aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/freeradius2/freeradius.inc300
-rw-r--r--config/freeradius2/freeradius.xml2
-rw-r--r--config/freeradius2/freeradiussync.xml89
-rw-r--r--config/nut/nut.xml14
-rw-r--r--config/nut/ups_status.inc7
-rw-r--r--config/nut/ups_status.js81
-rw-r--r--config/nut/ups_status.widget.php216
-rw-r--r--config/sarg/sarg.inc169
-rwxr-xr-xconfig/sarg/sarg_sync.xml50
-rwxr-xr-xconfig/snort/snort.inc176
-rwxr-xr-xconfig/snort/snort_sync.xml8
-rw-r--r--config/spamd/spamd.inc43
-rw-r--r--config/squid3/31/squid.inc8
-rwxr-xr-xconfig/squid3/33/squid.inc8
-rwxr-xr-xconfig/squid3/34/squid.inc131
-rw-r--r--config/squid3/34/squid.xml2
-rw-r--r--config/squid3/34/squid_antivirus.inc3
-rwxr-xr-xconfig/squid3/34/squid_reverse_sync.xml48
-rwxr-xr-xconfig/squid3/34/squid_sync.xml48
-rw-r--r--config/sshdcond/sshdcond.inc176
-rw-r--r--config/sshdcond/sshdcond.priv.inc42
-rw-r--r--config/sshdcond/sshdcond.xml14
-rwxr-xr-xconfig/sshdcond/sshdcond_sync.xml84
-rw-r--r--config/stunnel/stunnel.priv.inc42
-rw-r--r--config/stunnel/stunnel.xml10
-rw-r--r--config/sudo/sudo.priv.inc38
-rw-r--r--config/sudo/sudo.xml23
-rw-r--r--config/suricata/suricata.inc218
-rw-r--r--config/suricata/suricata_sync.xml83
-rw-r--r--config/syslog-ng/syslog-ng.priv.inc (renamed from config/tinydns/tinydns_xmlrpc_sync.php)43
-rw-r--r--config/syslog-ng/syslog-ng.xml6
-rw-r--r--config/tftp2/tftp.inc10
-rw-r--r--config/tftp2/tftp.priv.inc38
-rw-r--r--config/tftp2/tftp.xml18
-rw-r--r--config/tftp2/tftp_files.php135
-rw-r--r--config/tinc/tinc.priv.inc44
-rw-r--r--config/tinc/tinc.xml16
-rw-r--r--config/tinc/tinc_hosts.xml9
-rw-r--r--config/tinydns/tinydns.inc411
-rw-r--r--config/tinydns/tinydns.xml41
-rw-r--r--config/tinydns/tinydns_dhcp_filter.php21
-rw-r--r--config/tinydns/tinydns_sync.xml200
-rw-r--r--config/vhosts/vhosts.inc2
-rw-r--r--config/vhosts/vhosts.priv.inc40
-rw-r--r--config/vhosts/vhosts.xml6
-rw-r--r--config/vhosts/vhosts_php_edit.php6
-rw-r--r--config/vnstat2/vnstat2.priv.inc44
-rw-r--r--config/vnstat2/vnstat2.xml16
-rw-r--r--config/vnstat2/vnstati.xml10
-rw-r--r--config/vnstat2/vnstatoutput.xml8
-rw-r--r--config/widentd/widentd.priv.inc38
-rw-r--r--config/widentd/widentd.xml93
-rw-r--r--config/zabbix-agent-lts/zabbix-agent-lts.priv.inc38
-rw-r--r--config/zabbix-agent-lts/zabbix-agent-lts.xml6
-rw-r--r--config/zabbix-agent/zabbix-agent.xml263
-rw-r--r--config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc38
-rw-r--r--config/zabbix-proxy-lts/zabbix-proxy-lts.xml6
-rw-r--r--config/zabbix-proxy/zabbix-proxy.xml250
-rw-r--r--config/zabbix2/zabbix2-agent.priv.inc38
-rw-r--r--config/zabbix2/zabbix2-agent.xml142
-rw-r--r--config/zabbix2/zabbix2-proxy.priv.inc38
-rw-r--r--config/zabbix2/zabbix2-proxy.xml117
-rw-r--r--config/zabbix2/zabbix2.inc448
63 files changed, 2652 insertions, 2120 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 6d626e3a..005a193a 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -1,19 +1,12 @@
<?php
-/* copyright */
-/* ========================================================================== */
/*
freeradius.inc
- part of pfSense (http://www.pfSense.com)
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -34,9 +27,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
+*/
require_once('config.inc');
require_once('service-utils.inc');
require_once("util.inc");
@@ -630,7 +621,7 @@ if (is_array($arrusers) && !empty($arrusers)) {
// If an octet limit is NOT set we delete the files for the limit and the counter.
else {
if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername"); }
- if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername"); }
+ if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername*"); }
}
if ($varusersadditionaloptionsreplyitems != '') {
if ($varusersreplyitem != '') { $varusersreplyitem .=","; }
@@ -824,7 +815,7 @@ if (is_array($arrmacs) && !empty($arrmacs)) {
// If an octet limit is NOT set we delete the files for the limit and the counter.
else {
if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress"); }
- if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress"); }
+ if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress*"); }
}
if ($varmacsadditionaloptionsreplyitems != '') {
if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; }
@@ -2571,163 +2562,181 @@ conf_mount_ro();
/* Uses XMLRPC to synchronize the changes to a remote node */
function freeradius_sync_on_changes() {
- global $config, $g;
- if (is_array($config['installedpackages']['freeradiussync'])){
+ global $config;
+
+ if (is_array($config['installedpackages']['freeradiussync'])) {
$synconchanges = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc'];
- $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'];
- }
- else
- {
+ $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'] ?: '150';
+ } else {
return;
}
// if checkbox is NOT checked do nothing
- switch ($synconchanges){
+ switch ($synconchanges) {
case "manual":
- if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])){
- $rs=$config['installedpackages']['freeradiussync']['config'][0]['row'];
- }
- else{
- log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config.");
+ if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])) {
+ $rs = $config['installedpackages']['freeradiussync']['config'][0]['row'];
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
- }
+ }
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
- $rs[0]['varsyncdestinenable']="on";
- $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
- $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
- $rs[0]['varsyncpassword']=$system_carp['password'];
- $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
- if (! is_ipaddr($system_carp['synchronizetoip'])){
- log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config.");
- return;
- }
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['varsyncusername'] = $system_carp['username'];
+ $rs[0]['varsyncpassword'] = $system_carp['password'];
+ $rs[0]['varsyncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['varsyncprotocol'] = "http";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['varsyncprotocol'] = "https";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
}
- else{
- log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config.");
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['varsyncdestinenable'] = TRUE;
}
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
break;
default:
return;
- break;
- }
- if (is_array($rs)){
- log_error("[FreeRADIUS]: xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
- foreach($rs as $sh){
- if($sh['varsyncdestinenable']){
- $varsyncprotocol = $sh['varsyncprotocol'];
- $sync_to_ip = $sh['varsyncipaddress'];
- $password = $sh['varsyncpassword'];
- $varsyncport = $sh['varsyncport'];
- if($password && $sync_to_ip)
- freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
- else
- log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+ break;
+ }
+ if (is_array($rs)) {
+ log_error("[FreeRADIUS]: XMLRPC sync is starting with timeout {$varsynctimeout} seconds.");
+ foreach ($rs as $sh) {
+ if ($sh['varsyncdestinenable']) {
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $varsyncport = $sh['varsyncport'];
+ $varsyncprotocol = $sh['varsyncprotocol'];
+ $username = $sh['varsyncusername'] ?: 'admin';
+ $password = $sh['varsyncpassword'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
}
- else {
- log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
}
+ if (!is_port($varsyncport)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout);
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC Sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
}
- log_error("[FreeRADIUS]: xmlrpc sync is ending.");
- }
+ }
+ log_error("[FreeRADIUS]: XMLRPC sync is ending.");
+ }
}
/* Do the actual XMLRPC sync */
-function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
+function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout) {
global $config, $g;
- if($varsynctimeout == '' || $varsynctimeout == 0)
- $varsynctimeout = 150;
-
- if(!$password)
+ /* Detect boot process, do nothing during boot. */
+ if (function_exists("platform_booting")) {
+ if (platform_booting()) {
+ return;
+ }
+ } elseif ($g['booting']) {
return;
+ }
- if(!$sync_to_ip)
- return;
-
- if(!$varsyncport)
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") {
+ log_error("[FreeRADIUS]: A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
+ }
- if(!$varsyncprotocol)
- return;
-
- // Check and choose correct protocol type, port number and IP address
- $synchronizetoip .= "$varsyncprotocol" . '://';
- $port = "$varsyncport";
+ /* Take care of IPv6 literal address */
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
+ }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$varsyncprotocol}://{$sync_to_ip}";
+ $port = $varsyncport;
- /* xml will hold the sections to sync */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['freeradius'] = $config['installedpackages']['freeradius'];
$xml['freeradiusauthorizedmacs'] = $config['installedpackages']['freeradiusauthorizedmacs'];
$xml['freeradiusclients'] = $config['installedpackages']['freeradiusclients'];
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
+ /* Set a few variables needed for sync code */
log_error("[FreeRADIUS]: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $cli->setCredentials($username, $password);
+ if ($g['debug']) {
+ $cli->setDebug(1);
+ }
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[FreeRADIUS]: {$error}");
+ file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}.";
- log_error("[FreeRADIUS]: $error");
- file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error("[FreeRADIUS]: $error");
- file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
- } else {
- log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}.");
- }
+ $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[FreeRADIUS]: {$error}");
+ file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}.");
+ }
- /* tell FreeRADIUS to reload our settings on the destionation sync host. */
+ /* Tell FreeRADIUS to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/freeradius.inc');\n";
- // pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions
+ /* pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions */
$execcmd .= "freeradius_all_after_XMLRPC_resync();";
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
log_error("[FreeRADIUS]: XMLRPC is reloading data on {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
+ log_error("[FreeRADIUS]: {$error}");
+ file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
- log_error($error);
- file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
- } else {
- log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
- }
-
+ $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[FreeRADIUS]: {$error}");
+ file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
+ } else {
+ log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
+ }
}
// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users)
@@ -2738,7 +2747,7 @@ function freeradius_all_after_XMLRPC_resync() {
freeradius_authorizedmacs_resync();
freeradius_clients_resync();
- log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
+ log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart");
}
@@ -4123,20 +4132,20 @@ function freeradius_modulesdatacounter_resync() {
$conf .= <<<EOD
exec datacounterdaily {
wait = yes
- program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
}
exec datacounterweekly {
wait = yes
- program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
}
exec datacountermonthly {
wait = yes
- program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
}
exec datacounterforever {
wait = yes
- program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
- }
+ program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
+ }
EOD;
$filename = FREERADIUS_ETC . '/raddb/modules/datacounter_acct';
@@ -4162,18 +4171,19 @@ TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' `
### This is to make sure there is a used-octets file after the cronjob resetted the counter
if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ] && [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then
echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"
+ rm "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-"*
fi
### The next two lines are just for getting values for logging output
-MAXOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024))
-USEDOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`/1024/1024))
-
+MAXOCTETSUSERNAMEMB=$((`/bin/cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024))
+USEDOCTETSUSERNAMEMB=`/bin/cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\${USERNAME}"* | /usr/bin/awk '{ SUM += \$1; } END { print int(SUM/1024/1024); }'`
+
### We check if MAX-OCTETS-USERNAME is greater than USED-OCTETS-USERNAME and accept or reject the user
-if [ `cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"` -gt `cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"` ]; then
- logger -f /var/log/system.log "FreeRADIUS: Used amount of \$TIMERANGE traffic by \$USERNAME is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was accepted!!!"
