diff options
Diffstat (limited to 'config')
26 files changed, 724 insertions, 779 deletions
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 0029a05d..d7973433 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -78,6 +78,17 @@ function bandwidthd_install_config() { $subnets .= "subnet " . gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . "/" . get_interface_subnet($iface) . "\n"; } } + + /* Configure extra stats subnet(s) */ + $subnets_extra = explode(';', str_replace(' ', '', $bandwidthd_config['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!empty($sn) && is_subnetv4($sn)) { + $subnets .= "subnet {$sn}\n"; + } + } + } + $promiscuous_val = ($bandwidthd_config['promiscuous'] != "" ? "promiscuous true" : "promiscuous false"); $sensor_id_string_val = ($bandwidthd_config['sensorid'] != "" ? "sensor_id \"{$bandwidthd_config['sensorid']}\"" : ""); @@ -102,7 +113,7 @@ function bandwidthd_install_config() { /* Advanced Filter */ if ($bandwidthd_config['advfilter']) { - $filter_text_val = "filter " . escapeshellarg(base64_decode($bandwidthd_config['advfilter'])); + $filter_text_val = 'filter "' . base64_decode($bandwidthd_config['advfilter']) . '"'; } else { $filter_text_val = ""; } @@ -279,7 +290,7 @@ EOD; } /* Cron job for graphs */ - if (($bandwidthd_config['enable']) && ($output_cdf)) { + if (($bandwidthd_config['enable']) && ($bandwidthd_config['outputcdf'])) { // Use cron job to rotate logs every day at 00:01 install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); } else { @@ -376,6 +387,17 @@ function bandwidthd_validate_input($post, &$input_errors) { } else { $input_errors[] = "You must select at least on interface under 'Subnet(s) for Statistics Collection'."; } + // Extra subnets + if ($post['subnets_extra']) { + $subnets_extra = explode(';', str_replace(' ', '', $post['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!is_subnetv4($sn)) { + $input_errors[] = gettext("'Extra Subnet(s) for Statistics Collection' may only contain valid IPv4 subnet(s)."); + } + } + } + } // Only support sane characters in Sensor ID if ($post['sensorid']) { if ((!is_hostname($post['sensorid'])) && !preg_match("/^[a-zA-Z0-9\-\=\(\):. ]*$/", $post['sensorid'])) { diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 1668f748..c7d6044d 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -46,7 +46,7 @@ <name>bandwidthd</name> <version>0.6</version> <title>Diagnostics: Bandwidthd</title> - <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> + <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> <menu> <name>BandwidthD</name> @@ -58,7 +58,7 @@ <name>BandwidthD Settings</name> <tooltiptext></tooltiptext> <section>Diagnostics</section> - <url>/pkg_edit.php?xml=bandwidthd.xml&id=0</url> + <url>/pkg_edit.php?xml=bandwidthd.xml</url> </menu> <service> <name>bandwidthd</name> @@ -119,6 +119,20 @@ <required/> </field> <field> + <fielddescr>Extra Subnet(s) for Statistics Collection</fielddescr> + <fieldname>subnets_extra</fieldname> + <description> + <![CDATA[ + Specify additional IPv4 subnet(s) in CIDR notation for statistics collection (or leave empty if none). + For multiple subnets, separate entries with ';'<br /> + (Example: 192.168.1.0/24;10.0.0.0/24)<br /> + <strong>Note: Do NOT specify any local subnets already selected in 'Subnet(s) for Statistics Collection' above!</strong> + ]]> + </description> + <type>input</type> + <size>50</size> + </field> + <field> <fielddescr>Promiscuous</fielddescr> <fieldname>promiscuous</fieldname> <description> @@ -155,6 +169,7 @@ </description> <type>checkbox</type> <default_value>on</default_value> + <enablefields>meta_refresh,skipintervals,graphcutoff</enablefields> </field> <field> <fielddescr>Meta Refresh</fielddescr> @@ -194,6 +209,7 @@ <fieldname>outputcdf</fieldname> <description>Log data to CDF files log*.cdf</description> <type>checkbox</type> + <enablefields>recovercdf</enablefields> </field> <field> <fielddescr>Recover CDF</fielddescr> @@ -279,7 +295,7 @@ <type>textarea</type> <encoding>base64</encoding> <cols>65</cols> - <rows>1</rows> + <rows>5</rows> <advancedfield/> </field> </fields> diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc index 8ba7e437..f539cff5 100644 --- a/config/haproxy1_5/pkg/haproxy.inc +++ b/config/haproxy1_5/pkg/haproxy.inc @@ -347,10 +347,10 @@ function haproxy_custom_php_deinstall_command() { update_output_window($static_output); unlink_if_exists("/usr/local/etc/rc.d/haproxy.sh"); unlink_if_exists("/etc/rc.haproxy_ocsp.sh"); - $static_output .= "HAProxy, installing cron job if needed\n"; + $static_output .= "HAProxy, uninstalling cron job if needed\n"; update_output_window($static_output); - haproxy_install_cron(false); - haproxy_install_cronjob(false, '/etc/rc.haproxy_ocsp.sh'); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; update_output_window($static_output); } @@ -472,95 +472,6 @@ EOD; update_output_window($static_output); } -function haproxy_install_cronjob($should_install, $script, $interval = 60, $parameters = "") { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], $script)) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/{$interval}"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "$script $parameters"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron job"); - } - configure_cron(); - } - break; - } -} - -function haproxy_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/2"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh onecheck"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron CARP job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron CARP job"); - } - configure_cron(); - } - break; - } -} function haproxy_find_backend($backendname) { global $config; @@ -1729,12 +1640,16 @@ function haproxy_check_run($reload) { haproxy_updateocsp(false); if (isset($a_global['carpdev'])) - haproxy_install_cron(true); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", true, "*/2"); else - haproxy_install_cron(false); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); $useocsp = haproxy_uses_ocsp(); - haproxy_install_cronjob($useocsp, '/etc/rc.haproxy_ocsp.sh', 120); + if ($useocsp == "true") { + install_cron_job("/etc/rc.haproxy_ocsp.sh", true, "*/120"); + } else { + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); + } } if(isset($a_global['enable'])) { diff --git a/config/pfblockerng/countrycodes.tar.bz2 b/config/pfblockerng/countrycodes.tar.bz2 Binary files differindex 12cc1b5b..ea189de6 100644 --- a/config/pfblockerng/countrycodes.tar.bz2 +++ b/config/pfblockerng/countrycodes.tar.bz2 diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 379ce223..646e54ca 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -2724,53 +2724,6 @@ function pfblockerng_validate_input($post, &$input_errors) { } } - -function pfblockerng_php_install_command() { - require_once("/usr/local/www/pfblockerng/pfblockerng.php"); - global $config,$pfb; - pfb_global(); - - // Remove previously used CC folder location if exists - @rmdir_recursive("{$pfb['dbdir']}/cc"); - - // Uncompress Country Code File - @copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); - exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); - // Download MaxMind Files and Create Country Code files and Build Continent XML Files - update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); - exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); - - update_output_window(gettext("MaxMind Country Database downloads completed...")); - update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); - pfblockerng_uc_countries(); - update_output_window(gettext("Creating pfBlockerNG Continenet XML Files...")); - pfblockerng_get_countries(); - update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); - - // Remove Original Maxmind Database Files - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); - @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); - - // Add Widget to Dashboard - update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); - if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { - // Restore previous Widget setting if "Keep" is enabled. - $config['widgets']['sequence'] = $pfb['widgets']; - } else { - $widgets = $config['widgets']['sequence']; - if (!preg_match("/pfblockerng-container/", $widgets)) { - if (empty($widgets)) { - $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; - } else { - $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; - } - } - } -} - - function pfblockerng_php_deinstall_command() { require_once("config.inc"); global $config,$pfb; @@ -3030,4 +2983,4 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p } return $success; } -?>
