min) { + case "0": + $min_remain = (60 - $currentmin); + break; + case "15": + if ($currentmin < 15) { + $min_remain = (15 - $currentmin); + } else { + $min_remain = (75 - $currentmin); + } + break; + case "30": + if ($currentmin < 30) { + $min_remain = (30 - $currentmin); + } else { + $min_remain = (90 - $currentmin); + } + break; + case "45": + if ($currentmin < 45) { + $min_remain = (45 - $currentmin); + } else { + $min_remain = (105 - $currentmin); + } + break; + } + + // Default to "< 1 minute" if empty + if (empty($min_remain)) + $min_remain = "< 1"; + + // Next Scheduled Cron Time + if ($pfb_min == "0") + $pfb_min = "00"; + $nextcron = (date('H') +1) . ":{$pfb_min}"; + + // If pfBlockerNG is Disabled or Cron Task is Missing + if (empty($pfb['enable']) || empty($pfb_min)) { + $min_remain = " -- "; + $nextcron = " [ Disabled ] "; + } + + echo "NEXT Scheduled CRON Event will run at <font size=\"3\"> {$nextcron}</font> in<font size=\"3\"> + <span class=\"red\"> {$min_remain} </span></font> Minutes."; + + // Query for any Active pfBlockerNG CRON Jobs + $result_cron = array(); + $cron_event = exec ("/bin/ps -wax", $result_cron); + if (preg_grep("/pfblockerng[.]php\s+cron/", $result_cron)) { + echo "<font size=\"2\"><span class=\"red\"> + Active pfBlockerNG CRON Job </span></font> "; + echo "<img src = '/themes/{$g['theme']}/images/icons/icon_pass.gif' width='15' height='15' + border='0' title='pfBockerNG Cron Task is Running.'/>"; + } + echo "<br /><font size=\"3\"><span class=\"red\">Refresh</span></font> to update current Status and Minute(s) remaining"; + ?> + </td> + </tr> + <tr> + <td colspan="2" class="vncell"><?php echo gettext("<br />"); ?></td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Update Options"); ?></td> + </tr> + <tr> + <td colspan="2" class="listr"> + <!-- Update Option Text --> + <?php echo "<span class='red'><strong>" . gettext("** AVOID ** ") . " " . "</strong></span>" . + gettext("Running these Options - when CRON is expected to RUN!") . gettext("<br /><br />") . + "<strong>" . gettext("Force Update") . "</strong>" . gettext(" will download any new Alias/Lists.") . + gettext("<br />") . "<strong>" . gettext("Force Cron") . "</strong>" . + gettext(" will download any Alias/Lists that are within the Frequency Setting (due for Update).") . gettext("<br />") . + "<strong>" . gettext("Force Reload") . "</strong>" . + gettext(" will reload all Lists using the existing Downloaded files.") . + gettext(" This is useful when Lists are out of 'sync' or Reputation changes were made.") ;?><br /> + </td> + </tr> + <tr> + <td colspan="2" class="vncell"> + <!-- Update Option Buttons --> + <input type="submit" class="formbtns" name="pfbupdate" id="pfbupdate" value="Force Update" + title="<?=gettext("Run Force Update");?>" /> + <input type="submit" class="formbtns" name="pfbcron" id="pfbcron" value="Force Cron" + title="<?=gettext("Run Force Cron Update");?>" /> + <input type="submit" class="formbtns" name="pfbreload" id="pfbreload" value="Force Reload" + title="<?=gettext("Run Force Reload");?>" /> + </td> + </tr> + <tr> + <td colspan="2" class="vncell"><?php echo gettext("<br />"); ?></td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Live Log Viewer only"); ?></td> + </tr> + <tr> + <td colspan="2" class="listr"><?php echo gettext("Selecting 'Live Log Viewer' will allow viewing a running Cron Update"); ?></td> + </tr> + <tr> + <td colspan="2" class="vncell"> + <!-- Log Viewer Buttons --> + <input type="submit" class="formbtns" name="pfbview" id="pfbview" value="VIEW" + title="<?=gettext("VIEW pfBlockerNG LOG");?>"/> + <input type="submit" class="formbtns" name="pfbviewcancel" id="pfbviewcancel" value="End View" + title="<?=gettext("END VIEW of pfBlockerNG LOG");?>"/> + <?php echo " " . gettext(" Select 'view' to open ") . "<strong>" . gettext(' pfBlockerNG ') . "</strong>" . + gettext(" Log. (Select 'End View' to terminate the viewer.)"); ?><br /><br /> + </td> + </tr> + <tr> + <td class="tabcont" align="left"> + <!-- status box --> + <textarea cols="90" rows="1" name="pfb_status" id="pfb_status" + wrap="hard"><?=gettext("Log Viewer Standby");?></textarea> + </td> + </tr> + <tr> + <td> + <!-- command output box --> + <textarea cols="90" rows="35" name="pfb_output" id="pfb_output" wrap="hard"></textarea> + </td> + </tr> + </table> + </div> + +<?php +include("fend.inc"); + +// Execute the Viewer output Window +if (isset($_POST['pfbview'])) { + + if (!file_exists("{$pfb['log']}")) + touch("{$pfb['log']}"); + + // Reference: http://stackoverflow.com/questions/3218895/php-how-to-read-a-file-live-that-is-constantly-being-written-to + pfbupdate_status(gettext("Log Viewing in progress. ** Press 'END VIEW' to Exit ** ")); + $lastpos_old = ""; + $len = filesize("{$pfb['log']}"); + + // Start at EOF ( - 15000) + if ($len > 15000) { + $lastpos = ($len - 15000); + } else { + $lastpos = 0; + } + + while (true) { + usleep(300000); //0.3s + clearstatcache(false,$pfb['log']); + $len = filesize("{$pfb['log']}"); + if ($len < $lastpos) { + //file deleted or reset + $lastpos = $len; + } else { + $f = fopen($pfb['log'], "rb"); + if ($f === false) + die(); + fseek($f, $lastpos); + + while (!feof($f)) { + + $pfb_buffer = fread($f, 4096); + $pfb_output .= str_replace( "\r", "", $pfb_buffer); + + // Refresh on new lines only. This allows scrolling. + if ($lastpos != $lastpos_old) { + pfbupdate_output($pfb_output); + } + $lastpos_old = $lastpos; + ob_flush(); + flush(); + } + $lastpos = ftell($f); + fclose($f); + } + } +} + +// End the Viewer output Window +if (isset($_POST['pfbviewcancel'])) { + clearstatcache(false,$pfb['log']); + ob_flush(); + flush(); + fclose("{$pfb['log']}"); +} + +// Execute a Force Update +if (isset($_POST['pfbupdate']) && $pfb['enable'] == "on") { + pfb_cron_update(update); +} + +// Execute a CRON Command to update any Lists within the Frequency Settings +if (isset($_POST['pfbcron']) && $pfb['enable'] == "on") { + pfb_cron_update(cron); +} + +// Execute a Reload of all Aliases and Lists +if (isset($_POST['pfbreload']) && $pfb['enable'] == "on") { + $config['installedpackages']['pfblockerng']['config'][0]['pfb_reuse'] = "on"; + write_config(); + pfb_cron_update(reload); +} + +?> +</form> +</body> +</html>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_v4lists.xml b/config/pfblockerng/pfblockerng_v4lists.xml new file mode 100644 index 00000000..ce92f4be --- /dev/null +++ b/config/pfblockerng/pfblockerng_v4lists.xml @@ -0,0 +1,422 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + pfBlockerNG_v4lists.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockernglistsv4</name> + <version>1.0</version> + <title>pfBlockerNG: IPv4 Alias/List Configuration</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext></tooltiptext> + <section>Firewall</section> + <configfile>pfblockerng_v4lists.xml</configfile> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + <tooltiptext></tooltiptext> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + <active/> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Alias Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + <columnitem> + <fielddescr>Logging</fielddescr> + <fieldname>aliaslog</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name><![CDATA[IPv4 Network ranges / CIDR lists + (When Removing or Re-configuring Lists a 'Reload' is recommended.)]]></name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br /> + Example: Badguys<br /> + Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br /> + <strong>International, special or space characters will be ignored in firewall alias names. + </strong><br />]]> + </description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <fieldname>InfoLists</fieldname> + <type>info</type> + <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br /> + <strong><u>'URL'</u></strong> : Add direct link to list: + Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br /><br /> + <strong><u>'pfSense Local File'</u></strong> Format :<br /><br /> + http(s)://127.0.0.1/NAME_OF_FILE <strong>or</strong> + /usr/local/www/NAME_OF_FILE (Files can also be placed in the /var/db/pfblockerng folders)<br /><br /> + + <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will + name the List File and it will be referenced in the pfBlockerNG Widget. + Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]> + </description> + </field> + <field> + <fielddescr><![CDATA[<strong>IPv4</strong> Lists]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<br /><strong>'Format'</strong> - Select the file format that URL will retrieve.<br /> + + <ul><li><strong>'txt'</strong> Plain txt Lists</li><br /> + <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br /> + <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br /> + <li><strong>'gz_lg'</strong> - Large IBlock GZ Lists in Range Format only.</li><br /> + <li><strong>'zip'</strong> - ZIP'd Lists</li><br /> + <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br /> + <li><strong>'html'</strong> - Web Links</li><br /> + <li><strong>'xlsx'</strong> - Excel Lists</li><br /> + <li><strong>'rsync'</strong> - RSync Lists</li><br /> + <li><strong>'ET' IQRisk</strong> - Only</li></ul> + <strong>'State'</strong> - Select the Run State for each list.<br /> + <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br /> + <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul> + <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below: + <ul>Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> + IP Address: <strong>172.16.1.10</strong><br /> + CIDR: <strong>172.16.1.0/24</strong></ul>]]> + </description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Format</fielddescr> + <fieldname>format</fieldname> + <type>select</type> + <options> + <option><name>txt</name><value>txt</value></option> + <option><name>gz</name><value>gz</value></option> + <option><name>gz_2</name><value>gz_2</value></option> + <option><name>gz_lg</name><value>gz_lg</value></option> + <option><name>zip</name><value>zip</value></option> + <option><name>block</name><value>block</value></option> + <option><name>html</name><value>html</value></option> + <option><name>xlsx</name><value>xlsx</value></option> + <option><name>RSync</name><value>rsync</value></option> + <option><name>ET</name><value>et</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>State</fielddescr> + <fieldname>state</fieldname> + <type>select</type> + <options> + <option><name>ON</name><value>Enabled</value></option> + <option><name>OFF</name><value>Disabled</value></option> + <option><name>HOLD</name><value>Hold</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>URL or pfSense local file</fielddescr> + <fieldname>url</fieldname> + <type>input</type> + <size>50</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Header</fielddescr> + <fieldname>header</fieldname> + <type>input</type> + <size>15</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction.</li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + <option><name>Alias Native</name><value>Alias_Native</value></option> + </options> + </field> + <field> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br /> + Select how often List files will be downloaded]]> + </description> + <type>select</type> + <options> + <option><name>Never</name><value>Never</value></option> + <option><name>Every Hour</name><value>01hour</value></option> + <option><name>Every 2 Hours</name><value>02hours</value></option> + <option><name>Every 3 Hours</name><value>03hours</value></option> + <option><name>Every 4 Hours</name><value>04hours</value></option> + <option><name>Every 6 Hours</name><value>06hours</value></option> + <option><name>Every 8 Hours</name><value>08hours</value></option> + <option><name>Every 12 Hours</name><value>12hours</value></option> + <option><name>Once a day</name><value>EveryDay</value></option> + <option><name>Weekly</name><value>Weekly</value></option> + </options> + </field> + <field> + <fielddescr>Weekly (Day of Week)</fielddescr> + <fieldname>dow</fieldname> + <description><![CDATA[Default:<strong>1</strong><br /> + Select the 'Weekly' ( Day of the Week ) to Update <br /> + This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]> + </description> + <type>select</type> + <options> + <option><name>Monday</name><value>1</value></option> + <option><name>Tuesday</name><value>2</value></option> + <option><name>Wednesday</name><value>3</value></option> + <option><name>Thursday</name><value>4</value></option> + <option><name>Friday</name><value>5</value></option> + <option><name>Saturday</name><value>6</value></option> + <option><name>Sunday</name><value>7</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )<br /> + This can be overriden by the 'Global Logging' Option in the General Tab.]]> + </description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name>IPv4 Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>IPv4 Custom Address(es)</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br /> + Follow the syntax below:<br /><br /> + Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br /> + IP Address: <strong>172.16.1.10</strong><br /> + CIDR: <strong>172.16.1.0/24</strong><br /><br /> + You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. ie: x.x.x.x # Safe IP Address]]> + </description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Update Custom List</fielddescr> + <fieldname>custom_update</fieldname> + <description><![CDATA[Default:<strong>Disable</strong><br /> + select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]> + </description> + <type>select</type> + <options> + <option><name>Disable</name><value>disabled</value></option> + <option><name>Enable</name><value>enabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_v6lists.xml b/config/pfblockerng/pfblockerng_v6lists.xml new file mode 100644 index 00000000..6f507057 --- /dev/null +++ b/config/pfblockerng/pfblockerng_v6lists.xml @@ -0,0 +1,417 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + pfBlockerNG_v6lists.xml + + pfBlockerNG + Copyright (C) 2014 BBcan177@gmail.com + All rights reserved. + + Based upon pfblocker for pfSense + Copyright (C) 2011 Marcello Coutinho + + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockernglistsv6</name> + <version>1.0</version> + <title>pfBlockerNG: IPv6 Alias/List Configuration</title> + <include_file>/usr/local/pkg/pfblockerng/pfblockerng.inc</include_file> + <menu> + <name>pfBlockerNG</name> + <tooltiptext></tooltiptext> + <section>Firewall</section> + <configfile>pfblockerng_v6lists.xml</configfile> + </menu> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblockerng.xml&id=0</url> + <tooltiptext></tooltiptext> + </tab> + <tab> + <text>Update</text> + <url>/pfblockerng/pfblockerng_update.php</url> + </tab> + <tab> + <text>Alerts</text> + <url>/pfblockerng/pfblockerng_alerts.php</url> + </tab> + <tab> + <text>Reputation</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_reputation.xml&id=0</url> + </tab> + <tab> + <text>IPv4</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v4lists.xml&id=0</url> + </tab> + <tab> + <text>IPv6</text> + <url>/pkg.php?xml=/pfblockerng/pfblockerng_v6lists.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Top 20</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_top20.xml&id=0</url> + </tab> + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Africa.xml&id=0</url> + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Asia.xml&id=0</url> + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Europe.xml&id=0</url> + </tab> + <tab> + <text>N.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_Oceania.xml&id=0</url> + </tab> + <tab> + <text>S.A.</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Logs</text> + <url>/pfblockerng/pfblockerng_log.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=/pfblockerng/pfblockerng_sync.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Alias Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + <columnitem> + <fielddescr>Logging</fielddescr> + <fieldname>aliaslog</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>IPv6 Network ranges / CIDR lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LINKS</fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> + </description> + <type>info</type> + </field> + <field> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br /> + Example: Badguys<br /> + Do not include <strong>'pfBlocker' or 'pfB_'</strong> in the Alias Name, it's done by package.<br /> + <strong>International, special or space characters will be ignored in firewall alias names. + </strong><br />]]> + </description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <fieldname>InfoLists</fieldname> + <type>info</type> + <description><![CDATA[<strong><u>'Format'</u></strong> : Select the Format Type<br /><br /> + <strong><u>'URL'</u></strong> : Add direct link to list: + Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a><br /><br /> + <strong><u>'pfSense Local File'</u></strong> Format :<br /><br /> + http(s)://127.0.0.1/NAME_OF_FILE <strong>or</strong> + /usr/local/www/NAME_OF_FILE (Files can also be placed in the /var/db/pfblockerng folders)<br /><br /> + + <strong><u>'Header'</u></strong> : The <u>'Header' Field</u> must be <u>Unique</u>, it will + name the List File and it will be referenced in the pfBlockerNG Widget. + Use a Unique Prefix per 'Alias Category' followed by a unique descriptor for each List.<br /><br />]]> + </description> + </field> + <field> + <fielddescr><![CDATA[<strong>IPv6</strong> Lists]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[<br /><strong>'Format'</strong> - Choose the file format that URL will retrieve.<br /> + + <ul><li><strong>'txt'</strong> Plain txt Lists</li><br /> + <li><strong>'gz'</strong> - IBlock GZ Lists in Range Format only.</li><br /> + <li><strong>'gz_2'</strong> - Other GZ Lists in IP or CIDR only.</li><br /> + <li><strong>'zip'</strong> - ZIP'd Lists</li><br /> + <li><strong>'block'</strong>- IP x.x.x.0 Block type</li><br /> + <li><strong>'html'</strong> - Web Links</li><br /> + <li><strong>'xlsx'</strong> - Excel Lists</li><br /> + <li><strong>'rsync'</strong> - RSync Lists</li><br /> + <strong>'State'</strong> - Select the Run State for each list.<br /> + <ul><li><strong>'ON/OFF'</strong> - Enabled / Disabled</li><br /> + <li><strong>'HOLD'</strong> - Once a List has been Downloaded, list will remain Static.</li></ul> + <strong>'Note' -</strong> Downloaded or pfsense local file must have only one network per line and follows the syntax below: + <ul>Network ranges: <strong> TBC </strong><br /> + IP Address: <strong> TBC </strong><br /> + CIDR: <strong> TBC </strong></ul>]]> + </description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Format</fielddescr> + <fieldname>format</fieldname> + <type>select</type> + <options> + <option><name>txt</name><value>txt</value></option> + <option><name>gz</name><value>gz</value></option> + <option><name>gz_2</name><value>gz_2</value></option> + <option><name>zip</name><value>zip</value></option> + <option><name>block</name><value>block</value></option> + <option><name>html</name><value>html</value></option> + <option><name>xlsx</name><value>xlsx</value></option> + <option><name>RSync</name><value>rsync</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>State</fielddescr> + <fieldname>state</fieldname> + <type>select</type> + <options> + <option><name>ON</name><value>Enabled</value></option> + <option><name>OFF</name><value>Disabled</value></option> + <option><name>HOLD</name><value>Hold</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>URL or pfSense local file</fielddescr> + <fieldname>url</fieldname> + <type>input</type> + <size>50</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Header</fielddescr> + <fieldname>header</fieldname> + <type>input</type> + <size>15</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[<br />Default : <strong>Disabled</strong><br /><br /> + Select the <strong>Action</strong> for Firewall Rules on lists you have selected.<br /><br /> + <strong><u>'Disabled' Rules:</u></strong> Disables selection and does nothing to selected Alias.<br /><br /> + + <strong><u>'Deny' Rules:</u></strong><br /> + 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other + interfaces. Typical uses of 'Deny' rules are:<br /> + <ul><li><strong>Deny Both</strong> - blocks all traffic in both directions, if the source or destination IP is in the block list</li> + <li><strong>Deny Inbound/Deny Outbound</strong> - blocks all traffic in one direction <u>unless</u> it is part of a session started by + traffic sent in the other direction. Does not affect traffic in the other direction.</li> + <li>One way 'Deny' rules can be used to selectively block <u>unsolicited</u> incoming (new session) packets in one direction, while + still allowing <u>deliberate</u> outgoing sessions to be created in the other direction.</li></ul> + <strong><u>'Permit' Rules:</u></strong><br /> + 'Permit' rules create high priority 'pass' rules on the stated interfaces. They are the opposite of Deny rules, and don't create + any 'blocking' effect anywhere. They have priority over all Deny rules. Typical uses of 'Permit' rules are:<br /> + <ul><li><strong>To ensure</strong> that traffic to/from the listed IPs will <u>always</u> be allowed in the stated directions. They + override <u>almost all other</u> Firewall rules on the stated interfaces.</li> + <li><strong>To act as a whitelist</strong> for Deny rule exceptions, for example if a large IP range or pre-created blocklist blocks a + few IPs that should be accessible.</li></ul> + <strong><u>'Match' Rules:</u></strong><br /> + 'Match' or 'Log' only the traffic on the stated interfaces. This does not Block or Reject. It just Logs the traffic. + <ul><li><strong>Match Both</strong> - Matches all traffic in both directions, if the source or destination IP is in the list.</li> + <li><strong>Match Inbound/Match Outbound</strong> - Matches all traffic in one direction only.</li></ul> + <strong><u>'Alias' Rules:</u></strong><br /> + <strong>'Alias'</strong> rules create an <a href="/firewall_aliases.php">alias</a> for the list (and do nothing else). + This enables a pfBlockerNG list to be used by name, in any firewall rule or pfSense function, as desired. + <ul><li><strong>Options - Alias Deny, Alias Permit, Alias Match, Alias Native</strong></li><br /> + <li>'Alias Deny' can use De-Duplication and Reputation Processes if configured.</li><br /> + <li>'Alias Permit' and 'Alias Match' will be saved in the Same folder as the other Permit/Match Auto-Rules</li><br /> + <li>'Alias Native' lists are kept in their Native format without any modifications.</li></ul> + <strong>When using 'Alias' rules, change (pfB_) to ( pfb_ ) in the beginning of rule description and Use the 'Exact' spelling of + the Alias (no trailing Whitespace) </strong> Custom 'Alias' rules with 'pfB_ xxx' description will be removed by package if + using Auto Rule Creation.<br /><br /><strong>Tip</strong>: You can create the Auto Rules and remove "<u>auto rule</u>" from the Rule + Descriptions, then disable Auto Rules. This method will 'KEEP' these rules from being 'Deleted' which will allow editing for a Custom + Alias Configuration<br />]]> + </description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Disabled</name><value>Disabled</value></option> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Permit Both</name><value>Permit_Both</value></option> + <option><name>Match Inbound</name><value>Match_Inbound</value></option> + <option><name>Match Outbound</name><value>Match_Outbound</value></option> + <option><name>Match Both</name><value>Match_Both</value></option> + <option><name>Alias Deny</name><value>Alias_Deny</value></option> + <option><name>Alias Permit</name><value>Alias_Permit</value></option> + <option><name>Alias Match</name><value>Alias_Match</value></option> + <option><name>Alias Native</name><value>Alias_Native</value></option> + </options> + </field> + <field> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br /> + Select how often List files will be downloaded]]> + </description> + <type>select</type> + <options> + <option><name>Never</name><value>Never</value></option> + <option><name>Every Hour</name><value>01hour</value></option> + <option><name>Every 2 Hours</name><value>02hours</value></option> + <option><name>Every 3 Hours</name><value>03hours</value></option> + <option><name>Every 4 Hours</name><value>04hours</value></option> + <option><name>Every 6 Hours</name><value>06hours</value></option> + <option><name>Every 8 Hours</name><value>08hours</value></option> + <option><name>Every 12 Hours</name><value>12hours</value></option> + <option><name>Once a day</name><value>EveryDay</value></option> + <option><name>Weekly</name><value>Weekly</value></option> + </options> + </field> + <field> + <fielddescr>Weekly (Day of Week)</fielddescr> + <fieldname>dow</fieldname> + <description><![CDATA[Default:<strong>1</strong><br /> + Select the 'Weekly' ( Day of the Week ) to Update <br /> + This is only required for the 'Weekly' Frequency Selection. The 24 Hour Download 'Time' will be used.]]> + </description> + <type>select</type> + <options> + <option><name>Monday</name><value>1</value></option> + <option><name>Tuesday</name><value>2</value></option> + <option><name>Wednesday</name><value>3</value></option> + <option><name>Thursday</name><value>4</value></option> + <option><name>Friday</name><value>5</value></option> + <option><name>Saturday</name><value>6</value></option> + <option><name>Sunday</name><value>7</value></option> + </options> + </field> + <field> + <fielddescr>Enable Logging</fielddescr> + <fieldname>aliaslog</fieldname> + <description><![CDATA[Default:<strong>Enable</strong><br /> + Select - Logging to Status: System Logs: FIREWALL ( Log )<br /> + This can be overriden by the 'Global Logging' Option in the General Tab.]]> + </description> + <type>select</type> + <options> + <option><name>Enable</name><value>enabled</value></option> + <option><name>Disable</name><value>disabled</value></option> + </options> + </field> + <field> + <name>IPv6 Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>IPv6 Custom Address(es)</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Please limit the size of the Custom List as this is stored as 'Base64' format in the config.xml file.<br /> + Follow the syntax below:<br /><br /> + Network ranges: <strong> TBC </strong><br /> + IP Address: <strong> TBC </strong><br /> + CIDR: <strong> TBC </strong><br /><br /> + You may use "<strong>#</strong>" after any IP/CIDR/Range to add comments. # Safe IP Address]]> + </description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Update Custom List</fielddescr> + <fieldname>custom_update</fieldname> + <description><![CDATA[Default:<strong>Disable</strong><br /> + Select - Enable Update if changes are made to this List. Cron will also resync this list at the next Scheduled Update.]]> + </description> + <type>select</type> + <options> + <option><name>Disable</name><value>disabled</value></option> + <option><name>Enable</name><value>enabled</value></option> + </options> + </field> + <field> + <name><![CDATA[<ul>Click to SAVE Settings and/or Rule Edits. Changes are Applied via CRON or + 'Force Update'</ul>]]></name> + <type>listtopic</type> + </field> + </fields> + <custom_php_install_command> + pfblockerng_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblockerng_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblockerng_validate_input($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + global $pfb; + $pfb['save'] = TRUE; + sync_package_pfblockerng(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/pfblockerng/widget-pfblockerng.inc b/config/pfblockerng/widget-pfblockerng.inc new file mode 100644 index 00000000..1b3c7c2b --- /dev/null +++ b/config/pfblockerng/widget-pfblockerng.inc @@ -0,0 +1,7 @@ +<?php + +//set variables for custom title and link +$pfblockerng_title = "pfBlockerNG"; +$pfblockerng_title_link = "pfblockerng/pfblockerng_alerts.php"; + +?>
\ No newline at end of file diff --git a/config/pfflowd.xml b/config/pfflowd.xml index f8552189..2470e2b2 100644 --- a/config/pfflowd.xml +++ b/config/pfflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>pfflowd</name> - <version>0.8</version> + <version>0.8.3 pkg v1.0.1</version> <title>pfflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> <menu> @@ -109,7 +109,7 @@ config_unlock(); } - function validate_form_pfflowd($post, $input_errors) { + function validate_form_pfflowd($post, &$input_errors) { if(($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if(($post['port'] == "") || !is_port($post['port'])) @@ -135,7 +135,7 @@ sync_package_pfflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_pfflowd($_POST, &$input_errors); + validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_pfflowd(); diff --git a/config/postfix/adexport.pl b/config/postfix/adexport.pl index 185848f1..25a8a267 100755 --- a/config/postfix/adexport.pl +++ b/config/postfix/adexport.pl @@ -1,9 +1,9 @@ -#!/usr/bin/perl -w +#!/usr/local/bin/perl -w ############################################################################## # # Script to export a list of all email addresses from Active Directory # Brian Landers <brian@packetslave.com> -# +# # This code is in the public domain. Your use of this code is at your own # risk, and no warranty is implied. The author accepts no liability for any # damages or risks incurred by its use. @@ -42,7 +42,7 @@ use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); -#our ($cn,$passwd,$base); +#our ($cn,$passwd,$base); #($cn,$passwd,$base)=@_ARGV; #print "$cn \n $passwd \n $base"; #exit; @@ -74,10 +74,10 @@ foreach( @servers ) { # 1000 records by default. We have to use paging to get the full list. my $page = Net::LDAP::Control::Paged->new( size => 100 ); - + # Try to bind (login) to the server now that we're connected -my $msg = $ldap->bind( dn => $bind, - password => $passwd +my $msg = $ldap->bind( dn => $bind, + password => $passwd ); # If we can't bind, we can't continue @@ -122,7 +122,7 @@ if( $cookie ) { } # Finally, unbind from the server -$ldap->unbind; +$ldap->unbind; # ------------------------------------------------------------------------ # Callback function that gets called for each record we get from the server @@ -131,16 +131,16 @@ $ldap->unbind; # sub handle_object { - + my $msg = shift; # Net::LDAP::Message object my $data = shift; # May be Net::LDAP::Entry or Net::LDAP::Reference - + # Only process if we actually got data return unless $data; - + return handle_entry( $msg, $data ) if $data->isa("Net::LDAP::Entry"); return handle_reference( $msg, $data ) if $data->isa("Net::LDAP::Reference"); - + # If we get here, it was something we're not prepared to handle, # so just return silently. @@ -153,35 +153,35 @@ sub handle_object { # ones we haven't seen before. sub handle_entry { - + my $msg = shift; my $data = shift; - + # Extract the email addressess, selecting only the SMTP ones, and # filter them so that we only get unique addresses - my @mails = grep { /^smtp:/i && !$gSeen{$_}++ } + my @mails = grep { /^smtp:/i && !$gSeen{$_}++ } $data->get_value( "proxyAddresses" ); - - # If we found any, strip off the SMTP: identifier and print them out + + # If we found any, strip off the SMTP: identifier and print them out if( @mails ) { print map { s/^smtp:(.+)$/\L$1\n/i; $_ } @mails; } } # ------------------------------------------------------------------------ -# Handler for a Net::LDAP::Reference object. This is a 'redirect' to +# Handler for a Net::LDAP::Reference object. This is a 'redirect' to # another portion of the directory. We simply extract the references # from the object and resubmit them to the handle_object function for # processing. sub handle_reference { - + my $msg = shift; my $data = shift; - + foreach my $obj( $data->references() ) { - + # Oooh, recursion! Might be a reference to another reference, after all return handle_object( $msg, $obj ); } diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 50979f38..eb5499aa 100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -3,7 +3,7 @@ postfix.inc part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. @@ -35,19 +35,19 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) +$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -else - define('POSTFIX_LOCALBASE','/usr/local'); - +} else { + define('POSTFIX_LOCALBASE','/usr/local'); +} $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); function px_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); + return preg_replace('/\r\n/', "\n",base64_decode($text)); } function px_get_real_interface_address($iface) { @@ -85,8 +85,8 @@ function sync_relay_recipients($via_cron="cron"){ if (!file_exists($ldap_recipients)) system('/usr/bin/touch '. $ldap_recipients); $relay_ldap_recipients=file_get_contents($ldap_recipients); - } - else{ + } + else{ #running via crontab, time to get ldap content. $ldap_temp=array(); foreach ($postfix_recipients_config['row'] as $postfix_ldap) { @@ -121,7 +121,7 @@ function sync_relay_recipients($via_cron="cron"){ print "Total ldap recipients:".count($ldap_all)."\tunique:".count($ldap_unique)."\n"; foreach($ldap_unique as $recipient) $relay_ldap_recipients.=($recipient != ""?preg_replace("/\s+/","",$recipient)." OK\n":""); - + #save ldap relay recipients file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX); } @@ -137,11 +137,11 @@ function sync_relay_recipients($via_cron="cron"){ } if($relay_recipients !="" || $relay_ldap_recipients!="") return("relay_recipient_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients\n"); - + } function check_cron(){ global $config, $g; - #check crontab + #check crontab $new_cron=array(); $cron_cmd_sqlite = ""; $cron_postfix_sqlite=""; @@ -207,7 +207,7 @@ function check_cron(){ } } } - + #check crontab relay recipients $cron_found=""; if (is_array($config['cron']['item'])){ @@ -224,7 +224,7 @@ function check_cron(){ } } } - #check sqlite update queue + #check sqlite update queue else if(!preg_match("/.usr.local.www.postfix.php/",$cron["command"])){ #keep all non postfix cron cmds if not empty if ($cron["command"] != "") @@ -235,7 +235,7 @@ function check_cron(){ # Check if crontab must be changed to valid recipients cmd if ($postfix_recipients_config['enable_ldap'] || $postfix_recipients_config['enable_url']){ if ($cron_found!=$cron_postfix){ - #update postfix cron schedule + #update postfix cron schedule if (! is_array($cron_found) && $postfix_enabled=="on") $new_cron['item'][]=$cron_postfix; $write_cron=1; @@ -255,7 +255,7 @@ function check_cron(){ } } - #call cron functions + #call cron functions if ($write_cron==1){ $config['cron']=$new_cron; write_config('Postfix - sync remote sqlite database',$backup = false); @@ -271,17 +271,17 @@ function check_cron(){ else $new_crontab .= $line; } - if ($old_cron==1) + if ($old_cron==1) file_put_contents("/etc/crontab",$new_crontab, LOCK_EX); - + #print "<pre>". var_dump($new_cron). var_dump($cron_postfix_sqlite).var_dump($config['cron']); #exit; - - + + } function sync_package_postfix($via_rpc="no") { global $config; - + log_error("sync_package_postfix called with via_rpc={$via_rpc}"); # detect boot process if (is_array($_POST)){ @@ -290,10 +290,10 @@ function sync_package_postfix($via_rpc="no") { else $boot_process="on"; } - + if(is_process_running("master") && isset($boot_process) && $via_rpc=="no") return; - + #check patch in /etc/inc/config. $relay_domains = ""; $transport = ""; @@ -346,10 +346,10 @@ function sync_package_postfix($via_rpc="no") { } file_put_contents($sys_log_file,$new_sys_log, LOCK_EX); #mwexec('/usr/local/bin/php -q /usr/local/www/postfix_syslog.php'); - #restart syslog daemon + #restart syslog daemon system_syslogd_start(); } - + #check_debug if($postfix_config['debug_list'] && $postfix_config['debug_list']!=""){ $check_debug ="\n#Debugging postfix\n"; @@ -358,7 +358,7 @@ function sync_package_postfix($via_rpc="no") { } #check relay recipients $all_relay_recipients=sync_relay_recipients('gui'); - + $copyright=<<<ABOUT #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck @@ -416,14 +416,14 @@ EOF; $cal_cidr = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']); else #formatar o arquivo retirando os 'oks' - $cal_cidr_tmp = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']); + $cal_cidr_tmp = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']); $cal_cidr = preg_replace('/ ok/i'," permit",$cal_cidr_tmp); } #Client PCRE if ($config['installedpackages']['postfixacl']['config'][0]['cal_pcre']){ $cal_pcre = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_pcre']); } - $postfix_main .= px_text_area_decode($postfix_config['maincf'])."\n". + $postfix_main .= px_text_area_decode($postfix_config['maincf'])."\n". "relay_domains ={$relay_domains}\n" . "transport_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/transport\n" . "local_recipient_maps =\n" . @@ -434,7 +434,7 @@ EOF; "default_process_limit = {$process_limit}\n"; #assign antispam options $antispam=$config['installedpackages']['postfixantispam']['config'][0]; - + if($antispam['antispam_enabled']){ switch ($antispam['antispam_software']){ case "mailscanner": @@ -452,16 +452,16 @@ smtpd_client_restrictions = check_policy_service {$antispam['antispam_location'] smtpd_restriction_classes = has_our_domain_as_sender client_throttle -smtpd_end_of_data_restrictions = check_policy_service {$antispam['antispam_location']} +smtpd_end_of_data_restrictions = check_policy_service {$antispam['antispam_location']} EOF; } else{ - $postfix_main_antispam = "Policyd v2 has no location set.\n\n"; + $postfix_main_antispam = "Policyd v2 has no location set.\n\n"; } break; - } + } } if ($antispam['reject_unknown_helo_hostname']){ $reject_unknown_helo_hostname = <<<EOF @@ -470,7 +470,7 @@ smtpd_helo_restrictions = check_helo_access pcre:{$pf_dir}/etc/postfix/helo_chec reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit - + EOF; } if ($antispam['header_check'] == "strong") @@ -492,7 +492,7 @@ smtpd_sender_restrictions = reject_non_fqdn_sender, reject_multi_recipient_bounce, permit -# Allow connections from specified local clients and strong check everybody else. +# Allow connections from specified local clients and strong check everybody else. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, @@ -500,7 +500,7 @@ smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, - permit + permit smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, @@ -522,13 +522,13 @@ else $postfix_main .= <<<EOF #Just reject after helo,sender,client,recipient tests smtpd_delay_reject = yes - + # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes {$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_unknown_sender_domain, - RBLRBLRBL + RBLRBLRBL # Allow connections from specified local clients and rbl check everybody else if rbl check are set. smtpd_client_restrictions = permit_mynetworks, @@ -540,7 +540,7 @@ smtpd_client_restrictions = permit_mynetworks, # Whitelisting: local clients may specify any destination domain. #, -smtpd_recipient_restrictions = permit_mynetworks, +smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, @@ -571,16 +571,16 @@ switch ($antispam['zombie_blocker']) case "ignore": $postscreen=1; break; - + case "disabled": $postscreen=0; break; } if ($antispam['soft_bounce'] == "enabled") { - $postfix_main.="soft_bounce = yes\n"; + $postfix_main.="soft_bounce = yes\n"; } - + //check ips to listen on $inet_protocols=($postfix_config['inet_protocol'] ? $postfix_config['inet_protocol'] : "ipv4"); $inet_interfaces =array(); @@ -633,7 +633,7 @@ switch ($antispam['zombie_blocker']) if(preg_match("/postscreen_greet_check/",$antispam['after_greeting'])){ $postfix_main.="postscreen_greet_action = ".$antispam['zombie_blocker']."\n"; } - + $postfix_main.="postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:".POSTFIX_LOCALBASE."/etc/postfix/cal_cidr\n"; $postfix_main.="postscreen_dnsbl_action= ".$antispam['zombie_blocker']."\n"; $postfix_main.="postscreen_blacklist_action= ".$antispam['zombie_blocker']."\n"; @@ -674,7 +674,7 @@ MASTEREOF; $rbl2.= $prefix."reject_rbl_client $rbl,\n"; } } - + #interface loop /*$postfix_inets=""; $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'loopback'); @@ -688,16 +688,16 @@ MASTEREOF; } */ $postfix_master ="25 inet n - n - - smtpd\n"; - + } $rbl2.=($rbl2 !=""?"\t\t\t\tpermit\n":"permit\n"); $postfix_main=preg_replace("/RBLRBLRBL/",$rbl2,$postfix_main); - + #Header Maps $anvil_config=$config['installedpackages']['postfixantispam']['config'][0]['anvil']; if ($anvil_config =='enabled' || ($anvil_config =='postscreen' && $postscreen==1)) $anvil='anvil unix - - n - 1 anvil'; - + $postfix_master .= <<<MASTEREOF2 pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup @@ -725,9 +725,15 @@ scache unix - - n - 1 scache {$anvil} MASTEREOF2; - + conf_mount_rw(); + //check postfix etc dir on 2.2 + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $postfix_etc_lnk="/usr/local/etc/postfix"; + if ($pfs_version == 2.2 && !is_dir($postfix_etc_lnk)) + @symlink(POSTFIX_LOCALBASE.'/etc/postfix',$postfix_etc_lnk); + log_error("Writing out configuration"); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/main.cf", $postfix_main, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/master.cf", $postfix_master, LOCK_EX); @@ -745,13 +751,13 @@ MASTEREOF2; { mwexec(POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/".$file); } - + #check postix dirs $dirs=array("/var/spool/postfix","/etc/mail","/var/db/postfix","/var/mail/postfix"); foreach ($dirs as $dir) if (!is_dir($dir) && !file_exists($dir)) mkdir($dir, 0755,TRUE); - + #check postfix owners $dirs=array("/var/db/postfix","/var/mail/postfix"); foreach ($dirs as $dir){ @@ -762,27 +768,27 @@ MASTEREOF2; touch("/etc/mail/aliases"); exec("/usr/local/bin/newaliases"); postfix_start(); - + #Do not sync during boot if(!isset($boot_process) || $via_rpc=="yes") postfix_sync_on_changes(); - + } function postfix_start(){ global $config; $pf_dir=POSTFIX_LOCALBASE; $start=<<<EOF - + sysctl kern.ipc.nmbclusters=65536 sysctl kern.ipc.somaxconn=16384 sysctl kern.maxfiles=131072 sysctl kern.maxfilesperproc=104856 sysctl kern.threads.max_threads_per_proc=4096 {$pf_dir}/sbin/postfix start - + EOF; $stop = POSTFIX_LOCALBASE."/sbin/postfix stop\n"; - log_error("Writing rc_file"); + log_error("Writing rc_file"); write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop)); sleep(1); @@ -797,7 +803,7 @@ EOF; mwexec("/usr/local/etc/rc.d/postfix.sh stop"); system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh'); } - + conf_mount_ro(); } @@ -806,11 +812,11 @@ function postfix_validate_input($post, &$input_errors) { if (empty($value)) continue; if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value)) - $input_errors[] = "Wrong greet time sintax."; + $input_errors[] = "Wrong greet time sintax."; if($key == "message_size_limit" && !is_numeric($value)) $input_errors[] = "Message size limit must be numeric."; if($key == "process_limit" && !is_numeric($value)) - $input_errors[] = "Process limit must be numeric."; + $input_errors[] = "Process limit must be numeric."; if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; if (substr($key, 0, 2) == "dc" && !is_hostname($value)) @@ -845,7 +851,7 @@ function postfix_php_deinstall_command() { /* Uses XMLRPC to synchronize the changes to a remote node */ function postfix_sync_on_changes() { - global $config, $g; + global $config, $g; if (is_array($config['installedpackages']['postfixsync']['config'])){ $postfix_sync=$config['installedpackages']['postfixsync']['config'][0]; $synctimeout = $postfix_sync['synctimeout']; @@ -877,7 +883,7 @@ function postfix_sync_on_changes() { log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config."); return; } - break; + break; default: return; break; @@ -905,13 +911,13 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync if(!$username) $username="admin"; - + if(!$password) return; if(!$sync_to_ip) return; - + if(!$synctimeout) $synctimeout=120; @@ -923,9 +929,9 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; } $synchronizetoip .= $sync_to_ip; @@ -948,7 +954,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync XML_RPC_encode($password), XML_RPC_encode($xml) ); - + /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning Postfix XMLRPC sync to {$url}:{$port}."); @@ -973,18 +979,18 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync } else { log_error("Postfix XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; $execcmd .= "sync_package_postfix('yes');"; - + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("postfix XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index 774c7573..4cf85033 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -2,7 +2,7 @@ /* postfix.php part of pfSense (https://www.pfsense.org/) - Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -42,13 +42,13 @@ function get_remote_log(){ $curr_time = time(); $log_time=date('YmdHis',$curr_time); #get protocol - if($config['system']['webgui']['protocol'] != "") + if($config['system']['webgui']['protocol'] != "") $synchronizetoip = $config['system']['webgui']['protocol']. "://"; #get port $port = $config['system']['webgui']['port']; - #if port is empty lets rely on the protocol selection + #if port is empty lets rely on the protocol selection if($port == "") - $port =($config['system']['webgui']['protocol'] == "http"?"80":"443"); + $port =($config['system']['webgui']['protocol'] == "http"?"80":"443"); $synchronizetoip .= $sync_to_ip; if (is_array($config['installedpackages']['postfixsync'])) foreach($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh){ @@ -59,7 +59,7 @@ function get_remote_log(){ #get remote data if ($sync_type=='fetch'){ $url= $synchronizetoip . $sync_to_ip; - print "$sync_to_ip $url, $port\n"; + print "$sync_to_ip $url, $port\n"; $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; $execcmd .= '$toreturn=get_sql('.$log_time.');'; @@ -93,7 +93,7 @@ function get_remote_log(){ die ("Cannot execute query. $error\n".$update['sql']."\n"); } else{ - if ($debug=true) + if ($debug=true) print "ok\n"; } sqlite_close($dbhandle); @@ -114,12 +114,12 @@ function get_remote_log(){ $resp = $cli->send($msg, "250"); } } - } + } } function get_sql($log_time){ global $config,$xmlrpc_g; $server=$_SERVER['REMOTE_ADDR']; - + if (is_array($config['installedpackages']['postfixsync'])) foreach($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh){ $sync_to_ip = $sh['ipaddress']; @@ -141,7 +141,7 @@ function flush_sql($log_time){ function grep_log(){ global $postfix_dir,$postfix_arg,$config,$g; - + $total_lines=0; $days=array(); $grep="\(MailScanner\|postfix.cleanup\|postfix.smtp\|postfix.error\|postfix.qmgr\)"; @@ -203,7 +203,7 @@ function grep_log(){ #Nov 16 00:00:14 srvch011 postfix/smtp[7363]: 7AEB91F797D: to=<alessandra.bueno@mg.test.com>, relay=mail.mg.test.com[172.25.3.5]:25, delay=39, delays=35/1.1/0.04/2.7, dsn=5.7.1, status=bounced (host mail.mg.test.com[172.25.3.5] said: 550 5.7.1 Unable to relay for alessandra.bueno@mg.test.com (in reply to RCPT TO command)) else if(preg_match("/(\w+\s+\d+\s+[0-9,:]+) (\w+) postfix.\w+\W\d+\W+(\w+): to=\<(.*)\>, relay=(.*), delay=([0-9,.]+), .* dsn=([0-9,.]+), status=(\w+) (.*)/",$line,$email)){ $stm_queue[$day].= "insert or ignore into mail_status (info) values ('".$email[8]."');\n"; - $stm_queue[$day].= "insert or ignore into mail_to (from_id,too,status,status_info,relay,delay,dsn) values ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($email[4])."',(select id from mail_status where info='".$email[8]."'),'".preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[9])."','".$email[5]."','".$email[6]."','".$email[7]."');\n"; + $stm_queue[$day].= "insert or ignore into mail_to (from_id,too,status,status_info,relay,delay,dsn) values ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($email[4])."',(select id from mail_status where info='".$email[8]."'),'".preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[9])."','".$email[5]."','".$email[6]."','".$email[7]."');\n"; $stm_queue[$day].= "update or ignore mail_to set status=(select id from mail_status where info='".$email[8]."'), status_info='".preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[9])."', dsn='".$email[7]."', delay='".$email[6]."', relay='".$email[5]."', too='".strtolower($email[4])."' where from_id in (select id from mail_from where sid='".$email[3]."' and server='".$email[2]."');\n"; } #Nov 13 01:48:44 srvch011 postfix/cleanup[16914]: D995B1F570B: message-id=<61.40.11745.10E3FBE4@ofertas6> @@ -223,7 +223,7 @@ function grep_log(){ $stm_queue[$day].= "insert or ignore into mail_status (info) values ('".$email[8]."');\n"; $stm_queue[$day].= "update mail_to set status=(select id from mail_status where info='reject'), status_info='queue file size limit exceeded' where from_id in (select id from mail_from where sid='".$email[3]."' and server='".$email[2]."');\n"; } - + #Nov 9 02:14:57 srvch011 postfix/cleanup[6856]: 617A51F5AC5: warning: header Subject: Mapeamento de Processos from lxalpha.12b.com.br[66.109.29.225]; from=<apache@lxalpha.12b.com.br> to=<ritiele.faria@mail.test.com> proto=ESMTP helo=<lxalpha.12b.com.br> #Nov 8 09:31:50 srvch011 postfix/cleanup[11471]: 19C281F59C8: reject: header From: "Giuliana Flores - Parceiro do Grupo Virtual" <publicidade@parceiro-grupovirtual.com.br> from pm03-974.auinmeio.com.br[177.70.232.225]; from=<publicidade@parceiro-grupovirtual.com.br> to=<jorge.lustosa@mail.test.com> proto=ESMTP helo=<pm03-974.auinmeio.com.br>: 5.7.1 [SN007] #Nov 13 00:03:24 srvch011 postfix/cleanup[4192]: 8A5B31F52D2: reject: body http://platform.roastcrack.info/mj0ie6p-48qtiyq from move2.igloojack.info[173.239.63.16]; from=<ljmd6u8lrxke4@move2.igloojack.info> to=<edileva@aasdf..br> proto=SMTP helo=<move2.igloojack.info>: 5.7.1 [BD040] @@ -271,9 +271,9 @@ function grep_log(){ $status['status_info']=$email[4]; $status['from']=$email[5]; $status['to']=$email[6]; - $status['helo']=$email[7]; + $status['helo']=$email[7]; $values="'".$status['date']."','".$status['status']."','".$status['status_info']."','".strtolower($status['from'])."','".strtolower($status['to'])."','".$status['helo']."','".$status['server']."'"; - $stm_noqueue[$day].='insert or ignore into mail_noqueue(date,status,status_info,fromm,too,helo,server) values ('.$values.');'."\n"; + $stm_noqueue[$day].='insert or ignore into mail_noqueue(date,status,status_info,fromm,too,helo,server) values ('.$values.');'."\n"; } if ($total_lines%1500 == 0){ #save log in database @@ -295,7 +295,7 @@ function grep_log(){ $stm_queue[$d]="BEGIN;\n"; } } - + $config=parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); //print count($config['installedpackages']); #start db replication if configured @@ -310,7 +310,7 @@ function grep_log(){ postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); print "ok\n"; } - + } function write_db($stm,$table,$days){ @@ -341,7 +341,7 @@ function write_db($stm,$table,$days){ if ($debug=true) print " writing to local db $day..."; $dbhandle = sqlite_open($postfix_dir.$day.".db", 0666, $error); - if (!$dbhandle) die ($error); + if (!$dbhandle) die ($error); #file_put_contents("/tmp/".$key.'-'.$update['day'].".sql",gzuncompress(base64_decode($update['sql'])), LOCK_EX); $ok = sqlite_exec($dbhandle, $stm[$day]."COMMIT;", $error); if (!$ok){ @@ -356,13 +356,13 @@ function write_db($stm,$table,$days){ } #write update sql files if (count ($do_sync) > 0 ){ - + foreach($do_sync as $ip) file_put_contents('/var/db/postfix/'.$ip.'.sql',${$ip},LOCK_EX); conf_mount_ro(); } #write local file - + } function create_db($postfix_db){ @@ -513,14 +513,14 @@ switch ($argv[1]){ '12:','13:','14:','15:','16:','17:','18:','19:','20:','21:','22:','23:'), 'time' => '-03 day'); break; - + default: die ("invalid parameters\n"); } # get remote log from remote server get_remote_log(); # get local log from logfile -grep_log(); +grep_log(); } #http client call @@ -540,7 +540,7 @@ if ($_REQUEST['files']!= ""){ $stm_fetch=array(); $total_result=0; foreach ($files as $postfix_db) - if (file_exists($postfix_dir.'/'.$postfix_db)){ + if (file_exists($postfix_dir.'/'.$postfix_db)){ $dbhandle = sqlite_open($postfix_dir.'/'.$postfix_db, 0666, $error); if ($_REQUEST['from']!= ""){ $next=($last_next==" and "?" and ":" where "); @@ -595,7 +595,7 @@ if ($_REQUEST['files']!= ""){ else $stm .=$next."server = '".$_REQUEST['server']."'"; } - + if ($_REQUEST['status']!= ""){ $next=($last_next==" and "?" and ":" where "); $last_next=" and "; @@ -604,7 +604,7 @@ if ($_REQUEST['files']!= ""){ #print "<pre>".$stm; #$stm = "select * from mail_to,mail_status where mail_to.status=mail_status.id"; $result = sqlite_query($dbhandle, $stm." order by date desc $limit_prefix $limit "); - #$result = sqlite_query($dbhandle, $stm." $limit_prefix $limit "); + #$result = sqlite_query($dbhandle, $stm." $limit_prefix $limit "); if (preg_match("/\d+/",$_REQUEST['limit'])){ for ($i = 1; $i <= $limit; $i++) { $row = sqlite_fetch_array($result, SQLITE_ASSOC); @@ -744,8 +744,8 @@ if ($_REQUEST['files']!= ""){ print '<tr>'; print '<td ><strong>Total:</strong></td>'; print '<td ><strong>'.$total_result.'</strong></td>'; - print '</tr>'; + print '</tr>'; print '</table>'; - } + } } ?>
\ No newline at end of file diff --git a/config/postfix/postfix.widget.php b/config/postfix/postfix.widget.php index b7fc7af9..e61274b9 100755 --- a/config/postfix/postfix.widget.php +++ b/config/postfix/postfix.widget.php @@ -1,6 +1,7 @@ -<?php +<?php /* - Copyright 2011 Marcello Coutinho + postfix.widget.php + Copyright 2011-2014 Marcello Coutinho Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without @@ -31,7 +32,7 @@ $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); - + function open_table(){ echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; echo" <tr>"; @@ -39,7 +40,7 @@ function open_table(){ function close_table(){ echo" </tr>"; echo"</table>"; - + } $pfb_table=array(); @@ -49,20 +50,20 @@ $img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up #var_dump($pfb_table); #exit; -?><div id='postfix'><?php +?><div id='postfix'><?php global $config; $size=$config['installedpackages']['postfix']['config'][0]['widget_size']; if (preg_match('/\d+/',$config['installedpackages']['postfix']['config'][0]['widget_days'])) - $days=$config['installedpackages']['postfix']['config'][0]['widget_days'] * -1; + $days=$config['installedpackages']['postfix']['config'][0]['widget_days'] * -1; else $days=-3; if (preg_match('/\d+/',$config['installedpackages']['postfix']['config'][0]['widget_size'])) - $size=$config['installedpackages']['postfix']['config'][0]['widget_size']; + $size=$config['installedpackages']['postfix']['config'][0]['widget_size']; else $size='100000000';#100mb - + $postfix_dir="/var/db/postfix/"; $curr_time = time(); for ($z = 0; $z > $days; $z--){ @@ -71,7 +72,7 @@ if ($z==0) $postfix_db=date("Y-m-d"); else $postfix_db=date("Y-m-d",strtotime("$z day",$curr_time)); - + if (file_exists($postfix_dir.'/'.$postfix_db.".db")){ #noqueue open_table(); @@ -83,7 +84,7 @@ if (file_exists($postfix_dir.'/'.$postfix_db.".db")){ $stm="select count(*) as total from mail_noqueue"; $result = sqlite_query($dbhandle, $stm); $row_noqueue = sqlite_fetch_array($result, SQLITE_ASSOC); - + #queue $result = sqlite_query($dbhandle, $stm); $stm="select mail_status.info as status,count(*) as total from mail_to,mail_status where mail_to.status=mail_status.id group by status order by mail_status.info"; @@ -96,7 +97,7 @@ if (file_exists($postfix_dir.'/'.$postfix_db.".db")){ if (preg_match("/\w+/",$row['status'])){ $reader.="<td class=\"listlr\"width=50%><strong>".ucfirst($row['status'])."</strong></td>\n"; if ($row['status']=="reject") - $row['total']=+$row_noqueue['total']; + $row['total']=+$row_noqueue['total']; $count.="<td class=\"listlr\">".$row['total']."</td>\n"; } } @@ -111,7 +112,7 @@ if (file_exists($postfix_dir.'/'.$postfix_db.".db")){ } close_table(); echo "<br>"; - + } } echo" </tr>"; diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index 59e58f41..8e70fd7a 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -10,7 +10,7 @@ postfix.xml part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ @@ -354,7 +354,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_about.php b/config/postfix/postfix_about.php index 87d0cf69..397c8e06 100755 --- a/config/postfix/postfix_about.php +++ b/config/postfix/postfix_about.php @@ -2,7 +2,7 @@ /* postfix_about.php part of pfSense (https://www.pfsense.org/) - Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -48,7 +48,7 @@ include("head.inc"); <?php if ($savemsg) print_info_box($savemsg); ?> <!-- <form action="postfix_view_config.php" method="post"> --> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -68,7 +68,7 @@ include("head.inc"); ?> </td></tr> <tr> - + <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> @@ -86,11 +86,11 @@ include("head.inc"); If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> </tr> </table> - + </div> </td> </tr> - + </table> <br> diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index d704c189..8df5255e 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -9,7 +9,7 @@ /* postfix.xml part of the Postfix package for pfSense - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -221,7 +221,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml index 94f52f35..9d55e47e 100644 --- a/config/postfix/postfix_antispam.xml +++ b/config/postfix/postfix_antispam.xml @@ -7,9 +7,9 @@ /* $Id$ */ /* ========================================================================== */ /* - postfix.xml + postfix_antispam.xml part of the Postfix package for pfSense - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ @@ -279,7 +279,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_domains.xml b/config/postfix/postfix_domains.xml index 23d80e12..ea19297d 100644 --- a/config/postfix/postfix_domains.xml +++ b/config/postfix/postfix_domains.xml @@ -7,10 +7,10 @@ /* $Id$ */ /* ========================================================================== */ /* - postfix.xml + postfix_domains.xml part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ @@ -137,7 +137,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index ba760259..a737340e 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -2,7 +2,7 @@ /* postfix_view_config.php part of pfSense (https://www.pfsense.org/) - Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -34,12 +34,11 @@ $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) +if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -else - define('POSTFIX_LOCALBASE','/usr/local'); - +} else { + define('POSTFIX_LOCALBASE','/usr/local'); +} function get_cmd(){ if ($_REQUEST['cmd'] =='mailq'){ #exec("/usr/local/bin/mailq" . escapeshellarg('^'.$m.$j." ".$hour.".*".$grep)." /var/log/maillog", $lists); @@ -67,13 +66,13 @@ function get_cmd(){ elseif (preg_match("/\s+(\w+.*)/",$line,$matches) && $sid !=""){ print $td.$matches[1].'</td></tr>'; $sid=""; - } + } } print '</table>'; } if ($_REQUEST['cmd'] =='qshape'){ if ($_REQUEST['qshape']!="") - exec(POSTFIX_LOCALBASE."/bin/qshape -".preg_replace("/\W/","",$_REQUEST['type'])." ". preg_replace("/\W/","",$_REQUEST['qshape']), $qshape); + exec(POSTFIX_LOCALBASE."/bin/qshape -".preg_replace("/\W/","",$_REQUEST['type'])." ". preg_replace("/\W/","",$_REQUEST['qshape']), $qshape); else exec(POSTFIX_LOCALBASE."/bin/qshape", $qshape); print '<table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0">'; @@ -107,22 +106,22 @@ else{ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) $one_two = true; - + $pgtitle = "Status: Postfix Mail Queue"; include("head.inc"); - + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - + <?php if($one_two): ?> <p class="pgtitle"><?=$pgtitle?></font></p> <?php endif; ?> - + <?php if ($savemsg) print_info_box($savemsg); ?> - + <form action="postfix_view_config.php" method="post"> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -167,7 +166,7 @@ else{ <option value="1" selected>Never</option> </select><br><?=gettext("Select how often queue cmd will run.");?></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("qshape Report flags: ");?></td> <td width="78%" class="vtable"> <select name="drop3" id="qshape" multiple="multiple" size="5"> @@ -178,7 +177,7 @@ else{ <option value="maildrop">maildrop</option> </select><br><?=gettext("Select how often queue will be queried.");?></td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("qshape Report type: ");?></td> <td width="78%" class="vtable"> <select name="drop3" id="qtype"> @@ -201,7 +200,7 @@ else{ <tr> <td class="tabcont" > <div id="file_div"></div> - + </td> </tr> </table> @@ -223,7 +222,7 @@ else{ } return(selectedArray); } - + function get_queue(loop) { //prevent multiple instances if ($('run').value=="show queue" || loop== 'running'){ @@ -255,7 +254,7 @@ else{ } } </script> - <?php + <?php include("fend.inc"); } ?> diff --git a/config/postfix/postfix_recipients.xml b/config/postfix/postfix_recipients.xml index 2b07bae8..946bd79f 100644 --- a/config/postfix/postfix_recipients.xml +++ b/config/postfix/postfix_recipients.xml @@ -9,7 +9,7 @@ /* postfix_recipients.xml part of the Postfix package for pfSense - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -192,7 +192,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php index c29d8cf2..5e146269 100755 --- a/config/postfix/postfix_search.php +++ b/config/postfix/postfix_search.php @@ -2,7 +2,7 @@ /* postfix_search.php part of pfSense (https://www.pfsense.org/) - Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -52,7 +52,7 @@ include("head.inc"); <?php if ($savemsg) print_info_box($savemsg); ?> <!-- <form action="postfix_view_config.php" method="post"> --> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -72,7 +72,7 @@ include("head.inc"); ?> </td></tr> <tr> - + <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> @@ -151,7 +151,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Sqlite files: ");?></td> <td width="78%" class="vtable"> - + <?php if ($handle = opendir('/var/db/postfix')) { $total_files=0; $array_files=array(); @@ -159,14 +159,14 @@ include("head.inc"); if (preg_match("/(\d+-\d+-\d+).db$/",$file,$matches)) $array_files[]=array($file,$matches[1]); closedir($handle); - asort($array_files); + asort($array_files); foreach ($array_files as $file) $select_output= '<option value="'.$file[0].'">'.$file[1]."</option>\n" . $select_output; - + echo '<select name="drop1" id="Select1" size="'.(count($array_files)>10?10:count($array_files)+2).'" multiple="multiple">'; echo $select_output; echo '</select><br>'.gettext("Select what database files you want to use in your search.").'</td></td>'; - }?> + }?> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Message Fields: ");?></td> @@ -188,17 +188,17 @@ include("head.inc"); <option value="helo">Helo</option> </select><br><?=gettext("Max log messages to fetch per Sqlite file.");?></td> </tr> - + <tr> <td width="22%" valign="top"></td> <td width="78%"><input name="Submit" type="submit" class="formbtn" id="search" value="<?=gettext("Search");?>" onclick="getsearch_results('search')"> <input name="Submit" type="submit" class="formbtn" id="export" value="<?=gettext("Export");?>" onclick="getsearch_results('export')"></td> </table> - + </div> </td> </tr> - + </table> <br> diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml index 88617fbf..727305ff 100644 --- a/config/postfix/postfix_sync.xml +++ b/config/postfix/postfix_sync.xml @@ -9,7 +9,7 @@ /* postfix_sync.xml part of the Postfix package for pfSense - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -193,7 +193,7 @@ postfix_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - postfix_validate_input($_POST, &$input_errors); + postfix_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index 24bfd575..a844ce65 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -2,7 +2,7 @@ /* postfix_view_config.php part of pfSense (https://www.pfsense.org/) - Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. @@ -29,12 +29,12 @@ */ $shortcut_section = "postfix"; require("guiconfig.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) +if (is_dir('/usr/pbi/postfix-' . php_uname("m"))) { define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); -else - define('POSTFIX_LOCALBASE','/usr/local'); - +} else { + define('POSTFIX_LOCALBASE','/usr/local'); +} + function get_file($file){ $files['main']=POSTFIX_LOCALBASE."/etc/postfix/main.cf"; $files['master']=POSTFIX_LOCALBASE."/etc/postfix/master.cf"; @@ -59,22 +59,22 @@ else{ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if ($pf_version < 2.0) $one_two = true; - + $pgtitle = "Services: Postfix View Configuration"; include("head.inc"); - + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - + <?php if($one_two): ?> <p class="pgtitle"><?=$pgtitle?></font></p> <?php endif; ?> - + <?php if ($savemsg) print_info_box($savemsg); ?> - + <form action="postfix_view_config.php" method="post"> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -117,7 +117,7 @@ else{ <tr> <td class="tabcont" > <div id="file_div"></div> - + </td> </tr> </table> @@ -153,8 +153,8 @@ else{ scroll(0,0); } </script> - <?php - include("fend.inc"); + <?php + include("fend.inc"); } ?> </body> diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 782baf0f..17c13246 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -74,20 +74,20 @@ function quagga_ospfd_install_conf() { $quagga_config_base = PKG_QUAGGA_CONFIG_BASE; $noaccept = ""; + + // generate ospfd.conf based on the assistant + if(is_array($config['installedpackages']['quaggaospfd']['config'])) + $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; + else { + log_error("Quagga OSPFd: No config data found."); + return; + } - if ($config['installedpackages']['quaggaospfd']['rawconfig'] && $config['installedpackages']['quaggaospfd']['rawconfig']['item']) { + if (isset($config['installedpackages']['quaggaospfdraw']['config'][0]['ospfd']) + && !empty($config['installedpackages']['quaggaospfdraw']['config'][0]['ospfd'])) { // if there is a raw config specifyed in tthe config.xml use that instead of the assisted config - $conffile = implode("\n",$config['installedpackages']['quaggaospfd']['rawconfig']['item']); - //$conffile = $config['installedpackages']['quaggaospfd']['rawconfig']; + $conffile = str_replace("\r","",base64_decode($config['installedpackages']['quaggaospfdraw']['config'][0]['ospfd'])); } else { - // generate ospfd.conf based on the assistant - if($config['installedpackages']['quaggaospfd']['config']) - $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; - else { - log_error("Quagga OSPFd: No config data found."); - return; - } - $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; if($ospfd_conf['password']) @@ -100,7 +100,7 @@ function quagga_ospfd_install_conf() { $passive_interfaces = array(); $interface_networks = array(); - if ($config['installedpackages']['quaggaospfdinterfaces']['config']) { + if (is_array($config['installedpackages']['quaggaospfdinterfaces']['config'])) { foreach ($config['installedpackages']['quaggaospfdinterfaces']['config'] as $conf) { $realif = get_real_interface($conf['interface']); $conffile .= "interface {$realif}\n" ; @@ -242,17 +242,23 @@ function quagga_ospfd_install_conf() { fclose($fd); /* Make zebra config */ - $zebraconffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) - $zebraconffile .= "password {$ospfd_conf['password']}\n"; - if ($ospfd_conf['logging']) - $zebraconffile .= "log syslog\n"; - if (!empty($noaccept)) { - $zebraconffile .= $noaccept; - $zebraconffile .= "ip prefix-list ACCEPTFILTER permit any\n"; - $zebraconffile .= "route-map ACCEPTFILTER permit 10\n"; - $zebraconffile .= "match ip address prefix-list ACCEPTFILTER\n"; - $zebraconffile .= "ip protocol ospf route-map ACCEPTFILTER\n"; + if (isset($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra']) + && !empty($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra'])) { + // if there is a raw config specifyed in tthe config.xml use that instead of the assisted config + $zebraconffile = str_replace("\r","",base64_decode($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra'])); + } else { + $zebraconffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; + if($ospfd_conf['password']) + $zebraconffile .= "password {$ospfd_conf['password']}\n"; + if ($ospfd_conf['logging']) + $zebraconffile .= "log syslog\n"; + if (!empty($noaccept)) { + $zebraconffile .= $noaccept; + $zebraconffile .= "ip prefix-list ACCEPTFILTER permit any\n"; + $zebraconffile .= "route-map ACCEPTFILTER permit 10\n"; + $zebraconffile .= "match ip address prefix-list ACCEPTFILTER\n"; + $zebraconffile .= "ip protocol ospf route-map ACCEPTFILTER\n"; + } } $fd = fopen("{$quagga_config_base}/zebra.conf", "w"); fwrite($fd, $zebraconffile); @@ -375,23 +381,6 @@ function quagga_ospfd_validate_input() { $input_errors[] = "Please select an interface to use for Quagga OSPFd."; } -// get the raw ospfd confi file for manual inspection/editing -function quagga_ospfd_get_raw_config() { - return file_get_contents(PKG_QUAGGA_CONFIG_BASE . "/ospfd.conf"); -} - -// serialize the raw ospfd confi file to config.xml -function quagga_ospfd_put_raw_config($conffile) { - global $config; - if ($conffile == "") - unset($config['installedpackages']['quaggaospfd']['rawconfig']); - else { - $config['installedpackages']['quaggaospfd']['rawconfig'] = array(); - $config['installedpackages']['quaggaospfd']['rawconfig']['item'] = explode("\n",$_POST['quagga_ospfd_raw']); - $config['installedpackages']['quaggaospfd']['rawconfig'] = $conffile; - } -} - function quagga_get_carp_status_by_ip($ipaddr) { $iface = trim(find_carp_interface($ipaddr)); if ($iface) { diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index 76a396fa..8edfcc3f 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -15,6 +15,11 @@ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd_interfaces.xml</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd_raw.xml</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>644</chmod> <item>https://packages.pfsense.org/packages/config/quagga_ospfd/status_ospfd.php</item> @@ -42,6 +47,10 @@ <url>pkg.php?xml=quagga_ospfd_interfaces.xml</url> </tab> <tab> + <text>Raw Config</text> + <url>pkg_edit.php?xml=quagga_ospfd_raw.xml&id=0</url> + </tab> + <tab> <text>Status</text> <url>/status_ospfd.php</url> </tab> @@ -199,4 +208,4 @@ <custom_php_validation_command> quagga_ospfd_validate_input(); </custom_php_validation_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/quagga_ospfd/quagga_ospfd_interfaces.xml b/config/quagga_ospfd/quagga_ospfd_interfaces.xml index 09635597..f9953112 100644 --- a/config/quagga_ospfd/quagga_ospfd_interfaces.xml +++ b/config/quagga_ospfd/quagga_ospfd_interfaces.xml @@ -27,6 +27,10 @@ <active/> </tab> <tab> + <text>Raw Config</text> + <url>pkg_edit.php?xml=quagga_ospfd_raw.xml&id=0</url> + </tab> + <tab> <text>Status</text> <url>/status_ospfd.php</url> </tab> diff --git a/config/quagga_ospfd/quagga_ospfd_raw.xml b/config/quagga_ospfd/quagga_ospfd_raw.xml new file mode 100644 index 00000000..b34558de --- /dev/null +++ b/config/quagga_ospfd/quagga_ospfd_raw.xml @@ -0,0 +1,71 @@ +<packagegui> + <name>quagga_ospfd_raw</name> + <version>0.1</version> + <title>Services: Quagga OSPFd</title> + <include_file>/usr/local/pkg/quagga_ospfd.inc</include_file> + <aftersaveredirect>pkg_edit.php?xml=quagga_ospfd_raw.xml&id=0</aftersaveredirect> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.inc</item> + </additional_files_needed> + <menu> + <name>OSPF</name> + <tooltiptext>Modify Quagga RAW Config.</tooltiptext> + <section>Services</section> + <configfile>quagga_ospfd.xml</configfile> + <url>/pkg_edit.php?xml=quagga_ospfd.xml&id=0</url> + </menu> + <tabs> + <tab> + <text>Global Settings</text> + <url>pkg_edit.php?xml=quagga_ospfd.xml&id=0</url> + </tab> + <tab> + <text>Interface Settings</text> + <url>pkg.php?xml=quagga_ospfd_interfaces.xml</url> + </tab> + <tab> + <text>Raw Config</text> + <url>pkg_edit.php?xml=quagga_ospfd_raw.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Status</text> + <url>/status_ospfd.php</url> + </tab> + </tabs> + <service> + <name>Quagga OSPFd</name> + <rcfile>quagga.sh</rcfile> + <executable>ospfd</executable> + </service> + <service> + <name>Quagga Zebra</name> + <rcfile>quagga.sh</rcfile> + <executable>zebra</executable> + </service> + <fields> + <field> + <fielddescr>ospfd.conf</fielddescr> + <fieldname>ospfd</fieldname> + <description>Note: Once you click "Save" below, the assistant (in the "Global Settings" and "Interface Settings" tabs above) will be overridden with whatever you type here. To get back the assisted config save this form below once with both empty input fields.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>30</rows> + <cols>65</cols> + </field> + <field> + <fielddescr>zebra.conf</fielddescr> + <fieldname>zebra</fieldname> + <description>Note: Once you click "Save" below, the assistant (in the "Global Settings" and "Interface Settings" tabs above) will be overridden with whatever you type here. To get back the assisted config save this form below once with both empty input fields.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>30</rows> + <cols>65</cols> + </field> + </fields> + <custom_php_resync_config_command> + quagga_ospfd_install_conf(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/quagga_ospfd/status_ospfd.php b/config/quagga_ospfd/status_ospfd.php index dc6c6aea..8ecf19d0 100644 --- a/config/quagga_ospfd/status_ospfd.php +++ b/config/quagga_ospfd/status_ospfd.php @@ -33,6 +33,7 @@ $pgtitle = "Quagga OSPF: Status"; include("head.inc"); $control_script = "/usr/local/bin/quaggactl"; +$pkg_homedir = "/var/etc/quagga"; /* List all of the commands as an index. */ function listCmds() { @@ -90,6 +91,7 @@ function doCmdT($title, $command) { $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=quagga_ospfd.xml&id=0"); $tab_array[] = array(gettext("Interface Settings"), false, "/pkg.php?xml=quagga_ospfd_interfaces.xml"); + $tab_array[] = array(gettext("RAW Config"), false, "/pkg_edit.php?xml=quagga_ospfd_raw.xml&id=0"); $tab_array[] = array(gettext("Status"), true, "/status_ospfd.php"); display_top_tabs($tab_array); ?> @@ -110,6 +112,8 @@ function doCmdT($title, $command) { defCmdT("Quagga OSPF Interfaces", "{$control_script} ospf interfaces"); defCmdT("Quagga OSPF CPU Usage", "{$control_script} ospf cpu"); defCmdT("Quagga OSPF Memory", "{$control_script} ospf mem"); + defCmdT("Quagga ospfd.conf", "/bin/cat {$pkg_homedir}/ospfd.conf"); + defCmdT("Quagga zebra.conf", "/bin/cat {$pkg_homedir}/zebra.conf"); ?> <div id="cmdspace" style="width:100%"> <?php listCmds(); ?> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index 1a4db315..2788dab9 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -354,7 +354,7 @@ function sync_package_sarg() { else $new_cron['item'][]=$cron; } - $cron_cmd="/usr/local/bin/php /usr/local/www/sarg.php"; + $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php"; $sarg_schedule_id=0; if (is_array($config['installedpackages']['sargschedule']['config'])) foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule){ diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index a0162e3b..9266d211 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -363,7 +363,7 @@ sarg_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); diff --git a/config/sarg/sarg_about.php b/config/sarg/sarg_about.php index 573dc5ee..fba456b2 100755 --- a/config/sarg/sarg_about.php +++ b/config/sarg/sarg_about.php @@ -73,7 +73,7 @@ include("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Sarg Site");?></td> - <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://sarg.sourceforge.net/welcome.php'>Squid Analysis Report Generator</a><br><br>");?> + <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://sarg.sourceforge.net/'>Squid Analysis Report Generator</a><br><br>");?> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("About sarg package"); ?></td> @@ -83,7 +83,7 @@ include("head.inc"); <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> </tr> diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 07e24d5c..5123d786 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -144,7 +144,7 @@ To force sarg to create a report only for specific days, use:<br> <b>TODAY:</b> -d `date +%d/%m/%Y`<br> <b>YESTERDAY:</b> -d `date -v-1d +%d/%m/%Y`<br> - <b>WEEKAGO:</b> -d `date -v-1w +%d/%m/%Y`- `date -v-1d +%d/%m/%Y`<br> + <b>WEEKAGO:</b> -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`<br> <b>MONTHAGO:</b> -d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y`]]></description> <type>input</type> <size>50</size> @@ -216,7 +216,7 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_sarg(); diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 6cff7b6d..354d9991 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -138,7 +138,7 @@ sarg_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sarg_resync(); diff --git a/config/sarg/sarg_users.xml b/config/sarg/sarg_users.xml index d038e5b3..39387007 100644 --- a/config/sarg/sarg_users.xml +++ b/config/sarg/sarg_users.xml @@ -211,7 +211,7 @@ <custom_php_deinstall_command> </custom_php_deinstall_command> <custom_php_validation_command> - sarg_validate_input($_POST, &$input_errors); + sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); diff --git a/config/siproxd.inc b/config/siproxd.inc index a34f5b34..7e72c868 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -270,7 +270,7 @@ function sync_package_siproxd() { } -function validate_form_siproxd($post, $input_errors) { +function validate_form_siproxd($post, &$input_errors) { if ($post['port'] && !is_port($post['port'])) $input_errors[] = 'Invalid port entered for "Listening Port"'; if ($post['rtplower'] && !is_port($post['rtplower'])) diff --git a/config/siproxd.xml b/config/siproxd.xml index d989f964..27d00f32 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -37,7 +37,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>siproxdsettings</name> - <version>0.5.13_pfs2</version> + <version>0.8.0_2 pkg v1.0.1</version> <title>siproxd: Settings</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&id=0</aftersaveredirect> @@ -339,6 +339,6 @@ </custom_php_resync_config_command> <filter_rules_needed>siproxd_generate_rules</filter_rules_needed> <custom_php_validation_command> - validate_form_siproxd($_POST, &$input_errors); + validate_form_siproxd($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/snort/disablesid-sample.conf b/config/snort/disablesid-sample.conf new file mode 100644 index 00000000..026f4d94 --- /dev/null +++ b/config/snort/disablesid-sample.conf @@ -0,0 +1,43 @@ +# example disablesid.conf + +# Example of modifying state for individual rules +# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010 + +# Example of modifying state for rule ranges +# 1:220-1:3264,3:13010-3:13013 + +# Comments are allowed in this file, and can also be on the same line +# As the modify state syntax, as long as it is a trailing comment +# 1:1011 # I Disabled this rule because I could! + +# Example of modifying state for MS and cve rules, note the use of the : +# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, +# and all MS00 and all cve 2000 related sids! These support regular expression +# matching only after you have specified what you are looking for, i.e. +# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular +# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below) +# for this. +# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+ + +# Example of using the pcre: keyword to modify rulestate. the pcre keyword +# allows for full use of regular expression syntax, you do not need to designate +# with / and all pcre searches are treated as case insensitive. For more information +# about regular expression syntax: http://www.regular-expressions.info/ +# The following example modifies state for all MS07 through MS10 +# pcre:MS(0[7-9]|10)-\d+ +# pcre:"Joomla" + +# Example of modifying state for specific categories entirely. +# "snort_" limits to Snort VRT rules, "emerging-" limits to +# Emerging Threats Open rules, "etpro-" limits to ET-PRO rules. +# "shellcode" with no prefix would match in any vendor set. +# snort_web-iis,emerging-shellcode,etpro-imap,shellcode + +# Any of the above values can be on a single line or multiple lines, when +# on a single line they simply need to be separated by a , +# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233 + +# The modifications in this file are for sample/example purposes only and +# should not actively be used, you need to modify this file to fit your +# environment. + diff --git a/config/snort/enablesid-sample.conf b/config/snort/enablesid-sample.conf new file mode 100644 index 00000000..4cccc5dd --- /dev/null +++ b/config/snort/enablesid-sample.conf @@ -0,0 +1,39 @@ +# example enablesid.conf + +# Example of modifying state for individual rules +# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010 + +# Example of modifying state for rule ranges +# 1:220-1:3264,3:13010-3:13013 + +# Comments are allowed in this file, and can also be on the same line +# As the modify state syntax, as long as it is a trailing comment +# 1:1011 # I Disabled this rule because I could! + +# Example of modifying state for MS and cve rules, note the use of the : +# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, +# and all MS00 and all cve 2000 related sids! These support regular expression +# matching only after you have specified what you are looking for, i.e. +# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular +# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below) +# for this. +# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+ + +# Example of using the pcre: keyword to modify rulestate. the pcre keyword +# allows for full use of regular expression syntax, you do not need to designate +# with / and all pcre searches are treated as case insensitive. For more information +# about regular expression syntax: http://www.regular-expressions.info/ +# The following example modifies state for all MS07 through MS10 +# pcre:MS(0[7-9]|10)-\d+ +# pcre:"Joomla" + +# Example of modifying state for specific categories entirely. +# "snort_" limits to Snort VRT rules, "emerging-" limits to +# Emerging Threats Open rules, "etpro-" limits to ET-PRO rules. +# "shellcode" with no prefix would match in any vendor set. +# snort_web-iis,emerging-shellcode,etpro-imap,shellcode + +# Any of the above values can be on a single line or multiple lines, when +# on a single line they simply need to be separated by a , +# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233 + diff --git a/config/snort/modifysid-sample.conf b/config/snort/modifysid-sample.conf new file mode 100644 index 00000000..d59f84ba --- /dev/null +++ b/config/snort/modifysid-sample.conf @@ -0,0 +1,23 @@ +# example modifysid.conf +# +# formatting is simple +# <sid or sid list> "what I'm replacing" "what I'm replacing it with" +# +# Note that this will only work with GID:1 rules, simply because modifying +# GID:3 SO stub rules would not actually affect the rule. +# +# If you are attempting to change rulestate (enable,disable) from here +# then you are doing it wrong. Do this from within the respective +# rulestate modification configuration files. + +# the following applies to sid 10010 only and represents what would normally +# be s/to_client/from_server/ +# 10010 "to_client" "from_server" + +# the following would replace HTTP_PORTS with HTTPS_PORTS for ALL GID:1 +# rules +# "HTTP_PORTS" "HTTPS_PORTS" + +# multiple sids can be specified as noted below: +# 302,429,1821 "\$EXTERNAL_NET" "\$HOME_NET" + diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c0c5756c..bec163d7 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -36,55 +36,23 @@ require_once("config.inc"); require_once("functions.inc"); require_once("service-utils.inc"); require_once("pkg-utils.inc"); - -// Needed on 2.0 because of filter_get_vpns_list() require_once("filter.inc"); +require("/usr/local/pkg/snort/snort_defs.inc"); // Snort GUI needs some extra PHP memory space to manipulate large rules arrays -ini_set("memory_limit", "192M"); +ini_set("memory_limit", "256M"); // Explicitly declare this as global so it works through function call includes -global $rebuild_rules, $pfSense_snort_version; +global $g, $config, $rebuild_rules, $pfSense_snort_version; // Grab the Snort binary version programmatically, but if that fails use a safe default $snortver = array(); -exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -$snort_version = $snortver[0]; -if (empty($snort_version)) - $snort_version = "2.9.6.0"; - -/* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.0.8"; +$snortbindir = SNORT_PBI_BINDIR; +exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; -// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version -$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version > 2.0) { - define("SNORTDIR", "/usr/pbi/snort-" . php_uname("m") . "/etc/snort"); - define("SNORTLIBDIR", "/usr/pbi/snort-" . php_uname("m") . "/lib/snort"); -} -else { - define("SNORTDIR", "/usr/local/etc/snort"); - define("SNORTLIBDIR", "/usr/local/lib/snort"); -} - -/* Define some useful constants for Snort */ -/* Be sure to include trailing slash on the URL defines */ -define("SNORTLOGDIR", "/var/log/snort"); -define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); -define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); -define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); -define("FLOWBITS_FILENAME", "flowbit-required.rules"); -define("ENFORCING_RULES_FILENAME", "snort.rules"); -define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); -define("VRT_FILE_PREFIX", "snort_"); -define("GPL_FILE_PREFIX", "GPLv2_"); -define("ET_OPEN_FILE_PREFIX", "emerging-"); -define("ET_PRO_FILE_PREFIX", "etpro-"); -define("IPREP_PATH", "/var/db/snort/iprep/"); - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -309,7 +277,7 @@ function snort_find_list($find_name, $type = 'whitelist') { } /* func builds custom whitelists and the HOME_NET variable */ -function snort_build_list($snortcfg, $listname = "", $whitelist = false) { +function snort_build_list($snortcfg, $listname = "", $whitelist = false, $externallist = false) { /***********************************************************/ /* The default is to build a HOME_NET variable unless */ @@ -319,9 +287,10 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { global $config, $g, $aliastable, $filterdns; $home_net = array(); - if ($listname == 'default' || empty($listname)) { + if (!$externallist && ($listname == 'default' || empty($listname))) { $localnet = 'yes'; $wanip = 'yes'; $wangw = 'yes'; $wandns = 'yes'; $vips = 'yes'; $vpns = 'yes'; - } else { + } + else { $list = snort_find_list($listname); if (empty($list)) return $list; @@ -335,9 +304,13 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - /* Always add loopback to HOME_NET and whitelist (ftphelper) */ - if (!in_array("127.0.0.1", $home_net)) - $home_net[] = "127.0.0.1"; + /* Always add loopback addresses to HOME_NET and whitelist */ + if (!$externallist) { + if (!in_array("127.0.0.1", $home_net)) + $home_net[] = "127.0.0.1"; + if (!in_array("::1", $home_net)) + $home_net[] = "::1"; + } /********************************************************************/ /* Always put the interface running Snort in HOME_NET and whitelist */ @@ -348,7 +321,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { /* though, to prevent locking out the firewall itself. */ /********************************************************************/ $snortip = get_interface_ip($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddr($snortip)) { if ($snortcfg['interface'] <> "wan") { $sn = get_interface_subnet($snortcfg['interface']); @@ -358,35 +331,46 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } } - else { - if (is_ipaddr($snortip)) { + elseif (!$externallist && $localnet != 'yes') { + if (is_ipaddrv4($snortip)) { if (!in_array($snortip, $home_net)) $home_net[] = $snortip; } } - /* Handle IPv6 if available (2.1 and higher) */ - if (function_exists('get_interface_ipv6')) { - $snortip = get_interface_ipv6($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddrv6($snortip)) { - if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + // Grab the IPv6 address if we have one assigned + $snortip = get_interface_ipv6($snortcfg['interface']); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { + if (is_ipaddrv6($snortip)) { + if ($snortcfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($snortcfg['interface']); + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; } } - else { - if (is_ipaddrv6($snortip)) { - if (!in_array($snortip, $home_net)) - $home_net[] = $snortip; - } + } + elseif (!$externallist && $localnet != 'yes') { + if (is_ipaddrv6($snortip)) { + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + // Add link-local address if user included locally-attached networks + $snortip = get_interface_linklocal($snortcfg['interface']); + if (!empty($snortip) && $localnet == 'yes') { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; + } + + if (($externallist && $localnet == 'yes') || (!$externallist && (!$whitelist || $localnet == 'yes' || empty($localnet)))) { /*************************************************************************/ /* Iterate through the interface list and write out whitelist items and */ /* also compile a HOME_NET list of all the local interfaces for snort. */ @@ -398,56 +382,79 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if ($int == "wan") continue; $subnet = get_interface_ip($int); - if (is_ipaddr($subnet)) { + if (is_ipaddrv4($subnet)) { $sn = get_interface_subnet($int); $ip = gen_subnet($subnet, $sn) . "/{$sn}"; if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - if ($int == "wan") - continue; - $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + + $subnet = get_interface_ipv6($int); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($subnet, "%") !== FALSE) + $subnet = substr($subnet, 0, strpos($subnet, "%")); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal($int); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } } if ($wanip == 'yes') { $ip = get_interface_ip("wan"); - if (is_ipaddr($ip)) { + if (is_ipaddrv4($ip)) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - $ip = get_interface_ipv6("wan"); - if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $ip = get_interface_ipv6("wan"); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); + if (is_ipaddrv6($ip)) { + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + // Explicitly grab the WAN Link-Local address + $snortip = get_interface_linklocal("wan"); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } if ($wangw == 'yes') { /* Grab the default gateway if set */ $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'"); - if (is_ipaddr($default_gw) && !in_array($default_gw, $home_net)) + if (is_ipaddrv4($default_gw) && !in_array($default_gw, $home_net)) + $home_net[] = $default_gw; + if (is_ipaddrv6($default_gw) && !in_array($default_gw, $home_net)) $home_net[] = $default_gw; /* Get any other interface gateway and put in $HOME_NET if not there already */ $gw = get_interface_gateway($snortcfg['interface']); - if (is_ipaddr($gw) && !in_array($gw, $home_net)) + if (is_ipaddrv4($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; + $gw = get_interface_gateway_v6($snortcfg['interface']); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($gw, "%") !== FALSE) + $gw = substr($gw, 0, strpos($gw, "%")); + if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gateway_v6")) { - $gw = get_interface_gateway_v6($snortcfg['interface']); - if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; - } } if ($wandns == 'yes') { @@ -471,7 +478,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */ + // Grab a list of vpns enabled - these come back as CIDR mask networks if ($vpns == 'yes') { $vpns_list = filter_get_vpns_list(); if (!empty($vpns_list)) { @@ -513,9 +520,19 @@ function snort_barnyard_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})..."); + log_error("[Snort] Barnyard2 STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); + + // Now wait up to 5 seconds for Barnyard2 to actually stop and clear its PID file + $count = 0; + do { + if (!isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) + break; + sleep(1); + $count++; + } while ($count < 5); } + unlink_if_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } function snort_stop($snortcfg, $if_real) { @@ -523,56 +540,131 @@ function snort_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})..."); + log_error("[Snort] Snort STOP for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); + + // Now wait up to 10 seconds for Snort to actually stop and clear its PID file + $count = 0; + do { + if (!isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) + break; + sleep(1); + $count++; + } while ($count < 10); } + unlink_if_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); snort_barnyard_stop($snortcfg, $if_real); } -function snort_barnyard_start($snortcfg, $if_real) { +function snort_barnyard_start($snortcfg, $if_real, $background=FALSE) { global $config, $g; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; + $snortbindir = SNORT_PBI_BINDIR; - /* define snortbarnyardlog_chk */ - if ($snortcfg['barnyard_enable'] == 'on') { - log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})..."); - mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + if ($snortcfg['barnyard_enable'] == 'on' && !isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { + log_error("[Snort] Barnyard2 START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + if ($background) + mwexec_bg("{$snortbindir}barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); + else + mwexec("{$snortbindir}barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q"); } } -function snort_start($snortcfg, $if_real) { +function snort_start($snortcfg, $if_real, $background=FALSE) { global $config, $g; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; $snort_uuid = $snortcfg['uuid']; + $snortbindir = SNORT_PBI_BINDIR; - if ($snortcfg['enable'] == 'on') { - log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})..."); - mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); - } + if ($config['installedpackages']['snortglobal']['verbose_logging'] == "on") + $quiet = ""; else + $quiet = "-q --suppress-config-log"; + + if ($snortcfg['enable'] == 'on' && !isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error("[Snort] Snort START for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); + if ($background) + mwexec_bg("{$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + else + mwexec("{$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + snort_barnyard_start($snortcfg, $if_real, $background); + } +} + +function snort_start_all_interfaces($background=FALSE) { + + /*************************************************************/ + /* This function starts all configured and enabled Snort */ + /* interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; - snort_barnyard_start($snortcfg, $if_real); + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + if ($snortcfg['enable'] != 'on') + continue; + snort_start($snortcfg, get_real_interface($snortcfg['interface']), $background); + } +} + +function snort_stop_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Snort interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + foreach ($config['installedpackages']['snortglobal']['rule'] as $snortcfg) { + snort_stop($snortcfg, get_real_interface($snortcfg['interface'])); + } +} + +function snort_restart_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Snort interfaces and */ + /* restarts enabled Snort interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Snort interfaces active */ + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return; + + snort_stop_all_interfaces(); + sleep(2); + snort_start_all_interfaces(TRUE); } -/**************************************************************/ -/* This function sends the passed SIGNAL to the Snort */ -/* instance on the passed interface to cause Snort to reload */ -/* and parse the running configuration without stopping */ -/* packet processing. It also executes the reload as a */ -/* background process and returns control immediately to the */ -/* caller. */ -/* */ -/* $signal = SIGHUP (default) parses and reloads config. */ -/* SIGURG updates Host Attribute Table. */ -/**************************************************************/ function snort_reload_config($snortcfg, $signal="SIGHUP") { + + /*************************************************************/ + /* This function sends the passed SIGNAL to the Snort */ + /* instance on the passed interface to cause Snort to */ + /* reload and parse the running configuration without */ + /* stopping packet processing. It also executes the */ + /* the reload as a background process and returns control */ + /* immediately to the caller. */ + /* */ + /* $signal = SIGHUP (default) parses and reloads config. */ + /* SIGURG updates Host Attribute Table. */ + /*************************************************************/ global $config, $g; $snortdir = SNORTDIR; @@ -584,23 +676,23 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") { /* can find a valid PID for the process. */ /******************************************************/ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})..."); + log_error("[Snort] Snort RELOAD CONFIG for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } } function snort_barnyard_reload_config($snortcfg, $signal="HUP") { - /**************************************************************/ - /* This function sends the passed SIGNAL to the Barnyard2 */ - /* instance on the passed interface to cause Barnyard to */ - /* reload and parse the running configuration without */ - /* impacting packet processing. It also executes the reload */ - /* as a background process and returns control immediately */ - /* to the caller. */ - /* */ - /* $signal = HUP (default) parses and reloads config. */ - /**************************************************************/ + /*************************************************************/ + /* This function sends the passed SIGNAL to the Barnyard2 */ + /* instance on the passed interface to cause Barnyard to */ + /* reload and parse the running configuration without */ + /* impacting packet processing. It also executes the reload */ + /* as a background process and returns control immediately */ + /* to the caller. */ + /* */ + /* $signal = HUP (default) parses and reloads config. */ + /*************************************************************/ global $g; $snortdir = SNORTDIR; @@ -612,7 +704,7 @@ function snort_barnyard_reload_config($snortcfg, $signal="HUP") { /* we can find a valid PID for the process. */ /******************************************************/ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { - log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})..."); + log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for " . convert_real_interface_to_friendly_descr($if_real) . "({$if_real})..."); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } } @@ -664,14 +756,79 @@ function snort_Getdirsize($node) { return substr( $blah, 0, strpos($blah, 9) ); } +function snort_cron_job_exists($crontask, $match_time=FALSE, $minute="0", $hour="*", $monthday="*", $month="*", $weekday="*", $who="root") { + + /************************************************************ + * This function iterates the cron[] array in the config * + * to determine if the passed $crontask entry exists. It * + * returns TRUE if the $crontask already exists, or FALSE * + * if there is no match. * + * * + * The $match_time flag, when set, causes a test of the * + * configured task execution times along with the task * + * when checking for a match. * + * * + * We use this to prevent unneccessary config writes if * + * the $crontask already exists. * + ************************************************************/ + + global $config, $g; + + if (!is_array($config['cron'])) + $config['cron'] = array(); + if (!is_array($config['cron']['item'])) + $config['cron']['item'] = array(); + + foreach($config['cron']['item'] as $item) { + if(strpos($item['command'], $crontask) !== FALSE) { + if ($match_time) { + if ($item['minute'] != $minute) + return FALSE; + if ($item['hour'] != $hour) + return FALSE; + if ($item['mday'] != $monthday) + return FALSE; + if ($item['month'] != $month) + return FALSE; + if ($item['wday'] != $weekday) + return FALSE; + if ($item['who'] != $who) + return FALSE; + } + return TRUE; + } + } + return FALSE; +} + function snort_snortloglimit_install_cron($should_install=TRUE) { + // See if simply removing existing "loglimit" job for Snort + if ($should_install == FALSE) { + if (snort_cron_job_exists("snort/snort_check_cron_misc.inc", FALSE)) + install_cron_job("snort_check_cron_misc.inc", false); + return; + } + + // If there are no changes in the cron job command string from the existing job, then exit. + if ($should_install && snort_cron_job_exists("/usr/local/pkg/snort/snort_check_cron_misc.inc", TRUE, "*/5")) + return; + + // Else install the new or updated cron job install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc", $should_install, "*/5"); } function snort_rm_blocked_install_cron($should_install) { global $config, $g; + // See if simply removing existing "expiretable" job for Snort + if ($should_install == FALSE) { + if (snort_cron_job_exists("snort2c", FALSE)) + install_cron_job("snort2c", false); + return; + } + + // Grab the configured interval from our configuration $snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked']; if ($snort_rm_blocked_info_ck == "15m_b") { @@ -755,13 +912,15 @@ function snort_rm_blocked_install_cron($should_install) { $snort_rm_blocked_expire = "2419200"; } - // First remove any existing "expiretable" jobs for Snort. - install_cron_job("snort2c", false); + // Construct the basic cron command task + $command = "/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire {$snort_rm_blocked_expire}"; + + // If there are no changes in the cron job command string from the existing job, then exit. + if (snort_cron_job_exists($command, TRUE, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root")) + return; - // Now either install the new or updated cron job, - // or return if "rm_blocked" is disabled + // Else install the new or updated cron job if ($should_install) { - $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); } } @@ -770,6 +929,15 @@ function snort_rm_blocked_install_cron($should_install) { function snort_rules_up_install_cron($should_install) { global $config, $g; + // If called with FALSE as argument, then we're removing + // the existing job. + if ($should_install == FALSE) { + if (snort_cron_job_exists("snort_check_for_rule_updates.php", FALSE)) + install_cron_job("snort_check_for_rule_updates.php", false); + return; + } + + // Grab the configured update interval from our configuration $snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7']; /* See if a customized start time has been set for rule file updates */ @@ -833,8 +1001,16 @@ function snort_rules_up_install_cron($should_install) { $snort_rules_up_wday = "*"; } - $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/snort/snort_check_for_rule_updates.php"; - install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root"); + // Construct the basic cron command task + $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php"; + + // If there are no changes in the cron job command string from the existing job, then exit + if (snort_cron_job_exists($command, TRUE, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root")) + return; + + // Else install the new or updated cron job + if ($should_install) + install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root"); } /* Only run when all ifaces needed to sync. Expects filesystem rw */ @@ -845,32 +1021,30 @@ function sync_snort_package_config() { $snortdir = SNORTDIR; $rcdir = RCFILEPREFIX; - conf_mount_rw(); - /* do not start config build if rules is empty or there are no Snort settings */ if (!is_array($config['installedpackages']['snortglobal']) || !is_array($config['installedpackages']['snortglobal']['rule'])) { - @unlink("{$rcdir}/snort.sh"); - conf_mount_ro(); return; } $snortconf = $config['installedpackages']['snortglobal']['rule']; foreach ($snortconf as $value) { - $if_real = get_real_interface($value['interface']); + /* Skip configuration of any disabled interface */ + if ($value['enable'] != 'on') + continue; - /* create a snort.conf file for interface */ + /* create a snort.conf file for interface */ snort_generate_conf($value); - /* create barnyard2.conf file for interface */ + /* create barnyard2.conf file for interface */ if ($value['barnyard_enable'] == 'on') - snort_generate_barnyard2_conf($value, $if_real); + snort_generate_barnyard2_conf($value, get_real_interface($value['interface'])); } - /* create snort bootup file snort.sh only create once */ - snort_create_rc(); - $snortglob = $config['installedpackages']['snortglobal']; + /* create snort bootup file snort.sh */ + snort_create_rc(); + snort_snortloglimit_install_cron(true); /* set the snort block hosts time IMPORTANT */ @@ -879,13 +1053,9 @@ function sync_snort_package_config() { /* set the snort rules update time */ snort_rules_up_install_cron($snortglob['autorulesupdate7'] != "never_up" ? true : false); - configure_cron(); - /* Do not attempt package sync if reinstalling package or booting */ if (!$g['snort_postinstall'] && !$g['booting']) snort_sync_on_changes(); - - conf_mount_ro(); } function snort_build_sid_msg_map($rules_path, $sid_file) { @@ -1121,11 +1291,11 @@ function snort_load_rules_map($rules_path) { if (empty($rules_path)) return $map_ref; - /*************************************************************** + /************************************************************************************ * Read all the rules into the map array. * The structure of the map array is: * - * map[gid][sid]['rule']['category']['disabled']['action']['flowbits'] + * map[gid][sid]['rule']['category']['action']['disabled']['managed']['flowbits'] * * where: * gid = Generator ID from rule, or 1 if general text @@ -1133,12 +1303,14 @@ function snort_load_rules_map($rules_path) { * sid = Signature ID from rule * rule = Complete rule text * category = File name of file containing the rule + * action = alert, drop, reject or pass * disabled = 1 if rule is disabled (commented out), 0 if * rule is enabled - * action = alert|log|pass|drop|reject|sdrop + * managed = 1 if rule is auto-managed by SID MGMT process, + * 0 if not auto-managed * flowbits = Array of applicable flowbits if rule contains * flowbits options - ***************************************************************/ + ************************************************************************************/ /* First check if we were passed a directory, a single file */ /* or an array of filenames to read. Set our $rule_files */ @@ -1625,7 +1797,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { /* rules file will be written. */ /************************************************/ - $rule_file = "/" . ENFORCING_RULES_FILENAME; + $rule_file = "/" . SNORT_ENFORCING_RULES_FILENAME; /* See if we were passed a directory or full */ /* filename to write the rules to, and adjust */ @@ -1661,6 +1833,854 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { } } +function snort_parse_sidconf_file($sidconf_file) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by '$sidconf_file'. The file is */ + /* assumed to contain valid instructions for */ + /* matching rule SIDs as supported by the */ + /* Oinkmaster and PulledPork utilities. */ + /* */ + /* $sidconf_file ==> full path and name of */ + /* file to process */ + /* */ + /* Returns ==> an array containing */ + /* SID modifier tokens */ + /**********************************************/ + + $buf = ""; + $sid_mods = array(); + + $fd = fopen("{$sidconf_file}", "r"); + if ($fd == FALSE) { + log_error("[Snort] Failed to open SID MGMT file '{$sidconf_file}' for processing."); + return $sid_mods; + } + + // Read and parse the conf file line-by-line + while (($buf = fgets($fd)) !== FALSE) { + $line = array(); + + // Skip any lines that may be just spaces. + if (trim($buf, " \r\n") == "") + continue; + + // Skip line with leading "#" since it's a comment + if (preg_match('/^\s*#/', $buf)) + continue; + + // Trim off any trailing comment + $line = explode("#", $buf); + + // Trim leading and trailing spaces plus newline and any carriage returns + $buf = trim($line[0], ' \r\n'); + + // Now split the SID mod arguments at the commas, if more than one + // per line, and add to our $sid_mods array. + $line = explode(",", $buf); + foreach ($line as $ent) + $sid_mods[] = trim($ent); + } + + // Close the file, release unneeded memory and return + // the array of SID mod tokens parsed from the file. + fclose($fd); + unset($line, $buf); + return $sid_mods; +} + +function snort_sid_mgmt_auto_categories($snortcfg, $log_results = FALSE) { + + /****************************************************/ + /* This function parses any auto-SID conf files */ + /* configured for the interface and returns an */ + /* array of rule categories adjusted from the */ + /* ['enabled_rulesets'] element in the config for */ + /* the interface in accordance with the contents */ + /* of the SID Mgmt conf files. */ + /* */ + /* The returned array shows which files should be */ + /* removed and which should be added to the list */ + /* used when building the enforcing ruleset. */ + /* */ + /* $snortcfg ==> pointer to interface */ + /* configuration info */ + /* $log_results ==> [optional] log results to */ + /* 'sid_changes.log' in the */ + /* interface directory in */ + /* /var/log/snort when TRUE */ + /* */ + /* Returns ==> array of category file names */ + /* for the interface. The keys */ + /* are category file names and */ + /* the corresponding values show */ + /* if the file should be added */ + /* or removed from the enabled */ + /* rulesets list. */ + /* */ + /* Example - */ + /* $changes[file] = 'enabled' */ + /* */ + /****************************************************/ + + global $config; + $snort_sidmods_dir = SNORT_SID_MODS_PATH; + $sid_mods = array(); + $enables = array(); + $disables = array(); + + // Check if auto-mgmt of SIDs is enabled, exit if not + if ($config['installedpackages']['snortglobal']['auto_manage_sids'] != 'on') + return array(); + if (empty($snortcfg['disable_sid_file']) && empty($snortcfg['enable_sid_file'])) + return array(); + + // Configure the interface's logging subdirectory if log results is enabled + if ($log_results == TRUE) + $log_file = SNORTLOGDIR . "/snort_" . get_real_interface($snortcfg['interface']) . "{$snortcfg['uuid']}/sid_changes.log"; + else + $log_file = NULL; + + // Get the list of currently enabled categories for the interface + if (!empty($snortcfg['rulesets'])) + $enabled_cats = explode("||", $snortcfg['rulesets']); + + if ($log_results == TRUE) { + error_log(gettext("********************************************************\n"), 3, $log_file); + error_log(gettext("Starting auto RULE CATEGORY management for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) ."\n"), 3, $log_file); + error_log(gettext("Start Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + } + + switch ($snortcfg['sid_state_order']) { + case "disable_enable": + if (!empty($snortcfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$snortcfg['disable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'disable_sid_file' \"{$snortcfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open disable_sid file \"{$snortcfg['disable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + $disables = snort_get_auto_category_mods($enabled_cats, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['disable_sid_file']}\".\n"), 3, $log_file); + } + } + if (!empty($snortcfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$snortcfg['enable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'enable_sid_file' \"{$snortcfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open enable_sid file \"{$snortcfg['enable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + $enables = snort_get_auto_category_mods($enabled_cats, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['enable_sid_file']}\".\n"), 3, $log_file); + } + } + break; + + case "enable_disable": + if (!empty($snortcfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$snortcfg['enable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'enable_sid_file' \"{$snortcfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open enable_sid file \"{$snortcfg['enable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + $enables = snort_get_auto_category_mods($enabled_cats, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['enable_sid_file']}\".\n"), 3, $log_file); + } + } + if (!empty($snortcfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$snortcfg['disable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'disable_sid_file' \"{$snortcfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open disable_sid file \"{$snortcfg['disable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + $disables = snort_get_auto_category_mods($enabled_cats, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['disable_sid_file']}\".\n"), 3, $log_file); + } + } + break; + + default: + log_error(gettext("[Snort] Unrecognized 'sid_state_order' value. Skipping auto CATEGORY mgmt step for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) { + error_log(gettext("ERROR: unrecognized 'sid_state_order' value. Skipping auto CATEGORY mgmt step for ") . convert_friendly_interface_to_friendly_descr($snortcfg['interface']). ".\n", 3, $log_file); + } + } + + if ($log_results == TRUE) { + error_log(gettext("End Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + error_log(gettext("********************************************************\n\n"), 3, $log_file); + } + + // Return the required rule category modifications as an array; + return array_merge($enables, $disables); +} + +function snort_get_auto_category_mods($categories, $sid_mods, $action, $log_results = FALSE, $log_file = NULL) { + + /****************************************************/ + /* This function parses the provided SID mod tokens */ + /* in $sid_mods and returns an array of category */ + /* files that must be added ('enabled') or removed */ + /* ('disabled') from the provided $categories list */ + /* of enabled rule categories as determined by the */ + /* content of the SID Mgmt tokens in $sid_mods. */ + /* */ + /* The returned array shows which files should be */ + /* removed and which should be added to the list */ + /* used when building the enforcing ruleset. */ + /* */ + /* $categories ==> array of currently enabled */ + /* ruleset categories */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $action ==> modification action for */ + /* matching category targets: */ + /* 'enable' or 'disable' */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename of log */ + /* file to write to */ + /* */ + /* Returns ==> array of category file names */ + /* for the interface. The keys */ + /* are category file names and */ + /* the corresponding values show */ + /* if the file should be added */ + /* or removed from the enabled */ + /* rulesets list. */ + /* */ + /* Example - */ + /* $changes[file] = 'enabled' */ + /* */ + /****************************************************/ + + $snortdir = SNORTDIR; + $all_cats = array(); + $changes = array(); + $counter = 0; + $matchcount = 0; + + // Get a list of all possible categories by loading all rules files + foreach (array( VRT_FILE_PREFIX, ET_OPEN_FILE_PREFIX, ET_PRO_FILE_PREFIX, GPL_FILE_PREFIX ) as $prefix) { + $files = glob("{$snortdir}/rules/{$prefix}*.rules"); + foreach ($files as $file) + $all_cats[] = basename($file); + } + + // Walk the SID mod tokens and decode looking for rule + // category enable/disable changes. + foreach ($sid_mods as $tok) { + $matches = array(); + // Test the SID token for a GID:SID range and skip if true + if (preg_match('/^(\d+):(\d+)-\1:(\d+)/', $tok)) + continue; + // Test the token for a single GID:SID and skip if true + elseif (preg_match('/^(\d+):(\d+)$/', $tok)) + continue; + // Test the token for the PCRE: keyword and skip if true + elseif (preg_match('/(^pcre\:)(.+)/i', $tok)) + continue; + // Test the token for the MS reference keyword and skip if true + elseif (preg_match('/^MS\d+-.+/i', $tok)) + continue; + // Test the token for other keywords delimited with a colon and skip if true + elseif (preg_match('/^[a-xA-X]+\:.+/', $tok)) + continue; + // Test the SID token for a rule category name. Anything that + // failed to match above is considered a potential category name. + elseif (preg_match('/[a-xA-X]+(-|\w).*/', $tok, $matches)) { + $counter++; + $regex = "/" . preg_quote(trim($matches[0]), '/') . "/i"; + // Search through the $all_cats array for any matches to the regex + $matches = preg_grep($regex, $all_cats); + + // See if any matches are in the $categories array + foreach ($matches as $cat) { + switch ($action) { + case 'enable': + if (!isset($changes[$cat])) { + $changes[$cat] = 'enabled'; + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Enabled rule category: {$cat}\n"), 3, $log_file); + $matchcount++; + } + break; + + case 'disable': + if (!isset($changes[$cat])) { + $changes[$cat] = 'disabled'; + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Disabled rule category: {$cat}\n"), 3, $log_file); + $matchcount++; + } + break; + + default: + break; + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Parsed {$counter} potential Rule Categories to match from the list of tokens.\n"), 3, $log_file); + error_log(gettext(" " . ucfirst($action) . "d {$matchcount} matching Rule Categories.\n"), 3, $log_file); + } + + // Release memory no longer needed + unset($all_cats, $matches); + + // Return array of rule category file changes + return $changes; +} + +function snort_modify_sid_state(&$rule_map, $sid_mods, $action, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function walks the provided array of */ + /* SID modification tokens and locates the */ + /* target SID or SIDs in the $rule_map array. */ + /* It then performs the change specified by */ + /* $action on the target SID or SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $action ==> modification action for */ + /* matching SID targets: */ + /* 'enable' or 'disable' */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> $rule_map array modified */ + /* by changing state for */ + /* matching SIDs. */ + /* */ + /* Returns a two-dimension */ + /* array of matching GID:SID */ + /* pairs. */ + /**********************************************/ + + $sids = array(); + + // If no rules in $rule_map or mods in $sid_mods, + // then nothing to do. + if (empty($rule_map) || empty($sid_mods)) + return $sids; + + // Validate the action keyword as we only accept + // 'enable' and 'disable' as valid. + switch ($action) { + + case "enable": + break; + + case "disable": + break; + + default: + log_error(gettext("[Snort] Error - unknown action '{$action}' supplied to snort_modify_sid_state() function...no SIDs modified.")); + return $sids; + } + + // Walk the SID mod tokens and decode each one + foreach ($sid_mods as $tok) { + $matches = array(); + // Test the SID token for a GID:SID range + if (preg_match('/^(\d+):(\d+)-\1:(\d+)/', $tok, $matches)) { + // It was a range, so find all the intervening SIDs + $gid = trim($matches[1]); + $lsid = trim($matches[2]); + $usid = trim($matches[3]); + $sids[$gid][$lsid] = $action; + while ($lsid < $usid) { + $lsid++; + $sids[$gid][$lsid] = $action; + } + } + // Test the SID token for a single GID:SID + elseif (preg_match('/^(\d+):(\d+)$/', $tok, $matches)) { + // It's a single GID:SID, so grab it + $sids[$matches[1]][$matches[2]] = $action; + } + // Test the SID token for the PCRE: keyword + elseif (preg_match('/(^pcre\:)(.+)/i', $tok, $matches)) { + $regex = '/' . preg_quote($matches[2], '/') . '/i'; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for the MS reference keyword + elseif (preg_match('/^MS\d+-.+/i', $tok, $matches)) { + $regex = "/" . preg_quote($matches[0], '/') . "/i"; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for other keywords delimited with a colon + elseif (preg_match('/^[a-xA-X]+\:.+/', $tok, $matches)) { + $regex = "/" . str_replace(':', ",", preg_quote($matches[0], '/')) . "/i"; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for a rule category name. Anything that + // failed to match above is considered a potential category name. + elseif (preg_match('/[a-xA-X]+(-|\w).*/', $tok, $matches)) { + $regex = "/" . preg_quote(trim($matches[0]), '/') . "/i"; + // Now search through the $rule_map in the 'category' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['category'] . ".rules")) { + $sids[$k1][$k2] = $action; + } + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + // Change state of all the matching GID:SID pairs we found + // above in the $rule_map array passed to us. + $modcount = $changecount = 0; + $counter = count($sids, COUNT_RECURSIVE) - count($sids); + + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Parsed {$counter} potential SIDs to match from the provided list of tokens.\n"), 3, $log_file); + + foreach (array_keys($sids) as $k1) { + foreach (array_keys($sids[$k1]) as $k2) { + if (isset($rule_map[$k1][$k2])) { + if ($action == 'enable' && $rule_map[$k1][$k2]['disabled'] == 1) { + $rule_map[$k1][$k2]['rule'] = ltrim($rule_map[$k1][$k2]['rule'], " \t#"); + $rule_map[$k1][$k2]['disabled'] = 0; + $rule_map[$k1][$k2]['managed'] = 1; + $changecount++; + $modcount++; + } + elseif ($action == 'disable' && $rule_map[$k1][$k2]['disabled'] == 0) { + $rule_map[$k1][$k2]['rule'] = "# " . $rule_map[$k1][$k2]['rule']; + $rule_map[$k1][$k2]['disabled'] = 1; + $rule_map[$k1][$k2]['managed'] = 1; + $changecount++; + $modcount++; + } + } + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Found {$modcount} matching SIDs in the active rules.\n"), 3, $log_file); + error_log(gettext(" Changed state for {$changecount} SIDs to '{$action}d'.\n"), 3, $log_file); + } + + // Return the array of matching SIDs + return $sids; +} + +function snort_modify_sid_content(&$rule_map, $sid_mods, $log_results = FALSE, $log_file = NULL) { + + /************************************************/ + /* This function walks the provided array of */ + /* SID modification tokens and locates the */ + /* target SID or SIDs in the $rule_map array. */ + /* It then modifies the content of the target */ + /* SID or SIDs. Modifications are only valid */ + /* for normal GID=1 text rules. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> $rule_map array modified */ + /* by changing content for */ + /* matching SIDs. */ + /* */ + /* Returns a two-dimension */ + /* array of matching */ + /* GID:SID pairs. */ + /************************************************/ + + $sids = array(); + $tokencounter = $modcount = $modifiedcount = 0; + + // If no rules in $rule_map or mods in $sid_mods, + // then nothing to do. + if (empty($rule_map) || empty($sid_mods)) + return $sids; + + // Walk the SID mod tokens and decode each one + foreach ($sid_mods as $tok) { + $matches = array(); + if (preg_match('/([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/', $tok, $matches)) { + $tokencounter++; + $sidlist = explode(",", $matches[1]); + $from = '/' . preg_quote($matches[2], '/') . '/'; + $to = $matches[3]; + $count = 0; + + // Now walk the provided rule map and make the modifications + if ($matches[1] == "*") { + // If wildcard '*' provided for SID, then check them all + foreach ($rule_map[1] as $rulem) { + foreach ($rulem as $k2 => $v) { + $modcount++; + $rule_map[1][$k2]['rule'] = preg_replace($from, $to, $v['rule'], -1, $count); + if ($count > 0) { + $rule_map[1][$k2]['managed'] = 1; + $sids[1][$k2] = 'modify'; + $modifiedcount++; + } + } + } + } + else { + // Otherwise just check the provided SIDs + foreach ($sidlist as $sid) { + if (isset($rule_map[1][$sid])) { + $modcount++; + $rule_map[1][$sid]['rule'] = preg_replace($from, $to, $rule_map[1][$sid]['rule'], -1, $count); + if ($count > 0) { + $rule_map[1][$sid]['managed'] = 1; + $sids[1][$sid] = 'modify'; + $modifiedcount++; + } + } + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Parsed {$tokencounter} potential SIDs to match from the provided list of tokens.\n"), 3, $log_file); + error_log(gettext(" Found {$modcount} matching SIDs in the active rules.\n"), 3, $log_file); + error_log(gettext(" Modified rule text for {$modifiedcount} SIDs.\n"), 3, $log_file); + } + + // Return the array of matching SIDs + return $sids; +} + +function snort_process_enablesid(&$rule_map, $snortcfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'enable_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid enablesid.conf file containing */ + /* instructions for enabling matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $snortcfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $snort_sidmods_dir = SNORT_SID_MODS_PATH; + $snortlogdir = SNORTLOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'enable_sid_file' \"{$snortcfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + return; + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + snort_modify_sid_state($rule_map, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['enable_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function snort_process_disablesid(&$rule_map, $snortcfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'disable_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid disablesid.conf file containing */ + /* instructions for disabling matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $snortcfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $snort_sidmods_dir = SNORT_SID_MODS_PATH; + $snortlogdir = SNORTLOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'disable_sid_file' \"{$snortcfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + return; + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + snort_modify_sid_state($rule_map, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['disable_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function snort_process_modifysid(&$rule_map, $snortcfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'modify_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid modifysid.conf file containing */ + /* instructions for modifying matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $snortcfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $snort_sidmods_dir = SNORT_SID_MODS_PATH; + $snortlogdir = SNORTLOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'modify_sid_file' for the interface + if (!file_exists("{$snort_sidmods_dir}{$snortcfg['modify_sid_file']}")) { + log_error(gettext("[Snort] Error - unable to open 'modify_sid_file' \"{$snortcfg['modify_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + return; + } + else + $sid_mods = snort_parse_sidconf_file("{$snort_sidmods_dir}{$snortcfg['modify_sid_file']}"); + + if (!empty($sid_mods)) + snort_modify_sid_content($rule_map, $sid_mods, $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$snortcfg['modify_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function snort_auto_sid_mgmt(&$rule_map, $snortcfg, $log_results = FALSE) { + + /**************************************************/ + /* This function modifies the rules in the */ + /* passed rule_map array based on values in the */ + /* files 'enable_sid_file', 'disable_sid_file' */ + /* and 'modify_sid_file' for the interface. */ + /* */ + /* If auto-mgmt of SIDs is enabled via the */ + /* settings on the UPDATE RULES tab, then the */ + /* rules are processed against these settings. */ + /* */ + /* $rule_map ==> array of current rules */ + /* $snortcfg ==> interface config settings */ + /* $log_results ==> [optional] log results to */ + /* 'sid_changes.log' in the */ + /* interface directory in */ + /* /var/log/snort when TRUE */ + /* */ + /* Returns ==> TRUE if rules were changed; */ + /* otherwise FALSE */ + /**************************************************/ + + global $config; + $result = FALSE; + + // Configure the interface's logging subdirectory if log results is enabled + if ($log_results == TRUE) + $log_file = SNORTLOGDIR . "/snort_" . get_real_interface($snortcfg['interface']) . "{$snortcfg['uuid']}/sid_changes.log"; + else + $log_file = NULL; + + // Check if auto-mgmt of SIDs is enabled and files are specified + // for the interface. + if ($config['installedpackages']['snortglobal']['auto_manage_sids'] == 'on' && + (!empty($snortcfg['disable_sid_file']) || !empty($snortcfg['enable_sid_file']) || + !empty($snortcfg['modify_sid_file']))) { + if ($log_results == TRUE) { + error_log(gettext("********************************************************\n"), 3, $log_file); + error_log(gettext("Starting auto SID management for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) ."\n"), 3, $log_file); + error_log(gettext("Start Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + } + + switch ($snortcfg['sid_state_order']) { + case "disable_enable": + if (!empty($snortcfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$snortcfg['disable_sid_file']}\n"), 3, $log_file); + snort_process_disablesid($rule_map, $snortcfg, $log_results, $log_file); + } + if (!empty($snortcfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$snortcfg['enable_sid_file']}\n"), 3, $log_file); + snort_process_enablesid($rule_map, $snortcfg, $log_results, $log_file); + } + if (!empty($snortcfg['modify_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing modify_sid file: {$snortcfg['modify_sid_file']}\n"), 3, $log_file); + snort_process_modifysid($rule_map, $snortcfg, $log_results, $log_file); + } + $result = TRUE; + break; + + case "enable_disable": + if (!empty($snortcfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$snortcfg['enable_sid_file']}\n"), 3, $log_file); + snort_process_enablesid($rule_map, $snortcfg, $log_results, $log_file); + } + if (!empty($snortcfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$snortcfg['disable_sid_file']}\n"), 3, $log_file); + snort_process_disablesid($rule_map, $snortcfg, $log_results, $log_file); + } + if (!empty($snortcfg['modify_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing modify_sid file: {$snortcfg['modify_sid_file']}\n"), 3, $log_file); + snort_process_modifysid($rule_map, $snortcfg, $log_results, $log_file); + } + $result = TRUE; + break; + + default: + log_error(gettext("[Snort] Unrecognized 'sid_state_order' value. Skipping auto SID mgmt step for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']))); + if ($log_results == TRUE) { + error_log(gettext("ERROR: unrecognized 'sid_state_order' value. Skipping auto SID mgmt step for ") . convert_friendly_interface_to_friendly_descr($snortcfg['interface']). ".\n", 3, $log_file); + } + $result = FALSE; + } + + if ($log_results == TRUE) { + error_log(gettext("End Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + error_log(gettext("********************************************************\n\n"), 3, $log_file); + } + } + return $result; +} + function snort_load_sid_mods($sids) { /*****************************************/ @@ -1686,11 +2706,12 @@ function snort_load_sid_mods($sids) { if (preg_match('/(\d+)\s*:\s*(\d+)/', $v, $match)) { if (!is_array($result[$match[1]])) $result[$match[1]] = array(); + if (!is_array($result[$match[1]][$match[2]])) + $result[$match[1]][$match[2]] = array(); $result[$match[1]][$match[2]] = "{$match[1]}:{$match[2]}"; } } unset($tmp); - return $result; } @@ -1751,31 +2772,31 @@ function snort_create_rc() { /* after any changes to snort.conf saved in the GUI. */ /*********************************************************/ - global $config, $g, $pfs_version; + global $config, $g; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; + $snortbindir = SNORT_PBI_BINDIR; $rcdir = RCFILEPREFIX; - // If no interfaces are configured for Snort, exit - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; $snortconf = $config['installedpackages']['snortglobal']['rule']; - if (empty($snortconf)) + + // If no interfaces are configured for Snort, exit + if (!is_array($snortconf) || count($snortconf) < 1) { + unlink_if_exists("{$rcdir}snort.sh"); return; + } + + // See whether or not to enable detailed startup logging + if ($config['installedpackages']['snortglobal']['verbose_logging'] == "on") + $quiet = ""; + else + $quiet = "-q --suppress-config-log"; // At least one interface is configured, so OK $start_snort_iface_start = array(); $start_snort_iface_stop = array(); - // If not using PBI package, then make sure Barnyard2 can - // find the latest MySQL shared libs in /usr/local/lib/mysql - if ($pfs_version < 2.1) { - $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n"; - $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql"; - $start_snort_iface_start[] = $sql_lib_path; - } - // Loop thru each configured interface and build // the shell script. foreach ($snortconf as $value) { @@ -1787,19 +2808,16 @@ function snort_create_rc() { $start_barnyard = <<<EOE + sleep 2 if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` else pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid` fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else + if [ -z \$pid ]; then /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q + {$snortbindir}barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q > /dev/null 2>&1 fi - EOE; $stop_barnyard2 = <<<EOE @@ -1815,8 +2833,8 @@ EOE; break fi done - if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid + if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid fi else pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "` @@ -1832,7 +2850,6 @@ EOE; done fi fi - EOE; if ($value['barnyard_enable'] == 'on') $start_barnyard2 = $start_barnyard; @@ -1841,29 +2858,24 @@ EOE; $start_snort_iface_start[] = <<<EOE -###### For Each Iface - # Start snort and barnyard2 + # Start snort and barnyard2 for {$value['descr']} if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` else pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else + if [ -z \$pid ]; then /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." - /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + {$snortbindir}snort -R {$snort_uuid} -D {$quiet} -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} > /dev/null 2>&1 fi - sleep 2 {$start_barnyard2} - EOE; $start_snort_iface_stop[] = <<<EOE + # Stop snort and barnyard2 for {$value['descr']} if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..." @@ -1876,8 +2888,8 @@ EOE; break fi done - if [ -f /var/run/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid + if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid fi else pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "` @@ -1895,9 +2907,8 @@ EOE; fi fi - sleep 2 + sleep 1 {$stop_barnyard2} - EOE; } @@ -1909,11 +2920,18 @@ EOE; ######## # This file was automatically generated # by the pfSense service handler. -# Code added to protect from double starts on pfSense bootup ######## Start of main snort.sh rc_start() { + + ### Lock out other start signals until we are done + /usr/bin/touch {$g['varrun_path']}/snort_pkg_starting.lck {$rc_start} + + ### Remove the lock since we have started all interfaces + if [ -f {$g['varrun_path']}/snort_pkg_starting.lck ]; then + /bin/rm {$g['varrun_path']}/snort_pkg_starting.lck + fi } rc_stop() { @@ -1922,7 +2940,11 @@ rc_stop() { case $1 in start) - rc_start + if [ ! -f {$g['varrun_path']}/snort_pkg_starting.lck ]; then + rc_start + else + /usr/bin/logger -p daemon.info -i -t SnortStartup "Ignoring additional START command since Snort is already starting..." + fi ;; stop) rc_stop @@ -1936,11 +2958,8 @@ esac EOD; /* write out snort.sh */ - if (!@file_put_contents("{$rcdir}/snort.sh", $snort_sh_text)) { - log_error("Could not open {$rcdir}/snort.sh for writing."); - return; - } - @chmod("{$rcdir}/snort.sh", 0755); + @file_put_contents("{$rcdir}snort.sh", $snort_sh_text); + @chmod("{$rcdir}snort.sh", 0755); } function snort_generate_barnyard2_conf($snortcfg, $if_real) { @@ -2008,7 +3027,7 @@ function snort_generate_barnyard2_conf($snortcfg, $if_real) { else $snortbarnyardlog_output_plugins .= "sensor_name {$snortbarnyard_hostname_info}, "; if ($snortcfg['barnyard_syslog_local'] == 'on') - $snortbarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n"; + $snortbarnyardlog_output_plugins .= "local, log_facility {$snortcfg['barnyard_syslog_facility']}, log_priority {$snortcfg['barnyard_syslog_priority']}\n\n"; else { $snortbarnyardlog_output_plugins .= "server {$snortcfg['barnyard_syslog_rhost']}, protocol {$snortcfg['barnyard_syslog_proto']}, "; $snortbarnyardlog_output_plugins .= "port {$snortcfg['barnyard_syslog_dport']}, operation_mode {$snortcfg['barnyard_syslog_opmode']}, "; @@ -2066,44 +3085,49 @@ function snort_deinstall() { global $config, $g; $snortdir = SNORTDIR; - $snortlibdir = SNORTLIBDIR; + $snortlibdir = "/usr/pbi/snort-" . php_uname("m") . "/lib"; $snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; - $snort_rules_upd_log = RULES_UPD_LOGFILE; - $iprep_path = IPREP_PATH; + $snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE; + $mounted_rw = FALSE; log_error(gettext("[Snort] Snort package uninstall in progress...")); + /* Remove our rc.d startup shell script */ + unlink_if_exists("{$rcdir}snort.sh"); + /* Make sure all active Snort processes are terminated */ /* Log a message only if a running process is detected */ - if (is_service_running("snort")) + if (is_process_running("snort")) { log_error(gettext("[Snort] Snort STOP for all interfaces...")); + snort_stop_all_interfaces(); + } + sleep(2); mwexec('/usr/bin/killall -z snort', true); sleep(2); mwexec('/usr/bin/killall -9 snort', true); sleep(2); // Delete any leftover snort PID files in /var/run - unlink_if_exists("/var/run/snort_*.pid"); + unlink_if_exists("{$g['varrun_path']}/snort_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ - if (is_service_running("barnyard2")) + if (is_process_running("barnyard2")) log_error(gettext("[Snort] Barnyard2 STOP for all interfaces...")); mwexec('/usr/bin/killall -z barnyard2', true); sleep(2); mwexec('/usr/bin/killall -9 barnyard2', true); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - unlink_if_exists("/var/run/barnyard2_*.pid"); - - /* Remove the snort user and group */ - mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true); + unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); - /* Remove all the Snort cron jobs. */ - install_cron_job("snort2c", false); - install_cron_job("snort_check_for_rule_updates.php", false); - install_cron_job("snort_check_cron_misc.inc", false); - configure_cron(); + /* Remove all the existing Snort cron jobs. */ + if (snort_cron_job_exists("snort2c", FALSE)) + install_cron_job("snort2c", false); + if (snort_cron_job_exists("snort_check_for_rule_updates.php", FALSE)) + install_cron_job("snort_check_for_rule_updates.php", false); + if (snort_cron_job_exists("snort_check_cron_misc.inc", FALSE)) + install_cron_job("snort_check_cron_misc.inc", false); /* Remove our associated Dashboard widget config. If */ /* "save settings" is enabled, then save old widget */ @@ -2121,7 +3145,6 @@ function snort_deinstall() { } } $config['widgets']['sequence'] = implode(",", $widgetlist); - write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall."); } /* See if we are to clear blocked hosts on uninstall */ @@ -2134,29 +3157,35 @@ function snort_deinstall() { if ($config['installedpackages']['snortglobal']['clearlogs'] == 'on') { log_error(gettext("[Snort] Clearing all Snort-related log files...")); unlink_if_exists("{$snort_rules_upd_log}"); - mwexec("/bin/rm -rf {$snortlogdir}"); + rmdir_recursive($snortlogdir); } /**********************************************************/ - /* Test for existence of library backup tarballs in /tmp. */ - /* If these are present, then a package "delete" */ + /* If not already, set Snort conf partition to read-write */ + /* so we can make changes there */ + /**********************************************************/ + if (!is_subsystem_dirty('mount')) { + conf_mount_rw(); + $mounted_rw = TRUE; + } + + /**********************************************************/ + /* Test for existence of the snort directory in the PBI */ + /* path. If not present, then a package "delete" */ /* operation is in progress and we need to wipe out the */ /* configuration files. Otherwise we leave the binary- */ /* side configuration intact since only a GUI files */ /* deinstall and reinstall operation is in progress. */ - /* */ - /* XXX: hopefully a better method presents itself in */ - /* future versions of pfSense. */ /**********************************************************/ - if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) { + if (!is_dir("{$snortdir}")) { log_error(gettext("[Snort] Package deletion requested... removing all files...")); - mwexec("/bin/rm -rf {$snortdir}"); - mwexec("/bin/rm -rf {$snortlibdir}/dynamicrules"); - mwexec("/bin/rm -f {$rcdir}/snort.sh"); - mwexec("/bin/rm -rf /usr/local/pkg/snort"); - mwexec("/bin/rm -rf /usr/local/www/snort"); - mwexec("/bin/rm -rf /usr/local/etc/snort"); - mwexec("/bin/rm -rf /usr/local/lib/snort"); + unlink_if_exists("{$rcdir}snort.sh"); + rmdir_recursive("/usr/local/pkg/snort"); + rmdir_recursive("/usr/local/www/snort"); + rmdir_recursive("/usr/local/etc/snort"); + rmdir_recursive("/usr/local/lib/snort"); + rmdir_recursive("/usr/local/lib/snort_dynamicengine"); + rmdir_recursive("/usr/local/lib/snort_dynamicpreprocessor"); } /* Keep this as a last step */ @@ -2167,10 +3196,17 @@ function snort_deinstall() { unlink_if_exists("{$snort_rules_upd_log}"); log_error(gettext("[Snort] Flushing <snort2c> firewall table to remove addresses blocked by Snort...")); mwexec("/sbin/pfctl -t snort2c -T flush"); - mwexec("/bin/rm -rf {$snortlogdir}"); - mwexec("/bin/rm -rf {$iprep_path}"); + rmdir_recursive("{$snortlogdir}"); + rmdir_recursive("{$g['vardb_path']}/snort"); log_error(gettext("[Snort] The package has been removed from this system...")); } + + /**********************************************************/ + /* We're finished with conf partition mods, return to */ + /* read-only if we changed it */ + /**********************************************************/ + if ($mounted_rw == TRUE) + conf_mount_ro(); } function snort_prepare_rule_files($snortcfg, $snortcfgdir) { @@ -2188,11 +3224,14 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* to be written. */ /***********************************************************/ - global $g, $rebuild_rules; + global $g, $config, $rebuild_rules; $snortdir = SNORTDIR; $flowbit_rules_file = FLOWBITS_FILENAME; - $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; + $enabled_files = array(); + $all_rules = array(); + $cat_mods = array(); $no_rules_defined = true; $enabled_rules = array(); @@ -2203,6 +3242,10 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Log a message for rules rebuild in progress */ log_error(gettext("[Snort] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ...")); + // Get any automatic rule category enable/disable modifications + // if auto-SID Mgmt is enabled and conf files exist for the interface. + $cat_mods = snort_sid_mgmt_auto_categories($snortcfg, TRUE); + /* Enable all, some or none of the SDF rules depending on setting. */ if ($snortcfg['sensitive_data'] == 'on' && $snortcfg['protect_preproc_rules'] != 'on') { if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")) { @@ -2229,8 +3272,6 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Only rebuild rules if some are selected or an IPS Policy is enabled */ if (!empty($snortcfg['rulesets']) || $snortcfg['ips_policy_enable'] == 'on') { - $enabled_files = array(); - $all_rules = array(); $no_rules_defined = false; /* Load up all the text rules into a Rules Map array. */ @@ -2246,6 +3287,28 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $enabled_files[$category] = $file; } + // Now adjust the list using any required changes as + // determined by auto-SID Mgmt policy files. + if (!empty($cat_mods)) { + foreach ($cat_mods as $k => $action) { + $key = basename($k, ".rules"); + switch ($action) { + case 'enabled': + if (!isset($enabled_files[$key])) + $enabled_files[$key] = $k; + break; + + case 'disabled': + if (isset($enabled_files[$key])) + unset($enabled_files[$key]); + break; + + default: + break; + } + } + } + /****************************************************/ /* Walk the ALL_RULES map array and copy the rules */ /* matching our selected file categories to the */ @@ -2268,7 +3331,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { } /* Release memory we no longer need. */ - unset($enabled_files, $rulem, $v); + unset($enabled_files, $cat_mods, $rulem, $v); } /* Check if a pre-defined Snort VRT policy is selected. If so, */ @@ -2291,7 +3354,9 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { unset($policy_rules, $policy, $p); } - /* Process any enablesid or disablesid modifications for the selected rules. */ + // Process any enablesid or disablesid modifications for the selected rules. + // Do the auto-SID managment first, if enabled, then do any manual SID state changes. + snort_auto_sid_mgmt($enabled_rules, $snortcfg, TRUE); snort_modify_sids($enabled_rules, $snortcfg); /* Check for and disable any rules dependent upon disabled preprocessors if */ @@ -2324,7 +3389,45 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { } else /* Just put an empty file to always have the file present */ snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); - } else { + unset($all_rules); + } + // If no rule categories were enabled, then use auto-SID management if enabled, since it may enable some rules + elseif ($config['installedpackages']['snortglobal']['auto_manage_sids'] == 'on' && + (!empty($snortcfg['disable_sid_file']) || !empty($snortcfg['enable_sid_file']) || + !empty($snortcfg['modify_sid_file']))) { + + snort_auto_sid_mgmt($enabled_rules, $snortcfg, TRUE); + if (!empty($enabled_rules)) { + // Auto-SID management generated some rules, so use them + $no_rules_defined = false; + snort_modify_sids($enabled_rules, $snortcfg); + + // Write the enforcing rules file to the Snort interface's "rules" directory. + snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); + + // If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. + if ($snortcfg['autoflowbitrules'] == 'on') { + log_error('[Snort] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...'); + + // Load up all rules into a Rules Map array for flowbits assessment + $all_rules = snort_load_rules_map("{$snortdir}/rules/"); + $fbits = snort_resolve_flowbits($all_rules, $enabled_rules); + + // Check for and disable any flowbit-required rules the + // user has manually forced to a disabled state. + snort_modify_sids($fbits, $snortcfg); + snort_write_flowbit_rules_file($fbits, "{$snortcfgdir}/rules/{$flowbit_rules_file}"); + unset($all_rules, $fbits); + } else + // Just put an empty file to always have the file present + snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); + } + else { + snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); + snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); + } + } + else { /* No regular rules or policy were selected, so just use the decoder and preproc rules */ snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); @@ -2396,10 +3499,9 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa * Format of array is: * * "rule_option" => "dependent_preprocessor" * * * - * Last Update: 04/05/2013 * + * Last Update: 10/30/2014 * * * - * Added: http_inspect content modifiers and * - * various "service" metadata values. * + * Added: appid: detection option * * * ***************************************************/ $rule_opts_preprocs = array("ssl_version:" => "ssl_preproc","ssl_state:" => "ssl_preproc", @@ -2422,7 +3524,8 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa "uricontent:" => "http_inspect", "urilen:" => "http_inspect", "http_encode;" => "http_inspect", "service http" => "http_inspect", "service imap" => "imap_preproc", "service pop2" => "pop_preproc", - "service pop3" => "pop_preproc", "service smtp" => "smtp_preprocessor"); + "service pop3" => "pop_preproc", "service smtp" => "smtp_preprocessor", + "appid:" => "appid_preproc" ); /*************************************************** * Iterate the enabled rules, and check for rule * @@ -2515,1283 +3618,44 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa function snort_generate_conf($snortcfg) { - global $config, $g, $rebuild_rules; + /********************************************************/ + /* This function generates the snort.conf file for the */ + /* passed interface using stored values from the Snort */ + /* package configuration. */ + /********************************************************/ - $snortdir = SNORTDIR; - $snortlibdir = SNORTLIBDIR; - $snortlogdir = SNORTLOGDIR; - $flowbit_rules_file = FLOWBITS_FILENAME; - $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; + global $config, $g, $rebuild_rules; + // Exit if there are no configured Snort interfaces if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; - conf_mount_rw(); - - /* See if we should protect and not modify the preprocessor rules files */ - if (!empty($snortcfg['protect_preproc_rules'])) - $protect_preproc_rules = $snortcfg['protect_preproc_rules']; - else - $protect_preproc_rules = "off"; + $snortdir = SNORTDIR; + $snortlibdir = SNORT_PBI_BASEDIR . "lib"; + $snortlogdir = SNORTLOGDIR; + $flowbit_rules_file = FLOWBITS_FILENAME; + $snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; - /* custom home nets */ - $home_net_list = snort_build_list($snortcfg, $snortcfg['homelistname']); - $home_net = implode(",", $home_net_list); - - $external_net = '!$HOME_NET'; - if (!empty($snortcfg['externallistname']) && $snortcfg['externallistname'] != 'default') { - $external_net_list = snort_build_list($snortcfg, $snortcfg['externallistname']); - $external_net = implode(",", $external_net_list); - } - - /* user added arguments */ - $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); - // Remove the trailing newline - $snort_config_pass_thru = rtrim($snort_config_pass_thru); - - /* create a few directories and ensure the sample files are in place */ - $snort_dirs = array( $snortdir, $snortcfgdir, "{$snortcfgdir}/rules", - "{$snortlogdir}/snort_{$if_real}{$snort_uuid}", - "{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2", - "{$snortcfgdir}/preproc_rules", - "dynamicrules" => "{$snortlibdir}/dynamicrules", - "dynamicengine" => "{$snortlibdir}/dynamicengine", - "dynamicpreprocessor" => "{$snortcfgdir}/dynamicpreprocessor" - ); - foreach ($snort_dirs as $dir) { - if (!is_dir($dir)) - safe_mkdir($dir); - } - - /********************************************************************/ - /* For fail-safe on an initial startup following installation, and */ - /* before a rules update has occurred, copy the default config */ - /* files to the interface directory. If files already exist in */ - /* the interface directory, or they are newer, that means a rule */ - /* update has been done and we should leave the customized files */ - /* put in place by the rules update process. */ - /********************************************************************/ - $snort_files = array("gen-msg.map", "classification.config", "reference.config", "attribute_table.dtd", - "sid-msg.map", "unicode.map", "threshold.conf", "preproc_rules/preprocessor.rules", - "preproc_rules/decoder.rules", "preproc_rules/sensitive-data.rules" - ); - foreach ($snort_files as $file) { - if (file_exists("{$snortdir}/{$file}")) { - $ftime = filemtime("{$snortdir}/{$file}"); - if (!file_exists("{$snortcfgdir}/{$file}") || ($ftime > filemtime("{$snortcfgdir}/{$file}"))) - @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); - } - } - - /* define alertsystemlog */ - $alertsystemlog_type = ""; - if ($snortcfg['alertsystemlog'] == "on") - $alertsystemlog_type = "output alert_syslog: log_alert"; - - /* define snortunifiedlog */ - $snortunifiedlog_type = ""; - if ($snortcfg['barnyard_enable'] == "on") { - if (isset($snortcfg['unified2_log_limit'])) - $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; - else - $u2_log_limit = "limit 128"; - - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; - if ($snortcfg['barnyard_log_vlan_events'] == 'on') - $snortunifiedlog_type .= ", vlan_event_types"; - if ($snortcfg['barnyard_log_mpls_events'] == 'on') - $snortunifiedlog_type .= ", mpls_event_types"; - } - - /* define spoink */ - $spoink_type = ""; - if ($snortcfg['blockoffenders7'] == "on") { - $pfkill = ""; - if ($snortcfg['blockoffenderskill'] == "on") - $pfkill = "kill"; - $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true); - /* write Pass List */ - @file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist)); - $spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; - } - - /* define selected suppress file */ - $suppress_file_name = ""; - $suppress = snort_find_list($snortcfg['suppresslistname'], 'suppress'); - if (!empty($suppress)) { - $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); - @file_put_contents("{$snortcfgdir}/supp{$snortcfg['suppresslistname']}", $suppress_data); - $suppress_file_name = "include {$snortcfgdir}/supp{$snortcfg['suppresslistname']}"; - } - - /* set the snort performance model */ - $snort_performance = "ac-bnfa"; - if(!empty($snortcfg['performance'])) - $snort_performance = $snortcfg['performance']; - - /* if user has defined a custom ssh port, use it */ - if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) - $ssh_port = $config['system']['ssh']['port']; - else - $ssh_port = "22"; - - /* Define an array of default values for the various preprocessor ports */ - $snort_ports = array( - "dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,465,587,691", - "http_ports" => "36,80,81,82,83,84,85,86,87,88,89,90,311,383,591,593,631,901,1220,1414,1533,1741,1830,2301,2381,2809,3037,3057,3128,3443,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8081,8082,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,10000,11371,15489,29991,33300,34412,34443,34444,41080,44440,50000,50002,51423,55555,56712", - "oracle_ports" => "1024:", "mssql_ports" => "1433", "telnet_ports" => "23", - "snmp_ports" => "161", "ftp_ports" => "21,2100,3535", "ssh_ports" => $ssh_port, - "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", - "sip_ports" => "5060,5061,5600", "auth_ports" => "113", "finger_ports" => "79", - "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", - "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", - "ssl_ports" => "443,465,563,636,989,992,993,994,995,7801,7802,7900,7901,7902,7903,7904,7905,7906,7907,7908,7909,7910,7911,7912,7913,7914,7915,7916,7917,7918,7919,7920", - "file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", - "sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", - "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", - "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", - "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", - "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502", - "GTP_PORTS" => "2123,2152,3386" - ); - - /* Check for defined Aliases that may override default port settings as we build the portvars array */ - $portvardef = ""; - foreach ($snort_ports as $alias => $avalue) { - if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) - $snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"])); - $snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias])); - $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n"; - } - - /* Define the default ports for the Stream5 preprocessor (formatted for easier reading in the snort.conf file) */ - $stream5_ports_client = "21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 \\\n"; - $stream5_ports_client .= "\t 139 143 161 445 513 514 587 593 691 1433 1521 1741 \\\n"; - $stream5_ports_client .= "\t 2100 3306 6070 6665 6666 6667 6668 6669 7000 8181 \\\n"; - $stream5_ports_client .= "\t 32770 32771 32772 32773 32774 32775 32776 32777 \\\n"; - $stream5_ports_client .= "\t 32778 32779"; - $stream5_ports_both = "80 81 82 83 84 85 86 87 88 89 90 110 311 383 443 465 563 \\\n"; - $stream5_ports_both .= "\t 591 593 631 636 901 989 992 993 994 995 1220 1414 1533 \\\n"; - $stream5_ports_both .= "\t 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 \\\n"; - $stream5_ports_both .= "\t 5250 6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 \\\n"; - $stream5_ports_both .= "\t 7779 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 \\\n"; - $stream5_ports_both .= "\t 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 \\\n"; - $stream5_ports_both .= "\t 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 \\\n"; - $stream5_ports_both .= "\t 8123 8180 8222 8243 8280 8300 8500 8800 8888 8899 9000 \\\n"; - $stream5_ports_both .= "\t 9060 9080 9090 9091 9443 9999 10000 11371 15489 29991 \\\n"; - $stream5_ports_both .= "\t 33300 34412 34443 34444 41080 44440 50000 50002 51423 \\\n"; - $stream5_ports_both .= "\t 55555 56712"; - - ///////////////////////////// - /* preprocessor code */ - /* def perform_stat */ - $perform_stat = <<<EOD -# Performance Statistics # -preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 - -EOD; - - /* def ftp_preprocessor */ - $telnet_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['telnet_ports'])); - $ftp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ftp_ports'])); - - // Configure FTP_Telnet global options - $ftp_telnet_globals = "inspection_type "; - if ($snortcfg['ftp_telnet_inspection_type'] != "") { $ftp_telnet_globals .= $snortcfg['ftp_telnet_inspection_type']; }else{ $ftp_telnet_globals .= "stateful"; } - if ($snortcfg['ftp_telnet_alert_encrypted'] == "on") - $ftp_telnet_globals .= " \\\n\tencrypted_traffic yes"; - else - $ftp_telnet_globals .= " \\\n\tencrypted_traffic no"; - if ($snortcfg['ftp_telnet_check_encrypted'] == "on") - $ftp_telnet_globals .= " \\\n\tcheck_encrypted"; - - // Configure FTP_Telnet Telnet protocol options - $ftp_telnet_protocol = "ports { {$telnet_ports} }"; - if ($snortcfg['ftp_telnet_normalize'] == "on") - $ftp_telnet_protocol .= " \\\n\tnormalize"; - if ($snortcfg['ftp_telnet_detect_anomalies'] == "on") - $ftp_telnet_protocol .= " \\\n\tdetect_anomalies"; - if ($snortcfg['ftp_telnet_ayt_attack_threshold'] <> '0') { - $ftp_telnet_protocol .= " \\\n\tayt_attack_thresh "; - if ($snortcfg['ftp_telnet_ayt_attack_threshold'] != "") - $ftp_telnet_protocol .= $snortcfg['ftp_telnet_ayt_attack_threshold']; - else - $ftp_telnet_protocol .= "20"; - } - - // Setup the standard FTP commands used for all FTP Server engines - $ftp_cmds = <<<EOD - ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ - ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ - ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ - ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \ - ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ - ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ - ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ - ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ - ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ - ftp_cmds { XSEN XSHA1 XSHA256 } \ - alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ - alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ - alt_max_param_len 256 { CWD RNTO } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { MFMT SIZE } \ - chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ - chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ - chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ - chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ - chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ - chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ - chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ - chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ - cmd_validity MACB < string > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity PORT < host_port > \ - cmd_validity PROT < char CSEP > \ - cmd_validity STRU < char FRPO [ string ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > - -EOD; + // Pull in the PHP code that generates required string variables + include("/usr/local/pkg/snort/snort_generate_conf.php"); - // Configure all the FTP_Telnet FTP protocol options - // Iterate and configure the FTP Client engines - $ftp_default_client_engine = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); - - if (!is_array($snortcfg['ftp_client_engine']['item'])) - $snortcfg['ftp_client_engine']['item'] = array(); - - // If no FTP client engine is configured, use the default - // to keep from breaking Snort. - if (empty($snortcfg['ftp_client_engine']['item'])) - $snortcfg['ftp_client_engine']['item'][] = $ftp_default_client_engine; - $ftp_client_engine = ""; - - foreach ($snortcfg['ftp_client_engine']['item'] as $f => $v) { - $buffer = "preprocessor ftp_telnet_protocol: ftp client "; - if ($v['name'] == "default" && $v['bind_to'] == "all") - $buffer .= "default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "{$tmp} \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); - continue; - } - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); - continue; - } - - if ($v['max_resp_len'] == "") - $buffer .= "\tmax_resp_len 256 \\\n"; - else - $buffer .= "\tmax_resp_len {$v['max_resp_len']} \\\n"; - - $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; - $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; - - if ($v['bounce'] == "yes") { - if (is_alias($v['bounce_to_net']) && is_alias($v['bounce_to_port'])) { - $net = trim(filter_expand_alias($v['bounce_to_net'])); - $port = trim(filter_expand_alias($v['bounce_to_port'])); - if (!empty($net) && !empty($port) && - snort_is_single_addr_alias($v['bounce_to_net']) && - (is_port($port) || is_portrange($port))) { - $port = preg_replace('/\s+/', ',', $port); - // Change port range delimiter to comma for ftp_telnet client preprocessor - if (is_portrange($port)) - $port = str_replace(":", ",", $port); - $buffer .= "\tbounce yes \\\n"; - $buffer .= "\tbounce_to { {$net},{$port} }\n"; - } - else { - // One or both of the BOUNCE_TO alias values is not right, - // so figure out which and log an appropriate error. - if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) - log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); - if (empty($port) || !(is_port($port) || is_portrange($port))) - log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); - $buffer .= "\tbounce yes\n"; - } - } - else - $buffer .= "\tbounce yes\n"; - } - else - $buffer .= "\tbounce no\n"; - - // Add this FTP client engine to the master string - $ftp_client_engine .= "{$buffer}\n"; - } - // Trim final trailing newline - rtrim($ftp_client_engine); - - // Iterate and configure the FTP Server engines - $ftp_default_server_engine = array( "name" => "default", "bind_to" => "all", "ports" => "default", - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "ignore_data_chan" => "no", "def_max_param_len" => 100 ); - - if (!is_array($snortcfg['ftp_server_engine']['item'])) - $snortcfg['ftp_server_engine']['item'] = array(); - - // If no FTP server engine is configured, use the default - // to keep from breaking Snort. - if (empty($snortcfg['ftp_server_engine']['item'])) - $snortcfg['ftp_server_engine']['item'][] = $ftp_default_server_engine; - $ftp_server_engine = ""; - - foreach ($snortcfg['ftp_server_engine']['item'] as $f => $v) { - $buffer = "preprocessor ftp_telnet_protocol: ftp server "; - if ($v['name'] == "default" && $v['bind_to'] == "all") - $buffer .= "default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "{$tmp} \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); - continue; - } - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); - continue; - } - - if ($v['def_max_param_len'] == "") - $buffer .= "\tdef_max_param_len 100 \\\n"; - elseif ($v['def_max_param_len'] <> '0') - $buffer .= "\tdef_max_param_len {$v['def_max_param_len']} \\\n"; - - if ($v['ports'] == "default" || !is_alias($v['ports']) || empty($v['ports'])) - $buffer .= "\tports { {$ftp_ports} } \\\n"; - elseif (is_alias($v['ports'])) { - $tmp = trim(filter_expand_alias($v['ports'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $tmp = snort_expand_port_range($tmp, ' '); - $buffer .= "\tports { {$tmp} } \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve Port Alias '{$v['ports']}' for FTP server '{$v['name']}' ... reverting to defaults."); - $buffer .= "\tports { {$ftp_ports} } \\\n"; - } - } - - $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; - $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; - if ($v['ignore_data_chan'] == "yes") - $buffer .= "\tignore_data_chan yes \\\n"; - $buffer .= "{$ftp_cmds}\n"; - - // Add this FTP server engine to the master string - $ftp_server_engine .= $buffer; - } - // Remove trailing newlines - rtrim($ftp_server_engine); - - $ftp_preprocessor = <<<EOD -# ftp_telnet preprocessor # -preprocessor ftp_telnet: global \ - {$ftp_telnet_globals} - -preprocessor ftp_telnet_protocol: telnet \ - {$ftp_telnet_protocol} - -{$ftp_server_engine} -{$ftp_client_engine} -EOD; - - $pop_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['pop3_ports'])); - $pop_preproc = <<<EOD -# POP preprocessor # -preprocessor pop: \ - ports { {$pop_ports} } \ - memcap 1310700 \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 - -EOD; - - $imap_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['imap_ports'])); - $imap_preproc = <<<EOD -# IMAP preprocessor # -preprocessor imap: \ - ports { {$imap_ports} } \ - memcap 1310700 \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 - -EOD; - - $smtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['mail_ports'])); - /* def smtp_preprocessor */ - $smtp_preprocessor = <<<EOD -# SMTP preprocessor # -preprocessor SMTP: \ - ports { {$smtp_ports} } \ - inspection_type stateful \ - normalize cmds \ - ignore_tls_data \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT \ - NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU \ - STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE \ - XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY \ - IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT \ - ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 \ - XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } \ - log_mailfrom \ - log_rcptto \ - log_email_hdrs \ - email_hdrs_log_depth 1464 \ - log_filename \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 \ - uu_decode_depth 0 - -EOD; - - /* def sf_portscan */ - $sf_pscan_protocol = "all"; - if (!empty($snortcfg['pscan_protocol'])) - $sf_pscan_protocol = $snortcfg['pscan_protocol']; - $sf_pscan_type = "all"; - if (!empty($snortcfg['pscan_type'])) - $sf_pscan_type = $snortcfg['pscan_type']; - $sf_pscan_memcap = "10000000"; - if (!empty($snortcfg['pscan_memcap'])) - $sf_pscan_memcap = $snortcfg['pscan_memcap']; - $sf_pscan_sense_level = "medium"; - if (!empty($snortcfg['pscan_sense_level'])) - $sf_pscan_sense_level = $snortcfg['pscan_sense_level']; - $sf_pscan_ignore_scanners = "\$HOME_NET"; - if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) { - $sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners'])); - $sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners)); - } - - $sf_portscan = <<<EOD -# sf Portscan # -preprocessor sfportscan: \ - scan_type { {$sf_pscan_type} } \ - proto { {$sf_pscan_protocol} } \ - memcap { {$sf_pscan_memcap} } \ - sense_level { {$sf_pscan_sense_level} } \ - ignore_scanners { {$sf_pscan_ignore_scanners} } - -EOD; - - /* def ssh_preproc */ - $ssh_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssh_ports'])); - $ssh_preproc = <<<EOD -# SSH preprocessor # -preprocessor ssh: \ - server_ports { {$ssh_ports} } \ - autodetect \ - max_client_bytes 19600 \ - max_encrypted_packets 20 \ - max_server_version_len 100 \ - enable_respoverflow enable_ssh1crc32 \ - enable_srvoverflow enable_protomismatch - -EOD; - - /* def other_preprocs */ - $sun_rpc_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sun_rpc_ports'])); - $other_preprocs = <<<EOD -# Other preprocs # -preprocessor rpc_decode: \ - {$sun_rpc_ports} \ - no_alert_multiple_requests \ - no_alert_large_fragments \ - no_alert_incomplete - -# Back Orifice preprocessor # -preprocessor bo - -EOD; + // Pull in the boilerplate template for the snort.conf + // configuration file. The contents of the template along + // with substituted variables is stored in $snort_conf_text + // (which is defined in the included file). + include("/usr/local/pkg/snort/snort_conf_template.inc"); - /* def dce_rpc_2 */ - $dce_rpc_2 = <<<EOD -# DCE/RPC 2 # -preprocessor dcerpc2: \ - memcap 102400, \ - events [co] - -preprocessor dcerpc2_server: default, \ - policy WinXP, \ - detect [smb [{$snort_ports['smb_ports']}], \ - tcp 135, \ - udp 135, \ - rpc-over-http-server 593], \ - autodetect [tcp 1025:, \ - udp 1025:, \ - rpc-over-http-server 1025:], \ - smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] - -EOD; - - $sip_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sip_ports'])); - $sip_preproc = <<<EOD -# SIP preprocessor # -preprocessor sip: \ - max_sessions 40000, \ - ports { {$sip_ports} }, \ - methods { invite \ - cancel \ - ack \ - bye \ - register \ - options \ - refer \ - subscribe \ - update \ - join \ - info \ - message \ - notify \ - benotify \ - do \ - qauth \ - sprack \ - publish \ - service \ - unsubscribe \ - prack }, \ - max_call_id_len 80, \ - max_from_len 256, \ - max_to_len 256, \ - max_via_len 1024, \ - max_requestName_len 50, \ - max_uri_len 512, \ - ignore_call_channel, \ - max_content_len 2048, \ - max_contact_len 512 - -EOD; - - $dns_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['dns_ports'])); - /* def dns_preprocessor */ - $dns_preprocessor = <<<EOD -# DNS preprocessor # -preprocessor dns: \ - ports { {$dns_ports} } \ - enable_rdata_overflow - -EOD; - - /* def dnp3_preprocessor */ - $dnp3_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['DNP3_PORTS'])); - $dnp3_preproc = <<<EOD -# DNP3 preprocessor # -preprocessor dnp3: \ - ports { {$dnp3_ports} } \ - memcap 262144 \ - check_crc - -EOD; - - /* def modbus_preprocessor */ - $modbus_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['MODBUS_PORTS'])); - $modbus_preproc = <<<EOD -# Modbus preprocessor # -preprocessor modbus: \ - ports { {$modbus_ports} } - -EOD; - - /* def gtp_preprocessor */ - $gtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['GTP_PORTS'])); - $gtp_preproc = <<<EOD -# GTP preprocessor # -preprocessor gtp: \ - ports { {$gtp_ports} } - -EOD; - - /* def ssl_preprocessor */ - $ssl_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssl_ports'])); - $ssl_preproc = <<<EOD -# SSL preprocessor # -preprocessor ssl: \ - ports { {$ssl_ports} }, \ - trustservers, \ - noinspect_encrypted - -EOD; - - /* def sensitive_data_preprocessor */ - if ($snortcfg['sdf_mask_output'] == "on") - $sdf_mask_output = "\\\n\tmask_output"; - else - $sdf_mask_output = ""; - if (empty($snortcfg['sdf_alert_threshold'])) - $snortcfg['sdf_alert_threshold'] = 25; - $sensitive_data = <<<EOD -# SDF preprocessor # -preprocessor sensitive_data: \ - alert_threshold {$snortcfg['sdf_alert_threshold']} {$sdf_mask_output} - -EOD; - - /* define IP Reputation preprocessor */ - if (is_array($snortcfg['blist_files']['item'])) { - $blist_files = ""; - $bIsFirst = TRUE; - foreach ($snortcfg['blist_files']['item'] as $blist) { - if ($bIsFirst) { - $blist_files .