+if [ \$MAXOCTETSUSERNAMEMB -gt \$USEDOCTETSUSERNAMEMB ]; then
+ logger -f /var/log/system.log "FreeRADIUS: User \$USERNAME has used \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB \$TIMERANGE allotted traffic. The login request was accepted."
exit 0
else
- logger -f /var/log/system.log "FreeRADIUS: Credentials are probably correct but the user \$USERNAME has reached the \$TIMERANGE Amount of Upload and Download Traffic which is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was rejected!!!"
+ logger -f /var/log/system.log "FreeRADIUS: User \$USERNAME has reached the \$TIMERANGE amount of upload and download traffic (\$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB). The login request was denied."
exit 99
fi
EOD;
@@ -4198,6 +4208,8 @@ USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z.:_-]/X/g' `
TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' `
ACCTINPUTOCTETS=`echo -n "\\$3" | sed 's/[^0-9]/0/g' `
ACCTOUTPUTOCTETS=`echo -n "\\$4" | sed 's/[^0-9]/0/g' `
+UPDATETYPE=\$5
+SESSIONID=\$6
### If we do not get Octets we set some default values
if [ ! \$ACCTINPUTOCTETS ]; then
@@ -4216,11 +4228,23 @@ else
if [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then
echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"
fi
-### The following two lines (chose the one or the other) are a bad workaround to make accounting accurate with stop/start accounting on pfsense 2.0.1 - it only works if the session will not be interrupted (host disconnects)
-### USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS))
- USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS+`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`))
-
- echo "\$USEDOCTETS" > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"
+
+ USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS))
+
+ # If this is an interim update, track it in a separate session file
+ # since the incoming data is a gauge not a counter.
+ if [ \$UPDATETYPE = "Interim-Update" ]; then
+ echo \$USEDOCTETS > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID"
+ else
+ USEDOCTETS=\$((\$USEDOCTETS+`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`))
+
+ # If there was a session file for this session (from interim updates) clear it since the equivalent
+ # value was just added to the total.
+ if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID" ]; then
+ rm "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID"
+ fi
+ echo "\$USEDOCTETS" > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"
+ fi
exit 0
fi
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 4563ef62..eab6b09a 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -45,7 +45,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>freeradius</name>
- <version>1.6.13</version>
+ <version>1.6.17</version>
<title>FreeRADIUS: Users</title>
<include_file>/usr/local/pkg/freeradius.inc</include_file>
<menu>
diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml
index 61c7eecb..d36c8b3f 100644
--- a/config/freeradius2/freeradiussync.xml
+++ b/config/freeradius2/freeradiussync.xml
@@ -1,51 +1,47 @@
<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
<copyright>
-<![CDATA[
+ <![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-freeradiussync.xml
-part of pfSense (http://www.pfSense.com)
-Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
-Copyright (C) 2013 Marcello Coutinho <marcellocoutinho@gmail.com>
-based on pfblocker_sync.xml
-All rights reserved.
-
-Based on m0n0wall (http://m0n0.ch/wall)
-Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-All rights reserved.
+ freeradiussync.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho <marcellocoutinho@gmail.com>
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-/* ========================================================================== */
-]]></copyright>
- <description><![CDATA[Describe your package here]]></description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>freeradiussync</name>
<version>2.2.0</version>
<title>FreeRADIUS: XMLRPC Sync</title>
@@ -111,8 +107,13 @@ POSSIBILITY OF SUCH DAMAGE.
<field>
<fielddescr>Enable Sync</fielddescr>
<fieldname>varsyncenablexmlrpc</fieldname>
- <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br>
- <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
+ <description>
+ <![CDATA[
+ Select a sync method for FreeRADIUS.<br />
+ <b>Important:</b> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
<default_value>auto</default_value>
@@ -127,7 +128,7 @@ POSSIBILITY OF SUCH DAMAGE.
<fieldname>varsynctimeout</fieldname>
<description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description>
<type>input</type>
- <default_value>150</default_value>
+ <default_value>150</default_value>
<size>5</size>
</field>
@@ -144,7 +145,7 @@ POSSIBILITY OF SUCH DAMAGE.
<rowhelperfield>
<fielddescr>GUI Protocol</fielddescr>
<fieldname>varsyncprotocol</fieldname>
- <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description>
+ <description><![CDATA[Choose the protocol of the destination host (HTTP or HTTPS).]]></description>
<type>select</type>
<default_value>HTTP</default_value>
<options>
@@ -153,9 +154,9 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI IP-Address</fielddescr>
+ <fielddescr>GUI IP Address/Hostname</fielddescr>
<fieldname>varsyncipaddress</fieldname>
- <description><![CDATA[IP Address of the destination host.]]></description>
+ <description><![CDATA[IP Address or hostname of the destination host.]]></description>
<type>input</type>
<size>15</size>
</rowhelperfield>
@@ -178,7 +179,7 @@ POSSIBILITY OF SUCH DAMAGE.
</fields>
<custom_delete_php_command>
freeradius_sync_on_changes();
- </custom_delete_php_command>
+ </custom_delete_php_command>
<custom_php_resync_config_command>
freeradius_sync_on_changes();
</custom_php_resync_config_command>
diff --git a/config/nut/nut.xml b/config/nut/nut.xml
index ca7ca956..e066bc83 100644
--- a/config/nut/nut.xml
+++ b/config/nut/nut.xml
@@ -41,7 +41,7 @@
]]>
</copyright>
<name>nut</name>
- <version>2.0.5</version>
+ <version>2.1.1</version>
<title>Services: NUT</title>
<savetext>Change</savetext>
<aftersaveredirect>/status_nut.php</aftersaveredirect>
@@ -77,6 +77,18 @@
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <item>https://packages.pfsense.org/packages/config/nut/ups_status.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <item>https://packages.pfsense.org/packages/config/nut/ups_status.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <item>https://packages.pfsense.org/packages/config/nut/ups_status.inc</item>
+ </additional_files_needed>
<advanced_options>enabled</advanced_options>
<fields>
<field>
diff --git a/config/nut/ups_status.inc b/config/nut/ups_status.inc
new file mode 100644
index 00000000..8953ff94
--- /dev/null
+++ b/config/nut/ups_status.inc
@@ -0,0 +1,7 @@
+<?php
+
+// set variable for custom title
+$ups_status_title = "UPS Status";
+$ups_status_title_link = "status_nut.php";
+
+?>
diff --git a/config/nut/ups_status.js b/config/nut/ups_status.js
new file mode 100644
index 00000000..4c64498f
--- /dev/null
+++ b/config/nut/ups_status.js
@@ -0,0 +1,81 @@
+/*
+ ups_status.js
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2015 SunStroke <andrey.b.nikitin@gmail.com>
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+//should be called from "ups_status.widget.php"
+function showUPSData() {
+
+ //get data from ups_status.widget.php
+ url = "/widgets/widgets/ups_status.widget.php?getUPSData=1"
+ //IE fix to disable cache when using http:// , just append timespan
+ + new Date().getTime();
+
+ jQuery.ajax(url, {
+ type: 'get',
+ success: function(data) {
+ var upsData = data || "";
+ updateUPSWidgetContent(upsData);
+ },
+ error: function(jqXHR, status, error){
+ updateUPSWidgetContent("Error getting data from [ups_status.widget.php]");
+ }
+ });
+
+ //call itself in 11 seconds
+ window.setTimeout(showUPSData, 11000);
+}
+
+function updateUPSWidgetContent(upsData) {
+
+ upsdata_array = upsData.split(":");
+
+ if(upsdata_array.length > 1) {
+ jQuery("#ups_monitoring").html(upsdata_array[0]);
+ jQuery("#ups_model").html(upsdata_array[1]);
+ jQuery("#ups__status").html(upsdata_array[2]);
+ jQuery("#ups_batmeter_graph").css('width', upsdata_array[3]);
+ jQuery("#ups_batmeter").html(upsdata_array[3]);
+ jQuery("#ups_runtime").html(upsdata_array[4]);
+ // Change title to "Battery Voltage" or "Battery Temp"
+ if(upsdata_array[5].indexOf("V")) {
+ jQuery("#ups_celltitle_VT").html("Battery Voltage");
+ } else if(upsdata_array[5].indexOf("C")) {
+ jQuery("#ups_celltitle_VT").html("Battery Temp");
+ }
+ jQuery("#ups_bvoltage").html(upsdata_array[5]);
+ jQuery("#ups_loadmeter_graph").css('width', upsdata_array[6]);
+ jQuery("#ups_loadmeter").html(upsdata_array[6]);
+ jQuery("#ups_inputv").html(upsdata_array[7]);
+ jQuery("#ups_outputv").html(upsdata_array[8]);
+ jQuery("#ups_widget").css('opacity', '1');
+ jQuery("#ups_error_description").html("");
+ } else {
+ // print error description ($condition variable from ups_status.widget.php)
+ jQuery("#ups_widget").css('opacity', '0.2');
+ jQuery("#ups_error_description").html("ERROR: " + upsdata_array[0]);
+ }
+}
diff --git a/config/nut/ups_status.widget.php b/config/nut/ups_status.widget.php
new file mode 100644
index 00000000..f2a766e1
--- /dev/null
+++ b/config/nut/ups_status.widget.php
@@ -0,0 +1,216 @@
+<?php
+/*
+ ups_status.widget.php
+ part of pfSense (https://www.pfsense.org/)
+ Copyright (C) 2015 SunStroke <andrey.b.nikitin@gmail.com>
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("guiconfig.inc"); // NOTE: maybe not needed (no GUI settings)? Remove if so.