\ No newline at end of file +?> diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index f69983e2..83b0ed8d 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -189,7 +189,7 @@ function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) { if (file_exists($local_file)) { // Determine if URL is Remote or Local if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { - $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($list_url)); } else { $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index 13e14760..5858b08b 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -235,11 +235,11 @@ cp $pfbdeny$alias".txt" $tempfile; > $dedupfile data255="$(cut -d '.' -f 1-3 $tempfile | awk '{a[$0]++}END{for(i in a){if(a[i] > 255){print i}}}')" if [ ! -z "$data255" ]; then for ip in $data255; do - ii=$(echo "^$ip" | sed 's/\./\\\./g') + ii=$(echo "^$ip." | sed 's/\./\\\./g') grep $ii $tempfile >> $dedupfile done awk 'FNR==NR{a[$0];next}!($0 in a)' $dedupfile $tempfile > $pfbdeny$alias".txt" - for ip in $data255; do echo $ip"0/24" >> $pfbdeny$alias".txt"; done + for ip in $data255; do echo $ip".0/24" >> $pfbdeny$alias".txt"; done fi } @@ -252,6 +252,8 @@ dupcheck=yes hcheck=$(grep -c ^ $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m 1 "$alias " $masterfile ); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -332,7 +334,6 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then octet4=$(echo $ip | cut -d '.' -f 4 | sed 's/\/.*//') dcheck=$(grep $iptrim".0/24" $dupfile) if [ "$dcheck" == "" ]; then - echo $iptrim".0" >> $tempfile echo $iptrim".0/24" >> $dupfile counter=$(($counter + 1)) # Add Individual IP addresses from Range excluding Suppressed IP @@ -424,6 +425,8 @@ dupcheck=yes hcheck=$(grep -cv "^$" $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m1 "$alias " $masterfile); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -478,7 +481,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi @@ -605,7 +608,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 echo; echo "=====================================================================" echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 218b22e1..d3b2cb16 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -71,6 +71,10 @@ <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_install.inc</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> <chmod>0644</chmod> @@ -542,10 +546,14 @@ </field> </fields> <custom_php_install_command> - pfblockerng_php_install_command(); + <![CDATA[ + include_once('/usr/local/pkg/pfblockerng/pfblockerng_install.inc'); + ]]> </custom_php_install_command> <custom_php_deinstall_command> + <![CDATA[ pfblockerng_php_deinstall_command(); + ]]> </custom_php_deinstall_command> <custom_php_validation_command> pfblockerng_validate_input($_POST, $input_errors); diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index bfb15c07..7253d04d 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -451,7 +451,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Skip Repeated Alerts - if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) { + if (($pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]) == $previous_alert) { continue; } @@ -489,8 +489,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Collect Details for Repeated Alert Comparison - $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; - $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + $previous_alert = $pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]; } unset ($pfbalert, $logarr); return $fields_array; diff --git a/config/pfblockerng/pfblockerng_install.inc b/config/pfblockerng/pfblockerng_install.inc new file mode 100644 index 00000000..28fe373f --- /dev/null +++ b/config/pfblockerng/pfblockerng_install.inc @@ -0,0 +1,82 @@ +<?php +/* + pfBlockerNG_install.inc + + pfBlockerNG + Copyright (C) 2015 BBcan177@gmail.com + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// Install pfBlockerNG package, launched from pfblockerng.xml + +require_once('/usr/local/pkg/pfblockerng/pfblockerng.inc'); +require_once('/usr/local/www/pfblockerng/pfblockerng.php'); + +global $config, $pfb; +pfb_global(); + +// Remove previously used CC folder location if exists +@rmdir_recursive("{$pfb['dbdir']}/cc"); + +// Uncompress Country Code File +@copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); +exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); +// Download MaxMind Files and Create Country Code files and Build Continent XML Files +update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); +exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + +update_output_window(gettext("MaxMind Country Database downloads completed...")); +update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); +pfblockerng_uc_countries(); +update_output_window(gettext("Creating pfBlockerNG Continent XML Files...")); +pfblockerng_get_countries(); +update_output_window(gettext("Completed Creating pfBlockerNG Continent XML Files...")); + +// Remove Original Maxmind Database Files +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); +@unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); + +// Add Widget to Dashboard +update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); +if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { + // Restore previous Widget setting if "Keep" is enabled. + $config['widgets']['sequence'] = $pfb['widgets']; +} else { + $widgets = $config['widgets']['sequence']; + if (!preg_match("/pfblockerng-container/", $widgets)) { + if (empty($widgets)) { + $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; + } else { + $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; + } + } +} +return TRUE; + +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 32ed52e8..030c1385 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -132,6 +132,17 @@ <type>listtopic</type> </field> <field> + <description><![CDATA[<font color='red'>Note:</font> pfSense by default implicitly blocks all unsolicited inbound traffic to the WAN + interface. Therefore adding GeoIP based firewall rules to the WAN will <strong>not</strong> provide any benefit, unless there are + open WAN ports. Also consider protecting just the specific open WAN ports. It's also <strong>not</strong> recommended to + block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Finally, it's just as important + to protect the outbound LAN traffic.]]