= "blacklist " . IPREP_PATH . $blist; - $bIsFirst = FALSE; - } - else - $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; - } - } - if (is_array($snortcfg['wlist_files']['item'])) { - $wlist_files = ""; - $bIsFirst = TRUE; - foreach ($snortcfg['wlist_files']['item'] as $wlist) { - if ($bIsFirst) { - $wlist_files .= "whitelist " . IPREP_PATH . $wlist; - $bIsFirst = FALSE; - } - else - $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; - } - } - if (!empty($blist_files)) - $ip_lists = $blist_files; - if (!empty($wlist_files)) - $ip_lists .= ", \\ \n" . $wlist_files; - if ($snortcfg['iprep_scan_local'] == 'on') - $ip_lists .= ", \\ \n\tscan_local"; - - $reputation_preproc = <<<EOD -# IP Reputation preprocessor # -preprocessor reputation: \ - memcap {$snortcfg['iprep_memcap']}, \ - priority {$snortcfg['iprep_priority']}, \ - nested_ip {$snortcfg['iprep_nested_ip']}, \ - white {$snortcfg['iprep_white']}, \ - {$ip_lists} - -EOD; - - /* define servers as IP variables */ - $snort_servers = array ( - "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", - "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", - "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", - "pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", - "sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", - "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", - "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", - "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" - ); - - // Change old name from "var" to new name of "ipvar" for IP variables because - // Snort is deprecating the old "var" name in newer versions. - $ipvardef = ""; - foreach ($snort_servers as $alias => $avalue) { - if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) { - $avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"])); - $avalue = preg_replace('/\s+/', ',', trim($avalue)); - } - $ipvardef .= "ipvar " . strtoupper($alias) . " [{$avalue}]\n"; - } - - $snort_preproc_libs = array( - "dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc", - "pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc", - "sip_preproc" => "sip_preproc", "gtp_preproc" => "gtp_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", - "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" - ); - $snort_preproc = array ( - "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", - "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc" - ); - $default_disabled_preprocs = array( - "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" - ); - $snort_preprocessors = ""; - foreach ($snort_preproc as $preproc) { - if ($snortcfg[$preproc] == 'on' || empty($snortcfg[$preproc]) ) { - - /* If preprocessor is not explicitly "on" or "off", then default to "off" if in our default disabled list */ - if (empty($snortcfg[$preproc]) && in_array($preproc, $default_disabled_preprocs)) - continue; - - /* NOTE: The $$ is not a bug. It is an advanced feature of php */ - if (!empty($snort_preproc_libs[$preproc])) { - $preproclib = "libsf_" . $snort_preproc_libs[$preproc]; - if (!file_exists($snort_dirs['dynamicpreprocessor'] . "{$preproclib}.so")) { - if (file_exists("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so")) { - @copy("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so"); - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } else - log_error("Could not find the {$preproclib} file. Snort might error out!"); - } else { - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } - } else { - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } - } - } - // Remove final trailing newline - $snort_preprocessors = rtrim($snort_preprocessors); - - $snort_misc_include_rules = ""; - if (file_exists("{$snortcfgdir}/reference.config")) - $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; - if (file_exists("{$snortcfgdir}/classification.config")) - $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; - if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) { - $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file."); - } - - /* generate rule sections to load */ - /* The files are always configured so the update process is easier */ - $selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n"; - $selected_rules_sections .= "include \$RULE_PATH/{$flowbit_rules_file}\n"; - $selected_rules_sections .= "include \$RULE_PATH/custom.rules\n"; - - // Remove trailing newlines - $snort_misc_include_rules = rtrim($snort_misc_include_rules); - $selected_rules_sections = rtrim($selected_rules_sections); + // Write out snort.conf file using contents of $snort_conf_text + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); - /* Create the actual rules files and save in the interface directory */ + // Create the actual rules files and save them in the interface directory snort_prepare_rule_files($snortcfg, $snortcfgdir); - $cksumcheck = "all"; - if ($snortcfg['cksumcheck'] == 'on') - $cksumcheck = "none"; - - /* Pull in user-configurable detection config options */ - $cfg_detect_settings = "search-method {$snort_performance} max-pattern-len 20 max_queue_events 5"; - if ($snortcfg['fpm_split_any_any'] == "on") - $cfg_detect_settings .= " split-any-any"; - if ($snortcfg['fpm_search_optimize'] == "on") - $cfg_detect_settings .= " search-optimize"; - if ($snortcfg['fpm_no_stream_inserts'] == "on") - $cfg_detect_settings .= " no_stream_inserts"; - - /* Pull in user-configurable options for Frag3 preprocessor settings */ - /* Get global Frag3 options first and put into a string */ - $frag3_global = "preprocessor frag3_global: "; - if (!empty($snortcfg['frag3_memcap']) || $snortcfg['frag3_memcap'] == "0") - $frag3_global .= "memcap {$snortcfg['frag3_memcap']}, "; - else - $frag3_global .= "memcap 4194304, "; - if (!empty($snortcfg['frag3_max_frags'])) - $frag3_global .= "max_frags {$snortcfg['frag3_max_frags']}"; - else - $frag3_global .= "max_frags 8192"; - if ($snortcfg['frag3_detection'] == "off") - $frag3_global .= ", disabled"; - - $frag3_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", - "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", - "overlap_limit" => 0, "min_frag_len" => 0 ); - $frag3_engine = ""; - - // Now iterate configured Frag3 engines and write them to a string if enabled - if ($snortcfg['frag3_detection'] == "on") { - if (!is_array($snortcfg['frag3_engine']['item'])) - $snortcfg['frag3_engine']['item'] = array(); - - // If no frag3 tcp engine is configured, use the default - if (empty($snortcfg['frag3_engine']['item'])) - $snortcfg['frag3_engine']['item'][] = $frag3_default_tcp_engine; - - foreach ($snortcfg['frag3_engine']['item'] as $f => $v) { - $frag3_engine .= "preprocessor frag3_engine: "; - $frag3_engine .= "policy {$v['policy']}"; - if ($v['bind_to'] <> "all") { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ',', $tmp); - if (strpos($tmp, ",") !== false) - $frag3_engine .= " \\\n\tbind_to [{$tmp}]"; - else - $frag3_engine .= " \\\n\tbind_to {$tmp}"; - } - else - log_error("[snort] WARNING: unable to resolve IP List Alias '{$v['bind_to']}' for Frag3 engine '{$v['name']}' ... using 0.0.0.0 failsafe."); - } - $frag3_engine .= " \\\n\ttimeout {$v['timeout']}"; - $frag3_engine .= " \\\n\tmin_ttl {$v['min_ttl']}"; - if ($v['detect_anomalies'] == "on") { - $frag3_engine .= " \\\n\tdetect_anomalies"; - $frag3_engine .= " \\\n\toverlap_limit {$v['overlap_limit']}"; - $frag3_engine .= " \\\n\tmin_fragment_length {$v['min_frag_len']}"; - } - // Add newlines to terminate this engine - $frag3_engine .= "\n\n"; - } - // Remove trailing newline - $frag3_engine = rtrim($frag3_engine); - } - - // Grab any user-customized value for Protocol Aware Flushing (PAF) max PDUs - $paf_max_pdu_config = "config paf_max: "; - if (empty($snortcfg['max_paf']) || $snortcfg['max_paf'] == '0') - $paf_max_pdu_config .= "0"; - else - $paf_max_pdu_config .= $snortcfg['max_paf']; - - // Pull in user-configurable options for Stream5 preprocessor settings - // Get global options first and put into a string - $stream5_global = "preprocessor stream5_global: \\\n"; - if ($snortcfg['stream5_reassembly'] == "off") - $stream5_global .= "\tdisabled, \\\n"; - if ($snortcfg['stream5_track_tcp'] == "off") - $stream5_global .= "\ttrack_tcp no,"; - else { - $stream5_global .= "\ttrack_tcp yes,"; - if (!empty($snortcfg['stream5_max_tcp'])) - $stream5_global .= " \\\n\tmax_tcp {$snortcfg['stream5_max_tcp']},"; - else - $stream5_global .= " \\\n\tmax_tcp 262144,"; - } - if ($snortcfg['stream5_track_udp'] == "off") - $stream5_global .= " \\\n\ttrack_udp no,"; - else { - $stream5_global .= " \\\n\ttrack_udp yes,"; - if (!empty($snortcfg['stream5_max_udp'])) - $stream5_global .= " \\\n\tmax_udp {$snortcfg['stream5_max_udp']},"; - else - $stream5_global .= " \\\n\tmax_udp 131072,"; - } - if ($snortcfg['stream5_track_icmp'] == "on") { - $stream5_global .= " \\\n\ttrack_icmp yes,"; - if (!empty($snortcfg['stream5_max_icmp'])) - $stream5_global .= " \\\n\tmax_icmp {$snortcfg['stream5_max_icmp']},"; - else - $stream5_global .= " \\\n\tmax_icmp 65536,"; - } - else - $stream5_global .= " \\\n\ttrack_icmp no,"; - if (!empty($snortcfg['stream5_mem_cap'])) - $stream5_global .= " \\\n\tmemcap {$snortcfg['stream5_mem_cap']},"; - else - $stream5_global .= " \\\n\tmemcap 8388608,"; - - if (!empty($snortcfg['stream5_prune_log_max']) || $snortcfg['stream5_prune_log_max'] == '0') - $stream5_global .= " \\\n\tprune_log_max {$snortcfg['stream5_prune_log_max']}"; - else - $stream5_global .= " \\\n\tprune_log_max 1048576"; - if ($snortcfg['stream5_flush_on_alert'] == "on") - $stream5_global .= ", \\\n\tflush_on_alert"; - - $stream5_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, - "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, - "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, - "no_reassemble_async" => "off", "dont_store_lg_pkts" => "off", "max_window" => 0, - "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "ports_client" => "default", - "ports_both" => "default", "ports_server" => "none" ); - $stream5_tcp_engine = ""; - - // Now iterate configured Stream5 TCP engines and write them to a string if enabled - if ($snortcfg['stream5_reassembly'] == "on") { - if (!is_array($snortcfg['stream5_tcp_engine']['item'])) - $snortcfg['stream5_tcp_engine']['item'] = array(); - - // If no stream5 tcp engine is configured, use the default - if (empty($snortcfg['stream5_tcp_engine']['item'])) - $snortcfg['stream5_tcp_engine']['item'][] = $stream5_default_tcp_engine; - - foreach ($snortcfg['stream5_tcp_engine']['item'] as $f => $v) { - $buffer = "preprocessor stream5_tcp: "; - $buffer .= "policy {$v['policy']},"; - if ($v['bind_to'] <> "all") { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ',', $tmp); - if (strpos($tmp, ",") !== false) - $buffer .= " \\\n\tbind_to [{$tmp}],"; - else - $buffer .= " \\\n\tbind_to {$tmp},"; - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for Stream5 TCP engine '{$v['name']}' ... skipping this engine."); - continue; - } - } - $stream5_tcp_engine .= $buffer; - $stream5_tcp_engine .= " \\\n\ttimeout {$v['timeout']},"; - $stream5_tcp_engine .= " \\\n\toverlap_limit {$v['overlap_limit']},"; - $stream5_tcp_engine .= " \\\n\tmax_window {$v['max_window']},"; - $stream5_tcp_engine .= " \\\n\tmax_queued_bytes {$v['max_queued_bytes']},"; - $stream5_tcp_engine .= " \\\n\tmax_queued_segs {$v['max_queued_segs']}"; - if ($v['use_static_footprint_sizes'] == "on") - $stream5_tcp_engine .= ", \\\n\tuse_static_footprint_sizes"; - if ($v['check_session_hijacking'] == "on") - $stream5_tcp_engine .= ", \\\n\tcheck_session_hijacking"; - if ($v['dont_store_lg_pkts'] == "on") - $stream5_tcp_engine .= ", \\\n\tdont_store_large_packets"; - if ($v['no_reassemble_async'] == "on") - $stream5_tcp_engine .= ", \\\n\tdont_reassemble_async"; - if ($v['detect_anomalies'] == "on") - $stream5_tcp_engine .= ", \\\n\tdetect_anomalies"; - if ($v['require_3whs'] == "on") - $stream5_tcp_engine .= ", \\\n\trequire_3whs {$v['startup_3whs_timeout']}"; - if (!empty($v['ports_client'])) { - $stream5_tcp_engine .= ", \\\n\tports client"; - if ($v['ports_client'] == " all") - $stream5_tcp_engine .= " all"; - elseif ($v['ports_client'] == "default") - $stream5_tcp_engine .= " {$stream5_ports_client}"; - else { - $tmp = trim(filter_expand_alias($v['ports_client'])); - if (!empty($tmp)) - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - else { - $stream5_tcp_engine .= " {$stream5_ports_client}"; - log_error("[snort] WARNING: unable to resolve Ports Client Alias [{$v['ports_client']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); - } - } - } - if (!empty($v['ports_both'])) { - $stream5_tcp_engine .= ", \\\n\tports both"; - if ($v['ports_both'] == " all") - $stream5_tcp_engine .= " all"; - elseif ($v['ports_both'] == "default") - $stream5_tcp_engine .= " {$stream5_ports_both}"; - else { - $tmp = trim(filter_expand_alias($v['ports_both'])); - if (!empty($tmp)) - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - else { - $stream5_tcp_engine .= " {$stream5_ports_both}"; - log_error("[snort] WARNING: unable to resolve Ports Both Alias [{$v['ports_both']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); - } - } - } - if (!empty($v['ports_server']) && $v['ports_server'] <> "none" && $v['ports_server'] <> "default") { - if ($v['ports_server'] == " all") { - $stream5_tcp_engine .= ", \\\n\tports server"; - $stream5_tcp_engine .= " all"; - } - else { - $tmp = trim(filter_expand_alias($v['ports_server'])); - if (!empty($tmp)) { - $stream5_tcp_engine .= ", \\\n\tports server"; - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - } - else - log_error("[snort] WARNING: unable to resolve Ports Server Alias [{$v['ports_server']}] for Stream5 TCP engine '{$v['name']}' ... defaulting to none."); - } - } - - // Make sure the "ports" parameter is set, or else default to a safe value - if (strpos($stream5_tcp_engine, "ports ") === false) - $stream5_tcp_engine .= ", \\\n\tports both all"; - - // Add a pair of newlines to terminate this engine - $stream5_tcp_engine .= "\n\n"; - } - // Trim off the final trailing newline - $stream5_tcp_engine = rtrim($stream5_tcp_engine); - } - - // Configure the Stream5 UDP engine if it and Stream5 reassembly are enabled - if ($snortcfg['stream5_track_udp'] == "off" || $snortcfg['stream5_reassembly'] == "off") - $stream5_udp_engine = ""; - else { - $stream5_udp_engine = "preprocessor stream5_udp: "; - if (!empty($snortcfg['stream5_udp_timeout'])) - $stream5_udp_engine .= "timeout {$snortcfg['stream5_udp_timeout']}"; - else - $stream5_udp_engine .= "timeout 30"; - } - - // Configure the Stream5 ICMP engine if it and Stream5 reassembly are enabled - if ($snortcfg['stream5_track_icmp'] == "on" && $snortcfg['stream5_reassembly'] == "on") { - $stream5_icmp_engine = "preprocessor stream5_icmp: "; - if (!empty($snortcfg['stream5_icmp_timeout'])) - $stream5_icmp_engine .= "timeout {$snortcfg['stream5_icmp_timeout']}"; - else - $stream5_icmp_engine .= "timeout 30"; - } - else - $stream5_icmp_engine = ""; - - // Check for and configure Host Attribute Table if enabled - $host_attrib_config = ""; - if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { - @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); - $host_attrib_config = "# Host Attribute Table #\n"; - $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; - if (!empty($snortcfg['max_attribute_hosts'])) - $host_attrib_config .= "config max_attribute_hosts: {$snortcfg['max_attribute_hosts']}\n"; - if (!empty($snortcfg['max_attribute_services_per_host'])) - $host_attrib_config .= "config max_attribute_services_per_host: {$snortcfg['max_attribute_services_per_host']}"; - } - - // Configure the HTTP_INSPECT preprocessor - // Get global options first and put into a string - $http_inspect_global = "preprocessor http_inspect: global "; - if ($snortcfg['http_inspect'] == "off") - $http_inspect_global .= "disabled "; - $http_inspect_global .= "\\\n\tiis_unicode_map unicode.map 1252 \\\n"; - $http_inspect_global .= "\tcompress_depth 65535 \\\n"; - $http_inspect_global .= "\tdecompress_depth 65535 \\\n"; - if (!empty($snortcfg['http_inspect_memcap'])) - $http_inspect_global .= "\tmemcap {$snortcfg['http_inspect_memcap']} \\\n"; - else - $http_inspect_global .= "\tmemcap 150994944 \\\n"; - if (!empty($snortcfg['http_inspect_max_gzip_mem'])) - $http_inspect_global .= "\tmax_gzip_mem {$snortcfg['http_inspect_max_gzip_mem']}"; - else - $http_inspect_global .= "\tmax_gzip_mem 838860"; - if ($snortcfg['http_inspect_proxy_alert'] == "on") - $http_inspect_global .= " \\\n\tproxy_alert"; - - $http_inspect_default_engine = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", - "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", - "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", - "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", - "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", - "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, - "max_header_length" => 0, "ports" => "default" ); - $http_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['http_ports'])); - $http_inspect_servers = ""; - - // Iterate configured HTTP_INSPECT servers and write them to string if HTTP_INSPECT enabled - if ($snortcfg['http_inspect'] <> "off") { - if (!is_array($snortcfg['http_inspect_engine']['item'])) - $snortcfg['http_inspect_engine']['item'] = array(); - - // If no http_inspect_engine is configured, use the default - if (empty($snortcfg['http_inspect_engine']['item'])) - $snortcfg['http_inspect_engine']['item'][] = $http_inspect_default_engine; - - foreach ($snortcfg['http_inspect_engine']['item'] as $f => $v) { - $buffer = "preprocessor http_inspect_server: \\\n"; - if ($v['name'] == "default") - $buffer .= "\tserver default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "\tserver { {$tmp} } \\\n"; - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); - continue; - } - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); - continue; - } - $http_inspect_servers .= $buffer; - $http_inspect_servers .= "\tprofile {$v['server_profile']} \\\n"; - - if ($v['no_alerts'] == "on") - $http_inspect_servers .= "\tno_alerts \\\n"; - - if ($v['ports'] == "default" || empty($v['ports'])) - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - elseif (is_alias($v['ports'])) { - $tmp = trim(filter_expand_alias($v['ports'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $tmp = snort_expand_port_range($tmp, ' '); - $http_inspect_servers .= "\tports { {$tmp} } \\\n"; - } - else { - log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - } - } - else { - log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - } - - $http_inspect_servers .= "\tserver_flow_depth {$v['server_flow_depth']} \\\n"; - $http_inspect_servers .= "\tclient_flow_depth {$v['client_flow_depth']} \\\n"; - $http_inspect_servers .= "\thttp_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \\\n"; - $http_inspect_servers .= "\tpost_depth {$v['post_depth']} \\\n"; - $http_inspect_servers .= "\tmax_headers {$v['max_headers']} \\\n"; - $http_inspect_servers .= "\tmax_header_length {$v['max_header_length']} \\\n"; - $http_inspect_servers .= "\tmax_spaces {$v['max_spaces']}"; - if ($v['enable_xff'] == "on") - $http_inspect_servers .= " \\\n\tenable_xff"; - if ($v['enable_cookie'] == "on") - $http_inspect_servers .= " \\\n\tenable_cookie"; - if ($v['normalize_cookies'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_cookies"; - if ($v['normalize_headers'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_headers"; - if ($v['normalize_utf'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_utf"; - if ($v['allow_proxy_use'] == "on") - $http_inspect_servers .= " \\\n\tallow_proxy_use"; - if ($v['inspect_uri_only'] == "on") - $http_inspect_servers .= " \\\n\tinspect_uri_only"; - if ($v['extended_response_inspection'] == "on") { - $http_inspect_servers .= " \\\n\textended_response_inspection"; - if ($v['inspect_gzip'] == "on") { - $http_inspect_servers .= " \\\n\tinspect_gzip"; - if ($v['unlimited_decompress'] == "on") - $http_inspect_servers .= " \\\n\tunlimited_decompress"; - } - if ($v['normalize_javascript'] == "on") { - $http_inspect_servers .= " \\\n\tnormalize_javascript"; - $http_inspect_servers .= " \\\n\tmax_javascript_whitespaces {$v['max_javascript_whitespaces']}"; - } - } - if ($v['log_uri'] == "on") - $http_inspect_servers .= " \\\n\tlog_uri"; - if ($v['log_hostname'] == "on") - $http_inspect_servers .= " \\\n\tlog_hostname"; - - // Add a pair of trailing newlines to terminate this server config - $http_inspect_servers .= "\n\n"; - } - /* Trim off the final trailing newline */ - $http_inspect_server = rtrim($http_inspect_server); - } - - // Finally, build the Snort configuration file - $snort_conf_text = <<<EOD -# snort configuration file -# generated automatically by the pfSense subsystems do not modify manually - -# Define Local Network # -ipvar HOME_NET [{$home_net}] -ipvar EXTERNAL_NET [{$external_net}] - -# Define Rule Path # -var RULE_PATH {$snortcfgdir}/rules - -# Define Servers # -{$ipvardef} - -# Define Server Ports # -{$portvardef} - -# Configure quiet startup mode # -config quiet - -# Configure the snort decoder # -config checksum_mode: {$cksumcheck} -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_ipopt_alerts -config disable_decode_drops - -# Enable the GTP decoder # -config enable_gtp - -# Configure PCRE match limitations -config pcre_match_limit: 3500 -config pcre_match_limit_recursion: 1500 - -# Configure the detection engine # -config detection: {$cfg_detect_settings} -config event_queue: max_queue 8 log 5 order_events content_length - -# Configure to show year in timestamps -config show_year - -# Configure protocol aware flushing # -# For more information see README.stream5 # -{$paf_max_pdu_config} - -# Configure dynamically loaded libraries -dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} -dynamicengine directory {$snort_dirs['dynamicengine']} -dynamicdetection directory {$snort_dirs['dynamicrules']} - -# Inline packet normalization. For more information, see README.normalize -# Disabled since we do not use "inline" mode with pfSense -# preprocessor normalize_ip4 -# preprocessor normalize_tcp: ips ecn stream -# preprocessor normalize_icmp4 -# preprocessor normalize_ip6 -# preprocessor normalize_icmp6 - -# Flow and stream # -{$frag3_global} - -{$frag3_engine} - -{$stream5_global} - -{$stream5_tcp_engine} - -{$stream5_udp_engine} - -{$stream5_icmp_engine} - -# HTTP Inspect # -{$http_inspect_global} - -{$http_inspect_servers} -{$snort_preprocessors} -{$host_attrib_config} - -# Snort Output Logs # -output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority -{$alertsystemlog_type} -{$snortunifiedlog_type} -{$spoink_type} - -# Misc Includes # -{$snort_misc_include_rules} - -{$suppress_file_name} - -# Snort user pass through configuration -{$snort_config_pass_thru} - -# Rules Selection # -{$selected_rules_sections} -EOD; - - // Write out snort.conf file - @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); - conf_mount_ro(); + // Clean up variables we no longer need and free memory unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); } @@ -3801,8 +3665,10 @@ function snort_sync_on_changes() { global $config, $g; /* Do not attempt a package sync while booting up or installing package */ - if ($g['booting'] || $g['snort_postinstall']) + if ($g['booting'] || $g['snort_postinstall']) { + log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); return; + } if (is_array($config['installedpackages']['snortsync']['config'])){ $snort_sync=$config['installedpackages']['snortsync']['config'][0]; @@ -3848,13 +3714,14 @@ function snort_sync_on_changes() { else $syncstartsnort = "OFF"; $sync_to_ip = $sh['varsyncipaddress']; + $port = $sh['varsyncport']; $password = $sh['varsyncpassword']; if($sh['varsyncusername']) $username = $sh['varsyncusername']; else $username = 'admin'; if($password && $sync_to_ip) - snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $password, $synctimeout, $syncstartsnort); + snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort); } log_error("[snort] Snort pkg xmlrpc sync completed."); } @@ -3862,12 +3729,14 @@ function snort_sync_on_changes() { } /* Do the actual XMLRPC sync */ -function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $password, $synctimeout, $syncstartsnort) { +function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort) { global $config, $g; /* Do not attempt a package sync while booting up or installing package */ - if ($g['booting'] || $g['snort_postinstall']) + if ($g['booting'] || $g['snort_postinstall']) { + log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); return; + } if(!$username || !$password || !$sync_to_ip) { log_error("[snort] A required XMLRPC sync parameter (user, host IP or password) is empty ... aborting pkg sync"); @@ -3883,8 +3752,9 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ + if ($port == "") + $port = $config['system']['webgui']['port']; + /* if port is empty let's rely on the protocol selection */ if($port == "") { if($config['system']['webgui']['protocol'] == "http") $port = "80"; @@ -3892,8 +3762,44 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw $port = "443"; } $synchronizetoip .= $sync_to_ip; + $url = $synchronizetoip; - /* xml will hold the sections to sync */ + /*************************************************/ + /* Send over any auto-SID management files */ + /*************************************************/ + $sid_files = glob(SNORT_SID_MODS_PATH . '*'); + foreach ($sid_files as $file) { + $content = base64_encode(file_get_contents($file)); + $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); + + log_error("[snort] Snort XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if(!$resp) { + $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Snort Settings Sync", ""); + } + } + + if (!empty($sid_files) && $error == "") + log_error("[snort] Snort pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + + /**************************************************/ + /* Send over the <snortglobal> portion of the */ + /* config.xml. $xml will hold section to sync. */ + /**************************************************/ $xml = array(); $xml['snortglobal'] = $config['installedpackages']['snortglobal']; /* assemble xmlrpc payload */ @@ -3902,8 +3808,6 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; log_error("[snort] Beginning Snort pkg configuration XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); @@ -3927,18 +3831,19 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw $downloadrulescmd = ""; if ($syncdownloadrules == "yes") { $downloadrulescmd = "log_error(gettext(\"[snort] XMLRPC pkg sync: Update of downloaded rule sets requested...\"));\n"; - $downloadrulescmd .= "include_once(\"/usr/local/pkg/snort/snort_check_for_rule_updates.php\");\n"; + $downloadrulescmd .= "\tinclude_once(\"/usr/local/pkg/snort/snort_check_for_rule_updates.php\");\n"; } $snortstart = ""; if ($syncstartsnort == "ON") { - $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Checking Snort status...\"));\n"; - $snortstart .= "if (!is_process_running(\"snort\")) {\n"; - $snortstart .= "log_error(gettext(\"[snort] XMLRPC pkg sync: Snort not running. Sending a start command...\"));\n"; - $snortstart .= "exec(\"/usr/local/etc/rc.d/snort.sh start 2>&1 &\");\n}\n"; - $snortstart .= "else {log_error(gettext(\"[snort] XMLRPC pkg sync: Snort is running...\"));\n}\n"; + $snortstart = "log_error(gettext(\"[snort] XMLRPC pkg sync: Starting Snort if not running...\"));\n"; + $snortstart .= "\tsnort_start_all_interfaces(TRUE);\n"; } - /* Build a series of commands as a PHP file for the secondary host to execute to load the new settings. */ + /*************************************************/ + /* Build a series of commands as a PHP file for */ + /* the secondary host to execute to load the new */ + /* settings. */ + /*************************************************/ $snort_sync_cmd = <<<EOD <?php require_once("/usr/local/pkg/snort/snort.inc"); @@ -3953,7 +3858,9 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw unset(\$g["snort_postinstall"]); log_error(gettext("[snort] XMLRPC pkg sync: Generating snort.conf file using Master Host settings...")); \$rebuild_rules = true; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); \$rebuild_rules = false; {$snortstart} log_error(gettext("[snort] XMLRPC pkg sync process on this host is complete...")); @@ -3964,7 +3871,10 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $username, $passw EOD; - /* First, have the target host write the commands to a PHP file in the /tmp directory */ + /*************************************************/ + /* First, have target host write the commands */ + /* to a PHP file in the /tmp directory. */ + /*************************************************/ $execcmd = "file_put_contents('/tmp/snort_sync_cmds.php', '{$snort_sync_cmd}');"; /* assemble xmlrpc payload */ @@ -3991,7 +3901,10 @@ EOD; log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php)."); } - /* Now assemble a command to execute the previously sent PHP file in the background */ + /*************************************************/ + /* Now assemble a command to execute the */ + /* previously sent PHP file in the background. */ + /*************************************************/ $execcmd = "exec(\"/usr/local/bin/php -f '/tmp/snort_sync_cmds.php' > /dev/null 2>&1 &\");"; $params2 = array( XML_RPC_encode($password), diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc index 8db5408d..928ecb52 100644 --- a/config/snort/snort.priv.inc +++ b/config/snort/snort.priv.inc @@ -11,6 +11,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_barnyard.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_blocked.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_check_for_rule_updates.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_define_servers.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_defs.inc*"; $priv_list['page-services-snort']['match'][] = "snort/snort_download_rules.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_download_updates.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_edit_hat_data.php*"; @@ -37,13 +38,18 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_sid_mgmt.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*"; $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_log_mgmt.php*"; $priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*"; $priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*"; $priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*"; $priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*"; $priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*"; $priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*"; +$priv_list['page-services-snort']['match'][] = "snort/snort_conf_template.inc*"; $priv_list['page-services-snort']['match'][] = "snort/snort.inc*"; ?>
\ No newline at end of file diff --git a/config/snort/snort.xml b/config/snort/snort.xml index ca99accf..fb23997c 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ <requirements>None</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.9.6.0</version> - <title>Services:2.9.6.0 pkg v3.0.8</title> + <version>2.9.7.0</version> + <title>Services:2.9.7.0 pkg v3.2.2</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -74,12 +74,17 @@ <item>https://packages.pfsense.org/packages/config/snort/snort_check_cron_misc.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_conf_template.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_migrate_config.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_post_install.php</item> </additional_files_needed> @@ -119,11 +124,16 @@ <item>https://packages.pfsense.org/packages/config/snort/snort_download_updates.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> + <prefix>/usr/local/pkg/snort/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_defs.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/snort/</prefix> <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces.php</item> @@ -249,6 +259,26 @@ <item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_interface_logs.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_log_mgmt.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_sid_mgmt.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/snort/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/snort/snort_generate_conf.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.js</item> @@ -263,19 +293,33 @@ <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/snort/widget-snort.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/var/db/snort/sidmods/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/disablesid-sample.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/var/db/snort/sidmods/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/enablesid-sample.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/var/db/snort/sidmods/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/snort/modifysid-sample.conf</item> + </additional_files_needed> <fields> </fields> <custom_add_php_command> </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.8") sync_snort_package_config(); ]]> </custom_php_resync_config_command> <custom_php_install_command> <![CDATA[ - include_once("/usr/local/www/snort/snort_post_install.php"); + include_once("/usr/local/pkg/snort/snort_post_install.php"); ]]> </custom_php_install_command> <custom_php_deinstall_command> diff --git a/config/snort/snort_alerts.js b/config/snort/snort_alerts.js index 647eb1b1..8133b928 100644 --- a/config/snort/snort_alerts.js +++ b/config/snort/snort_alerts.js @@ -50,11 +50,11 @@ function snort_alerts_fetch_new_events_callback(callback_data) { for(var x=0; x<data_split.length-1; x++) { row_split = data_split[x].split("||"); var line = ''; - line = '<td class="' + snortWidgetColClass + '">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; - line += '<td class="' + snortWidgetColClass + '" style="overflow: hidden; text-overflow: ellipsis;" nowrap>'; + line = '<td class="listMRr">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; + line += '<td class="listMRr" style="overflow: hidden; text-overflow: ellipsis;" nowrap>'; line += '<div style="display:inline;" title="' + row_split[2] + '">' + row_split[2] + '</div><br/>'; line += '<div style="display:inline;" title="' + row_split[3] + '">' + row_split[3] + '</div></td>'; - line += '<td class="' + snortWidgetColClass + '">' + 'Priority: ' + row_split[4] + ' ' + row_split[5] + '</td>'; + line += '<td class="listMRr"><div style="display: fixed; display: -webkit-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical; line-height: 1.2em; max-height: 2.4em; overflow: hidden; text-overflow: ellipsis;" title="' + row_split[4] + '">' + row_split[4] + '</div></td>'; new_data_to_add[new_data_to_add.length] = line; } snort_alerts_update_div_rows(new_data_to_add); diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 45443ec2..3f3159a6 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * @@ -41,6 +42,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; $supplist = array(); $snortlogdir = SNORTLOGDIR; +$filterlogentries = FALSE; function snort_is_alert_globally_suppressed($list, $gid, $sid) { @@ -124,7 +126,9 @@ function snort_add_supplist_entry($suppress) { /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { write_config("Snort pkg: modified Suppress List {$list_name}."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_reload_config($a_instance[$instanceid]); return true; } @@ -132,6 +136,32 @@ function snort_add_supplist_entry($suppress) { return false; } +function snort_escape_filter_regex($filtertext) { + /* If the caller (user) has not already put a backslash before a slash, to escape it in the regex, */ + /* then this will do it. Take out any "\/" already there, then turn all ordinary "/" into "\/". */ + return str_replace('/', '\/', str_replace('\/', '/', $filtertext)); +} + +function snort_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = snort_escape_filter_regex($field); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = snort_escape_filter_regex($field); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + + if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) @@ -164,6 +194,50 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $filterlogentries = TRUE; + + // -- IMPORTANT -- + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray[0] = $_POST['filterlogentries_time'] ? $_POST['filterlogentries_time'] : null; + $filterfieldsarray[1] = $_POST['filterlogentries_gid'] ? $_POST['filterlogentries_gid'] : null; + $filterfieldsarray[2] = $_POST['filterlogentries_sid'] ? $_POST['filterlogentries_sid'] : null; + $filterfieldsarray[3] = null; + $filterfieldsarray[4] = $_POST['filterlogentries_description'] ? $_POST['filterlogentries_description'] : null; + $filterfieldsarray[5] = $_POST['filterlogentries_protocol'] ? $_POST['filterlogentries_protocol'] : null; + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[6] = $_POST['filterlogentries_sourceipaddress'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_sourceipaddress']) : null; + $filterfieldsarray[7] = $_POST['filterlogentries_sourceport'] ? $_POST['filterlogentries_sourceport'] : null; + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[8] = $_POST['filterlogentries_destinationipaddress'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_destinationipaddress']) : null; + $filterfieldsarray[9] = $_POST['filterlogentries_destinationport'] ? $_POST['filterlogentries_destinationport'] : null; + $filterfieldsarray[10] = null; + $filterfieldsarray[11] = $_POST['filterlogentries_classification'] ? $_POST['filterlogentries_classification'] : null; + $filterfieldsarray[12] = $_POST['filterlogentries_priority'] ? $_POST['filterlogentries_priority'] : null; +} + +if ($_POST['filterlogentries_clear']) { + $filterlogentries = TRUE; + $filterfieldsarray = array(); +} + if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -283,7 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($a_instance[$instanceid]); + conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load the new rules */ @@ -307,11 +383,11 @@ if ($_POST['delete']) { } if ($_POST['download']) { - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $save_date = date("Y-m-d-H-i-s"); $file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz"; - exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *"); - if (file_exists("/tmp/{$file_name}")) { + if (file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -321,13 +397,13 @@ if ($_POST['download']) { header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp file - @unlink("/tmp/{$file_name}"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); } else $savemsg = gettext("An error occurred while creating archive"); @@ -342,7 +418,6 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include_once("fbegin.inc"); @@ -376,7 +451,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -423,9 +500,97 @@ if ($savemsg) { </td> </tr> <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$filterlogentries) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="22%" class="vncell"><?php echo gettext('Alert Log Filter Options'); ?></td> + <td width="78%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$filterlogentries) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellpadding="0" cellspacing="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_time" name="filterlogentries_time" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray[0] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_sourceipaddress" name="filterlogentries_sourceipaddress" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_sourceport" name="filterlogentries_sourceport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[7] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Description");?></div> + <div align="center"><input id="filterlogentries_description" name="filterlogentries_description" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[4] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("GID");?></div> + <div align="center"><input id="filterlogentries_gid" name="filterlogentries_gid" class="formfld search" type="text" size="6" value="<?= $filterfieldsarray[1] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Priority");?></div> + <div align="center"><input id="filterlogentries_priority" name="filterlogentries_priority" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray[12] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_destinationipaddress" name="filterlogentries_destinationipaddress" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_destinationport" name="filterlogentries_destinationport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Classification");?></div> + <div align="center"><input id="filterlogentries_classification" name="filterlogentries_classification" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[11] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("SID");?></div> + <div align="center"><input id="filterlogentries_sid" name="filterlogentries_sid" class="formfld search" type="text" size="6" value="<?= $filterfieldsarray[2] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_protocol" name="filterlogentries_protocol" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray[5] ?>" /></div> + </td> + <td valign="top"> + </td> + <td valign="top"> + </td> + <td colspan="2" style="vertical-align:bottom"> + <div align="right"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + <tr> + <td colspan="5" style="vertical-align:bottom"> + <?printf(gettext('Matches %1$s regular expression%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> + <?=gettext("Precede with exclamation (!) as first character to exclude match.");?> + </td> + </tr> + </table> + </td> + </tr> + <?php if ($filterlogentries) : ?> + <tr> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> + <?php echo gettext("(Most recent listed first) ** FILTERED VIEW ** clear filter to see all entries"); ?></td> + </tr> + <?php else: ?> + <tr> <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> <?php echo gettext("(Most recent entries are listed first)"); ?></td> </tr> + <?php endif; ?> <tr> <td width="100%" colspan="2"> <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> @@ -442,7 +607,7 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> @@ -460,17 +625,21 @@ if ($savemsg) { /* make sure alert file exists */ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { - exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); - if (file_exists("/tmp/alert_{$snort_uuid}")) { + exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > {$g['tmp_path']}/alert_{$snort_uuid}"); + if (file_exists("{$g['tmp_path']}/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ - $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); + $fd = fopen("{$g['tmp_path']}/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 13) continue; + if ($filterlogentries && !snort_match_filter_field($fields, $filterfieldsarray)) { + continue; + } + /* Time */ $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -8); /* Date */ @@ -486,16 +655,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_src .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_src .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[6]}');\" title=\""; + $alert_ip_src .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_src .= " style=\"cursor: pointer;\"/>"; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && @@ -519,16 +684,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_dst .= "<br/>"; - if ($pfs_version > 2.0) { - $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $alert_ip_dst .= "<img onclick=\"javascript:resolve_with_ajax('{$fields[8]}');\" title=\""; + $alert_ip_dst .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_dst .= " style=\"cursor: pointer;\"/>"; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { @@ -578,17 +740,17 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[6]};\" sorttable_customkey=\"{$fields[6]}\">{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[8]};\" sorttable_customkey=\"{$fields[8]}\">{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields[2]};\" sorttable_customkey=\"{$fields[2]}\">{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; $counter++; } fclose($fd); - @unlink("/tmp/alert_{$snort_uuid}"); + unlink_if_exists("{$g['tmp_path']}/alert_{$snort_uuid}"); } } ?> @@ -619,6 +781,50 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("ip").value = srcip; document.getElementById("descr").value = ruledescr; } + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; +} + </script> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_alerts.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 0700ef2a..552dab61 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -39,19 +39,10 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_instance = &$config['installedpackages']['snortglobal']['rule']; -// Test pfSense version and set different CSS class variables -// depending on version. 2.1 offers enhanced CSS styles. -$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pfs_version > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; - $alertColClass = "listMRr"; -} -else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; - $alertColClass = "listr"; -} +// Set some CSS class variables +$alertRowEvenClass = "listMReven"; +$alertRowOddClass = "listMRodd"; +$alertColClass = "listMRr"; /* check if Snort widget alert display lines value is set */ $snort_nentries = $config['widgets']['widget_snort_display_lines']; @@ -93,7 +84,7 @@ if (isset($_GET['getNewAlerts'])) { $counter = 0; foreach ($s_alerts as $a) { $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||"; - $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n"; + $response .= $a['dst'] . "||" . $a['msg'] . "\n"; $counter++; if($counter >= $snort_nentries) break; @@ -165,8 +156,7 @@ function snort_widget_get_alerts() { // Add the DST PORT if not null if (!empty($fields[9])) $snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]); - $snort_alerts[$counter]['priority'] = trim($fields[12]); - $snort_alerts[$counter]['category'] = trim($fields[11]); + $snort_alerts[$counter]['msg'] = trim($fields[4]); $counter++; }; fclose($fd); @@ -205,7 +195,7 @@ function snort_widget_get_alerts() { <tr> <th class="widgetsubheader"><?=gettext("IF/Date");?></th> <th class="widgetsubheader"><?=gettext("Src/Dst Address");?></th> - <th class="widgetsubheader"><?=gettext("Classification");?></th> + <th class="widgetsubheader"><?=gettext("Description");?></th> </tr> </thead> <tbody id="snort-alert-entries"> @@ -216,9 +206,9 @@ function snort_widget_get_alerts() { foreach ($snort_alerts as $alert) { $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; echo(" <tr class='" . $alertRowClass . "'> - <td class='" . $alertColClass . "'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td> - <td class='" . $alertColClass . "' style='overflow: hidden; text-overflow: ellipsis;' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td> - <td class='" . $alertColClass . "'>Priority: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>"); + <td class='listMRr'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td> + <td class='listMRr' style='overflow: hidden; text-overflow: ellipsis;' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td> + <td class='listMRr'><div style='display: fixed; display: -webkit-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical; line-height: 1.2em; max-height: 2.4em; overflow: hidden; text-overflow: ellipsis;' title='{$alert['msg']}'>" . $alert['msg'] . "</div></td></tr>"); $counter++; if($counter >= $snort_nentries) break; @@ -233,9 +223,8 @@ function snort_widget_get_alerts() { <!-- needed in the snort_alerts.js file code --> var snortupdateDelay = 10000; // update every 10 seconds var snort_nentries = <?=$snort_nentries;?>; // number of alerts to display (5 is default) - var snortWidgetRowEvenClass = "<?=$alertRowEvenClass;?>"; // allows alternating background on 2.1 and higher - var snortWidgetRowOddClass = "<?=$alertRowOddClass;?>"; // allows alternating background on 2.1 and higher - var snortWidgetColClass = "<?=$alertColClass;?>"; // sets column CSS style (different on 2.1 and higher) + var snortWidgetRowEvenClass = "<?=$alertRowEvenClass;?>"; // allows alternating background + var snortWidgetRowOddClass = "<?=$alertRowOddClass;?>"; // allows alternating background <!-- needed to display the widget settings menu --> selectIntLink = "snort_alerts-configure"; diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 902c1637..b3e3723e 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -57,8 +57,8 @@ $retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); -$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'), - '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '128K' => '128 KB', '256K' => '256 KB', '512K' => '512 KB', '1M' => '1 MB', '4M' => '4 MB', '8M' => gettext('8 MB'), + '16M' => gettext('16 MB'), '32M' => gettext('32 MB'), '64M' => gettext('64 MB'), '128M' => gettext('128 MB'), '256M' => gettext('256 MB') ); if (isset($id) && $a_nat[$id]) { $pconfig = $a_nat[$id]; @@ -69,7 +69,7 @@ if (isset($id) && $a_nat[$id]) { if (empty($a_nat[$id]['barnyard_show_year'])) $pconfig['barnyard_show_year'] = "on"; if (empty($a_nat[$id]['unified2_log_limit'])) - $pconfig['unified2_log_limit'] = "32"; + $pconfig['unified2_log_limit'] = "128K"; if (empty($a_nat[$id]['barnyard_archive_enable'])) $pconfig['barnyard_archive_enable'] = "on"; if (empty($a_nat[$id]['u2_archived_log_retention'])) @@ -91,6 +91,30 @@ if (isset($id) && $a_nat[$id]) { } if ($_POST['save']) { + + // If disabling Barnyard2 on the interface, stop any + // currently running instance, then save the disabled + // state and exit. + if ($_POST['barnyard_enable'] != 'on') { + $a_nat[$id]['barnyard_enable'] = 'off'; + write_config("Snort pkg: modified Barnyard2 settings."); + touch("{$g['varrun_path']}/barnyard2_{$uuid}.disabled"); + snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + + // No need to rebuild rules for Barnyard2 changes + $rebuild_rules = false; + conf_mount_rw(); + sync_snort_package_config(); + conf_mount_ro(); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_barnyard.php"); + exit; + } + // Check that at least one output plugin is enabled if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") @@ -106,6 +130,12 @@ if ($_POST['save']) { $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database."); } + // Validate Sensor Name contains no spaces + if ($_POST['barnyard_enable'] == 'on') { + if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE) + $input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces."); + } + // Validate inputs if syslog output enabled if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { if ($_POST['barnyard_log_vlan_events'] == 'on' || $_POST['barnyard_log_mpls_events'] == 'on') @@ -161,14 +191,16 @@ if ($_POST['save']) { if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO'; if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']); if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760'; - if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); + if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['barnconfigpassthru'])); else unset($natent['barnconfigpassthru']); $a_nat[$id] = $natent; write_config("Snort pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); // If disabling Barnyard2 on the interface, stop any // currently running instance. If an instance is @@ -230,7 +262,9 @@ include_once("head.inc"); $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; @@ -243,6 +277,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -275,7 +310,7 @@ include_once("head.inc"); <?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>> <?=htmlspecialchars($p);?></option> <?php endforeach; ?> - </select> <?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/> + </select> <?php echo gettext("Choose a Unified2 Log file size limit. Default is "); ?><strong><?=gettext("128 KB.");?></strong><br/><br/> <?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?> </td> </tr> @@ -418,7 +453,7 @@ include_once("head.inc"); <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?> onClick="toggle_local_syslog()"/> <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/> - <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td> + <?php echo gettext("This will send alert data to the local system only and overrides the host, port, and protocol values below."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> @@ -461,7 +496,7 @@ include_once("head.inc"); echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; } ?></select> - <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> + <?php echo gettext("Select Syslog Facility to use for reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> </td> </tr> <tr> @@ -477,7 +512,7 @@ include_once("head.inc"); echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; } ?></select> - <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> + <?php echo gettext("Select Syslog Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?> </td> </tr> </tbody> @@ -583,8 +618,6 @@ function toggle_local_syslog() { document.iform.barnyard_syslog_dport.disabled = endis; document.iform.barnyard_syslog_proto_udp.disabled = endis; document.iform.barnyard_syslog_proto_tcp.disabled = endis; - document.iform.barnyard_syslog_facility.disabled = endis; - document.iform.barnyard_syslog_priority.disabled = endis; } } diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 76d5a9df..39119210 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without @@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -73,22 +89,22 @@ if ($_POST['download']) exec('/sbin/pfctl -t snort2c -T show', $blocked_ips_array_save); /* build the list */ if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) { - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $save_date = date("Y-m-d-H-i-s"); $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir -p /tmp/snort_blocked'); - file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); + safe_mkdir("{$g['tmp_path']}/snort_blocked"); + file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", ""); foreach($blocked_ips_array_save as $counter => $fileline) { if (empty($fileline)) continue; $fileline = trim($fileline, " \n\t"); - file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); + file_put_contents("{$g['tmp_path']}/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); } // Create a tar gzip archive of blocked host IP addresses - exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/snort_blocked snort_block.pf"); + exec("/usr/bin/tar -czf {$g['tmp_path']}/{$file_name} -C{$g['tmp_path']}/snort_blocked snort_block.pf"); // If we successfully created the archive, send it to the browser. - if(file_exists("/tmp/{$file_name}")) { + if(file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -98,14 +114,14 @@ if ($_POST['download']) header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp files and directory - @unlink("/tmp/{$file_name}"); - exec("/bin/rm -fr /tmp/snort_blocked"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); + rmdir_recursive("{$g['tmp_path']}/snort_blocked"); } else $savemsg = gettext("An error occurred while creating archive"); } else @@ -133,7 +149,6 @@ include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php @@ -168,7 +183,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td> @@ -185,7 +202,7 @@ if ($savemsg) { <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> <?php echo gettext("All blocked hosts will be saved."); ?> <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" - onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCEL to quit.");?>');"/> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> </td> </tr> @@ -214,11 +231,11 @@ if ($savemsg) { <col width="10%" align="center"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number">#</th> <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> - <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?></th> </tr> </thead> <tbody> @@ -278,20 +295,16 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":​", $blocked_ip); /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ $rdns_link = ""; - if ($pfs_version > 2.0) { - $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - } - $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $rdns_link .= "<img onclick=\"javascript:resolve_with_ajax('{$blocked_ip}');\" title=\""; + $rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $rdns_link.= " style=\"cursor: pointer;\"/>"; + /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <td align=\"center\" valign=\"middle\" class=\"listr\"> <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; @@ -325,5 +338,38 @@ if ($savemsg) { <?php include("fend.inc"); ?> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/snort/snort_blocked.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index a5b9e65e..a2688b58 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -33,6 +33,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); $snortlogdir = SNORTLOGDIR; +global $g, $config; function snort_check_dir_size_limit($snortloglimitsize) { @@ -56,9 +57,9 @@ function snort_check_dir_size_limit($snortloglimitsize) { conf_mount_rw(); // Truncate the Rules Update Log file if it exists - if (file_exists(RULES_UPD_LOGFILE)) { + if (file_exists(SNORT_RULES_UPD_LOGFILE)) { log_error(gettext("[Snort] Truncating the Rules Update Log file...")); - @file_put_contents(RULES_UPD_LOGFILE, ""); + @file_put_contents(SNORT_RULES_UPD_LOGFILE, ""); } // Clean-up the logs for each configured Snort instance @@ -74,6 +75,21 @@ function snort_check_dir_size_limit($snortloglimitsize) { @file_put_contents("{$snort_log_dir}/alert", ""); } + // Cleanup any perfmon stats logs + $files = array(); + $list = glob("{$snort_log_dir}/*"); + foreach ($list as $file) { + if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.\d+]*)/', basename($file), $matches)) + $files[] = $snort_log_dir . "/" . $matches[1]; + } + foreach ($files as $file) + unlink_if_exists($file); + + // Cleanup any AppID stats logs + $files = glob("{$snort_log_dir}/appid-stats.log.*"); + foreach ($files as $file) + unlink_if_exists($file); + // This is needed if snort is run as snort user mwexec('/bin/chmod 660 {$snort_log_dir}/*', true); @@ -88,6 +104,56 @@ function snort_check_dir_size_limit($snortloglimitsize) { } } +function snort_check_rotate_log($log_file, $log_limit, $retention) { + + /******************************************************** + * This function checks the passed log file against * + * the passed size limit and rotates the log file if * + * necessary. It also checks the age of previously * + * rotated logs and removes those older than the * + * rentention parameter. * + * * + * On Entry: $log_file -> full pathname/filename of * + * log file to check * + * $log_limit -> size of file in bytes to * + * trigger rotation. Zero * + * means no rotation. * + * $retention -> retention period in hours * + * for rotated logs. Zero * + * means never remove. * + ********************************************************/ + + // Check the current log to see if it needs rotating. + // If it does, rotate it and put the current time + // on the end of the filename as UNIX timestamp. + if (!file_exists($log_file)) + return; + if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) { + $newfile = $log_file . "." . strval(time()); + try { + copy($log_file, $newfile); + file_put_contents($log_file, ""); + } catch (Exception $e) { + log_error("[Snort] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}"); + } + } + + // Check previously rotated logs to see if time to + // delete any older than the retention period. + // Rotated logs have a UNIX timestamp appended to + // filename. + if ($retention > 0) { + $now = time(); + $rotated_files = glob("{$log_file}.*"); + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($retention * 3600)) + unlink_if_exists($file); + } + unset($rotated_files); + } +} + + /************************* * Start of main code * *************************/ @@ -96,27 +162,93 @@ function snort_check_dir_size_limit($snortloglimitsize) { if ($g['booting'] == true) return; +$logs = array (); + +// Build an array of files to check and limits to check them against from our saved configuration +$logs['sid_changes.log']['limit'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size']; +$logs['sid_changes.log']['retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention']; + // If no interfaces defined, there is nothing to clean up if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -// Check unified2 archived log retention in the interface logging directories if enabled -foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = get_real_interface($value['interface']); - $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}"; - if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) { - $now = time(); - $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*"); - $prune_count = 0; - foreach ($files as $f) { - if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) { - $prune_count++; - unlink_if_exists($f); +// Check log limits and retention in the interface logging directories if enabled +if ($config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on') { + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}"; + foreach ($logs as $k => $p) { + snort_check_rotate_log("{$snort_log_dir}/{$k}", $p['limit']*1024, $p['retention']); + } + + // Prune aged-out event packet capture files if any exist + if ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] > 0) { + $now = time(); + $rotated_files = glob("{$snort_log_dir}/snort.log.*"); + $prune_count = 0; + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($config['installedpackages']['snortglobal']['event_pkts_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($file); + } + } + unset($rotated_files); + if ($prune_count > 0) + log_error(gettext("[Snort] Alert pcap file cleanup job removed {$prune_count} pcap file(s) from {$snort_log_dir}/...")); + } + + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) { + $now = time(); + $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*"); + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } + } + unset($files); + if ($prune_count > 0) + log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/barnyard2/archive/...")); + } + + // Prune aged-out perfmon stats logs if any exist + if ($config['installedpackages']['snortglobal']['stats_log_retention'] > 0) { + $now = time(); + $files = array(); + $list = glob("{$snort_log_dir}/*"); + foreach ($list as $file) { + if (preg_match('/(^\d{4}-\d{2}-\d{2}[\.\d+]*)/', basename($file), $matches)) + $files[] = $snort_log_dir . "/" . $matches[1]; + } + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['snortglobal']['stats_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } + } + unset($list, $files); + if ($prune_count > 0) + log_error(gettext("[Snort] perfmon stats logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/...")); + } + + // Prune any aged-out AppID stats logs if any exist + if ($value['appid_stats_log_retention'] > 0) { + $now = time(); + $files = glob("{$snort_log_dir}/app-stats.log.*"); + $prune_count = 0; + foreach ($files as $f) { + if (($now - filemtime($f)) > ($value['appid_stats_log_retention'] * 3600)) { + $prune_count++; + unlink_if_exists($f); + } } + unset($files); + if ($prune_count > 0) + log_error(gettext("[Snort] AppID stats logs cleanup job removed {$prune_count} file(s) from {$snort_log_dir}/...")); } - unset($files); - if ($prune_count > 0) - log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s)...")); } } diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 667f4044..3106cb7b 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -32,44 +32,17 @@ require_once("functions.inc"); require_once("service-utils.inc"); -require_once "/usr/local/pkg/snort/snort.inc"; +require_once("/usr/local/pkg/snort/snort.inc"); +require("/usr/local/pkg/snort/snort_defs.inc"); global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules; -if (!defined("VRT_DNLD_URL")) - define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); -if (!defined("ET_VERSION")) - define("ET_VERSION", "2.9.0"); -if (!defined("ET_BASE_DNLD_URL")) - define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); -if (!defined("ETPRO_BASE_DNLD_URL")) - define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); -if (!defined("ET_DNLD_FILENAME")) - define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); -if (!defined("ETPRO_DNLD_FILENAME")) - define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); -if (!defined("GPLV2_DNLD_FILENAME")) - define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); -if (!defined("GPLV2_DNLD_URL")) - define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); -if (!defined("RULES_UPD_LOGFILE")) - define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); -if (!defined("VRT_FILE_PREFIX")) - define("VRT_FILE_PREFIX", "snort_"); -if (!defined("GPL_FILE_PREFIX")) - define("GPL_FILE_PREFIX", "GPLv2_"); -if (!defined("ET_OPEN_FILE_PREFIX")) - define("ET_OPEN_FILE_PREFIX", "emerging-"); -if (!defined("ET_PRO_FILE_PREFIX")) - define("ET_PRO_FILE_PREFIX", "etpro-"); -if (!defined("IPREP_PATH")) - define("IPREP_PATH", "/var/db/snort/iprep/"); - $snortdir = SNORTDIR; -$snortlibdir = SNORTLIBDIR; +$snortlibdir = "/usr/pbi/snort-" . php_uname("m") . "/lib"; $snortlogdir = SNORTLOGDIR; -$snortiprepdir = IPREP_PATH; -$snort_rules_upd_log = RULES_UPD_LOGFILE; +$snortiprepdir = SNORT_IPREP_PATH; +$snortbindir = SNORT_PBI_BINDIR; +$mounted_rw = FALSE; /* Save the state of $pkg_interface so we can restore it */ $pkg_interface_orig = $pkg_interface; @@ -86,19 +59,20 @@ $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats' $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off'; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off'; $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off'; +$openappid_detectors = $config['installedpackages']['snortglobal']['openappid_detectors'] == 'on' ? 'on' : 'off'; /* Working directory for downloaded rules tarballs and extraction */ -$tmpfname = "/tmp/snort_rules_up"; +$tmpfname = "{$g['tmp_path']}/snort_rules_up"; /* Grab the Snort binary version programmatically and use it to construct */ /* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ /* default in the event we fail. */ $snortver = array(); -exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); +exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); // Save the version with decimal delimiters for use in extracting the rules $snort_version = $snortver[0]; if (empty($snort_version)) - $snort_version = "2.9.6.0"; + $snort_version = SNORT_BIN_VERSION; // Create a collapsed version string for use in the tarball filename $snortver[0] = str_replace(".", "", $snortver[0]); @@ -106,37 +80,45 @@ $snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; $snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; -/* Mount the Snort conf directories R/W so we can modify files there */ -conf_mount_rw(); +/* Mount the Snort conf directories R/W, if not already, so we can modify files there */ +if (!is_subsystem_dirty('mount')) { + conf_mount_rw(); + $mounted_rw = TRUE; +} /* Set up Emerging Threats rules filenames and URL */ if ($etpro == "on") { - $emergingthreats_filename = ETPRO_DNLD_FILENAME; - $emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5"; + $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME; + $emergingthreats_filename_md5 = SNORT_ETPRO_DNLD_FILENAME . ".md5"; $emergingthreats_url = ETPRO_BASE_DNLD_URL; $emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/"; $emergingthreats = "on"; $et_name = "Emerging Threats Pro"; - $et_md5_remove = ET_DNLD_FILENAME . ".md5"; - @unlink("{$snortdir}/{$et_md5_remove}"); + $et_md5_remove = SNORT_ET_DNLD_FILENAME . ".md5"; + unlink_if_exists("{$snortdir}/{$et_md5_remove}"); } else { - $emergingthreats_filename = ET_DNLD_FILENAME; - $emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5"; + $emergingthreats_filename = SNORT_ET_DNLD_FILENAME; + $emergingthreats_filename_md5 = SNORT_ET_DNLD_FILENAME . ".md5"; $emergingthreats_url = ET_BASE_DNLD_URL; // If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules $emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/"; $emergingthreats_url .= "snort-" . ET_VERSION . "/"; $et_name = "Emerging Threats Open"; - $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5"; - @unlink("{$snortdir}/{$et_md5_remove}"); + $et_md5_remove = SNORT_ETPRO_DNLD_FILENAME . ".md5"; + unlink_if_exists("{$snortdir}/{$et_md5_remove}"); } /* Snort GPLv2 Community Rules filenames and URL */ -$snort_community_rules_filename = GPLV2_DNLD_FILENAME; -$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; +$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME; +$snort_community_rules_filename_md5 = SNORT_GPLV2_DNLD_FILENAME . ".md5"; $snort_community_rules_url = GPLV2_DNLD_URL; +/* Snort OpenAppID detectors filename and URL */ +$snort_openappid_filename = SNORT_OPENAPPID_DNLD_FILENAME; +$snort_openappid_filename_md5 = SNORT_OPENAPPID_DNLD_FILENAME . ".md5"; +$snort_openappid_url = SNORT_OPENAPPID_DNLD_URL; + function snort_download_file_url($url, $file_out) { /************************************************/ @@ -211,7 +193,9 @@ function snort_download_file_url($url, $file_out) { curl_setopt($ch, CURLOPT_FILE, $fout); // NOTE: required to suppress errors from XMLRPC due to progress bar output - if ($g['snort_sync_in_progress']) + // and to prevent useless spam from rules update cron job execution. This + // prevents progress bar output during package sync and rules update cron task. + if ($g['snort_sync_in_progress'] || $pkg_interface == "console") curl_setopt($ch, CURLOPT_HEADER, false); else { curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); @@ -285,21 +269,21 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { /* error occurred. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; + global $pkg_interface, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename_md5 = basename($file_dst); if ($pkg_interface <> "console") update_status(gettext("Downloading {$desc} md5 file...")); - error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, SNORT_RULES_UPD_LOGFILE); $rc = snort_download_file_url($file_url, $file_dst); // See if download from URL was successful if ($rc === true) { if ($pkg_interface <> "console") update_status(gettext("Done downloading {$filename_md5}.")); - error_log("\tChecking {$desc} md5 file...\n", 3, $snort_rules_upd_log); + error_log("\tChecking {$desc} md5 file...\n", 3, SNORT_RULES_UPD_LOGFILE); // check md5 hash in new file against current file to see if new download is posted if (file_exists("{$snortdir}/{$filename_md5}")) { @@ -309,7 +293,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("{$desc} are up to date...")); log_error(gettext("[Snort] {$desc} are up to date...")); - error_log(gettext("\t{$desc} are up to date.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} are up to date.\n"), 3, SNORT_RULES_UPD_LOGFILE); return false; } else @@ -318,7 +302,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { return true; } else { - error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} md5 download failed.\n"), 3, SNORT_RULES_UPD_LOGFILE); $snort_err_msg = gettext("Server returned error code {$rc}."); if ($pkg_interface <> "console") { update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); @@ -326,9 +310,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { } log_error(gettext("[Snort] {$desc} md5 download failed...")); log_error(gettext("[Snort] Server returned error code {$rc}...")); - error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); - error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$snort_err_msg}\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -353,7 +337,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* FALSE if download was not successful. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; + global $pkg_interface, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename = basename($file_dst); @@ -361,8 +345,8 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("There is a new set of {$desc} posted. Downloading...")); log_error(gettext("[Snort] There is a new set of {$desc} posted. Downloading {$filename}...")); - error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, SNORT_RULES_UPD_LOGFILE); $rc = snort_download_file_url($file_url, $file_dst); // See if the download from the URL was successful @@ -370,7 +354,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("Done downloading {$desc} file.")); log_error("[Snort] {$desc} file update downloaded successfully"); - error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log); + error_log(gettext("\tDone downloading rules file.\n"),3, SNORT_RULES_UPD_LOGFILE); // Test integrity of the rules file. Turn off update if file has wrong md5 hash if ($file_md5 != trim(md5_file($file_dst))){ @@ -379,10 +363,10 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { log_error(gettext("[Snort] {$desc} file download failed. Bad MD5 checksum...")); log_error(gettext("[Snort] Downloaded File MD5: " . md5_file($file_dst))); log_error(gettext("[Snort] Expected File MD5: {$file_md5}")); - error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log); - error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -392,9 +376,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_output_window(gettext("{$desc} file download failed...")); log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'...")); - error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log); - error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); - error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, SNORT_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -407,43 +391,56 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* remove any old $tmpfname files */ if (is_dir("{$tmpfname}")) - exec("/bin/rm -rf {$tmpfname}"); + rmdir_recursive($tmpfname); /* Make sure required snortdirs exsist */ safe_mkdir("{$snortdir}/rules"); safe_mkdir("{$snortdir}/signatures"); safe_mkdir("{$snortdir}/preproc_rules"); safe_mkdir("{$tmpfname}"); -safe_mkdir("{$snortlibdir}/dynamicrules"); +safe_mkdir("{$snortlibdir}/snort_dynamicrules"); safe_mkdir("{$snortlogdir}"); safe_mkdir("{$snortiprepdir}"); /* See if we need to automatically clear the Update Log based on 1024K size limit */ -if (file_exists($snort_rules_upd_log)) { - if (1048576 < filesize($snort_rules_upd_log)) - @unlink("{$snort_rules_upd_log}"); +if (file_exists(SNORT_RULES_UPD_LOGFILE)) { + if (1048576 < filesize(SNORT_RULES_UPD_LOGFILE)) + unlink_if_exists("{SNORT_RULES_UPD_LOGFILE}"); } /* Log start time for this rules update */ -error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log); +error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, SNORT_RULES_UPD_LOGFILE); $last_curl_error = ""; $update_errors = false; /* Check for and download any new Snort VRT sigs */ if ($snortdownload == 'on') { - if (snort_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { + if (snort_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}?oinkcode={$oinkid}", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { /* download snortrules file */ $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")); - if (!snort_fetch_new_rules("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) + if (!snort_fetch_new_rules("{$snort_rule_url}{$snort_filename}?oinkcode={$oinkid}", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) $snortdownload = 'off'; } else $snortdownload = 'off'; } +/* Check for and download any new Snort OpenAppID detectors */ +if ($openappid_detectors == 'on') { + if (snort_check_rule_md5("{$snort_openappid_url}{$snort_openappid_filename}/md5", "{$tmpfname}/{$snort_openappid_filename_md5}", "Snort OpenAppID detectors")) { + $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_openappid_filename_md5}")); + file_put_contents("{$tmpfname}/{$snort_openappid_filename_md5}", $file_md5); + /* download snort-openappid file */ + if (!snort_fetch_new_rules("{$snort_openappid_url}{$snort_openappid_filename}", "{$tmpfname}/{$snort_openappid_filename}", $file_md5, "Snort OpenAppID detectors")) + $openappid_detectors = 'off'; + } + else + $openappid_detectors = 'off'; +} + /* Check for and download any new Snort GPLv2 Community Rules sigs */ if ($snortcommunityrules == 'on') { - if (snort_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { + if (snort_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename}/md5", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { /* download Snort GPLv2 Community Rules file */ $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")); if (!snort_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules")) @@ -484,7 +481,7 @@ if ($snortdownload == 'on') { update_status(gettext("Extracting Snort VRT rules...")); update_output_window(gettext("Installing Sourcefire VRT rules...")); } - error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); /* extract snort.org rules and add VRT_FILE_PREFIX prefix to all snort.org files */ safe_mkdir("{$tmpfname}/snortrules"); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/"); @@ -499,7 +496,7 @@ if ($snortdownload == 'on') { $newfile = basename($file); @copy($file, "{$snortdir}/rules/{$newfile}"); } - exec("rm -r {$tmpfname}/snortrules"); + rmdir_recursive("{$tmpfname}/snortrules"); /* Extract the Snort preprocessor rules */ if ($pkg_interface <> "console") update_output_window(gettext("Extracting preprocessor rules files...")); @@ -509,25 +506,24 @@ if ($snortdownload == 'on') { $newfile = basename($file); @copy($file, "{$snortdir}/preproc_rules/{$newfile}"); } - exec("rm -r {$tmpfname}/preproc_rules"); + rmdir_recursive("{$tmpfname}/preproc_rules"); /* extract so rules */ if ($pkg_interface <> "console") { update_status(gettext("Extracting Snort VRT Shared Objects rules...")); update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}...")); } - exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/"); - error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, SNORT_RULES_UPD_LOGFILE); $snort_arch = php_uname("m"); $nosorules = false; if ($snort_arch == 'i386'){ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/"); - exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); + exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/snort_dynamicrules/"); } elseif ($snort_arch == 'amd64') { exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/"); - exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); + exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/snort_dynamicrules/"); } else $nosorules = true; - exec("rm -rf {$tmpfname}/so_rules"); + rmdir_recursive("{$tmpfname}/so_rules/"); if ($nosorules == false) { /* extract Shared Object stub rules, rename and copy to the rules folder. */ if ($pkg_interface <> "console") @@ -538,7 +534,7 @@ if ($snortdownload == 'on') { $newfile = basename($file, ".rules"); @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules"); } - exec("rm -rf {$tmpfname}/so_rules"); + rmdir_recursive("{$tmpfname}/so_rules/"); } /* extract base etc files */ if ($pkg_interface <> "console") { @@ -550,7 +546,7 @@ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/etc/{$file}")) @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}"); } - exec("rm -r {$tmpfname}/etc"); + rmdir_recursive("{$tmpfname}/etc"); if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { if ($pkg_interface <> "console") update_status(gettext("Copying md5 signature to snort directory...")); @@ -560,7 +556,30 @@ if ($snortdownload == 'on') { update_status(gettext("Extraction of Snort VRT rules completed...")); update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); } - error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); + } +} + +/* Untar Snort OpenAppID detectors file to SNORT_APPID_ODP_PATH */ +if ($openappid_detectors == 'on') { + // If we have a valid downloaded file, then first cleanup the old directory + if (file_exists("{$tmpfname}/{$snort_openappid_filename}")) { + $snort_openappid_path = SNORT_APPID_ODP_PATH; + rmdir_recursive("{$snort_openappid_path}odp"); + error_log(gettext("\tExtracting and installing Snort OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE); + safe_mkdir(SNORT_APPID_ODP_PATH); + exec("/usr/bin/tar oxzf {$tmpfname}/{$snort_openappid_filename} -C {$snort_openappid_path}"); + if (file_exists("{$tmpfname}/{$snort_openappid_filename_md5}")) { + if ($pkg_interface <> "console") + update_status(gettext("Copying md5 signature to snort directory...")); + @copy("{$tmpfname}/{$snort_openappid_filename_md5}", "{$snortdir}/{$snort_openappid_filename_md5}"); + } + if ($pkg_interface <> "console") { + update_status(gettext("Extraction of Snort OpenAppID detectors completed...")); + update_output_window(gettext("Installation of Snort OpenAppID detectors completed...")); + } + unlink_if_exists("{$tmpfname}/{$snort_openappid_filename}"); + error_log(gettext("\tInstallation of Snort OpenAppID detectors completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); } } @@ -572,7 +591,7 @@ if ($snortcommunityrules == 'on') { update_status(gettext("Extracting Snort GPLv2 Community Rules...")); update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); } - error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); $files = glob("{$tmpfname}/community/community-rules/*.rules"); @@ -595,8 +614,8 @@ if ($snortcommunityrules == 'on') { update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); } - error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -rf {$tmpfname}/community"); + error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); + rmdir_recursive("{$tmpfname}/community/"); } } @@ -608,7 +627,7 @@ if ($emergingthreats == 'on') { update_status(gettext("Extracting {$et_name} rules...")); update_output_window(gettext("Installing {$et_name} rules...")); } - error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); /* Remove the old Emerging Threats rules files */ @@ -632,11 +651,11 @@ if ($emergingthreats == 'on') { foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") { - @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); + @copy($file, SNORT_IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); } else { - @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); + @copy($file, SNORT_IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); } } @@ -656,8 +675,8 @@ if ($emergingthreats == 'on') { update_status(gettext("Extraction of {$et_name} rules completed...")); update_output_window(gettext("Installation of {$et_name} rules completed...")); } - error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -rf {$tmpfname}/emerging"); + error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); + rmdir_recursive("{$tmpfname}/emerging/"); } } @@ -668,7 +687,7 @@ function snort_apply_customizations($snortcfg, $if_real) { /* Update the Preprocessor rules from the master configuration for the interface if Snort */ /* VRT rules are in use and the interface's preprocessor rules are not protected. */ - if ($vrt_enabled == 'on' && $snortcfg['protect_preproc_rules'] != 'on') { + if ($vrt_enabled == 'on' && ($snortcfg['protect_preproc_rules'] != 'on' || $g['snort_postinstall'])) { $preproc_files = glob("{$snortdir}/preproc_rules/*.rules"); foreach ($preproc_files as $file) { $newfile = basename($file); @@ -690,7 +709,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = if ($pkg_interface <> "console") update_status(gettext('Copying new config and map files...')); - error_log(gettext("\tCopying new config and map files...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tCopying new config and map files...\n"), 3, SNORT_RULES_UPD_LOGFILE); /******************************************************************/ /* Build the classification.config and reference.config files */ @@ -749,8 +768,8 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules"); if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules")) safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules"); - if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor")) - safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor"); + if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor")) + safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/snort_dynamicpreprocessor"); snort_apply_customizations($value, $if_real); @@ -760,7 +779,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = $tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for "); $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n"; } - error_log($tmp, 3, $snort_rules_upd_log); + error_log($tmp, 3, SNORT_RULES_UPD_LOGFILE); } } else { @@ -768,24 +787,52 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = update_output_window(gettext("Warning: No interfaces configured for Snort were found...")); update_output_window(gettext("No interfaces currently have Snort configured and enabled on them...")); } - error_log(gettext("\tWarning: No interfaces configured for Snort were found...\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tWarning: No interfaces configured for Snort were found...\n"), 3, SNORT_RULES_UPD_LOGFILE); } /* Clear the rebuild rules flag. */ $rebuild_rules = false; - /* Restart snort if already running and we are not rebooting to pick up the new rules. */ - if (is_process_running("snort") && !$g['booting']) { + /* Restart snort if running, and not in post-install, so as to pick up the new rules. */ + if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) { if ($pkg_interface <> "console") { update_status(gettext('Restarting Snort to activate the new set of rules...')); update_output_window(gettext("Please wait ... restarting Snort will take some time...")); } - error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log); - restart_service("snort"); + error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); + touch("{$g['varrun_path']}/snort_pkg_starting.lck"); + snort_restart_all_interfaces(TRUE); + sleep(3); + unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); if ($pkg_interface <> "console") update_output_window(gettext("Snort has restarted with your new set of rules...")); log_error(gettext("[Snort] Snort has restarted with your new set of rules...")); - error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, SNORT_RULES_UPD_LOGFILE); + } + else { + if ($pkg_interface <> "console") + update_output_window(gettext("The rules update task is complete...")); + } +} +elseif ($openappid_detectors == 'on') { + /**************************************************************************************/ + /* Only updated OpenAppID detectors, so do not need to rebuild all interface rules. */ + /* Restart snort if running, and not in post-install, so as to pick up the detectors. */ + /**************************************************************************************/ + if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) { + if ($pkg_interface <> "console") { + update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...')); + update_output_window(gettext("Please wait ... restarting Snort will take some time...")); + } + error_log(gettext("\tRestarting Snort to activate the new OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE); + touch("{$g['varrun_path']}/snort_pkg_starting.lck"); + snort_restart_all_interfaces(TRUE); + sleep(2); + unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); + if ($pkg_interface <> "console") + update_output_window(gettext("Snort has restarted with your new set of OpenAppID detectors...")); + log_error(gettext("[Snort] Snort has restarted with your new set of OpenAppID detectors...")); + error_log(gettext("\tSnort has restarted with your new set of OpenAppID detectors.\n"), 3, SNORT_RULES_UPD_LOGFILE); } else { if ($pkg_interface <> "console") @@ -795,14 +842,17 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* remove $tmpfname files */ if (is_dir("{$tmpfname}")) { - exec("/bin/rm -rf {$tmpfname}"); + rmdir_recursive($tmpfname); } if ($pkg_interface <> "console") update_status(gettext("The Rules update has finished...")); log_error(gettext("[Snort] The Rules update has finished.")); -error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log); -conf_mount_ro(); +error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, SNORT_RULES_UPD_LOGFILE); + +/* Remount filesystem read-only if we changed it in this module */ +if ($mounted_rw == TRUE) + conf_mount_ro(); /* Restore the state of $pkg_interface */ $pkg_interface = $pkg_interface_orig; @@ -813,5 +863,5 @@ if ($update_errors) else $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success"); $config['installedpackages']['snortglobal']['last_rule_upd_time'] = time(); -write_config("Snort pkg: updated status for updated rules package(s) check."); +write_config("Snort pkg: updated status for updated rules package(s) check.", FALSE); ?> diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc new file mode 100644 index 00000000..6b362ce5 --- /dev/null +++ b/config/snort/snort_conf_template.inc @@ -0,0 +1,109 @@ +<?php + +// This is the template used to generate the snort.conf +// configuration file for the interface. The contents of +// this file are written to the snort.conf file for +// the interface. Key parameters are provided by the +// included string variables which are populated by the +// snort_generate_conf.php file. + +$snort_conf_text = <<<EOD +# snort configuration file +# generated automatically by the pfSense subsystems do not modify manually + +# Define Local Network # +ipvar HOME_NET [{$home_net}] +ipvar EXTERNAL_NET [{$external_net}] + +# Define Rule Path # +var RULE_PATH {$snortcfgdir}/rules + +# Define Servers # +{$ipvardef} + +# Define Server Ports # +{$portvardef} + +# Configure the snort decoder # +config checksum_mode: {$cksumcheck} +config disable_decode_alerts +config disable_tcpopt_experimental_alerts +config disable_tcpopt_obsolete_alerts +config disable_ttcp_alerts +config disable_tcpopt_alerts +config disable_ipopt_alerts +config disable_decode_drops + +# Enable the GTP decoder # +config enable_gtp + +# Configure PCRE match limitations +config pcre_match_limit: 3500 +config pcre_match_limit_recursion: 1500 + +# Configure the detection engine # +config detection: {$cfg_detect_settings} +config event_queue: max_queue 8 log 5 order_events content_length + +# Configure to show year in timestamps +config show_year + +# Configure protocol aware flushing # +# For more information see README.stream5 # +{$paf_max_pdu_config} + +# Configure dynamically loaded libraries +dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} +dynamicengine directory {$snort_dirs['dynamicengine']} +dynamicdetection directory {$snort_dirs['dynamicrules']} + +# Inline packet normalization. For more information, see README.normalize +# Disabled since we do not use "inline" mode with pfSense +# preprocessor normalize_ip4 +# preprocessor normalize_tcp: ips ecn stream +# preprocessor normalize_icmp4 +# preprocessor normalize_ip6 +# preprocessor normalize_icmp6 + +# Flow and stream # +{$frag3_global} + +{$frag3_engine} + +{$stream5_global} + +{$stream5_tcp_engine} + +{$stream5_udp_engine} + +{$stream5_icmp_engine} + +# HTTP Inspect # +{$http_inspect_global} + +{$http_inspect_servers} +{$snort_preprocessors} +{$host_attrib_config} + +# Snort Output Logs # +output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority {$alert_log_limit_size} +{$alertsystemlog_type} +{$snortunifiedlog_type} +{$spoink_type} + +# Misc Includes # +{$snort_misc_include_rules} + +{$suppress_file_name} + +# Snort user pass through configuration +{$snort_config_pass_thru} + +# Rules Selection # +{$selected_rules_sections} +EOD; + +// End of snort.conf template code + +?> + diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 4d1b3c2e..ee463ac9 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -100,9 +100,6 @@ $pconfig = $a_nat[$id]; $if_real = get_real_interface($pconfig['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; -/* alert file */ -$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; - if ($_POST['save']) { $natent = array(); @@ -138,7 +135,9 @@ if ($_POST['save']) { /* Update the snort conf file for this interface. */ $rebuild_rules = false; + conf_mount_rw(); snort_generate_conf($a_nat[$id]); + conf_mount_ro(); /* Soft-restart Snort to live-load new variables. */ snort_reload_config($a_nat[$id]); @@ -189,7 +188,9 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -202,6 +203,7 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc new file mode 100644 index 00000000..43ecada6 --- /dev/null +++ b/config/snort/snort_defs.inc @@ -0,0 +1,101 @@ +<?php +/* + * snort_defs.inc + * + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009-2010 Robert Zelaya + * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013,2014 Bill Meeks + * part of pfSense + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +global $g, $config; + +/* Define some useful constants for Snort */ +if (!defined("SNORT_PBI_BASEDIR")) + define("SNORT_PBI_BASEDIR", "/usr/pbi/snort-" . php_uname("m") . "/"); +if (!defined("SNORT_PBI_BINDIR")) + define("SNORT_PBI_BINDIR", SNORT_PBI_BASEDIR . "bin/"); +if (!defined("SNORTDIR")) + define("SNORTDIR", SNORT_PBI_BASEDIR . "etc/snort"); +if (!defined("SNORTLOGDIR")) + define("SNORTLOGDIR", "{$g['varlog_path']}/snort"); +if (!defined("SNORT_BIN_VERSION")) { + // Grab the Snort binary version programmatically + $snortver = array(); + $snortbindir = SNORT_PBI_BINDIR; + mwexec("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); + if (!empty($snortver[0])) + define("SNORT_BIN_VERSION", $snortver[0]); + else + define("SNORT_BIN_VERSION", "2.9.7.0"); +} +if (!defined("SNORT_SID_MODS_PATH")) + define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); +if (!defined("SNORT_IPREP_PATH")) + define("SNORT_IPREP_PATH", "{$g['vardb_path']}/snort/iprep/"); +if (!defined('SNORT_APPID_ODP_PATH')) + define('SNORT_APPID_ODP_PATH', SNORTDIR . "/appid/"); + +// Rules filenames, download URLs and prefixes. +// Be sure to include the trailing backslash on URLs. +if (!defined("SNORT_ENFORCING_RULES_FILENAME")) + define("SNORT_ENFORCING_RULES_FILENAME", "snort.rules"); +if (!defined("FLOWBITS_FILENAME")) + define("FLOWBITS_FILENAME", "flowbit-required.rules"); +if (!defined("SNORT_RULES_UPD_LOGFILE")) + define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); +if (!defined("VRT_DNLD_URL")) + define("VRT_DNLD_URL", "https://www.snort.org/rules/"); +if (!defined("ET_VERSION")) + define("ET_VERSION", "2.9.0"); +if (!defined("ET_BASE_DNLD_URL")) + define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); +if (!defined("ETPRO_BASE_DNLD_URL")) + define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); +if (!defined("SNORT_ET_DNLD_FILENAME")) + define("SNORT_ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("SNORT_ETPRO_DNLD_FILENAME")) + define("SNORT_ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +if (!defined("SNORT_GPLV2_DNLD_FILENAME")) + define("SNORT_GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +if (!defined("GPLV2_DNLD_URL")) + define("GPLV2_DNLD_URL", "https://www.snort.org/downloads/community/"); +if (!defined("SNORT_OPENAPPID_DNLD_URL")) + define("SNORT_OPENAPPID_DNLD_URL", "https://www.snort.org/downloads/openappid/"); +if (!defined("SNORT_OPENAPPID_DNLD_FILENAME")) + define("SNORT_OPENAPPID_DNLD_FILENAME", "snort-openappid.tar.gz"); +if (!defined("SNORT_RULES_UPD_LOGFILE")) + define("SNORT_RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log"); +if (!defined("VRT_FILE_PREFIX")) + define("VRT_FILE_PREFIX", "snort_"); +if (!defined("GPL_FILE_PREFIX")) + define("GPL_FILE_PREFIX", "GPLv2_"); +if (!defined("ET_OPEN_FILE_PREFIX")) + define("ET_OPEN_FILE_PREFIX", "emerging-"); +if (!defined("ET_PRO_FILE_PREFIX")) + define("ET_PRO_FILE_PREFIX", "etpro-"); + +?> diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index f35341f1..0fa20e08 100755 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -43,7 +43,6 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <form action="/snort/snort_download_updates.php" method="GET"> @@ -91,7 +90,7 @@ include("head.inc"); <?php $snort_gui_include = true; -include("/usr/local/www/snort/snort_check_for_rule_updates.php"); +include("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); /* hide progress bar and lets end this party */ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index ecc1e5b5..3f34cb7e 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -38,25 +38,19 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* Define some locally required variables from Snort constants */ $snortdir = SNORTDIR; -$snort_rules_upd_log = RULES_UPD_LOGFILE; +$snort_rules_upd_log = SNORT_RULES_UPD_LOGFILE; +$snortbinver = SNORT_BIN_VERSION; +$snortbinver = str_replace(".", "", $snortbinver); -/* Grab the Snort binary version programmatically and */ -/* use it to construct the proper Snort VRT rules */ -/* tarball filename. Fallback to a safe default if */ -/* we fail. */ -$snortver = array(); -exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -if (empty($snortver[0])) - $snortver[0] = "2.9.5.5"; -$snortver[0] = str_replace(".", "", $snortver[0]); - -$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; -$snort_community_rules_filename = GPLV2_DNLD_FILENAME; +$snort_rules_file = "snortrules-snapshot-{$snortbinver}.tar.gz"; +$snort_community_rules_filename = SNORT_GPLV2_DNLD_FILENAME; +$snort_openappid_filename = SNORT_OPENAPPID_DNLD_FILENAME; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; +$openappid_detectors = $config['installedpackages']['snortglobal']['openappid_detectors']; /* Get last update information if available */ if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time'])) @@ -69,22 +63,22 @@ else $last_rule_upd_status = gettext("Unknown"); if ($etpro == "on") { - $emergingthreats_filename = ETPRO_DNLD_FILENAME; - $et_name = "Emerging Threats Pro Rules"; + $emergingthreats_filename = SNORT_ETPRO_DNLD_FILENAME; + $et_name = gettext("Emerging Threats Pro Rules"); } else { - $emergingthreats_filename = ET_DNLD_FILENAME; - $et_name = "Emerging Threats Open Rules"; + $emergingthreats_filename = SNORT_ET_DNLD_FILENAME; + $et_name = gettext("Emerging Threats Open Rules"); } /* quick md5 chk of downloaded rules */ if ($snortdownload == 'on') { - $snort_org_sig_chk_local = 'Not Downloaded'; - $snort_org_sig_date = 'Not Downloaded'; + $snort_org_sig_chk_local = gettext("Not Downloaded"); + $snort_org_sig_date = gettext("Not Downloaded"); } else { - $snort_org_sig_chk_local = 'Not Enabled'; - $snort_org_sig_date = 'Not Enabled'; + $snort_org_sig_chk_local = gettext("Not Enabled"); + $snort_org_sig_date = gettext("Not Enabled"); } if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') { $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5"); @@ -92,12 +86,12 @@ if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on' } if ($etpro == "on" || $emergingthreats == "on") { - $emergingt_net_sig_chk_local = 'Not Downloaded'; - $emergingt_net_sig_date = 'Not Downloaded'; + $emergingt_net_sig_chk_local = gettext("Not Downloaded"); + $emergingt_net_sig_date = gettext("Not Downloaded"); } else { - $emergingt_net_sig_chk_local = 'Not Enabled'; - $emergingt_net_sig_date = 'Not Enabled'; + $emergingt_net_sig_chk_local = gettext("Not Enabled"); + $emergingt_net_sig_date = gettext("Not Enabled"); } if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) { $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5"); @@ -105,25 +99,37 @@ if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on } if ($snortcommunityrules == 'on') { - $snort_community_sig_chk_local = 'Not Downloaded'; - $snort_community_sig_sig_date = 'Not Downloaded'; + $snort_community_sig_chk_local = gettext("Not Downloaded"); + $snort_community_sig_date = gettext("Not Downloaded"); } else { - $snort_community_sig_chk_local = 'Not Enabled'; - $snort_community_sig_sig_date = 'Not Enabled'; + $snort_community_sig_chk_local = gettext("Not Enabled"); + $snort_community_sig_date = gettext("Not Enabled"); } if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') { $snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5"); - $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5")); + $snort_community_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5")); +} + +if ($openappid_detectors == 'on') { + $openappid_detectors_sig_chk_local = gettext("Not Downloaded"); + $openappid_detectors_sig_date = gettext("Not Downloaded"); +} +else { + $openappid_detectors_sig_chk_local = gettext("Not Enabled"); + $openappid_detectors_sig_date = gettext("Not Enabled"); +} +if (file_exists("{$snortdir}/{$snort_openappid_filename}.md5") && $openappid_detectors == 'on') { + $openappid_detectors_sig_chk_local = file_get_contents("{$snortdir}/{$snort_openappid_filename}.md5"); + $openappid_detectors_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_openappid_filename}.md5")); } /* Check for postback to see if we should clear the update log file. */ if (isset($_POST['clear'])) { - if (file_exists("{$snort_rules_upd_log}")) - mwexec("/bin/rm -f {$snort_rules_upd_log}"); + unlink_if_exists($snort_rules_upd_log); } -if (isset($_POST['check'])) { +if (isset($_POST['update'])) { header("Location: /snort/snort_download_rules.php"); exit; } @@ -133,12 +139,10 @@ if ($_POST['force']) { conf_mount_rw(); // Remove the existing MD5 signature files to force a download - if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5")) - @unlink("{$snortdir}/{$emergingthreats_filename}.md5"); - if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) - @unlink("{$snortdir}/{$snort_community_rules_filename}.md5"); - if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) - @unlink("{$snortdir}/{$snort_rules_file}.md5"); + unlink_if_exists("{$snortdir}/{$emergingthreats_filename}.md5"); + unlink_if_exists("{$snortdir}/{$snort_community_rules_filename}.md5"); + unlink_if_exists("{$snortdir}/{$snort_rules_file}.md5"); + unlink_if_exists("{$snortdir}/{$snort_openappid_filename}.md5"); // Revert file system to R/O. conf_mount_ro(); @@ -184,7 +188,9 @@ include_once("head.inc"); $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -206,20 +212,25 @@ include_once("head.inc"); </tr> </thead> <tr> - <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td> + <td align="center" class="vncell vexpl"><b><?=gettext("Snort VRT Rules");?></b></td> <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td> <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td> </tr> <tr> - <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td> + <td align="center" class="vncell vexpl"><b><?=gettext("Snort GPLv2 Community Rules");?></b></td> <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td> - <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_date);?></td> </tr> <tr> <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td> <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td> <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td> </tr> + <tr> + <td align="center" class="vncell vexpl"><b><?=gettext("Snort OpenAppID Detectors");?></b></td> + <td align="center" class="vncell vexpl"><? echo trim($openappid_detectors_sig_chk_local);?></td> + <td align="center" class="vncell vexpl"><?php echo gettext($openappid_detectors_sig_date);?></td> + </tr> </table><br/> </td> </tr> @@ -251,12 +262,12 @@ include_once("head.inc"); <p style="text-align:center;" class="vexpl"> <font class="red"><b><?php echo gettext("WARNING:");?></b></font> <?php echo gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + gettext('Visit the ') . '<a href="/snort/snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> <br/></p> <?php else: ?> <br/> - <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn" - title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/> + <input type="submit" value="<?=gettext("Update");?>" name="update" id="update" class="formbtn" + title="<?php echo gettext("Check for and apply new update to enabled rule sets"); ?>"/> <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn" title="<?=gettext("Force an update of all enabled rule sets");?>" onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/> diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index a5ec0aad..04be18e7 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -68,7 +68,9 @@ if ($_POST['clear']) { $a_nat[$id]['host_attribute_table'] = 'off'; write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; + conf_mount_rw(); snort_generate_conf($a_nat[$id]); + conf_mount_ro(); $pconfig['host_attribute_data'] = ""; } @@ -80,7 +82,9 @@ if ($_POST['save']) { $a_nat[$id]['host_attribute_table'] = 'off'; write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; + conf_mount_rw(); snort_generate_conf($a_nat[$id]); + conf_mount_ro(); $pconfig['host_attribute_data'] = $_POST['host_attribute_data']; } diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php new file mode 100644 index 00000000..1d56fc13 --- /dev/null +++ b/config/snort/snort_generate_conf.php @@ -0,0 +1,1397 @@ +<?php +/* + * snort_generate_conf.php + * + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009-2010 Robert Zelaya + * Copyright (C) 2011-2012 Ermal Luci + * Copyright (C) 2013,2014 Bill Meeks + * part of pfSense + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/**************************************************************************/ +/* This code reads the stored Snort configuration and constructs a series */ +/* of string variables that are used as values for placeholders in the */ +/* snort_conf_template.inc file. These strings along with text in the */ +/* template are used to create the snort.conf file for the interface. */ +/**************************************************************************/ + +/* Custom home nets */ +$home_net_list = snort_build_list($snortcfg, $snortcfg['homelistname']); +$home_net = implode(",", $home_net_list); +$home_net = trim($home_net); +$external_net = ""; +if (!empty($snortcfg['externallistname']) && $snortcfg['externallistname'] != 'default') { + $external_net_list = snort_build_list($snortcfg, $snortcfg['externallistname'], false, true); + $external_net = implode(",", $external_net_list); + $external_net = "[" . trim($external_net) . "]"; +} +else { + foreach ($home_net_list as $ip) + $external_net .= "!{$ip},"; + $external_net = trim($external_net, ', '); +} + +/* User added custom configuration arguments */ +$snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); +// Remove the trailing newline +$snort_config_pass_thru = rtrim($snort_config_pass_thru); + +/* create a few directories and ensure the sample files are in place */ +$snort_dirs = array( $snortdir, $snortcfgdir, "{$snortcfgdir}/rules", + "{$snortlogdir}/snort_{$if_real}{$snort_uuid}", + "{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2", + "{$snortcfgdir}/preproc_rules", + "dynamicrules" => "{$snortlibdir}/snort_dynamicrules", + "dynamicengine" => "{$snortlibdir}/snort_dynamicengine", + "dynamicpreprocessor" => "{$snortcfgdir}/snort_dynamicpreprocessor" +); +foreach ($snort_dirs as $dir) { + if (!is_dir($dir)) + safe_mkdir($dir); +} + +/********************************************************************/ +/* For fail-safe on an initial startup following installation, and */ +/* before a rules update has occurred, copy the default config */ +/* files to the interface directory. If files already exist in */ +/* the interface directory, or they are newer, that means a rule */ +/* update has been done and we should leave the customized files */ +/* put in place by the rules update process. */ +/********************************************************************/ +$snort_files = array("gen-msg.map", "classification.config", "reference.config", "attribute_table.dtd", + "sid-msg.map", "unicode.map", "file_magic.conf", "threshold.conf", "preproc_rules/preprocessor.rules", + "preproc_rules/decoder.rules", "preproc_rules/sensitive-data.rules" + ); +foreach ($snort_files as $file) { + if (file_exists("{$snortdir}/{$file}")) { + $ftime = filemtime("{$snortdir}/{$file}"); + if (!file_exists("{$snortcfgdir}/{$file}") || ($ftime > filemtime("{$snortcfgdir}/{$file}"))) + @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); + } +} + +/* define alert log limit */ +if (!empty($config['installedpackages']['snortglobal']['alert_log_limit_size']) && $config['installedpackages']['snortglobal']['alert_log_limit_size'] != "0") + $alert_log_limit_size = $config['installedpackages']['snortglobal']['alert_log_limit_size'] . "K"; +else + $alert_log_limit_size = ""; + +/* define alertsystemlog */ +$alertsystemlog_type = ""; +if ($snortcfg['alertsystemlog'] == "on") { + $alertsystemlog_type = "output alert_syslog: "; + if (!empty($snortcfg['alertsystemlog_facility'])) + $alertsystemlog_type .= strtoupper($snortcfg['alertsystemlog_facility']) . " "; + else + $alertsystemlog_type .= "LOG_AUTH "; + if (!empty($snortcfg['alertsystemlog_priority'])) + $alertsystemlog_type .= strtoupper($snortcfg['alertsystemlog_priority']) . " "; + else + $alertsystemlog_type .= "LOG_ALERT "; +} + +/* define snortunifiedlog */ +$snortunifiedlog_type = ""; +if ($snortcfg['barnyard_enable'] == "on") { + if (isset($snortcfg['unified2_log_limit'])) + $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; + else + $u2_log_limit = "limit 128K"; + + $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; + if ($snortcfg['barnyard_log_vlan_events'] == 'on') + $snortunifiedlog_type .= ", vlan_event_types"; + if ($snortcfg['barnyard_log_mpls_events'] == 'on') + $snortunifiedlog_type .= ", mpls_event_types"; + + // If AppID detector is enabled, add it to unified2 logging + if ($snortcfg['appid_preproc'] == 'on' ) + $snortunifiedlog_type .= ", appid_event_types"; +} + +/* define spoink */ +$spoink_type = ""; +if ($snortcfg['blockoffenders7'] == "on") { + $pfkill = ""; + if ($snortcfg['blockoffenderskill'] == "on") + $pfkill = "kill"; + $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true); + /* write Pass List */ + @file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist)); + $spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; +} + +/* define selected suppress file */ +$suppress_file_name = ""; +$suppress = snort_find_list($snortcfg['suppresslistname'], 'suppress'); +if (!empty($suppress)) { + $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); + @file_put_contents("{$snortcfgdir}/supp{$snortcfg['suppresslistname']}", $suppress_data); + $suppress_file_name = "include {$snortcfgdir}/supp{$snortcfg['suppresslistname']}"; +} + +/* set the snort performance model */ +$snort_performance = "ac-bnfa"; +if(!empty($snortcfg['performance'])) + $snort_performance = $snortcfg['performance']; + +/* if user has defined a custom ssh port, use it */ +if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; +else + $ssh_port = "22"; + +/* Define an array of default values for the various preprocessor ports */ +$snort_ports = array( + "dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,465,587,691", + "http_ports" => "36,80,81,82,83,84,85,86,87,88,89,90,311,383,591,593,631,901,1220,1414,1533,1741,1830,2301,2381,2809,3037,3057,3128,3443,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8081,8082,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,10000,11371,15489,29991,33300,34412,34443,34444,41080,44440,50000,50002,51423,55555,56712", + "oracle_ports" => "1024:", "mssql_ports" => "1433", "telnet_ports" => "23", + "snmp_ports" => "161", "ftp_ports" => "21,2100,3535", "ssh_ports" => $ssh_port, + "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", + "sip_ports" => "5060,5061,5600", "auth_ports" => "113", "finger_ports" => "79", + "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", + "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", + "ssl_ports" => "443,465,563,636,989,992,993,994,995,7801,7802,7900,7901,7902,7903,7904,7905,7906,7907,7908,7909,7910,7911,7912,7913,7914,7915,7916,7917,7918,7919,7920", + "file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", + "sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", + "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", + "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", + "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", + "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502", + "GTP_PORTS" => "2123,2152,3386" +); + +/* Check for defined Aliases that may override default port settings as we build the portvars array */ +$portvardef = ""; +foreach ($snort_ports as $alias => $avalue) { + if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) + $snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"])); + $snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias])); + $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n"; +} + +/* Define the default ports for the Stream5 preprocessor (formatted for easier reading in the snort.conf file) */ +$stream5_ports_client = "21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 \\\n"; +$stream5_ports_client .= "\t 139 143 161 445 513 514 587 593 691 1433 1521 1741 \\\n"; +$stream5_ports_client .= "\t 2100 3306 6070 6665 6666 6667 6668 6669 7000 8181 \\\n"; +$stream5_ports_client .= "\t 32770 32771 32772 32773 32774 32775 32776 32777 \\\n"; +$stream5_ports_client .= "\t 32778 32779"; +$stream5_ports_both = "80 81 82 83 84 85 86 87 88 89 90 110 311 383 443 465 563 \\\n"; +$stream5_ports_both .= "\t 591 593 631 636 901 989 992 993 994 995 1220 1414 1533 \\\n"; +$stream5_ports_both .= "\t 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 \\\n"; +$stream5_ports_both .= "\t 5250 6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 \\\n"; +$stream5_ports_both .= "\t 7779 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 \\\n"; +$stream5_ports_both .= "\t 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 \\\n"; +$stream5_ports_both .= "\t 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 \\\n"; +$stream5_ports_both .= "\t 8123 8180 8222 8243 8280 8300 8500 8800 8888 8899 9000 \\\n"; +$stream5_ports_both .= "\t 9060 9080 9090 9091 9443 9999 10000 11371 15489 29991 \\\n"; +$stream5_ports_both .= "\t 33300 34412 34443 34444 41080 44440 50000 50002 51423 \\\n"; +$stream5_ports_both .= "\t 55555 56712"; + +/*********************/ +/* preprocessor code */ +/*********************/ + +/* def perform_stat */ + +if (!empty($config['installedpackages']['snortglobal']['stats_log_limit_size']) && $config['installedpackages']['snortglobal']['stats_log_limit_size'] != "0") + $stats_log_limit = "max_file_size " . $config['installedpackages']['snortglobal']['stats_log_limit_size'] * 1000; +else + $stats_log_limit = ""; +$perform_stat = <<<EOD +# Performance Statistics # +preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 {$stats_log_limit} + +EOD; + +/* def ftp_preprocessor */ + +$telnet_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['telnet_ports'])); +$ftp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ftp_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($telnet_ports) || empty($telnet_ports)) + $telnet_ports = "23"; +if (!isset($ftp_ports) || empty($ftp_ports)) + $ftp_ports = "21 2100 3535"; + +// Configure FTP_Telnet global options +$ftp_telnet_globals = "inspection_type "; +if ($snortcfg['ftp_telnet_inspection_type'] != "") { $ftp_telnet_globals .= $snortcfg['ftp_telnet_inspection_type']; }else{ $ftp_telnet_globals .= "stateful"; } +if ($snortcfg['ftp_telnet_alert_encrypted'] == "on") + $ftp_telnet_globals .= " \\\n\tencrypted_traffic yes"; +else + $ftp_telnet_globals .= " \\\n\tencrypted_traffic no"; +if ($snortcfg['ftp_telnet_check_encrypted'] == "on") + $ftp_telnet_globals .= " \\\n\tcheck_encrypted"; + +// Configure FTP_Telnet Telnet protocol options +$ftp_telnet_protocol = "ports { {$telnet_ports} }"; +if ($snortcfg['ftp_telnet_normalize'] == "on") + $ftp_telnet_protocol .= " \\\n\tnormalize"; +if ($snortcfg['ftp_telnet_detect_anomalies'] == "on") + $ftp_telnet_protocol .= " \\\n\tdetect_anomalies"; +if ($snortcfg['ftp_telnet_ayt_attack_threshold'] <> '0') { + $ftp_telnet_protocol .= " \\\n\tayt_attack_thresh "; + if ($snortcfg['ftp_telnet_ayt_attack_threshold'] != "") + $ftp_telnet_protocol .= $snortcfg['ftp_telnet_ayt_attack_threshold']; + else + $ftp_telnet_protocol .= "20"; +} + +// Setup the standard FTP commands used for all FTP Server engines +$ftp_cmds = <<<EOD + ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ + ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ + ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ + ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \ + ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ + ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ + ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ + ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ + ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ + ftp_cmds { XSEN XSHA1 XSHA256 } \ + alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ + alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ + alt_max_param_len 256 { CWD RNTO } \ + alt_max_param_len 400 { PORT } \ + alt_max_param_len 512 { MFMT SIZE } \ + chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ + chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ + chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ + chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ + chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ + chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ + chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ + chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ + cmd_validity ALLO < int [ char R int ] > \ + cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ + cmd_validity MACB < string > \ + cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ + cmd_validity MODE < char ASBCZ > \ + cmd_validity PORT < host_port > \ + cmd_validity PROT < char CSEP > \ + cmd_validity STRU < char FRPO [ string ] > \ + cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > + +EOD; + +// Configure all the FTP_Telnet FTP protocol options +// Iterate and configure the FTP Client engines +$ftp_default_client_engine = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, + "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", + "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); + +if (!is_array($snortcfg['ftp_client_engine']['item'])) + $snortcfg['ftp_client_engine']['item'] = array(); + +// If no FTP client engine is configured, use the default +// to keep from breaking Snort. +if (empty($snortcfg['ftp_client_engine']['item'])) + $snortcfg['ftp_client_engine']['item'][] = $ftp_default_client_engine; +$ftp_client_engine = ""; + +foreach ($snortcfg['ftp_client_engine']['item'] as $f => $v) { + $buffer = "preprocessor ftp_telnet_protocol: ftp client "; + if ($v['name'] == "default" && $v['bind_to'] == "all") + $buffer .= "default \\\n"; + elseif (is_alias($v['bind_to'])) { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ' ', $tmp); + $buffer .= "{$tmp} \\\n"; + } + else { + log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); + continue; + } + } + else { + log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); + continue; + } + + if ($v['max_resp_len'] == "") + $buffer .= "\tmax_resp_len 256 \\\n"; + else + $buffer .= "\tmax_resp_len {$v['max_resp_len']} \\\n"; + + $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; + $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; + + if ($v['bounce'] == "yes") { + if (is_alias($v['bounce_to_net']) && is_alias($v['bounce_to_port'])) { + $net = trim(filter_expand_alias($v['bounce_to_net'])); + $port = trim(filter_expand_alias($v['bounce_to_port'])); + if (!empty($net) && !empty($port) && + snort_is_single_addr_alias($v['bounce_to_net']) && + (is_port($port) || is_portrange($port))) { + $port = preg_replace('/\s+/', ',', $port); + // Change port range delimiter to comma for ftp_telnet client preprocessor + if (is_portrange($port)) + $port = str_replace(":", ",", $port); + $buffer .= "\tbounce yes \\\n"; + $buffer .= "\tbounce_to { {$net},{$port} }\n"; + } + else { + // One or both of the BOUNCE_TO alias values is not right, + // so figure out which and log an appropriate error. + if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) + log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); + if (empty($port) || !(is_port($port) || is_portrange($port))) + log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); + $buffer .= "\tbounce yes\n"; + } + } + else + $buffer .= "\tbounce yes\n"; + } + else + $buffer .= "\tbounce no\n"; + + // Add this FTP client engine to the master string + $ftp_client_engine .= "{$buffer}\n"; +} +// Trim final trailing newline +rtrim($ftp_client_engine); + +// Iterate and configure the FTP Server engines +$ftp_default_server_engine = array( "name" => "default", "bind_to" => "all", "ports" => "default", + "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", + "ignore_data_chan" => "no", "def_max_param_len" => 100 ); + +if (!is_array($snortcfg['ftp_server_engine']['item'])) + $snortcfg['ftp_server_engine']['item'] = array(); + +// If no FTP server engine is configured, use the default +// to keep from breaking Snort. +if (empty($snortcfg['ftp_server_engine']['item'])) + $snortcfg['ftp_server_engine']['item'][] = $ftp_default_server_engine; +$ftp_server_engine = ""; + +foreach ($snortcfg['ftp_server_engine']['item'] as $f => $v) { + $buffer = "preprocessor ftp_telnet_protocol: ftp server "; + if ($v['name'] == "default" && $v['bind_to'] == "all") + $buffer .= "default \\\n"; + elseif (is_alias($v['bind_to'])) { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ' ', $tmp); + $buffer .= "{$tmp} \\\n"; + } + else { + log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); + continue; + } + } + else { + log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); + continue; + } + + if ($v['def_max_param_len'] == "") + $buffer .= "\tdef_max_param_len 100 \\\n"; + elseif ($v['def_max_param_len'] <> '0') + $buffer .= "\tdef_max_param_len {$v['def_max_param_len']} \\\n"; + + if ($v['ports'] == "default" || !is_alias($v['ports']) || empty($v['ports'])) + $buffer .= "\tports { {$ftp_ports} } \\\n"; + elseif (is_alias($v['ports'])) { + $tmp = trim(filter_expand_alias($v['ports'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ' ', $tmp); + $tmp = snort_expand_port_range($tmp, ' '); + $buffer .= "\tports { {$tmp} } \\\n"; + } + else { + log_error("[snort] ERROR: unable to resolve Port Alias '{$v['ports']}' for FTP server '{$v['name']}' ... reverting to defaults."); + $buffer .= "\tports { {$ftp_ports} } \\\n"; + } + } + + $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; + $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; + if ($v['ignore_data_chan'] == "yes") + $buffer .= "\tignore_data_chan yes \\\n"; + $buffer .= "{$ftp_cmds}\n"; + + // Add this FTP server engine to the master string + $ftp_server_engine .= $buffer; +} +// Remove trailing newlines +rtrim($ftp_server_engine); + + $ftp_preprocessor = <<<EOD +# ftp_telnet preprocessor # +preprocessor ftp_telnet: global \ + {$ftp_telnet_globals} + +preprocessor ftp_telnet_protocol: telnet \ + {$ftp_telnet_protocol} + +{$ftp_server_engine} +{$ftp_client_engine} +EOD; + +/* def pop_preprocessor */ + +$pop_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['pop3_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($pop_ports) || empty($pop_ports)) + $pop_ports = "110"; + +if (isset($snortcfg['pop_memcap'])) + $pop_memcap = $snortcfg['pop_memcap']; +else + $pop_memcap = "838860"; +if (isset($snortcfg['pop_qp_decode_depth'])) + $pop_qp_decode_depth = $snortcfg['pop_qp_decode_depth']; +else + $pop_qp_decode_depth = "0"; +if (isset($snortcfg['pop_b64_decode_depth'])) + $pop_b64_decode_depth = $snortcfg['pop_b64_decode_depth']; +else + $pop_b64_decode_depth = "0"; +if (isset($snortcfg['pop_bitenc_decode_depth'])) + $pop_bitenc_decode_depth = $snortcfg['pop_bitenc_decode_depth']; +else + $pop_bitenc_decode_depth = "0"; +if (isset($snortcfg['pop_uu_decode_depth'])) + $pop_uu_decode_depth = $snortcfg['pop_uu_decode_depth']; +else + $pop_uu_decode_depth = "0"; +$pop_preproc = <<<EOD +# POP preprocessor # +preprocessor pop: \ + ports { {$pop_ports} } \ + memcap {$pop_memcap} \ + qp_decode_depth {$pop_qp_decode_depth} \ + b64_decode_depth {$pop_b64_decode_depth} \ + bitenc_decode_depth {$pop_bitenc_decode_depth} \ + uu_decode_depth {$pop_uu_decode_depth} + +EOD; + +/* def imap_preprocessor */ + +$imap_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['imap_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($imap_ports) || empty($imap_ports)) + $imap_ports = "143"; + +if (isset($snortcfg['imap_memcap'])) + $imap_memcap = $snortcfg['imap_memcap']; +else + $imap_memcap = "838860"; +if (isset($snortcfg['imap_qp_decode_depth'])) + $imap_qp_decode_depth = $snortcfg['imap_qp_decode_depth']; +else + $imap_qp_decode_depth = "0"; +if (isset($snortcfg['imap_b64_decode_depth'])) + $imap_b64_decode_depth = $snortcfg['imap_b64_decode_depth']; +else + $imap_b64_decode_depth = "0"; +if (isset($snortcfg['imap_bitenc_decode_depth'])) + $imap_bitenc_decode_depth = $snortcfg['imap_bitenc_decode_depth']; +else + $imap_bitenc_decode_depth = "0"; +if (isset($snortcfg['imap_uu_decode_depth'])) + $imap_uu_decode_depth = $snortcfg['imap_uu_decode_depth']; +else + $imap_uu_decode_depth = "0"; +$imap_preproc = <<<EOD +# IMAP preprocessor # +preprocessor imap: \ + ports { {$imap_ports} } \ + memcap {$imap_memcap} \ + qp_decode_depth {$imap_qp_decode_depth} \ + b64_decode_depth {$imap_b64_decode_depth} \ + bitenc_decode_depth {$imap_bitenc_decode_depth} \ + uu_decode_depth {$imap_uu_decode_depth} + +EOD; + +/* def smtp_preprocessor */ + +$smtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['mail_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($smtp_ports) || empty($smtp_ports)) + $smtp_ports = "25 465 587 691"; + +if (isset($snortcfg['smtp_memcap'])) + $smtp_memcap = $snortcfg['smtp_memcap']; +else + $smtp_memcap = "838860"; +if (isset($snortcfg['smtp_max_mime_mem'])) + $smtp_max_mime_mem = $snortcfg['smtp_max_mime_mem']; +else + $smtp_max_mime_mem = "838860"; +if (isset($snortcfg['smtp_qp_decode_depth'])) + $smtp_qp_decode_depth = $snortcfg['smtp_qp_decode_depth']; +else + $smtp_qp_decode_depth = "0"; +if (isset($snortcfg['smtp_b64_decode_depth'])) + $smtp_b64_decode_depth = $snortcfg['smtp_b64_decode_depth']; +else + $smtp_b64_decode_depth = "0"; +if (isset($snortcfg['smtp_bitenc_decode_depth'])) + $smtp_bitenc_decode_depth = $snortcfg['smtp_bitenc_decode_depth']; +else + $smtp_bitenc_decode_depth = "0"; +if (isset($snortcfg['smtp_uu_decode_depth'])) + $smtp_uu_decode_depth = $snortcfg['smtp_uu_decode_depth']; +else + $smtp_uu_decode_depth = "0"; +if (isset($snortcfg['smtp_email_hdrs_log_depth']) && $snortcfg['smtp_email_hdrs_log_depth'] != '0') + $smtp_email_hdrs_log_depth = $snortcfg['smtp_email_hdrs_log_depth']; +else + $smtp_email_hdrs_log_depth = "0"; +$smtp_boolean_params = ""; +if ($snortcfg['smtp_ignore_data'] == 'on') + $smtp_boolean_params .= "\tignore_data \\\n"; +if ($snortcfg['smtp_ignore_tls_data'] == 'on') + $smtp_boolean_params .= "\tignore_tls_data \\\n"; +if ($snortcfg['smtp_log_mail_from'] == 'on') + $smtp_boolean_params .= "\tlog_mailfrom \\\n"; +if ($snortcfg['smtp_log_rcpt_to'] == 'on') + $smtp_boolean_params .= "\tlog_rcptto \\\n"; +if ($snortcfg['smtp_log_filename'] == 'on') + $smtp_boolean_params .= "\tlog_filename \\\n"; +if ($snortcfg['smtp_log_email_hdrs'] == 'on') + $smtp_boolean_params .= "\tlog_email_hdrs\\\n"; +$smtp_boolean_params = trim($smtp_boolean_params, "\t\n\\"); +$smtp_preprocessor = <<<EOD +# SMTP preprocessor # +preprocessor SMTP: \ + ports { {$smtp_ports} } \ + inspection_type stateful \ + normalize cmds \ + memcap {$smtp_memcap} \ + max_mime_mem {$smtp_max_mime_mem} \ + valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT \ + NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU \ + STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE \ + XQUEU XSTA XTRN XUSR } \ + normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY \ + IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT \ + ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 \ + XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + max_header_line_len 1000 \ + max_response_line_len 512 \ + alt_max_command_line_len 260 { MAIL } \ + alt_max_command_line_len 300 { RCPT } \ + alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ + alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ + alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ + alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ + alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ + xlink2state { enable } \ + {$smtp_boolean_params} \ + email_hdrs_log_depth {$smtp_email_hdrs_log_depth} \ + qp_decode_depth {$smtp_qp_decode_depth} \ + b64_decode_depth {$smtp_b64_decode_depth} \ + bitenc_decode_depth {$smtp_bitenc_decode_depth} \ + uu_decode_depth {$smtp_uu_decode_depth} + +EOD; + +/* def sf_portscan */ + +$sf_pscan_protocol = "all"; +if (!empty($snortcfg['pscan_protocol'])) + $sf_pscan_protocol = $snortcfg['pscan_protocol']; +$sf_pscan_type = "all"; +if (!empty($snortcfg['pscan_type'])) + $sf_pscan_type = $snortcfg['pscan_type']; +$sf_pscan_memcap = "10000000"; +if (!empty($snortcfg['pscan_memcap'])) + $sf_pscan_memcap = $snortcfg['pscan_memcap']; +$sf_pscan_sense_level = "medium"; +if (!empty($snortcfg['pscan_sense_level'])) + $sf_pscan_sense_level = $snortcfg['pscan_sense_level']; +$sf_pscan_ignore_scanners = "\$HOME_NET"; +if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) { + $sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners'])); + $sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners)); +} + +$sf_portscan = <<<EOD +# sf Portscan # +preprocessor sfportscan: \ + scan_type { {$sf_pscan_type} } \ + proto { {$sf_pscan_protocol} } \ + memcap { {$sf_pscan_memcap} } \ + sense_level { {$sf_pscan_sense_level} } \ + ignore_scanners { {$sf_pscan_ignore_scanners} } + +EOD; + +/* def ssh_preproc */ + +$ssh_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssh_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($ssh_ports) || empty($ssh_ports)) + $ssh_ports = "22"; +$ssh_preproc = <<<EOD +# SSH preprocessor # +preprocessor ssh: \ + server_ports { {$ssh_ports} } \ + autodetect \ + max_client_bytes 19600 \ + max_encrypted_packets 20 \ + max_server_version_len 100 \ + enable_respoverflow enable_ssh1crc32 \ + enable_srvoverflow enable_protomismatch + +EOD; + +/* def other_preprocs */ + +$sun_rpc_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sun_rpc_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($sun_rpc_ports) || empty($sun_rpc_ports)) + $sun_rpc_ports = "111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779"; +$other_preprocs = <<<EOD +# Other preprocs # +preprocessor rpc_decode: \ + {$sun_rpc_ports} \ + no_alert_multiple_requests \ + no_alert_large_fragments \ + no_alert_incomplete + +# Back Orifice preprocessor # +preprocessor bo + +EOD; + +/* def dce_rpc_2 */ + +$dce_rpc_2 = <<<EOD +# DCE/RPC 2 # +preprocessor dcerpc2: \ + memcap 102400, \ + events [co] + +preprocessor dcerpc2_server: default, \ + policy WinXP, \ + detect [smb [{$snort_ports['smb_ports']}], \ + tcp 135, \ + udp 135, \ + rpc-over-http-server 593], \ + autodetect [tcp 1025:, \ + udp 1025:, \ + rpc-over-http-server 1025:], \ + smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] + +EOD; + + +/* def sip_preprocessor */ + +$sip_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sip_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($sip_ports) || empty($sip_ports)) + $sip_ports = "5060 5061 5600"; +$sip_preproc = <<<EOD +# SIP preprocessor # +preprocessor sip: \ + max_sessions 40000, \ + ports { {$sip_ports} }, \ + methods { invite \ + cancel \ + ack \ + bye \ + register \ + options \ + refer \ + subscribe \ + update \ + join \ + info \ + message \ + notify \ + benotify \ + do \ + qauth \ + sprack \ + publish \ + service \ + unsubscribe \ + prack }, \ + max_call_id_len 80, \ + max_from_len 256, \ + max_to_len 256, \ + max_via_len 1024, \ + max_requestName_len 50, \ + max_uri_len 512, \ + ignore_call_channel, \ + max_content_len 2048, \ + max_contact_len 512 + +EOD; + +/* def dns_preprocessor */ + +$dns_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['dns_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($dns_ports) || empty($dns_ports)) + $dns_ports = "53"; +$dns_preprocessor = <<<EOD +# DNS preprocessor # +preprocessor dns: \ + ports { {$dns_ports} } \ + enable_rdata_overflow + +EOD; + +/* def dnp3_preprocessor */ + +$dnp3_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['DNP3_PORTS'])); + +// Make sure we have port numbers or else use defaults +if (!isset($dnp3_ports) || empty($dnp3_ports)) + $dnp3_ports = "20000"; +$dnp3_preproc = <<<EOD +# DNP3 preprocessor # +preprocessor dnp3: \ + ports { {$dnp3_ports} } \ + memcap 262144 \ + check_crc + +EOD; + +/* def modbus_preprocessor */ + +$modbus_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['MODBUS_PORTS'])); + +// Make sure we have port numbers or else use defaults +if (!isset($modbus_ports) || empty($modbus_ports)) + $modbus_ports = "502"; +$modbus_preproc = <<<EOD +# Modbus preprocessor # +preprocessor modbus: \ + ports { {$modbus_ports} } + +EOD; + +/* def gtp_preprocessor */ + +$gtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['GTP_PORTS'])); + +// Make sure we have port numbers or else use defaults +if (!isset($gtp_ports) || empty($gtp_ports)) + $gtp_ports = "2123 3386 2152"; +$gtp_preproc = <<<EOD +# GTP preprocessor # +preprocessor gtp: \ + ports { {$gtp_ports} } + +EOD; + +/* def ssl_preprocessor */ + +$ssl_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssl_ports'])); + +// Make sure we have port numbers or else use defaults +if (!isset($ssl_ports) || empty($ssl_ports)) + $ssl_ports = "443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920"; +$ssl_preproc = <<<EOD +# SSL preprocessor # +preprocessor ssl: \ + ports { {$ssl_ports} }, \ + trustservers, \ + noinspect_encrypted + +EOD; + +/* def sensitive_data_preprocessor */ + +if ($snortcfg['sdf_mask_output'] == "on") + $sdf_mask_output = "\\\n\tmask_output"; +else + $sdf_mask_output = ""; +if (empty($snortcfg['sdf_alert_threshold'])) + $snortcfg['sdf_alert_threshold'] = 25; +$sensitive_data = <<<EOD +# SDF preprocessor # +preprocessor sensitive_data: \ + alert_threshold {$snortcfg['sdf_alert_threshold']} {$sdf_mask_output} + +EOD; + +/* define IP Reputation preprocessor */ + +if (is_array($snortcfg['blist_files']['item'])) { + $blist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['blist_files']['item'] as $blist) { + if ($bIsFirst) { + $blist_files .= "blacklist " . SNORT_IPREP_PATH . $blist; + $bIsFirst = FALSE; + } + else + $blist_files .= ", \\ \n\tblacklist " . SNORT_IPREP_PATH . $blist; + } +} +if (is_array($snortcfg['wlist_files']['item'])) { + $wlist_files = ""; + $bIsFirst = TRUE; + foreach ($snortcfg['wlist_files']['item'] as $wlist) { + if ($bIsFirst) { + $wlist_files .= "whitelist " . SNORT_IPREP_PATH . $wlist; + $bIsFirst = FALSE; + } + else + $wlist_files .= ", \\ \n\twhitelist " . SNORT_IPREP_PATH . $wlist; + } +} +if (!empty($blist_files)) + $ip_lists = $blist_files; +if (!empty($wlist_files)) + $ip_lists .= ", \\ \n" . $wlist_files; +if ($snortcfg['iprep_scan_local'] == 'on') + $ip_lists .= ", \\ \n\tscan_local"; + +$reputation_preproc = <<<EOD +# IP Reputation preprocessor # +preprocessor reputation: \ + memcap {$snortcfg['iprep_memcap']}, \ + priority {$snortcfg['iprep_priority']}, \ + nested_ip {$snortcfg['iprep_nested_ip']}, \ + white {$snortcfg['iprep_white']}, \ + {$ip_lists} + +EOD; + +/* def AppID preprocessor */ +$appid_memcap = $snortcfg['sf_appid_mem_cap'] * 1024 * 1024; +$appid_params = "app_detector_dir " . SNORT_APPID_ODP_PATH . ", \\\n\tmemcap {$appid_memcap}"; +if ($snortcfg['sf_appid_statslog'] == "on") { + $appid_params .= ", \\\n\tapp_stats_filename app-stats.log"; + $appid_params .= ", \\\n\tapp_stats_period {$snortcfg['sf_appid_stats_period']}"; + $appid_params .= ", \\\n\tapp_stats_rollover_size " . strval($config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] * 1024); + $appid_params .= ", \\\n\tapp_stats_rollover_time 86400"; +} + +$appid_preproc = <<<EOD +# AppID preprocessor # +preprocessor appid: \ + {$appid_params} + +EOD; + +/***************************************/ +/* end of preprocessor string var code */ +/***************************************/ + +/* define servers as IP variables */ +$snort_servers = array ( + "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", + "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", + "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", + "pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", + "sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", + "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", + "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", + "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" + ); + +// Change old name from "var" to new name of "ipvar" for IP variables because +// Snort is deprecating the old "var" name in newer versions. +$ipvardef = ""; +foreach ($snort_servers as $alias => $avalue) { + if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) { + $avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"])); + $avalue = preg_replace('/\s+/', ',', trim($avalue)); + } + $ipvardef .= "ipvar " . strtoupper($alias) . " [{$avalue}]\n"; +} + +$snort_preproc_libs = array( + "dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc", + "pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc", + "sip_preproc" => "sip_preproc", "gtp_preproc" => "gtp_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", + "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc", "appid_preproc" => "appid_preproc" +); +$snort_preproc = array ( + "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", + "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "appid_preproc" +); +$default_disabled_preprocs = array( + "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat", "appid_preproc" +); +$snort_preprocessors = ""; +foreach ($snort_preproc as $preproc) { + if ($snortcfg[$preproc] == 'on' || empty($snortcfg[$preproc]) ) { + + /* If preprocessor is not explicitly "on" or "off", then default to "off" if in our default disabled list */ + if (empty($snortcfg[$preproc]) && in_array($preproc, $default_disabled_preprocs)) + continue; + + /* NOTE: The $$ is not a bug. It is an advanced feature of php */ + if (!empty($snort_preproc_libs[$preproc])) { + $preproclib = "libsf_" . $snort_preproc_libs[$preproc]; + if (!file_exists($snort_dirs['dynamicpreprocessor'] . "{$preproclib}.so")) { + if (file_exists("{$snortlibdir}/snort_dynamicpreprocessor/{$preproclib}.so")) { + @copy("{$snortlibdir}/snort_dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so"); + $snort_preprocessors .= $$preproc; + $snort_preprocessors .= "\n"; + } else + log_error("Could not find the {$preproclib} file. Snort might error out!"); + } else { + $snort_preprocessors .= $$preproc; + $snort_preprocessors .= "\n"; + } + } else { + $snort_preprocessors .= $$preproc; + $snort_preprocessors .= "\n"; + } + } +} +// Remove final trailing newline +$snort_preprocessors = rtrim($snort_preprocessors); + +$snort_misc_include_rules = ""; +if (file_exists("{$snortcfgdir}/reference.config")) + $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; +if (file_exists("{$snortcfgdir}/classification.config")) + $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; +if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) { + $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; + log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file."); +} + +/* generate rule sections to load */ +/* The files are always configured so the update process is easier */ +$selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n"; +$selected_rules_sections .= "include \$RULE_PATH/{$flowbit_rules_file}\n"; +$selected_rules_sections .= "include \$RULE_PATH/custom.rules\n"; + +// Remove trailing newlines +$snort_misc_include_rules = rtrim($snort_misc_include_rules); +$selected_rules_sections = rtrim($selected_rules_sections); + +$cksumcheck = "all"; +if ($snortcfg['cksumcheck'] == 'on') + $cksumcheck = "none"; + +/* Pull in user-configurable detection config options */ +$cfg_detect_settings = "search-method {$snort_performance} max-pattern-len 20 max_queue_events 5"; +if ($snortcfg['fpm_split_any_any'] == "on") + $cfg_detect_settings .= " split-any-any"; +if ($snortcfg['fpm_search_optimize'] == "on") + $cfg_detect_settings .= " search-optimize"; +if ($snortcfg['fpm_no_stream_inserts'] == "on") + $cfg_detect_settings .= " no_stream_inserts"; + +/* Pull in user-configurable options for Frag3 preprocessor settings */ +/* Get global Frag3 options first and put into a string */ +$frag3_global = "preprocessor frag3_global: "; +if (!empty($snortcfg['frag3_memcap']) || $snortcfg['frag3_memcap'] == "0") + $frag3_global .= "memcap {$snortcfg['frag3_memcap']}, "; +else + $frag3_global .= "memcap 4194304, "; +if (!empty($snortcfg['frag3_max_frags'])) + $frag3_global .= "max_frags {$snortcfg['frag3_max_frags']}"; +else + $frag3_global .= "max_frags 8192"; +if ($snortcfg['frag3_detection'] == "off") + $frag3_global .= ", disabled"; + +$frag3_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", + "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", + "overlap_limit" => 0, "min_frag_len" => 0 ); +$frag3_engine = ""; + +// Now iterate configured Frag3 engines and write them to a string if enabled +if ($snortcfg['frag3_detection'] == "on") { + if (!is_array($snortcfg['frag3_engine']['item'])) + $snortcfg['frag3_engine']['item'] = array(); + + // If no frag3 tcp engine is configured, use the default + if (empty($snortcfg['frag3_engine']['item'])) + $snortcfg['frag3_engine']['item'][] = $frag3_default_tcp_engine; + + foreach ($snortcfg['frag3_engine']['item'] as $f => $v) { + $frag3_engine .= "preprocessor frag3_engine: "; + $frag3_engine .= "policy {$v['policy']}"; + if ($v['bind_to'] <> "all") { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ',', $tmp); + if (strpos($tmp, ",") !== false) + $frag3_engine .= " \\\n\tbind_to [{$tmp}]"; + else + $frag3_engine .= " \\\n\tbind_to {$tmp}"; + } + else + log_error("[snort] WARNING: unable to resolve IP List Alias '{$v['bind_to']}' for Frag3 engine '{$v['name']}' ... using 0.0.0.0 failsafe."); + } + $frag3_engine .= " \\\n\ttimeout {$v['timeout']}"; + $frag3_engine .= " \\\n\tmin_ttl {$v['min_ttl']}"; + if ($v['detect_anomalies'] == "on") { + $frag3_engine .= " \\\n\tdetect_anomalies"; + $frag3_engine .= " \\\n\toverlap_limit {$v['overlap_limit']}"; + $frag3_engine .= " \\\n\tmin_fragment_length {$v['min_frag_len']}"; + } + // Add newlines to terminate this engine + $frag3_engine .= "\n\n"; + } + // Remove trailing newline + $frag3_engine = rtrim($frag3_engine); +} + +// Grab any user-customized value for Protocol Aware Flushing (PAF) max PDUs +$paf_max_pdu_config = "config paf_max: "; +if (empty($snortcfg['max_paf']) || $snortcfg['max_paf'] == '0') + $paf_max_pdu_config .= "0"; +else + $paf_max_pdu_config .= $snortcfg['max_paf']; + +// Pull in user-configurable options for Stream5 preprocessor settings +// Get global options first and put into a string +$stream5_global = "preprocessor stream5_global: \\\n"; +if ($snortcfg['stream5_reassembly'] == "off") + $stream5_global .= "\tdisabled, \\\n"; +if ($snortcfg['stream5_track_tcp'] == "off") + $stream5_global .= "\ttrack_tcp no,"; +else { + $stream5_global .= "\ttrack_tcp yes,"; + if (!empty($snortcfg['stream5_max_tcp'])) + $stream5_global .= " \\\n\tmax_tcp {$snortcfg['stream5_max_tcp']},"; + else + $stream5_global .= " \\\n\tmax_tcp 262144,"; +} +if ($snortcfg['stream5_track_udp'] == "off") + $stream5_global .= " \\\n\ttrack_udp no,"; +else { + $stream5_global .= " \\\n\ttrack_udp yes,"; + if (!empty($snortcfg['stream5_max_udp'])) + $stream5_global .= " \\\n\tmax_udp {$snortcfg['stream5_max_udp']},"; + else + $stream5_global .= " \\\n\tmax_udp 131072,"; +} +if ($snortcfg['stream5_track_icmp'] == "on") { + $stream5_global .= " \\\n\ttrack_icmp yes,"; + if (!empty($snortcfg['stream5_max_icmp'])) + $stream5_global .= " \\\n\tmax_icmp {$snortcfg['stream5_max_icmp']},"; + else + $stream5_global .= " \\\n\tmax_icmp 65536,"; +} +else + $stream5_global .= " \\\n\ttrack_icmp no,"; +if (!empty($snortcfg['stream5_mem_cap'])) + $stream5_global .= " \\\n\tmemcap {$snortcfg['stream5_mem_cap']},"; +else + $stream5_global .= " \\\n\tmemcap 8388608,"; + +if (!empty($snortcfg['stream5_prune_log_max']) || $snortcfg['stream5_prune_log_max'] == '0') + $stream5_global .= " \\\n\tprune_log_max {$snortcfg['stream5_prune_log_max']}"; +else + $stream5_global .= " \\\n\tprune_log_max 1048576"; +if ($snortcfg['stream5_flush_on_alert'] == "on") + $stream5_global .= ", \\\n\tflush_on_alert"; + +$stream5_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, + "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, + "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, + "no_reassemble_async" => "off", "dont_store_lg_pkts" => "off", "max_window" => 0, + "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "ports_client" => "default", + "ports_both" => "default", "ports_server" => "none" ); +$stream5_tcp_engine = ""; + +// Now iterate configured Stream5 TCP engines and write them to a string if enabled +if ($snortcfg['stream5_reassembly'] == "on") { + if (!is_array($snortcfg['stream5_tcp_engine']['item'])) + $snortcfg['stream5_tcp_engine']['item'] = array(); + + // If no stream5 tcp engine is configured, use the default + if (empty($snortcfg['stream5_tcp_engine']['item'])) + $snortcfg['stream5_tcp_engine']['item'][] = $stream5_default_tcp_engine; + + foreach ($snortcfg['stream5_tcp_engine']['item'] as $f => $v) { + $buffer = "preprocessor stream5_tcp: "; + $buffer .= "policy {$v['policy']},"; + if ($v['bind_to'] <> "all") { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ',', $tmp); + if (strpos($tmp, ",") !== false) + $buffer .= " \\\n\tbind_to [{$tmp}],"; + else + $buffer .= " \\\n\tbind_to {$tmp},"; + } + else { + log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for Stream5 TCP engine '{$v['name']}' ... skipping this engine."); + continue; + } + } + $stream5_tcp_engine .= $buffer; + $stream5_tcp_engine .= " \\\n\ttimeout {$v['timeout']},"; + $stream5_tcp_engine .= " \\\n\toverlap_limit {$v['overlap_limit']},"; + $stream5_tcp_engine .= " \\\n\tmax_window {$v['max_window']},"; + $stream5_tcp_engine .= " \\\n\tmax_queued_bytes {$v['max_queued_bytes']},"; + $stream5_tcp_engine .= " \\\n\tmax_queued_segs {$v['max_queued_segs']}"; + if ($v['use_static_footprint_sizes'] == "on") + $stream5_tcp_engine .= ", \\\n\tuse_static_footprint_sizes"; + if ($v['check_session_hijacking'] == "on") + $stream5_tcp_engine .= ", \\\n\tcheck_session_hijacking"; + if ($v['dont_store_lg_pkts'] == "on") + $stream5_tcp_engine .= ", \\\n\tdont_store_large_packets"; + if ($v['no_reassemble_async'] == "on") + $stream5_tcp_engine .= ", \\\n\tdont_reassemble_async"; + if ($v['detect_anomalies'] == "on") + $stream5_tcp_engine .= ", \\\n\tdetect_anomalies"; + if ($v['require_3whs'] == "on") + $stream5_tcp_engine .= ", \\\n\trequire_3whs {$v['startup_3whs_timeout']}"; + if (!empty($v['ports_client'])) { + $stream5_tcp_engine .= ", \\\n\tports client"; + if ($v['ports_client'] == " all") + $stream5_tcp_engine .= " all"; + elseif ($v['ports_client'] == "default") + $stream5_tcp_engine .= " {$stream5_ports_client}"; + else { + $tmp = trim(filter_expand_alias($v['ports_client'])); + if (!empty($tmp)) + $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); + else { + $stream5_tcp_engine .= " {$stream5_ports_client}"; + log_error("[snort] WARNING: unable to resolve Ports Client Alias [{$v['ports_client']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); + } + } + } + if (!empty($v['ports_both'])) { + $stream5_tcp_engine .= ", \\\n\tports both"; + if ($v['ports_both'] == " all") + $stream5_tcp_engine .= " all"; + elseif ($v['ports_both'] == "default") + $stream5_tcp_engine .= " {$stream5_ports_both}"; + else { + $tmp = trim(filter_expand_alias($v['ports_both'])); + if (!empty($tmp)) + $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); + else { + $stream5_tcp_engine .= " {$stream5_ports_both}"; + log_error("[snort] WARNING: unable to resolve Ports Both Alias [{$v['ports_both']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); + } + } + } + if (!empty($v['ports_server']) && $v['ports_server'] <> "none" && $v['ports_server'] <> "default") { + if ($v['ports_server'] == " all") { + $stream5_tcp_engine .= ", \\\n\tports server"; + $stream5_tcp_engine .= " all"; + } + else { + $tmp = trim(filter_expand_alias($v['ports_server'])); + if (!empty($tmp)) { + $stream5_tcp_engine .= ", \\\n\tports server"; + $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); + } + else + log_error("[snort] WARNING: unable to resolve Ports Server Alias [{$v['ports_server']}] for Stream5 TCP engine '{$v['name']}' ... defaulting to none."); + } + } + + // Make sure the "ports" parameter is set, or else default to a safe value + if (strpos($stream5_tcp_engine, "ports ") === false) + $stream5_tcp_engine .= ", \\\n\tports both all"; + + // Add a pair of newlines to terminate this engine + $stream5_tcp_engine .= "\n\n"; + } + // Trim off the final trailing newline + $stream5_tcp_engine = rtrim($stream5_tcp_engine); +} + +// Configure the Stream5 UDP engine if it and Stream5 reassembly are enabled +if ($snortcfg['stream5_track_udp'] == "off" || $snortcfg['stream5_reassembly'] == "off") + $stream5_udp_engine = ""; +else { + $stream5_udp_engine = "preprocessor stream5_udp: "; + if (!empty($snortcfg['stream5_udp_timeout'])) + $stream5_udp_engine .= "timeout {$snortcfg['stream5_udp_timeout']}"; + else + $stream5_udp_engine .= "timeout 30"; +} + +// Configure the Stream5 ICMP engine if it and Stream5 reassembly are enabled +if ($snortcfg['stream5_track_icmp'] == "on" && $snortcfg['stream5_reassembly'] == "on") { + $stream5_icmp_engine = "preprocessor stream5_icmp: "; + if (!empty($snortcfg['stream5_icmp_timeout'])) + $stream5_icmp_engine .= "timeout {$snortcfg['stream5_icmp_timeout']}"; + else + $stream5_icmp_engine .= "timeout 30"; +} +else + $stream5_icmp_engine = ""; + +// Check for and configure Host Attribute Table if enabled +$host_attrib_config = ""; +if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { + @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); + $host_attrib_config = "# Host Attribute Table #\n"; + $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; + if (!empty($snortcfg['max_attribute_hosts'])) + $host_attrib_config .= "config max_attribute_hosts: {$snortcfg['max_attribute_hosts']}\n"; + if (!empty($snortcfg['max_attribute_services_per_host'])) + $host_attrib_config .= "config max_attribute_services_per_host: {$snortcfg['max_attribute_services_per_host']}"; +} + +// Configure the HTTP_INSPECT preprocessor +// Get global options first and put into a string +$http_inspect_global = "preprocessor http_inspect: global "; +if ($snortcfg['http_inspect'] == "off") + $http_inspect_global .= "disabled "; +$http_inspect_global .= "\\\n\tiis_unicode_map unicode.map 1252 \\\n"; +$http_inspect_global .= "\tcompress_depth 65535 \\\n"; +$http_inspect_global .= "\tdecompress_depth 65535 \\\n"; +if (!empty($snortcfg['http_inspect_memcap'])) + $http_inspect_global .= "\tmemcap {$snortcfg['http_inspect_memcap']} \\\n"; +else + $http_inspect_global .= "\tmemcap 150994944 \\\n"; +if (!empty($snortcfg['http_inspect_max_gzip_mem'])) + $http_inspect_global .= "\tmax_gzip_mem {$snortcfg['http_inspect_max_gzip_mem']}"; +else + $http_inspect_global .= "\tmax_gzip_mem 838860"; +if ($snortcfg['http_inspect_proxy_alert'] == "on") + $http_inspect_global .= " \\\n\tproxy_alert"; + +$http_inspect_default_engine = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", + "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", + "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", + "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", + "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", + "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, + "max_header_length" => 0, "ports" => "default" ); +$http_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['http_ports'])); +$http_inspect_servers = ""; + +// Iterate configured HTTP_INSPECT servers and write them to string if HTTP_INSPECT enabled +if ($snortcfg['http_inspect'] <> "off") { + if (!is_array($snortcfg['http_inspect_engine']['item'])) + $snortcfg['http_inspect_engine']['item'] = array(); + + // If no http_inspect_engine is configured, use the default + if (empty($snortcfg['http_inspect_engine']['item'])) + $snortcfg['http_inspect_engine']['item'][] = $http_inspect_default_engine; + + foreach ($snortcfg['http_inspect_engine']['item'] as $f => $v) { + $buffer = "preprocessor http_inspect_server: \\\n"; + if ($v['name'] == "default") + $buffer .= "\tserver default \\\n"; + elseif (is_alias($v['bind_to'])) { + $tmp = trim(filter_expand_alias($v['bind_to'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ' ', $tmp); + $buffer .= "\tserver { {$tmp} } \\\n"; + } + else { + log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); + continue; + } + } + else { + log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); + continue; + } + $http_inspect_servers .= $buffer; + $http_inspect_servers .= "\tprofile {$v['server_profile']} \\\n"; + + if ($v['no_alerts'] == "on") + $http_inspect_servers .= "\tno_alerts \\\n"; + + if ($v['ports'] == "default" || empty($v['ports'])) + $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; + elseif (is_alias($v['ports'])) { + $tmp = trim(filter_expand_alias($v['ports'])); + if (!empty($tmp)) { + $tmp = preg_replace('/\s+/', ' ', $tmp); + $tmp = snort_expand_port_range($tmp, ' '); + $http_inspect_servers .= "\tports { {$tmp} } \\\n"; + } + else { + log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); + $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; + } + } + else { + log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); + $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; + } + + $http_inspect_servers .= "\tserver_flow_depth {$v['server_flow_depth']} \\\n"; + $http_inspect_servers .= "\tclient_flow_depth {$v['client_flow_depth']} \\\n"; + $http_inspect_servers .= "\thttp_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \\\n"; + $http_inspect_servers .= "\tpost_depth {$v['post_depth']} \\\n"; + $http_inspect_servers .= "\tmax_headers {$v['max_headers']} \\\n"; + $http_inspect_servers .= "\tmax_header_length {$v['max_header_length']} \\\n"; + $http_inspect_servers .= "\tmax_spaces {$v['max_spaces']}"; + if ($v['enable_xff'] == "on") + $http_inspect_servers .= " \\\n\tenable_xff"; + if ($v['enable_cookie'] == "on") + $http_inspect_servers .= " \\\n\tenable_cookie"; + if ($v['normalize_cookies'] == "on") + $http_inspect_servers .= " \\\n\tnormalize_cookies"; + if ($v['normalize_headers'] == "on") + $http_inspect_servers .= " \\\n\tnormalize_headers"; + if ($v['normalize_utf'] == "on") + $http_inspect_servers .= " \\\n\tnormalize_utf"; + if ($v['allow_proxy_use'] == "on") + $http_inspect_servers .= " \\\n\tallow_proxy_use"; + if ($v['inspect_uri_only'] == "on") + $http_inspect_servers .= " \\\n\tinspect_uri_only"; + if ($v['extended_response_inspection'] == "on") { + $http_inspect_servers .= " \\\n\textended_response_inspection"; + if ($v['inspect_gzip'] == "on") { + $http_inspect_servers .= " \\\n\tinspect_gzip"; + if ($v['unlimited_decompress'] == "on") + $http_inspect_servers .= " \\\n\tunlimited_decompress"; + } + if ($v['normalize_javascript'] == "on") { + $http_inspect_servers .= " \\\n\tnormalize_javascript"; + $http_inspect_servers .= " \\\n\tmax_javascript_whitespaces {$v['max_javascript_whitespaces']}"; + } + } + if ($v['log_uri'] == "on") + $http_inspect_servers .= " \\\n\tlog_uri"; + if ($v['log_hostname'] == "on") + $http_inspect_servers .= " \\\n\tlog_hostname"; + + // Add a pair of trailing newlines to terminate this server config + $http_inspect_servers .= "\n\n"; + } + /* Trim off the final trailing newline */ + $http_inspect_server = rtrim($http_inspect_server); +} + +?> diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 80b3bb1d..ba71c9bf 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -32,13 +32,13 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); if (isset($_POST['eng'])) - $eng = $_POST['eng']; + $eng = htmlspecialchars($_POST['eng']); elseif (isset($_GET['eng'])) $eng = htmlspecialchars($_GET['eng']); diff --git a/config/snort/snort_interface_logs.php b/config/snort/snort_interface_logs.php new file mode 100644 index 00000000..c8c4c24c --- /dev/null +++ b/config/snort/snort_interface_logs.php @@ -0,0 +1,267 @@ +<?php +/* + * snort_interface_logs.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); +if (empty($id)) + $id = 0; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_instance = $config['installedpackages']['snortglobal']['rule']; +$snort_uuid = $a_instance[$id]['uuid']; +$if_real = get_real_interface($a_instance[$id]['interface']); + +// Construct a pointer to the instance's logging subdirectory +$snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}/"; + +// Construct a pointer to the PBI_BIN directory +$snortbindir = SNORT_PBI_BINDIR; + +// Limit all file access to just the currently selected interface's logging subdirectory +$logfile = htmlspecialchars($snortlogdir . basename($_POST['file'])); + +if ($_POST['action'] == 'load') { + // If viewing the app-stats log, then grab only the most recent one + if (strpos(basename($logfile), "app-stats.log") !== FALSE) { + $appid_statlogs = glob("{$snortlogdir}app-stats.log.*"); + $logfile = array_pop($appid_statlogs); + } + + if(!is_file($logfile)) { + echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|"; + } + else { + // Test for special unified2 format app-stats file because + // we have to use a Snort binary tool to display its contents. + if (strpos(basename($_POST['file']), "app-stats.log") !== FALSE) + $data = shell_exec("{$snortbindir}u2openappid {$logfile} 2>&1"); + else + $data = file_get_contents($logfile); + if($data === false) { + echo "|1|" . gettext("Failed to read log file") . ".|"; + } else { + $data = base64_encode($data); + echo "|0|{$logfile}|{$data}|"; + } + } + exit; +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($a_instance[$id]['interface']); +$pgtitle = gettext("Snort: {$if_friendly} Logs"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if ($input_errors) { + print_input_errors($input_errors); +} + +?> +<script type="text/javascript" src="/javascript/base64.js"></script> +<script type="text/javascript"> + function loadFile() { + jQuery("#fileStatus").html("<?=gettext("Loading file"); ?> ..."); + jQuery("#fileStatusBox").show(250); + jQuery("#filePathBox").show(250); + jQuery("#fbTarget").html(""); + + jQuery.ajax( + "<?=$_SERVER['SCRIPT_NAME'];?>", { + type: 'POST', + data: "id=" + jQuery("#id").val() + "&action=load&file=" + jQuery("#logFile").val(), + complete: loadComplete + } + ); + } + + function loadComplete(req) { + jQuery("#fileContent").show(250); + var values = req.responseText.split("|"); + values.shift(); values.pop(); + + if(values.shift() == "0") { + var file = values.shift(); + var fileContent = Base64.decode(values.join("|")); + jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>."); + jQuery("#fbTarget").html(file); + jQuery("#fileRefreshBtn").show(); + jQuery("#fileContent").prop("disabled", false); + jQuery("#fileContent").val(fileContent); + } + else { + jQuery("#fileStatus").html(values[0]); + jQuery("#fbTarget").html(""); + jQuery("#fileRefreshBtn").hide(); + jQuery("#fileContent").val(""); + jQuery("#fileContent").prop("disabled", true); + } + } + +</script> + +<form action="/snort/snort_interface_logs.php" method="post" id="formbrowse"> +<input type="hidden" id="id" value="<?=$id;?>"/> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); + echo '</td></tr>'; + echo '<tr><td>'; + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), true, "/snort/snort_interface_logs.php?id={$id}"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Log File Selections"); ?></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext('Log File to View'); ?></td> + <td width="78%" class="vtable"> + <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> + <?php + $logs = array( "alert", "app-stats.log", "{$if_real}.stats" , "sid_changes.log" ); + foreach ($logs as $log) { + $selected = ""; + if ($log == basename($logfile)) + $selected = "selected"; + echo "<option value='{$snortlogdir}{$log}' {$selected}>" . $log . "</option>\n"; + } + ?> + </select> <?php echo gettext('Choose which log you want to view.'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Log File Contents"); ?></td> + </tr> + <tr> + <td colspan="2"> + <table width="100%"> + <tbody> + <tr> + <td width="75%"> + <div style="display:none; " id="fileStatusBox"> + <div class="list" style="padding-left:15px;"> + <strong id="fileStatus"></strong> + </div> + </div> + <div style="padding-left:15px; display:none;" id="filePathBox"> + <strong><?=gettext("Log File Path"); ?>:</strong> + <div class="list" style="display:inline;" id="fbTarget"></div> + </div> + </td> + <td align="right"> + <div style="padding-right:15px; display:none;" id="fileRefreshBtn"> + <input type="button" name="refresh" id="refresh" value="Refresh" class="formbtn" onclick="loadFile();" title="<?=gettext("Refresh current display");?>" /> + </div> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2"> + <table width="100%"> + <tbody> + <tr> + <td valign="top" class="label"> + <div style="background:#eeeeee;" id="fileOutput"> + <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off" disabled></textarea> + </div> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </div> + </td> + </tr> + </tbody> +</table> +</form> + +<?php if(empty($_POST['file'])): ?> +<script type="text/javascript"> + document.getElementById("logFile").selectedIndex=-1; +</script> +<?php endif; ?> + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index c82ec57e..38471ef0 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -45,6 +45,9 @@ $a_nat = &$config['installedpackages']['snortglobal']['rule']; // Calculate the index of the next added Snort interface $id_gen = count($config['installedpackages']['snortglobal']['rule']); +// Get list of configured firewall interfaces +$ifaces = get_configured_interface_list(); + if (isset($_POST['del_x'])) { /* Delete selected Snort interfaces */ if (is_array($_POST['rule'])) { @@ -53,13 +56,12 @@ if (isset($_POST['del_x'])) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $snort_uuid = $a_nat[$rulei]['uuid']; snort_stop($a_nat[$rulei], $if_real); - exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}"); - exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}"); + rmdir_recursive("{$snortlogdir}/snort_{$if_real}{$snort_uuid}"); + rmdir_recursive("{$snortdir}/snort_{$snort_uuid}_{$if_real}"); // Finally delete the interface's config entry entirely unset($a_nat[$rulei]); } - conf_mount_ro(); /* If all the Snort interfaces are removed, then unset the interfaces config array. */ if (empty($a_nat)) @@ -67,18 +69,9 @@ if (isset($_POST['del_x'])) { write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); - - /* if there are no ifaces remaining do not create snort.sh */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - snort_create_rc(); - else { - conf_mount_rw(); - @unlink("{$rcdir}/snort.sh"); - conf_mount_ro(); - } - + conf_mount_rw(); sync_snort_package_config(); - + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -97,11 +90,13 @@ if ($_POST['bartoggle'] && is_numericint($_POST['id'])) { $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { - log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})..."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_barnyard_start($snortcfg, $if_real); } else { - log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})..."); snort_barnyard_stop($snortcfg, $if_real); } sleep(3); // So the GUI reports correctly @@ -114,14 +109,16 @@ if ($_POST['toggle'] && is_numericint($_POST['id'])) { $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real)) { - log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})..."); snort_stop($snortcfg, $if_real); } else { - log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort starting) for {$if_friendly}({$if_real})..."); /* set flag to rebuild interface rules before starting Snort */ $rebuild_rules = true; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); $rebuild_rules = false; snort_start($snortcfg, $if_real); } @@ -161,7 +158,9 @@ include_once("fbegin.inc"); $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td> @@ -173,18 +172,33 @@ include_once("fbegin.inc"); <tr id="frheader"> <td width="3%" class="list"> </td> <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td> - <td width="13%" class="listhdrr"><?php echo gettext("Snort"); ?></td> + <td width="14%" class="listhdrr"><?php echo gettext("Snort"); ?></td> <td width="10%" class="listhdrr"><?php echo gettext("Performance"); ?></td> <td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td> <td width="12%" class="listhdrr"><?php echo gettext("Barnyard2"); ?></td> - <td width="30%" class="listhdr"><?php echo gettext("Description"); ?></td> - <td width="3%" class="list"> + <td width="32%" class="listhdr"><?php echo gettext("Description"); ?></td> + <td class="list"> <table border="0" cellspacing="0" cellpadding="0"> <tr> - <td></td> - <td align="center" valign="middle"><a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a></td> + <td class="list" valign="middle"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Snort mapping');?>"> + <?php endif; ?> + </td> + <td class="list" valign="middle"> + <?php if ($id_gen == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> + </td> </tr> </table> </td> @@ -237,9 +251,11 @@ include_once("fbegin.inc"); $no_rules = true; if (isset($natent['customrules']) && !empty($natent['customrules'])) $no_rules = false; - if (isset($natent['rulesets']) && !empty($natent['rulesets'])) + elseif (isset($natent['rulesets']) && !empty($natent['rulesets'])) $no_rules = false; - if (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) + elseif (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) + $no_rules = false; + elseif ($config['installedpackages']['snortglobal']['auto_manage_sids'] == 'on' && !empty($natent['enable_sid_file'])) $no_rules = false; /* Do not display the "no rules" warning if interface disabled */ if ($natent['enable'] == "off") @@ -317,10 +333,20 @@ include_once("fbegin.inc"); <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="0"> <tr> - <td><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img + <td class="list" valign="middle"><a href="snort_interfaces_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext('Edit Snort interface mapping'); ?>"></a> </td> + <td class="list" valign="middle"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="snort_interfaces_edit.php?id=<?=$i;?>&action=dup"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a> + <?php else: ?> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Snort mapping');?>"> + <?php endif; ?> + </td> </tr> </table> </td> @@ -337,14 +363,25 @@ include_once("fbegin.inc"); <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="0"> <tr> - <td><?php if ($nnats == 0): ?><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" - width="17" height="17" " border="0"> - <?php else: ?> - <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" - width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" - onclick="return intf_del()"> - <?php endif; ?></td> + <td class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="snort_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Snort interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Snort mapping');?>"> + <?php endif; ?> + </td> + <td class="list"> + <?php if ($id_gen == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> + </td> </tr> </table> </td> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 4c868844..0d41c7db 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -32,7 +32,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $rebuild_rules; +global $g, $config, $rebuild_rules; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; @@ -55,6 +55,13 @@ if (is_null($id)) { exit; } +if (isset($_POST['action'])) + $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); +elseif (isset($_GET['action'])) + $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401); +else + $action = ""; + $pconfig = array(); if (empty($snortglob['rule'][$id]['uuid'])) { /* Adding new interface, so flag rules to build. */ @@ -89,7 +96,7 @@ elseif (isset($id) && !isset($a_rule[$id])) { foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; - $pconfig['descr'] = strtoupper($i); + $pconfig['descr'] = convert_friendly_interface_to_friendly_descr($i); $pconfig['enable'] = 'on'; break; } @@ -106,8 +113,41 @@ if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; +if (empty($pconfig['alertsystemlog_facility'])) + $pconfig['alertsystemlog_facility'] = "log_auth"; +if (empty($pconfig['alertsystemlog_priority'])) + $pconfig['alertsystemlog_priority'] = "log_alert"; + +// See if creating a new interface by duplicating an existing one +if (strcasecmp($action, 'dup') == 0) { + + // Try to pick the next available physical interface to use + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = convert_friendly_interface_to_friendly_descr($i); + break; + } + } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = gettext("No more available interfaces to configure for Snort!"); + $interfaces = array(); + $pconfig = array(); + } -if ($_POST["save"]) { + // Set Home Net, External Net, Suppress List and Pass List to defaults + unset($pconfig['suppresslistname']); + unset($pconfig['whitelistname']); + unset($pconfig['homelistname']); + unset($pconfig['externallistname']); +} + +if ($_POST["save"] && !$input_errors) { if (!isset($_POST['interface'])) $input_errors[] = "Interface is mandatory"; @@ -121,8 +161,32 @@ if ($_POST["save"]) { } } + // If Snort is disabled on this interface, stop any running instance, + // save the change, and exit. + if ($_POST['enable'] != 'on') { + $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off'; + touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); + touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled"); + snort_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); + write_config("Snort pkg: modified interface configuration for {$a_rule[$id]['interface']}."); + $rebuild_rules = false; + conf_mount_rw(); + sync_snort_package_config(); + conf_mount_ro(); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_interfaces.php"); + exit; + } + /* if no errors write to conf */ if (!