+require_once("/usr/local/www/widgets/include/ups_status.inc");
+
+//called by showUPSData() (jQuery Ajax call) in ups_status.js
+if (isset($_GET["getUPSData"])) {
+ //get UPS data and return it in ajax response
+ echo getUPSData();
+ return;
+}
+
+function getUPSData() {
+
+ global $config;
+ $data = "";
+ $cmd = "";
+ $nut_config = $config['installedpackages']['nut']['config'][0];
+
+ if ($nut_config['monitor'] == "local") {
+ // "Monitoring" field - upsdata_array[0]
+ $data = gettext("Local UPS");
+ $cmd = "upsc {$nut_config['name']}@localhost";
+ } elseif ($nut_config['monitor'] == "remote") {
+ // "Monitoring" field - upsdata_array[0]
+ $data = gettext("Remote UPS");
+ $cmd = "upsc {$nut_config['remotename']}@{$nut_config['remoteaddr']}";
+ } elseif ($nut_config['monitor'] == "snmp") {
+ // "Monitoring" field - upsdata_array[0]
+ $data = gettext("SNMP UPS");
+ $cmd = "upsc {$nut_config['snmpname']}@localhost";
+ }
+
+ if (is_process_running('upsmon')) {
+ $handle = popen($cmd, 'r');
+ if ($handle) {
+ $read = fread($handle, 4096);
+ pclose($handle);
+ $lines = explode("\n", $read);
+ if (count($lines) == 1) {
+ $condition = gettext("Data stale!");
+ } else {
+ $ups = array();
+ foreach ($lines as $line) {
+ $line = explode(':', $line);
+ $ups[$line[0]] = trim($line[1]);
+ }
+ }
+ }
+ } else {
+ $condition = gettext("NUT enabled, but service not running!");
+ if ($nut_config['monitor'] == "snmp") {
+ $condition .= gettext("\nSNMP UPS may be unreachable.");
+ }
+ }
+ if (isset($condition)) {
+ // Return error description
+ return $condition;
+ }
+ // "Model" field - upsdata_array[1]
+ $data .= ":" . (($ups['ups.model'] != "") ? $ups['ups.model'] : gettext("n/a"));
+ // "Status" field - upsdata_array[2]
+ $status = explode(" ", $ups['ups.status']);
+ foreach($status as $condition) {
+ if($disp_status) $disp_status .= ", ";
+ switch ($condition) {
+ case "WAIT":
+ $disp_status .= gettext("Waiting");
+ break;
+ case "OFF":
+ $disp_status .= gettext("Off Line");
+ break;
+ case "OL":
+ $disp_status .= gettext("On Line");
+ break;
+ case "OB":
+ $disp_status .= gettext("On Battery");
+ break;
+ case "TRIM":
+ $disp_status .= gettext("SmartTrim");
+ break;
+ case "BOOST":
+ $disp_status .= gettext("SmartBoost");
+ break;
+ case "OVER":
+ $disp_status .= gettext("Overload");
+ break;
+ case "LB":
+ $disp_status .= gettext("Battery Low");
+ break;
+ case "RB":
+ $disp_status .= gettext("Replace Battery");
+ break;
+ case "CAL":
+ $disp_status .= gettext("Calibration");
+ break;
+ case "CHRG":
+ $disp_status .= gettext("Charging");
+ break;
+ default:
+ $disp_status .= $condition;
+ break;
+ }
+ }
+ $data .= ":" . $disp_status;
+ // "Battery Charge" bars and field - upsdata_array[3]
+ $data .= ":" . $ups['battery.charge'] . "%";
+ // "Time Remaning" field - upsdata_array[4]
+ $secs = $ups['battery.runtime'];
+ if ($secs < 0 || $secs == "") {
+ $data .= ":" . gettext("n/a");
+ } else {
+ $m = (int)($secs / 60);
+ $h = (int)($m / 60) % 24;
+ $m = $m % 60;
+ $s = $secs % 60;
+ $data .= ":" . $h."h " . $m."m " . $s."s";
+ }
+ // "Battery Voltage or Battery Temp" field - upsdata_array[5]
+ if($ups['battery.voltage'] > 0) {
+ $data .= ":" . $ups['battery.voltage'] . "&nbsp;V";
+ } elseif ($ups['ups.temperature'] > 0) {
+ $data .= ":" . $ups['ups.temperature'] . "&#38;#176;C";
+ } else {
+ $data .= ":" . "";
+ }
+ // "Load" bars and field - upsdata_array[6]
+ $data .= ":" . $ups['ups.load'] . "%";
+ // "Input Voltage" field - upsdata_array[7]
+ $data .= ":" . $ups['input.voltage'] . "&nbsp;V";
+ // "Output Voltage" field - upsdata_array[8]
+ $data .= ":" . $ups['output.voltage'] . "&nbsp;V";
+
+ return $data;
+
+}
+?>
+
+<script type="text/javascript">
+//<![CDATA[
+ //start showing ups data
+ //NOTE: the refresh interval will be reset to a proper value in showUPSData() (ups_status.js).
+ jQuery(document).ready(function() {
+ showUPSData();
+ });
+//]]>
+</script>
+
+<div id="UPSWidgetContainer">
+ <table id="ups_widget" bgcolor="#990000" width="100%" border="0" cellspacing="0" cellpadding="0" summary="UPS status">
+ <tr>
+ <td class="widgetsubheader" align="center"><strong><?php echo gettext("Monitoring"); ?></strong></td>
+ <td class="widgetsubheader" align="center"><strong><?php echo gettext("Model"); ?></strong></td>
+ <td class="widgetsubheader" align="center"><strong><?php echo gettext("Status"); ?></strong></td>
+ </tr>
+ <tr>
+ <td class="listlr" align="center" id="ups_monitoring"></td>
+ <td class="listr" align="center" id="ups_model"></td>
+ <td class="listr" align="center" id="ups__status"></td>
+ </tr>
+ <tr>
+ <td class="widgetsubheader" align="center"><?php echo gettext("Battery Charge"); ?></td>
+ <td class="widgetsubheader" align="center"><?php echo gettext("Time Remain"); ?></td>
+ <td class="widgetsubheader" align="center" id="ups_celltitle_VT"></td>
+ </tr>
+ <tr>
+ <td class="listlr" align="center" id="ups_charge">
+ <div class="ui-progressbar ui-widget ui-widget-content ui-corner-all" role="progressbar"><div id="ups_batmeter_graph" class="ui-progressbar-value ui-widget-header ui-corner-left"></div></div>
+ <span id="ups_batmeter"></span>
+ </td>
+ <td class="listr" align="center" id="ups_runtime"></td>
+ <td class="listr" align="center" id="ups_bvoltage"></td>
+ </tr>
+ <tr>
+ <td class="widgetsubheader" align="center"><?php echo gettext("Load"); ?></td>
+ <td class="widgetsubheader" align="center"><?php echo gettext("Input Voltage"); ?></td>
+ <td class="widgetsubheader" align="center"><?php echo gettext("Output Voltage"); ?></td>
+ </tr>
+ <tr>
+ <td class="listlr" align="center" id="ups_load">
+ <div class="ui-progressbar ui-widget ui-widget-content ui-corner-all" role="progressbar"><div id="ups_loadmeter_graph" class="ui-progressbar-value ui-widget-header ui-corner-left"></div></div>
+ <span id="ups_loadmeter"></span>
+ </td>
+ <td class="listr" align="center" id="ups_inputv"></td>
+ <td class="listr" align="center" id="ups_outputv"></td>
+ </tr>
+ </table>
+ <span id="ups_error_description"></span>
+</div>
diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc
index 85410560..561f7c61 100644
--- a/config/sarg/sarg.inc
+++ b/config/sarg/sarg.inc
@@ -438,18 +438,20 @@ function sarg_validate_input($post, &$input_errors) {
}
# check squidguard
- if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard")
- if (!is_array($config['installedpackages']['squidguardgeneral']))
+ if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") {
+ if (!is_array($config['installedpackages']['squidguardgeneral'])) {
$input_errors[]='squidguard package not detected';
+ }
+ }
# check squid
if (substr($key, 0, 5) == "proxy_server" && $value == "squid") {
if (is_array($config['installedpackages']['squid'])) {
if (!$config['installedpackages']['squid']['log_enabled']) {
- $input_errors[]='squidlogs not enabled';
+ $input_errors[] = 'Squid logging not enabled';
}
} else {
- $input_errors[]='squid package not installed';
+ $input_errors[] = 'Squid package not installed';
}
}
@@ -469,108 +471,113 @@ function sarg_validate_input($post, &$input_errors) {
/* Uses XMLRPC to synchronize the changes to a remote node */
function sarg_sync_on_changes() {
global $config, $g;
+
if (is_array($config['installedpackages']['sargsync']['config'])) {
$sarg_sync = $config['installedpackages']['sargsync']['config'][0];
$synconchanges = $sarg_sync['synconchanges'];
- $synctimeout = $sarg_sync['synctimeout'];
+ $synctimeout = $sarg_sync['synctimeout'] ?: '250';
switch ($synconchanges) {
case "manual":
- if (is_array($sarg_sync[row])) {
- $rs = $sarg_sync[row];
+ if (is_array($sarg_sync['row'])) {
+ $rs = $sarg_sync['row'];
} else {
- log_error("[sarg] xmlrpc sync is enabled but there is no hosts to push on sarg config.");
+ log_error("[sarg] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) {
- $system_carp = $config['installedpackages']['carpsettings']['config'][0];
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
$rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
$rs[0]['username'] = $system_carp['username'];
$rs[0]['password'] = $system_carp['password'];
- if ($system_carp['synchronizetoip'] == "" || $system_carp['username'] == "") {
- log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config.");
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[sarg] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
}
-
} else {
- log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config.");
+ log_error("[sarg] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
}
break;
default:
return;
- break;
+ break;
}
if (is_array($rs)) {
- log_error("[sarg] xmlrpc sync is starting.");
- foreach($rs as $sh) {
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if ($sh['username']) {
- $username = $sh['username'];
- } else {
- $username = 'admin';
- }
- if ($password && $sync_to_ip) {
- sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout);
+ log_error("[sarg] XMLRPC sync is starting.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
+ $sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
+ $password = $sh['password'];
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ sarg_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[sarg] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
}
}
- log_error("[sarg] xmlrpc sync is ending.");
+ log_error("[sarg] XMLRPC sync completed.");
}
}
}
/* do the actual XMLRPC sync */
-function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) {
+function sarg_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
global $config, $g;
- if (!$username) {
- return;
- }
-
- if (!$password) {
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[sarg] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- if (!$sync_to_ip) {
- return;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- if (!$synctimeout) {
- $synctimeout="250";
- }
-
- $xmlrpc_sync_neighbor = $sync_to_ip;
-
- if ($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty, let's rely on the protocol selection */
- if ($port == "") {
- if ($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$protocol}://{$sync_to_ip}";
- /* xml will hold the sections to sync */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['sarg'] = $config['installedpackages']['sarg'];
$xml['sarguser'] = $config['installedpackages']['sarguser'];
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code */
- $url = $synchronizetoip;
- log_error("Beginning sarg XMLRPC sync to {$url}:{$port}.");
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -578,49 +585,45 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) {
if ($g['debug']) {
$cli->setDebug(1);
}
- /* send our XMLRPC message and timeout after $synctimeout seconds */
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[sarg] {$error}");
file_notice("sync_settings", $error, "sarg Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[sarg] {$error}");
file_notice("sync_settings", $error, "sarg Settings Sync", "");
} else {
- log_error("sarg XMLRPC sync successfully completed with {$url}:{$port}.");
+ log_error("[sarg] XMLRPC sync successfully completed with {$url}:{$port}.");
}
- /* tell sarg to reload our settings on the destionation sync host. */
+ /* Tell sarg to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/sarg.inc');\n";
$execcmd .= "sync_package_sarg();";
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("sarg XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error("[sarg] {$error}");