> + </description> + <type>info</type> + <dontdisplayname/> + <usecolspan2/> + </field> + <field> <fielddescr>LINKS</fielddescr> <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index e63d04dc..7911a4e6 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -207,9 +207,9 @@ include_once("head.inc"); <tr> <td colspan="2" class="listr"> <?php - if ($pfb['enable'] == "on") { + if ($pfb['enable'] == 'on') { - /* Legend - Time Variables + /* Legend - Time variables $pfb['interval'] Hour interval setting (1,2,3,4,6,8,12,24) $pfb['min'] Cron minute start time (0-23) @@ -218,92 +218,70 @@ include_once("head.inc"); $currenthour Current hour $currentmin Current minute + $currentsec Current second + $currentdaysec Total number of seconds elapsed so far in the day $cron_hour_begin First cron hour setting (interval 2-24) $cron_hour_next Next cron hour setting (interval 2-24) - $max_min_remain Max minutes to next cron (not including currentmin) - $min_remain Total minutes remaining to next cron - $min_final The minute component in hour:min - $nextcron Next cron event in hour:mins - $cronreal Time remaining to next cron in hours:mins */ + $cronreal Time remaining to next cron in hours:mins:secs */ $currenthour = date('G'); $currentmin = date('i'); + $currentsec = date('s'); + $currentdaysec = ($currenthour * 3600) + ($currentmin * 60) + $currentsec; if ($pfb['interval'] == 1) { - if (($currenthour + ($currentmin/60)) <= ($pfb['hour'] + ($pfb['min']/60))) { + if ($currentmin < $pfb['min']) { $cron_hour_next = $currenthour; } else { - $cron_hour_next = $currenthour + 1; - } - if (($currenthour + ($pfb['min']/60)) >= 24) { - $cron_hour_next = $pfb['hour']; + $cron_hour_next = ($currenthour + 1) % 24; } - $max_min_remain = 60 + $pfb['min']; } elseif ($pfb['interval'] == 24) { - $cron_hour_next = $cron_hour_begin = $pfb['24hour'] != '' ? $pfb['24hour'] : '00'; + $cron_hour_next = $cron_hour_begin = !empty($pfb['24hour']) ?: '00'; } else { - // Find Next Cron hour schedule + // Find next cron hour schedule $crondata = pfb_cron_base_hour(); + $cron_hour_begin = 0; + $cron_hour_next = ''; if (!empty($crondata)) { foreach ($crondata as $key => $line) { if ($key == 0) { $cron_hour_begin = $line; } - if ($line > $currenthour) { + if (($line * 3600) + ($pfb['min'] * 60) > $currentdaysec) { $cron_hour_next = $line; break; } } } - - // Roll over to First cron hour setting - if (!isset($cron_hour_next)) { - if (empty($cron_hour_begin)) { - // $cron_hour_begin is hour '0' - $cron_hour_next = (24 - $currenthour); - } else { - $cron_hour_next = $cron_hour_begin; - } - } - } - - if ($pfb['interval'] != 1) { - if (($currenthour + ($currentmin/60)) <= ($cron_hour_next + ($pfb['min']/60))) { - $max_min_remain = (($cron_hour_next - $currenthour) * 60) + $pfb['min']; - } else { - $max_min_remain = ((24 - $currenthour + $cron_hour_begin) * 60) + $pfb['min']; + // Roll over to the first cron hour setting + if (empty($cron_hour_next)) { $cron_hour_next = $cron_hour_begin; } } - $min_remain = ($max_min_remain - $currentmin); - $min_final = ($min_remain % 60); - $sec_final = (60 - date('s')); - - if (strlen($sec_final) == 1) { - $sec_final = '0' . $sec_final; - } - if (strlen($min_final) == 1) { - $min_final = '0' . $min_final; - } - if (strlen($cron_hour_next) == 1) { - $cron_hour_next = '0' . $cron_hour_next; - } - - if ($min_remain > 59) { - $nextcron = floor($min_remain / 60) . ':' . $min_final . ':' . $sec_final; + $cron_seconds_next = ($cron_hour_next * 3600) + ($pfb['min'] * 60); + if ($currentdaysec < $cron_seconds_next) { + // The next cron job is ahead of us in the day + $sec_remain = $cron_seconds_next - $currentdaysec; } else { - $nextcron = '00:' . $min_final . ':' . $sec_final; + // The next cron job is tomorrow + $sec_remain = (24*60*60) + $cron_seconds_next - $currentdaysec; } - if ($pfb['min'] == 0) { - $pfb['min'] = '00'; - } + // Ensure hour:min:sec variables are two digit + $pfb['min'] = str_pad($pfb['min'], 2, '0', STR_PAD_LEFT); + $sec_final = str_pad(($sec_remain % 60), 2, '0', STR_PAD_LEFT); + $min_remain = str_pad(floor($sec_remain / 60), 2, '0', STR_PAD_LEFT); + $min_final = str_pad(($min_remain % 60), 2, '0', STR_PAD_LEFT); + $hour_final = str_pad(floor($min_remain / 60), 2, '0', STR_PAD_LEFT); + $cron_hour_next = str_pad($cron_hour_next, 2, '0', STR_PAD_LEFT); + $cronreal = "{$cron_hour_next}:{$pfb['min']}"; + $nextcron = "{$hour_final}:{$min_final}:{$sec_final}"; } if (empty($pfb['enable']) || empty($cron_hour_next)) { @@ -314,9 +292,8 @@ include_once("head.inc"); echo "NEXT Scheduled CRON Event will run at <font size=\"3\"> {$cronreal}</font> with <font size=\"3\"><span class=\"red\"> {$nextcron} </span></font> time remaining."; - // Query for any Active pfBlockerNG CRON Jobs - $result_cron = array(); - $cron_event = exec ("/bin/ps -wax", $result_cron); + // Query for any active pfBlockerNG CRON jobs + exec ('/bin/ps -wax', $result_cron); if (preg_grep("/pfblockerng[.]php\s+cron/", $result_cron)) { echo "<font size=\"2\"><span class=\"red\"> Active pfBlockerNG CRON Job </span></font> "; diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 140bac8a..34900e76 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -1,9 +1,10 @@ <?php /* quagga_ospfd.inc - Copyright (C) 2010 Ermal Lu�i + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Ermal Luçi Copyright (C) 2012 Jim Pingle - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,7 +47,7 @@ function quagga_ospfd_get_interfaces() { $interfaces = get_configured_interface_with_descr(); $ospf_ifs = array(); foreach ($interfaces as $iface => $ifacename) { - $tmp["name"] = $ifacename; + $tmp["name"] = $ifacename; $tmp["value"] = $iface; $ospf_ifs[] = $tmp; } @@ -55,7 +56,7 @@ function quagga_ospfd_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $ospf_ifs[] = $tmp; } @@ -74,11 +75,11 @@ function quagga_ospfd_install_conf() { $quagga_config_base = PKG_QUAGGA_CONFIG_BASE; $noaccept = ""; - + // generate ospfd.conf based on the assistant - if(is_array($config['installedpackages']['quaggaospfd']['config'])) + if(is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; - else { + } else { log_error("Quagga OSPFd: No config data found."); return; } @@ -90,11 +91,12 @@ function quagga_ospfd_install_conf() { } else { $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $conffile .= "password {$ospfd_conf['password']}\n"; - - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $conffile .= "log syslog\n"; + } /* Interface Settings */ $passive_interfaces = array(); @@ -113,7 +115,7 @@ function quagga_ospfd_install_conf() { if ($conf['md5password'] && !empty($conf['password'])) { $conffile .= " ip ospf authentication message-digest\n"; $conffile .= " ip ospf message-digest-key 1 md5 " . substr($conf['password'], 0, 15) . "\n"; - } else if (!empty($conf['password'])) { + } elseif (!empty($conf['password'])) { $conffile .= " ip ospf authentication-key " . substr($conf['password'], 0, 8) . "\n"; } if (!empty($conf['routerpriorityelections'])) { @@ -124,38 +126,36 @@ function quagga_ospfd_install_conf() { } if (!empty($conf['deadtimer'])) { $conffile .= " ip ospf dead-interval {$conf['deadtimer']}\n"; - } + } if (!empty($conf['passive'])) { $passive_interfaces[] = $realif; } $interface_ip = find_interface_ip($realif); $interface_subnet = find_interface_subnet($realif); /* Cheap hack since point-to-points won't attach if /32 is used. */ - if ($interface_subnet == 32) + if ($interface_subnet == 32) { $interface_subnet = 30; + } $subnet = gen_subnet($interface_ip, $interface_subnet); if (!empty($conf['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$subnet}/{$interface_subnet}\n"; } if (!empty($conf['interfacearea'])) { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $conf['interfacearea']); - } - else { + } else { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $ospfd_conf['area']); } - - - } } - + $redist = ""; $noredist = ""; if (is_array($ospfd_conf['row'])) { foreach ($ospfd_conf['row'] as $redistr) { - if (empty($redistr['routevalue'])) + if (empty($redistr['routevalue'])) { continue; + } if (isset($redistr['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$redistr['routevalue']}\n"; } @@ -173,55 +173,60 @@ function quagga_ospfd_install_conf() { $conffile .