$input_errors) { + /* Most changes don't require a rules rebuild, so default to "off" */ + $rebuild_rules = false; + $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; @@ -137,7 +201,7 @@ if ($_POST["save"]) { if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $snort_reload = true; - if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); + if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = convert_friendly_interface_to_friendly_descr($natent['interface']); if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") $natent['blockoffenders7'] = 'on'; else $natent['blockoffenders7'] = 'off'; @@ -150,14 +214,16 @@ if ($_POST["save"]) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } - if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility']; + if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority']; + if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; if ($_POST['fpm_split_any_any'] == "on") { $natent['fpm_split_any_any'] = 'on'; }else{ $natent['fpm_split_any_any'] = 'off'; } if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; } $if_real = get_real_interface($natent['interface']); - if (isset($id) && $a_rule[$id]) { + if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Snort instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); @@ -167,13 +233,24 @@ if ($_POST["save"]) { } else $snort_start = false; - exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); + @rename("{$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']}", "{$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); - exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); + @rename("{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real}", "{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; - } else { + } + elseif (strcasecmp($action, 'dup') == 0) { + // Duplicating a new interface, so set flag to build new rules + $rebuild_rules = true; + + // Duplicating an interface, so need to generate a new UUID for the cloned interface + $natent['uuid'] = snort_generate_id(); + + // Add the new duplicated interface configuration to the [rule] array in config + $a_rule[] = $natent; + } + else { // Adding new interface, so set required interface configuration defaults $frag3_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", @@ -221,11 +298,35 @@ if ($_POST["save"]) { $natent['ftp_server_engine']['item'][] = $ftp_server_eng; $natent['smtp_preprocessor'] = 'on'; + $natent['smtp_memcap'] = "838860"; + $natent['smtp_max_mime_mem'] = "838860"; + $natent['smtp_b64_decode_depth'] = "0"; + $natent['smtp_qp_decode_depth'] = "0"; + $natent['smtp_bitenc_decode_depth'] = "0"; + $natent['smtp_uu_decode_depth'] = "0"; + $natent['smtp_email_hdrs_log_depth'] = "1464"; + $natent['smtp_ignore_data'] = 'off'; + $natent['smtp_ignore_tls_data'] = 'on'; + $natent['smtp_log_mail_from'] = 'on'; + $natent['smtp_log_rcpt_to'] = 'on'; + $natent['smtp_log_filename'] = 'on'; + $natent['smtp_log_email_hdrs'] = 'on'; + $natent['dce_rpc_2'] = 'on'; $natent['dns_preprocessor'] = 'on'; $natent['ssl_preproc'] = 'on'; $natent['pop_preproc'] = 'on'; + $natent['pop_memcap'] = "838860"; + $natent['pop_b64_decode_depth'] = "0"; + $natent['pop_qp_decode_depth'] = "0"; + $natent['pop_bitenc_decode_depth'] = "0"; + $natent['pop_uu_decode_depth'] = "0"; $natent['imap_preproc'] = 'on'; + $natent['imap_memcap'] = "838860"; + $natent['imap_b64_decode_depth'] = "0"; + $natent['imap_qp_decode_depth'] = "0"; + $natent['imap_bitenc_decode_depth'] = "0"; + $natent['imap_uu_decode_depth'] = "0"; $natent['sip_preproc'] = 'on'; $natent['other_preprocs'] = 'on'; @@ -265,6 +366,14 @@ if ($_POST["save"]) { $natent['stream5_tcp_engine']['item'] = array(); $natent['stream5_tcp_engine']['item'][] = $stream5_eng; + $natent['alertsystemlog_facility'] = "log_auth"; + $natent['alertsystemlog_priority'] = "log_alert"; + + $natent['appid_preproc'] = "off"; + $natent['sf_appid_mem_cap'] = "256"; + $natent['sf_appid_statslog'] = "on"; + $natent['sf_appid_stats_period'] = "300"; + $a_rule[] = $natent; } @@ -275,15 +384,15 @@ if ($_POST["save"]) { /* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); - /* Most changes don't require a rules rebuild, so default to "off" */ - $rebuild_rules = false; - /* Update snort.conf and snort.sh files for this interface */ + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); /* See if we need to restart Snort after an interface re-assignment */ - if ($snort_start == true) + if ($snort_start == true) { snort_start($natent, $if_real); + } /*******************************************************/ /* Signal Snort to reload configuration if we changed */ @@ -326,6 +435,7 @@ include_once("head.inc"); <form action="snort_interfaces_edit.php" method="post" name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>"/> +<input name="action" type="hidden" value="<?=$action;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -338,7 +448,9 @@ include_once("head.inc"); $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -351,6 +463,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -397,9 +510,44 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td> - <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" onclick="toggle_system_log();" <?php if ($pconfig['alertsystemlog'] == "on") echo " checked"; ?>/> <?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td> </tr> + <tbody id="alertsystemlog_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_facility" id="alertsystemlog_facility" class="formselect"> + <?php + $log_facility = array( "log_auth", "log_authpriv", "log_daemon", "log_user", "log_local0", "log_local1", + "log_local2", "log_local3", "log_local4", "log_local5", "log_local6", "log_local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['alertsystemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Facility to use for reporting. Default is ") . "<strong>" . gettext("log_auth") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_priority" id="alertsystemlog_priority" class="formselect"> + <?php + $log_priority = array( "log_emerg", "log_crit", "log_alert", "log_err", "log_warning", "log_notice", "log_info", "log_debug" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['alertsystemlog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("log_alert") . "</strong>."; ?> + </td> + </tr> + </tbody> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Block Offenders"); ?></td> <td width="78%" class="vtable"> @@ -555,13 +703,17 @@ include_once("head.inc"); } } ?> - </select> - <span class="vexpl"><?php echo gettext("Choose the External Net you want this interface " . - "to use."); ?></span> <br/><br/> + </select> + <input type="button" class="formbtns" value="View List" + onclick="viewList('<?=$id;?>','externallistname','externalnet')" id="btnExternalNet" + title="<?php echo gettext("Click to view currently selected External Net contents"); ?>"/> + <br/> + <?php echo gettext("Choose the External Net you want this interface " . + "to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default " . - "External Net is networks that are not Home Net."); ?><br/> - <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Most users should leave this " . - "setting at default. Create an Alias for custom External Net settings."); ?><br/> + "External Net is networks that are not Home Net. Most users should leave this setting at default."); ?><br/> + <span class="red"><?php echo gettext("Hint:"); ?></span> + <?php echo gettext("Create a Pass List and add an Alias to it, and then assign the Pass List here for custom External Net settings."); ?><br/> </td> </tr> <tr> @@ -659,6 +811,14 @@ function enable_blockoffenders() { document.iform.btnWhitelist.disabled=endis; } +function toggle_system_log() { + var endis = !(document.iform.alertsystemlog.checked); + if (endis) + document.getElementById("alertsystemlog_rows").style.display="none"; + else + document.getElementById("alertsystemlog_rows").style.display=""; +} + function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); // make sure a default answer is called if this is invoked. @@ -713,6 +873,7 @@ function viewList(id, elemID, elemType) { enable_change(false); enable_blockoffenders(); +toggle_system_log(); //--> </script> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 69a182bd..6c1d56ac 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -41,28 +41,42 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; - -/* make things short */ -$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off'; -$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; -$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; -$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off'; -$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off'; -$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; -$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; -$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; -$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; -$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off'; -$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off'; -$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off'; -$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; +$snort_openappdir = SNORT_APPID_ODP_PATH; + +// Grab any previous input values if doing a SAVE operation +if ($_POST['save']) + $pconfig = $_POST; +else { + $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off'; + $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; + $pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; + $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off'; + $pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off'; + $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; + $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; + $pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; + $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off'; + $pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off'; + $pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; + $pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off'; + $pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off'; +} /* Set sensible values for any empty default params */ -if (empty($pconfig['snortloglimit'])) - $pconfig['snortloglimit'] = 'on'; if (!isset($pconfig['rule_update_starttime'])) $pconfig['rule_update_starttime'] = '00:05'; +if (!isset($config['installedpackages']['snortglobal']['forcekeepsettings'])) + $pconfig['forcekeepsettings'] = 'on'; + +/* Grab OpenAppID version info if enabled and downloaded */ +if ($pconfig['openappid_detectors'] == "on") { + if (file_exists("{$snort_openappdir}odp/version.conf")) { + $openappid_ver = gettext("Installed Detection Package "); + $openappid_ver .= gettext(ucfirst(strtolower(file_get_contents("{$snort_openappdir}odp/version.conf")))); + } + else + $openappid_ver = gettext("N/A (Not Downloaded)"); +} if ($_POST['rule_update_starttime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime'])) @@ -83,8 +97,9 @@ if (!$input_errors) { $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; - $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -125,34 +140,29 @@ if (!$input_errors) { $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; - if ($_POST['snortloglimitsize']) { - $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; - } else { - $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; - - /* code will set limit to 21% of slice that is unused */ - $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); - $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; - } $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ - $pos = strpos($_POST['rule_update_starttime'], ":"); - if ($pos === false) { - $tmp = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); - $_POST['rule_update_starttime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); + if ($_POST['rule_update_starttime']) { + $pos = strpos($_POST['rule_update_starttime'], ":"); + if ($pos === false) { + $tmp = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); + $_POST['rule_update_starttime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); + } + $config['installedpackages']['snortglobal']['rule_update_starttime'] = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); } - $config['installedpackages']['snortglobal']['rule_update_starttime'] = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); + $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; - /* create whitelist and homenet file then sync files */ - sync_snort_package_config(); - write_config("Snort pkg: modified global settings."); + /* create whitelist and homenet file, then sync files */ + conf_mount_rw(); + sync_snort_package_config(); + conf_mount_ro(); + /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -196,7 +206,9 @@ if ($input_errors) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -213,12 +225,12 @@ if ($input_errors) <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> <td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();" - <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td> + <?php if($pconfig['snortdownload']=='on') echo 'checked'; ?> /></td> <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="https://www.snort.org/products" target="_blank"> <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> </table> @@ -231,9 +243,9 @@ if ($input_errors) </tr> <tr> <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> - <td><input name="oinkmastercode" type="text" - class="formfld unknown" id="oinkmastercode" size="52" - value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>"><br/> + <td><input name="oinkmastercode" type="text" + class="formfld unknown" id="oinkmastercode" size="52" + value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>" /><br/> <?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td> </tr> </table> @@ -243,8 +255,8 @@ if ($input_errors) <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> - <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked";?> ></td> + <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" + <?php if ($pconfig['snortcommunityrules']=="on") echo "checked";?> /></td> <td class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " . "without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset.");?> <br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . @@ -259,13 +271,13 @@ if ($input_errors) <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> <td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td> + <?php if ($pconfig['emergingthreats']=="on") echo "checked"; ?> /></td> <td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " . "is more limited than ETPro."); ?></span></td> </tr> <tr> <td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();" - <?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td> + <?php if ($pconfig['emergingthreats_pro']=="on") echo "checked"; ?>/></td> <td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td> </tr> <tr> @@ -289,13 +301,38 @@ if ($input_errors) <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> <td><input name="etpro_code" type="text" class="formfld unknown" id="etpro_code" size="52" - value="<?=htmlspecialchars($pconfig['etpro_code']);?>"><br/> + value="<?=htmlspecialchars($pconfig['etpro_code']);?>"/><br/> <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td> </tr> </table> </td> </tr> - +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("OpenAppID") . "</strong>" . gettext(" detectors");?></td> + <td width="78%" class="vtable"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td valign="top" width="8%"><input name="openappid_detectors" type="checkbox" value="on" onclick="enable_openappid_dnload();" + <?php if ($pconfig['openappid_detectors']=="on") echo "checked";?> /></td> + <td class="vexpl"><?php echo gettext("The OpenAppID package contains the application signatures required by " . + "the AppID preprocessor.");?> + <br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . + gettext("You must enable download of the OpenAppID detectors package in order to utilize the Application ID ") . + gettext("preprocessor and any user-provided application detection rules. Once enabled, go to the ") . + "<a href='/snort/snort_download_updates.php'>" . gettext("UPDATES") . "</a>" . gettext(" tab and click to download updates.");?></td> + </tr> + <tbody id="openappid_rows"> + <tr> + <td class="vexpl" colspan="2"><br/><strong><?=gettext("OpenAppID Detection Package");?></strong></td> + </tr> + <tr> + <td class="vexpl" valign="top"><strong><?=gettext("VER:");?></strong></td> + <td class="vexpl"><?=htmlspecialchars($openappid_ver);?></td> + </tr> + </tbody> + </table> + </td> +</tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Rules Update Settings"); ?></td> </tr> @@ -307,7 +344,7 @@ if ($input_errors) $interfaces3 = array('never_up' => gettext('NEVER'), '6h_up' => gettext('6 HOURS'), '12h_up' => gettext('12 HOURS'), '1d_up' => gettext('1 DAY'), '4d_up' => gettext('4 DAYS'), '7d_up' => gettext('7 DAYS'), '28d_up' => gettext('28 DAYS')); foreach ($interfaces3 as $iface3 => $ifacename3): ?> <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?>> + <?php if ($iface3 == $pconfig['autorulesupdate7']) echo "selected"; ?> /> <?=htmlspecialchars($ifacename3);?></option> <?php endforeach; ?> </select><span class="vexpl"> <?php echo gettext("Please select the interval for rule updates. Choosing ") . @@ -317,49 +354,16 @@ if ($input_errors) <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td> <td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4" - maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl"> + maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?> /><span class="vexpl"> <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" . gettext("Default") . " </strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/> <?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " . - "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td> + "start time of 00:05 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> <tr> -<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . - "Limit"); ?><br/><br/> - <br/> - <br/> - <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> - <?php echo gettext("Available space is"); ?> <strong><?php echo $snortlogCurrentDSKsize; ?> MB</strong></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="on" - <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?>><span class="vexpl"> - <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td> - </tr> - <tr> - <td colspan="2"><input name="snortloglimit" type="radio" id="snortloglimit" value="off" - <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?>> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong> - <?php echo gettext("directory size limit"); ?></span><br/> - <br/> - <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("Nanobsd " . - "should use no more than 10MB of space."); ?></td> - </tr> - </table> - <table width="100%" border="0" cellpadding="2" cellspacing="0"> - <tr> - <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?> - <input name="snortloglimitsize" type="text" class="formfld unknown" id="snortloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"> - <?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td> - </tr> - </table> - </td> -</tr> -<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td> <td width="78%" class="vtable"> <select name="rm_blocked" class="formselect" id="rm_blocked"> @@ -367,7 +371,7 @@ if ($input_errors) $interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS')); foreach ($interfaces3 as $iface3 => $ifacename3): ?> <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?> /> <?=htmlspecialchars($ifacename3);?></option> <?php endforeach; ?> </select> @@ -376,27 +380,29 @@ if ($input_errors) </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td> - <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/> + <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes" + <?php if ($pconfig['clearblocks']=="on") echo " checked"; ?> /> <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td> - <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/> - <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td> -</tr> -<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" - id="forcekeepsettings" type="checkbox" value="yes" - <?php if ($config['installedpackages']['snortglobal']['forcekeepsettings']=="on") echo "checked"; ?> - > <?php echo gettext("Settings will not be removed during package deinstallation."); ?></td> + id="forcekeepsettings" type="checkbox" value="yes" + <?php if ($pconfig['forcekeepsettings']=="on") echo "checked"; ?> /> + <?php echo gettext("Settings will not be removed during package deinstallation."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Startup/Shutdown Logging"); ?></td> + <td width="78%" class="vtable"><input name="verbose_logging" + id="verbose_logging" type="checkbox" value="yes" + <?php if ($pconfig['verbose_logging']=="on") echo "checked"; ?> /> + <?php echo gettext("Output detailed messages to the system log when Snort is starting and stopping. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>" . gettext("."); ?></td> </tr> <tr> <td width="22%" valign="top"> <td width="78%"> - <input name="save" type="submit" class="formbtn" value="Save" > + <input name="save" type="submit" class="formbtn" value="Save" /> </td> </tr> <tr> @@ -449,11 +455,20 @@ function enable_change_rules_upd() { document.iform.rule_update_starttime.disabled=""; } +function enable_openappid_dnload() { + var endis = document.iform.openappid_detectors.checked; + if (endis) + document.getElementById("openappid_rows").style.display = ""; + else + document.getElementById("openappid_rows").style.display = "none"; +} + // Initialize the form controls state based on saved settings enable_snort_vrt(); enable_et_rules(); enable_etpro_rules(); enable_change_rules_upd(); +enable_openappid_dnload(); //--> </script> diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index ecbd04a7..fd47eed8 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -114,7 +114,9 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 986bfc38..a861fb7e 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -90,7 +90,12 @@ if ($_POST['save']) { $reqdfields = explode(" ", "name"); $reqdfieldsn = array("Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; @@ -116,7 +121,7 @@ if ($_POST['save']) { $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if ($_POST['suppresspassthru']) { $s_list['suppresspassthru'] = str_replace("​", "", $s_list['suppresspassthru']); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + $s_list['suppresspassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['suppresspassthru'])); } if (isset($id) && $a_suppress[$id]) @@ -125,7 +130,9 @@ if ($_POST['save']) { $a_suppress[] = $s_list; write_config("Snort pkg: modified Suppress List {$s_list['name']}."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_interfaces_suppress.php"); exit; @@ -161,7 +168,9 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td></tr> diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php index ae4a1032..20d486c6 100644 --- a/config/snort/snort_ip_list_mgmt.php +++ b/config/snort/snort_ip_list_mgmt.php @@ -43,7 +43,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) // Hard-code the path where IP Lists are stored // and disregard any user-supplied path element. -$iprep_path = IPREP_PATH; +$iprep_path = SNORT_IPREP_PATH; // Set default to not show IP List editor controls $iplist_edit_style = "display: none;"; @@ -152,6 +152,7 @@ if ($savemsg) <input type="hidden" name="MAX_FILE_SIZE" value="100000000" /> <input type="hidden" name="iplist_fname" id="iplist_fname" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); @@ -163,26 +164,26 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), true, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td> </tr> -<tbody id="uploader" style="display: none;" class="tabcont"> - <tr> - <td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> - </tr> - <tr> - <td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" /> - <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" - title="<?=gettext("Upload selected IP list to firewall");?>"/> <input type="button" - value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td> - <td class="list"></td> - </tr> -</tbody> <tr> <td> <div id="mainarea"> + + <?php if ($g['platform'] == "nanobsd") : ?> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td> + </tr> + </tbody> + </table> + <?php else: ?> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <colgroup> <col style="width: 50%;"> @@ -221,6 +222,18 @@ if ($savemsg) height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> </tr> <?php endforeach; ?> + <tbody id="uploader" style="display: none;"> + <tr> + <td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> + </tr> + <tr> + <td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" /> + <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" + title="<?=gettext("Upload selected IP list to firewall");?>"/> <input type="button" + value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td> + <td colspan="4" class="list"></td> + </tr> + </tbody> <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>"> <tr> <td colspan="4"> </td> @@ -265,9 +278,11 @@ if ($savemsg) <td class="list"></td> </tr> </table> + <?php endif; ?> </div> </td> </tr> +</tbody> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index 3de8c661..4c3065a0 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -56,7 +56,7 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_fi $a_nat = &$config['installedpackages']['snortglobal']['rule']; $pconfig = $a_nat[$id]; -$iprep_path = IPREP_PATH; +$iprep_path = SNORT_IPREP_PATH; $if_real = get_real_interface($a_nat[$id]['interface']); $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; @@ -162,7 +162,9 @@ if ($_POST['save'] || $_POST['apply']) { // Update the snort conf file for this interface $rebuild_rules = false; + conf_mount_rw(); snort_generate_conf($a_nat[$id]); + conf_mount_ro(); // Soft-restart Snort to live-load new variables snort_reload_config($a_nat[$id]); @@ -202,6 +204,7 @@ if ($savemsg) <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr> <td> <?php @@ -214,7 +217,9 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -227,6 +232,7 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td> @@ -234,6 +240,12 @@ if ($savemsg) <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <?php if ($g['platform'] == "nanobsd") : ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td> + </tr> + <?php else: ?> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td> </tr> @@ -363,9 +375,9 @@ if ($savemsg) <td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?> </td> <td width="78%" class="vtable"> - <table width="95%" border="0" cellpadding="2" cellspacing="0"> <!-- wlist_chooser --> <div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> <colgroup> <col style="text-align:left;"> <col style="width: 30%; text-align:left;"> @@ -406,12 +418,16 @@ if ($savemsg) </table> </td> </tr> + <?php endif; ?> + </tbody> </table> </div> </td> </tr> + </tbody> </table> +<?php if ($g['platform'] != "nanobsd") : ?> <script type="text/javascript"> Event.observe( window, "load", @@ -499,6 +515,7 @@ function wlistComplete(req) { } </script> +<?php endif; ?> </form> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php index 3e4d6b6a..a13a2d37 100644 --- a/config/snort/snort_iprep_list_browser.php +++ b/config/snort/snort_iprep_list_browser.php @@ -23,7 +23,7 @@ function get_content($dir) { return $files; } -$path = IPREP_PATH; +$path = SNORT_IPREP_PATH; $container = htmlspecialchars($_GET['container']); $target = htmlspecialchars($_GET['target']); diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php index 8c3d0134..54f4d7f1 100644 --- a/config/snort/snort_list_view.php +++ b/config/snort/snort_list_view.php @@ -66,6 +66,20 @@ if (isset($id) && isset($wlist)) { $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); $title = "Suppress List"; } + elseif ($type == "externalnet") { + if ($wlist == "default") { + $list = snort_build_list($a_rule, $a_rule['homelistname']); + $contents = ""; + foreach ($list as $ip) + $contents .= "!{$ip}\n"; + $contents = trim($contents, "\n"); + } + else { + $list = snort_build_list($a_rule, $wlist, false, true); + $contents = implode("\n", $list); + } + $title = "EXTERNAL_NET"; + } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); } diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php new file mode 100644 index 00000000..33d94a04 --- /dev/null +++ b/config/snort/snort_log_mgmt.php @@ -0,0 +1,444 @@ +<?php +/* + * snort_log_mgmt.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$snortdir = SNORTDIR; + +$pconfig = array(); + +// Grab saved settings from configuration +$pconfig['enable_log_mgmt'] = $config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on' ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs']; +$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; +$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; +$pconfig['alert_log_limit_size'] = $config['installedpackages']['snortglobal']['alert_log_limit_size']; +$pconfig['alert_log_retention'] = $config['installedpackages']['snortglobal']['alert_log_retention']; +$pconfig['stats_log_limit_size'] = $config['installedpackages']['snortglobal']['stats_log_limit_size']; +$pconfig['stats_log_retention'] = $config['installedpackages']['snortglobal']['stats_log_retention']; +$pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size']; +$pconfig['sid_changes_log_retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention']; +$pconfig['event_pkts_log_limit_size'] = '0'; +$pconfig['event_pkts_log_retention'] = $config['installedpackages']['snortglobal']['event_pkts_log_retention']; +$pconfig['appid_stats_log_limit_size'] = $config['installedpackages']['snortglobal']['appid_stats_log_limit_size']; +$pconfig['appid_stats_log_retention'] = $config['installedpackages']['snortglobal']['appid_stats_log_retention']; + +// Load up some arrays with selection values (we use these later). +// The keys in the $retentions array are the retention period +// converted to hours. The keys in the $log_sizes array are +// the file size limits in KB. +$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), + '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), + '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'), + '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'), + '5000' => gettext("5 MB"), '10000' => gettext("10 MB") ); + +// Set sensible defaults for any unset parameters +if (empty($pconfig['snortloglimit'])) + $pconfig['snortloglimit'] = 'on'; +if (empty($pconfig['snortloglimitsize'])) { + // Set limit to 20% of slice that is unused */ + $pconfig['snortloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); +} + +// Set default retention periods for rotated logs +if (!isset($pconfig['alert_log_retention'])) + $pconfig['alert_log_retention'] = "336"; +if (!isset($pconfig['stats_log_retention'])) + $pconfig['stats_log_retention'] = "168"; +if (!isset($pconfig['sid_changes_log_retention'])) + $pconfig['sid_changes_log_retention'] = "336"; +if (!isset($pconfig['event_pkts_log_retention'])) + $pconfig['event_pkts_log_retention'] = "336"; +if (!isset($pconfig['appid_stats_log_retention'])) + $pconfig['appid_stats_log_retention'] = "168"; + +// Set default log file size limits +if (!isset($pconfig['alert_log_limit_size'])) + $pconfig['alert_log_limit_size'] = "500"; +if (!isset($pconfig['stats_log_limit_size'])) + $pconfig['stats_log_limit_size'] = "500"; +if (!isset($pconfig['sid_changes_log_limit_size'])) + $pconfig['sid_changes_log_limit_size'] = "250"; +if (!isset($pconfig['appid_stats_log_limit_size'])) + $pconfig['appid_stats_log_limit_size'] = "1000"; + +if ($_POST['ResetAll']) { + + // Reset all settings to their defaults + $pconfig['alert_log_retention'] = "336"; + $pconfig['stats_log_retention'] = "168"; + $pconfig['sid_changes_log_retention'] = "336"; + $pconfig['event_pkts_log_retention'] = "336"; + $pconfig['appid_stats_log_retention'] = "168"; + + $pconfig['alert_log_limit_size'] = "500"; + $pconfig['stats_log_limit_size'] = "500"; + $pconfig['sid_changes_log_limit_size'] = "250"; + $pconfig['event_pkts_log_limit_size'] = "0"; + $pconfig['appid_stats_log_limit_size'] = "1000"; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); +} + +if ($_POST["save"] || $_POST['apply']) { + if ($_POST['enable_log_mgmt'] != 'on') { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); + sync_snort_package_config(); + conf_mount_ro(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_log_mgmt.php"); + exit; + } + + if ($_POST['snortloglimit'] == 'on') { + if (!is_numericint($_POST['snortloglimitsize']) || $_POST['snortloglimitsize'] < 1) + $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); + } + + if (!$input_errors) { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; + $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; + $config['installedpackages']['snortglobal']['alert_log_limit_size'] = $_POST['alert_log_limit_size']; + $config['installedpackages']['snortglobal']['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['snortglobal']['stats_log_limit_size'] = $_POST['stats_log_limit_size']; + $config['installedpackages']['snortglobal']['stats_log_retention'] = $_POST['stats_log_retention']; + $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size']; + $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = $_POST['sid_changes_log_retention']; + $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = $_POST['event_pkts_log_limit_size']; + $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = $_POST['event_pkts_log_retention']; + $config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = $_POST['appid_stats_log_limit_size']; + $config['installedpackages']['snortglobal']['appid_stats_log_retention'] = $_POST['appid_stats_log_retention']; + + write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); + sync_snort_package_config(); + conf_mount_ro(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_log_mgmt.php"); + exit; + } +} + +$pgtitle = gettext("Snort: Log Management"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); +?> + +<form action="snort_log_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), true, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files During Package Uninstall"); ?></td> + <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" + <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/> + <?php echo gettext("Snort log files will be removed when the Snort package is uninstalled."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td> + <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on" + <?php if ($config['installedpackages']['snortglobal']['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/> + <?php echo gettext("Enable automatic unattended management of Snort logs using parameters specified below."); ?><br/> + <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td> +</tr> +<tr> +<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . + "Limit"); ?><br/><br/><br/><br/><br/><br/><br/> + <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> + <?php echo gettext("Available space is"); ?> <strong><?php echo $snortlogCurrentDSKsize; ?> MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2" class="vexpl"><input name="snortloglimit" type="radio" id="snortloglimit_on" value="on" + <?php if($pconfig['snortloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td> + </tr> + <tr> + <td colspan="2" class="vexpl"><input name="snortloglimit" type="radio" id="snortloglimit_off" value="off" + <?php if($pconfig['snortloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Disable"); ?></strong> + <?php echo gettext("directory size limit"); ?><br/> + <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Snort interfaces. ") . + gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?> + <br/><br/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " . + "should use no more than 10MB of space."); ?></td> + </tr> + </table> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?> + <input name="snortloglimitsize" type="text" class="formfld unknown" id="snortloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['snortloglimitsize']);?>"/> + <?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td> + </tr> + </table> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td> +</tr> +<tr> + <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td> + <td class="vtable" width="78%"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col style="width: 15%;"> + <col style="width: 18%;"> + <col style="width: 18%;"> + <col> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Log Name");?></th> + <th class="listhdrr"><?=gettext("Max Size");?></th> + <th class="listhdrr"><?=gettext("Retention");?></th> + <th class="listhdrr"><?=gettext("Log Description");?></th> + </tr> + </thead> + <tbody> + <tr> + <td class="listbg">alert</td> + <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_limit_size']) echo " selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Snort alerts and event details");?></td> + </tr> + <tr> + <td class="listbg">appid-stats</td> + <td class="listr" align="center"><select name="appid_stats_log_limit_size" class="formselect" id="appid_stats_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['appid_stats_log_limit_size']) echo " selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="appid_stats_log_retention" class="formselect" id="appid_stats_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['appid_stats_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Application ID statistics");?></td> + </tr> + <tr> + <td class="listbg">event pcaps</td> + <td class="listr" align="center"><select name="event_pkts_log_limit_size" class="formselect" id="event_pkts_log_limit_size"> + <option value="0" selected>NO LIMIT</option> + </select> + </td> + <td class="listr" align="center"><select name="event_pkts_log_retention" class="formselect" id="event_pkts_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['event_pkts_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Snort alert related packet captures");?></td> + </tr> + <tr> + <td class="listbg">sid_changes</td> + <td class="listr" align="center"><select name="sid_changes_log_limit_size" class="formselect" id="sid_changes_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['sid_changes_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="sid_changes_log_retention" class="formselect" id="sid_changes_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['sid_changes_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("SID changes made by SID Mgmt conf files");?></td> + </tr> + <tr> + <td class="listbg">stats</td> + <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_limit_size']) echo " selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_retention']) echo " selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Snort performance statistics");?></td> + </tr> + </tbody> + </table> + <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") . + gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") . + gettext("how long rotated logs are kept before they are automatically deleted.");?> + </td> +</tr> +<tr> + <td width="22%"></td> + <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo + gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . + gettext("WARNING: This will reset ALL Log Management settings to their defaults. Click OK to continue or CANCEL to quit.") . + "');\""; ?>/><br/> + <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> + </span><?php echo gettext("Changing any settings on this page will affect all Snort-configured interfaces.");?></td> +</tr> + </table> +</div><br/> +</td></tr> +</table> +</form> + +<script language="JavaScript"> +function enable_change() { + var endis = !(document.iform.enable_log_mgmt.checked); + document.iform.alert_log_limit_size.disabled = endis; + document.iform.alert_log_retention.disabled = endis; + document.iform.stats_log_limit_size.disabled = endis; + document.iform.stats_log_retention.disabled = endis; + document.iform.sid_changes_log_retention.disabled = endis; + document.iform.sid_changes_log_limit_size.disabled = endis; + document.iform.event_pkts_log_limit_size.disabled = endis; + document.iform.event_pkts_log_retention.disabled = endis; +} + +function enable_change_dirSize() { + var endis = !(document.getElementById('snortloglimit_on').checked); + document.getElementById('snortloglimitsize').disabled = endis; +} + +enable_change(); +enable_change_dirSize(); +</script> + +<?php include("fend.inc"); ?> + +</body> +</html> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index d483ba47..12ae5d19 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -70,6 +70,55 @@ if (empty($config['installedpackages']['snortglobal']['snort_config_ver']) && $updated_cfg = true; } +/**********************************************************/ +/* Create new Auto SID Mgmt settings if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['auto_manage_sids'])) { + $config['installedpackages']['snortglobal']['auto_manage_sids'] = "off"; + $updated_cfg = true; +} + +/**********************************************************/ +/* Create new LOG MGMT settings if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['enable_log_mgmt'])) { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = "on"; + $config['installedpackages']['snortglobal']['alert_log_limit_size'] = "500"; + $config['installedpackages']['snortglobal']['alert_log_retention'] = "336"; + $config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = "1000"; + $config['installedpackages']['snortglobal']['appid_stats_log_retention'] = "168"; + $config['installedpackages']['snortglobal']['event_pkts_log_limit_size'] = "0"; + $config['installedpackages']['snortglobal']['event_pkts_log_retention'] = "336"; + $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = "250"; + $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = "336"; + $config['installedpackages']['snortglobal']['stats_log_limit_size'] = "500"; + $config['installedpackages']['snortglobal']['stats_log_retention'] = "168"; + $updated_cfg = true; +} +if (empty($config['installedpackages']['snortglobal']['appid_stats_log_limit_size'])) + $config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] = "1000"; +if (empty($config['installedpackages']['snortglobal']['appid_stats_log_retention'])) + $config['installedpackages']['snortglobal']['appid_stats_log_retention'] = "168"; + +/**********************************************************/ +/* Create new VERBOSE_LOGGING setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['verbose_logging'])) { + $config['installedpackages']['snortglobal']['verbose_logging'] = "off"; + $updated_cfg = true; +} + +/**********************************************************/ +/* Create new OpenAppID settings if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['snortglobal']['openappid_detectors'])) { + $config['installedpackages']['snortglobal']['openappid_detectors'] = "off"; + $updated_cfg = true; +} + +/**********************************************************/ +/* Migrate per interface settings if required. */ +/**********************************************************/ foreach ($rule as &$r) { // Initialize arrays for supported preprocessors if necessary if (!is_array($r['frag3_engine']['item'])) @@ -344,7 +393,7 @@ foreach ($rule as &$r) { // Since Barnyard2 was enabled, configure the new archived log settings $pconfig['u2_archived_log_retention'] = '168'; $pconfig['barnyard_archive_enable'] = 'on'; - $pconfig['unified2_log_limit'] = '32'; + $pconfig['unified2_log_limit'] = '32M'; $updated_cfg = true; } @@ -357,17 +406,134 @@ foreach ($rule as &$r) { $updated_cfg = true; } + // Migrate new POP3 preprocessor parameter settings + if (empty($pconfig['pop_memcap'])) { + $pconfig['pop_memcap'] = "838860"; + $updated_cfg = true; + } + if (empty($pconfig['pop_b64_decode_depth']) && $pconfig['pop_b64_decode_depth'] != '0') { + $pconfig['pop_b64_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['pop_qp_decode_depth']) && $pconfig['pop_qp_decode_depth'] != '0') { + $pconfig['pop_qp_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['pop_bitenc_decode_depth']) && $pconfig['pop_bitenc_decode_depth'] != '0') { + $pconfig['pop_bitenc_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['pop_uu_decode_depth']) && $pconfig['pop_uu_decode_depth'] != '0') { + $pconfig['pop_uu_decode_depth'] = "0"; + $updated_cfg = true; + } + + // Migrate new IMAP preprocessor parameter settings + if (empty($pconfig['imap_memcap'])) { + $pconfig['imap_memcap'] = "838860"; + $updated_cfg = true; + } + if (empty($pconfig['imap_b64_decode_depth']) && $pconfig['imap_b64_decode_depth'] != '0') { + $pconfig['imap_b64_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['imap_qp_decode_depth']) && $pconfig['imap_qp_decode_depth'] != '0') { + $pconfig['imap_qp_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['imap_bitenc_decode_depth']) && $pconfig['imap_bitenc_decode_depth'] != '0') { + $pconfig['imap_bitenc_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['imap_uu_decode_depth']) && $pconfig['imap_uu_decode_depth'] != '0') { + $pconfig['imap_uu_decode_depth'] = "0"; + $updated_cfg = true; + } + + // Migrate new SMTP preprocessor parameter settings + if (empty($pconfig['smtp_memcap'])) { + $pconfig['smtp_memcap'] = "838860"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_max_mime_mem'])) { + $pconfig['smtp_max_mime_mem'] = "838860"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_b64_decode_depth']) && $pconfig['smtp_b64_decode_depth'] != "0") { + $pconfig['smtp_b64_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_qp_decode_depth']) && $pconfig['smtp_qp_decode_depth'] != "0") { + $pconfig['smtp_qp_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_bitenc_decode_depth']) && $pconfig['smtp_bitenc_decode_depth'] != "0") { + $pconfig['smtp_bitenc_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_uu_decode_depth']) && $pconfig['smtp_uu_decode_depth'] != "0") { + $pconfig['smtp_uu_decode_depth'] = "0"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_email_hdrs_log_depth'])) { + $pconfig['smtp_email_hdrs_log_depth'] = "1464"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_ignore_tls_data'])) { + $pconfig['smtp_ignore_tls_data'] = 'on'; + $updated_cfg = true; + } + if (empty($pconfig['smtp_log_mail_from'])) { + $pconfig['smtp_log_mail_from'] = 'on'; + $updated_cfg = true; + } + if (empty($pconfig['smtp_log_rcpt_to'])) { + $pconfig['smtp_log_rcpt_to'] = 'on'; + $updated_cfg = true; + } + if (empty($pconfig['smtp_log_filename'])) { + $pconfig['smtp_log_filename'] = 'on'; + $updated_cfg = true; + } + if (empty($pconfig['smtp_log_email_hdrs'])) { + $pconfig['smtp_log_email_hdrs'] = 'on'; + $updated_cfg = true; + } + + // Migrate any BY2 limit for unified2 logs to new format + if (!empty($pconfig['unified2_log_limit']) && + !preg_match('/^\d+[g|k|m|G|K|M]/', $pconfig['unified2_log_limit'])) { + $pconfig['unified2_log_limit'] .= "M"; + $updated_cfg = true; + } + + // Default any unconfigured AppID preprocessor settings + if (empty($pconfig['appid_preproc'])) { + $pconfig['appid_preproc'] = 'off'; + $updated_cfg = true; + } + if (empty($pconfig['sf_appid_mem_cap'])) { + $pconfig['sf_appid_mem_cap'] = '256'; + $updated_cfg = true; + } + if (empty($pconfig['sf_appid_statslog'])) { + $pconfig['sf_appid_statslog'] = 'on'; + $updated_cfg = true; + } + if (empty($pconfig['sf_appid_stats_period'])) { + $pconfig['sf_appid_stats_period'] = '300'; + $updated_cfg = true; + } + // Save the new configuration data into the $config array pointer $r = $pconfig; } // Release reference to final array element unset($r); -// Write out the new configuration to disk if we changed anything +// Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; - log_error("[Snort] Saving configuration settings in new format..."); - write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 2cac9cd4..965f22d7 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -86,7 +86,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) { if (!$input_errors) { unset($a_passlist[$_POST['list_id']]); write_config("Snort pkg: deleted PASS LIST."); + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_passlist.php"); exit; } @@ -125,7 +127,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); ?> </td> diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 3be776f4..9f95adb4 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -39,6 +39,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$pconfig = array(); + if ($_POST['cancel']) { header("Location: /snort/snort_passlist.php"); exit; @@ -52,24 +54,63 @@ $a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -elseif (isset($_GET['id']) && is_numericint($_GET['id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) { $id = htmlspecialchars($_GET['id']); +} /* Should never be called without identifying list index, so bail */ if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } +if (isset($id) && isset($a_passlist[$id])) { + /* Retrieve saved settings */ + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['name'] = htmlspecialchars($_GET['name']); + $pconfig['uuid'] = htmlspecialchars($_GET['uuid']); + $pconfig['address'] = htmlspecialchars($_GET['address']); + $pconfig['descr'] = htmlspecialchars($_GET['descr']); + $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; + $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; + $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; + $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; + $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; + $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no'; + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + /* If no entry for this passlist, then create a UUID and treat it like a new list */ -if (!isset($a_passlist[$id]['uuid'])) { +if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) { $passlist_uuid = 0; while ($passlist_uuid > 65535 || $passlist_uuid == 0) { $passlist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $passlist_uuid; $pconfig['name'] = "passlist_{$passlist_uuid}"; } -} else +} +elseif (!empty($pconfig['uuid'])) { + $passlist_uuid = $pconfig['uuid']; +} +else $passlist_uuid = $a_passlist[$id]['uuid']; /* returns true if $name is a valid name for a pass list file name or ip */ @@ -83,28 +124,6 @@ function is_validpasslistname($name) { return false; } -if (isset($id) && $a_passlist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_passlist[$id]['name']; - $pconfig['uuid'] = $a_passlist[$id]['uuid']; - $pconfig['detail'] = $a_passlist[$id]['detail']; - $pconfig['address'] = $a_passlist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); - $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; - $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; - $pconfig['vips'] = $a_passlist[$id]['vips']; - $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); -} - if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -112,7 +131,12 @@ if ($_POST['save']) { /* input validation */ $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultpasslist") $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); @@ -121,11 +145,11 @@ if ($_POST['save']) { $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_passlist as $w_list) { - if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + foreach ($a_passlist as $p_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list)) continue; - if ($w_list['name'] == $_POST['name']) { + if ($p_list['name'] == $_POST['name']) { $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } @@ -136,30 +160,30 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid alias must be provided"); if (!$input_errors) { - $w_list = array(); + $p_list = array(); /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $passlist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; + $p_list['name'] = $_POST['name']; + $p_list['uuid'] = $passlist_uuid; + $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + $p_list['address'] = $_POST['address']; + $p_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if (isset($id) && $a_passlist[$id]) - $a_passlist[$id] = $w_list; + $a_passlist[$id] = $p_list; else - $a_passlist[] = $w_list; + $a_passlist[] = $p_list; - write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + write_config("Snort pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); header("Location: /snort/snort_passlist.php"); exit; @@ -197,7 +221,9 @@ if ($savemsg) $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array,true); ?> </td> @@ -279,8 +305,8 @@ if ($savemsg) </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -321,6 +347,29 @@ function createAutoSuggest() { setTimeout("createAutoSuggest();", 500); +function selectAlias() { + + var loc; + var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=address&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + </script> <?php include("fend.inc"); ?> </body> diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 8d3c427d..57e92ce5 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * part of pfSense * All rights reserved. * @@ -41,1334 +41,15 @@ require_once("config.inc"); require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +require("/usr/local/pkg/snort/snort_defs.inc"); global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include; $snortdir = SNORTDIR; -$snortlibdir = SNORTLIBDIR; +$snortlogdir = SNORTLOGDIR; $rcdir = RCFILEPREFIX; - -// This is a hack to workaround the caching of the old "snort.inc" by the -// Package Manager installation code. We need this new function which is -// in the new snort.inc file during post-installation. -if (!function_exists('snort_expand_port_range')) { - function snort_expand_port_range($ports, $delim = ',') { - // Split the incoming string on the specified delimiter - $tmp = explode($delim, $ports); - - // Look for any included port range and expand it - foreach ($tmp as $val) { - if (is_portrange($val)) { - $start = strtok($val, ":"); - $end = strtok(":"); - if ($end !== false) { - $val = $start . $delim; - for ($i = intval($start) + 1; $i < intval($end); $i++) - $val .= strval($i) . $delim; - $val .= $end; - } - } - $value .= $val . $delim; - } - - // Remove any trailing delimiter in return value - return trim($value, $delim); - } -} - -// This function mirrors the "snort_generate_conf()" function in the -// "snort.inc" file. It is here with a modified name as a workaround -// so that functionality built into the new package version can be -// implemented during installation. During a package reinstall, the -// Package Manager will cache the old version of "snort.inc" and thus -// new features are not available from the new "snort.inc" file in the -// new package. -function snort_build_new_conf($snortcfg) { - - global $config, $g, $rebuild_rules; - - $snortdir = SNORTDIR; - $snortlibdir = SNORTLIBDIR; - $snortlogdir = SNORTLOGDIR; - $flowbit_rules_file = FLOWBITS_FILENAME; - $snort_enforcing_rules_file = ENFORCING_RULES_FILENAME; - - if (!is_array($config['installedpackages']['snortglobal']['rule'])) - return; - - conf_mount_rw(); - - /* See if we should protect and not modify the preprocessor rules files */ - if (!empty($snortcfg['protect_preproc_rules'])) - $protect_preproc_rules = $snortcfg['protect_preproc_rules']; - else - $protect_preproc_rules = "off"; - - $if_real = get_real_interface($snortcfg['interface']); - $snort_uuid = $snortcfg['uuid']; - $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; - - /* custom home nets */ - $home_net_list = snort_build_list($snortcfg, $snortcfg['homelistname']); - $home_net = implode(",", $home_net_list); - - $external_net = '!$HOME_NET'; - if (!empty($snortcfg['externallistname']) && $snortcfg['externallistname'] != 'default') { - $external_net_list = snort_build_list($snortcfg, $snortcfg['externallistname']); - $external_net = implode(",", $external_net_list); - } - - /* user added arguments */ - $snort_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['configpassthru'])); - // Remove the trailing newline - $snort_config_pass_thru = rtrim($snort_config_pass_thru); - - /* create a few directories and ensure the sample files are in place */ - $snort_dirs = array( $snortdir, $snortcfgdir, "{$snortcfgdir}/rules", - "{$snortlogdir}/snort_{$if_real}{$snort_uuid}", - "{$snortlogdir}/snort_{$if_real}{$snort_uuid}/barnyard2", - "{$snortcfgdir}/preproc_rules", - "dynamicrules" => "{$snortlibdir}/dynamicrules", - "dynamicengine" => "{$snortlibdir}/dynamicengine", - "dynamicpreprocessor" => "{$snortcfgdir}/dynamicpreprocessor" - ); - foreach ($snort_dirs as $dir) { - if (!is_dir($dir)) - safe_mkdir($dir); - } - - /********************************************************************/ - /* For fail-safe on an initial startup following installation, and */ - /* before a rules update has occurred, copy the default config */ - /* files to the interface directory. If files already exist in */ - /* the interface directory, or they are newer, that means a rule */ - /* update has been done and we should leave the customized files */ - /* put in place by the rules update process. */ - /********************************************************************/ - $snort_files = array("gen-msg.map", "classification.config", "reference.config", "attribute_table.dtd", - "sid-msg.map", "unicode.map", "threshold.conf", "preproc_rules/preprocessor.rules", - "preproc_rules/decoder.rules", "preproc_rules/sensitive-data.rules" - ); - foreach ($snort_files as $file) { - if (file_exists("{$snortdir}/{$file}")) { - $ftime = filemtime("{$snortdir}/{$file}"); - if (!file_exists("{$snortcfgdir}/{$file}") || ($ftime > filemtime("{$snortcfgdir}/{$file}"))) - @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); - } - } - - /* define alertsystemlog */ - $alertsystemlog_type = ""; - if ($snortcfg['alertsystemlog'] == "on") - $alertsystemlog_type = "output alert_syslog: log_alert"; - - /* define snortunifiedlog */ - $snortunifiedlog_type = ""; - if ($snortcfg['barnyard_enable'] == "on") { - if (isset($snortcfg['unified2_log_limit'])) - $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}"; - else - $u2_log_limit = "limit 128"; - - $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}"; - if ($snortcfg['barnyard_log_vlan_events'] == 'on') - $snortunifiedlog_type .= ", vlan_event_types"; - if ($snortcfg['barnyard_log_mpls_events'] == 'on') - $snortunifiedlog_type .= ", mpls_event_types"; - } - - /* define spoink */ - $spoink_type = ""; - if ($snortcfg['blockoffenders7'] == "on") { - $pfkill = ""; - if ($snortcfg['blockoffenderskill'] == "on") - $pfkill = "kill"; - $spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true); - /* write whitelist */ - @file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist)); - $spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}"; - } - - /* define selected suppress file */ - $suppress_file_name = ""; - $suppress = snort_find_list($snortcfg['suppresslistname'], 'suppress'); - if (!empty($suppress)) { - $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); - @file_put_contents("{$snortcfgdir}/supp{$snortcfg['suppresslistname']}", $suppress_data); - $suppress_file_name = "include {$snortcfgdir}/supp{$snortcfg['suppresslistname']}"; - } - - /* set the snort performance model */ - $snort_performance = "ac-bnfa"; - if(!empty($snortcfg['performance'])) - $snort_performance = $snortcfg['performance']; - - /* if user has defined a custom ssh port, use it */ - if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) - $ssh_port = $config['system']['ssh']['port']; - else - $ssh_port = "22"; - - /* Define an array of default values for the various preprocessor ports */ - $snort_ports = array( - "dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,465,587,691", - "http_ports" => "36,80,81,82,83,84,85,86,87,88,89,90,311,383,591,593,631,901,1220,1414,1533,1741,1830,2301,2381,2809,3037,3057,3128,3443,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8081,8082,8085,8088,8090,8118,8123,8180,8181,8222,8243,8280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,10000,11371,15489,29991,33300,34412,34443,34444,41080,44440,50000,50002,51423,55555,56712", - "oracle_ports" => "1024:", "mssql_ports" => "1433", "telnet_ports" => "23", - "snmp_ports" => "161", "ftp_ports" => "21,2100,3535", "ssh_ports" => $ssh_port, - "pop2_ports" => "109", "pop3_ports" => "110", "imap_ports" => "143", - "sip_ports" => "5060,5061,5600", "auth_ports" => "113", "finger_ports" => "79", - "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", - "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", - "ssl_ports" => "443,465,563,636,989,992,993,994,995,7801,7802,7900,7901,7902,7903,7904,7905,7906,7907,7908,7909,7910,7911,7912,7913,7914,7915,7916,7917,7918,7919,7920", - "file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", - "sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", - "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", - "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", - "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", - "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502", - "GTP_PORTS" => "2123,2152,3386" - ); - - /* Check for defined Aliases that may override default port settings as we build the portvars array */ - $portvardef = ""; - foreach ($snort_ports as $alias => $avalue) { - if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) - $snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"])); - $snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias])); - $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n"; - } - - /* Define the default ports for the Stream5 preprocessor (formatted for easier reading in the snort.conf file) */ - $stream5_ports_client = "21 22 23 25 42 53 70 79 109 110 111 113 119 135 136 137 \\\n"; - $stream5_ports_client .= "\t 139 143 161 445 513 514 587 593 691 1433 1521 1741 \\\n"; - $stream5_ports_client .= "\t 2100 3306 6070 6665 6666 6667 6668 6669 7000 8181 \\\n"; - $stream5_ports_client .= "\t 32770 32771 32772 32773 32774 32775 32776 32777 \\\n"; - $stream5_ports_client .= "\t 32778 32779"; - $stream5_ports_both = "80 81 82 83 84 85 86 87 88 89 90 110 311 383 443 465 563 \\\n"; - $stream5_ports_both .= "\t 591 593 631 636 901 989 992 993 994 995 1220 1414 1533 \\\n"; - $stream5_ports_both .= "\t 1830 2301 2381 2809 3037 3057 3128 3443 3702 4343 4848 \\\n"; - $stream5_ports_both .= "\t 5250 6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 \\\n"; - $stream5_ports_both .= "\t 7779 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 \\\n"; - $stream5_ports_both .= "\t 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 \\\n"; - $stream5_ports_both .= "\t 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 \\\n"; - $stream5_ports_both .= "\t 8123 8180 8222 8243 8280 8300 8500 8800 8888 8899 9000 \\\n"; - $stream5_ports_both .= "\t 9060 9080 9090 9091 9443 9999 10000 11371 15489 29991 \\\n"; - $stream5_ports_both .= "\t 33300 34412 34443 34444 41080 44440 50000 50002 51423 \\\n"; - $stream5_ports_both .= "\t 55555 56712"; - - ///////////////////////////// - /* preprocessor code */ - /* def perform_stat */ - $perform_stat = <<<EOD -# Performance Statistics # -preprocessor perfmonitor: time 300 file {$snortlogdir}/snort_{$if_real}{$snort_uuid}/{$if_real}.stats pktcnt 10000 - -EOD; - - /* def ftp_preprocessor */ - $telnet_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['telnet_ports'])); - $ftp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ftp_ports'])); - - // Configure FTP_Telnet global options - $ftp_telnet_globals = "inspection_type "; - if ($snortcfg['ftp_telnet_inspection_type'] != "") { $ftp_telnet_globals .= $snortcfg['ftp_telnet_inspection_type']; }else{ $ftp_telnet_globals .= "stateful"; } - if ($snortcfg['ftp_telnet_alert_encrypted'] == "on") - $ftp_telnet_globals .= " \\\n\tencrypted_traffic yes"; - else - $ftp_telnet_globals .= " \\\n\tencrypted_traffic no"; - if ($snortcfg['ftp_telnet_check_encrypted'] == "on") - $ftp_telnet_globals .= " \\\n\tcheck_encrypted"; - - // Configure FTP_Telnet Telnet protocol options - $ftp_telnet_protocol = "ports { {$telnet_ports} }"; - if ($snortcfg['ftp_telnet_normalize'] == "on") - $ftp_telnet_protocol .= " \\\n\tnormalize"; - if ($snortcfg['ftp_telnet_detect_anomalies'] == "on") - $ftp_telnet_protocol .= " \\\n\tdetect_anomalies"; - if ($snortcfg['ftp_telnet_ayt_attack_threshold'] <> '0') { - $ftp_telnet_protocol .= " \\\n\tayt_attack_thresh "; - if ($snortcfg['ftp_telnet_ayt_attack_threshold'] != "") - $ftp_telnet_protocol .= $snortcfg['ftp_telnet_ayt_attack_threshold']; - else - $ftp_telnet_protocol .= "20"; - } - - // Setup the standard FTP commands used for all FTP Server engines - $ftp_cmds = <<<EOD - ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \ - ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \ - ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \ - ftp_cmds { LPSV MACB MAIL MDTM MFMT MIC MKD MLSD MLST } \ - ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \ - ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \ - ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \ - ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \ - ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \ - ftp_cmds { XSEN XSHA1 XSHA256 } \ - alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \ - alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \ - alt_max_param_len 256 { CWD RNTO } \ - alt_max_param_len 400 { PORT } \ - alt_max_param_len 512 { MFMT SIZE } \ - chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \ - chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \ - chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \ - chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \ - chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \ - chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \ - chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ - chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \ - cmd_validity ALLO < int [ char R int ] > \ - cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \ - cmd_validity MACB < string > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity PORT < host_port > \ - cmd_validity PROT < char CSEP > \ - cmd_validity STRU < char FRPO [ string ] > \ - cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > - -EOD; - - // Configure all the FTP_Telnet FTP protocol options - // Iterate and configure the FTP Client engines - $ftp_default_client_engine = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); - - if (!is_array($snortcfg['ftp_client_engine']['item'])) - $snortcfg['ftp_client_engine']['item'] = array(); - - // If no FTP client engine is configured, use the default - // to keep from breaking Snort. - if (empty($snortcfg['ftp_client_engine']['item'])) - $snortcfg['ftp_client_engine']['item'][] = $ftp_default_client_engine; - $ftp_client_engine = ""; - - foreach ($snortcfg['ftp_client_engine']['item'] as $f => $v) { - $buffer = "preprocessor ftp_telnet_protocol: ftp client "; - if ($v['name'] == "default" && $v['bind_to'] == "all") - $buffer .= "default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "{$tmp} \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); - continue; - } - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP client '{$v['name']}' ... skipping entry."); - continue; - } - - if ($v['max_resp_len'] == "") - $buffer .= "\tmax_resp_len 256 \\\n"; - else - $buffer .= "\tmax_resp_len {$v['max_resp_len']} \\\n"; - - $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; - $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; - - if ($v['bounce'] == "yes") { - if (is_alias($v['bounce_to_net']) && is_alias($v['bounce_to_port'])) { - $net = trim(filter_expand_alias($v['bounce_to_net'])); - $port = trim(filter_expand_alias($v['bounce_to_port'])); - if (!empty($net) && !empty($port) && - snort_is_single_addr_alias($v['bounce_to_net']) && - (is_port($port) || is_portrange($port))) { - $port = preg_replace('/\s+/', ',', $port); - // Change port range delimiter to comma for ftp_telnet client preprocessor - if (is_portrange($port)) - $port = str_replace(":", ",", $port); - $buffer .= "\tbounce yes \\\n"; - $buffer .= "\tbounce_to { {$net},{$port} }\n"; - } - else { - // One or both of the BOUNCE_TO alias values is not right, - // so figure out which and log an appropriate error. - if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) - log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); - if (empty($port) || !(is_port($port) || is_portrange($port))) - log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); - $buffer .= "\tbounce yes\n"; - } - } - else - $buffer .= "\tbounce yes\n"; - } - else - $buffer .= "\tbounce no\n"; - - // Add this FTP client engine to the master string - $ftp_client_engine .= "{$buffer}\n"; - } - // Trim final trailing newline - rtrim($ftp_client_engine); - - // Iterate and configure the FTP Server engines - $ftp_default_server_engine = array( "name" => "default", "bind_to" => "all", "ports" => "default", - "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", - "ignore_data_chan" => "no", "def_max_param_len" => 100 ); - - if (!is_array($snortcfg['ftp_server_engine']['item'])) - $snortcfg['ftp_server_engine']['item'] = array(); - - // If no FTP server engine is configured, use the default - // to keep from breaking Snort. - if (empty($snortcfg['ftp_server_engine']['item'])) - $snortcfg['ftp_server_engine']['item'][] = $ftp_default_server_engine; - $ftp_server_engine = ""; - - foreach ($snortcfg['ftp_server_engine']['item'] as $f => $v) { - $buffer = "preprocessor ftp_telnet_protocol: ftp server "; - if ($v['name'] == "default" && $v['bind_to'] == "all") - $buffer .= "default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "{$tmp} \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); - continue; - } - } - else { - log_error("[snort] ERROR: unable to resolve IP Address Alias '{$v['bind_to']}' for FTP server '{$v['name']}' ... skipping entry."); - continue; - } - - if ($v['def_max_param_len'] == "") - $buffer .= "\tdef_max_param_len 100 \\\n"; - elseif ($v['def_max_param_len'] <> '0') - $buffer .= "\tdef_max_param_len {$v['def_max_param_len']} \\\n"; - - if ($v['ports'] == "default" || !is_alias($v['ports']) || empty($v['ports'])) - $buffer .= "\tports { {$ftp_ports} } \\\n"; - elseif (is_alias($v['ports'])) { - $tmp = trim(filter_expand_alias($v['ports'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $tmp = snort_expand_port_range($tmp, ' '); - $buffer .= "\tports { {$tmp} } \\\n"; - } - else { - log_error("[snort] ERROR: unable to resolve Port Alias '{$v['ports']}' for FTP server '{$v['name']}' ... reverting to defaults."); - $buffer .= "\tports { {$ftp_ports} } \\\n"; - } - } - - $buffer .= "\ttelnet_cmds {$v['telnet_cmds']} \\\n"; - $buffer .= "\tignore_telnet_erase_cmds {$v['ignore_telnet_erase_cmds']} \\\n"; - if ($v['ignore_data_chan'] == "yes") - $buffer .= "\tignore_data_chan yes \\\n"; - $buffer .= "{$ftp_cmds}\n"; - - // Add this FTP server engine to the master string - $ftp_server_engine .= $buffer; - } - // Remove trailing newlines - rtrim($ftp_server_engine); - - $ftp_preprocessor = <<<EOD -# ftp_telnet preprocessor # -preprocessor ftp_telnet: global \ - {$ftp_telnet_globals} - -preprocessor ftp_telnet_protocol: telnet \ - {$ftp_telnet_protocol} - -{$ftp_server_engine} -{$ftp_client_engine} -EOD; - - $pop_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['pop3_ports'])); - $pop_preproc = <<<EOD -# POP preprocessor # -preprocessor pop: \ - ports { {$pop_ports} } \ - memcap 1310700 \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 - -EOD; - - $imap_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['imap_ports'])); - $imap_preproc = <<<EOD -# IMAP preprocessor # -preprocessor imap: \ - ports { {$imap_ports} } \ - memcap 1310700 \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 - -EOD; - - $smtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['mail_ports'])); - /* def smtp_preprocessor */ - $smtp_preprocessor = <<<EOD -# SMTP preprocessor # -preprocessor SMTP: \ - ports { {$smtp_ports} } \ - inspection_type stateful \ - normalize cmds \ - ignore_tls_data \ - valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT \ - NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU \ - STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE \ - XQUEU XSTA XTRN XUSR } \ - normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY \ - IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT \ - ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 \ - XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - max_header_line_len 1000 \ - max_response_line_len 512 \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \ - alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \ - alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \ - alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \ - alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \ - xlink2state { enable } \ - log_mailfrom \ - log_rcptto \ - log_email_hdrs \ - email_hdrs_log_depth 1464 \ - log_filename \ - qp_decode_depth 0 \ - b64_decode_depth 0 \ - bitenc_decode_depth 0 \ - uu_decode_depth 0 - -EOD; - - /* def sf_portscan */ - $sf_pscan_protocol = "all"; - if (!empty($snortcfg['pscan_protocol'])) - $sf_pscan_protocol = $snortcfg['pscan_protocol']; - $sf_pscan_type = "all"; - if (!empty($snortcfg['pscan_type'])) - $sf_pscan_type = $snortcfg['pscan_type']; - $sf_pscan_memcap = "10000000"; - if (!empty($snortcfg['pscan_memcap'])) - $sf_pscan_memcap = $snortcfg['pscan_memcap']; - $sf_pscan_sense_level = "medium"; - if (!empty($snortcfg['pscan_sense_level'])) - $sf_pscan_sense_level = $snortcfg['pscan_sense_level']; - $sf_pscan_ignore_scanners = "\$HOME_NET"; - if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) { - $sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners'])); - $sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners)); - } - - $sf_portscan = <<<EOD -# sf Portscan # -preprocessor sfportscan: \ - scan_type { {$sf_pscan_type} } \ - proto { {$sf_pscan_protocol} } \ - memcap { {$sf_pscan_memcap} } \ - sense_level { {$sf_pscan_sense_level} } \ - ignore_scanners { {$sf_pscan_ignore_scanners} } - -EOD; - - /* def ssh_preproc */ - $ssh_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssh_ports'])); - $ssh_preproc = <<<EOD -# SSH preprocessor # -preprocessor ssh: \ - server_ports { {$ssh_ports} } \ - autodetect \ - max_client_bytes 19600 \ - max_encrypted_packets 20 \ - max_server_version_len 100 \ - enable_respoverflow enable_ssh1crc32 \ - enable_srvoverflow enable_protomismatch - -EOD; - - /* def other_preprocs */ - $sun_rpc_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sun_rpc_ports'])); - $other_preprocs = <<<EOD -# Other preprocs # -preprocessor rpc_decode: \ - {$sun_rpc_ports} \ - no_alert_multiple_requests \ - no_alert_large_fragments \ - no_alert_incomplete - -# Back Orifice preprocessor # -preprocessor bo - -EOD; - - /* def dce_rpc_2 */ - $dce_rpc_2 = <<<EOD -# DCE/RPC 2 # -preprocessor dcerpc2: \ - memcap 102400, \ - events [co] - -preprocessor dcerpc2_server: default, \ - policy WinXP, \ - detect [smb [{$snort_ports['smb_ports']}], \ - tcp 135, \ - udp 135, \ - rpc-over-http-server 593], \ - autodetect [tcp 1025:, \ - udp 1025:, \ - rpc-over-http-server 1025:], \ - smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"] - -EOD; - - $sip_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['sip_ports'])); - $sip_preproc = <<<EOD -# SIP preprocessor # -preprocessor sip: \ - max_sessions 40000, \ - ports { {$sip_ports} }, \ - methods { invite \ - cancel \ - ack \ - bye \ - register \ - options \ - refer \ - subscribe \ - update \ - join \ - info \ - message \ - notify \ - benotify \ - do \ - qauth \ - sprack \ - publish \ - service \ - unsubscribe \ - prack }, \ - max_call_id_len 80, \ - max_from_len 256, \ - max_to_len 256, \ - max_via_len 1024, \ - max_requestName_len 50, \ - max_uri_len 512, \ - ignore_call_channel, \ - max_content_len 2048, \ - max_contact_len 512 - -EOD; - - $dns_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['dns_ports'])); - /* def dns_preprocessor */ - $dns_preprocessor = <<<EOD -# DNS preprocessor # -preprocessor dns: \ - ports { {$dns_ports} } \ - enable_rdata_overflow - -EOD; - - /* def dnp3_preprocessor */ - $dnp3_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['DNP3_PORTS'])); - $dnp3_preproc = <<<EOD -# DNP3 preprocessor # -preprocessor dnp3: \ - ports { {$dnp3_ports} } \ - memcap 262144 \ - check_crc - -EOD; - - /* def modbus_preprocessor */ - $modbus_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['MODBUS_PORTS'])); - $modbus_preproc = <<<EOD -# Modbus preprocessor # -preprocessor modbus: \ - ports { {$modbus_ports} } - -EOD; - - /* def gtp_preprocessor */ - $gtp_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['GTP_PORTS'])); - $gtp_preproc = <<<EOD -# GTP preprocessor # -preprocessor gtp: \ - ports { {$gtp_ports} } - -EOD; - - /* def ssl_preprocessor */ - $ssl_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['ssl_ports'])); - $ssl_preproc = <<<EOD -# SSL preprocessor # -preprocessor ssl: \ - ports { {$ssl_ports} }, \ - trustservers, \ - noinspect_encrypted - -EOD; - - /* def sensitive_data_preprocessor */ - if ($snortcfg['sdf_mask_output'] == "on") - $sdf_mask_output = "\\\n\tmask_output"; - else - $sdf_mask_output = ""; - if (empty($snortcfg['sdf_alert_threshold'])) - $snortcfg['sdf_alert_threshold'] = 25; - $sensitive_data = <<<EOD -# SDF preprocessor # -preprocessor sensitive_data: \ - alert_threshold {$snortcfg['sdf_alert_threshold']} {$sdf_mask_output} - -EOD; - - /* define IP Reputation preprocessor */ - if (is_array($snortcfg['blist_files']['item'])) { - $blist_files = ""; - $bIsFirst = TRUE; - foreach ($snortcfg['blist_files']['item'] as $blist) { - if ($bIsFirst) { - $blist_files .= "blacklist " . IPREP_PATH . $blist; - $bIsFirst = FALSE; - } - else - $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist; - } - } - if (is_array($snortcfg['wlist_files']['item'])) { - $wlist_files = ""; - $bIsFirst = TRUE; - foreach ($snortcfg['wlist_files']['item'] as $wlist) { - if ($bIsFirst) { - $wlist_files .= "whitelist " . IPREP_PATH . $wlist; - $bIsFirst = FALSE; - } - else - $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist; - } - } - if (!empty($blist_files)) - $ip_lists = $blist_files; - if (!empty($wlist_files)) - $ip_lists .= ", \\ \n" . $wlist_files; - if ($snortcfg['iprep_scan_local'] == 'on') - $ip_lists .= ", \\ \n\tscan_local"; - - $reputation_preproc = <<<EOD -# IP Reputation preprocessor # -preprocessor reputation: \ - memcap {$snortcfg['iprep_memcap']}, \ - priority {$snortcfg['iprep_priority']}, \ - nested_ip {$snortcfg['iprep_nested_ip']}, \ - white {$snortcfg['iprep_white']}, \ - {$ip_lists} - -EOD; - - /* define servers as IP variables */ - $snort_servers = array ( - "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", - "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", - "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", - "pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", - "sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", - "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", - "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", - "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" - ); - - // Change old name from "var" to new name of "ipvar" for IP variables because - // Snort is deprecating the old "var" name in newer versions. - $ipvardef = ""; - foreach ($snort_servers as $alias => $avalue) { - if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) { - $avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"])); - $avalue = preg_replace('/\s+/', ',', trim($avalue)); - } - $ipvardef .= "ipvar " . strtoupper($alias) . " [{$avalue}]\n"; - } - - $snort_preproc_libs = array( - "dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc", - "pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc", - "sip_preproc" => "sip_preproc", "gtp_preproc" => "gtp_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", - "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" - ); - $snort_preproc = array ( - "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan", - "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc" - ); - $default_disabled_preprocs = array( - "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat" - ); - $snort_preprocessors = ""; - foreach ($snort_preproc as $preproc) { - if ($snortcfg[$preproc] == 'on' || empty($snortcfg[$preproc]) ) { - - /* If preprocessor is not explicitly "on" or "off", then default to "off" if in our default disabled list */ - if (empty($snortcfg[$preproc]) && in_array($preproc, $default_disabled_preprocs)) - continue; - - /* NOTE: The $$ is not a bug. It is an advanced feature of php */ - if (!empty($snort_preproc_libs[$preproc])) { - $preproclib = "libsf_" . $snort_preproc_libs[$preproc]; - if (!file_exists($snort_dirs['dynamicpreprocessor'] . "{$preproclib}.so")) { - if (file_exists("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so")) { - @copy("{$snortlibdir}/dynamicpreprocessor/{$preproclib}.so", "{$snort_dirs['dynamicpreprocessor']}/{$preproclib}.so"); - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } else - log_error("Could not find the {$preproclib} file. Snort might error out!"); - } else { - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } - } else { - $snort_preprocessors .= $$preproc; - $snort_preprocessors .= "\n"; - } - } - } - // Remove final trailing newline - $snort_preprocessors = rtrim($snort_preprocessors); - - $snort_misc_include_rules = ""; - if (file_exists("{$snortcfgdir}/reference.config")) - $snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n"; - if (file_exists("{$snortcfgdir}/classification.config")) - $snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n"; - if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) { - $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file."); - } - - /* generate rule sections to load */ - /* The files are always configured so the update process is easier */ - $selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n"; - $selected_rules_sections .= "include \$RULE_PATH/{$flowbit_rules_file}\n"; - $selected_rules_sections .= "include \$RULE_PATH/custom.rules\n"; - - // Remove trailing newlines - $snort_misc_include_rules = rtrim($snort_misc_include_rules); - $selected_rules_sections = rtrim($selected_rules_sections); - - /* Create the actual rules files and save in the interface directory */ - snort_prepare_rule_files($snortcfg, $snortcfgdir); - - $cksumcheck = "all"; - if ($snortcfg['cksumcheck'] == 'on') - $cksumcheck = "none"; - - /* Pull in user-configurable detection config options */ - $cfg_detect_settings = "search-method {$snort_performance} max-pattern-len 20 max_queue_events 5"; - if ($snortcfg['fpm_split_any_any'] == "on") - $cfg_detect_settings .= " split-any-any"; - if ($snortcfg['fpm_search_optimize'] == "on") - $cfg_detect_settings .= " search-optimize"; - if ($snortcfg['fpm_no_stream_inserts'] == "on") - $cfg_detect_settings .= " no_stream_inserts"; - - /* Pull in user-configurable options for Frag3 preprocessor settings */ - /* Get global Frag3 options first and put into a string */ - $frag3_global = "preprocessor frag3_global: "; - if (!empty($snortcfg['frag3_memcap']) || $snortcfg['frag3_memcap'] == "0") - $frag3_global .= "memcap {$snortcfg['frag3_memcap']}, "; - else - $frag3_global .= "memcap 4194304, "; - if (!empty($snortcfg['frag3_max_frags'])) - $frag3_global .= "max_frags {$snortcfg['frag3_max_frags']}"; - else - $frag3_global .= "max_frags 8192"; - if ($snortcfg['frag3_detection'] == "off") - $frag3_global .= ", disabled"; - - $frag3_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", - "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", - "overlap_limit" => 0, "min_frag_len" => 0 ); - $frag3_engine = ""; - - // Now iterate configured Frag3 engines and write them to a string if enabled - if ($snortcfg['frag3_detection'] == "on") { - if (!is_array($snortcfg['frag3_engine']['item'])) - $snortcfg['frag3_engine']['item'] = array(); - - // If no frag3 tcp engine is configured, use the default - if (empty($snortcfg['frag3_engine']['item'])) - $snortcfg['frag3_engine']['item'][] = $frag3_default_tcp_engine; - - foreach ($snortcfg['frag3_engine']['item'] as $f => $v) { - $frag3_engine .= "preprocessor frag3_engine: "; - $frag3_engine .= "policy {$v['policy']}"; - if ($v['bind_to'] <> "all") { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ',', $tmp); - if (strpos($tmp, ",") !== false) - $frag3_engine .= " \\\n\tbind_to [{$tmp}]"; - else - $frag3_engine .= " \\\n\tbind_to {$tmp}"; - } - else - log_error("[snort] WARNING: unable to resolve IP List Alias '{$v['bind_to']}' for Frag3 engine '{$v['name']}' ... using 0.0.0.0 failsafe."); - } - $frag3_engine .= " \\\n\ttimeout {$v['timeout']}"; - $frag3_engine .= " \\\n\tmin_ttl {$v['min_ttl']}"; - if ($v['detect_anomalies'] == "on") { - $frag3_engine .= " \\\n\tdetect_anomalies"; - $frag3_engine .= " \\\n\toverlap_limit {$v['overlap_limit']}"; - $frag3_engine .= " \\\n\tmin_fragment_length {$v['min_frag_len']}"; - } - // Add newlines to terminate this engine - $frag3_engine .= "\n\n"; - } - // Remove trailing newline - $frag3_engine = rtrim($frag3_engine); - } - - // Grab any user-customized value for Protocol Aware Flushing (PAF) max PDUs - $paf_max_pdu_config = "config paf_max: "; - if (empty($snortcfg['max_paf']) || $snortcfg['max_paf'] == '0') - $paf_max_pdu_config .= "0"; - else - $paf_max_pdu_config .= $snortcfg['max_paf']; - - // Pull in user-configurable options for Stream5 preprocessor settings - // Get global options first and put into a string - $stream5_global = "preprocessor stream5_global: \\\n"; - if ($snortcfg['stream5_reassembly'] == "off") - $stream5_global .= "\tdisabled, \\\n"; - if ($snortcfg['stream5_track_tcp'] == "off") - $stream5_global .= "\ttrack_tcp no,"; - else { - $stream5_global .= "\ttrack_tcp yes,"; - if (!empty($snortcfg['stream5_max_tcp'])) - $stream5_global .= " \\\n\tmax_tcp {$snortcfg['stream5_max_tcp']},"; - else - $stream5_global .= " \\\n\tmax_tcp 262144,"; - } - if ($snortcfg['stream5_track_udp'] == "off") - $stream5_global .= " \\\n\ttrack_udp no,"; - else { - $stream5_global .= " \\\n\ttrack_udp yes,"; - if (!empty($snortcfg['stream5_max_udp'])) - $stream5_global .= " \\\n\tmax_udp {$snortcfg['stream5_max_udp']},"; - else - $stream5_global .= " \\\n\tmax_udp 131072,"; - } - if ($snortcfg['stream5_track_icmp'] == "on") { - $stream5_global .= " \\\n\ttrack_icmp yes,"; - if (!empty($snortcfg['stream5_max_icmp'])) - $stream5_global .= " \\\n\tmax_icmp {$snortcfg['stream5_max_icmp']},"; - else - $stream5_global .= " \\\n\tmax_icmp 65536,"; - } - else - $stream5_global .= " \\\n\ttrack_icmp no,"; - if (!empty($snortcfg['stream5_mem_cap'])) - $stream5_global .= " \\\n\tmemcap {$snortcfg['stream5_mem_cap']},"; - else - $stream5_global .= " \\\n\tmemcap 8388608,"; - - if (!empty($snortcfg['stream5_prune_log_max']) || $snortcfg['stream5_prune_log_max'] == '0') - $stream5_global .= " \\\n\tprune_log_max {$snortcfg['stream5_prune_log_max']}"; - else - $stream5_global .= " \\\n\tprune_log_max 1048576"; - if ($snortcfg['stream5_flush_on_alert'] == "on") - $stream5_global .= ", \\\n\tflush_on_alert"; - - $stream5_default_tcp_engine = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, - "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, - "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, - "no_reassemble_async" => "off", "dont_store_lg_pkts" => "off", "max_window" => 0, - "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "ports_client" => "default", - "ports_both" => "default", "ports_server" => "none" ); - $stream5_tcp_engine = ""; - - // Now iterate configured Stream5 TCP engines and write them to a string if enabled - if ($snortcfg['stream5_reassembly'] == "on") { - if (!is_array($snortcfg['stream5_tcp_engine']['item'])) - $snortcfg['stream5_tcp_engine']['item'] = array(); - - // If no stream5 tcp engine is configured, use the default - if (empty($snortcfg['stream5_tcp_engine']['item'])) - $snortcfg['stream5_tcp_engine']['item'][] = $stream5_default_tcp_engine; - - foreach ($snortcfg['stream5_tcp_engine']['item'] as $f => $v) { - $buffer = "preprocessor stream5_tcp: "; - $buffer .= "policy {$v['policy']},"; - if ($v['bind_to'] <> "all") { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ',', $tmp); - if (strpos($tmp, ",") !== false) - $buffer .= " \\\n\tbind_to [{$tmp}],"; - else - $buffer .= " \\\n\tbind_to {$tmp},"; - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for Stream5 TCP engine '{$v['name']}' ... skipping this engine."); - continue; - } - } - $stream5_tcp_engine .= $buffer; - $stream5_tcp_engine .= " \\\n\ttimeout {$v['timeout']},"; - $stream5_tcp_engine .= " \\\n\toverlap_limit {$v['overlap_limit']},"; - $stream5_tcp_engine .= " \\\n\tmax_window {$v['max_window']},"; - $stream5_tcp_engine .= " \\\n\tmax_queued_bytes {$v['max_queued_bytes']},"; - $stream5_tcp_engine .= " \\\n\tmax_queued_segs {$v['max_queued_segs']}"; - if ($v['use_static_footprint_sizes'] == "on") - $stream5_tcp_engine .= ", \\\n\tuse_static_footprint_sizes"; - if ($v['check_session_hijacking'] == "on") - $stream5_tcp_engine .= ", \\\n\tcheck_session_hijacking"; - if ($v['dont_store_lg_pkts'] == "on") - $stream5_tcp_engine .= ", \\\n\tdont_store_large_packets"; - if ($v['no_reassemble_async'] == "on") - $stream5_tcp_engine .= ", \\\n\tdont_reassemble_async"; - if ($v['detect_anomalies'] == "on") - $stream5_tcp_engine .= ", \\\n\tdetect_anomalies"; - if ($v['require_3whs'] == "on") - $stream5_tcp_engine .= ", \\\n\trequire_3whs {$v['startup_3whs_timeout']}"; - if (!empty($v['ports_client'])) { - $stream5_tcp_engine .= ", \\\n\tports client"; - if ($v['ports_client'] == " all") - $stream5_tcp_engine .= " all"; - elseif ($v['ports_client'] == "default") - $stream5_tcp_engine .= " {$stream5_ports_client}"; - else { - $tmp = trim(filter_expand_alias($v['ports_client'])); - if (!empty($tmp)) - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - else { - $stream5_tcp_engine .= " {$stream5_ports_client}"; - log_error("[snort] WARNING: unable to resolve Ports Client Alias [{$v['ports_client']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); - } - } - } - if (!empty($v['ports_both'])) { - $stream5_tcp_engine .= ", \\\n\tports both"; - if ($v['ports_both'] == " all") - $stream5_tcp_engine .= " all"; - elseif ($v['ports_both'] == "default") - $stream5_tcp_engine .= " {$stream5_ports_both}"; - else { - $tmp = trim(filter_expand_alias($v['ports_both'])); - if (!empty($tmp)) - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - else { - $stream5_tcp_engine .= " {$stream5_ports_both}"; - log_error("[snort] WARNING: unable to resolve Ports Both Alias [{$v['ports_both']}] for Stream5 TCP engine '{$v['name']}' ... using default value."); - } - } - } - if (!empty($v['ports_server']) && $v['ports_server'] <> "none" && $v['ports_server'] <> "default") { - if ($v['ports_server'] == " all") { - $stream5_tcp_engine .= ", \\\n\tports server"; - $stream5_tcp_engine .= " all"; - } - else { - $tmp = trim(filter_expand_alias($v['ports_server'])); - if (!empty($tmp)) { - $stream5_tcp_engine .= ", \\\n\tports server"; - $stream5_tcp_engine .= " " . trim(preg_replace('/\s+/', ' ', $tmp)); - } - else - log_error("[snort] WARNING: unable to resolve Ports Server Alias [{$v['ports_server']}] for Stream5 TCP engine '{$v['name']}' ... defaulting to none."); - } - } - - // Make sure the "ports" parameter is set, or else default to a safe value - if (strpos($stream5_tcp_engine, "ports ") === false) - $stream5_tcp_engine .= ", \\\n\tports both all"; - - // Add a pair of newlines to terminate this engine - $stream5_tcp_engine .= "\n\n"; - } - // Trim off the final trailing newline - $stream5_tcp_engine = rtrim($stream5_tcp_engine); - } - - // Configure the Stream5 UDP engine if it and Stream5 reassembly are enabled - if ($snortcfg['stream5_track_udp'] == "off" || $snortcfg['stream5_reassembly'] == "off") - $stream5_udp_engine = ""; - else { - $stream5_udp_engine = "preprocessor stream5_udp: "; - if (!empty($snortcfg['stream5_udp_timeout'])) - $stream5_udp_engine .= "timeout {$snortcfg['stream5_udp_timeout']}"; - else - $stream5_udp_engine .= "timeout 30"; - } - - // Configure the Stream5 ICMP engine if it and Stream5 reassembly are enabled - if ($snortcfg['stream5_track_icmp'] == "on" && $snortcfg['stream5_reassembly'] == "on") { - $stream5_icmp_engine = "preprocessor stream5_icmp: "; - if (!empty($snortcfg['stream5_icmp_timeout'])) - $stream5_icmp_engine .= "timeout {$snortcfg['stream5_icmp_timeout']}"; - else - $stream5_icmp_engine .= "timeout 30"; - } - else - $stream5_icmp_engine = ""; - - // Check for and configure Host Attribute Table if enabled - $host_attrib_config = ""; - if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { - file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); - $host_attrib_config = "# Host Attribute Table #\n"; - $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; - if (!empty($snortcfg['max_attribute_hosts'])) - $host_attrib_config .= "config max_attribute_hosts: {$snortcfg['max_attribute_hosts']}\n"; - if (!empty($snortcfg['max_attribute_services_per_host'])) - $host_attrib_config .= "config max_attribute_services_per_host: {$snortcfg['max_attribute_services_per_host']}"; - } - - // Configure the HTTP_INSPECT preprocessor - // Get global options first and put into a string - $http_inspect_global = "preprocessor http_inspect: global "; - if ($snortcfg['http_inspect'] == "off") - $http_inspect_global .= "disabled "; - $http_inspect_global .= "\\\n\tiis_unicode_map unicode.map 1252 \\\n"; - $http_inspect_global .= "\tcompress_depth 65535 \\\n"; - $http_inspect_global .= "\tdecompress_depth 65535 \\\n"; - if (!empty($snortcfg['http_inspect_memcap'])) - $http_inspect_global .= "\tmemcap {$snortcfg['http_inspect_memcap']} \\\n"; - else - $http_inspect_global .= "\tmemcap 150994944 \\\n"; - if (!empty($snortcfg['http_inspect_max_gzip_mem'])) - $http_inspect_global .= "\tmax_gzip_mem {$snortcfg['http_inspect_max_gzip_mem']}"; - else - $http_inspect_global .= "\tmax_gzip_mem 838860"; - if ($snortcfg['http_inspect_proxy_alert'] == "on") - $http_inspect_global .= " \\\n\tproxy_alert"; - - $http_inspect_default_engine = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", - "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", - "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", - "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", - "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", - "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, - "max_header_length" => 0, "ports" => "default" ); - $http_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['http_ports'])); - $http_inspect_servers = ""; - - // Iterate configured HTTP_INSPECT servers and write them to string if HTTP_INSPECT enabled - if ($snortcfg['http_inspect'] <> "off") { - if (!is_array($snortcfg['http_inspect_engine']['item'])) - $snortcfg['http_inspect_engine']['item'] = array(); - - // If no http_inspect_engine is configured, use the default - if (empty($snortcfg['http_inspect_engine']['item'])) - $snortcfg['http_inspect_engine']['item'][] = $http_inspect_default_engine; - - foreach ($snortcfg['http_inspect_engine']['item'] as $f => $v) { - $buffer = "preprocessor http_inspect_server: \\\n"; - if ($v['name'] == "default") - $buffer .= "\tserver default \\\n"; - elseif (is_alias($v['bind_to'])) { - $tmp = trim(filter_expand_alias($v['bind_to'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $buffer .= "\tserver { {$tmp} } \\\n"; - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); - continue; - } - } - else { - log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); - continue; - } - $http_inspect_servers .= $buffer; - $http_inspect_servers .= "\tprofile {$v['server_profile']} \\\n"; - - if ($v['no_alerts'] == "on") - $http_inspect_servers .= "\tno_alerts \\\n"; - - if ($v['ports'] == "default" || empty($v['ports'])) - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - elseif (is_alias($v['ports'])) { - $tmp = trim(filter_expand_alias($v['ports'])); - if (!empty($tmp)) { - $tmp = preg_replace('/\s+/', ' ', $tmp); - $tmp = snort_expand_port_range($tmp, ' '); - $http_inspect_servers .= "\tports { {$tmp} } \\\n"; - } - else { - log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - } - } - else { - log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); - $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; - } - - $http_inspect_servers .= "\tserver_flow_depth {$v['server_flow_depth']} \\\n"; - $http_inspect_servers .= "\tclient_flow_depth {$v['client_flow_depth']} \\\n"; - $http_inspect_servers .= "\thttp_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \\\n"; - $http_inspect_servers .= "\tpost_depth {$v['post_depth']} \\\n"; - $http_inspect_servers .= "\tmax_headers {$v['max_headers']} \\\n"; - $http_inspect_servers .= "\tmax_header_length {$v['max_header_length']} \\\n"; - $http_inspect_servers .= "\tmax_spaces {$v['max_spaces']}"; - if ($v['enable_xff'] == "on") - $http_inspect_servers .= " \\\n\tenable_xff"; - if ($v['enable_cookie'] == "on") - $http_inspect_servers .= " \\\n\tenable_cookie"; - if ($v['normalize_cookies'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_cookies"; - if ($v['normalize_headers'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_headers"; - if ($v['normalize_utf'] == "on") - $http_inspect_servers .= " \\\n\tnormalize_utf"; - if ($v['allow_proxy_use'] == "on") - $http_inspect_servers .= " \\\n\tallow_proxy_use"; - if ($v['inspect_uri_only'] == "on") - $http_inspect_servers .= " \\\n\tinspect_uri_only"; - if ($v['extended_response_inspection'] == "on") { - $http_inspect_servers .= " \\\n\textended_response_inspection"; - if ($v['inspect_gzip'] == "on") { - $http_inspect_servers .= " \\\n\tinspect_gzip"; - if ($v['unlimited_decompress'] == "on") - $http_inspect_servers .= " \\\n\tunlimited_decompress"; - } - if ($v['normalize_javascript'] == "on") { - $http_inspect_servers .= " \\\n\tnormalize_javascript"; - $http_inspect_servers .= " \\\n\tmax_javascript_whitespaces {$v['max_javascript_whitespaces']}"; - } - } - if ($v['log_uri'] == "on") - $http_inspect_servers .= " \\\n\tlog_uri"; - if ($v['log_hostname'] == "on") - $http_inspect_servers .= " \\\n\tlog_hostname"; - - // Add a pair of trailing newlines to terminate this server config - $http_inspect_servers .= "\n\n"; - } - /* Trim off the final trailing newline */ - $http_inspect_server = rtrim($http_inspect_server); - } - - // Finally, build the Snort configuration file - $snort_conf_text = <<<EOD -# snort configuration file -# generated automatically by the pfSense subsystems do not modify manually - -# Define Local Network # -ipvar HOME_NET [{$home_net}] -ipvar EXTERNAL_NET [{$external_net}] - -# Define Rule Path # -var RULE_PATH {$snortcfgdir}/rules - -# Define Servers # -{$ipvardef} - -# Define Server Ports # -{$portvardef} - -# Configure quiet startup mode # -config quiet - -# Configure the snort decoder # -config checksum_mode: {$cksumcheck} -config disable_decode_alerts -config disable_tcpopt_experimental_alerts -config disable_tcpopt_obsolete_alerts -config disable_ttcp_alerts -config disable_tcpopt_alerts -config disable_ipopt_alerts -config disable_decode_drops - -# Enable the GTP decoder # -config enable_gtp - -# Configure PCRE match limitations -config pcre_match_limit: 3500 -config pcre_match_limit_recursion: 1500 - -# Configure the detection engine # -config detection: {$cfg_detect_settings} -config event_queue: max_queue 8 log 5 order_events content_length - -# Configure to show year in timestamps -config show_year - -# Configure protocol aware flushing # -# For more information see README.stream5 # -{$paf_max_pdu_config} - -# Configure dynamically loaded libraries -dynamicpreprocessor directory {$snort_dirs['dynamicpreprocessor']} -dynamicengine directory {$snort_dirs['dynamicengine']} -dynamicdetection directory {$snort_dirs['dynamicrules']} - -# Inline packet normalization. For more information, see README.normalize -# Disabled since we do not use "inline" mode with pfSense -# preprocessor normalize_ip4 -# preprocessor normalize_tcp: ips ecn stream -# preprocessor normalize_icmp4 -# preprocessor normalize_ip6 -# preprocessor normalize_icmp6 - -# Flow and stream # -{$frag3_global} - -{$frag3_engine} - -{$stream5_global} - -{$stream5_tcp_engine} - -{$stream5_udp_engine} - -{$stream5_icmp_engine} - -# HTTP Inspect # -{$http_inspect_global} - -{$http_inspect_servers} -{$snort_preprocessors} -{$host_attrib_config} - -# Snort Output Logs # -output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority -{$alertsystemlog_type} -{$snortunifiedlog_type} -{$spoink_type} - -# Misc Includes # -{$snort_misc_include_rules} - -{$suppress_file_name} - -# Snort user pass through configuration -{$snort_config_pass_thru} - -# Rules Selection # -{$selected_rules_sections} -EOD; - - // Write out snort.conf file - file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); - conf_mount_ro(); - unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); - unset($home_net, $external_net, $ipvardef, $portvardef); -} - -/*****************************************************************************/ -/* This starts the actual post-install code */ -/*****************************************************************************/ +$flowbit_rules_file = FLOWBITS_FILENAME; +$snort_enforcing_rules_file = SNORT_ENFORCING_RULES_FILENAME; /* Hard kill any running Snort processes that may have been started by any */ /* of the pfSense scripts such as check_reload_status() or rc.start_packages */ @@ -1376,29 +57,33 @@ if(is_process_running("snort")) { exec("/usr/bin/killall -z snort"); sleep(2); // Delete any leftover snort PID files in /var/run - unlink_if_exists("/var/run/snort_*.pid"); + unlink_if_exists("{$g['varrun_path']}/snort_*.pid"); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { exec("/usr/bin/killall -z barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - unlink_if_exists("/var/run/barnyard2_*.pid"); + unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); } /* Set flag for post-install in progress */ $g['snort_postinstall'] = true; +/* Set conf partition to read-write so we can make changes there */ +conf_mount_rw(); + /* cleanup default files */ @rename("{$snortdir}/snort.conf-sample", "{$snortdir}/snort.conf"); @rename("{$snortdir}/threshold.conf-sample", "{$snortdir}/threshold.conf"); @rename("{$snortdir}/sid-msg.map-sample", "{$snortdir}/sid-msg.map"); @rename("{$snortdir}/unicode.map-sample", "{$snortdir}/unicode.map"); +@rename("{$snortdir}/file_magic.conf-sample", "{$snortdir}/file_magic.conf"); @rename("{$snortdir}/classification.config-sample", "{$snortdir}/classification.config"); @rename("{$snortdir}/generators-sample", "{$snortdir}/generators"); @rename("{$snortdir}/reference.config-sample", "{$snortdir}/reference.config"); @rename("{$snortdir}/gen-msg.map-sample", "{$snortdir}/gen-msg.map"); -@rename("{$snortdir}/attribute_table.dtd-sample", "{$snortdir}/attribute_table.dtd"); +//@rename("{$snortdir}/attribute_table.dtd-sample", "{$snortdir}/attribute_table.dtd"); /* fix up the preprocessor rules filenames from a PBI package install */ $preproc_rules = array("decoder.rules", "preprocessor.rules", "sensitive-data.rules"); @@ -1408,13 +93,15 @@ foreach ($preproc_rules as $file) { } /* Remove any previously installed scripts since we rebuild them */ -@unlink("{$snortdir}/sid"); -@unlink("{$rcdir}/snort.sh"); -@unlink("{$rcdir}/barnyard2"); +unlink_if_exists("{$snortdir}/sid"); +unlink_if_exists("{$rcdir}snort.sh"); +unlink_if_exists("{$rcdir}barnyard2"); /* Create required log and db directories in /var */ safe_mkdir(SNORTLOGDIR); -safe_mkdir(IPREP_PATH); +safe_mkdir(SNORT_IPREP_PATH); +safe_mkdir(SNORT_SID_MODS_PATH); +safe_mkdir(SNORT_APPID_ODP_PATH); /* If installed, absorb the Snort Dashboard Widget into this package */ /* by removing it as a separately installed package. */ @@ -1423,7 +110,6 @@ if ($pkgid >= 0) { log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); unset($config['installedpackages']['package'][$pkgid]); unlink_if_exists("/usr/local/pkg/widget-snort.xml"); - write_config("Snort pkg: removed legacy Snort Dashboard Widget."); } /* Define a default Dashboard Widget Container for Snort */ @@ -1433,29 +119,87 @@ $snort_widget_container = "snort_alerts-container:col2:close"; if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); + + /****************************************************************/ + /* Do test and fix for duplicate UUIDs if this install was */ + /* impacted by the DUP (clone) bug that generated a duplicate */ + /* UUID for the cloned interface. */ + /****************************************************************/ + if (count($config['installedpackages']['snortglobal']['rule']) > 0) { + $uuids = array(); + $fixed_duplicate = FALSE; + $snortconf = &$config['installedpackages']['snortglobal']['rule']; + foreach ($snortconf as &$snortcfg) { + // Check for and fix a duplicate UUID + $if_real = get_real_interface($snortcfg['interface']); + if (!isset($uuids[$snortcfg['uuid']])) { + $uuids[$snortcfg['uuid']] = $if_real; + continue; + } + else { + // Found a duplicate UUID, so generate a + // new one for the affected interface. + $old_uuid = $snortcfg['uuid']; + $new_uuid = snort_generate_id(); + if (file_exists("{$snortlogdir}snort_{$if_real}{$old_uuid}/")) + @rename("{$snortlogdir}snort_{$if_real}{$old_uuid}/", "{$snortlogdir}snort_{$if_real}{$new_uuid}/"); + $snortcfg['uuid'] = $new_uuid; + $uuids[$new_uuid] = $if_real; + log_error(gettext("[Snort] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); + $fixed_duplicate = TRUE; + } + } + unset($uuids); + } + /****************************************************************/ + /* End of duplicate UUID bug fix. */ + /****************************************************************/ + /* Do one-time settings migration for new multi-engine configurations */ update_output_window(gettext("Please wait... migrating settings to new configuration...")); - include('/usr/local/www/snort/snort_migrate_config.php'); + include('/usr/local/pkg/snort/snort_migrate_config.php'); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Snort] Downloading and updating configured rule types...")); - update_output_window(gettext("Please wait... downloading and updating configured rule types...")); + update_output_window(gettext("Please wait... downloading and updating configured rule sets...")); if ($pkg_interface <> "console") $snort_gui_include = true; - include('/usr/local/www/snort/snort_check_for_rule_updates.php'); + include('/usr/local/pkg/snort/snort_check_for_rule_updates.php'); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = true; + conf_mount_rw(); /* Create the snort.conf files for each enabled interface */ $snortconf = $config['installedpackages']['snortglobal']['rule']; - foreach ($snortconf as $value) { - $if_real = get_real_interface($value['interface']); + foreach ($snortconf as $snortcfg) { + $if_real = get_real_interface($snortcfg['interface']); + $snort_uuid = $snortcfg['uuid']; + $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; + update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); + + // Pull in the PHP code that generates the snort.conf file + // variables that will be substituted further down below. + include("/usr/local/pkg/snort/snort_generate_conf.php"); + + // Pull in the boilerplate template for the snort.conf + // configuration file. The contents of the template along + // with substituted variables are stored in $snort_conf_text + // (which is defined in the included file). + include("/usr/local/pkg/snort/snort_conf_template.inc"); - /* create a snort.conf file for interface */ - snort_build_new_conf($value); + // Now write out the conf file using $snort_conf_text contents + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + unset($snort_conf_text); - /* create barnyard2.conf file for interface */ - if ($value['barnyard_enable'] == 'on') - snort_generate_barnyard2_conf($value, $if_real); + // Create the actual rules files and save them in the interface directory + snort_prepare_rule_files($snortcfg, $snortcfgdir); + + // Clean up variables we no longer need and free memory + unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); + unset($home_net, $external_net, $ipvardef, $portvardef); + + // Create barnyard2.conf file for interface + if ($snortcfg['barnyard_enable'] == 'on') + snort_generate_barnyard2_conf($snortcfg, $if_real); } /* create snort bootup file snort.sh */ @@ -1466,36 +210,40 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false); snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false); - /* Add the recurring jobs created above to crontab */ - configure_cron(); - /* Restore the last Snort Dashboard Widget setting if none is set */ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget']; $rebuild_rules = false; - update_output_window(gettext("Finished rebuilding Snort configuration files...")); + if ($pkg_interface <> "console") + update_output_window(gettext("Finished rebuilding Snort configuration files...")); log_error(gettext("[Snort] Finished rebuilding installation from saved settings...")); /* Only try to start Snort if not in reboot */ - if (!$g['booting']) { - update_status(gettext("Starting Snort using rebuilt configuration...")); - update_output_window(gettext("Please wait... while Snort is started...")); - log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); - start_service("snort"); - update_output_window(gettext("Snort has been started using the rebuilt configuration...")); + if (!($g['booting'])) { + if ($pkg_interface <> "console") { + update_status(gettext("Starting Snort using rebuilt configuration...")); + update_output_window(gettext("Please wait while Snort is started...")); + mwexec("{$rcdir}snort.sh start"); + update_output_window(gettext("Snort has been started using the rebuilt configuration...")); + } + else + mwexec_bg("{$rcdir}snort.sh start"); } } +/* We're finished with conf partition mods, return to read-only */ +conf_mount_ro(); + /* If an existing Snort Dashboard Widget container is not found, */ /* then insert our default Widget Dashboard container. */ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; -write_config("Snort pkg: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2"; +write_config("Snort pkg v3.2: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 5cee95df..9f6879ef 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -117,16 +117,64 @@ if (isset($id) && isset($a_nat[$id])) { if (empty($pconfig['smtp_preprocessor'])) $pconfig['smtp_preprocessor'] = 'on'; + if (empty($pconfig['smtp_memcap'])) + $pconfig['smtp_memcap'] = "838860"; + if (empty($pconfig['smtp_max_mime_mem'])) + $pconfig['smtp_max_mime_mem'] = "838860"; + if (empty($pconfig['smtp_b64_decode_depth'])) + $pconfig['smtp_b64_decode_depth'] = "0"; + if (empty($pconfig['smtp_qp_decode_depth'])) + $pconfig['smtp_qp_decode_depth'] = "0"; + if (empty($pconfig['smtp_bitenc_decode_depth'])) + $pconfig['smtp_bitenc_decode_depth'] = "0"; + if (empty($pconfig['smtp_uu_decode_depth'])) + $pconfig['smtp_uu_decode_depth'] = "0"; + if (empty($pconfig['smtp_email_hdrs_log_depth']) && $pconfig['smtp_email_hdrs_log_depth'] != '0') + $pconfig['smtp_email_hdrs_log_depth'] = "1464"; + if (empty($pconfig['smtp_ignore_tls_data'])) + $pconfig['smtp_ignore_tls_data'] = 'on'; + if (empty($pconfig['smtp_log_mail_from'])) + $pconfig['smtp_log_mail_from'] = 'on'; + if (empty($pconfig['smtp_log_rcpt_to'])) + $pconfig['smtp_log_rcpt_to'] = 'on'; + if (empty($pconfig['smtp_log_filename'])) + $pconfig['smtp_log_filename'] = 'on'; + if (empty($pconfig['smtp_log_email_hdrs'])) + $pconfig['smtp_log_email_hdrs'] = 'on'; + if (empty($pconfig['dce_rpc_2'])) $pconfig['dce_rpc_2'] = 'on'; if (empty($pconfig['dns_preprocessor'])) $pconfig['dns_preprocessor'] = 'on'; if (empty($pconfig['ssl_preproc'])) $pconfig['ssl_preproc'] = 'on'; + if (empty($pconfig['pop_preproc'])) $pconfig['pop_preproc'] = 'on'; + if (empty($pconfig['pop_memcap'])) + $pconfig['pop_memcap'] = "838860"; + if (empty($pconfig['pop_b64_decode_depth'])) + $pconfig['pop_b64_decode_depth'] = "0"; + if (empty($pconfig['pop_qp_decode_depth'])) + $pconfig['pop_qp_decode_depth'] = "0"; + if (empty($pconfig['pop_bitenc_decode_depth'])) + $pconfig['pop_bitenc_decode_depth'] = "0"; + if (empty($pconfig['pop_uu_decode_depth'])) + $pconfig['pop_uu_decode_depth'] = "0"; + if (empty($pconfig['imap_preproc'])) $pconfig['imap_preproc'] = 'on'; + if (empty($pconfig['imap_memcap'])) + $pconfig['imap_memcap'] = "838860"; + if (empty($pconfig['imap_b64_decode_depth'])) + $pconfig['imap_b64_decode_depth'] = "0"; + if (empty($pconfig['imap_qp_decode_depth'])) + $pconfig['imap_qp_decode_depth'] = "0"; + if (empty($pconfig['imap_bitenc_decode_depth'])) + $pconfig['imap_bitenc_decode_depth'] = "0"; + if (empty($pconfig['imap_uu_decode_depth'])) + $pconfig['imap_uu_decode_depth'] = "0"; + if (empty($pconfig['sip_preproc'])) $pconfig['sip_preproc'] = 'on'; if (empty($pconfig['other_preprocs'])) @@ -192,12 +240,22 @@ $disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; // Check for returned "selected alias" if action is import if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['sf_portscan'] = htmlspecialchars($_GET['sf_portscan'])? 'on' : 'off'; + $pconfig['pscan_ignore_scanners'] = htmlspecialchars($_GET['pscan_ignore_scanners']); + $pconfig['pscan_protocol'] = htmlspecialchars($_GET['pscan_protocol']); + $pconfig['pscan_type'] = htmlspecialchars($_GET['pscan_type']); + $pconfig['pscan_memcap'] = htmlspecialchars($_GET['pscan_memcap']); + $pconfig['pscan_sense_level'] = htmlspecialchars($_GET['pscan_sense_level']); + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } // Handle deleting of any of the multiple configuration engines if ($_POST['del_http_inspect']) { - if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) { + if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]); write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#httpinspect_row"); @@ -270,6 +328,23 @@ if ($_POST['ResetAll']) { $pconfig['ftp_telnet_detect_anomalies'] = "on"; $pconfig['ftp_telnet_ayt_attack_threshold'] = "20"; $pconfig['smtp_preprocessor'] = "on"; + $pconfig['smtp_memcap'] = "838860"; + $pconfig['smtp_max_mime_mem'] = "838860"; + $pconfig['smtp_b64_decode_depth'] = "0"; + $pconfig['smtp_qp_decode_depth'] = "0"; + $pconfig['smtp_bitenc_decode_depth'] = "0"; + $pconfig['smtp_uu_decode_depth'] = "0"; + $pconfig['smtp_email_hdrs_log_depth'] = "1464"; + $pconfig['smtp_ignore_data'] = 'off'; + $pconfig['smtp_ignore_tls_data'] = 'on'; + $pconfig['smtp_log_mail_from'] = 'on'; + $pconfig['smtp_log_rcpt_to'] = 'on'; + $pconfig['smtp_log_filename'] = 'on'; + $pconfig['smtp_log_email_hdrs'] = 'on'; + $pconfig['appid_preproc'] = "off"; + $pconfig['sf_appid_mem_cap'] = "256"; + $pconfig['sf_appid_statslog'] = "on"; + $pconfig['sf_appid_stats_period'] = "300"; $pconfig['sf_portscan'] = "off"; $pconfig['pscan_protocol'] = "all"; $pconfig['pscan_type'] = "all"; @@ -284,7 +359,17 @@ if ($_POST['ResetAll']) { $pconfig['sdf_mask_output'] = "off"; $pconfig['ssl_preproc'] = "on"; $pconfig['pop_preproc'] = "on"; + $pconfig['pop_memcap'] = "838860"; + $pconfig['pop_b64_decode_depth'] = "0"; + $pconfig['pop_qp_decode_depth'] = "0"; + $pconfig['pop_bitenc_decode_depth'] = "0"; + $pconfig['pop_uu_decode_depth'] = "0"; $pconfig['imap_preproc'] = "on"; + $pconfig['imap_memcap'] = "838860"; + $pconfig['imap_b64_decode_depth'] = "0"; + $pconfig['imap_qp_decode_depth'] = "0"; + $pconfig['imap_bitenc_decode_depth'] = "0"; + $pconfig['imap_uu_decode_depth'] = "0"; $pconfig['sip_preproc'] = "on"; $pconfig['dnp3_preproc'] = "off"; $pconfig['modbus_preproc'] = "off"; @@ -312,6 +397,60 @@ if ($_POST['save']) { $input_errors[] = gettext("You must select at least one sensitive data type to inspect for when Sensitive Data detection is enabled."); } + // Validate POP3 parameter values if POP3 Decoder is enabled + if ($_POST['pop_preproc'] == 'on') { + if ($_POST['pop_memcap'] < 3276 || $_POST['pop_memcap'] > 104857600) + $input_errors[] = gettext("The value for POP3 Decoder Memory Cap must be between 3,276 and 104,857,600."); + if ($_POST['pop_b64_decode_depth'] < -1 || $_POST['pop_b64_decode_depth'] > 65535) + $input_errors[] = gettext("The value for POP3 Decoder Base64 Decode Depth must be between -1 and 65,535."); + if ($_POST['pop_qp_decode_depth'] < -1 || $_POST['pop_qp_decode_depth'] > 65535) + $input_errors[] = gettext("The value for POP3 Decoder Quoted-Printable (QP) Decode Depth must be between -1 and 65,535."); + if ($_POST['pop_bitenc_decode_depth'] < -1 || $_POST['pop_bitenc_decode_depth'] > 65535) + $input_errors[] = gettext("The value for POP3 Decoder Non-Encoded MIME Extraction Depth must be between -1 and 65,535."); + if ($_POST['pop_uu_decode_depth'] < -1 || $_POST['pop_uu_decode_depth'] > 65535) + $input_errors[] = gettext("The value for POP3 Decoder Unix-to-Unix (UU) Decode Depth must be between -1 and 65,535."); + } + + // Validate IMAP parameter values if IMAP Decoder is enabled + if ($_POST['imap_preproc'] == 'on') { + if ($_POST['imap_memcap'] < 3276 || $_POST['imap_memcap'] > 104857600) + $input_errors[] = gettext("The value for IMAP Decoder Memory Cap must be between 3,276 and 104,857,600."); + if ($_POST['imap_b64_decode_depth'] < -1 || $_POST['imap_b64_decode_depth'] > 65535) + $input_errors[] = gettext("The value for IMAP Decoder Base64 Decode Depth must be between -1 and 65,535."); + if ($_POST['imap_qp_decode_depth'] < -1 || $_POST['imap_qp_decode_depth'] > 65535) + $input_errors[] = gettext("The value for IMAP Decoder Quoted-Printable (QP) Decode Depth must be between -1 and 65,535."); + if ($_POST['imap_bitenc_decode_depth'] < -1 || $_POST['imap_bitenc_decode_depth'] > 65535) + $input_errors[] = gettext("The value for IMAP Decoder Non-Encoded MIME Extraction Depth must be between -1 and 65,535."); + if ($_POST['imap_uu_decode_depth'] < -1 || $_POST['imap_uu_decode_depth'] > 65535) + $input_errors[] = gettext("The value for IMAP Decoder Unix-to-Unix (UU) Decode Depth must be between -1 and 65,535."); + } + + // Validate SMTP parameter values if SMTP Decoder is enabled + if ($_POST['smtp_preprocessor'] == 'on') { + if ($_POST['smtp_memcap'] < 3276 || $_POST['smtp_memcap'] > 104857600) + $input_errors[] = gettext("The value for SMTP Decoder Memory Cap must be between 3,276 and 104,857,600."); + if ($_POST['smtp_max_mime_mem'] < 3276 || $_POST['smtp_max_mime_mem'] > 104857600) + $input_errors[] = gettext("The value for SMTP Decoder Maximum MIME Memory must be between 3,276 and 104,857,600."); + if ($_POST['smtp_b64_decode_depth'] < -1 || $_POST['smtp_b64_decode_depth'] > 65535) + $input_errors[] = gettext("The value for SMTP Decoder Base64 Decode Depth must be between -1 and 65,535."); + if ($_POST['smtp_qp_decode_depth'] < -1 || $_POST['smtp_qp_decode_depth'] > 65535) + $input_errors[] = gettext("The value for SMTP Decoder Quoted-Printable (QP) Decode Depth must be between -1 and 65,535."); + if ($_POST['smtp_bitenc_decode_depth'] < -1 || $_POST['smtp_bitenc_decode_depth'] > 65535) + $input_errors[] = gettext("The value for SMTP Decoder Non-Encoded MIME Extraction Depth must be between -1 and 65,535."); + if ($_POST['smtp_uu_decode_depth'] < -1 || $_POST['smtp_uu_decode_depth'] > 65535) + $input_errors[] = gettext("The value for SMTP Decoder Unix-to-Unix (UU) Decode Depth must be between -1 and 65,535."); + if ($_POST['smtp_email_hdrs_log_depth'] < 0 || $_POST['smtp_email_hdrs_log_depth'] > 20480) + $input_errors[] = gettext("The value for SMTP Decoder E-Mail Headers Log Depth must be between 0 and 20,480."); + } + + // Validate AppID parameter values if AppID Detector is enabled + if ($_POST['appid_preproc'] == 'on') { + if ($_POST['sf_appid_mem_cap'] < 32 || $_POST['sf_appid_mem_cap'] > 3000) + $input_errors[] = gettext("The value for Application ID Memory Cap must be between 32 and 3000."); + if ($_POST['sf_appid_stats_period'] < 60 || $_POST['sf_appid_stats_period'] > 3600) + $input_errors[] = gettext("The value for Application ID Stats Period must be between 60 and 3600."); + } + /* if no errors write to conf */ if (!$input_errors) { /* post new options */ @@ -337,6 +476,25 @@ if ($_POST['save']) { if ($_POST['ftp_telnet_inspection_type'] != "") { $natent['ftp_telnet_inspection_type'] = $_POST['ftp_telnet_inspection_type']; }else{ $natent['ftp_telnet_inspection_type'] = "stateful"; } if ($_POST['ftp_telnet_ayt_attack_threshold'] != "") { $natent['ftp_telnet_ayt_attack_threshold'] = $_POST['ftp_telnet_ayt_attack_threshold']; }else{ $natent['ftp_telnet_ayt_attack_threshold'] = "20"; } if ($_POST['sdf_alert_threshold'] != "") { $natent['sdf_alert_threshold'] = $_POST['sdf_alert_threshold']; }else{ $natent['sdf_alert_threshold'] = "25"; } + if ($_POST['pop_memcap'] != "") { $natent['pop_memcap'] = $_POST['pop_memcap']; }else{ $natent['pop_memcap'] = "838860"; } + if ($_POST['pop_b64_decode_depth'] != "") { $natent['pop_b64_decode_depth'] = $_POST['pop_b64_decode_depth']; }else{ $natent['pop_b64_decode_depth'] = "0"; } + if ($_POST['pop_qp_decode_depth'] != "") { $natent['pop_qp_decode_depth'] = $_POST['pop_qp_decode_depth']; }else{ $natent['pop_qp_decode_depth'] = "0"; } + if ($_POST['pop_bitenc_decode_depth'] != "") { $natent['pop_bitenc_decode_depth'] = $_POST['pop_bitenc_decode_depth']; }else{ $natent['pop_bitenc_decode_depth'] = "0"; } + if ($_POST['pop_uu_decode_depth'] != "") { $natent['pop_uu_decode_depth'] = $_POST['pop_uu_decode_depth']; }else{ $natent['pop_uu_decode_depth'] = "0"; } + if ($_POST['imap_memcap'] != "") { $natent['imap_memcap'] = $_POST['imap_memcap']; }else{ $natent['imap_memcap'] = "838860"; } + if ($_POST['imap_b64_decode_depth'] != "") { $natent['imap_b64_decode_depth'] = $_POST['imap_b64_decode_depth']; }else{ $natent['imap_b64_decode_depth'] = "0"; } + if ($_POST['imap_qp_decode_depth'] != "") { $natent['imap_qp_decode_depth'] = $_POST['imap_qp_decode_depth']; }else{ $natent['imap_qp_decode_depth'] = "0"; } + if ($_POST['imap_bitenc_decode_depth'] != "") { $natent['imap_bitenc_decode_depth'] = $_POST['imap_bitenc_decode_depth']; }else{ $natent['imap_bitenc_decode_depth'] = "0"; } + if ($_POST['imap_uu_decode_depth'] != "") { $natent['imap_uu_decode_depth'] = $_POST['imap_uu_decode_depth']; }else{ $natent['imap_uu_decode_depth'] = "0"; } + if ($_POST['smtp_memcap'] != "") { $natent['smtp_memcap'] = $_POST['smtp_memcap']; }else{ $natent['smtp_memcap'] = "838860"; } + if ($_POST['smtp_max_mime_mem'] != "") { $natent['smtp_max_mime_mem'] = $_POST['smtp_max_mime_mem']; }else{ $natent['smtp_max_mime_mem'] = "838860"; } + if ($_POST['smtp_b64_decode_depth'] != "") { $natent['smtp_b64_decode_depth'] = $_POST['smtp_b64_decode_depth']; }else{ $natent['smtp_b64_decode_depth'] = "0"; } + if ($_POST['smtp_qp_decode_depth'] != "") { $natent['smtp_qp_decode_depth'] = $_POST['smtp_qp_decode_depth']; }else{ $natent['smtp_qp_decode_depth'] = "0"; } + if ($_POST['smtp_bitenc_decode_depth'] != "") { $natent['smtp_bitenc_decode_depth'] = $_POST['smtp_bitenc_decode_depth']; }else{ $natent['smtp_bitenc_decode_depth'] = "0"; } + if ($_POST['smtp_uu_decode_depth'] != "") { $natent['smtp_uu_decode_depth'] = $_POST['smtp_uu_decode_depth']; }else{ $natent['smtp_uu_decode_depth'] = "0"; } + if ($_POST['smtp_email_hdrs_log_depth'] != "") { $natent['smtp_email_hdrs_log_depth'] = $_POST['smtp_email_hdrs_log_depth']; }else{ $natent['smtp_email_hdrs_log_depth'] = "1464"; } + if ($_POST['sf_appid_mem_cap'] != "") { $natent['sf_appid_mem_cap'] = $_POST['sf_appid_mem_cap']; }else{ $natent['sf_appid_mem_cap'] = "256"; } + if ($_POST['sf_appid_stats_period'] != "") { $natent['sf_appid_stats_period'] = $_POST['sf_appid_stats_period']; }else{ $natent['sf_appid_stats_period'] = "300"; } // Set SDF inspection types $natent['sdf_alert_data_type'] = implode(",",$_POST['sdf_alert_data_type']); @@ -352,6 +510,13 @@ if ($_POST['save']) { $natent['ftp_telnet_normalize'] = $_POST['ftp_telnet_normalize'] ? 'on' : 'off'; $natent['ftp_telnet_detect_anomalies'] = $_POST['ftp_telnet_detect_anomalies'] ? 'on' : 'off'; $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; + $natent['smtp_ignore_data'] = $_POST['smtp_ignore_data'] ? 'on' : 'off'; + $natent['smtp_ignore_tls_data'] = $_POST['smtp_ignore_tls_data'] ? 'on' : 'off'; + $natent['smtp_log_mail_from'] = $_POST['smtp_log_mail_from'] ? 'on' : 'off'; + $natent['smtp_log_rcpt_to'] = $_POST['smtp_log_rcpt_to'] ? 'on' : 'off'; + $natent['smtp_log_filename'] = $_POST['smtp_log_filename'] ? 'on' : 'off'; + $natent['smtp_log_email_hdrs'] = $_POST['smtp_log_email_hdrs'] ? 'on' : 'off'; + $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; @@ -374,6 +539,8 @@ if ($_POST['save']) { $natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off'; $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; + $natent['appid_preproc'] = $_POST['appid_preproc'] ? 'on' : 'off'; + $natent['sf_appid_statslog'] = $_POST['sf_appid_statslog'] ? 'on' : 'off'; if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; @@ -385,7 +552,9 @@ if ($_POST['save']) { /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($natent); + conf_mount_ro(); $rebuild_rules = false; /* If 'preproc_auto_rule_disable' is off, then clear log file */ @@ -497,7 +666,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; @@ -510,6 +681,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -529,14 +701,14 @@ if ($savemsg) { <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Performance Stats"); ?></td> <td width="78%" class="vtable"><input name="perform_stat" type="checkbox" value="on" - <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>> + <?php if ($pconfig['perform_stat']=="on") echo "checked"; ?>/> <?php echo gettext("Collect Performance Statistics for this interface."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Protect Customized Preprocessor Rules"); ?></td> <td width="78%" class="vtable"><input name="protect_preproc_rules" type="checkbox" value="on" <?php if ($pconfig['protect_preproc_rules']=="on") echo "checked "; - if ($vrt_enabled <> 'on') echo "disabled"; ?>> + if ($vrt_enabled <> 'on') echo "disabled"; ?>/> <?php echo gettext("Check this box if you maintain customized preprocessor text rules files for this interface."); ?> <table width="100%" border="0" cellpadding="2" cellpadding="2"> <tr> @@ -553,7 +725,7 @@ if ($savemsg) { <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Rule Disable"); ?></td> <td width="78%" class="vtable"><input name="preproc_auto_rule_disable" type="checkbox" value="on" - <?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>> + <?php if ($pconfig['preproc_auto_rule_disable']=="on") echo "checked"; ?>/> <?php echo gettext("Auto-disable text rules dependent on disabled preprocessors for this interface. "); echo gettext("Default is ") . '<strong>' . gettext("Not Checked"); ?></strong>.<br/> <table width="100%" border="0" cellpadding="2" cellpadding="2"> @@ -583,7 +755,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td> <td width="78%" class="vtable"><input name="host_attribute_table" type="checkbox" value="on" id="host_attribute_table" onclick="host_attribute_table_enable_change();" - <?php if ($pconfig['host_attribute_table']=="on") echo "checked"; ?>> + <?php if ($pconfig['host_attribute_table']=="on") echo "checked"; ?>/> <?php echo gettext("Use a Host Attribute Table file to auto-configure applicable preprocessors. " . "Default is "); ?><strong><?php echo gettext("Not Checked"); ?></strong>.</td> </tr> @@ -667,7 +839,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td> <td width="78%" class="vtable"><input name="http_inspect" type="checkbox" value="on" id="http_inspect" onclick="http_inspect_enable_change();" - <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked";?>> + <?php if ($pconfig['http_inspect']=="on" || empty($pconfig['http_inspect'])) echo "checked";?>/> <?php echo gettext("Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies. Default is ");?> <strong><?php echo gettext("Checked"); ?></strong>.</td> </tr> @@ -675,7 +847,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Proxy Alert"); ?></td> <td width="78%" class="vtable"><input name="http_inspect_proxy_alert" type="checkbox" value="on" id="http_inspect_proxy_alert" - <?php if ($pconfig['http_inspect_proxy_alert']=="on") echo "checked";?>> + <?php if ($pconfig['http_inspect_proxy_alert']=="on") echo "checked";?>/> <?php echo gettext("Enable global alerting on HTTP server proxy usage. Default is ");?> <strong><?php echo gettext("Not Checked"); ?></strong>.<br/><br/><span class="red"><strong> <?php echo gettext("Note: ") . "</strong></span>" . gettext("By adding Server Configurations below and enabling " . @@ -760,7 +932,7 @@ if ($savemsg) { <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable");?></td> <td width="78%" class="vtable"><input name="frag3_detection" type="checkbox" value="on" onclick="frag3_enable_change();" - <?php if ($pconfig['frag3_detection']=="on") echo "checked";?>> + <?php if ($pconfig['frag3_detection']=="on") echo "checked";?>/> <?php echo gettext("Use Frag3 Engine to detect IDS evasion attempts via target-based IP packet fragmentation. Default is ") . "<strong>" . gettext("Checked") . "</strong>.";?></td> </tr> @@ -828,14 +1000,14 @@ if ($savemsg) { <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td> <td width="78%" class="vtable"><input name="stream5_reassembly" type="checkbox" value="on" onclick="stream5_enable_change();" - <?php if ($pconfig['stream5_reassembly']=="on") echo "checked"; ?>> + <?php if ($pconfig['stream5_reassembly']=="on") echo "checked"; ?>/> <?php echo gettext("Use Stream5 session reassembly for TCP, UDP and/or ICMP traffic. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr id="stream5_flushonalert_row"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Flush On Alert"); ?></td> <td width="78%" class="vtable"><input name="stream5_flush_on_alert" type="checkbox" value="on" - <?php if ($pconfig['stream5_flush_on_alert']=="on") echo "checked"; ?>> + <?php if ($pconfig['stream5_flush_on_alert']=="on") echo "checked"; ?>/> <?php echo gettext("Flush a TCP stream when an alert is generated on that stream. Default is ") . "<strong>" . gettext("Not Checked") . "</strong><br/><span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("This parameter is for backwards compatibility.");?></td> @@ -979,6 +1151,53 @@ if ($savemsg) { </table> </td> </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Application ID Detection"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td> + <td width="78%" class="vtable"><input name="appid_preproc" onclick="appid_preproc_enable_change();" + type="checkbox" value="on" id="appid_preproc" + <?php if ($pconfig['appid_preproc']=="on") echo "checked"; ?>/> + <?php echo gettext("Use OpenAppID to detect various applications. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td> + </tr> + <tbody id="appid_rows"> + <tr> + <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td> + <td class="vtable"> + <input name="sf_appid_mem_cap" type="text" class="formfld unknown" id="sf_appid_mem_cap" size="9" + value="<?=htmlspecialchars($pconfig['sf_appid_mem_cap']);?>"> + <?php echo gettext("Memory for App ID structures. Min is ") . "<strong>" . gettext("32") . "</strong>" . + gettext(" (32 MB) and Max is ") . "<strong>" . gettext("3000") . "</strong>" . + gettext(" (3 GB) bytes.");?><br/> + <?php echo gettext("The memory cap in megabytes used by AppID internal structures " . + "in RAM. Default value is ") . "<strong>" . gettext("256") . "</strong>" . gettext(" (256 MB)."); ?><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("AppID Stats Logging"); ?></td> + <td width="78%" class="vtable"> + <input name="sf_appid_statslog" type="checkbox" value="on" id="sf_appid_statslog" + <?php if ($pconfig['sf_appid_statslog']=="on") echo "checked"; ?>/> + <?php echo gettext("Enable OpenAppID statistics logging. Default is ") . + "<strong>" . gettext("Checked") . "</strong>" . gettext("."); ?><br/><br/> + <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("log size and retention limits for AppID Stats Logging") . + gettext(" can be set on the ") . "<a href='/snort/snort_log_mgmt.php'>" . gettext("LOG MGMT") . "</a>" . gettext(" tab.");?> </td> + </tr> + <tr> + <td valign="top" class="vncell"><?php echo gettext("AppID Stats Period"); ?></td> + <td class="vtable"> + <input name="sf_appid_stats_period" type="text" class="formfld unknown" id="sf_appid_stats_period" size="9" + value="<?=htmlspecialchars($pconfig['sf_appid_stats_period']);?>"> + <?php echo gettext("Bucket size in seconds for AppID stats. Min is ") . "<strong>" . gettext("60") . "</strong>" . + gettext(" (1 minute) and Max is ") . "<strong>" . gettext("3600") . "</strong>" . gettext(" (1 hour).");?><br/> + <?php echo gettext("The bucket size in seconds used to collecxt AppID statistics. " . + "Default value is ") . "<strong>" . gettext("300") . "</strong>" . gettext(" (5 minutes)."); ?><br/> + </td> + </tr> + </tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Detection"); ?></td> </tr> @@ -986,7 +1205,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?></td> <td width="78%" class="vtable"><input name="sf_portscan" onclick="sf_portscan_enable_change();" type="checkbox" value="on" id="sf_portscan" - <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>> + <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?>/> <?php echo gettext("Use Portscan Detection to detect various types of port scans and sweeps. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td> </tr> @@ -1094,7 +1313,7 @@ if ($savemsg) { value="<?=$pconfig['pscan_ignore_scanners'];?>" title="<?=trim(filter_expand_alias($pconfig['pscan_ignore_scanners']));?>"> <?php echo gettext("Leave blank for default. ") . gettext("Default value is ") . "<strong>" . gettext("\$HOME_NET") . "</strong>"; ?>.</td> <td class="vexpl" align="right"> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=<?=$id;?>&type=host|network&varname=pscan_ignore_scanners&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -1131,14 +1350,14 @@ if ($savemsg) { <tr id="ftp_telnet_row_encrypted_check"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Check Encrypted Traffic"); ?></td> <td width="78%" class="vtable"><input name="ftp_telnet_check_encrypted" type="checkbox" value="on" - <?php if ($pconfig['ftp_telnet_check_encrypted']=="on") echo "checked"; ?>> + <?php if ($pconfig['ftp_telnet_check_encrypted']=="on") echo "checked"; ?>/> <?php echo gettext("Continue to check an encrypted session for subsequent command to cease encryption. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr id="ftp_telnet_row_encrypted_alert"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert on Encrypted Commands"); ?></td> <td width="78%" class="vtable"><input name="ftp_telnet_alert_encrypted" type="checkbox" value="on" - <?php if ($pconfig['ftp_telnet_alert_encrypted']=="on") echo "checked"; ?>> + <?php if ($pconfig['ftp_telnet_alert_encrypted']=="on") echo "checked"; ?>/> <?php echo gettext("Alert on encrypted FTP and Telnet command channels. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.</td> </tr> @@ -1148,14 +1367,14 @@ if ($savemsg) { <tr id="ftp_telnet_row_normalize"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Normalization"); ?></td> <td width="78%" class="vtable"><input name="ftp_telnet_normalize" type="checkbox" value="on" - <?php if ($pconfig['ftp_telnet_normalize']=="on") echo "checked"; ?>> + <?php if ($pconfig['ftp_telnet_normalize']=="on") echo "checked"; ?>/> <?php echo gettext("Normalize Telnet traffic by eliminating Telnet escape sequences. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr id="ftp_telnet_row_detect_anomalies"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Detect Anomalies"); ?></td> <td width="78%" class="vtable"><input name="ftp_telnet_detect_anomalies" type="checkbox" value="on" - <?php if ($pconfig['ftp_telnet_detect_anomalies']=="on") echo "checked"; ?>> + <?php if ($pconfig['ftp_telnet_detect_anomalies']=="on") echo "checked"; ?>/> <?php echo gettext("Alert on Telnet subnegotiation begin without corresponding subnegotiation end. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> @@ -1267,7 +1486,7 @@ if ($savemsg) { echo "checked"; elseif ($vrt_enabled == "off") echo "disabled"; - ?>> + ?>/> <?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?> <br/> <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") . @@ -1302,72 +1521,338 @@ if ($savemsg) { <input name="sdf_mask_output" type="checkbox" value="on" <?php if ($pconfig['sdf_mask_output'] == "on") echo "checked"; - ?>> + ?>/> <?php echo gettext("Replace all but last 4 digits of PII with \"X\"s on credit card and Social Security Numbers. ") . gettext("Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> </td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessors"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("POP3 Decoder Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable RPC Decode and Back Orifice detector"); ?></td> - <td width="78%" class="vtable"><input name="other_preprocs" type="checkbox" value="on" - <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>> - <?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network. Default is ") . + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable POP3 Decoder"); ?></td> + <td width="78%" class="vtable"><input name="pop_preproc" type="checkbox" value="on" + <?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?> onclick="pop_enable_change();"/> + <?php echo gettext("Normalize/Decode POP3 protocol for enforcement and buffer overflows. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> + <tbody id="pop_setting_rows"> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable POP Normalizer"); ?></td> - <td width="78%" class="vtable"><input name="pop_preproc" type="checkbox" value="on" - <?php if ($pconfig['pop_preproc']=="on") echo "checked"; ?>> - <?php echo gettext("Normalize/Decode POP protocol for enforcement and buffer overflows. Default is ") . - "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="pop_memcap" type="text" class="formfld unknown" id="pop_memcap" size="9" + value="<?=htmlspecialchars($pconfig['pop_memcap']);?>"> + <?php echo gettext("Maximum memory in bytes to use for decoding attachments. ") . + gettext("Default is ") . "<strong>" . gettext("838860") . "</strong>" . + gettext(" bytes."); ?><br/><br/> + <?php echo gettext("The minimum value is ") . "<strong>" . gettext("3276") . "</strong>" . gettext(" bytes and the maximum is ") . + "<strong>" . gettext("100 MB") . "</strong>" . gettext(" (104857600). An IMAP preprocessor alert with sid 3 is ") . + gettext("generated (when enabled) if this limit is exceeded."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Base64 Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="pop_b64_decode_depth" type="text" class="formfld unknown" id="pop_b64_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['pop_b64_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode base64 encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the base64 decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of base64 encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of base64 MIME attachments, and applies per attachment. A POP preprocessor alert with sid 4 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Quoted Printable Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="pop_qp_decode_depth" type="text" class="formfld unknown" id="pop_qp_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['pop_qp_decode_depth']);?>"> + <?php echo gettext("Byte depth to decode Quoted Printable (QP) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the QP decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of QP encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of QP MIME attachments, and applies per attachment. A POP preprocessor alert with sid 5 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable IMAP Normalizer"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Non-Encoded MIME Extraction Depth"); ?></td> + <td width="78%" class="vtable"><input name="pop_bitenc_decode_depth" type="text" class="formfld unknown" id="pop_bitenc_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['pop_bitenc_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to extract non-encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the extraction of non-encoded MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the extraction of non-encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the extraction of non-encoded MIME attachments, and applies per attachment.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unix-to-Unix Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="pop_uu_decode_depth" type="text" class="formfld unknown" id="pop_uu_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['pop_uu_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode Unix-to-Unix (UU) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the UU decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of UU encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of UU MIME attachments, and applies per attachment. A POP preprocessor alert with sid 7 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + </tbody> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IMAP Decoder Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable IMAP Decoder"); ?></td> <td width="78%" class="vtable"><input name="imap_preproc" type="checkbox" value="on" - <?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?>> - <?php echo gettext("Normalize/Decode IMAP protocol for enforcement and buffer overflows. Default is ") . - "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> + <?php if ($pconfig['imap_preproc']=="on") echo "checked"; ?> onclick="imap_enable_change();"/> + <?php echo gettext("Normalize/Decode IMAP protocol for enforcement and buffer overflows. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?> + </td> + </tr> + <tbody id="imap_setting_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="imap_memcap" type="text" class="formfld unknown" id="imap_memcap" size="9" + value="<?=htmlspecialchars($pconfig['imap_memcap']);?>"> + <?php echo gettext("Maximum memory in bytes to use for decoding attachments. ") . + gettext("Default is ") . "<strong>" . gettext("838860") . "</strong>" . + gettext(" bytes."); ?><br/><br/> + <?php echo gettext("The minimum value is ") . "<strong>" . gettext("3276") . "</strong>" . gettext(" bytes and the maximum is ") . + "<strong>" . gettext("100 MB") . "</strong>" . gettext(" (104857600). An IMAP preprocessor alert with sid 3 is ") . + gettext("generated (when enabled) if this limit is exceeded."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Base64 Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="imap_b64_decode_depth" type="text" class="formfld unknown" id="imap_b64_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['imap_b64_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode base64 encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the base64 decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of base64 encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of base64 MIME attachments, and applies per attachment. An IMAP preprocessor alert with sid 4 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Quoted Printable Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="imap_qp_decode_depth" type="text" class="formfld unknown" id="imap_qp_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['imap_qp_decode_depth']);?>"> + <?php echo gettext("Byte depth to decode Quoted Printable (QP) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the QP decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of QP encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of QP MIME attachments, and applies per attachment. An IMAP preprocessor alert with sid 5 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Non-Encoded MIME Extraction Depth"); ?></td> + <td width="78%" class="vtable"><input name="imap_bitenc_decode_depth" type="text" class="formfld unknown" id="imap_bitenc_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['imap_bitenc_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to extract non-encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the extraction of non-encoded MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the extraction of non-encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the extraction of non-encoded MIME attachments, and applies per attachment.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unix-to-Unix Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="imap_uu_decode_depth" type="text" class="formfld unknown" id="imap_uu_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['imap_uu_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode Unix-to-Unix (UU) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the UU decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of UU encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of UU MIME attachments, and applies per attachment. An IMAP preprocessor alert with sid 7 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + </tbody> + + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SMTP Decoder Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SMTP Normalizer"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SMTP Decoder"); ?></td> <td width="78%" class="vtable"><input name="smtp_preprocessor" type="checkbox" value="on" - <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?>> - <?php echo gettext("Normalize/Decode SMTP protocol for enforcement and buffer overflows. Default is ") . + <?php if ($pconfig['smtp_preprocessor']=="on") echo "checked"; ?> onclick="smtp_enable_change();"/> + <?php echo gettext("Normalize/Decode SMTP protocol for enforcement and buffer overflows. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?> + </td> + </tr> + <tbody id="smtp_setting_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td> + <td width="78%" class="vtable"> + <input name="smtp_memcap" type="text" class="formfld unknown" id="smtp_memcap" size="9" + value="<?=htmlspecialchars($pconfig['smtp_memcap']);?>"/> + <?php echo gettext("Max memory in bytes used to log filename, addresses and headers. ") . + gettext("Default is ") . "<strong>" . gettext("838860") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("The minimum value is ") . "<strong>" . gettext("3276") . "</strong>" . gettext(" bytes and the maximum is ") . + "<strong>" . gettext("100 MB") . "</strong>" . gettext(" (104857600). When this memcap is reached, ") . + gettext("SMTP will stop logging the filename, MAIL FROM address, RCPT TO addresses and email headers until memory becomes available."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Data"); ?></td> + <td width="78%" class="vtable"><input name="smtp_ignore_data" type="checkbox" value="on" + <?php if ($pconfig['smtp_ignore_data']=="on") echo "checked"; ?>/> + <?php echo gettext("Ignore data section of mail (except for mail headers) when processing rules. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore TLS Data"); ?></td> + <td width="78%" class="vtable"><input name="smtp_ignore_tls_data" type="checkbox" value="on" + <?php if ($pconfig['smtp_ignore_tls_data']=="on") echo "checked"; ?>/> + <?php echo gettext("Ignore TLS-encrypted data when processing rules. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Mail From"); ?></td> + <td width="78%" class="vtable"><input name="smtp_log_mail_from" type="checkbox" value="on" + <?php if ($pconfig['smtp_log_mail_from']=="on") echo "checked"; ?>/> + <?php echo gettext("Log sender email address extracted from MAIL FROM command. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?><br/> + <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span> + <?php echo gettext("this is logged only with the unified2 (Barnyard2) output enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Receipt To"); ?></td> + <td width="78%" class="vtable"><input name="smtp_log_rcpt_to" type="checkbox" value="on" + <?php if ($pconfig['smtp_log_rcpt_to']=="on") echo "checked"; ?>/> + <?php echo gettext("Log recipient email addresses extracted from RCPT TO command. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?><br/> + <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span> + <?php echo gettext("this is logged only with the unified2 (Barnyard2) output enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Filename"); ?></td> + <td width="78%" class="vtable"><input name="smtp_log_filename" type="checkbox" value="on" + <?php if ($pconfig['smtp_log_filename']=="on") echo "checked"; ?>/> + <?php echo gettext("Log MIME attachment filenames extracted from Content-Disposition header. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?><br/> + <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span> + <?php echo gettext("this is logged only with the unified2 (Barnyard2) output enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log E-Mail Headers"); ?></td> + <td width="78%" class="vtable"><input name="smtp_log_email_hdrs" type="checkbox" value="on" + <?php if ($pconfig['smtp_log_email_hdrs']=="on") echo "checked"; ?>/> + <?php echo gettext("Log SMTP email headers extracted from SMTP data. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?><br/> + <span class="red"><strong><?php echo gettext("Note: "); ?></strong></span> + <?php echo gettext("this is logged only with the unified2 (Barnyard2) output enabled."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("E-Mail Headers Log Depth"); ?></td> + <td width="78%" class="vtable"> + <input name="smtp_email_hdrs_log_depth" type="text" class="formfld unknown" id="smtp_email_hdrs_log_depth" size="9" + value="<?=htmlspecialchars($pconfig['smtp_email_hdrs_log_depth']);?>"/> + <?php echo gettext("Memory in bytes to use for logging e-mail headers. ") . + gettext("Default is ") . "<strong>" . gettext("1464") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("0") . "</strong>" . gettext(" to ") . + "<strong>" . gettext("20480") . "</strong>" . gettext(". A value of ") . "<strong>" . gettext("0") . "</strong>" . + gettext(" will disable e-mail headers logging."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Maximum MIME Memory"); ?></td> + <td width="78%" class="vtable"> + <input name="smtp_max_mime_mem" type="text" class="formfld unknown" id="smtp_max_mime_mem" size="9" + value="<?=htmlspecialchars($pconfig['smtp_max_mime_mem']);?>"/> + <?php echo gettext("Maximum memory in bytes to use for decoding attachments. ") . + gettext("Default is ") . "<strong>" . gettext("838860") . "</strong>" . gettext(" bytes."); ?><br/><br/> + <?php echo gettext("The minimum value is ") . "<strong>" . gettext("3276") . "</strong>" . gettext(" bytes and the maximum is ") . + "<strong>" . gettext("100 MB") . "</strong>" . gettext(" (104857600)."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Base64 Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="smtp_b64_decode_depth" type="text" class="formfld unknown" id="smtp_b64_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['smtp_b64_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode base64 encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the base64 decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of base64 encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of base64 MIME attachments, and applies per attachment. An SMTP preprocessor alert with sid 10 ") . + gettext("is generated when the decoding fails.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Quoted Printable Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="smtp_qp_decode_depth" type="text" class="formfld unknown" id="smtp_qp_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['smtp_qp_decode_depth']);?>"> + <?php echo gettext("Byte depth to decode Quoted Printable (QP) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the QP decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of QP encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of QP MIME attachments, and applies per attachment. An SMTP preprocessor alert with sid 11 ") . + gettext("is generated when the decoding fails.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Non-Encoded MIME Extraction Depth"); ?></td> + <td width="78%" class="vtable"><input name="smtp_bitenc_decode_depth" type="text" class="formfld unknown" id="smtp_bitenc_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['smtp_bitenc_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to extract non-encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the extraction of non-encoded MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the extraction of non-encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the extraction of non-encoded MIME attachments, and applies per attachment.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unix-to-Unix Decoding Depth"); ?></td> + <td width="78%" class="vtable"><input name="smtp_uu_decode_depth" type="text" class="formfld unknown" id="smtp_uu_decode_depth" size="9" value="<?=htmlspecialchars($pconfig['smtp_uu_decode_depth']);?>"> + <?php echo gettext("Depth in bytes to decode Unix-to-Unix (UU) encoded MIME attachments. Default is ") . "<strong>" . gettext("0") . "</strong>" . gettext(" (unlimited)");?>.<br/><br/> + <?php echo gettext("Allowable values range from ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" to ") . "<strong>" . gettext("65535") . "</strong>" . + gettext(". A value of ") . "<strong>" . gettext("-1") . "</strong>" . gettext(" turns off the UU decoding of MIME attachments. ") . + gettext("A value of ") . "<strong>" . gettext("0") . "</strong>" . gettext(" sets the decoding of UU encoded MIME attachments to unlimited. ") . + gettext("A value other than 0 or -1 restricts the decoding of UU MIME attachments, and applies per attachment. An SMTP preprocessor alert with sid 13 ") . + gettext("is generated (if enabled) when the decoding fails.");?> + </td> + </tr> + </tbody> + + + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessors"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable RPC Decode and Back Orifice detector"); ?></td> + <td width="78%" class="vtable"><input name="other_preprocs" type="checkbox" value="on" + <?php if ($pconfig['other_preprocs']=="on") echo "checked"; ?>/> + <?php echo gettext("Normalize/Decode RPC traffic and detects Back Orifice traffic on the network. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DCE/RPC2 Detection"); ?></td> <td width="78%" class="vtable"><input name="dce_rpc_2" type="checkbox" value="on" - <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>> + <?php if ($pconfig['dce_rpc_2']=="on") echo "checked"; ?>/> <?php echo gettext("The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SIP Detection"); ?></td> <td width="78%" class="vtable"><input name="sip_preproc" type="checkbox" value="on" - <?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['sip_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("The SIP preprocessor decodes SIP traffic and detects vulnerabilities. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable GTP Detection"); ?></td> <td width="78%" class="vtable"><input name="gtp_preproc" type="checkbox" value="on" - <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("The GTP preprocessor decodes GPRS Tunneling Protocol traffic and detects intrusion attempts."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SSH Detection"); ?></td> <td width="78%" class="vtable"><input name="ssh_preproc" type="checkbox" value="on" - <?php if ($pconfig['ssh_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['ssh_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("The SSH preprocessor detects various Secure Shell exploit attempts."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNS Detection"); ?></td> <td width="78%" class="vtable"><input name="dns_preprocessor" type="checkbox" value="on" - <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>> + <?php if ($pconfig['dns_preprocessor']=="on") echo "checked"; ?>/> <?php echo gettext("The DNS preprocessor decodes DNS response traffic and detects vulnerabilities. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> @@ -1375,7 +1860,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable SSL Data"); ?></td> <td width="78%" class="vtable"> <input name="ssl_preproc" type="checkbox" value="on" - <?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['ssl_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("SSL data searches for irregularities during SSL protocol exchange. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.</td> </tr> @@ -1386,7 +1871,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Modbus Detection"); ?></td> <td width="78%" class="vtable"> <input name="modbus_preproc" type="checkbox" value="on" - <?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['modbus_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("Modbus is a protocol used in SCADA networks. The default port is TCP 502.") . "<br/>" . "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("If your network does not contain Modbus-enabled devices, you can leave this preprocessor disabled."); ?> @@ -1396,7 +1881,7 @@ if ($savemsg) { <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNP3 Detection"); ?></td> <td width="78%" class="vtable"> <input name="dnp3_preproc" type="checkbox" value="on" - <?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>> + <?php if ($pconfig['dnp3_preproc']=="on") echo "checked"; ?>/> <?php echo gettext("DNP3 is a protocol used in SCADA networks. The default port is TCP 20000.") . "<br/>" . "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("If your network does not contain DNP3-enabled devices, you can leave this preprocessor disabled."); ?> @@ -1411,7 +1896,7 @@ if ($savemsg) { <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") . - "');\""; ?>></td> + "');\""; ?>/></td> </tr> <tr> <td width="22%" valign="top"> </td> @@ -1556,12 +2041,20 @@ function http_inspect_enable_change() { var endis = !(document.iform.http_inspect.checked); document.iform.http_inspect_memcap.disabled=endis; - // Hide the "icmp session timeout " row if stream5_track_icmp disabled - if (endis) { - document.getElementById("httpinspect_memcap_row").style.display="none"; - document.getElementById("httpinspect_maxgzipmem_row").style.display="none"; - document.getElementById("httpinspect_proxyalert_row").style.display="none"; - document.getElementById("httpinspect_engconf_row").style.display="none"; + if (!document.iform.http_inspect.checked) { + var msg = "WARNING: Disabling the http_inspect preprocessor is not recommended!\n\n"; + msg = msg + "Snort may fail to start because of other dependent preprocessors or "; + msg = msg + "rule options. Are you sure you want to disable it?\n\n"; + msg = msg + "Click OK to disable http_inspect, or CANCEL to quit."; + if (!confirm(msg)) { + document.iform.http_inspect.checked=true; + } + else { + document.getElementById("httpinspect_memcap_row").style.display="none"; + document.getElementById("httpinspect_maxgzipmem_row").style.display="none"; + document.getElementById("httpinspect_proxyalert_row").style.display="none"; + document.getElementById("httpinspect_engconf_row").style.display="none"; + } } else { document.getElementById("httpinspect_memcap_row").style.display="table-row"; @@ -1591,6 +2084,16 @@ function sf_portscan_enable_change() { } } +function appid_preproc_enable_change() { + var endis = !(document.iform.appid_preproc.checked); + + // Hide the AppID configuration rows if appid_preproc disabled + if (endis) + document.getElementById("appid_rows").style.display="none"; + else + document.getElementById("appid_rows").style.display=""; +} + function stream5_enable_change() { if (!document.iform.stream5_reassembly.checked) { var msg = "WARNING: Stream5 is a critical preprocessor, and disabling it is not recommended! "; @@ -1598,7 +2101,8 @@ function stream5_enable_change() { msg = msg + " SMTP\t\tPOP\t\tSIP\n"; msg = msg + " SENSITIVE_DATA\tSF_PORTSCAN\tDCE/RPC 2\n"; msg = msg + " IMAP\t\tDNS\t\tSSL\n"; - msg = msg + " GTP\t\tDNP3\t\tMODBUS\n\n"; + msg = msg + " GTP\t\tDNP3\t\tMODBUS\n"; + msg = msg + " APP_ID\n\n"; msg = msg + "Snort may fail to start because of other preprocessors or rule options dependent on Stream5. "; msg = msg + "Are you sure you want to disable it?\n\n"; msg = msg + "Click OK to disable Stream5, or CANCEL to quit."; @@ -1617,6 +2121,7 @@ function stream5_enable_change() { document.iform.dns_preprocessor.checked=false; document.iform.modbus_preproc.checked=false; document.iform.dnp3_preproc.checked=false; + document.iform.appid_preproc.checked=false; document.iform.sf_portscan.checked=false; sf_portscan_enable_change(); } @@ -1692,9 +2197,40 @@ function sensitive_data_enable_change() { } } +function pop_enable_change() { + var endis = !(document.iform.pop_preproc.checked); + + // Hide POP3 configuration rows if POP preprocessor disabled + if (endis) + document.getElementById("pop_setting_rows").style.display = "none"; + else + document.getElementById("pop_setting_rows").style.display = ""; +} + +function imap_enable_change() { + var endis = !(document.iform.imap_preproc.checked); + + // Hide IMAP configuration rows if IMAP preprocessor disabled + if (endis) + document.getElementById("imap_setting_rows").style.display = "none"; + else + document.getElementById("imap_setting_rows").style.display = ""; +} + +function smtp_enable_change() { + var endis = !(document.iform.smtp_preprocessor.checked); + + // Hide SMTP configuration rows if SMTP preprocessor disabled + if (endis) + document.getElementById("smtp_setting_rows").style.display = "none"; + else + document.getElementById("smtp_setting_rows").style.display = ""; +} + function enable_change_all() { http_inspect_enable_change(); sf_portscan_enable_change(); + appid_preproc_enable_change(); // -- Enable/Disable Host Attribute Table settings -- host_attribute_table_enable_change(); @@ -1746,6 +2282,9 @@ function enable_change_all() { stream5_track_icmp_enable_change(); ftp_telnet_enable_change(); sensitive_data_enable_change(); + pop_enable_change(); + imap_enable_change(); + smtp_enable_change(); } function wopen(url, name, w, h) @@ -1763,6 +2302,29 @@ function wopen(url, name, w, h) win.focus(); } +function selectAlias() { + + var loc; + var fields = [ "sf_portscan", "pscan_protocol", "pscan_type", "pscan_sense_level", "pscan_memcap", "pscan_ignore_scanners" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=pscan_ignore_scanners&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + // Set initial state of form controls enable_change_all(); diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index e69152c3..b9050b35 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -36,6 +36,7 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortdir = SNORTDIR; +$snortbindir = SNORT_PBI_BINDIR; $rules_map = array(); $categories = array(); $pconfig = array(); @@ -109,6 +110,29 @@ $categories[] = "custom.rules"; $categories[] = "decoder.rules"; $categories[] = "preprocessor.rules"; $categories[] = "sensitive-data.rules"; + +// Get any automatic rule category enable/disable modifications +// if auto-SID Mgmt is enabled, and adjust the available rulesets +// in the CATEGORY drop-down box as necessary. +$cat_mods = snort_sid_mgmt_auto_categories($a_rule[$id], FALSE); +foreach ($cat_mods as $k => $v) { + switch ($v) { + case 'disabled': + if (($key = array_search($k, $categories)) !== FALSE) + unset($categories[$key]); + break; + + case 'enabled': + if (!in_array($k, $categories)) + $categories[] = $k; + break; + + default: + break; + } +} + +// Add any enabled IPS-Policy and Auto-Flowbits File if (!empty($a_rule[$id]['ips_policy'])) $categories[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); if ($a_rule[$id]['autoflowbitrules'] == 'on') @@ -146,6 +170,9 @@ if ($currentruleset != 'custom.rules') { $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); } +/* Process the current category rules through any auto SID MGMT changes if enabled */ +snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE); + /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']); @@ -157,12 +184,16 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, - // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + // and toggle if present; otherwise, add it to the + // appropriate modified SID list. + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,6 +229,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); + + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -237,6 +272,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -274,6 +312,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -313,6 +354,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,31 +366,42 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('snort_rules'); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; $pconfig['customrules'] = ''; + + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); } elseif ($_POST['save']) { $pconfig['customrules'] = $_POST['customrules']; if ($_POST['customrules']) - $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + $a_rule[$id]['customrules'] = base64_encode(str_replace("\r\n", "\n", $_POST['customrules'])); else unset($a_rule[$id]['customrules']); write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; $output = ""; $retcode = ""; - exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); + exec("{$snortbindir}snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); if (intval($retcode) != 0) { $error = ""; $start = count($output); @@ -358,9 +413,13 @@ elseif ($_POST['save']) { else { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); - $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); - $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); + $savemsg = gettext("Custom rules validated successfully and any active Snort process on this interface has been signalled to live-load the new rules."); } + + clear_subsystem_dirty('snort_rules'); + + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); } else if ($_POST['apply']) { /* Save new configuration */ @@ -371,14 +430,24 @@ else if ($_POST['apply']) { /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_rules'); + + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); + + if (snort_is_running($snort_uuid, $if_real)) + $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); @@ -405,6 +474,11 @@ if ($savemsg) { <input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> <input type='hidden' name='sid' id='sid' value=''/> <input type='hidden' name='gid' id='gid' value=''/> + +<?php if (is_subsystem_dirty('snort_rules')): ?><p> +<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -417,7 +491,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array,true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -430,6 +506,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -564,8 +641,8 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list sorttable_nosort"> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> @@ -578,18 +655,36 @@ if ($savemsg) { </thead> <tbody> <?php - $counter = $enable_cnt = $disable_cnt = 0; + $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { $sid = $k2; $gid = $k1; - - if (isset($disablesid[$gid][$sid])) { + $ruleset = $currentruleset; + $style = ""; + + if ($v['managed'] == 1) { + if ($v['disabled'] == 1) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\""; + $title = gettext("Auto-disabled by settings on SID Mgmt tab"); + } + else { + $textss = $textse = ""; + $ruleset = "suricata.rules"; + $title = gettext("Auto-managed by settings on SID Mgmt tab"); + } + $iconb = "icon_advanced.gif"; + $managed_count++; + } + elseif (isset($disablesid[$gid][$sid])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $user_disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -602,7 +697,8 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $user_enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -632,12 +728,18 @@ if ($savemsg) { $message = snort_get_msg($v['rule']); // description field $sid_tooltip = gettext("View the raw text for this rule"); - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} - <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; - document.getElementById('gid').value='{$gid}';\" - src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" - title='{$title}' name=\"toggle[]\"/></a>{$textse} - </td> + echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}"; + if ($v['managed'] == 1) { + echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}'/>{$textse}"; + } + else { + echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse}"; + } + echo "</td> <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$gid}{$textse} </td> @@ -687,8 +789,8 @@ if ($savemsg) { <col align="left" axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list" sorttable_nosort> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Classification"); ?></th> @@ -698,17 +800,36 @@ if ($savemsg) { </thead> <tbody> <?php - $counter = $enable_cnt = $disable_cnt = 0; + $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { + $ruleset = $currentruleset; + $style = ""; $sid = snort_get_sid($v['rule']); $gid = snort_get_gid($v['rule']); - if (isset($disablesid[$gid][$sid])) { + + if ($v['managed'] == 1) { + if ($v['disabled'] == 1) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\""; + $title = gettext("Auto-disabled by settings on SID Mgmt tab"); + } + else { + $textss = $textse = ""; + $ruleset = "suricata.rules"; + $title = gettext("Auto-managed by settings on SID Mgmt tab"); + } + $iconb = "icon_advanced.gif"; + $managed_count++; + } + elseif (isset($disablesid[$gid][$sid])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $user_disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -721,7 +842,8 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $user_enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -741,12 +863,18 @@ if ($savemsg) { else $policy = "none"; - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} - <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; - document.getElementById('gid').value='{$gid}';\" - src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" - title='{$title}' name=\"toggle[]\"/>{$textse} - </td> + echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}"; + if ($v['managed'] == 1) { + echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}'/>{$textse}"; + } + else { + echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse}"; + } + echo "</td> <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$gid}{$textse} </td> @@ -788,7 +916,10 @@ if ($savemsg) { <strong><?php echo gettext("--- Category Rules Summary ---") . "</strong><br/>" . gettext("Total Rules: {$counter}") . " " . gettext("Enabled: {$enable_cnt}") . " " . - gettext("Disabled: {$disable_cnt}"); ?