file_notice("sync_settings", $error, "sarg Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[sarg] {$error}");
file_notice("sync_settings", $error, "sarg Settings Sync", "");
} else {
- log_error("sarg XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[sarg] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
}
diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml
index 9ae141e5..64e93fe3 100755
--- a/config/sarg/sarg_sync.xml
+++ b/config/sarg/sarg_sync.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>sargsync</name>
- <version>0.6.5</version>
+ <version>0.6.6</version>
<title>Status: Sarg Sync</title>
<include_file>/usr/local/pkg/sarg.inc</include_file>
<tabs>
@@ -82,9 +82,15 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically Sync Sarg Configuration Changes.</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Select a sync method for Sarg.</description>
+ <description>
+ <![CDATA[
+ Select a sync method for Sarg.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
<default_value>auto</default_value>
@@ -97,7 +103,7 @@
<field>
<fielddescr>Sync Timeout</fielddescr>
<fieldname>synctimeout</fieldname>
- <description>Select sync max wait time</description>
+ <description>XMLRPC timeout in seconds.</description>
<type>select</type>
<required/>
<default_value>250</default_value>
@@ -110,21 +116,45 @@
</options>
</field>
<field>
- <fielddescr>Remote Server</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
- <fielddescr>IP Address</fielddescr>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>ipaddress</fieldname>
- <description>IP Address of remote server</description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>20</size>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Password</fielddescr>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>password</fieldname>
- <description>Password for remote server.</description>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
<size>20</size>
</rowhelperfield>
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index b7d4299e..60959ad6 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -3737,103 +3737,117 @@ function snort_sync_on_changes() {
/* Do not attempt a package sync while booting up or installing package */
if ($g['booting'] || $g['snort_postinstall']) {
- log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation.");
+ log_error("[snort] Skipping XMLRPC sync when booting up or during package reinstallation.");
return;
}
if (is_array($config['installedpackages']['snortsync']['config'])){
- $snort_sync=$config['installedpackages']['snortsync']['config'][0];
+ $snort_sync = $config['installedpackages']['snortsync']['config'][0];
$synconchanges = $snort_sync['varsynconchanges'];
- $synctimeout = $snort_sync['varsynctimeout'];
+ $synctimeout = $snort_sync['varsynctimeout'] ?: '150';
$syncdownloadrules = $snort_sync['vardownloadrules'];
switch ($synconchanges){
case "manual":
if (is_array($snort_sync['row'])){
$rs=$snort_sync['row'];
- }
- else{
- log_error("[snort] xmlrpc sync is enabled but there are no hosts configured as replication targets.");
+ } else {
+ log_error("[snort] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
}
break;
case "auto":
- if (is_array($config['hasync'])) {
- $system_carp=$config['hasync'];
- $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
- $rs[0]['varsyncusername']=$system_carp['username'];
- $rs[0]['varsyncpassword']=$system_carp['password'];
- $rs[0]['varsyncsnortstart']="no";
- if ($system_carp['synchronizetoip'] ==""){
- log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts configured as replication targets.");
- return;
- }
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['varsyncusername'] = $system_carp['username'];
+ $rs[0]['varsyncpassword'] = $system_carp['password'];
+ $rs[0]['varsyncsnortstart'] = FALSE;
+ $rs[0]['varsyncdestinenable'] = FALSE;
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['varsyncprotocol'] = "http";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['varsyncprotocol'] = "https";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
}
- else{
- log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts configured as replication targets.");
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[snort] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['varsyncdestinenable'] = TRUE;
}
+ } else {
+ log_error("[snort] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
break;
default:
return;
- break;
+ break;
}
if (is_array($rs)){
- log_error("[snort] Snort pkg xmlrpc sync is starting.");
- foreach($rs as $sh){
- if ($sh['varsyncsnortstart'])
- $syncstartsnort = $sh['varsyncsnortstart'];
- else
- $syncstartsnort = "OFF";
- $sync_to_ip = $sh['varsyncipaddress'];
- $port = $sh['varsyncport'];
- $password = $sh['varsyncpassword'];
- if($sh['varsyncusername'])
- $username = $sh['varsyncusername'];
- else
- $username = 'admin';
- if($password && $sync_to_ip)
- snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort);
+ log_error("[snort] XMLRPC sync is starting.");
+ foreach ($rs as $sh){
+ // Only sync enabled replication targets
+ if ($sh['varsyncdestinenable']) {
+ if ($sh['varsyncsnortstart']) {
+ $syncstartsnort = $sh['varsyncsnortstart'];
+ } else {
+ $syncstartsnort = "OFF";
+ }
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $port = $sh['varsyncport'];
+ $password = $sh['varsyncpassword'];
+ $protocol = $sh['varsyncprotocol'];
+ $error = '';
+ $success = TRUE;
+ $username = $sh['varsyncusername'] ?: 'admin';
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $success = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address. ";
+ $success = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $success = FALSE;
+ }
+ if ($success) {
+ snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout, $syncstartsnort);
+ } else {
+ log_error("[snort] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ }
}
- log_error("[snort] Snort pkg xmlrpc sync completed.");
+ log_error("[snort] XMLRPC sync completed.");
}
}
}
/* Do the actual XMLRPC sync */
-function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort) {
+function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout = 150, $syncstartsnort) {
global $config, $g;
/* Do not attempt a package sync while booting up or installing package */
if ($g['booting'] || $g['snort_postinstall']) {
- log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation.");
+ log_error("[snort] Skipping XMLRPC sync when booting up or during package reinstallation.");
return;
}
- if(!$username || !$password || !$sync_to_ip) {
- log_error("[snort] A required XMLRPC sync parameter (user, host IP or password) is empty ... aborting pkg sync");
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[snort] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- /* Test key variables and set defaults if empty */
- if(!$synctimeout)
- $synctimeout=150;
-
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- if ($port == "")
- $port = $config['system']['webgui']['port'];
- /* if port is empty let's rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- $synchronizetoip .= $sync_to_ip;
- $url = $synchronizetoip;
+
+ $url = "{$protocol}://{$sync_to_ip}";
/*************************************************/
/* Send over any auto-SID management files */
@@ -3847,25 +3861,26 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
$method = 'pfsense.exec_php';
$params = array( XML_RPC_encode($password), XML_RPC_encode($payload) );
- log_error("[snort] Snort XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}.");
+ log_error("[snort] Snort XMLRPC sync sending auto-SID conf files to {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
$error = "";
if(!$resp) {
- $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
+ $error = "A communications error occurred while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
log_error($error);
file_notice("sync_settings", $error, "Snort Settings Sync", "");
} elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Snort Settings Sync", "");
}
}
- if (!empty($sid_files) && $error == "")
- log_error("[snort] Snort pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php).");
+ if (!empty($sid_files) && $error == "") {
+ log_error("[snort] XMLRPC sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php).");
+ }
/*************************************************/
/* Send over any IPREP IP List files */
@@ -3879,25 +3894,26 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
$method = 'pfsense.exec_php';
$params = array( XML_RPC_encode($password), XML_RPC_encode($payload) );
- log_error("[snort] Snort XMLRPC CARP sync sending IPREP files to {$url}:{$port}.");
+ log_error("[snort] Snort XMLRPC sync sending IPREP files to {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
$error = "";
- if(!$resp) {
- $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
log_error($error);
file_notice("sync_settings", $error, "Snort Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Snort Settings Sync", "");
}
}
- if (!empty($sid_files) && $error == "")
- log_error("[snort] Snort pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php).");
+ if (!empty($sid_files) && $error == "") {
+ log_error("[snort] XMLRPC sync IPREP files success with {$url}:{$port} (pfsense.exec_php).");
+ }
/**************************************************/
/* Send over the <snortglobal> portion of the */
@@ -3911,7 +3927,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
XML_RPC_encode($xml)
);
- log_error("[snort] Beginning Snort pkg configuration XMLRPC sync to {$url}:{$port}.");
+ log_error("[snort] Beginning package configuration XMLRPC sync to {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -3919,16 +3935,16 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username,
/* send our XMLRPC message and timeout after defined sync timeout value*/
$resp = $cli->send($msg, $synctimeout);
- if(!$resp) {
+ if (!$resp) {
$error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
- } elseif($resp->faultCode()) {
+ } elseif ($resp->faultCode()) {
$error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
} else {
- log_error("[snort] Snort pkg configuration XMLRPC sync successfully completed with {$url}:{$port}.");
+ log_error("[snort] Package configuration XMLRPC sync successfully completed with {$url}:{$port}.");
}
$downloadrulescmd = "";
@@ -3992,16 +4008,16 @@ EOD;
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
- if(!$resp) {
+ if (!$resp) {
$error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
- } elseif($resp->faultCode()) {
+ } elseif ($resp->faultCode()) {
$error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
} else {
- log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[snort] XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
}
/*************************************************/
@@ -4016,16 +4032,16 @@ EOD;
log_error("[snort] Snort XMLRPC sending {$url}:{$port} cmd to execute configuration reload.");
$msg2 = new XML_RPC_Message($method, $params2);
$resp = $cli->send($msg2, $synctimeout);
- if(!$resp) {
+ if (!$resp) {
$error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
- } elseif($resp->faultCode()) {
+ } elseif ($resp->faultCode()) {
$error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "snort Settings Sync", "");
} else {
- log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[snort] XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php).");
}
}
diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml
index 46922822..6b9e6a7f 100755