= "\n\nrouter ospf\n"; // Specify router id - if($ospfd_conf['routerid']) + if ($ospfd_conf['routerid']) { $conffile .= " ospf router-id {$ospfd_conf['routerid']}\n"; - - if ($ospfd_conf['updatefib']) + } + if ($ospfd_conf['updatefib']) { $conffile .= " area {$ospfd_conf['area']} stub\n"; - - if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) + } + if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) { $conffile .= " log-adjacency-changes detail\n"; - - if ($ospfd_conf['redistributeconnectedsubnets']) + } + if ($ospfd_conf['redistributeconnectedsubnets']) { $conffile .= " redistribute connected\n"; - - if ($ospfd_conf['redistributestatic']) + } + if ($ospfd_conf['redistributestatic']) { $conffile .= " redistribute static\n"; - - if ($ospfd_conf['redistributekernel']) + } + if ($ospfd_conf['redistributekernel']) { $conffile .= " redistribute kernel\n"; - - - if ($ospfd_conf['redistributedefaultroute']) + } + if ($ospfd_conf['redistributedefaultroute']) { $conffile .= " default-information originate\n"; - + } if ($ospfd_conf['spfholdtime'] || $ospfd_conf['spfdelay']) { $spf_minhold = ($ospfd_conf['spfholdtime']) ? $ospfd_conf['spfholdtime'] : 1000; $spf_maxhold = $spf_minhold * 10; $spf_delay = ($ospfd_conf['spfdelay']) ? $ospfd_conf['spfdelay'] : 200; $conffile .= " timers throttle spf {$spf_delay} {$spf_minhold} {$spf_maxhold}\n"; } - - if ($ospfd_conf['rfc1583']) + if ($ospfd_conf['rfc1583']) { $conffile .= " ospf rfc1583compatibility\n"; - + } if (is_array($passive_interfaces)) { foreach ($passive_interfaces as $pint) $conffile .= " passive-interface {$pint}\n"; } - - if (is_array($interface_networks)) { foreach ($interface_networks as $ifn) { if (is_subnet($ifn['subnet'])) { - $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; - } + $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; + } } } - - if (!empty($redist)) + if ($conf['md5password'] && !empty($conf['password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication message-digest\n"; + } elseif ($conf['md5password'] && !empty($conf['password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication message-digest\n"; + } + if ($conf['password'] && empty($conf['md5password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication\n"; + } elseif ($conf['password'] && empty($conf['md5password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication\n"; + } + if (!empty($redist)) { $conffile .= $redist; - + } if (!empty($noredist)) { $conffile .= " distribute-list dnr-list out connected\n"; $conffile .= " distribute-list dnr-list out kernel\n"; @@ -248,10 +253,12 @@ function quagga_ospfd_install_conf() { $zebraconffile = str_replace("\r","",base64_decode($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra'])); } else { $zebraconffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $zebraconffile .= "password {$ospfd_conf['password']}\n"; - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $zebraconffile .= "log syslog\n"; + } if (!empty($noaccept)) { $zebraconffile .= $noaccept; $zebraconffile .= "ip prefix-list ACCEPTFILTER permit any\n"; @@ -381,31 +388,40 @@ function quagga_ospfd_validate_interface() { if ($config['installedpackages']['quaggaospfdinterfaces']['config']) { foreach ($config['installedpackages']['quaggaospfdinterfaces']['config'] as $index => $conf) { - if ($index == 0) + if ($index == 0) { continue; - if ($id != $index && $conf['interface'] == $_POST['interface']) + } + if ($id != $index && $conf['interface'] == $_POST['interface']) { $input_errors[] = "Interface {$_POST['interface']} is already configured."; + } } } - if ($_POST['md5password'] && empty($_POST['password'])) + if ($_POST['md5password'] && empty($_POST['password'])) { $input_errors[] = "Please input a password."; + } } function quagga_ospfd_validate_input() { global $config, $g, $input_errors; - if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) + if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) { $input_errors[] = "Password cannot contain a single quote (')"; - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + } + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an address."; - if (!is_ipaddr($_POST['area'])) + } + if (!is_ipaddr($_POST['area'])) { $input_errors[] = "Area needs to be a valid ip_address."; - if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) + } + if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) { $input_errors[] = "SPF holdtime needs to be between 1 and 5."; - if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) + } + if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) { $input_errors[] = "SPF delay needs to be between 1 and 10."; - if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) + } + if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) { $input_errors[] = "Please select an interface to use for Quagga OSPFd."; + } } function quagga_get_carp_status_by_ip($ipaddr) { @@ -413,8 +429,9 @@ function quagga_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -430,7 +447,7 @@ function quagga_ospfd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no OSPF config, then stop */ - if(is_array($config['installedpackages']['quaggaospfd']['config'])) { + if (is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; } else { return null; diff --git a/config/quagga_ospfd/status_ospfd.php b/config/quagga_ospfd/status_ospfd.php index 8ecf19d0..b291655d 100644 --- a/config/quagga_ospfd/status_ospfd.php +++ b/config/quagga_ospfd/status_ospfd.php @@ -1,8 +1,10 @@ <?php /* status_ospfd.php - Copyright (C) 2010 Nick Buraglio; nick@buraglio.com + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Nick Buraglio <nick@buraglio.com> Copyright (C) 2010 Scott Ullrich <sullrich@pfsense.org> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -16,7 +18,7 @@ documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF @@ -26,14 +28,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); $pgtitle = "Quagga OSPF: Status"; include("head.inc"); $control_script = "/usr/local/bin/quaggactl"; -$pkg_homedir = "/var/etc/quagga"; +$pkg_homedir = "/var/etc/quagga"; /* List all of the commands as an index. */ function listCmds() { @@ -61,11 +62,12 @@ function defCmdT($title, $command) { } function doCmdT($title, $command) { - echo "<p>\n"; + echo "<br />\n"; echo "<a name=\"" . $title . "\">\n"; echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; - echo "<tr><td class=\"listlr\"><pre>"; /* no newline after pre */ + /* no newline after pre */ + echo "<tr><td class=\"listlr\"><pre>"; $execOutput = ""; $execStatus = ""; @@ -86,7 +88,7 @@ function doCmdT($title, $command) { <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> + <tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=quagga_ospfd.xml&id=0"); @@ -96,8 +98,7 @@ function doCmdT($title, $command) { display_top_tabs($tab_array); ?> </td></tr> - <tr> - <td> + <tr><td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -123,8 +124,7 @@ function doCmdT($title, $command) { </tr> </table> </div> - </td> - </tr> + </td></tr> </table> <?php include("fend.inc"); ?> </body> diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 7f3f9338..6dc17ef6 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -1,45 +1,73 @@ <?php +/* + stunnel.