></td> + gettext("Disabled: {$disable_cnt}") . " " . + gettext("User Enabled: {$user_enable_cnt}") . " " . + gettext("User Disabled: {$user_disable_cnt}") . " " . + gettext("Auto-Managed: {$managed_count}"); ?></td> </tr> <tr> <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" @@ -810,6 +941,18 @@ if ($savemsg) { width="11" height="11"></td> <td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td> </tr> + <?php if (!empty($cat_mods)): ?> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule auto-enabled by files configured on SID Mgmt tab"); ?></td> + </tr> + <tr> + <td width="16"><img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule auto-disabled by files configured on SID Mgmt tab"); ?></td> + </tr> + <?php endif; ?> </table> </td> </tr> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index daf1c4ef..fff7a13c 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -53,7 +53,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE) $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; @@ -127,7 +127,9 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid if ($found_list) { write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}."); $rebuild_rules = false; + conf_mount_rw(); sync_snort_package_config(); + conf_mount_ro(); snort_reload_config($a_nat[$id]); $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); } @@ -216,7 +218,7 @@ if ($savemsg) <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> @@ -263,7 +265,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"sorttable_customkey:{$sid};\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" . "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 79365f5f..c29b1810 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -57,8 +57,11 @@ if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['autoflowbitrules'] = $a_nat[$id]['autoflowbitrules']; - $pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable']; + if (empty($a_nat[$id]['autoflowbitrules'])) + $pconfig['autoflowbitrules'] = 'on'; + else + $pconfig['autoflowbitrules'] = $a_nat[$id]['autoflowbitrules'] == 'on' ? 'on' : 'off';; + $pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable'] == 'on' ? 'on' : 'off';; $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; } @@ -93,17 +96,6 @@ if (!file_exists("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules")) if (($snortdownload == 'off') || ($a_nat[$id]['ips_policy_enable'] != 'on')) $policy_select_disable = "disabled"; -if ($a_nat[$id]['autoflowbitrules'] == 'on') { - if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && - filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { - $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; - } - else - $btn_view_flowb_rules = " disabled"; -} -else - $btn_view_flowb_rules = " disabled"; - // If a Snort VRT policy is enabled and selected, remove all Snort VRT // rules from the configured rule sets to allow automatic selection. if ($a_nat[$id]['ips_policy_enable'] == 'on') { @@ -150,7 +142,7 @@ if ($_POST["save"]) { else { $a_nat[$id]['autoflowbitrules'] = 'off'; if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) - @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); + unlink_if_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); @@ -160,7 +152,9 @@ if ($_POST["save"]) { /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); snort_generate_conf($a_nat[$id]); + conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ @@ -170,6 +164,9 @@ if ($_POST["save"]) { $enabled_rulesets_array = explode("||", $enabled_items); if (snort_is_running($snort_uuid, $if_real)) $savemsg = gettext("Snort is 'live-reloading' the new rule set."); + + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); } if ($_POST['unselectall']) { @@ -190,13 +187,26 @@ if ($_POST['unselectall']) { $enabled_rulesets_array = array(); $savemsg = gettext("All rule categories have been de-selected. "); - if ($a_nat[$id]['ips_policy_enable'] = 'on') + if ($pconfig['ips_policy_enable'] == 'on') $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); else $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!"); } if ($_POST['selectall']) { + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + + $pconfig['autoflowbits'] = $_POST['autoflowbits']; + $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; + $pconfig['ips_policy'] = $_POST['ips_policy']; + $enabled_rulesets_array = array(); if ($emergingdownload == 'on') { @@ -224,6 +234,22 @@ if ($_POST['selectall']) { } } +// Get any automatic rule category enable/disable modifications +// if auto-SID Mgmt is enabled. +$cat_mods = snort_sid_mgmt_auto_categories($a_nat[$id], FALSE); + +// Enable the VIEW button for auto-flowbits file if we have a valid flowbits file +if ($a_nat[$id]['autoflowbitrules'] == 'on') { + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && + filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { + $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; + } + else + $btn_view_flowb_rules = " disabled"; +} +else + $btn_view_flowb_rules = " disabled"; + $if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Categories"); include_once("head.inc"); @@ -259,7 +285,9 @@ if ($savemsg) { $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); - $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -272,6 +300,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -316,7 +345,7 @@ if ($savemsg) { <tr> <td width="15%" class="listn"><?php echo gettext("Resolve Flowbits"); ?></td> <td width="85%"><input name="autoflowbits" id="autoflowbitrules" type="checkbox" value="on" - <?php if ($a_nat[$id]['autoflowbitrules'] == "on" || empty($a_nat[$id]['autoflowbitrules'])) echo "checked"; ?>/> + <?php if ($pconfig['autoflowbitrules'] == "on") echo "checked"; ?>/> <span class="vexpl"><?php echo gettext("If checked, Snort will auto-enable rules required for checked flowbits. "); echo gettext("The Default is "); ?><strong><?php echo gettext("Checked."); ?></strong></span></td> </tr> @@ -342,21 +371,21 @@ if ($savemsg) { </td> </tr> <tr> - <td colspan="6" class="listtopic"><?php echo gettext("Snort IPS Policy selection"); ?><br/></td> + <td colspan="6" class="listtopic"><?php echo gettext("Snort VRT IPS Policy selection"); ?><br/></td> </tr> <tr> <td colspan="6" valign="center" class="listn"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="15%" class="listn"><?php echo gettext("Use IPS Policy"); ?></td> - <td width="85%"><input name="ips_policy_enable" id="ips_policy_enable" type="checkbox" value="on" <?php if ($a_nat[$id]['ips_policy_enable'] == "on") echo "checked"; ?> - <?php if ($snortdownload == "off") echo "disabled" ?> onClick="enable_change()"/> <span class="vexpl"> + <td width="85%"><input name="ips_policy_enable" id="ips_policy_enable" type="checkbox" value="on" <?php if ($pconfig['ips_policy_enable'] == "on") echo "checked "; ?> + <?php if ($snortdownload == "off") echo "disabled " ?> onClick="enable_change()"/> <span class="vexpl"> <?php echo gettext("If checked, Snort will use rules from one of three pre-defined IPS policies."); ?></span></td> </tr> <tr> <td width="15%" class="vncell" id="ips_col1"> </td> <td width="85%" class="vtable" id="ips_col2"> - <?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("You must be using the Snort VRT rules to use this option."); ?> + <?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("You must enable download of the Snort VRT rules to enable and use this option."); ?> <?php echo gettext("Selecting this option disables manual selection of Snort VRT categories in the list below, " . "although Emerging Threats categories may still be selected if enabled on the Global Settings tab. " . "These will be added to the pre-defined Snort IPS policy rules from the Snort VRT."); ?><br/></td> @@ -387,14 +416,25 @@ if ($savemsg) { </tr> <tr> <td colspan="6"> - <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> - <tr height="45px"> - <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td> - <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td> - <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> - <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> + <table width="95%" style="margin-left: auto; margin-right: auto;" border="0" cellpadding="2" cellspacing="0"> + <tbody> + <tr height="32px"> + <td style="vertical-align: middle;"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> + <td style="vertical-align: middle;"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> + <td style="vertical-align: middle;"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td style="vertical-align: middle;"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> + </tr> + <?php if (!empty($cat_mods)): ?> + <tr height="20px"> + <td colspan="4" style="vertical-align: middle;"><img style="vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext("- Category is auto-enabled by SID Mgmt conf files");?> + <img style="opacity: 0.4; filter: alpha(opacity=40); vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext("- Category is auto-disabled by SID Mgmt conf files");?></td> </tr> + <?php endif; ?> + </tbody> </table> + </td> </tr> <?php if ($no_community_files) $msg_community = "NOTE: Snort Community Rules have not been downloaded. Perform a Rules Update to enable them."; @@ -403,26 +443,38 @@ if ($savemsg) { $community_rules_file = GPL_FILE_PREFIX . "community.rules"; ?> <?php if ($snortcommunitydownload == 'on'): ?> - <tr id="frheader"> + <tr> <td width="5%" class="listhdrr"><?php echo gettext("Enabled"); ?></td> <td colspan="5" class="listhdrr"><?php echo gettext('Ruleset: Snort GPLv2 Community Rules');?></td> </tr> - <?php if (in_array($community_rules_file, $enabled_rulesets_array)): ?> + <?php if (isset($cat_mods[$community_rules_file])): ?> + <?php if ($cat_mods[$community_rules_file] == 'enabled') : ?> + <tr> + <td width="5%" class="listr" style="text-align: center;"> + <img src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" title="<?=gettext("Auto-managed by settings on SID Mgmt tab");?>" /></td> + <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?=gettext("{$msg_community}");?></a></td> + </tr> + <?php else: ?> + <tr> + <td width="5%" class="listr" style="text-align: center;"> + <img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" title="<?=gettext("Auto-managed by settings on SID Mgmt tab");?>" /></td> + <td colspan="5" class="listr"><?=gettext("{$msg_community}"); ?></td> + </tr> + <?php endif; ?> + <?php elseif (in_array($community_rules_file, $enabled_rulesets_array)): ?> <tr> - <td width="5" class="listr" align="center" valign="top"> + <td width="5%" class="listr" style="text-align: center;"> <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" checked="checked"/></td> - <td colspan="5" class="listr"><a href='snort_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td> + <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td> </tr> <?php else: ?> <tr> - <td width="5" class="listr" align="center" valign="top"> + <td width="5%" class="listr" style="text-align: center;"> <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" <?php if ($snortcommunitydownload == 'off') echo "disabled"; ?>/></td> <td colspan="5" class="listr"><?php echo gettext("{$msg_community}"); ?></td> </tr> - <?php endif; ?> <?php endif; ?> - <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on')) $msg_emerging = "have not been downloaded."; else @@ -432,7 +484,7 @@ if ($savemsg) { else $msg_snort = "are not enabled."; ?> - <tr id="frheader"> + <tr> <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> <td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td> @@ -487,15 +539,28 @@ if ($savemsg) { echo "<tr>\n"; if (!empty($emergingrules[$j])) { $file = $emergingrules[$j]; - echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">"; + echo "<td width='5%' class='listr' align=\"center\">"; if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) + if(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + if (isset($cat_mods[$file])) { + if (in_array($file, $enabled_rulesets_array)) + echo "<input type='hidden' name='toenable[]' value='{$file}' />\n"; + if ($cat_mods[$file] == 'enabled') { + $CHECKED = "enabled"; + echo " \n<img src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-enabled by settings on SID Mgmt tab") . "\" />\n"; + } + else { + echo " \n<img style=\"opacity: 0.4; filter: alpha(opacity=40);\" src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-disabled by settings on SID Mgmt tab") . "\" />\n"; + } + } + else { + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + } echo "</td>\n"; echo "<td class='listr' width='25%' >\n"; if (empty($CHECKED)) @@ -508,17 +573,30 @@ if ($savemsg) { if (!empty($snortrules[$j])) { $file = $snortrules[$j]; - echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; + echo "<td class='listr' width='5%' align=\"center\">"; if(is_array($enabled_rulesets_array)) { if (!empty($disable_vrt_rules)) $CHECKED = $disable_vrt_rules; - elseif(in_array($file, $enabled_rulesets_array)) + elseif(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + if (isset($cat_mods[$file])) { + if (in_array($file, $enabled_rulesets_array)) + echo "<input type='hidden' name='toenable[]' value='{$file}' />\n"; + if ($cat_mods[$file] == 'enabled') { + $CHECKED = "enabled"; + echo " \n<img src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-enabled by settings on SID Mgmt tab") . "\" />\n"; + } + else { + echo " \n<img style=\"opacity: 0.4; filter: alpha(opacity=40);\" src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-disabled by settings on SID Mgmt tab") . "\" />\n"; + } + } + else { + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + } echo "</td>\n"; echo "<td class='listr' width='25%' >\n"; if (empty($CHECKED) || $CHECKED == "disabled") @@ -528,22 +606,39 @@ if ($savemsg) { echo "</td>\n"; } else echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; + if (!empty($snortsorules[$j])) { $file = $snortsorules[$j]; echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; if(is_array($enabled_rulesets_array)) { if (!empty($disable_vrt_rules)) $CHECKED = $disable_vrt_rules; - elseif(in_array($file, $enabled_rulesets_array)) + elseif(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + if (isset($cat_mods[$file])) { + if (in_array($file, $enabled_rulesets_array)) + echo "<input type='hidden' name='toenable[]' value='{$file}' />\n"; + if ($cat_mods[$file] == 'enabled') { + $CHECKED = "enabled"; + echo " \n<img src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-enabled by settings on SID Mgmt tab") . "\" />\n"; + } + else { + echo " \n<img style=\"opacity: 0.4; filter: alpha(opacity=40);\" src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-disabled by settings on SID Mgmt tab") . "\" />\n"; + } + } + else { + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + } echo "</td>\n"; echo "<td class='listr' width='25%' >\n"; + if (empty($CHECKED) || $CHECKED == "disabled") echo $file; + else + echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; echo "</td>\n"; } else echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c632b388..de504b7f 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"/> <input type="hidden" name="type" value="<?=$type;?>"/> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> -<input type="hidden" name="returl" value="<?=$referrer;?>"/> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<input type="hidden" name="returl" value="<?=htmlspecialchars($referrer);?>"/> +<input type="hidden" name="org_querystr" value="<?=htmlspecialchars($querystr);?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort/snort_sid_mgmt.php b/config/snort/snort_sid_mgmt.php new file mode 100644 index 00000000..016cc96d --- /dev/null +++ b/config/snort/snort_sid_mgmt.php @@ -0,0 +1,606 @@ +<?php +/* + * snort_sid_mgmt.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g, $config, $rebuild_rules; + +$snortdir = SNORTDIR; +$pconfig = array(); + +// Grab saved settings from configuration +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$pconfig['auto_manage_sids'] = $config['installedpackages']['snortglobal']['auto_manage_sids']; + +// Hard-code the path where SID Mods Lists are stored +// and disregard any user-supplied path element. +$sidmods_path = SNORT_SID_MODS_PATH; + +// Set default to not show SID modification lists editor controls +$sidmodlist_edit_style = "display: none;"; + +if (!empty($_POST)) + $pconfig = $_POST; + +function snort_is_sidmodslist_active($sidlist) { + + /***************************************************** + * This function checks all the configured Snort * + * interfaces to see if the passed SID Mods List is * + * used by an interface. * + * * + * Returns: TRUE if List is in use * + * FALSE if List is not in use * + *****************************************************/ + + global $g, $config; + + if (!is_array($config['installedpackages']['snortglobal']['rule'])) + return FALSE; + + foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) { + if ($rule['enable_sid_file'] == $sidlist) { + return TRUE; + } + if ($rule['disable_sid_file'] == $sidlist) { + return TRUE; + } + if ($rule['modify_sid_file'] == $sidlist) { + return TRUE; + } + } + return FALSE; +} + +if (isset($_POST['upload'])) { + if ($_FILES["sidmods_fileup"]["error"] == UPLOAD_ERR_OK) { + $tmp_name = $_FILES["sidmods_fileup"]["tmp_name"]; + $name = basename($_FILES["sidmods_fileup"]["name"]); + move_uploaded_file($tmp_name, "{$sidmods_path}{$name}"); + } + else + $input_errors[] = gettext("Failed to upload file {$_FILES["sidmods_fileup"]["name"]}"); +} + +if (isset($_POST['sidlist_delete']) && isset($_POST['sidlist_fname'])) { + if (!snort_is_sidmodslist_active(basename($_POST['sidlist_fname']))) + unlink_if_exists($sidmods_path . basename($_POST['sidlist_fname'])); + else + $input_errors[] = gettext("This SID Mods List is currently assigned to an interface and cannot be deleted."); +} + +if (isset($_POST['sidlist_edit']) && isset($_POST['sidlist_fname'])) { + $file = $sidmods_path . basename($_POST['sidlist_fname']); + $data = file_get_contents($file); + if ($data !== FALSE) { + $sidmodlist_data = htmlspecialchars($data); + $sidmodlist_edit_style = "display: table-row-group;"; + $sidmodlist_name = basename($_POST['sidlist_fname']); + unset($data); + } + else { + $input_errors[] = gettext("An error occurred reading the file."); + } +} + +if (isset($_POST['save']) && isset($_POST['sidlist_data'])) { + if (strlen(basename($_POST['sidlist_name'])) > 0) { + $file = $sidmods_path . basename($_POST['sidlist_name']); + $data = str_replace("\r\n", "\n", $_POST['sidlist_data']); + file_put_contents($file, $data); + unset($data); + } + else { + $input_errors[] = gettext("You must provide a valid filename for the SID Mods List."); + $sidmodlist_edit_style = "display: table-row-group;"; + } +} + +if (isset($_POST['save_auto_sid_conf'])) { + $config['installedpackages']['snortglobal']['auto_manage_sids'] = $pconfig['auto_manage_sids'] ? "on" : "off"; + + // Grab the SID Mods config for the interfaces from the form's controls array + foreach ($_POST['sid_state_order'] as $k => $v) { + $a_nat[$k]['sid_state_order'] = $v; + } + foreach ($_POST['enable_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['enable_sid_file']); + continue; + } + $a_nat[$k]['enable_sid_file'] = $v; + } + foreach ($_POST['disable_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['disable_sid_file']); + continue; + } + $a_nat[$k]['disable_sid_file'] = $v; + } + foreach ($_POST['modify_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['modify_sid_file']); + continue; + } + $a_nat[$k]['modify_sid_file'] = $v; + } + + // Write the new configuration + write_config("Snort pkg: updated automatic SID management settings."); + + $intf_msg = ""; + + // If any interfaces were marked for restart, then do it + if (is_array($_POST['torestart'])) { + foreach ($_POST['torestart'] as $k) { + // Update the snort.conf file and + // rebuild rules for this interface. + $rebuild_rules = true; + conf_mount_rw(); + snort_generate_conf($a_nat[$k]); + conf_mount_ro(); + $rebuild_rules = false; + + // Signal Snort to "live reload" the rules + snort_reload_config($a_nat[$k]); + + $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; + } + $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Snort signaled to live-load the new rules."); + + // Sync to configured CARP slaves if any are enabled + snort_sync_on_changes(); + } +} + +if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) { + $file = $sidmods_path . basename($_POST['sidlist_fname']); + if (file_exists($file)) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize($file)); + header("Content-disposition: attachment; filename = " . basename($file)); + ob_end_clean(); //important or other post will fail + readfile($file); + } + else + $savemsg = gettext("Unable to locate the file specified!"); +} + +if (isset($_POST['sidlist_dnload_all_x'])) { + $save_date = date("Y-m-d-H-i-s"); + $file_name = "snort_sid_conf_files_{$save_date}.tar.gz"; + exec("cd {$sidmods_path} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *"); + + if (file_exists("{$g['tmp_path']}/{$file_name}")) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); + header("Content-disposition: attachment; filename = {$file_name}"); + ob_end_clean(); //important or other post will fail + readfile("{$g['tmp_path']}/{$file_name}"); + + // Clean up the temp file + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); + } + else + $savemsg = gettext("An error occurred while creating the gzip archive!"); +} + +// Get all files in the SID Mods Lists sub-directory as an array +// Leave this as the last thing before spewing the page HTML +// so we can pick up any changes made to files in code above. +$sidmodfiles = return_dir_as_array($sidmods_path); +$sidmodselections = array_merge(Array( "None" ), $sidmodfiles); + +$pgtitle = gettext("Snort: SID Management"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); +?> + +<form action="snort_sid_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input type="hidden" name="MAX_FILE_SIZE" value="100000000" /> +<input type="hidden" name="sidlist_fname" id="sidlist_fname" value=""/> + +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); + $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); + $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); + $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); + $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("SID Mgmt"), true, "/snort/snort_sid_mgmt.php"); + $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); + $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <?php if ($g['platform'] == "nanobsd") : ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("SID auto-management is not supported on NanoBSD installs"); ?></td> + </tr> + <?php else: ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Automatic SID State Management"); ?></td> + <td width="78%" class="vtable"><input type="checkbox" id="auto_manage_sids" name="auto_manage_sids" value="on" + <?php if ($pconfig['auto_manage_sids'] == 'on') echo " checked"; ?> onclick="enable_sid_conf();" /> <?=gettext("Enable automatic management of rule state ") . + gettext("and content using configuration files. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>";?>.<br/><br/> + <?=gettext("Snort will automatically enable/disable/modify text rules upon each update using criteria specified in configuration files. ") . + gettext("The supported configuration file format is the same as that used in the PulledPork and Oinkmaster enablesid.conf, disablesid.conf and ") . + gettext("modifysid.conf files. You can either upload existing files or create your own."); ?> + </td> + </tr> + </tbody> + <tbody id="sid_conf_rows"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SID Management Configuration Files"); ?></td> + </tr> + <tr> + <td colspan="2" class="vtable" align="center" > + <table width="100%" border="0" cellpadding="4" cellspacing="0"> + <tbody id="uploader" style="display: none;"> + <tr> + <td class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> + </tr> + <tr> + <td class="list"><input type="file" name="sidmods_fileup" id="sidmods_fileup" class="formfld file" size="50" /> + <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" + title="<?=gettext("Upload selected SID mods list to firewall");?>"/> <input type="button" + value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td> + <td class="list"></td> + </tr> + </tbody> + <tbody> + <tr> + <td> + <table id="maintable" width="100%" border="0" cellpadding="4" cellspacing="0"> + <colgroup> + <col style="width: 45%;"> + <col style="width: 25%;"> + <col style="width: 15%;"> + <col style="width: 15%;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("SID Mods List File Name"); ?></th> + <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th> + <th class="listhdrr"><?php echo gettext("File Size"); ?></th> + <th class="list" align="left"><img style="cursor:pointer;" name="sidlist_new" id="sidlist_new" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Create a new SID Mods List');?>" + onClick="document.getElementById('sidlist_data').value=''; document.getElementById('sidlist_name').value=''; document.getElementById('sidlist_editor').style.display='table-row-group'; document.getElementById('sidlist_name').focus();" /> + <img style="cursor:pointer;" name="sidlist_import" id="sidlist_import" + onClick="document.getElementById('uploader').style.display='table-row-group';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext('Import/Upload a SID Mods List');?>"/> + <input type="image" name="sidlist_dnload_all" id="sidlist_dnload_all" + src="../tree/page-file_play.gif" width="16" height="16" border="0" + title="<?php echo gettext('Download all SID Mods List files in a single gzip archive');?>"/> + </th> + </tr> + </thead> + <tbody> + <?php foreach ($sidmodfiles as $file): ?> + <tr> + <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?=date('M-d Y g:i a', filemtime("{$sidmods_path}{$file}")); ?></td> + <td class="listr"><?=format_bytes(filesize("{$sidmods_path}{$file}")); ?> </td> + <td class="list"><input type="image" name="sidlist_edit[]" id="sidlist_edit[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" + height="17" border="0" title="<?php echo gettext('Edit this SID Mods List');?>"/> + <input type="image" name="sidlist_delete[]" id="sidlist_delete[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>'; + return confirm('<?=gettext("Are you sure you want to permanently delete this file? Click OK to continue or CANCEL to quit.");?>');" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" + height="17" border="0" title="<?php echo gettext('Delete this SID Mods List');?>"/> + <input type="image" name="sidlist_dnload[]" id="sidlist_dnload[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';" + src="../tree/page-file_play.gif" width="16" height="16" border="0" + title="<?php echo gettext('Download this SID Mods List file');?>"/> + </td> + </tr> + <?php endforeach; ?> + </tbody> + <tbody id="sidlist_editor" style="<?=$sidmodlist_edit_style;?>"> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="sidlist_name" name="sidlist_name" value="<?=$sidmodlist_name;?>" /> + <input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" /> + <input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('sidlist_editor').style.display='none';" + title="<?=gettext("Abandon changes and quit editor");?>" /></td> + </tr> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="sidlist_data" id="sidlist_data" + style="width:95%; height:100%;"><?=$sidmodlist_data;?></textarea> + </td> + </tr> + </tbody> + <tbody> + <tr> + <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> + <br/><?php echo gettext("SID Mods Lists are stored as local files on the firewall and their contents are " . + "not saved as part of the firewall configuration file."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("File List Controls:"); ?></strong><br/><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the editor window to create a new SID Mods List. You must provide a valid filename before saving.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the file upload control for uploading a new SID Mods List from your local machine.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the SID Mods List in a text edit control for viewing or editing its contents.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" /> + <?=gettext("Deletes the SID Mods List from the file system after confirmation.");?><br/> + <img src="../tree/page-file_play.gif" width="16" height="16" border="0" /> + <?=gettext("Downloads the SID Mods List file to your local machine.");?><br/> + </td> + <td class="list"></td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Interface SID Management File Assignments"); ?></td> + </tr> + <tr> + <td colspan="2" class="vtable" align="center" > + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> + <tr> + <td> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="4%" align="center"> + <col width="20" align="center"> + <col width="16%" align="center"> + <col width="20%" align="center"> + <col width="20%" align="center"> + <col width="20%" align="center"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Rebuild"); ?></th> + <th class="listhdrr"><?=gettext("Interface"); ?></th> + <th class="listhdrr"><?=gettext("SID State Order"); ?></th> + <th class="listhdrr"><?=gettext("Enable SID File"); ?></th> + <th class="listhdrr"><?=gettext("Disable SID File"); ?></th> + <th class="listhdrr"><?=gettext("Modify SID File"); ?></th> + </tr> + </thead> + <tbody> + <?php foreach ($a_nat as $k => $natent): ?> + <tr> + <td class="listr" align="center"> + <input type="checkbox" name="torestart[]" id="torestart[]" value="<?=$k;?>" title="<?=gettext("Apply new configuration and rebuild rules for this interface when saving");?>" /> + </td> + <td class="listbg"><?=convert_friendly_interface_to_friendly_descr($natent['interface']); ?></td> + <td class="listr" align="center"> + <select name="sid_state_order[<?=$k?>]" class="formselect" id="sid_state_order[<?=$k?>]"> + <?php + foreach (array("disable_enable" => "Disable, Enable", "enable_disable" => "Enable, Disable") as $key => $order) { + if ($key == $natent['sid_state_order']) + echo "<option value='{$key}' selected>"; + else + echo "<option value='{$key}'>"; + echo htmlspecialchars($order) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="enable_sid_file[<?=$k?>]" class="formselect" id="enable_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['enable_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="disable_sid_file[<?=$k?>]" class="formselect" id="disable_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['disable_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="modify_sid_file[<?=$k?>]" class="formselect" id="modify_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['modify_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + </tr> + <?php endforeach; ?> + </tbody> + </table> + </td> + </tr> + <tr> + <td class="vexpl"> + </td> + </tr> + <tr> + <td> + <table width="100%" cellpadding="2" cellspacing="2" border="0"> + <tbody> + <tr> + <td colspan="2" class="vexpl" style="text-align: bottom;"><strong><span class="red"><?=gettext("Notes:");?></span></strong></td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("1.");?></td> + <td class="vexpl"><?=gettext("Check the box beside an interface to immediately apply new auto-SID management ") . + gettext("changes and signal Snort to live-load the new rules for the interface when clicking SAVE; ") . + gettext("otherwise only the new file assignments will be saved.");?> + </td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("2.");?></td> + <td class="vexpl"><?=gettext("SID State Order controls the order in which enable and disable state modifications are performed. ") . + gettext("An example would be to disable an entire category and later enable only a rule or two from it. In this case you would ") . + gettext("choose 'disable,enable' for the State Order. Note that the last action performed takes priority.");?> + </td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("3.");?></td> + <td class="vexpl"><?=gettext("The Enable SID File, Disable SID File and Modify SID File controls specify which rule modification ") . + gettext("files are run automatically for the interface. Setting a file control to 'None' disables that modification. ") . + gettext("Setting all file controls for an interface to 'None' disables automatic SID state management for the interface.");?> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + <tbody> + <tr> + <td colspan="2" class="vexpl" align="center"><input type="submit" id="save_auto_sid_conf" name="save_auto_sid_conf" class="formbtn" value="<?=gettext("Save");?>" title="<?=gettext("Save SID Management configuration");?>" /> + <?=gettext("Remember to save changes before exiting this page"); ?> + </td> + </tr> + <?php endif; ?> + </tbody> + </table> + </div> + </td></tr> + </tbody> +</table> +</form> + +<?php include("fend.inc"); ?> + +<?php if ($g['platform'] != "nanobsd") : ?> +<script type="text/javascript"> + +function enable_sid_conf() { + var endis = !document.iform.auto_manage_sids.checked; + if (endis) { + document.getElementById("sid_conf_rows").style.display = "none"; + } + else { + document.getElementById("sid_conf_rows").style.display = ""; + } +} + +enable_sid_conf(); + +</script> +<?php endif; ?> + +</body> +</html> diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml index 2b9594ea..f3db2ce9 100755 --- a/config/snort/snort_sync.xml +++ b/config/snort/snort_sync.xml @@ -53,39 +53,58 @@ POSSIBILITY OF SUCH DAMAGE. <tab> <text>Snort Interfaces</text> <url>/snort/snort_interfaces.php</url> + <no_drop_down/> </tab> <tab> <text>Global Settings</text> <url>/snort/snort_interfaces_global.php</url> + <no_drop_down/> </tab> <tab> <text>Updates</text> <url>/snort/snort_download_updates.php</url> + <no_drop_down/> </tab> <tab> <text>Alerts</text> <url>/snort/snort_alerts.php</url> + <no_drop_down/> </tab> <tab> <text>Blocked</text> <url>/snort/snort_blocked.php</url> + <no_drop_down/> </tab> <tab> <text>Pass Lists</text> <url>/snort/snort_passlist.php</url> + <no_drop_down/> </tab> <tab> <text>Suppress</text> <url>/snort/snort_interfaces_suppress.php</url> + <no_drop_down/> </tab> <tab> <text>IP Lists</text> <url>/snort/snort_ip_list_mgmt.php</url> + <no_drop_down/> + </tab> + <tab> + <text>SID Mgmt</text> + <url>/snort/snort_sid_mgmt.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Log Mgmt</text> + <url>/snort/snort_log_mgmt.php</url> + <no_drop_down/> </tab> <tab> <text>Sync</text> <url>/pkg_edit.php?xml=snort/snort_sync.xml</url> <active/> + <no_drop_down/> </tab> </tabs> <fields> @@ -188,6 +207,6 @@ POSSIBILITY OF SUCH DAMAGE. <custom_delete_php_command> </custom_delete_php_command> <custom_php_resync_config_command> - write_config();snort_sync_on_changes(); + write_config("Snort pkg: saved changes to XMLRPC sync configuration.");snort_sync_on_changes(); </custom_php_resync_config_command> </packagegui> diff --git a/config/softflowd/softflowd.xml b/config/softflowd/softflowd.xml index 149631b8..88e521a7 100644 --- a/config/softflowd/softflowd.xml +++ b/config/softflowd/softflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>softflowd</name> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <title>softflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=softflowd.xml&id=0</aftersaveredirect> <menu> @@ -103,7 +103,7 @@ config_unlock(); } - function validate_form_softflowd($post, $input_errors) { + function validate_form_softflowd($post, &$input_errors) { if (($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if (($post['port'] == "") || !is_port($post['port'])) @@ -129,7 +129,7 @@ sync_package_softflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_softflowd($_POST, &$input_errors); + validate_form_softflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_softflowd(); diff --git a/config/spamd/spamd.inc b/config/spamd/spamd.inc index 18b4e241..0bd29bd8 100644 --- a/config/spamd/spamd.inc +++ b/config/spamd/spamd.inc @@ -324,7 +324,7 @@ function spamd_install_cron($should_install) { } } -function spamd_validate_input($post, $input_errors) { +function spamd_validate_input($post, &$input_errors) { global $config, $g; $nextmta = str_replace("$", "", $post['nextmta']); if(stristr($nextmta, "{")) { diff --git a/config/spamd/spamd_settings.xml b/config/spamd/spamd_settings.xml index 2607e87f..7ed4c572 100644 --- a/config/spamd/spamd_settings.xml +++ b/config/spamd/spamd_settings.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>spamdsettings</name> - <version>0.1.0</version> + <version>1.1.1</version> <title>SpamD Settings</title> <aftersaveredirect>pkg_edit.php?xml=spamd_settings.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/spamd.inc</include_file> @@ -185,7 +185,7 @@ </field> </fields> <custom_php_validation_command> - spamd_validate_input($_POST, &$input_errors); + spamd_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_spamd(); diff --git a/config/squid-head/squid.inc b/config/squid-head/squid.inc index a735b33e..b647392c 100644 --- a/config/squid-head/squid.inc +++ b/config/squid-head/squid.inc @@ -112,7 +112,7 @@ function squid_deinstall_command() { mwexec('rm -rf ' . SQUID_CACHEDIR); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -133,7 +133,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { $icp_port = trim($post['icp_port']); if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; @@ -143,7 +143,7 @@ function squid_validate_general($post, $input_errors) { $input_errors[] = 'You must enter a valid number for the \'Redirect children\' field'; } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -165,7 +165,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -187,7 +187,7 @@ function squid_validate_cache($post, $input_errors) { } } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode(',', trim($post['allowed_subnets'])); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -222,7 +222,7 @@ function squid_validate_nac($post, $input_errors) { } } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', @@ -239,7 +239,7 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid-head/squid.xml b/config/squid-head/squid.xml index 6657e3af..4db431fc 100644 --- a/config/squid-head/squid.xml +++ b/config/squid-head/squid.xml @@ -198,10 +198,10 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_auth.xml b/config/squid-head/squid_auth.xml index 15910f97..ded7b516 100644 --- a/config/squid-head/squid_auth.xml +++ b/config/squid-head/squid_auth.xml @@ -188,7 +188,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid-head/squid_cache.xml b/config/squid-head/squid_cache.xml index 3fe0475f..6bce3d6f 100644 --- a/config/squid-head/squid_cache.xml +++ b/config/squid-head/squid_cache.xml @@ -172,7 +172,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_nac.xml b/config/squid-head/squid_nac.xml index db49a1ba..00de75e2 100644 --- a/config/squid-head/squid_nac.xml +++ b/config/squid-head/squid_nac.xml @@ -139,7 +139,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_traffic.xml b/config/squid-head/squid_traffic.xml index d69f2510..b6865596 100644 --- a/config/squid-head/squid_traffic.xml +++ b/config/squid-head/squid_traffic.xml @@ -171,7 +171,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid-head/squid_upstream.xml b/config/squid-head/squid_upstream.xml index b02a21b4..ac33b31e 100644 --- a/config/squid-head/squid_upstream.xml +++ b/config/squid-head/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid.inc b/config/squid/squid.inc index e136d9f8..0ddd1645 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -278,7 +278,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -299,7 +299,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; $settings = $config['installedpackages']['squid']['config'][0]; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); @@ -356,7 +356,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -378,7 +378,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -417,7 +417,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -456,7 +456,7 @@ function squid_validate_nac($post, $input_errors) { } } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -488,7 +488,7 @@ function squid_validate_traffic($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid/squid.xml b/config/squid/squid.xml index 32a65589..67956229 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squid</name> - <version>2.6.STABLE18</version> + <version>2.7.9 pkg v.4.3.4</version> <title>Proxy server: General settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> @@ -320,13 +320,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid_auth.xml b/config/squid/squid_auth.xml index d28beb02..e20d5609 100644 --- a/config/squid/squid_auth.xml +++ b/config/squid/squid_auth.xml @@ -220,7 +220,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid/squid_cache.xml b/config/squid/squid_cache.xml index 35c9a934..e4338ca8 100644 --- a/config/squid/squid_cache.xml +++ b/config/squid/squid_cache.xml @@ -222,7 +222,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml index 4ad3800c..96ac2fe8 100644 --- a/config/squid/squid_nac.xml +++ b/config/squid/squid_nac.xml @@ -151,7 +151,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid_traffic.xml b/config/squid/squid_traffic.xml index c660a1ea..263615dd 100644 --- a/config/squid/squid_traffic.xml +++ b/config/squid/squid_traffic.xml @@ -169,7 +169,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid/squid_upstream.xml b/config/squid/squid_upstream.xml index cd87edef..4d9b2ca2 100644 --- a/config/squid/squid_upstream.xml +++ b/config/squid/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index 0256d078..ef346e1a 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -365,7 +365,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -389,7 +389,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) { if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (substr($post['log_dir'], -1, 1) == '/') $input_errors[] = 'You may not end log location with an / mark'; @@ -451,7 +452,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -473,7 +474,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -512,7 +513,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -558,7 +559,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -589,14 +590,13 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { @@ -644,7 +641,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/31/squid.xml b/config/squid3/31/squid.xml index 53293acd..a05e9427 100644 --- a/config/squid3/31/squid.xml +++ b/config/squid3/31/squid.xml @@ -429,13 +429,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_auth.xml b/config/squid3/31/squid_auth.xml index 307669c5..8dbaae67 100644 --- a/config/squid3/31/squid_auth.xml +++ b/config/squid3/31/squid_auth.xml @@ -244,7 +244,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/31/squid_cache.xml b/config/squid3/31/squid_cache.xml index 7f371f49..50c0dca0 100644 --- a/config/squid3/31/squid_cache.xml +++ b/config/squid3/31/squid_cache.xml @@ -287,7 +287,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_nac.xml b/config/squid3/31/squid_nac.xml index 659d626f..de3d670c 100644 --- a/config/squid3/31/squid_nac.xml +++ b/config/squid3/31/squid_nac.xml @@ -178,7 +178,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index eb2d4c73..badaeebe 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -78,7 +78,7 @@ function squid_resync_reverse() { $real_ifaces[] = squid_get_real_interface_address($iface); if($real_ifaces[$i][0]) { //HTTP - if (!empty($settings['reverse_http'])) + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) @@ -90,7 +90,7 @@ function squid_resync_reverse() { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { //HTTP - if (!empty($settings['reverse_http'])) + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) @@ -100,14 +100,23 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query no-digest originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query no-digest originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -170,17 +179,25 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); - if($settings['reverse_owa_autodiscover']) - array_push($owa_dirs,'autodiscover'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); $conf .= "ignore_expect_100 on\n"; - } + } } if (is_array($owa_dirs)) foreach ($owa_dirs as $owa_dir) $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n"; - } + + if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { + $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + } + } //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) foreach ($reverse_maps as $rm){ @@ -206,8 +223,15 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 7c25c371..40fb0ec1 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -165,7 +165,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -214,14 +214,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -236,6 +236,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -245,7 +252,8 @@ <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description>If this field is checked, AutoDiscover will be enabled.</description> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> <type>checkbox</type> </field> <field> @@ -346,10 +354,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 2211bb20..1795edf5 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -149,7 +149,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -202,14 +202,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -224,6 +224,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -233,17 +240,18 @@ <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description>If this field is checked, AutoDiscover will be enabled.</description> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> <type>checkbox</type> </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_reverse_peer.xml b/config/squid3/31/squid_reverse_peer.xml index abfbf19b..b5a340e7 100644 --- a/config/squid3/31/squid_reverse_peer.xml +++ b/config/squid3/31/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/31/squid_traffic.xml b/config/squid3/31/squid_traffic.xml index 62269792..786205c1 100644 --- a/config/squid3/31/squid_traffic.xml +++ b/config/squid3/31/squid_traffic.xml @@ -195,7 +195,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/squid_upstream.xml b/config/squid3/31/squid_upstream.xml index 049d301c..45e5576a 100644 --- a/config/squid3/31/squid_upstream.xml +++ b/config/squid3/31/squid_upstream.xml @@ -349,7 +349,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/31/swapstate_check.php b/config/squid3/31/swapstate_check.php index 6ecfff3c..52a6c66c 100644 --- a/config/squid3/31/swapstate_check.php +++ b/config/squid3/31/swapstate_check.php @@ -41,6 +41,8 @@ else if ($settings['harddisk_cache_system'] != "null"){ $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $swapstate = $cachedir . '/swap.state'; + if (!file_exists($swapstate)) + return; $disktotal = disk_total_space(dirname($cachedir)); $diskfree = disk_free_space(dirname($cachedir)); $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); @@ -55,4 +57,4 @@ if ($settings['harddisk_cache_system'] != "null"){ log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); } } -?>
\ No newline at end of file +?> diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a97746e2..d9bb1549 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -382,7 +382,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' and ... array_shift($values); @@ -406,7 +406,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; if (is_array($config['installedpackages']['squid'])) $settings = $config['installedpackages']['squid']['config'][0]; @@ -472,7 +472,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['enabled'] == 'on') { $addr = trim($post['proxyaddr']); if (empty($addr)) @@ -494,7 +494,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -533,7 +533,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -579,7 +579,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -610,14 +610,13 @@ function squid_validate_traffic($post, $input_errors) { } } -function squid_validate_reverse($post, $input_errors) { +function squid_validate_reverse($post, &$input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { @@ -665,7 +661,7 @@ function squid_validate_reverse($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml index bf740221..7e13e456 100644 --- a/config/squid3/33/squid.xml +++ b/config/squid3/33/squid.xml @@ -555,13 +555,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_auth.xml b/config/squid3/33/squid_auth.xml index e71a7e8d..c79bf873 100755 --- a/config/squid3/33/squid_auth.xml +++ b/config/squid3/33/squid_auth.xml @@ -250,7 +250,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index f60863c9..612e9b73 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -312,7 +312,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_nac.xml b/config/squid3/33/squid_nac.xml index bffefb61..2e94ae58 100755 --- a/config/squid3/33/squid_nac.xml +++ b/config/squid3/33/squid_nac.xml @@ -183,7 +183,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 08c7b388..152d3d12 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -58,8 +58,27 @@ function squid_resync_reverse() { $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; } } + } + //Add Ca certificate for Client Validation + if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") { + $clientca_cert=lookup_ca($settings["reverse_ssl_clientca"]); + $clientca_prm=''; + if ( $clientca_cert != false){ + if(base64_decode($clientca_cert['crt'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt",sq_text_area_decode($clientca_cert['crt'])); + $clientca_prm = "clientca=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientca"]}.crt "; + } + } + $crl=lookup_crl($settings["reverse_ssl_clientcrl"]); + crl_update($crl); + if ( $crl != false){ + if(base64_decode($crl['text'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text'])); + $clientca_prm .= "crlfile=" . SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl sslflags=VERIFY_CRL "; + } + } } - + if (!empty($settings['reverse_int_ca'])) file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); @@ -78,22 +97,19 @@ function squid_resync_reverse() { $real_ifaces[] = squid_get_real_interface_address($iface); if($real_ifaces[$i][0]) { //HTTP - if (!empty($settings['reverse_http'])) + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) - $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} ".$clientca_prm."key={$reverse_key} defaultsite={$https_defsite} vhost\n"; } } if(!empty($settings['reverse_ip'])) { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { - //IPv6 Addresses need to be enclosed in brackets - if (strpos($reip, ':')) $reip = '[' . $reip . ']'; - //HTTP - if (!empty($settings['reverse_http'])) + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; //HTTPS if (!empty($settings['reverse_https'])) @@ -103,14 +119,23 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -173,17 +198,24 @@ function squid_resync_reverse() { array_push($owa_dirs,'Microsoft-Server-ActiveSync'); if($settings['reverse_owa_rpchttp']) array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); - if($settings['reverse_owa_autodiscover']) - array_push($owa_dirs,'autodiscover'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); if($settings['reverse_owa_webservice']){ array_push($owa_dirs,'EWS'); - //$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3 - } + } } if (is_array($owa_dirs)) foreach ($owa_dirs as $owa_dir) $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n"; - } + + if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { + $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + } + } //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) foreach ($reverse_maps as $rm){ @@ -209,8 +241,15 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } @@ -222,4 +261,17 @@ function squid_resync_reverse() { return $conf; } +function squid_refresh_crl() +{ + global $config; + if (isset($settings["reverse_check_clientca"]) && $settings["reverse_check_clientca"] == "on") { + $crl=lookup_crl($settings["reverse_ssl_clientcrl"]); + crl_update($crl); + if ( $crl != false){ + if(base64_decode($crl['text'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_clientcrl"]}.crl",base64_decode($crl['text'])); + } + } + } +} ?> diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 7c25c371..40fb0ec1 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -165,7 +165,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -214,14 +214,14 @@ <fieldname>reverse_owa</fieldname> <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -236,6 +236,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -245,7 +252,8 @@ <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description>If this field is checked, AutoDiscover will be enabled.</description> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> <type>checkbox</type> </field> <field> @@ -346,10 +354,10 @@ </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 374666d7..6969ae6a 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -149,7 +149,7 @@ <fieldname>reverse_https</fieldname> <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> <type>checkbox</type> - <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> </field> @@ -193,6 +193,33 @@ <type>checkbox</type> <default_value>on</default_value> </field> + <field> + <fielddescr>Check Client certificate</fielddescr> + <fieldname>reverse_check_clientca</fieldname> + <description>If this field is checked, Client certificate will be checked.</description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + + <field> + <fielddescr>CA Client certificate</fielddescr> + <fieldname>reverse_ssl_clientca</fieldname> + <description>Choose CA certificate to authenticate clients.</description> + <type>select_source</type> + <source><![CDATA[$config['ca']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>Revocation List</fielddescr> + <fieldname>reverse_ssl_clientcrl</fieldname> + <description>Choose CRL.</description> + <type>select_source</type> + <source><![CDATA[$config['crl']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> <name>OWA Reverse proxy General Settings</name> <type>listtopic</type> @@ -200,19 +227,16 @@ <field> <fielddescr>Enable OWA reverse proxy</fielddescr> <fieldname>reverse_owa</fieldname> - <description><![CDATA[If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.<br><br> - See also:<br> - <a target=_new href='http://support.microsoft.com/?scid=kb%3Ben-us%3B327800&x=17&y=16'>How to configure SSL Offloading for Outlook Web Access in Exchange 2000 Server and in Exchange Server 2003</a> - ]]></description> + <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>This is the internal IP Address of the OWA frontend server.</description> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> <type>input</type> - <size>15</size> + <size>70</size> </field> <field> <fielddescr>Enable ActiveSync</fielddescr> @@ -227,6 +251,13 @@ <type>checkbox</type> </field> <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> @@ -236,17 +267,18 @@ <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description>If this field is checked, AutoDiscover will be enabled.</description> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> <type>checkbox</type> </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_reverse_peer.xml b/config/squid3/33/squid_reverse_peer.xml index abfbf19b..b5a340e7 100755 --- a/config/squid3/33/squid_reverse_peer.xml +++ b/config/squid3/33/squid_reverse_peer.xml @@ -156,12 +156,12 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_reverse($_POST, &$input_errors); + squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/33/squid_traffic.xml b/config/squid3/33/squid_traffic.xml index 82e849c1..85822fef 100755 --- a/config/squid3/33/squid_traffic.xml +++ b/config/squid3/33/squid_traffic.xml @@ -200,7 +200,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/squid_upstream.xml b/config/squid3/33/squid_upstream.xml index 407cedd8..f8e467b7 100755 --- a/config/squid3/33/squid_upstream.xml +++ b/config/squid3/33/squid_upstream.xml @@ -353,7 +353,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/33/swapstate_check.php b/config/squid3/33/swapstate_check.php index a0b3c98b..616b8fd9 100644 --- a/config/squid3/33/swapstate_check.php +++ b/config/squid3/33/swapstate_check.php @@ -42,6 +42,8 @@ else if ($settings['harddisk_cache_system'] != "null"){ $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $swapstate = $cachedir . '/swap.state'; + if (!file_exists($swapstate)) + return; $disktotal = disk_total_space(dirname($cachedir)); $diskfree = disk_free_space(dirname($cachedir)); $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); @@ -55,4 +57,4 @@ if ($settings['harddisk_cache_system'] != "null"){ log_error(gettext(sprintf("Squid cache and/or swap.state exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); } } -?>
\ No newline at end of file +?> diff --git a/config/squid3/34/check_ip.php b/config/squid3/34/check_ip.php new file mode 100644 index 00000000..5865037b --- /dev/null +++ b/config/squid3/34/check_ip.php @@ -0,0 +1,88 @@ +#!/usr/local/bin/php -q +<?php +/* $Id$ */ +/* + check_ip.php + Copyright (C) 2013-2015 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("config.inc"); +error_reporting(0); +// stdin loop +if (! defined(STDIN)) { + define("STDIN", fopen("php://stdin", "r")); +} +if (! defined(STDOUT)){ + define("STDOUT", fopen('php://stdout', 'w')); + } +while( !feof(STDIN)){ + $line = trim(fgets(STDIN)); + // %SRC + +unset($cp_db); +$files=scandir($g['vardb_path']); +foreach ($files as $file){ + if (preg_match("/captive.*db/",$file)){ + $result=squid_cp_read_db("{$g['vardb_path']}/{$file}"); + foreach ($result as $rownum => $row){ + $cp_db[$rownum]=implode(",",$row); + } + } + } + + $usuario=""; + //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first + if (is_array($cp_db)){ + foreach ($cp_db as $cpl){ + $fields=explode(",",$cpl); + if ($fields[4] != "" && $fields[4]==$line) + $usuario=$fields[8]; + } + } + if ($usuario !="") + $resposta="OK user={$usuario}"; + else + $resposta="ERR"; + fwrite (STDOUT, "{$resposta}\n"); + unset($cp_db); +} + +/* read captive portal DB into array */ +function squid_cp_read_db($file) { + $cpdb = array(); + $DB = new SQLite3($file); + if ($DB) { + $response = $DB->query("SELECT * FROM captiveportal"); + if ($response != FALSE) { + while ($row = $response->fetchArray()) + $cpdb[] = $row; + } + $DB->close(); + } + + return $cpdb; +} + +?> + diff --git a/config/squid3/34/pkg_squid.inc b/config/squid3/34/pkg_squid.inc new file mode 100644 index 00000000..47b64e2d --- /dev/null +++ b/config/squid3/34/pkg_squid.inc @@ -0,0 +1,11 @@ +<?php + +global $shortcuts; + +$shortcuts['squid'] = array(); +$shortcuts['squid']['main'] = "pkg_edit.php?xml=squid.xml"; +$shortcuts['squid']['log'] = "squid_monitor.php"; +$shortcuts['squid']['status'] = "status_services.php"; +$shortcuts['squid']['service'] = "squid"; + +?>
\ No newline at end of file diff --git a/config/squid3/34/sqpmon.sh b/config/squid3/34/sqpmon.sh new file mode 100644 index 00000000..244b3b61 --- /dev/null +++ b/config/squid3/34/sqpmon.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# $Id$ */ +# +# sqpmon.sh +# Copyright (C) 2006 Scott Ullrich +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +if [ `pgrep -f "sqpmon.sh"|wc -l` -ge 1 ]; then + exit 0 +fi + +set -e + +LOOP_SLEEP=55 + +if [ -f /var/run/squid_alarm ]; then + rm /var/run/squid_alarm +fi + +# Sleep 5 seconds on startup not to mangle with existing boot scripts. +sleep 5 + +# Squid monitor 1.2 +while [ /bin/true ]; do + if [ ! -f /var/run/squid_alarm ]; then + NUM_PROCS=`ps auxw | grep "[s]quid -f"|awk '{print $2}'| wc -l | awk '{ print $1 }'` + if [ $NUM_PROCS -lt 1 ]; then + # squid is down + echo "Squid has exited. Reconfiguring filter." | \ + logger -p daemon.info -i -t Squid_Alarm + echo "Attempting restart..." | logger -p daemon.info -i -t Squid_Alarm + /usr/local/etc/rc.d/squid.sh start + sleep 3 + echo "Reconfiguring filter..." | logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + touch /var/run/squid_alarm + fi + fi + NUM_PROCS=`ps auxw | grep "[s]quid -f"|awk '{print $2}'| wc -l | awk '{ print $1 }'` + if [ $NUM_PROCS -gt 0 ]; then + if [ -f /var/run/squid_alarm ]; then + echo "Squid has resumed. Reconfiguring filter." | \ + logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + rm /var/run/squid_alarm + fi + fi + sleep $LOOP_SLEEP +done + +if [ -f /var/run/squid_alarm ]; then + rm /var/run/squid_alarm +fi diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc new file mode 100755 index 00000000..0e5a173c --- /dev/null +++ b/config/squid3/34/squid.inc @@ -0,0 +1,2463 @@ +<?php +/* $Id$ */ +/* + squid.inc + Copyright (C) 2006-2009 Scott Ullrich + Copyright (C) 2006 Fernando Lemos + Copyright (C) 2012 Martin Fuchs + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2013 Gekkenhuis + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once('globals.inc'); +require_once('config.inc'); +require_once('util.inc'); +require_once('pfsense-utils.inc'); +require_once('pkg-utils.inc'); +require_once('service-utils.inc'); + +if(!function_exists("filter_configure")) + require_once("filter.inc"); + +$shortcut_section = "squid"; +if (is_dir('/usr/pbi/squid-' . php_uname("m"))) { + define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m")); + define('SQUID_LOCALBASE', SQUID_BASE . "/local"); +} else { + define('SQUID_BASE', '/usr/local'); + define('SQUID_LOCALBASE', '/usr/local'); +} + +define('SQUID_CONFBASE', SQUID_LOCALBASE .'/etc/squid'); +define('SQUID_CONFFILE', SQUID_CONFBASE . '/squid.conf'); +define('SQUID_BASE', '/var/squid/'); +define('SQUID_ACLDIR', '/var/squid/acl'); +define('SQUID_PASSWD', '/var/etc/squid.passwd'); +define('SQUID_LIB','/var/squid/lib'); +define('SQUID_SSL_DB','/var/squid/lib/ssl_db'); + +$valid_acls = array(); + +$uname=posix_uname(); +if ($uname['machine']=='amd64') + ini_set('memory_limit', '250M'); + + function sq_text_area_decode($text){ + return preg_replace('/\r\n/', "\n",base64_decode($text)); +} + + +function squid_get_real_interface_address($iface) { + global $config; + + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + + return array($ip, long2ip(hexdec($netmask))); +} + +function squid_chown_recursive($dir, $user, $group) { + chown($dir, $user); + chgrp($dir, $group); + $handle = opendir($dir) ; + while (($item = readdir($handle)) !== false) { + if (($item != ".") && ($item != "..")) { + $path = "$dir/$item"; + // Recurse unless it's the cache dir, that is slow and rarely necessary. + if (is_dir($path) && (basename($dir) != "cache")) + squid_chown_recursive($path, $user, $group); + elseif (is_file($path)) { + chown($path, $user); + chgrp($path, $group); + } + } + } +} + +function squid_check_clamav_user($user) + { + exec("/usr/sbin/pw usershow {$user}",$sq_ex_output,$sq_ex_return); + $user_arg=($sq_ex_return == 0?"mod":"add"); + exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin",$sq_ex_output,$sq_ex_return); + if ($sq_ex_return != 0) + log_error("Squid - Could not change clamav user settings. ".serialize($sq_ex_output)); + } + +/* setup cache */ +function squid_dash_z($cache_action='none') { + global $config; + + //Do nothing if there is no cache config + if (!is_array($config['installedpackages']['squidcache']['config'])) + return; + + $settings = $config['installedpackages']['squidcache']['config'][0]; + + // If the cache system is null, there is no need to initialize the (irrelevant) cache dir. + if ($settings['harddisk_cache_system'] == "null") + return; + + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + + if ($cache_action=="clean"){ + rename ($cachedir,"{$cachedir}.old"); + mwexec_bg("/bin/rm -rf {$cachedir}.old"); + } + + if(!is_dir($cachedir.'/')) { + log_error("Creating Squid cache dir $cachedir"); + make_dirs($cachedir); + // Double check permissions here, should be safe to recurse cache dir if it's small here. + mwexec("/usr/sbin/chown -R proxy:proxy $cachedir"); + } + + if(!is_dir($cachedir.'/00/')) { + log_error("Creating squid cache subdirs in $cachedir"); + mwexec(SQUID_BASE. "/sbin/squid -k shutdown -f " . SQUID_CONFFILE); + sleep(5); + mwexec(SQUID_BASE. "/sbin/squid -k kill -f " . SQUID_CONFFILE); + // Double check permissions here, should be safe to recurse cache dir if it's small here. + mwexec("/usr/sbin/chown -R proxy:proxy $cachedir"); + mwexec(SQUID_BASE. "/sbin/squid -z -f " . SQUID_CONFFILE); + } + + if(file_exists("/var/squid/cache/swap.state")) { + chown("/var/squid/cache/swap.state", "proxy"); + chgrp("/var/squid/cache/swap.state", "proxy"); + exec("chmod a+rw /var/squid/cache/swap.state"); + } + +} + +function squid_is_valid_acl($acl) { + global $valid_acls; + if(!is_array($valid_acls)) + return; + return in_array($acl, $valid_acls); +} + +function squid_install_command() { + global $config; + global $g; + update_status("Checking if there is configuration to migrate... One moment please..."); + /* migrate existing csv config fields */ + if (is_array($config['installedpackages']['squidauth']['config'])) + $settingsauth = $config['installedpackages']['squidauth']['config'][0]; + if (is_array($config['installedpackages']['squidcache']['config'])) + $settingscache = $config['installedpackages']['squidcache']['config'][0]; + if (is_array($config['installedpackages']['squidnac']['config'])) + $settingsnac = $config['installedpackages']['squidnac']['config'][0]; + if (is_array($config['installedpackages']['squid']['config'])) + $settingsgen = $config['installedpackages']['squid']['config'][0]; + + if (file_exists("/usr/local/pkg/check_ip.php")) + rename("/usr/local/pkg/check_ip.php",SQUID_LOCALBASE . "/libexec/squid/check_ip.php"); + /* Set storage system */ + if ($g['platform'] == "nanobsd") { + $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_system'] = 'null'; + } + + /* migrate auth settings */ + if (!empty($settingsauth['no_auth_hosts'])) { + if(strstr($settingsauth['no_auth_hosts'], ",")) { + $settingsauth['no_auth_hosts'] = base64_encode(implode("\n", explode(",", $settingsauth['no_auth_hosts']))); + $config['installedpackages']['squidauth']['config'][0]['no_auth_hosts'] = $settingsauth['no_auth_hosts']; + } + } + + /* migrate cache settings */ + if (!empty($settingscache['donotcache'])) { + if(strstr($settingscache['donotcache'], ",")) { + $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); + $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; + } + } + + /* migrate nac settings */ + if(! empty($settingsnac['allowed_subnets'])) { + if(strstr($settingsnac['allowed_subnets'], ",")) { + $settingsnac['allowed_subnets'] = base64_encode(implode("\n", explode(",", $settingsnac['allowed_subnets']))); + $config['installedpackages']['squidnac']['config'][0]['allowed_subnets'] = $settingsnac['allowed_subnets']; + } + } + if(! empty($settingsnac['banned_hosts'])) { + if(strstr($settingsnac['banned_hosts'], ",")) { + $settingsnac['banned_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_hosts']))); + $config['installedpackages']['squidnac']['config'][0]['banned_hosts'] = $settingsnac['banned_hosts']; + } + } + + if(! empty($settingsnac['banned_macs'])) { + if(strstr($settingsnac['banned_macs'], ",")) { + $settingsnac['banned_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['banned_macs']))); + $config['installedpackages']['squidnac']['config'][0]['banned_macs'] = $settingsnac['banned_macs']; + } + } + + if(! empty($settingsnac['unrestricted_hosts'])) { + if(strstr($settingsnac['unrestricted_hosts'], ",")) { + $settingsnac['unrestricted_hosts'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_hosts']))); + $config['installedpackages']['squidnac']['config'][0]['unrestricted_hosts'] = $settingsnac['unrestricted_hosts']; + } + } + + if(! empty($settingsnac['unrestricted_macs'])) { + if(strstr($settingsnac['unrestricted_macs'], ",")) { + $settingsnac['unrestricted_macs'] = base64_encode(implode("\n", explode(",", $settingsnac['unrestricted_macs']))); + $config['installedpackages']['squidnac']['config'][0]['unrestricted_macs'] = $settingsnac['unrestricted_macs']; + } + } + + if(! empty($settingsnac['whitelist'])) { + if(strstr($settingsnac['whitelist'], ",")) { + $settingsnac['whitelist'] = base64_encode(implode("\n", explode(",", $settingsnac['whitelist']))); + $config['installedpackages']['squidnac']['config'][0]['whitelist'] = $settingsnac['whitelist']; + } + } + + if(! empty($settingsnac['blacklist'])) { + if(strstr($settingsnac['blacklist'], ",")) { + $settingsnac['blacklist'] = base64_encode(implode("\n", explode(",", $settingsnac['blacklist']))); + $config['installedpackages']['squidnac']['config'][0]['blacklist'] = $settingsnac['blacklist']; + } + } + + if(! empty($settingsnac['block_user_agent'])) { + if(strstr($settingsnac['block_user_agent'], ",")) { + $settingsnac['block_user_agent'] = base64_encode(implode("\n", explode(",", $settingsnac['block_user_agent']))); + $config['installedpackages']['squidnac']['config'][0]['block_user_agent'] = $settingsnac['block_user_agent']; + } + } + + if(! empty($settingsnac['block_reply_mime_type'])) { + if(strstr($settingsnac['block_reply_mime_type'], ",")) { + $settingsnac['block_reply_mime_type'] = base64_encode(implode("\n", explode(",", $settingsnac['block_reply_mime_type']))); + $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; + } + } + + /*Migrate reverse settings*/ + if (is_array($config['installedpackages']['squidreverse'])){ + $old_reverse_settings=$config['installedpackages']['squidreverse']['config'][0]; + + //Settings + if (!is_array($config['installedpackages']['squidreversegeneral'])){ + $config['installedpackages']['squidreversegeneral']['config'][0]=$old_reverse_settings; + unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); + unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); + unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); + } + + //PEERS + if (!is_array($config['installedpackages']['squidreversepeer'])){ + foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) + foreach (explode(";",$cache_peers) as $cache_peer) + $config['installedpackages']['squidreversepeer']['config'][]=array('description'=>'migrated', + 'enable'=> 'on', + 'name'=> $cache_peer[0], + 'port'=> $cache_peer[1], + 'protocol' => $cache_peer[2]); + } + + //MAPPINGS + if (!is_array($config['installedpackages']['squidreverseuri'])){ + foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls){ + foreach (explode(";",$acls) as $acl) + array_push(${'peer_'.$acl[0]},$acl[1]); + } + foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) + foreach (explode(";",$uris) as $uri){ + $peer_list=(is_array(${'peer_'.$uri[0]})?implode(",",${'peer_'.$uri[0]}):""); + $config['installedpackages']['squidreverseuri']['config'][]=array('description'=>'migrated', + 'enable'=> 'on', + 'name'=> $uri[0], + 'uri'=> $uri[1], + 'vhost' => $uri[2], + 'peers'=>$peer_list); + } + } + } + + update_status("Writing configuration... One moment please..."); + + write_config(); + + /* create cache */ + update_status("Creating squid cache pools... One moment please..."); + squid_dash_z(); + /* make sure pinger is executable */ + if(file_exists(SQUID_LOCALBASE. "/libexec/squid/pinger")) + exec("/bin/chmod a+x ". SQUID_LOCALBASE. "/libexec/squid/pinger"); + if(file_exists("/usr/local/etc/rc.d/squid")) + exec("/bin/rm /usr/local/etc/rc.d/squid"); + squid_write_rcfile(); + if(file_exists("/usr/local/pkg/swapstate_check.php")) + exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); + write_rcfile(array( + "file" => "sqp_monitor.sh", + "start" => "/usr/local/pkg/sqpmon.sh &", + "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill")); + + foreach (array( SQUID_CONFBASE, + SQUID_ACLDIR, + SQUID_BASE, + SQUID_LIB, + SQUID_SSL_DB ) as $dir) { + make_dirs($dir); + squid_chown_recursive($dir, 'proxy', 'proxy'); + } + + /* kill any running proxy alarm scripts */ + update_status("Checking for running processes... One moment please..."); + log_error("Stopping any running proxy monitors"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + sleep(1); + + if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default')) + copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf'); + + update_status("Checking cache... One moment please..."); + squid_dash_z(); + + if (!is_service_running('squid')) { + update_status("Starting... One moment please..."); + log_error("Starting Squid"); + mwexec_bg(SQUID_BASE. "/sbin/squid -f " . SQUID_CONFFILE); + } else { + update_status("Reloading Squid for configuration sync... One moment please..."); + log_error("Reloading Squid for configuration sync"); + mwexec_bg(SQUID_BASE. "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE); + } + + /* restart proxy alarm scripts */ + log_error("Starting a proxy monitor script"); + mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); + + update_status("Reconfiguring filter... One moment please..."); + filter_configure(); +} + +function squid_deinstall_command() { + global $config, $g; + $plswait_txt = "This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."; + squid_install_cron(false); + if (is_array($config['installedpackages']['squidcache'])) + $settings = $config['installedpackages']['squidcache']['config'][0]; + else + $settings = array(); + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); + update_status("Removing cache ... One moment please..."); + update_output_window("$plswait_txt"); + mwexec_bg('rm -rf $cachedir'); + mwexec('rm -rf $logdir'); + update_status("Finishing package cleanup."); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + mwexec('rm -f /usr/local/etc/rc.d/sqp_monitor.sh'); + mwexec("ps awux | grep \"squid\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); + mwexec("ps awux | grep \"dnsserver\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); + mwexec("ps awux | grep \"unlinkd\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); + update_status("Reloading filter..."); + filter_configure(); +} + +function squid_before_form_general(&$pkg) { + $values = get_dir(SQUID_CONFBASE . '/errors/'); + // Get rid of '..' and '.' and ... + array_shift($values); + array_shift($values); + array_shift($values); + array_shift($values); + + $name = array(); + foreach ($values as $value) + $names[] = implode(" ", explode("_", $value)); + + $i = 0; + foreach ($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'error_language') + break; + $i++; + } + $field = &$pkg['fields']['field'][$i]; + + for ($i = 0; $i < count($values) - 1; $i++) + $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); +} + +function squid_validate_general($post, &$input_errors) { + global $config; + if (is_array($config['installedpackages']['squid'])) + $settings = $config['installedpackages']['squid']['config'][0]; + else + $settings = array(); + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $port = $post['proxy_port'] ? $post['proxy_port'] : $port; + + $icp_port = trim($post['icp_port']); + if (!empty($icp_port) && !is_port($icp_port)) + $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + + if (substr($post['log_dir'], -1, 1) == '/') + $input_errors[] = 'You may not end log location with an / mark'; + + if ($post['log_dir']{0} != '/') + $input_errors[] = 'You must start log location with a / mark'; + if (strlen($post['log_dir']) <= 3) + $input_errors[] = "That is not a valid log location dir"; + + $log_rotate = trim($post['log_rotate']); + if (!empty($log_rotate) && (!is_numeric($log_rotate) or ($log_rotate < 1))) + + $input_errors[] = 'You must enter a valid number of days in the \'Log rotate\' field'; + + $webgui_port = $config['system']['webgui']['port']; + if(($config['system']['webgui']['port'] == "") && ($config['system']['webgui']['protocol'] == "http")) { + $webgui_port = 80; + } + if(($config['system']['webgui']['port'] == "") && ($config['system']['webgui']['protocol'] == "https")) { + $webgui_port = 443; + } + + if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) { + $input_errors[] = "You can not run squid on the same port as the webgui"; + } + + if (($post['ssl_proxy'] == 'on') && ( $post['dca'] == '')) { + $input_errors[] = "SSL interception cannot be enabled without a CA."; + } + + foreach (array('defined_ip_proxy_off') as $hosts) { + foreach (explode(";", $post[$hosts]) as $host) { + $host = trim($host); + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + } + } + foreach (array('defined_ip_proxy_off_dest') as $hosts) { + foreach (explode(";", $post[$hosts]) as $host) { + $host = trim($host); + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) + $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + } + } + + if(!empty($post['dns_nameservers'])) { + $altdns = explode(";", ($post['dns_nameservers'])); + foreach ($altdns as $dnssrv) { + if (!is_ipaddr($dnssrv)) + $input_errors[] = 'You must enter a valid IP address in the \'Alternate DNS servers\' field'; + break; + }} +} + +function squid_validate_upstream($post, &$input_errors) { + if ($post['enabled'] == 'on') { + $addr = trim($post['proxyaddr']); + if (empty($addr)) + $input_errors[] = 'The field \'Hostname\' is required'; + else { + if (!is_ipaddr($addr) && !is_domain($addr)) + $input_errors[] = 'You must enter a valid IP address or host name in the \'Proxy hostname\' field'; + } + + foreach (array('proxyport' => 'TCP port', 'icpport' => 'ICP port') as $field => $name) { + $port = trim($post[$field]); + if (empty($port)) + $input_errors[] = "The field '$name' is required"; + else { + if (!is_port($port)) + $input_errors[] = "The field '$name' must contain a valid port number, between 0 and 65535"; + } + } + } +} + +function squid_validate_cache($post, &$input_errors) { + $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', + 'memory_cache_size' => 'Memory cache size', + 'maximum_object_size' => 'Maximum object size', + ); + foreach ($num_fields as $field => $name) { + $value = trim($post[$field]); + if (!is_numeric($value) || ($value < 0)) + $input_errors[] = "You must enter a valid value for '$field'"; + } + + $value = trim($post['minimum_object_size']); + if (!is_numeric($value) || ($value < 0)) + $input_errors[] = 'You must enter a valid value for \'Minimum object size\''; + + if (!empty($post['cache_swap_low'])) { + $value = trim($post['cache_swap_low']); + if (!is_numeric($value) || ($value > 100)) + $input_errors[] = 'You must enter a valid value for \'Low-water-mark\''; + } + + if (!empty($post['cache_swap_high'])) { + $value = trim($post['cache_swap_high']); + if (!is_numeric($value) || ($value > 100)) + $input_errors[] = 'You must enter a valid value for \'High-water-mark\''; + } + + if ($post['donotcache'] != "") { + foreach (split("\n", $post['donotcache']) as $host) { + $host = trim($host); + if (!is_ipaddr($host) && !is_domain($host)) + $input_errors[] = "The host '$host' is not a valid IP or host name"; + } + } + + squid_dash_z(); + +} + +function squid_validate_nac($post, &$input_errors) { + $allowed_subnets = explode("\n", $post['allowed_subnets']); + foreach ($allowed_subnets as $subnet) { + $subnet = trim($subnet); + if (!empty($subnet) && !is_subnet($subnet)) + $input_errors[] = "The subnet '$subnet' is not a valid CIDR range"; + } + + foreach (array( 'unrestricted_hosts', 'banned_hosts') as $hosts) { + + if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@",$_POST[$hosts],$matches)){ + for ($x=0;$x < count($matches[1]);$x++){ + if ($matches[2][$x] == ""){ + if (!is_ipaddr($matches[1][$x])) + $input_errors[] = "'{$matches[1][$x]}' is not a valid IP address"; + } + else{ + if (!is_subnet($matches[0][$x])) + $input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range"; + } + } + } + } + + foreach (array('unrestricted_macs', 'banned_macs') as $macs) { + foreach (explode("\n", $post[$macs]) as $mac) { + $mac = trim($mac); + if (!empty($mac) && !is_macaddr($mac)) + $input_errors[] = "The mac '$mac' is not a valid MAC address"; + } + } + + foreach (explode(",", $post['timelist']) as $time) { + $time = trim($time); + if (!empty($time) && !squid_is_timerange($time)) + $input_errors[] = "The time range '$time' is not a valid time range"; + } + + if(!empty($post['ext_cachemanager'])) { + $extmgr = explode(";", ($post['ext_cachemanager'])); + foreach ($extmgr as $mgr) { + if (!is_ipaddr($mgr)) + $input_errors[] = 'You must enter a valid IP address in the \'External Cache Manager\' field'; + }} +} + +function squid_validate_traffic($post, &$input_errors) { + $num_fields = array( 'max_download_size' => 'Maximum download size', + 'max_upload_size' => 'Maximum upload size', + 'perhost_throttling' => 'Per-host bandwidth throttling', + 'overall_throttling' => 'Overall bandwidth throttling', + ); + foreach ($num_fields as $field => $name) { + $value = trim($post[$field]); + if (!is_numeric($value) || ($value < 0)) + $input_errors[] = "The field '$name' must contain a positive number"; + } + + if (!empty($post['quick_abort_min'])) { + $value = trim($post['quick_abort_min']); + if (!is_numeric($value)) + $input_errors[] = "The field 'Finish when remaining KB' must contain a positive number"; + } + + if (!empty($post['quick_abort_max'])) { + $value = trim($post['quick_abort_max']); + if (!is_numeric($value)) + $input_errors[] = "The field 'Abort when remaining KB' must contain a positive number"; + } + + if (!empty($post['quick_abort_pct'])) { + $value = trim($post['quick_abort_pct']); + if (!is_numeric($value) || ($value > 100)) + $input_errors[] = "The field 'Finish when remaining %' must contain a percentage"; + } +} + +function squid_validate_reverse($post, &$input_errors) { + + if(!empty($post['reverse_ip'])) { + $reverse_ip = explode(";", ($post['reverse_ip'])); + foreach ($reverse_ip as $reip) { + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; + }} + + $fqdn = trim($post['reverse_external_fqdn']); + if (!empty($fqdn) && !is_domain($fqdn)) + $input_errors[] = 'The field \'external FQDN\' must contain a valid domain name'; + + $port = trim($post['reverse_http_port']); + if (!empty($port) && !is_port($port)) + $input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number'; + + $port = trim($post['reverse_https_port']); + if (!empty($port) && !is_port($port)) + $input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number'; + + if ($post['reverse_ssl_cert'] == 'none') + $input_errors[] = 'A valid certificate for the external interface must be selected'; + + if (($post['reverse_https'] != 'on') && ($post['reverse_owa'] == 'on')) { + $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; + } + + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} + + $contents = $post['reverse_cache_peer']; + if(!empty($contents)) { + $defs = explode("\r\n", ($contents)); + foreach ($defs as $def) { + $cfg = explode(";",($def)); + if (!is_ipaddr($cfg[1])) + $input_errors[] = "please choose a valid IP in the cache peer configuration."; + if (!is_port($cfg[2])) + $input_errors[] = "please choose a valid port in the cache peer configuration."; + if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) + $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration."; + }} + + +} + +function squid_validate_auth($post, &$input_errors) { + $num_fields = array( array('auth_processes', 'Authentication processes', 1), + array('auth_ttl', 'Authentication TTL', 0), + ); + foreach ($num_fields as $field) { + $value = trim($post[$field[0]]); + if (!empty($value) && (!is_numeric($value) || ($value < $field[2]))) + $input_errors[] = "The field '{$field[1]}' must contain a valid number greater than {$field[2]}"; + } + + $auth_method = $post['auth_method']; + if (($auth_method != 'none') && ($auth_method != 'local') && ($auth_method != 'cp')) { + $server = trim($post['auth_server']); + if (empty($server)) + $input_errors[] = 'The field \'Authentication server\' is required'; + else if (!is_ipaddr($server) && !is_domain($server)) + $input_errors[] = 'The field \'Authentication server\' must contain a valid IP address or domain name'; + + $port = trim($post['auth_server_port']); + if (!empty($port) && !is_port($port)) + $input_errors[] = 'The field \'Authentication server port\' must contain a valid port number'; + + switch ($auth_method) { + case 'ldap': + $user = trim($post['ldap_user']); + if (empty($user)) + $input_errors[] = 'The field \'LDAP server user DN\' is required'; + else if (!$user) + $input_errors[] = 'The field \'LDAP server user DN\' must be a valid domain name'; + break; + case 'radius': + $secret = trim($post['radius_secret']); + if (empty($secret)) + $input_errors[] = 'The field \'RADIUS secret\' is required'; + break; + case 'msnt': + foreach (explode(",", trim($post['msnt_secondary'])) as $server) { + if (!empty($server) && !is_ipaddr($server) && !is_domain($server)) + $input_errors[] = "The host '$server' is not a valid IP address or domain name"; + } + break; + } + + $no_auth = explode("\n", $post['no_auth_hosts']); + foreach ($no_auth as $host) { + $host = trim($host); + if (!empty($host) && !is_subnet($host)) + $input_errors[] = "The host '$host' is not a valid CIDR range"; + } + } +} + +function squid_install_cron($should_install) { + global $config, $g; + if($g['booting']==true) + return; + $rotate_is_installed = false; + $swapstate_is_installed = false; + + if(!$config['cron']['item']) + return; + + if (is_array($config['installedpackages']['squidcache'])) + $settings = $config['installedpackages']['squidcache']['config'][0]; + else + $settings = array(); + + $x=0; + $rotate_job_id=-1; + $swapstate_job_id=-1; + $cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); + $cron_cmd .= SQUID_BASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE; + $need_write = false; + foreach($config['cron']['item'] as $item) { + if(strstr($item['task_name'], "squid_rotate_logs")) { + $rotate_job_id = $x; + if ($item['command'] != $cron_cmd){ + $config['cron']['item'][$x]['command']=$cron_cmd; + $need_write = true; + } + } elseif(strstr($item['task_name'], "squid_check_swapstate")) { + $swapstate_job_id = $x; + } + $x++; + } + switch($should_install) { + case true: + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + if($rotate_job_id < 0) { + $cron_item['command']=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); + $cron_item = array(); + $cron_item['task_name'] = "squid_rotate_logs"; + $cron_item['minute'] = "0"; + $cron_item['hour'] = "0"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] .= $cron_cmd; + /* Add this cron_item as a new entry at the end of the item array. */ + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($swapstate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_check_swapstate"; + $cron_item['minute'] = "*/15"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; + /* Add this cron_item as a new entry at the end of the item array. */ + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Adding Squid Cron Jobs"); + } + break; + case false: + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($swapstate_job_id >= 0) { + unset($config['cron']['item'][$swapstate_job_id]); + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Removing Squid Cron Jobs"); + } + break; + } + configure_cron(); +} + +function squid_check_ca_hashes(){ + global $config,$g; + + #check certificates + $cert_count=0; + if (is_dir(SQUID_LOCALBASE. '/share/certs')) + if ($handle = opendir(SQUID_LOCALBASE.'/share/certs')) { + while (false !== ($file = readdir($handle))) + if (preg_match ("/\d+.0/",$file)) + $cert_count++; + } + closedir($handle); + if ($cert_count < 10){ + conf_mount_rw(); + #create ca-root hashes from ca-root-nss package + log_error("Creating root certificate bundle hashes from the Mozilla Project"); + $cas=file(SQUID_LOCALBASE.'/share/certs/ca-root-nss.crt'); + $cert=0; + foreach ($cas as $ca){ + if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) + $cert=1; + if ($cert == 1) + $crt.=$ca; + if (preg_match("/-END CERTIFICATE-/",$ca)){ + file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); + $cert_hash=array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); + file_put_contents(SQUID_LOCALBASE."/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); + $crt=""; + $cert=0; + } + } + } +} + +function squid_resync_general() { + global $g, $config, $valid_acls; + + if (is_array($config['installedpackages']['squid'])) + $settings = $config['installedpackages']['squid']['config'][0]; + else + $settings=array(); + $conf = "# This file is automatically generated by pfSense\n"; + $conf .= "# Do not edit manually !\n\n"; + #Check ssl interception + if (($settings['ssl_proxy'] == 'on')) { + squid_check_ca_hashes(); + $srv_cert = lookup_ca($settings["dca"]); + if ($srv_cert != false) { + if(base64_decode($srv_cert['prv'])) { + #check if ssl_db was initilized by squid + if (! file_exists("/var/squid/lib/ssl_db/serial")){ + if (is_dir("/var/squid/lib/ssl_db")){ + mwexec("/bin/rm -rf /var/squid/lib/ssl_db"); + } + mwexec(SQUID_LOCALBASE."/libexec/squid/ssl_crtd -c -s /var/squid/lib/ssl_db/"); + } + #force squid user permission on /var/squid/lib/ssl_db/ + squid_chown_recursive("/var/squid/lib/ssl_db/", 'proxy', 'proxy'); + # cert, key, version, cipher,options, clientca, cafile, capath, crlfile, dhparams,sslflags, and sslcontext + $crt_pk=SQUID_CONFBASE."/serverkey.pem"; + $crt_capath=SQUID_LOCALBASE."/share/certs/"; + file_put_contents($crt_pk,base64_decode($srv_cert['prv']).base64_decode($srv_cert['crt'])); + $sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5); + $ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk} capath={$crt_capath}\n"; + $interception_checks = "sslcrtd_program ".SQUID_LOCALBASE."/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048\n"; + $interception_checks .= "sslcrtd_children {$sslcrtd_children}\n"; + $interception_checks .= "sslproxy_capath {$crt_capath}\n"; + if (preg_match("/sslproxy_cert_error/",$settings["interception_checks"])) + $interception_checks.="sslproxy_cert_error allow all\n"; + if (preg_match("/sslproxy_flags/",$settings["interception_checks"])) + $interception_checks.="sslproxy_flags DONT_VERIFY_PEER\n"; + if ($settings["interception_adapt"] != ""){ + foreach (explode(",",$settings["interception_adapt"]) as $adapt) + $interception_checks.="sslproxy_cert_adapt {$adapt} all\n"; + } + } + } + } + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $ssl_port = ($settings['ssl_proxy_port'] ? $settings['ssl_proxy_port'] : 3127); + +#Read assigned interfaces + $real_ifaces = array(); + + if($settings['active_interface']) + $proxy_ifaces = explode(",", $settings['active_interface']); + else + $proxy_ifaces=array("lan"); + + if ($settings['transparent_proxy']=="on"){ + $transparent_ifaces = explode(",", $settings['transparent_active_interface']); + foreach ($transparent_ifaces as $t_iface){ + $t_iface_ip = squid_get_real_interface_address($t_iface); + if($t_iface_ip[0]) + $real_ifaces[]=$t_iface_ip; + } + } + else{ + $transparent_ifaces=array(); + } + + if ($settings['ssl_proxy']=="on"){ + $ssl_ifaces = explode(",", $settings['ssl_active_interface']); + foreach ($ssl_ifaces as $s_iface){ + $s_iface_ip = squid_get_real_interface_address($s_iface); + if($s_iface_ip[0]) + $real_ifaces[]=$s_iface_ip; + } + } + else{ + $ssl_ifaces=array(); + } + + #check all proxy interfaces selected + foreach ($proxy_ifaces as $iface) { + $iface_ip = squid_get_real_interface_address($iface); + if($iface_ip[0]) { + $real_ifaces[]=$iface_ip; + if (in_array($iface,$ssl_ifaces)) + $conf .= "http_port {$iface_ip[0]}:{$port} {$ssl_interception}\n"; + else + $conf .= "http_port {$iface_ip[0]}:{$port}\n"; + } + } + + if (($settings['transparent_proxy'] == 'on')) { + if ($settings['ssl_proxy'] == "on" && count($ssl_ifaces)>0){ + $conf .= "http_port 127.0.0.1:{$port} intercept {$ssl_interception}\n"; + $conf .= "https_port 127.0.0.1:{$ssl_port} intercept {$ssl_interception}\n"; + } + else{ + $conf .= "http_port 127.0.0.1:{$port} intercept\n"; + } + } + $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0); + $dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" ); + $pidfile = "{$g['varrun_path']}/squid.pid"; + $language = ($settings['error_language'] ? $settings['error_language'] : 'en'); + $icondir = SQUID_CONFBASE . '/icons'; + $hostname = ($settings['visible_hostname'] ? $settings['visible_hostname'] : 'localhost'); + $email = ($settings['admin_email'] ? $settings['admin_email'] : 'admin@localhost'); + + $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); + if (! is_dir($logdir)){ + make_dirs($logdir); + squid_chown_recursive($logdir, 'proxy', 'proxy'); + } + $logdir_cache = $logdir . '/cache.log'; + $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); + $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on'; + $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger"; + + $conf .= <<< EOD +icp_port {$icp_port} +dns_v4_first {$dns_v4_first} +pid_filename {$pidfile} +cache_effective_user proxy +cache_effective_group proxy +error_default_language {$language} +icon_directory {$icondir} +visible_hostname {$hostname} +cache_mgr {$email} +access_log {$logdir_access} +cache_log {$logdir_cache} +cache_store_log none +netdb_filename {$logdir}/netdb.state +pinger_enable {$pinger_helper} +pinger_program {$pinger_program} +{$interception_checks} + +EOD; + +// Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen. +$rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate']; +$conf .= "logfile_rotate {$rotate}\n"; +$conf .= "debug_options rotate={$rotate}\n"; +squid_install_cron(true); + + $conf .= <<< EOD +shutdown_lifetime 3 seconds + +EOD; + + if ($settings['allow_interface'] == 'on') { + $src = ''; + foreach ($real_ifaces as $iface) { + list($ip, $mask) = $iface; + $ip = long2ip(ip2long($ip) & ip2long($mask)); + $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); + if (!preg_match("@$ip/$mask@",$src)) + $src .= " $ip/$mask"; + } + $conf .= "# Allow local network(s) on interface(s)\n"; + $conf .= "acl localnet src $src\n"; + $valid_acls[] = 'localnet'; + } + if ($settings['disable_xforward']) $conf .= "forwarded_for off\n"; + if ($settings['disable_via']) $conf .= "via off\n"; + if ($settings['disable_squidversion']) $conf .= "httpd_suppress_version_string on\n"; + if (!empty($settings['uri_whitespace'])) $conf .= "uri_whitespace {$settings['uri_whitespace']}\n"; + else $conf .= "uri_whitespace strip\n"; //only used for first run + + if(!empty($settings['dns_nameservers'])) { + $altdns = explode(";", ($settings['dns_nameservers'])); + $conf .= "dns_nameservers "; + foreach ($altdns as $dnssrv) { + $conf .= $dnssrv." "; + } +// $conf .= "\n"; //Kill blank line after DNS-Servers + } + + return $conf; +} + + +function squid_resync_cache() { + global $config, $g; + if (is_array($config['installedpackages']['squidcache'])) + $settings = $config['installedpackages']['squidcache']['config'][0]; + else + $settings = array(); + //apply cache settings + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + $disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100); + $level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16); + $memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 8); + $max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size']." KB" : "10 KB"); + $min_objsize = ($settings['minimum_object_size'] ? $settings['minimum_object_size'] : 0); + $max_objsize_in_mem = ($settings['maximum_objsize_in_mem'] ? $settings['maximum_objsize_in_mem'] : 32); + $cache_policy = ($settings['cache_replacement_policy'] ? $settings['cache_replacement_policy'] : 'heap LFUDA'); + $memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF'); + $offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off'); + $conf = ''; + if (!isset($settings['harddisk_cache_system'])) { + if ($g['platform'] == "nanobsd" || !is_array ($config['installedpackages']['squidcache']['config'])) + $disk_cache_system = 'null'; + else + $disk_cache_system = 'ufs'; + } + else{ + $disk_cache_system = $settings['harddisk_cache_system']; + } + #'null' storage type dropped. In-memory cache is always present. Remove all cache_dir options to prevent on-disk caching. + if ($disk_cache_system != "null") { + $disk_cache_opts = "cache_dir {$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256"; + } +//check dynamic content +if(empty($settings['cache_dynamic_content'])){ + $conf.='acl dynamic urlpath_regex cgi-bin \?'."\n"; + $conf.="cache deny dynamic\n"; +} +else{ + if(preg_match('/youtube/',$settings['refresh_patterns'])){ + $conf.=<<< EOC +# Break HTTP standard for flash videos. Keep them in cache even if asked not to. +refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private + +# Let the clients favorite video site through with full caching +acl youtube dstdomain .youtube.com +cache allow youtube + +EOC; + } + if(preg_match('/windows/',$settings['refresh_patterns'])){ + $conf.=<<< EOC + +# Windows Update refresh_pattern +range_offset_limit -1 +refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims +refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims +refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims + +EOC; + } + +if(preg_match('/symantec/',$settings['refresh_patterns'])){ + $conf.=<<< EOC + +# Symantec refresh_pattern +range_offset_limit -1 +refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims +refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims + +EOC; + } +if(preg_match('/avast/',$settings['refresh_patterns'])){ + $conf.=<<< EOC + +# Avast refresh_pattern +range_offset_limit -1 +refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims + +EOC; + } +if(preg_match('/avira/',$settings['refresh_patterns'])){ + $conf.=<<< EOC + +# Avira refresh_pattern +range_offset_limit -1 +refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims + +EOC; + } + $refresh_conf=<<< EOC + +# Add any of your own refresh_pattern entries above these. +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 +refresh_pattern . 0 20% 4320 + +EOC; +} + + If ($settings['custom_refresh_patterns'] !="") + $conf .= sq_text_area_decode($settings['custom_refresh_patterns'])."\n"; + + $conf .= <<< EOD + +cache_mem $memory_cache_size MB +maximum_object_size_in_memory {$max_objsize_in_mem} KB +memory_replacement_policy {$memory_policy} +cache_replacement_policy {$cache_policy} +$disk_cache_opts +minimum_object_size {$min_objsize} KB +maximum_object_size {$max_objsize} +offline_mode {$offline_mode} + +EOD; + + if (!empty($settings['cache_swap_low'])) $conf .= "cache_swap_low {$settings['cache_swap_low']}\n"; + if (!empty($settings['cache_swap_high'])) $conf .= "cache_swap_high {$settings['cache_swap_high']}\n"; + + $donotcache = sq_text_area_decode($settings['donotcache']); + if (!empty($donotcache)) { + file_put_contents(SQUID_ACLDIR . '/donotcache.acl', $donotcache); + $conf .= 'acl donotcache dstdomain "' . SQUID_ACLDIR . "/donotcache.acl\"\n"; + $conf .= "cache deny donotcache\n"; + } + elseif (file_exists(SQUID_ACLDIR . '/donotcache.acl')) { + unlink(SQUID_ACLDIR . '/donotcache.acl'); + } + $conf .= "cache allow all\n"; + return $conf.$refresh_conf; +} + +function squid_resync_upstream() { + global $config; + $conf = "\n#Remote proxies\n"; + if (is_array($config['installedpackages']['squidremote']['config'])) + foreach ($config['installedpackages']['squidremote']['config'] as $settings){ + if ($settings['enable'] == 'on') { + $conf .= "cache_peer {$settings['proxyaddr']} {$settings['hierarchy']} {$settings['proxyport']} "; + if ($settings['icpport'] == '7') + $conf .= "{$settings['icpport']} {$settings['icpoptions']} {$settings['peermethod']} {$settings['allowmiss']} "; + else + $conf .= "{$settings['icpport']} "; + #auth settings + if (!empty($settings['username']) && !empty($settings['password'])){ + $conf .= " login={$settings['username']}:{$settings['password']}"; + } + else{ + $conf .= "{$settings['authoption']} "; + } + #other options settings + if (!empty($settings['weight'])) + $conf .= "weight={$settings['weight']} "; + if (!empty($settings['basetime'])) + $conf .= "basetime={$settings['basetime']} "; + if (!empty($settings['ttl'])) + $conf .= "ttl={$settings['ttl']} "; + if (!empty($settings['nodelay'])) + $conf .= "no-delay"; + } + $conf .= "\n"; + } + return $conf; +} + +function squid_resync_redirector() { + global $config; + + $httpav_enabled = ($config['installedpackages']['clamav']['config'][0]['scan_http'] == 'on'); + if ($httpav_enabled) { + $conf = "url_rewrite_program /usr/local/bin/squirm\n"; + } else { + $conf = "# No redirector configured\n"; + } + return $conf; +} + +function squid_resync_nac() { + global $config, $valid_acls; + + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + if (is_array($config['installedpackages']['squidnac'])) + $settings = $config['installedpackages']['squidnac']['config'][0]; + else + $settings = array(); + $webgui_port = $config['system']['webgui']['port']; + $addtl_ports = $settings['addtl_ports']; + $addtl_sslports = $settings['addtl_sslports']; + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $ssl_port = ($settings['ssl_proxy_port'] ? $settings['ssl_proxy_port'] : 3127); + $conf = <<< EOD + +# Setup some default acls +# From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. +# acl localhost src 127.0.0.1/32 +acl allsrc src all +acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port $ssl_port 1025-65535 $addtl_ports +acl sslports port 443 563 $webgui_port $addtl_sslports + +# From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. +#acl manager proto cache_object + +acl purge method PURGE +acl connect method CONNECT + +# Define protocols used for redirects +acl HTTP proto HTTP +acl HTTPS proto HTTPS + +EOD; + + $allowed_subnets = preg_replace("/\s+/"," ",sq_text_area_decode($settings['allowed_subnets'])); + #$allowed = ""; + #foreach ($allowed_subnets as $subnet) { + # if(!empty($subnet)) { + # $subnet = trim($subnet); + # $allowed .= "$subnet "; + # } + #} + if (!empty($allowed_subnets)) { + $conf .= "acl allowed_subnets src $allowed_subnets\n"; + $valid_acls[] = 'allowed_subnets'; + } + + $options = array( 'unrestricted_hosts' => 'src', + 'banned_hosts' => 'src', + 'whitelist' => 'dstdom_regex -i', + 'blacklist' => 'dstdom_regex -i', + 'block_user_agent' => 'browser -i', + 'block_reply_mime_type' => 'rep_mime_type -i', + ); + foreach ($options as $option => $directive) { + $contents = sq_text_area_decode($settings[$option]); + if (!empty($contents)) { + file_put_contents(SQUID_ACLDIR . "/$option.acl", $contents); + $conf .= "acl $option $directive \"" . SQUID_ACLDIR . "/$option.acl\"\n"; + $valid_acls[] = $option; + } + elseif (file_exists(SQUID_ACLDIR . "/$option.acl")) { + unlink(SQUID_ACLDIR . "/$option.acl"); + } + } + + $conf .= <<< EOD +http_access allow manager localhost + +EOD; + + if (is_array($config['installedpackages']['squidcache'])){ + $settings_ch = $config['installedpackages']['squidcache']['config'][0]; + if(!empty($settings_ch['ext_cachemanager'])) { + $extmgr = explode(";", ($settings_ch['ext_cachemanager'])); + $conf .= "\n# Allow external cache managers\n"; + foreach ($extmgr as $mgr) { + $conf .= "acl ext_manager src {$mgr}\n"; + } + $conf .= "http_access allow manager ext_manager\n"; + } + } + + $conf .= <<< EOD + +http_access deny manager +http_access allow purge localhost +http_access deny purge +http_access deny !safeports +http_access deny CONNECT !sslports + +# Always allow localhost connections +# From 3.2 further configuration cleanups have been done to make things easier and safer. +# The manager, localhost, and to_localhost ACL definitions are now built-in. +# http_access allow localhost + +EOD; + + return $conf; +} + +function squid_resync_antivirus(){ + global $config; + + if (is_array($config['installedpackages']['squidantivirus'])) + $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0]; + else + $antivirus_config = array(); + + if ($antivirus_config['enable']=="on"){ + switch ($antivirus_config['client_info']){ + case "both": + $icap_send_client_ip="on"; + $icap_send_client_username="on"; + break; + case "IP": + $icap_send_client_ip="on"; + $icap_send_client_username="off"; + break; + case "username": + $icap_send_client_ip="off"; + $icap_send_client_username="on"; + break; + case "none": + $icap_send_client_ip="off"; + $icap_send_client_username="off"; + break; + } + if (is_array($config['installedpackages']['squid'])) + $squid_config=$config['installedpackages']['squid']['config'][0]; + $clwarn="clwarn.cgi.en_EN"; + if (preg_match("/de/i",$squid_config['error_language'])) + $clwarn="clwarn.cgi.de_DE"; + if (preg_match("/ru/i",$squid_config['error_language'])) + $clwarn="clwarn.cgi.ru_RU"; + if (preg_match("/fr/i",$squid_config['error_language'])) + $clwarn="clwarn.cgi.fr_FR"; + if (preg_match("/pt_br/i",$squid_config['error_language'])) + $clwarn="clwarn.cgi.pt_BR"; + $clwarn_file="/usr/local/www/clwarn.cgi"; + copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}",$clwarn_file); + + #fix perl path on clwarn.cgi + $clwarn_file_new=file_get_contents($clwarn_file); + $c_pattern[]="@/usr/\S+/perl@"; + $c_replacement[]=SQUID_BASE."/bin/perl"; + /*$c_pattern[]="@redirect \S+/clwarn.cgi@"; + $gui_proto=$config['system']['webgui']['protocol']; + $gui_port=$config['system']['webgui']['port']; + if($gui_port == "") { + $gui_port($gui_proto == "http"?"80":"443"); + } + $c_replacement[]=SQUID_LOCALBASE."redirect {$gui_proto}://127.0.0.1:{$gui_port}/clwarn.cgi"; + */ + $clwarn_file_new=preg_replace($c_pattern, $c_replacement,$clwarn_file_new); + file_put_contents($clwarn_file, $clwarn_file_new,LOCK_EX); + + #fix clwarn.cgi file permission + chmod($clwarn_file,0755); + + $conf = <<< EOF +icap_enable on +icap_send_client_ip {$icap_send_client_ip} +icap_send_client_username {$icap_send_client_username} +icap_client_username_encode off +icap_client_username_header X-Authenticated-User +icap_preview_enable on +icap_preview_size 1024 + +icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav +icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav + +adaptation_access service_req allow all +adaptation_access service_resp allow all + +EOF; + #check if icap is enabled on rc.conf.local + if (file_exists("/etc/rc.conf.local")){ + $rc_old_file=file("/etc/rc.conf.local"); + foreach ($rc_old_file as $rc_line){ + if (preg_match("/^(c_icap_enable|clamav_clamd_enable)/",$rc_line,$matches)){ + $rc_file.=$matches[1].'="YES"'."\n"; + ${$matches[1]}="ok"; + } + else + $rc_file.=$rc_line; + } + } + if (!isset($c_icap_enable)) + $rc_file.='c_icap_enable="YES"'."\n"; + if (!isset($clamav_clamd_enable)) + $rc_file.='clamav_clamd_enable="YES"'."\n"; + file_put_contents("/etc/rc.conf.local",$rc_file,LOCK_EX); + squid_check_clamav_user('clamav'); + #patch sample files to pfsense dirs + #squidclamav.conf + if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")) + if (file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default")){ + $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default"); + $clamav_m[0]="@/var/run/clamav/clamd.ctl@"; + $clamav_r[0]="/var/run/clamav/clamd.sock"; + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($clamav_m,$clamav_r,$sample_file),LOCK_EX); + } + #c-icap.conf + if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")) + if (file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default")){ + $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default"); + if (! preg_match ("/squidclamav/")) + $sample_file.="\nService squidclamav squidclamav.so\n"; + + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",$sample_file,LOCK_EX); + } + $loadsample=0; + if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")){ + $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")); + $loadsample++; + } + if ($antivirus_config['c-icap_conf'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")){ + $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")); + $loadsample++; + } + if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default")){ + $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.default")); + $loadsample++; + } + if($loadsample > 0){ + write_config(); + $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0]; + } + #check dirs + $dirs=array("/var/run/c-icap" => "clamav", + "/var/log/c-icap" => "clamav", + "/var/log/clamav" => "clamav", + "/var/run/clamav" => "clamav", + "/var/db/clamav" => "clamav"); + foreach ($dirs as $dir_path => $dir_user){ + if (!is_dir($dir_path)) + make_dirs($dir_path); + squid_chown_recursive($dir_path, $dir_user, "wheel"); + } + #Check clamav database + if (count(glob("/var/db/clamav/*d"))==0){ + log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam on background."); + mwexec_bg(SQUID_BASE."/bin/freshclam"); + } + $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d"); + foreach($rcd_files as $rcd_file) + if (!file_exists("/usr/local/etc/rc.d/{$rcd_file}")) + symlink (SQUID_LOCALBASE."/etc/rc.d/{$rcd_file}","/usr/local/etc/rc.d/{$rcd_file}"); + + #write advanced icap config files + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf",base64_decode($antivirus_config['squidclamav']),LOCK_EX); + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf",base64_decode($antivirus_config['c-icap_conf']),LOCK_EX); + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic",base64_decode($antivirus_config['c-icap_magic']),LOCK_EX); + + #check antivirus daemons + #check icap + if (is_process_running("c-icap")){ + mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); + } + else{ + #check c-icap user on startup file + $c_icap_rcfile="/usr/local/etc/rc.d/c-icap"; + if (file_exists($c_icap_rcfile)){ + $sample_file=file_get_contents($c_icap_rcfile); + $cicapm[0]="@c_icap_user=.*}@"; + $cicapr[0]='c_icap_user="clamav"}'; + file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX); + } + mwexec_bg("/usr/local/etc/rc.d/c-icap start"); + } + #check clamav + if (is_process_running("clamd")) + mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload"); + else + mwexec_bg("/usr/local/etc/rc.d/clamav-clamd start"); + } +return $conf; +} + +function squid_resync_traffic() { + global $config, $valid_acls; + + if(!is_array($valid_acls)) + return; + if (is_array($config['installedpackages']['squidtraffic'])) + $settings = $config['installedpackages']['squidtraffic']['config'][0]; + else + $settings = array(); + + $conf = ''; + if (!empty($settings['quick_abort_min']) || ($settings['quick_abort_min']) == "0") + $conf .= "quick_abort_min {$settings['quick_abort_min']} KB\n"; + if (!empty($settings['quick_abort_max']) || ($settings['quick_abort_max']) == "0") + $conf .= "quick_abort_max {$settings['quick_abort_max']} KB\n"; + if (!empty($settings['quick_abort_pct'])) + $conf .= "quick_abort_pct {$settings['quick_abort_pct']}\n"; + + $up_limit = ($settings['max_upload_size'] ? $settings['max_upload_size'] : 0); + $down_limit = ($settings['max_download_size'] ? $settings['max_download_size'] : 0); + $conf .= "request_body_max_size $up_limit KB\n"; + if ($down_limit != 0) + $conf .= 'reply_body_max_size ' . $down_limit . " KB allsrc \n"; + + + // Only apply throttling past 10MB + // XXX: Should this really be hardcoded? + $threshold = 10 * 1024 * 1024; + $overall = $settings['overall_throttling']; + if (!isset($overall) || ($overall == 0)) + $overall = -1; + else + $overall *= 1024; + $perhost = $settings['perhost_throttling']; + if (!isset($perhost) || ($perhost == 0)) + $perhost = -1; + else + $perhost *= 1024; + $conf .= <<< EOD +delay_pools 1 +delay_class 1 2 +delay_parameters 1 $overall/$overall $perhost/$perhost +delay_initial_bucket_level 100 + +EOD; + + if(! empty($settings['unrestricted_hosts'])) { + foreach (array('unrestricted_hosts') as $item) { + if (in_array($item, $valid_acls)) + $conf .= "# Do not throttle unrestricted hosts\n"; + $conf .= "delay_access 1 deny $item\n"; + } + } + + if ($settings['throttle_specific'] == 'on') { + $exts = array(); + $binaries = 'bin,cab,sea,ar,arj,tar,tgz,gz,tbz,bz2,zip,7z,exe,com'; + $cdimages = 'iso,bin,mds,nrg,gho,bwt,b5t,pqi'; + $multimedia = 'aiff?,asf,avi,divx,mov,mp3,mp4,wmv,mpe?g,qt,ra?m'; + foreach (array( 'throttle_binaries' => $binaries, + 'throttle_cdimages' => $cdimages, + 'throttle_multimedia' => $multimedia) as $field => $set) { + if ($settings[$field] == 'on') + $exts = array_merge($exts, explode(",", $set)); + } + + foreach (explode(",", $settings['throttle_others']) as $ext) { + if (!empty($ext)) $exts[] = $ext; + } + + $contents = ''; + foreach ($exts as $ext) + $contents .= "\.$ext\$\n"; + file_put_contents(SQUID_ACLDIR . '/throttle_exts.acl', $contents); + + $conf .= "# Throttle extensions matched in the url\n"; + $conf .= "acl throttle_exts urlpath_regex -i \"" . SQUID_ACLDIR . "/throttle_exts.acl\"\n"; + $conf .= "delay_access 1 allow throttle_exts\n"; + $conf .= "delay_access 1 deny allsrc\n"; + } + else + $conf .= "delay_access 1 allow allsrc\n"; + + return $conf; +} + +function squid_get_server_certs() { + global $config; + $cert_arr = array(); + $cert_arr[] = array('refid' => 'none', 'descr' => 'none'); + foreach ($config['cert'] as $cert) { + $cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']); + } + return $cert_arr; +} + +#squid reverse +include('/usr/local/pkg/squid_reverse.inc'); + +function squid_resync_auth() { + global $config, $valid_acls; + $write_config=0; + if (!is_array($config['installedpackages']['squidauth']['config'])){ + $config['installedpackages']['squidauth']['config'][]=array('auth_method'=> "none"); + $write_config++; + } + $settings = $config['installedpackages']['squidauth']['config'][0]; + if (is_array($config['installedpackages']['squidnac']['config'])) + $settingsnac = $config['installedpackages']['squidnac']['config'][0]; + else + $settingsnac = array(); + + if (is_array($config['installedpackages']['squid']['config'])) + $settingsconfig = $config['installedpackages']['squid']['config'][0]; + else + $settingsconfig = array(); + + if ($write_config > 0) + write_config(); + + $conf = ''; + + // SSL interception acl options part 1 + if ($settingsconfig['ssl_proxy'] == "on" && ! empty($settingsnac['whitelist'])){ + $conf .= "always_direct allow whitelist\n"; + $conf .= "ssl_bump none whitelist\n"; + } + + // Package integration + if(!empty($settingsconfig['custom_options'])){ + $co_preg[0]='/;/'; + $co_rep[0]="\n"; + $co_preg[1]="/redirect_program/"; + $co_rep[1]="url_rewrite_program"; + $co_preg[2]="/redirector_bypass/"; + $co_rep[2]="url_rewrite_bypass"; + $conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n"; + } + + // Custom User Options before authentication acls + $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; + + // Deny the banned guys before allowing the good guys + if(! empty($settingsnac['banned_hosts'])) { + if (squid_is_valid_acl('banned_hosts')) { + $conf .= "# These hosts are banned\n"; + $conf .= "http_access deny banned_hosts\n"; + } + } + if(! empty($settingsnac['banned_macs'])) { + if (squid_is_valid_acl('banned_macs')) { + $conf .= "# These macs are banned\n"; + $conf .= "http_access deny banned_macs\n"; + } + } + + // Unrestricted hosts take precedence over blacklist + if(! empty($settingsnac['unrestricted_hosts'])) { + if (squid_is_valid_acl('unrestricted_hosts') && $settings['unrestricted_auth']!= "on") { + $conf .= "# These hosts do not have any restrictions\n"; + $conf .= "http_access allow unrestricted_hosts\n"; + } + } + if(! empty($settingsnac['unrestricted_macs'])) { + if (squid_is_valid_acl('unrestricted_macs')) { + $conf .= "# These hosts do not have any restrictions\n"; + $conf .= "http_access allow unrestricted_macs\n"; + } + } + + // Whitelist and blacklist also take precedence over other allow rules + if(! empty($settingsnac['whitelist'])) { + if (squid_is_valid_acl('whitelist')) { + $conf .= "# Always allow access to whitelist domains\n"; + $conf .= "http_access allow whitelist\n"; + } + } + if(! empty($settingsnac['blacklist'])) { + if (squid_is_valid_acl('blacklist')) { + $conf .= "# Block access to blacklist domains\n"; + $conf .= "http_access deny blacklist\n"; + } + } + if(! empty($settingsnac['block_user_agent'])) { + if (squid_is_valid_acl('block_user_agent')) { + $conf .= "# Block access with user agents and browsers\n"; + $conf .= "http_access deny block_user_agent\n"; + } + } + if(! empty($settingsnac['block_reply_mime_type'])) { + if (squid_is_valid_acl('block_reply_mime_type')) { + $conf .= "# Block access with mime type in the reply\n"; + $conf .= "http_reply_access deny block_reply_mime_type\n"; + } + } + + // SSL interception acl options part 2 + /*if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + }*/ + + // Include squidguard denied acl log in squid + if ($settingsconfig['log_sqd']) + $conf .= "acl sglog url_regex -i sgr=ACCESSDENIED\n"; + + $transparent_proxy = ($settingsconfig['transparent_proxy'] == 'on'); + if ($transparent_proxy){ + if (preg_match ("/(none|cp)/",$settings['auth_method'])) + $auth_method=$settings['auth_method']; + else + $auth_method="none"; + } + else{ + $auth_method=$settings['auth_method']; + } + // Allow the remaining ACLs if no authentication is set + if ($auth_method == 'none' || $auth_method == 'cp') { + // Include squidguard denied acl log in squid + if ($settingsconfig['log_sqd']) + $conf .="http_access deny sglog\n"; + } + if ($auth_method == 'none' ) { + // SSL interception acl options part 2 without authentication + if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + } + $conf .="# Setup allowed acls\n"; + $allowed = array('allowed_subnets'); + if ($settingsconfig['allow_interface'] == 'on') { + $conf .= "# Allow local network(s) on interface(s)\n"; + $allowed[] = "localnet"; + } + $allowed = array_filter($allowed, 'squid_is_valid_acl'); + foreach ($allowed as $acl) + $conf .= "http_access allow $acl\n"; + } + else { + $noauth = implode(' ', explode("\n", base64_decode($settings['no_auth_hosts']))); + if (!empty($noauth)) { + $conf .= "acl noauth src $noauth\n"; + $valid_acls[] = 'noauth'; + } + + // Set up the external authentication programs + $auth_ttl = ($settings['auth_ttl'] ? $settings['auth_ttl'] : 5); + $processes = ($settings['auth_processes'] ? $settings['auth_processes'] : 5); + $prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy'); + switch ($auth_method) { + case 'local': + $conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/basic_ncsa_auth ' . SQUID_PASSWD . "\n"; + break; + case 'ldap': + $port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : ''); + $password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : ''); + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/basic_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n"; + break; + case 'radius': + $port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : ''); + $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; + break; + case 'cp': + $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n"; + $conf .= "acl password external check_cp\n"; + break; + case 'msnt': + $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; + squid_resync_msnt(); + break; + } + if ($auth_method != 'cp'){ + $conf .= <<< EOD +auth_param basic children $processes +auth_param basic realm $prompt +auth_param basic credentialsttl $auth_ttl minutes +acl password proxy_auth REQUIRED + +EOD; + } + // Custom User Options after authentication definition + $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + + // SSL interception acl options part 2 + if ($settingsconfig['ssl_proxy'] == "on"){ + $conf .= "always_direct allow all\n"; + $conf .= "ssl_bump server-first all\n"; + } + // Onto the ACLs + $password = array('localnet', 'allowed_subnets'); + $passwordless = array('unrestricted_hosts'); + if ($settings['unrestricted_auth'] == 'on') { + // Even the unrestricted hosts should authenticate + $password = array_merge($password, $passwordless); + $passwordless = array(); + } + $passwordless[] = 'noauth'; + $password = array_filter($password, 'squid_is_valid_acl'); + $passwordless = array_filter($passwordless, 'squid_is_valid_acl'); + + // Allow the ACLs that don't need to authenticate + foreach ($passwordless as $acl) + $conf .= "http_access allow $acl\n"; + + //if ($auth_method != 'cp'){ + // Include squidguard denied acl log in squid + if ($settingsconfig['log_sqd']) + $conf .="http_access deny password sglog\n"; + + // Allow the other ACLs as long as they authenticate + foreach ($password as $acl) + $conf .= "http_access allow password $acl\n"; + // } + } + + $conf .= "# Default block all to be sure\n"; + $conf .= "http_access deny allsrc\n"; + + return $conf; +} + +function squid_resync_users() { + global $config; + + $users = $config['installedpackages']['squidusers']['config']; + $contents = ''; + if (is_array($users)) { + foreach ($users as $user) + $contents .= $user['username'] . ':' . crypt($user['password'], base64_encode($user['password'])) . "\n"; + } + file_put_contents(SQUID_PASSWD, $contents); + chown(SQUID_PASSWD, 'proxy'); + chmod(SQUID_PASSWD, 0600); +} + +function squid_resync_msnt() { + global $config; + + if (is_array($config['installedpackages']['squidauth'])) + $settings = $config['installedpackages']['squidauth']['config'][0]; + else + $settings = array(); + $pdcserver = $settings['auth_server']; + $bdcserver = str_replace(',',' ',$settings['msnt_secondary']); + $ntdomain = $settings['auth_ntdomain']; + + file_put_contents(SQUID_CONFBASE."/msntauth.conf","server {$pdcserver} {$bdcserver} {$ntdomain}"); + chown(SQUID_CONFBASE."/msntauth.conf", 'proxy'); + chmod(SQUID_CONFBASE."/msntauth.conf", 0600); +} + +function squid_resync($via_rpc="no") { + global $config; + + # detect boot process + if (is_array($_POST)){ + if (preg_match("/\w+/",$_POST['__csrf_magic'])) + unset($boot_process); + else + $boot_process="on"; + } + + log_error("[Squid] - Squid_resync function call pr:".is_process_running('squid')." bp:".isset($boot_process)." rpc:".$via_rpc); + + if (is_process_running('squid') && isset($boot_process) && $via_rpc=="no") + return; + + conf_mount_rw(); + foreach (array( SQUID_CONFBASE, + SQUID_ACLDIR, + SQUID_BASE, + SQUID_LIB, + SQUID_SSL_DB ) as $dir) { + make_dirs($dir); + chown($dir, 'proxy'); + chgrp($dir, 'proxy'); + squid_chown_recursive($dir, 'proxy', 'proxy'); + } + $conf = squid_resync_general() . "\n"; + $conf .= squid_resync_cache() . "\n"; + $conf .= squid_resync_redirector() . "\n"; + $conf .= squid_resync_upstream() . "\n"; + $conf .= squid_resync_nac() . "\n"; + $conf .= squid_resync_traffic() . "\n"; + $conf .= squid_resync_reverse() . "\n"; + $conf .= squid_resync_auth()."\n"; + $conf .= squid_resync_antivirus(); + squid_resync_users(); + squid_write_rcfile(); + + if(!isset($boot_process) || $via_rpc="yes") + squid_sync_on_changes(); + + #write config file + file_put_contents(SQUID_CONFBASE . '/squid.conf', $conf); + + /* make sure pinger is executable */ + if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) + exec("chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + + $log_dir=""; + #check if squid is enabled + if (is_array($config['installedpackages']['squid']['config'])){ + if ($config['installedpackages']['squid']['config'][0]['active_interface']!= "") + $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/'; + } + #check if squidreverse is enabled + else if (is_array($config['installedpackages']['squidreversegeneral']['config'])){ + if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") + $log_dir="/var/squid/logs/"; + } + #do not start squid if there is no log dir + if ($log_dir != ""){ + if(!is_dir($log_dir)) { + log_error("Creating squid log dir $log_dir"); + make_dirs($log_dir); + squid_chown_recursive($log_dir, 'proxy', 'proxy'); + } + + squid_dash_z(); + + if (!is_service_running('squid')) { + log_error("Starting Squid"); + mwexec(SQUID_BASE . "/sbin/squid -f " . SQUID_CONFFILE); + } + else { + if (!isset($boot_process)){ + log_error("Reloading Squid for configuration sync"); + mwexec(SQUID_BASE . "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE); + } + } + + // Sleep for a couple seconds to give squid a chance to fire up fully. + for ($i=0; $i < 10; $i++) { + if (!is_service_running('squid')) + sleep(1); + } + filter_configure(); + } + conf_mount_ro(); +} + +function squid_print_javascript_auth() { + global $config; + $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); + + // No authentication for transparent proxy + if ($transparent_proxy and preg_match("/(local|ldap|radius|msnt|ntlm)/",$config['installedpackages']['squidauth']['config'][0]['auth_method'])) { + $javascript = <<< EOD +<script language="JavaScript"> +<!-- +function on_auth_method_changed() { + document.iform.auth_method.disabled = 1; + document.iform.auth_server.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + document.iform.auth_server_port.disabled = 1; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 1; + document.iform.auth_prompt.disabled = 1; + document.iform.auth_processes.disabled = 1; + document.iform.auth_ttl.disabled = 1; + document.iform.unrestricted_auth.disabled = 1; + document.iform.no_auth_hosts.disabled = 1; +} +--> +</script> + +EOD; + } + else { + $javascript = <<< EOD +<script language="JavaScript"> +<!-- +function on_auth_method_changed() { + var field = document.iform.auth_method; + var auth_method = field.options[field.selectedIndex].value; + + if (auth_method == 'none') { + document.iform.auth_server.disabled = 1; + document.iform.auth_server_port.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 1; + document.iform.auth_prompt.disabled = 1; + document.iform.auth_processes.disabled = 1; + document.iform.auth_ttl.disabled = 1; + document.iform.unrestricted_auth.disabled = 1; + document.iform.no_auth_hosts.disabled = 1; + } + else { + document.iform.auth_prompt.disabled = 0; + document.iform.auth_processes.disabled = 0; + document.iform.auth_ttl.disabled = 0; + document.iform.unrestricted_auth.disabled = 0; + document.iform.no_auth_hosts.disabled = 0; + } + + switch (auth_method) { + case 'local': + document.iform.auth_server.disabled = 1; + document.iform.auth_server_port.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 1; + break; + case 'ldap': + document.iform.auth_server.disabled = 0; + document.iform.auth_server_port.disabled = 0; + document.iform.ldap_user.disabled = 0; + document.iform.ldap_pass.disabled = 0; + document.iform.ldap_version.disabled = 0; + document.iform.ldap_userattribute.disabled = 0; + document.iform.ldap_filter.disabled = 0; + document.iform.ldap_basedomain.disabled = 0; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + break; + case 'radius': + document.iform.auth_server.disabled = 0; + document.iform.auth_server_port.disabled = 0; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 0; + document.iform.msnt_secondary.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + break; + case 'msnt': + document.iform.auth_server.disabled = 0; + document.iform.auth_server_port.disabled = 1; + document.iform.auth_ntdomain.disabled = 0; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 0; + break; + case 'cp': + document.iform.auth_server.disabled = 1; + document.iform.auth_server_port.disabled = 1; + document.iform.auth_ntdomain.disabled = 1; + document.iform.ldap_user.disabled = 1; + document.iform.ldap_version.disabled = 1; + document.iform.ldap_userattribute.disabled = 1; + document.iform.ldap_filter.disabled = 1; + document.iform.ldap_pass.disabled = 1; + document.iform.ldap_basedomain.disabled = 1; + document.iform.radius_secret.disabled = 1; + document.iform.msnt_secondary.disabled = 1; + document.iform.auth_prompt.disabled = 1; + document.iform.auth_processes.disabled = 0; + document.iform.auth_ttl.disabled = 0; + document.iform.unrestricted_auth.disabled = 1; + document.iform.no_auth_hosts.disabled = 1; + break; + } +} +--> +</script> + +EOD; + } + + print($javascript); +} + +function squid_print_javascript_auth2() { + print("<script language=\"JavaScript\">on_auth_method_changed()</script>\n"); +} + +function squid_generate_rules($type) { + global $config; + $squid_conf = $config['installedpackages']['squid']['config'][0]; + //check captive portal option + $cp_file='/etc/inc/captiveportal.inc'; + $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); + $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); + $cp_inc = file($cp_file); + $new_cp_inc=""; + $found_rule=0; + foreach ($cp_inc as $line){ + $new_line=$line; + //remove applied squid patch + if (preg_match('/skipto 65314 ip/',$line)){ + $found_rule++; + $new_line =""; + } + + if (substr($pfsense_version,0,3) > 2.0){ + if (preg_match('/255.255.255.255/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line .= "\n\t".'$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; + $new_line .= "\t".'$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; + } + } + else{ + //add squid patch option based on current config + if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; + $new_line .= $line; + } + if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']){ + $found_rule++; + $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; + $new_line .= $line; + } + } + $new_cp_inc .= $new_line; + } + if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) { + copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup'); + } + if($found_rule > 0){ + file_put_contents($cp_file,$new_cp_inc, LOCK_EX); + } + //normal squid rule check + if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) { + return; + } + + if (!is_service_running('squid')) { + log_error("SQUID is installed but not started. Not installing \"{$type}\" rules."); + return; + } + #Read assigned interfaces + $proxy_ifaces = explode(",", $squid_conf['active_interface']); + $proxy_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $proxy_ifaces); + if ($squid_conf['transparent_proxy']=="on"){ + $transparent_ifaces = explode(",", $squid_conf['transparent_active_interface']); + $transparent_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $transparent_ifaces); + } + else{ + $transparent_ifaces=array(); + } + if ($squid_conf['ssl_proxy'] == "on"){ + $ssl_ifaces = explode(",", $squid_conf['ssl_active_interface']); + $ssl_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ssl_ifaces); + } + else{ + $ssl_ifaces=array(); + } + + $port = ($squid_conf['proxy_port'] ? $squid_conf['proxy_port'] : 3128); + $ssl_port = ($squid_conf['ssl_proxy_port'] ? $squid_conf['ssl_proxy_port'] : 3127); + + $fw_aliases = filter_generate_aliases(); + if(strstr($fw_aliases, "pptp =")) + $PPTP_ALIAS = "\$pptp"; + else + $PPTP_ALIAS = "\$PPTP"; + if(strstr($fw_aliases, "PPPoE =")) + $PPPOE_ALIAS = "\$PPPoE"; + else + $PPPOE_ALIAS = "\$pppoe"; + + #define ports based on transparent options and ssl filtering + $pf_rule_port=($squid_conf['ssl_proxy'] == "on" ? "{80,443}" : "80"); + switch($type) { + case 'nat': + $rules .= "\n# Setup Squid proxy redirect\n"; + if ($squid_conf['private_subnet_proxy_off'] == 'on') { + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if(($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + } + } + if (!empty($squid_conf['defined_ip_proxy_off'])) { + $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); + $exempt_ip = ""; + foreach ($defined_ip_proxy_off as $ip_proxy_off) { + if(!empty($ip_proxy_off)) { + $ip_proxy_off = trim($ip_proxy_off); + if (is_alias($ip_proxy_off)) + $ip_proxy_off = '$'.$ip_proxy_off; + $exempt_ip .= ", $ip_proxy_off"; + } + } + $exempt_ip = substr($exempt_ip,2); + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if(($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + } + } + if (!empty($squid_conf['defined_ip_proxy_off_dest'])) { + $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']); + $exempt_dest = ""; + foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) { + if(!empty($ip_proxy_off_dest)) { + $ip_proxy_off_dest = trim($ip_proxy_off_dest); + if (is_alias($ip_proxy_off_dest)) + $ip_proxy_off_dest = '$'.$ip_proxy_off_dest; + $exempt_dest .= ", $ip_proxy_off_dest"; + } + } + $exempt_dest = substr($exempt_dest,2); + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if(($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; + } + } + foreach ($transparent_ifaces as $t_iface) { + $pf_transparent_rule_port=(in_array($t_iface,$ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 80 -> 127.0.0.1 port {$port}\n"; + if (in_array($t_iface,$ssl_ifaces)) + $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 443 -> 127.0.0.1 port {$ssl_port}\n"; + } + /* Handle PPPOE case */ + if(($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "rdr on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "rdr on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; + } + $rules .= "\n"; + break; + case 'filter': + case 'rule': + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443,{$port},{$ssl_port}}" : "{80,{$port}}"); + $rules .= "# Setup squid pass rules for proxy\n"; + $rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$pf_transparent_rule_port} flags S/SA keep state\n"; + #$rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$port} flags S/SA keep state\n"; + $rules .= "\n"; + }; + if($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) { + $rules .= "pass in quick on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; + } + if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "pass in quick on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; + } + break; + default: + break; + } + + return $rules; +} + +function squid_write_rcfile() { + /* Declare a variable for the SQUID_CONFFILE constant. */ + /* Then the variable can be referenced easily in the Heredoc text that generates the rc file. */ + $squid_conffile_var = SQUID_CONFFILE; + $squid_base = SQUID_BASE; + $rc = array(); + $rc['file'] = 'squid.sh'; + $rc['start'] = <<<EOD +if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then + {$squid_base}/sbin/squid -f {$squid_conffile_var} +fi + +EOD; + + $rc['stop'] = <<<EOD +{$squid_base}/sbin/squid -k shutdown -f {$squid_conffile_var} +# Just to be sure... +sleep 5 + +if [ -f /usr/bin/ipcs ];then +# http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-22.html#ss22.8 +ipcs | grep '^[mq]' | awk '{printf "ipcrm -%s %s\\n", $1, $2}' | /bin/sh +fi + +killall -9 squid 2>/dev/null +killall pinger 2>/dev/null + +EOD; + $rc['restart'] = <<<EOD +if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then + {$squid_base}/sbin/squid -f {$squid_conffile_var} + else + {$squid_base}/sbin/squid -k reconfigure -f {$squid_conffile_var} + fi + +EOD; + conf_mount_rw(); + write_rcfile($rc); + conf_mount_ro(); +} + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function squid_sync_on_changes() { + global $config, $g; + if (is_array($config['installedpackages']['squidsync']['config'])){ + $squid_sync=$config['installedpackages']['squidsync']['config'][0]; + $synconchanges = $squid_sync['synconchanges']; + $synctimeout = $squid_sync['synctimeout']; + switch ($synconchanges){ + case "manual": + if (is_array($squid_sync[row])){ + $rs=$squid_sync[row]; + } + else{ + log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress']=$system_carp['synchronizetoip']; + $rs[0]['username']=$system_carp['username']; + $rs[0]['password']=$system_carp['password']; + } + else{ + log_error("[squid] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[squid] xmlrpc sync is starting."); + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + if($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if($password && $sync_to_ip) + squid_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + } + log_error("[squid] xmlrpc sync is ending."); + } + } +} +/* Do the actual XMLRPC sync */ +function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { + global $config, $g; + + if(!$username) + return; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + if(!$synctimeout) + $synctimeout=250; + + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['squid'] = $config['installedpackages']['squid']; + $xml['squidupstream'] = $config['installedpackages']['squidupstream']; + $xml['squidcache'] = $config['installedpackages']['squidcache']; + $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus']; + $xml['squidnac'] = $config['installedpackages']['squidnac']; + $xml['squidtraffic'] = $config['installedpackages']['squidtraffic']; + $xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral']; + $xml['squidreversepeer'] = $config['installedpackages']['squidreversepeer']; + $xml['squidreverseuri'] = $config['installedpackages']['squidreverseuri']; + $xml['squidauth'] = $config['installedpackages']['squidauth']; + $xml['squidusers'] = $config['installedpackages']['squidusers']; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("[Squid] Beginning squid XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after defined sync timeout value*/ + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "squid Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "squid Settings Sync", ""); + } else { + log_error("[Squid] XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* tell squid to reload our settings on the destination sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/squid.inc');\n"; + $execcmd .= "squid_resync('yes');"; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("[Squid] XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "squid Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $error = "[Squid] An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "squid Settings Sync", ""); + } else { + log_error("squid XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + +} +?> diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml new file mode 100644 index 00000000..a1b0067e --- /dev/null +++ b/config/squid3/34/squid.xml @@ -0,0 +1,582 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squid</name> + <version>3.4.10_2 pkg 0.2.2</version> + <title>Proxy server: General settings</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <menu> + <name>Proxy server</name> + <tooltiptext>Modify the proxy server's settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </menu> + <menu> + <name>Reverse Proxy</name> + <tooltiptext>Modify the proxy reverse server's settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + </menu> + <service> + <name>squid</name> + <rcfile>squid.sh</rcfile> + <executable>squid</executable> + <description>Proxy server Service</description> + </service> + <service> + <name>clamd</name> + <rcfile>clamav-clamd</rcfile> + <executable>clamd</executable> + <description>Clamav Antivirus</description> + </service> + <service> + <name>c-icap</name> + <rcfile>c-icap</rcfile> + <executable>c-icap</executable> + <description>Icap inteface for squid and clamav integration</description> + </service> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <!-- Installation --> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_cache.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_nac.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_ng.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_ng.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor_data.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/shortcuts/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/check_ip.php</item> + </additional_files_needed> + <fields> + <field> + <name>Squid General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Proxy interface(s)</fielddescr> + <fieldname>active_interface</fieldname> + <description>The interface(s) the proxy server will bind to.</description> + <type>interfaces_selection</type> + <required/> + <default_value>lan</default_value> + <multiple/> + </field> + <field> + <fielddescr>Proxy port</fielddescr> + <fieldname>proxy_port</fieldname> + <description>This is the port the proxy server will listen on.</description> + <type>input</type> + <size>5</size> + <required/> + <default_value>3128</default_value> + </field> + <field> + <fielddescr>ICP port</fielddescr> + <fieldname>icp_port</fieldname> + <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.</description> + <type>input</type> + <size>5</size> + </field> + + <field> + <fielddescr>Allow users on interface</fielddescr> + <fieldname>allow_interface</fieldname> + <description>If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.</description> + <type>checkbox</type> + <required/> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Patch captive portal</fielddescr> + <fieldname>patch_cp</fieldname> + <description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br> + <strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Resolv dns v4 first</fielddescr> + <fieldname>dns_v4_first</fieldname> + <description><![CDATA[Enable this option to force dns v4 lookup first. This option is very usefull if you have problems to access https sites.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Disable ICMP</fielddescr> + <fieldname>disable_pinger</fieldname> + <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr> + <fieldname>dns_nameservers</fieldname> + <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description> + <type>input</type> + <size>70</size> + </field> + <field> + <name>Transparent Proxy Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Transparent HTTP proxy</fielddescr> + <fieldname>transparent_proxy</fieldname> + <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br> + <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br> + To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description> + <type>checkbox</type> + <enablefields>transparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields> + <required/> + </field> + <field> + <fielddescr>Transparent Proxy interface(s)</fielddescr> + <fieldname>transparent_active_interface</fieldname> + <description>The interface(s) the proxy server will transparent intercept requests.</description> + <type>interfaces_selection</type> + <required/> + <default_value>lan</default_value> + <multiple/> + </field> + <field> + <fielddescr>Bypass proxy for Private Address destination</fielddescr> + <fieldname>private_subnet_proxy_off</fieldname> + <description>Do not forward traffic to Private Address Space (RFC 1918) <b>destination</b> through the proxy server but directly through the firewall.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Bypass proxy for these source IPs</fielddescr> + <fieldname>defined_ip_proxy_off</fieldname> + <description>Do not forward traffic from these <b>source</b> IPs, CIDR nets, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description> + <type>input</type> + <size>70</size> + </field> + <field> + <fielddescr>Bypass proxy for these destination IPs</fielddescr> + <fieldname>defined_ip_proxy_off_dest</fieldname> + <description>Do not proxy traffic going to these <b>destination</b> IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description> + <type>input</type> + <size>70</size> + </field> + <field> + <name>SSL man in the middle Filtering</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>HTTPS/SSL interception</fielddescr> + <fieldname>ssl_proxy</fieldname> + <description><![CDATA[Enable SSL filtering.]]></description> + <type>checkbox</type> + <enablefields>ssl_active_interface,dcert,sslcrtd_children,ssl_proxy_port,interception_checks</enablefields> + </field> + <field> + <fielddescr>SSL Intercept interface(s)</fielddescr> + <fieldname>ssl_active_interface</fieldname> + <description>The interface(s) the proxy server will intercept ssl requests.</description> + <type>interfaces_selection</type> + <required/> + <default_value>lan</default_value> + <multiple/> + </field> + <field> + <fielddescr>SSL Proxy port</fielddescr> + <fieldname>ssl_proxy_port</fieldname> + <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description> + <type>input</type> + <size>5</size> + <default_value>3129</default_value> + </field> + <field> + <fielddescr>CA</fielddescr> + <fieldname>dca</fieldname> + <description><![CDATA[Select Certificate Authority to use when SSL interception is enabled.<br> + To create a CA on pfsense, go to <strong>system -> Cert Manager<strong><br> + Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.]]></description> + <type>select_source</type> + <source><![CDATA[$config['ca']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>sslcrtd children</fielddescr> + <fieldname>sslcrtd_children</fieldname> + <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br> + if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description> + <type>input</type> + <size>2</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Remote Cert checks</fielddescr> + <fieldname>interception_checks</fieldname> + <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description> + <type>select</type> + <options> + <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option> + <option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <fielddescr>Certificate adapt</fielddescr> + <fieldname>interception_adapt</fieldname> + <description><![CDATA[Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br>Hint: Set subject CN<br><a target=_new href='http://wiki.squid-cache.org/Features/MimicSslServerCert'>wiki doc with reference</a>]]></description> + <type>select</type> + <options> + <option><name>Sets the "Not After" (setValidAfter).</name><value>setValidAfter</value></option> + <option><name>Sets the "Not Before" (setValidBefore).</name><value>setValidBefore</value></option> + <option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <name>Logging Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enabled logging</fielddescr> + <fieldname>log_enabled</fieldname> + <description>This will enable the access log. Don't switch this on if you don't have much disk space left.</description> + <type>checkbox</type> + <enablefields>log_query_terms,log_user_agents</enablefields> + </field> + <field> + <fielddescr>Log store directory</fielddescr> + <fieldname>log_dir</fieldname> + <description>The directory where the log will be stored (note: do not end with a / mark)</description> + <type>input</type> + <size>60</size> + <required/> + <default_value>/var/squid/logs</default_value> + </field> + <field> + <fielddescr>Log rotate</fielddescr> + <fieldname>log_rotate</fieldname> + <description>Defines how many days of logfiles will be kept. Rotation is disabled if left empty.</description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Visible hostname</fielddescr> + <fieldname>visible_hostname</fieldname> + <description>This is the URL to be displayed in proxy server error messages.</description> + <type>input</type> + <size>60</size> + <default_value>localhost</default_value> + </field> + <field> + <fielddescr>Administrator email</fielddescr> + <fieldname>admin_email</fieldname> + <description>This is the email address displayed in error messages to the users.</description> + <type>input</type> + <size>60</size> + <default_value>admin@localhost</default_value> + </field> + <field> + <fielddescr>Language</fielddescr> + <fieldname>error_language</fieldname> + <description>Select the language in which the proxy server will display error messages to users.</description> + <type>select</type> + <default_value>en</default_value> + </field> + <field> + <fielddescr>Disable X-Forward</fielddescr> + <fieldname>disable_xforward</fieldname> + <description>If not set, Squid will include your system's IP address or name in the HTTP requests it forwards.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Disable VIA</fielddescr> + <fieldname>disable_via</fieldname> + <description>If not set, Squid will include a Via header in requests and replies as required by RFC2616.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Log denied pages by squidguard</fielddescr> + <fieldname>log_sqd</fieldname> + <description><![CDATA[Enable squidguard denied log to be included on squid logs.<br> + <strong>Note:</strong> This option only will work if you include this code on your sgerror.php file to force client browser send a second request to squid with denied string on url.<br><br> + $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");<br> + $str[] = '< iframe > src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';<br><br> + removing extra space on iframe html code.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>What to do with requests that have whitespace characters in the URI</fielddescr> + <fieldname>uri_whitespace</fieldname> + <description><b> strip:</b> The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. <p> <b> deny:</b> The request is denied. The user receives an "Invalid Request" message.<p> <b> allow:</b> The request is allowed and the URI is not changed. The whitespace characters remain in the URI.<p> <b> encode:</b> The request is allowed and the whitespace characters are encoded according to RFC1738.<p> <b> chop:</b> The request is allowed and the URI is chopped at the first whitespace.</description> + <type>select</type> + <default_value>strip</default_value> + <options> + <option><name>strip</name><value>strip</value></option> + <option><name>deny</name><value>deny</value></option> + <option><name>allow</name><value>allow</value></option> + <option><name>encode</name><value>encode</value></option> + <option><name>chop</name><value>chop</value></option> + </options> + </field> + <field> + <fielddescr>Suppress Squid Version</fielddescr> + <fieldname>disable_squidversion</fieldname> + <description>If set, suppress Squid version string info in HTTP headers and HTML error pages.</description> + <type>checkbox</type> + </field> + <field> + <name>Custom Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Integrations</fielddescr> + <fieldname>custom_options</fieldname> + <description><![CDATA[Squid options added from packages like squidguard or havp for squid integration.]]></description> + <type>textarea</type> + <cols>78</cols> + <rows>5</rows> + </field> + <field> + <fielddescr>Custom ACLS (Before_Auth)</fielddescr> + <fieldname>custom_options_squid3</fieldname> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br> + <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>78</cols> + <rows>10</rows> + </field> + <field> + <fielddescr>Custom ACLS (After_Auth)</fielddescr> + <fieldname>custom_options2_squid3</fieldname> + <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br> + <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>78</cols> + <rows>10</rows> + </field> + </fields> + <custom_php_command_before_form> + squid_before_form_general($pkg); + </custom_php_command_before_form> + <custom_add_php_command> + squid_resync(); + </custom_add_php_command> + <custom_php_validation_command> + squid_validate_general($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + unlink_if_exists("/usr/local/etc/rc.d/squid"); + </custom_php_resync_config_command> + <custom_php_install_command> + update_status("Checking Squid cache... One moment please..."); + update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); + squid_install_command(); + squid_resync(); + exec("/bin/rm -f /usr/local/etc/rc.d/squid"); + </custom_php_install_command> + <custom_php_deinstall_command> + squid_deinstall_command(); + exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); + </custom_php_deinstall_command> + <filter_rules_needed>squid_generate_rules</filter_rules_needed> +</packagegui> diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml new file mode 100755 index 00000000..2afb1ff1 --- /dev/null +++ b/config/squid3/34/squid_antivirus.xml @@ -0,0 +1,158 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_antivirus.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidantivirus</name> + <version>none</version> + <title>Proxy server: Antivirus</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + <active/> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Clamav anti-virus integration using c-icap</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>enable</fieldname> + <description>Enable squid antivirus check using clamav.</description> + <enablefields>max_check_size,Timeout,MaxKeepAliveRequests,KeepAliveTimeout,StartServers,MaxServers</enablefields> + <type>checkbox</type> + </field> + <field> + <fielddescr>Client forward options</fielddescr> + <fieldname>client_info</fieldname> + <description><![CDATA[Select what client info to forward to clamav.]]></description> + <type>select</type> + <default_value>strip</default_value> + <options> + <option><name>Send Both client username and ip info(Default)</name><value>both</value></option> + <option><name>Send only client username</name><value>username</value></option> + <option><name>Send only client ip</name><value>ip</value></option> + <option><name>Do not send client info</name><value>none</value></option> + </options> + </field> + <field> + <name>Advanced options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>squidclamav.conf</fielddescr> + <fieldname>squidclamav</fieldname> + <description>squidclamav.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>75</cols> + <rows>15</rows> + </field> + <field> + <fielddescr>c-icap.conf</fielddescr> + <fieldname>c-icap_conf</fieldname> + <description>c-icap.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>75</cols> + <rows>15</rows> + </field> + <field> + <fielddescr>c-icap.magic</fielddescr> + <fieldname>c-icap_magic</fieldname> + <description>c-icap.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> + <type>textarea</type> + <encoding>base64</encoding> + <cols>75</cols> + <rows>15</rows> + </field> + </fields> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_auth.inc b/config/squid3/34/squid_auth.inc new file mode 100644 index 00000000..cc511607 --- /dev/null +++ b/config/squid3/34/squid_auth.inc @@ -0,0 +1,446 @@ +<?php +/* $Id$ */ + +/* + squid_auth.inc + part of pfSense (www.pfSense.com) + + Copyright (C) 2005 Michael Capp <michael.capp@gmail.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +function global_eval_auth_options() +{ + global $config; + conf_mount_rw(); + config_lock(); + + switch ($config['installedpackages']['squidauth']['config'][0]['auth_method']) { + case "none": + dynamic_auth_content("pkg_edit"); + dynamic_no_auth(); + break; + case "local_auth": + dynamic_auth_content("pkg"); + /* create empty passwd file to prevent stat error with squid reload */ + touch ("/usr/local/etc/squid/advanced/ncsa/passwd"); + dynamic_local_auth(); + break; + case "ldap_bind": + dynamic_auth_content("pkg_edit"); + dynamic_ldap_auth(); + break; + case "domain_auth": + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_domain_auth(); + break; + case "radius_auth": + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_radius_auth(); + break; + default: + $filecontents = file("/usr/local/pkg/squid_auth.xml"); + dynamic_auth_content("pkg_edit"); + dynamic_no_auth(); + break; + } + + config_unlock(); + conf_mount_ro(); + +} /* end function global_eval_auth_options */ + +function dynamic_no_auth() { + global $config; + conf_mount_rw(); + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + fwrite($fout, "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n"); + fwrite($fout, "<packagegui>\n"); + fwrite($fout, " <name>squidextnoauth</name>\n"); + fwrite($fout, " <title>Services: Proxy Server -> Extended Authentication Settings</title>\n"); + fwrite($fout, " <configpath>installedpackages->package->squidextnoauth->configuration->settings</configpath>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <aftersaveredirect>/pkg_edit.php?xml=squid_extauth.xml&id=0</aftersaveredirect>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tabs>\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>General Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Upstream Proxy</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Cache Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Network Access Control</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Traffic Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Extended Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url>\n"); + fwrite($fout, " <active/>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " </tabs>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <fields>\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>No Authentication Defined</fielddescr>\n"); + fwrite($fout, " <fieldname>no_auth</fieldname>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, " </fields>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <custom_add_php_command_late>\n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");"); + fwrite($fout, "\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " </custom_add_php_command_late>\n"); + fwrite($fout, "\n"); + fwrite($fout, "</packagegui>\n"); + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +function dynamic_local_auth() { + global $config; + conf_mount_rw(); + + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + + fwrite($fout, "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n"); + fwrite($fout, "\n"); + fwrite($fout, "<packagegui>\n"); + fwrite($fout, " <name>squidextlocalauth</name>\n"); + fwrite($fout, " <title>Services: Proxy Server -> Extended Auth Settings</title>\n"); + fwrite($fout, " <version>2.5.10_4</version>\n"); + fwrite($fout, " <configpath>installedpackages->package->squidextlocalauth->configuration->settings</configpath>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <files></files>\n"); + fwrite($fout, " <menu></menu>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <aftersaveredirect>/pkg.php?xml=squid_extauth.xml&id=0</aftersaveredirect>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tabs>\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>General Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Upstream Proxy</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Cache Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Network Access Control</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Traffic Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Extended Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg.php?xml=squid_extauth.xml&id=0</url>\n"); + fwrite($fout, " <active/>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " </tabs>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <adddeleteeditpagefields>\n"); + fwrite($fout, " <columnitem>\n"); + fwrite($fout, " <fielddescr>Username</fielddescr>\n"); + fwrite($fout, " <fieldname>username</fieldname>\n"); + fwrite($fout, " </columnitem>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <columnitem>\n"); + fwrite($fout, " <fielddescr>Description</fielddescr>\n"); + fwrite($fout, " <fieldname>description</fieldname>\n"); + fwrite($fout, " </columnitem>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <columnitem>\n"); + fwrite($fout, " <fielddescr>Restriction Group</fielddescr>\n"); + fwrite($fout, " <fieldname>group</fieldname>\n"); + fwrite($fout, " </columnitem>\n"); + fwrite($fout, " </adddeleteeditpagefields>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <fields>\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Username</fielddescr>\n"); + fwrite($fout, " <fieldname>username</fieldname>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>15</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Password</fielddescr>\n"); + fwrite($fout, " <fieldname>password</fieldname>\n"); + fwrite($fout, " <type>password</type>\n"); + fwrite($fout, " <size>8</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Description (Optional)</fielddescr>\n"); + fwrite($fout, " <fieldname>description</fieldname>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>30</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Restriction Group</fielddescr>\n"); + fwrite($fout, " <fieldname>group</fieldname>\n"); + fwrite($fout, " <type>select</type>\n"); + fwrite($fout, " <options>\n"); + fwrite($fout, " <option><name>Standard</name><value>Standard</value></option>\n"); + fwrite($fout, " <option><name>Extended</name><value>Extended</value></option>\n"); + fwrite($fout, " </options>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " </fields>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <custom_add_php_command_late>\n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");\n"); + fwrite($fout, "\n"); + fwrite($fout, " mod_htpasswd();\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " </custom_add_php_command_late>\n"); + fwrite($fout, "\n"); + fwrite($fout, "</packagegui>\n"); + + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +function dynamic_ldap_auth() { + global $config; + conf_mount_rw(); + + $fout = fopen("/usr/local/pkg/squid_extauth.xml", "w"); + + fwrite($fout, "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n"); + fwrite($fout, "\n"); + fwrite($fout, "<packagegui>\n"); + fwrite($fout, " <name>squidextldapauth</name>\n"); + fwrite($fout, " <title>Services: Proxy Server -> Extended Auth Settings</title>\n"); + fwrite($fout, " <version>2.5.11</version>\n"); + fwrite($fout, " <configpath>installedpackages->package->squidextldapauth->configuration->settings</configpath>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <files></files>\n"); + fwrite($fout, " <menu></menu>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <aftersaveredirect>/pkg_edit.php?xml=squid_extauth.xml&id=0</aftersaveredirect>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tabs>\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>General Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Upstream Proxy</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Cache Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Network Access Control</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Traffic Mgmt</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <tab>\n"); + fwrite($fout, " <text>Extended Auth Settings</text>\n"); + fwrite($fout, " <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url>\n"); + fwrite($fout, " <active/>\n"); + fwrite($fout, " </tab>\n"); + fwrite($fout, "\n"); + fwrite($fout, " </tabs>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <fields>\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Base DN</fielddescr>\n"); + fwrite($fout, " <fieldname>ldap_basedn</fieldname>\n"); + fwrite($fout, " <description>This is the base where the LDAP search starts. All subsequent organizational units (OUs)will be included. Example: \"ou=users,o=company\" will search for users in and under the specified company.</description>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>50</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>LDAP Server</fielddescr>\n"); + fwrite($fout, " <fieldname>ldap_server</fieldname>\n"); + fwrite($fout, " <description>This is the LDAP server that the bind will be attempted against.</description>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>20</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>LDAP Type</fielddescr>\n"); + fwrite($fout, " <fieldname>ldap_type</fieldname>\n"); + fwrite($fout, " <description>This specifies the supported LDAP types.</description>\n"); + fwrite($fout, " <type>select</type>\n"); + fwrite($fout, " <options>\n"); + fwrite($fout, " <option><name>Active Directory</name><value>active_directory</value></option>\n"); + fwrite($fout, " <option><name>Novell eDirectory</name><value>novell_edirectory</value></option>\n"); + fwrite($fout, " <option><name>LDAP v2</name><value>ldap_v2</value></option>\n"); + fwrite($fout, " <option><name>LDAP v3</name><value>ldap_v3</value></option>\n"); + fwrite($fout, " </options>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>LDAP Port</fielddescr>\n"); + fwrite($fout, " <fieldname>ldap_port</fieldname>\n"); + fwrite($fout, " <description>This is the port that LDAP bind will attempt on. The default is \"389\".</description>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>5</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Bind DN Username</fielddescr>\n"); + fwrite($fout, " <fieldname>bind_dn_username</fieldname>\n"); + fwrite($fout, " <description>If \"anonymous bind\" is not supported, please specify the bind username that can access the Base DN hierarchy.</description>\n"); + fwrite($fout, " <type>input</type>\n"); + fwrite($fout, " <size>30</size>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <field>\n"); + fwrite($fout, " <fielddescr>Bind DN Password</fielddescr>\n"); + fwrite($fout, " <fieldname>bind_dn_password</fieldname>\n"); + fwrite($fout, " <description>This is the associated password with the Bind DN Username previously specified.</description>\n"); + fwrite($fout, " <type>password</type>\n"); + fwrite($fout, " </field>\n"); + fwrite($fout, "\n"); + fwrite($fout, " </fields>\n"); + fwrite($fout, "\n"); + fwrite($fout, " <custom_add_php_command_late>\n"); + fwrite($fout, " require_once(\"/usr/local/pkg/squid_ng.inc\");\n"); + fwrite($fout, "\n"); + fwrite($fout, " mod_htpasswd();\n"); + fwrite($fout, "\n"); + fwrite($fout, " global_write_squid_config();\n"); + fwrite($fout, " mwexec(\"/usr/local/sbin/squid -k reconfigure\");\n"); + fwrite($fout, " </custom_add_php_command_late>\n"); + fwrite($fout, "\n"); + fwrite($fout, "</packagegui>\n"); + + fclose($fout); + + /* mount filesystem read-only */ + conf_mount_ro(); +} + +/* dynamically re-writes all squid xml files to handle adddeletecolumnitems properly */ +function dynamic_auth_content($pkgvar) { + + switch ($pkgvar) { + case "pkg": + if ($handle = opendir("/usr/local/pkg")) { + while (($file = readdir($handle)) != false) { + if (stristr($file, "squid_") && stristr($file, ".xml")) { + $filecontents = file("/usr/local/pkg/" . $file); + $fout = fopen("/usr/local/pkg/" . $file, "w"); + foreach($filecontents as $line) { + if (stristr($line, "<url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url>")) { + fwrite($fout, " <url>/pkg.php?xml=squid_extauth.xml&id=0</url>\n"); + } else { + fwrite($fout, $line); + } + } + } + } + } + break; + + case "pkg_edit": + if ($handle = opendir("/usr/local/pkg")) { + while (($file = readdir($handle)) != false) { + if (stristr($file, "squid_") && stristr($file, ".xml")) { + $filecontents = file("/usr/local/pkg/" . $file); + $fout = fopen("/usr/local/pkg/" . $file,"w"); + foreach($filecontents as $line) { + if (stristr($line, "<url>/pkg.php?xml=squid_extauth.xml&id=0</url>")) { + fwrite($fout, " <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url>\n"); + } else { + fwrite($fout, $line); + } + } + } + } + } + break; + } + +} /* end function dynamic_auth_content */ +?>