--- a/config/snort/snort_sync.xml
+++ b/config/snort/snort_sync.xml
@@ -172,11 +172,11 @@
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>IP-Address</fielddescr>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>varsyncipaddress</fieldname>
- <description><![CDATA[IP Address of the destination host.]]></description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>15</size>
+ <size>40</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>Port</fielddescr>
@@ -202,8 +202,6 @@
</rowhelper>
</field>
</fields>
- <custom_delete_php_command>
- </custom_delete_php_command>
<custom_php_resync_config_command>
write_config("Snort pkg: saved changes to XMLRPC sync configuration.");snort_sync_on_changes();
</custom_php_resync_config_command>
diff --git a/config/spamd/spamd.inc b/config/spamd/spamd.inc
index 548a2934..13edb7ce 100644
--- a/config/spamd/spamd.inc
+++ b/config/spamd/spamd.inc
@@ -299,49 +299,6 @@ function remove_spaces($string) {
return $string;
}
-function sync_spamd_config_to_backup() {
- global $config;
- if (is_array($config['installedpackages']['carpsettings']['config'])) {
- foreach ($config['installedpackages']['carpsettings']['config'] as $carp) {
- if ($carp['synchronizetoip'] != "") {
- $synctoip = $carp['synchronizetoip'];
- $password = $carp['password'];
- if ($config['system']['username']) {
- $username = $config['system']['username'];
- } else {
- $username = "admin";
- }
- }
- }
- }
- if ($synctoip and $password) {
- if ($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if ($port == "") {
- if ($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $params = array(XML_RPC_encode($password),XML_RPC_encode($xml));
- /* create files to sync array */
- $filetosync = array("/var/db/spamd", "/var/db/whitelist.txt");
- /* loop through files to sync list and sync them up */
- foreach ($filetosync as $f2s) {
- $f2c_contents = file_get_contents($f2s);
- xmlrpc_sync_file($url, $password, $f2s, $f2c_contents, $port);
- }
- /* signal remote process config reload */
- xmlrpc_exec_shell($url, $password, "/usr/bin/killall -HUP spamlogd", $port);
- xmlrpc_exec_shell($url, $password, "/usr/bin/killall -HUP spamd", $port);
- }
-}
-
function custom_php_install_command() {
global $config;
system("touch /var/db/whitelist.txt");
diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc
index d565810c..df900e43 100644
--- a/config/squid3/31/squid.inc
+++ b/config/squid3/31/squid.inc
@@ -1854,8 +1854,8 @@ function squid_sync_on_changes() {
$synctimeout = $squid_sync['synctimeout'];
switch ($synconchanges){
case "manual":
- if (is_array($squid_sync[row])){
- $rs=$squid_sync[row];
+ if (is_array($squid_sync['row'])){
+ $rs=$squid_sync['row'];
}
else{
log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config.");
@@ -1863,8 +1863,8 @@ function squid_sync_on_changes() {
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
$rs[0]['ipaddress']=$system_carp['synchronizetoip'];
$rs[0]['username']=$system_carp['username'];
$rs[0]['password']=$system_carp['password'];
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index 0f71def8..57b49d5f 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -2314,8 +2314,8 @@ function squid_sync_on_changes() {
$synctimeout = $squid_sync['synctimeout'];
switch ($synconchanges){
case "manual":
- if (is_array($squid_sync[row])){
- $rs=$squid_sync[row];
+ if (is_array($squid_sync['row'])){
+ $rs=$squid_sync['row'];
}
else{
log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config.");
@@ -2323,8 +2323,8 @@ function squid_sync_on_changes() {
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
$rs[0]['ipaddress']=$system_carp['synchronizetoip'];
$rs[0]['username']=$system_carp['username'];
$rs[0]['password']=$system_carp['password'];
diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc
index f4be3ee3..973bbf05 100755
--- a/config/squid3/34/squid.inc
+++ b/config/squid3/34/squid.inc
@@ -452,9 +452,6 @@ function squid_restart_services() {
function squid_install_command() {
global $config, $g;
- update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.");
- update_output_window("Checking if there is configuration to migrate... One moment please...");
-
/* Set storage system for nanobsd */
if (!is_array($config['installedpackages']['squidcache'])) {
$config['installedpackages']['squidcache'] = array();
@@ -515,7 +512,6 @@ function squid_deinstall_command() {
squid_install_cron(false);
/* kill all running services */
- update_output_window("Stopping and removing services...");
mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop');
mwexec("/bin/ps awux | /usr/bin/egrep -i '[s]quid -f|\([s]quid\)' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");
mwexec("/bin/ps awux | /usr/bin/grep '[d]iskd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");
@@ -542,8 +538,6 @@ function squid_deinstall_command() {
$keep = ($squidsettings['keep_squid_data'] ? true : false);
if (!$keep) {
- update_output_window("Removing cache and logs ... One moment please...");
- update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process.");
if (is_dir("{$cachedir}")) {
if (substr($cachedir, 0, 11) === "/var/squid/") {
mwexec_bg("/bin/rm -rf {$cachedir}");
@@ -558,7 +552,6 @@ function squid_deinstall_command() {
log_error("[squid] Will NOT delete Squid log dir '{$logdir}' since it is not located under /var/squid. Delete manually if required.");
}
}
- update_output_window("Removing remaining Squid directories ... One moment please...");
$dirs = array("/var/run/squid", "/var/squid");
foreach ($dirs as $dir) {
if (is_dir("{$dir}")) {
@@ -570,7 +563,6 @@ function squid_deinstall_command() {
// remove antivirus integration features
squid_antivirus_deinstall_command();
- update_output_window("Reloading filter...");
filter_configure();
/* Remove package settings from config if 'Keep Settings/Data' is disabled */
@@ -619,7 +611,6 @@ function squid_deinstall_command() {
unset($config['installedpackages']['squidusers']);
}
}
- update_output_window("Squid3 has been uninstalled.");
}
/* Migrate configuration from god knows which Squid package versions */
@@ -704,7 +695,6 @@ function squid_upgrade_config() {
/* unset broken antivirus settings */
squid_antivirus_upgrade_config();
- update_output_window("Writing configuration... One moment please...");
write_config();
}
@@ -2163,28 +2153,45 @@ function squid_generate_rules($type) {
/* XMLRPC sync configuration */
function squid_sync_on_changes() {
- global $config, $g;
+ global $config;
+
if (is_array($config['installedpackages']['squidsync']['config'])) {
$squid_sync = $config['installedpackages']['squidsync']['config'][0];
$synconchanges = $squid_sync['synconchanges'];
- $synctimeout = $squid_sync['synctimeout'];
+ $synctimeout = $squid_sync['synctimeout'] ?: '250';
switch ($synconchanges) {
case "manual":
if (is_array($squid_sync['row'])) {
$rs = $squid_sync['row'];
} else {
- log_error("[squid] XMLRPC sync is enabled but there is no hosts to push on Squid config.");
+ log_error("[squid] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) {
- $system_carp = $config['installedpackages']['carpsettings']['config'][0];
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
$rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
$rs[0]['username'] = $system_carp['username'];
$rs[0]['password'] = $system_carp['password'];
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[squid] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
+ }
} else {
- log_error("[squid] XMLRPC sync is enabled but there is no system backup hosts to push Squid config.");
+ log_error("[squid] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
}
break;
@@ -2195,45 +2202,56 @@ function squid_sync_on_changes() {
if (is_array($rs)) {
log_error("[squid] XMLRPC sync is starting.");
foreach ($rs as $sh) {
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if ($sh['username']) {
- $username = $sh['username'];
- } else {
- $username = 'admin';
- }
- if ($password && $sync_to_ip) {
- squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout);
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
+ $sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
+ $password = $sh['password'];
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[squid] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
}
}
- log_error("[squid] XMLRPC sync is ending.");
+ log_error("[squid] XMLRPC sync completed.");
}
- }
+ }
}
/* Perform the actual XMLRPC sync */
-function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
+function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
global $config, $g;
- if (!$username || !$password || !$sync_to_ip) {
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[squid] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- if (!$synctimeout) {
- $synctimeout = 250;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if ($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* If port is empty let's rely on the protocol selection */
- if ($port == "") {
- $port = $config['system']['webgui']['protocol'] == "http" ? "80" : "443";
- }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$protocol}://{$sync_to_ip}";
/* XML will hold the sections to sync */
$xml = array();
@@ -2249,14 +2267,9 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
$xml['squidauth'] = $config['installedpackages']['squidauth'];
$xml['squidusers'] = $config['installedpackages']['squidusers'];
/* Assemble XMLRPC payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
/* Set a few variables needed for sync */
- $url = $synchronizetoip;
- log_error("[squid] Beginning XMLRPC sync to {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -2267,14 +2280,14 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
/* Send our XMLRPC message and timeout after defined sync timeout value*/
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "[squid] Communication error occurred while attempting XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ $error = "A communication error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[squid] {$error}");
file_notice("sync_settings", $error, "Squid Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "[squid] An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[squid] {$error}");
file_notice("sync_settings", $error, "Squid Settings Sync", "");
} else {
log_error("[squid] XMLRPC sync successfully completed with {$url}:{$port}.");
@@ -2285,25 +2298,21 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) {
$execcmd = "require_once('/usr/local/pkg/squid.inc');\n";
$execcmd .= "squid_resync('yes');";
/* Assemble XMLRPC payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("[squid] XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "[squid] Communication error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ $error = "A communication error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error("[squid] {$error}");
file_notice("sync_settings", $error, "Squid Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "[squid] An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[squid] {$error}");
file_notice("sync_settings", $error, "Squid Settings Sync", "");
} else {
log_error("[squid] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml
index a7b53fca..28326d7f 100644
--- a/config/squid3/34/squid.xml
+++ b/config/squid3/34/squid.xml
@@ -399,7 +399,7 @@
<fieldname>private_subnet_proxy_off</fieldname>
<description>
<![CDATA[
- Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let is pass directly through the firewall.
+ Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let it pass directly through the firewall.
]]>
</description>
<type>checkbox</type>
diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc
index 4dc2c89a..fe8406e7 100644
--- a/config/squid3/34/squid_antivirus.inc
+++ b/config/squid3/34/squid_antivirus.inc
@@ -169,7 +169,6 @@ function squid_antivirus_deinstall_command() {
mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill");
/* clean up created PBI symlinks */
- update_output_window("Finishing package cleanup.");
if (SQUID_LOCALBASE != '/usr/local') {
$ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap');
foreach ($ln_icap as $ln) {
@@ -191,7 +190,6 @@ function squid_antivirus_deinstall_command() {
$keep = ($squidsettings['keep_squid_data'] ? true : false);
if (!$keep) {
- update_output_window("Removing antivirus definitions and logs ... One moment please...");
$dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav");
foreach ($dirs as $dir) {
if (is_dir("{$dir}")) {
@@ -218,7 +216,6 @@ function squid_antivirus_deinstall_command() {
/* check if clamav/c_icap is enabled in rc.conf.local */
// XXX: This hasn't been used since 0.3.7; to be removed in future
if (file_exists("/etc/rc.conf.local")) {
- update_output_window("Removing antivirus services from /etc/rc.conf.local...");
$sample_file = file_get_contents("/etc/rc.conf.local");
$rcconf_local_m[0] = "@c_icap_enable(.*)\n@";
$rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@";
diff --git a/config/squid3/34/squid_reverse_sync.xml b/config/squid3/34/squid_reverse_sync.xml
index 139c73c3..1091fce8 100755
--- a/config/squid3/34/squid_reverse_sync.xml
+++ b/config/squid3/34/squid_reverse_sync.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidsync</name>
- <version>0.4.1</version>
+ <version>0.4.2</version>
<title>Reverse Proxy Server: XMLRPC Sync</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
@@ -78,12 +78,18 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync Squid configuration changes</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Select a sync method for Squid.</description>
+ <description>
+ <![CDATA[
+ Select a sync method for Squid Reverse Proxy.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
<option><name>Sync to configured system backup server</name><value>auto</value></option>
<option><name>Sync to host(s) defined below</name><value>manual</value></option>
@@ -106,19 +112,45 @@
</options>
</field>
<field>
- <fielddescr>Remote Server</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
- <fielddescr>IP Address</fielddescr>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>ipaddress</fieldname>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>20</size>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Password (admin)</fielddescr>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>password</fieldname>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
<size>20</size>
</rowhelperfield>
diff --git a/config/squid3/34/squid_sync.xml b/config/squid3/34/squid_sync.xml
index 2f86b7c6..a7670ff5 100755
--- a/config/squid3/34/squid_sync.xml
+++ b/config/squid3/34/squid_sync.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidsync</name>
- <version>0.4.1</version>
+ <version>0.4.2</version>
<title>Proxy Server: XMLRPC Sync</title>
<include_file>/usr/local/pkg/squid.inc</include_file>
<tabs>
@@ -94,12 +94,18 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync Squid configuration changes</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Select a sync method for Squid.</description>
+ <description>
+ <![CDATA[
+ Select a sync method for Squid.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
<option><name>Sync to configured system backup server</name><value>auto</value></option>
<option><name>Sync to host(s) defined below</name><value>manual</value></option>
@@ -122,19 +128,45 @@
</options>
</field>
<field>
- <fielddescr>Remote Server</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
- <fielddescr>IP Address</fielddescr>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>ipaddress</fieldname>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>20</size>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Password (admin)</fielddescr>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>password</fieldname>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
<size>20</size>
</rowhelperfield>
diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc
index 9c3a8bb9..7c1be614 100644
--- a/config/sshdcond/sshdcond.inc
+++ b/config/sshdcond/sshdcond.inc
@@ -37,8 +37,6 @@ function restart_sshd() {
}
function sshdcond_custom_php_install_command() {
- global $g, $config;
-
/* We need to generate an outfile for our extra commands.
The patched g_szSSHDFileGenerate php file then reads and appends that config.
*/
@@ -48,8 +46,6 @@ function sshdcond_custom_php_install_command() {
}
function sshdcond_custom_php_deinstall_command() {
- global $g, $config;
-
/* Delete our config file. */
unlink_if_exists("/etc/ssh/sshd_extra");
@@ -59,7 +55,7 @@ function sshdcond_custom_php_deinstall_command() {
}
function sshdcond_custom_php_write_config() {
- global $g, $config, $pkg_interface;
+ global $g, $config;
/* Detect boot process, do nothing during boot. */
if (function_exists("platform_booting")) {
@@ -113,71 +109,113 @@ function sshdcond_custom_php_write_config() {
/* Uses XMLRPC to synchronize the changes to a remote node. */
function sshdcond_sync_on_changes() {
- global $config, $g;
-
- /* Basically, this package was never configured */
- if (!is_array($config['installedpackages']['sshdcondsync'])) {
- return;
- }
- /* Package is configured but XMLRPC sync is disabled */
- if (!isset($config['installedpackages']['sshdcondsync']['config'][0]['synconchanges'])) {
- return;
- }
- /* Do XMLRPC sync */
- log_error("[sshdcond] xmlrpc sync is starting.");
- foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs) {
- foreach($rs['row'] as $sh) {
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if ($password && $sync_to_ip) {
- sshdcond_do_xmlrpc_sync($sync_to_ip, $password);
+ global $config;
+
+ if (is_array($config['installedpackages']['sshdcondsync']['config'])) {
+ $sshdcond_sync = $config['installedpackages']['sshdcondsync']['config'][0];
+ $synconchanges = $sshdcond_sync['synconchanges'];
+ $synctimeout = $sshdcond_sync['synctimeout'] ?: '150';
+ switch ($synconchanges) {
+ case "manual":
+ if (is_array($sshdcond_sync['row'])) {
+ $rs = $sshdcond_sync['row'];
+ } else {
+ log_error("[sshdcond] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[sshdcond] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
+ }
+ } else {
+ log_error("[sshdcond] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)) {
+ log_error("[sshdcond] XMLRPC sync is starting.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
+ $sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
+ $password = $sh['password'];
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ sshdcond_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[sshdcond] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ }
}
+ log_error("[sshdcond] XMLRPC sync completed.");
}
- }
- log_error("[sshdcond] xmlrpc sync is ending.");
+ }
}
/* Do the actual XMLRPC sync. */
-function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
+function sshdcond_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
global $config, $g;
- if (!$password) {
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[sshdcond] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- if (!$sync_to_ip) {
- return;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- $username='admin';
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if ($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* If port is empty, let's rely on the protocol selection. */
- if ($port == "") {
- if ($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$protocol}://{$sync_to_ip}";
- /* xml will hold the sections to sync. */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['sshdcond'] = $config['installedpackages']['sshdcond'];
/* Assemble XMLRPC payload. */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* Set a few variables needed for sync code; borrowed from filter.inc. */
- $url = $synchronizetoip;
- log_error("Beginning sshdcond XMLRPC sync to {$url}:{$port}.");
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -185,20 +223,20 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
if ($g['debug']) {
$cli->setDebug(1);
}
- /* Send our XMLRPC message and timeout after 250 seconds. */
- $resp = $cli->send($msg, "250");
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
+ $resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "A communications error occurred while attempting sshdcond XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[sshdcond] {$error}");