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $config; + +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m")); } else { - define('STUNNEL_LOCALBASE','/usr/local'); + define('STUNNEL_LOCALBASE', '/usr/local'); } define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel"); -if(!isset($_GET['id']) and !isset($_POST['id'])) { - if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { - $savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; +if (!isset($_GET['id']) and !isset($_POST['id'])) { + if ($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { + $savemsg = $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']); write_config(); } - } -if(isset($_GET['id'])) { - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']= +if (isset($_GET['id'])) { + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']); - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']= + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']); } -$certs=$config['installedpackages']['stunnelcerts']['config']; -is_array($certs) ? $num_certs=count($certs) : $num_certs=0; -if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { - for ($i=0;$i<$num_certs;$i++) { - $cert=$certs[$i]; - $_info=openssl_x509_parse(base64_decode($cert['cert_chain'])); - $valid=floor(($_info['validTo_time_t']-time())/86400); - if($cert['cert_chain']) { - if(!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { - $_status='<font color="#AA0000"><b>Invalid key/cert!</b></font>'; - } elseif($valid<30) { - $_status='<font color="#B27D4B">Expires in '.$valid.' days!</font>'; +$certs = $config['installedpackages']['stunnelcerts']['config']; +is_array($certs) ? $num_certs = count($certs) : $num_certs = 0; +if (!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { + for ($i = 0; $i < $num_certs; $i++) { + $cert = $certs[$i]; + $_info = openssl_x509_parse(base64_decode($cert['cert_chain'])); + $valid = floor(($_info['validTo_time_t'] - time()) / 86400); + if ($cert['cert_chain']) { + if (!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { + $_status = '<font color="#AA0000"><strong>Invalid key/cert!</strong></font>'; + } elseif ($valid < 30) { + $_status = '<font color="#B27D4B">Expires in ' . $valid . ' days!</font>'; } else { - $_status='<font color="#008800">OK ('.$valid.' days)</font>'; + $_status = '<font color="#008800">OK (' . $valid . ' days)</font>'; } - $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status; + $config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } @@ -47,18 +75,19 @@ if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { } -$tunnels=$config['installedpackages']['stunnel']['config']; -is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0; -if(!isset($_GET['id']) and $num_tunnels) { - for ($i=0;$i<$num_tunnels;$i++) { - $tunnel=$tunnels[$i]; - if($tunnel['certificate']) { - $certid=0; - if(is_array($config['installedpackages']['stunnelcerts']['config'])) { - foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) { - if($tunnel['certificate']==$cert['filename']) +$tunnels = $config['installedpackages']['stunnel']['config']; +is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0; +if (!isset($_GET['id']) and $num_tunnels) { + for ($i = 0; $i < $num_tunnels; $i++) { + $tunnel = $tunnels[$i]; + if ($tunnel['certificate']) { + $certid = 0; + if (is_array($config['installedpackages']['stunnelcerts']['config'])) { + foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) { + if ($tunnel['certificate'] == $cert['filename']) { $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= - '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id='.$certid.'">'.$cert['description'].'</a>'; + '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id=' . $certid . '">' . $cert['description'] . '</a>'; + } $certid++; } } @@ -67,7 +96,7 @@ if(!isset($_GET['id']) and $num_tunnels) { } function stunnel_printcsr() { -# $GLOBALS['savemsg']="<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "</pre>"; +// $GLOBALS['savemsg'] = "<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "</pre>"; } function stunnel_addcerts($config) { @@ -75,13 +104,14 @@ function stunnel_addcerts($config) { $tunnels=$config['installedpackages']['stunnel']['config']; ?> <script type="text/javascript"> + //<![CDATA[ function addcerts() { <?php - - foreach($certs as $cert) { + + foreach ($certs as $cert) { echo("document.forms['iform'].certificate.appendChild(new Option('".$cert['description']."', '".$cert['filename']."'));"); } - + ?> } addcerts(); @@ -93,9 +123,9 @@ function stunnel_addcerts($config) { document.forms['iform'].certificate[i].selected = true; } else { document.forms['iform'].certificate[i].selected = false; - } + } } - + //]]> </script> <?php } @@ -103,105 +133,103 @@ function stunnel_addcerts($config) { function stunnel_disablefields() { ?> <script type="text/javascript"> + //<![CDATA[ document.forms['iform'].subject.readOnly=true; document.forms['iform'].filename.readOnly=true; document.forms['iform'].expiry.readOnly=true; + //]]> </script> <?php } function stunnel_delete($config) { $cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]; - if(isset($_GET['id'])) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain'); + if (isset($_GET['id'])) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.pem'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.chain'); } } function stunnel_save($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; conf_mount_rw(); - if (!file_exists(STUNNEL_ETCDIR)) - @mkdir(STUNNEL_ETCDIR, 0755, true); - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + safe_mkdir(STUNNEL_ETCDIR, 0755); + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if(!is_array($config['installedpackages']['stunnel']['config'])) { $config['installedpackages']['stunnel']['config']=Array(); } - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if (!is_array($config['installedpackages']['stunnel']['config'])) { + $config['installedpackages']['stunnel']['config'] = array(); + } + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n"); - if($pkgconfig['certificate']) { - if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and - file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { + if ($pkgconfig['client']) { + fwrite($fout, "client = yes" . "\n"); + } + if ($pkgconfig['certificate']) { + if (file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n"); } } - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } fclose($fout); conf_mount_ro(); - system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null"); - system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); + stop_service("stunnel"); + start_service("stunnel"); } + function stunnel_save_cert($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; - if(isset($_POST['id'])) { -# echo "<pre>"; -# print_r($_POST); -# echo "</pre>"; - - if(!$_POST['cert_chain']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!<br>"; - } if(!$_POST['cert_key']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!<br>"; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; + if (isset($_POST['id'])) { + if (!$_POST['cert_chain']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate chain must be specified!<br />"; } - if($_POST['cert_chain'] and $_POST['cert_key']) { - $_cert=openssl_x509_parse($_POST['cert_chain']); -# echo("<pre>"); -# print_r($_cert); -# echo("</pre>"); - if($_cert['hash']) { - if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', - $_POST['cert_key']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', - $_POST['cert_chain']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', - $_POST['cert_key']."\n".$_POST['cert_chain']); + if (!$_POST['cert_key']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!