\ No newline at end of file diff --git a/config/squid3/34/squid_auth.xml b/config/squid3/34/squid_auth.xml new file mode 100755 index 00000000..7f54b156 --- /dev/null +++ b/config/squid3/34/squid_auth.xml @@ -0,0 +1,270 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidauth</name> + <version>none</version> + <title>Proxy server: Authentication</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Authentication General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Authentication method</fielddescr> + <fieldname>auth_method</fieldname> + <description>Select an authentication method. This will allow users to be authenticated by local or external services.</description> + <type>select</type> + <required/> + <default_value>none</default_value> + <options> + <option><name>None</name><value>none</value></option> + <option><name>Local</name><value>local</value></option> + <option><name>LDAP</name><value>ldap</value></option> + <option><name>RADIUS</name><value>radius</value></option> + <option><name>Captive Portal</name><value>cp</value></option> + <option><name>NT domain</name><value>msnt</value></option> + </options> + <onchange>on_auth_method_changed()</onchange> + </field> + <field> + <fielddescr>Authentication server</fielddescr> + <fieldname>auth_server</fieldname> + <description>Enter here the IP or hostname of the server that will perform the authentication.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Authentication server port</fielddescr> + <fieldname>auth_server_port</fieldname> + <description>Enter here the port to use to connect to the authentication server. Leave this field blank to use the authentication method's default port.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Authentication prompt</fielddescr> + <fieldname>auth_prompt</fieldname> + <description>This string will be displayed at the top of the authentication request window.</description> + <type>input</type> + <default_value>Please enter your credentials to access the proxy</default_value> + </field> + <field> + <fielddescr>Authentication processes</fielddescr> + <fieldname>auth_processes</fieldname> + <description>The number of authenticator processes to spawn. If many authentications are expected within a short timeframe, increase this number accordingly.</description> + <type>input</type> + <size>5</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Authentication TTL</fielddescr> + <fieldname>auth_ttl</fieldname> + <description>This specifies for how long (in seconds) the proxy server assumes an externally validated username and password combination is valid (Time To Live). When the TTL expires, the user will be prompted for credentials again.Default value is 5.</description> + <type>input</type> + <size>5</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Requiere authentication for unrestricted hosts</fielddescr> + <fieldname>unrestricted_auth</fieldname> + <description>If this option is enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Subnets that don't need authentication</fielddescr> + <fieldname>no_auth_hosts</fieldname> + <description>Enter each subnet or IP address on a new line (in CIDR format, e.g.: 10.5.0.0/16, 192.168.1.50/32) that should not be asked for authentication to access the proxy.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Squid Authentication Ldap Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LDAP version</fielddescr> + <fieldname>ldap_version</fieldname> + <description>Enter LDAP protocol version (2 or 3).</description> + <type>select</type> + <default_value>2</default_value> + <options> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> + </options> + </field> + <field> + <fielddescr>LDAP server user DN</fielddescr> + <fieldname>ldap_user</fieldname> + <description>Enter here the user DN to use to connect to the LDAP server.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>LDAP password</fielddescr> + <fieldname>ldap_pass</fieldname> + <description>Enter here the password to use to connect to the LDAP server.</description> + <type>password</type> + <size>20</size> + </field> + <field> + <fielddescr>LDAP base domain</fielddescr> + <fieldname>ldap_basedomain</fieldname> + <description>For LDAP authentication, enter here the base domain in the LDAP server.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>LDAP username DN attribute</fielddescr> + <fieldname>ldap_userattribute</fieldname> + <description>Enter LDAP username DN attibute.</description> + <type>input</type> + <size>20</size> + <default_value>uid</default_value> + </field> + <field> + <fielddescr>LDAP search filter</fielddescr> + <fieldname>ldap_filter</fieldname> + <description>Enter LDAP search filter.</description> + <type>input</type> + <size>40</size> + <default_value>(&(objectClass=person)(uid=%s))</default_value> + </field> + <field> + <name>Squid Authentication NT Domain Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>NT domain</fielddescr> + <fieldname>auth_ntdomain</fieldname> + <description>Enter here the NT domain.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Secondary NT servers</fielddescr> + <fieldname>msnt_secondary</fieldname> + <description>Comma-separated list of secondary servers to be used for NT domain authentication.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Squid Authentication Radius Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>RADIUS secret</fielddescr> + <fieldname>radius_secret</fieldname> + <description>The RADIUS secret for RADIUS authentication.</description> + <type>password</type> + <size>20</size> + </field> + </fields> + <custom_php_validation_command> + squid_validate_auth($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_after_form_command> + squid_print_javascript_auth2(); + </custom_php_after_form_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> + <custom_php_before_form_command> + squid_print_javascript_auth2(); + </custom_php_before_form_command> + <custom_php_after_head_command> + $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); + if($transparent_proxy and preg_match("/(local|ldap|radius|msnt|ntlm)/",$config['installedpackages']['squidauth']['config'][0]['auth_method'])) + $input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled"; + squid_print_javascript_auth(); + </custom_php_after_head_command> +</packagegui> diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml new file mode 100755 index 00000000..f9204d46 --- /dev/null +++ b/config/squid3/34/squid_cache.xml @@ -0,0 +1,322 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form MUST reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidcache</name> + <version>none</version> + <title>Proxy server: Cache management</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> +<tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Cache General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Cache replacement policy</fielddescr> + <fieldname>cache_replacement_policy</fieldname> + <description>The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects. The default policy for cache replacement is LFUDA. Please see the type descriptions specified in the memory replacement policy for additional detail.</description> + <type>select</type> + <default_value>heap LFUDA</default_value> + <options> + <option><name>LRU</name><value>lru</value></option> + <option><name>Heap LFUDA</name><value>heap LFUDA</value></option> + <option><name>Heap GDSF</name><value>heap GDSF</value></option> + <option><name>Heap LRU</name><value>heap LRU</value></option> + </options> + </field> + <field> + <fielddescr>Low-water-mark in %</fielddescr> + <fieldname>cache_swap_low</fieldname> + <description>Cache replacement begins when the swap usage is above the low-low-water mark and attempts to maintain utilisation near the low-water-mark.</description> + <type>input</type> + <size>5</size> + <default_value>90</default_value> + </field> + <field> + <fielddescr>High-water-mark in %</fielddescr> + <fieldname>cache_swap_high</fieldname> + <description>As swap utilisation gets close to the high-water-mark object eviction becomes more aggressive.</description> + <type>input</type> + <size>5</size> + <default_value>95</default_value> + </field> + <field> + <fielddescr>Do not cache</fielddescr> + <fieldname>donotcache</fieldname> + <description>Enter each domain or IP address on a new line that should never be cached.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Enable offline mode</fielddescr> + <fieldname>enable_offline</fieldname> + <description>Enable this option and the proxy server will never try to validate cached objects. The offline mode gives access to more cached information than the proposed feature would allow (stale cached versions, where the origin server should have been contacted).</description> + <type>checkbox</type> + <required/> + </field> + <field> + <fielddescr>External Cache-Managers</fielddescr> + <fieldname>ext_cachemanager</fieldname> + <description>Enter the IPs for the external Cache Managers to be allowed here, separated by semi-colons (;).</description> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Squid Hard disk cacheSettings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Hard disk cache size</fielddescr> + <fieldname>harddisk_cache_size</fieldname> + <description>This is the amount of disk space (in megabytes) to use for cached objects.</description> + <type>input</type> + <required/> + <size>10</size> + <default_value>100</default_value> + </field> + <field> + <fielddescr>Hard disk cache system</fielddescr> + <fieldname>harddisk_cache_system</fieldname> + <description><![CDATA[This specifies the kind of storage system to use. + <br><br><b>ufs</b> is the old well-known Squid storage format that has always been there. + <br><br><b>aufs</b> uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) + <br><br><b>diskd</b> uses a separate process to avoid blocking the main Squid process on disk-I/O.<br>To use <b>ipcs</b> and <b>ipcrm</b> on squid, Download livefs.iso from ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.3/ mount it and copy <b>/usr/bin/ipcs</b> and <b>/usr/bin/ipcrm</b> to your system and set them as executables. + <br><br><b>null</b> Does not use any storage. Ideal for Embedded/NanoBSD.]]></description> + <type>select</type> + <default_value>ufs</default_value> + <options> + <option><name>ufs</name><value>ufs</value></option> + <option><name>aufs</name><value>aufs</value></option> + <option><name>diskd</name><value>diskd</value></option> + <option><name>null</name><value>null</value></option> + </options> + </field> + <field> + <fielddescr>Clear cache on log rotate</fielddescr> + <fieldname>clear_cache</fieldname> + <description><![CDATA[If set, Squid will clear cache and swap.state on every log rotate.<br> + This action will be executed automatically if the swap.state file is taking up more than 75% disk space,or the drive is 90%]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Level 1 subdirectories</fielddescr> + <fieldname>level1_subdirs</fieldname> + <description>Each level-1 directory contains 256 subdirectories, so a value of 256 level-1 directories will use a total of 65536 directories for the hard disk cache. This will significantly slow down the startup process of the proxy service, but can speed up the caching under certain conditions.</description> + <type>select</type> + <default_value>16</default_value> + <options> + <option><name>4</name><value>4</value></option> + <option><name>8</name><value>8</value></option> + <option><name>16</name><value>16</value></option> + <option><name>32</name><value>32</value></option> + <option><name>64</name><value>64</value></option> + <option><name>128</name><value>128</value></option> + <option><name>256</name><value>256</value></option> + </options> + </field> + <field> + <fielddescr>Hard disk cache location</fielddescr> + <fieldname>harddisk_cache_location</fieldname> + <description>This is the directory where the cache will be stored. (note: do not end with a /). If you change this location, squid needs to make a new cache, this could take a while</description> + <type>input</type> + <size>60</size> + <required/> + <default_value>/var/squid/cache</default_value> + </field> + <field> + <fielddescr>Minimum object size</fielddescr> + <fieldname>minimum_object_size</fieldname> + <description>Objects smaller than the size specified (in kilobytes) will not be saved on disk. The default value is 0, meaning there is no minimum.</description> + <type>input</type> + <required /> + <size>10</size> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Maximum object size</fielddescr> + <fieldname>maximum_object_size</fieldname> + <description>Objects larger than the size specified (in kilobytes) will not be saved on disk. If you wish to increase speed more than you want to save bandwidth, this should be set to a low value.</description> + <type>input</type> + <required/> + <size>10</size> + <default_value>4</default_value> + </field> + <field> + <name>Squid Memory Cache Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Memory cache size</fielddescr> + <fieldname>memory_cache_size</fieldname> + <description>This is the amount of physical RAM (in megabytes) to be used for negative cache and in-transit objects. This value should not exceed more than 50% of the installed RAM. The minimum value is 1MB.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>8</default_value> + </field> + <field> + <fielddescr>Maximum object size in RAM</fielddescr> + <fieldname>maximum_objsize_in_mem</fieldname> + <description>Objects smaller than the size specified (in kilobytes) will be saved in RAM. Default is 32.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>32</default_value> + </field> + <field> + <fielddescr>Memory replacement policy</fielddescr> + <fieldname>memory_replacement_policy</fieldname> + <description>The memory replacement policy determines which objects are purged from memory when space is needed. The default policy for memory replacement is GDSF. <p> <b> LRU: Last Recently Used Policy </b> - The LRU policies keep recently referenced objects. i.e., it replaces the object that has not been accessed for the longest time. <p> <b> Heap GDSF: Greedy-Dual Size Frequency </b> - The Heap GDSF policy optimizes object-hit rate by keeping smaller, popular objects in cache. It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects. <p> <b> Heap LFUDA: Least Frequently Used with Dynamic Aging </b> - The Heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached. <p> <b> Heap LRU: Last Recently Used </b> - Works like LRU, but uses a heap instead. <p> Note: If using the LFUDA replacement policy, the value of Maximum Object Size should be increased above its default of 12KB to maximize the potential byte hit rate improvement of LFUDA.</description> + <type>select</type> + <default_value>heap GDSF</default_value> + <options> + <option><name>LRU</name><value>lru</value></option> + <option><name>Heap LFUDA</name><value>heap LFUDA</value></option> + <option><name>Heap GDSF</name><value>heap GDSF</value></option> + <option><name>Heap LRU</name><value>heap LRU</value></option> + </options> + </field> + <field> + <name>Dynamic and Update Content</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Cache Dynamic Content</fielddescr> + <fieldname>cache_dynamic_content</fieldname> + <description><![CDATA[Select this option to <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent'>enable caching of dynamic content.</a><br> + ]]></description> + <type>checkbox</type> + <size>10</size> + </field> + <field> + <fielddescr>Refresh Patterns</fielddescr> + <fieldname>refresh_patterns</fieldname> + <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> + <br><strong>Notes:</strong><br> + Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br> + set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description> + <type>select</type> + <default_value>none</default_value> + <options> + <option><name>Youtube</name><value>youtube</value></option> + <option><name>Windows Update</name><value>windows</value></option> + <option><name>Symantec Antivirus</name><value>symantec</value></option> + <option><name>Avira</name><value>avira</value></option> + <option><name>Avast</name><value>avast</value></option> + </options> + <multiple/> + <size>06</size> + </field> + <field> + <fielddescr>Custom refresh_patterns</fielddescr> + <fieldname>custom_refresh_patterns</fieldname> + <description>Enter custom refresh_patterns for better dynamic cache. This options will be included only if dynamic cache is enabled.</description> + <type>textarea</type> + <cols>67</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_command_before_form> + if($_POST['harddisk_cache_size'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']) { + $needs_dash_z = true; + } + </custom_php_command_before_form> + <custom_php_validation_command> + squid_validate_cache($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + if($needs_dash_z) + squid_dash_z(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_cpauth.php b/config/squid3/34/squid_cpauth.php new file mode 100644 index 00000000..98be9946 --- /dev/null +++ b/config/squid3/34/squid_cpauth.php @@ -0,0 +1,24 @@ +#!/usr/local/bin/php -q +<?php + +$NONINTERACTIVE_SCRIPT = TRUE; + +$fp = fopen('php://stdin', 'r'); +while($args = split(" ",trim(fgets($fp, 4096)))){ + print captive_ip_to_username($args); +} + +function captive_ip_to_username($args){ + $current_sessions = file("/var/db/captiveportal.db"); + foreach($current_sessions as $session){ + list($a, $b, $IP_Address, $Mac_Address, $Username) = explode(",", $session,5); + #this test allow access if user's ip is listed on captive portal + #args array has (ip, site, protocol and port) passed by squid helper + #include a more complex test here to allow or deny access based on username returned + # this script will not return username to squid logs + if($IP_Address == $args[0]) return "OK\n"; + } + return "ERR\n"; +} + +?>
\ No newline at end of file diff --git a/config/squid3/34/squid_extauth.xml b/config/squid3/34/squid_extauth.xml new file mode 100644 index 00000000..41d9f633 --- /dev/null +++ b/config/squid3/34/squid_extauth.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidextnoauth</name> + <version>none</version> + <title>Services: Proxy Server -> Extended Authentication Settings</title> + <aftersaveredirect>/pkg_edit.php?xml=squid_extauth.xml&id=0</aftersaveredirect> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> + </tab> + + <tab> + <text>Upstream Proxy</text> + <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + </tab> + + <tab> + <text>Cache Mgmt</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + + <tab> + <text>Access Control</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + + <tab> + <text>Auth</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + + <tab> + <text>Extended Auth</text> + <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url> + <active/> + </tab> + + </tabs> + <configpath>installedpackages->package->squidextnoauth->configuration->settings</configpath> + <fields> + <field> + <fielddescr>No Authentication Defined</fielddescr> + <fieldname>no_auth</fieldname> + <type>text</type> + </field> + </fields> + + <custom_add_php_command_late> + require_once("/usr/local/pkg/squid_ng.inc"); + + global_write_squid_config(); + mwexec("/usr/local/sbin/squid -k reconfigure"); + </custom_add_php_command_late> + +</packagegui> diff --git a/config/squid3/34/squid_ident.php b/config/squid3/34/squid_ident.php new file mode 100644 index 00000000..ad13beb6 --- /dev/null +++ b/config/squid3/34/squid_ident.php @@ -0,0 +1,148 @@ +#!/usr/bin/php +#http://blog.dataforce.org.uk/2010/03/Ident-Server +<?php + /** + * Simple PHP-Based inetd ident server, version 0.1. + * Copyright (c) 2010 - Shane "Dataforce" Mc Cormack + * This code is licensed under the MIT License, of which a copy can be found + * at http://www.opensource.org/licenses/mit-license.php + * + * The latest version of the code can be found at + * http://blog.dataforce.org.uk/index.php?p=news&id=135 + * + * This should be run from inetd, it will take input on stdin and write to stdout. + * + * By default users can spoof ident by having a .ident file in /home/<username>/.ident + * If this is present, it will be read. + * It should be a file with a format like so: + * + * <pid> <ident> + * <local host>:<local port>:<target host>:<target port> <ident> + * + * The first line that matches is used, any bit can be a * and it will always match, + * so "* user" is valid. In future more sophisticated matches will be permitted + * (eg 127.*) but for now its either all or nothing. + * + * Its worth noting that <target host> is the host that requests the ident, so if this + * is likely to be different than the host that was connected to, then "STRICT_HOST" will + * need to be set to false. + * + * At the moment <local host> is ignored, in future versions this might be changed, so + * it is still required. + * + * Lines with a ':' in them are assumed to be of the second format, and must contain + * all 4 sections or they will be ignored. + * + * Lines starting with a # are ignored. + * + * There are some special values that can be used as idents: + * ! = Send an error instead. + * * = Send the default ident. + * ? = Send a random ident (In future a 3rd parameter will specify the format, + * # for a number, @ for a letter, ? for either, but this is not implemented yet) + * + * In future there will also be support for /home/user/.ident.d/ directories, where + * every file will be read for the ident response untill one matches. + * This will allow multiple processes to create files rather than needing to + * lock and edit .ident + */ + + // Allow spoofing idents. + define('ALLOW_SPOOF', true); + + // Requesting host must be the same as the host that was connected to. + define('STRICT_HOST', true); + + // Error to send when '!' is used as an ident. + define('HIDE_ERROR', 'UNKNOWN-ERROR'); + + openlog('simpleIdent', LOG_PID | LOG_ODELAY, LOG_DAEMON); + + $result = 'ERROR : UNKNOWN-ERROR' . "\n"; + + $host = $_SERVER['REMOTE_HOST']; + + syslog(LOG_INFO, 'Connection from: '.$host); + + // Red in the line from the socket. + $fh = @fopen('php://stdin', 'r'); + if ($fh) { + $input = @fgets($fh); + $line = trim($input); + if ($input !== FALSE && !empty($line)) { + $result = trim($input) . ' : ' . $result; + // Get the data from it. + $bits = explode(',', $line); + $source = trim($bits[0]); + $dest = isset($bits[1]) ? trim($bits[1]) : ''; + + // Check if it is valid + if (preg_match('/^[0-9]+$/', $source) && preg_match('/^[0-9]+$/', $dest)) { + // Now actually look for this! + $match = STRICT_HOST ? ":$source .*$host:$dest " : ":$source.*:$dest"; + + $output = `netstat -napW 2>&1 | grep '$match' | awk '{print \$7}'`; + + $bits = explode('/', $output); + $pid = $bits[0]; + + if (preg_match('/^[0-9]+$/', $pid)) { + $user = `ps -o ruser=SOME-REALLY-WIDE-USERNAMES-ARE-PERMITTED-HERE $pid | tail -n 1`; + + $senduser = trim($user); + + // Look for special ident file: /home/user/.ident this is an ini-format file. + $file = '/home/'.trim($user).'/.ident'; + + if (file_exists($file)) { + $config = file($file, FILE_SKIP_EMPTY_LINES | FILE_IGNORE_NEW_LINES | FILE_TEXT); + foreach ($config as $line) { + // Ignore comments. + $line = trim($line); + if (substr($line, 1) == '#') { continue; } + + // Make sure line is valid. + $bits = explode(' ', $line); + if (count($bits) == 1) { continue; } + + // Check type of line + if (strpos($bits[0], ':') !== FALSE) { + // LocalHost:LocalPort:RemoteHost:RemotePort + $match = explode(':', $bits[0]); + if (count($match) != 4) { continue; } + + if (($match[1] == '*' || $match[1] == $source) && + ($match[2] == '*' || $match[2] == $host) && + ($match[3] == '*' || $match[3] == $dest)) { + syslog(LOG_INFO, 'Spoof for '.$senduser.': '.$line); + $senduser = $bits[1]; + break; + } + } else if ($bits[0] == '*' || $bits[0] == $pid) { + syslog(LOG_INFO, 'Spoof for '.$senduser.': '.$line); + $senduser = $bits[1]; + } + } + + if ($senduser == "*") { + $senduser = trim(user); + } else if ($senduser == "?") { + $senduser = 'user'.rand(1000,9999); + } + } + + if ($senduser != "!") { + $result = $source . ', ' . $dest . ' : USERID : UNIX : ' . trim($senduser); + } else { + $result = $source . ', ' . $dest . ' : ERROR : ' . HIDE_ERROR; + } + } + } + } + } + + echo $result; + syslog(LOG_INFO, 'Result: '.$result); + closelog(); + exit(0); +?> diff --git a/config/squid3/34/squid_log_parser.php b/config/squid3/34/squid_log_parser.php new file mode 100755 index 00000000..8d0cbc20 --- /dev/null +++ b/config/squid3/34/squid_log_parser.php @@ -0,0 +1,57 @@ +#!/usr/local/bin/php -q +<?php +/* ========================================================================== */ +/* + squid_log_parser.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +# ------------------------------------------------------------------------------ +# Simple Squid Log parser to rewrite line with date/time human readable +# Usage: cat /var/squid/log/access.log | parser_squid_log.php +# ------------------------------------------------------------------------------ + +$logline = fopen("php://stdin", "r"); +while(!feof($logline)) { + $line = fgets($logline); + $line = rtrim($line); + if ($line != "") { + $fields = explode(' ', $line); + // Apply date format + $fields[0] = date("d.m.Y H:i:s",$fields[0]); + foreach($fields as $field) { + // Write the Squid log line with date/time human readable + echo "{$field} "; + } + echo "\n"; + } +} +fclose($logline); +?>
\ No newline at end of file diff --git a/config/squid3/34/squid_monitor.php b/config/squid3/34/squid_monitor.php new file mode 100755 index 00000000..84bf08e9 --- /dev/null +++ b/config/squid3/34/squid_monitor.php @@ -0,0 +1,200 @@ +<?php +/* ========================================================================== */ +/* + squid_monitor.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); +require_once("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "Status: Proxy Monitor"; +$shortcut_section = "squid"; +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> + +<?php if($one_two): ?> + + <p class="pgtitle"><?=$pgtitle?></font></p> + +<?php endif; ?> + +<?php if ($savemsg) print_info_box($savemsg); ?> + +<!-- Function to call programs logs --> +<script language="JavaScript"> + function showLog(content,url,program) + { + new PeriodicalExecuter(function(pe) { + new Ajax.Updater(content, url, { + method: 'post', + asynchronous: true, + evalScripts: true, + parameters: { maxlines: $('maxlines').getValue(), + strfilter: $('strfilter').getValue(), + program: program } + }) + }, 1) + } +</script> +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + if ($_REQUEST["menu"]=="reverse"){ + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=squid_reverse_general.xml&id=0"); + $tab_array[] = array(gettext("Web Servers"), false, "/pkg.php?xml=squid_reverse_peer.xml"); + $tab_array[] = array(gettext("Mappings"), false, "/pkg.php?xml=squid_reverse_uri.xml"); + $tab_array[] = array(gettext("Redirects"), false, "/pkg.php?xml=squid_reverse_redir.xml"); + $tab_array[] = array(gettext("Real time"), true, "/squid_monitor.php?menu=reverse"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=squid_reverse_sync.xml"); + } + else{ + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=squid.xml&id=0"); + $tab_array[] = array(gettext("Remote Cache"), false, "/pkg.php?xml=squid_upstream.xml"); + $tab_array[] = array(gettext("Local Cache"), false, "/pkg_edit.php?xml=squid_cache.xml&id=0"); + $tab_array[] = array(gettext("Antivirus"), false, "/pkg_edit.php?xml=antivirus.xml&id=0"); + $tab_array[] = array(gettext("ACLs"), false, "/pkg_edit.php?xml=squid_nac.xml&id=0"); + $tab_array[] = array(gettext("Traffic Mgmt"), false, "/pkg_edit.php?xml=squid_traffic.xml&id=0"); + $tab_array[] = array(gettext("Authentication"), false, "/pkg_edit.php?xml=squid_auth.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg.php?xml=squid_users.xml"); + $tab_array[] = array(gettext("Real time"), true, "/squid_monitor.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=squid_sync.xml"); + } + display_top_tabs($tab_array); + ?> +</td></tr> + <tr> + <td> +<div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> + <form id="paramsForm" name="paramsForm" method="post"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> + <tr> + <td width="22%" valign="top" class="vncellreq">Max lines:</td> + <td width="78%" class="vtable"> + <select name="maxlines" id="maxlines"> + <option value="5">5 lines</option> + <option value="10" selected="selected">10 lines</option> + <option value="15">15 lines</option> + <option value="20">20 lines</option> + <option value="25">25 lines</option> + <option value="100">100 lines</option> + <option value="200">200 lines</option> + </select> + <br/> + <span class="vexpl"> + <?=gettext("Max. lines to be displayed.");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">String filter:</td> + <td width="78%" class="vtable"> + <input name="strfilter" type="text" class="formfld search" id="strfilter" size="50" value=""> + <br/> + <span class="vexpl"> + <?=gettext("Enter a grep like string/pattern to filterlog.");?><br> + <?=gettext("eg. username, ip addr, url.");?><br> + <?=gettext("Use <b>!</b> to invert the sense of matching, to select non-matching lines.");?> + </span> + </td> + </tr> + </tbody> + </table> + </form> + + <!-- Squid Table --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr> + <td> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td colspan="6" class="listtopic"><center><?=gettext("Squid Logs"); ?><center></td> + </tr> + <tbody id="squidView"> + <script language="JavaScript"> + // Call function to show squid log + showLog('squidView', 'squid_monitor_data.php','squid'); + </script> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> +<?php if ($_REQUEST["menu"]!="reverse"){?> + <!-- SquidGuard Table --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr> + <td> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td colspan="5" class="listtopic"><center><?=gettext("SquidGuard Logs"); ?><center></td> + </tr> + <tbody id="sguardView"> + <script language="JavaScript"> + // Call function to show squidGuard log + showLog('sguardView', 'squid_monitor_data.php','sguard'); + </script> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> +</div> +<?php }?> +</td> +</tr> +</table> +</div> + + +<?php +include("fend.inc"); +?> + +</body> +</html> diff --git a/config/squid3/34/squid_monitor_data.php b/config/squid3/34/squid_monitor_data.php new file mode 100755 index 00000000..6223330e --- /dev/null +++ b/config/squid3/34/squid_monitor_data.php @@ -0,0 +1,175 @@ +<?php +/* ========================================================================== */ +/* + squid_monitor_data.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +# ------------------------------------------------------------------------------ +# Defines +# ------------------------------------------------------------------------------ +require_once("guiconfig.inc"); + +# ------------------------------------------------------------------------------ +# Requests +# ------------------------------------------------------------------------------ +if ($_POST) { + # Actions + $filter = preg_replace('/(@|!|>|<)/',"",htmlspecialchars($_POST['strfilter'])); + $program = strtolower($_POST['program']); + switch ($program) { + case 'squid': + // Define log file + $log='/var/squid/logs/access.log'; + //show table headers + show_tds(array("Date","IP","Status","Address","User","Destination")); + //fetch lines + $logarr=fetch_log($log); + // Print lines + foreach ($logarr as $logent) { + // Split line by space delimiter + $logline = preg_split("/\s+/", $logent); + + // Apply date format to first line + //$logline[0] = date("d.m.Y H:i:s",$logline[0]); + + // Word wrap the URL + $logline[7] = htmlentities($logline[7]); + $logline[7] = html_autowrap($logline[7]); + + // Remove /(slash) in destination row + $logline_dest = preg_split("/\//", $logline[9]); + + // Apply filter and color + // Need validate special chars + if ($filter != "") + $logline = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$logline); + echo "<tr valign=\"top\">\n"; + echo "<td class=\"listlr\" nowrap>{$logline[0]} {$logline[1]}</td>\n"; + echo "<td class=\"listr\">{$logline[3]}</td>\n"; + echo "<td class=\"listr\">{$logline[4]}</td>\n"; + echo "<td class=\"listr\" width=\"*\">{$logline[7]}</td>\n"; + echo "<td class=\"listr\">{$logline[8]}</td>\n"; + echo "<td class=\"listr\">{$logline_dest[1]}</td>\n"; + echo "</tr>\n"; + } + break; + case 'sguard'; + $log='/var/squidGuard/log/block.log'; + //show table headers + show_tds(array("Date-Time","ACL","Address","Host","User")); + //fetch lines + $logarr=fetch_log($log); + foreach ($logarr as $logent) { + // Split line by space delimiter + $logline = preg_split("/\s+/", $logent); + + // Apply time format + $logline[0] = date("d.m.Y", strtotime($logline[0])); + + // Word wrap the URL + $logline[4] = htmlentities($logline[4]); + $logline[4] = html_autowrap($logline[4]); + + + // Apply filter color + // Need validate special chars + if ($filter != "") + $logline = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$logline); + + + echo "<tr>\n"; + echo "<td class=\"listlr\" nowrap>{$logline[0]} {$logline[1]}</td>\n"; + echo "<td class=\"listr\">{$logline[3]}</td>\n"; + echo "<td class=\"listr\" width=\"*\">{$logline[4]}</td>\n"; + echo "<td class=\"listr\">{$logline[5]}</td>\n"; + echo "<td class=\"listr\">{$logline[6]}</td>\n"; + echo "</tr>\n"; + } + break; + } +} + +# ------------------------------------------------------------------------------ +# Functions +# ------------------------------------------------------------------------------ + +// From SquidGuard Package +function html_autowrap($cont) +{ + # split strings + $p = 0; + $pstep = 25; + $str = $cont; + $cont = ''; + for ( $p = 0; $p < strlen($str); $p += $pstep ) { + $s = substr( $str, $p, $pstep ); + if ( !$s ) break; + $cont .= $s . "<wbr/>"; + } + return $cont; +} + + +// Show Squid Logs +function fetch_log($log){ + global $filter,$program; + // Get Data from form post + $lines = $_POST['maxlines']; + if (preg_match("/!/",htmlspecialchars($_POST['strfilter']))) + $grep_arg="-iv"; + else + $grep_arg="-i"; + + //Check program to execute or no the parser + if($program == "squid") + $parser = "| php -q squid_log_parser.php"; + else + $parser = ""; + + // Get logs based in filter expression + if($filter != "") { + exec("tail -2000 {$log} | /usr/bin/grep {$grep_arg} " . escapeshellarg($filter). " | tail -r -n {$lines} {$parser} " , $logarr); + } + else { + exec("tail -r -n {$lines} {$log} {$parser}", $logarr); + } + // return logs + return $logarr; +}; + +function show_tds($tds){ + echo "<tr valign='top'>\n"; + foreach ($tds as $td){ + echo "<td class='listhdrr'>".gettext($td)."</td>\n"; + } + echo "</tr>\n"; +} + +?> diff --git a/config/squid3/34/squid_nac.xml b/config/squid3/34/squid_nac.xml new file mode 100755 index 00000000..70fe162f --- /dev/null +++ b/config/squid3/34/squid_nac.xml @@ -0,0 +1,191 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidnac</name> + <version>none</version> + <title>Proxy server: Access control</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Access Control Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Allowed subnets</fielddescr> + <fieldname>allowed_subnets</fieldname> + <description>Enter each subnet on a new line that is allowed to use the proxy. The subnets must be expressed as CIDR ranges (e.g.: 192.168.1.0/24). Note that the proxy interface subnet is already an allowed subnet. All the other subnets won't be able to use the proxy.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Unrestricted IPs</fielddescr> + <fieldname>unrestricted_hosts</fieldname> + <description>Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Banned host addresses</fielddescr> + <fieldname>banned_hosts</fieldname> + <description>Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Whitelist</fielddescr> + <fieldname>whitelist</fieldname> + <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Blacklist</fielddescr> + <fieldname>blacklist</fieldname> + <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Block user agents</fielddescr> + <fieldname>block_user_agent</fieldname> + <description>Enter each user agent on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Block MIME types (reply only)</fielddescr> + <fieldname>block_reply_mime_type</fieldname> + <description>Enter each MIME type on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. Useful to block javascript (application/x-javascript).</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <name>Squid Allowed ports</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>acl safeports</fielddescr> + <fieldname>addtl_ports</fieldname> + <description>This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535</description> + <type>input</type> + <size>60</size> + <default_value></default_value> + </field> + <field> + <fielddescr>acl sslports</fielddescr> + <fieldname>addtl_sslports</fieldname> + <description>This is a space-separated list of ports to allow SSL "CONNECT" in addition to the already defined list: 443 563</description> + <type>input</type> + <size>60</size> + <default_value></default_value> + </field> + </fields> + <custom_php_validation_command> + squid_validate_nac($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_ng.inc b/config/squid3/34/squid_ng.inc new file mode 100755 index 00000000..bac4d4f0 --- /dev/null +++ b/config/squid3/34/squid_ng.inc @@ -0,0 +1,1070 @@ +<?php +/* $Id$ */ + +/* + squid_ng.inc + part of pfSense (www.pfSense.com) + + Copyright (C) 2005 Michael Capp <michael.capp@gmail.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +if(!function_exists("filter_configure")) + require_once("filter.inc"); + +function global_write_squid_config() +{ + global $config; + conf_mount_rw(); + config_lock(); + + /* define squid configuration file in variable for replace function */ + $squidconfig = "/usr/local/etc/squid/squid.conf"; + + /* squid.xml values */ + $active_interface = $config['installedpackages']['squid']['config'][0]['active_interface']; + $transparent_proxy = $config['installedpackages']['squid']['config'][0]['transparent_proxy']; + $log_enabled = $config['installedpackages']['squid']['config'][0]['log_enabled']; + $urlfilter_enable = $config['installedpackages']['squid']['config'][0]['urlfilter_enable']; + $accesslog_disabled = $config['installedpackages']['squid']['config'][0]['accesslog_disabled']; + $log_query_terms = $config['installedpackages']['squid']['config'][0]['log_query_terms']; + $log_user_agents = $config['installedpackages']['squid']['config'][0]['log_user_agents']; + $proxy_port = $config['installedpackages']['squid']['config'][0]['proxy_port']; + $visible_hostname = $config['installedpackages']['squid']['config'][0]['visible_hostname']; + $cache_admin_email = $config['installedpackages']['squid']['config'][0]['cache_admin_email']; + $error_language = $config['installedpackages']['squid']['config'][0]['error_language']; + $cachemgr_enabled = $config['installedpackages']['squid']['config'][0]['cachemgr_enabled']; + + /* squid_upstream.xml values */ + $proxy_forwarding = $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding']; + $client_ip_forwarding = $config['installedpackages']['squidupstream']['config'][0]['client_ip_forwarding']; + $user_forwarding = $config['installedpackages']['squidupstream']['config'][0]['user_forwarding']; + $upstream_proxy = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy']; + $upstream_proxy_port = $config['installedpackages']['squidupstream']['config'][0]['upstream_proxy_port']; + $upstream_username = $config['installedpackages']['squidupstream']['config'][0]['upstream_username']; + $upstream_password = $config['installedpackages']['squidupstream']['config'][0]['upstream_psasword']; + + /* squid_cache.xml values */ + $memory_cache_size = $config['installedpackages']['squidcache']['config'][0]['memory_cache_size']; + $harddisk_cache_size = $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']; + $minimum_object_size = $config['installedpackages']['squidcache']['config'][0]['minimum_object_size']; + $maximum_object_size = $config['installedpackages']['squidcache']['config'][0]['maximum_object_size']; + $level_subdirs = $config['installedpackages']['squidcache']['config'][0]['level_subdirs']; + $memory_replacement = $config['installedpackages']['squidcache']['config'][0]['memory_replacement']; + $cache_replacement = $config['installedpackages']['squidcache']['config'][0]['cache_replacement']; + $domain = $config['installedpackages']['squidcache']['config'][0]['domain']; + $enable_offline = $config['installedpackages']['squidcache']['config'][0]['enable_offline']; + + /* squid_nac.xml values */ + $allowed_subnets = $config['installedpackages']['squidnac']['config'][0]['allowed_subnets']; + $unrestricted_ip_addr = $config['installedpackages']['squidnac']['config'][0]['unrestricted_ip_address']; + $unrestricted_mac_addr = $config['installedpackages']['squidnac']['config'][0]['unrestricted_mac_addresses']; + $banned_ip_addr = $config['installedpackages']['squidnac']['config'][0]['banned_ip_addresses']; + $banned_mac_addr = $config['installedpackages']['squidnac']['config'][0]['banned_mac_addresses']; + $override_hosts = $config['installedpackages']['squidnac']['config'][0]['override_hosts']; + + /* squid_traffic.xml values */ + $max_download_size = $config['installedpackages']['squidtraffic']['config'][0]['max_download_size']; + $max_upload_size = $config['installedpackages']['squidtraffic']['config'][0]['max_upload_size']; + $dl_overall = $config['installedpackages']['squidtraffic']['config'][0]['dl_overall']; + $dl_per_host = $config['installedpackages']['squidtraffic']['config'][0]['dl_per_host']; + $throttle_binary_files = $config['installedpackages']['squidtraffic']['config'][0]['throttle_binary_files']; + $throttle_cd_images = $config['installedpackages']['squidtraffic']['config'][0]['throttle_cd_images']; + $throttle_multimedia = $config['installedpackages']['squidtraffic']['config'][0]['throttle_multimedia']; + + /* squid_auth.xml values */ + $auth_method = $config['installedpackages']['squidauth']['config'][0]['auth_method']; + $auth_processes = $config['installedpackages']['squidauth']['config'][0]['auth_processes']; + $auth_cache_ttl = $config['installedpackages']['squidauth']['config'][0]['auth_cache_ttl']; + $limit_ip_addr = $config['installedpackages']['squidauth']['config'][0]['limit_ip_addr']; + $user_ip_cache_ttl = $config['installedpackages']['squidauth']['config'][0]['user_ip_cache_ttl']; + $req_unrestricted_auth = $config['installedpackages']['squidauth']['config'][0]['req_unrestricted_auth']; + $auth_realm_prompt = $config['installedpackages']['squidauth']['config'][0]['auth_realm_prompt']; + $no_domain_auth = $config['installedpackages']['squidauth']['config'][0]['no_domain_auth']; + $min_pass_length = $config['installedpackages']['squidauth']['config'][0]['min_pass_length']; + $bypass_extended = $config['installedpackages']['squidauth']['config'][0]['bypass_extended']; + + /* squid_extauth.xml (ldap) values */ + $ldap_basedn = $config['installedpackages']['squidextldapauth']['config'][0]['ldap_basedn']; + $ldap_server = $config['installedpackages']['squidextldapauth']['config'][0]['ldap_server']; + $ldap_type = $config['installedpackages']['squidextldapauth']['config'][0]['ldap_type']; + $ldap_port = $config['installedpackages']['squidextldapauth']['config'][0]['ldap_port']; + $bind_dn_username = $config['installedpackages']['squidextldapauth']['config'][0]['bind_dn_username']; + $bind_dn_password = $config['installedpackages']['squidextldapauth']['config'][0]['bind_dn_password']; + + /* squid_extauth.xml (radius) values */ + $radius_server = $config['installedpackages']['squidextradiusauth']['config'][0]['radius_server']; + $radius_port = $config['installedpackages']['squidextradiusauth']['config'][0]['radius_port']; + $radius_identifier = $config['installedpackages']['squidextradiusauth']['config'][0]['radius_identifier']; + $radius_secret = $config['installedpackages']['squidextradiusauth']['config'][0]['radius_secret']; + + /* static variable assignments for directory mapping */ + $acldir = "/usr/local/etc/squid/advanced/acls"; + $ncsadir = "/usr/local/etc/squid/advanced/ncsa"; + $ntlmdir = "/usr/local/etc/squid/advanced/ntlm"; + $radiusdir = "/usr/local/etc/squid/advanced/radius"; + + $fout = fopen($squidconfig, "w"); + + $config_array = array('shutdown_lifetime 5 seconds' . "\n\n"); + + if (isset($cachemgr_enabled) && ($cachemgr_enabled == "on")) { + mwexec("cp /usr/local/libexec/squid/cachemgr.cgi /usr/local/www/cachemgr.cgi"); + mwexec("chmod a+rx /usr/local/www/cachemgr.cgi"); + } else { + mwexec("rm -f /usr/local/www/cachemgr.cgi"); + } + unset($cachemgr_enabled); + + if (!isset($icp_port) or ($icp_port == "")) { + $icp_port = "3130"; + } + $config_array[] = 'icp_port ' . $icp_port . "\n"; + unset($icp_port); + + if(!isset($proxy_port) or ($proxy_port == "")) { + $proxy_port = "3128"; + } + + if (isset($transparent_proxy) && ($transparent_proxy != "on")) { + $int = convert_friendly_interface_to_real_interface_name($active_interface); + $listen_ip = find_interface_ip($int); + + $config_array[] = 'http_port ' . $listen_ip . ':' . $proxy_port . "\n\n"; + $config_array[] = 'acl QUERY urlpath_regex cgi-bin \?' . "\n"; + $config_array[] = 'no_cache deny QUERY' . "\n\n"; + } + $config_array[] = 'http_port 127.0.0.1:' . $proxy_port . "\n\n"; + unset($proxy_port); + + if (isset($domain) && ($domain !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/dst_nocache.acl","w"); + + $domain_array = split("; ",$domain); + foreach ($domain_array as $no_cache_domain) { + fwrite($aclout, $no_cache_domain . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl no_cache_domains dstdomain "' . $acldir . '/dst_nocache.acl"' . "\n"; + $config_array[] = 'no_cache deny no_cache_domains' . "\n\n"; + } + unset($no_cache_domain); + unset($domain_array); + unset($domain); + + $config_array[] = 'cache_effective_user squid' . "\n"; + $config_array[] = 'cache_effective_group squid' . "\n\n"; + $config_array[] = 'pid_filename /var/run/squid.pid' . "\n\n"; + + if (!isset($memory_cache_size) or ($memory_cache_size == "")) { + $memory_cache_size = "8"; + } + $config_array[] = 'cache_mem ' . $memory_cache_size . ' MB' . "\n"; + unset($memory_cache_size); + + if (!isset($harddisk_cache_size) or ($harddisk_cache_size == "")) { + $harddisk_cache_size = "500"; + } + + if (!isset($level_subdirs) or ($level_subdirs == "")) { + $level_subdirs = "16"; + } + + $config_array[] = 'cache_dir diskd /var/squid/cache ' . $harddisk_cache_size . ' ' . $level_subdirs . ' 256' . "\n\n"; + unset($harddisk_cache_size); + unset($level_subdirs); + + if (!isset($error_language) or ($error_language == "")) { + $error_language = "English"; + } + $config_array[] = 'error_directory /usr/local/etc/squid/errors/' . $error_language . "\n\n"; + unset($error_language); + + if (isset($offline_mode) && ($offline_mode == "on")) { + $config_array[] = 'offline_mode on' . "\n\n"; + } else { + $config_array[] = 'offline_mode off' . "\n\n"; + } + + if (!isset($memory_replacement) or ($memory_replacement == "")) { + $memory_replacement = "heap GDSF"; + } + $config_array[] = 'memory_replacement_policy ' . $memory_replacement . "\n"; + unset($memory_replacement); + + if (!isset($cache_replacement) or ($cache_replacement == "")) { + $cache_replacement="heap GDSF"; + } + $config_array[] = 'cache_replacement_policy ' . $cache_replacement . "\n\n"; + unset($cache_replacement); + + if (isset($accesslog_disabled) && ($accesslog_disabled == "on")) { + $config_array[] = 'cache_access_log none' . "\n"; + } else { + $config_array[] = 'cache_access_log /var/log/access.log' . "\n"; + } + $config_array[] = 'cache_log /var/log/cache.log' . "\n"; + $config_array[] = 'cache_store_log none' . "\n"; + unset($accesslog_disabled); + unset($log_enabled); + + if (isset($log_query_terms) && ($log_query_terms == "on")) { + $config_array[] = 'strip_query_terms off' . "\n"; + } else { + $config_array[] = 'strip_query_terms on' . "\n"; + } + unset($log_query_terms); + + $config_array[] = 'useragent_log /var/log/useragent.log' . "\n\n"; + unset($log_user_agents); + + $config_array[] = 'log_mime_hdrs off' . "\n"; + $config_array[] = 'emulate_httpd_log on' . "\n"; + + switch ($user_forwarding) { + case "on": + $config_array[] = 'forwarded_for on' . "\n\n"; + break; + case "off": + $config_array[] = 'forwarded_for off' . "\n\n"; + break; + default: + $config_array[] = 'forwarded_for off' . "\n\n"; + break; + } + unset($user_forwarding); + + switch ($auth_method) { + case "none": + break; + case "local_auth": + $config_array[] = 'auth_param basic program /usr/local/libexec/squid/ncsa_auth /usr/local/etc/squid/advanced/ncsa/passwd' . "\n"; + if (!isset($auth_processes) or ($auth_processes == "")) { + $auth_processes = "5"; + } + $config_array[] = 'auth_param basic children ' . $auth_processes . "\n"; + + if (!isset($auth_realm_prompt) or ($auth_realm_prompt == "")) { + $auth_realm_prompt = "pfSense Advanced Proxy"; + } + $config_array[] = 'auth_param basic realm ' . $auth_realm_prompt . "\n"; + + if (!isset($auth_cache_ttl) or ($auth_cache_ttl == "")) { + $auth_cache_ttl = "60"; + } + $config_array[] = 'auth_param basic credentialsttl ' . $auth_cache_ttl . ' minutes' . "\n\n"; + $config_array[] = 'acl for_inetusers proxy_auth REQUIRED' . "\n\n"; + + unset($auth_realm_prompt); + unset($auth_processes); + unset($auth_cache_ttl); + + break; + case "radius_auth"; + $config_array[] = 'auth_param basic program /usr/local/libexec/squid/squid_rad_auth -h ' . $radius_server . ' -p ' . $radius_port . ' -i ' . $radius_identifier . ' -w ' . $radius_secret . "\n"; + if (!isset($auth_processes) or ($auth_processes == "")) { + $auth_processes = "5"; + } + $config_array[] = 'auth_param basic children ' . $auth_processes . "\n"; + + if (!isset($auth_realm_prompt) or ($auth_realm_prompt == "")) { + $auth_realm_prompt = "pfSense Advanced Proxy"; + } + $config_array[] = 'auth_param basic realm ' . $auth_realm_prompt . "\n"; + + if (!isset($auth_cache_ttl) or ($auth_cache_ttl == "")) { + $auth_cache_ttl = "60"; + } + $config_array[] = 'auth_param basic credentialsttl ' . $auth_cache_ttl . ' minutes' . "\n\n"; + $config_array[] = 'acl for_inetusers proxy_auth REQUIRED' . "\n\n"; + + unset($auth_realm_prompt); + unset($auth_processes); + unset($auth_cache_ttl); + + break; + case "ldap_bind"; + $config_array[] = 'auth_param basic program /usr/local/libexec/squid_ldap_auth -b "' . $ldap_basedn . '" -D "' . $bind_dn_username . '" -w "' . $bind_dn_password . '" -f "(&(objectClass=person)(cn=%s))" -u -cn -P "' . $ldap_server . ":" . $ldap_port . "\n"; + $config_array[] = 'auth_param basic program /usr/local/libexec/squid/squid_ldap_auth'; + $config_array[] = ' -b "' . $ldap_basedn . '"'; + $config_array[] = ' -D "' . $bind_dn_username . '"'; + $config_array[] = " -w " . $bind_dn_password; + $config_array[] = ' -f "(&(objectClass=person)(cn=%s))"'; + $config_array[] = " -u cn -P " . $ldap_server . ":" . $ldap_port . "\n"; + + if (!isset($auth_processes) or ($auth_processes == "")) { + $auth_processes = "5"; + } + $config_array[] = 'auth_param basic children ' . $auth_processes . "\n"; + + if (!isset($auth_realm_prompt) or ($auth_realm_prompt == "")) { + $auth_realm_prompt = "pfSense Advanced Proxy"; + } + $config_array[] = 'auth_param basic realm ' . $auth_realm_prompt . "\n"; + + if (!isset($auth_cache_ttl) or ($auth_cache_ttl == "")) { + $auth_cache_ttl = "60"; + } + $config_array[] = 'auth_param basic credentialsttl ' . $auth_cache_ttl . ' minutes' . "\n\n"; + $config_array[] = 'acl for_inetusers proxy_auth REQUIRED' . "\n\n"; + + unset($auth_realm_prompt); + unset($auth_processes); + unset($auth_cache_ttl); + + break; + case "windows_auth"; + break; + } + + if (isset($throttle_binary_files) && ($throttle_binary_files == "on")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $binary_out = "\.bin$\n\.cab$\n\.gz$\n\.rar$\n\.sea$\n\.tar$\n\.tgz$\n\.zip$\n"; + + $throttle_out = fopen($acldir . "/dst_throttle_binary.acl", "w"); + fwrite($throttle_out, $binary_out); + fclose($throttle_out); + $config_array[] = 'acl for_throttled_binary url_regex -i "' . $acldir . '/dst_throttle_binary.acl"' . "\n"; + } else { + if (file_exists($acldir . "/dst_throttle_binary.acl")) unlink($acldir . "/dst_throttle_binary.acl"); + } + unset($throttle_binary_files); + unset($throttle_out); + unset($binary_out); + + if (isset($throttle_cd_images) && ($throttle_cd_images == "on")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $cd_out = "\.b5t$\n\.bin$\n\.bwt$\n\.cdi$\n\.cue$\n\.gho$\n\.img$\n\.iso$\n\.mds$\n\.nrg$\n\.pqi$\n"; + + $throttle_out = fopen($acldir . "/dst_throttle_cd.acl","w"); + fwrite($throttle_out, $cd_out); + fclose($throttle_out); + $config_array[] = 'acl for_throttled_cd url_regex -i "' . $acldir . '/dst_throttle_cd.acl"' . "\n"; + } else { + if (file_exists($acldir . "/dst_throttle_cd.acl")) { + unlink($acldir . "/dst_throttle_cd.acl"); + } + } + unset($throttle_cd_images); + unset($throttle_out); + unset($cd_out); + + if (isset($throttle_multimedia) && ($throttle_multimedia == "on")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $multimedia_out = "\.aiff?$\n\.asf$\n\.avi$\n\.divx$\n\.mov$\n\.mp3$\n\.mpe?g$\n\.qt$\n\.ra?m$\n"; + + $throttle_out = fopen($acldir . "/dst_throttle_multimedia.acl","w"); + fwrite($throttle_out, $multimedia_out); + fclose($throttle_out); + $config_array[] = 'acl for_throttled_multimedia url_regex -i "' . $acldir . '/dst_throttle_multimedia.acl"' . "\n"; + } else { + if (file_exists($acldir . "/dst_throttle_multimedia.acl")) { + unlink($acldir . "/dst_throttle_multimedia.acl"); + } + } + unset($throttle_multimedia); + unset($multimedia_out); + unset($throttle_out); + + $config_array[] = 'acl within_timeframe time MTWHFAS 00:00-24:00' . "\n\n"; + + /* obtain interface subnet and address for Squid rules */ + $lactive_interface = strtolower($active_interface); + + $lancfg = $config['interfaces'][$lactive_interface]; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + $config_array[] = 'acl all src 0.0.0.0/0.0.0.0' . "\n"; + $config_array[] = 'acl localnet src ' . $lansa . '/' . $lansn . "\n"; + $config_array[] = 'acl localhost src 127.0.0.1/255.255.255.255' . "\n"; + $config_array[] = 'acl SSL_ports port 443 563 873 # https, snews, rsync' . "\n"; + $config_array[] = 'acl Safe_ports port 80 # http' . "\n"; + $config_array[] = 'acl Safe_ports port 21 # ftp' . "\n"; + $config_array[] = 'acl Safe_ports port 443 563 873 # https, snews, rsync' . "\n"; + $config_array[] = 'acl Safe_ports port 70 # gopher' . "\n"; + $config_array[] = 'acl Safe_ports port 210 # wais' . "\n"; + $config_array[] = 'acl Safe_ports port 1025-65535 # unregistered ports' . "\n"; + $config_array[] = 'acl Safe_ports port 280 # http-mgmt' . "\n"; + $config_array[] = 'acl Safe_ports port 488 # gss-http' . "\n"; + $config_array[] = 'acl Safe_ports port 591 # filemaker' . "\n"; + $config_array[] = 'acl Safe_ports port 777 # multiling http' . "\n"; + $config_array[] = 'acl Safe_ports port 800 # Squids port (for icons)' . "\n\n"; + + /* allow access through proxy for custom admin port */ + $custom_port = $config['system']['webgui']['port']; + if (isset($custom_port) && ($custom_port !== "")) { + $config_array[] = 'acl pf_admin_port port ' . $custom_port . "\n"; + unset($custom_port); + } else { + $admin_protocol = $config['system']['webgui']['protocol']; + switch ($admin_protocol) { + case "http"; + $config_array[] = 'acl pf_admin_port port 80' ."\n"; + break; + case "https"; + $config_array[] = 'acl pf_admin_port port 443' . "\n"; + break; + default; + $config_array[] = 'acl pf_admin_port port 80' . "\n"; + break; + } + unset($admin_protocol); + } + + /* define override hosts as specified in squid_nac.xml */ + if (isset($override_hosts) && ($override_hosts !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/src_override_hosts.acl", "w"); + + $override_hosts_array = split("; ", $override_hosts); + foreach ($override_hosts_array as $ind_override_host) { + fwrite($aclout, $ind_override_host . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl override_hosts src "/usr/local/etc/squid/advanced/acls/src_override_hosts.acl"' . "\n"; + } + /* clear variables */ + unset($override_hosts_array); + unset($ind_override_host); + unset($override_hosts); + + /* define subnets allowed to utilize proxy service */ + if (isset($allowed_subnets) && ($allowed_subnets !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + mwexec("touch {$acldir}/src_subnets.acl"); + } + + $aclout = fopen($acldir . "/src_subnets.acl","w"); + + $allowed_subnets_array = split("; ",$allowed_subnets); + foreach ($allowed_subnets_array as $ind_allowed_subnets) { + fwrite($aclout, $ind_allowed_subnets . "\n"); + } + + fclose($aclout); + } else { + + $aclout = fopen($acldir . "/src_subnets.acl","w"); + fwrite($aclout, $lansa . "/" . $lansn . "\n"); + fclose($aclout); + } + + $config_array[] = 'acl pf_networks src "/usr/local/etc/squid/advanced/acls/src_subnets.acl"' . "\n"; + + unset($allowed_subnets_array); + unset($ind_allowed_subnets); + unset($allowed_subnets); + + /* define ip addresses that have 'unrestricted' access */ + if (isset($unrestricted_ip_addr) && ($unrestricted_ip_addr !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/src_unrestricted_ip.acl","w"); + + $unrestricted_ip_array = split("; ",$unrestricted_ip_addr); + foreach ($unrestricted_ip_array as $ind_unrestricted_ip) { + fwrite($aclout, $ind_unrestricted_ip . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl pf_unrestricted_ip src "/usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl"' . "\n"; + } + unset($unrestricted_ip_array); + unset($unrestricted_ip_addr); + unset($ind_unrestricted_ip); + + /* define mac addresses that have 'unrestricted' access */ + if (isset($unrestricted_mac_addr) && ($unrestricted_mac_addr !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/src_unrestricted_mac.acl","w"); + + $unrestricted_mac_array = split("; ",$unrestricted_mac_addr); + foreach ($unrestricted_mac_array as $ind_unrestricted_mac) { + fwrite($aclout, $ind_unrestricted_mac . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl pf_unrestricted_mac src "/usr/local/etc/squid/advanced/acls/src_unrestricted_mac.acl"' . "\n"; + } + unset($unrestricted_mac_array); + unset($unrestricted_mac_addr); + unset($ind_unrestricted_mac); + + /* define ip addresses that are banned from using the proxy service */ + if (isset($banned_ip_addr) && ($banned_ip_addr !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/src_banned_ip.acl","w"); + + $banned_ip_array = split("; ",$banned_ip_addr); + foreach ($banned_ip_array as $ind_banned_ip) { + fwrite($aclout, $ind_banned_ip . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl pf_banned_ip src "/usr/local/etc/squid/advanced/acls/src_banned_ip.acl"' . "\n"; + } + unset($banned_ip_array); + unset($banned_ip_addr); + unset($ind_banned_ip); + + /* define mac addresses that are banned from using the proxy service */ + if (isset($banned_mac_addr) && ($banned_mac_addr !== "")) { + if (!file_exists($acldir)) { + mwexec("/bin/mkdir -p " . $acldir); + } + + $aclout = fopen($acldir . "/src_banned_mac.acl","w"); + + $banned_mac_array = split("; ",$banned_mac_addr); + foreach ($banned_mac_array as $ind_banned_mac) { + fwrite($aclout, $ind_banned_mac . "\n"); + } + + fclose($aclout); + + $config_array[] = 'acl pf_banned_mac src "/usr/local/etc/squid/advanced/acls/src_banned_mac.acl"' . "\n"; + } + unset($banned_mac_array); + unset($banned_mac_addr); + unset($ind_banned_mac); + + $config_array[] = 'acl pf_ips dst ' . $lanip . "\n"; + $config_array[] = 'acl CONNECT method CONNECT' . "\n\n"; + + if (isset($auth_method) && ($auth_method == "none")) { + $config_array[] = 'http_access allow localnet' . "\n"; + } + $config_array[] = 'http_access allow localhost' . "\n"; + + if (isset($override_hosts) && ($override_hosts !== "")) { + $config_array[] = 'http_access allow override_hosts' . "\n"; + } + $config_array[] = "\n"; + + switch ($config['system']['webgui']['protocol']) { + case "http": + $config_array[] = 'http_access allow pf_ips' . "\n"; + $config_array[] = 'http_access allow pf_admin_port' . "\n"; + $config_array[] = 'http_access deny !pf_networks' . "\n\n"; + break; + case "https": + $config_array[] = 'http_access allow CONNECT pf_ips' . "\n"; + $config_array[] = 'http_access allow CONNECT pf_admin_port' . "\n"; + $config_array[] = 'http_access deny CONNECT !pf_networks' . "\n\n"; + break; + } + + $config_array[] = 'http_access deny !Safe_ports' . "\n"; + $config_array[] = 'http_access deny CONNECT !SSL_ports' . "\n\n"; + + if (isset($auth_method) && ($auth_method != "none")) { + $config_array[] = 'http_access allow pf_networks for_inetusers within_timeframe' . "\n"; + } + + $config_array[] = 'http_access deny all' . "\n\n"; + + if (isset($dl_overall) && ($dl_overall !== "") and isset($dl_per_host) && ($dl_per_host == "")) { + $config_array[] = 'delay_pools 1' . "\n"; + $config_array[] = 'delay_class 1 3' . "\n"; + + if ($dl_overall == "unlimited") { + $config_array[] = 'delay_parameters 1 -1/-1 -1/-1 ' . ($dl_overall * 125) . '/' . ($dl_overall * 250) . "\n"; + } else { + $config_array[] = 'delay_parameters 1 ' . ($dl_overall * 125) . '/' . ($dl_overall * 250) . ' -1/-1 -1/-1' . "\n"; + } + + /* if no unrestricted ip addresses are defined; this line is ignored */ + if (isset($unrestricted_ip_addr) && ($unrestricted_ip_addr == "")) $config_array[] = 'delay_access 1 deny pf_unrestricted_ip' . "\n"; + + /* this will define bandwidth delay restrictions for specified throttles */ + if (isset($throttle_binary_files) && ($throttle_binary_files == "on")) { + $config_array[] = 'delay_access 1 allow all for_throttled_binary' . "\n"; + } + if (isset($throttle_cd_images) && ($throttle_cd_images == "on")) { + $config_array[] = 'delay_access 1 allow all for_throttled_cd' . "\n"; + } + if (isset($throttle_multimedia) && ($throttle_multimedia == "on")) { + $config_array[] = 'delay_access 1 allow all for_throttled_multimedia' . "\n"; + } else { + $config_array[] = 'delay_access 1 allow all' . "\n"; + } + $config_array[] = 'delay_initial_bucket_level 100%' . "\n\n"; + } + + if (isset($dl_per_host) && ($dl_per_host !== "") and isset($dl_overall) && ($dl_overall == "")) { + $config_array[] = 'delay_pools 1' . "\n"; + $config_array[] = 'delay_class 1 3' . "\n"; + + if ($dl_per_host == "unlimited") { + $config_array[] = 'delay_parameters 1 ' . ($dl_per_host * 125) . '/' . ($dl_per_host * 250) . '-1/-1 -1/-1' . "\n"; + } else { + $config_array[] = 'delay_parameters 1 -1/-1 -1/-1 ' . ($dl_per_host * 125) . '/' . ($dl_per_host * 250) . "\n"; + } + + /* if no unrestricted ip addresses are defined; this line is ignored */ + if (isset($unrestricted_ip_addr) && ($unrestricted_ip_addr !== "")) $config_array[] = 'delay_access 1 deny pf_unrestricted_ip' . "\n"; + + /* this will define bandwidth delay restrictions for specified throttles */ + if ($throttle_binary_files == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_binary' . "\n"; + } + if ($throttle_cd_images == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_cd' . "\n"; + } + if ($throttle_multimedia == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_multimedia' ."\n"; + } else { + $config_array[] = 'delay_access 1 allow all' . "\n"; + } + $config_array[] = 'delay_initial_bucket_level 100%' . "\n\n\n"; + } + + if (isset($dl_overall) && ($dl_overall !== "") and isset($dl_per_host) && ($dl_per_host !== "")) { + /* if no bandwidth restrictions are specified, then these parameters are not necessary */ + if ($dl_overall !== "unlimited" and $dl_per_host !== "unlimited") { + + if ((isset($dl_overall) && ($dl_overall == "unlimited")) and (isset($dl_per_host) && ($dl_per_host !== ""))) { + $config_array[] = 'delay_pools 1' . "\n"; + $config_array[] = 'delay_class 1 3' . "\n"; + $config_array[] = 'delay_parameters 1 -1/-1 -1/-1 ' . ($dl_per_host * 125) . '/' . ($dl_overall * 250) . "\n"; + } elseif (isset($dl_overall) && ($dl_overall !== "") and isset($dl_per_host) && ($dl_per_host == "unlimited")) { + $config_array[] = 'delay_pools 1' . "\n"; + $config_array[] = 'delay_class 1 3' . "\n"; + $config_array[] = 'delay_parameters 1 ' . ($dl_overall * 125) . '/' . ($dl_overall * 250) . ' -1/-1 -1/-1' . "\n"; + } + } + + if ($dl_overall !== "unlimited" and $dl_per_host !== "unlimited") { + + /* if no unrestricted ip addresses are defined; this line is ignored */ + if (isset($unrestricted_ip_addr) && ($unrestricted_ip_addr !== "")) $config_array[] = 'delay_access 1 deny pf_unrestricted_ip' . "\n"; + + /* this will define bandwidth delay restrictions for specified throttles */ + if ($throttle_binary_files == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_binary' . "\n"; + } + if ($throttle_cd_images == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_cd' . "\n"; + } + if ($throttle_multimedia == "on") { + $config_array[] = 'delay_access 1 allow all for_throttled_multimedia' . "\n"; + } else { + $config_array[] = 'delay_access 1 allow all' . "\n"; + } + $config_array[] = 'delay_initial_bucket_level 100%' . "\n\n"; + } + } + + $config_array[] = 'header_access X-Forwarded-For deny all' . "\n"; + $config_array[] = 'header_access Via deny all' . "\n\n"; + + /* TODO: acl customization for snmp support */ + /* fwrite($fout, "\n"); */ + + if (isset($urlfilter_enable) && ($urlfilter_enable == "on")) { + $config_array[] = 'redirect_program /usr/sbin/squidGuard' . "\n"; + $config_array[] = 'redirect_children 5' . "\n\n"; + } + + if (isset($max_upload_size) && ($max_upload_size != "")) { + $config_array[] = 'request_body_max_size ' . $max_download_size . 'KB' . "\n"; + } + + if (isset($max_download_size) && ($max_download_size != "")) { + if (isset($unrestricted_ip_addr) && ($unrestricted_ip_addr !== "")) $config_array[] = 'reply_body_max_size 0 allow pf_unrestricted_ip' . "\n"; + /* fwrite($fout, "#reply_body_max_size 0 allow for_extended_users\n"); */ + $config_array[] = 'reply_body_max_size ' . $max_download_size * 1024 . ' allow all' . "\n\n"; + } + + /* set default value for maximum_object_size */ + if (!isset($maximum_object_size) or ($maximum_object_size == "")) { + $maximum_object_size = "4096"; + } + + /* set default value for minimum_object_size */ + if (!isset($minimum_object_size) or ($minimum_object_size == "")) { + $minimum_object_size = "0"; + } + $config_array[] = 'maximum_object_size ' . $maximum_object_size . ' KB' . "\n"; + $config_array[] = 'minimum_object_size ' . $minimum_object_size . ' KB' . "\n\n"; + + if (isset($proxy_forwarding) && ($proxy_forwarding == "on")) { + $config_array[] = 'cache_peer ' . $upstream_proxy . ' parent ' . $upstream_proxy_port . ' 3130 login=' . upstream_username . ':' . upstream_password . ' default no-query' . "\n"; + $config_array[] = 'never_direct allow all' . "\n"; + } + unset($proxy_forwarding); + + + /* define default ruleset for transparent proxy operation */ + if (isset($transparent_proxy) && ($transparent_proxy == "on")) { + $config_array[] = 'httpd_accel_host virtual' . "\n"; + $config_array[] = 'httpd_accel_port 80' . "\n"; + $config_array[] = 'httpd_accel_with_proxy on' . "\n"; + $config_array[] = 'httpd_accel_uses_host_header on' . "\n\n"; + } + unset($transparent_proxy); + + + /* define visible hostname */ + if (isset($visible_hostname) && ($visible_hostname !== "")) { + $config_array[] = 'visible_hostname ' . $visible_hostname . "\n"; + } + unset($visible_hostname); + + /* define cache administrators email address within error messages */ + if (isset($cache_admin_email) && ($cache_admin_email !== "")) { + $config_array[] = 'cache_mgr ' . $cache_admin_email . "\n\n"; + } + unset($cache_admin_email); + + /* write configuration file */ + foreach ($config_array as $config_item) + { + fwrite($fout, trim($config_item)); + + if (stristr($config_item, "\n")) + { + for ($i = 1; $i < count(explode("\n", $config_item)); $i++) + { + fwrite($fout, "\n"); + } + } + + } + fclose($fout); + + conf_mount_ro(); + config_unlock(); + + touch($squidconfig); +} /* end function write_squid_config */ + +function squid3_custom_php_install_command() { + /* write initial static config for transparent proxy */ + write_static_squid_config(); + + touch("/tmp/squid3_custom_php_install_command"); + + /* make sure this all exists, see: + * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391 + */ + update_output_window("Setting up Squid environment..."); + mwexec("mkdir -p /var/squid"); + mwexec("chown squid:squid /var/squid"); + mwexec("mkdir -p /var/squid/logs"); + mwexec("chown squid:squid /var/squid/logs"); + mwexec("mkdir -p /var/squid/cache"); + mwexec("chown squid:squid /var/squid/cache"); + mwexec("mkdir -p /usr/local/etc/squid/advanced"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced"); + mwexec("mkdir -p /usr/local/etc/squid/advanced/acls"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls"); + mwexec("touch /usr/local/etc/squid/advanced/acls/src_subnets.acl"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_subnets.acl"); + mwexec("touch /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl"); + mwexec("chown squid:squid /usr/local/etc/squid/advanced/acls/src_unrestricted_ip.acl"); + mwexec("cp /usr/local/etc/squid/mime.conf.default /usr/local/etc/squid/mime.conf"); + + + /* set a few extra items noted by regan */ + update_output_window("Creating logs and setting user information..."); + $fdsquid = fopen("/usr/local/etc/rc.d/aSquid.sh", "w"); + fwrite($fdsquid, "#/bin/sh\n"); + fwrite($fdsquid, "# \n"); + fwrite($fdsquid, "# This file was created by the pfSense package system\n"); + fwrite($fdsquid, "# Sets up squid option on each bootup that are not persistent\n"); + fwrite($fdsquid, "# \n\n"); + fwrite($fdsquid, "chown squid:wheel /dev/pf\n"); + fwrite($fdsquid, "chmod ug+rw /dev/pf\n"); + fwrite($fdsquid, "touch /var/log/useragent.log\n"); + fwrite($fdsquid, "touch /var/log/access.log\n"); + fwrite($fdsquid, "touch /var/log/cache.log\n"); + fwrite($fdsquid, "chown squid:wheel /var/log/cache.log\n"); + fwrite($fdsquid, "chown squid:wheel /var/log/access.log\n"); + fwrite($fdsquid, "chown squid:wheel /var/log/useragent.log\n"); + fwrite($fdsquid, "\n"); + fclose($fdsquid); + mwexec("chmod a+rx /usr/local/etc/rc.d/aSquid.sh"); + mwexec("/usr/local/etc/rc.d/aSquid.sh"); + + update_output_window("Creating Proxy Server initialization scripts..."); + $start = "touch /tmp/ro_root_mount; /usr/local/sbin/squid -D; touch /tmp/filter_dirty"; + $stop = "/usr/local/sbin/squid -k shutdown"; + write_rcfile(array( + "file" => "squid.sh", + "start" => $start, + "stop" => $stop + ) + ); + + mwexec("chmod 755 /usr/local/etc/rc.d/squid.sh"); + + /* create log directory hierarchies if they don't exist */ + update_output_window("Creating required directory hierarchies..."); + + if (!file_exists("/var/squid/logs")) { + mwexec("mkdir -p /var/squid/logs"); + } + mwexec("/usr/sbin/chown squid:squid /var/squid/logs"); + + + if (!file_exists("/var/squid/cache")) { + mwexec("mkdir -p /var/squid/cache"); + } + mwexec("/usr/sbin/chown squid:squid /var/squid/cache"); + + if (!file_exists("/usr/local/etc/squid/advanced/acls")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/acls"); + } + mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/acls"); + + if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa"); + } + mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ncsa"); + + if (!file_exists("/usr/local/etc/squid/advanced/ntlm")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/ntlm"); + } + mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/ntlm"); + + if (!file_exists("/usr/local/etc/squid/advanced/radius")) { + mwexec("mkdir -p /usr/local/etc/squid/advanced/radius"); + } + mwexec("/usr/sbin/chown squid:squid /usr/local/etc/squid/advanced/radius"); + + $devfs_file = fopen("/etc/devfs.conf", "a"); + fwrite($devfs_file, "\n# Allow squid to query the packet filter bymaking is group-accessable. "); + fwrite($devfs_file, "own pf root:squid"); + fwrite($devfs_file, "perm pf 0640"); + fclose($devfs_file); + + update_output_window("Initializing Cache... This may take a moment..."); + mwexec("/usr/local/sbin/squid -z"); + + update_output_window("Starting Proxy Server..."); + start_service("squid"); +} + +function squid3_custom_php_deinstall_command() { + update_output_window("Stopping proxy service..."); + stop_service("squid"); + sleep(1); + /* brute force any remaining squid processes out */ + mwexec("/usr/bin/killall squid"); + mwexec("/usr/bin/killall pinger"); + update_output_window("Recursively removing directories hierarchies. If existant, log files in /var/squid/logs will remain..."); + mwexec("rm -rf /var/squid/cache"); + update_output_window("Removing configuration files..."); + unlink_if_exists("/usr/local/etc/rc.d/squid.sh"); + unlink_if_exists("/usr/local/libexec/squid"); + unlink_if_exists("/usr/local/etc/rc.d/aSquid.sh"); + mwexec("rm -f /usr/local/etc/rc.d/squid*"); + mwexec("rm -f /usr/local/www/cachemgr.cgi"); + filter_configure(); +} + +function write_static_squid_config() { + touch("/tmp/write_static_squid_config"); + global $config; + $lancfg = $config['interfaces']['lan']; + $lanif = $lancfg['if']; + $lanip = $lancfg['ipaddr']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + $lansn = $lancfg['subnet']; + + $fout = fopen("/usr/local/etc/squid/squid.conf","w"); + fwrite($fout, "#\n"); + fwrite($fout, "# This file was automatically generated by the pfSense package manager.\n"); + fwrite($fout, "# This default policy enables transparent proxy with no local disk logging.\n"); + fwrite($fout, "#\n"); + + /* set # of dns children */ + fwrite($fout, "dns_children 15\n"); + + fwrite($fout, "shutdown_lifetime 5 seconds\n"); + fwrite($fout, "icp_port 0\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl QUERY urlpath_regex cgi-bin \?\n"); + fwrite($fout, "no_cache deny QUERY\n"); + fwrite($fout, "\n"); + + fwrite($fout, "pid_filename /var/run/squid.pid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_mem 24 MB\n"); + fwrite($fout, "cache_dir diskd /var/squid/cache 500 16 256\n"); + fwrite($fout, "\n"); + + fwrite($fout, "error_directory /usr/local/etc/squid/errors/English\n"); + fwrite($fout, "\n"); + + fwrite($fout, "memory_replacement_policy heap GDSF\n"); + fwrite($fout, "cache_replacement_policy heap GDSF\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_access_log none\n"); + fwrite($fout, "cache_log none\n"); + fwrite($fout, "cache_store_log none\n"); + fwrite($fout, "\n"); + + fwrite($fout, "log_mime_hdrs off\n"); + fwrite($fout, "emulate_httpd_log on\n"); + fwrite($fout, "forwarded_for off\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl within_timeframe time MTWHFAS 00:00-24:00\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl all src 0.0.0.0/0.0.0.0\n"); + fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n"); + fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n"); + fwrite($fout, "acl SSL_ports port 443 563 873 # https, snews, rsync\n"); + fwrite($fout, "acl Safe_ports port 80 # http\n"); + fwrite($fout, "acl Safe_ports port 21 # ftp\n"); + fwrite($fout, "acl Safe_ports port 443 563 873 # https, snews, rsync\n"); + fwrite($fout, "acl Safe_ports port 70 # gopher\n"); + fwrite($fout, "acl Safe_ports port 210 # wais\n"); + fwrite($fout, "acl Safe_ports port 1025-65535 # unregistered ports\n"); + fwrite($fout, "acl Safe_ports port 280 # http-mgmt\n"); + fwrite($fout, "acl Safe_ports port 488 # gss-http\n"); + fwrite($fout, "acl Safe_ports port 591 # filemaker\n"); + fwrite($fout, "acl Safe_ports port 777 # multiling http\n"); + fwrite($fout, "acl Safe_ports port 800 # Squids port (for icons)\n"); + fwrite($fout, "\n"); + + fwrite($fout, "acl CONNECT method CONNECT\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#access to squid; local machine; no restrictions\n"); + fwrite($fout, "http_access allow localnet\n"); + fwrite($fout, "http_access allow localhost\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Deny non web services\n"); + fwrite($fout, "http_access deny !Safe_ports\n"); + fwrite($fout, "http_access deny CONNECT !SSL_ports\n"); + fwrite($fout, "\n"); + + fwrite($fout, "#Set custom configured ACLs\n"); + fwrite($fout, "http_access deny all\n"); + fwrite($fout, "visible_hostname pfSense\n"); + fwrite($fout, "\n"); + + fwrite($fout, "cache_effective_user squid\n"); + fwrite($fout, "cache_effective_group squid\n"); + fwrite($fout, "\n"); + + fwrite($fout, "maximum_object_size 4096 KB\n"); + fwrite($fout, "minimum_object_size 0 KB\n"); + fwrite($fout, "\n"); + + fwrite($fout, "request_body_max_size 0 KB\n"); + fwrite($fout, "reply_body_max_size 0 allow all\n"); + fwrite($fout, "\n"); + + fwrite($fout, "httpd_accel_host virtual\n"); + fwrite($fout, "httpd_accel_port 80\n"); + fwrite($fout, "httpd_accel_with_proxy on\n"); + fwrite($fout, "httpd_accel_uses_host_header on\n"); + + fclose($fout); +} + +function mod_htpasswd() { + global $config; + conf_mount_rw(); + config_lock(); + + if (!file_exists("/usr/local/etc/squid/advanced/ncsa")) mwexec("mkdir -p /usr/local/etc/squid/advanced/ncsa"); + + $passfile = fopen("/usr/local/etc/squid/advanced/ncsa/passwd", "w+"); + + if (isset($config['installedpackages']['squidextlocalauth']['config']) && $config['installedpackages']['squidextlocalauth']['config'] != "") { + foreach($config['installedpackages']['squidextlocalauth']['config'] as $rowhelper) { + $encpass = generate_htpasswd($rowhelper['username'], $rowhelper['password']); + fwrite($passfile, $rowhelper['username'] . ":" . $encpass . "\n"); + } + } + + fclose($passfile); + + conf_mount_ro(); + config_unlock(); +} + +function generate_htpasswd($username, $password) { + $all = explode( " ", + "a b c d e f g h i j k l m n o p q r s t u v w x y z " + . "A B C D E F G H I J K L M N O P Q R S T U V W X Y Z " + . "0 1 2 3 4 5 6 7 8 9"); + + for ($i = 0; $i < 9; $i++) { + srand((double)microtime()*1000000); + $randy = rand(0,61); + $seed .= $all[$randy]; + } + + $crypt = crypt($password, "$1$$seed"); + return $crypt; +} + +?> diff --git a/config/squid3/34/squid_ng.xml b/config/squid3/34/squid_ng.xml new file mode 100755 index 00000000..b96b4eb2 --- /dev/null +++ b/config/squid3/34/squid_ng.xml @@ -0,0 +1,267 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squid</name> + <version>2.5.12_4</version> + <title>Services: Proxy Server</title> + <category>Security</category> + <aftersaveredirect>/pkg_edit.php?xml=squid_ng.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/squid_ng.inc</include_file> + <menu> + <name>Squid</name> + <tooltiptext>Modify settings for Proxy Server</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=squid_ng.xml&id=0</url> + </menu> + <menu> + <name>Squid stats</name> + <tooltiptext>Show Squid statistics</tooltiptext> + <section>Services</section> + <url>/cachemgr.cgi</url> + </menu> + <service> + <name>squid</name> + <rcfile>squid.sh</rcfile> + </service> + <tabs> + <tab> + <text>General Settings</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Upstream Proxy</text> + <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + </tab> + <tab> + <text>Cache Mgmt</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Network Access Control</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Auth</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Extended Auth</text> + <url>/pkg_edit.php?xml=squid_extauth.xml&id=0</url> + </tab> + </tabs> + <configpath>installedpackages->package->squidng->configuration->settings</configpath> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item> + </additional_files_needed> + <fields> + <field> + <fielddescr>Proxy Listening Interface</fielddescr> + <fieldname>active_interface</fieldname> + <description>This defines the active listening interface to which the proxy server will listen for its requests.</description> + <type>interfaces_selection</type> + </field> + <field> + <fielddescr>Transparent Proxy</fielddescr> + <fieldname>transparent_proxy</fieldname> + <description>If transparent mode is enabled; all requests for destination port 80 will be forwarded to the proxy server without any additional configuration necessary.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>URL Filtering Enabled</fielddescr> + <fieldname>urlfilter_enable</fieldname> + <description>This enables the advanced functionality in conjunction with squidGuard to provide an array of URL filtering options. This squidGuard functionality can be additionally configured from Services -> Advanced Proxy Filtering</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Disable Access Log</fielddescr> + <fieldname>accesslog_disabled</fieldname> + <description>Disable the access log entirely. By default, Squid keeps a log of all requests it processes in /var/log/access.log. This can grow to be fairly large. If you do not require this logging, check this box to disable.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Log Query Terms</fielddescr> + <fieldname>log_query_terms</fieldname> + <description>This will log the complete URL rather than the part of the URL containing dynamic queries.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Log User Agents</fielddescr> + <fieldname>log_user_agents</fieldname> + <description>This will enable the useragent string to be written to a separate log. The results are not shown in the GUI and should only be used for debugging purposes.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Proxy Port</fielddescr> + <fieldname>proxy_port</fieldname> + <description>This is the port the Proxy Server will listen for client requests on. The default is 3128.</description> + <type>input</type> + <size>4</size> + <combinefieldsend>true</combinefieldsend> + </field> + <field> + <fielddescr>ICP Port</fielddescr> + <fieldname>icp_port</fieldname> + <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. The default value is 0, which means this function is disabled.</description> + <type>input</type> + <size>4</size> + </field> + <field> + <fielddescr>Visible Hostname</fielddescr> + <fieldname>visible_hostname</fieldname> + <description>This URL is displayed on the Proxy Server error messages.</description> + <type>input</type> + <size>35</size> + </field> + <field> + <fielddescr>Cache Administrator E-Mail</fielddescr> + <fieldname>cache_admin_email</fieldname> + <description>This E-Mail address is displayed on the Proxy Server error messages.</description> + <type>input</type> + <size>35</size> + </field> + <field> + <fielddescr>Error Messages Language</fielddescr> + <fieldname>error_language</fieldname> + <description>Select the language in which the Proxy Server shall display error messages to users.</description> + <type>select</type> + <options> + <option><name>Bulgarian</name><value>Bulgarian</value></option> + <option><name>Catalan</name><value>Catalan</value></option> + <option><name>Czech</name><value>Czech</value></option> + <option><name>Danish</name><value>Danish</value></option> + <option><name>Dutch</name><value>Dutch</value></option> + <option><name>English</name><value>English</value></option> + <option><name>Estonian</name><value>Estonian</value></option> + <option><name>Finnish</name><value>Finnish</value></option> + <option><name>French</name><value>French</value></option> + <option><name>German</name><value>German</value></option> + <option><name>Hebrew</name><value>Hebrew</value></option> + <option><name>Hungarian</name><value>Hungarian</value></option> + <option><name>Italian</name><value>Italian</value></option> + <option><name>Japanese</name><value>Japanese</value></option> + <option><name>Korean</name><value>Korean</value></option> + <option><name>Lithuanian</name><value>Lithuanian</value></option> + <option><name>Polish</name><value>Polish</value></option> + <option><name>Portuguese</name><value>Portuguese</value></option> + <option><name>Romanian</name><value>Romanian</value></option> + <option><name>Russian-1251</name><value>Russian-1251</value></option> + <option><name>Russian-koi8-r</name><value>Russian-koi8-r</value></option> + <option><name>Serbian</name><value>Serbian</value></option> + <option><name>Simplify Chinese</name><value>Simplify Chinese</value></option> + <option><name>Slovak</name><value>Slovak</value></option> + <option><name>Spanish</name><value>Spanish</value></option> + <option><name>Swedish</name><value>Swedish</value></option> + <option><name>Traditional Chinese</name><value>Traditional Chinese</value></option> + <option><name>Turkish</name><value>Turkish</value></option> + </options> + </field> + <field> + <fielddescr>Enable cachemgr</fielddescr> + <fieldname>cachemgr_enabled</fieldname> + <description>Enable Squid's cachemgr.cgi to provide stats. Once enabled you can access this from the pfSense menus. <b>Note:</b> This page is not secured by pfSense, any user with access to the pfSense admin port can view the stats. The page prompts for a password but it only required for shutting down Squid.</description> + <type>checkbox</type> + </field> + + </fields> + <custom_add_php_command_late> + global_write_squid_config(); + mwexec("/usr/local/sbin/squid -k reconfigure"); + start_service("squid"); + </custom_add_php_command_late> + <custom_php_install_command> + squid3_custom_php_install_command(); + write_static_squid_config(); + mwexec("/usr/local/sbin/squid -k reconfigure"); + start_service("squid"); + </custom_php_install_command> + <custom_php_deinstall_command> + squid3_custom_php_deinstall_command(); + stop_service("squid"); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc new file mode 100755 index 00000000..3f216296 --- /dev/null +++ b/config/squid3/34/squid_reverse.inc @@ -0,0 +1,245 @@ +<?php +/* $Id$ */ +/* + squid_reverse.inc + Copyright (C) 2012 Martin Fuchs + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2013 Gekkenhuis + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function squid_resync_reverse() { + global $config; + //if(!is_array($valid_acls)) + // return; + + //CONFIG FILE + if (is_array($config['installedpackages']['squidreversegeneral'])) + $settings = $config['installedpackages']['squidreversegeneral']['config'][0]; + if (is_array($config['installedpackages']['squidreversepeer'])) + $reverse_peers=$config['installedpackages']['squidreversepeer']['config']; + if (is_array($config['installedpackages']['squidreverseuri'])) + $reverse_maps=$config['installedpackages']['squidreverseuri']['config']; + if (is_array($config['installedpackages']['squidreverseredir'])) + $reverse_redir=$config['installedpackages']['squidreverseredir']['config']; + + $conf = "# Reverse Proxy settings\n"; + + if(isset($settings["reverse_ssl_cert"]) && $settings["reverse_ssl_cert"] != "none") { + $svr_cert = lookup_cert($settings["reverse_ssl_cert"]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['crt'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",sq_text_area_decode($svr_cert['crt'])); + $reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt"; + } + if(base64_decode($svr_cert['prv'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key",sq_text_area_decode($svr_cert['prv'])); + $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; + } + } + } + + if (!empty($settings['reverse_int_ca'])) + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); + + $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); + $real_ifaces = array(); + + #set HTTP port and defsite + $http_port=(empty($settings['reverse_http_port'])?"80":$settings['reverse_http_port']); + $http_defsite=(empty($settings['reverse_http_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_http_defsite']); + + #set HTTPS port and defsite + $https_port=(empty($settings['reverse_https_port'])?"443":$settings['reverse_https_port']); + $https_defsite=(empty($settings['reverse_https_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_https_defsite']); + + foreach (explode(",", $ifaces) as $i => $iface) { + $real_ifaces[] = squid_get_real_interface_address($iface); + if($real_ifaces[$i][0]) { + //HTTP + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) + $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; + //HTTPS + if (!empty($settings['reverse_https'])) + $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + } + } + + if(!empty($settings['reverse_ip'])) { + $reverse_ip = explode(";", ($settings['reverse_ip'])); + foreach ($reverse_ip as $reip) { + //HTTP + if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) + $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; + //HTTPS + if (!empty($settings['reverse_https'])) + $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + } + } + + //PEERS + if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; + } + } + + $active_peers=array(); + if (is_array($reverse_peers)) + foreach ($reverse_peers as $rp){ + if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ + $conf_peer = "#{$rp['description']}\n"; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; + if($rp['protocol'] == 'HTTPS') + $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; + $conf_peer .= "name=rvp_{$rp['name']}\n\n"; + + // add peer only if reverse proxy is enabled for http + if($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on"){ + $conf .= $conf_peer; + array_push($active_peers,$rp['name']); + } + // add peer only if if reverse proxy is enabled for https + if($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on"){ + if (!in_array($rp['name'],$active_peers)){ + $conf .= $conf_peer; + array_push($active_peers,$rp['name']); + } + } + } + } + + //REDIRECTS + if (is_array($reverse_redir)) { + foreach ($reverse_redir as $rdr) { + if($rdr['enable'] == "on" && $rdr['name'] != "" && $rdr['pathregex'] != "" && $rdr['redirurl'] != "") { + $conf_rdr = "# Redirect: {$rdr['description']}\n"; + + if (is_array($rdr['row'])) { + foreach ($rdr['row'] as $uri) { + $conf_rdr .= "acl rdr_dst_{$rdr['name']} dstdomain {$uri['uri']}\n"; + } + } + + $conf_rdr .= "acl rdr_path_{$rdr['name']} urlpath_regex {$rdr['pathregex']}\n"; + $conf_rdr .= "deny_info {$rdr['redirurl']} rdr_path_{$rdr['name']}\n"; + + foreach (explode(',', $rdr['protocol']) as $rdr_protocol) { + if($rdr_protocol == "HTTP") { + $conf_rdr .= "http_access deny HTTP rdr_dst_{$rdr['name']} rdr_path_{$rdr['name']}\n"; + } + + if($rdr_protocol == "HTTPS") { + $conf_rdr .= "http_access deny HTTPS rdr_dst_{$rdr['name']} rdr_path_{$rdr['name']}\n"; + } + } + + $conf_rdr .= "\n"; + } + + $conf .= $conf_rdr; + } + } + + //ACLS and MAPPINGS + + //create an empty owa_dirs to populate based on user selected options + $owa_dirs=array(); + if (($settings['reverse_owa'] == 'on') && $settings['reverse_https'] =="on"){ + if(!empty($settings['reverse_owa_ip'])){ + array_push($owa_dirs,'owa','exchange','public','exchweb','ecp','OAB'); + if($settings['reverse_owa_activesync']) + array_push($owa_dirs,'Microsoft-Server-ActiveSync'); + if($settings['reverse_owa_rpchttp']) + array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); + if($settings['reverse_owa_mapihttp']) + array_push($owa_dirs,'mapi'); + if($settings['reverse_owa_webservice']){ + array_push($owa_dirs,'EWS'); + } + } + if (is_array($owa_dirs)) + foreach ($owa_dirs as $owa_dir) + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n"; + + if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { + $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + } + } + //$conf .= "ssl_unclean_shutdown on"; + if (is_array($reverse_maps)) + foreach ($reverse_maps as $rm){ + if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!=""){ + if (is_array($rm['row'])) + foreach ($rm['row'] as $uri){ + $url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] ); + //$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n"; + $conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n"; + if($rm['name'] != $last_rm_name){ + $cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n"; + $http_access_conf .= "http_access allow rvm_{$rm['name']}\n"; + foreach (explode(',',$rm['peers']) as $map_peer) + if (in_array($map_peer,$active_peers)){ + $cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n"; + $cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n"; + } + $last_rm_name=$rm['name']; + } + } + } + } + + //ACCESS + if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; + } + + $conf .= "never_direct allow OWA_URI_pfs\n"; + $conf .= "http_access allow OWA_URI_pfs\n"; + } + + $conf .= $cache_peer_allow_conf.$cache_peer_deny_conf.$cache_peer_never_direct_conf.$http_access_conf."\n"; + + if (!empty($settings['deny_info_tcp_reset'])) + $conf .= "deny_info TCP_RESET allsrc\n"; + + return $conf; +} +?> diff --git a/config/squid3/34/squid_reverse.xml b/config/squid3/34/squid_reverse.xml new file mode 100755 index 00000000..40fb0ec1 --- /dev/null +++ b/config/squid3/34/squid_reverse.xml @@ -0,0 +1,365 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidreverse</name> + <version>none</version> + <title>Proxy server: Reverse Proxy</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> +<tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Upstream</text> + <url>/pkg_edit.php?xml=squid_upstream.xml&id=0</url> + </tab> + <tab> + <text>Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Reverse</text> + <url>/pkg_edit.php?xml=squid_reverse.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Reverse proxy General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reverse Proxy interface</fielddescr> + <fieldname>reverse_interface</fieldname> + <description>The interface(s) the reverse-proxy server will bind to.</description> + <type>interfaces_selection</type> + <required/> + <default_value>wan</default_value> + <multiple/> + </field> + <field> + <fielddescr>User-defined reverse-proxy IPs</fielddescr> + <fieldname>reverse_ip</fieldname> + <description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description> + <type>input</type> + <size>70</size> + </field> + <field> + <fielddescr>external FQDN</fielddescr> + <fieldname>reverse_external_fqdn</fieldname> + <description>The external full-qualified-domain-name of the WAN address.</description> + <type>input</type> + <required/> + <size>70</size> + </field> + <field> + <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> + <fieldname>deny_info_tcp_reset</fieldname> + <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <name>Squid Reverse HTTP Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable HTTP reverse mode</fielddescr> + <fieldname>reverse_http</fieldname> + <description>If this field is checked, the proxy-server will act in HTTP reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <type>checkbox</type> + <enablefields>reverse_http_port,reverse_http_defsite</enablefields> + <required/> + <default_value>off</default_value> + </field> + <field> + <fielddescr>reverse HTTP port</fielddescr> + <fieldname>reverse_http_port</fieldname> + <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description> + <type>input</type> + <size>5</size> + <default_value>80</default_value> + </field> + <field> + <fielddescr>reverse HTTP default site</fielddescr> + <fieldname>reverse_http_defsite</fieldname> + <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Squid Reverse HTTPS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable HTTPS reverse proxy</fielddescr> + <fieldname>reverse_https</fieldname> + <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <type>checkbox</type> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <required/> + <default_value>off</default_value> + </field> + <field> + <fielddescr>reverse HTTPS port</fielddescr> + <fieldname>reverse_https_port</fieldname> + <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description> + <type>input</type> + <size>5</size> + <default_value>443</default_value> + </field> + <field> + <fielddescr>reverse HTTPS default site</fielddescr> + <fieldname>reverse_https_defsite</fieldname> + <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>reverse SSL certificate</fielddescr> + <fieldname>reverse_ssl_cert</fieldname> + <description>Choose the SSL Server Certificate here.</description> + <type>select_source</type> + <source><![CDATA[$config['cert']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>intermediate CA certificate (if needed)</fielddescr> + <fieldname>reverse_int_ca</fieldname> + <description>Paste a signed certificate in X.509 PEM format here.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Ignore internal Certificate validation</fielddescr> + <fieldname>reverse_ignore_ssl_valid</fieldname> + <description>If this field is checked, internal certificate validation will be ignored.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Enable OWA reverse proxy</fielddescr> + <fieldname>reverse_owa</fieldname> + <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> + <type>checkbox</type> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + </field> + <field> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> + <fieldname>reverse_owa_ip</fieldname> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> + <type>input</type> + <size>70</size> + </field> + <field> + <fielddescr>Enable ActiveSync</fielddescr> + <fieldname>reverse_owa_activesync</fieldname> + <description>If this field is checked, ActiveSync will be enabled.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Outlook Anywhere</fielddescr> + <fieldname>reverse_owa_rpchttp</fieldname> + <description>If this field is checked, RPC over HTTP will be enabled.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Exchange WebServices</fielddescr> + <fieldname>reverse_owa_webservice</fieldname> + <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> + <strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable AutoDiscover</fielddescr> + <fieldname>reverse_owa_autodiscover</fieldname> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> + <type>checkbox</type> + </field> + <field> + <name>Squid Reverse Mappings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr><b>peer definitions</b> <br>publishing hosts</fielddescr> + <fieldname>reverse_cache_peer</fieldname> + <description><![CDATA[Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<BR> + syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]<br> + example: HOST1;192.168.0.1;80;HTTP<br> + <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr><b>URI definitions</b> <br>published URIs</fielddescr> + <fieldname>reverse_uri</fieldname> + <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;)<BR> + syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <BR> + (a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)<BR> + example: URI1;public;server.pfsense.org.<BR> + <STRONG>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</STRONG>]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr><b>ACL definitions</b> <br>published URIs</fielddescr> + <fieldname>reverse_acl</fieldname> + <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br> + syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br> + <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> + <type>textarea</type> + <cols>60</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + +<!-- + <field> + <fielddescr>internal hosts</fielddescr> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP address</fielddescr> + <fieldname>reverse_cache_peer_ip</fieldname> + <type>input</type> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>reverse_cache_peer_proto</fieldname> + <type>select</type> + <options> + <option> <name>HTTP</name> <value>HTTP</value> </option> + <option> <name>HTTPS</name> <value>HTTPS</value> </option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>port</fielddescr> + <fieldname>reverse_cache_peer_port</fieldname> + <type>input</type> + <size>5</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>peer name</fielddescr> + <fieldname>reverse_cache_peer_name</fieldname> + <type>input</type> + <size>25</size> + </rowhelperfield> + </rowhelper> + </field> + + <field> + <fielddescr>published URI</fielddescr> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>URI</fielddescr> + <fieldname>reverse_cache_peer_uri</fieldname> + <type>input</type> + <size>50</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>peer name</fielddescr> + <fieldname>reverse_cache_peer</fieldname> + <type>input</type> + <size>25</size> + </rowhelperfield> + </rowhelper> + </field> +--> + + </fields> + <custom_php_command_before_form> + squid_before_form_general($pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + squid_validate_reverse($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_reverse_general.xml b/config/squid3/34/squid_reverse_general.xml new file mode 100755 index 00000000..3317ae18 --- /dev/null +++ b/config/squid3/34/squid_reverse_general.xml @@ -0,0 +1,257 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_reverse_general.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidreversegeneral</name> + <version>none</version> + <title>Reverse Proxy server: General</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Web Servers</text> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> + </tab> + <tab> + <text>Mappings</text> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> + </tab> + <tab> + <text>Redirects</text> + <url>/pkg.php?xml=squid_reverse_redir.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php?menu=reverse</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Reverse proxy General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reverse Proxy interface</fielddescr> + <fieldname>reverse_interface</fieldname> + <description>The interface(s) the reverse-proxy server will bind to.</description> + <type>interfaces_selection</type> + <required/> + <default_value>wan</default_value> + <multiple/> + </field> + <field> + <fielddescr>User-defined reverse-proxy IPs</fielddescr> + <fieldname>reverse_ip</fieldname> + <description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description> + <type>input</type> + <size>70</size> + </field> + <field> + <fielddescr>external FQDN</fielddescr> + <fieldname>reverse_external_fqdn</fieldname> + <description>The external full-qualified-domain-name of the WAN address.</description> + <type>input</type> + <required/> + <size>70</size> + </field> + <field> + <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> + <fieldname>deny_info_tcp_reset</fieldname> + <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <name>Squid Reverse HTTP Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable HTTP reverse mode</fielddescr> + <fieldname>reverse_http</fieldname> + <description>If this field is checked, the proxy-server will act in HTTP reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <type>checkbox</type> + <enablefields>reverse_http_port,reverse_http_defsite</enablefields> + <required/> + <default_value>off</default_value> + </field> + <field> + <fielddescr>reverse HTTP port</fielddescr> + <fieldname>reverse_http_port</fieldname> + <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description> + <type>input</type> + <size>5</size> + <default_value>80</default_value> + </field> + <field> + <fielddescr>reverse HTTP default site</fielddescr> + <fieldname>reverse_http_defsite</fieldname> + <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Squid Reverse HTTPS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable HTTPS reverse proxy</fielddescr> + <fieldname>reverse_https</fieldname> + <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <type>checkbox</type> + <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> + <required/> + <default_value>off</default_value> + </field> + <field> + <fielddescr>reverse HTTPS port</fielddescr> + <fieldname>reverse_https_port</fieldname> + <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description> + <type>input</type> + <size>5</size> + <default_value>443</default_value> + </field> + <field> + <fielddescr>reverse HTTPS default site</fielddescr> + <fieldname>reverse_https_defsite</fieldname> + <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>reverse SSL certificate</fielddescr> + <fieldname>reverse_ssl_cert</fieldname> + <description>Choose the SSL Server Certificate here.</description> + <type>select_source</type> + <source><![CDATA[$config['cert']]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> + </field> + <field> + <fielddescr>intermediate CA certificate (if needed)</fielddescr> + <fieldname>reverse_int_ca</fieldname> + <description>Paste a signed certificate in X.509 PEM format here.</description> + <type>textarea</type> + <cols>50</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Ignore internal Certificate validation</fielddescr> + <fieldname>reverse_ignore_ssl_valid</fieldname> + <description>If this field is checked, internal certificate validation will be ignored.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <name>OWA Reverse proxy General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable OWA reverse proxy</fielddescr> + <fieldname>reverse_owa</fieldname> + <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> + <type>checkbox</type> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + </field> + <field> + <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> + <fieldname>reverse_owa_ip</fieldname> + <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> + <type>input</type> + <size>70</size> + </field> + <field> + <fielddescr>Enable ActiveSync</fielddescr> + <fieldname>reverse_owa_activesync</fieldname> + <description>If this field is checked, ActiveSync will be enabled.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Outlook Anywhere</fielddescr> + <fieldname>reverse_owa_rpchttp</fieldname> + <description>If this field is checked, RPC over HTTP will be enabled.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable MAPI HTTP</fielddescr> + <fieldname>reverse_owa_mapihttp</fieldname> + <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> + <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Exchange WebServices</fielddescr> + <fieldname>reverse_owa_webservice</fieldname> + <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> + <strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable AutoDiscover</fielddescr> + <fieldname>reverse_owa_autodiscover</fieldname> + <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> + <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> + <type>checkbox</type> + </field> + </fields> + <custom_php_command_before_form> + squid_before_form_general($pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + squid_validate_reverse($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_reverse_peer.xml b/config/squid3/34/squid_reverse_peer.xml new file mode 100755 index 00000000..eabc72ff --- /dev/null +++ b/config/squid3/34/squid_reverse_peer.xml @@ -0,0 +1,167 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_reverse_peer.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidreversepeer</name> + <version>none</version> + <title>Reverse Proxy server: Peers</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + </tab> + <tab> + <text>Web Servers</text> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> + <active/> + </tab> + <tab> + <text>Mappings</text> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> + </tab> + <tab> + <text>Redirects</text> + <url>/pkg.php?xml=squid_reverse_redir.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php?menu=reverse</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Status</fielddescr> + <fieldname>enable</fieldname> + </columnitem> + <columnitem> + <fielddescr>Alias</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Ip address</fielddescr> + <fieldname>ip</fieldname> + </columnitem> + <columnitem> + <fielddescr>Port</fielddescr> + <fieldname>port</fieldname> + </columnitem> + <columnitem> + <fielddescr>Protocol</fielddescr> + <fieldname>Protocol</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Squid Reverse Peer Mappings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable this peer</fielddescr> + <fieldname>enable</fieldname> + <description>If this field is checked, then this peer will be available for reverse config.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Peer Alias</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[Name to identify this peer on squid reverse conf<br> + example: HOST1]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Peer IP</fielddescr> + <fieldname>ip</fieldname> + <description><![CDATA[Ip Address of this peer.<br> + example: 192.168.0.1]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Peer Port</fielddescr> + <fieldname>port</fieldname> + <description><![CDATA[Listening port of this peer.<br> + example: 80]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Peer Protocol</fielddescr> + <fieldname>protocol</fieldname> + <description><![CDATA[Protocol listening on this peer port.]]></description> + <type>select</type> + <options> + <option> <name>HTTP</name> <value>HTTP</value> </option> + <option> <name>HTTPS</name> <value>HTTPS</value> </option> + </options> + </field> + <field> + <fielddescr>Peer Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[Peer Description (optional)]]></description> + <type>input</type> + <size>60</size> + </field> + </fields> + <custom_php_command_before_form> + squid_before_form_general($pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + squid_validate_reverse($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_reverse_redir.xml b/config/squid3/34/squid_reverse_redir.xml new file mode 100755 index 00000000..de25f56a --- /dev/null +++ b/config/squid3/34/squid_reverse_redir.xml @@ -0,0 +1,182 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ============================================================================ */ +/* + squid_reverse_redir.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 Gekkenhuis + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ============================================================================ */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ============================================================================ */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidreverseredir</name> + <version>none</version> + <title>Reverse Proxy server: Redirects</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + </tab> + <tab> + <text>Web Servers</text> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> + </tab> + <tab> + <text>Mappings</text> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> + </tab> + <tab> + <text>Redirects</text> + <url>/pkg.php?xml=squid_reverse_redir.xml</url> + <active/> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php?menu=reverse</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Status</fielddescr> + <fieldname>enable</fieldname> + </columnitem> + <columnitem> + <fielddescr>Redirect Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Redirect to</fielddescr> + <fieldname>redirurl</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Squid Redirect Mappings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable this redirect</fielddescr> + <fieldname>enable</fieldname> + <description><![CDATA[If this field is checked, then this redirect will be available for reverse config.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Redirect name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[Name to identify this redirect on squid reverse conf<br/> + example: REDIR1]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Redirect Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[Redirect Description (optional)]]></description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Redirect Protocol</fielddescr> + <fieldname>protocol</fieldname> + <description><![CDATA[Protocol to redirect on.<br/> + Use CTRL + click to select multiple]]></description> + <type>select</type> + <multiple/> + <size>03</size> + <options> + <option> + <name>HTTP</name> + <value>HTTP</value> + </option> + <option> + <name>HTTPS</name> + <value>HTTPS</value> + </option> + </options> + </field> + <field> + <fielddescr>Blocked domains</fielddescr> + <fieldname>none</fieldname> + <description>Domains to redirect for</description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr><![CDATA[<strong>Domains to match</strong><br/><br/> + Samples: mydomain.com sub.mydomain.com www.mydomain.com<br/><br/> + Do not enter http:// or https:// here! only the hostname is required.]]></fielddescr> + <fieldname>uri</fieldname> + <type>input</type> + <size>60</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>Path regex</fielddescr> + <fieldname>pathregex</fieldname> + <description><![CDATA[Path regex to match<br/><br/>]]> + Enter ^/$ to match the domain only.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>URL to redirect to</fielddescr> + <fieldname>redirurl</fieldname> + <description><![CDATA[URL to redirect to]]></description> + <type>input</type> + <size>60</size> + </field> + </fields> + + <custom_php_command_before_form> + </custom_php_command_before_form> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/squid3/34/squid_reverse_sync.xml b/config/squid3/34/squid_reverse_sync.xml new file mode 100755 index 00000000..0dc816cb --- /dev/null +++ b/config/squid3/34/squid_reverse_sync.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_sync.xml + part of the sarg package for pfSense + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidsync</name> + <version>1.0</version> + <title>Reverse Proxy server: XMLRPC Sync</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + </tab> + <tab> + <text>Web Servers</text> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> + </tab> + <tab> + <text>Mappings</text> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> + </tab> + <tab> + <text>Redirects</text> + <url>/pkg.php?xml=squid_reverse_redir.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php?menu=reverse</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <name>XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Automatically sync squid configuration changes</fielddescr> + <fieldname>synconchanges</fieldname> + <description>Select a sync method for squid.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> + </field> + <field> + <fielddescr>Remote Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_reverse_uri.xml b/config/squid3/34/squid_reverse_uri.xml new file mode 100755 index 00000000..9a6f183f --- /dev/null +++ b/config/squid3/34/squid_reverse_uri.xml @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_reverse_general.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidreverseuri</name> + <version>none</version> + <title>Reverse Proxy server: Mappings</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> + </tab> + <tab> + <text>Web Servers</text> + <url>/pkg.php?xml=squid_reverse_peer.xml</url> + </tab> + <tab> + <text>Mappings</text> + <url>/pkg.php?xml=squid_reverse_uri.xml</url> + <active/> + </tab> + <tab> + <text>Redirects</text> + <url>/pkg.php?xml=squid_reverse_redir.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php?menu=reverse</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_reverse_sync.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Status</fielddescr> + <fieldname>enable</fieldname> + </columnitem> + <columnitem> + <fielddescr>Group Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Peers</fielddescr> + <fieldname>peers</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Squid Reverse Peer Mappings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable this URI</fielddescr> + <fieldname>enable</fieldname> + <description><![CDATA[If this field is checked, then this URI(Uniform Resource Name) will be available for reverse config.]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + <description><![CDATA[Name to identify this URI on squid reverse conf<br> + example: URI1]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Group Description</fielddescr> + <fieldname>description</fieldname> + <description><![CDATA[URI Group Description (optional)]]></description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Peers</fielddescr> + <fieldname>peers</fieldname> + <description><![CDATA[Apply this Group Mappings to selected Peers<br> + Use CTRL + click to select.]]></description> + <type>select_source</type> + <source><![CDATA[$config['installedpackages']['squidreversepeer']['config']]]></source> + <source_name>name</source_name> + <source_value>name</source_value> + <multiple/> + <size>05</size> + </field> + <field> + <fielddescr><![CDATA[URIs]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA[URI to publish]]></description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr><![CDATA[<strong>Url regex to match</strong><br><br> + Samples: .mydomain.com .mydomain.com/test<br> + www.mydomain.com http://www.mydomain.com/ ^http://www.mydomain.com/.*$]]></fielddescr> + <fieldname>uri</fieldname> + <type>input</type> + <size>70</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_command_before_form> + </custom_php_command_before_form> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/squid3/34/squid_sync.xml b/config/squid3/34/squid_sync.xml new file mode 100755 index 00000000..7e632eab --- /dev/null +++ b/config/squid3/34/squid_sync.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_sync.xml + part of the sarg package for pfSense + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidsync</name> + <version>1.0</version> + <title>Proxy server: XMLRPC Sync</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <name>XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Automatically sync squid configuration changes</fielddescr> + <fieldname>synconchanges</fieldname> + <description>Select a sync method for squid.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> + </field> + <field> + <fielddescr>Remote Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_traffic.xml b/config/squid3/34/squid_traffic.xml new file mode 100755 index 00000000..3439d598 --- /dev/null +++ b/config/squid3/34/squid_traffic.xml @@ -0,0 +1,208 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidtraffic</name> + <version>none</version> + <title>Proxy server: Traffic management</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <fields> + <field> + <name>Squid Traffic Managment Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Maximum download size</fielddescr> + <fieldname>max_download_size</fieldname> + <description>Limit the maximum total download size to the size specified here (in kilobytes). Set to 0 to disable.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Maximum upload size</fielddescr> + <fieldname>max_upload_size</fieldname> + <description>Limit the maximum total upload size to the size specified here (in kilobytes). Set to 0 to disable.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Overall bandwidth throttling</fielddescr> + <fieldname>overall_throttling</fieldname> + <description>This value specifies (in kilobytes per second) the bandwidth throttle for downloads. Users will gradually have their download speed increased according to this value. Set to 0 to disable bandwidth throttling.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Per-host throttling</fielddescr> + <fieldname>perhost_throttling</fieldname> + <description>This value specifies the download throttling per host. Set to 0 to disable this.</description> + <type>input</type> + <size>10</size> + <required/> + <default_value>0</default_value> + </field> + <field> + <name>Squid Transfer Extension Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Throttle only specific extensions</fielddescr> + <fieldname>throttle_specific</fieldname> + <description>Leave this checked to be able to choose the extensions that throttling will be applied to. Otherwise, all files will be throttled.</description> + <type>checkbox</type> + <enablefields>throttle_binaries,throttle_cdimages,throttle_multimedia,throttle_others</enablefields> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Throttle binary files</fielddescr> + <fieldname>throttle_binaries</fieldname> + <description>Check this to apply bandwidth throttle to binary files. This includes compressed archives and executables.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Throttle CD images</fielddescr> + <fieldname>throttle_cdimages</fieldname> + <description>Check this to apply bandwidth throttle to CD image files.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Throttle multimedia files</fielddescr> + <fieldname>throttle_multimedia</fieldname> + <description>Check this to apply bandwidth throttle to multimedia files, such as movies or songs.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Throttle other extensions</fielddescr> + <fieldname>throttle_others</fieldname> + <description>Comma-separated list of extensions to apply bandwidth throttle to.</description> + <type>input</type> + <size>60</size> + </field> + <field> + <name>Squid Transfer Quick Abort Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Finish transfer if less than x KB remaining</fielddescr> + <fieldname>quick_abort_min</fieldname> + <description>If the transfer has less than x KB remaining, it will finish the retrieval. Set to 0 to abort the transfer immediately.</description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Abort transfer if more than x KB remaining</fielddescr> + <fieldname>quick_abort_max</fieldname> + <description>If the transfer has more than x KB remaining, it will abort the retrieval. Set to 0 to abort the transfer immediately.</description> + <type>input</type> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Finish transfer if more than x % finished</fielddescr> + <fieldname>quick_abort_pct</fieldname> + <description>If more than x % of the transfer has completed, it will finish the retrieval.</description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> + </field> + </fields> + <custom_php_validation_command> + squid_validate_traffic($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/squid3/34/squid_upstream.xml b/config/squid3/34/squid_upstream.xml new file mode 100755 index 00000000..b8696750 --- /dev/null +++ b/config/squid3/34/squid_upstream.xml @@ -0,0 +1,361 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + squid_upstream.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidremote</name> + <version>none</version> + <title>Proxy server: Remote proxy settings</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <tabs> +<tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + <active/> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> + </tab> + <tab> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Status</fielddescr> + <fieldname>enable</fieldname> + </columnitem> + <columnitem> + <fielddescr>name</fielddescr> + <fieldname>proxyaddr</fieldname> + </columnitem> + <columnitem> + <fielddescr>Port</fielddescr> + <fieldname>proxyport</fieldname> + </columnitem> + <columnitem> + <fielddescr>ICP</fielddescr> + <fieldname>icpport</fieldname> + </columnitem> + <columnitem> + <fielddescr>Peer type</fielddescr> + <fieldname>hierarchy</fieldname> + </columnitem> + <columnitem> + <fielddescr>Method</fielddescr> + <fieldname>peermethod</fieldname> + </columnitem> + </adddeleteeditpagefields> + + <fields> + <field> + <name>General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>enable</fieldname> + <description>This option enables the proxy server to forward requests to an upstream/neighbor server.</description> + <type>checkbox</type> + <required/> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <fieldname>proxyaddr</fieldname> + <description>Enter here the IP address or host name of the upstream proxy.</description> + <type>input</type> + <size>35</size> + <required/> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>proxyname</fieldname> + <description>Unique name for the peer.Required if you have multiple peers on the same host but different ports.</description> + <type>input</type> + <size>35</size> + <required/> + </field> + <field> + <fielddescr>TCP port</fielddescr> + <fieldname>proxyport</fieldname> + <description>Enter the port to use to connect to the upstream proxy.</description> + <type>input</type> + <size>5</size> + <default_value>3128</default_value> + <required/> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>connecttimeout</fieldname> + <description>A peer-specific connect timeout. Also see the peer_connect_timeout directive.</description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Fail Limit</fielddescr> + <fieldname>connectfailLimit</fieldname> + <description>How many times connecting to a peer must fail before it is marked as down. Default is 10.</description> + <type>input</type> + <size>5</size> + <default_value>10</default_value> + </field> + <field> + <fielddescr>Max</fielddescr> + <fieldname>maxconn</fieldname> + <description>Limit the amount of connections Squid may open to this peer.</description> + <type>input</type> + <size>5</size> + </field> + <field> + <fielddescr>Allow Miss</fielddescr> + <fieldname>allowmiss</fieldname> + <description><![CDATA[<strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br><br> + <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br><br> + <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.]]></description> + <type>select</type> + <default_value>allow-miss</default_value> + <options> + <option><name>Allow Miss</name><value>allow-miss</value></option> + <option><name>No Tproxy</name><value>no-tproxy</value></option> + <option><name>Proxy Only</name><value>proxy-only</value></option> + </options> + <multiple/> + <size>4</size> + </field> + <field> + <name>Peer settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Hierarchy</fielddescr> + <fieldname>hierarchy</fieldname> + <description>Specify remote caches hierarchy.</description> + <type>select</type> + <default_value>parent</default_value> + <options> + <option><name>parent</name><value>parent</value></option> + <option><name>sibling</name><value>sibling</value></option> + <option><name>multicast</name><value>multicast</value></option> + </options> + </field> + <field> + <fielddescr>Select method</fielddescr> + <fieldname>peermethod</fieldname> + <description><![CDATA[The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br><br> + <strong>default</strong> - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br> + If specified more than once, only the first is used.<br><br> + <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br>weight=N can be used to add bias.<br><br> + <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br> + Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.<br><br> + <strong>carp</strong> - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.<br><br> + <strong>userhash</strong> - Load-balance parents based on the client proxy_auth or ident username.<br><br> + <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br><br> + <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br> + ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.<br> + It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]></description> + <type>select</type> + <default_value>round-robin</default_value> + <options> + <option><name>round-robin</name><value>round-robin</value></option> + <option><name>default</name><value>default</value></option> + <option><name>weighted-round-robin</name><value>weighted-round-robin</value></option> + <option><name>carp</name><value>carp</value></option> + <option><name>userhash</name><value>userhash</value></option> + <option><name>sourcehash</name><value>sourcehash</value></option> + <option><name>multicast-sibling</name><value>multicast-sibling</value></option> + </options> + </field> + <field> + <fielddescr>weight</fielddescr> + <fieldname>weight</fieldname> + <description>Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more.</description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>basetime</fielddescr> + <fieldname>basetime</fieldname> + <description><![CDATA[Specify a base amount to be subtracted from round trip times of parents.<br> + It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]></description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>ttl</fielddescr> + <fieldname>ttl</fieldname> + <description><![CDATA[Specify a TTL to use when sending multicast ICP queries to this address<br> + Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]></description> + <type>input</type> + <size>5</size> + <default>1</default> + </field> + <field> + <fielddescr>no-delay</fielddescr> + <fieldname>nodelay</fieldname> + <description><![CDATA[To prevent access to this neighbor from influencing the delay pools.]]></description> + <type>checkbox</type> + </field> + <field> + <name>ICP settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>ICP port</fielddescr> + <fieldname>icpport</fieldname> + <description>Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies.</description> + <type>input</type> + <size>5</size> + <default_value>7</default_value> + </field> + <field> + <fielddescr>ICP Options</fielddescr> + <fieldname>icpoptions</fieldname> + <description><![CDATA[You MUST also set icp_port and icp_access explicitly when using these options.<br> + The defaults will prevent peer traffic using ICP<br><br> + <strong>no-query</strong> - Disable ICP queries to this neighbor.<br><br> + <strong>multicast-responder</strong> -Indicates the named peer is a member of a multicast group.<br> + ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.<br><br> + <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br><br> + <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br> + This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]></description> + <type>select</type> + <default_value>no-query</default_value> + <options> + <option><name>no-query</name><value>no-query</value></option> + <option><name>multicast-responder</name><value>multicast-responder</value></option> + <option><name>closest-only</name><value>closest-only</value></option> + <option><name>background-ping</name><value>background-ping</value></option> + </options> + </field> + <field> + <name>Auth settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Username</fielddescr> + <fieldname>username</fieldname> + <description>If the upstream proxy requires a username, specify it here.</description> + <type>input</type> + </field> + <field> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>If the upstream proxy requires a password, specify it here.</description> + <type>password</type> + </field> + <field> + <fielddescr>Authentication options</fielddescr> + <fieldname>authoption</fieldname> + <description><![CDATA[<br><strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br><br> + <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br> + This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.<br><br> + <strong>login=PASS</strong> - Send login details received from client to this peer.Authentication is not required by this option.<br> + To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).<br> + Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION<br><br> + <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.<br><br> + <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> + The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.<br> + WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> + <strong>login=NEGOTIATE:principal_name</strong>If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> + The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used. + WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> + <strong>connection-auth=on</strong> - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> + Default is auto to automatically determine the status of the peer.<br><br> + <strong>connection-auth=off</strong> - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> + Default is auto to automatically determine the status of the peer.]]></description> + <type>select</type> + <default_value>login=*:password</default_value> + <options> + <option><name>login=*:password</name><value>login=*:password</value></option> + <option><name>login=user:password</name><value>login=user:password</value></option> + <option><name>login=PASSTHRU</name><value>login=PASSTHRU</value></option> + <option><name>login=PASS</name><value>login=PASS</value></option> + <option><name>login=NEGOTIATE</name><value>login=NEGOTIATE</value></option> + <option><name>login=NEGOTIATE:principal_name</name><value>login=NEGOTIATE:principal_name</value></option> + <option><name>connection-auth=on</name><value>connection-auth=on</value></option> + <option><name>connection-auth=off</name><value>connection-auth=off</value></option> + </options> + </field> + </fields> + <custom_php_validation_command> + squid_validate_upstream($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + squid_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/anyterm/anyterm.xml b/config/squid3/34/squid_users.xml index f3b78012..835cf07b 100644..100755 --- a/config/anyterm/anyterm.xml +++ b/config/squid3/34/squid_users.xml @@ -7,9 +7,14 @@ /* $Id$ */ /* ========================================================================== */ /* - anyterm.xml - pfSense package (http://www.pfSense.com) - Copyright (C) 2009 Scott Ullrich + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + Copyright (C) 2012-2014 Marcello Coutinho + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. */ /* ========================================================================== */ @@ -38,79 +43,95 @@ /* ========================================================================== */ ]]> </copyright> - <name>anyterm</name> - <version>1.0</version> - <title>anyterm</title> - <aftersaveredirect>/pkg_edit.php?xml=anyterm.xml&id=0</aftersaveredirect> - <include_file>/usr/local/pkg/anyterm.inc</include_file> - <menu> - <name>Anyterm</name> - <tooltiptext></tooltiptext> - <section>Diagnostics</section> - <url>/pkg_edit.php?xml=anyterm.xml&id=0</url> - </menu> - <service> - <name>Anyterm</name> - <rcfile>anyterm.sh</rcfile> - <executable>anytermd</executable> - <description>Ajax Interactive Shell</description> - </service> - <configpath>installedpackages->anyterm->config</configpath> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/anyterm/anyterm.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/anyterm/access_anyterm.php</item> - </additional_files_needed> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>squidusers</name> + <version>none</version> + <title>Proxy server: Local users</title> + <include_file>/usr/local/pkg/squid.inc</include_file> + <delete_string>A proxy server user has been deleted.</delete_string> + <addedit_string>A proxy server user has been created/modified.</addedit_string> <tabs> +<tab> + <text>General</text> + <url>/pkg_edit.php?xml=squid.xml&id=0</url> + </tab> + <tab> + <text>Remote Cache</text> + <url>/pkg.php?xml=squid_upstream.xml</url> + </tab> + <tab> + <text>Local Cache</text> + <url>/pkg_edit.php?xml=squid_cache.xml&id=0</url> + </tab> + <tab> + <text>Antivirus</text> + <url>/pkg_edit.php?xml=squid_antivirus.xml&id=0</url> + </tab> + <tab> + <text>ACLs</text> + <url>/pkg_edit.php?xml=squid_nac.xml&id=0</url> + </tab> + <tab> + <text>Traffic Mgmt</text> + <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> + </tab> + <tab> + <text>Authentication</text> + <url>/pkg_edit.php?xml=squid_auth.xml&id=0</url> + </tab> <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=anyterm.xml&id=0</url> + <text>Users</text> + <url>/pkg.php?xml=squid_users.xml</url> <active/> </tab> <tab> - <text>Ajax Shell</text> - <url>access_anyterm.php</url> + <text>Real time</text> + <url>/squid_monitor.php</url> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Username</fielddescr> + <fieldname>username</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> <fields> <field> + <name>Squid Local Users</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Username</fielddescr> <fieldname>username</fieldname> - <description>Enter the username for accessing Anyterm</description> + <description>Enter the username here.</description> <type>input</type> + <required/> </field> <field> <fielddescr>Password</fielddescr> <fieldname>password</fieldname> - <description>Enter the password for accessing Anyterm</description> + <description>Enter the password here.</description> <type>password</type> + <required/> </field> <field> - <fielddescr>Port</fielddescr> - <fieldname>port</fieldname> - <description>Enter the port that Anyterm will listen on Default is 8080.</description> - <type>input</type> - </field> - <field> - <fielddescr>STunnel Port</fielddescr> - <fieldname>stunnelport</fieldname> - <description> - <![CDATA[ - [OPTIONAL] If you have setup a STunnel forward (recommended!) enter its port here. - ]]> - </description> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>You may enter a description here for your reference (not parsed).</description> <type>input</type> </field> </fields> <custom_php_resync_config_command> - anyterm_install(); + squid_resync_users(); </custom_php_resync_config_command> - <custom_php_deinstall_command> - anyterm_deinstall(); - </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/34/swapstate_check.php b/config/squid3/34/swapstate_check.php new file mode 100644 index 00000000..7a7ccd27 --- /dev/null +++ b/config/squid3/34/swapstate_check.php @@ -0,0 +1,54 @@ +#!/usr/local/bin/php -q +<?php +/* + swapstate_check.php + Copyright (C) 2011 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once('config.inc'); +require_once('util.inc'); +require_once('squid.inc'); + + $settings = $config['installedpackages']['squidcache']['config'][0]; +// Only check the cache if Squid is actually caching. +// If there is no cache then quietly do nothing. +if ($settings['harddisk_cache_system'] != "null"){ + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + $swapstate = $cachedir . '/swap.state'; + if (!file_exists($swapstate)) + return; + $disktotal = disk_total_space(dirname($cachedir)); + $diskfree = disk_free_space(dirname($cachedir)); + $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); + $swapstate_size = filesize($swapstate); + $swapstate_pct = round(($swapstate_size / $disktotal) * 100); + // If the swap.state file is taking up more than 75% disk space, + // or the drive is 90% full and swap.state is larger than 1GB, + // kill it and initiate a rotate to write a fresh copy. + if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024)) || $argv[1]=="clean") { + squid_dash_z('clean'); + log_error(gettext(sprintf("Squid cache and/or swap.state exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); + } +} +?> diff --git a/config/squid3/old/squid.inc b/config/squid3/old/squid.inc index 784fea8f..ce196700 100644 --- a/config/squid3/old/squid.inc +++ b/config/squid3/old/squid.inc @@ -289,7 +289,7 @@ function squid_deinstall_command() { filter_configure(); } -function squid_before_form_general($pkg) { +function squid_before_form_general(&$pkg) { $values = get_dir(SQUID_CONFBASE . '/errors/'); // Get rid of '..' and '.' array_shift($values); @@ -310,7 +310,7 @@ function squid_before_form_general($pkg) { $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -function squid_validate_general($post, $input_errors) { +function squid_validate_general($post, &$input_errors) { global $config; $settings = $config['installedpackages']['squid']['config'][0]; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); @@ -367,7 +367,7 @@ function squid_validate_general($post, $input_errors) { }} } -function squid_validate_upstream($post, $input_errors) { +function squid_validate_upstream($post, &$input_errors) { if ($post['proxy_forwarding'] == 'on') { $addr = trim($post['proxy_addr']); if (empty($addr)) @@ -389,7 +389,7 @@ function squid_validate_upstream($post, $input_errors) { } } -function squid_validate_cache($post, $input_errors) { +function squid_validate_cache($post, &$input_errors) { $num_fields = array( 'harddisk_cache_size' => 'Hard disk cache size', 'memory_cache_size' => 'Memory cache size', 'maximum_object_size' => 'Maximum object size', @@ -428,7 +428,7 @@ function squid_validate_cache($post, $input_errors) { } -function squid_validate_nac($post, $input_errors) { +function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); @@ -466,7 +466,7 @@ function squid_validate_nac($post, $input_errors) { }} } -function squid_validate_traffic($post, $input_errors) { +function squid_validate_traffic($post, &$input_errors) { $num_fields = array( 'max_download_size' => 'Maximum download size', 'max_upload_size' => 'Maximum upload size', 'perhost_throttling' => 'Per-host bandwidth throttling', @@ -498,7 +498,7 @@ function squid_validate_traffic($post, $input_errors) { } -function squid_validate_auth($post, $input_errors) { +function squid_validate_auth($post, &$input_errors) { $num_fields = array( array('auth_processes', 'Authentication processes', 1), array('auth_ttl', 'Authentication TTL', 0), ); diff --git a/config/squid3/old/squid.xml b/config/squid3/old/squid.xml index 5762efb1..83fb9bc0 100644 --- a/config/squid3/old/squid.xml +++ b/config/squid3/old/squid.xml @@ -315,13 +315,13 @@ </field> </fields> <custom_php_command_before_form> - squid_before_form_general(&$pkg); + squid_before_form_general($pkg); </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> <custom_php_validation_command> - squid_validate_general($_POST, &$input_errors); + squid_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); @@ -339,4 +339,4 @@ exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/old/squid_auth.xml b/config/squid3/old/squid_auth.xml index c8e34553..db26756b 100644 --- a/config/squid3/old/squid_auth.xml +++ b/config/squid3/old/squid_auth.xml @@ -220,7 +220,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_auth($_POST, &$input_errors); + squid_validate_auth($_POST, $input_errors); </custom_php_validation_command> <custom_php_after_form_command> squid_print_javascript_auth2(); diff --git a/config/squid3/old/squid_cache.xml b/config/squid3/old/squid_cache.xml index 881f15b3..a765d911 100644 --- a/config/squid3/old/squid_cache.xml +++ b/config/squid3/old/squid_cache.xml @@ -214,7 +214,7 @@ } </custom_php_command_before_form> <custom_php_validation_command> - squid_validate_cache($_POST, &$input_errors); + squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_nac.xml b/config/squid3/old/squid_nac.xml index 193a89c6..0d914dca 100644 --- a/config/squid3/old/squid_nac.xml +++ b/config/squid3/old/squid_nac.xml @@ -135,7 +135,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_nac($_POST, &$input_errors); + squid_validate_nac($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_traffic.xml b/config/squid3/old/squid_traffic.xml index d560a7ad..f34eec19 100644 --- a/config/squid3/old/squid_traffic.xml +++ b/config/squid3/old/squid_traffic.xml @@ -169,7 +169,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_traffic($_POST, &$input_errors); + squid_validate_traffic($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squid3/old/squid_upstream.xml b/config/squid3/old/squid_upstream.xml index ad494524..b9a14dc8 100644 --- a/config/squid3/old/squid_upstream.xml +++ b/config/squid3/old/squid_upstream.xml @@ -125,7 +125,7 @@ </field> </fields> <custom_php_validation_command> - squid_validate_upstream($_POST, &$input_errors); + squid_validate_upstream($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc index d58dfb79..0be94a6f 100644 --- a/config/squidGuard-devel/squidguard.inc +++ b/config/squidGuard-devel/squidguard.inc @@ -101,12 +101,12 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== # Validations # ============================================================================== -function squidguard_validate($post, $input_errors) +function squidguard_validate($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); + if ($submit === APPLY_BTN) sg_check_config_data($input_errors); } # ------------------------------------------------------------------------------ @@ -114,13 +114,13 @@ function squidguard_validate($post, $input_errors) # ------------------------------------------------------------------------------ function squidguard_validate_default($post, $input_errors) { - squidguard_validate_acl($post, &$input_errors); + squidguard_validate_acl($post, $input_errors); } # ------------------------------------------------------------------------------ # validate acl # ------------------------------------------------------------------------------ -function squidguard_validate_acl($post, $input_errors) +function squidguard_validate_acl(&$post, &$input_errors) { $pass_up = array(); $deny_up = array(); @@ -134,7 +134,7 @@ function squidguard_validate_acl($post, $input_errors) $name = trim($post[F_NAME]); if(!empty($name)) { # validate name format - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_ACLS, $name)) @@ -148,7 +148,7 @@ function squidguard_validate_acl($post, $input_errors) $sgx = array(); $sgx[F_NAME] = $post[F_NAME]; $sgx[F_SOURCE] = $post[F_SOURCE]; - sg_check_src($sgx, &$input_errors); + sg_check_src($sgx, $input_errors); } # store destinations to 'dest' value @@ -192,7 +192,7 @@ function squidguard_validate_acl($post, $input_errors) # check redirect $errmsg = ''; - if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) { + if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], $errmsg)) { $input_errors[] = "Redirect info error. $errmsg"; } } @@ -203,14 +203,14 @@ function squidguard_validate_acl($post, $input_errors) # date: <date(or range)><time (or range)> -- days not parsed (reset to *) # weekly: <day or *><time or range> -- dates not parsed (reset to '') # ------------------------------------------------------------------------------ -function squidguard_validate_times($post, $input_errors) +function squidguard_validate_times(&$post, &$input_errors) { $id = get_item_id(); # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_TIMES, $name)) @@ -246,18 +246,18 @@ function squidguard_validate_times($post, $input_errors) $sgx[F_ITEM][] = $sgx_row; } # - sg_check_time($sgx, &$input_errors); + sg_check_time($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate destinations # ------------------------------------------------------------------------------ -function squidguard_validate_destination($post, $input_errors) { +function squidguard_validate_destination($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_DESTINATIONS, $name)) @@ -277,18 +277,18 @@ function squidguard_validate_destination($post, $input_errors) { $sgx[F_RMOD] = $post[F_RMOD]; $sgx[F_REDIRECT] = $post[F_REDIRECT]; # - sg_check_dest($sgx, &$input_errors); + sg_check_dest($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate rewrites # ------------------------------------------------------------------------------ -function squidguard_validate_rewrite($post, $input_errors) { +function squidguard_validate_rewrite($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { # check name format <char><symbols without space> - Ab123 - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_REWRITES, $name)) @@ -447,7 +447,7 @@ function get_sgconf_items_list($data_group, $fieldname) { # ============================================================================== # squidguard_before_form # ------------------------------------------------------------------------------ -function squidguard_before_form($pkg) { +function squidguard_before_form(&$pkg) { $i=0; foreach($pkg['fields']['field'] as $field) { @@ -470,7 +470,7 @@ function squidguard_before_form($pkg) { # ----------------------------------------------------------------------------- # squidguard_before_form_acl # ----------------------------------------------------------------------------- -function squidguard_before_form_acl($pkg, $is_acl=true) { +function squidguard_before_form_acl(&$pkg, $is_acl=true) { global $g; global $squidguard_config; @@ -638,7 +638,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { # ----------------------------------------------------------------------------- # squidguard_before_form_dest # ----------------------------------------------------------------------------- -function squidguard_before_form_dest($pkg) { +function squidguard_before_form_dest(&$pkg) { global $g, $squidguard_config; $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name'); //var_dump($squidguard_config); @@ -1301,12 +1301,12 @@ function squidguard_adt_rewrite_safesrch() $res[F_NAME] = SAFESEARCH; $res[F_DESCRIPTION] = "Google, Yandex safesearch"; $res[F_LOG] = 'on'; - squidguard_adt_safesrch_add(&$res[F_ITEM]); + squidguard_adt_safesrch_add($res[F_ITEM]); return $res; } -function squidguard_adt_safesrch_add($rewrite_item) +function squidguard_adt_safesrch_add(&$rewrite_item) { if (!is_array($rewrite_item)) $rewrite_item = array(); @@ -1331,7 +1331,7 @@ function squidguard_adt_safesrch_add($rewrite_item) } # log dump -function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) +function squidguard_logdump($filename, &$lnoffset, $lncount, $reverse) { define('LOGSHOW_BUFSIZE', '262144'); $cnt = ''; @@ -1371,10 +1371,10 @@ function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) } # dump SG log -function squidguard_filterdump($lnoffset, $lncount, $reverse) +function squidguard_filterdump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1385,10 +1385,10 @@ function squidguard_filterdump($lnoffset, $lncount, $reverse) } # dump SG Gui log -function squidguard_guidump($lnoffset, $lncount, $reverse) +function squidguard_guidump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1399,10 +1399,10 @@ function squidguard_guidump($lnoffset, $lncount, $reverse) } # dump SG blocked -function squidguard_blockdump($lnoffset, $lncount, $reverse) +function squidguard_blockdump(&$lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 9); diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml index d5f2b82d..3c91402a 100644 --- a/config/squidGuard-devel/squidguard.xml +++ b/config/squidGuard-devel/squidguard.xml @@ -239,10 +239,10 @@ </fields> <custom_add_php_command/> <custom_php_validation_command> - squidguard_validate(&$_POST, &$input_errors); + squidguard_validate($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form(&$pkg); + squidguard_before_form($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_acl.xml b/config/squidGuard-devel/squidguard_acl.xml index cd3e8016..b074a830 100644 --- a/config/squidGuard-devel/squidguard_acl.xml +++ b/config/squidGuard-devel/squidguard_acl.xml @@ -224,10 +224,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg); + squidguard_before_form_acl($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc index 3cf7bc61..a48426bb 100644 --- a/config/squidGuard-devel/squidguard_configurator.inc +++ b/config/squidGuard-devel/squidguard_configurator.inc @@ -206,6 +206,7 @@ define('SQUIDGUARD_GUILOG_LEVEL', SQUIDGUARD_INFO); # log level define('SQUIDGUARD_GUILOG_MAXCOUNT', 500); # log max lines define('SQUIDGUARD_GUILOG_ENABLE', true); # on/off gui log - option override GUI settings define('SQUIDGUARD_LOG_ENABLE', true); # on/off SG log - option override GUI settings +define('SQUIDGUARD_LOGROTATE_MAXCOUNT', 1000); # logrotate max lines # define('FLT_DEFAULT_ALL', 'all'); @@ -846,7 +847,7 @@ function sg_create_config() } # check configuration data - if (!sg_check_config_data(&$error_res)) { + if (!sg_check_config_data($error_res)) { sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR); sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR); return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2])."); @@ -1071,8 +1072,8 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') { - acl_remove_blacklist_items(&$acl[F_DESTINATIONNAME]); - acl_remove_blacklist_items(&$acl[F_OVERDESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_DESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_OVERDESTINATIONNAME]); } # not allowing IP in URL @@ -1128,7 +1129,7 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') - acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]); + acl_remove_blacklist_items($def[F_DESTINATIONNAME]); # not allowing IP in URL if ($def[F_NOTALLOWINGIP]) @@ -1254,7 +1255,7 @@ function sg_redirector_base_url($rdr_info, $redirect_mode) # check redirect $errmsg = ''; - if (!sg_check_redirect($redirect_mode, $rdr_info, &$errmsg)) { + if (!sg_check_redirect($redirect_mode, $rdr_info, $errmsg)) { $redirect_mode = RMOD_INT_ERRORPAGE; $rdr_info = "Bad redirect settings. $errmsg Check you configuration."; sg_addlog("sg_redirector_base_url", "$errmsg", SQUIDGUARD_ERROR); @@ -1310,7 +1311,7 @@ function sg_aclpass_reorder($pass) # ------------------------------------------------------------ # sg_check_config_data # ------------------------------------------------------------ -function sg_check_config_data ($input_errors) +function sg_check_config_data (&$input_errors) { global $squidguard_config; $elog = array(); @@ -1327,14 +1328,14 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $tm_name = $tm[F_NAME]; $err_s = ''; - if (!check_name_format($tm_name, &$err_s)) + if (!check_name_format($tm_name, $err_s)) $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s"; if ($key_tm[$tm_name] > 1) $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'"; # check time items format - sg_check_time($tm, &$elog); + sg_check_time($tm, $elog); } } @@ -1345,7 +1346,7 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $src_name = $src[F_NAME]; $err_s = ''; - if (!check_name_format($src_name, &$err_s)) + if (!check_name_format($src_name, $err_s)) $elog[] = "(A1) ACL '$src_name'error: $err_s"; if ($key_src[$src_name] > 1) @@ -1362,13 +1363,13 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $dst_name = $dst[F_NAME]; $err_s = ''; - if (!check_name_format($dst_name, &$err_s)) + if (!check_name_format($dst_name, $err_s)) $elog[] = "(D1) DEST '$dst_name' error: $err_s"; if ($key_dst[$dst_name] > 1) $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'"; # - sg_check_dest($dst, &$elog); + sg_check_dest($dst, $elog); } } @@ -1396,7 +1397,7 @@ function sg_check_config_data ($input_errors) # check check name as unique and name format $rw_name = $rw[F_NAME]; $err_s = ''; - if (!check_name_format($rw_name, &$err_s)) + if (!check_name_format($rw_name, $err_s)) $elog[] = "(R1) REWRITE '$rw_name' error: $err_s"; if ($key_rw[$rw_name] > 1) @@ -1674,7 +1675,7 @@ function is_username($username) # ------------------------------------------------------------------------------ # check name # ------------------------------------------------------------------------------ -function check_name_format ($name, $input_errors) +function check_name_format ($name, &$input_errors) { $elog = array(); $val = trim($name); @@ -1698,7 +1699,7 @@ function check_name_format ($name, $input_errors) # ****************************************************************************** # check redirect # ------------------------------------------------------------------------------ -function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) +function sg_check_redirect($rdr_mode, $rdr_info, &$err_msg) { $res = true; switch($rdr_mode) { @@ -1720,7 +1721,7 @@ function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) # ------------------------------------------------------------------------------ # sg_check_time # ------------------------------------------------------------------------------ -function sg_check_time($sgtime, $input_errors) +function sg_check_time($sgtime, &$input_errors) { $err = ''; $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun"); @@ -1746,14 +1747,14 @@ function sg_check_time($sgtime, $input_errors) # ------------------------------------------------------------------------------ # sg_check_dest # ------------------------------------------------------------------------------ -function sg_check_dest($sgx, $input_errors) +function sg_check_dest($sgx, &$input_errors) { $elog = array(); $dm = explode(" ", $sgx[F_DOMAINS]); # $ex = explode(" ", $sgx[F_EXPRESSIONS]); $ur = explode(" ", $sgx[F_URLS]); - array_packitems(&$dm); - array_packitems(&$ur); + array_packitems($dm); + array_packitems($ur); # domain or ip foreach ($dm as $d_it) { @@ -1765,7 +1766,7 @@ function sg_check_dest($sgx, $input_errors) if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url."; # check redirect - sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], &$elog); + sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], $elog); # update log if (!empty($elog)) { @@ -1780,7 +1781,7 @@ function sg_check_dest($sgx, $input_errors) # ------------------------------------------------------------------------------ # sg_check_src # ------------------------------------------------------------------------------ -function sg_check_src($sgx, $input_errors) +function sg_check_src($sgx, &$input_errors) { $elog = array(); @@ -1822,7 +1823,7 @@ function str_packspaces($str) while(strpos($str, ' ')) $str = str_replace(' ', ' ', $str); } -function array_packitems($arval) +function array_packitems(&$arval) { if (is_array($arval)) { $arval = array_map("trim", $arval); # trim all items @@ -1894,7 +1895,7 @@ function check_time($time) # ----------------------------------------------------------------------------- # acl_remove_blacklist_items # ----------------------------------------------------------------------------- -function acl_remove_blacklist_items($items) +function acl_remove_blacklist_items(&$items) { # add !items and ^items $db_entries = sg_entries_blacklist(); @@ -1921,6 +1922,7 @@ function acl_remove_blacklist_items($items) # ----------------------------------------------------------------------------- function sg_script_logrotate() { + $lines = SQUIDGUARD_LOGROTATE_MAXCOUNT; global $squidguard_config; @@ -2206,7 +2208,7 @@ function sg_update_blacklist($from_file) $blk_list = array(); # scan blacklist items - scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + scan_blacklist_cat($tmp_unpack_dir, "blk", $blk_items); # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) foreach ($blk_items as $key => $val) { @@ -2415,7 +2417,7 @@ function squidguard_blacklist_restore_arcdb() # ["urls"] urls file path # ["expressions"] expressions file path # ------------------------------------------------------------------------------ -function scan_blacklist_cat($curdir, $key_name, $cat_array) +function scan_blacklist_cat($curdir, $key_name, &$cat_array) { if (file_exists($curdir) and is_dir($curdir)) { @@ -2448,7 +2450,7 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) $fls_key = $key_name . "_" . $fls; # recursive call - scan_blacklist_cat($fls_file, $fls_key, & $cat_array); + scan_blacklist_cat($fls_file, $fls_key, $cat_array); } } } diff --git a/config/squidGuard-devel/squidguard_default.xml b/config/squidGuard-devel/squidguard_default.xml index 01380ea5..4a03c2b6 100644 --- a/config/squidGuard-devel/squidguard_default.xml +++ b/config/squidGuard-devel/squidguard_default.xml @@ -134,10 +134,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg, false); + squidguard_before_form_acl($pkg, false); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard-devel/squidguard_dest.xml b/config/squidGuard-devel/squidguard_dest.xml index 3525098e..5f128a49 100644 --- a/config/squidGuard-devel/squidguard_dest.xml +++ b/config/squidGuard-devel/squidguard_dest.xml @@ -172,10 +172,10 @@ </field> </fields> <custom_php_command_before_form> - squidguard_before_form_dest(&$pkg); + squidguard_before_form_dest($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squidguard_validate_destination($_POST, &$input_errors); + squidguard_validate_destination($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squidguard_resync_dest(); diff --git a/config/squidGuard-devel/squidguard_log.php b/config/squidGuard-devel/squidguard_log.php index 8eba2311..562feb96 100644 --- a/config/squidGuard-devel/squidguard_log.php +++ b/config/squidGuard-devel/squidguard_log.php @@ -77,14 +77,14 @@ function squidguard_log_AJAX_response( $request ) $res = squidguard_prep_textareacont($cont); break; case 'guilog': - $res = squidguard_logrep(squidguard_guidump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_guidump( $offset, 50, true)); break; case 'filterlog': - $res = squidguard_logrep(squidguard_filterdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_filterdump( $offset, 50, true)); break; case "blocked": default: - $res = squidguard_logrep(squidguard_blockdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_blockdump( $offset, 50, true)); break; } diff --git a/config/squidGuard-devel/squidguard_rewr.xml b/config/squidGuard-devel/squidguard_rewr.xml index c21cb1c0..4b55292d 100644 --- a/config/squidGuard-devel/squidguard_rewr.xml +++ b/config/squidGuard-devel/squidguard_rewr.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_rewrite($_POST, &$input_errors); + squidguard_validate_rewrite($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_rewrite(); diff --git a/config/squidGuard-devel/squidguard_time.xml b/config/squidGuard-devel/squidguard_time.xml index dfd589aa..7f682174 100644 --- a/config/squidGuard-devel/squidguard_time.xml +++ b/config/squidGuard-devel/squidguard_time.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_times(&$_POST, &$input_errors); + squidguard_validate_times($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_time(); diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index d58dfb79..0fd450b7 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -101,26 +101,26 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== # Validations # ============================================================================== -function squidguard_validate($post, $input_errors) +function squidguard_validate(&$post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data(&$input_errors); + if ($submit === APPLY_BTN) sg_check_config_data($input_errors); } # ------------------------------------------------------------------------------ # validate default # ------------------------------------------------------------------------------ -function squidguard_validate_default($post, $input_errors) +function squidguard_validate_default(&$post, &$input_errors) { - squidguard_validate_acl($post, &$input_errors); + squidguard_validate_acl($post, $input_errors); } # ------------------------------------------------------------------------------ # validate acl # ------------------------------------------------------------------------------ -function squidguard_validate_acl($post, $input_errors) +function squidguard_validate_acl(&$post, &$input_errors) { $pass_up = array(); $deny_up = array(); @@ -134,7 +134,7 @@ function squidguard_validate_acl($post, $input_errors) $name = trim($post[F_NAME]); if(!empty($name)) { # validate name format - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_ACLS, $name)) @@ -148,7 +148,7 @@ function squidguard_validate_acl($post, $input_errors) $sgx = array(); $sgx[F_NAME] = $post[F_NAME]; $sgx[F_SOURCE] = $post[F_SOURCE]; - sg_check_src($sgx, &$input_errors); + sg_check_src($sgx, $input_errors); } # store destinations to 'dest' value @@ -192,7 +192,7 @@ function squidguard_validate_acl($post, $input_errors) # check redirect $errmsg = ''; - if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], &$errmsg)) { + if (!sg_check_redirect($post[F_RMOD], $post[F_REDIRECT], $errmsg)) { $input_errors[] = "Redirect info error. $errmsg"; } } @@ -203,14 +203,14 @@ function squidguard_validate_acl($post, $input_errors) # date: <date(or range)><time (or range)> -- days not parsed (reset to *) # weekly: <day or *><time or range> -- dates not parsed (reset to '') # ------------------------------------------------------------------------------ -function squidguard_validate_times($post, $input_errors) +function squidguard_validate_times(&$post, &$input_errors) { $id = get_item_id(); # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_TIMES, $name)) @@ -246,18 +246,18 @@ function squidguard_validate_times($post, $input_errors) $sgx[F_ITEM][] = $sgx_row; } # - sg_check_time($sgx, &$input_errors); + sg_check_time($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate destinations # ------------------------------------------------------------------------------ -function squidguard_validate_destination($post, $input_errors) { +function squidguard_validate_destination($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_DESTINATIONS, $name)) @@ -277,18 +277,18 @@ function squidguard_validate_destination($post, $input_errors) { $sgx[F_RMOD] = $post[F_RMOD]; $sgx[F_REDIRECT] = $post[F_REDIRECT]; # - sg_check_dest($sgx, &$input_errors); + sg_check_dest($sgx, $input_errors); } # ------------------------------------------------------------------------------ # validate rewrites # ------------------------------------------------------------------------------ -function squidguard_validate_rewrite($post, $input_errors) { +function squidguard_validate_rewrite($post, &$input_errors) { # check name $name = trim($post[F_NAME]); if(!empty($name)) { # check name format <char><symbols without space> - Ab123 - check_name_format($name, &$input_errors); + check_name_format($name, $input_errors); # check unique name if (!sg_check_unique_name(F_REWRITES, $name)) @@ -447,7 +447,7 @@ function get_sgconf_items_list($data_group, $fieldname) { # ============================================================================== # squidguard_before_form # ------------------------------------------------------------------------------ -function squidguard_before_form($pkg) { +function squidguard_before_form(&$pkg) { $i=0; foreach($pkg['fields']['field'] as $field) { @@ -470,7 +470,7 @@ function squidguard_before_form($pkg) { # ----------------------------------------------------------------------------- # squidguard_before_form_acl # ----------------------------------------------------------------------------- -function squidguard_before_form_acl($pkg, $is_acl=true) { +function squidguard_before_form_acl(&$pkg, $is_acl=true) { global $g; global $squidguard_config; @@ -638,7 +638,7 @@ function squidguard_before_form_acl($pkg, $is_acl=true) { # ----------------------------------------------------------------------------- # squidguard_before_form_dest # ----------------------------------------------------------------------------- -function squidguard_before_form_dest($pkg) { +function squidguard_before_form_dest(&$pkg) { global $g, $squidguard_config; $destination_items = get_sgconf_items_list(F_DESTINATIONS, 'name'); //var_dump($squidguard_config); @@ -1301,12 +1301,12 @@ function squidguard_adt_rewrite_safesrch() $res[F_NAME] = SAFESEARCH; $res[F_DESCRIPTION] = "Google, Yandex safesearch"; $res[F_LOG] = 'on'; - squidguard_adt_safesrch_add(&$res[F_ITEM]); + squidguard_adt_safesrch_add($res[F_ITEM]); return $res; } -function squidguard_adt_safesrch_add($rewrite_item) +function squidguard_adt_safesrch_add(&$rewrite_item) { if (!is_array($rewrite_item)) $rewrite_item = array(); @@ -1331,7 +1331,7 @@ function squidguard_adt_safesrch_add($rewrite_item) } # log dump -function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) +function squidguard_logdump($filename, &$lnoffset, $lncount, $reverse) { define('LOGSHOW_BUFSIZE', '262144'); $cnt = ''; @@ -1374,7 +1374,7 @@ function squidguard_logdump($filename, $lnoffset, $lncount, $reverse) function squidguard_filterdump($lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/squidGuard.log', $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1388,7 +1388,7 @@ function squidguard_filterdump($lnoffset, $lncount, $reverse) function squidguard_guidump($lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . SQUIDGUARD_CONFLOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 4); @@ -1402,7 +1402,7 @@ function squidguard_guidump($lnoffset, $lncount, $reverse) function squidguard_blockdump($lnoffset, $lncount, $reverse) { $res = array(); - $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, &$lnoffset, $lncount, $reverse); + $cont = squidguard_logdump(SQUIDGUARD_LOGDIR . '/' . SQUIDGUARD_LOGFILE, $lnoffset, $lncount, $reverse); foreach($cont as $cn) { $cn = explode(" ", trim($cn), 9); diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index ee7302f4..3a77edf3 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -6,7 +6,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>squidguardgeneral</name> - <version>1.4_4 pkg v.1.9.3</version> + <version>1.4_4 pkg v.1.9.8</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> @@ -239,10 +239,10 @@ </fields> <custom_add_php_command/> <custom_php_validation_command> - squidguard_validate(&$_POST, &$input_errors); + squidguard_validate($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form(&$pkg); + squidguard_before_form($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard/squidguard_acl.xml b/config/squidGuard/squidguard_acl.xml index 243576e8..8ddd6c35 100644 --- a/config/squidGuard/squidguard_acl.xml +++ b/config/squidGuard/squidguard_acl.xml @@ -224,10 +224,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg); + squidguard_before_form_acl($pkg); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 5dbfcc43..d3448c5d 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -846,7 +846,7 @@ function sg_create_config() } # check configuration data - if (!sg_check_config_data(&$error_res)) { + if (!sg_check_config_data($error_res)) { sg_addlog("sg_create_config", "Bad config data. It's all error_res: $error_res", SQUIDGUARD_ERROR); sg_addlog("sg_create_config", "Terminated.", SQUIDGUARD_ERROR); return sg_create_simple_config('', '', "Error! Check squidGuard configuration data." . " (sg_create_config: [2])."); @@ -1071,8 +1071,8 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') { - acl_remove_blacklist_items(&$acl[F_DESTINATIONNAME]); - acl_remove_blacklist_items(&$acl[F_OVERDESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_DESTINATIONNAME]); + acl_remove_blacklist_items($acl[F_OVERDESTINATIONNAME]); } # not allowing IP in URL @@ -1128,7 +1128,7 @@ function sg_create_config() # delete blacklist entries from 'pass' if blacklist disabled if ($squidguard_config[F_BLACKLISTENABLED] !== 'on') - acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]); + acl_remove_blacklist_items($def[F_DESTINATIONNAME]); # not allowing IP in URL if ($def[F_NOTALLOWINGIP]) @@ -1254,7 +1254,7 @@ function sg_redirector_base_url($rdr_info, $redirect_mode) # check redirect $errmsg = ''; - if (!sg_check_redirect($redirect_mode, $rdr_info, &$errmsg)) { + if (!sg_check_redirect($redirect_mode, $rdr_info, $errmsg)) { $redirect_mode = RMOD_INT_ERRORPAGE; $rdr_info = "Bad redirect settings. $errmsg Check you configuration."; sg_addlog("sg_redirector_base_url", "$errmsg", SQUIDGUARD_ERROR); @@ -1310,7 +1310,7 @@ function sg_aclpass_reorder($pass) # ------------------------------------------------------------ # sg_check_config_data # ------------------------------------------------------------ -function sg_check_config_data ($input_errors) +function sg_check_config_data (&$input_errors) { global $squidguard_config; $elog = array(); @@ -1327,14 +1327,14 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $tm_name = $tm[F_NAME]; $err_s = ''; - if (!check_name_format($tm_name, &$err_s)) + if (!check_name_format($tm_name, $err_s)) $elog[] = "(T1) TIME '$tm_name' error: >>> $err_s"; if ($key_tm[$tm_name] > 1) $elog[] = "(T2) TIME '$tm_name' error: duplicate time name '$tm_name'"; # check time items format - sg_check_time($tm, &$elog); + sg_check_time($tm, $elog); } } @@ -1345,7 +1345,7 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $src_name = $src[F_NAME]; $err_s = ''; - if (!check_name_format($src_name, &$err_s)) + if (!check_name_format($src_name, $err_s)) $elog[] = "(A1) ACL '$src_name'error: $err_s"; if ($key_src[$src_name] > 1) @@ -1362,13 +1362,13 @@ function sg_check_config_data ($input_errors) # check name as unique and name format $dst_name = $dst[F_NAME]; $err_s = ''; - if (!check_name_format($dst_name, &$err_s)) + if (!check_name_format($dst_name, $err_s)) $elog[] = "(D1) DEST '$dst_name' error: $err_s"; if ($key_dst[$dst_name] > 1) $elog[] = "(D2) DEST '$dst_name' error: duplicate destination name '$dst_name'"; # - sg_check_dest($dst, &$elog); + sg_check_dest($dst, $elog); } } @@ -1396,7 +1396,7 @@ function sg_check_config_data ($input_errors) # check check name as unique and name format $rw_name = $rw[F_NAME]; $err_s = ''; - if (!check_name_format($rw_name, &$err_s)) + if (!check_name_format($rw_name, $err_s)) $elog[] = "(R1) REWRITE '$rw_name' error: $err_s"; if ($key_rw[$rw_name] > 1) @@ -1674,7 +1674,7 @@ function is_username($username) # ------------------------------------------------------------------------------ # check name # ------------------------------------------------------------------------------ -function check_name_format ($name, $input_errors) +function check_name_format ($name, &$input_errors) { $elog = array(); $val = trim($name); @@ -1698,7 +1698,7 @@ function check_name_format ($name, $input_errors) # ****************************************************************************** # check redirect # ------------------------------------------------------------------------------ -function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) +function sg_check_redirect($rdr_mode, $rdr_info, &$err_msg) { $res = true; switch($rdr_mode) { @@ -1720,7 +1720,7 @@ function sg_check_redirect($rdr_mode, $rdr_info, $err_msg) # ------------------------------------------------------------------------------ # sg_check_time # ------------------------------------------------------------------------------ -function sg_check_time($sgtime, $input_errors) +function sg_check_time($sgtime, &$input_errors) { $err = ''; $days = array("*", "mon", "tue", "wed", "thu", "fri", "sat", "sun"); @@ -1746,14 +1746,14 @@ function sg_check_time($sgtime, $input_errors) # ------------------------------------------------------------------------------ # sg_check_dest # ------------------------------------------------------------------------------ -function sg_check_dest($sgx, $input_errors) +function sg_check_dest($sgx, &$input_errors) { $elog = array(); $dm = explode(" ", $sgx[F_DOMAINS]); # $ex = explode(" ", $sgx[F_EXPRESSIONS]); $ur = explode(" ", $sgx[F_URLS]); - array_packitems(&$dm); - array_packitems(&$ur); + array_packitems($dm); + array_packitems($ur); # domain or ip foreach ($dm as $d_it) { @@ -1765,7 +1765,7 @@ function sg_check_dest($sgx, $input_errors) if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url."; # check redirect - sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], &$elog); + sg_check_redirect($sgx[F_RMOD], $sgx[F_REDIRECT], $elog); # update log if (!empty($elog)) { @@ -1780,7 +1780,7 @@ function sg_check_dest($sgx, $input_errors) # ------------------------------------------------------------------------------ # sg_check_src # ------------------------------------------------------------------------------ -function sg_check_src($sgx, $input_errors) +function sg_check_src($sgx, &$input_errors) { $elog = array(); @@ -1822,7 +1822,7 @@ function str_packspaces($str) while(strpos($str, ' ')) $str = str_replace(' ', ' ', $str); } -function array_packitems($arval) +function array_packitems(&$arval) { if (is_array($arval)) { $arval = array_map("trim", $arval); # trim all items @@ -1894,7 +1894,7 @@ function check_time($time) # ----------------------------------------------------------------------------- # acl_remove_blacklist_items # ----------------------------------------------------------------------------- -function acl_remove_blacklist_items($items) +function acl_remove_blacklist_items(&$items) { # add !items and ^items $db_entries = sg_entries_blacklist(); @@ -2081,8 +2081,8 @@ function squidguard_blacklist_update_start($url_filename) function squidguard_blacklist_update_cancel() { # kill script and SG update process - mwexec("kill `ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}'`"); - mwexec("kill `ps auxwwww | grep 'squidGuard -c .* -C all' | grep -v 'grep' | awk '{print $2}'`"); + mwexec("/bin/kill `ps auxwwww | /usr/bin/grep '" . SCR_NAME_BLKUPDATE . "' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}'`"); + mwexec("/bin/kill `ps auxwwww | /usr/bin/grep 'squidGuard -c .* -C all' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}'`"); squidguard_ramdisk(false); squidguard_update_log("Blacklist update terminated by user.", ""); @@ -2102,7 +2102,7 @@ function squidguard_blacklist_update_clearlog() # ----------------------------------------------------------------------------- function squidguard_blacklist_update_IsStarted() { - return exec("ps auxwwww | grep '" . SCR_NAME_BLKUPDATE . "' | grep -v 'grep' | awk '{print $2}' | wc -l | awk '{ print $1 }'"); + return exec("/bin/ps auxwwww | /usr/bin/grep '" . SCR_NAME_BLKUPDATE . "' | /usr/bin/grep -v 'grep' | /usr/bin/awk '{print $2}' | /usr/bin/wc -l | /usr/bin/awk '{ print $1 }'"); } # ----------------------------------------------------------------------------- @@ -2126,27 +2126,27 @@ function sg_reconfigure_blacklist($source_filename, $opt = '') # 2. download if ($sf[0] === "/") { # local file - example '/tmp/blacklists.tar' - sg_addlog("sg_reconfigure_blacklist", "Update from file '$sf'.", SQUIDGUARD_INFO); - squidguard_update_log("Copy archive from file '$sf'"); + sg_addlog("sg_reconfigure_blacklist", "Update from file '{$sf}'.", SQUIDGUARD_INFO); + squidguard_update_log("Copy archive from file '{$sf}'"); if (file_exists($sf)) { $sf_contents = file_get_contents($sf); } else { - sg_addlog("sg_reconfigure_blacklist", "File '$sf' not found.", SQUIDGUARD_ERROR); - squidguard_update_log("File '$sf' not found."); + sg_addlog("sg_reconfigure_blacklist", "File '{$sf}' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("File '{$sf}' not found."); return; } } # from url else { - sg_addlog("sg_reconfigure_blacklist", "Download from url '$sf'.", SQUIDGUARD_INFO); + sg_addlog("sg_reconfigure_blacklist", "Download from url '{$sf}'.", SQUIDGUARD_INFO); squidguard_update_log("Start download."); $sf_contents = sg_uploadfile_from_url($sf, $opt); } # 3. update if (empty($sf_contents)) { - sg_addlog("sg_reconfigure_blacklist", "Bad content from '$sf'. Terminate.", SQUIDGUARD_ERROR); - squidguard_update_log("Bad content from '$sf'. Terminate."); + sg_addlog("sg_reconfigure_blacklist", "Bad content from '{$sf}'. Terminate.", SQUIDGUARD_ERROR); + squidguard_update_log("Bad content from '{$sf}'. Terminate."); return; } @@ -2177,7 +2177,7 @@ function sg_update_blacklist($from_file) $conf_path = SQUIDGUARD_VAR . DB_REBUILD_BLK_CONF; $blklist_file = SQUIDGUARD_BLK_FILELISTPATH; - sg_addlog("sg_update_blacklist", "Begin with '$from_file'.", SQUIDGUARD_INFO); + sg_addlog("sg_update_blacklist", "Begin with '{$from_file}'.", SQUIDGUARD_INFO); if (file_exists($from_file)) { # check work and DB dir's @@ -2185,20 +2185,20 @@ function sg_update_blacklist($from_file) if (file_exists($squidguard_config[F_WORKDIR])) $workdir = $squidguard_config[F_WORKDIR]; # delete old tmp dir's - if (file_exists($tmp_unpack_dir)) mwexec("rm -R $tmp_unpack_dir"); - if (file_exists($arc_db_dir)) mwexec("rm -R $arc_db_dir"); + if (file_exists($tmp_unpack_dir)) mwexec("/bin/rm -R {$tmp_unpack_dir}"); + if (file_exists($arc_db_dir)) mwexec("/bin/rm -R {$arc_db_dir}"); squidguard_ramdisk(false); # create new tmp/arc dir's, use ramdisk for quick operations squidguard_ramdisk(true); - mwexec("mkdir -p -m 0755 $tmp_unpack_dir"); - mwexec("mkdir -p -m 0755 $arc_db_dir"); + mwexec("/bin/mkdir -p -m 0755 {$tmp_unpack_dir}"); + mwexec("/bin/mkdir -p -m 0755 {$arc_db_dir}"); # 1. unpack archive squidguard_update_log("Unpack archive"); - mwexec("tar zxvf $from_file -C $tmp_unpack_dir"); + mwexec("/usr/bin/tar zxvf $from_file -C {$tmp_unpack_dir}"); set_file_access($tmp_unpack_dir, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist", "Unpack uploaded file '$from_file' -> '$tmp_unpack_dir'.", SQUIDGUARD_INFO); + sg_addlog("sg_update_blacklist", "Unpack uploaded file '{$from_file}' -> '{$tmp_unpack_dir}'.", SQUIDGUARD_INFO); # 2. copy blacklist to TempDB base & create entries list squidguard_update_log("Scan blacklist categories."); @@ -2207,11 +2207,11 @@ function sg_update_blacklist($from_file) $blk_list = array(); # scan blacklist items - scan_blacklist_cat($tmp_unpack_dir, "blk", & $blk_items); + scan_blacklist_cat($tmp_unpack_dir, "blk", $blk_items); # move blacklist catalog structure to 'one level' (from tmp_DB to arch_DB) foreach ($blk_items as $key => $val) { - $current_dbpath = "$arc_db_dir/$key"; + $current_dbpath = "{$arc_db_dir}/{$key}"; if (count($val)) { # make blk_list for config file $blk_list[$key] = $key; @@ -2220,9 +2220,9 @@ function sg_update_blacklist($from_file) # need moving $val['path'] to $current_dbpath # if $current_dbpath exists, then $val['path'] will created as subdir - !it's worng! if (file_exists($current_dbpath)) - mwexec("rm -R $current_dbpath"); - mwexec("mv -f {$val['path']}/ $current_dbpath"); - sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> $current_dbpath.", SQUIDGUARD_INFO); + mwexec("/bin/rm -R {$current_dbpath}"); + mwexec("/bin/mv -f {$val['path']}/ {$current_dbpath}"); + sg_addlog("sg_update_blacklist", "Move {$val['path']}/ -> {$current_dbpath}.", SQUIDGUARD_INFO); } } set_file_access($arc_db_dir, OWNER_NAME, 0755); @@ -2242,7 +2242,7 @@ function sg_update_blacklist($from_file) file_put_contents($blklist_file, $cont); set_file_access ($blklist_file, OWNER_NAME, 0755); - sg_addlog("sg_update_blacklist", "Create DB entries list '$blklist_file'.", SQUIDGUARD_INFO); + sg_addlog("sg_update_blacklist", "Create DB entries list '{$blklist_file}'.", SQUIDGUARD_INFO); squidguard_update_log("Found " . count($blk_items) . " items."); } @@ -2252,8 +2252,8 @@ function sg_update_blacklist($from_file) squidguard_update_log("Copy DB to workdir."); $blklist_file = $arc_db_dir . SQUIDGUARD_BLK_FILELIST; - mwexec("cp -R -p $arc_db_dir/ $dbhome"); - mwexec("cp -f -p $blklist_file " . SQUIDGUARD_WORKDIR); + mwexec("/bin/cp -R -p {$arc_db_dir}/ {$dbhome}"); + mwexec("/bin/cp -f -p {$blklist_file} " . SQUIDGUARD_WORKDIR); set_file_access($dbhome, OWNER_NAME, 0755); squidguard_update_log("Reconfigure Squid proxy."); @@ -2266,7 +2266,7 @@ function sg_update_blacklist($from_file) # free ramdisk squidguard_ramdisk(false); } - else sg_addlog("sg_update_blacklist", "File $from_file not found.", SQUIDGUARD_ERROR); + else sg_addlog("sg_update_blacklist", "File {$from_file} not found.", SQUIDGUARD_ERROR); } # ----------------------------------------------------------------------------- @@ -2382,13 +2382,13 @@ function squidguard_blacklist_restore_arcdb() if (file_exists($arc_db_dir)) { conf_mount_rw(); # copy arc blacklist to work DB with permissions - mwexec("cp -R -p $arc_db_dir/ $dbhome"); + mwexec("/bin/cp -R -p {$arc_db_dir}/ {$dbhome}"); set_file_access($dbhome, OWNER_NAME, 0755); - sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '$arc_db_dir'.", SQUIDGUARD_INFO); + sg_addlog("squidguard_blacklist_restore_arcdb", "Restore blacklist archive from '{$arc_db_dir}'.", SQUIDGUARD_INFO); # generate blacklist files list $blklist = ""; - $files = scan_dir("$arc_db_dir/"); + $files = scan_dir("{$arc_db_dir}/"); if ($files) $blklist = implode("\n", $files); file_put_contents($blklist_file, $blklist); set_file_access($blklist_file, OWNER_NAME, 0755); @@ -2401,8 +2401,8 @@ function squidguard_blacklist_restore_arcdb() conf_mount_ro(); squidguard_update_log("Restore success."); } else { - sg_addlog("squidguard_blacklist_restore_arcdb", "File '$arc_db_dir' or '$blklist_file' not found.", SQUIDGUARD_ERROR); - squidguard_update_log("Restore error: File '$arc_db_dir' or '$blklist_file' not found."); + sg_addlog("squidguard_blacklist_restore_arcdb", "File '{$arc_db_dir}' or '{$blklist_file}' not found.", SQUIDGUARD_ERROR); + squidguard_update_log("Restore error: File '{$arc_db_dir}' or '{$blklist_file}' not found."); } } @@ -2416,7 +2416,7 @@ function squidguard_blacklist_restore_arcdb() # ["urls"] urls file path # ["expressions"] expressions file path # ------------------------------------------------------------------------------ -function scan_blacklist_cat($curdir, $key_name, $cat_array) +function scan_blacklist_cat($curdir, $key_name, &$cat_array) { if (file_exists($curdir) and is_dir($curdir)) { @@ -2449,7 +2449,7 @@ function scan_blacklist_cat($curdir, $key_name, $cat_array) $fls_key = $key_name . "_" . $fls; # recursive call - scan_blacklist_cat($fls_file, $fls_key, & $cat_array); + scan_blacklist_cat($fls_file, $fls_key, $cat_array); } } } diff --git a/config/squidGuard/squidguard_default.xml b/config/squidGuard/squidguard_default.xml index 01380ea5..4a03c2b6 100644 --- a/config/squidGuard/squidguard_default.xml +++ b/config/squidGuard/squidguard_default.xml @@ -134,10 +134,10 @@ </field> </fields> <custom_php_validation_command> - squidguard_validate_acl(&$_POST, &$input_errors); + squidguard_validate_acl($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> - squidguard_before_form_acl(&$pkg, false); + squidguard_before_form_acl($pkg, false); </custom_php_command_before_form> <custom_php_after_form_command> squidGuard_print_javascript(); diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml index 3525098e..5f128a49 100644 --- a/config/squidGuard/squidguard_dest.xml +++ b/config/squidGuard/squidguard_dest.xml @@ -172,10 +172,10 @@ </field> </fields> <custom_php_command_before_form> - squidguard_before_form_dest(&$pkg); + squidguard_before_form_dest($pkg); </custom_php_command_before_form> <custom_php_validation_command> - squidguard_validate_destination($_POST, &$input_errors); + squidguard_validate_destination($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> squidguard_resync_dest(); diff --git a/config/squidGuard/squidguard_log.php b/config/squidGuard/squidguard_log.php index 8eba2311..fae61a8c 100644 --- a/config/squidGuard/squidguard_log.php +++ b/config/squidGuard/squidguard_log.php @@ -77,14 +77,14 @@ function squidguard_log_AJAX_response( $request ) $res = squidguard_prep_textareacont($cont); break; case 'guilog': - $res = squidguard_logrep(squidguard_guidump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_guidump( $offset, 50, true)); break; case 'filterlog': - $res = squidguard_logrep(squidguard_filterdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_filterdump( $offset, 50, true)); break; case "blocked": default: - $res = squidguard_logrep(squidguard_blockdump( &$offset, 50, true)); + $res = squidguard_logrep(squidguard_blockdump( $offset, 50, true)); break; } @@ -93,7 +93,7 @@ function squidguard_log_AJAX_response( $request ) return $res; } -function squidguard_logrep( $dump ) +function squidguard_logrep( &$dump ) { $res = ''; diff --git a/config/squidGuard/squidguard_rewr.xml b/config/squidGuard/squidguard_rewr.xml index c21cb1c0..4b55292d 100644 --- a/config/squidGuard/squidguard_rewr.xml +++ b/config/squidGuard/squidguard_rewr.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_rewrite($_POST, &$input_errors); + squidguard_validate_rewrite($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_rewrite(); diff --git a/config/squidGuard/squidguard_time.xml b/config/squidGuard/squidguard_time.xml index dfd589aa..7f682174 100644 --- a/config/squidGuard/squidguard_time.xml +++ b/config/squidGuard/squidguard_time.xml @@ -136,7 +136,7 @@ squidGuard_print_javascript(); </custom_php_after_form_command> <custom_php_validation_command> - squidguard_validate_times(&$_POST, &$input_errors); + squidguard_validate_times($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> // squidguard_resync_time(); diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 2caa39cc..7ff911c1 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -1,69 +1,46 @@ <?php -/* ========================================================================== */ /* - sshdcond.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - Copyright (C) 2012 Han Van (namezero@afim.info) - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - require_once("config.inc"); - require_once("util.inc"); - -function restart_sshd(){ - #backup /etc/sshd before any change - $etc_sshd="/etc/sshd"; - $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); - if (!file_exists('/root/'.$pfsense_version.'.sshd.backup')){ - copy ($etc_sshd,'/root/'.$pfsense_version.'.sshd.backup'); - } - - #patch /etc/sshd if need - $sshd_file=file($etc_sshd); - $sshd_new_file=""; - foreach ($sshd_file as $line){ - if (preg_match('/sshconf .= "Port/',$line)){ - $sshd_new_file.= $line; - $sshd_new_file.= "\t".'if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}'."\n"; - } - elseif(!preg_match('/sshd_extra/',$line)){ - $sshd_new_file.= $line; - } - } - file_put_contents($etc_sshd,$sshd_new_file,LOCK_EX); - mwexec_bg($etc_sshd); - } + sshdcond.inc + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2012 Han Van (namezero@afim.info) + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("util.inc"); + +function restart_sshd() { + mwexec_bg("/etc/sshd"); +} -function sshdcond_custom_php_install_command(){ +function sshdcond_custom_php_install_command() { global $g, $config; conf_mount_rw(); @@ -71,12 +48,12 @@ function sshdcond_custom_php_install_command(){ // We need to generate an outfile for our extra commands // The patched g_szSSHDFileGenerate php file then reads and appends that config $fd = fopen("/etc/ssh/sshd_extra", 'w'); - fclose($fd); + fclose($fd); conf_mount_ro(); } -function sshdcond_custom_php_deinstall_command(){ +function sshdcond_custom_php_deinstall_command() { global $g, $config; conf_mount_rw(); @@ -90,25 +67,25 @@ function sshdcond_custom_php_deinstall_command(){ conf_mount_ro(); } -function sshdcond_custom_php_write_config(){ +function sshdcond_custom_php_write_config() { global $g, $config; - + # detect boot process - if (is_array($_POST)){ + if (is_array($_POST)) { if (!preg_match("/\w+/",$_POST['__csrf_magic'])) return; } - + $sshd_extra=""; - if (is_array($config['installedpackages']['sshdcond']['config'])){ + if (is_array($config['installedpackages']['sshdcond']['config'])) { // Mount Read-only conf_mount_rw(); // Read config - foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond){ - if ($sshdcond['enable'] && is_array($sshdcond['row'])){ + foreach ($config['installedpackages']['sshdcond']['config'] as $sshdcond) { + if ($sshdcond['enable'] && is_array($sshdcond['row'])) { $sshd_extra.= "Match {$sshdcond['matchtype']} {$sshdcond['matchvalue']}\n"; - foreach ($sshdcond['row'] as $sshd){ + foreach ($sshdcond['row'] as $sshd) { //check if there is spaces on sshd value if(preg_match ("/\s+/",$sshd['sshdvalue'])) $sshd['sshdvalue']='"'.$sshd['sshdvalue'].'"'; @@ -118,7 +95,7 @@ function sshdcond_custom_php_write_config(){ $sshd_extra.="\t {$sshd['sshdoption']} {$sshd['sshdvalue']}\n"; //apply file permission if option is ChrootDirectory - if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])){ + if ($sshd['sshdoption']=="ChrootDirectory" && file_exists($sshd['sshdvalue'])) { chown($sshd['sshdvalue'], 'root'); chgrp($sshd['sshdvalue'], 'operator'); } @@ -129,15 +106,15 @@ function sshdcond_custom_php_write_config(){ //Save /etc/ssh/sshd_extra file_put_contents("/etc/ssh/sshd_extra",$sshd_extra,LOCK_EX); - - + + // Restart sshd restart_sshd(); // Mount Read-only conf_mount_ro(); - + //sync config with other pfsense servers sshdcond_sync_on_changes(); } @@ -145,14 +122,14 @@ function sshdcond_custom_php_write_config(){ /* Uses XMLRPC to synchronize the changes to a remote node */ function sshdcond_sync_on_changes() { global $config, $g; - + if (is_array($config['installedpackages']['sshdcondsync'])) - if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) + if (!$config['installedpackages']['sshdcondsync']['config'][0]['synconchanges']) return; log_error("[sshdcond] xmlrpc sync is starting."); - foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs ) { + foreach($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; if($password && $sync_to_ip) @@ -174,18 +151,18 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { $username='admin'; $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; - } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -221,7 +198,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { } else { log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell sshdcond to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n"; @@ -231,7 +208,7 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("sshdcond XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -251,4 +228,4 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } - ?>