file_notice("sync_settings", $error, "sshdcond Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting sshdcond XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ log_error("[sshdcond] {$error}");
file_notice("sync_settings", $error, "sshdcond Settings Sync", "");
} else {
- log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}.");
+ log_error("[sshdcond] XMLRPC sync successfully completed with {$url}:{$port}.");
}
/* Tell sshdcond to reload our settings on the destination sync host. */
@@ -206,28 +244,24 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) {
$execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n";
$execcmd .= "sshdcond_custom_php_write_config();";
/* Assemble XMLRPC payload. */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("sshdcond XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
if (!$resp) {
$error = "A communications error occurred while attempting sshdcond XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ log_error("[sshdcond] {$error}");
file_notice("sync_settings", $error, "sshdcond Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting sshdcond XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ log_error("[sshdcond] {$error}");
file_notice("sync_settings", $error, "sshdcond Settings Sync", "");
} else {
- log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[sshdcond] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
}
?>
diff --git a/config/sshdcond/sshdcond.priv.inc b/config/sshdcond/sshdcond.priv.inc
new file mode 100644
index 00000000..fddb86c1
--- /dev/null
+++ b/config/sshdcond/sshdcond.priv.inc
@@ -0,0 +1,42 @@
+<?php
+/*
+ sshdcond.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-sshdcond'] = array();
+$priv_list['page-services-sshdcond']['name'] = "WebCfg - Services: SSHDCond package";
+$priv_list['page-services-sshdcond']['descr'] = "Allow access to SSHDCond package GUI";
+$priv_list['page-services-sshdcond']['match'] = array();
+
+$priv_list['page-services-sshdcond']['match'][] = "pkg.php?xml=sshdcond.xml*";
+$priv_list['page-services-sshdcond']['match'][] = "pkg.php?xml=sshdcond_sync.xml*";
+
+$priv_list['page-services-sshdcond']['match'][] = "pkg_edit.php?xml=sshdcond.xml*";
+$priv_list['page-services-sshdcond']['match'][] = "pkg_edit.php?xml=sshdcond_sync.xml*";
+
+?>
diff --git a/config/sshdcond/sshdcond.xml b/config/sshdcond/sshdcond.xml
index 11104e1d..f0e27c80 100644
--- a/config/sshdcond/sshdcond.xml
+++ b/config/sshdcond/sshdcond.xml
@@ -43,12 +43,10 @@
]]>
</copyright>
<name>sshdcond</name>
- <version>1.0.2</version>
- <title>SSH Conditional</title>
- <description>SSH Conditional blocks</description>
+ <version>1.0.6</version>
+ <title>Services: SSH Conditional Options</title>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/sshdcond.inc</include_file>
-
<menu>
<name>SSH Conditions</name>
<tooltiptext>Configure SSH conditional exceptions</tooltiptext>
@@ -61,6 +59,10 @@
<item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item>
</additional_files_needed>
@@ -93,7 +95,6 @@
<field>
<type>listtopic</type>
<name>Conditional SSH Options</name>
- <fieldname>temp</fieldname>
</field>
<field>
<fielddescr>Enable</fielddescr>
@@ -187,7 +188,4 @@
<custom_php_resync_config_command>
sshdcond_custom_php_write_config();
</custom_php_resync_config_command>
- <custom_php_command_before_form>
- unset($_POST['temp']);
- </custom_php_command_before_form>
</packagegui>
diff --git a/config/sshdcond/sshdcond_sync.xml b/config/sshdcond/sshdcond_sync.xml
index 511df25b..f81f36b0 100755
--- a/config/sshdcond/sshdcond_sync.xml
+++ b/config/sshdcond/sshdcond_sync.xml
@@ -42,8 +42,8 @@
]]>
</copyright>
<name>sshdcondsync</name>
- <version>1.0.2</version>
- <title>SSH Conditional - Sync</title>
+ <version>1.0.6</version>
+ <title>Services: SSH Conditional Options - Sync</title>
<include_file>/usr/local/pkg/sshdcond.inc</include_file>
<tabs>
<tab>
@@ -62,30 +62,74 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync configuration changes</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>
+ <![CDATA[
+ When enabled, this will sync all configuration settings to the Replication Targets.<br/><br/>
+ <b>Important:</b> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. This will result in a loop!
+ ]]>
+ </description>
+ <type>select</type>
+ <required/>
+ <default_value>disabled</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
</field>
<field>
- <fielddescr>Remote Server</fielddescr>
+ <fielddescr>XMLRPC Timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description><![CDATA[XMLRPC timeout in seconds. Default: 150]]></description>
+ <type>input</type>
+ <default_value>150</default_value>
+ <size>5</size>
+ </field>
+ <field>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
- <rowhelperfield>
- <fielddescr>IP Address</fielddescr>
- <fieldname>ipaddress</fieldname>
- <description>IP Address of remote server.</description>
- <type>input</type>
- <size>20</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Password for remote server.</description>
- <type>password</type>
- <size>20</size>
- </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
+ <fieldname>ipaddress</fieldname>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
+ <type>input</type>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
+ <fieldname>password</fieldname>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
+ <type>password</type>
+ <size>20</size>
+ </rowhelperfield>
</rowhelper>
</field>
</fields>
diff --git a/config/stunnel/stunnel.priv.inc b/config/stunnel/stunnel.priv.inc
new file mode 100644
index 00000000..f9857583
--- /dev/null
+++ b/config/stunnel/stunnel.priv.inc
@@ -0,0 +1,42 @@
+<?php
+/*
+ stunnel.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-stunnel'] = array();
+$priv_list['page-services-stunnel']['name'] = "WebCfg - Services: stunnel package";
+$priv_list['page-services-stunnel']['descr'] = "Allow access to stunnel package GUI";
+$priv_list['page-services-stunnel']['match'] = array();
+
+$priv_list['page-services-stunnel']['match'][] = "pkg.php?xml=stunnel.xml*";
+$priv_list['page-services-stunnel']['match'][] = "pkg.php?xml=stunnel_certs.xml*";
+
+$priv_list['page-services-stunnel']['match'][] = "pkg_edit.php?xml=stunnel.xml*";
+$priv_list['page-services-stunnel']['match'][] = "pkg_edit.php?xml=stunnel_certs.xml*";
+
+?>
diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml
index c8957ba8..b5dfd6bd 100644
--- a/config/stunnel/stunnel.xml
+++ b/config/stunnel/stunnel.xml
@@ -42,14 +42,10 @@
]]>
</copyright>
<name>stunnel</name>
- <version>5.20.2</version>
+ <version>5.20.3</version>
<title>Services: Secure Tunnel</title>
<menu>
<name>STunnel</name>
- <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server.
- It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code.
- It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.
- It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext>
<section>Services</section>
<configfile>stunnel.xml</configfile>
</menu>
@@ -59,6 +55,10 @@
<item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item>
</additional_files_needed>
diff --git a/config/sudo/sudo.priv.inc b/config/sudo/sudo.priv.inc
new file mode 100644
index 00000000..01cb2224
--- /dev/null
+++ b/config/sudo/sudo.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ sudo.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-system-sudo'] = array();
+$priv_list['page-system-sudo']['name'] = "WebCfg - System: sudo package";
+$priv_list['page-system-sudo']['descr'] = "Allow access to sudo package GUI";
+$priv_list['page-system-sudo']['match'] = array();
+
+$priv_list['page-system-sudo']['match'][] = "pkg_edit.php?xml=sudo.xml*";
+
+?>
diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml
index 6124a641..e2b92cf1 100644
--- a/config/sudo/sudo.xml
+++ b/config/sudo/sudo.xml
@@ -1,4 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
<copyright>
<![CDATA[
@@ -42,7 +44,7 @@
<description>Sudo Command Control</description>
<requirements>None</requirements>
<name>sudo</name>
- <version>0.2.7</version>
+ <version>0.2.8</version>
<title>Sudo - Shell Command Privilege Delegation Utility</title>
<include_file>/usr/local/pkg/sudo.inc</include_file>
<menu>
@@ -56,6 +58,10 @@
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/sudo/sudo.priv.inc</item>
+ </additional_files_needed>
<fields>
<field>
<type>listtopic</type>
@@ -63,11 +69,14 @@
</field>
<field>
<type>info</type>
- <description><![CDATA[
-User permission definitions for allowing the use of sudo by shell users to run commands as other users, such as root.
-<br /><br />More information on the full command options may be found in the <a href="http://www.sudo.ws/sudoers.man.html">sudoers manual</a>.
-<br /><br />By default the command is "ALL" meaning the user can run any commands. Leaving the commands field blank assumes "ALL". A comma-separated list of commands can be supplied to limit the user to individual binaries. Full paths to binaries must be used.