<br />"; + } + if ($_POST['cert_chain'] and $_POST['cert_key']) { + $_cert = openssl_x509_parse($_POST['cert_chain']); + if ($_cert['hash']) { + if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { + file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600); - $_POST['filename']=$_cert['hash']; - $_POST['expiry_raw']=$_cert['validTo_time_t']; - $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']); - $_POST['subject']=$_cert['name']; + $_POST['filename'] = $_cert['hash']; + $_POST['expiry_raw'] = $_cert['validTo_time_t']; + $_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']); + $_POST['subject'] = $_cert['name']; } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!<br>"; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!<br />"; + $_POST['filename'] = ''; } } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!<br>"; - $_POST['expiry_raw']=''; - $_POST['expiry']=''; - $_POST['subject']=''; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!<br />"; + $_POST['expiry_raw'] = ''; + $_POST['expiry'] = ''; + $_POST['subject'] = ''; + $_POST['filename'] = ''; } } - $_POST['cert_key']=base64_encode($_POST['cert_key']); - $_POST['cert_chain']=base64_encode($_POST['cert_chain']); - $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; - if($_fname and $_fname!=$_POST['filename']) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); + $_POST['cert_key'] = base64_encode($_POST['cert_key']); + $_POST['cert_chain'] = base64_encode($_POST['cert_chain']); + $_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; + if ($_fname and $_fname != $_POST['filename']) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem'); } } } @@ -212,21 +240,23 @@ function stunnel_install() { chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - $_rcfile['file']='stunnel.sh'; - $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; - $_rcfile['stop'].="killall stunnel \n\t"; + $_rcfile['file'] = 'stunnel.sh'; + $_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; + $_rcfile['stop'] = "/usr/bin/killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); - - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if($config['installedpackages']['stunnel']['config']) { - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if ($config['installedpackages']['stunnel']['config']) { + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); @@ -238,7 +268,6 @@ function stunnel_install() { function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); - unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } ?> diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml index bb66d196..c8957ba8 100644 --- a/config/stunnel/stunnel.xml +++ b/config/stunnel/stunnel.xml @@ -1,71 +1,68 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnel</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel</title> - <!-- Menu is where this packages menu will appear --> <menu> <name>STunnel</name> - <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> + <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. + It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. + It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. + It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> <section>Services</section> <configfile>stunnel.xml</configfile> </menu> - + <include_file>/usr/local/pkg/stunnel.inc</include_file> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item> </additional_files_needed> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -77,9 +74,11 @@ <url>/pkg.php?xml=stunnel_certs.xml</url> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> + <service> + <name>stunnel</name> + <rcfile>stunnel.sh</rcfile> + <executable>stunnel</executable> + </service> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -106,8 +105,6 @@ <fieldname>redirectport</fieldname> </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> @@ -118,7 +115,7 @@ <field> <fielddescr>Client Mode</fielddescr> <fieldname>client</fieldname> - <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server)</description> + <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server).</description> <type>checkbox</type> </field> <field> @@ -128,7 +125,7 @@ <type>input</type> </field> <field> - <fielddescr>Listen on port</fielddescr> + <fielddescr>Listen on Port</fielddescr> <fieldname>localport</fieldname> <description>Enter the local port to bind this redirection to.</description> <type>input</type> @@ -156,18 +153,12 @@ <type>input</type> </field> <field> - <fielddescr>Outgoing source IP</fielddescr> + <fielddescr>Outgoing Source IP</fielddescr> <fieldname>sourceip</fieldname> <description>Enter the source IP address for outgoing connections.</description> <type>input</type> </field> </fields> - <service> - <name>stunnel</name> - <rcfile>stunnel.sh</rcfile> - <executable>stunnel</executable> - </service> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command_late> stunnel_save($config); </custom_add_php_command_late> diff --git a/config/stunnel/stunnel_certs.xml b/config/stunnel/stunnel_certs.xml index 5ea07328..ce1dcf52 100644 --- a/config/stunnel/stunnel_certs.xml +++ b/config/stunnel/stunnel_certs.xml @@ -1,53 +1,51 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel_certs.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Stunnel certificates</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnelcerts</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel - Certificates</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> + <include_file>/usr/local/pkg/stunnel.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -59,9 +57,6 @@ <active/> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -79,55 +74,59 @@ <fielddescr>Status</fielddescr> <fieldname>status</fieldname> </columnitem> - </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter a (short) description for this certificate</description> + <description>Enter a (short) description for this certificate.</description> <type>input</type> </field> <field> - <fielddescr>Certificate filename</fielddescr> + <fielddescr>Certificate Filename</fielddescr> <fieldname>filename</fieldname> <description>File name of certificate (read-only; updated on save). Extensions (.pem, .chain, .key) are added automatically.</description> <type>input</type> </field> <field> - <fielddescr>Certificate subject</fielddescr> + <fielddescr>Certificate Subject</fielddescr> <fieldname>subject</fieldname> <description>Certificate subject (read-only; updated on save)</description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>Certificate valid until</fielddescr> + <fielddescr>Certificate Valid Until</fielddescr> <fieldname>expiry</fieldname> <description>The certificate will expire on this date, and will no longer work.</description> <type>input</type> </field> <field> - <fielddescr>RSA private key</fielddescr> + <fielddescr>RSA Private Key</fielddescr> <fieldname>cert_key</fieldname> - <description>RSA private key used for certificate. Do not change for existing certificates!<br></description> + <description> + <![CDATA[ + RSA private key used for certificate. Do not change for existing certificates!<br /> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> <field> - <fielddescr>Certificate chain</fielddescr> + <fielddescr>Certificate Chain</fielddescr> <fieldname>cert_chain</fieldname> - <description>Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br> - <b>Full chain required for private or EV certificates!</b></description> + <description> + <![CDATA[ + Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br /> + <strong>Full chain required for private or EV certificates!