\ No newline at end of file + ?> diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 68cf4a00..a69d9211 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -33,16 +33,30 @@ switch ($pfs_version) { case "1.2": case "2.0": define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); break; - default: + case "2.1": // Hackish way to detect if someone manually did pkg_add rather than use pbi. - if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); - else + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); + } else { define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } + break; + default: + define('SUDO_BASE','/usr/local'); + // Hackish way to detect if someone manually did pkg_add rather than use pbi. + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { + define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); + } else { + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } } define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc'); +define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf'); define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers'); function sudo_install() { @@ -73,6 +87,12 @@ function sudo_write_config() { global $config; $sudoers = ""; conf_mount_rw(); + + $sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n"; + file_put_contents(SUDO_CONF, $sudoconf); + if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); diff --git a/config/suricata/disablesid-sample.conf b/config/suricata/disablesid-sample.conf new file mode 100644 index 00000000..026f4d94 --- /dev/null +++ b/config/suricata/disablesid-sample.conf @@ -0,0 +1,43 @@ +# example disablesid.conf + +# Example of modifying state for individual rules +# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010 + +# Example of modifying state for rule ranges +# 1:220-1:3264,3:13010-3:13013 + +# Comments are allowed in this file, and can also be on the same line +# As the modify state syntax, as long as it is a trailing comment +# 1:1011 # I Disabled this rule because I could! + +# Example of modifying state for MS and cve rules, note the use of the : +# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, +# and all MS00 and all cve 2000 related sids! These support regular expression +# matching only after you have specified what you are looking for, i.e. +# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular +# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below) +# for this. +# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+ + +# Example of using the pcre: keyword to modify rulestate. the pcre keyword +# allows for full use of regular expression syntax, you do not need to designate +# with / and all pcre searches are treated as case insensitive. For more information +# about regular expression syntax: http://www.regular-expressions.info/ +# The following example modifies state for all MS07 through MS10 +# pcre:MS(0[7-9]|10)-\d+ +# pcre:"Joomla" + +# Example of modifying state for specific categories entirely. +# "snort_" limits to Snort VRT rules, "emerging-" limits to +# Emerging Threats Open rules, "etpro-" limits to ET-PRO rules. +# "shellcode" with no prefix would match in any vendor set. +# snort_web-iis,emerging-shellcode,etpro-imap,shellcode + +# Any of the above values can be on a single line or multiple lines, when +# on a single line they simply need to be separated by a , +# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233 + +# The modifications in this file are for sample/example purposes only and +# should not actively be used, you need to modify this file to fit your +# environment. + diff --git a/config/suricata/enablesid-sample.conf b/config/suricata/enablesid-sample.conf new file mode 100644 index 00000000..4cccc5dd --- /dev/null +++ b/config/suricata/enablesid-sample.conf @@ -0,0 +1,39 @@ +# example enablesid.conf + +# Example of modifying state for individual rules +# 1:1034,1:9837,1:1270,1:3390,1:710,1:1249,3:13010 + +# Example of modifying state for rule ranges +# 1:220-1:3264,3:13010-3:13013 + +# Comments are allowed in this file, and can also be on the same line +# As the modify state syntax, as long as it is a trailing comment +# 1:1011 # I Disabled this rule because I could! + +# Example of modifying state for MS and cve rules, note the use of the : +# in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301, +# and all MS00 and all cve 2000 related sids! These support regular expression +# matching only after you have specified what you are looking for, i.e. +# MS00-<regex> or cve:<regex>, the first section CANNOT contain a regular +# expression (MS\d{2}-\d+) will NOT work, use the pcre: keyword (below) +# for this. +# MS09-008,cve:2009-0233,bugtraq:21301,MS00-\d+,cve:2000-\d+ + +# Example of using the pcre: keyword to modify rulestate. the pcre keyword +# allows for full use of regular expression syntax, you do not need to designate +# with / and all pcre searches are treated as case insensitive. For more information +# about regular expression syntax: http://www.regular-expressions.info/ +# The following example modifies state for all MS07 through MS10 +# pcre:MS(0[7-9]|10)-\d+ +# pcre:"Joomla" + +# Example of modifying state for specific categories entirely. +# "snort_" limits to Snort VRT rules, "emerging-" limits to +# Emerging Threats Open rules, "etpro-" limits to ET-PRO rules. +# "shellcode" with no prefix would match in any vendor set. +# snort_web-iis,emerging-shellcode,etpro-imap,shellcode + +# Any of the above values can be on a single line or multiple lines, when +# on a single line they simply need to be separated by a , +# 1:9837,1:220-1:3264,3:13010-3:13013,pcre:MS(0[0-7])-\d+,MS09-008,cve:2009-0233 + diff --git a/config/suricata/modifysid-sample.conf b/config/suricata/modifysid-sample.conf new file mode 100644 index 00000000..d59f84ba --- /dev/null +++ b/config/suricata/modifysid-sample.conf @@ -0,0 +1,23 @@ +# example modifysid.conf +# +# formatting is simple +# <sid or sid list> "what I'm replacing" "what I'm replacing it with" +# +# Note that this will only work with GID:1 rules, simply because modifying +# GID:3 SO stub rules would not actually affect the rule. +# +# If you are attempting to change rulestate (enable,disable) from here +# then you are doing it wrong. Do this from within the respective +# rulestate modification configuration files. + +# the following applies to sid 10010 only and represents what would normally +# be s/to_client/from_server/ +# 10010 "to_client" "from_server" + +# the following would replace HTTP_PORTS with HTTPS_PORTS for ALL GID:1 +# rules +# "HTTP_PORTS" "HTTPS_PORTS" + +# multiple sids can be specified as noted below: +# 302,429,1821 "\$EXTERNAL_NET" "\$HOME_NET" + diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index c767f2d0..66c1e799 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -44,37 +44,12 @@ require_once("services.inc"); require_once("service-utils.inc"); require_once("pkg-utils.inc"); require_once("filter.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); global $g, $config; -if (!is_array($config['installedpackages']['suricata'])) - $config['installedpackages']['suricata'] = array(); - -/* Get installed package version for display */ -$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}"; - -// Define the installed package version -define('SURICATA_PKG_VER', $suricata_package_version); - -// Define the name of the pf table used for IP blocks -define('SURICATA_PF_TABLE', 'snort2c'); - -// Create some other useful defines -define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); -define('SURICATALOGDIR', '/var/log/suricata/'); -define('RULES_UPD_LOGFILE', SURICATALOGDIR . 'suricata_rules_update.log'); -define('ENFORCING_RULES_FILENAME', 'suricata.rules'); -define('FLOWBITS_FILENAME', 'flowbit-required.rules'); - -// Rule set download filenames and prefixes -define('ET_DNLD_FILENAME', 'emerging.rules.tar.gz'); -define('ETPRO_DNLD_FILENAME', 'etpro.rules.tar.gz'); -define('VRT_DNLD_FILENAME', 'snortrules-snapshot-edge.tar.gz'); -define('GPLV2_DNLD_FILENAME', 'community-rules.tar.gz'); -define('VRT_FILE_PREFIX', 'snort_'); -define('GPL_FILE_PREFIX', 'GPLv2_'); -define('ET_OPEN_FILE_PREFIX', 'emerging-'); -define('ET_PRO_FILE_PREFIX', 'etpro-'); +// Suricata GUI needs some extra PHP memory space to manipulate large rules arrays +ini_set("memory_limit", "256M"); function suricata_generate_id() { global $config; @@ -130,10 +105,11 @@ function suricata_barnyard_start($suricatacfg, $if_real) { $suricata_uuid = $suricatacfg['uuid']; $suricatadir = SURICATADIR . "suricata_{$suricata_uuid}_{$if_real}"; $suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + $suricatabindir = SURICATA_PBI_BINDIR; if ($suricatacfg['barnyard_enable'] == 'on') { log_error("[Suricata] Barnyard2 START for {$suricatacfg['descr']}({$if_real})..."); - mwexec_bg("/usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}/barnyard2.conf -d {$suricatalogdir} -D -q"); + mwexec_bg("{$suricatabindir}barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}/barnyard2.conf -d {$suricatalogdir} -D -q"); } } @@ -142,10 +118,11 @@ function suricata_start($suricatacfg, $if_real) { $suricatadir = SURICATADIR; $suricata_uuid = $suricatacfg['uuid']; + $suricatabindir = SURICATA_PBI_BINDIR; if ($suricatacfg['enable'] == 'on') { log_error("[Suricata] Suricata START for {$suricatacfg['descr']}({$if_real})..."); - mwexec_bg("/usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + mwexec_bg("{$suricatabindir}suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); } else return; @@ -154,6 +131,61 @@ function suricata_start($suricatacfg, $if_real) { suricata_barnyard_start($suricatacfg, $if_real); } +function suricata_start_all_interfaces($background=FALSE) { + + /*************************************************************/ + /* This function starts all configured and enabled Suricata */ + /* interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Suricata interfaces active */ + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + + foreach ($config['installedpackages']['suricata']['rule'] as $suricatacfg) { + if ($suricatacfg['enable'] != 'on') + continue; + suricata_start($suricatacfg, get_real_interface($suricatacfg['interface'])); + } +} + +function suricata_stop_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Suricata interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Suricata interfaces active */ + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + + foreach ($config['installedpackages']['suricata']['rule'] as $suricatacfg) { + suricata_stop($suricatacfg, get_real_interface($suricatacfg['interface'])); + } +} + +function suricata_restart_all_interfaces() { + + /*************************************************************/ + /* This function stops all configured Suricata interfaces */ + /* and restarts enabled Suricata interfaces. */ + /*************************************************************/ + + global $g, $config; + + /* do nothing if no Suricata interfaces active */ + if (!is_array($config['installedpackages']['suricata']['rule'])) + return; + + suricata_stop_all_interfaces(); + sleep(2); + suricata_start_all_interfaces(TRUE); +} + function suricata_reload_config($suricatacfg, $signal="USR2") { /**************************************************************/ @@ -178,7 +210,6 @@ function suricata_reload_config($suricatacfg, $signal="USR2") { /******************************************************/ if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Suricata LIVE RULE RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); -// sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); } } @@ -207,7 +238,6 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") { /******************************************************/ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Barnyard2 CONFIG RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); -// sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal); mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid"); } } @@ -250,7 +280,7 @@ function suricata_find_list($find_name, $type = 'passlist') { return array(); } -function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { +function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $externallist = false) { /***********************************************************/ /* The default is to build a HOME_NET variable unless */ @@ -260,9 +290,10 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { global $config, $g, $aliastable, $filterdns; $home_net = array(); - if ($listname == 'default' || empty($listname)) { + if (!$externallist && ($listname == 'default' || empty($listname))) { $localnet = 'yes'; $wanip = 'yes'; $wangw = 'yes'; $wandns = 'yes'; $vips = 'yes'; $vpns = 'yes'; - } else { + } + else { $list = suricata_find_list($listname); if (empty($list)) return $list; @@ -276,21 +307,25 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - // Always add loopback to HOME_NET and passlist (ftphelper) - if (!in_array("127.0.0.1", $home_net)) - $home_net[] = "127.0.0.1"; + // Always add loopback to HOME_NET and passlist + if (!$externallist) { + if (!in_array("127.0.0.1/32", $home_net)) + $home_net[] = "127.0.0.1/32"; + if (!in_array("::1/128", $home_net)) + $home_net[] = "::1/128"; + } /********************************************************************/ /* Always put the interface running Suricata in HOME_NET and */ - /* whitelist unless it's the WAN. WAN options are handled further */ + /* pass list unless it's the WAN. WAN options are handled further */ /* down. If the user specifically chose not to include LOCAL_NETS */ /* in the PASS LIST, then do not include the Suricata interface */ /* subnet in the PASS LIST. We do include the actual LAN interface */ /* IP for Suricata, though, to prevent locking out the firewall. */ /********************************************************************/ $suricataip = get_interface_ip($suricatacfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddr($suricataip)) { + if (($externallist && $localnet == 'yes') || (!$externallist && (!$passlist || $localnet == 'yes' || empty($localnet)))) { + if (is_ipaddrv4($suricataip)) { if ($suricatacfg['interface'] <> "wan") { $sn = get_interface_subnet($suricatacfg['interface']); $ip = gen_subnet($suricataip, $sn) . "/{$sn}"; @@ -299,15 +334,19 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { } } } - else { - if (is_ipaddr($suricataip)) { - if (!in_array($suricataip, $home_net)) - $home_net[] = $suricataip; + elseif (!$externallist && $localnet != 'yes') { + if (is_ipaddrv4($suricataip)) { + if (!in_array($suricataip . "/32", $home_net)) + $home_net[] = $suricataip . "/32"; } } + // Grab the IPv6 address if we have one assigned $suricataip = get_interface_ipv6($suricatacfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($suricataip, "%") !== FALSE) + $suricataip = substr($suricataip, 0, strpos($suricataip, "%")); + if (($externallist && $localnet == 'yes') || (!$externallist && (!$passlist || $localnet == 'yes' || empty($localnet)))) { if (is_ipaddrv6($suricataip)) { if ($suricatacfg['interface'] <> "wan") { $sn = get_interface_subnetv6($suricatacfg['interface']); @@ -317,14 +356,24 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { } } } - else { + elseif (!$externallist && $localnet != 'yes') { if (is_ipaddrv6($suricataip)) { - if (!in_array($suricataip, $home_net)) - $home_net[] = $suricataip; + if (!in_array($suricataip . "/128", $home_net)) + $home_net[] = $suricataip . "/128"; } } - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + // Add link-local address if user included locally-attached networks + $suricataip = get_interface_linklocal($suricatacfg['interface']); + if (!empty($suricataip) && $localnet == 'yes') { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($suricataip, "%") !== FALSE) + $suricataip = substr($suricataip, 0, strpos($suricataip, "%")); + if (!in_array($suricataip . "/128", $home_net)) + $home_net[] = $suricataip . "/128"; + } + + if (($$externallist && $localnet == 'yes') || (!$externallist && (!$passlist || $localnet == 'yes' || empty($localnet)))) { /*************************************************************************/ /* Iterate through the interface list and write out pass list items and */ /* also compile a HOME_NET list of all local interfaces for suricata. */ @@ -336,58 +385,89 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { if ($int == "wan") continue; $subnet = get_interface_ip($int); - if (is_ipaddr($subnet)) { + if (is_ipaddrv4($subnet)) { $sn = get_interface_subnet($int); $ip = gen_subnet($subnet, $sn) . "/{$sn}"; if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if ($int == "wan") - continue; + $subnet = get_interface_ipv6($int); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($subnet, "%") !== FALSE) + $subnet = substr($subnet, 0, strpos($subnet, "%")); if (is_ipaddrv6($subnet)) { $sn = get_interface_subnetv6($int); $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; if (!in_array($ip, $home_net)) $home_net[] = $ip; } + + // Add link-local address + $suricataip = get_interface_linklocal($int); + if (!empty($suricataip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($suricataip, "%") !== FALSE) + $suricataip = substr($suricataip, 0, strpos($suricataip, "%")); + if (!in_array($suricataip . "/128", $home_net)) + $home_net[] = $suricataip . "/128"; + } } } if ($wanip == 'yes') { $ip = get_interface_ip("wan"); - if (is_ipaddr($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if (is_ipaddrv4($ip)) { + if (!in_array($ip . "/32", $home_net)) + $home_net[] = $ip . "/32"; } $ip = get_interface_ipv6("wan"); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; + if (!in_array($ip . "/128", $home_net)) + $home_net[] = $ip . "/128"; + } + // Explicitly grab the WAN Link-Local address + $ip = get_interface_linklocal("wan"); + if (!empty($ip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); + if (!in_array($ip . "/128", $home_net)) + $home_net[] = $ip . "/128"; } } if ($wangw == 'yes') { // Grab the default gateway if set $default_gw = exec("/sbin/route -n get default |grep 'gateway:' | /usr/bin/awk '{ print $2 }'"); - if (is_ipaddr($default_gw) && !in_array($default_gw, $home_net)) - $home_net[] = $default_gw; - if (is_ipaddrv6($default_gw) && !in_array($default_gw, $home_net)) - $home_net[] = $default_gw; + if (is_ipaddrv4($default_gw) && !in_array($default_gw . "/32", $home_net)) + $home_net[] = $default_gw . "/32"; + if (is_ipaddrv6($default_gw) && !in_array($default_gw . "/128", $home_net)) + $home_net[] = $default_gw . "/128"; // Get any other interface gateway and put in $HOME_NET if not there already $gw = get_interface_gateway($suricatacfg['interface']); - if (is_ipaddr($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; + if (is_ipaddrv4($gw) && !in_array($gw . "/32", $home_net)) + $home_net[] = $gw . "/32"; $gw = get_interface_gateway_v6($suricatacfg['interface']); - if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; + // Trim off the interface designation (e.g., %em1) if present + if (strpos($gw, "%") !== FALSE) + $gw = substr($gw, 0, strpos($gw, "%")); + if (is_ipaddrv6($gw) && !in_array($gw . "/128", $home_net)) + $home_net[] = $gw . "/128"; } if ($wandns == 'yes') { - // Add DNS server for WAN interface to whitelist + // Add DNS server for WAN interface to Pass List $dns_servers = get_dns_servers(); foreach ($dns_servers as $dns) { + if (is_ipaddrv4($dns)) + $dns .= "/32"; + elseif (is_ipaddrv6($dns)) + $dns .= "/128"; if ($dns && !in_array($dns, $home_net)) $home_net[] = $dns; } @@ -405,7 +485,7 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { } } - // grab a list of vpns and whitelist if user desires + // Grab a list of vpns enabled - these come back as CIDR mask networks if ($vpns == 'yes') { $vpns_list = filter_get_vpns_list(); if (!empty($vpns_list)) { @@ -435,10 +515,61 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { return $valresult; } +function suricata_cron_job_exists($crontask, $match_time=FALSE, $minute="0", $hour="*", $monthday="*", $month="*", $weekday="*", $who="root") { + + /************************************************************ + * This function iterates the cron[] array in the config * + * to determine if the passed $crontask entry exists. It * + * returns TRUE if the $crontask already exists, or FALSE * + * if there is no match. * + * * + * The $match_time flag, when set, causes a test of the * + * configured task execution times along with the task * + * when checking for a match. * + * * + * We use this to prevent unneccessary config writes if * + * the $crontask already exists. * + ************************************************************/ + + global $config, $g; + + if (!is_array($config['cron'])) + $config['cron'] = array(); + if (!is_array($config['cron']['item'])) + $config['cron']['item'] = array(); + + foreach($config['cron']['item'] as $item) { + if(strpos($item['command'], $crontask) !== FALSE) { + if ($match_time) { + if ($item['minute'] != $minute) + return FALSE; + if ($item['hour'] != $hour) + return FALSE; + if ($item['mday'] != $monthday) + return FALSE; + if ($item['month'] != $month) + return FALSE; + if ($item['wday'] != $weekday) + return FALSE; + if ($item['who'] != $who) + return FALSE; + } + return TRUE; + } + } + return FALSE; +} + function suricata_rules_up_install_cron($should_install=true) { global $config, $g; - $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php"; + // If called with FALSE as argument, then we're removing + // the existing job. + if ($should_install == FALSE) { + if (suricata_cron_job_exists("suricata_check_for_rule_updates.php", FALSE)) + install_cron_job("suricata_check_for_rule_updates.php", false); + return; + } // Get auto-rule update parameter from configuration $suricata_rules_up_info_ck = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; @@ -504,12 +635,32 @@ function suricata_rules_up_install_cron($should_install=true) { $suricata_rules_up_wday = "*"; } - // System call to manage the cron job. - install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); + // Construct the basic cron command task + $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_for_rule_updates.php"; + + // If there are no changes in the cron job command string from the existing job, then exit + if (suricata_cron_job_exists($command, TRUE, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root")) + return; + + // Else install the new or updated cron job + if ($should_install) + install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); } function suricata_loglimit_install_cron($should_install=true) { + // See if simply removing existing "loglimit" job for Suricata + if ($should_install == FALSE) { + if (suricata_cron_job_exists("suricata/suricata_check_cron_misc.inc", FALSE)) + install_cron_job("suricata_check_cron_misc.inc", false); + return; + } + + // If there are no changes in the cron job command string from the existing job, then exit. + if ($should_install && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_check_cron_misc.inc", TRUE, "*/5")) + return; + + // Else install the new or updated cron job install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); } @@ -517,6 +668,13 @@ function suricata_rm_blocked_install_cron($should_install) { global $config, $g; $suri_pf_table = SURICATA_PF_TABLE; + // See if simply removing existing "expiretable" job for Suricata + if ($should_install == FALSE) { + if (suricata_cron_job_exists("{$suri_pf_table}", FALSE)) + install_cron_job("{$suri_pf_table}", false); + return; + } + $suricata_rm_blocked_info_ck = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; if ($suricata_rm_blocked_info_ck == "15m_b") { @@ -600,13 +758,15 @@ function suricata_rm_blocked_install_cron($should_install) { $suricata_rm_blocked_expire = "2419200"; } - // First, remove any existing cron task for "rm_blocked" hosts - install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); + // Construct the basic cron command task + $command = "/usr/bin/nice -n20 /sbin/pfctl -q -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; - // Now add or update the cron task for "rm_blocked" hosts - // if enabled. + // If there are no changes in the cron job command string from the existing job, then exit. + if (suricata_cron_job_exists($command, TRUE, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root")) + return; + + // Else install the new or updated cron job if ($should_install) { - $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); } } @@ -617,46 +777,39 @@ function sync_suricata_package_config() { $suricatadir = SURICATADIR; $rcdir = RCFILEPREFIX; - conf_mount_rw(); - // Do not start config build if there are no Suricata-configured interfaces - if (!is_array($config['installedpackages']['suricata']) || !is_array($config['installedpackages']['suricata']['rule'])) { - @unlink("{$rcdir}/suricata.sh"); - conf_mount_ro(); + if (!is_array($config['installedpackages']['suricata']['rule']) || count($config['installedpackages']['suricata']['rule']) < 1) return; - } $suricataconf = $config['installedpackages']['suricata']['rule']; foreach ($suricataconf as $value) { - $if_real = get_real_interface($value['interface']); + /* Skip configuration of any disabled interface */ + if ($value['enable'] != 'on') + continue; // create a suricata.yaml file for interface suricata_generate_yaml($value); // create barnyard2.conf file for interface if ($value['barnyard_enable'] == 'on') - suricata_generate_barnyard2_conf($value, $if_real); + suricata_generate_barnyard2_conf($value, get_real_interface($value['interface'])); } // create suricata bootup file suricata.sh suricata_create_rc(); - $suricataglob = $config['installedpackages']['suricata']['config'][0]; // setup the log directory size check job if enabled suricata_loglimit_install_cron(true); + // setup the suricata rules update job if enabled suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); + // set the suricata blocked hosts time suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); - write_config(); - configure_cron(); - // Do not attempt package sync if reinstalling package or booting -// if (!$g['suricata_postinstall'] && !$g['booting']) -// suricata_sync_on_changes(); - - conf_mount_ro(); + if (!isset($g['suricata_postinstall']) && !$g['booting']) + suricata_sync_on_changes(); } function suricata_load_suppress_sigs($suricatacfg, $track_by=false) { @@ -791,19 +944,19 @@ function suricata_post_delete_logs($suricata_uuid = 0) { // Keep most recent file unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) - @unlink($file); + unlink_if_exists($file); /* Clean-up Barnyard2 archived files if any exist */ $filelist = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); foreach ($filelist as $file) - @unlink($file); + unlink_if_exists($file); /* Clean-up packet capture files if any exist */ $filelist = glob("{$suricata_log_dir}/log.pcap.*"); // Keep most recent file unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) - @unlink($file); + unlink_if_exists($file); unset($filelist); } } @@ -933,7 +1086,7 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) { natcasesort($sidMap); // Now print the result to the supplied file - @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n"); + @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Suricata.\n\n"); @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND); } @@ -1047,11 +1200,11 @@ function suricata_load_rules_map($rules_path) { if (empty($rules_path)) return $map_ref; - /*************************************************************** + /************************************************************************************ * Read all the rules into the map array. * The structure of the map array is: * - * map[gid][sid]['rule']['category']['disabled']['flowbits'] + * map[gid][sid]['rule']['category']['action']['disabled']['managed']['flowbits'] * * where: * gid = Generator ID from rule, or 1 if general text @@ -1062,9 +1215,11 @@ function suricata_load_rules_map($rules_path) { * action = alert, drop, reject or pass * disabled = 1 if rule is disabled (commented out), 0 if * rule is enabled + * managed = 1 if rule is auto-managed by SID MGMT process, + * 0 if not auto-managed * flowbits = Array of applicable flowbits if rule contains * flowbits options - ***************************************************************/ + ************************************************************************************/ // First check if we were passed a directory, a single file // or an array of filenames to read. Set our $rule_files @@ -1537,6 +1692,854 @@ function suricata_load_vrt_policy($policy, $all_rules=null) { return $vrt_policy_rules; } +function suricata_parse_sidconf_file($sidconf_file) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by '$sidconf_file'. The file is */ + /* assumed to contain valid instructions for */ + /* matching rule SIDs as supported by the */ + /* Oinkmaster and PulledPork utilities. */ + /* */ + /* $sidconf_file ==> full path and name of */ + /* file to process */ + /* */ + /* Returns ==> an array containing */ + /* SID modifier tokens */ + /**********************************************/ + + $buf = ""; + $sid_mods = array(); + + $fd = fopen("{$sidconf_file}", "r"); + if ($fd == FALSE) { + log_error("[Suricata] Failed to open SID MGMT file '{$sidconf_file}' for processing."); + return $sid_mods; + } + + // Read and parse the conf file line-by-line + while (($buf = fgets($fd)) !== FALSE) { + $line = array(); + + // Skip any lines that may be just spaces. + if (trim($buf, " \r\n") == "") + continue; + + // Skip line with leading "#" since it's a comment + if (preg_match('/^\s*#/', $buf)) + continue; + + // Trim off any trailing comment + $line = explode("#", $buf); + + // Trim leading and trailing spaces plus newline and any carriage returns + $buf = trim($line[0], ' \r\n'); + + // Now split the SID mod arguments at the commas, if more than one + // per line, and add to our $sid_mods array. + $line = explode(",", $buf); + foreach ($line as $ent) + $sid_mods[] = trim($ent); + } + + // Close the file, release unneeded memory and return + // the array of SID mod tokens parsed from the file. + fclose($fd); + unset($line, $buf); + return $sid_mods; +} + +function suricata_sid_mgmt_auto_categories($suricatacfg, $log_results = FALSE) { + + /****************************************************/ + /* This function parses any auto-SID conf files */ + /* configured for the interface and returns an */ + /* array of rule categories adjusted from the */ + /* ['enabled_rulesets'] element in the config for */ + /* the interface in accordance with the contents */ + /* of the SID Mgmt conf files. */ + /* */ + /* The returned array shows which files should be */ + /* removed and which should be added to the list */ + /* used when building the enforcing ruleset. */ + /* */ + /* $suricatacfg ==> pointer to interface */ + /* configuration info */ + /* $log_results ==> [optional] log results to */ + /* 'sid_changes.log' in the */ + /* interface directory in */ + /* /var/log/suricata when TRUE */ + /* */ + /* Returns ==> array of category file names */ + /* for the interface. The keys */ + /* are category file names and */ + /* the corresponding values show */ + /* if the file should be added */ + /* or removed from the enabled */ + /* rulesets list. */ + /* */ + /* Example - */ + /* $changes[file] = 'enabled' */ + /* */ + /****************************************************/ + + global $config; + $suricata_sidmods_dir = SURICATA_SID_MODS_PATH; + $sid_mods = array(); + $enables = array(); + $disables = array(); + + // Check if auto-mgmt of SIDs is enabled, exit if not + if ($config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] != 'on') + return array(); + if (empty($suricatacfg['disable_sid_file']) && empty($suricatacfg['enable_sid_file'])) + return array(); + + // Configure the interface's logging subdirectory if log results is enabled + if ($log_results == TRUE) + $log_file = SURICATALOGDIR . $suricatalogdir . "suricata_" . get_real_interface($suricatacfg['interface']) . "{$suricatacfg['uuid']}/sid_changes.log"; + else + $log_file = NULL; + + // Get the list of currently enabled categories for the interface + if (!empty($suricatacfg['rulesets'])) + $enabled_cats = explode("||", $suricatacfg['rulesets']); + + if ($log_results == TRUE) { + error_log(gettext("********************************************************\n"), 3, $log_file); + error_log(gettext("Starting auto RULE CATEGORY management for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) ."\n"), 3, $log_file); + error_log(gettext("Start Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + } + + switch ($suricatacfg['sid_state_order']) { + case "disable_enable": + if (!empty($suricatacfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$suricatacfg['disable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'disable_sid_file' \"{$suricatacfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open disable_sid file \"{$suricatacfg['disable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + $disables = suricata_get_auto_category_mods($enabled_cats, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['disable_sid_file']}\".\n"), 3, $log_file); + } + } + if (!empty($suricatacfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$suricatacfg['enable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'enable_sid_file' \"{$suricatacfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open enable_sid file \"{$suricatacfg['enable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + $enables = suricata_get_auto_category_mods($enabled_cats, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['enable_sid_file']}\".\n"), 3, $log_file); + } + } + break; + + case "enable_disable": + if (!empty($suricatacfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$suricatacfg['enable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'enable_sid_file' \"{$suricatacfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open enable_sid file \"{$suricatacfg['enable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + $enables = suricata_get_auto_category_mods($enabled_cats, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['enable_sid_file']}\".\n"), 3, $log_file); + } + } + if (!empty($suricatacfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$suricatacfg['disable_sid_file']}\n"), 3, $log_file); + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'disable_sid_file' \"{$suricatacfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) + error_log(gettext("Unable to open disable_sid file \"{$suricatacfg['disable_sid_file']}\".\n"), 3, $log_file); + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + $disables = suricata_get_auto_category_mods($enabled_cats, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['disable_sid_file']}\".\n"), 3, $log_file); + } + } + break; + + default: + log_error(gettext("[Suricata] Unrecognized 'sid_state_order' value. Skipping auto CATEGORY mgmt step for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) { + error_log(gettext("ERROR: unrecognized 'sid_state_order' value. Skipping auto CATEGORY mgmt step for ") . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']). ".\n", 3, $log_file); + } + } + + if ($log_results == TRUE) { + error_log(gettext("End Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + error_log(gettext("********************************************************\n\n"), 3, $log_file); + } + + // Return the required rule category modifications as an array; + return array_merge($enables, $disables); +} + +function suricata_get_auto_category_mods($categories, $sid_mods, $action, $log_results = FALSE, $log_file = NULL) { + + /****************************************************/ + /* This function parses the provided SID mod tokens */ + /* in $sid_mods and returns an array of category */ + /* files that must be added ('enabled') or removed */ + /* ('disabled') from the provided $categories list */ + /* of enabled rule categories as determined by the */ + /* content of the SID Mgmt tokens in $sid_mods. */ + /* */ + /* The returned array shows which files should be */ + /* removed and which should be added to the list */ + /* used when building the enforcing ruleset. */ + /* */ + /* $categories ==> array of currently enabled */ + /* ruleset categories */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $action ==> modification action for */ + /* matching category targets: */ + /* 'enable' or 'disable' */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename of log */ + /* file to write to */ + /* */ + /* Returns ==> array of category file names */ + /* for the interface. The keys */ + /* are category file names and */ + /* the corresponding values show */ + /* if the file should be added */ + /* or removed from the enabled */ + /* rulesets list. */ + /* */ + /* Example - */ + /* $changes[file] = 'enabled' */ + /* */ + /****************************************************/ + + $suricatadir = SURICATADIR; + $all_cats = array(); + $changes = array(); + $counter = 0; + $matchcount = 0; + + // Get a list of all possible categories by loading all rules files + foreach (array( VRT_FILE_PREFIX, ET_OPEN_FILE_PREFIX, ET_PRO_FILE_PREFIX, GPL_FILE_PREFIX ) as $prefix) { + $files = glob("{$suricatadir}rules/{$prefix}*.rules"); + foreach ($files as $file) + $all_cats[] = basename($file); + } + + // Walk the SID mod tokens and decode looking for rule + // category enable/disable changes. + foreach ($sid_mods as $tok) { + $matches = array(); + // Test the SID token for a GID:SID range and skip if true + if (preg_match('/^(\d+):(\d+)-\1:(\d+)/', $tok)) + continue; + // Test the token for a single GID:SID and skip if true + elseif (preg_match('/^(\d+):(\d+)$/', $tok)) + continue; + // Test the token for the PCRE: keyword and skip if true + elseif (preg_match('/(^pcre\:)(.+)/i', $tok)) + continue; + // Test the token for the MS reference keyword and skip if true + elseif (preg_match('/^MS\d+-.+/i', $tok)) + continue; + // Test the token for other keywords delimited with a colon and skip if true + elseif (preg_match('/^[a-xA-X]+\:.+/', $tok)) + continue; + // Test the SID token for a rule category name. Anything that + // failed to match above is considered a potential category name. + elseif (preg_match('/[a-xA-X]+(-|\w).*/', $tok, $matches)) { + $counter++; + $regex = "/" . preg_quote(trim($matches[0]), '/') . "/i"; + // Search through the $all_cats array for any matches to the regex + $matches = preg_grep($regex, $all_cats); + + // See if any matches are in the $categories array + foreach ($matches as $cat) { + switch ($action) { + case 'enable': + if (!isset($changes[$cat])) { + $changes[$cat] = 'enabled'; + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Enabled rule category: {$cat}\n"), 3, $log_file); + $matchcount++; + } + break; + + case 'disable': + if (!isset($changes[$cat])) { + $changes[$cat] = 'disabled'; + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Disabled rule category: {$cat}\n"), 3, $log_file); + $matchcount++; + } + break; + + default: + break; + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Parsed {$counter} potential Rule Categories to match from the list of tokens.\n"), 3, $log_file); + error_log(gettext(" " . ucfirst($action) . "d {$matchcount} matching Rule Categories.\n"), 3, $log_file); + } + + // Release memory no longer needed + unset($all_cats, $matches); + + // Return array of rule category file changes + return $changes; +} + +function suricata_modify_sid_state(&$rule_map, $sid_mods, $action, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function walks the provided array of */ + /* SID modification tokens and locates the */ + /* target SID or SIDs in the $rule_map array. */ + /* It then performs the change specified by */ + /* $action on the target SID or SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $action ==> modification action for */ + /* matching SID targets: */ + /* 'enable' or 'disable' */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> $rule_map array modified */ + /* by changing state for */ + /* matching SIDs. */ + /* */ + /* Returns a two-dimension */ + /* array of matching GID:SID */ + /* pairs. */ + /**********************************************/ + + $sids = array(); + + // If no rules in $rule_map or mods in $sid_mods, + // then nothing to do. + if (empty($rule_map) || empty($sid_mods)) + return $sids; + + // Validate the action keyword as we only accept + // 'enable' and 'disable' as valid. + switch ($action) { + + case "enable": + break; + + case "disable": + break; + + default: + log_error(gettext("[Suricata] Error - unknown action '{$action}' supplied to suricata_modify_sid_state() function...no SIDs modified.")); + return $sids; + } + + // Walk the SID mod tokens and decode each one + foreach ($sid_mods as $tok) { + $matches = array(); + // Test the SID token for a GID:SID range + if (preg_match('/^(\d+):(\d+)-\1:(\d+)/', $tok, $matches)) { + // It was a range, so find all the intervening SIDs + $gid = trim($matches[1]); + $lsid = trim($matches[2]); + $usid = trim($matches[3]); + $sids[$gid][$lsid] = $action; + while ($lsid < $usid) { + $lsid++; + $sids[$gid][$lsid] = $action; + } + } + // Test the SID token for a single GID:SID + elseif (preg_match('/^(\d+):(\d+)$/', $tok, $matches)) { + // It's a single GID:SID, so grab it + $sids[$matches[1]][$matches[2]] = $action; + } + // Test the SID token for the PCRE: keyword + elseif (preg_match('/(^pcre\:)(.+)/i', $tok, $matches)) { + $regex = '/' . preg_quote($matches[2], '/') . '/i'; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for the MS reference keyword + elseif (preg_match('/^MS\d+-.+/i', $tok, $matches)) { + $regex = "/" . preg_quote($matches[0], '/') . "/i"; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for other keywords delimited with a colon + elseif (preg_match('/^[a-xA-X]+\:.+/', $tok, $matches)) { + $regex = "/" . str_replace(':', ",", preg_quote($matches[0], '/')) . "/i"; + + // Now search through the $rule_map in the 'rule' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['rule'])) { + $sids[$k1][$k2] = $action; + } + } + } + } + // Test the SID token for a rule category name. Anything that + // failed to match above is considered a potential category name. + elseif (preg_match('/[a-xA-X]+(-|\w).*/', $tok, $matches)) { + $regex = "/" . preg_quote(trim($matches[0]), '/') . "/i"; + // Now search through the $rule_map in the 'category' + // element for any matches to the regex and get + // the GID:SID. + foreach ($rule_map as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if (preg_match($regex, $v['category'] . ".rules")) { + $sids[$k1][$k2] = $action; + } + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + // Change state of all the matching GID:SID pairs we found + // above in the $rule_map array passed to us. + $modcount = $changecount = 0; + $counter = count($sids, COUNT_RECURSIVE) - count($sids); + + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext(" Parsed {$counter} potential SIDs to match from the provided list of tokens.\n"), 3, $log_file); + + foreach (array_keys($sids) as $k1) { + foreach (array_keys($sids[$k1]) as $k2) { + if (isset($rule_map[$k1][$k2])) { + if ($action == 'enable' && $rule_map[$k1][$k2]['disabled'] == 1) { + $rule_map[$k1][$k2]['rule'] = ltrim($rule_map[$k1][$k2]['rule'], " \t#"); + $rule_map[$k1][$k2]['disabled'] = 0; + $rule_map[$k1][$k2]['managed'] = 1; + $changecount++; + $modcount++; + } + elseif ($action == 'disable' && $rule_map[$k1][$k2]['disabled'] == 0) { + $rule_map[$k1][$k2]['rule'] = "# " . $rule_map[$k1][$k2]['rule']; + $rule_map[$k1][$k2]['disabled'] = 1; + $rule_map[$k1][$k2]['managed'] = 1; + $changecount++; + $modcount++; + } + } + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Found {$modcount} matching SIDs in the active rules.\n"), 3, $log_file); + error_log(gettext(" Changed state for {$changecount} SIDs to '{$action}d'.\n"), 3, $log_file); + } + + // Return the array of matching SIDs + return $sids; +} + +function suricata_modify_sid_content(&$rule_map, $sid_mods, $log_results = FALSE, $log_file = NULL) { + + /************************************************/ + /* This function walks the provided array of */ + /* SID modification tokens and locates the */ + /* target SID or SIDs in the $rule_map array. */ + /* It then modifies the content of the target */ + /* SID or SIDs. Modifications are only valid */ + /* for normal GID=1 text rules. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $sid_mods ==> array of SID modification */ + /* tokens */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> $rule_map array modified */ + /* by changing content for */ + /* matching SIDs. */ + /* */ + /* Returns a two-dimension */ + /* array of matching */ + /* GID:SID pairs. */ + /************************************************/ + + $sids = array(); + $tokencounter = $modcount = $modifiedcount = 0; + + // If no rules in $rule_map or mods in $sid_mods, + // then nothing to do. + if (empty($rule_map) || empty($sid_mods)) + return $sids; + + // Walk the SID mod tokens and decode each one + foreach ($sid_mods as $tok) { + $matches = array(); + if (preg_match('/([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/', $tok, $matches)) { + $tokencounter++; + $sidlist = explode(",", $matches[1]); + $from = '/' . preg_quote($matches[2], '/') . '/'; + $to = $matches[3]; + $count = 0; + + // Now walk the provided rule map and make the modifications + if ($matches[1] == "*") { + // If wildcard '*' provided for SID, then check them all + foreach ($rule_map[1] as $rulem) { + foreach ($rulem as $k2 => $v) { + $modcount++; + $rule_map[1][$k2]['rule'] = preg_replace($from, $to, $v['rule'], -1, $count); + if ($count > 0) { + $rule_map[1][$k2]['managed'] = 1; + $sids[1][$k2] = 'modify'; + $modifiedcount++; + } + } + } + } + else { + // Otherwise just check the provided SIDs + foreach ($sidlist as $sid) { + if (isset($rule_map[1][$sid])) { + $modcount++; + $rule_map[1][$sid]['rule'] = preg_replace($from, $to, $rule_map[1][$sid]['rule'], -1, $count); + if ($count > 0) { + $rule_map[1][$sid]['managed'] = 1; + $sids[1][$sid] = 'modify'; + $modifiedcount++; + } + } + } + } + } + else { + if ($log_results == TRUE && !empty($log_file)) + error_log(gettext("WARNING: unrecognized token '{$tok}' encountered while processing an automatic SID MGMT file.\n"), 3, $log_file); + } + } + + if ($log_results == TRUE && !empty($log_file)) { + error_log(gettext(" Parsed {$tokencounter} potential SIDs to match from the provided list of tokens.\n"), 3, $log_file); + error_log(gettext(" Found {$modcount} matching SIDs in the active rules.\n"), 3, $log_file); + error_log(gettext(" Modified rule text for {$modifiedcount} SIDs.\n"), 3, $log_file); + } + + // Return the array of matching SIDs + return $sids; +} + +function suricata_process_enablesid(&$rule_map, $suricatacfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'enable_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid enablesid.conf file containing */ + /* instructions for enabling matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $suricatacfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $suricata_sidmods_dir = SURICATA_SID_MODS_PATH; + $suricatalogdir = SURICATALOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'enable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'enable_sid_file' \"{$suricatacfg['enable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + return; + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['enable_sid_file']}"); + + if (!empty($sid_mods)) + suricata_modify_sid_state($rule_map, $sid_mods, "enable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['enable_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function suricata_process_disablesid(&$rule_map, $suricatacfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'disable_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid disablesid.conf file containing */ + /* instructions for disabling matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $suricatacfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $suricata_sidmods_dir = SURICATA_SID_MODS_PATH; + $suricatalogdir = SURICATALOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'disable_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'disable_sid_file' \"{$suricatacfg['disable_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + return; + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['disable_sid_file']}"); + + if (!empty($sid_mods)) + suricata_modify_sid_state($rule_map, $sid_mods, "disable", $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['disable_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function suricata_process_modifysid(&$rule_map, $suricatacfg, $log_results = FALSE, $log_file = NULL) { + + /**********************************************/ + /* This function loads and processes the file */ + /* specified by 'modify_sid_file' for the */ + /* interface. The file is assumed to be a */ + /* valid modifysid.conf file containing */ + /* instructions for modifying matching rule */ + /* SIDs. */ + /* */ + /* $rule_map ==> reference to array of */ + /* current rules */ + /* $suricatacfg ==> interface config params */ + /* $log_results ==> [optional] 'yes' to log */ + /* results to $log_file */ + /* $log_file ==> full path and filename */ + /* of log file to write to */ + /* */ + /* On Return ==> suitably modified */ + /* $rule_map array */ + /**********************************************/ + + $suricata_sidmods_dir = SURICATA_SID_MODS_PATH; + $suricatalogdir = SURICATALOGDIR; + $sid_mods = array(); + + // If no rules in $rule_map, then nothing to do + if (empty($rule_map)) + return; + + // Attempt to open the 'modify_sid_file' for the interface + if (!file_exists("{$suricata_sidmods_dir}{$suricatacfg['modify_sid_file']}")) { + log_error(gettext("[Suricata] Error - unable to open 'modify_sid_file' \"{$suricatacfg['modify_sid_file']}\" specified for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + return; + } + else + $sid_mods = suricata_parse_sidconf_file("{$suricata_sidmods_dir}{$suricatacfg['modify_sid_file']}"); + + if (!empty($sid_mods)) + suricata_modify_sid_content($rule_map, $sid_mods, $log_results, $log_file); + elseif ($log_results == TRUE && !empty($log_file)) { + error_log(gettext("WARNING: no valid SID match tokens found in file \"{$suricatacfg['modify_sid_file']}\".\n"), 3, $log_file); + } + + unset($sid_mods); +} + +function suricata_auto_sid_mgmt(&$rule_map, $suricatacfg, $log_results = FALSE) { + + /**************************************************/ + /* This function modifies the rules in the */ + /* passed rule_map array based on values in the */ + /* files 'enable_sid_file', 'disable_sid_file' */ + /* and 'modify_sid_file' for the interface. */ + /* */ + /* If auto-mgmt of SIDs is enabled via the */ + /* settings on the UPDATE RULES tab, then the */ + /* rules are processed against these settings. */ + /* */ + /* $rule_map ==> array of current rules */ + /* $suricatacfg ==> interface config settings */ + /* $log_results ==> [optional] log results to */ + /* 'sid_changes.log' in the */ + /* interface directory in */ + /* /var/log/suricata when TRUE */ + /* */ + /* Returns ==> TRUE if rules were changed; */ + /* otherwise FALSE */ + /**************************************************/ + + global $config; + $result = FALSE; + + // Configure the interface's logging subdirectory if log results is enabled + if ($log_results == TRUE) + $log_file = SURICATALOGDIR . $suricatalogdir . "suricata_" . get_real_interface($suricatacfg['interface']) . "{$suricatacfg['uuid']}/sid_changes.log"; + else + $log_file = NULL; + + // Check if auto-mgmt of SIDs is enabled and files are specified + // for the interface. + if ($config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] == 'on' && + (!empty($suricatacfg['disable_sid_file']) || !empty($suricatacfg['enable_sid_file']) || + !empty($suricatacfg['modify_sid_file']))) { + if ($log_results == TRUE) { + error_log(gettext("********************************************************\n"), 3, $log_file); + error_log(gettext("Starting auto SID management for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) ."\n"), 3, $log_file); + error_log(gettext("Start Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + } + + switch ($suricatacfg['sid_state_order']) { + case "disable_enable": + if (!empty($suricatacfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$suricatacfg['disable_sid_file']}\n"), 3, $log_file); + suricata_process_disablesid($rule_map, $suricatacfg, $log_results, $log_file); + } + if (!empty($suricatacfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$suricatacfg['enable_sid_file']}\n"), 3, $log_file); + suricata_process_enablesid($rule_map, $suricatacfg, $log_results, $log_file); + } + if (!empty($suricatacfg['modify_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing modify_sid file: {$suricatacfg['modify_sid_file']}\n"), 3, $log_file); + suricata_process_modifysid($rule_map, $suricatacfg, $log_results, $log_file); + } + $result = TRUE; + break; + + case "enable_disable": + if (!empty($suricatacfg['enable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing enable_sid file: {$suricatacfg['enable_sid_file']}\n"), 3, $log_file); + suricata_process_enablesid($rule_map, $suricatacfg, $log_results, $log_file); + } + if (!empty($suricatacfg['disable_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing disable_sid file: {$suricatacfg['disable_sid_file']}\n"), 3, $log_file); + suricata_process_disablesid($rule_map, $suricatacfg, $log_results, $log_file); + } + if (!empty($suricatacfg['modify_sid_file'])) { + if ($log_results == TRUE) + error_log(gettext("Processing modify_sid file: {$suricatacfg['modify_sid_file']}\n"), 3, $log_file); + suricata_process_modifysid($rule_map, $suricatacfg, $log_results, $log_file); + } + $result = TRUE; + break; + + default: + log_error(gettext("[Suricata] Unrecognized 'sid_state_order' value. Skipping auto SID mgmt step for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']))); + if ($log_results == TRUE) { + error_log(gettext("ERROR: unrecognized 'sid_state_order' value. Skipping auto SID mgmt step for ") . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']). ".\n", 3, $log_file); + } + $result = FALSE; + } + + if ($log_results == TRUE) { + error_log(gettext("End Time: " . date("Y-m-d H:i:s") . "\n"), 3, $log_file); + error_log(gettext("********************************************************\n\n"), 3, $log_file); + } + } + return $result; +} + function suricata_load_sid_mods($sids) { /*****************************************/ @@ -1572,15 +2575,15 @@ function suricata_load_sid_mods($sids) { function suricata_modify_sids(&$rule_map, $suricatacfg) { - /*****************************************/ - /* This function modifies the rules in */ - /* the passed rules_map array based on */ - /* values in the enablesid/disablesid */ - /* configuration parameters. */ - /* */ - /* $rule_map = array of current rules */ - /* $suricatacfg = config settings */ - /*****************************************/ + /***********************************************/ + /* This function modifies the rules in the */ + /* passed rules_map array based on values in */ + /* the enablesid/disablesid configuration */ + /* parameters for the interface. */ + /* */ + /* $rule_map = array of current rules */ + /* $suricatacfg = interface config settings */ + /***********************************************/ if (!isset($suricatacfg['rule_sid_on']) && !isset($suricatacfg['rule_sid_off'])) @@ -1634,11 +2637,15 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { /* to be written. */ /***********************************************************/ - global $rebuild_rules; + global $config, $rebuild_rules; $suricatadir = SURICATADIR; $flowbit_rules_file = FLOWBITS_FILENAME; - $suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $suricata_enforcing_rules_file = SURICATA_ENFORCING_RULES_FILENAME; + $enabled_rules = array(); + $enabled_files = array(); + $all_rules = array(); + $cat_mods = array(); $no_rules_defined = true; // If there is no reason to rebuild the rules, exit to save time. @@ -1648,11 +2655,12 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { // Log a message for rules rebuild in progress log_error(gettext("[Suricata] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ...")); + // Get any automatic rule category enable/disable modifications + // if auto-SID Mgmt is enabled and conf files exist for the interface. + $cat_mods = suricata_sid_mgmt_auto_categories($suricatacfg, TRUE); + // Only rebuild rules if some are selected or an IPS Policy is enabled - if (!empty($suricatacfg['rulesets']) || $suricatacfg['ips_policy_enable'] == 'on') { - $enabled_rules = array(); - $enabled_files = array(); - $all_rules = array(); + if (!empty($suricatacfg['rulesets']) || $suricatacfg['ips_policy_enable'] == 'on' || !empty($cat_mods)) { $no_rules_defined = false; // Load up all the rules into a Rules Map array. @@ -1660,12 +2668,37 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { // Create an array with the filenames of the enabled // rule category files if we have any. - if (!empty($suricatacfg['rulesets'])) { - foreach (explode("||", $suricatacfg['rulesets']) as $file){ - $category = basename($file, ".rules"); - if (!is_array($enabled_files[$category])) - $enabled_files[$category] = array(); - $enabled_files[$category] = $file; + if (!empty($suricatacfg['rulesets']) || !empty($cat_mods)) { + // First get all the user-enabled category files + if (!empty($suricatacfg['rulesets'])) { + foreach (explode("||", $suricatacfg['rulesets']) as $file){ + $category = basename($file, ".rules"); + if (!is_array($enabled_files[$category])) + $enabled_files[$category] = array(); + $enabled_files[$category] = $file; + } + } + + // Now adjust the list using any required changes as + // determined by auto-SID Mgmt policy files. + if (!empty($cat_mods)) { + foreach ($cat_mods as $k => $action) { + $key = basename($k, ".rules"); + switch ($action) { + case 'enabled': + if (!isset($enabled_files[$key])) + $enabled_files[$key] = $k; + break; + + case 'disabled': + if (isset($enabled_files[$key])) + unset($enabled_files[$key]); + break; + + default: + break; + } + } } /****************************************************/ @@ -1689,7 +2722,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { } // Release memory we no longer need. - unset($enabled_files, $rulem, $v); + unset($enabled_files, $cat_mods, $rulem, $v); } // Check if a pre-defined Snort VRT policy is selected. If so, @@ -1712,6 +2745,8 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { } // Process any enablesid or disablesid modifications for the selected rules. + // Do the auto-SID managment first, if enabled, then do any manual SID state changes. + suricata_auto_sid_mgmt($enabled_rules, $suricatacfg, TRUE); suricata_modify_sids($enabled_rules, $suricatacfg); // Write the enforcing rules file to the Suricata interface's "rules" directory. @@ -1730,7 +2765,45 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { } else // Just put an empty file to always have the file present suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); - } else { + unset($all_rules); + } + // If no rule categories were enabled, then use auto-SID management if enabled, since it may enable some rules + elseif ($config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] == 'on' && + (!empty($suricatacfg['disable_sid_file']) || !empty($suricatacfg['enable_sid_file']) || + !empty($suricatacfg['modify_sid_file']))) { + + suricata_auto_sid_mgmt($enabled_rules, $suricatacfg, TRUE); + if (!empty($enabled_rules)) { + // Auto-SID management generated some rules, so use them + $no_rules_defined = false; + suricata_modify_sids($enabled_rules, $suricatacfg); + + // Write the enforcing rules file to the Suricata interface's "rules" directory. + suricata_write_enforcing_rules_file($enabled_rules, "{$suricatacfgdir}/rules/{$suricata_enforcing_rules_file}"); + + // If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. + if ($suricatacfg['autoflowbitrules'] == 'on') { + log_error('[Suricata] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . '...'); + + // Load up all rules into a Rules Map array for flowbits assessment + $all_rules = suricata_load_rules_map("{$suricatadir}rules/"); + $fbits = suricata_resolve_flowbits($all_rules, $enabled_rules); + + // Check for and disable any flowbit-required rules the + // user has manually forced to a disabled state. + suricata_modify_sids($fbits, $suricatacfg); + suricata_write_flowbit_rules_file($fbits, "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + unset($all_rules, $fbits); + } else + // Just put an empty file to always have the file present + suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + } + else { + suricata_write_enforcing_rules_file(array(), "{$suricatacfgdir}/rules/{$suricata_enforcing_rules_file}"); + suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); + } + } + else { suricata_write_enforcing_rules_file(array(), "{$suricatacfgdir}/rules/{$suricata_enforcing_rules_file}"); suricata_write_flowbit_rules_file(array(), "{$suricatacfgdir}/rules/{$flowbit_rules_file}"); } @@ -1748,7 +2821,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) { // Build a new sid-msg.map file from the enabled // rules and copy it to the interface directory. - log_error(gettext("[Suricata] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...")); + log_error(gettext("[Suricata] Building new sid-msg.map file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...")); suricata_build_sid_msg_map("{$suricatacfgdir}/rules/", "{$suricatacfgdir}/sid-msg.map"); } @@ -1767,7 +2840,7 @@ function suricata_write_enforcing_rules_file($rule_map, $rule_path) { /* rules file will be written. */ /************************************************/ - $rule_file = "/" . ENFORCING_RULES_FILENAME; + $rule_file = "/" . SURICATA_ENFORCING_RULES_FILENAME; // See if we were passed a directory or full // filename to write the rules to, and adjust @@ -1816,6 +2889,7 @@ function suricata_create_rc() { $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; + $suricatabindir = SURICATA_PBI_BINDIR; $rcdir = RCFILEPREFIX; // If no interfaces are configured for Suricata, exit @@ -1833,7 +2907,7 @@ function suricata_create_rc() { // the shell script. foreach ($suricataconf as $value) { // Skip disabled Suricata interfaces - if ($value['enable'] <> 'on') + if ($value['enable'] != 'on') continue; $suricata_uuid = $value['uuid']; $if_real = get_real_interface($value['interface']); @@ -1846,14 +2920,10 @@ function suricata_create_rc() { pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid` fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$suricata_uuid}_{$if_real})..." - /bin/pkill -HUP \$pid - else + if [ -z \$pid ]; then /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 START for {$value['descr']}({$suricata_uuid}_{$if_real})..." - /usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/barnyard2.conf -d {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} -D -q + {$suricatabindir}/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/barnyard2.conf -d {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} -D -q > /dev/null 2>&1 fi - EOE; $stop_barnyard2 = <<<EOE @@ -1869,8 +2939,8 @@ EOE; break fi done - if [ -f /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then - /bin/rm /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid + if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid fi else pid=`/bin/pgrep -fn "barnyard2 -r {$suricata_uuid} "` @@ -1886,7 +2956,6 @@ EOE; done fi fi - EOE; if ($value['barnyard_enable'] == 'on') $start_barnyard2 = $start_barnyard; @@ -1895,25 +2964,20 @@ EOE; $start_suricata_iface_start[] = <<<EOE -###### For Each Iface - # Start suricata and barnyard2 + ## Start suricata on {$value['descr']} ({$if_real}) ## if [ ! -f {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid ]; then pid=`/bin/pgrep -fn "suricata -i {$if_real} "` else pid=`/bin/pgrep -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid` fi - if [ ! -z \$pid ]; then - /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata SOFT RESTART for {$value['descr']}({$suricata_uuid}_{$if_real})..." - /bin/pkill -USR2 \$pid - else + if [ -z \$pid ]; then /usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata START for {$value['descr']}({$suricata_uuid}_{$if_real})..." - /usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid + {$suricatabindir}suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid > /dev/null 2>&1 fi - sleep 2 + sleep 1 {$start_barnyard2} - EOE; $start_suricata_iface_stop[] = <<<EOE @@ -1930,8 +2994,8 @@ EOE; break fi done - if [ -f /var/run/suricata_{$if_real}{$suricata_uuid}.pid ]; then - /bin/rm /var/run/suricata_{$if_real}{$suricata_uuid}.pid + if [ -f {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid ]; then + /bin/rm {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid fi else pid=`/bin/pgrep -fn "suricata -i {$if_real} "` @@ -1949,9 +3013,8 @@ EOE; fi fi - sleep 2 + sleep 1 {$stop_barnyard2} - EOE; } @@ -1966,7 +3029,15 @@ EOE; ######## Start of main suricata.sh rc_start() { + + ### Lock out other start signals until we are done + /usr/bin/touch {$g['varrun_path']}/suricata_pkg_starting.lck {$rc_start} + + ### Remove the lock since we have started all interfaces + if [ -f {$g['varrun_path']}/suricata_pkg_starting.lck ]; then + /bin/rm {$g['varrun_path']}/suricata_pkg_starting.lck + fi } rc_stop() { @@ -1975,7 +3046,11 @@ rc_stop() { case $1 in start) - rc_start + if [ ! -f {$g['varrun_path']}/suricata_pkg_starting.lck ]; then + rc_start + else + /usr/bin/logger -p daemon.info -i -t SuricataStartup "Ignoring additional START command since Suricata is already starting..." + fi ;; stop) rc_stop @@ -1989,8 +3064,8 @@ esac EOD; // Write out the suricata.sh script file - @file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text); - @chmod("{$rcdir}/suricata.sh", 0755); + @file_put_contents("{$rcdir}suricata.sh", $suricata_sh_text); + @chmod("{$rcdir}suricata.sh", 0755); unset($suricata_sh_text); } @@ -2051,7 +3126,7 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) { $suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n"; $suricatabarnyardlog_output_plugins .= "output alert_syslog_full: sensor_name {$suricatabarnyardlog_hostname_info_chk}, "; if ($suricatacfg['barnyard_syslog_local'] == 'on') - $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n"; + $suricatabarnyardlog_output_plugins .= "local, log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n\n"; else { $suricatabarnyardlog_output_plugins .= "server {$suricatacfg['barnyard_syslog_rhost']}, protocol {$suricatacfg['barnyard_syslog_proto']}, "; $suricatabarnyardlog_output_plugins .= "port {$suricatacfg['barnyard_syslog_dport']}, operation_mode {$suricatacfg['barnyard_syslog_opmode']}, "; @@ -2126,30 +3201,296 @@ function suricata_generate_yaml($suricatacfg) { $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; $flowbit_rules_file = FLOWBITS_FILENAME; - $suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME; + $suricata_enforcing_rules_file = SURICATA_ENFORCING_RULES_FILENAME; $if_real = get_real_interface($suricatacfg['interface']); $suricata_uuid = $suricatacfg['uuid']; $suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"; - conf_mount_rw(); - if (!is_array($config['installedpackages']['suricata']['rule'])) return; // Pull in the PHP code that generates the suricata.yaml file // variables that will be substitued further down below. - include("/usr/local/www/suricata/suricata_generate_yaml.php"); + include("/usr/local/pkg/suricata/suricata_generate_yaml.php"); // Pull in the boilerplate template for the suricata.yaml // configuration file. The contents of the template along - // with substituted variables is stored in $suricata_conf_text + // with substituted variables are stored in $suricata_conf_text // (which is defined in the included file). include("/usr/local/pkg/suricata/suricata_yaml_template.inc"); // Now write out the conf file using $suricata_conf_text contents @file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text); unset($suricata_conf_text); +} + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function suricata_sync_on_changes() { + global $config, $g; + + /* Do not attempt a package sync while booting up or installing package */ + if ($g['booting'] || $g['suricata_postinstall'] == TRUE) { + log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + return; + } + + if (is_array($config['installedpackages']['suricatasync']['config'])){ + $suricata_sync=$config['installedpackages']['suricatasync']['config'][0]; + $synconchanges = $suricata_sync['varsynconchanges']; + $synctimeout = $suricata_sync['varsynctimeout']; + $syncdownloadrules = $suricata_sync['vardownloadrules']; + switch ($synconchanges){ + case "manual": + if (is_array($suricata_sync[row])){ + $rs=$suricata_sync[row]; + } + else{ + log_error("[suricata] xmlrpc CARP sync is enabled but there are no hosts configured as replication targets."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; + $rs[0]['varsyncusername']=$system_carp['username']; + $rs[0]['varsyncpassword']=$system_carp['password']; + $rs[0]['varsyncsuricatastart']="no"; + if ($system_carp['synchronizetoip'] ==""){ + log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + } + else{ + log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[suricata] Suricata pkg xmlrpc CARP sync is starting."); + foreach($rs as $sh){ + if ($sh['varsyncsuricatastart']) + $syncstartsuricata = $sh['varsyncsuricatastart']; + else + $syncstartsuricata = "OFF"; + $sync_to_ip = $sh['varsyncipaddress']; + $port = $sh['varsyncport']; + $password = $sh['varsyncpassword']; + if($sh['varsyncusername']) + $username = $sh['varsyncusername']; + else + $username = 'admin'; + if($password && $sync_to_ip) + suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsuricata); + } + log_error("[suricata] Suricata pkg xmlrpc CARP sync completed."); + } + } +} + +/* Do the actual XMLRPC sync */ +function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout = 150, $syncstartsuricata) { + global $config, $g; + + /* Do not attempt a package sync while booting up or installing package */ + if ($g['booting'] || isset($g['suricata_postinstall'])) { + log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + return; + } + + if($username == "" || $password == "" || $sync_to_ip == "") { + log_error("[suricata] A required XMLRPC CARP sync parameter (user, host IP or password) is empty ... aborting pkg sync"); + return; + } + + /* Test key variables and set defaults if empty */ + if(!$synctimeout) + $synctimeout=150; + + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + $url = $synchronizetoip; + + /*************************************************/ + /* Send over any auto-SID management files */ + /*************************************************/ + $sid_files = glob(SURICATA_SID_MODS_PATH . '*'); + foreach ($sid_files as $file) { + $content = base64_encode(file_get_contents($file)); + $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); + + log_error("[suricata] Suricata XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if(!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } + } + + if (!empty($sid_files) && $error == "") + log_error("[suricata] Suricata pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + + /**************************************************/ + /* Send over the <suricata> portion of config.xml */ + /* $xml will hold the section to sync. */ + /**************************************************/ + $xml = array(); + $xml['suricata'] = $config['installedpackages']['suricata']; + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + log_error("[suricata] Beginning Suricata pkg configuration XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + + /* send our XMLRPC message and timeout after defined sync timeout value*/ + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } else { + log_error("[suricata] Suricata pkg configuration XMLRPC CARP sync successfully completed with {$url}:{$port}."); + } + + $downloadrulescmd = ""; + if ($syncdownloadrules == "yes") { + $downloadrulescmd = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Update of downloaded rule sets requested...\"));\n"; + $downloadrulescmd .= "\tinclude_once(\"/usr/local/pkg/suricata/suricata_check_for_rule_updates.php\");\n"; + } + $suricatastart = ""; + if ($syncstartsuricata == "ON") { + $suricatastart = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Checking Suricata status...\"));\n"; + $suricatastart .= "\tif (!is_process_running(\"suricata\")) {\n"; + $suricatastart .= "\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata not running. Sending a start command...\"));\n"; + $suricatastart .= "\t\t\$sh_script = RCFILEPREFIX . \"suricata.sh\";\n"; + $suricatastart .= "\t\tmwexec_bg(\"{\$sh_script} start\");\n\t}\n"; + $suricatastart .= "\telse {\n\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata is running...\"));\n\t}\n"; + } + + /*************************************************/ + /* Build a series of commands as a PHP file for */ + /* the secondary host to execute to load the new */ + /* settings. */ + /*************************************************/ + $suricata_sync_cmd = <<<EOD + <?php + require_once("/usr/local/pkg/suricata/suricata.inc"); + require_once("service-utils.inc"); + global \$g, \$rebuild_rules, \$suricata_gui_include, \$pkg_interface; + \$orig_pkg_interface = \$pkg_interface; + \$g["suricata_postinstall"] = true; + \$g["suricata_sync_in_progress"] = true; + \$suricata_gui_include = false; + \$pkg_interface = "console"; + {$downloadrulescmd} + unset(\$g["suricata_postinstall"]); + log_error(gettext("[suricata] XMLRPC pkg CARP sync: Generating suricata.yaml file using Master Host settings...")); + \$rebuild_rules = true; + conf_mount_rw(); + sync_suricata_package_config(); conf_mount_ro(); + \$rebuild_rules = false; + {$suricatastart} + log_error(gettext("[suricata] XMLRPC pkg CARP sync process on this host is complete...")); + \$pkg_interface = \$orig_pkg_interface; + unset(\$g["suricata_sync_in_progress"]); + return true; + ?> + +EOD; + + /*************************************************/ + /* First, have target host write the commands */ + /* to a PHP file in the /tmp directory. */ + /*************************************************/ + $execcmd = "file_put_contents('/tmp/suricata_sync_cmds.php', '{$suricata_sync_cmd}');"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("[suricata] Suricata XMLRPC CARP sync sending reload configuration cmd set as a file to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } else { + log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + } + + /*************************************************/ + /* Now assemble a command to execute the */ + /* previously sent PHP file in the background. */ + /*************************************************/ + $execcmd = "exec(\"/usr/local/bin/php -f '/tmp/suricata_sync_cmds.php' > /dev/null 2>&1 &\");"; + $params2 = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + log_error("[suricata] Suricata XMLRPC CARP sync sending {$url}:{$port} cmd to execute configuration reload."); + $msg2 = new XML_RPC_Message($method, $params2); + $resp = $cli->send($msg2, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } else { + log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + } } ?> diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc index 3bbee55a..84ede368 100644 --- a/config/suricata/suricata.priv.inc +++ b/config/suricata/suricata.priv.inc @@ -25,6 +25,7 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alia $priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_sid_mgmt.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist_edit.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; @@ -35,10 +36,16 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowb $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_list_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_reputation.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_iprep_list_browser.php*"; $priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_cron_misc.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_yaml_template.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_defs.inc*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_geoipupdate.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_etiqrisk_update.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*"; diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index 1a64d619..c510d72b 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -9,49 +9,40 @@ /* suricata.xml part of the Suricata package for pfSense + Copyright (C) 2014 Bill meeks - Significant portions are based on original work done for the Snort - package for pfSense from the following contributors: - - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2006 Scott Ullrich - Copyright (C) 2009 Robert Zelaya Sr. Developer - Copyright (C) 2012 Ermal Luci - All rights reserved. - - Adapted for Suricata by: - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + All rights reserved. */ /* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code MUST retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ ]]> </copyright> <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>1.4.6 pkg v1.0</version> + <version>2.0.4 pkg v2.1.3</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> @@ -77,18 +68,58 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_sync.xml</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_cron_misc.inc</item> <prefix>/usr/local/pkg/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_for_rule_updates.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/suricata/suricata_yaml_template.inc</item> <prefix>/usr/local/pkg/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/suricata/suricata_generate_yaml.php</item> - <prefix>/usr/local/www/suricata/</prefix> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_migrate_config.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_post_install.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_uninstall.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_defs.inc</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_geoipupdate.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_etiqrisk_update.php</item> + <prefix>/usr/local/pkg/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> @@ -122,11 +153,6 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_for_rule_updates.php</item> - <prefix>/usr/local/www/suricata/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> @@ -182,6 +208,11 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_sid_mgmt.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/suricata/suricata_list_view.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> @@ -197,26 +228,46 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_uninstall.php</item> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_define_vars.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_define_vars.php</item> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_barnyard.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_barnyard.php</item> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_ip_list_mgmt.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_post_install.php</item> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_ip_reputation.php</item> <prefix>/usr/local/www/suricata/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_iprep_list_browser.php</item> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.widget.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/widget-suricata.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/suricata/</prefix> <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/suricata/suricata_blocked.php</item> @@ -237,19 +288,19 @@ <item>https://packages.pfsense.org/packages/config/suricata/suricata_select_alias.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/widgets/javascript/</prefix> + <prefix>/var/db/suricata/sidmods/</prefix> <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item> + <item>https://packages.pfsense.org/packages/config/suricata/disablesid-sample.conf</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/widgets/widgets/</prefix> + <prefix>/var/db/suricata/sidmods/</prefix> <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.widget.php</item> + <item>https://packages.pfsense.org/packages/config/suricata/enablesid-sample.conf</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/widgets/include/</prefix> + <prefix>/var/db/suricata/sidmods/</prefix> <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/suricata/widget-suricata.inc</item> + <item>https://packages.pfsense.org/packages/config/suricata/modifysid-sample.conf</item> </additional_files_needed> <!-- configpath gets expanded out automatically and config items will be stored in that location --> <configpath>['installedpackages']['suricata']</configpath> @@ -259,12 +310,12 @@ </fields> <custom_php_install_command> <![CDATA[ - include_once("/usr/local/www/suricata/suricata_post_install.php"); + include_once("/usr/local/pkg/suricata/suricata_post_install.php"); ]]> </custom_php_install_command> <custom_php_deinstall_command> <![CDATA[ - include_once("/usr/local/www/suricata/suricata_uninstall.php"); + include_once("/usr/local/pkg/suricata/suricata_uninstall.php"); ]]> </custom_php_deinstall_command> <custom_php_resync_config_command> diff --git a/config/suricata/suricata_alerts.js b/config/suricata/suricata_alerts.js index b6a5d3c3..e56b586d 100644 --- a/config/suricata/suricata_alerts.js +++ b/config/suricata/suricata_alerts.js @@ -18,7 +18,7 @@ function suricata_alerts_fetch_new_rules_callback(callback_data) { line += '<td class="listMRr ellipsis" nowrap><div style="display:inline;" title="'; line += row_split[2] + '">' + row_split[2] + '</div><br/><div style="display:inline;" title="'; line += row_split[3] + '">' + row_split[3] + '</div></td>'; - line += '<td class="listMRr">' + 'Pri: ' + row_split[4] + ' ' + row_split[5] + '</td>'; + line += '<td class="listMRr"><div style="display: fixed; display: -webkit-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical; line-height: 1.2em; max-height: 2.4em; overflow: hidden; text-overflow: ellipsis;" title="' + row_split[4] + '">' + row_split[4] + '</div></td>'; new_data_to_add[new_data_to_add.length] = line; } suricata_alerts_update_div_rows(new_data_to_add); diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 07e4eb1f..f151e173 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -11,6 +11,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya Sr. Developer * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * All rights reserved. * * Adapted for Suricata by: @@ -42,8 +43,10 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); +global $g, $config; $supplist = array(); $suri_pf_table = SURICATA_PF_TABLE; +$filterlogentries = FALSE; function suricata_is_alert_globally_suppressed($list, $gid, $sid) { @@ -125,13 +128,40 @@ function suricata_add_supplist_entry($suppress) { /* and return true; otherwise return false. */ if ($found_list) { write_config(); + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); return true; } else return false; } +function suricata_escape_filter_regex($filtertext) { + /* If the caller (user) has not already put a backslash before a slash, to escape it in the regex, */ + /* then this will do it. Take out any "\/" already there, then turn all ordinary "/" into "\/". */ + return str_replace('/', '\/', str_replace('\/', '/', $filtertext)); +} + +function suricata_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = suricata_escape_filter_regex($field); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = suricata_escape_filter_regex($field); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; // This is for the auto-refresh so we can stay on the same interface @@ -164,6 +194,50 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $filterlogentries = TRUE; + + // -- IMPORTANT -- + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray['time'] = $_POST['filterlogentries_time'] ? $_POST['filterlogentries_time'] : null; + $filterfieldsarray['action'] = null; + $filterfieldsarray['gid'] = $_POST['filterlogentries_gid'] ? $_POST['filterlogentries_gid'] : null; + $filterfieldsarray['sid'] = $_POST['filterlogentries_sid'] ? $_POST['filterlogentries_sid'] : null; + $filterfieldsarray['rev'] = null; + $filterfieldsarray['msg'] = $_POST['filterlogentries_description'] ? $_POST['filterlogentries_description'] : null; + $filterfieldsarray['class'] = $_POST['filterlogentries_classification'] ? $_POST['filterlogentries_classification'] : null; + $filterfieldsarray['priority'] = $_POST['filterlogentries_priority'] ? $_POST['filterlogentries_priority'] : null; + $filterfieldsarray['proto'] = $_POST['filterlogentries_protocol'] ? $_POST['filterlogentries_protocol'] : null; + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray['src'] = $_POST['filterlogentries_sourceipaddress'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_sourceipaddress']) : null; + $filterfieldsarray['sport'] = $_POST['filterlogentries_sourceport'] ? $_POST['filterlogentries_sourceport'] : null; + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray['dst'] = $_POST['filterlogentries_destinationipaddress'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_destinationipaddress']) : null; + $filterfieldsarray['dport'] = $_POST['filterlogentries_destinationport'] ? $_POST['filterlogentries_destinationport'] : null; +} + +if ($_POST['filterlogentries_clear']) { + $filterfieldsarray = array(); + $filterlogentries = TRUE; +} + if ($_POST['save']) { if (!is_array($config['installedpackages']['suricata']['alertsblocks'])) $config['installedpackages']['suricata']['alertsblocks'] = array(); @@ -224,6 +298,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu if (suricata_add_supplist_entry($suppress)) { suricata_reload_config($a_instance[$instanceid]); $savemsg = $success; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); } else @@ -277,11 +354,16 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); suricata_generate_yaml($a_instance[$instanceid]); + conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to live-load the new rules */ suricata_reload_config($a_instance[$instanceid]); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); @@ -299,11 +381,11 @@ if ($_POST['delete']) { } if ($_POST['download']) { - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $save_date = date("Y-m-d-H-i-s"); $file_name = "suricata_logs_{$save_date}_{$if_real}.tar.gz"; - exec("cd {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *"); + exec("cd {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} && /usr/bin/tar -czf {$g['tmp_path']}/{$file_name} *"); - if (file_exists("/tmp/{$file_name}")) { + if (file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -313,13 +395,13 @@ if ($_POST['download']) { header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp file - @unlink("/tmp/{$file_name}"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); } else $savemsg = gettext("An error occurred while creating archive"); @@ -334,7 +416,6 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include_once("fbegin.inc"); @@ -359,24 +440,29 @@ if ($savemsg) { <input type="hidden" name="descr" id="descr" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Log View Settings"); ?></td> </tr> @@ -410,16 +496,104 @@ if ($savemsg) { <td width="78%" class="vtable"> <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> <?php echo gettext('Refresh');?> <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> + <?php if ($config['installedpackages']['suricata']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/> <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> </td> </tr> <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$filterlogentries) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="22%" class="vncell"><?php echo gettext('Alert Log Filter Options'); ?></td> + <td width="78%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$filterlogentries) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellpadding="0" cellspacing="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_time" name="filterlogentries_time" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray['time'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_sourceipaddress" name="filterlogentries_sourceipaddress" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray['src'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_sourceport" name="filterlogentries_sourceport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray['sport'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Description");?></div> + <div align="center"><input id="filterlogentries_description" name="filterlogentries_description" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray['msg'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("GID");?></div> + <div align="center"><input id="filterlogentries_gid" name="filterlogentries_gid" class="formfld search" type="text" size="6" value="<?= $filterfieldsarray['gid'] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Priority");?></div> + <div align="center"><input id="filterlogentries_priority" name="filterlogentries_priority" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray['priority'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_destinationipaddress" name="filterlogentries_destinationipaddress" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray['dst'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_destinationport" name="filterlogentries_destinationport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray['dport'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Classification");?></div> + <div align="center"><input id="filterlogentries_classification" name="filterlogentries_classification" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray['class'] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("SID");?></div> + <div align="center"><input id="filterlogentries_sid" name="filterlogentries_sid" class="formfld search" type="text" size="6" value="<?= $filterfieldsarray['sid'] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_protocol" name="filterlogentries_protocol" class="formfld search" type="text" size="10" value="<?= $filterfieldsarray['proto'] ?>" /></div> + </td> + <td valign="top"> + </td> + <td valign="top"> + </td> + <td colspan="2" style="vertical-align:bottom"> + <div align="right"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + <tr> + <td colspan="5" style="vertical-align:bottom"> + <?printf(gettext('Matches %1$s regular expression%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> + <?=gettext("Precede with exclamation (!) as first character to exclude match.");?> + </td> + </tr> + </table> + </td> + </tr> + <?php if ($filterlogentries && count($filterfieldsarray)) : ?> + <tr> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> + <?php echo gettext("(Most recent listed first) ** FILTERED VIEW ** clear filter to see all entries"); ?></td> + </tr> + <?php else: ?> + <tr> <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Alert Entries"), $anentries); ?> <?php echo gettext("(Most recent entries are listed first)"); ?></td> </tr> + <?php endif; ?> <tr> <td width="100%" colspan="2"> <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> @@ -436,7 +610,7 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th> <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> @@ -445,7 +619,7 @@ if ($savemsg) { <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Dst"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th> - <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> + <th class="listhdrr" axis="number"><?php echo gettext("GID:SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th> </tr> </thead> @@ -453,100 +627,180 @@ if ($savemsg) { <?php /* make sure alert file exists */ -if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { - exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}"); - if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) { +if (file_exists("{$g['varlog_path']}/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { + exec("tail -{$anentries} -r {$g['varlog_path']}/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > {$g['tmp_path']}/alerts_suricata{$suricata_uuid}"); + if (file_exists("{$g['tmp_path']}/alerts_suricata{$suricata_uuid}")) { $tmpblocked = array_flip(suricata_get_blocked_ips()); $counter = 0; - /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ - /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */ - $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r"); - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 13) - continue; + + /*************** FORMAT without CSV patch -- ALERT -- ***********************************************************************************/ + /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] {proto} src:srcport -> dst:dstport */ + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /****************************************************************************************************************************************/ + + /**************** FORMAT without CSV patch -- DECODER EVENT -- **************************************************************************/ + /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] [**] [Raw pkt: ...] */ + /* 0 1 2 3 4 5 6 7 */ + /************** *************************************************************************************************************************/ + + $fd = fopen("{$g['tmp_path']}/alerts_suricata{$suricata_uuid}", "r"); + $buf = ""; + while (($buf = fgets($fd)) !== FALSE) { + $fields = array(); + $tmp = array(); + $decoder_event = FALSE; + + /**************************************************************/ + /* Parse alert log entry to find the parts we want to display */ + /**************************************************************/ + + // Field 0 is the event timestamp + $fields['time'] = substr($buf, 0, strpos($buf, ' ')); + + // Field 1 is currently not used, so set to NULL + $fields['action'] = null; + + // The regular expression match below returns an array as follows: + // [2] => GID, [3] => SID, [4] => REV, [5] => MSG, [6] => CLASSIFICATION, [7] = PRIORITY + preg_match('/\[\*{2}\]\s\[((\d+):(\d+):(\d+))\]\s(.*)\[\*{2}\]\s\[Classification:\s(.*)\]\s\[Priority:\s(\d+)\]\s/', $buf, $tmp); + $fields['gid'] = trim($tmp[2]); + $fields['sid'] = trim($tmp[3]); + $fields['rev'] = trim($tmp[4]); + $fields['msg'] = trim($tmp[5]); + $fields['class'] = trim($tmp[6]); + $fields['priority'] = trim($tmp[7]); + + // The regular expression match below looks for the PROTO, SRC and DST fields + // and returns an array as follows: + // [1] = PROTO, [2] => SRC:SPORT [3] => DST:DPORT + if (preg_match('/\{(.*)\}\s(.*)\s->\s(.*)/', $buf, $tmp)) { + // Get PROTO + $fields['proto'] = trim($tmp[1]); + + // Get SRC + $fields['src'] = trim(substr($tmp[2], 0, strrpos($tmp[2], ':'))); + if (is_ipaddrv6($fields['src'])) + $fields['src'] = inet_ntop(inet_pton($fields['src'])); + + // Get SPORT + $fields['sport'] = trim(substr($tmp[2], strrpos($tmp[2], ':') + 1)); + + // Get DST + $fields['dst'] = trim(substr($tmp[3], 0, strrpos($tmp[3], ':'))); + if (is_ipaddrv6($fields['dst'])) + $fields['dst'] = inet_ntop(inet_pton($fields['dst'])); + + // Get DPORT + $fields['dport'] = trim(substr($tmp[3], strrpos($tmp[3], ':') + 1)); + } + else { + // If no PROTO nor IP ADDR, then this is a DECODER EVENT + $decoder_event = TRUE; + $fields['proto'] = gettext("n/a"); + $fields['sport'] = gettext("n/a"); + $fields['dport'] = gettext("n/a"); + } // Create a DateTime object from the event timestamp that // we can use to easily manipulate output formats. - $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]); + $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields['time']); // Check the 'CATEGORY' field for the text "(null)" and // substitute "Not Assigned". - if ($fields[6] == "(null)") - $fields[6] = "Not Assigned"; + if ($fields['class'] == "(null)") + $fields['class'] = gettext("Not Assigned"); + + $fields['time'] = date_format($event_tm, "m/d/Y") . " " . date_format($event_tm, "H:i:s"); + if ($filterlogentries && !suricata_match_filter_field($fields, $filterfieldsarray)) { + continue; + } /* Time */ $alert_time = date_format($event_tm, "H:i:s"); /* Date */ $alert_date = date_format($event_tm, "m/d/Y"); /* Description */ - $alert_descr = $fields[5]; - $alert_descr_url = urlencode($fields[5]); + $alert_descr = $fields['msg']; + $alert_descr_url = urlencode($fields['msg']); /* Priority */ - $alert_priority = $fields[7]; + $alert_priority = $fields['priority']; /* Protocol */ - $alert_proto = $fields[8]; + $alert_proto = $fields['proto']; + /* IP SRC */ - $alert_ip_src = $fields[9]; - /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ - $alert_ip_src = str_replace(":", ":​", $alert_ip_src); - /* Add Reverse DNS lookup icons */ - $alert_ip_src .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[9]}&dialog_output=true', outputrule);\">"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[9]}&instance={$instanceid}'>"; - $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; - /* Add icons for auto-adding to Suppress List if appropriate */ - if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) && - !isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) { - $alert_ip_src .= " <input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[9]}','{$alert_descr}');\" "; - $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>"; - } - elseif (isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) { - $alert_ip_src .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; - $alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>"; + if ($decoder_event == FALSE) { + $alert_ip_src = $fields['src']; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icon */ + $alert_ip_src .= "<br/><img onclick=\"javascript:resolve_with_ajax('{$fields['src']}');\" title=\""; + $alert_ip_src .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_src .= " style=\"cursor: pointer;\"/>"; + /* Add icons for auto-adding to Suppress List if appropriate */ + if (!suricata_is_alert_globally_suppressed($supplist, $fields['gid'], $fields['sid']) && + !isset($supplist[$fields['gid']][$fields['sid']]['by_src'][$fields['src']])) { + $alert_ip_src .= " <input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields['gid']}','{$fields['sid']}','{$fields['src']}','{$alert_descr}');\" "; + $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>"; + } + elseif (isset($supplist[$fields['gid']][$fields['sid']]['by_src'][$fields['src']])) { + $alert_ip_src .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; + $alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>"; + } + /* Add icon for auto-removing from Blocked Table if required */ + if (isset($tmpblocked[$fields['src']])) { + $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields['src']}';\" "; + $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } } - /* Add icon for auto-removing from Blocked Table if required */ - if (isset($tmpblocked[$fields[9]])) { - $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; - $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + else { + if (preg_match('/\s\[Raw pkt:(.*)\]/', $buf, $tmp)) + $alert_ip_src = "<div title='[Raw pkt: {$tmp[1]}]'>" . gettext("Decoder Event") . "</div>"; + else + $alert_ip_src = gettext("Decoder Event"); } + /* IP SRC Port */ - $alert_src_p = $fields[10]; - /* IP Destination */ - $alert_ip_dst = $fields[11]; - /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ - $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); - /* Add Reverse DNS lookup icons */ - $alert_ip_dst .= "<br/><a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[11]}&dialog_output=true', outputrule);\">"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[11]}&instance={$instanceid}'>"; - $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; - /* Add icons for auto-adding to Suppress List if appropriate */ - if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) && - !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) { - $alert_ip_dst .= " <input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[11]}','{$alert_descr}');\" "; - $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; - $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>"; - } - elseif (isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) { - $alert_ip_dst .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; - $alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>"; + $alert_src_p = $fields['sport']; + + /* IP DST */ + if ($decoder_event == FALSE) { + $alert_ip_dst = $fields['dst']; + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons */ + $alert_ip_dst .= "<br/><img onclick=\"javascript:resolve_with_ajax('{$fields['dst']}');\" title=\""; + $alert_ip_dst .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $alert_ip_dst .= " style=\"cursor: pointer;\"/>"; + /* Add icons for auto-adding to Suppress List if appropriate */ + if (!suricata_is_alert_globally_suppressed($supplist, $fields['gid'], $fields['sid']) && + !isset($supplist[$fields['gid']][$fields['sid']]['by_dst'][$fields['dst']])) { + $alert_ip_dst .= " <input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields['gid']}','{$fields['sid']}','{$fields['dst']}','{$alert_descr}');\" "; + $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>"; + } + elseif (isset($supplist[$fields['gid']][$fields['sid']]['by_dst'][$fields['dst']])) { + $alert_ip_dst .= " <img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; + $alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>"; + } + + /* Add icon for auto-removing from Blocked Table if required */ + if (isset($tmpblocked[$fields['dst']])) { + $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields['dst']}';\" "; + $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } } - /* Add icon for auto-removing from Blocked Table if required */ - if (isset($tmpblocked[$fields[11]])) { - $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; - $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + else { + $alert_ip_dst = gettext("n/a"); } + /* IP DST Port */ - $alert_dst_p = $fields[12]; + $alert_dst_p = $fields['dport']; + /* SID */ - $alert_sid_str = "{$fields[2]}:{$fields[3]}"; - if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3])) { - $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','{$alert_descr}');\" "; + $alert_sid_str = "{$fields['gid']}:{$fields['sid']}"; + if (!suricata_is_alert_globally_suppressed($supplist, $fields['gid'], $fields['sid'])) { + $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields['gid']}','{$fields['sid']}','','{$alert_descr}');\" "; $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' "; $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>"; } @@ -555,46 +809,47 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $sidsupplink .= "title='" . gettext("This alert is already in the Suppress List") . "'/>"; } /* Add icon for toggling rule state */ - if (isset($disablesid[$fields[2]][$fields[3]])) { - $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" "; + if (isset($disablesid[$fields['gid']][$fields['sid']])) { + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields['gid']}','{$fields['sid']}','','');\" "; $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' "; $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>"; } else { - $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" "; + $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields['gid']}','{$fields['sid']}','','');\" "; $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>"; } /* DESCRIPTION */ - $alert_class = $fields[6]; + $alert_class = $fields['class']; echo "<tr> <td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td> <td class='listr' align='center'>{$alert_priority}</td> <td class='listr' align='center'>{$alert_proto}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td> + <td class='listr' style=\"sorttable_customkey:{$fields['src']};\" sorttable_customkey=\"{$fields['src']}\" align='center'>{$alert_ip_src}</td> <td class='listr' align='center'>{$alert_src_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields['dst']};\" sorttable_customkey=\"{$fields['dst']}\">{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> + <td class='listr' align='center' style=\"sorttable_customkey:{$fields['sid']};\" sorttable_customkey=\"{$fields['sid']}\">{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; $counter++; } + unset($fields, $buf, $tmp); fclose($fd); - @unlink("/tmp/alerts_suricata{$suricata_uuid}"); + unlink_if_exists("{$g['tmp_path']}/alerts_suricata{$suricata_uuid}"); } } ?> </tbody> </table> </td> -</tr> +</tr></tbody> </table> </div> -</td></tr> +</td></tr></tbody> </table> </form> <?php @@ -615,6 +870,50 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("ip").value = srcip; document.getElementById("descr").value = ruledescr; } + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; +} + +</script> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/suricata/suricata_alerts.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> </script> + </body> </html> diff --git a/config/suricata/suricata_alerts.widget.php b/config/suricata/suricata_alerts.widget.php index 21fad03d..81d17c2e 100644 --- a/config/suricata/suricata_alerts.widget.php +++ b/config/suricata/suricata_alerts.widget.php @@ -42,8 +42,8 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $a_instance = &$config['installedpackages']['suricata']['rule']; /* array sorting */ -function sksort(&$array, $subkey="id", $sort_ascending=false) { - /* an empty array causes sksort to fail - this test alleviates the error */ +function suricata_sksort(&$array, $subkey="id", $sort_ascending=false) { + /* an empty array causes suricata_sksort to fail - this test alleviates the error */ if(empty($array)) return false; if (count($array)){ @@ -81,7 +81,7 @@ if (isset($_GET['getNewAlerts'])) { $counter = 0; foreach ($suri_alerts as $a) { $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||"; - $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n"; + $response .= $a['dst'] . "||" . $a['msg'] . "\n"; $counter++; if($counter >= $suri_nentries) break; @@ -114,12 +114,62 @@ function suricata_widget_get_alerts() { exec("tail -{$suri_nentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/surialerts_{$suricata_uuid}"); if (file_exists("/tmp/surialerts_{$suricata_uuid}")) { - /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ - /* File format: timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */ + /*************** FORMAT without CSV patch -- ALERT -- ***********************************************************************************/ + /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] {proto} src:srcport -> dst:dstport */ + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ + /****************************************************************************************************************************************/ + + /**************** FORMAT without CSV patch -- DECODER EVENT -- **************************************************************************/ + /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] [**] [Raw pkt: ...] */ + /* 0 1 2 3 4 5 6 7 */ + /************** *************************************************************************************************************************/ + $fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r"); - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 13) - continue; + $buf = ""; + while (($buf = fgets($fd)) !== FALSE) { + $fields = array(); + $tmp = array(); + + // Parse alert log entry to find the parts we want to display + $fields[0] = substr($buf, 0, strpos($buf, ' ')); + + // The regular expression match below returns an array as follows: + // [2] => GID, [3] => SID, [4] => REV, [5] => MSG, [6] => CLASSIFICATION, [7] = PRIORITY + preg_match('/\[\*{2}\]\s\[((\d+):(\d+):(\d+))\]\s(.*)\[\*{2}\]\s\[Classification:\s(.*)\]\s\[Priority:\s(\d+)\]\s/', $buf, $tmp); + $fields['gid'] = trim($tmp[2]); + $fields['sid'] = trim($tmp[3]); + $fields['rev'] = trim($tmp[4]); + $fields['msg'] = trim($tmp[5]); + $fields['class'] = trim($tmp[6]); + $fields['priority'] = trim($tmp[7]); + + // The regular expression match below looks for the PROTO, SRC and DST fields + // and returns an array as follows: + // [1] = PROTO, [2] => SRC:SPORT [3] => DST:DPORT + if (preg_match('/\{(.*)\}\s(.*)\s->\s(.*)/', $buf, $tmp)) { + // Get SRC + $fields['src'] = trim(substr($tmp[2], 0, strrpos($tmp[2], ':'))); + if (is_ipaddrv6($fields['src'])) + $fields['src'] = inet_ntop(inet_pton($fields['src'])); + + // Get SPORT + $fields['sport'] = trim(substr($tmp[2], strrpos($tmp[2], ':') + 1)); + + // Get DST + $fields['dst'] = trim(substr($tmp[3], 0, strrpos($tmp[3], ':'))); + if (is_ipaddrv6($fields['dst'])) + $fields['dst'] = inet_ntop(inet_pton($fields['dst'])); + + // Get DPORT + $fields['dport'] = trim(substr($tmp[3], strrpos($tmp[3], ':') + 1)); + } + else { + // If no PROTO and IP ADDR, then this is a DECODER EVENT + $fields['src'] = gettext("Decoder Event"); + $fields['sport'] = ""; + $fields['dst'] = ""; + $fields['dport'] = ""; + } // Create a DateTime object from the event timestamp that // we can use to easily manipulate output formats. @@ -127,31 +177,30 @@ function suricata_widget_get_alerts() { // Check the 'CATEGORY' field for the text "(null)" and // substitute "No classtype defined". - if ($fields[6] == "(null)") - $fields[6] = "No classtype assigned"; + if ($fields['class'] == "(null)") + $fields['class'] = "No classtype assigned"; - $suricata_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']); + $suricata_alerts[$counter]['instanceid'] = strtoupper(convert_friendly_interface_to_friendly_descr($a_instance[$instanceid]['interface'])); $suricata_alerts[$counter]['timestamp'] = strval(date_timestamp_get($event_tm)); $suricata_alerts[$counter]['timeonly'] = date_format($event_tm, "H:i:s"); $suricata_alerts[$counter]['dateonly'] = date_format($event_tm, "M d"); + $suricata_alerts[$counter]['msg'] = $fields['msg']; // Add square brackets around any IPv6 address - if (is_ipaddrv6($fields[9])) - $suricata_alerts[$counter]['src'] = "[" . $fields[9] . "]"; + if (is_ipaddrv6($fields['src'])) + $suricata_alerts[$counter]['src'] = "[" . $fields['src'] . "]"; else - $suricata_alerts[$counter]['src'] = $fields[9]; + $suricata_alerts[$counter]['src'] = $fields['src']; // Add the SRC PORT if not null - if (!empty($fields[10])) - $suricata_alerts[$counter]['src'] .= ":" . $fields[10]; + if (!empty($fields['sport']) || $fields['sport'] == '0') + $suricata_alerts[$counter]['src'] .= ":" . $fields['sport']; // Add square brackets around any IPv6 address - if (is_ipaddrv6($fields[11])) - $suricata_alerts[$counter]['dst'] = "[" . $fields[11] . "]"; + if (is_ipaddrv6($fields['dst'])) + $suricata_alerts[$counter]['dst'] = "[" . $fields['dst'] . "]"; else - $suricata_alerts[$counter]['dst'] = $fields[11]; - // Add the SRC PORT if not null - if (!empty($fields[12])) - $suricata_alerts[$counter]['dst'] .= ":" . $fields[12]; - $suricata_alerts[$counter]['priority'] = $fields[7]; - $suricata_alerts[$counter]['category'] = $fields[6]; + $suricata_alerts[$counter]['dst'] = $fields['dst']; + // Add the DST PORT if not null + if (!empty($fields['dport']) || $fields['dport'] == '0') + $suricata_alerts[$counter]['dst'] .= ":" . $fields['dport']; $counter++; }; fclose($fd); @@ -162,9 +211,9 @@ function suricata_widget_get_alerts() { // Sort the alerts array if (isset($config['syslog']['reverse'])) { - sksort($suricata_alerts, 'timestamp', false); + suricata_sksort($suricata_alerts, 'timestamp', false); } else { - sksort($suricata_alerts, 'timestamp', true); + suricata_sksort($suricata_alerts, 'timestamp', true); } return $suricata_alerts; @@ -192,7 +241,7 @@ function suricata_widget_get_alerts() { <tr> <th class="listhdrr"><?=gettext("IF/Date");?></th> <th class="listhdrr"><?=gettext("Src/Dst Address");?></th> - <th class="listhdrr"><?=gettext("Classification");?></th> + <th class="listhdrr"><?=gettext("Description");?></th> </tr> </thead> <tbody id="suricata-alert-entries"> @@ -205,7 +254,7 @@ function suricata_widget_get_alerts() { echo(" <tr class='" . $evenRowClass . "'> <td class='listMRr'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td> <td class='listMRr ellipsis' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td> - <td class='listMRr'>Pri: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>"); + <td class='listMRr'><div style='display: fixed; display: -webkit-box; -webkit-line-clamp: 2; -webkit-box-orient: vertical; line-height: 1.2em; max-height: 2.4em; overflow: hidden; text-overflow: ellipsis;' title='{$alert['msg']}'>" . $alert['msg'] . "</div></td></tr>"); $counter++; if($counter >= $suri_nentries) break; diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index c28b99d1..cfa34a54 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -86,13 +86,14 @@ if (isset($id) && $a_nat[$id]) { if (empty($pconfig['libhtp_policy']['item'])) { $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", "request-body-limit" => 4096, "response-body-limit" => 4096, - "double-decode-path" => "no", "double-decode-query" => "no" ); + "double-decode-path" => "no", "double-decode-query" => "no", + "uri-include-all" => "no" ); $pconfig['libhtp_policy']['item'] = array(); $pconfig['libhtp_policy']['item'][] = $default; if (!is_array($a_nat[$id]['libhtp_policy']['item'])) $a_nat[$id]['libhtp_policy']['item'] = array(); $a_nat[$id]['libhtp_policy']['item'][] = $default; - write_config(); + write_config("Suricata pkg: created a new default HTTP server configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); $libhtp_engine_next_id++; } else @@ -121,6 +122,7 @@ elseif ($_POST['select_alias']) { $eng_resp_body_limit = $_POST['resp_body_limit']; $eng_enable_double_decode_path = $_POST['enable_double_decode_path']; $eng_enable_double_decode_query = $_POST['enable_double_decode_query']; + $eng_enable_uri_include_all = $_POST['enable_uri_include_all']; $mode = "add_edit_libhtp_policy"; } if ($_POST['save_libhtp_policy']) { @@ -161,6 +163,7 @@ if ($_POST['save_libhtp_policy']) { if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; } if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; } + if ($_POST['enable_uri_include_all']) { $engine['uri-include-all'] = 'yes'; }else{ $engine['uri-include-all'] = 'no'; } // Can only have one "all" Bind_To address if ($engine['bind_to'] == "all" && $engine['name'] <> "default") @@ -196,7 +199,7 @@ if ($_POST['save_libhtp_policy']) { } // Now write the new engine array to conf - write_config(); + write_config("Suricata pkg: saved updated HTTP server configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; } else { @@ -209,7 +212,7 @@ elseif ($_POST['add_libhtp_policy']) { $add_edit_libhtp_policy = true; $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS", "request-body-limit" => "4096", "response-body-limit" => "4096", - "double-decode-path" => "no", "double-decode-query" => "no" ); + "double-decode-path" => "no", "double-decode-query" => "no", "uri-include-all" => "no" ); $eng_id = $libhtp_engine_next_id; } elseif ($_POST['edit_libhtp_policy']) { @@ -229,7 +232,7 @@ elseif ($_POST['del_libhtp_policy']) { } if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; - write_config(); + write_config("Suricata pkg: deleted a HTTP server configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); } } elseif ($_POST['cancel_libhtp_policy']) { @@ -239,9 +242,24 @@ elseif ($_POST['ResetAll']) { /* Reset all the settings to defaults */ $pconfig['asn1_max_frames'] = "256"; + $pconfig['dns_global_memcap'] = "16777216"; + $pconfig['dns_state_memcap'] = "524288"; + $pconfig['dns_request_flood_limit'] = "500"; + $pconfig['http_parser_memcap'] = "67108864"; + $pconfig['dns_parser_udp'] = "yes"; + $pconfig['dns_parser_tcp'] = "yes"; + $pconfig['http_parser'] = "yes"; + $pconfig['tls_parser'] = "yes"; + $pconfig['smtp_parser'] = "yes"; + $pconfig['imap_parser'] = "detection-only"; + $pconfig['ssh_parser'] = "yes"; + $pconfig['ftp_parser'] = "yes"; + $pconfig['dcerpc_parser'] = "yes"; + $pconfig['smb_parser'] = "yes"; + $pconfig['msn_parser'] = "detection-only"; /* Log a message at the top of the page to inform the user */ - $savemsg = gettext("All flow and stream settings have been reset to their defaults."); + $savemsg = gettext("All flow and stream settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); } elseif ($_POST['save_import_alias']) { // If saving out of "select alias" mode, @@ -257,6 +275,7 @@ elseif ($_POST['save_import_alias']) { $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $pengcfg['uri-include-all'] = $_POST['eng_enable_uri_include_all']; $add_edit_libhtp_policy = true; $mode = "add_edit_libhtp_policy"; @@ -277,12 +296,13 @@ elseif ($_POST['save_import_alias']) { $eng_resp_body_limit = $_POST['eng_resp_body_limit']; $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path']; $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query']; + $eng_enable_uri_include_all = $_POST['eng_enable_uri_include_all']; } } else { $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS", "request-body-limit" => "4096", "response-body-limit" => "4096", - "double-decode-path" => "no", "double-decode-query" => "no" ); + "double-decode-path" => "no", "double-decode-query" => "no", "uri-include-all" => "no" ); // See if anything was checked to import if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { @@ -322,7 +342,7 @@ elseif ($_POST['save_import_alias']) { } // Write the new engine array to config file - write_config(); + write_config("Suricata pkg: saved an updated HTTP server configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); $importalias = false; } } @@ -344,10 +364,11 @@ elseif ($_POST['cancel_import_alias']) { $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $pengcfg['uri-include-all'] = $_POST['eng_enable_uri_include_all']; $add_edit_libhtp_policy = true; } } -elseif ($_POST['save']) { +elseif ($_POST['save'] || $_POST['apply']) { $natent = array(); $natent = $pconfig; @@ -355,9 +376,37 @@ elseif ($_POST['save']) { if (!is_numeric($_POST['asn1_max_frames'] ) || $_POST['asn1_max_frames'] < 1) $input_errors[] = gettext("The value for 'ASN1 Max Frames' must be all numbers and greater than 0."); + if (!is_numeric($_POST['dns_global_memcap'] ) || $_POST['dns_global_memcap'] < 1) + $input_errors[] = gettext("The value for 'DNS Global Memcap' must be all numbers and greater than 0."); + + if (!is_numeric($_POST['dns_state_memcap'] ) || $_POST['dns_state_memcap'] < 1) + $input_errors[] = gettext("The value for 'DNS Flow/State Memcap' must be all numbers and greater than 0."); + + if (!is_numeric($_POST['dns_request_flood_limit'] ) || $_POST['dns_request_flood_limit'] < 1) + $input_errors[] = gettext("The value for 'DNS Request Flood Limit' must be all numbers and greater than 0."); + + if (!is_numeric($_POST['http_parser_memcap'] ) || $_POST['http_parser_memcap'] < 1) + $input_errors[] = gettext("The value for 'HTTP Memcap' must be all numbers and greater than 0."); + /* if no errors write to conf */ if (!$input_errors) { if ($_POST['asn1_max_frames'] != "") { $natent['asn1_max_frames'] = $_POST['asn1_max_frames']; }else{ $natent['asn1_max_frames'] = "256"; } + if ($_POST['dns_global_memcap'] != ""){ $natent['dns_global_memcap'] = $_POST['dns_global_memcap']; }else{ $natent['dns_global_memcap'] = "16777216"; } + if ($_POST['dns_state_memcap'] != ""){ $natent['dns_state_memcap'] = $_POST['dns_state_memcap']; }else{ $natent['dns_state_memcap'] = "524288"; } + if ($_POST['dns_request_flood_limit'] != ""){ $natent['dns_request_flood_limit'] = $_POST['dns_request_flood_limit']; }else{ $natent['dns_request_flood_limit'] = "500"; } + if ($_POST['http_parser_memcap'] != ""){ $natent['http_parser_memcap'] = $_POST['http_parser_memcap']; }else{ $natent['http_parser_memcap'] = "67108864"; } + + $natent['dns_parser_udp'] = $_POST['dns_parser_udp']; + $natent['dns_parser_tcp'] = $_POST['dns_parser_tcp']; + $natent['http_parser'] = $_POST['http_parser']; + $natent['tls_parser'] = $_POST['tls_parser']; + $natent['smtp_parser'] = $_POST['smtp_parser']; + $natent['imap_parser'] = $_POST['imap_parser']; + $natent['ssh_parser'] = $_POST['ssh_parser']; + $natent['ftp_parser'] = $_POST['ftp_parser']; + $natent['dcerpc_parser'] = $_POST['dcerpc_parser']; + $natent['smb_parser'] = $_POST['smb_parser']; + $natent['msn_parser'] = $_POST['msn_parser']; /**************************************************/ /* If we have a valid rule ID, save configuration */ @@ -366,9 +415,14 @@ elseif ($_POST['save']) { /**************************************************/ if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; - write_config(); + write_config("Suricata pkg: saved updated app-layer parser configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); $rebuild_rules = false; + conf_mount_rw(); suricata_generate_yaml($natent); + conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -382,37 +436,46 @@ elseif ($_POST['save']) { } $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); -$pgtitle = gettext("Suricata: Interface {$if_friendly} - Layer 7 Application Parsers"); +$pgtitle = gettext("Suricata: Interface {$if_friendly} - Application Layer Parsers"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); - /* Display error or save message */ + /* Display error message */ if ($input_errors) { print_input_errors($input_errors); } - if ($savemsg) { - print_info_box($savemsg); - } ?> <form action="suricata_app_parsers.php" method="post" name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>"/> <input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> + +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; @@ -425,6 +488,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -440,6 +504,7 @@ include_once("head.inc"); echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>'; echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>'; echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>'; + echo '<input type="hidden" name="eng_enable_uri_include_all" value="' . $eng_enable_uri_include_all . '"/>'; } ?> @@ -449,6 +514,7 @@ include_once("head.inc"); <?php else: ?> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Abstract Syntax One Settings"); ?></td> @@ -465,11 +531,103 @@ include_once("head.inc"); gettext("H.323 (VoIP), and SNMP, use ASN.1 to describe the protocol data units (PDUs) they exchange."); ?> </td> </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("DNS App-Layer Parser Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Global Memcap"); ?></td> + <td width="78%" class="vtable"> + <input name="dns_global_memcap" type="text" class="formfld unknown" id="dns_global_memcap" size="9" + value="<?=htmlspecialchars($pconfig['dns_global_memcap']);?>"> + <?php echo gettext("Sets the global memcap limit for the DNS parser. Default is ") . + "<strong>" . gettext("16777216") . "</strong>" . gettext(" bytes (16MB)."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Flow/State Memcap"); ?></td> + <td width="78%" class="vtable"> + <input name="dns_state_memcap" type="text" class="formfld unknown" id="dns_state_memcap" size="9" + value="<?=htmlspecialchars($pconfig['dns_state_memcap']);?>"> + <?php echo gettext("Sets per flow/state memcap limit for the DNS parser. Default is ") . + "<strong>" . gettext("524288") . "</strong>" . gettext(" bytes (512KB)."); ?> + </td> + </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific HTTP Server Settings"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Request Flood Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="dns_request_flood_limit" type="text" class="formfld unknown" id="dns_request_flood_limit" size="9" + value="<?=htmlspecialchars($pconfig['dns_request_flood_limit']);?>"> + <?php echo gettext("How many unreplied DNS requests are considered a flood. Default is ") . + "<strong>" . gettext("500") . "</strong>" . gettext(" requests."); ?><br/> + <?php echo gettext("If this limit is reached, 'app-layer-event:dns.flooded' will match and alert. "); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("UDP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="dns_parser_udp" id="dns_parser_udp" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['dns_parser_udp']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for UDP. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("TCP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="dns_parser_tcp" id="dns_parser_tcp" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['dns_parser_tcp']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for TCP. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("HTTP App-Layer Parser Settings"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configuration"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Memcap"); ?></td> + <td width="78%" class="vtable"> + <input name="http_parser_memcap" type="text" class="formfld unknown" id="http_parser_memcap" size="9" + value="<?=htmlspecialchars($pconfig['http_parser_memcap']);?>"> + <?php echo gettext("Sets the memcap limit for the HTTP parser. Default is ") . + "<strong>" . gettext("67108864") . "</strong>" . gettext(" bytes (64MB)."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("HTTP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="http_parser" id="http_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['http_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for HTTP. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Server Configurations"); ?></td> <td width="78%" class="vtable"> <table width="95%" align="left" id="libhtpEnginesTable" style="table-layout: fixed;" border="0" cellspacing="0" cellpadding="0"> <colgroup> @@ -487,6 +645,7 @@ include_once("head.inc"); height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></th> </tr> </thead> + <tbody> <?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?> <tr> <td class="listlr" align="left"><?=gettext($v['name']);?></td> @@ -505,19 +664,159 @@ include_once("head.inc"); </td> </tr> <?php endforeach; ?> + </tbody> </table> </td> </tr> <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Other App-Layer Parser Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("TLS Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="tls_parser" id="tls_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['tls_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for TLS. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("SMTP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="smtp_parser" id="smtp_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['smtp_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for SMTP. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("IMAP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="imap_parser" id="imap_parser" class="formselect"> + <?php + $opt = array( "detection-only", "yes", "no" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['imap_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for IMAP. Default is ") . "<strong>" . gettext("detection-only") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("SSH Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="ssh_parser" id="ssh_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['ssh_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for SSH. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("FTP Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="ftp_parser" id="ftp_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['ftp_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for FTP. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("DCERPC Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="dcerpc_parser" id="dcerpc_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['dcerpc_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for DCERPC. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("SMB Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="smb_parser" id="smb_parser" class="formselect"> + <?php + $opt = array( "yes", "no", "detection-only" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['smb_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for SMB. Default is ") . "<strong>" . gettext("yes") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("MSN Parser"); ?></td> + <td width="78%" class="vtable"> + <select name="msn_parser" id="msn_parser" class="formselect"> + <?php + $opt = array( "detection-only", "yes", "no" ); + foreach ($opt as $val) { + $selected = ""; + if ($val == $pconfig['msn_parser']) + $selected = " selected"; + echo "<option value='{$val}'{$selected}>" . $val . "</option>\n"; + } + ?></select> + <?php echo gettext("Choose the parser/detection setting for MSN. Default is ") . "<strong>" . gettext("detection-only") . "</strong>" . gettext("."); ?><br/> + <?php echo gettext("Selecting \"yes\" enables detection and parser, \"no\" disables both and \"detection-only\" disables parser."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo - gettext("Save flow and stream settings"); ?>"> + gettext("Save flow and stream settings"); ?>"/> <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") . - "');\""; ?>></td> + "');\""; ?>/></td> </tr> <tr> <td width="22%" valign="top"> </td> @@ -525,12 +824,13 @@ include_once("head.inc"); <?php echo gettext("Please save your settings before you exit. Changes will rebuild the rules file. This "); ?> <?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td> </tr> + </tbody> </table> <?php endif; ?> </div> -</td></tr></table> +</td></tr></tbody></table> </form> <?php include("fend.inc"); ?> </body> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index d4afe4f4..2938136f 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -79,23 +79,50 @@ if (isset($id) && $a_nat[$id]) { if (empty($a_nat[$id]['barnyard_syslog_opmode'])) $pconfig['barnyard_syslog_opmode'] = "default"; if (empty($a_nat[$id]['barnyard_syslog_facility'])) - $pconfig['barnyard_syslog_facility'] = "LOG_USER"; + $pconfig['barnyard_syslog_facility'] = "LOG_LOCAL1"; if (empty($a_nat[$id]['barnyard_syslog_priority'])) $pconfig['barnyard_syslog_priority'] = "LOG_INFO"; if (empty($a_nat[$id]['barnyard_bro_ids_dport'])) $pconfig['barnyard_bro_ids_dport'] = "47760"; if (empty($a_nat[$id]['barnyard_sensor_id'])) $pconfig['barnyard_sensor_id'] = "0"; - if (empty($a_nat[$id]['barnyard_sensor_name'])) - $pconfig['barnyard_sensor_name'] = php_uname("n"); } if ($_POST['save']) { + + // If disabling Barnyard2 on the interface, stop any + // currently running instance, then save the disabled + // state and exit so as to preserve settings. + if ($_POST['barnyard_enable'] != 'on') { + $a_nat[$id]['barnyard_enable'] = 'off'; + write_config("Suricata pkg: modified Barnyard2 settings."); + suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + + // No need to rebuild rules for Barnyard2 changes + $rebuild_rules = false; + conf_mount_rw(); + sync_suricata_package_config(); + conf_mount_ro(); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_barnyard.php"); + exit; + } + // Check that at least one output plugin is enabled if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); + // Validate Sensor Name contains no spaces + if ($_POST['barnyard_enable'] == 'on') { + if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE) + $input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces."); + } + // Validate Sensor ID is a valid integer if ($_POST['barnyard_enable'] == 'on') { if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) @@ -160,14 +187,16 @@ if ($_POST['save']) { if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO'; if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']); if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760'; - if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); + if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['barnconfigpassthru'])); else unset($natent['barnconfigpassthru']); $a_nat[$id] = $natent; - write_config(); + write_config("Suricata pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); // If disabling Barnyard2 on the interface, stop any // currently running instance. If an instance is @@ -215,18 +244,22 @@ include_once("head.inc"); <form action="suricata_barnyard.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -239,12 +272,14 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Barnyard2 " . "Settings"); ?></td> @@ -382,7 +417,7 @@ include_once("head.inc"); <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?> onClick="toggle_local_syslog()"/> <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/> - <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td> + <?php echo gettext("This will send alert data to the local system only and overrides the host, port and protocol values below."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td> @@ -416,8 +451,8 @@ include_once("head.inc"); <td width="78%" class="vtable"> <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect"> <?php - $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1", - "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" ); + $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL0", + "LOG_LOCAL1", "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" ); foreach ($log_facility as $facility) { $selected = ""; if ($facility == $pconfig['barnyard_syslog_facility']) @@ -425,7 +460,7 @@ include_once("head.inc"); echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; } ?></select> - <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?> + <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_LOCAL1") . "</strong>."; ?> </td> </tr> <tr> @@ -433,7 +468,7 @@ include_once("head.inc"); <td width="78%" class="vtable"> <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect"> <?php - $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" ); + $log_priority = array( "LOG_EMERG", "LOG_CRIT", "LOG_ALERT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" ); foreach ($log_priority as $priority) { $selected = ""; if ($priority == $pconfig['barnyard_syslog_priority']) @@ -498,10 +533,12 @@ include_once("head.inc"); <br/> <?php echo gettext("Please save your settings before you click start."); ?> </td> </tr> + </tbody> </table> </div> </td> </tr> + </tbody> </table> </form> @@ -549,8 +586,6 @@ function toggle_local_syslog() { document.iform.barnyard_syslog_dport.disabled = endis; document.iform.barnyard_syslog_proto_udp.disabled = endis; document.iform.barnyard_syslog_proto_tcp.disabled = endis; - document.iform.barnyard_syslog_facility.disabled = endis; - document.iform.barnyard_syslog_priority.disabled = endis; } } @@ -598,11 +633,11 @@ function enable_change(enable_change) { document.iform.barnconfigpassthru.disabled = endis; } -enable_change(false); toggle_mySQL(); toggle_syslog(); toggle_local_syslog(); toggle_bro_ids(); +enable_change(false); </script> diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php index 96171c1e..4f4bf095 100644 --- a/config/suricata/suricata_blocked.php +++ b/config/suricata/suricata_blocked.php @@ -10,6 +10,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya Sr. Developer * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * All rights reserved. * * Adapted for Suricata by: @@ -41,6 +42,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); +global $g, $config; + $suricatalogdir = SURICATALOGDIR; $suri_pf_table = SURICATA_PF_TABLE; @@ -55,6 +58,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -78,22 +96,22 @@ if ($_POST['download']) exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips_array_save); /* build the list */ if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) { - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $save_date = date("Y-m-d-H-i-s"); $file_name = "suricata_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir -p /tmp/suricata_blocked'); - file_put_contents("/tmp/suricata_blocked/suricata_block.pf", ""); + safe_mkdir("{$g['tmp_path']}/suricata_blocked"); + file_put_contents("{$g['tmp_path']}/suricata_blocked/suricata_block.pf", ""); foreach($blocked_ips_array_save as $counter => $fileline) { if (empty($fileline)) continue; $fileline = trim($fileline, " \n\t"); - file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND); + file_put_contents("{$g['tmp_path']}/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND); } // Create a tar gzip archive of blocked host IP addresses - exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/suricata_blocked suricata_block.pf"); + exec("/usr/bin/tar -czf {$g['tmp_path']}/{$file_name} -C{$g['tmp_path']}/suricata_blocked suricata_block.pf"); // If we successfully created the archive, send it to the browser. - if(file_exists("/tmp/{$file_name}")) { + if(file_exists("{$g['tmp_path']}/{$file_name}")) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); @@ -103,14 +121,14 @@ if ($_POST['download']) header("Cache-Control: private, must-revalidate"); } header("Content-Type: application/octet-stream"); - header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-length: " . filesize("{$g['tmp_path']}/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); ob_end_clean(); //important or other post will fail - readfile("/tmp/{$file_name}"); + readfile("{$g['tmp_path']}/{$file_name}"); // Clean up the temp files and directory - @unlink("/tmp/{$file_name}"); - exec("/bin/rm -fr /tmp/suricata_blocked"); + unlink_if_exists("{$g['tmp_path']}/{$file_name}"); + rmdir_recursive("{$g['tmp_path']}/suricata_blocked"); } else $savemsg = gettext("An error occurred while creating archive"); } else @@ -138,8 +156,6 @@ include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<script src="/javascript/filter_log.js" type="text/javascript"></script> - <?php include_once("fbegin.inc"); @@ -161,19 +177,23 @@ if ($savemsg) { <input type="hidden" name="ip" id="ip" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr> <td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), true, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), true, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> @@ -181,6 +201,7 @@ if ($savemsg) { <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Blocked Hosts Log View Settings"); ?></td> </tr> @@ -190,7 +211,7 @@ if ($savemsg) { <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> <?php echo gettext("All blocked hosts will be saved."); ?> <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" - onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCEL to quit.");?>');"/> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> </td> </tr> @@ -219,11 +240,11 @@ if ($savemsg) { <col width="10%" align="center"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number">#</th> <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> - <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?></th> </tr> </thead> <tbody> @@ -239,16 +260,67 @@ if ($savemsg) { foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) { $fd = fopen($alertfile, "r"); if ($fd) { - /* 0 1 2 3 4 5 6 7 8 9 10 */ - /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */ - while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + + /*************** FORMAT for file -- BLOCK -- **************************************************************************/ + /* Line format: timestamp action [**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] {proto} ip:port */ + /* 0 1 2 3 4 5 6 7 8 9 10 */ + /**********************************************************************************************************************/ + + $buf = ""; + while (($buf = fgets($fd)) !== FALSE) { + $fields = array(); + $tmp = array(); + + /***************************************************************/ + /* Parse block log entry to find the parts we want to display. */ + /* We parse out all the fields even though we currently use */ + /* just a few of them. */ + /***************************************************************/ + + // Field 0 is the event timestamp + $fields['time'] = substr($buf, 0, strpos($buf, ' ')); + + // Field 1 is the action + if (strpos($buf, '[') !== FALSE && strpos($buf, ']') !== FALSE) + $fields['action'] = substr($buf, strpos($buf, '[') + 1, strpos($buf, ']') - strpos($buf, '[') - 1); + else + $fields['action'] = null; + + // The regular expression match below returns an array as follows: + // [2] => GID, [3] => SID, [4] => REV, [5] => MSG, [6] => CLASSIFICATION, [7] = PRIORITY + preg_match('/\[\*{2}\]\s\[((\d+):(\d+):(\d+))\]\s(.*)\[\*{2}\]\s\[Classification:\s(.*)\]\s\[Priority:\s(\d+)\]\s/', $buf, $tmp); + $fields['gid'] = trim($tmp[2]); + $fields['sid'] = trim($tmp[3]); + $fields['rev'] = trim($tmp[4]); + $fields['msg'] = trim($tmp[5]); + $fields['class'] = trim($tmp[6]); + $fields['priority'] = trim($tmp[7]); + + // The regular expression match below looks for the PROTO, IP and PORT fields + // and returns an array as follows: + // [1] = PROTO, [2] => IP:PORT + if (preg_match('/\{(.*)\}\s(.*)/', $buf, $tmp)) { + // Get PROTO + $fields['proto'] = trim($tmp[1]); + + // Get IP + $fields['ip'] = trim(substr($tmp[2], 0, strrpos($tmp[2], ':'))); + if (is_ipaddrv6($fields['ip'])) + $fields['ip'] = inet_ntop(inet_pton($fields['ip'])); + + // Get PORT + $fields['port'] = trim(substr($tmp[2], strrpos($tmp[2], ':') + 1)); + } + + // In the unlikely event we read an old log file and fail to parse + // out an IP address, just skip the record since we can't use it. + if (empty($fields['ip'])) continue; - $fields[9] = inet_pton($fields[9]); - if (isset($tmpblocked[$fields[9]])) { - if (!is_array($src_ip_list[$fields[9]])) - $src_ip_list[$fields[9]] = array(); - $src_ip_list[$fields[9]][$fields[5]] = "{$fields[5]} - " . substr($fields[0], 0, -7); + $fields['ip'] = inet_pton($fields['ip']); + if (isset($tmpblocked[$fields['ip']])) { + if (!is_array($src_ip_list[$fields['ip']])) + $src_ip_list[$fields['ip']] = array(); + $src_ip_list[$fields['ip']][$fields['msg']] = "{$fields['msg']} - " . substr($fields['time'], 0, -7); } } fclose($fd); @@ -274,18 +346,15 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":​", $block_ip_str); /* Add reverse DNS lookup icons */ $rdns_link = ""; - $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$block_ip_str}&dialog_output=true', outputrule);\">"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; - $rdns_link .= "<a href='/diag_dns.php?host={$block_ip_str}'>"; - $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; - $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + $rdns_link .= "<img onclick=\"javascript:resolve_with_ajax('{$block_ip_str}');\" title=\""; + $rdns_link .= gettext("Resolve host via reverse DNS lookup") . "\" border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" alt=\"Icon Reverse Resolve with DNS\" "; + $rdns_link.= " style=\"cursor: pointer;\"/>"; /* use one echo to do the magic*/ echo "<tr> <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> - <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <td align=\"center\" valign=\"middle\" class=\"listr\"> <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$block_ip_str}';\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> </tr>\n"; @@ -310,14 +379,49 @@ if ($savemsg) { ?> </td> </tr> + </tbody> </table> </div> </td> </tr> +</tbody> </table> </form> <?php include("fend.inc"); ?> + +<!-- The following AJAX code was borrowed from the diag_logs_filter.php --> +<!-- file in pfSense. See copyright info at top of this page. --> +<script type="text/javascript"> +//<![CDATA[ +function resolve_with_ajax(ip_to_resolve) { + var url = "/suricata/suricata_blocked.php"; + + jQuery.ajax( + url, + { + type: 'post', + dataType: 'json', + data: { + resolve: ip_to_resolve, + }, + complete: resolve_ip_callback + }); +} + +function resolve_ip_callback(transport) { + var response = jQuery.parseJSON(transport.responseText); + var msg = 'IP address "' + response.resolve_ip + '" resolves to\n'; + alert(msg + 'host "' + htmlspecialchars(response.resolve_text) + '"'); +} + +// From http://stackoverflow.com/questions/5499078/fastest-method-to-escape-html-tags-as-html-entities +function htmlspecialchars(str) { + return str.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, '''); +} +//]]> +</script> + </body> </html> diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index f750c530..eb1ba2d0 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -66,13 +66,13 @@ function suricata_check_dir_size_limit($suricataloglimitsize) { conf_mount_rw(); // Truncate the Rules Update Log file if it exists - if (file_exists(RULES_UPD_LOGFILE)) { + if (file_exists(SURICATA_RULES_UPD_LOGFILE)) { log_error(gettext("[Suricata] Truncating the Rules Update Log file...")); - @file_put_contents(RULES_UPD_LOGFILE, ""); + @file_put_contents(SURICATA_RULES_UPD_LOGFILE, ""); } // Initialize an array of the log files we want to prune - $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" ); + $logs = array ( "alerts.log", "block.log", "dns.log", "eve.json", "http.log", "files-json.log", "sid_changes.log", "stats.log", "tls.log" ); // Clean-up the logs for each configured Suricata instance foreach ($config['installedpackages']['suricata']['rule'] as $value) { @@ -93,6 +93,14 @@ function suricata_check_dir_size_limit($suricataloglimitsize) { } } + // Cleanup any rotated logs + log_error(gettext("[Suricata] Deleting any rotated log files for {$value['descr']} ({$if_real})...")); + unlink_if_exists("{$suricata_log_dir}/*.log.*"); + + // Cleanup any rotated pcap logs + log_error(gettext("[Suricata] Deleting any rotated pcap log files for {$value['descr']} ({$if_real})...")); + unlink_if_exists("{$suricata_log_dir}/log.pcap.*"); + // Check for any captured stored files and clean them up unlink_if_exists("{$suricata_log_dir}/files/*"); @@ -126,8 +134,10 @@ function suricata_check_rotate_log($log_file, $log_limit, $retention) { // Check the current log to see if it needs rotating. // If it does, rotate it and put the current time // on the end of the filename as UNIX timestamp. + if (!file_exists($log_file)) + return; if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) { - $newfile = $log_file . "." . strval(time()); + $newfile = $log_file . "." . date('Y_md_Hi'); try { copy($log_file, $newfile); file_put_contents($log_file, ""); @@ -168,10 +178,18 @@ $logs = array (); // Build an arry of files to check and limits to check them against from our saved configuration $logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; $logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$logs['block.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size']; +$logs['block.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention']; +$logs['dns.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['dns_log_limit_size']; +$logs['dns.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['dns_log_retention']; +$logs['eve.json']['limit'] = $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size']; +$logs['eve.json']['retention'] = $config['installedpackages']['suricata']['config'][0]['eve_log_retention']; $logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; $logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; $logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; $logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; +$logs['sid_changes.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size']; +$logs['sid_changes.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention']; $logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; $logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; $logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; @@ -190,24 +208,53 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { $now = time(); $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + $prune_count = 0; foreach ($files as $f) { - if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) { + $prune_count++; unlink_if_exists($f); + } } + if ($prune_count > 0) + log_error(gettext("[Suricata] Barnyard2 archived logs cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/barnyard2/archive/...")); + unset($files); } - unset($files); // Prune aged-out File Store files if any exist if (is_dir("{$suricata_log_dir}/files") && $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) { $now = time(); $files = glob("{$suricata_log_dir}/files/file.*"); + $prune_count = 0; foreach ($files as $f) { - if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) { + $prune_count++; unlink_if_exists($f); + } + } + if ($prune_count > 0) + log_error(gettext("[Suricata] File Store cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/files/...")); + unset($files); + } + + // Prune any pcap log files over configured limit + $files = glob("{$suricata_log_dir}/log.pcap.*"); + if (count($files) > $value['max_pcap_log_files']) { + $over = count($files) - $value['max_pcap_log_files']; + $remove_files = array(); + while ($over > 0) { + $remove_files[] = array_shift($files); + $over--; + } + $prune_count = 0; + foreach ($remove_files as $f) { + $prune_count++; + unlink_if_exists($f); } + if ($prune_count > 0) + log_error(gettext("[Suricata] Packet Capture log cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/...")); + unset($files, $remove_files); } - unset($files); } } diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php index bb29078f..0fa4fb2d 100644 --- a/config/suricata/suricata_check_for_rule_updates.php +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -41,41 +41,13 @@ require_once("functions.inc"); require_once("service-utils.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); +require_once("/usr/local/pkg/suricata/suricata_defs.inc"); global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules; -if (!defined("VRT_DNLD_URL")) - define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/"); -if (!defined("ET_VERSION")) - define("ET_VERSION", "2.9.0"); -if (!defined("ET_BASE_DNLD_URL")) - define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); -if (!defined("ETPRO_BASE_DNLD_URL")) - define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); -if (!defined("ET_DNLD_FILENAME")) - define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); -if (!defined("ETPRO_DNLD_FILENAME")) - define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); -if (!defined("VRT_DNLD_FILENAME")) - define("VRT_DNLD_FILENAME", "snortrules-snapshot-edge.tar.gz"); -if (!defined("GPLV2_DNLD_FILENAME")) - define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); -if (!defined("GPLV2_DNLD_URL")) - define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/"); -if (!defined("RULES_UPD_LOGFILE")) - define("RULES_UPD_LOGFILE", SURICATALOGDIR . "/suricata_rules_update.log"); -if (!defined("VRT_FILE_PREFIX")) - define("VRT_FILE_PREFIX", "snort_"); -if (!defined("GPL_FILE_PREFIX")) - define("GPL_FILE_PREFIX", "GPLv2_"); -if (!defined("ET_OPEN_FILE_PREFIX")) - define("ET_OPEN_FILE_PREFIX", "emerging-"); -if (!defined("ET_PRO_FILE_PREFIX")) - define("ET_PRO_FILE_PREFIX", "etpro-"); - $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; -$suricata_rules_upd_log = RULES_UPD_LOGFILE; +$mounted_rw = FALSE; /* Save the state of $pkg_interface so we can restore it */ $pkg_interface_orig = $pkg_interface; @@ -86,6 +58,7 @@ else /* define checks */ $oinkid = $config['installedpackages']['suricata']['config'][0]['oinkcode']; +$snort_filename = $config['installedpackages']['suricata']['config'][0]['snort_rules_file']; $etproid = $config['installedpackages']['suricata']['config'][0]['etprocode']; $snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off'; $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] == 'on' ? 'on' : 'off'; @@ -94,10 +67,9 @@ $vrt_enabled = $config['installedpackages']['suricata']['config'][0]['enable_vrt $snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] == 'on' ? 'on' : 'off'; /* Working directory for downloaded rules tarballs */ -$tmpfname = "/tmp/suricata_rules_up"; +$tmpfname = "{$g['tmp_path']}/suricata_rules_up"; -/* Snort Edge VRT Rules filenames and URL */ -$snort_filename = VRT_DNLD_FILENAME; +/* Snort VRT Rules filenames and URL */ $snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; @@ -107,7 +79,10 @@ $snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5"; $snort_community_rules_url = GPLV2_DNLD_URL; /* Mount the Suricata conf directories R/W so we can modify files there */ -conf_mount_rw(); +if (!is_subsystem_dirty('mount')) { + conf_mount_rw(); + $mounted_rw = TRUE; +} /* Set up Emerging Threats rules filenames and URL */ if ($etpro == "on") { @@ -117,7 +92,7 @@ if ($etpro == "on") { $emergingthreats_url .= "{$etproid}/suricata/"; $et_name = "Emerging Threats Pro"; $et_md5_remove = ET_DNLD_FILENAME . ".md5"; - @unlink("{$suricatadir}{$et_md5_remove}"); + unlink_if_exists("{$suricatadir}{$et_md5_remove}"); } else { $emergingthreats_filename = ET_DNLD_FILENAME; @@ -128,7 +103,7 @@ else { $emergingthreats_url .= "suricata/"; $et_name = "Emerging Threats Open"; $et_md5_remove = ETPRO_DNLD_FILENAME . ".md5"; - @unlink("{$suricatadir}{$et_md5_remove}"); + unlink_if_exists("{$suricatadir}{$et_md5_remove}"); } // Set a common flag for all Emerging Threats rules (open and pro). @@ -211,7 +186,9 @@ function suricata_download_file_url($url, $file_out) { curl_setopt($ch, CURLOPT_FILE, $fout); // NOTE: required to suppress errors from XMLRPC due to progress bar output - if ($g['suricata_sync_in_progress']) + // and to prevent useless spam from rules update cron job execution. This + // prevents progress bar output during package sync and rules update cron task. + if ($g['suricata_sync_in_progress'] || $pkg_interface == "console") curl_setopt($ch, CURLOPT_HEADER, false); else { curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); @@ -285,21 +262,21 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { /* error occurred. */ /**********************************************************/ - global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors; + global $pkg_interface, $last_curl_error, $update_errors; $suricatadir = SURICATADIR; $filename_md5 = basename($file_dst); if ($pkg_interface <> "console") update_status(gettext("Downloading {$desc} md5 file...")); - error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, SURICATA_RULES_UPD_LOGFILE); $rc = suricata_download_file_url($file_url, $file_dst); // See if download from URL was successful if ($rc === true) { if ($pkg_interface <> "console") update_status(gettext("Done downloading {$filename_md5}.")); - error_log("\tChecking {$desc} md5 file...\n", 3, $suricata_rules_upd_log); + error_log("\tChecking {$desc} md5 file...\n", 3, SURICATA_RULES_UPD_LOGFILE); // check md5 hash in new file against current file to see if new download is posted if (file_exists("{$suricatadir}{$filename_md5}")) { @@ -309,7 +286,7 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("{$desc} are up to date...")); log_error(gettext("[Suricata] {$desc} are up to date...")); - error_log(gettext("\t{$desc} are up to date.