</strong> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> </fields> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command> stunnel_save_cert($config); stunnel_save($config); diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index 57a94f96..41fce416 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -58,14 +58,17 @@ function syslogng_install_command() { if (!file_exists("/usr/local/lib/syslog-ng")) { @symlink(SYSLOGNG_BASEDIR . "local/lib/syslog-ng", "/usr/local/lib/syslog-ng"); } - syslogng_install_cron(true); + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", true, "0"); syslogng_resync(); } function syslogng_deinstall_command() { - if (is_link("/usr/local/lib/syslog-ng")) + if (is_link("/usr/local/lib/syslog-ng")) { unlink("/usr/local/lib/syslog-ng"); - syslogng_install_cron(false); + } + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", false); unlink_if_exists("/usr/local/etc/logrotate.conf"); unlink_if_exists("/usr/local/etc/syslog-ng.conf"); filter_configure(); @@ -137,62 +140,6 @@ function syslogng_validate_advanced($post, &$input_errors) { } } -function syslogng_install_cron($should_install) { - global $config; - - if (platform_booting()) { - return; - } - - if (!$config['cron']['item']) { - return; - } - - $x=0; - $rotate_job_id=-1; - $rotate_is_installed = false; - - foreach ($config['cron']['item'] as $item) { - if (strstr($item['task_name'], "syslogng_rotate_logs")) { - $rotate_job_id = $x; - } - $x++; - } - $need_write = false; - switch ($should_install) { - case true: - if ($rotate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "syslogng_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding syslog-ng Cron Jobs"); - } - break; - case false: - if ($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing syslog-ng Cron Jobs"); - } - break; - } - configure_cron(); -} - function syslogng_build_default_objects($settings) { $default_objects = array(); diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index 65f07e32..81e506b4 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -159,8 +159,8 @@ function tinc_save() { if ($tincconf['enable'] != "") { restart_service("tinc"); - } elseif (is_process_running("tincd")); { - stop_service("tinc"); + } elseif (is_process_running("tincd")) { + stop_service("tinc"); } rmdir_recursive("/usr/local/etc/tinc.old"); diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 86a95346..b42bc0a9 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -30,56 +30,13 @@ require_once("util.inc"); function vnstat_install_deinstall() { - global $config; // Remove Vnstat package and files exec("/bin/rm -d -R /usr/local/www/vnstat2"); exec("/bin/rm -d -R /usr/local/www/vnstati"); exec("/bin/rm -d -R /usr/local/pkg/vnstat2"); exec("/bin/rm /usr/local/etc/vnstat.conf"); // Remove vnstat cron entry from config.xml - vnstat2_install_cron(false); -} - -function vnstat2_install_cron($vnstat_cron_value) { - global $config; - $is_installed = false; - if (!$config['cron']['item']) { - return; - } - $x=0; - foreach ($config['cron']['item'] as $item) { - if (strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch ($vnstat_cron_value) { - case true: - if (!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/1"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; - $config['cron']['item'][] = $cron_item; - write_config(); - configure_cron(); - } - break; - case false: - if ($is_installed == true) { - if ($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - break; - } + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", false); } function change_vnstat_conf() { @@ -226,7 +183,7 @@ function vnstat_install_config() { } write_conf_f(); // Add cron job to config.xml - vnstat2_install_cron(true); + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", true, "*/1"); vnstat_create_nic_dbs(); write_config(); conf_mount_ro(); diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc index ecbfe897..3aeb1016 100644 --- a/config/widget-havp/havp_alerts.inc +++ b/config/widget-havp/havp_alerts.inc @@ -12,4 +12,4 @@ $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); /* AJAX related routines */ handle_havp_ajax($havp_alerts_logfile, $nentries = 5); -?>
\ No newline at end of file +?> diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php index c0810b83..81be9d3b 100644 --- a/config/widget-havp/havp_alerts.inc.php +++ b/config/widget-havp/havp_alerts.inc.php @@ -1,52 +1,76 @@ -<? +<?php +/* + havp_alerts.inc.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ function get_havp_alerts($havp_alerts, $nentries, $tail = 20) { global $config, $g; $logarr = ""; /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ exec("/usr/bin/tail -r -n {$tail} {$havp_alerts}", $logarr); - + $havpalerts = array(); - $counter = 0; - + foreach ($logarr as $logent) { - if($counter >= $nentries) + if ($counter >= $nentries) { break; - + } $alert = parse_havp_alert_line($logent); if ($alert != "") { $counter++; $havpalerts[] = $alert; } - } - /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + /* Since the rules are in reverse order, flip them around if needed, based on the user's preference */ return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts); } - - - function parse_havp_alert_line($line) { + global $g; $log_split = ""; - - preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); - list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], - $alert['virusname']) = $log_split; + // FIXME: Obviously incomplete TLD list at the moment, plus the whole thing is completely whacky... + preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); + list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], $alert['virusname']) = $log_split; $usableline = true; - if(trim($alert['url']) == "") + if (trim($alert['url']) == "") { $usableline = false; - if(trim($alert['virusname']) == "") + } + if (trim($alert['virusname']) == "") { $usableline = false; - - if($usableline == true) { + } + if ($usableline == true) { return $alert; } else { - if($g['debug']) { - log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + if ($g['debug']) { + log_error("There was a error parsing line: $line."); } return ""; } @@ -54,32 +78,24 @@ function parse_havp_alert_line($line) { /* AJAX specific handlers */ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { - if($_GET['lastsawtime'] or $_POST['lastsawtime']) { - if($_GET['lastsawtime']) + if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if ($_GET['lastsawtime']) { $lastsawtime = $_GET['lastsawtime']; - if($_POST['lastsawtime']) + } + if ($_POST['lastsawtime']) { $lastsawtime = $_POST['lastsawtime']; - /* compare lastsawrule's time stamp to alert logs. - * afterwards return the newer records so that client - * can update AJAX interface screen. - */ + } + // Compare last seen rule's time stamp with alert logs. + // Afterwards, return the newer records so that client can update AJAX interface screen. $new_rules = ""; $time_regex = ""; - + $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); foreach($havp_alerts as $log_row) { - preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex); -# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U" - // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex); + preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U", $log_row['date'], $time_regex); $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']); - // $myfile = "/testfile.txt"; - // $fh = fopen($myfile,'a') or die("can't open file"); - // $stringdata = $lastsawtime . "-" . $row_time . "\n"; - // fwrite($fh, $stringdata); - // fclose($fh); - if($row_time > $lastsawtime and $lastsawtime > 0) { - + if ($row_time > $lastsawtime and $lastsawtime > 0) { $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n"; } } @@ -87,4 +103,5 @@ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { exit; } } -?>
\ No newline at end of file + +?> diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js index 110e3998..ae97ab2f 100644 --- a/config/widget-havp/havp_alerts.js +++ b/config/widget-havp/havp_alerts.js @@ -1,3 +1,31 @@ +/* + havp_alerts.js + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ havplastsawtime = '<?php echo time(); ?>'; var havplines = Array(); @@ -7,10 +35,11 @@ var havpisBusy = false; var havpisPaused = false; <?php - if(isset($config['syslog']['reverse'])) + if (isset($config['syslog']['reverse'])) { echo "var isReverse = true;\n"; - else + } else { echo "var isReverse = false;\n"; + } ?> if (typeof getURL == 'undefined') { @@ -21,13 +50,12 @@ if (typeof getURL == 'undefined') { if (typeof callback.operationComplete == 'function') callback = callback.operationComplete; } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; + if (typeof callback != 'function') + throw 'No callback function for getURL'; var http_request = null; if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { + http_request = new XMLHttpRequest(); + } else if (typeof ActiveXObject != 'undefined') { try { http_request = new ActiveXObject('Msxml2.XMLHTTP'); } catch (e) { @@ -40,9 +68,11 @@ if (typeof getURL == 'undefined') { throw 'Both getURL and XMLHttpRequest are undefined'; http_request.onreadystatechange = function() { if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); + callback({ + success: true, + content: http_request.responseText, + contentType: http_request.getResponseHeader("Content-Type") + }); } } http_request.open('GET', url, true); @@ -51,27 +81,28 @@ if (typeof getURL == 'undefined') { } function havp_alerts_fetch_new_rules() { - if(havpisPaused) + if (havpisPaused) return; - if(havpisBusy) + if (havpisBusy) return; havpisBusy = true; getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback); } + function havp_alerts_fetch_new_rules_callback(callback_data) { - if(havpisPaused) + if (havpisPaused) return; var data_split; var new_data_to_add = Array(); var data = callback_data.content; data_split = data.split("\n"); - for(var x=0; x<data_split.length-1; x++) { + for (var x = 0; x < data_split.length - 1; x++) { /* loop through rows */ row_split = data_split[x].split("||"); var line = ''; - line += '<td width="25%" class="listr">' + row_split[4] + '<br> ' + row_split[3] + '</td>'; - line += '<td width="75%" class="listr">' + row_split[0] + '<br>' + row_split[1] + '</td>'; + line += '<td width="25%" class="listr">' + row_split[4] + '<br/> ' + row_split[3] + '</td>'; + line += '<td width="75%" class="listr">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; havplastsawtime = row_split[2]; new_data_to_add[new_data_to_add.length] = line; } @@ -79,11 +110,10 @@ function havp_alerts_fetch_new_rules_callback(callback_data) { havpisBusy = false; } - function havp_alerts_update_div_rows(data) { - if(havpisPaused) + if (havpisPaused) return; - + var isIE = navigator.appName.indexOf('Microsoft') != -1; var isSafari = navigator.userAgent.indexOf('Safari') != -1; var isOpera = navigator.userAgent.indexOf('Opera') != -1; @@ -94,51 +124,44 @@ function havp_alerts_update_div_rows(data) { showanim = 0; } //alert(data.length); - for(var x=0; x<data.length; x++) { + for (var x = 0; x < data.length; x++) { var numrows = rows.length; - /* if reverse logging is enabled we need to show the - * records in a reverse order with new items appearing - * on the top - */ - if(isReverse == false) { + // If reverse logging is enabled we need to show the records + // in a reverse order with new items appearing on the top. + if (isReverse == false) { for (var i = 1; i < numrows; i++) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[i].innerHTML = rows[nextrecord].innerHTML; } } else { for (var i = numrows; i > 0; i--) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[nextrecord].innerHTML = rows[i].innerHTML; } } var item = document.getElementById('havp-firstrow'); - if(x == data.length-1) - { + if (x == data.length - 1) { /* nothing */ showanim = false; - } - else - { + } else { showanim = false; } - if (showanim) - { - // item.style.display = 'none'; + if (showanim) { + //item.style.display = 'none'; item.innerHTML = data[x]; - // new Effect.Appear(item); - } - else - { + //new Effect.Appear(item); + } else { item.innerHTML = data[x]; } } /* rechedule AJAX interval */ //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); } + function havp_alerts_toggle_pause() { - if(havpisPaused) { + if (havpisPaused) { havpisPaused = false; havp_alerts_fetch_new_rules(); } else { diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php index f8265d11..20b53b0e 100644 --- a/config/widget-havp/havp_alerts.widget.php +++ b/config/widget-havp/havp_alerts.widget.php @@ -1,30 +1,34 @@ <?php /* - havp_alerts.widget.php - Copyright (C) 2009 Michael Liberman , Jim Pingle + havp_alerts.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Michael Liberman + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -global $config, $g; +global $config; ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> @@ -39,25 +43,27 @@ if (is_array($havp_alerts)) { foreach ($havp_alerts as $alert) { ?> <?php - if(isset($config['syslog']['reverse'])) { + if (isset($config['syslog']['reverse'])) { /* honour reverse logging setting */ - if($counter == 0) + if ($counter == 0) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } else { /* non-reverse logging */ - if($counter == count($havp_alerts) - 1) + if ($counter == count($havp_alerts) - 1) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } ?> <tr class="havp-alert-entry" <?php echo $activerow; ?>> - <td width="25%" class="listr"><?= $alert["time"] . "<br>" . $alert["date"]?></td> - <td width="75%" class="listr"><?= $alert["url"] . "<br>" . $alert["virusname"] ?></td> + <td width="25%" class="listr"><?= $alert["time"] . "<br/>" . $alert["date"]?></td> + <td width="75%" class="listr"><?= $alert["url"] . "<br/>" . $alert["virusname"] ?></td> </tr> <?php $counter++; } diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc deleted file mode 100644 index 61713f24..00000000 --- a/config/widget-havp/widget-havp.inc +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -function widget_havp_uninstall() { - unlink("/usr/local/www/includes/havp_alerts.inc.php"); - unlink("/usr/local/www/widgets/helpers/havp_alerts_helper.php"); - unlink("/usr/local/www/widgets/include/havp_alerts.inc"); - unlink("/usr/local/www/widgets/javascript/havp_alerts.js"); - unlink("/usr/local/www/widgets/widgets/havp_alerts.widget.php"); -} - -?>
\ No newline at end of file diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml index f99d99de..dc405119 100644 --- a/config/widget-havp/widget-havp.xml +++ b/config/widget-havp/widget-havp.xml @@ -4,82 +4,66 @@ <packagegui> <copyright> <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ +/* $Id$ */ +/* ====================================================================================== */ /* - widget-havp.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009 Jim Pingle - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + widget-havp.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <description>HAVP alerts widget add-on for Dashboard package</description> <requirements>Dashboard package and HAVP</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>widget-havp</name> - <version>0.1</version> + <version>0.1.1</version> <title>Widget - HAVP</title> - <include_file>/usr/local/pkg/widget-havp.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.inc</item> - </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/includes/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/helpers/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts_helper.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.widget.php</item> </additional_files_needed> - <custom_php_deinstall_command> - widget_havp_uninstall(); - </custom_php_deinstall_command> </packagegui> |