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} are up to date.\n"), 3, SURICATA_RULES_UPD_LOGFILE); return false; } else @@ -318,7 +295,7 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { return true; } else { - error_log(gettext("\t{$desc} md5 download failed.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} md5 download failed.\n"), 3, SURICATA_RULES_UPD_LOGFILE); $suricata_err_msg = gettext("Server returned error code {$rc}."); if ($pkg_interface <> "console") { update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); @@ -326,10 +303,10 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") { } log_error(gettext("[Suricata] {$desc} md5 download failed...")); log_error(gettext("[Suricata] Server returned error code {$rc}...")); - error_log(gettext("\t{$suricata_err_msg}\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$suricata_err_msg}\n"), 3, SURICATA_RULES_UPD_LOGFILE); if ($pkg_interface == "console") - error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, SURICATA_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -354,7 +331,7 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* FALSE if download was not successful. */ /**********************************************************/ - global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors; + global $pkg_interface, $last_curl_error, $update_errors; $suricatadir = SURICATADIR; $filename = basename($file_dst); @@ -362,8 +339,8 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("There is a new set of {$desc} posted. Downloading...")); log_error(gettext("[Suricata] There is a new set of {$desc} posted. Downloading {$filename}...")); - error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, SURICATA_RULES_UPD_LOGFILE); $rc = suricata_download_file_url($file_url, $file_dst); // See if the download from the URL was successful @@ -371,7 +348,7 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_status(gettext("Done downloading {$desc} file.")); log_error("[Suricata] {$desc} file update downloaded successfully"); - error_log(gettext("\tDone downloading rules file.\n"),3, $suricata_rules_upd_log); + error_log(gettext("\tDone downloading rules file.\n"),3, SURICATA_RULES_UPD_LOGFILE); // Test integrity of the rules file. Turn off update if file has wrong md5 hash if ($file_md5 != trim(md5_file($file_dst))){ @@ -380,10 +357,10 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { log_error(gettext("[Suricata] {$desc} file download failed. Bad MD5 checksum...")); log_error(gettext("[Suricata] Downloaded File MD5: " . md5_file($file_dst))); log_error(gettext("[Suricata] Expected File MD5: {$file_md5}")); - error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. Bad MD5 checksum.\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, SURICATA_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -393,10 +370,10 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { if ($pkg_interface <> "console") update_output_window(gettext("{$desc} file download failed...")); log_error(gettext("[Suricata] {$desc} file download failed... server returned error '{$rc}'...")); - error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, SURICATA_RULES_UPD_LOGFILE); if ($pkg_interface == "console") - error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log); - error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, SURICATA_RULES_UPD_LOGFILE); + error_log(gettext("\t{$desc} will not be updated.\n"), 3, SURICATA_RULES_UPD_LOGFILE); $update_errors = true; return false; } @@ -407,21 +384,21 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* remove old $tmpfname files if present */ if (is_dir("{$tmpfname}")) - exec("/bin/rm -r {$tmpfname}"); + rmdir_recursive("{$tmpfname}"); /* Make sure required suricatadirs exsist */ -exec("/bin/mkdir -p {$suricatadir}rules"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p {$suricatalogdir}"); +safe_mkdir("{$suricatadir}rules"); +safe_mkdir("{$tmpfname}"); +safe_mkdir("{$suricatalogdir}"); /* See if we need to automatically clear the Update Log based on 1024K size limit */ -if (file_exists($suricata_rules_upd_log)) { - if (1048576 < filesize($suricata_rules_upd_log)) - exec("/bin/rm -r {$suricata_rules_upd_log}"); +if (file_exists(SURICATA_RULES_UPD_LOGFILE)) { + if (1048576 < filesize(SURICATA_RULES_UPD_LOGFILE)) + unlink_if_exists("{SURICATA_RULES_UPD_LOGFILE}"); } /* Log start time for this rules update */ -error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $suricata_rules_upd_log); +error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, SURICATA_RULES_UPD_LOGFILE); $last_curl_error = ""; $update_errors = false; @@ -439,10 +416,15 @@ if ($emergingthreats == 'on') { /* Check for and download any new Snort VRT sigs */ if ($snortdownload == 'on') { - if (suricata_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}/{$oinkid}/", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { + if (empty($snort_filename)) { + log_error(gettext("No snortrules-snapshot filename has been set on Snort pkg GLOBAL SETTINGS tab. Snort VRT rules cannot be updated.")); + error_log(gettext("\tWARNING-- No snortrules-snapshot filename set on GLOBAL SETTINGS tab. Snort VRT rules cannot be updated!\n"), 3, SURICATA_RULES_UPD_LOGFILE); + $snortdownload = 'off'; + } + elseif (suricata_check_rule_md5("{$snort_rule_url}{$snort_filename_md5}?oinkcode={$oinkid}", "{$tmpfname}/{$snort_filename_md5}", "Snort VRT rules")) { /* download snortrules file */ $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")); - if (!suricata_fetch_new_rules("{$snort_rule_url}{$snort_filename}/{$oinkid}/", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) + if (!suricata_fetch_new_rules("{$snort_rule_url}{$snort_filename}?oinkcode={$oinkid}", "{$tmpfname}/{$snort_filename}", $file_md5, "Snort VRT rules")) $snortdownload = 'off'; } else @@ -451,7 +433,7 @@ if ($snortdownload == 'on') { /* Check for and download any new Snort GPLv2 Community Rules sigs */ if ($snortcommunityrules == 'on') { - if (suricata_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename_md5}", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { + if (suricata_check_rule_md5("{$snort_community_rules_url}{$snort_community_rules_filename}/md5", "{$tmpfname}/{$snort_community_rules_filename_md5}", "Snort GPLv2 Community Rules")) { /* download Snort GPLv2 Community Rules file */ $file_md5 = trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")); if (!suricata_fetch_new_rules("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}", $file_md5, "Snort GPLv2 Community Rules")) @@ -469,7 +451,7 @@ if ($emergingthreats == 'on') { update_status(gettext("Extracting {$et_name} rules...")); update_output_window(gettext("Installing {$et_name} rules...")); } - error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); /* Remove the old Emerging Threats rules files */ @@ -483,7 +465,7 @@ if ($emergingthreats == 'on') { // The code below renames ET files with a prefix, so we // skip renaming the Suricata default events rule files // that are also bundled in the ET rules. - $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); + $default_rules = array( "decoder-events.rules", "dns-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); $files = glob("{$tmpfname}/emerging/rules/*.rules"); // Determine the correct prefix to use based on which // Emerging Threats rules package is enabled. @@ -527,8 +509,8 @@ if ($emergingthreats == 'on') { update_status(gettext("Extraction of {$et_name} rules completed...")); update_output_window(gettext("Installation of {$et_name} rules completed...")); } - error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $suricata_rules_upd_log); - exec("rm -r {$tmpfname}/emerging"); + error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE); + rmdir_recursive("{$tmpfname}/emerging"); } } @@ -543,7 +525,7 @@ if ($snortdownload == 'on') { update_status(gettext("Extracting Snort VRT rules...")); update_output_window(gettext("Installing Sourcefire VRT rules...")); } - error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE); /* extract snort.org rules and add prefix to all snort.org files */ safe_mkdir("{$tmpfname}/snortrules"); @@ -560,7 +542,7 @@ if ($snortdownload == 'on') { $newfile = basename($file); @copy($file, "{$suricatadir}rules/{$newfile}"); } - exec("rm -r {$tmpfname}/snortrules"); + rmdir_recursive("{$tmpfname}/snortrules"); /* extract base etc files */ if ($pkg_interface <> "console") { @@ -572,7 +554,7 @@ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/etc/{$file}")) @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}"); } - exec("rm -r {$tmpfname}/etc"); + rmdir_recursive("{$tmpfname}/etc"); if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { if ($pkg_interface <> "console") update_status(gettext("Copying md5 signature to Suricata directory...")); @@ -582,7 +564,7 @@ if ($snortdownload == 'on') { update_status(gettext("Extraction of Snort VRT rules completed...")); update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); } - error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE); } } @@ -594,7 +576,7 @@ if ($snortcommunityrules == 'on') { update_status(gettext("Extracting Snort GPLv2 Community Rules...")); update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); } - error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); $files = glob("{$tmpfname}/community/community-rules/*.rules"); @@ -617,8 +599,8 @@ if ($snortcommunityrules == 'on') { update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); } - error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $suricata_rules_upd_log); - exec("rm -r {$tmpfname}/community"); + error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE); + rmdir_recursive("{$tmpfname}/community"); } } @@ -640,7 +622,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = if ($pkg_interface <> "console") update_status(gettext('Copying new config and map files...')); - error_log(gettext("\tCopying new config and map files...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tCopying new config and map files...\n"), 3, SURICATA_RULES_UPD_LOGFILE); /******************************************************************/ /* Build the classification.config and reference.config files */ @@ -669,10 +651,14 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Start the rules rebuild proccess for each configured interface */ if (is_array($config['installedpackages']['suricata']['rule']) && - !empty($config['installedpackages']['suricata']['rule'])) { + count($config['installedpackages']['suricata']['rule']) > 0) { - /* Set the flag to force rule rebuilds since we downloaded new rules */ - $rebuild_rules = true; + /* Set the flag to force rule rebuilds since we downloaded new rules, */ + /* except when in post-install mode. Post-install does its own rebuild. */ + if ($g['suricata_postinstall']) + $rebuild_rules = false; + else + $rebuild_rules = true; /* Create configuration for each active Suricata interface */ foreach ($config['installedpackages']['suricata']['rule'] as $value) { @@ -690,7 +676,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } suricata_apply_customizations($value, $if_real); $tmp = "\t" . $tmp . "\n"; - error_log($tmp, 3, $suricata_rules_upd_log); + error_log($tmp, 3, SURICATA_RULES_UPD_LOGFILE); } } else { @@ -698,44 +684,43 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = update_output_window(gettext("Warning: No interfaces configured for Suricata were found...")); update_output_window(gettext("No interfaces currently have Suricata configured and enabled on them...")); } - error_log(gettext("\tWarning: No interfaces configured for Suricata were found...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tWarning: No interfaces configured for Suricata were found...\n"), 3, SURICATA_RULES_UPD_LOGFILE); } /* Clear the rebuild rules flag. */ $rebuild_rules = false; - /* Restart Suricata if already running and we are not rebooting to pick up the new rules. */ - if (is_process_running("suricata") && !$g['booting'] && - !empty($config['installedpackages']['suricata']['rule'])) { + /* Restart Suricata if already running and we are not in post-install, so as to pick up the new rules. */ + if (is_process_running("suricata") && !$g['suricata_postinstall'] && + count($config['installedpackages']['suricata']['rule']) > 0) { // See if "Live Reload" is configured and signal each Suricata instance // if enabled, else just do a hard restart of all the instances. if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') { if ($pkg_interface <> "console") { - update_status(gettext('Signalling Suricata to live-load the new set of rules...')); + update_status(gettext('Signaling Suricata to live-load the new set of rules...')); update_output_window(gettext("Please wait ... the process should complete in a few seconds...")); } log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled...")); - error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, SURICATA_RULES_UPD_LOGFILE); foreach ($config['installedpackages']['suricata']['rule'] as $value) { - $if_real = get_real_interface($value['interface']); suricata_reload_config($value); - error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, SURICATA_RULES_UPD_LOGFILE); } log_error(gettext("[Suricata] Live-Reload of updated rules completed...")); - error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, SURICATA_RULES_UPD_LOGFILE); } else { if ($pkg_interface <> "console") { update_status(gettext('Restarting Suricata to activate the new set of rules...')); update_output_window(gettext("Please wait ... restarting Suricata will take some time...")); } - error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE); restart_service("suricata"); if ($pkg_interface <> "console") update_output_window(gettext("Suricata has restarted with your new set of rules...")); log_error(gettext("[Suricata] Suricata has restarted with your new set of rules...")); - error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log); + error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, SURICATA_RULES_UPD_LOGFILE); } } else { @@ -750,7 +735,7 @@ if (is_dir("{$tmpfname}")) { update_status(gettext("Cleaning up after rules extraction...")); update_output_window(gettext("Removing {$tmpfname} directory...")); } - exec("/bin/rm -r {$tmpfname}"); + rmdir_recursive("{$tmpfname}"); } if ($pkg_interface <> "console") { @@ -758,8 +743,11 @@ if ($pkg_interface <> "console") { update_output_window(""); } log_error(gettext("[Suricata] The Rules update has finished.")); -error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log); -conf_mount_ro(); +error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, SURICATA_RULES_UPD_LOGFILE); + +/* Remount filesystem read-only if we changed it in this module */ +if ($mounted_rw == TRUE) + conf_mount_ro(); // Restore the state of $pkg_interface $pkg_interface = $pkg_interface_orig; @@ -770,6 +758,6 @@ if ($update_errors) else $config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("success"); $config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = time(); -write_config(); +write_config("Suricata pkg: updated status for updated rules package(s) check.", FALSE); ?> diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index d072ff42..b94292c3 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -64,7 +64,7 @@ $suricata_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", - "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", + "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" ); @@ -74,6 +74,7 @@ if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port']) else $ssh_port = "22"; $suricata_ports = array( + "ftp_ports" => "21", "http_ports" => "80", "oracle_ports" => "1521", "ssh_ports" => $ssh_port, @@ -127,11 +128,16 @@ if ($_POST) { /* Update the suricata.yaml file for this interface. */ $rebuild_rules = false; + conf_mount_rw(); suricata_generate_yaml($a_nat[$id]); + conf_mount_ro(); /* Soft-restart Suricaa to live-load new variables. */ suricata_reload_config($a_nat[$id]); + /* Sync to configured CARP slaves if any are enabled */ + suricata_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -166,18 +172,22 @@ if ($savemsg) </script> <form action="suricata_define_vars.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -190,12 +200,14 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Define Servers (IP variables)"); ?></td> </tr> @@ -254,9 +266,10 @@ if ($savemsg) <input name="id" type="hidden" value="<?=$id;?>"> </td> </tr> + </tbody> </table> </div> -</td></tr> +</td></tr></tbody> </table> </form> <script type="text/javascript"> diff --git a/config/suricata/suricata_defs.inc b/config/suricata/suricata_defs.inc new file mode 100644 index 00000000..7758a9f0 --- /dev/null +++ b/config/suricata/suricata_defs.inc @@ -0,0 +1,117 @@ +<?php +/* + * suricata_defs.inc + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("pkg-utils.inc"); + +/*************************************************************************/ +/* This file contains definitions for various CONSTANTS used throughout */ +/* the Suricata package. It is included via a "require_once()" call in */ +/* the "suricata.inc" and "suricata_post_install.php" files. */ +/*************************************************************************/ + +global $g, $config; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); + +/* Get installed package version for display */ +$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}"; + +// Define the installed package version +if (!defined('SURICATA_PKG_VER')) + define('SURICATA_PKG_VER', $suricata_package_version); + +// Define the PBI base directory +if (!defined('SURICATA_PBI_BASEDIR')) + define('SURICATA_PBI_BASEDIR', '/usr/pbi/suricata-' . php_uname("m") . '/'); + +// Define the PBI binary wrapper directory +if (!defined('SURICATA_PBI_BINDIR')) + define('SURICATA_PBI_BINDIR', SURICATA_PBI_BASEDIR . 'bin/'); + +// Define the name of the pf table used for IP blocks +if (!defined('SURICATA_PF_TABLE')) + define('SURICATA_PF_TABLE', 'snort2c'); + +// Create some other useful defines +if (!defined('SURICATADIR')) + define('SURICATADIR', SURICATA_PBI_BASEDIR . 'etc/suricata/'); +if (!defined('SURICATALOGDIR')) + define('SURICATALOGDIR', "{$g['varlog_path']}/suricata/"); +if (!defined('SURICATA_RULES_UPD_LOGFILE')) + define('SURICATA_RULES_UPD_LOGFILE', SURICATALOGDIR . 'suricata_rules_update.log'); +if (!defined('SURICATA_SID_MODS_PATH')) + define('SURICATA_SID_MODS_PATH', "{$g['vardb_path']}/suricata/sidmods/"); +if (!defined('SURICATA_IPREP_PATH')) + define('SURICATA_IPREP_PATH', "{$g['vardb_path']}/suricata/iprep/"); + +// Rule set download URLs, filenames and prefixes +if (!defined("VRT_DNLD_URL")) + define("VRT_DNLD_URL", "https://www.snort.org/rules/"); +if (!defined("ET_VERSION")) + define("ET_VERSION", "2.9.0"); +if (!defined("ET_BASE_DNLD_URL")) + define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); +if (!defined("ETPRO_BASE_DNLD_URL")) + define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); +if (!defined("ET_DNLD_FILENAME")) + define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); +if (!defined("ETPRO_DNLD_FILENAME")) + define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +if (!defined("ET_IQRISK_DNLD_URL")) + define("ET_IQRISK_DNLD_URL", "https://rules.emergingthreatspro.com/_xxx_/reputation/"); +if (!defined("GPLV2_DNLD_FILENAME")) + define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); +if (!defined("GPLV2_DNLD_URL")) + define("GPLV2_DNLD_URL", "https://www.snort.org/downloads/community/"); +if (!defined("VRT_FILE_PREFIX")) + define("VRT_FILE_PREFIX", "snort_"); +if (!defined("GPL_FILE_PREFIX")) + define("GPL_FILE_PREFIX", "GPLv2_"); +if (!defined("ET_OPEN_FILE_PREFIX")) + define("ET_OPEN_FILE_PREFIX", "emerging-"); +if (!defined("ET_PRO_FILE_PREFIX")) + define("ET_PRO_FILE_PREFIX", "etpro-"); +if (!defined('SURICATA_ENFORCING_RULES_FILENAME')) + define('SURICATA_ENFORCING_RULES_FILENAME', 'suricata.rules'); +if (!defined('FLOWBITS_FILENAME')) + define('FLOWBITS_FILENAME', 'flowbit-required.rules'); + +?> diff --git a/config/suricata/suricata_download_rules.php b/config/suricata/suricata_download_rules.php index 2de286ba..f0fbffeb 100644 --- a/config/suricata/suricata_download_rules.php +++ b/config/suricata/suricata_download_rules.php @@ -101,7 +101,7 @@ include("head.inc"); <?php $suricata_gui_include = true; -include("/usr/local/www/suricata/suricata_check_for_rule_updates.php"); +include("/usr/local/pkg/suricata/suricata_check_for_rule_updates.php"); /* hide progress bar and lets end this party */ echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>"; diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index b5377351..1abb32d6 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -44,12 +44,13 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); /* Define some locally required variables from Suricata constants */ $suricatadir = SURICATADIR; -$suricata_rules_upd_log = RULES_UPD_LOGFILE; +$suricata_rules_upd_log = SURICATA_RULES_UPD_LOGFILE; $snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; $emergingthreats = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; $snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; +$snort_rules_file = $config['installedpackages']['suricata']['config'][0]['snort_rules_file']; /* Get last update information if available */ if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'])) @@ -61,7 +62,6 @@ if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_ else $last_rule_upd_status = gettext("Unknown"); -$snort_rules_file = VRT_DNLD_FILENAME; $snort_community_rules_filename = GPLV2_DNLD_FILENAME; if ($etpro == "on") { @@ -82,7 +82,7 @@ else { $snort_org_sig_chk_local = 'Not Enabled'; $snort_org_sig_date = 'Not Enabled'; } -if (file_exists("{$suricatadir}{$snort_rules_file}.md5")){ +if ($snortdownload == 'on' && file_exists("{$suricatadir}{$snort_rules_file}.md5")){ $snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5"); $snort_org_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_rules_file}.md5")); } @@ -95,7 +95,7 @@ else { $emergingt_net_sig_chk_local = 'Not Enabled'; $emergingt_net_sig_date = 'Not Enabled'; } -if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) { +if (($etpro == "on" || $emergingthreats == "on") && file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) { $emergingt_net_sig_chk_local = file_get_contents("{$suricatadir}{$emergingthreats_filename}.md5"); $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$emergingthreats_filename}.md5")); } @@ -108,7 +108,7 @@ else { $snort_community_sig_chk_local = 'Not Enabled'; $snort_community_sig_sig_date = 'Not Enabled'; } -if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) { +if ($snortcommunityrules == 'on' && file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) { $snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5"); $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_community_rules_filename}.md5")); } @@ -116,10 +116,10 @@ if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) { /* Check for postback to see if we should clear the update log file. */ if ($_POST['clear']) { if (file_exists("{$suricata_rules_upd_log}")) - mwexec("/bin/rm -f {$suricata_rules_upd_log}"); + unlink_if_exists("{$suricata_rules_upd_log}"); } -if ($_POST['check']) { +if ($_POST['update']) { // Go see if new updates for rule sets are available header("Location: /suricata/suricata_download_rules.php"); exit; @@ -130,12 +130,9 @@ if ($_POST['force']) { conf_mount_rw(); // Remove the existing MD5 signature files to force a download - if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) - @unlink("{$suricatadir}{$emergingthreats_filename}.md5"); - if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) - @unlink("{$suricatadir}{$snort_community_rules_filename}.md5"); - if (file_exists("{$suricatadir}{$snort_rules_file}.md5")) - @unlink("{$suricatadir}{$snort_rules_file}.md5"); + unlink_if_exists("{$suricatadir}{$emergingthreats_filename}.md5"); + unlink_if_exists("{$suricatadir}{$snort_community_rules_filename}.md5"); + unlink_if_exists("{$suricatadir}{$snort_rules_file}.md5"); // Revert file system to R/O. conf_mount_ro(); @@ -177,21 +174,25 @@ include_once("head.inc"); print_info_box($savemsg); } ?> -<form action="suricata_download_updates.php" method="post" name="iform" id="iform"> +<form action="suricata_download_updates.php" enctype="multipart/form-data" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), true, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -199,6 +200,7 @@ include_once("head.inc"); <td> <div id="mainarea"> <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr> <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td> </tr> @@ -212,6 +214,7 @@ include_once("head.inc"); <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th> </tr> </thead> + <tbody> <tr> <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td> <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td> @@ -227,6 +230,7 @@ include_once("head.inc"); <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td> <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td> </tr> + </tbody> </table><br/> </td> </tr> @@ -262,8 +266,8 @@ include_once("head.inc"); <br/></p> <?php else: ?> <br/> - <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn" - title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/> + <input type="submit" value="<?=gettext("Update");?>" name="update" id="update" class="formbtn" + title="<?php echo gettext("Check for and apply new update to enabled rule sets"); ?>"/> <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn" title="<?=gettext("Force an update of all enabled rule sets");?>" onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of all enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/> @@ -271,7 +275,6 @@ include_once("head.inc"); <?php endif; ?> </td> </tr> - <tr> <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td> </tr> @@ -318,10 +321,12 @@ include_once("head.inc"); gettext(" will go down from time to time. Please be patient."); ?></span><br/> </td> </tr> + </tbody> </table> </div> </td> </tr> +</tbody> </table> <!-- end of final table --> </form> diff --git a/config/suricata/suricata_etiqrisk_update.php b/config/suricata/suricata_etiqrisk_update.php new file mode 100644 index 00000000..70fbdb79 --- /dev/null +++ b/config/suricata/suricata_etiqrisk_update.php @@ -0,0 +1,216 @@ +<?php +/* + * suricata_etiqrisk_update.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("functions.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); + +/************************************************************************* + * Hack for backwards compatibility with older 2.1.x pfSense versions * + * that did not contain the new "download_file()" utility function * + * present in 2.2 and higher. * + *************************************************************************/ +if(!function_exists("download_file")) { + function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) { + global $config, $g; + + $fp = fopen($destination, "wb"); + + if (!$fp) + return false; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl); + curl_setopt($ch, CURLOPT_FILE, $fp); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + @curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + fclose($fp); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; + } +} + +function suricata_check_iprep_md5($filename) { + + /**********************************************************/ + /* This function attempts to download the MD5 hash for */ + /* the passed file and compare its contents to the */ + /* currently stored hash file to see if a new file has */ + /* been posted. */ + /* */ + /* On Entry: $filename = IPREP file to check ('md5sum' */ + /* is auto-appended to the supplied */ + /* filename.) */ + /* */ + /* Returns: TRUE if new rule file download required. */ + /* FALSE if rule download not required or an */ + /* error occurred. */ + /**********************************************************/ + + global $iqRisk_tmppath, $iprep_path; + $new_md5 = $old_md5 = ""; + $et_iqrisk_url = str_replace("_xxx_", $config['installedpackages']['suricata']['config'][0]['iqrisk_code'], ET_IQRISK_DNLD_URL); + + if (download_file("{$et_iqrisk_url}{$filename}.md5sum", "{$iqRisk_tmppath}{$filename}.md5") == true) { + if (file_exists("{$iqRisk_tmppath}{$filename}.md5")) + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}{$filename}.md5")); + if (file_exists("{$iprep_path}{$filename}.md5")) + $old_md5 = trim(file_get_contents("{$iprep_path}{$filename}.md5")); + if ($new_md5 != $old_md5) + return TRUE; + else + log_error(gettext("[Suricata] IPREP file '{$filename}' is up to date.")); + } + else + log_error(gettext("[Suricata] An error occurred downloading {$et_iqrisk_url}{$filename}.md5sum for IPREP. Update of {$filename} file will be skipped.")); + + return FALSE; +} + +/********************************************************************** + * Start of main code * + **********************************************************************/ +global $g, $config; +$iprep_path = SURICATA_IPREP_PATH; +$iqRisk_tmppath = "{$g['tmp_path']}/IQRisk/"; +$success = FALSE; + +if (!is_array($config['installedpackages']['suricata']['config'][0])) + $config['installedpackages']['suricata']['config'][0] = array(); + +// If auto-updates of ET IQRisk are disabled, then exit +if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == "off") + return(0); +else + log_error(gettext("[Suricata] Updating the Emerging Threats IQRisk IP List...")); + +// Construct the download URL using the saved ET IQRisk Subscriber Code +if (!empty($config['installedpackages']['suricata']['config'][0]['iqrisk_code'])) { + $et_iqrisk_url = str_replace("_xxx_", $config['installedpackages']['suricata']['config'][0]['iqrisk_code'], ET_IQRISK_DNLD_URL); +} +else { + log_error(gettext("[Suricata] No IQRisk subscriber code found! Aborting scheduled update of Emerging Threats IQRisk IP List.")); + return(0); +} + +// Download the IP List files to a temporary location +safe_mkdir("$iqRisk_tmppath"); + +// Test the posted MD5 checksum file against our local copy +// to see if an update has been posted for 'categories.txt'. +if (suricata_check_iprep_md5("categories.txt")) { + log_error(gettext("[Suricata] An updated IPREP 'categories.txt' file is available...downloading new file.")); + if (download_file("{$et_iqrisk_url}categories.txt", "{$iqRisk_tmppath}categories.txt") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'categories.txt' file for IQRisk.")); + else { + // If the files downloaded successfully, unpack them and store + // the list files in the SURICATA_IPREP_PATH directory. + if (file_exists("{$iqRisk_tmppath}categories.txt") && file_exists("{$iqRisk_tmppath}categories.txt.md5")) { + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}categories.txt.md5")); + if ($new_md5 == md5_file("{$iqRisk_tmppath}categories.txt")) { + @rename("{$iqRisk_tmppath}categories.txt", "{$iprep_path}categories.txt"); + @rename("{$iqRisk_tmppath}categories.txt.md5", "{$iprep_path}categories.txt.md5"); + $success = TRUE; + log_error(gettext("[Suricata] Successfully updated IPREP file 'categories.txt'.")); + } + else + log_error(gettext("[Suricata] MD5 integrity check of downloaded 'categories.txt' file failed! Skipping update of this IPREP file.")); + } + } +} + +// Test the posted MD5 checksum file against our local copy +// to see if an update has been posted for 'iprepdata.txt.gz'. +if (suricata_check_iprep_md5("iprepdata.txt.gz")) { + log_error(gettext("[Suricata] An updated IPREP 'iprepdata.txt' file is available...downloading new file.")); + if (download_file("{$et_iqrisk_url}iprepdata.txt.gz", "{$iqRisk_tmppath}iprepdata.txt.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'iprepdata.txt.gz' file for IQRisk.")); + else { + // If the files downloaded successfully, unpack them and store + // the list files in the SURICATA_IPREP_PATH directory. + if (file_exists("{$iqRisk_tmppath}iprepdata.txt.gz") && file_exists("{$iqRisk_tmppath}iprepdata.txt.gz.md5")) { + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}iprepdata.txt.gz.md5")); + if ($new_md5 == md5_file("{$iqRisk_tmppath}iprepdata.txt.gz")) { + mwexec("/usr/bin/gunzip -f {$iqRisk_tmppath}iprepdata.txt.gz"); + @rename("{$iqRisk_tmppath}iprepdata.txt", "{$iprep_path}iprepdata.txt"); + @rename("{$iqRisk_tmppath}iprepdata.txt.gz.md5", "{$iprep_path}iprepdata.txt.gz.md5"); + $success = TRUE; + log_error(gettext("[Suricata] Successfully updated IPREP file 'iprepdata.txt'.")); + } + else + log_error(gettext("[Suricata] MD5 integrity check of downloaded 'iprepdata.txt.gz' file failed! Skipping update of this IPREP file.")); + } + } +} + +// Cleanup the tmp directory path +rmdir_recursive("$iqRisk_tmppath"); + +log_error(gettext("[Suricata] Emerging Threats IQRisk IP List update finished.")); + +// If successful, signal any running Suricata process to live reload the rules and IP lists +if ($success == TRUE && is_process_running("suricata")) { + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + if ($value['enable_iprep'] == "on") { + suricata_reload_config($value); + sleep(2); + } + } +} + +?> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index ba594d55..9467ea7c 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -251,7 +251,6 @@ elseif ($_POST['ResetAll']) { $pconfig['flow_icmp_emerg_established_timeout'] = '100'; $pconfig['stream_memcap'] = '33554432'; - $pconfig['stream_max_sessions'] = '262144'; $pconfig['stream_prealloc_sessions'] = '32768'; $pconfig['reassembly_memcap'] = '67108864'; $pconfig['reassembly_depth'] = '1048576'; @@ -261,9 +260,9 @@ elseif ($_POST['ResetAll']) { $pconfig['enable_async_sessions'] = 'off'; /* Log a message at the top of the page to inform the user */ - $savemsg = gettext("All flow and stream settings have been reset to their defaults."); + $savemsg = gettext("All flow and stream settings have been reset to their defaults. Click APPLY to save the changes."); } -elseif ($_POST['save']) { +elseif ($_POST['save'] || $_POST['apply']) { $natent = array(); $natent = $pconfig; @@ -300,7 +299,6 @@ elseif ($_POST['save']) { if ($_POST['flow_icmp_emerg_established_timeout'] != "") { $natent['flow_icmp_emerg_established_timeout'] = $_POST['flow_icmp_emerg_established_timeout']; }else{ $natent['flow_icmp_emerg_established_timeout'] = "100"; } if ($_POST['stream_memcap'] != "") { $natent['stream_memcap'] = $_POST['stream_memcap']; }else{ $natent['stream_memcap'] = "33554432"; } - if ($_POST['stream_max_sessions'] != "") { $natent['stream_max_sessions'] = $_POST['stream_max_sessions']; }else{ $natent['stream_max_sessions'] = "262144"; } if ($_POST['stream_prealloc_sessions'] != "") { $natent['stream_prealloc_sessions'] = $_POST['stream_prealloc_sessions']; }else{ $natent['stream_prealloc_sessions'] = "32768"; } if ($_POST['enable_midstream_sessions'] == "on") { $natent['enable_midstream_sessions'] = 'on'; }else{ $natent['enable_midstream_sessions'] = 'off'; } if ($_POST['enable_async_sessions'] == "on") { $natent['enable_async_sessions'] = 'on'; }else{ $natent['enable_async_sessions'] = 'off'; } @@ -318,7 +316,12 @@ elseif ($_POST['save']) { $a_nat[$id] = $natent; write_config(); $rebuild_rules = false; + conf_mount_rw(); suricata_generate_yaml($natent); + conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -431,32 +434,40 @@ include_once("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); - - /* Display error or save message */ - if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks - } - if ($savemsg) { - print_info_box($savemsg); - } +/* Display error message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} ?> <form action="suricata_flow_stream.php" method="post" name="iform" id="iform"> <input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> <input type="hidden" name="id" id="id" value="<?=$id;?>"/> +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; @@ -469,6 +480,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -489,6 +501,7 @@ include_once("head.inc"); <?php else: ?> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific Defrag and Stream Settings"); ?></td> </tr> @@ -511,6 +524,7 @@ include_once("head.inc"); height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"/></th> </tr> </thead> + <tbody> <?php foreach ($pconfig['host_os_policy']['item'] as $f => $v): ?> <tr> <td class="listlr" align="left"><?=gettext($v['name']);?></td> @@ -529,6 +543,7 @@ include_once("head.inc"); </td> </tr> <?php endforeach; ?> + </tbody> </table> </td> </tr> @@ -633,6 +648,7 @@ include_once("head.inc"); <td width="22%" valign="top" class="vncell"><?php echo gettext("TCP Connections"); ?></td> <td width="78%" class="vtable"> <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tbody> <tr> <td class="vexpl"><input name="flow_tcp_new_timeout" type="text" class="formfld unknown" id="flow_tcp_new_timeout" size="9" value="<?=htmlspecialchars($pconfig['flow_tcp_new_timeout']);?>"> @@ -669,6 +685,7 @@ include_once("head.inc"); <?php echo gettext("Emergency Closed TCP connection timeout in seconds. Default is ") . "<strong>" . gettext("20") . "</strong>."; ?> </td> </tr> + </tbody> </table> </td> </tr> @@ -676,6 +693,7 @@ include_once("head.inc"); <td width="22%" valign="top" class="vncell"><?php echo gettext("UDP Connections"); ?></td> <td width="78%" class="vtable"> <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tbody> <tr> <td class="vexpl"><input name="flow_udp_new_timeout" type="text" class="formfld unknown" id="flow_udp_new_timeout" size="9" value="<?=htmlspecialchars($pconfig['flow_udp_new_timeout']);?>"> @@ -700,6 +718,7 @@ include_once("head.inc"); <?php echo gettext("Emergency Established UDP connection timeout in seconds. Default is ") . "<strong>" . gettext("100") . "</strong>."; ?> </td> </tr> + </tbody> </table> </td> </tr> @@ -707,6 +726,7 @@ include_once("head.inc"); <td width="22%" valign="top" class="vncell"><?php echo gettext("ICMP Connections"); ?></td> <td width="78%" class="vtable"> <table width="100%" cellspacing="4" cellpadding="0" border="0"> + <tbody> <tr> <td class="vexpl"><input name="flow_icmp_new_timeout" type="text" class="formfld unknown" id="flow_icmp_new_timeout" size="9" value="<?=htmlspecialchars($pconfig['flow_icmp_new_timeout']);?>"> @@ -731,6 +751,7 @@ include_once("head.inc"); <?php echo gettext("Emergency Established ICMP connection timeout in seconds. Default is ") . "<strong>" . gettext("100") . "</strong>."; ?> </td> </tr> + </tbody> </table> </td> </tr> @@ -748,16 +769,6 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Sessions"); ?></td> - <td width="78%" class="vtable"> - <input name="stream_max_sessions" type="text" class="formfld unknown" id="stream_max_sessions" size="9" - value="<?=htmlspecialchars($pconfig['stream_max_sessions']);?>"> - <?php echo gettext("Max concurrent stream engine sessions. Default is ") . - "<strong>" . gettext("262,144") . "</strong>" . gettext(" sessions."); ?><br/><br/> - <?php echo gettext("Sets the maximum number of concurrent sessions to be used by the stream engine."); ?> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Preallocated Sessions"); ?></td> <td width="78%" class="vtable"> <input name="stream_prealloc_sessions" type="text" class="formfld unknown" id="stream_prealloc_sessions" size="9" @@ -835,12 +846,13 @@ include_once("head.inc"); <?php echo gettext("Please save your settings before you exit. Changes will rebuild the rules file. This "); ?> <?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td> </tr> + </tbody> </table> <?php endif; ?> </div> -</td></tr></table> +</td></tr></tbody></table> </form> <?php include("fend.inc"); ?> </body> diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index bd3ce368..328702b9 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -53,13 +53,6 @@ foreach ($config_files as $file) { @copy("{$suricatadir}{$file}", "{$suricatacfgdir}/{$file}"); } -// Create required files if they don't exist -$suricata_files = array( "{$suricatacfgdir}/magic" ); -foreach ($suricata_files as $file) { - if (!file_exists($file)) - file_put_contents($file, "\n"); -} - // Read the configuration parameters for the passed interface // and construct appropriate string variables for use in the // suricata.yaml template include file. @@ -68,11 +61,17 @@ foreach ($suricata_files as $file) { $home_net_list = suricata_build_list($suricatacfg, $suricatacfg['homelistname']); $home_net = implode(",", $home_net_list); $home_net = trim($home_net); -$external_net = '!$HOME_NET'; +$external_net = ""; if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname'] != 'default') { - $external_net_list = suricata_build_list($suricatacfg, $suricatacfg['externallistname']); + $external_net_list = suricata_build_list($suricatacfg, $suricatacfg['externallistname'], false, true); $external_net = implode(",", $external_net_list); - $external_net = trim($external_net); + $external_net = "[" . trim($external_net) . "]"; +} +else { + $external_net = "["; + foreach ($home_net_list as $ip) + $external_net .= "!{$ip},"; + $external_net = trim($external_net, ', ') . "]"; } // Set the PASS LIST and write its contents to disk @@ -85,7 +84,7 @@ $suricata_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET", "dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET", - "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", + "enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", "aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" ); $addr_vars = ""; @@ -102,6 +101,7 @@ if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port']) else $ssh_port = "22"; $suricata_ports = array( + "ftp_ports" => "21", "http_ports" => "80", "oracle_ports" => "1521", "ssh_ports" => $ssh_port, @@ -158,6 +158,11 @@ if ($suricatacfg['delayed_detect'] == 'on') else $delayed_detect = "no"; +if ($suricatacfg['intf_promisc_mode'] == 'on') + $intf_promisc_mode = "yes"; +else + $intf_promisc_mode = "no"; + // Add interface-specific blocking settings if ($suricatacfg['blockoffenders'] == 'on') $suri_blockoffenders = "yes"; @@ -184,6 +189,26 @@ if ($suricatacfg['alertsystemlog'] == 'on') else $alert_syslog = "no"; +if (!empty($suricatacfg['alertsystemlog_facility'])) + $alert_syslog_facility = $suricatacfg['alertsystemlog_facility']; +else + $alert_syslog_facility = "local5"; + +if (!empty($suricatacfg['alertsystemlog_priority'])) + $alert_syslog_priority = $suricatacfg['alertsystemlog_priority']; +else + $alert_syslog_priority = "Info"; + +if ($suricatacfg['enable_dns_log'] == 'on') + $dns_log_enabled = "yes"; +else + $dns_log_enabled = "no"; + +if ($suricatacfg['append_dns_log'] == 'on') + $dns_log_append = "yes"; +else + $dns_log_append = "no"; + if ($suricatacfg['enable_stats_log'] == 'on') $stats_log_enabled = "yes"; else @@ -209,6 +234,11 @@ if ($suricatacfg['append_http_log'] == 'on') else $http_log_append = "no"; +if ($suricatacfg['http_log_extended'] == 'on') + $http_log_extended = "yes"; +else + $http_log_extended = "no"; + if ($suricatacfg['enable_tls_log'] == 'on') $tls_log_enabled = "yes"; else @@ -277,6 +307,66 @@ if (isset($suricatacfg['barnyard_sensor_id'])) else $unified2_sensor_id = "0"; +// EVE JSON log output settings +if ($suricatacfg['enable_eve_log'] == 'on') + $enable_eve_log = "yes"; +else + $enable_eve_log = "no"; + +if ($suricatacfg['eve_output_type'] == 'syslog') + $eve_output_type = "syslog"; +else + $eve_output_type = "file"; + +if (!empty($suricatacfg['eve_systemlog_facility'])) + $eve_systemlog_facility = $suricatacfg['eve_systemlog_facility']; +else + $eve_systemlog_facility = "local1"; + +if (!empty($suricatacfg['eve_systemlog_priority'])) + $eve_systemlog_priority = $suricatacfg['eve_systemlog_priority']; +else + $eve_systemlog_priority = "info"; + +// EVE log output included information +$eve_out_types = ""; +if ($suricatacfg['eve_log_alerts'] == 'on') + $eve_out_types .= "\n - alert"; + +if ($suricatacfg['eve_log_http'] == 'on') { + $eve_out_types .= "\n - http:"; + if ($suricatacfg['http_log_extended'] == 'on') + $eve_out_types .= "\n extended: yes"; + else + $eve_out_types .= "\n extended: no"; +} + +if ($suricatacfg['eve_log_dns'] == 'on') + $eve_out_types .= "\n - dns"; + +if ($suricatacfg['eve_log_tls'] == 'on') { + $eve_out_types .= "\n - tls:"; + if ($suricatacfg['tls_log_extended'] == 'on') + $eve_out_types .= "\n extended: yes"; + else + $eve_out_types .= "\n extended: no"; +} + +if ($suricatacfg['eve_log_files'] == 'on') { + $eve_out_types .= "\n - files:"; + if ($suricatacfg['enable_tracked_files_magic'] == 'on') + $eve_out_types .= "\n force-magic: yes"; + else + $eve_out_types .= "\n force-magic: no"; + if ($suricatacfg['enable_tracked_files_md5'] == 'on') + $eve_out_types .= "\n force-md5: yes"; + else + $eve_out_types .= "\n force-md5: no"; +} + +if ($suricatacfg['eve_log_ssh'] == 'on') + $eve_out_types .= "\n - ssh"; + // Add interface-specific IP defrag settings if (!empty($suricatacfg['frag_memcap'])) $frag_memcap = $suricatacfg['frag_memcap']; @@ -406,11 +496,6 @@ if (!empty($suricatacfg['stream_memcap'])) else $stream_memcap = "33554432"; -if (!empty($suricatacfg['stream_max_sessions'])) - $stream_max_sessions = $suricatacfg['stream_max_sessions']; -else - $stream_max_sessions = "262144"; - if (!empty($suricatacfg['stream_prealloc_sessions'])) $stream_prealloc_sessions = $suricatacfg['stream_prealloc_sessions']; else @@ -448,9 +533,10 @@ else // Add the OS-specific host policies if configured, otherwise // just set default to BSD for all networks. +$host_os_policy = ""; if (!is_array($suricatacfg['host_os_policy']['item'])) $suricatacfg['host_os_policy']['item'] = array(); -if (empty($suricatacfg['host_os_policy']['item'])) +if (count($suricatacfg['host_os_policy']['item']) < 1) $host_os_policy = "bsd: [0.0.0.0/0]"; else { foreach ($suricatacfg['host_os_policy']['item'] as $k => $v) { @@ -488,11 +574,13 @@ else { // Add the HTTP Server-specific policies if configured, otherwise // just set default to IDS for all networks. +$http_hosts_policy = ""; +$http_hosts_default_policy = ""; if (!is_array($suricatacfg['libhtp_policy']['item'])) $suricatacfg['libhtp_policy']['item'] = array(); -if (empty($suricatacfg['libhtp_policy']['item'])) { - $http_hosts_default_policy = "default-config:\n personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n"; - $http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n"; +if (count($suricatacfg['libhtp_policy']['item']) < 1) { + $http_hosts_default_policy = " personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n"; + $http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n uri-include-all: no\n"; } else { foreach ($suricatacfg['libhtp_policy']['item'] as $k => $v) { @@ -519,6 +607,7 @@ else { $engine .= " response-body-limit: {$v['response-body-limit']}\n"; $engine .= " double-decode-path: {$v['double-decode-path']}\n"; $engine .= " double-decode-query: {$v['double-decode-query']}\n"; + $engine .= " uri-include-all: {$v['uri-include-all']}\n"; $http_hosts_policy .= " {$engine}\n"; } else { @@ -531,6 +620,7 @@ else { $http_hosts_default_policy .= " response-body-limit: {$v['response-body-limit']}\n"; $http_hosts_default_policy .= " double-decode-path: {$v['double-decode-path']}\n"; $http_hosts_default_policy .= " double-decode-query: {$v['double-decode-query']}\n"; + $http_hosts_default_policy .= " uri-include-all: {$v['uri-include-all']}\n"; } } // Remove trailing newline @@ -544,13 +634,108 @@ if (!empty($suricatacfg['asn1_max_frames'])) else $asn1_max_frames = "256"; +// Configure App-Layer Parsers/Detection +if (!empty($suricatacfg['tls_parser'])) + $tls_parser = $suricatacfg['tls_parser']; +else + $tls_parser = "yes"; +if (!empty($suricatacfg['dcerpc_parser'])) + $dcerpc_parser = $suricatacfg['dcerpc_parser']; +else + $dcerpc_parser = "yes"; +if (!empty($suricatacfg['ftp_parser'])) + $ftp_parser = $suricatacfg['ftp_parser']; +else + $ftp_parser = "yes"; +if (!empty($suricatacfg['ssh_parser'])) + $ssh_parser = $suricatacfg['ssh_parser']; +else + $ssh_parser = "yes"; +if (!empty($suricatacfg['smtp_parser'])) + $smtp_parser = $suricatacfg['smtp_parser']; +else + $smtp_parser = "yes"; +if (!empty($suricatacfg['imap_parser'])) + $imap_parser = $suricatacfg['imap_parser']; +else + $imap_parser = "detection-only"; +if (!empty($suricatacfg['msn_parser'])) + $msn_parser = $suricatacfg['msn_parser']; +else + $msn_parser = "detection-only"; +if (!empty($suricatacfg['smb_parser'])) + $smb_parser = $suricatacfg['smb_parser']; +else + $smb_parser = "yes"; + +/* DNS Parser */ +if (!empty($suricatacfg['dns_parser_tcp'])) + $dns_parser_tcp = $suricatacfg['dns_parser_tcp']; +else + $dns_parser_tcp = "yes"; +if (!empty($suricatacfg['dns_parser_udp'])) + $dns_parser_udp = $suricatacfg['dns_parser_udp']; +else + $dns_parser_udp = "yes"; +if (!empty($suricatacfg['dns_global_memcap'])) + $dns_global_memcap = $suricatacfg['dns_global_memcap']; +else + $dns_global_memcap = "16777216"; +if (!empty($suricatacfg['dns_state_memcap'])) + $dns_state_memcap = $suricatacfg['dns_state_memcap']; +else + $dns_state_memcap = "524288"; +if (!empty($suricatacfg['dns_request_flood_limit'])) + $dns_request_flood_limit = $suricatacfg['dns_request_flood_limit']; +else + $dns_request_flood_limit = "500"; + +/* HTTP Parser */ +if (!empty($suricatacfg['http_parser'])) + $http_parser = $suricatacfg['http_parser']; +else + $http_parser = "yes"; +if (!empty($suricatacfg['http_parser_memcap'])) + $http_parser_memcap = $suricatacfg['http_parser_memcap']; +else + $http_parser_memcap = "67108864"; + +/* Configure the IP REP section */ +$iprep_path = rtrim(SURICATA_IPREP_PATH, '/'); +$iprep_config = "# IP Reputation\n"; +if ($suricatacfg['enable_iprep'] == "on") { + $iprep_config .= "default-reputation-path: {$iprep_path}\n"; + $iprep_config .= "reputation-categories-file: {$iprep_path}/{$suricatacfg['iprep_catlist']}\n"; + $iprep_config .= "reputation-files:"; + + if (!is_array($suricatacfg['iplist_files']['item'])) + $suricatacfg['iplist_files']['item'] = array(); + + foreach ($suricatacfg['iplist_files']['item'] as $f) + $iprep_config .= "\n - $f"; +} + +/* Configure Host Table settings */ +if (!empty($suricatacfg['host_memcap'])) + $host_memcap = $suricatacfg['host_memcap']; +else + $host_memcap = "16777216"; +if (!empty($suricatacfg['host_hash_size'])) + $host_hash_size = $suricatacfg['host_hash_size']; +else + $host_hash_size = "4096"; +if (!empty($suricatacfg['host_prealloc'])) + $host_prealloc = $suricatacfg['host_prealloc']; +else + $host_prealloc = "1000"; + // Create the rules files and save in the interface directory suricata_prepare_rule_files($suricatacfg, $suricatacfgdir); // Check and configure only non-empty rules files for the interface $rules_files = ""; -if (filesize("{$suricatacfgdir}/rules/".ENFORCING_RULES_FILENAME) > 0) - $rules_files .= ENFORCING_RULES_FILENAME; +if (filesize("{$suricatacfgdir}/rules/".SURICATA_ENFORCING_RULES_FILENAME) > 0) + $rules_files .= SURICATA_ENFORCING_RULES_FILENAME; if (filesize("{$suricatacfgdir}/rules/".FLOWBITS_FILENAME) > 0) $rules_files .= "\n - " . FLOWBITS_FILENAME; if (filesize("{$suricatacfgdir}/rules/custom.rules") > 0) @@ -563,4 +748,9 @@ if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] == else $suricata_use_syslog = "no"; +if (!empty($config['installedpackages']['suricata']['config'][0]['log_to_systemlog'])) + $suricata_use_syslog_facility = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; +else + $suricata_use_syslog_facility = "local1"; + ?> diff --git a/config/suricata/suricata_geoipupdate.php b/config/suricata/suricata_geoipupdate.php new file mode 100644 index 00000000..46e1177e --- /dev/null +++ b/config/suricata/suricata_geoipupdate.php @@ -0,0 +1,137 @@ +<?php +/* + * suricata_geoipupdate.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. +*/ + +/* This product includes GeoLite data created by MaxMind, available from + * http://www.maxmind.com +*/ + +require_once("config.inc"); +require_once("functions.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); + +/************************************************************************* + * Hack for backwards compatibility with older 2.1.x pfSense versions * + * that did not contain the new "download_file()" utility function * + * present in 2.2 and higher. * + *************************************************************************/ +if(!function_exists("download_file")) { + function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) { + global $config, $g; + + $fp = fopen($destination, "wb"); + + if (!$fp) + return false; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl); + curl_setopt($ch, CURLOPT_FILE, $fp); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + @curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + fclose($fp); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; + } +} + +/********************************************************************** + * Start of main code * + **********************************************************************/ +global $g, $config; +$suricata_geoip_dbdir = SURICATA_PBI_BASEDIR . 'share/GeoIP/'; +$geoip_tmppath = "{$g['tmp_path']}/geoipup/"; + +// If auto-updates of GeoIP are disabled, then exit +if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == "off") + exit(0); +else + log_error(gettext("[Suricata] Updating the GeoIP country database files...")); + + +// Download the free GeoIP Legacy country name databases for IPv4 and IPv6 +// to a temporary location. +safe_mkdir("$geoip_tmppath"); +if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", "{$geoip_tmppath}GeoIP.dat.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'GeoIP.dat.gz' update file for GeoIP.")); +if (download_file("http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz", "{$geoip_tmppath}GeoIPv6.dat.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'GeoIPv6.dat.gz' update file for GeoIP.")); + +// Mount filesystem read-write since we need to write +// the extracted databases to PBI_BASE/share/GeoIP. +conf_mount_rw(); + +// If the files downloaded successfully, unpack them and store +// the DB files in the PBI_BASE/share/GeoIP directory. +if (file_exists("{$geoip_tmppath}GeoIP.dat.gz")) { + mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIP.dat.gz"); + @rename("{$geoip_tmppath}GeoIP.dat", "{$suricata_geoip_dbdir}GeoIP.dat"); +} + +if (file_exists("{$geoip_tmppath}GeoIPv6.dat.gz")) { + mwexec("/usr/bin/gunzip -f {$geoip_tmppath}GeoIPv6.dat.gz"); + @rename("{$geoip_tmppath}GeoIPv6.dat", "{$suricata_geoip_dbdir}GeoIPv6.dat"); +} + +// Finished with filesystem mods, so remount read-only +conf_mount_ro(); + +// Cleanup the tmp directory path +rmdir_recursive("$geoip_tmppath"); + +log_error(gettext("[Suricata] GeoIP database update finished.")); + +?> diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index 9c932222..eb657465 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -45,29 +45,46 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g; $suricatadir = SURICATADIR; +$pconfig = array(); -$pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; -$pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode']; -$pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode']; -$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; -$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; -$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; -$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; -$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; -$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; -$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; -$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; +// If doing a postback, used typed values, else load from stored config +if (!empty($_POST)) { + $pconfig = $_POST; +} +else { + $pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; + $pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode']; + $pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode']; + $pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; + $pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; + $pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; + $pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; + $pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; + $pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; + $pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; + $pconfig['log_to_systemlog_facility'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility']; + $pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; + $pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; + $pconfig['snort_rules_file'] = $config['installedpackages']['suricata']['config'][0]['snort_rules_file']; + $pconfig['autogeoipupdate'] = $config['installedpackages']['suricata']['config'][0]['autogeoipupdate']; +} +// Do input validation on parameters if (empty($pconfig['autoruleupdatetime'])) $pconfig['autoruleupdatetime'] = '00:30'; +if (empty($pconfig['log_to_systemlog_facility'])) + $pconfig['log_to_systemlog_facility'] = "local1"; + if ($_POST['autoruleupdatetime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime'])) $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; } -if ($_POST['suricatadownload'] == "on" && empty($_POST['oinkcode'])) +if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['snort_rules_file'])) + $input_errors[] = "You must supply a snort rules tarball filename in the box provided in order to enable Snort VRT rules!"; + +if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['oinkcode'])) $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode'])) @@ -81,6 +98,7 @@ if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] = $_POST['enable_etopen_rules'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] = $_POST['enable_etpro_rules'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] = $_POST['autogeoipupdate'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start @@ -117,28 +135,42 @@ if (!$input_errors) { } } + $config['installedpackages']['suricata']['config'][0]['snort_rules_file'] = $_POST['snort_rules_file']; $config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode']; $config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode']; $config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked']; $config['installedpackages']['suricata']['config'][0]['autoruleupdate'] = $_POST['autoruleupdate']; /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ - $pos = strpos($_POST['autoruleupdatetime'], ":"); - if ($pos === false) { - $tmp = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); - $_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); + if ($_POST['autoruleupdatetime']) { + $pos = strpos($_POST['autoruleupdatetime'], ":"); + if ($pos === false) { + $tmp = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); + $_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); + } + $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); } - $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility']; $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; + write_config("Suricata pkg: modified global settings."); + + /* Toggle cron task for GeoIP database updates if setting was changed */ + if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) { + include("/usr/local/pkg/suricata/suricata_geoipupdate.php"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root"); + } + elseif ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) + install_cron_job("/usr/local/pkg/suricata/suricata_geoipupdate.php", FALSE); + /* create passlist and homenet file, then sync files */ + conf_mount_rw(); sync_suricata_package_config(); - - write_config(); + conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -161,9 +193,6 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; - /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); @@ -172,25 +201,30 @@ if ($input_errors) <form action="suricata_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); - $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array = array(); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array, true); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Please Choose The Type Of Rules You Wish To Download");?></td> </tr> @@ -198,6 +232,7 @@ if ($input_errors) <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Emerging Threats") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();" <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td> @@ -218,8 +253,10 @@ if ($input_errors) <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> </tr> + </tbody> </table> <table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td colspan="2"> </td> </tr> @@ -232,6 +269,7 @@ if ($input_errors) value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/> <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td> </tr> + </tbody> </table> </td> </tr> @@ -239,36 +277,45 @@ if ($input_errors) <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort VRT") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();" <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td> <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="https://www.snort.org/products" target="_blank"> <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> + </tbody> </table> <table id="snort_oink_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> - <td colspan="2"> </td> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Configuration"); ?></span></b></td> </tr> <tr> - <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td> + <td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Rules Filename:"); ?></strong></span> </td> + <td><input name="snort_rules_file" type="text" class="formfld unknown" id="snort_rules_file" size="52" + value="<?=htmlspecialchars($pconfig['snort_rules_file']);?>"/><br/> + <?php echo gettext("Enter the rules tarball filename (filename only, do not include the URL.)"); ?> + <br/><span class="red"><strong><?php echo gettext("Example: ") . "</strong></span>" . gettext("snortrules-snapshot-2962.tar.gz");?><br/><br/></td> </tr> <tr> - <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Oinkmaster Code:"); ?></strong></span> </td> <td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52" value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/> <?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td> </tr> + </tbody> </table> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort Community") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td> @@ -278,6 +325,7 @@ if ($input_errors) gettext("If you are a Snort VRT Paid Subscriber, the community ruleset is already built into your download of the ") . gettext("Snort VRT rules, and there is no benefit in adding this rule set.");?><br/></td> </tr> + </tbody> </table></td> </tr> <tr> @@ -315,6 +363,15 @@ if ($input_errors) "If issues are encountered with live load, uncheck this option to perform a hard restart of all Suricata instances following an update."); ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("GeoIP DB Update"); ?></td> + <td width="78%" class="vtable"><input name="autogeoipupdate" id="autogeoipupdate" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate']=="on") echo " checked"; ?>/> + <?php echo gettext("Enable downloading of free GeoIP Country Database updates. Default is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/><br/> + <?php echo gettext("When enabled, Suricata will automatically download updates for the free legacy GeoIP country database on the 8th of each month at midnight.") . + "<br/><br/>" . gettext("If you have a subscription for more current GeoIP updates, uncheck this option and instead create your own process to place the required database files in " . + SURICATA_PBI_BASEDIR . "share/GeoIP/."); ?></td> +</tr> +<tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> <tr> @@ -334,10 +391,29 @@ if ($input_errors) </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td> - <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" + <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" onclick="toggle_log_to_systemlog();" <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/> <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td> </tr> + <tbody id="log_to_systemlog_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="log_to_systemlog_facility" id="log_to_systemlog_facility" class="formselect"> + <?php + $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0", + "local1", "local2", "local3", "local4", "local5", "local6", "local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['log_to_systemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log facility to use for reporting. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?> + </td> + </tr> + </tbody> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" @@ -351,9 +427,10 @@ if ($input_errors) <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong> </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> </tr> +</tbody> </table> </div><br/> -</td></tr> +</td></tr></tbody> </table> </form> <?php include("fend.inc"); ?> @@ -396,11 +473,20 @@ function enable_change_rules_upd() { document.iform.autoruleupdatetime.disabled=""; } +function toggle_log_to_systemlog() { + var endis = !document.iform.log_to_systemlog.checked; + if (endis) + document.getElementById("log_to_systemlog_rows").style.display="none"; + else + document.getElementById("log_to_systemlog_rows").style.display=""; +} + // Initialize the form controls state based on saved settings enable_snort_vrt(); enable_et_rules(); enable_pro_rules(); enable_change_rules_upd(); +toggle_log_to_systemlog(); //--> </script> diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php index ccaaf29d..e2fa4f40 100644 --- a/config/suricata/suricata_import_aliases.php +++ b/config/suricata/suricata_import_aliases.php @@ -79,8 +79,8 @@ <col width="35%" align="left" axis="string"> </colgroup> <thead> - <tr> - <th class="listhdrr"></th> + <tr class="sortableHeaderRowIdentifier"> + <th class="listhdrr sorttable_nosort"></th> <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th> <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th> <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th> diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 26d57b71..e996a24f 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -57,6 +57,9 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $a_nat = &$config['installedpackages']['suricata']['rule']; $id_gen = count($config['installedpackages']['suricata']['rule']); +// Get list of configured firewall interfaces +$ifaces = get_configured_interface_list(); + if ($_POST['del_x']) { /* delete selected interfaces */ if (is_array($_POST['rule'])) { @@ -65,8 +68,8 @@ if ($_POST['del_x']) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $suricata_uuid = $a_nat[$rulei]['uuid']; suricata_stop($a_nat[$rulei], $if_real); - exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}"); - exec("/bin/rm -r {$suricatadir}suricata_{$suricata_uuid}_{$if_real}"); + rmdir_recursive("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}"); + rmdir_recursive("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"); unset($a_nat[$rulei]); } conf_mount_ro(); @@ -75,19 +78,12 @@ if ($_POST['del_x']) { if (empty($a_nat)) unset($a_nat); - write_config(); + write_config("Suricata pkg: deleted one or more Suricata interfaces."); sleep(2); - /* if there are no ifaces remaining do not create suricata.sh */ - if (!empty($config['installedpackages']['suricata']['rule'])) - suricata_create_rc(); - else { - conf_mount_rw(); - @unlink("{$rcdir}/suricata.sh"); - conf_mount_ro(); - } - + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -107,7 +103,9 @@ if ($_POST['bartoggle']) { if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})..."); + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); suricata_barnyard_start($suricatacfg, $if_real); } else { log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})..."); @@ -132,7 +130,9 @@ if ($_POST['toggle']) { log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})..."); // set flag to rebuild interface rules before starting Snort $rebuild_rules = true; + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); $rebuild_rules = false; suricata_start($suricatacfg, $if_real); } @@ -166,19 +166,23 @@ include_once("head.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr> <td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> @@ -187,7 +191,6 @@ include_once("head.inc"); <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <colgroup> <col width="3%" align="center"> <col width="12%"> @@ -207,12 +210,26 @@ include_once("head.inc"); <th class="listhdrr"><?php echo gettext("Block"); ?></th> <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th> <th class="listhdr"><?php echo gettext("Description"); ?></th> - <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <th class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> </th> </tr> </thead> + <tbody> <?php $nnats = $i = 0; // Turn on buffering to speed up rendering @@ -342,7 +359,15 @@ include_once("head.inc"); <td valign="middle" class="list" nowrap> <a href="suricata_interfaces_edit.php?id=<?=$i;?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a> + width="17" height="17" border="0" title="<?php echo gettext('Edit this Suricata interface mapping'); ?>"></a> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?=$i;?>&action=dup"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a> + <?php else: ?> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> </td> </tr> <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> @@ -354,8 +379,16 @@ include_once("head.inc"); <?php else: ?> <?php endif; ?> </td> - <td class="list" valign="middle" nowrap> - <?php if ($nnats == 0): ?> + <td class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" @@ -371,6 +404,7 @@ include_once("head.inc"); <td> </td> <td colspan="6"> <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="0"> + <tbody> <tr> <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> <?php echo gettext("This is the ") . "<strong>" . gettext("Suricata Menu ") . @@ -423,14 +457,17 @@ include_once("head.inc"); delete an interface and settings. </td> </tr> + </tbody> </table> </td> <td> </td> </tr> + </tbody> </table> </div> </td> </tr> +</tbody> </table> </form> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 3b61755c..13526031 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -59,12 +59,21 @@ if (isset($_POST['id']) && is_numericint($_POST['id'])) elseif (isset($_GET['id']) && is_numericint($_GET['id'])); $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); -if (is_null($id)) - $id = 0; +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +if (isset($_POST['action'])) + $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); +elseif (isset($_GET['action'])) + $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401); +else + $action = ""; $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { - /* Adding new interface, so flag rules to build. */ + /* Adding new interface, so generate a new UUID and flag rules to build. */ $pconfig['uuid'] = suricata_generate_id(); $rebuild_rules = true; } @@ -80,14 +89,15 @@ $interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { + /* old options */ $pconfig = $a_rule[$id]; if (!empty($pconfig['configpassthru'])) $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $suricata_uuid; } +// Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { - // Must be a new interface, so try to pick next available physical interface to use $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) @@ -123,55 +133,109 @@ if (empty($pconfig['enable_http_log'])) $pconfig['enable_http_log'] = "on"; if (empty($pconfig['append_http_log'])) $pconfig['append_http_log'] = "on"; -if (empty($pconfig['enable_tls_log'])) - $pconfig['enable_tls_log'] = "off"; +if (empty($pconfig['http_log_extended'])) + $pconfig['http_log_extended'] = "on"; if (empty($pconfig['tls_log_extended'])) $pconfig['tls_log_extended'] = "on"; -if (empty($pconfig['enable_stats_log'])) - $pconfig['enable_stats_log'] = "off"; if (empty($pconfig['stats_upd_interval'])) $pconfig['stats_upd_interval'] = "10"; -if (empty($pconfig['append_stats_log'])) - $pconfig['append_stats_log'] = "off"; +if (empty($pconfig['append_dns_log'])) + $pconfig['append_dns_log'] = "on"; if (empty($pconfig['append_json_file_log'])) $pconfig['append_json_file_log'] = "on"; -if (empty($pconfig['enable_pcap_log'])) - $pconfig['enable_pcap_log'] = "off"; if (empty($pconfig['max_pcap_log_size'])) $pconfig['max_pcap_log_size'] = "32"; if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; +if (empty($pconfig['alertsystemlog_facility'])) + $pconfig['alertsystemlog_facility'] = "local1"; +if (empty($pconfig['alertsystemlog_priority'])) + $pconfig['alertsystemlog_priority'] = "notice"; +if (empty($pconfig['eve_output_type'])) + $pconfig['eve_output_type'] = "file"; +if (empty($pconfig['eve_systemlog_facility'])) + $pconfig['eve_systemlog_facility'] = "local1"; +if (empty($pconfig['eve_systemlog_priority'])) + $pconfig['eve_systemlog_priority'] = "notice"; +if (empty($pconfig['eve_log_alerts'])) + $pconfig['eve_log_alerts'] = "on"; +if (empty($pconfig['eve_log_http'])) + $pconfig['eve_log_http'] = "on"; +if (empty($pconfig['eve_log_dns'])) + $pconfig['eve_log_dns'] = "on"; +if (empty($pconfig['eve_log_tls'])) + $pconfig['eve_log_tls'] = "on"; +if (empty($pconfig['eve_log_files'])) + $pconfig['eve_log_files'] = "on"; +if (empty($pconfig['eve_log_ssh'])) + $pconfig['eve_log_ssh'] = "on"; +if (empty($pconfig['intf_promisc_mode'])) + $pconfig['intf_promisc_mode'] = "on"; -if ($_POST["save"]) { - // If the interface is not enabled, stop any running Suricata - // instance on it, save the new state and exit. - if (!isset($_POST['enable'])) { - if (isset($id) && $a_rule[$id]) { - $a_rule[$id]['enable'] = 'off'; - $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']); - $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']); - suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); - - // Save configuration changes - write_config(); - - // Update suricata.conf and suricata.sh files for this interface - sync_suricata_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /suricata/suricata_interfaces.php"); - exit; +// See if creating a new interface by duplicating an existing one +if (strcasecmp($action, 'dup') == 0) { + + // Try to pick the next available physical interface to use + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; + break; } } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = gettext("No more available interfaces to configure for Suricata!"); + $interfaces = array(); + $pconfig = array(); + } - // Validate inputs + // Set Home Net, External Net, Suppress List and Pass List to defaults + unset($pconfig['suppresslistname']); + unset($pconfig['passlistname']); + unset($pconfig['homelistname']); + unset($pconfig['externallistname']); +} + +if ($_POST["save"] && !$input_errors) { if (!isset($_POST['interface'])) $input_errors[] = gettext("Choosing an Interface is mandatory!"); + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); + break; + } + } + } + + // If Suricata is disabled on this interface, stop any running instance, + // save the change and exit. + if ($_POST['enable'] != 'on') { + $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off'; + suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); + write_config("Suricata pkg: disabled Suricata on " . convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface'])); + $rebuild_rules = false; + conf_mount_rw(); + sync_suricata_package_config(); + conf_mount_ro(); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } + + // Validate inputs if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval'])) $input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer."); @@ -187,16 +251,6 @@ if ($_POST["save"]) { if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); - /* See if assigned interface is already in use */ - if (isset($_POST['interface'])) { - foreach ($a_rule as $k => $v) { - if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { - $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); - break; - } - } - } - // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; @@ -213,6 +267,7 @@ if ($_POST["save"]) { if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } + if ($_POST['http_log_extended'] == "on") { $natent['http_log_extended'] = 'on'; }else{ $natent['http_log_extended'] = 'off'; } if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; } if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; } if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; } @@ -220,6 +275,7 @@ if ($_POST["save"]) { if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; } if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } + if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; } if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); @@ -233,11 +289,26 @@ if ($_POST["save"]) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility']; + if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority']; + if ($_POST['enable_dns_log'] == "on") { $natent['enable_dns_log'] = 'on'; }else{ $natent['enable_dns_log'] = 'off'; } + if ($_POST['append_dns_log'] == "on") { $natent['append_dns_log'] = 'on'; }else{ $natent['append_dns_log'] = 'off'; } + if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; } + if ($_POST['eve_output_type']) $natent['eve_output_type'] = $_POST['eve_output_type']; + if ($_POST['eve_systemlog_facility']) $natent['eve_systemlog_facility'] = $_POST['eve_systemlog_facility']; + if ($_POST['eve_systemlog_priority']) $natent['eve_systemlog_priority'] = $_POST['eve_systemlog_priority']; + if ($_POST['eve_log_alerts'] == "on") { $natent['eve_log_alerts'] = 'on'; }else{ $natent['eve_log_alerts'] = 'off'; } + if ($_POST['eve_log_http'] == "on") { $natent['eve_log_http'] = 'on'; }else{ $natent['eve_log_http'] = 'off'; } + if ($_POST['eve_log_dns'] == "on") { $natent['eve_log_dns'] = 'on'; }else{ $natent['eve_log_dns'] = 'off'; } + if ($_POST['eve_log_tls'] == "on") { $natent['eve_log_tls'] = 'on'; }else{ $natent['eve_log_tls'] = 'off'; } + if ($_POST['eve_log_files'] == "on") { $natent['eve_log_files'] = 'on'; }else{ $natent['eve_log_files'] = 'off'; } + if ($_POST['eve_log_ssh'] == "on") { $natent['eve_log_ssh'] = 'on'; }else{ $natent['eve_log_ssh'] = 'off'; } if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } - if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + if ($_POST['intf_promisc_mode'] == "on") { $natent['intf_promisc_mode'] = 'on'; }else{ $natent['intf_promisc_mode'] = 'off'; } + if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); - if (isset($id) && $a_rule[$id]) { + if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); @@ -247,13 +318,24 @@ if ($_POST["save"]) { } else $suricata_start = false; - exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']); + @rename("{$suricatalogdir}suricata_{$oif_real}{$a_rule[$id]['uuid']}", "{$suricatalogdir}suricata_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); - exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + @rename("{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$oif_real}", "{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; - } else { + } + elseif (strcasecmp($action, 'dup') == 0) { + // Duplicating an existing interface to a new interface, so set flag to build new rules + $rebuild_rules = true; + + // Duplicating an interface, so need to generate a new UUID for the cloned interface + $natent['uuid'] = suricata_generate_id(); + + // Add the new duplicated interface configuration to the [rule] array in config + $a_rule[] = $natent; + } + else { // Adding new interface, so set interface configuration parameter defaults $natent['ip_max_frags'] = "65535"; $natent['ip_frag_timeout'] = "60"; @@ -285,7 +367,6 @@ if ($_POST["save"]) { $natent['flow_icmp_emerg_established_timeout'] = '100'; $natent['stream_memcap'] = '33554432'; - $natent['stream_max_sessions'] = '262144'; $natent['stream_prealloc_sessions'] = '32768'; $natent['reassembly_memcap'] = '67108864'; $natent['reassembly_depth'] = '1048576'; @@ -294,8 +375,29 @@ if ($_POST["save"]) { $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; $natent['delayed_detect'] = 'off'; + $natent['intf_promisc_mode'] = 'on'; $natent['asn1_max_frames'] = '256'; + $natent['dns_global_memcap'] = "16777216"; + $natent['dns_state_memcap'] = "524288"; + $natent['dns_request_flood_limit'] = "500"; + $natent['http_parser_memcap'] = "67108864"; + $natent['dns_parser_udp'] = "yes"; + $natent['dns_parser_tcp'] = "yes"; + $natent['http_parser'] = "yes"; + $natent['tls_parser'] = "yes"; + $natent['smtp_parser'] = "yes"; + $natent['imap_parser'] = "detection-only"; + $natent['ssh_parser'] = "yes"; + $natent['ftp_parser'] = "yes"; + $natent['dcerpc_parser'] = "yes"; + $natent['smb_parser'] = "yes"; + $natent['msn_parser'] = "detection-only"; + + $natent['enable_iprep'] = "off"; + $natent['host_memcap'] = "16777216"; + $natent['host_hash_size'] = "4096"; + $natent['host_prealloc'] = "1000"; $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); if (!is_array($natent['host_os_policy']['item'])) @@ -304,13 +406,14 @@ if ($_POST["save"]) { $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", "request-body-limit" => 4096, "response-body-limit" => 4096, - "double-decode-path" => "no", "double-decode-query" => "no" ); + "double-decode-path" => "no", "double-decode-query" => "no", + "uri-include-all" => "no" ); if (!is_array($natent['libhtp_policy']['item'])) $natent['libhtp_policy']['item'] = array(); $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface - $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; + $natent['rulesets'] = "decoder-events.rules||dns-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; @@ -324,10 +427,12 @@ if ($_POST["save"]) { suricata_stop($natent, $if_real); // Save configuration changes - write_config(); + write_config("Suricata pkg: modified interface configuration for " . convert_friendly_interface_to_friendly_descr($natent['interface'])); // Update suricata.conf and suricata.sh files for this interface + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -358,19 +463,26 @@ if ($savemsg) { ?> <form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input name="action" type="hidden" value="<?=$action;?>"/> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -383,11 +495,13 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> @@ -423,9 +537,57 @@ if ($savemsg) { </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Log"); ?></td> - <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> - <?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" onclick="toggle_system_log();" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will send Alerts from this interface to the firewall's system log."); ?></td> </tr> + <tbody id="alertsystemlog_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_facility" id="alertsystemlog_facility" class="formselect"> + <?php + $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0", + "local1", "local2", "local3", "local4", "local5", "local6", "local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['alertsystemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Facility to use for reporting. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_priority" id="alertsystemlog_priority" class="formselect"> + <?php + $log_priority = array( "emerg", "crit", "alert", "err", "warning", "notice", "info" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['alertsystemlog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("notice") . "</strong>."; ?> + </td> + </tr> + </tbody> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNS Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_dns_log" type="checkbox" value="on" <?php if ($pconfig['enable_dns_log'] == "on") echo "checked"; ?> + onClick="toggle_dns_log();" id="enable_dns_log"/> + <?php echo gettext("Suricata will log DNS requests and replies for the interface. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> + </td> + </tr> + <tr id="dns_log_append_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Append DNS Log"); ?></td> + <td width="78%" class="vtable"><input name="append_dns_log" type="checkbox" value="on" <?php if ($pconfig['append_dns_log'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will append-to instead of clearing DNS log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td> <td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?> @@ -457,6 +619,11 @@ if ($savemsg) { <td width="78%" class="vtable"><input name="append_http_log" type="checkbox" value="on" <?php if ($pconfig['append_http_log'] == "on") echo "checked"; ?>/> <?php echo gettext("Suricata will append-to instead of clearing HTTP log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> </tr> + <tr id="http_log_extended_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Extended HTTP Info"); ?></td> + <td width="78%" class="vtable"><input name="http_log_extended" type="checkbox" value="on" <?php if ($pconfig['http_log_extended'] == "on") echo "checked"; ?>/> + <?php echo gettext("Suricata will log extended HTTP information. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable TLS Log"); ?></td> <td width="78%" class="vtable"><input name="enable_tls_log" type="checkbox" value="on" <?php if ($pconfig['enable_tls_log'] == "on") echo "checked"; ?> @@ -524,6 +691,99 @@ if ($savemsg) { <?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" . gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE JSON Log"); ?></td> + <td width="78%" class="vtable"><input name="enable_eve_log" id="enable_eve_log" type="checkbox" value="on" <?php if ($pconfig['enable_eve_log'] == "on") echo "checked"; ?> + onClick="toggle_eve_log()"/> + <?php echo gettext("Suricata will output selected info in JSON format to a single file or to syslog. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?> + <div id="file_eve_warning" style="display: none;"><br/><span class="red"><strong><?php echo gettext("Warning: ") . "</strong></span>" . + gettext("This can consume a significant amount of disk space when enabled!"); ?></div> + </td> + </tr> + <tbody id="eve_log_option_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Output Type"); ?></td> + <td width="78%" class="vtable"> + <select name="eve_output_type" class="formselect" id="eve_output_type" onChange="eveOutSelect();" > + <?php + foreach (array("file", "syslog") as $btype) { + if ($btype == $pconfig['eve_output_type']) + echo "<option value='{$btype}' selected>"; + else + echo "<option value='{$btype}'>"; + echo htmlspecialchars($btype) . '</option>'; + } + ?> + </select> + <?php echo gettext("Select EVE log output destination."); ?><br/> + <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing FILE is suggested, and it is the default value."); ?><br/> + </td> + </tr> + <tr id="eve_systemlog_facility_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Syslog Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="eve_systemlog_facility" id="eve_systemlog_facility" class="formselect"> + <?php + $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0", + "local1", "local2", "local3", "local4", "local5", "local6", "local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['eve_systemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Facility to use for reporting by EVE. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?> + </td> + </tr> + <tr id="eve_systemlog_priority_row"> + <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Syslog Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="eve_systemlog_priority" id="eve_systemlog_priority" class="formselect"> + <?php + $log_priority = array( "emerg", "crit", "alert", "err", "warning", "notice", "info" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['eve_systemlog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Priority (Level) to use for reporting by EVE. Default is ") . "<strong>" . gettext("notice") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Logged Info"); ?></td> + <td width="78%" class="vtable"><?php echo gettext("Choose the information to log via EVE JSON output. Default is ") . "<strong>" . gettext("All Checked") . "</strong>."; ?><br/> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tbody> + <tr> + <td class="vexpl"><input name="eve_log_alerts" id="eve_log_alerts" type="checkbox" value="on" + <?php if ($pconfig['eve_log_alerts'] == "on") echo "checked"; ?>/>Alerts + </td> + <td class="vexpl"><input name="eve_log_http" id="eve_log_http" type="checkbox" value="on" + <?php if ($pconfig['eve_log_http'] == "on") echo "checked"; ?>/>HTTP Traffic + </td> + <td class="vexpl"><input name="eve_log_dns" id="eve_log_dns" type="checkbox" value="on" + <?php if ($pconfig['eve_log_dns'] == "on") echo "checked"; ?>/>DNS Requests/Replies + </td> + </tr> + <tr> + <td class="vexpl"><input name="eve_log_tls" id="eve_log_tls" type="checkbox" value="on" onClick="toggle_eve_tls();" + <?php if ($pconfig['eve_log_tls'] == "on") echo "checked"; ?>/>TLS Handshakes + </td> + <td class="vexpl"><input name="eve_log_files" id="eve_log_files" type="checkbox" value="on" + <?php if ($pconfig['eve_log_files'] == "on") echo "checked"; ?>/>Tracked Files + </td> + <td class="vexpl"><input name="eve_log_ssh" id="eve_log_ssh" type="checkbox" value="on" + <?php if ($pconfig['eve_log_ssh'] == "on") echo "checked"; ?>/>SSH Handshakes + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> </tr> @@ -556,7 +816,7 @@ if ($savemsg) { ?> </select> <?php echo gettext("Select which IP extracted from the packet you wish to block."); ?><br/> - <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> + <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/> </td> </tr> <tr> @@ -595,8 +855,8 @@ if ($savemsg) { <td width="78%" class="vtable"> <select name="mpm_algo" class="formselect" id="mpm_algo"> <?php - $interfaces2 = array('ac' => 'AC', 'ac-gfbs' => 'AC-GFBS', 'ac-bs' => 'AC-BS', - 'b2g' => 'B2G', 'b3g' => 'B3G', 'wumanber' => 'WUMANBER'); + $interfaces2 = array('ac' => 'AC', 'ac-gfbs' => 'AC-GFBS', 'b2g' => 'B2G', + 'b2gc' => 'B2GC', 'b2gm' => 'B2GM', 'b3g' => 'B3G', 'wumanber' => 'WUMANBER'); foreach ($interfaces2 as $iface2 => $ifacename2): ?> <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['mpm_algo']) echo "selected"; ?>> @@ -643,6 +903,14 @@ if ($savemsg) { "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Promiscuous Mode"); ?></td> + <td width="78%" class="vtable"> + <input name="intf_promisc_mode" id="intf_promisc_mode" type="checkbox" value="on" + <?php if ($pconfig['intf_promisc_mode'] == "on") echo " checked"; ?>/> + <?php echo gettext("Suricata will place the monitored interface in promiscuous mode when checked. Default is ") . + "<strong>" . gettext("Checked") . "</strong>."; ?></td> + </tr> + <tr> <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td> </tr> <tr> @@ -651,9 +919,9 @@ if ($savemsg) { <select name="homelistname" class="formselect" id="homelistname"> <?php echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { + /* find Pass List names and filter by type */ + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['homelistname']) echo "<option value='$ilistname' selected>"; @@ -668,12 +936,13 @@ if ($savemsg) { onclick="viewList('<?=$id;?>','homelistname','homenet')" id="btnHomeNet" title="<?php echo gettext("Click to view currently selected Home Net contents"); ?>"/> <br/> - <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use."); ?></span> + <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use. Most users should choose 'default'."); ?></span> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default Home " . "Net adds only local networks, WAN IPs, Gateways, VPNs and VIPs."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Create an Alias to hold a list of " . - "friendly IPs that the firewall cannot see or to customize the default Home Net."); ?><br/> + "friendly IPs that the firewall cannot see or to customize the default Home Net. Assign the Alias to a Pass List, and " . + "then assign that Pass List to Home Net."); ?><br/> </td> </tr> <tr> @@ -682,9 +951,9 @@ if ($savemsg) { <select name="externallistname" class="formselect" id="externallistname"> <?php echo "<option value='default' >default</option>"; - /* find whitelist names and filter by type */ - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { + /* find Pass List names and filter by type */ + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['externallistname']) echo "<option value='$ilistname' selected>"; @@ -694,7 +963,11 @@ if ($savemsg) { } } ?> - </select> + </select> + <input type="button" class="formbtns" value="View List" + onclick="viewList('<?=$id;?>','externallistname','externalnet')" id="btnExternalNet" + title="<?php echo gettext("Click to view currently selected External Net contents"); ?>"/> + <br/> <?php echo gettext("Choose the External Net you want this interface " . "to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default " . @@ -724,7 +997,7 @@ if ($savemsg) { <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')" id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/> + <?php echo gettext("Choose the Pass List you want this interface to use. Addresses in a Pass List are never blocked."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> @@ -773,7 +1046,6 @@ if ($savemsg) { <tr> <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> - <input name="id" type="hidden" value="<?=$id;?>"/> </td> </tr> <tr> @@ -781,14 +1053,32 @@ if ($savemsg) { gettext("Please save your settings before you attempt to start Suricata."); ?> </td> </tr> +</tbody> </table> </div> </td></tr> +</tbody> </table> </form> <script language="JavaScript"> +function toggle_system_log() { + var endis = !(document.iform.alertsystemlog.checked); + if (endis) + document.getElementById("alertsystemlog_rows").style.display="none"; + else + document.getElementById("alertsystemlog_rows").style.display=""; +} + +function toggle_dns_log() { + var endis = !(document.iform.enable_dns_log.checked); + if (endis) + document.getElementById("dns_log_append_row").style.display="none"; + else + document.getElementById("dns_log_append_row").style.display="table-row"; +} + function enable_blockoffenders() { var endis = !(document.iform.blockoffenders.checked); document.iform.blockoffenderskill.disabled=endis; @@ -813,18 +1103,27 @@ function toggle_stats_log() { function toggle_http_log() { var endis = !(document.iform.enable_http_log.checked); - if (endis) + if (endis) { document.getElementById("http_log_append_row").style.display="none"; - else + document.getElementById("http_log_extended_row").style.display="none"; + } + else { document.getElementById("http_log_append_row").style.display="table-row"; + document.getElementById("http_log_extended_row").style.display="table-row"; + } } function toggle_tls_log() { var endis = !(document.iform.enable_tls_log.checked); if (endis) document.getElementById("tls_log_extended_row").style.display="none"; - else + else { document.getElementById("tls_log_extended_row").style.display="table-row"; + if (document.iform.enable_eve_log.checked && document.iform.eve_log_tls.checked) { + alert('Only one TLS log instance permitted...removing TLS log from EVE JSON output in order to enable standalone TLS logging.'); + document.iform.eve_log_tls.checked = false; + } + } } function toggle_json_file_log() { @@ -865,6 +1164,25 @@ function toggle_pcap_log() { } } +function toggle_eve_log() { + var endis = !(document.iform.enable_eve_log.checked); + if (endis) { + document.getElementById("eve_log_option_rows").style.display = "none"; + } + else { + document.getElementById("eve_log_option_rows").style.display = ""; + if (document.iform.enable_tls_log.checked) + document.iform.eve_log_tls.checked = false; + } +} + +function toggle_eve_tls() { + if (document.iform.enable_tls_log.checked) { + alert('Only one TLS log instance permitted...removing standalone TLS output in order to add EVE JSON TLS output.'); + document.iform.enable_tls_log.checked = false; + } +} + function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); // make sure a default answer is called if this is invoked. @@ -874,6 +1192,7 @@ function enable_change(enable_change) { document.iform.append_stats_log.disabled = endis; document.iform.enable_http_log.disabled = endis; document.iform.append_http_log.disabled = endis; + document.iform.http_log_extended.disabled = endis; document.iform.enable_tls_log.disabled = endis; document.iform.tls_log_extended.disabled = endis; document.iform.enable_json_file_log.disabled = endis; @@ -884,6 +1203,14 @@ function enable_change(enable_change) { document.iform.enable_pcap_log.disabled = endis; document.iform.max_pcap_log_size.disabled = endis; document.iform.max_pcap_log_files.disabled = endis; + document.iform.eve_output_type.disabled = endis; + document.iform.enable_eve_log.disabled = endis; + document.iform.eve_log_alerts.disabled = endis; + document.iform.eve_log_http.disabled = endis; + document.iform.eve_log_dns.disabled = endis; + document.iform.eve_log_tls.disabled = endis; + document.iform.eve_log_files.disabled = endis; + document.iform.eve_log_ssh.disabled = endis; document.iform.max_pending_packets.disabled = endis; document.iform.detect_eng_profile.disabled = endis; document.iform.mpm_algo.disabled = endis; @@ -901,8 +1228,9 @@ function enable_change(enable_change) { document.iform.btnHomeNet.disabled=endis; document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} document.iform.delayed_detect.disabled=endis; - + document.iform.delayed_detect.disabled=endis; + document.iform.intf_promisc_mode.disabled=endis; +} function wopen(url, name, w, h) { // Fudge factors for window decoration space. @@ -923,6 +1251,18 @@ function getSelectedValue(elemID) { return ctrl.options[ctrl.selectedIndex].value; } +function eveOutSelect() { + var ctrl = document.getElementById("eve_output_type"); + if (ctrl.options[ctrl.selectedIndex].value == 'syslog') { + document.getElementById("eve_systemlog_facility_row").style.display = "table-row"; + document.getElementById("eve_systemlog_priority_row").style.display = "table-row"; + } + else { + document.getElementById("eve_systemlog_facility_row").style.display = "none"; + document.getElementById("eve_systemlog_priority_row").style.display = "none"; + } +} + function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { elemType = "passlist"; @@ -935,12 +1275,16 @@ function viewList(id, elemID, elemType) { enable_change(false); //enable_blockoffenders(); +toggle_system_log(); +toggle_dns_log(); toggle_stats_log(); toggle_http_log(); toggle_tls_log(); toggle_json_file_log(); toggle_file_store(); toggle_pcap_log(); +toggle_eve_log(); +eveOutSelect(); </script> <?php include("fend.inc"); ?> diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php new file mode 100644 index 00000000..37decaad --- /dev/null +++ b/config/suricata/suricata_ip_list_mgmt.php @@ -0,0 +1,398 @@ +<?php +/* + * suricata_ip_list_mgmt.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $config, $g; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Hard-code the path where IP Lists are stored +// and disregard any user-supplied path element. +$iprep_path = SURICATA_IPREP_PATH; + +// Set default to not show IP List editor controls +$iplist_edit_style = "display: none;"; + +function suricata_is_iplist_active($iplist) { + + /*************************************************** + * This function checks all configured Suricata * + * interfaces to see if the passed IP List is used * + * as a whitelist or blacklist by an interface. * + * * + * Returns: TRUE if IP List is in use * + * FALSE if IP List is not in use * + ***************************************************/ + + global $g, $config; + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return FALSE; + + foreach ($config['installedpackages']['suricata']['rule'] as $rule) { + if (is_array($rule['iplist_files']['item'])) { + foreach ($rule['iplist_files']['item'] as $file) { + if ($file == $iplist) + return TRUE; + } + } + } + return FALSE; +} + +// If doing a postback, used typed values, else load from stored config +if (!empty($_POST)) { + $pconfig = $_POST; +} +else { + $pconfig['et_iqrisk_enable'] = $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable']; + $pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code']; +} + +// Validate IQRisk settings if enabled and saving them +if ($_POST['save']) { + if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) + $input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!"); + + if (!$input_errors) { + $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code']; + write_config("Suricata pkg: modified IP Lists settings."); + + /* Toggle cron task for ET IQRisk updates if setting was changed */ + if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); + } + elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) + install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); + + /* Peform a manual ET IQRisk file check/download */ + if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') + include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); + } +} + +if (isset($_POST['upload'])) { + if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { + $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; + $name = $_FILES["iprep_fileup"]["name"]; + move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); + } + else + $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); +} + +if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) { + if (!suricata_is_iplist_active($_POST['iplist_fname'])) + unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}"); + else + $input_errors[] = gettext("This IP List is currently assigned to an interface and cannot be deleted until it is removed from the configured interface."); +} + +if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) { + $file = $iprep_path . basename($_POST['iplist_fname']); + $data = file_get_contents($file); + if ($data !== FALSE) { + $iplist_data = htmlspecialchars($data); + $iplist_edit_style = "display: table-row-group;"; + $iplist_name = basename($_POST['iplist_fname']); + unset($data); + } + else { + $input_errors[] = gettext("An error occurred reading the file."); + } +} + +if (isset($_POST['iplist_edit_save']) && isset($_POST['iplist_data'])) { + if (strlen(basename($_POST['iplist_name'])) > 0) { + $file = $iprep_path . basename($_POST['iplist_name']); + $data = str_replace("\r\n", "\n", $_POST['iplist_data']); + file_put_contents($file, $data); + unset($data); + } + else { + $input_errors[] = gettext("You must provide a valid filename for the IP List."); + $iplist_edit_style = "display: table-row-group;"; + } +} + +// Get all files in the IP Lists sub-directory as an array +// Leave this as the last thing before spewing the page HTML +// so we can pick up any changes made to files in code above. +$ipfiles = return_dir_as_array($iprep_path); + +$pgtitle = gettext("Suricata: IP Reputation Lists"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); +if ($input_errors) { + print_input_errors($input_errors); +} + +if ($savemsg) + print_info_box($savemsg); +?> + +<form action="/suricata/suricata_ip_list_mgmt.php" enctype="multipart/form-data" method="post" name="iform" id="iform"> +<input type="hidden" name="MAX_FILE_SIZE" value="100000000" /> +<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), true, "/suricata/suricata_ip_list_mgmt.php"); + display_top_tabs($tab_array, true); +?> +</td> +</tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <?php if ($g['platform'] == "nanobsd") : ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td> + </tr> + <?php else: ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Emerging Threats IQRisk Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top"><?php echo gettext("Enable"); ?></td> + <td width="78%"> + <input id="et_iqrisk_enable" name="et_iqrisk_enable" type="checkbox" value="on" <?php if ($pconfig['et_iqrisk_enable'] == "on") echo "checked"; ?> onclick="IQRisk_enablechange();"/> + <?php echo gettext("Checking this box enables auto-download of IQRisk List updates with a valid subscription code."); ?> + </td> + </tr> + <tr> + <td width="22%"></td> + <td width="78%"> + <table id="iqrisk_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> + <tr> + <td colspan="2" class="vexpl"><?=gettext("IQRisk IP lists will auto-update nightly at midnight. Visit ") . + "<a href='http://emergingthreats.net/products/iqrisk-rep-list/' target='_blank'>" . gettext("http://emergingthreats.net/products/iqrisk-rep-list/") . "</a>" . + gettext(" for more information or to purchase a subscription.");?><br/><br/></td> + </tr> + <tr> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("IQRisk Subscription Configuration"); ?></span></b></td> + </tr> + <tr> + <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td><input name="iqrisk_code" type="text" class="formfld unknown" id="iqrisk_code" size="52" + value="<?=htmlspecialchars($pconfig['iqrisk_code']);?>"/><br/> + <?php echo gettext("Obtain an Emerging Threats IQRisk List subscription code and paste it here."); ?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" align="center"><input name="save" id="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IQRisk settings");?>"/></td> + </tr> + <tr> + <td colspan="2" class="vtable"></td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?=gettext("IP Reputation List Files Management");?> + </td> + </tr> + <tbody id="uploader" style="display: none;"> + <tr> + <td colspan="2" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> + </tr> + <tr> + <td colspan="2" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" /> + <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" + title="<?=gettext("Upload selected IP list to firewall");?>"/> <input type="button" + value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /></td> + </tr> + </tbody> + <tr> + <td colspan="2"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col style="width: 50%;"> + <col style="width: 25%;"> + <col style="width: 15%;"> + <col style="width: 10%;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th> + <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th> + <th class="listhdrr"><?php echo gettext("File Size"); ?></th> + <th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Create a new IP List');?>" + onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" /> + <img style="cursor:pointer;" name="iplist_import" id="iplist_import" + onClick="document.getElementById('uploader').style.display='table-row-group';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th> + </tr> + </thead> + <?php foreach ($ipfiles as $file): + if (substr(strrchr($file, "."), 1) == "md5") + continue; ?> + <tr> + <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td> + <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td> + <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" + onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" + height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/> + <input type="image" name="iplist_delete[]" id="iplist_delete[]" + onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; + return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" + height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> + </tr> + <?php endforeach; ?> + <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>"> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" /> + <input type="submit" id="iplist_edit_save" name="iplist_edit_save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" /> + <input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';" + title="<?=gettext("Abandon changes and quit editor");?>" /></td> + </tr> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data" + style="width:95%; height:100%;"><?=$iplist_data;?></textarea> + </td> + </tr> + </tbody> + <tbody> + <tr> + <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <br/><?php echo gettext("1. A Categories file is required and contains CSV fields for Category Number, Short Name " . + "and Description per line."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><?php echo gettext("2. IP Lists are CSV format text files " . + "with an IP address, category code and reputation score per line."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><?php echo gettext("3. IP Lists are stored as local files " . + "on the firewall and their contents are not saved as part of the firewall configuration file."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><?php echo gettext("4. Visit ") . + "<a href='https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat' target='_blank'>" . + gettext("https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat") . "</a>" . + gettext(" for IP Reputation file formats."); ?><br/></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the editor window to create a new IP List. You must provide a valid filename before saving.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" /> + <?=gettext("Deletes the IP List from the file system after confirmation.");?></td> + <td class="list"></td> + </tr> + </tbody> + </table> + </td> + </tr> + <?php endif; ?> + </tbody> + </table> + </div> + </td> +</tr> +</tbody> +</table> +</form> +<?php include("fend.inc"); ?> + +<script language="JavaScript"> +<!-- + +function IQRisk_enablechange() { + var endis = !(document.iform.et_iqrisk_enable.checked); + if (endis) + document.getElementById("iqrisk_code_tbl").style.display = "none"; + else + document.getElementById("iqrisk_code_tbl").style.display = "table"; +} + +// Initialize the form controls state based on saved settings +IQRisk_enablechange(); + +//--> +</script> +</body> +</html> diff --git a/config/suricata/suricata_ip_reputation.php b/config/suricata/suricata_ip_reputation.php new file mode 100644 index 00000000..4615923a --- /dev/null +++ b/config/suricata/suricata_ip_reputation.php @@ -0,0 +1,482 @@ +<?php +/* + * suricata_ip_reputation.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $rebuild_rules; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata']['rule'])) { + $config['installedpackages']['suricata']['rule'] = array(); +} +if (!is_array($config['installedpackages']['suricata']['rule'][$id]['iplist_files']['item'])) { + $config['installedpackages']['suricata']['rule'][$id]['iplist_files']['item'] = array(); +} + +$a_nat = &$config['installedpackages']['suricata']['rule']; + +// If doing a postback, used typed values, else load from stored config +if (!empty($_POST)) { + $pconfig = $_POST; +} +else { + $pconfig = $a_nat[$id]; +} + +$iprep_path = SURICATA_IPREP_PATH; +$if_real = get_real_interface($a_nat[$id]['interface']); +$suricata_uuid = $config['installedpackages']['suricata']['rule'][$id]['uuid']; + +if ($_POST['mode'] == 'iprep_catlist_add' && isset($_POST['iplist'])) { + $pconfig = $_POST; + + // Test the supplied IP List file to see if it exists + if (file_exists($_POST['iplist'])) { + if (!$input_errors) { + $a_nat[$id]['iprep_catlist'] = basename($_POST['iplist']); + write_config("Suricata pkg: added new IP Rep Categories file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('suricata_iprep'); + } + } + else + $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist']; + $pconfig['iplist_files'] = $a_nat[$id]['iplist_files']; +} + +if ($_POST['mode'] == 'iplist_add' && isset($_POST['iplist'])) { + $pconfig = $_POST; + + // Test the supplied IP List file to see if it exists + if (file_exists($_POST['iplist'])) { + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['iplist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['iplist_files']['item'][] = basename($_POST['iplist']); + write_config("Suricata pkg: added new whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('suricata_iprep'); + } + } + else + $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist']; + $pconfig['iplist_files'] = $a_nat[$id]['iplist_files']; +} + +if ($_POST['iprep_catlist_del']) { + $pconfig = $_POST; + unset($a_nat[$id]['iprep_catlist']); + write_config("Suricata pkg: deleted blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('suricata_iprep'); + $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist']; + $pconfig['iplist_files'] = $a_nat[$id]['iplist_files']; +} + +if ($_POST['iplist_del'] && is_numericint($_POST['list_id'])) { + $pconfig = $_POST; + unset($a_nat[$id]['iplist_files']['item'][$_POST['list_id']]); + write_config("Suricata pkg: deleted whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('suricata_iprep'); + $pconfig['iplist_files'] = $a_nat[$id]['iplist_files']; + $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist']; +} + +if ($_POST['save'] || $_POST['apply']) { + + $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist']; + $pconfig['iplist_files'] = $a_nat[$id]['iplist_files']; + + // Validate HOST TABLE values + if ($_POST['host_memcap'] < 1000000 || !is_numericint($_POST['host_memcap'])) + $input_errors[] = gettext("The value for 'Host Memcap' must be a numeric integer greater than 1MB (1,048,576!"); + if ($_POST['host_hash_size'] < 1024 || !is_numericint($_POST['host_hash_size'])) + $input_errors[] = gettext("The value for 'Host Hash Size' must be a numeric integer greater than 1024!"); + if ($_POST['host_prealloc'] < 10 || !is_numericint($_POST['host_prealloc'])) + $input_errors[] = gettext("The value for 'Host Preallocations' must be a numeric integer greater than 10!"); + + // Validate CATEGORIES FILE + if ($_POST['enable_iprep'] == 'on') { + if (empty($a_nat[$id]['iprep_catlist'])) + $input_errors[] = gettext("Assignment of a 'Categories File' is required when IP Reputation is enabled!"); + } + + // If no errors write to conf + if (!$input_errors) { + + $a_nat[$id]['enable_iprep'] = $_POST['enable_iprep'] ? 'on' : 'off'; + $a_nat[$id]['host_memcap'] = str_replace(",", "", $_POST['host_memcap']); + $a_nat[$id]['host_hash_size'] = str_replace(",", "", $_POST['host_hash_size']); + $a_nat[$id]['host_prealloc'] = str_replace(",", "", $_POST['host_prealloc']); + + write_config("Suricata pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}."); + + // Update the suricata conf file for this interface + $rebuild_rules = false; + conf_mount_rw(); + suricata_generate_yaml($a_nat[$id]); + conf_mount_ro(); + + // Soft-restart Suricata to live-load new variables + suricata_reload_config($a_nat[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('suricata_iprep'); + } +} + +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); +$pgtitle = gettext("Suricata: Interface {$if_friendly} IP Reputation Preprocessor"); +include_once("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include("fbegin.inc"); +/* Display Alert message */ +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); +?> + +<form action="suricata_ip_reputation.php" method="post" name="iform" id="iform" > +<input name="id" type="hidden" value="<?=$id;?>" /> +<input type="hidden" id="mode" name="mode" value="" /> +<input name="iplist" id="iplist" type="hidden" value="" /> +<input name="list_id" id="list_id" type="hidden" value="" /> + +<?php if (is_subsystem_dirty('suricata_iprep') && !$input_errors): ?><p> +<?php print_info_box_np(gettext("A change has been made to IP List file assignments.") . "<br/>" . gettext("You must apply the change in order for it to take effect."));?> +<?php endif; ?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); + display_top_tabs($tab_array, true); + echo '</td></tr>'; + echo '<tr><td class="tabnavtbl">'; + $tab_array = array(); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/suricata/suricata_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); + ?> + </td> + </tr> + <tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <?php if ($g['platform'] == "nanobsd") : ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("IP Reputation is not supported on NanoBSD installs"); ?></td> + </tr> + <?php else: ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Configuration"); ?></td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?> + </td> + <td width="78%" class="vtable"><input name="enable_iprep" type="checkbox" value="on" <?php if ($pconfig['enable_iprep'] == "on") echo "checked"; ?>/> + <?php echo gettext("Use IP Reputation Lists on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Memcap"); ?></td> + <td width="78%" class="vtable"><input name="host_memcap" type="text" + class="formfld unknown" id="host_memcap" size="8" value="<?=htmlspecialchars($pconfig['host_memcap']); ?>"/> + <?php echo gettext("Host table memory cap in bytes. Default is ") . "<strong>" . + gettext("16777216") . "</strong>" . gettext(" (16 MB). Min value is 1048576 (1 MB)."); ?><br/><br/><?php echo gettext("When using large IP Reputation Lists, this value may need to be increased " . + "to avoid exhausting Host Table memory.") ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Hash Size"); ?></td> + <td width="78%" class="vtable"><input name="host_hash_size" type="text" + class="formfld unknown" id="host_hash_size" size="8" value="<?=htmlspecialchars($pconfig['host_hash_size']); ?>"/> + <?php echo gettext("Host Hash Size in bytes. Default is ") . "<strong>" . + gettext("4096") . "</strong>" . gettext(". Min value is 1024."); ?><br/><br/><?php echo gettext("When using large IP Reputation Lists, this value may need to be increased."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Preallocations"); ?></td> + <td width="78%" class="vtable"><input name="host_prealloc" type="text" + class="formfld unknown" id="host_prealloc" size="8" value="<?=htmlspecialchars($pconfig['host_prealloc']); ?>"/> + <?php echo gettext("Number of Host Table entries to preallocate. Default is ") . "<strong>" . + gettext("1000") . "</strong>" . gettext(". Min value is 10."); ?><br/><br/><?php echo gettext("Increasing this value may slightly improve performance when using large IP Reputation Lists."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" /> + <?=gettext("Click to save configuration settings and live-reload the running Suricata configuration.");?> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Categories File"); ?></td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("Categories File"); ?> + </td> + <td width="78%" class="vtable"> + <!-- iprep_catlist_chooser --> + <div id="iprep_catlistChooser" name="iprep_catlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col style="text-align:left;"> + <col style="width: 30%; text-align:left;"> + <col style="width: 17px;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("Categories Filename"); ?></th> + <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th> + <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="iprep_catlist_add" id="iprep_catlist_add" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Assign a Categories file');?>"/></th> + </tr> + </thead> + <tbody> + <?php if (!empty($pconfig['iprep_catlist'])) : + $class = "listr"; + if (!file_exists("{$iprep_path}{$pconfig['iprep_catlist']}")) { + $filedate = gettext("Unknown -- file missing"); + $class .= " red"; + } + else + $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$pconfig['iprep_catlist']}")); + ?> + <tr> + <td class="<?=$class;?>"><?=htmlspecialchars($pconfig['iprep_catlist']);?></td> + <td class="<?=$class;?>" align="center"><?=$filedate;?></td> + <td class="list"><input type="image" name="iprep_catlist_del[]" id="iprep_catlist_del[]" onClick="document.getElementById('list_id').value='0';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" + border="0" title="<?php echo gettext('Remove this Categories file');?>"/></td> + </tr> + <?php endif; ?> + <tr> + <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span> + <?=gettext("change to Categories File assignment is immediately saved.");?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign IP Reputation Lists"); ?></td> + </tr> + <tr> + <td width="22%" valign='top' class='vncell'><?php echo gettext("IP Reputation Files"); ?> + </td> + <td width="78%" class="vtable"> + <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <!-- iplist_chooser --> + <div id="iplistChooser" name="iplistChooser" style="display:none; border:1px dashed gray; width:98%;"></div> + <colgroup> + <col style="text-align:left;"> + <col style="width: 30%; text-align:left;"> + <col style="width: 17px;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("IP Reputation List Filename"); ?></th> + <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th> + <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="iplist_add" id="iplist_add" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" + border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th> + </tr> + </thead> + <tbody> + <?php foreach($pconfig['iplist_files']['item'] as $k => $f): + $class = "listr"; + if (!file_exists("{$iprep_path}{$f}")) { + $filedate = gettext("Unknown -- file missing"); + $class .= " red"; + } + else + $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}")); + ?> + <tr> + <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td> + <td class="<?=$class;?>" align="center"><?=$filedate;?></td> + <td class="list"><input type="image" name="iplist_del[]" id="iplist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" + border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td> + </tr> + <?php endforeach; ?> + <tr> + <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span> + <?=gettext("changes to IP Reputation List assignments are immediately saved.");?></td> + </tr> + </tbody> + </table> + </td> + </tr> + <?php endif; ?> + </tbody> + </table> + </div> + </td> + </tr> + </tbody> +</table> + +<?php if ($g['platform'] != "nanobsd") : ?> +<script type="text/javascript"> +Event.observe( + window, "load", + function() { + Event.observe( + "iprep_catlist_add", "click", + function() { + Effect.Appear("iprep_catlistChooser", { duration: 0.25 }); + iprep_catlistChoose(); + } + ); + + Event.observe( + "iplist_add", "click", + function() { + Effect.Appear("iplistChooser", { duration: 0.25 }); + iplistChoose(); + } + ); + } +); + +function iprep_catlistChoose() { + Effect.Appear("iprep_catlistChooser", { duration: 0.25 }); + if($("fbCurrentDir")) + $("fbCurrentDir").innerHTML = "Loading ..."; + + new Ajax.Request( + "/suricata/suricata_iprep_list_browser.php?container=iprep_catlistChooser&target=iplist&val=" + new Date().getTime(), + { method: "get", onComplete: iprep_catlistComplete } + ); +} + +function iplistChoose() { + Effect.Appear("iplistChooser", { duration: 0.25 }); + if($("fbCurrentDir")) + $("fbCurrentDir").innerHTML = "Loading ..."; + + new Ajax.Request( + "/suricata/suricata_iprep_list_browser.php?container=iplistChooser&target=iplist&val=" + new Date().getTime(), + { method: "get", onComplete: iplistComplete } + ); +} + +function iprep_catlistComplete(req) { + $("iprep_catlistChooser").innerHTML = req.responseText; + + var actions = { + fbClose: function() { $("iprep_catlistChooser").hide(); }, + fbFile: function() { $("iplist").value = this.id; + $("mode").value = 'iprep_catlist_add'; + document.getElementById('iform').submit(); + } + } + + for(var type in actions) { + var elem = $("iprep_catlistChooser"); + var list = elem.getElementsByClassName(type); + for (var i=0; i<list.length; i++) { + Event.observe(list[i], "click", actions[type]); + list[i].style.cursor = "pointer"; + } + } +} + +function iplistComplete(req) { + $("iplistChooser").innerHTML = req.responseText; + + var actions = { + fbClose: function() { $("iplistChooser").hide(); }, + fbFile: function() { $("iplist").value = this.id; + $("mode").value = 'iplist_add'; + document.getElementById('iform').submit(); + } + } + + for(var type in actions) { + var elem = $("iplistChooser"); + var list = elem.getElementsByClassName(type); + for (var i=0; i<list.length; i++) { + Event.observe(list[i], "click", actions[type]); + list[i].style.cursor = "pointer"; + } + } +} + +</script> +<?php endif; ?> + +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_iprep_list_browser.php b/config/suricata/suricata_iprep_list_browser.php new file mode 100644 index 00000000..9dd65311 --- /dev/null +++ b/config/suricata/suricata_iprep_list_browser.php @@ -0,0 +1,99 @@ +<?php + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +// Fetch a list of files inside a given directory +function get_content($dir) { + $files = array(); + + clearstatcache(); + $fd = @opendir($dir); + while($entry = @readdir($fd)) { + if($entry == ".") continue; + if($entry == "..") continue; + + if(is_dir("{$dir}/{$entry}")) + continue; + else + array_push($files, $entry); + } + @closedir($fd); + natsort($files); + return $files; +} + +$path = SURICATA_IPREP_PATH; +$container = htmlspecialchars($_GET['container']); +$target = htmlspecialchars($_GET['target']); + +// ----- header ----- +?> +<table width="100%"> + <tr> + <td width="25px" align="left"> + <img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" /> + </td> + <td><b><?=$path;?></b></td> + <td class="fbClose" align="right"> + <img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" /> + </td> + </tr> + <tr> + <td id="fbCurrentDir" colspan="3" class="vexpl" align="left"> + </td> + </tr> +<?php +$files = get_content($path); + +// ----- files ----- +foreach($files as $file): + $ext = strrchr($file, "."); + + if($ext == ".css" ) $type = "code"; + elseif($ext == ".html") $type = "code"; + elseif($ext == ".xml" ) $type = "code"; + elseif($ext == ".rrd" ) $type = "database"; + elseif($ext == ".gif" ) $type = "image"; + elseif($ext == ".jpg" ) $type = "image"; + elseif($ext == ".png" ) $type = "image"; + elseif($ext == ".js" ) $type = "js"; + elseif($ext == ".pdf" ) $type = "pdf"; + elseif($ext == ".inc" ) $type = "php"; + elseif($ext == ".php" ) $type = "php"; + elseif($ext == ".conf") $type = "system"; + elseif($ext == ".pid" ) $type = "system"; + elseif($ext == ".sh" ) $type = "system"; + elseif($ext == ".bz2" ) $type = "zip"; + elseif($ext == ".gz" ) $type = "zip"; + elseif($ext == ".tgz" ) $type = "zip"; + elseif($ext == ".zip" ) $type = "zip"; + else $type = "generic"; + + $fqpn = "{$path}/{$file}"; + + if(is_file($fqpn)) { + $fqpn = realpath($fqpn); + $size = sprintf("%.2f KiB", filesize($fqpn) / 1024); + } + else + $size = ""; +?> + <tr> + <td></td> + <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left"> + <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?> + <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();"> + <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title=""> + <?=$file;?> + </div> + </td> + <td align="right" class="vexpl"> + <?=$size;?> + </td> + </tr> +<?php +endforeach; +?> +</table> + diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index 7e6ffd6d..248f4c74 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -60,12 +60,14 @@ resp_body_limit --> Response Body Limit size enable_double_decode_path --> double-decode path part of URI enable_double_decode_query --> double-decode query string part of URI + enable_uri_include_all --> inspect all of URI save_libhtp_policy --> Submit button for save operation and exit cancel_libhtp_policy --> Submit button to cancel operation and exit **************************************************************************************/ ?> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based HTTP Server Policy Configuration"); ?></td> </tr> @@ -73,7 +75,7 @@ <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td> <td class="vtable"> <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" - value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>> + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == " default") echo " readonly";?>> <?php if (htmlspecialchars($pengcfg['name']) <> "default") echo gettext("Name or description for this engine. (Max 25 characters)"); else @@ -87,6 +89,7 @@ <td class="vtable"> <?php if ($pengcfg['name'] <> "default") : ?> <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"> @@ -97,6 +100,7 @@ <tr> <td class="vexpl" colspan="2"><?php echo gettext("This policy will apply for packets with destination addresses contained within this IP List.");?></td> </tr> + </tbody> </table> <br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?> <?php else : ?> @@ -112,7 +116,7 @@ <td width="78%" class="vtable"> <select name="personality" class="formselect" id="personality"> <?php - $profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' ); + $profile = array( 'Apache_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' ); foreach ($profile as $val): ?> <option value="<?=$val;?>" <?php if ($val == $pengcfg['personality']) echo "selected"; ?>> @@ -120,7 +124,7 @@ <?php endforeach; ?> </select> <?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") . "<strong>" . gettext("IDS") . "</strong>"; ?>.<br/><br/> - <?php echo gettext("Available web server personality targets are: Apache, Apache 2.2, Generic, IDS (default), IIS_4_0, IIS_5_0, IIS_5_1, IIS_6_0, IIS_7_0, IIS_7_5 and Minimal."); ?><br/> + <?php echo gettext("Available web server personality targets are: Apache 2, Generic, IDS (default), IIS_4_0, IIS_5_0, IIS_5_1, IIS_6_0, IIS_7_0, IIS_7_5 and Minimal."); ?><br/> </td> </tr> <tr> @@ -155,15 +159,22 @@ </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td> - <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo " checked"; ?>> <?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td> - <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo " checked"; ?>> <?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("URI Include-All"); ?></td> + <td width="78%" class="vtable"><input name="enable_uri_include_all" type="checkbox" value="yes" <?php if ($pengcfg['uri-include-all'] == "yes") echo " checked"; ?>> + <?php echo gettext("Include all parts of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?><br/><br/> + <?php echo gettext("By default the 'scheme', username/password, hostname and port are excluded from inspection. Enabling this option " . + "adds all of them to the normalized uri. This was the default in Suricata versions prior to 2.0."); ?></td> + </tr> + <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo @@ -172,6 +183,7 @@ <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo gettext("Cancel changes and return to App Parsers tab"); ?>"></td> </tr> + </tbody> </table> <script type="text/javascript" src="/javascript/autosuggest.js"> diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php index 722bf47a..ec335abd 100644 --- a/config/suricata/suricata_list_view.php +++ b/config/suricata/suricata_list_view.php @@ -42,7 +42,7 @@ $type = htmlspecialchars($_GET['type']); $title = "List"; if (isset($id) && isset($wlist)) { - $a_rule = $config['installedpackages']['suricataglobal']['rule'][$id]; + $a_rule = $config['installedpackages']['suricata']['rule'][$id]; if ($type == "homenet") { $list = suricata_build_list($a_rule, $wlist); $contents = implode("\n", $list); @@ -58,6 +58,20 @@ if (isset($id) && isset($wlist)) { $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); $title = "Suppress List"; } + elseif ($type == "externalnet") { + if ($wlist == "default") { + $list = suricata_build_list($a_rule, $a_rule['homelistname']); + $contents = ""; + foreach ($list as $ip) + $contents .= "!{$ip}\n"; + $contents = trim($contents, "\n"); + } + else { + $list = suricata_build_list($a_rule, $wlist, false, true); + $contents = implode("\n", $list); + } + $title = "EXTERNAL_NET"; + } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); } diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index 04edf373..320ba23f 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -55,21 +55,22 @@ $suricata_uuid = $a_instance[$instanceid]['uuid']; $if_real = get_real_interface($a_instance[$instanceid]['interface']); // Construct a pointer to the instance's logging subdirectory -$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; +$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/"; -$logfile = $_POST['file']; +// Limit all file access to just the currently selected interface's logging subdirectory +$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file'])); if ($_POST['action'] == 'load') { - if(!is_file($_POST['file'])) { + if(!is_file($logfile)) { echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|"; } else { - $data = file_get_contents($_POST['file']); + $data = file_get_contents($logfile); if($data === false) { echo "|1|" . gettext("Failed to read log file") . ".|"; } else { $data = base64_encode($data); - echo "|0|{$_POST['file']}|{$data}|"; + echo "|0|{$logfile}|{$data}|"; } } exit; @@ -84,7 +85,6 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} if ($input_errors) { print_input_errors($input_errors); } @@ -94,21 +94,21 @@ if ($input_errors) { <script type="text/javascript"> function loadFile() { jQuery("#fileStatus").html("<?=gettext("Loading file"); ?> ..."); - jQuery("#fileStatusBox").show(500); - jQuery("#filePathBox").show(500); + jQuery("#fileStatusBox").show(250); + jQuery("#filePathBox").show(250); jQuery("#fbTarget").html(""); jQuery.ajax( "<?=$_SERVER['SCRIPT_NAME'];?>", { type: 'POST', - data: "action=load&file=" + jQuery("#logFile").val(), + data: "instance=" + jQuery("#instance").val() + "&action=load&file=" + jQuery("#logFile").val(), complete: loadComplete } ); } function loadComplete(req) { - jQuery("#fileContent").show(1000); + jQuery("#fileContent").show(250); var values = req.responseText.split("|"); values.shift(); values.pop(); @@ -117,14 +117,17 @@ if ($input_errors) { var fileContent = Base64.decode(values.join("|")); jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>."); jQuery("#fbTarget").html(file); + jQuery("#fileRefreshBtn").show(); + jQuery("#fileContent").prop("disabled", false); jQuery("#fileContent").val(fileContent); } else { jQuery("#fileStatus").html(values[0]); jQuery("#fbTarget").html(""); + jQuery("#fileRefreshBtn").hide(); jQuery("#fileContent").val(""); + jQuery("#fileContent").prop("disabled", true); } - jQuery("#fileContent").show(1000); } </script> @@ -133,18 +136,22 @@ if ($input_errors) { <input type="hidden" id="instance" value="<?=$instanceid;?>"/> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), true, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> @@ -152,6 +159,7 @@ if ($input_errors) { <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Logs Browser Selections"); ?></td> </tr> @@ -175,12 +183,12 @@ if ($input_errors) { <td width="78%" class="vtable"> <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> <?php - $logs = array( "alerts.log", "block.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); + $logs = array( "alerts.log", "block.log", "dns.log", "eve.json", "files-json.log", "http.log", "sid_changes.log", "stats.log", "suricata.log", "tls.log" ); foreach ($logs as $log) { $selected = ""; if ($log == basename($logfile)) $selected = "selected"; - echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n"; + echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n"; } ?> </select> <?php echo gettext('Choose which log you want to view.'); ?> @@ -191,38 +199,55 @@ if ($input_errors) { </tr> <tr> <td colspan="2"> - <div style="display:none; " id="fileStatusBox"> - <div class="list" style="padding-left:15px;"> - <strong id="fileStatus"></strong> - </div> - </div> - <div style="padding-left:15px; display:none;" id="filePathBox"> - <strong><?=gettext("Log File Path"); ?>:</strong> - <div class="list" style="display:inline;" id="fbTarget"></div> - </div> + <table width="100%"> + <tbody> + <tr> + <td width="75%"> + <div style="display:none; " id="fileStatusBox"> + <div class="list" style="padding-left:15px;"> + <strong id="fileStatus"></strong> + </div> + </div> + <div style="padding-left:15px; display:none;" id="filePathBox"> + <strong><?=gettext("Log File Path"); ?>:</strong> + <div class="list" style="display:inline;" id="fbTarget"></div> + </div> + </td> + <td align="right"> + <div style="padding-right:15px; display:none;" id="fileRefreshBtn"> + <input type="button" name="refresh" id="refresh" value="Refresh" class="formbtn" onclick="loadFile();" title="<?=gettext("Refresh current display");?>" /> + </div> + </td> + </tr> + </tbody> + </table> </td> </tr> <tr> <td colspan="2"> <table width="100%"> + <tbody> <tr> <td valign="top" class="label"> <div style="background:#eeeeee;" id="fileOutput"> - <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off"></textarea> + <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off" disabled></textarea> </div> </td> </tr> + </tbody> </table> </td> </tr> + </tbody> </table> </div> </td> </tr> + </tbody> </table> </form> -<?php if(empty($logfile)): ?> +<?php if(empty($_POST['file'])): ?> <script type="text/javascript"> document.getElementById("logFile").selectedIndex=-1; </script> diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php index 16376c5b..aa353d6f 100644 --- a/config/suricata/suricata_logs_mgmt.php +++ b/config/suricata/suricata_logs_mgmt.php @@ -67,6 +67,12 @@ $pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config $pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; $pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; $pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention']; +$pconfig['dns_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['dns_log_limit_size']; +$pconfig['dns_log_retention'] = $config['installedpackages']['suricata']['config'][0]['dns_log_retention']; +$pconfig['eve_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size']; +$pconfig['eve_log_retention'] = $config['installedpackages']['suricata']['config'][0]['eve_log_retention']; +$pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size']; +$pconfig['sid_changes_log_retention'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention']; // Load up some arrays with selection values (we use these later). // The keys in the $retentions array are the retention period @@ -88,40 +94,99 @@ if (empty($pconfig['suricataloglimitsize'])) { } // Set default retention periods for rotated logs -if (empty($pconfig['alert_log_retention'])) +if (!isset($pconfig['alert_log_retention'])) $pconfig['alert_log_retention'] = "336"; -if (empty($pconfig['block_log_retention'])) +if (!isset($pconfig['block_log_retention'])) $pconfig['block_log_retention'] = "336"; -if (empty($pconfig['files_json_log_retention'])) +if (!isset($pconfig['files_json_log_retention'])) $pconfig['files_json_log_retention'] = "168"; -if (empty($pconfig['http_log_retention'])) +if (!isset($pconfig['http_log_retention'])) $pconfig['http_log_retention'] = "168"; -if (empty($pconfig['stats_log_retention'])) +if (!isset($pconfig['dns_log_retention'])) + $pconfig['dns_log_retention'] = "168"; +if (!isset($pconfig['stats_log_retention'])) $pconfig['stats_log_retention'] = "168"; -if (empty($pconfig['tls_log_retention'])) +if (!isset($pconfig['tls_log_retention'])) $pconfig['tls_log_retention'] = "336"; -if (empty($pconfig['u2_archive_log_retention'])) +if (!isset($pconfig['u2_archive_log_retention'])) $pconfig['u2_archive_log_retention'] = "168"; -if (empty($pconfig['file_store_retention'])) +if (!isset($pconfig['file_store_retention'])) $pconfig['file_store_retention'] = "168"; +if (!isset($pconfig['eve_log_retention'])) + $pconfig['eve_log_retention'] = "168"; +if (!isset($pconfig['sid_changes_log_retention'])) + $pconfig['sid_changes_log_retention'] = "336"; // Set default log file size limits -if (empty($pconfig['alert_log_limit_size'])) +if (!isset($pconfig['alert_log_limit_size'])) $pconfig['alert_log_limit_size'] = "500"; -if (empty($pconfig['block_log_limit_size'])) +if (!isset($pconfig['block_log_limit_size'])) $pconfig['block_log_limit_size'] = "500"; -if (empty($pconfig['files_json_log_limit_size'])) +if (!isset($pconfig['files_json_log_limit_size'])) $pconfig['files_json_log_limit_size'] = "1000"; -if (empty($pconfig['http_log_limit_size'])) +if (!isset($pconfig['http_log_limit_size'])) $pconfig['http_log_limit_size'] = "1000"; -if (empty($pconfig['stats_log_limit_size'])) +if (!isset($pconfig['dns_log_limit_size'])) + $pconfig['dns_log_limit_size'] = "750"; +if (!isset($pconfig['stats_log_limit_size'])) $pconfig['stats_log_limit_size'] = "500"; -if (empty($pconfig['tls_log_limit_size'])) +if (!isset($pconfig['tls_log_limit_size'])) $pconfig['tls_log_limit_size'] = "500"; -if (empty($pconfig['unified2_log_limit'])) +if (!isset($pconfig['unified2_log_limit'])) $pconfig['unified2_log_limit'] = "32"; +if (!isset($pconfig['eve_log_limit_size'])) + $pconfig['eve_log_limit_size'] = "5000"; +if (!isset($pconfig['sid_changes_log_limit_size'])) + $pconfig['sid_changes_log_limit_size'] = "250"; + +if ($_POST['ResetAll']) { + + // Reset all settings to their defaults + $pconfig['alert_log_retention'] = "336"; + $pconfig['block_log_retention'] = "336"; + $pconfig['files_json_log_retention'] = "168"; + $pconfig['http_log_retention'] = "168"; + $pconfig['dns_log_retention'] = "168"; + $pconfig['stats_log_retention'] = "168"; + $pconfig['tls_log_retention'] = "336"; + $pconfig['u2_archive_log_retention'] = "168"; + $pconfig['file_store_retention'] = "168"; + $pconfig['eve_log_retention'] = "168"; + $pconfig['sid_changes_log_retention'] = "336"; + + $pconfig['alert_log_limit_size'] = "500"; + $pconfig['block_log_limit_size'] = "500"; + $pconfig['files_json_log_limit_size'] = "1000"; + $pconfig['http_log_limit_size'] = "1000"; + $pconfig['dns_log_limit_size'] = "750"; + $pconfig['stats_log_limit_size'] = "500"; + $pconfig['tls_log_limit_size'] = "500"; + $pconfig['unified2_log_limit'] = "32"; + $pconfig['eve_log_limit_size'] = "5000"; + $pconfig['sid_changes_log_limit_size'] = "250"; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); +} + +if ($_POST["save"] || $_POST['apply']) { + if ($_POST['enable_log_mgmt'] != 'on') { + $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + write_config("Suricata pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); + sync_suricata_package_config(); + conf_mount_ro(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_logs_mgmt.php"); + exit; + } -if ($_POST["save"]) { if ($_POST['suricataloglimit'] == 'on') { if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1) $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); @@ -151,9 +216,17 @@ if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention']; + $config['installedpackages']['suricata']['config'][0]['dns_log_limit_size'] = $_POST['dns_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['dns_log_retention'] = $_POST['dns_log_retention']; + $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size'] = $_POST['eve_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['eve_log_retention'] = $_POST['eve_log_retention']; + $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'] = $_POST['sid_changes_log_retention']; - write_config(); + write_config("Suricata pkg: saved updated configuration for LOGS MGMT."); + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -179,23 +252,33 @@ include_once("fbegin.inc"); /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); - ?> <form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> + +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -267,7 +350,7 @@ if ($input_errors) <colgroup> <col style="width: 15%;"> <col style="width: 18%;"> - <col style="width: 20%;"> + <col style="width: 18%;"> <col> </colgroup> <thead> @@ -320,6 +403,46 @@ if ($input_errors) <td class="listbg"><?=gettext("Suricata blocked IPs and event details");?></td> </tr> <tr> + <td class="listbg">dns</td> + <td class="listr" align="center"><select name="dns_log_limit_size" class="formselect" id="dns_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['dns_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="dns_log_retention" class="formselect" id="dns_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['dns_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("DNS request/reply details");?></td> + </tr> + <tr> + <td class="listbg">eve-json</td> + <td class="listr" align="center"><select name="eve_log_limit_size" class="formselect" id="eve_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['eve_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="eve_log_retention" class="formselect" id="eve_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['eve_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Eve-JSON (JavaScript Object Notation) data");?></td> + </tr> + <tr> <td class="listbg">files-json</td> <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size"> <?php foreach ($log_sizes as $k => $l): ?> @@ -359,6 +482,28 @@ if ($input_errors) </td> <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td> </tr> + + <tr> + <td class="listbg">sid_changes</td> + <td class="listr" align="center"><select name="sid_changes_log_limit_size" class="formselect" id="sid_changes_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['sid_changes_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="sid_changes_log_retention" class="formselect" id="sid_changes_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['sid_changes_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Log of SID changes made by SID Mgmt conf files");?></td> + </tr> + <tr> <td class="listbg">stats</td> <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size"> @@ -444,7 +589,11 @@ if ($input_errors) </tr> <tr> <td width="22%"></td> - <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/> + <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/> + <input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo + gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" . + gettext("WARNING: This will reset ALL Log Management settings to their defaults. Click OK to continue or CANCEL to quit.") . + "');\""; ?>/><br/> <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> </tr> @@ -472,6 +621,12 @@ function enable_change() { document.iform.unified2_log_limit.disabled = endis; document.iform.u2_archive_log_retention.disabled = endis; document.iform.file_store_retention.disabled = endis; + document.iform.dns_log_retention.disabled = endis; + document.iform.dns_log_limit_size.disabled = endis; + document.iform.eve_log_retention.disabled = endis; + document.iform.eve_log_limit_size.disabled = endis; + document.iform.sid_changes_log_retention.disabled = endis; + document.iform.sid_changes_log_limit_size.disabled = endis; } function enable_change_dirSize() { diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php new file mode 100644 index 00000000..75e13315 --- /dev/null +++ b/config/suricata/suricata_migrate_config.php @@ -0,0 +1,387 @@ +<?php +/* + * suricata_migrate_config.php + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("config.inc"); +require_once("functions.inc"); + +/****************************************************************************/ +/* The code in this module is called once during the post-install process */ +/* via an "include" line. It is used to perform a one-time migration of */ +/* Suricata configuration parameters to any new format required by the */ +/* latest package version. */ +/****************************************************************************/ + +global $config; + +if (!is_array($config['installedpackages']['suricata'])) + $config['installedpackages']['suricata'] = array(); +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Just exit if this is a clean install with no saved settings +if (empty($config['installedpackages']['suricata']['rule'])) + return; + +$rule = &$config['installedpackages']['suricata']['rule']; + +/****************************************************************************/ +/* Loop through all the <rule> elements in the Suricata configuration and */ +/* migrate relevant parameters to the new format. */ +/****************************************************************************/ + +$updated_cfg = false; +log_error("[Suricata] Checking configuration settings version..."); + +// Check the configuration version to see if XMLRPC Sync should +// auto-disabled as part of the upgrade due to config format changes. +if ($config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] < 2 && + ($config['installedpackages']['suricatasync']['config'][0]['varsynconchanges'] == 'auto' || + $config['installedpackages']['suricatasync']['config'][0]['varsynconchanges'] == 'manual')) { + $config['installedpackages']['suricatasync']['config'][0]['varsynconchanges'] = "disabled"; + log_error("[Suricata] Turning off Suricata Sync on this host due to configuration format changes in this update. Upgrade all Suricata Sync targets to this same Suricata package version before re-enabling Suricata Sync."); + $updated_cfg = true; +} + +/**********************************************************/ +/* Create new Auto SID Mgmt settings if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['suricata']['config'][0]['auto_manage_sids'])) { + $config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] = "off"; + $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size'] = "250"; + $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'] = "336"; + $updated_cfg = true; +} + +/**********************************************************/ +/* Create new Auto GeoIP update setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'])) { + $config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] = "on"; + $updated_cfg = true; +} + +/**********************************************************/ +/* Create new ET IQRisk IP Reputation setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'])) { + $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = "off"; + $updated_cfg = true; +} + +// Now process the interface-specific settings +foreach ($rule as &$r) { + + // Initialize arrays for supported preprocessors if necessary + if (!is_array($r['libhtp_policy']['item'])) + $r['libhtp_policy']['item'] = array(); + + $pconfig = array(); + $pconfig = $r; + + /***********************************************************/ + /* This setting is deprecated in Suricata 2.0 and higher, */ + /* so remove it from the configuration. */ + /***********************************************************/ + if (isset($pconfig['stream_max_sessions'])) { + unset($pconfig['stream_max_sessions']); + $updated_cfg = true; + } + + /***********************************************************/ + /* HTTP server personalities for "Apache" and "Apache_2_2" */ + /* are deprecated and replaced with "Apache_2" in Suricata */ + /* versions greater than 2.0. */ + /***********************************************************/ + $http_serv = &$pconfig['libhtp_policy']['item']; + foreach ($http_serv as &$policy) { + if ($policy['personality'] == "Apache" || $policy['personality'] == "Apache_2_2") { + $policy['personality'] = "Apache_2"; + $updated_cfg = true; + } + // Set new URI inspect option for Suricata 2.0 and higher + if (!isset($policy['uri-include-all'])) { + $policy['uri-include-all'] = "no"; + $updated_cfg = true; + } + } + + /***********************************************************/ + /* Add the new 'dns-events.rules' file to the rulesets. */ + /***********************************************************/ + if (strpos($pconfig['rulesets'], "dns-events.rules") === FALSE) { + $pconfig['rulesets'] = rtrim($pconfig['rulesets'], "||") . "||dns-events.rules"; + $updated_cfg = true; + } + + /***********************************************************/ + /* Add new interface promisc mode value and default 'on'. */ + /***********************************************************/ + if (empty($pconfig['intf_promisc_mode'])) { + $pconfig['intf_promisc_mode'] = "on"; + $updated_cfg = true; + } + + /***********************************************************/ + /* Add new HTTP Log Extended Info setting if not present */ + /***********************************************************/ + if (!isset($pconfig['http_log_extended'])) { + $pconfig['http_log_extended'] = "on"; + $updated_cfg = true; + } + + /***********************************************************/ + /* Add new EVE logging settings if not present */ + /***********************************************************/ + if (!isset($pconfig['eve_output_type'])) { + $pconfig['eve_output_type'] = "file"; + $updated_cfg = true; + } + if (empty($pconfig['eve_systemlog_facility'])) { + $pconfig['eve_systemlog_facility'] = "local1"; + $updated_cfg = true; + } + if (empty($pconfig['eve_systemlog_priority'])) { + $pconfig['eve_systemlog_priority'] = "info"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_alerts'])) { + $pconfig['eve_log_alerts'] = "on"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_http'])) { + $pconfig['eve_log_http'] = "on"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_dns'])) { + $pconfig['eve_log_dns'] = "on"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_tls'])) { + $pconfig['eve_log_tls'] = "on"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_files'])) { + $pconfig['eve_log_files'] = "on"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_ssh'])) { + $pconfig['eve_log_ssh'] = "on"; + $updated_cfg = true; + } + + /******************************************************************/ + /* Create default log size and retention limits if not set */ + /******************************************************************/ + if (!isset($pconfig['alert_log_retention']) && $pconfig['alert_log_retention'] != '0') { + $pconfig['alert_log_retention'] = "336"; + $updated_cfg = true; + } + if (!isset($pconfig['alert_log_limit_size']) && $pconfig['alert_log_limit_size'] != '0') { + $pconfig['alert_log_limit_size'] = "500"; + $updated_cfg = true; + } + + if (!isset($pconfig['block_log_retention']) && $pconfig['block_log_retention'] != '0') { + $pconfig['block_log_retention'] = "336"; + $updated_cfg = true; + } + if (!isset($pconfig['block_log_limit_size']) && $pconfig['block_log_limit_size'] != '0') { + $pconfig['block_log_limit_size'] = "500"; + $updated_cfg = true; + } + + if (!isset($pconfig['dns_log_retention']) && $pconfig['dns_log_retention'] != '0') { + $pconfig['dns_log_retention'] = "168"; + $updated_cfg = true; + } + if (!isset($pconfig['dns_log_limit_size']) && $pconfig['dns_log_limit_size'] != '0') { + $pconfig['dns_log_limit_size'] = "750"; + $updated_cfg = true; + } + + if (!isset($pconfig['eve_log_retention']) && $pconfig['eve_log_retention'] != '0') { + $pconfig['eve_log_retention'] = "168"; + $updated_cfg = true; + } + if (!isset($pconfig['eve_log_limit_size']) && $pconfig['eve_log_limit_size'] != '0') { + $pconfig['eve_log_limit_size'] = "5000"; + $updated_cfg = true; + } + + if (!isset($pconfig['files_json_log_retention']) && $pconfig['files_json_log_retention'] != '0') { + $pconfig['files_json_log_retention'] = "168"; + $updated_cfg = true; + } + if (!isset($pconfig['files_json_log_limit_size']) && $pconfig['files_json_log_limit_size'] != '0') { + $pconfig['files_json_log_limit_size'] = "1000"; + $updated_cfg = true; + } + + if (!isset($pconfig['http_log_retention']) && $pconfig['http_log_retention'] != '0') { + $pconfig['http_log_retention'] = "168"; + $updated_cfg = true; + } + if (!isset($pconfig['http_log_limit_size']) && $pconfig['http_log_limit_size'] != '0') { + $pconfig['http_log_limit_size'] = "1000"; + $updated_cfg = true; + } + + if (!isset($pconfig['stats_log_retention']) && $pconfig['stats_log_retention'] != '0') { + $pconfig['stats_log_retention'] = "168"; + $updated_cfg = true; + } + if (!isset($pconfig['stats_log_limit_size']) && $pconfig['stats_log_limit_size'] != '0') { + $pconfig['stats_log_limit_size'] = "500"; + $updated_cfg = true; + } + + if (!isset($pconfig['tls_log_retention']) && $pconfig['tls_log_retention'] != '0') { + $pconfig['tls_log_retention'] = "336"; + $updated_cfg = true; + } + if (!isset($pconfig['tls_log_limit_size']) && $pconfig['tls_log_limit_size'] != '0') { + $pconfig['tls_log_limit_size'] = "500"; + $updated_cfg = true; + } + + if (!isset($pconfig['file_store_retention']) && $pconfig['file_store_retention'] != '0') { + $pconfig['file_store_retention'] = "168"; + $updated_cfg = true; + } + + if (!isset($pconfig['u2_archive_log_retention']) && $pconfig['u2_archive_log_retention'] != '0') { + $pconfig['u2_archive_log_retention'] = "168"; + $updated_cfg = true; + } + + /************************************************************/ + /* Create new DNS App-Layer parser settings if not set */ + /************************************************************/ + if (empty($pconfig['dns_global_memcap'])) { + $pconfig['dns_global_memcap'] = "16777216"; + $updated_cfg = true; + } + if (empty($pconfig['dns_state_memcap'])) { + $pconfig['dns_state_memcap'] = "524288"; + $updated_cfg = true; + } + if (empty($pconfig['dns_request_flood_limit'])) { + $pconfig['dns_request_flood_limit'] = "500"; + $updated_cfg = true; + } + if (empty($pconfig['dns_parser_udp'])) { + $pconfig['dns_parser_udp'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['dns_parser_tcp'])) { + $pconfig['dns_parser_tcp'] = "yes"; + $updated_cfg = true; + } + + /***********************************************************/ + /* Create new HTTP App-Layer parser settings if not set */ + /***********************************************************/ + if (empty($pconfig['http_parser'])) { + $pconfig['http_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['http_parser_memcap'])) { + $pconfig['http_parser_memcap'] = "67108864"; + $updated_cfg = true; + } + + /**********************************************************/ + /* Create other App-Layer parser settings if not set */ + /**********************************************************/ + if (empty($pconfig['tls_parser'])) { + $pconfig['tls_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['smtp_parser'])) { + $pconfig['smtp_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['imap_parser'])) { + $pconfig['imap_parser'] = "detection-only"; + $updated_cfg = true; + } + if (empty($pconfig['ssh_parser'])) { + $pconfig['ssh_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['ftp_parser'])) { + $pconfig['ftp_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['dcerpc_parser'])) { + $pconfig['dcerpc_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['smb_parser'])) { + $pconfig['smb_parser'] = "yes"; + $updated_cfg = true; + } + if (empty($pconfig['msn_parser'])) { + $pconfig['msn_parser'] = "detection-only"; + $updated_cfg = true; + } + + /**********************************************************/ + /* Create interface IP Reputation settings if not set */ + /**********************************************************/ + if (empty($pconfig['enable_iprep'])) { + $pconfig['enable_iprep'] = "off"; + $updated_cfg = true; + } + if (empty($pconfig['host_memcap'])) { + $pconfig['host_memcap'] = "16777216"; + $updated_cfg = true; + } + if (empty($pconfig['host_hash_size'])) { + $pconfig['host_hash_size'] = "4096"; + $updated_cfg = true; + } + if (empty($pconfig['host_prealloc'])) { + $pconfig['host_prealloc'] = "1000"; + $updated_cfg = true; + } + + // Save the new configuration data into the $config array pointer + $r = $pconfig; +} +// Release reference to final array element +unset($r); + +// Write out the new configuration to disk if we changed anything +if ($updated_cfg) + log_error("[Suricata] Settings successfully migrated to new configuration format..."); +else + log_error("[Suricata] Configuration version is current..."); + +?> diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index 869d940c..9a881f3d 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -62,6 +62,7 @@ ?> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td> </tr> @@ -69,7 +70,7 @@ <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td> <td class="vtable"> <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" - value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/> + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == " default") echo " readonly";?>/> <?php if (htmlspecialchars($pengcfg['name']) <> "default") echo gettext("Name or description for this engine. (Max 25 characters)"); else @@ -83,6 +84,7 @@ <td class="vtable"> <?php if ($pengcfg['name'] <> "default") : ?> <table width="95%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/> @@ -93,6 +95,7 @@ <tr> <td class="vexpl" colspan="2"><?php echo gettext("This policy will apply for packets with destination addresses contained within this IP List.");?></td> </tr> + </tbody> </table> <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?> @@ -129,6 +132,7 @@ <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td> </tr> + </tbody> </table> <script type="text/javascript" src="/javascript/autosuggest.js"> </script> diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php index fc7c60e2..af1c4ff5 100644 --- a/config/suricata/suricata_passlist.php +++ b/config/suricata/suricata_passlist.php @@ -87,7 +87,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) { if (!$input_errors) { unset($a_passlist[$_POST['list_id']]); write_config("Suricata pkg: deleted PASS LIST."); + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); header("Location: /suricata/suricata_passlist.php"); exit; } @@ -115,18 +117,22 @@ if ($savemsg) { <form action="/suricata/suricata_passlist.php" method="post"> <input type="hidden" name="list_id" id="list_id" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> @@ -134,6 +140,7 @@ if ($savemsg) { <tr> <td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td width="25%" class="listhdrr">List Name</td> <td width="30%" class="listhdrr">Assigned Alias</td> @@ -142,19 +149,19 @@ if ($savemsg) { </tr> <?php foreach ($a_passlist as $i => $list): ?> <tr> - <td class="listlr" + <td class="listlr" ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> <?=htmlspecialchars($list['name']);?></td> - <td class="listr" + <td class="listr" ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';" title="<?=filter_expand_alias($list['address']);?>"> <?php echo gettext($list['address']);?></td> - <td class="listbg" + <td class="listbg" ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> - <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> - </td> + <font color="#FFFFFF"><?=htmlspecialchars($list['descr']);?></font></td> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> + <tbody> <tr> <td valign="middle"><a href="suricata_passlist_edit.php?id=<?=$i;?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a> @@ -163,6 +170,7 @@ if ($savemsg) { src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/> </td> </tr> + </tbody> </table> </td> </tr> @@ -171,6 +179,7 @@ if ($savemsg) { <td class="list" colspan="3"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> + <tbody> <tr> <td valign="middle" width="17"> </td> <td valign="middle"><a href="suricata_passlist_edit.php?id=<?php echo $id_gen;?> "> @@ -178,27 +187,31 @@ if ($savemsg) { width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a> </td> </tr> + </tbody> </table> </td> </tr> + </tbody> </table> </div> </td> </tr> + </tbody> </table> <br> -<table width="100%" border="0" cellpadding="1" - cellspacing="1"> +<table width="100%" border="0" cellpadding="1" cellspacing="1"> + <tbody> <tr> - <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> - <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/> - <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/> - <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> - <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/> + <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/> + <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> </tr> <tr> - <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td> + <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td> </tr> + </tbody> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php index 35c7b66e..5bfeb8b9 100644 --- a/config/suricata/suricata_passlist_edit.php +++ b/config/suricata/suricata_passlist_edit.php @@ -63,15 +63,53 @@ if (is_null($id)) { exit; } +if (isset($id) && isset($a_passlist[$id])) { + /* Retrieve saved settings */ + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['name'] = htmlspecialchars($_GET['name']); + $pconfig['uuid'] = htmlspecialchars($_GET['uuid']); + $pconfig['address'] = htmlspecialchars($_GET['address']); + $pconfig['descr'] = htmlspecialchars($_GET['descr']); + $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; + $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; + $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; + $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; + $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; + $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no'; + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + /* If no entry for this passlist, then create a UUID and treat it like a new list */ -if (!isset($a_passlist[$id]['uuid'])) { +if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) { $passlist_uuid = 0; while ($passlist_uuid > 65535 || $passlist_uuid == 0) { $passlist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $passlist_uuid; $pconfig['name'] = "passlist_{$passlist_uuid}"; } -} else +} +elseif (!empty($pconfig['uuid'])) { + $passlist_uuid = $pconfig['uuid']; +} +else $passlist_uuid = $a_passlist[$id]['uuid']; /* returns true if $name is a valid name for a pass list file name or ip */ @@ -85,28 +123,6 @@ function is_validpasslistname($name) { return false; } -if (isset($id) && $a_passlist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_passlist[$id]['name']; - $pconfig['uuid'] = $a_passlist[$id]['uuid']; - $pconfig['detail'] = $a_passlist[$id]['detail']; - $pconfig['address'] = $a_passlist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); - $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; - $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; - $pconfig['vips'] = $a_passlist[$id]['vips']; - $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); -} - if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -114,7 +130,12 @@ if ($_POST['save']) { /* input validation */ $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultpasslist") $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); @@ -123,11 +144,11 @@ if ($_POST['save']) { $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_passlist as $w_list) { - if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + foreach ($a_passlist as $p_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list)) continue; - if ($w_list['name'] == $_POST['name']) { + if ($p_list['name'] == $_POST['name']) { $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } @@ -138,30 +159,32 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid alias must be provided"); if (!$input_errors) { - $w_list = array(); + $p_list = array(); /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $passlist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; + $p_list['name'] = $_POST['name']; + $p_list['uuid'] = $passlist_uuid; + $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + + $p_list['address'] = $_POST['address']; + $p_list['descr'] = mb_convert_encoding(str_replace("\r\n", "\n", $_POST['descr']),"HTML-ENTITIES","auto"); + $p_list['detail'] = $final_address_details; if (isset($id) && $a_passlist[$id]) - $a_passlist[$id] = $w_list; + $a_passlist[$id] = $p_list; else - $a_passlist[] = $w_list; + $a_passlist[] = $p_list; - write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + write_config("Suricata pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); header("Location: /suricata/suricata_passlist.php"); exit; @@ -188,24 +211,29 @@ if ($savemsg) <form action="suricata_passlist_edit.php" method="post" name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>" /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> </tr> <tr><td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " . "description of the file."); ?></td> @@ -281,8 +309,8 @@ if ($savemsg) </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" - title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> - <input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias");?>"/> </td> </tr> @@ -293,9 +321,10 @@ if ($savemsg) <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> </td> </tr> + </tbody> </table> </div> -</td></tr> +</td></tr></tbody> </table> </form> <script type="text/javascript"> @@ -321,6 +350,29 @@ function createAutoSuggest() { ?> } +function selectAlias() { + + var loc; + var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = '/suricata/suricata_select_alias.php?id=<?=$id;?>&act=import&type=host|network'; + loc = loc + '&varname=address&multi_ip=yes'; + loc = loc + '&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'; + loc = loc + '&uuid=<?=$passlist_uuid;?>'; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + setTimeout("createAutoSuggest();", 500); </script> diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index c44b392f..070cf095 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -48,10 +48,36 @@ require_once("config.inc"); require_once("functions.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include; +/**************************************** + * Define any new constants here that * + * may not be yet defined in the old * + * "suricata_defs.inc" include file * + * that might be cached and used by * + * the package manager installation * + * code. * + * * + * This is a hack to work around the * + * fact the old version of the inc file * + * is cached and used instead of the * + * updated version included with the * + * updated GUI package. * + ****************************************/ +if (!defined('SURICATA_PBI_BASEDIR')) + define('SURICATA_PBI_BASEDIR', '/usr/pbi/suricata-' . php_uname("m")); + +/**************************************** + * End of PHP caching workaround * + ****************************************/ + +// Initialize some common values from defined constants $suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; +$flowbit_rules_file = FLOWBITS_FILENAME; +$suricata_enforcing_rules_file = SURICATA_ENFORCING_RULES_FILENAME; $rcdir = RCFILEPREFIX; // Hard kill any running Suricata process that may have been started by any @@ -60,60 +86,131 @@ if(is_process_running("suricata")) { killbyname("suricata"); sleep(2); // Delete any leftover suricata PID files in /var/run - unlink_if_exists("/var/run/suricata_*.pid"); + unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { killbyname("barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - unlink_if_exists("/var/run/barnyard2_*.pid"); + unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); } // Set flag for post-install in progress $g['suricata_postinstall'] = true; +// Mount file system read/write so we can modify some files +conf_mount_rw(); + // Remove any previously installed script since we rebuild it -@unlink("{$rcdir}/suricata.sh"); +unlink_if_exists("{$rcdir}suricata.sh"); // Create the top-tier log directory safe_mkdir(SURICATALOGDIR); -// remake saved settings +// Create the IP Rep and SID Mods lists directory +safe_mkdir(SURICATA_SID_MODS_PATH); +safe_mkdir(SURICATA_IPREP_PATH); + +// Make sure config variable is an array +if (!is_array($config['installedpackages']['suricata']['config'][0])) + $config['installedpackages']['suricata']['config'][0] = array(); + +// Download the latest GeoIP DB updates and create cron task if the feature is not disabled +if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != 'off') { + log_error(gettext("[Suricata] Installing free GeoIP country database files...")); + include("/usr/local/pkg/suricata/suricata_geoipupdate.php"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root"); +} + +// Download the latest ET IQRisk updates and create cron task if the feature is not disabled +if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') { + log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List...")); + include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); +} + +// remake saved settings if previously flagged if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); + + /****************************************************************/ + /* Do test and fix for duplicate UUIDs if this install was */ + /* impacted by the DUP (clone) bug that generated a duplicate */ + /* UUID for the cloned interface. Also fix any duplicate */ + /* entries in ['rulesets'] for "dns-events.rules". */ + /****************************************************************/ + if (count($config['installedpackages']['suricata']['rule']) > 0) { + $uuids = array(); + $suriconf = &$config['installedpackages']['suricata']['rule']; + foreach ($suriconf as &$suricatacfg) { + // Remove any duplicate ruleset names from earlier bug + $rulesets = explode("||", $suricatacfg['rulesets']); + $suricatacfg['rulesets'] = implode("||", array_keys(array_flip($rulesets))); + + // Now check for and fix a duplicate UUID + $if_real = get_real_interface($suricatacfg['interface']); + if (!isset($uuids[$suricatacfg['uuid']])) { + $uuids[$suricatacfg['uuid']] = $if_real; + continue; + } + else { + // Found a duplicate UUID, so generate a + // new one for the affected interface. + $old_uuid = $suricatacfg['uuid']; + $new_uuid = suricata_generate_id(); + if (file_exists("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/")) + @rename("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/", "{$suricatalogdir}suricata_{$if_real}{$new_uuid}/"); + $suricatacfg['uuid'] = $new_uuid; + $uuids[$new_uuid] = $if_real; + log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); + } + } + unset($uuids, $rulesets); + } + /****************************************************************/ + /* End of duplicate UUID and "dns-events.rules" bug fix. */ + /****************************************************************/ + + /* Do one-time settings migration for new version configuration */ + update_output_window(gettext("Please wait... migrating settings to new configuration...")); + include('/usr/local/pkg/suricata/suricata_migrate_config.php'); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); log_error(gettext("[Suricata] Downloading and updating configured rule types...")); update_output_window(gettext("Please wait... downloading and updating configured rule types...")); if ($pkg_interface <> "console") $suricata_gui_include = true; - include('/usr/local/www/suricata/suricata_check_for_rule_updates.php'); + include('/usr/local/pkg/suricata/suricata_check_for_rule_updates.php'); update_status(gettext("Generating suricata.yaml configuration file from saved settings...")); $rebuild_rules = true; + conf_mount_rw(); // Create the suricata.yaml files for each enabled interface $suriconf = $config['installedpackages']['suricata']['rule']; - foreach ($suriconf as $value) { - $if_real = get_real_interface($value['interface']); - - // ## BETA pkg bug fix-up -- be sure default rules enabled ## - $rules = explode("||", $value['rulesets']); - foreach (array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ) as $r){ - if (!in_array($r, $rules)) - $rules[] = $r; - } - natcasesort($rules); - $value['rulesets'] = implode("||", $rules); - write_config(); - // ## end of BETA pkg bug fix-up ## + foreach ($suriconf as $suricatacfg) { + $if_real = get_real_interface($suricatacfg['interface']); + $suricata_uuid = $suricatacfg['uuid']; + $suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"; + update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...")); - // create a suricata.yaml file for interface - suricata_generate_yaml($value); + // Pull in the PHP code that generates the suricata.yaml file + // variables that will be substituted further down below. + include("/usr/local/pkg/suricata/suricata_generate_yaml.php"); + + // Pull in the boilerplate template for the suricata.yaml + // configuration file. The contents of the template along + // with substituted variables are stored in $suricata_conf_text + // (which is defined in the included file). + include("/usr/local/pkg/suricata/suricata_yaml_template.inc"); + + // Now write out the conf file using $suricata_conf_text contents + @file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text); + unset($suricata_conf_text); // create barnyard2.conf file for interface - if ($value['barnyard_enable'] == 'on') - suricata_generate_barnyard2_conf($value, $if_real); + if ($suricatacfg['barnyard_enable'] == 'on') + suricata_generate_barnyard2_conf($suricatacfg, $if_real); } // create Suricata bootup file suricata.sh @@ -124,32 +221,45 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); - // Add the recurring jobs created above to crontab - configure_cron(); - // Restore the Dashboard Widget if it was previously enabled and saved - if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence'])) - $config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget']; - if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets'])) - $config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']; + if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence'])) { + if (strpos($config['widgets']['sequence'], "suricata_alerts-container") === FALSE) + $config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget']; + } + if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets'])) { + if (empty($config['widgets']['widget_suricata_display_lines'])) + $config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']; + } $rebuild_rules = false; - update_output_window(gettext("Finished rebuilding Suricata configuration files...")); + if ($pkg_interface <> "console") + update_output_window(gettext("Finished rebuilding Suricata configuration files...")); log_error(gettext("[Suricata] Finished rebuilding installation from saved settings...")); // Only try to start Suricata if not in reboot if (!$g['booting']) { - update_status(gettext("Starting Suricata using rebuilt configuration...")); - update_output_window(gettext("Please wait... while Suricata is started...")); - log_error(gettext("[Suricata] Starting Suricata using rebuilt configuration...")); - start_service("suricata"); - update_output_window(gettext("Suricata has been started using the rebuilt configuration...")); + if ($pkg_interface <> "console") { + update_status(gettext("Starting Suricata using rebuilt configuration...")); + update_output_window(gettext("Please wait while Suricata is started...")); + mwexec("{$rcdir}suricata.sh start"); + update_output_window(gettext("Suricata has been started using the rebuilt configuration...")); + } + else + mwexec_bg("{$rcdir}suricata.sh start"); } } +// If this is first install and "forcekeepsettings" is empty, +// then default it to 'on'. +if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'])) + $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = 'on'; + +// Finished with file system mods, so remount it read-only +conf_mount_ro(); + // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1"; -write_config(); +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1.2"; +write_config("Suricata pkg v2.1.2: post-install configuration saved."); // Done with post-install, so clear flag unset($g['suricata_postinstall']); diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 82bb33eb..480bf3dc 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -41,7 +41,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); -global $g, $rebuild_rules; +global $g, $config, $rebuild_rules; $suricatadir = SURICATADIR; $rules_map = array(); @@ -107,9 +107,27 @@ $emergingdownload = $config['installedpackages']['suricata']['config'][0]['enabl $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; $categories = explode("||", $pconfig['rulesets']); -// Add any previously saved rules files to the categories array -if (!empty($pconfig['rulesets'])) - $categories = explode("||", $pconfig['rulesets']); +// Get any automatic rule category enable/disable modifications +// if auto-SID Mgmt is enabled, and adjust the available rulesets +// in the CATEGORY drop-down box as necessary. +$cat_mods = suricata_sid_mgmt_auto_categories($a_rule[$id], FALSE); +foreach ($cat_mods as $k => $v) { + switch ($v) { + case 'disabled': + if (($key = array_search($k, $categories)) !== FALSE) + unset($categories[$key]); + break; + + case 'enabled': + if (!in_array($k, $categories)) + $categories[] = $k; + break; + + default: + break; + } +} + if ($_GET['openruleset']) $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); @@ -148,7 +166,10 @@ if ($currentruleset != 'custom.rules') { $rules_map = suricata_load_rules_map($rulefile); } -/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ +/* Process the current category rules through any auto SID MGMT changes if enabled */ +suricata_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE); + +/* Load up our enablesid and disablesid arrays with manually enabled or disabled SIDs */ $enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); @@ -159,12 +180,16 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, + // and toggle it opposite state if present; otherwise, // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,8 +223,12 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Suricata pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('suricata_rules'); + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -238,7 +267,10 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('suricata_rules'); + + write_config("Suricata pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -275,7 +307,10 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('suricata_rules'); + + write_config("Suricata pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -314,7 +349,10 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('suricata_rules'); + + write_config("Suricata pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,51 +360,73 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_on']); unset($a_rule[$id]['rule_sid_off']); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('suricata_rules'); + /* Update the config.xml file. */ - write_config(); + write_config("Suricata pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); - write_config(); + write_config("Suricata pkg: clear all custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; + conf_mount_rw(); suricata_generate_yaml($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; $pconfig['customrules'] = ''; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('suricata_rules'); } elseif ($_POST['save']) { $pconfig['customrules'] = $_POST['customrules']; if ($_POST['customrules']) - $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + $a_rule[$id]['customrules'] = base64_encode(str_replace("\r\n", "\n", $_POST['customrules'])); else unset($a_rule[$id]['customrules']); - write_config(); + write_config("Suricata pkg: save modified custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; + conf_mount_rw(); suricata_generate_yaml($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); + clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['apply']) { /* Save new configuration */ - write_config(); + write_config("Suricata pkg: new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); suricata_generate_yaml($a_rule[$id]); + conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); @@ -392,19 +452,28 @@ if ($savemsg) { <input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> <input type='hidden' name='sid' id='sid' value=''/> <input type='hidden' name='gid' id='gid' value=''/> + +<?php if (is_subsystem_dirty('suricata_rules')): ?><p> +<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -417,11 +486,13 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="4" cellspacing="0"> + <tbody> <tr> <td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td> </tr> @@ -430,7 +501,7 @@ if ($savemsg) { <select id="selectbox" name="selectbox" class="formselect" onChange="go();"> <option value='custom.rules'>custom.rules</option> <?php - $files = explode("||", $pconfig['rulesets']); + $files = $categories; if ($a_rule[$id]['ips_policy_enable'] == 'on') $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); if ($a_rule[$id]['autoflowbitrules'] == 'on') @@ -478,6 +549,7 @@ if ($savemsg) { <tr> <td class="vncell"> <table width="100%" align="center" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr> <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn" title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/> @@ -534,6 +606,7 @@ if ($savemsg) { gettext("clicking here") . ".</a>";?></td> </tr> <?php endif;?> + </tbody> </table> </td> </tr> @@ -544,7 +617,7 @@ if ($savemsg) { <td> <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="14" align="left" valign="middle"> + <col width="16" align="center" valign="middle"> <col width="6%" align="center" axis="number"> <col width="9%" align="center" axis="number"> <col width="52" align="center" axis="string"> @@ -555,8 +628,8 @@ if ($savemsg) { <col axis="string"> </colgroup> <thead> - <tr> - <th class="list"> </th> + <tr class="sortableHeaderRowIdentifier"> + <th class="list sorttable_nosort"> </th> <th class="listhdrr"><?php echo gettext("GID"); ?></th> <th class="listhdrr"><?php echo gettext("SID"); ?></th> <th class="listhdrr"><?php echo gettext("Proto"); ?></th> @@ -570,18 +643,36 @@ if ($savemsg) { <tbody> <?php - $counter = $enable_cnt = $disable_cnt = 0; + $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { $sid = suricata_get_sid($v['rule']); $gid = suricata_get_gid($v['rule']); - - if (isset($disablesid[$gid][$sid])) { + $ruleset = $currentruleset; + $style = ""; + + if ($v['managed'] == 1) { + if ($v['disabled'] == 1) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\""; + $title = gettext("Auto-disabled by settings on SID Mgmt tab"); + } + else { + $textss = $textse = ""; + $ruleset = "suricata.rules"; + $title = gettext("Auto-managed by settings on SID Mgmt tab"); + } + $iconb = "icon_advanced.gif"; + $managed_count++; + } + elseif (isset($disablesid[$gid][$sid])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $user_disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -594,7 +685,8 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $user_enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -623,36 +715,44 @@ if ($savemsg) { $message = suricata_get_msg($v['rule']); $sid_tooltip = gettext("View the raw text for this rule"); - echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss} - <a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; - document.getElementById('gid').value='{$gid}';\" - src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" - title='{$title}' name=\"toggle[]\"/></a>{$textse} - </td> - <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}"; + + if ($v['managed'] == 1) { + echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}'/>{$textse}"; + } + else { + echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}'; + document.getElementById('gid').value='{$gid}';\" + src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" + title='{$title}' name=\"toggle[]\"/></a>{$textse}"; + } + echo "</td> + + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$gid}{$textse} </td> - <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> <a href=\"javascript: void(0)\" - onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" + onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\" title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a> </td> - <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$protocol}{$textse} </td> - <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcspan}{$source}</span> </td> - <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$srcprtspan}{$source_port}</span> </td> - <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstspan}{$destination}</span> </td> - <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$dstprtspan}{$destination_port}</span> </td> - <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> + <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$ruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"> {$textss}{$message}{$textse} </td> </tr>"; @@ -667,13 +767,17 @@ if ($savemsg) { <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="1"> + <tbody> <tr> <td width="16"></td> <td class="vexpl" height="35" valign="top"> <strong><?php echo gettext("--- Category Rules Summary ---") . "</strong><br/>" . gettext("Total Rules: {$counter}") . " " . gettext("Enabled: {$enable_cnt}") . " " . - gettext("Disabled: {$disable_cnt}"); ?></td> + gettext("Disabled: {$disable_cnt}") . " " . + gettext("User Enabled: {$user_enable_cnt}") . " " . + gettext("User Disabled: {$user_disable_cnt}") . " " . + gettext("Auto-Managed: {$managed_count}"); ?></td> </tr> <tr> <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" @@ -695,14 +799,29 @@ if ($savemsg) { width="11" height="11"></td> <td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td> </tr> + <?php if (!empty($cat_mods)): ?> + <tr> + <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule auto-enabled by files configured on SID Mgmt tab"); ?></td> + </tr> + <tr> + <td width="16"><img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule auto-disabled by files configured on SID Mgmt tab"); ?></td> + </tr> + <?php endif; ?> + </tbody> </table> </td> </tr> <?php endif;?> + </tbody> </table> </div> </td> </tr> + </tbody> </table> </form> <script language="javascript" type="text/javascript"> diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php index 0a4bd62a..8329272f 100644 --- a/config/suricata/suricata_rules_edit.php +++ b/config/suricata/suricata_rules_edit.php @@ -73,6 +73,8 @@ $wrap_flag = "off"; // Correct displayed file title if necessary if ($file == "Auto-Flowbit Rules") $displayfile = FLOWBITS_FILENAME; +elseif ($file == "suricata.rules") + $displayfile = "Currently Active Rules"; else $displayfile = $file; @@ -102,6 +104,8 @@ elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid'] // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") $rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME); + elseif ($file == "suricata.rules") + $rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/suricata.rules"); else $rules_map = suricata_load_rules_map("{$suricatadir}rules/{$file}"); $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index c5193a8b..1bb945d8 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -65,7 +65,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE) $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; @@ -139,7 +139,9 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid if ($found_list) { write_config(); $rebuild_rules = false; + conf_mount_rw(); sync_suricata_package_config(); + conf_mount_ro(); suricata_reload_config($a_nat[$id]); $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'."); } @@ -159,7 +161,6 @@ include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - <?php include("fbegin.inc"); if ($input_errors) print_input_errors($input_errors); @@ -227,7 +228,7 @@ if ($savemsg) <col axis="string"> </colgroup> <thead> - <tr> + <tr class="sortableHeaderRowIdentifier"> <th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th> <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th> @@ -274,7 +275,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "<tr>" . - "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . + "<td class=\"listr\" style=\"sorttable_customkey:{$sid};\" sorttable_customkey=\"{$sid}\">{$sid} {$supplink}</td>" . "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" . "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" . "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" . diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index c939ef25..7f591b6c 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -47,7 +47,7 @@ $suricatadir = SURICATADIR; $flowbit_rules_file = FLOWBITS_FILENAME; // Array of default events rules for Suricata -$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", +$default_rules = array( "decoder-events.rules", "dns-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); if (!is_array($config['installedpackages']['suricata']['rule'])) { @@ -63,15 +63,12 @@ if (is_null($id)) $id = 0; if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - $pconfig['autoflowbitrules'] = $a_nat[$id]['autoflowbitrules']; + $pconfig['autoflowbits'] = $a_nat[$id]['autoflowbitrules']; $pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable']; $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; } -$if_real = get_real_interface($pconfig['interface']); +$if_real = get_real_interface($a_nat[$id]['interface']); $suricata_uuid = $a_nat[$id]['uuid']; $snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] == 'on' ? 'on' : 'off'; $emergingdownload = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] == 'on' ? 'on' : 'off'; @@ -81,6 +78,8 @@ $snortcommunitydownload = $config['installedpackages']['suricata']['config'][0][ $no_emerging_files = false; $no_snort_files = false; +$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); + /* Test rule categories currently downloaded to $SURICATADIR/rules and set appropriate flags */ if ($emergingdownload == 'on') { $test = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); @@ -143,27 +142,33 @@ if ($_POST["save"]) { $a_nat[$id]['autoflowbitrules'] = 'on'; else { $a_nat[$id]['autoflowbitrules'] = 'off'; - if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) - @unlink("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); + unlink_if_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } - write_config(); + write_config("Suricata pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; + conf_mount_rw(); suricata_generate_yaml($a_nat[$id]); + conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_nat[$id]); + + $pconfig = $_POST; + $enabled_rulesets_array = explode("||", $enabled_items); + if (suricata_is_running($suricata_uuid, $if_real)) + $savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['unselectall']) { - // Remove all but the default events and files rules - $a_nat[$id]['rulesets'] = implode("||", $default_rules); - if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; @@ -173,13 +178,21 @@ elseif ($_POST['unselectall']) { unset($a_nat[$id]['ips_policy']); } - write_config(); - sync_suricata_package_config(); + $pconfig['autoflowbits'] = $_POST['autoflowbits']; + $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; + $pconfig['ips_policy'] = $_POST['ips_policy']; + + // Remove all but the default events and files rules + $enabled_rulesets_array = array(); + $enabled_rulesets_array = implode("||", $default_rules); + + $savemsg = gettext("All rule categories have been de-selected. "); + if ($_POST['ips_policy_enable'] == "on") + $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); + else + $savemsg .= gettext("There currently are no inspection rules enabled for this Suricata instance!"); } elseif ($_POST['selectall']) { - // Start with the required default events and files rules - $rulesets = $default_rules; - if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; @@ -189,39 +202,45 @@ elseif ($_POST['selectall']) { unset($a_nat[$id]['ips_policy']); } + $pconfig['autoflowbits'] = $_POST['autoflowbits']; + $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; + $pconfig['ips_policy'] = $_POST['ips_policy']; + + // Start with the required default events and files rules + $enabled_rulesets_array = $default_rules; + if ($emergingdownload == 'on') { $files = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ - if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { + if ($snortdownload == 'on' && empty($_POST['ips_policy_enable'])) { $files = glob("{$suricatadir}rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) - $rulesets[] = basename($file); + $enabled_rulesets_array[] = basename($file); } - - $a_nat[$id]['rulesets'] = implode("||", $rulesets); - - write_config(); - sync_suricata_package_config(); } +// Get any automatic rule category enable/disable modifications +// if auto-SID Mgmt is enabled. +$cat_mods = suricata_sid_mgmt_auto_categories($a_nat[$id], FALSE); + // See if we have any Auto-Flowbit rules and enable // the VIEW button if we do. -if ($a_nat[$id]['autoflowbitrules'] == 'on') { +if ($pconfig['autoflowbits'] == 'on') { if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; @@ -232,9 +251,7 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') { else $btn_view_flowb_rules = " disabled"; -$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); - -$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Suricata IDS: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?> @@ -258,18 +275,22 @@ if ($savemsg) { <form action="suricata_rulesets.php" method="post" name="iform" id="iform"> <input type="hidden" name="id" id="id" value="<?=$id;?>" /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -282,6 +303,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> @@ -289,6 +311,7 @@ if ($savemsg) { <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <?php $isrulesfolderempty = glob("{$suricatadir}rules/*.rules"); $iscfgdirempty = array(); @@ -307,18 +330,19 @@ if ($savemsg) { <?php else: ?> <tr> <td> - <table width="100%" border="0" - cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> <tr> <td colspan="4" class="listtopic"><?php echo gettext("Automatic flowbit resolution"); ?><br/></td> </tr> <tr> - <td colspan="4" valign="center" class="listn"> + <td colspan="4" style="vertical-align: middle;" class="listn"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td width="15%" class="listn"><?php echo gettext("Resolve Flowbits"); ?></td> <td width="85%"><input name="autoflowbits" id="autoflowbitrules" type="checkbox" value="on" - <?php if ($a_nat[$id]['autoflowbitrules'] == "on" || empty($a_nat[$id]['autoflowbitrules'])) echo "checked"; ?>/> + <?php if ($pconfig['autoflowbits'] == "on" || empty($pconfig['autoflowbits'])) echo "checked"; ?>/> <span class="vexpl"><?php echo gettext("If checked, Suricata will auto-enable rules required for checked flowbits. "); echo gettext("The Default is "); ?><strong><?php echo gettext("Checked."); ?></strong></span></td> </tr> @@ -340,6 +364,7 @@ if ($savemsg) { <?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" . gettext("Auto-enabled rules generating unwanted alerts should have their GID:SID added to the Suppression List for the interface."); ?> <br/></td> </tr> + </tbody> </table> </td> </tr> @@ -349,8 +374,9 @@ if ($savemsg) { <td colspan="4" class="listtopic"><?php echo gettext("Snort IPS Policy selection"); ?><br/></td> </tr> <tr> - <td colspan="4" valign="center" class="listn"> + <td colspan="4" style="vertical-align: middle;" class="listn"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td width="15%" class="listn"><?php echo gettext("Use IPS Policy"); ?></td> <td width="85%"><input name="ips_policy_enable" id="ips_policy_enable" type="checkbox" value="on" <?php if ($a_nat[$id]['ips_policy_enable'] == "on") echo "checked"; ?> @@ -365,7 +391,9 @@ if ($savemsg) { "although Emerging Threats categories may still be selected if enabled on the Global Settings tab. " . "These will be added to the pre-defined Snort IPS policy rules from the Snort VRT."); ?><br/></td> </tr> - <tr id="ips_row1"> + </tbody> + <tbody id="ips_controls"> + <tr> <td width="15%" class="listn"><?php echo gettext("IPS Policy Selection"); ?></td> <td width="85%"><select name="ips_policy" class="formselect" <?=$policy_select_disable?> > <option value="connectivity" <?php if ($pconfig['ips_policy'] == "connected") echo "selected"; ?>><?php echo gettext("Connectivity"); ?></option> @@ -374,7 +402,7 @@ if ($savemsg) { </select> <span class="vexpl"><?php echo gettext("Snort IPS policies are: Connectivity, Balanced or Security."); ?></span></td> </tr> - <tr id="ips_row2"> + <tr> <td width="15%"> </td> <td width="85%"> <?php echo gettext("Connectivity blocks most major threats with few or no false positives. " . @@ -383,6 +411,7 @@ if ($savemsg) { "Security is a stringent policy. It contains everything in the first two " . "plus policy-type rules such as Flash in an Excel file."); ?><br/></td> </tr> + </tbody> </table> </td> </tr> @@ -392,15 +421,27 @@ if ($savemsg) { </tr> <tr> <td colspan="4"> - <table width=90% align="center" border="0" cellpadding="2" cellspacing="0"> - <tr height="45px"> - <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> - <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> - <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> - <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> + <table width="95%" style="margin-left: auto; margin-right: auto;" border="0" cellpadding="2" cellspacing="0"> + <tbody> + <tr height="32px"> + <td style="vertical-align: middle;"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> + <td style="vertical-align: middle;"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> + <td style="vertical-align: middle;"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td style="vertical-align: middle;"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> + </tr> + <?php if (!empty($cat_mods)): ?> + <tr height="20px"> + <td colspan="4" style="vertical-align: middle;"><img style="vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext("- Category is auto-enabled by SID Mgmt conf files");?> + <img style="opacity: 0.4; filter: alpha(opacity=40); vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext("- Category is auto-disabled by SID Mgmt conf files");?></td> </tr> + <?php endif; ?> + </tbody> </table> + </td> </tr> + <?php if ($no_community_files) $msg_community = "NOTE: Snort Community Rules have not been downloaded. Perform a Rules Update to enable them."; else @@ -412,15 +453,29 @@ if ($savemsg) { <td width="5%" class="listhdrr"><?php echo gettext("Enabled"); ?></td> <td colspan="5" class="listhdrr"><?php echo gettext('Ruleset: Snort GPLv2 Community Rules');?></td> </tr> - <?php if (in_array($community_rules_file, $enabled_rulesets_array)): ?> + <?php if (isset($cat_mods[$community_rules_file])): ?> + <?php if ($cat_mods[$community_rules_file] == 'enabled') : ?> + <tr> + <td width="5%" class="listr" style="text-align: center;"> + <img src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" title="<?=gettext("Auto-managed by settings on SID Mgmt tab");?>" /></td> + <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?=gettext("{$msg_community}");?></a></td> + </tr> + <?php else: ?> + <tr> + <td width="5%" class="listr" style="text-align: center;"> + <img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" title="<?=gettext("Auto-managed by settings on SID Mgmt tab");?>" /></td> + <td colspan="5" class="listr"><?=gettext("{$msg_community}"); ?></td> + </tr> + <?php endif; ?> + <?php elseif (in_array($community_rules_file, $enabled_rulesets_array)): ?> <tr> - <td width="5" class="listr" align="center" valign="top"> + <td width="5%" class="listr" style="text-align: center;"> <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" checked="checked"/></td> <td colspan="5" class="listr"><a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a></td> </tr> <?php else: ?> <tr> - <td width="5" class="listr" align="center" valign="top"> + <td width="5%" class="listr" style="text-align: center;"> <input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" <?php if ($snortcommunitydownload == 'off') echo "disabled"; ?>/></td> <td colspan="5" class="listr"><?php echo gettext("{$msg_community}"); ?></td> </tr> @@ -438,19 +493,19 @@ if ($savemsg) { ?> <tr id="frheader"> <?php if ($emergingdownload == 'on' && !$no_emerging_files): ?> - <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="5%" class="listhdrr" style="text-align: center;"><?php echo gettext("Enabled"); ?></td> <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td> <?php elseif ($etpro == 'on' && !$no_emerging_files): ?> - <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="5%" class="listhdrr" style="text-align: center;"><?php echo gettext("Enabled"); ?></td> <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td> <?php else: ?> - <td colspan="2" align="center" width="50%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td> + <td colspan="2" style="text-align: center;" width="50%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td> <?php endif; ?> <?php if ($snortdownload == 'on' && !$no_snort_files): ?> - <td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td> + <td width="5%" class="listhdrr" style="text-align: center;"><?php echo gettext("Enabled"); ?></td> <td width="45%" class="listhdrr"><?php echo gettext('Ruleset: Snort VRT Rules');?></td> <?php else: ?> - <td colspan="2" align="center" width="50%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td> + <td colspan="2" style="text-align: center;" width="50%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td> <?php endif; ?> </tr> <?php @@ -482,15 +537,28 @@ if ($savemsg) { echo "<tr>\n"; if (!empty($emergingrules[$j])) { $file = $emergingrules[$j]; - echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">"; + echo "<td width='5%' class='listr' align=\"center\">"; if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) + if(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + if (isset($cat_mods[$file])) { + if (in_array($file, $enabled_rulesets_array)) + echo "<input type='hidden' name='toenable[]' value='{$file}' />\n"; + if ($cat_mods[$file] == 'enabled') { + $CHECKED = "enabled"; + echo " \n<img src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-enabled by settings on SID Mgmt tab") . "\" />\n"; + } + else { + echo " \n<img style=\"opacity: 0.4; filter: alpha(opacity=40);\" src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-disabled by settings on SID Mgmt tab") . "\" />\n"; + } + } + else { + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + } echo "</td>\n"; echo "<td class='listr' width='45%' >\n"; if (empty($CHECKED)) @@ -503,17 +571,30 @@ if ($savemsg) { if (!empty($snortrules[$j])) { $file = $snortrules[$j]; - echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; + echo "<td class='listr' width='5%' align=\"center\">"; if(is_array($enabled_rulesets_array)) { if (!empty($disable_vrt_rules)) $CHECKED = $disable_vrt_rules; - elseif(in_array($file, $enabled_rulesets_array)) + elseif(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + if (isset($cat_mods[$file])) { + if (in_array($file, $enabled_rulesets_array)) + echo "<input type='hidden' name='toenable[]' value='{$file}' />\n"; + if ($cat_mods[$file] == 'enabled') { + $CHECKED = "enabled"; + echo " \n<img src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-enabled by settings on SID Mgmt tab") . "\" />\n"; + } + else { + echo " \n<img style=\"opacity: 0.4; filter: alpha(opacity=40);\" src=\"../themes/{$g['theme']}/images/icons/icon_advanced.gif\" width=\"11\" height=\"11\" border=\"0\" title=\"" . gettext("Auto-disabled by settings on SID Mgmt tab") . "\" />\n"; + } + } + else { + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + } echo "</td>\n"; echo "<td class='listr' width='45%' >\n"; if (empty($CHECKED) || $CHECKED == "disabled") @@ -526,21 +607,30 @@ if ($savemsg) { echo "</tr>\n"; } ?> - </table> + </tbody> + </table> </td> </tr> -<tr> -<td colspan="4" class="vexpl"> <br/></td> -</tr> - <tr> - <td colspan="4" align="center" valign="middle"> - <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> - </tr> + <?php if (!empty($cat_mods)): ?> + <tr> + <td colspan="4" style="vertical-align: middle;"><br/> + <img style="vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext(" - Category auto-enabled by parameters in SID Mgmt conf files");?><br/> + <img style="opacity: 0.4; filter: alpha(opacity=40); vertical-align: text-top;" src="../themes/<?=$g['theme'];?>/images/icons/icon_advanced.gif" width="11" height="11" border="0" /> + <?=gettext(" - Category auto-disabled by parameters in SID Mgmt conf files");?><br/><br/></td> + </tr> + <?php endif; ?> + <tr height="32px"> + <td colspan="4" style="vertical-align: bottom; text-align: center;"> + <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> + </tr> <?php endif; ?> +</tbody> </table> </div> </td> </tr> +</tbody> </table> </form> <?php @@ -566,28 +656,29 @@ h += 96; function enable_change() { - var endis = !(document.iform.ips_policy_enable.checked); - document.iform.ips_policy.disabled=endis; - - if (endis) { - document.getElementById("ips_row1").style.display="none"; - document.getElementById("ips_row2").style.display="none"; - document.getElementById("ips_col1").className="vexpl"; - document.getElementById("ips_col2").className="vexpl"; - } - else { - document.getElementById("ips_row1").style.display="table-row"; - document.getElementById("ips_row2").style.display="table-row"; - document.getElementById("ips_col1").className="vncell"; - document.getElementById("ips_col2").className="vtable"; - } - for (var i = 0; i < document.iform.elements.length; i++) { - if (document.iform.elements[i].type == 'checkbox') { - var str = document.iform.elements[i].value; - if (str.substr(0,6) == "snort_") - document.iform.elements[i].disabled = !(endis); - } - } + + if (document.getElementById("ips_policy_enable")) { + var endis = !(document.iform.ips_policy_enable.checked); + document.iform.ips_policy.disabled=endis; + + if (endis) { + document.getElementById("ips_controls").style.display="none"; + document.getElementById("ips_col1").className=""; + document.getElementById("ips_col2").className=""; + } + else { + document.getElementById("ips_controls").style.display=""; + document.getElementById("ips_col1").className="vncell"; + document.getElementById("ips_col2").className="vtable"; + } + } + for (var i = 0; i < document.iform.elements.length; i++) { + if (document.iform.elements[i].type == 'checkbox') { + var str = document.iform.elements[i].value; + if (str.substr(0,6) == "snort_") + document.iform.elements[i].disabled = !(endis); + } + } } // Set initial state of dynamic HTML form controls diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php index 527412d1..47bbec4a 100644 --- a/config/suricata/suricata_select_alias.php +++ b/config/suricata/suricata_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); <input type="hidden" name="varname" value="<?=$varname;?>"/> <input type="hidden" name="type" value="<?=$type;?>"/> <input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> -<input type="hidden" name="returl" value="<?=$referrer;?>"/> -<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<input type="hidden" name="returl" value="<?=htmlspecialchars($referrer);?>"/> +<input type="hidden" name="org_querystr" value="<?=htmlspecialchars($querystr);?>"/> <?php if ($input_errors) print_input_errors($input_errors); ?> <div id="boxarea"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -151,8 +153,8 @@ include("head.inc"); <col width="35%" align="left" axis="string"> </colgroup> <thead> - <tr> - <th class="listhdrr"></th> + <tr class="sortableHeaderRowIdentifier"> + <th class="listhdrr sorttable_nosort"></th> <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th> <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th> <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th> diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php new file mode 100644 index 00000000..c2d58af8 --- /dev/null +++ b/config/suricata/suricata_sid_mgmt.php @@ -0,0 +1,611 @@ +<?php +/* + * suricata_sid_mgmt.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g, $config, $rebuild_rules; + +$suricatadir = SURICATADIR; +$pconfig = array(); + +// Grab saved settings from configuration +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); +$a_nat = &$config['installedpackages']['suricata']['rule']; + +$pconfig['auto_manage_sids'] = $config['installedpackages']['suricata']['config'][0]['auto_manage_sids']; + +// Hard-code the path where SID Mods Lists are stored +// and disregard any user-supplied path element. +$sidmods_path = SURICATA_SID_MODS_PATH; + +// Set default to not show SID modification lists editor controls +$sidmodlist_edit_style = "display: none;"; + +if (!empty($_POST)) + $pconfig = $_POST; + +function suricata_is_sidmodslist_active($sidlist) { + + /***************************************************** + * This function checks all the configured Suricata * + * interfaces to see if the passed SID Mods List is * + * used by an interface. * + * * + * Returns: TRUE if List is in use * + * FALSE if List is not in use * + *****************************************************/ + + global $g, $config; + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return FALSE; + + foreach ($config['installedpackages']['suricata']['rule'] as $rule) { + if ($rule['enable_sid_file'] == $sidlist) { + return TRUE; + } + if ($rule['disable_sid_file'] == $sidlist) { + return TRUE; + } + if ($rule['modify_sid_file'] == $sidlist) { + return TRUE; + } + } + return FALSE; +} + +if (isset($_POST['upload'])) { + if ($_FILES["sidmods_fileup"]["error"] == UPLOAD_ERR_OK) { + $tmp_name = $_FILES["sidmods_fileup"]["tmp_name"]; + $name = basename($_FILES["sidmods_fileup"]["name"]); + move_uploaded_file($tmp_name, "{$sidmods_path}{$name}"); + } + else + $input_errors[] = gettext("Failed to upload file {$_FILES["sidmods_fileup"]["name"]}"); +} + +if (isset($_POST['sidlist_delete']) && isset($_POST['sidlist_fname'])) { + if (!suricata_is_sidmodslist_active(basename($_POST['sidlist_fname']))) + unlink_if_exists($sidmods_path . basename($_POST['sidlist_fname'])); + else + $input_errors[] = gettext("This SID Mods List is currently assigned to an interface and cannot be deleted."); +} + +if (isset($_POST['sidlist_edit']) && isset($_POST['sidlist_fname'])) { + $file = $sidmods_path . basename($_POST['sidlist_fname']); + $data = file_get_contents($file); + if ($data !== FALSE) { + $sidmodlist_data = htmlspecialchars($data); + $sidmodlist_edit_style = "display: table-row-group;"; + $sidmodlist_name = basename($_POST['sidlist_fname']); + unset($data); + } + else { + $input_errors[] = gettext("An error occurred reading the file."); + } +} + +if (isset($_POST['save']) && isset($_POST['sidlist_data'])) { + if (strlen(basename($_POST['sidlist_name'])) > 0) { + $file = $sidmods_path . basename($_POST['sidlist_name']); + $data = str_replace("\r\n", "\n", $_POST['sidlist_data']); + file_put_contents($file, $data); + unset($data); + } + else { + $input_errors[] = gettext("You must provide a valid filename for the SID Mods List."); + $sidmodlist_edit_style = "display: table-row-group;"; + } +} + +if (isset($_POST['save_auto_sid_conf'])) { + $config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] = $pconfig['auto_manage_sids'] ? "on" : "off"; + + // Grab the SID Mods config for the interfaces from the form's controls array + foreach ($_POST['sid_state_order'] as $k => $v) { + $a_nat[$k]['sid_state_order'] = $v; + } + foreach ($_POST['enable_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['enable_sid_file']); + continue; + } + $a_nat[$k]['enable_sid_file'] = $v; + } + foreach ($_POST['disable_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['disable_sid_file']); + continue; + } + $a_nat[$k]['disable_sid_file'] = $v; + } + foreach ($_POST['modify_sid_file'] as $k => $v) { + if ($v == "None") { + unset($a_nat[$k]['modify_sid_file']); + continue; + } + $a_nat[$k]['modify_sid_file'] = $v; + } + + // Write the new configuration + write_config("Suricata pkg: updated automatic SID management settings."); + + $intf_msg = ""; + + // If any interfaces were marked for restart, then do it + if (is_array($_POST['torestart'])) { + foreach ($_POST['torestart'] as $k) { + // Update the suricata.yaml file and + // rebuild rules for this interface. + $rebuild_rules = true; + conf_mount_rw(); + suricata_generate_yaml($a_nat[$k]); + conf_mount_ro(); + $rebuild_rules = false; + + // Signal Suricata to "live reload" the rules + suricata_reload_config($a_nat[$k]); + + $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; + } + $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); + } +} + +if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) { + $file = $sidmods_path . basename($_POST['sidlist_fname']); + if (file_exists($file)) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize($file)); + header("Content-disposition: attachment; filename = " . basename($file)); + ob_end_clean(); //important or other post will fail + readfile($file); + } + else + $savemsg = gettext("Unable to locate the file specified!"); +} + +if (isset($_POST['sidlist_dnload_all_x'])) { + $save_date = date("Y-m-d-H-i-s"); + $file_name = "suricata_sid_conf_files_{$save_date}.tar.gz"; + exec("cd {$sidmods_path} && /usr/bin/tar -czf /tmp/{$file_name} *"); + + if (file_exists("/tmp/{$file_name}")) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-disposition: attachment; filename = {$file_name}"); + ob_end_clean(); //important or other post will fail + readfile("/tmp/{$file_name}"); + + // Clean up the temp file + unlink_if_exists("/tmp/{$file_name}"); + } + else + $savemsg = gettext("An error occurred while creating the gzip archive!"); +} + +// Get all files in the SID Mods Lists sub-directory as an array +// Leave this as the last thing before spewing the page HTML +// so we can pick up any changes made to files in code above. +$sidmodfiles = return_dir_as_array($sidmods_path); +$sidmodselections = array_merge(Array( "None" ), $sidmodfiles); + +$pgtitle = gettext("Suricata: SID Management"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); +?> + +<form action="suricata_sid_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<input type="hidden" name="MAX_FILE_SIZE" value="100000000" /> +<input type="hidden" name="sidlist_fname" id="sidlist_fname" value=""/> + +<?php +if ($savemsg) { + /* Display save message */ + print_info_box($savemsg); +} +?> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), true, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); + display_top_tabs($tab_array, true); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tbody> + <?php if ($g['platform'] == "nanobsd") : ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("SID auto-management is not supported on NanoBSD installs"); ?></td> + </tr> + <?php else: ?> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Automatic SID State Management"); ?></td> + <td width="78%" class="vtable"><input type="checkbox" id="auto_manage_sids" name="auto_manage_sids" value="on" + <?php if ($pconfig['auto_manage_sids'] == 'on') echo " checked"; ?> onclick="enable_sid_conf();" /> <?=gettext("Enable automatic management of rule state ") . + gettext("and content using configuration files. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>";?>.<br/><br/> + <?=gettext("Suricata will automatically enable/disable/modify text rules upon each update using criteria specified in configuration files. ") . + gettext("The supported configuration file format is the same as that used in the PulledPork and Oinkmaster enablesid.conf, disablesid.conf and ") . + gettext("modifysid.conf files. You can either upload existing files or create your own."); ?> + </td> + </tr> + </tbody> + <tbody id="sid_conf_rows"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SID Management Configuration Files"); ?></td> + </tr> + <tr> + <td colspan="2" class="vtable" align="center" > + <table width="100%" border="0" cellpadding="4" cellspacing="0"> + <tbody id="uploader" style="display: none;"> + <tr> + <td class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td> + </tr> + <tr> + <td class="list"><input type="file" name="sidmods_fileup" id="sidmods_fileup" class="formfld file" size="50" /> + <input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>" + title="<?=gettext("Upload selected SID mods list to firewall");?>"/> <input type="button" + value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td> + <td class="list"></td> + </tr> + </tbody> + <tbody> + <tr> + <td> + <table id="maintable" width="100%" border="0" cellpadding="4" cellspacing="0"> + <colgroup> + <col style="width: 45%;"> + <col style="width: 25%;"> + <col style="width: 15%;"> + <col style="width: 15%;"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?php echo gettext("SID Mods List File Name"); ?></th> + <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th> + <th class="listhdrr"><?php echo gettext("File Size"); ?></th> + <th class="list" align="left"><img style="cursor:pointer;" name="sidlist_new" id="sidlist_new" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" + height="17" border="0" title="<?php echo gettext('Create a new SID Mods List');?>" + onClick="document.getElementById('sidlist_data').value=''; document.getElementById('sidlist_name').value=''; document.getElementById('sidlist_editor').style.display='table-row-group'; document.getElementById('sidlist_name').focus();" /> + <img style="cursor:pointer;" name="sidlist_import" id="sidlist_import" + onClick="document.getElementById('uploader').style.display='table-row-group';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" + height="17" border="0" title="<?php echo gettext('Import/Upload a SID Mods List');?>"/> + <input type="image" name="sidlist_dnload_all" id="sidlist_dnload_all" + src="../tree/page-file_play.gif" width="16" height="16" border="0" + title="<?php echo gettext('Download all SID Mods List files in a single gzip archive');?>"/> + </th> + </tr> + </thead> + <tbody> + <?php foreach ($sidmodfiles as $file): ?> + <tr> + <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?=date('M-d Y g:i a', filemtime("{$sidmods_path}{$file}")); ?></td> + <td class="listr"><?=format_bytes(filesize("{$sidmods_path}{$file}")); ?> </td> + <td class="list"><input type="image" name="sidlist_edit[]" id="sidlist_edit[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" + height="17" border="0" title="<?php echo gettext('Edit this SID Mods List');?>"/> + <input type="image" name="sidlist_delete[]" id="sidlist_delete[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>'; + return confirm('<?=gettext("Are you sure you want to permanently delete this file? Click OK to continue or CANCEL to quit.");?>');" + src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" + height="17" border="0" title="<?php echo gettext('Delete this SID Mods List');?>"/> + <input type="image" name="sidlist_dnload[]" id="sidlist_dnload[]" + onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';" + src="../tree/page-file_play.gif" width="16" height="16" border="0" + title="<?php echo gettext('Download this SID Mods List file');?>"/> + </td> + </tr> + <?php endforeach; ?> + </tbody> + <tbody id="sidlist_editor" style="<?=$sidmodlist_edit_style;?>"> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="sidlist_name" name="sidlist_name" value="<?=$sidmodlist_name;?>" /> + <input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" /> + <input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('sidlist_editor').style.display='none';" + title="<?=gettext("Abandon changes and quit editor");?>" /></td> + </tr> + <tr> + <td colspan="4"> </td> + </tr> + <tr> + <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="sidlist_data" id="sidlist_data" + style="width:95%; height:100%;"><?=$sidmodlist_data;?></textarea> + </td> + </tr> + </tbody> + <tbody> + <tr> + <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> + <br/><?php echo gettext("SID Mods Lists are stored as local files on the firewall and their contents are " . + "not saved as part of the firewall configuration file."); ?></td> + <td class="list"></td> + </tr> + <tr> + <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("File List Controls:"); ?></strong><br/><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the editor window to create a new SID Mods List. You must provide a valid filename before saving.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the file upload control for uploading a new SID Mods List from your local machine.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" /> + <?=gettext("Opens the SID Mods List in a text edit control for viewing or editing its contents.");?><br/> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" /> + <?=gettext("Deletes the SID Mods List from the file system after confirmation.");?><br/> + <img src="../tree/page-file_play.gif" width="16" height="16" border="0" /> + <?=gettext("Downloads the SID Mods List file to your local machine.");?><br/> + </td> + <td class="list"></td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Interface SID Management File Assignments"); ?></td> + </tr> + <tr> + <td colspan="2" class="vtable" align="center" > + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> + <tr> + <td> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="4%" align="center"> + <col width="20" align="center"> + <col width="16%" align="center"> + <col width="20%" align="center"> + <col width="20%" align="center"> + <col width="20%" align="center"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Rebuild"); ?></th> + <th class="listhdrr"><?=gettext("Interface"); ?></th> + <th class="listhdrr"><?=gettext("SID State Order"); ?></th> + <th class="listhdrr"><?=gettext("Enable SID File"); ?></th> + <th class="listhdrr"><?=gettext("Disable SID File"); ?></th> + <th class="listhdrr"><?=gettext("Modify SID File"); ?></th> + </tr> + </thead> + <tbody> + <?php foreach ($a_nat as $k => $natent): ?> + <tr> + <td class="listr" align="center"> + <input type="checkbox" name="torestart[]" id="torestart[]" value="<?=$k;?>" title="<?=gettext("Apply new configuration and rebuild rules for this interface when saving");?>" /> + </td> + <td class="listbg"><?=convert_friendly_interface_to_friendly_descr($natent['interface']); ?></td> + <td class="listr" align="center"> + <select name="sid_state_order[<?=$k?>]" class="formselect" id="sid_state_order[<?=$k?>]"> + <?php + foreach (array("disable_enable" => "Disable, Enable", "enable_disable" => "Enable, Disable") as $key => $order) { + if ($key == $natent['sid_state_order']) + echo "<option value='{$key}' selected>"; + else + echo "<option value='{$key}'>"; + echo htmlspecialchars($order) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="enable_sid_file[<?=$k?>]" class="formselect" id="enable_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['enable_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="disable_sid_file[<?=$k?>]" class="formselect" id="disable_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['disable_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + <td class="listr" align="center"> + <select name="modify_sid_file[<?=$k?>]" class="formselect" id="modify_sid_file[<?=$k?>]"> + <?php + foreach ($sidmodselections as $choice) { + if ($choice == $natent['modify_sid_file']) + echo "<option value='{$choice}' selected>"; + else + echo "<option value='{$choice}'>"; + echo htmlspecialchars(gettext($choice)) . '</option>'; + } + ?> + </select> + </td> + </tr> + <?php endforeach; ?> + </tbody> + </table> + </td> + </tr> + <tr> + <td class="vexpl"> + </td> + </tr> + <tr> + <td> + <table width="100%" cellpadding="2" cellspacing="2" border="0"> + <tbody> + <tr> + <td colspan="2" class="vexpl" style="text-align: bottom;"><strong><span class="red"><?=gettext("Notes:");?></span></strong></td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("1.");?></td> + <td class="vexpl"><?=gettext("Check the box beside an interface to immediately apply new auto-SID management ") . + gettext("changes and signal Suricata to live-load the new rules for the interface when clicking SAVE; ") . + gettext("otherwise only the new file assignments will be saved.");?> + </td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("2.");?></td> + <td class="vexpl"><?=gettext("SID State Order controls the order in which enable and disable state modifications are performed. ") . + gettext("An example would be to disable an entire category and later enable only a rule or two from it. In this case you would ") . + gettext("choose 'disable,enable' for the State Order. Note that the last action performed takes priority.");?> + </td> + </tr> + <tr> + <td class="vexpl" style="vertical-align: top;"><?=gettext("3.");?></td> + <td class="vexpl"><?=gettext("The Enable SID File, Disable SID File and Modify SID File controls specify which rule modification ") . + gettext("files are run automatically for the interface. Setting a file control to 'None' disables that modification. ") . + gettext("Setting all file controls for an interface to 'None' disables automatic SID state management for the interface.");?> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </tbody> + <tbody> + <tr> + <td colspan="2" class="vexpl" align="center"><input type="submit" id="save_auto_sid_conf" name="save_auto_sid_conf" class="formbtn" value="<?=gettext("Save");?>" title="<?=gettext("Save SID Management configuration");?>" /> + <?=gettext("Remember to save changes before exiting this page"); ?> + </td> + </tr> + <?php endif; ?> + </tbody> + </table> + </div> + </td></tr> + </tbody> +</table> +</form> + + +<?php include("fend.inc"); ?> + +<?php if ($g['platform'] != "nanobsd") : ?> +<script type="text/javascript"> + +function enable_sid_conf() { + var endis = !document.iform.auto_manage_sids.checked; + if (endis) { + document.getElementById("sid_conf_rows").style.display = "none"; + } + else { + document.getElementById("sid_conf_rows").style.display = ""; + } +} + +enable_sid_conf(); + +</script> +<?php endif; ?> + +</body> +</html> diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index 4f2e8d0d..8fcb3dd5 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -94,15 +94,18 @@ function suricata_find_suppresslist_interface($supplist) { return false; } -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { +if ($_POST['del'] && is_numericint($_POST['list_id'])) { + if ($a_suppress[$_POST['list_id']]) { // make sure list is not being referenced by any Suricata-configured interface - if (suricata_suppresslist_used($a_suppress[$_GET['id']]['name'])) { + if (suricata_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) { $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!"); } else { - unset($a_suppress[$_GET['id']]); - write_config(); + unset($a_suppress[$_POST['list_id']]); + write_config("Suricata pkg: deleted SUPPRESS LIST."); + conf_mount_rw(); + sync_suricata_package_config(); + conf_mount_ro(); header("Location: /suricata/suricata_suppress.php"); exit; } @@ -126,19 +129,24 @@ if ($input_errors) { ?> <form action="/suricata/suricata_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<input type="hidden" name="list_id" id="list_id" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td> @@ -172,6 +180,7 @@ if ($input_errors) { </td> <td height="20px" valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> + <tbody> <tr> <td valign="middle"><a href="suricata_suppress_edit.php?id=<?=$i;?>"><img @@ -185,13 +194,12 @@ if ($input_errors) { width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a> </td> <?php else : ?> - <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img - src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td> + <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete Suppress List");?>"/></td> <td> </td> <?php endif; ?> </tr> + </tbody> </table> </td> </tr> @@ -200,6 +208,7 @@ if ($input_errors) { <td class="list" colspan="2"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> + <tbody> <tr> <td valign="middle" width="17"> </td> <td valign="middle"><a @@ -207,6 +216,7 @@ if ($input_errors) { src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td> </tr> + </tbody> </table> </td> </tr> @@ -224,6 +234,7 @@ if ($input_errors) { gettext("You must first unassign the Suppress List on the Interface Edit tab."); ?> </p></span></td> </tr> +</tbody> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index a46e9e99..8814d3db 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -88,7 +88,12 @@ if ($_POST['save']) { $reqdfields = explode(" ", "name"); $reqdfieldsn = array("Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; @@ -152,15 +157,18 @@ if ($savemsg) <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> </td></tr> diff --git a/config/suricata/suricata_sync.xml b/config/suricata/suricata_sync.xml new file mode 100644 index 00000000..28083d8d --- /dev/null +++ b/config/suricata/suricata_sync.xml @@ -0,0 +1,221 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* +based on snortsync.xml developed as part +of pfSense (http://www.pfSense.com) +Copyright (C) 2013 Marcello Coutinho +based on pfblocker_sync.xml +All rights reserved. + +modified for use with Suricata package +Copyright (C) 2014 Bill Meeks +All rights reserved. + +Based on m0n0wall (http://m0n0.ch/wall) +Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. +All rights reserved. +*/ +/* ========================================================================== */ +/* +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code MUST retain the above copyright notice, +this list of conditions and the following disclaimer. + +2. Redistributions in binary form MUST reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. +*/ +/* ========================================================================== */ +]]></copyright> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>suricatasync</name> + <version>1.0</version> + <title>Suricata: XMLRPC Sync</title> + <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> + <tabs> + <tab> + <text>Interfaces</text> + <url>/suricata/suricata_interfaces.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Global Settings</text> + <url>/suricata/suricata_global.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Updates</text> + <url>/suricata/suricata_download_updates.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Alerts</text> + <url>/suricata/suricata_alerts.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Blocks</text> + <url>/suricata/suricata_blocked.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Pass Lists</text> + <url>/suricata/suricata_passlist.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Suppress</text> + <url>/suricata/suricata_suppress.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Logs View</text> + <url>/suricata/suricata_logs_browser.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Logs Mgmt</text> + <url>/suricata/suricata_logs_mgmt.php</url> + <no_drop_down/> + </tab> + <tab> + <text>SID Mgmt</text> + <url>/suricata/suricata_sid_mgmt.php</url> + <no_drop_down/> + </tab> + <tab> + <text>Sync</text> + <url>/pkg_edit.php?xml=suricata/suricata_sync.xml</url> + <no_drop_down/> + <active/> + </tab> + <tab> + <text>IP Lists</text> + <url>/suricata/suricata_ip_list_mgmt.php</url> + <no_drop_down/> + </tab> + </tabs> + <fields> + <field> + <name>Suricata Package XMLRPC Sync Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Sync</fielddescr> + <fieldname>varsynconchanges</fieldname> + <description><![CDATA[All changes will be synced with apply config to the IPs listed below if this option is checked.<br/><br/> + <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>XMLRPC Timeout</fielddescr> + <fieldname>varsynctimeout</fieldname> + <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> + <type>input</type> + <default_value>150</default_value> + <size>5</size> + </field> + + <field> + <fielddescr>Refresh Rule Sets</fielddescr> + <fieldname>vardownloadrules</fieldname> + <description><![CDATA[Ask target hosts to refresh rule sets files on each sync operation.<br/><br/> + During each Suricata package sync operation, ask the target remote host to check for + a new set of posted rule sets files and refresh the local copies if necessary. The default is + to refresh the files if newer versions have been posted.<br/><br/> + <b>Note: </b>The sync process will wait for the rules download and rebuild to finish on the target remote host before returning.]]></description> + <type>select</type> + <default_value>yes</default_value> + <options> + <option><name>Signal target host to refresh rules files</name><value>yes</value></option> + <option><name>Do NOT ask target host to refresh rules files</name><value>no</value></option> + </options> + </field> + + <field> + <fielddescr>Replication Targets</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>varsyncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>varsyncprotocol</fieldname> + <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP-Address</fielddescr> + <fieldname>varsyncipaddress</fieldname> + <description><![CDATA[IP Address of the destination host.]]></description> + <type>input</type> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>varsyncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>varsyncpassword</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Start Suricata</fielddescr> + <fieldname>varsyncsuricatastart</fieldname> + <description><![CDATA[Start Suricata on target host if not already running.]]></description> + <type>checkbox</type> + <value>ON</value> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_delete_php_command> + </custom_delete_php_command> + <custom_php_resync_config_command> + write_config("Suricata pkg: updating CARP sync info.");suricata_sync_on_changes(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index 2317578e..c8048a1c 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -44,9 +44,12 @@ global $config, $g; $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; +$sidmodspath = SURICATA_SID_MODS_PATH; +$iprep_path = SURICATA_IPREP_PATH; $rcdir = RCFILEPREFIX; -$suricata_rules_upd_log = RULES_UPD_LOGFILE; +$suricata_rules_upd_log = SURICATA_RULES_UPD_LOGFILE; $suri_pf_table = SURICATA_PF_TABLE; +$mounted_rw = FALSE; log_error(gettext("[Suricata] Suricata package uninstall in progress...")); @@ -58,7 +61,7 @@ killbyname("suricata"); sleep(1); // Delete any leftover suricata PID files in /var/run -array_map('@unlink', glob("/var/run/suricata_*.pid")); +unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ @@ -68,26 +71,35 @@ killbyname("barnyard2"); sleep(1); // Delete any leftover barnyard2 PID files in /var/run -array_map('@unlink', glob("/var/run/barnyard2_*.pid")); - -/* Remove the suricata user and group */ -mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); +unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); /* Remove the Suricata cron jobs. */ -install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); -install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); -install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); +install_cron_job("suricata_check_for_rule_updates.php", false); +install_cron_job("suricata_check_cron_misc.inc", false); +install_cron_job("{$suri_pf_table}" , false); +install_cron_job("suricata_geoipupdate.php" , false); +install_cron_job("suricata_etiqrisk_update.php", false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); - @unlink("{$suricata_rules_upd_log}"); - mwexec("/bin/rm -rf {$suricatalogdir}"); + unlink_if_exists("{$suricata_rules_upd_log}"); + rmdir_recursive("{$suricatalogdir}"); +} + +/**************************************************/ +/* If not already, set Suricata conf partition to */ +/* read-write so we can make changes there */ +/**************************************************/ +if (!is_subsystem_dirty('mount')) { + conf_mount_rw(); + $mounted_rw = TRUE; } /* Remove the Suricata GUI app directories */ -mwexec("/bin/rm -rf /usr/local/pkg/suricata"); -mwexec("/bin/rm -rf /usr/local/www/suricata"); +rmdir_recursive("/usr/local/pkg/suricata"); +rmdir_recursive("/usr/local/www/suricata"); +rmdir_recursive("/usr/local/etc/suricata"); /* Remove our associated Dashboard widget config and files. */ /* If "save settings" is enabled, then save old widget */ @@ -108,19 +120,26 @@ if (!empty($widgets)) { } } $config['widgets']['sequence'] = implode(",", $widgetlist); - write_config(); } -@unlink("/usr/local/www/widgets/include/widget-suricata.inc"); -@unlink("/usr/local/www/widgets/widgets/suricata_alerts.widget.php"); -@unlink("/usr/local/www/widgets/javascript/suricata_alerts.js"); +unlink_if_exists("/usr/local/www/widgets/include/widget-suricata.inc"); +unlink_if_exists("/usr/local/www/widgets/widgets/suricata_alerts.widget.php"); +unlink_if_exists("/usr/local/www/widgets/javascript/suricata_alerts.js"); + +/*******************************************************/ +/* We're finished with conf partition mods, return to */ +/* read-only if we changed it */ +/*******************************************************/ +if ($mounted_rw == TRUE) + conf_mount_ro(); /* Keep this as a last step */ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') { log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted...")); unset($config['installedpackages']['suricata']); unset($config['installedpackages']['suricatasync']); - @unlink("{$suricata_rules_upd_log}"); - mwexec("/bin/rm -rf {$suricatalogdir}"); + unlink_if_exists("{$suricata_rules_upd_log}"); + rmdir_recursive("{$suricatalogdir}"); + rmdir_recursive("{$g['vardb_path']}/suricata"); log_error(gettext("[Suricata] The package has been removed from this system...")); } diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index c20ca8db..a8b06ebe 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -15,6 +15,10 @@ max-pending-packets: {$max_pend_pkts} # Runmode the engine should use. runmode: autofp +# If set to auto, the variable is internally switched to 'router' in IPS +# mode and 'sniffer-only' in IDS mode. +host-mode: auto + # Specifies the kind of flow load balancer used by the flow pinned autofp mode. autofp-scheduler: active-packets @@ -29,7 +33,7 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} # Configure the type of alert (and other) logging. outputs: - # alert_pf blocking plugin + # alert-pf blocking plugin - alert-pf: enabled: {$suri_blockoffenders} kill-state: {$suri_killstates} @@ -55,9 +59,7 @@ outputs: enabled: {$http_log_enabled} filename: http.log append: {$http_log_append} - #extended: yes # enable this for extended logging information - #custom: yes # enabled the custom logging format (defined by customformat) - #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P" + extended: {$http_log_extended} filetype: regular - pcap-log: @@ -82,8 +84,8 @@ outputs: - syslog: enabled: {$alert_syslog} identity: suricata - facility: auth - level: Info + facility: {$alert_syslog_facility} + level: {$alert_syslog_priority} - drop: enabled: no @@ -94,8 +96,8 @@ outputs: - file-store: enabled: {$file_store_enabled} log-dir: files - force-magic: no - force-md5: no + force-magic: {$json_log_magic} + force-md5: {$json_log_md5} waldo: file.waldo - file-log: @@ -106,6 +108,21 @@ outputs: force-magic: {$json_log_magic} force-md5: {$json_log_md5} + - dns-log: + enabled: {$dns_log_enabled} + filename: dns.log + append: {$dns_log_append} + filetype: regular + + - eve-log: + enabled: {$enable_eve_log} + type: {$eve_output_type} + filename: eve.json + identity: "suricata" + facility: {$eve_systemlog_facility} + level: {$eve_systemlog_priority} + types: {$eve_out_types} + # Magic file. The extension .mgc is added to the value here. magic-file: /usr/share/misc/magic @@ -208,9 +225,9 @@ reassembly: # Host table is used by tagging and per host thresholding subsystems. host: - hash-size: 4096 - prealloc: 1000 - memcap: 16777216 + hash-size: {$host_hash_size} + prealloc: {$host_prealloc} + memcap: {$host_memcap} # Host specific policies for defragmentation and TCP stream reassembly. host-os-policy: @@ -233,12 +250,13 @@ logging: filename: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/suricata.log - syslog: enabled: {$suricata_use_syslog} - facility: auth + facility: {$suricata_use_syslog_facility} format: "[%i] <%d> -- " pcap: - interface: {$if_real} checksum-checks: auto + promisc: {$intf_promisc_mode} # For FreeBSD ipfw(8) divert(4) support. # ipfw add 100 divert 8000 ip from any to any @@ -268,18 +286,14 @@ vars: port-groups: {$port_vars} -# Set the order of alerts bassed on actions +# Set the order of alerts based on actions action-order: - pass - drop - reject - alert -# IP Reputation -#reputation-categories-file: {$suricatacfgdir}/iprep/categories.txt -#default-reputation-path: {$suricatacfgdir}/iprep -#reputation-files: -# - reputation.list +{$iprep_config} # Limit for the maximum number of asn1 frames to decode (default 256) asn1-max-frames: {$asn1_max_frames} @@ -293,6 +307,47 @@ pcre: match-limit: 3500 match-limit-recursion: 1500 +# Holds details on the app-layer. The protocols section details each protocol. +app-layer: + protocols: + tls: + enabled: {$tls_parser} + detection-ports: + dp: 443 + #no-reassemble: yes + dcerpc: + enabled: {$dcerpc_parser} + ftp: + enabled: {$ftp_parser} + ssh: + enabled: {$ssh_parser} + smtp: + enabled: {$smtp_parser} + imap: + enabled: {$imap_parser} + msn: + enabled: {$msn_parser} + smb: + enabled: {$smb_parser} + detection-ports: + dp: 139 + dns: + global-memcap: {$dns_global_memcap} + state-memcap: {$dns_state_memcap} + request-flood: {$dns_request_flood_limit} + + tcp: + enabled: {$dns_parser_tcp} + detection-ports: + dp: 53 + udp: + enabled: {$dns_parser_udp} + detection-ports: + dp: 53 + http: + enabled: {$http_parser} + memcap: {$http_parser_memcap} + ########################################################################### # Configure libhtp. libhtp: diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index f821e75d..e373f62e 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -61,7 +61,7 @@ function syslogng_deinstall_command() { filter_configure(); } -function syslogng_validate_general($post, $input_errors) { +function syslogng_validate_general($post, &$input_errors) { global $config; $objects = $config['installedpackages']['syslogngadvanced']['config']; @@ -100,7 +100,7 @@ function syslogng_validate_general($post, $input_errors) { $input_errors[] = "Syslog-ng syntax test failed:\n" . $errors; } -function syslogng_validate_advanced($post, $input_errors) { +function syslogng_validate_advanced($post, &$input_errors) { global $config; $objects = $config['installedpackages']['syslogngadvanced']['config']; @@ -249,7 +249,7 @@ function syslogng_get_log_files($objects) { function syslogng_build_conf($objects) { $conf = "# This file is automatically generated by pfSense\n"; $conf .= "# Do not edit manually !\n"; - $conf .= "@version:3.3\n"; + $conf .= "@version:3.5\n"; foreach($objects as $object) { if($object['objecttype'] == 'log' || $object['objecttype'] == 'options') { diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml index 37df86ec..7d58a2ef 100644 --- a/config/syslog-ng/syslog-ng.xml +++ b/config/syslog-ng/syslog-ng.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Syslog-ng</name> - <version>3.3.4_1</version> + <version>3.5.4.1_1 pkg.v.1.0.1</version> <title>Services: Syslog-ng</title> <include_file>/usr/local/pkg/syslog-ng.inc</include_file> <menu> @@ -177,7 +177,7 @@ </field> </fields> <custom_php_validation_command> - syslogng_validate_general($_POST, &$input_errors); + syslogng_validate_general($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> syslogng_resync(); diff --git a/config/syslog-ng/syslog-ng_advanced.xml b/config/syslog-ng/syslog-ng_advanced.xml index 2ddcf1e0..b1290544 100644 --- a/config/syslog-ng/syslog-ng_advanced.xml +++ b/config/syslog-ng/syslog-ng_advanced.xml @@ -128,7 +128,7 @@ syslogng_resync(); </custom_delete_php_command> <custom_php_validation_command> - syslogng_validate_advanced($_POST, &$input_errors); + syslogng_validate_advanced($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> syslogng_resync(); diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php index 7fe860bd..793448d7 100644 --- a/config/systempatches/system_patches.php +++ b/config/systempatches/system_patches.php @@ -67,7 +67,7 @@ if ($_GET['act'] == "del") { } if (($_GET['act'] == "fetch") && ($a_patches[$_GET['id']])) { - $savemsg = patch_fetch(& $a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); + $savemsg = patch_fetch($a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); } if (($_GET['act'] == "test") && ($a_patches[$_GET['id']])) { $savemsg = patch_test_apply($a_patches[$_GET['id']]) ? gettext("Patch can be applied cleanly") : gettext("Patch can NOT be applied cleanly"); diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index ffa2fe13..3e63038e 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -86,7 +86,11 @@ if ($_POST) { $reqdfieldsn = array(gettext("Description"),gettext("URL/Commit ID")); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!empty($_POST['location']) && !is_commit_id($_POST['location']) && !is_URL($_POST['location'])) { $input_errors[] = gettext("The supplied commit ID/URL appears to be invalid."); diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 23b0795b..b9875140 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Applies patches supplied by the user to the firewall.</faq> <name>System Patches</name> - <version>1.0</version> + <version>1.0.2</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> diff --git a/config/tinc/status_tinc.php b/config/tinc/status_tinc.php index 725ccce6..f50ea640 100644 --- a/config/tinc/status_tinc.php +++ b/config/tinc/status_tinc.php @@ -6,49 +6,67 @@ require("guiconfig.inc"); function tinc_status_1() { exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); usleep(500000); - exec("/usr/sbin/clog /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Connections:/",$line)) - $begin=$i; - if(preg_match("/End of connections./",$line)) - $end=$i; - $i++; - } - $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) - $output .= $line . "\n"; - $i++; - } - return $output; + $clog_path = ""; + $result = array(); + if (is_executable("/usr/local/sbin/clog")) { + $clog_path = "/usr/local/sbin/clog"; + } elseif (is_executable("/usr/sbin/clog")) { + $clog_path = "/usr/sbin/clog"; + } + + if (!empty($clog_path)) + exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $i=0; + foreach($result as $line) + { + if(preg_match("/Connections:/",$line)) + $begin=$i; + if(preg_match("/End of connections./",$line)) + $end=$i; + $i++; + } + $output=""; + $i=0; + foreach($result as $line) + { + if($i >= $begin && $i<= $end) + $output .= $line . "\n"; + $i++; + } + return $output; } function tinc_status_2() { exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); usleep(500000); - exec("/usr/sbin/clog /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Statistics for Generic BSD tun device/",$line)) - $begin=$i; - if(preg_match("/End of subnet list./",$line)) - $end=$i; - $i++; - } - $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) - $output .= $line . "\n"; - $i++; - } - return $output; + $clog_path = ""; + $result = array(); + if (is_executable("/usr/local/sbin/clog")) { + $clog_path = "/usr/local/sbin/clog"; + } elseif (is_executable("/usr/sbin/clog")) { + $clog_path = "/usr/sbin/clog"; + } + + if (!empty($clog_path)) + exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $i=0; + foreach($result as $line) + { + if(preg_match("/Statistics for Generic BSD tun device/",$line)) + $begin=$i; + if(preg_match("/End of subnet list./",$line)) + $end=$i; + $i++; + } + $output=""; + $i=0; + foreach($result as $line) + { + if($i >= $begin && $i<= $end) + $output .= $line . "\n"; + $i++; + } + return $output; } $shortcut_section = "tinc"; diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index f016dd41..183ae161 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>tinc</name> - <version>1.0.21 v1.1</version> + <version>1.0.23 v1.2.1</version> <title>VPN: tinc</title> <!-- Menu is where this packages menu will appear --> <menu> diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc index 70e149e1..8fb6170f 100644 --- a/config/tinydns/tinydns.inc +++ b/config/tinydns/tinydns.inc @@ -92,10 +92,11 @@ svscan_start () { /usr/bin/env \ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ /usr/sbin/daemon -f /bin/sh -c "\$command \$svscan_servicedir 2>&1 | /usr/local/bin/multilog t \$logdir" > /dev/null + EOD; if ($enableipmonitoring) { $svscan .= <<<EOD - minicron {$refreshinterval} {$g['varrun_path']}/ping_hosts.pid "/etc/ping_hosts.sh; cd {$g['varetc_path']}/tinydns/root && /usr/local/bin/tinydns-data" + /usr/local/bin/minicron {$refreshinterval} {$g['varrun_path']}/ping_hosts.pid "/usr/local/bin/ping_hosts.sh" EOD; } $svscan .= <<<EOD @@ -105,6 +106,7 @@ $svscan .= <<<EOD svscan_stop_post () { echo "Stopping svscan." find -L "\$svscan_servicedir" -mindepth 1 -maxdepth 2 -type d \( \! -path "\$svscan_servicedir/*/*" -or -name 'log' \) -print0 | xargs -0 /usr/local/bin/svc -dx + /bin/pkill -F /var/run/ping_hosts.pid } run_rc_command "\$1" @@ -117,11 +119,12 @@ EOD; $filename = "tinydns.sh"; $start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP <?php + require_once(\"functions.inc\"); require_once(\"/usr/local/pkg/tinydns.inc\"); tinydns_custom_php_changeip_command(); tinydns_create_zone_file();\n"; if ($enableipmonitoring) { - $start .= "tinydns_setup_ping_items();\n"; + $start .= "tinydns_setup_ping_items();\n"; } $start .= "?> ENDPHP\n"; @@ -140,7 +143,6 @@ ENDPHP\n"; /bin/rm -rf {$g['varetc_path']}/dnscache* 2>/dev/null /bin/rm -rf {$g['varetc_path']}/axfrdns 2>/dev/null /bin/rm -rf {$g['varrun_path']}/axfrdns 2>/dev/null - /bin/pkill -F /var/run/ping_hosts.pid ENDSH; @@ -359,16 +361,16 @@ function tinydns_get_record_status($record, $pingthreshold = "", $wanpingthresho return "UP"; } -function tinydns_get_backup_record($record) { +function tinydns_get_backup_record($record, $recordtype) { global $g, $config; if($config['installedpackages']['tinydnsdomains']) { foreach($config['installedpackages']['tinydnsdomains']['config'] as $domain) { - if($domain['ipaddress'] == $record) { - /* if no failover host exists, simply return original record */ + if($domain['hostname'] == $record && $domain['recordtype'] == $recordtype) { + /* if no failover host exists, simply return original ipaddress */ if(!$domain['row']) - return $record; + return $domain['ipaddress']; foreach($domain['row'] as $row) { - $status = tinydns_get_record_status($row['failoverip']); + $status = tinydns_get_record_status($row['monitorip']); if($status == "UP") return $row['failoverip']; } @@ -398,39 +400,60 @@ function tinydns_setup_ping_items() { * status and create a database of the status information that we can use. */ foreach($config['installedpackages']['tinydnsdomains']['config'] as $domain) { - if(!in_array($domain['ipaddress'], $processed)) { - fwrite($fd, $ip . "|" . $domain['ipaddress'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php\n"); - $processed[] = $domain['ipaddress']; - } - if($domain['monitorip'] <> "") - $monitorip = $domain['monitorip']; + if(!$domain['monitorip']) + continue; + if($domain['recordtype'] == "AAAA") + $inet = "inet6"; + else + $inet = ""; + $monitorip = $domain['monitorip']; + $interface = $domain['interface']; if($domain['row']) { foreach($domain['row'] as $row) { if($row['pingthreshold']) $pingthreshold = $row['pingthreshold']; else - $row['pingthreshold'] = ""; + $pingthreshold = ""; + + if($row['wanpingthreshold']) + $wanpingthreshold = $row['wanpingthreshold']; + else + $wanpingthreshold = ""; + + $info = get_interface_info($row['interface']); + if($domain['recordtype'] == "AAAA") + $ip = $info['ipaddrv6']; + else + $ip = $info['ipaddr']; + if($row['monitorip']) { if(!in_array($row['monitorip'], $processed)) { - fwrite($fd, $ip . "|" . $row['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $row['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $row['monitorip']; } } else { if(!in_array($monitorip, $processed)) { - fwrite($fd, $ip . "|" . $monitorip . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $monitorip . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $monitorip; } } } } + + $info = get_interface_info($domain['interface']); + if($domain['recordtype'] == "AAAA") + $ip = $info['ipaddrv6']; + else + $ip = $info['ipaddr']; + if($domain['monitorip']) { if(!in_array($domain['monitorip'], $processed)) { - fwrite($fd, $ip . "|" . $domain['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $domain['monitorip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $domain['monitorip']; } } else { if(!in_array($row['failoverip'], $processed)) { - fwrite($fd, $ip . "|" . $row['failoverip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}\n"); + fwrite($fd, $ip . "|" . $row['failoverip'] . "|1|/usr/local/pkg/tinydns_down.php|/usr/local/pkg/tinydns_up.php|{$pingthreshold}|{$wanpingthreshold}|{$inet}\n"); $processed[] = $row['failoverip']; } } @@ -535,7 +558,9 @@ function tinydns_create_zone_file() { for($x=0; $x< count($config['installedpackages']['tinydnsdomains']['config']); $x++) { $domain = $config['installedpackages']['tinydnsdomains']['config'][$x]; $record_data = ""; + $monitorip = ""; $hostname = $domain['hostname']; + $recordtype = $domain['recordtype']; $ipaddress = $domain['ipaddress']; $ttl = $domain['ttl']; $dist = $domain['dist']; @@ -549,9 +574,9 @@ function tinydns_create_zone_file() { if($status == "DOWN") { if($debug) log_error("$ipaddress monitor ip $monitorip is offline."); - $ipaddress = tinydns_get_backup_record($ipaddress); + $ipaddress = tinydns_get_backup_record($hostname, $recordtype); if($debug) - log_error("tinydns_get_backup_record returned $ipaddress "); + log_error("tinydns_get_backup_record for $hostname returned $ipaddress "); } } $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns'], $dist, $domain['src_port'], $domain['src_weight'], $domain['src_priority'], $domain['src_timestamp']); @@ -694,7 +719,8 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) { /* tell tinydns to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/tinydns.inc');\n"; + $execcmd = "require_once('functions.inc');\n"; + $execcmd .= "require_once('/usr/local/pkg/tinydns.inc');\n"; $execcmd .= "tinydns_custom_php_changeip_command();\n"; $execcmd .= "tinydns_create_zone_file();\n"; if ($config['installedpackages']['tinydns']['config'][0]['enableipmonitoring']) { @@ -1099,6 +1125,9 @@ function tinydns_get_dns_record_type($tinydnsrecord) { case($tinydnsrecord[0] == "+"): $rtype = "A"; break; + case($tinydnsrecord[0] == ":"): + $rtype = "AAAA"; + break; case($tinydnsrecord[0] == "@"): $rtype = "MX"; break; diff --git a/config/tinydns/tinydns_domains.xml b/config/tinydns/tinydns_domains.xml index bf2194b3..52d287f5 100644 --- a/config/tinydns/tinydns_domains.xml +++ b/config/tinydns/tinydns_domains.xml @@ -83,6 +83,10 @@ <fieldname>recordtype</fieldname> </columnitem> <columnitem> + <fielddescr>Prio</fielddescr> + <fieldname>dist</fieldname> + </columnitem> + <columnitem> <fielddescr>rDNS</fielddescr> <fieldname>rdns</fieldname> </columnitem> @@ -94,6 +98,10 @@ <fielddescr>TTL</fielddescr> <fieldname>ttl</fieldname> </columnitem> + <columnitem> + <fielddescr>monitoring</fielddescr> + <fieldname>monitorip</fieldname> + </columnitem> </adddeleteeditpagefields> <fields> <field> @@ -250,6 +258,13 @@ <size>35</size> </field> <field> + <fielddescr>Interface</fielddescr> + <description>interface to ping via</description> + <fieldname>interface</fieldname> + <type>interfaces_selection</type> + <size>1</size> + </field> + <field> <fielddescr>Failover hold time</fielddescr> <description>Time in minutes before DNS switches to backup host</description> <fieldname>threshhold</fieldname> @@ -295,6 +310,13 @@ <type>input</type> <size>15</size> </rowhelperfield> + <rowhelperfield> + <fielddescr>interface</fielddescr> + <fieldname>interface</fieldname> + <description>interface to ping via</description> + <type>interfaces_selection</type> + <size>1</size> + </rowhelperfield> </rowhelper> </field> </fields> diff --git a/config/tinydns/tinydns_status.php b/config/tinydns/tinydns_status.php index ba119da9..afc37f1c 100644 --- a/config/tinydns/tinydns_status.php +++ b/config/tinydns/tinydns_status.php @@ -30,6 +30,7 @@ */ require("guiconfig.inc"); +require("tinydns.inc"); /* Defaults to this page but if no settings are present, redirect to setup page */ if(!$config['installedpackages']['tinydnsdomains']['config']) @@ -79,10 +80,11 @@ if ($pf_version < 2.0) <td class="tabcont" > <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td width="55%" class="listhdrr">IP</td> - <td width="15%" class="listhdrr">Status</td> + <td width="45%" class="listhdrr">IP</td> + <td width="10%" class="listhdrr">Status</td> <td width="15%" class="listhdrr">In Service</td> - <td width="25%" class="listhdrr">Response time</td> + <td width="15%" class="listhdrr">Monitor ip</td> + <td width="15%" class="listhdrr">Response time</td> </tr> <?php @@ -104,7 +106,8 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $status = file_get_contents("/var/db/pingstatus/$monitorip"); else $status = "N/A"; - if(stristr($tinydns_data, "+{$hostname}:{$ipaddress}")) + $ip6 = tinydns_get_ip6_format($ipaddress); + if(stristr($tinydns_data, "+{$hostname}:{$ipaddress}") || stristr($tinydns_data, "={$hostname}:{$ipaddress}") || stristr($tinydns_data, ":{$hostname}:28:{$ip6}")) $inservice = "<FONT COLOR='GREEN'>YES</FONT>"; else $inservice = "<FONT COLOR='BLUE'>NO</FONT>"; @@ -115,8 +118,10 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo "<td class=\"listlr\">"; if(stristr($status,"DOWN")) echo "<FONT COLOR='red'>DOWN</FONT>"; - else + else if(stristr($status,"UP")) echo "UP"; + else + echo "N/A"; echo "</td>"; echo "<td class=\"listlr\">"; @@ -130,7 +135,16 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); else $msstatus = "N/A"; - echo "<!-- " . $monitorip . " -->" . $msstatus; + echo $monitorip; + echo "</td>"; + echo "<td class=\"listlr\">"; + if(!$monitorip) + $monitorip = $ipaddress; + if(file_exists("/var/db/pingmsstatus/$monitorip")) + $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); + else + $msstatus = "N/A"; + echo $msstatus; echo "</td>"; echo "</tr>"; @@ -146,7 +160,8 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo $ipaddress; if($row['loadbalance']) echo " (LB)"; - if(stristr($tinydns_data, "+{$hostname}:{$row['failoverip']}")) + $ip6 = tinydns_get_ip6_format($row['failoverip']); + if(stristr($tinydns_data, "+{$hostname}:{$row['failoverip']}") || stristr($tinydns_data, "={$hostname}:{$row['failoverip']}") || stristr($tinydns_data, ":{$hostname}:28:{$ip6}")) $inservice = "<FONT COLOR='GREEN'>YES</FONT>"; else $inservice = "<FONT COLOR='BLUE'>NO</FONT>"; @@ -154,8 +169,11 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { echo "<td class=\"listlr\">"; if(stristr($status,"DOWN")) echo "<FONT COLOR='red'>DOWN</FONT>"; - else + else if(stristr($status,"UP")) echo "UP"; + else + echo "N/A"; + echo "</td>"; echo "<td class=\"listlr\">"; @@ -169,8 +187,17 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) { $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); else $msstatus = "N/A"; + echo $monitorip; + echo "</td>"; + echo "<td class=\"listlr\">"; + if(!$monitorip) + $monitorip = $ipaddress; + if(file_exists("/var/db/pingmsstatus/$monitorip")) + $msstatus = file_get_contents("/var/db/pingmsstatus/$monitorip"); + else + $msstatus = "N/A"; - echo "<!-- " . $monitorip . " -->" . $msstatus; + echo $msstatus; echo "</td>"; echo "</tr>"; } diff --git a/config/tinydns/tinydns_view_logs.php b/config/tinydns/tinydns_view_logs.php index 57daa02e..4b4f3c3f 100644 --- a/config/tinydns/tinydns_view_logs.php +++ b/config/tinydns/tinydns_view_logs.php @@ -32,7 +32,7 @@ require("guiconfig.inc"); if($_REQUEST['getactivity']) { - $tinydnslogs = `cat /var/run/service/tinydns/log/main/current | /usr/local/bin/tai64nlocal | php -f /usr/local/pkg/tinydns_parse_logs.php | grep -v ":0"`; + $tinydnslogs = `cat /var/run/service/tinydns/log/main/current | /usr/local/bin/tai64nlocal | php -f /usr/local/pkg/tinydns_parse_logs.php | grep -v ":0 "`; echo "TinyDNS Server logs as of " . date("D M j G:i:s T Y") . "\n\n"; echo $tinydnslogs; exit; @@ -53,8 +53,9 @@ include("head.inc"); /* NEED TO FIX */ if ($_POST['clear']) { -// exec("rm /etc/tinydns/log/main/current"); -// exec("touch /etc/tinydns/log/main/current"); + exec("rm /var/etc/tinydns/log/main/current"); + exec("touch /var/etc/tinydns/log/main/current"); + exec("chown Gdnslog /var/etc/tinydns/log/main/current"); } ?> diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 2a986710..50b37990 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -4,7 +4,7 @@ varnish.inc part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho Copyright (C) 2012 Marcio Carlos Antao All rights reserved. */ @@ -34,23 +34,26 @@ /* ========================================================================== */ $shortcut_section = "varnish"; -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); -else - define('VARNISH_LOCALBASE','/usr/local'); - - -function varnish_settings_post_validate($post, $input_errors) { - if( !is_numeric($post['storagesize'])) - $input_errors[] = "A valid number is required for the field 'Storage size'"; - if($post['listeningport'] && !is_numeric($post['listeningport'])) - $input_errors[] = "A valid number is required for the field 'Listening port'"; - if($post['minworkers'] && !is_numeric($post['minworkers'])) - $input_errors[] = "A valid number is required for the field 'Minimum worker threads'"; - if($post['maxworkers'] && !is_numeric($post['maxworkers'])) - $input_errors[] = "A valid number is required for the field 'Maximum worker threads'"; - if($post['timeoutworkers'] && !is_numeric($post['timeoutworkers'])) +$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +if (is_dir('/usr/pbi/varnish-' . php_uname("m"))) { + define('VARNISH_LOCALBASE', '/usr/pbi/varnish-' . php_uname("m")); +} else { + define('VARNISH_LOCALBASE','/usr/local'); +} + +define('VARNISH_DIRTYPATH',"{$g['varrun_path']}/varnish.conf.dirty"); +define('VARNISH_CONFFILE','/var/etc/default.vcl'); + +function varnish_settings_post_validate($post, &$input_errors) { + if( !is_numeric($post['storagesize'])) + $input_errors[] = "A valid number is required for the field 'Storage size'"; + if($post['listeningport'] && !is_numeric($post['listeningport'])) + $input_errors[] = "A valid number is required for the field 'Listening port'"; + if($post['minworkers'] && !is_numeric($post['minworkers'])) + $input_errors[] = "A valid number is required for the field 'Minimum worker threads'"; + if($post['maxworkers'] && !is_numeric($post['maxworkers'])) + $input_errors[] = "A valid number is required for the field 'Maximum worker threads'"; + if($post['timeoutworkers'] && !is_numeric($post['timeoutworkers'])) $input_errors[] = "A valid number is required for the field 'Worker thread timeout'"; if($post['managment']){ $mgm= explode(":",$post['managment']); @@ -61,10 +64,10 @@ function varnish_settings_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Fetch grace'"; if($post['saint'] && ! preg_match("/^\d+(h|m|s)$/",$post['saint'])) $input_errors[] = "A valid number with a time reference is required for the field 'Saint mode'"; - + } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])){ $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; } @@ -78,24 +81,24 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; - if(!is_ipaddr($post['ipaddress'])) + if(!is_ipaddr($post['ipaddress'])) $input_errors[] = "A valid IP address is required for the field 'IPAddress'"; - if($post['first_byte_timeout'] && !is_numeric($post['first_byte_timeout'])) + if($post['first_byte_timeout'] && !is_numeric($post['first_byte_timeout'])) $input_errors[] = "A valid number is required for the field 'first byte timeout'"; - if($post['connect_timeout'] && !is_numeric($post['connect_timeout'])) + if($post['connect_timeout'] && !is_numeric($post['connect_timeout'])) $input_errors[] = "A valid number is required for the field 'connect timeout'"; - if($post['probe_interval'] && !is_numeric($post['probe_interval'])) + if($post['probe_interval'] && !is_numeric($post['probe_interval'])) $input_errors[] = "A valid number is required for the field 'probe interval'"; - if($post['probe_interval'] && !is_numeric($post['probe_interval'])) + if($post['probe_interval'] && !is_numeric($post['probe_interval'])) $input_errors[] = "A valid number is required for the field 'probe interval'"; - if($post['probe_timeout'] && !is_numeric($post['probe_timeout'])) + if($post['probe_timeout'] && !is_numeric($post['probe_timeout'])) $input_errors[] = "A valid number is required for the field 'probe timeout'"; - if($post['probe_window'] && !is_numeric($post['probe_window'])) + if($post['probe_window'] && !is_numeric($post['probe_window'])) $input_errors[] = "A valid number is required for the field 'probe window'"; - if($post['probe_threshold'] && !is_numeric($post['probe_threshold'])) + if($post['probe_threshold'] && !is_numeric($post['probe_threshold'])) $input_errors[] = "A valid number is required for the field 'probe threshold'"; $x=0; while ($post['maptype'.$x] != ""){ @@ -103,13 +106,24 @@ function varnish_backends_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'grace' in map ".($x +1); } $x++; - + } } function varnish_install() { create_varnish_rcd_file(); + + if (file_exists(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnish.so')) { + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnish.so', + VARNISH_LOCALBASE . '/local/lib/libvarnish.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvarnishcompat.so', + VARNISH_LOCALBASE . '/local/lib/libvarnishcompat.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvcl.so', + VARNISH_LOCALBASE . '/local/lib/libvcl.so'); + @symlink(VARNISH_LOCALBASE . '/local/lib/varnish/libvgz.so', + VARNISH_LOCALBASE . '/local/lib/libvgz.so'); + } } function varnish_deinstall() { @@ -117,14 +131,51 @@ function varnish_deinstall() { } function text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); + return preg_replace('/\r\n/', "\n",base64_decode($text)); } -function varnish_start() { + +function varnish_check_config(){ + global $savemsg,$config; + + if (!isset($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish'])) + return; + + $path = '/usr/bin/env PATH=' . VARNISH_LOCALBASE . '/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin'; + exec($path . " " . VARNISH_LOCALBASE."/bin/varnishd -C -f ".VARNISH_CONFFILE." 2>&1",$output,$return); + if ($return == 0){ + if (isset($_REQUEST['apply'])){ + varnish_start(true); + return; + } + + if (file_exists(VARNISH_DIRTYPATH)) + $savemsg="Varnish configuration has been changed.<br>You must apply in order to take effect.<br>"; + } + else{ + $savemsg.= implode("<br>",$output); + $savemsg.= "<br>Daemon will not be restarted."; + return 1; + } + return 0; +} + + +function varnish_start($force_start=false) { global $g, $config; + + if ($force_start){ + mwexec("/usr/local/etc/rc.d/varnish.sh"); + unlink_if_exists(VARNISH_DIRTYPATH); + return; + } + if ($config['installedpackages']['varnishsettings']['config'][0]['enablevarnish']){ exec("chmod +x /usr/local/etc/rc.d/varnish.sh"); - mwexec("/usr/local/etc/rc.d/varnish.sh");} - else{ + if (varnish_check_config() == 0 || $force_start){ + unlink_if_exists(VARNISH_DIRTYPATH); + mwexec("/usr/local/etc/rc.d/varnish.sh"); + } + }else{ exec("chmod -x /usr/local/etc/rc.d/varnish.sh"); mwexec("/usr/bin/killall varnishd");} } @@ -160,8 +211,15 @@ function varnish_get_url_mappings_txt() { $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; else $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'"'." && req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - + $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; + // check force ssl option + if ($url['forcessl']){ + $urlmappings .="\t\t#Force ssl for this host/director\n"; + $urlmappings .="\t\tif((req.http.X-Forwarded-Proto !~ \"(?i)https\" ) && !(client.ip ~ SslOffloadServers)){\n"; + $urlmappings .="\t\t\tset req.http.x-redir-url = \"https://\" + req.http.host + req.url;\n"; + $urlmappings .="\t\t\terror 750 req.http.x-redir-url;\n\t\t\t}\n"; + } // check rewrite options if ($url['rewritehost']) $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; @@ -202,7 +260,7 @@ function varnish_get_url_mappings_txt() { $urlmappings .= <<<EOAU if (req.{$req} {$fieldtype} "{$url['urlmapping']}") { set req.backend = {$urlmapping['backendname']}BACKEND;{$directo_grace_time} - } + } EOAU; $isfirst = false; @@ -224,33 +282,35 @@ function create_varnish_rcd_file() { foreach($config['installedpackages']['varnishsettings']['config'] as $vs) { if($vs['storagetype'] == "malloc") $storage_type = "-s malloc,{$vs['storagesize']}MB"; - else + else $storage_type = "-s file,/var/varnish/storage.bin,{$vs['storagesize']}MB"; if($vs['listeningport']) $listeningport = "-a :{$vs['listeningport']}"; - else + else $listeningport = "-a :80"; if($vs['managment']) $advancedstartup = "-T {$vs['managment']} "; - else + else $advancedstartup = ""; if($vs['advancedstartup']) $advancedstartup .= text_area_decode($vs['advancedstartup'])."\n"; if($vs['minworkers']) $minworkers = "{$vs['minworkers']}"; - else + else $minworkers = "200"; if($vs['maxworkers']) $maxworkers = "{$vs['maxworkers']}"; - else + else $maxworkers = "4000"; if($vs['timeoutworkers']) $timeoutworkers = "{$vs['timeoutworkers']}"; - else - $timeoutworkers = "50"; + else + $timeoutworkers = "50"; } } $fd = fopen("/usr/local/etc/rc.d/varnish.sh", "w"); + $conf_file=VARNISH_CONFFILE; + $bin_path=VARNISH_LOCALBASE . '/bin'; $rc_file = <<<EOF #!/bin/sh mkdir -p /var/varnish @@ -261,26 +321,25 @@ sysctl kern.ipc.somaxconn=16384 sysctl kern.maxfiles=131072 sysctl kern.maxfilesperproc=104856 sysctl kern.threads.max_threads_per_proc=4096 -/usr/bin/env \ -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ +export PATH={$bin_path}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF <?php - require_once("globals.inc"); + require_once("globals.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("varnish.inc"); sync_package_varnish(); - #varnish_start(); + unlink_if_exists(VARNISH_DIRTYPATH); ?> ENDOFF /usr/local/sbin/varnishd \ {$listeningport} \ - -f /var/etc/default.vcl \ + -f {$conf_file} \ {$storage_type} \ -w {$minworkers},{$maxworkers},{$timeoutworkers} \ - {$advancedstartup} + {$advancedstartup} EOF; @@ -296,15 +355,15 @@ function get_backend_config_txt() { foreach($config['installedpackages']['varnishbackends']['config'] as $backend) { if ($backend['connect_timeout']) $connect_timeout = $backend['connect_timeout'] . "s"; - else + else $connect_timeout = "25s"; if ($backend['port']) $connect_port = $backend['port']; - else + else $connect_port = "80"; if ($backend['first_byte_timeout']) $first_byte_timeout = $backend['first_byte_timeout'] . "s"; - else + else $first_byte_timeout = "300s"; if ($backend['probe_url']) if (preg_match("@^(http)://([a-zA-Z0-9.-]*)/(.*)$@",$backend['probe_url'],$matches)){ @@ -386,7 +445,7 @@ function get_lb_directors_config_txt() { $weight = "\t\t.weight = {$be['weight']};\n"; elseif($weight != " ") $weight = "\t\t.weight = 100;\n"; - + $director .= "\t{\n\t\t.backend = {$be['backendname']}BACKEND;\n{$weight}\t}"; $backends_in_use[$be['backendname']].= $backend['directorname']." "; } @@ -397,7 +456,7 @@ director {$backend['directorname']} {$backend['directortype']} { EOFA; - + } } } @@ -406,6 +465,12 @@ EOFA; function sync_package_varnish() { global $config, $g; + + if (isset($_POST["apply"])){ + varnish_start(); + unlink_if_exists(VARNISH_DIRTYPATH); + return; + } if (is_array($config['installedpackages']['varnishcustomvcl']['config'])) { foreach($config['installedpackages']['varnishcustomvcl']['config'] as $vcl) { if ($vcl['vcl_recv_early']) @@ -422,11 +487,23 @@ function sync_package_varnish() { $vcl_pipe_late = text_area_decode($vcl['vcl_pipe_late']); } } - $vcl_recv_set_basic='#BASIC VCL RULES SETTING'."\n"; - $vcl_recv_action_basic='#BASIC VCL RULES ACTIONS'."\n"; - #$plataform=posix_uname(); - if (is_array($config['installedpackages']['varnishsettings']['config'])) - foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { + + $vcl_recv_set_basic='#BASIC VCL RULES SETTING'."\n"; + $vcl_recv_action_basic='#BASIC VCL RULES ACTIONS'."\n"; + #$plataform=posix_uname(); + if (is_array($config['installedpackages']['varnishsettings']['config'])) + foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { + if ($vcl['ssloffload']){ + $vcl_acls="acl SslOffloadServers {\n\t\"localhost\";"; + $sslservers= split (" ",$vcl['ssloffload']); + foreach ($sslservers as $sslserver){ + if (preg_match("/(\S+)\/(d+)/",$sslserver,$sslm)) + $vcl_acls.="\n\t\"{$sslm[1]}\"/{$sslm[2]};"; + else + $vcl_acls.="\n\t\"{$sslserver}\";"; + } + $vcl_acls.="\n\t}\n"; + } if ($vcl['streaming']) $vcl_fetch_stream="set beresp.do_stream = true;\n"; if ($vcl['fixgzip']) { @@ -463,7 +540,9 @@ function sync_package_varnish() { $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n"; + $vcl_recv_set_basic .= "\tif (req.http.X-Forwarded-For && client.ip ~ SslOffloadServers){\n\t\t"; + $vcl_recv_set_basic .= "set req.http.X-Forwarded-Varnish = req.http.X-Forwarded-For;\n\t}"; + $vcl_recv_set_basic .= "else{\n\t\tset req.http.X-Forwarded-Varnish = client.ip;\n\n\t}"; break; case 'unset': $vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n"; @@ -478,7 +557,7 @@ function sync_package_varnish() { $vcl_fetch_session = "#Disable cache when backend is starting a session\n"; $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - + if ($vcl['sessioncache'] == "never") { $vcl_recv_session = "\t#Disable session cache\n"; $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; @@ -498,7 +577,7 @@ function sync_package_varnish() { $vcl_fetch_static = "#Enable static cache\n"; $vcl_fetch_static .= 'if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; $vcl_fetch_static .= 'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - + switch ($vcl['staticache']) { case "all": // cache all static content, unseting cookie when present @@ -515,7 +594,7 @@ function sync_package_varnish() { $vcl_recv_action_basic .= $vcl_recv_static.$vcl_recv_session; $vcl_fetch_action = $vcl_fetch_session; } - + if ($vcl['rfc2616']) { $vcl_recv_action_basic .= "\t#Be rfc2616 compliant\n"; $vcl_recv_action_basic .= "\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; @@ -560,24 +639,31 @@ $varnish_config_file = <<<EOF # Varnish configuration file # Automatically generated by the pfSense package system -# This file is located in /var/etc/default.vcl +# This file is located in {$conf_file} sub vcl_error { - if (obj.status == 503 && req.restarts < {$vcl_restarts}) { - return(restart); + if (obj.status == 503 && req.restarts < {$vcl_restarts}) { + return(restart); } - + + if (obj.status == 750) { + set obj.http.Location = obj.response; + set obj.status = 301; + return(deliver); + } + set obj.http.Content-Type = "text/html; charset=utf-8"; synthetic {"<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> {$errorvcl}"}; return(deliver); - + } - + {$backends} {$vcl_hash} +{$vcl_acls} sub vcl_recv { {$vcl_recv_early} {$vcl_recv_set_basic} @@ -588,7 +674,7 @@ sub vcl_recv { { return(pass); } - + {$vcl_recv_action_basic} return(lookup); } @@ -623,12 +709,12 @@ sub vcl_fetch { ## If the number of restarts reaches the value of the parameter max_restarts, ## the request will be error'ed. max_restarts defaults to 4. This prevents ## an eternal loop in the event that, e.g., the object does not exist at all. - if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && + if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && beresp.status != 303 && beresp.status != 302 && beresp.status != 301 && beresp.status != 401 ) { {$vcl_saint_mode}return(restart); } - + {$vcl_fetch_late} {$vcl_grace_time}return(deliver); } @@ -636,10 +722,10 @@ sub vcl_fetch { sub vcl_deliver { ##set resp.http.X-Served-By = server.hostname; if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; + set resp.http.X-Cache = "HIT"; set resp.http.X-Cache-Hits = obj.hits; } else { - set resp.http.X-Cache = "MISS"; + set resp.http.X-Cache = "MISS"; } return(deliver); } @@ -647,26 +733,28 @@ sub vcl_deliver { sub vcl_init { return (ok); } - + sub vcl_fini { return (ok); -} +} EOF; - file_put_contents("/var/etc/default.vcl",$varnish_config_file,LOCK_EX); - $cc_file="/usr/local/bin/cc"; + file_put_contents(VARNISH_CONFFILE,$varnish_config_file,LOCK_EX); + touch(VARNISH_DIRTYPATH); + varnish_sync_on_changes(); + + $cc_file=VARNISH_LOCALBASE."/bin/cc"; foreach (glob(VARNISH_LOCALBASE."/bin/gcc*") as $bin_file) { + if (strpos($bin_file, '.pbiopt') != FALSE) + continue; $gcc_file=$bin_file; } if (!file_exists($cc_file) && file_exists($gcc_file)){ symlink($gcc_file,$cc_file); } - - $fd = fopen("/var/etc/default.vcl", "w"); - fwrite($fd, $varnish_config_file); - fclose($fd); - varnish_sync_on_changes(); + create_varnish_rcd_file(); + } /* Uses XMLRPC to synchronize the changes to a remote node */ @@ -697,7 +785,7 @@ function varnish_sync_on_changes() { log_error("[varnish] xmlrpc sync is enabled but there is no system backup hosts to push varnish config."); return; } - break; + break; default: return; break; @@ -721,16 +809,16 @@ function varnish_sync_on_changes() { /* Do the actual XMLRPC sync */ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { global $config, $g; - + if(!$username) return; - + if(!$password) return; if(!$sync_to_ip) return; - + if(!$synctimeout) $synctimeout=25; @@ -742,9 +830,9 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + if($config['system']['webgui']['protocol'] == "http") $port = "80"; - else + else $port = "443"; } $synchronizetoip .= $sync_to_ip; @@ -755,7 +843,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) $xml['varnishbackends'] = $config['installedpackages']['varnishbackends']; $xml['varnishlbdirectors'] = $config['installedpackages']['varnishlbdirectors']; $xml['varnishsettings'] = $config['installedpackages']['varnishsettings']; - + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), @@ -786,7 +874,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) } else { log_error("varnish XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell varnish to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/varnish.inc');\n"; @@ -796,7 +884,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("varnish XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -815,7 +903,7 @@ function varnish_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) } else { log_error("varnish XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - + } ?> diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php index 35723e95..c6fdfe78 100755 --- a/config/varnish3/varnish.widget.php +++ b/config/varnish3/varnish.widget.php @@ -1,7 +1,7 @@ -<?php +<?php /* Copyright 2011 Thomas Schaefer - Tomschaefer.org - Copyright 2011 Marcello Coutinho + Copyright 2011-2014 Marcello Coutinho Part of pfSense widgets (www.pfsense.org) Redistribution and use in source and binary forms, with or without @@ -45,38 +45,59 @@ $img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up #var_dump($pfb_table); #exit; -?><div id='varnish'><?php +?><div id='varnish'><?php open_table(); +print "<pre>"; +print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>"; +print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>"; +print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>"; +$backends=exec("varnishstat -1",$debug); +foreach ($debug as $line){ + if (preg_match("/(\S+)\s+(\d+)/",$line,$matches)) + $vs[$matches[1]]=$matches[2]; + } +print "<td class=\"listlr\">".number_format($vs['cache_hit']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['cache_hitpass']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['cache_miss'])."</td></tr>"; +close_table(); + +open_table(); +print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>"; +print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>"; +print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>"; +print "<td class=\"listlr\">".number_format($vs['client_conn']) ."</td>"; +print "<td class=\"listlr\">".number_format($vs['client_req']) ."</td>"; +print "<td class=\"listlr\">".(int)($vs['uptime'] / 86400) . "+ ". gmdate("H:i:s",($vs['uptime'] % 86400))."</td></tr>"; +close_table(); + +open_table(); +print "<td class=\"vncellt\" width=70%><strong>Host</strong></td>"; +print "<td class=\"vncellt\" width=15%><strong>Header(Rx)</strong></td>"; +print "<td class=\"vncellt\" width=15%><strong>Header(Tx)</strong></td></tr>"; +unset($debug); +$backends=exec("varnishtop -I '^Host:' -1",$debug); +foreach ($debug as $line){ + if (preg_match("/(\S+)\s+(\w+)Header.Host: (\S+)/",$line,$lm)) + $varnish_hosts[$lm[3]][$lm[2]]=$lm[1]; +} +if (is_array($varnish_hosts)){ + foreach ($varnish_hosts as $v_key=>$v_value){ + print "<td class=\"listlr\">". $v_key ."</td>"; + print "<td class=\"listlr\" align=\"Right\">". number_format($v_value['Rx']) ."</td>"; + print "<td class=\"listlr\" align=\"Right\">".number_format($v_value['Tx'])."</td></tr>"; + } +} +else{ + print "<td class=\"listlr\">No traffic</td><td class=\"listlr\"></td><td class=\"listlr\"></td></tr>"; +} + +close_table(); + + if ($config['installedpackages']['varnishsettings']['config'][0]) - $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment']; + $mgm=$config['installedpackages']['varnishsettings']['config'][0]['managment']; if ($mgm != ""){ - print "<pre>"; - print "<td class=\"vncellt\"width=30%><strong>Cache hits</strong></td>"; - print "<td class=\"vncellt\"width=30%><strong>Cache hits pass</strong></td>"; - print "<td class=\"vncellt\"width=30%><strong>Cache Missed</strong></td></tr>"; - - $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " stats",$debug); - foreach ($debug as $line){ - if (preg_match("/(\d+)\s+Cache\s+(hits.for|hits|misses)/",$line,$matches)) - $cache[preg_replace("/\s+/","",$matches[2])]=$matches[1]; - if (preg_match("/(\d+)\s+Client\s+(\w+)/",$line,$matches)) - $client[$matches[2]]=$matches[1]; - } - print "<td class=\"listlr\">".$cache['hits'] ."</td>"; - print "<td class=\"listlr\">".$cache['hitsfor'] ."</td>"; - print "<td class=\"listlr\">".$cache['misses']."</td></tr>"; - close_table(); - - open_table(); - print "<td class=\"vncellt\" width=30%><strong>Conn. Accepted</strong></td>"; - print "<td class=\"vncellt\" width=30%><strong>Req. received</strong></td>"; - print "<td class=\"vncellt\" width=30%><strong>Uptime</strong></td></tr>"; - print "<td class=\"listlr\">".$client['connections'] ."</td>"; - print "<td class=\"listlr\">".$client['requests'] ."</td>"; - print "<td class=\"listlr\">".$client['uptime']."</td></tr>"; - close_table(); - open_table(); print "<td class=\"vncellt\" width=30%><strong>Backend</strong></td>"; print "<td class=\"vncellt\" width=30%><strong>LB applied</strong></td>"; @@ -86,20 +107,20 @@ if ($mgm != ""){ foreach ($lb['row'] as $lb_backend){ ${$lb_backend['backendname']}++; } - } - $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " debug.health",$debug); + } + $backends=exec("varnishadm -T " . escapeshellarg($mgm) . " debug.health",$debug); foreach ($debug as $line){ if (preg_match("/Backend (.*) is (\w+)/",$line,$matches)){ $backend=preg_replace("/BACKEND$/","",$matches[1]); print "<td class=\"listlr\">". $backend ."</td>"; print "<td class=\"listlr\">". ${$backend} ."</td>"; - print "<td class=\"listlr\">".$img[$matches[2]]."</td></tr>"; + print "<td class=\"listlr\">".$img[$matches[2]]."</td></tr>"; } } } else{ print "<td class=\"listlr\">Varnish Managment interface not set in config.</td></tr>"; -} +} echo" </tr>"; echo"</table></div>"; diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index b2214772..95248cb9 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -9,7 +9,7 @@ varnish_backends.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. /*/ /* ========================================================================== */ @@ -293,18 +293,15 @@ varnish_install(); </custom_php_install_command> <custom_php_command_before_form> + varnish_check_config(); </custom_php_command_before_form> <custom_delete_php_command> sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); </custom_delete_php_command> <custom_php_resync_config_command> sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_custom_vcl.xml b/config/varnish3/varnish_custom_vcl.xml index c0bb0e80..4950c6ed 100644 --- a/config/varnish3/varnish_custom_vcl.xml +++ b/config/varnish3/varnish_custom_vcl.xml @@ -9,7 +9,7 @@ varnish_settings.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2013-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -169,11 +169,12 @@ <encoding>base64</encoding> </field> </fields> + <custom_php_command_before_form> + varnish_check_config(); + </custom_php_command_before_form> <custom_php_validation_command> </custom_php_validation_command> <custom_php_resync_config_command> sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); </custom_php_resync_config_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index b2a19ac3..c8868ec4 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -9,7 +9,7 @@ varnish_lb_directors.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ @@ -130,6 +130,10 @@ <fieldname>grace</fieldname> </columnitem> <columnitem> + <fielddescr>SSL</fielddescr> + <fieldname>forcessl</fieldname> + </columnitem> + <columnitem> <fielddescr>Failover</fielddescr> <fieldname>failover</fieldname> </columnitem> @@ -197,6 +201,13 @@ <type>input</type> <size>5</size> </field> + <field> + <fielddescr>Force SSL</fielddescr> + <fieldname>forcessl</fieldname> + <description><![CDATA[Redirect to ssl if request does not came from ssl offload servers.]]></description> + <type>checkbox</type> + <size>5</size> + </field> <field> <fielddescr>Additions options</fielddescr> <fieldname>customapping</fieldname> @@ -261,18 +272,15 @@ </field> </fields> <custom_php_command_before_form> + varnish_check_config(); </custom_php_command_before_form> <custom_delete_php_command> sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); </custom_delete_php_command> <custom_php_resync_config_command> sync_package_varnish(); - create_varnish_rcd_file(); - varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index bbb8d321..accfaae8 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -9,7 +9,7 @@ varnish_settings.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -223,7 +223,7 @@ <field> <fielddescr>Foward client IP</fielddescr> <fieldname>xforward</fieldname> - <description>Select how to forward clients real IP.</description> + <description><![CDATA[Select how to forward clients real IP.]]></description> <type>select</type> <options> <option><name>set X-Forwarded-For</name><value>set</value></option> @@ -233,6 +233,15 @@ </options> </field> <field> + <fielddescr>SSL Offload server ACL</fielddescr> + <fieldname>ssloffload</fieldname> + <description><![CDATA[Use <b>x-forwarded-for</b> var instead of <b>client.ip</b> to set <b>X-Forwarded-Varnish</b> on Forward<br> + SSL offload servers must be configured to forward client info. if not set you can get a blank var forwarded to backend.<br> + use space to specify more then one host or network.]]></description> + <type>input</type> + <size>30</size> + </field> + <field> <fielddescr>Fetch Grace</fielddescr> <fieldname>grace</fieldname> <description><![CDATA[<a href="https://www.varnish-cache.org/trac/wiki/VCLExampleGrace">How many time varnish will keep cached objects.</a> HINT 60s, 30m, 1h]]></description> @@ -274,12 +283,15 @@ <encoding>base64</encoding> </field> </fields> + <custom_php_command_before_form> + varnish_check_config(); + </custom_php_command_before_form> + <custom_php_resync_config_command> sync_package_varnish(); create_varnish_rcd_file(); - varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish3/varnish_sync.xml b/config/varnish3/varnish_sync.xml index d81851b1..c5b4b69c 100644 --- a/config/varnish3/varnish_sync.xml +++ b/config/varnish3/varnish_sync.xml @@ -9,7 +9,7 @@ varnish_sync.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> - Copyright (C) 2011-2013 Marcello Coutinho + Copyright (C) 2011-2014 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -136,5 +136,6 @@ </custom_php_resync_config_command> <custom_php_command_before_form> unset($_POST['temp']); + varnish_check_config(); </custom_php_command_before_form> </packagegui>
\ No newline at end of file diff --git a/config/varnish3/varnish_view_config.php b/config/varnish3/varnish_view_config.php index 69a9fabb..30765756 100644 --- a/config/varnish3/varnish_view_config.php +++ b/config/varnish3/varnish_view_config.php @@ -28,7 +28,7 @@ */ require("guiconfig.inc"); - +require("varnish.inc"); $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version < 2.0) $one_two = true; @@ -44,10 +44,10 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></font></p> <?php endif; ?> -<?php if ($savemsg) print_info_box($savemsg); ?> +<?php varnish_check_config();if ($savemsg) print_info_box($savemsg); ?> <form action="varnishstat_view_config.php" method="post"> - + <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -70,9 +70,10 @@ include("head.inc"); <tr> <td class="tabcont" > <textarea id="varnishlogs" rows="50" cols="100%"> -<?php - $config_file = file_get_contents("/var/etc/default.vcl"); - echo $config_file; +<?php + $config_file = file("/var/etc/default.vcl"); + foreach ($config_file as $l => $v) + echo ($l+1)." - {$v}"; ?> </textarea> </td> diff --git a/config/varnish3/varnishstat.php b/config/varnish3/varnishstat.php index 10d9ceb9..aa6827a8 100644 --- a/config/varnish3/varnishstat.php +++ b/config/varnish3/varnishstat.php @@ -1,8 +1,9 @@ <?php /* - varnishstat_view_logs.php + varnishstat.php part of pfSense (https://www.pfsense.org/) Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2014 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,11 +29,45 @@ */ require("guiconfig.inc"); - +require("varnish.inc"); +function open_table(){ + echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; + echo" <tr>"; +} +function close_table(){ + echo" </tr>"; + echo"</table>"; + echo "<br>"; +} if($_REQUEST['getactivity']) { - $varnishstatlogs = `varnishstat -1`; + //$varnishstatlogs = `varnishstat -1`; + $backends=exec("varnishstat -1",$debug); echo "<h2>VarnishSTAT Server logs as of " . date("D M j G:i:s T Y") . "</h2>"; - echo $varnishstatlogs; + open_table(); + print "<td class=\"vncellt\" width=30%><strong>Description</strong></td>"; + print "<td class=\"vncellt\" width=15%><strong>Count</strong></td>"; + print "<td class=\"vncellt\" width=15%><strong></strong></td>"; + print "<td width=20%></td><td width=20%></td></tr>"; + foreach ($debug as $line){ + if (!preg_match("/^VBE/",$line,$lm) && + preg_match("/(\S+)\s+(\S+)\s+(\S+)\s+(.*)/",$line,$lm)) + $varnish_stats[]=$lm; + } + unset($debug); + if (is_array($varnish_stats)){ + foreach ($varnish_stats as $v){ + print "<td class=\"listlr\"> $v[4] ($v[1])</td>"; + print "<td class=\"listlr\" align=\"Right\">". @number_format($v[2]) ."</td>"; + print "<td class=\"listlr\" align=\"Right\">$v[3]</td>"; + print "<td> </td><td> </td></tr>"; + } + } + else{ + print "<td class=\"listlr\">No traffic</td><td class=\"listlr\"></td><td class=\"listlr\"></td></tr>"; + } + +close_table(); + //echo $varnishstatlogs; exit; } @@ -60,9 +95,9 @@ include("head.inc"); } function activitycallback(transport) { $('varnishstatlogs').innerHTML = '<font face="Courier"><pre>' + transport.responseText + '</pre></font>'; - setTimeout('getlogactivity()', 2500); + setTimeout('getlogactivity()', 2500); } - setTimeout('getlogactivity()', 1000); + setTimeout('getlogactivity()', 1000); </script> <?php include("fbegin.inc"); ?> @@ -70,7 +105,7 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></font></p> <?php endif; ?> -<?php if ($savemsg) print_info_box($savemsg); ?> +<?php varnish_check_config();if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -93,7 +128,7 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont" > - <form action="varnishstat_view_logs.php" method="post"> + <form action="varnishstat.php" method="post"> <div id="varnishstatlogs"> <pre>One moment please, loading VarnishSTAT...</pre> </div> diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc index ec7ef0c4..88ad32fa 100644 --- a/config/varnish64/varnish.inc +++ b/config/varnish64/varnish.inc @@ -33,7 +33,7 @@ */ /* ========================================================================== */ -function varnish_settings_post_validate($post, $input_errors) { +function varnish_settings_post_validate($post, &$input_errors) { if($post['storagesize'] && !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; if($post['listeningport'] && !is_numeric($post['listeningport'])) @@ -56,7 +56,7 @@ function varnish_settings_post_validate($post, $input_errors) { } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])) $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; if(stristr($post['directorurl'], 'http')) @@ -65,7 +65,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; if(!is_ipaddr($post['ipaddress'])) diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml index fa549063..1684727c 100644 --- a/config/varnish64/varnish_backends.xml +++ b/config/varnish64/varnish_backends.xml @@ -281,6 +281,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish64/varnish_lb_directors.xml b/config/varnish64/varnish_lb_directors.xml index e7a442ab..f61d66cb 100644 --- a/config/varnish64/varnish_lb_directors.xml +++ b/config/varnish64/varnish_lb_directors.xml @@ -275,6 +275,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish_settings.xml b/config/varnish64/varnish_settings.xml index 0576caad..f5a8bdcd 100644 --- a/config/varnish64/varnish_settings.xml +++ b/config/varnish64/varnish_settings.xml @@ -279,6 +279,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index aa602fdd..d0b14652 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -331,7 +331,7 @@ function vhosts_sync_package_php() if (strlen($rowhelper['certificate']) > 0 && strlen($rowhelper['privatekey']) > 0) { $pem_file = "/var/etc/cert-vhosts-".$ipaddress."-".$port.".pem"; $fout = fopen($pem_file,"w"); - fwrite($fout, $certificate.$privatekey); + fwrite($fout, $certificate.PHP_EOL.$privatekey); fclose($fout); $tmp .= " ssl.pemfile = \"".$pem_file."\"\n"; $tmp .= " ssl.engine = \"enable\"\n"; @@ -491,7 +491,6 @@ function vhosts_sync_package_php() $tmp .= "\n"; $tmp .= "## modules to load\n"; $tmp .= "server.modules = (\n"; - $tmp .= " \"mod_accesslog\",\n"; $tmp .= " \"mod_access\", \"mod_accesslog\",\n"; $tmp .= " \"mod_fastcgi\", \"mod_cgi\",\"mod_rewrite\"\n"; $tmp .= " )\n"; @@ -615,7 +614,7 @@ function vhosts_sync_package_php() $pem_file = "/var/etc/cert-vhosts-".$ipaddress."-".$port.".pem"; $fout = fopen($pem_file,"w"); //echo $certificate; //exit; - fwrite($fout, $certificate.$privatekey); + fwrite($fout, $certificate.PHP_EOL.$privatekey); fclose($fout); $tmp .= "## ssl configuration\n"; $tmp .= "ssl.pemfile = \"".$pem_file."\"\n"; diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 9a684aa1..7418530f 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -248,7 +248,7 @@ function vnstat_php_frontend(){ // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // - error_reporting(E_ALL | E_NOTICE); + //error_reporting(E_ALL | E_NOTICE); // // configuration parameters diff --git a/config/vnstat2/vnstat_php_frontend/README b/config/vnstat2/vnstat_php_frontend/README index 20053152..c0259cfa 100644 --- a/config/vnstat2/vnstat_php_frontend/README +++ b/config/vnstat2/vnstat_php_frontend/README @@ -26,8 +26,8 @@ explained in config.php. 3. LICENSE -vnstat PHP frontend 1.5.1 -Copyright (c)2006-2008 Bjorge Dijkstra (bjd@jooz.net) +vnstat PHP frontend 1.5.2 +Copyright (c)2006-2011 Bjorge Dijkstra (bjd@jooz.net) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/config/vnstat2/vnstat_php_frontend/config.php b/config/vnstat2/vnstat_php_frontend/config.php index 3a4cd51a..9f2102ac 100644 --- a/config/vnstat2/vnstat_php_frontend/config.php +++ b/config/vnstat2/vnstat_php_frontend/config.php @@ -17,10 +17,10 @@ // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // - error_reporting(E_ALL | E_NOTICE); + //error_reporting(E_ALL | E_NOTICE); // // configuration parameters @@ -30,6 +30,9 @@ $locale = 'en_US.UTF-8'; $language = 'en'; + // Set local timezone + date_default_timezone_set("Europe/Amsterdam"); + // list of network interfaces monitored by vnStat $iface_list = array('em0', 'em1'); @@ -43,7 +46,7 @@ // // There are two possible sources for vnstat data. If the $vnstat_bin // variable is set then vnstat is called directly from the PHP script - // to get the interface data. + // to get the interface data. // // The other option is to periodically dump the vnstat interface data to // a file (e.g. by a cronjob). In that case the $vnstat_bin variable @@ -52,18 +55,23 @@ // // You can generate vnstat dumps with the command: // vnstat --dumpdb -i $iface > /path/to/data_dir/vnstat_dump_$iface - // + // $vnstat_bin = '/usr/local/bin/vnstat'; $data_dir = './dumps'; // graphics format to use: svg or png $graph_format='svg'; - + // Font to use for PNG graphs define('GRAPH_FONT',dirname(__FILE__).'/VeraBd.ttf'); // Font to use for SVG graphs define('SVG_FONT', 'Verdana'); - define('DEFAULT_COLORSCHEME', 'pfSense'); -?>
\ No newline at end of file + // Default theme + define('DEFAULT_COLORSCHEME', 'pfSense'); + + // SVG Depth scaling factor + define('SVG_DEPTH_SCALING', 1); + +?> diff --git a/config/vnstat2/vnstat_php_frontend/graph.php b/config/vnstat2/vnstat_php_frontend/graph.php index fb00be67..3ef72f1a 100644 --- a/config/vnstat2/vnstat_php_frontend/graph.php +++ b/config/vnstat2/vnstat_php_frontend/graph.php @@ -17,7 +17,7 @@ // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // require 'config.php'; @@ -32,7 +32,7 @@ { return imagecolorallocatealpha($im, $colors[0], $colors[1], $colors[2], $colors[3]); } - + function init_image() { global $im, $xlm, $xrm, $ytm, $ybm, $iw, $ih,$graph, $cl, $iface, $colorscheme, $style; @@ -42,7 +42,7 @@ // // image object - // + // $xlm = 70; $xrm = 20; $ytm = 35; @@ -50,7 +50,7 @@ if ($graph == 'small') { $iw = 300 + $xrm + $xlm; - $ih = 100 + $ytm + $ybm; + $ih = 100 + $ytm + $ybm; } else { @@ -75,10 +75,10 @@ $cl['rx_border'] = allocate_color($im, $cs['rx_border']); $cl['tx'] = allocate_color($im, $cs['tx']); $cl['tx_border'] = allocate_color($im, $cs['tx_border']); - + imagefilledrectangle($im,0,0,$iw,$ih,$cl['image_background']); imagefilledrectangle($im,$xlm,$ytm,$iw-$xrm,$ih-$ybm, $cl['background']); - + $x_step = ($iw - $xlm - $xrm) / 12; $depth = ($x_step / 8) + 4; imagefilledpolygon($im, array($xlm, $ytm, $xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $xlm - $depth, $ytm + $depth), 4, $cl['background_2']); @@ -89,7 +89,7 @@ $bbox = imagettfbbox(10, 0, GRAPH_FONT, $text); $textwidth = $bbox[2] - $bbox[0]; imagettftext($im, 10, 0, ($iw-$textwidth)/2, ($ytm/2), $cl['text'], GRAPH_FONT, $text); - + } function draw_border() @@ -98,16 +98,16 @@ imageline($im, 0, 0,$iw-1, 0, $cl['border']); imageline($im, 0,$ih-1,$iw-1,$ih-1, $cl['border']); - imageline($im, 0, 0, 0,$ih-1, $cl['border']); + imageline($im, 0, 0, 0,$ih-1, $cl['border']); imageline($im, $iw-1, 0,$iw-1,$ih-1, $cl['border']); } - + function draw_grid($x_ticks, $y_ticks) { global $im, $cl, $iw, $ih, $xlm, $xrm, $ytm, $ybm; $x_step = ($iw - $xlm - $xrm) / $x_ticks; $y_step = ($ih - $ytm - $ybm) / $y_ticks; - + $depth = 10;//($x_step / 8) + 4; $ls = array($cl['grid_stipple_1'],$cl['grid_stipple_2']); @@ -119,14 +119,13 @@ } for ($i=$ytm;$i<=($ih-$ybm); $i += $y_step) { - imageline($im, $xlm, $i, $iw - $xrm, $i, IMG_COLOR_STYLED); + imageline($im, $xlm, $i, $iw - $xrm, $i, IMG_COLOR_STYLED); imageline($im, $xlm, $i, $xlm - $depth, $i + $depth, IMG_COLOR_STYLED); } imageline($im, $xlm, $ytm, $xlm, $ih - $ybm, $cl['border']); imageline($im, $xlm, $ih - $ybm, $iw - $xrm, $ih - $ybm, $cl['border']); } - - + function draw_data($data) { global $im,$cl,$iw,$ih,$xlm,$xrm,$ytm,$ybm; @@ -168,7 +167,7 @@ { $prescale = $prescale * 1024; $y_scale = $y_scale / 1024; - if ($unit == 'K') + if ($unit == 'K') $unit = 'M'; else if ($unit == 'M') $unit = 'G'; @@ -178,7 +177,7 @@ } draw_grid($x_ticks, $y_ticks); - + // // graph scale factor (per pixel) // @@ -187,7 +186,7 @@ if ($data[0] == 'nodata') { - $text = 'no data available'; + $text = T('no data available'); $bbox = imagettfbbox(10, 0, GRAPH_FONT, $text); $textwidth = $bbox[2] - $bbox[0]; imagettftext($im, 10, 0, ($iw-$textwidth)/2, $ytm + 80, $cl['text'], GRAPH_FONT, $text); @@ -196,26 +195,26 @@ { // // draw bars - // + // for ($i=0; $i<$x_ticks; $i++) { $x = $xlm + ($i * $x_step); $y = $ytm + ($ih - $ytm - $ybm) - (($data[$i]['rx'] - $offset) / $sf); - + $depth = $x_step / 8; $space = 0; - + $x1 = $x; $y1 = $y; $x2 = $x + $bar_w - $space; $y2 = $ih - $ybm; - + imagefilledrectangle($im, $x1, $y1, $x2, $y2, $cl['rx']); imagerectangle($im, $x1, $y1, $x2, $y2, $cl['rx_border']); - + imagefilledrectangle($im, $x1 - $depth, $y1 + $depth, $x2 -$depth, $y2 + $depth, $cl['rx']); imagerectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['rx_border']); - + imagefilledpolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['rx']); imagepolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['rx_border']); imagefilledpolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['rx']); @@ -227,16 +226,16 @@ imagefilledrectangle($im, $x1, $y1, $x2, $y2, $cl['tx']); imagerectangle($im, $x1, $y1, $x2, $y2, $cl['tx_border']); - + imagefilledrectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['tx']); - imagerectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['tx_border']); - + imagerectangle($im, $x1 - $depth, $y1 + $depth, $x2 - $depth, $y2 + $depth, $cl['tx_border']); + imagefilledpolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['tx']); imagepolygon($im, array($x1, $y1, $x2, $y1, $x2 - $depth, $y1 + $depth, $x1 - $depth, $y1 + $depth), 4, $cl['tx_border']); imagefilledpolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['tx']); imagepolygon($im, array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth), 4, $cl['tx_border']); } - + // // axis labels // @@ -265,11 +264,11 @@ // imagefilledrectangle($im, $xlm, $ih-$ybm+39, $xlm+8,$ih-$ybm+47,$cl['rx']); imagerectangle($im, $xlm, $ih-$ybm+39, $xlm+8,$ih-$ybm+47,$cl['text']); - imagettftext($im, 8,0, $xlm+14, $ih-$ybm+48,$cl['text'], GRAPH_FONT,'bytes in'); + imagettftext($im, 8,0, $xlm+14, $ih-$ybm+48,$cl['text'], GRAPH_FONT,T('bytes in')); imagefilledrectangle($im, $xlm+120 , $ih-$ybm+39, $xlm+128,$ih-$ybm+47,$cl['tx']); imagerectangle($im, $xlm+120, $ih-$ybm+39, $xlm+128,$ih-$ybm+47,$cl['text']); - imagettftext($im, 8,0, $xlm+134, $ih-$ybm+48,$cl['text'], GRAPH_FONT,'bytes out'); + imagettftext($im, 8,0, $xlm+134, $ih-$ybm+48,$cl['text'], GRAPH_FONT,T('bytes out')); } function output_image() @@ -293,11 +292,11 @@ { draw_data($month); } - - header('Content-type: image/png'); + + header('Content-type: image/png'); imagepng($im); } get_vnstat_data(); output_image(); -?> +?> diff --git a/config/vnstat2/vnstat_php_frontend/graph_svg.php b/config/vnstat2/vnstat_php_frontend/graph_svg.php index 8992ed12..e67a894f 100644 --- a/config/vnstat2/vnstat_php_frontend/graph_svg.php +++ b/config/vnstat2/vnstat_php_frontend/graph_svg.php @@ -17,7 +17,7 @@ // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // require 'config.php'; @@ -61,8 +61,8 @@ print "</g>\n"; } - function svg_text($x, $y, $text, $options = array()) - { + function svg_text($x, $y, $text, $options = array()) + { printf("<text x=\"%F\" y=\"%F\" ", $x, $y); svg_options($options); print ">$text</text>\n"; @@ -75,7 +75,7 @@ print "/>\n"; } - function svg_rect($x, $y, $w, $h, $options = array()) + function svg_rect($x, $y, $w, $h, $options = array()) { printf("<rect x=\"%F\" y=\"%F\" width=\"%F\" height=\"%F\" ", $x, $y, $w, $h); svg_options($options); @@ -98,7 +98,7 @@ $col['opacity'] = sprintf("%F", (127 - $colors[3]) / 127); return $col; } - + function init_image() { global $xlm, $xrm, $ytm, $ybm, $iw, $ih,$graph, $cl, $iface, $colorscheme, $style; @@ -108,7 +108,7 @@ // // image object - // + // $xlm = 70; $xrm = 20; $ytm = 35; @@ -116,14 +116,14 @@ if ($graph == 'small') { $iw = 300 + $xrm + $xlm; - $ih = 100 + $ytm + $ybm; + $ih = 100 + $ytm + $ybm; } else { $iw = 600 + $xrm + $xlm; $ih = 200 + $ytm + $ybm; } - + svg_create($iw, $ih); // @@ -141,11 +141,11 @@ $cl['rx_border'] = allocate_color($cs['rx_border']); $cl['tx'] = allocate_color($cs['tx']); $cl['tx_border'] = allocate_color($cs['tx_border']); - + svg_rect(0, 0, $iw, $ih, array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['image_background']['rgb']) ); svg_rect($xlm, $ytm, $iw-$xrm-$xlm, $ih-$ybm-$ytm, array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['background']['rgb']) ); - - $depth = 12; + + $depth = 12*SVG_DEPTH_SCALING; svg_group( array( 'stroke' => 'none', 'stroke-width' => 0, 'fill' => $cl['background_2']['rgb'], 'fill-opacity' => $cl['background_2']['opacity']) ); svg_poly(array($xlm, $ytm, $xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $xlm - $depth, $ytm + $depth)); svg_poly(array($xlm, $ih - $ybm, $xlm - $depth, $ih - $ybm + $depth, $iw - $xrm - $depth, $ih - $ybm + $depth, $iw - $xrm, $ih - $ybm)); @@ -153,7 +153,7 @@ // draw title $text = T('Traffic data for')." $iface"; - svg_text($iw / 2, ($ytm / 2), $text, array( 'stroke' => $cl['text'], 'fill' => $cl['text']['rgb'],'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-weight' => 'bold', 'text-anchor' => 'middle' )); + svg_text($iw / 2, ($ytm / 2), $text, array( 'stroke' => 'none', 'fill' => $cl['text']['rgb'],'stroke-width' => 0, 'font-family' => SVG_FONT, 'font-weight' => 'bold', 'text-anchor' => 'middle' )); } function draw_border() @@ -161,14 +161,14 @@ global $cl, $iw, $ih; svg_rect(1, 1, $iw-2, $ih-2, array( 'stroke' => $cl['border']['rgb'], 'stroke-opacity' => $cl['border']['opacity'], 'stroke-width' => 1, 'fill' => 'none') ); } - + function draw_grid($x_ticks, $y_ticks) { global $cl, $iw, $ih, $xlm, $xrm, $ytm, $ybm; $x_step = ($iw - $xlm - $xrm) / $x_ticks; $y_step = ($ih - $ytm - $ybm) / $y_ticks; - - $depth = 12; + + $depth = 12*SVG_DEPTH_SCALING; svg_group( array( 'stroke' => $cl['grid_stipple_1']['rgb'], 'stroke-opacity' => $cl['grid_stipple_1']['opacity'], 'stroke-width' => '1px', 'stroke-dasharray' => '1,1' ) ); for ($i = $xlm; $i <= ($iw - $xrm); $i += $x_step) @@ -178,7 +178,7 @@ } for ($i = $ytm; $i <= ($ih - $ybm); $i += $y_step) { - svg_line($xlm, $i, $iw - $xrm, $i); + svg_line($xlm, $i, $iw - $xrm, $i); svg_line($xlm, $i, $xlm - $depth, $i + $depth); } svg_group_end(); @@ -188,8 +188,8 @@ svg_line($xlm, $ih - $ybm, $iw - $xrm, $ih - $ybm); svg_group_end(); } - - + + function draw_data($data) { global $cl,$iw,$ih,$xlm,$xrm,$ytm,$ybm; @@ -231,7 +231,7 @@ { $prescale = $prescale * 1024; $y_scale = $y_scale / 1024; - if ($unit == 'K') + if ($unit == 'K') $unit = 'M'; else if ($unit == 'M') $unit = 'G'; @@ -241,7 +241,7 @@ } draw_grid($x_ticks, $y_ticks); - + // // graph scale factor (per pixel) // @@ -256,22 +256,22 @@ { // // draw bars - // + // for ($i=0; $i<$x_ticks; $i++) { $x = $xlm + ($i * $x_step); $y = $ytm + ($ih - $ytm - $ybm) - (($data[$i]['rx'] - $offset) / $sf); - - $depth = ($x_ticks < 20) ? 8 : 6; + + $depth = ($x_ticks < 20) ? 8*SVG_DEPTH_SCALING : 6*SVG_DEPTH_SCALING; $space = 0; - + $x1 = (int)$x; $y1 = (int)$y; $w = (int)($bar_w - $space); $h = (int)($ih - $ybm - $y); $x2 = (int)($x + $bar_w - $space); $y2 = (int)($ih - $ybm); - + svg_group( array( 'stroke' => $cl['rx_border']['rgb'], 'stroke-opacity' => $cl['rx_border']['opacity'], 'stroke-width' => 1, 'stroke-linejoin' => 'round', 'fill' => $cl['rx']['rgb'], 'fill-opacity' => $cl['rx']['opacity'] ) ); @@ -287,7 +287,7 @@ $w = (int)($bar_w - $space); $h = (int)($ih - $ybm - $y1 - 1); - svg_group( array( 'stroke' => $cl['tx_border']['rgb'], 'stroke-opacity' => $cl['tx_border']['opacity'], + svg_group( array( 'stroke' => $cl['tx_border']['rgb'], 'stroke-opacity' => $cl['tx_border']['opacity'], 'stroke-width' => 1, 'stroke-linejoin' => 'round', 'fill' => $cl['tx']['rgb'], 'fill-opacity' => $cl['tx']['opacity'] ) ); svg_rect($x1, $y1, $w, $h); @@ -296,7 +296,7 @@ svg_poly(array($x2, $y1, $x2, $y2, $x2 - $depth, $y2 + $depth, $x2 - $depth, $y1 + $depth)); svg_group_end(); } - + // // axis labels // @@ -359,4 +359,4 @@ get_vnstat_data(); output_image(); -?> +?> diff --git a/config/vnstat2/vnstat_php_frontend/index.php b/config/vnstat2/vnstat_php_frontend/index.php index 70c0427f..478665ee 100644 --- a/config/vnstat2/vnstat_php_frontend/index.php +++ b/config/vnstat2/vnstat_php_frontend/index.php @@ -17,7 +17,7 @@ // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // require 'config.php'; @@ -31,15 +31,20 @@ function write_side_bar() { global $iface, $page, $graph, $script, $style; - global $iface_list, $iface_title; + global $iface_list, $iface_title; global $page_list, $page_title; - + $p = "&graph=$graph&style=$style"; print "<ul class=\"iface\">\n"; foreach ($iface_list as $if) { - print "<li class=\"iface\">"; + if ($iface == $if) { + print "<li class=\"iface active\">"; + } else { + print "<li class=\"iface\">"; + } + print "<a href=\"$script?if=$if$p\">"; if (isset($iface_title[$if])) { print $iface_title[$if]; @@ -48,17 +53,17 @@ { print $if; } + print "</a>"; print "<ul class=\"page\">\n"; foreach ($page_list as $pg) { print "<li class=\"page\"><a href=\"$script?if=$if$p&page=$pg\">".$page_title[$pg]."</a></li>\n"; } print "</ul></li>\n"; - } - print "</ul>\n"; + print "</ul>\n"; } - + function kbytes_to_string($kb) { @@ -70,10 +75,10 @@ { $ui++; $scale = $scale / 1024; - } + } return sprintf("%0.2f %s", ($kb/$scale),$units[$ui]); } - + function write_summary() { global $summary,$top,$day,$hour,$month; @@ -108,8 +113,8 @@ print "<br/>\n"; write_data_table(T('Top 10 days'), $top); } - - + + function write_data_table($caption, $tab) { print "<table width=\"100%\" cellspacing=\"0\">\n"; @@ -118,7 +123,7 @@ print "<th class=\"label\" style=\"width:120px;\"> </th>"; print "<th class=\"label\">".T('In')."</th>"; print "<th class=\"label\">".T('Out')."</th>"; - print "<th class=\"label\">".T('Total')."</th>"; + print "<th class=\"label\">".T('Total')."</th>"; print "</tr>\n"; for ($i=0; $i<count($tab); $i++) @@ -148,7 +153,7 @@ // header('Content-type: text/html; charset=utf-8'); print '<?xml version="1.0"?>'; -?> +?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> @@ -168,7 +173,7 @@ if ($graph_format == 'svg') { print "<object type=\"image/svg+xml\" width=\"692\" height=\"297\" data=\"graph_svg.php?$graph_params\"></object>\n"; } else { - print "<img src=\"graph.php?$graph_params\" alt=\"graph\"/>\n"; + print "<img src=\"graph.php?$graph_params\" alt=\"graph\"/>\n"; } if ($page == 's') @@ -176,20 +181,20 @@ write_summary(); } else if ($page == 'h') - { - write_data_table(T('Last 24 hours'), $hour); + { + write_data_table(T('Last 24 hours'), $hour); } else if ($page == 'd') { - write_data_table(T('Last 30 days'), $day); + write_data_table(T('Last 30 days'), $day); } else if ($page == 'm') { - write_data_table(T('Last 12 months'), $month); + write_data_table(T('Last 12 months'), $month); } ?> </div> - <div id="footer"><a href="http://www.sqweek.com/">vnStat PHP frontend</a> 1.5.1 - ©2006-2010 Bjorge Dijkstra (bjd _at_ jooz.net)</div> + <div id="footer"><a href="http://www.sqweek.com/">vnStat PHP frontend</a> 1.5.2 - ©2006-2011 Bjorge Dijkstra (bjd _at_ jooz.net)</div> </div> </div> diff --git a/config/vnstat2/vnstat_php_frontend/json.php b/config/vnstat2/vnstat_php_frontend/json.php new file mode 100644 index 00000000..89d4c78e --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/json.php @@ -0,0 +1,81 @@ +<?php + // + // vnStat PHP frontend (c)2006-2010 Bjorge Dijkstra (bjd@jooz.net) + // + // This program is free software; you can redistribute it and/or modify + // it under the terms of the GNU General Public License as published by + // the Free Software Foundation; either version 2 of the License, or + // (at your option) any later version. + // + // This program is distributed in the hope that it will be useful, + // but WITHOUT ANY WARRANTY; without even the implied warranty of + // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + // GNU General Public License for more details. + // + // You should have received a copy of the GNU General Public License + // along with this program; if not, write to the Free Software + // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + // + // + // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // for more information. + // + require 'config.php'; + require 'localize.php'; + require 'vnstat.php'; + + validate_input(); + + require "./themes/$style/theme.php"; + + function write_summary() + { + global $summary,$top,$day,$hour,$month; + + $trx = $summary['totalrx']*1024+$summary['totalrxk']; + $ttx = $summary['totaltx']*1024+$summary['totaltxk']; + + // + // build array for write_data_table + // + $sum['hour']['act'] = 1; + $sum['hour']['rx'] = $hour[0]['rx']; + $sum['hour']['tx'] = $hour[0]['tx']; + + $sum['day']['act'] = 1; + $sum['day']['rx'] = $day[0]['rx']; + $sum['day']['tx'] = $day[0]['tx']; + + $sum['month']['act'] = 1; + $sum['month']['rx'] = $month[0]['rx']; + $sum['month']['tx'] = $month[0]['tx']; + + $sum['total']['act'] = 1; + $sum['total']['rx'] = $trx; + $sum['total']['tx'] = $ttx; + + print json_encode($sum); + } + + + get_vnstat_data(false); + + header('Content-type: application/json; charset=utf-8'); + $graph_params = "if=$iface&page=$page&style=$style"; + if ($page == 's') + { + write_summary(); + } + else if ($page == 'h') + { + print json_encode(array('hours' => $hour)); + } + else if ($page == 'd') + { + print json_encode(array('days' => $day)); + } + else if ($page == 'm') + { + print json_encode(array('months' => $month)); + } + ?>
\ No newline at end of file diff --git a/config/vnstat2/vnstat_php_frontend/lang/br.php b/config/vnstat2/vnstat_php_frontend/lang/br.php new file mode 100644 index 00000000..ea2fd103 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/br.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'sumario'; +$L['hours'] = 'horas'; +$L['days'] = 'dias'; +$L['months'] = 'meses'; + +// main table headers +$L['Summary'] = 'Sumario'; +$L['Top 10 days'] = 'Top 10 - dias'; +$L['Last 24 hours'] = 'Ultimas 24 horas'; +$L['Last 30 days'] = 'Ultimos 30 dias'; +$L['Last 12 months'] = 'Ultimos 12 meses'; + +// traffic table columns +$L['In'] = 'Entrada'; +$L['Out'] = 'Saida'; +$L['Total'] = 'Total'; + +// summary rows +$L['This hour'] = 'Esta hora'; +$L['This day'] = 'Este dia'; +$L['This month'] = 'Este mes'; +$L['All time'] = 'Todos os tempos'; + +// graph text +$L['Traffic data for'] = 'Trafego da'; +$L['bytes in'] = 'bytes entrada'; +$L['bytes out'] = 'bytes saida'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/cn.php b/config/vnstat2/vnstat_php_frontend/lang/cn.php new file mode 100644 index 00000000..3be03cd5 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/cn.php @@ -0,0 +1,40 @@ +<?php + +// sidebar labels +$L['summary'] = '总计'; +$L['hours'] = '每时'; +$L['days'] = '每天'; +$L['months'] = '每月'; + +// main table headers +$L['Summary'] = '概览'; +$L['Top 10 days'] = '最高流量的10天'; +$L['Last 24 hours'] = '过去24小时'; +$L['Last 30 days'] = '过去30天'; +$L['Last 12 months'] = '过去12个月'; + +// traffic table columns +$L['In'] = '流入'; +$L['Out'] = '流出'; +$L['Total'] = '总流量'; + +// summary rows +$L['This hour'] = '本小时'; +$L['This day'] = '本日'; +$L['This month'] = '本月'; +$L['All time'] = '总计'; + +// graph text +$L['Traffic data for'] = '统计的网络:'; +$L['bytes in'] = '流入bytes'; +$L['bytes out'] = '流出bytes'; + +// date formats +$L['datefmt_days'] = '%B%d日'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%Y年%B'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:00'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%Y年%m月%d日'; + diff --git a/config/vnstat2/vnstat_php_frontend/lang/de.php b/config/vnstat2/vnstat_php_frontend/lang/de.php new file mode 100644 index 00000000..b77fff83 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/de.php @@ -0,0 +1,40 @@ +<?php + +// sidebar labels +$L['summary'] = 'Übersicht'; +$L['hours'] = 'Stunden'; +$L['days'] = 'Tage'; +$L['months'] = 'Monate'; + +// main table headers +$L['Summary'] = 'Übersicht'; +$L['Top 10 days'] = 'Top 10 nach Tagen'; +$L['Last 24 hours'] = 'Letzte 24 Stunden'; +$L['Last 30 days'] = 'Letzte 30 Tage'; +$L['Last 12 months'] = 'Letzte 12 Monate'; + +// traffic table columns +$L['In'] = 'Rein'; +$L['Out'] = 'Raus'; +$L['Total'] = 'Total'; + +// summary rows +$L['This hour'] = 'Diese Stunde'; +$L['This day'] = 'Dieser Tag'; +$L['This month'] = 'Dieser Monat'; +$L['All time'] = 'Alles'; + +// graph text +$L['Traffic data for'] = 'Trafficdaten für'; +$L['bytes in'] = 'Bytes rein'; +$L['bytes out'] = 'Bytes raus'; + +// date formats +$L['datefmt_days'] = '%d.%B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B.%Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d.%B.%Y'; + diff --git a/config/vnstat2/vnstat_php_frontend/lang/es.php b/config/vnstat2/vnstat_php_frontend/lang/es.php new file mode 100644 index 00000000..a2456295 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/es.php @@ -0,0 +1,41 @@ +<?php + +// sidebar labels +$L['summary'] = 'sumario'; +$L['hours'] = 'horas'; +$L['days'] = 'días'; +$L['months'] = 'meses'; + +// main table headers +$L['Summary'] = 'Sumario'; +$L['Top 10 days'] = 'Últimos 10 días'; +$L['Last 24 hours'] = 'Últimas 24 horas'; +$L['Last 30 days'] = 'Últimos 30 días'; +$L['Last 12 months'] = 'Últimos 12 meses'; + +// traffic table columns +$L['In'] = 'Entrada'; +$L['Out'] = 'Salida'; +$L['Total'] = 'Total'; + +// summary rows +$L['This hour'] = 'Esta hora'; +$L['This day'] = 'Este día'; +$L['This month'] = 'Este mes'; +$L['All time'] = 'Todo el tiempo'; + +// graph text +$L['Traffic data for'] = 'Trafico de datos para'; +$L['bytes in'] = 'entrada de bytes'; +$L['bytes out'] = 'salida de bytes'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d %B %Y'; + +// spanish version by Carlos Troetsch diff --git a/config/vnstat2/vnstat_php_frontend/lang/fi.php b/config/vnstat2/vnstat_php_frontend/lang/fi.php new file mode 100644 index 00000000..f1ce59b4 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/fi.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'yhteenveto'; +$L['hours'] = 'tunnit'; +$L['days'] = 'päivät'; +$L['months'] = 'kuukaudet'; + +// main table headers +$L['Summary'] = 'Yhteenveto'; +$L['Top 10 days'] = 'Top 10 päivää'; +$L['Last 24 hours'] = 'Viimeiset 24 tuntia'; +$L['Last 30 days'] = 'Viimeiset 30 päivää'; +$L['Last 12 months'] = 'Viimeiset 12 kuukautta'; + +// traffic table columns +$L['In'] = 'Sisään'; +$L['Out'] = 'Ulos'; +$L['Total'] = 'Yhteensä'; + +// summary rows +$L['This hour'] = 'Viimeisin tunti'; +$L['This day'] = 'Viimeisin päivä'; +$L['This month'] = 'Viimeisin kuukausi'; +$L['All time'] = 'Kaikkiaan'; + +// graph text +$L['Traffic data for'] = 'Liikennemäärä'; +$L['bytes in'] = 'tavua sisään'; +$L['bytes out'] = 'tavua ulos'; + +// date formats +$L['datefmt_days'] = '%d. %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%a %d. %b %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/fr.php b/config/vnstat2/vnstat_php_frontend/lang/fr.php new file mode 100644 index 00000000..abb76b0a --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/fr.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'Sommaire'; +$L['hours'] = 'Heures'; +$L['days'] = 'Jours'; +$L['months'] = 'Mois'; + +// main table headers +$L['Summary'] = 'Sommaire'; +$L['Top 10 days'] = 'Les 10 meilleurs jours'; +$L['Last 24 hours'] = 'Dernières 24 heures'; +$L['Last 30 days'] = 'Derniers 30 jours'; +$L['Last 12 months'] = 'Les 12 derniers mois'; + +// traffic table columns +$L['In'] = 'Entrant'; +$L['Out'] = 'Sortant'; +$L['Total'] = 'Total'; + +// summary rows +$L['This hour'] = 'Cette heure'; +$L['This day'] = 'Aujourd\' hui'; +$L['This month'] = 'Ce mois'; +$L['All time'] = 'Tout temps'; + +// graph text +$L['Traffic data for'] = 'Traffic de donnée pour :'; +$L['bytes in'] = 'bytes entrants'; +$L['bytes out'] = 'bytes sortants'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%Hh%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/hr.php b/config/vnstat2/vnstat_php_frontend/lang/hr.php new file mode 100644 index 00000000..f547f29d --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/hr.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'sažetak'; // summary +$L['hours'] = 'sati'; +$L['days'] = 'dani'; +$L['months'] = 'mjeseci'; + +// main table headers +$L['Summary'] = 'Sažetak'; +$L['Top 10 days'] = '10 naprometnijih dana'; +$L['Last 24 hours'] = 'Zadnja 24 sata'; +$L['Last 30 days'] = 'Zadnjih 30 dana'; +$L['Last 12 months'] = 'Zadnjih 12 mjeseci'; + +// traffic table columns +$L['In'] = 'Primljeno'; +$L['Out'] = 'Poslano'; +$L['Total'] = 'Ukupno'; // Total + +// summary rows +$L['This hour'] = 'Tekući sat'; +$L['This day'] = 'Danas'; +$L['This month'] = 'Tekući mjesec'; +$L['All time'] = 'Sveukupno'; + +// graph text +$L['Traffic data for'] = 'Promet za'; +$L['bytes in'] = 'bajta primljeno'; +$L['bytes out'] = 'bajta poslano'; + +// date formats +$L['datefmt_days'] = '%d. %m'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%m.%Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H'; // %k +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d.%m.%Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/hu.php b/config/vnstat2/vnstat_php_frontend/lang/hu.php new file mode 100644 index 00000000..94a445f3 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/hu.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'Összegzés'; +$L['hours'] = 'órák'; +$L['days'] = 'napok'; +$L['months'] = 'hónapok'; + +// main table headers +$L['Summary'] = 'Öszegzés'; +$L['Top 10 days'] = 'Legjobb 10 nap'; +$L['Last 24 hours'] = 'Utolsó 24 óra'; +$L['Last 30 days'] = 'Utolsó 30 nap'; +$L['Last 12 months'] = 'Utolsó 12 hónap'; + +// traffic table columns +$L['In'] = 'Bejövő'; +$L['Out'] = 'Kimenő'; +$L['Total'] = 'Összesen'; + +// summary rows +$L['This hour'] = 'Ebben az órában'; +$L['This day'] = 'Ezen a napon'; +$L['This month'] = 'Ebben a hónapban'; +$L['All time'] = 'Összesen'; + +// graph text +$L['Traffic data for'] = 'Forgalmi adatok: '; +$L['bytes in'] = 'bejövő bájtok'; +$L['bytes out'] = 'kimenő bájtok'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y';
\ No newline at end of file diff --git a/config/vnstat2/vnstat_php_frontend/lang/it.php b/config/vnstat2/vnstat_php_frontend/lang/it.php new file mode 100644 index 00000000..d86cb479 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/it.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'Riepilogo'; +$L['hours'] = 'Ore'; +$L['days'] = 'Giorni'; +$L['months'] = 'Mesi'; + +// main table headers +$L['Summary'] = 'Riepilogo'; +$L['Top 10 days'] = '10 giorni piu intensivi'; +$L['Last 24 hours'] = 'Ultime 24 ore'; +$L['Last 30 days'] = 'Ultimi 30 giorni'; +$L['Last 12 months'] = 'Ultimi 12 mesi'; + +// traffic table columns +$L['In'] = 'Entrata'; +$L['Out'] = 'Uscita'; +$L['Total'] = 'Totale'; + +// summary rows +$L['This hour'] = 'Quest ora'; +$L['This day'] = 'Oggi'; +$L['This month'] = 'Questo mese'; +$L['All time'] = 'Sempre'; + +// graph text +$L['Traffic data for'] = 'Dati per'; +$L['bytes in'] = 'bytes entrati'; +$L['bytes out'] = 'bytes usciti'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/no.php b/config/vnstat2/vnstat_php_frontend/lang/no.php new file mode 100644 index 00000000..9f214942 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/no.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'Sammendrag'; +$L['hours'] = 'Timer'; +$L['days'] = 'Dager'; +$L['months'] = 'Måneder'; + +// main table headers +$L['Summary'] = 'Sammendrag'; +$L['Top 10 days'] = 'Topp 10 dager'; +$L['Last 24 hours'] = 'Siste 24 timer'; +$L['Last 30 days'] = 'Siste 30 dager'; +$L['Last 12 months'] = 'Siste 12 måneder'; + +// traffic table columns +$L['In'] = 'Inn'; +$L['Out'] = 'Ut'; +$L['Total'] = 'Totalt'; + +// summary rows +$L['This hour'] = 'Denne time'; +$L['This day'] = 'Idag'; +$L['This month'] = 'Denne måneden'; +$L['All time'] = 'Totalt'; + +// graph text +$L['Traffic data for'] = 'Trafikkdata for'; +$L['bytes in'] = 'bytes inn'; +$L['bytes out'] = 'bytes ut'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/pl.php b/config/vnstat2/vnstat_php_frontend/lang/pl.php new file mode 100644 index 00000000..d04e5166 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/pl.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'podsumowanie'; +$L['hours'] = 'godziny'; +$L['days'] = 'dni'; +$L['months'] = 'miesiące'; + +// main table headers +$L['Summary'] = 'Podsumowanie'; +$L['Top 10 days'] = 'Top 10 dni'; +$L['Last 24 hours'] = 'Ostatnie 24 godziny'; +$L['Last 30 days'] = 'Ostatnie 30 dni'; +$L['Last 12 months'] = 'Ostatnie 12 miesięcy'; + +// traffic table columns +$L['In'] = 'Wyjście'; +$L['Out'] = 'Wejście'; +$L['Total'] = 'Suma'; + +// summary rows +$L['This hour'] = 'Ta godzina'; +$L['This day'] = 'Ten dzień'; +$L['This month'] = 'Ten miesiąc'; +$L['All time'] = 'Całość'; + +// graph text +$L['Traffic data for'] = 'Transfer dla'; +$L['bytes in'] = 'Wysłane'; +$L['bytes out'] = 'Odebrane'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/ru.php b/config/vnstat2/vnstat_php_frontend/lang/ru.php new file mode 100644 index 00000000..7a105b38 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/ru.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'сводка'; +$L['hours'] = 'по часам'; +$L['days'] = 'по дням'; +$L['months'] = 'по месяцам'; + +// main table headers +$L['Summary'] = 'Сводка'; +$L['Top 10 days'] = 'Топ 10 дней'; +$L['Last 24 hours'] = 'Последние 24 часа'; +$L['Last 30 days'] = 'Последние 30 дней'; +$L['Last 12 months'] = 'Последние 12 месяцев'; + +// traffic table columns +$L['In'] = 'Входящий'; +$L['Out'] = 'Исходящий'; +$L['Total'] = 'Общий'; + +// summary rows +$L['This hour'] = 'Текущий час'; +$L['This day'] = 'Текущий день'; +$L['This month'] = 'Текущий месяц'; +$L['All time'] = 'За все время'; + +// graph text +$L['Traffic data for'] = 'Статистика трафика для'; +$L['bytes in'] = 'получено'; +$L['bytes out'] = 'передано'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%H:%M'; +$L['datefmt_hours_img'] = '%H'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/lang/sk.php b/config/vnstat2/vnstat_php_frontend/lang/sk.php new file mode 100644 index 00000000..bc972503 --- /dev/null +++ b/config/vnstat2/vnstat_php_frontend/lang/sk.php @@ -0,0 +1,39 @@ +<?php + +// sidebar labels +$L['summary'] = 'zhrnutie'; +$L['hours'] = 'hodiny'; +$L['days'] = 'dni'; +$L['months'] = 'mesiace'; + +// main table headers +$L['Summary'] = 'Zhrnutie'; +$L['Top 10 days'] = 'Naj 10 dni'; +$L['Last 24 hours'] = 'Posledných 24 hodin'; +$L['Last 30 days'] = 'Posledných 30 dni'; +$L['Last 12 months'] = 'Posledných 12 mesiacov'; + +// traffic table columns +$L['In'] = 'Sťahovanie'; +$L['Out'] = 'Posielanie'; +$L['Total'] = 'Celkom'; + +// summary rows +$L['This hour'] = 'Túto hodinu'; +$L['This day'] = 'Tento deň'; +$L['This month'] = 'Tento mesiac'; +$L['All time'] = 'Celkom'; + +// graph text +$L['Traffic data for'] = 'Prehlad pre'; +$L['bytes in'] = 'bajtov stiahnuté'; +$L['bytes out'] = 'bajtov poslané'; + +// date formats +$L['datefmt_days'] = '%d %B'; +$L['datefmt_days_img'] = '%d'; +$L['datefmt_months'] = '%B %Y'; +$L['datefmt_months_img'] = '%b'; +$L['datefmt_hours'] = '%l%p'; +$L['datefmt_hours_img'] = '%l'; +$L['datefmt_top'] = '%d %B %Y'; diff --git a/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php b/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php index 6df45cb2..91c6fca0 100644 --- a/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php +++ b/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php @@ -1,16 +1,16 @@ <?php - // A dark colorscheme based on a contribution by Mart Visser - $colorscheme = array( - 'image_background' => array( 36, 36, 36, 0 ), - 'graph_background' => array( 220, 220, 230, 0 ), - 'graph_background_2' => array( 205, 205, 220, 0 ), - 'grid_stipple_1' => array( 140, 140, 140, 0 ), - 'grid_stipple_2' => array( 200, 200, 200, 0 ), - 'border' => array( 71, 71, 71, 0 ), - 'text' => array( 255, 255, 255,0 ), - 'rx' => array( 10, 180, 10, 50 ), - 'rx_border' => array( 0, 120, 0, 90 ), - 'tx' => array( 130, 130, 130, 50 ), - 'tx_border' => array( 60, 60, 60, 90 ) - ); + // A dark colorscheme based on a contribution by Mart Visser + $colorscheme = array( + 'image_background' => array( 36, 36, 36, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 71, 71, 71, 0 ), + 'text' => array( 255, 255, 255, 0 ), + 'rx' => array( 10, 180, 10, 50 ), + 'rx_border' => array( 0, 120, 0, 90 ), + 'tx' => array( 130, 130, 130, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); ?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php b/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php index 3c7818f5..22a361f1 100644 --- a/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php +++ b/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php @@ -1,17 +1,17 @@ <?php - // A dark colorscheme based on a contribution by Márcio Bremm - // It is based also on Espresso (gtkrc theme) by Jesse L. Kay - $colorscheme = array( - 'image_background' => array( 065, 061, 057, 0 ), - 'graph_background' => array( 117, 111, 104, 30 ), - 'graph_background_2' => array( 128, 122, 102, 30 ), - 'grid_stipple_1' => array( 140, 140, 140, 0 ), - 'grid_stipple_2' => array( 200, 200, 200, 0 ), - 'border' => array( 211, 202, 170, 0 ), - 'text' => array( 211, 202, 170, 0 ), - 'rx' => array( 211, 202, 170, 50 ), - 'rx_border' => array( 80, 40, 40, 90 ), - 'tx' => array( 163, 156, 131, 50 ), - 'tx_border' => array( 60, 60, 60, 90 ) - ); + // A dark colorscheme based on a contribution by Márcio Bremm + // It is based also on Espresso (gtkrc theme) by Jesse L. Kay + $colorscheme = array( + 'image_background' => array( 065, 061, 057, 0 ), + 'graph_background' => array( 117, 111, 104, 30 ), + 'graph_background_2' => array( 128, 122, 102, 30 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 211, 202, 170, 0 ), + 'text' => array( 211, 202, 170, 0 ), + 'rx' => array( 211, 202, 170, 50 ), + 'rx_border' => array( 80, 40, 40, 90 ), + 'tx' => array( 163, 156, 131, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); ?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/light/style.css b/config/vnstat2/vnstat_php_frontend/themes/light/style.css index 28503f1d..6893d2a6 100644 --- a/config/vnstat2/vnstat_php_frontend/themes/light/style.css +++ b/config/vnstat2/vnstat_php_frontend/themes/light/style.css @@ -4,6 +4,18 @@ body padding: 0; } +a[href]:link, +a[href]:visited { + color: #00f; + text-decoration: none; +} +a[href]:hover, +a[href]:active, +a[href]:focus { + color: #c00; + text-decoration: none; +} + #wrap { xwidth: 868px; @@ -26,13 +38,24 @@ body background-color: #eef; } +#sidebar li.iface ul +{ + display: none; +} +#sidebar li.iface.active ul +{ + display: block; +} +#sidebar li.iface:hover ul +{ + display: block; +} #sidebar li.iface { - margin: 0; + margin: 2px; padding: 0; list-style-type: none; - font-family: 'Trebuchet MS', Verdana, sans-serif; - font-size: 1em; + font-size: 12px; font-weight: bold; xborder-top: 1px solid #99b; border-bottom: 1px solid #99b; @@ -105,7 +128,8 @@ body { padding: 8px; border-left: 1px solid #99b; - border-right: 1px solid #99b; + border-right: 1px solid #99b; + border-bottom: 1px solid #99b; border-collapse: collapse; } diff --git a/config/vnstat2/vnstat_php_frontend/themes/light/theme.php b/config/vnstat2/vnstat_php_frontend/themes/light/theme.php index 2516c874..63bc234d 100644 --- a/config/vnstat2/vnstat_php_frontend/themes/light/theme.php +++ b/config/vnstat2/vnstat_php_frontend/themes/light/theme.php @@ -1,15 +1,15 @@ <?php - $colorscheme = array( - 'image_background' => array( 255, 255, 255, 0 ), - 'graph_background' => array( 220, 220, 230, 0 ), - 'graph_background_2' => array( 205, 205, 220, 0 ), - 'grid_stipple_1' => array( 140, 140, 140, 0 ), - 'grid_stipple_2' => array( 200, 200, 200, 0 ), - 'border' => array( 0, 0, 0, 0 ), - 'text' => array( 0, 0, 0, 0 ), - 'rx' => array( 190, 190, 20, 50 ), - 'rx_border' => array( 40, 80, 40, 90 ), - 'tx' => array( 130, 160, 100, 50 ), - 'tx_border' => array( 80, 40, 40, 90 ) - ); + $colorscheme = array( + 'image_background' => array( 255, 255, 255, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 0, 0, 0, 0 ), + 'text' => array( 0, 0, 0, 0 ), + 'rx' => array( 190, 190, 20, 50 ), + 'rx_border' => array( 40, 80, 40, 90 ), + 'tx' => array( 130, 160, 100, 50 ), + 'tx_border' => array( 80, 40, 40, 90 ) + ); ?> diff --git a/config/vnstat2/vnstat_php_frontend/themes/red/theme.php b/config/vnstat2/vnstat_php_frontend/themes/red/theme.php index 2c9ba6f4..5edacbd2 100644 --- a/config/vnstat2/vnstat_php_frontend/themes/red/theme.php +++ b/config/vnstat2/vnstat_php_frontend/themes/red/theme.php @@ -1,16 +1,16 @@ <?php - // A red colorscheme based on a contribution by Enrico Tröger - $colorscheme = array( - 'image_background' => array( 225, 225, 225, 0 ), - 'graph_background' => array( 220, 220, 230, 0 ), - 'graph_background_2' => array( 205, 205, 220, 0 ), - 'grid_stipple_1' => array( 140, 140, 140, 0 ), - 'grid_stipple_2' => array( 200, 200, 200, 0 ), - 'border' => array( 0, 0, 0, 0 ), - 'text' => array( 0, 0, 0, 0 ), - 'rx' => array( 190, 20, 20, 50 ), - 'rx_border' => array( 80, 40, 40, 90 ), - 'tx' => array( 130, 130, 130, 50 ), - 'tx_border' => array( 60, 60, 60, 90 ) - ); + // A red colorscheme based on a contribution by Enrico Tröger + $colorscheme = array( + 'image_background' => array( 225, 225, 225, 0 ), + 'graph_background' => array( 220, 220, 230, 0 ), + 'graph_background_2' => array( 205, 205, 220, 0 ), + 'grid_stipple_1' => array( 140, 140, 140, 0 ), + 'grid_stipple_2' => array( 200, 200, 200, 0 ), + 'border' => array( 0, 0, 0, 0 ), + 'text' => array( 0, 0, 0, 0 ), + 'rx' => array( 190, 20, 20, 50 ), + 'rx_border' => array( 80, 40, 40, 90 ), + 'tx' => array( 130, 130, 130, 50 ), + 'tx_border' => array( 60, 60, 60, 90 ) + ); ?> diff --git a/config/vnstat2/vnstat_php_frontend/vnstat.php b/config/vnstat2/vnstat_php_frontend/vnstat.php index 9c7e211c..82e0e51f 100644 --- a/config/vnstat2/vnstat_php_frontend/vnstat.php +++ b/config/vnstat2/vnstat_php_frontend/vnstat.php @@ -17,10 +17,10 @@ // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // - // see file COPYING or at http://www.gnu.org/licenses/gpl.html + // see file COPYING or at http://www.gnu.org/licenses/gpl.html // for more information. // - + // // Valid values for other parameters you can pass to the script. // Input parameters will always be limited to one of the values listed here. @@ -39,16 +39,16 @@ { die('can\'t determine script name!'); } - + $page_list = array('s','h','d','m'); - + $graph_list = array('large','small','none'); - + $page_title['s'] = T('summary'); $page_title['h'] = T('hours'); $page_title['d'] = T('days'); $page_title['m'] = T('months'); - + // // functions @@ -88,9 +88,9 @@ $style = DEFAULT_COLORSCHEME; } } - - function get_vnstat_data() + + function get_vnstat_data($use_label=true) { global $iface, $vnstat_bin, $data_dir; global $hour,$day,$month,$top,$summary; @@ -100,7 +100,7 @@ if (file_exists("$data_dir/vnstat_dump_$iface")) { $vnstat_data = file("$data_dir/vnstat_dump_$iface"); - } + } else { $vnstat_data = array(); @@ -126,7 +126,7 @@ // // extract data // - foreach($vnstat_data as $line) + foreach($vnstat_data as $line) { $d = explode(';', trim($line)); if ($d[0] == 'd') @@ -135,16 +135,16 @@ $day[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; $day[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; $day[$d[1]]['act'] = $d[7]; - if ($d[2] != 0) + if ($d[2] != 0 && $use_label) { $day[$d[1]]['label'] = strftime(T('datefmt_days'),$d[2]); $day[$d[1]]['img_label'] = strftime(T('datefmt_days_img'), $d[2]); } - else + elseif($use_label) { $day[$d[1]]['label'] = ''; - $day[$d[1]]['img_label'] = ''; - } + $day[$d[1]]['img_label'] = ''; + } } else if ($d[0] == 'm') { @@ -152,15 +152,15 @@ $month[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; $month[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; $month[$d[1]]['act'] = $d[7]; - if ($d[2] != 0) + if ($d[2] != 0 && $use_label) { $month[$d[1]]['label'] = strftime(T('datefmt_months'), $d[2]); $month[$d[1]]['img_label'] = strftime(T('datefmt_months_img'), $d[2]); } - else + else if ($use_label) { $month[$d[1]]['label'] = ''; - $month[$d[1]]['img_label'] = ''; + $month[$d[1]]['img_label'] = ''; } } else if ($d[0] == 'h') @@ -169,27 +169,30 @@ $hour[$d[1]]['rx'] = $d[3]; $hour[$d[1]]['tx'] = $d[4]; $hour[$d[1]]['act'] = 1; - if ($d[2] != 0) + if ($d[2] != 0 && $use_label) { $st = $d[2] - ($d[2] % 3600); $et = $st + 3600; $hour[$d[1]]['label'] = strftime(T('datefmt_hours'), $st).' - '.strftime(T('datefmt_hours'), $et); $hour[$d[1]]['img_label'] = strftime(T('datefmt_hours_img'), $d[2]); } - else + else if ($use_label) { $hour[$d[1]]['label'] = ''; $hour[$d[1]]['img_label'] = ''; } } else if ($d[0] == 't') - { + { $top[$d[1]]['time'] = $d[2]; $top[$d[1]]['rx'] = $d[3] * 1024 + $d[5]; $top[$d[1]]['tx'] = $d[4] * 1024 + $d[6]; $top[$d[1]]['act'] = $d[7]; - $top[$d[1]]['label'] = strftime(T('datefmt_top'), $d[2]); - $top[$d[1]]['img_label'] = ''; + if($use_label) + { + $top[$d[1]]['label'] = strftime(T('datefmt_top'), $d[2]); + $top[$d[1]]['img_label'] = ''; + } } else { diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 24b7bd01..3d2400ad 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -6,7 +6,7 @@ /* ========================================================================== */ /* zabbix2-agent.xml - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -41,7 +41,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.3</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> @@ -172,7 +172,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index ebcb5bb0..00d9b106 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -6,7 +6,7 @@ /* ========================================================================== */ /* zabbix2-proxy.xml - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -41,7 +41,7 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.3</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> @@ -143,7 +143,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index bf9c6606..13713988 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -3,7 +3,7 @@ /* ========================================================================== */ /* zabbix2-proxy.inc - part of the Zebedee package for pfSense + part of the Zabbix package for pfSense Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -99,7 +99,7 @@ function php_deinstall_zabbix2_proxy(){ conf_mount_ro(); } -function validate_input_zabbix2($post,&$input_errors){ +function validate_input_zabbix2($post, &$input_errors){ if (isset($post['proxyenabled'])){ if (!is_numericint($post['serverport'])) { diff --git a/config/zebedee/zebedee.xml b/config/zebedee/zebedee.xml index db7bfddf..2a208b27 100644 --- a/config/zebedee/zebedee.xml +++ b/config/zebedee/zebedee.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>zebedee</name> - <version>0.1</version> + <version>1.2.1</version> <title>Zebedee Tunneling</title> <include_file>/usr/local/pkg/zebedee.inc</include_file> <menu> @@ -296,7 +296,7 @@ zebedee_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - zebedee_validate_input($_POST, &$input_errors); + zebedee_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_zebedee(); |