- ]]></description>
+ <description>
+ <![CDATA[
+ User permission definitions for allowing the use of sudo by shell users to run commands as other users, such as root.<br /><br />
+ More information on the full command options may be found in the <a href="http://www.sudo.ws/sudoers.man.html">sudoers manual</a>.<br /><br />
+ By default the command is "ALL" meaning the user can run any commands. Leaving the commands field blank assumes "ALL".<br /><br />
+ A comma-separated list of commands can be supplied to limit the user to individual binaries. <strong>Full paths to binaries must be used.</strong>
+ ]]>
+ </description>
</field>
<field>
<fielddescr>User Permissions</fielddescr>
@@ -100,7 +109,7 @@ User permission definitions for allowing the use of sudo by shell users to run c
<rowhelperfield>
<fielddescr>Command List</fielddescr>
<fieldname>cmdlist</fieldname>
- <description>Commands the user may run. Comma-separated list, full paths preferred. Default: ALL</description>
+ <description>Commands the user may run. Comma-separated list, full paths required. Default: ALL</description>
<type>input</type>
<size>30</size>
<value>ALL</value>
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index e3028570..bd7a181b 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -3304,102 +3304,118 @@ function suricata_sync_on_changes() {
/* Do not attempt a package sync while booting up or installing package */
if ($g['booting'] || $g['suricata_postinstall'] == TRUE) {
- log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation.");
+ log_error("[suricata] Skipping XMLRPC sync when booting up or during package reinstallation.");
return;
}
- if (is_array($config['installedpackages']['suricatasync']['config'])){
- $suricata_sync=$config['installedpackages']['suricatasync']['config'][0];
+ if (is_array($config['installedpackages']['suricatasync']['config'])) {
+ $suricata_sync = $config['installedpackages']['suricatasync']['config'][0];
$synconchanges = $suricata_sync['varsynconchanges'];
- $synctimeout = $suricata_sync['varsynctimeout'];
+ $synctimeout = $suricata_sync['varsynctimeout'] ?: '150';
$syncdownloadrules = $suricata_sync['vardownloadrules'];
- switch ($synconchanges){
+ switch ($synconchanges) {
case "manual":
- if (is_array($suricata_sync[row])){
- $rs=$suricata_sync[row];
- }
- else{
- log_error("[suricata] xmlrpc CARP sync is enabled but there are no hosts configured as replication targets.");
+ if (is_array($suricata_sync['row'])) {
+ $rs = $suricata_sync['row'];
+ } else {
+ log_error("[suricata] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
- $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
- $rs[0]['varsyncusername']=$system_carp['username'];
- $rs[0]['varsyncpassword']=$system_carp['password'];
- $rs[0]['varsyncsuricatastart']="no";
- if ($system_carp['synchronizetoip'] ==""){
- log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets.");
- return;
- }
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['varsyncusername'] = $system_carp['username'];
+ $rs[0]['varsyncpassword'] = $system_carp['password'];
+ $rs[0]['varsyncsuricatastart'] = FALSE;
+ $rs[0]['varsyncdestinenable'] = FALSE;
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['varsyncprotocol'] = "http";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['varsyncprotocol'] = "https";
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
}
- else{
- log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets.");
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[suricata] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['varsyncdestinenable'] = TRUE;
}
+ } else {
+ log_error("[suricata] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
break;
default:
return;
- break;
+ break;
}
- if (is_array($rs)){
- log_error("[suricata] Suricata pkg xmlrpc CARP sync is starting.");
- foreach($rs as $sh){
- if ($sh['varsyncsuricatastart'])
- $syncstartsuricata = $sh['varsyncsuricatastart'];
- else
- $syncstartsuricata = "OFF";
- $sync_to_ip = $sh['varsyncipaddress'];
- $port = $sh['varsyncport'];
- $password = $sh['varsyncpassword'];
- if($sh['varsyncusername'])
- $username = $sh['varsyncusername'];
- else
- $username = 'admin';
- if($password && $sync_to_ip)
- suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsuricata);
+ if (is_array($rs)) {
+ log_error("[suricata] XMLRPC sync is starting.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['varsyncdestinenable']) {
+ if ($sh['varsyncsuricatastart']) {
+ $syncstartsuricata = $sh['varsyncsuricatastart'];
+ } else {
+ $syncstartsuricata = "OFF";
+ }
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $password = $sh['varsyncpassword'];
+ $port = $sh['varsyncport'];
+ $protocol = $sh['varsyncprotocol'];
+ $error = '';
+ $success = TRUE;
+ $username = $sh['varsyncusername'] ?: 'admin';
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $success = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address. ";
+ $success = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $success = FALSE;
+ }
+ if ($success) {
+ suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout, $syncstartsuricata);
+ } else {
+ log_error("[suricata] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ }
}
- log_error("[suricata] Suricata pkg xmlrpc CARP sync completed.");
+ log_error("[suricata] XMLRPC sync completed.");
}
}
}
/* Do the actual XMLRPC sync */
-function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout = 150, $syncstartsuricata) {
+function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout = 150, $syncstartsuricata) {
global $config, $g;
/* Do not attempt a package sync while booting up or installing package */
if ($g['booting'] || isset($g['suricata_postinstall'])) {
- log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation.");
+ log_error("[suricata] Skipping XMLRPC sync when booting up or during package reinstallation.");
return;
}
- if($username == "" || $password == "" || $sync_to_ip == "") {
- log_error("[suricata] A required XMLRPC CARP sync parameter (user, host IP or password) is empty ... aborting pkg sync");
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[suricata] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- /* Test key variables and set defaults if empty */
- if(!$synctimeout)
- $synctimeout=150;
-
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
- }
- $synchronizetoip .= $sync_to_ip;
- $url = $synchronizetoip;
+
+ $url = "{$protocol}://{$sync_to_ip}";
+
/*************************************************/
/* Send over any auto-SID management files */
@@ -3413,25 +3429,26 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
$method = 'pfsense.exec_php';
$params = array( XML_RPC_encode($password), XML_RPC_encode($payload) );
- log_error("[suricata] Suricata XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}.");
+ log_error("[suricata] XMLRPC sync sending auto-SID conf files to {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
$error = "";
- if(!$resp) {
- $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
}
}
- if (!empty($sid_files) && $error == "")
- log_error("[suricata] Suricata pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php).");
+ if (!empty($sid_files) && $error == "") {
+ log_error("[suricata] XMLRPC sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php).");
+ }
/*************************************************/
/* Send over any IPREP IP List files */
@@ -3445,25 +3462,26 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
$method = 'pfsense.exec_php';
$params = array( XML_RPC_encode($password), XML_RPC_encode($payload) );
- log_error("[suricata] Suricata XMLRPC CARP sync sending IPREP files to {$url}:{$port}.");
+ log_error("[suricata] Suricata XMLRPC sync sending IPREP files to {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
$error = "";
- if(!$resp) {
- $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file);
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
}
}
- if (!empty($iprep_files) && $error == "")
- log_error("[suricata] Suricata pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php).");
+ if (!empty($iprep_files) && $error == "") {
+ log_error("[suricata] XMLRPC sync IPREP files success with {$url}:{$port} (pfsense.exec_php).");
+ }
/**************************************************/
/* Send over the <suricata> portion of config.xml */
@@ -3477,7 +3495,7 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
XML_RPC_encode($xml)
);
- log_error("[suricata] Beginning Suricata pkg configuration XMLRPC sync to {$url}:{$port}.");
+ log_error("[suricata] Beginning package configuration XMLRPC sync to {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -3485,31 +3503,31 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
/* send our XMLRPC message and timeout after defined sync timeout value*/
$resp = $cli->send($msg, $synctimeout);
- if(!$resp) {
- $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}.";
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
} else {
- log_error("[suricata] Suricata pkg configuration XMLRPC CARP sync successfully completed with {$url}:{$port}.");
+ log_error("[suricata] Package configuration XMLRPC sync successfully completed with {$url}:{$port}.");
}
$downloadrulescmd = "";
if ($syncdownloadrules == "yes") {
- $downloadrulescmd = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Update of downloaded rule sets requested...\"));\n";
+ $downloadrulescmd = "log_error(gettext(\"[suricata] XMLRPC pkg sync: Update of downloaded rule sets requested...\"));\n";
$downloadrulescmd .= "\tinclude_once(\"/usr/local/pkg/suricata/suricata_check_for_rule_updates.php\");\n";
}
$suricatastart = "";
if ($syncstartsuricata == "ON") {
- $suricatastart = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Checking Suricata status...\"));\n";
+ $suricatastart = "log_error(gettext(\"[suricata] XMLRPC pkg sync: Checking Suricata status...\"));\n";
$suricatastart .= "\tif (!is_process_running(\"suricata\")) {\n";
- $suricatastart .= "\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata not running. Sending a start command...\"));\n";
+ $suricatastart .= "\t\tlog_error(gettext(\"[suricata] XMLRPC pkg sync: Suricata not running. Sending a start command...\"));\n";
$suricatastart .= "\t\t\$sh_script = RCFILEPREFIX . \"suricata.sh\";\n";
$suricatastart .= "\t\tmwexec_bg(\"{\$sh_script} start\");\n\t}\n";
- $suricatastart .= "\telse {\n\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata is running...\"));\n\t}\n";
+ $suricatastart .= "\telse {\n\t\tlog_error(gettext(\"[suricata] XMLRPC pkg sync: Suricata is running...\"));\n\t}\n";
}
/*************************************************/
@@ -3529,14 +3547,14 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
\$pkg_interface = "console";
{$downloadrulescmd}
unset(\$g["suricata_postinstall"]);
- log_error(gettext("[suricata] XMLRPC pkg CARP sync: Generating suricata.yaml file using Master Host settings..."));
+ log_error(gettext("[suricata] XMLRPC pkg sync: Generating suricata.yaml file using Master Host settings..."));
\$rebuild_rules = true;
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
\$rebuild_rules = false;
{$suricatastart}
- log_error(gettext("[suricata] XMLRPC pkg CARP sync process on this host is complete..."));
+ log_error(gettext("[suricata] XMLRPC pkg sync process on this host is complete..."));
\$pkg_interface = \$orig_pkg_interface;
unset(\$g["suricata_sync_in_progress"]);
return true;
@@ -3557,21 +3575,21 @@ EOD;
XML_RPC_encode($execcmd)
);
- log_error("[suricata] Suricata XMLRPC CARP sync sending reload configuration cmd set as a file to {$url}:{$port}.");
+ log_error("[suricata] XMLRPC sync sending reload configuration cmd set as a file to {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
- if(!$resp) {
- $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php).";
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
} else {
- log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[suricata] XMLRPC sync reload configuration success with {$url}:{$port} (pfsense.exec_php).");
}
/*************************************************/
@@ -3583,19 +3601,19 @@ EOD;
XML_RPC_encode($password),
XML_RPC_encode($execcmd)
);
- log_error("[suricata] Suricata XMLRPC CARP sync sending {$url}:{$port} cmd to execute configuration reload.");
+ log_error("[suricata] XMLRPC sync sending {$url}:{$port} cmd to execute configuration reload.");
$msg2 = new XML_RPC_Message($method, $params2);
$resp = $cli->send($msg2, $synctimeout);
- if(!$resp) {
- $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php).";
+ if (!$resp) {
+ $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ } elseif ($resp->faultCode()) {
+ $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Suricata Settings Sync", "");
} else {
- log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[suricata] XMLRPC sync reload configuration success with {$url}:{$port} (pfsense.exec_php).");
}
}
diff --git a/config/suricata/suricata_sync.xml b/config/suricata/suricata_sync.xml
index 28083d8d..c2f5ec83 100644
--- a/config/suricata/suricata_sync.xml
+++ b/config/suricata/suricata_sync.xml
@@ -1,56 +1,49 @@
<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-based on snortsync.xml developed as part
-of pfSense (http://www.pfSense.com)
-Copyright (C) 2013 Marcello Coutinho
-based on pfblocker_sync.xml
-All rights reserved.
-
-modified for use with Suricata package
-Copyright (C) 2014 Bill Meeks
-All rights reserved.
-
-Based on m0n0wall (http://m0n0.ch/wall)
-Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-All rights reserved.
+ suricata_sync.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2014-2015 Bill Meeks
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
-1. Redistributions of source code MUST retain the above copyright notice,
-this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
-2. Redistributions in binary form MUST reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-/* ========================================================================== */
-]]></copyright>
- <description><![CDATA[Describe your package here]]></description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>suricatasync</name>
- <version>1.0</version>
+ <version>2.1.8</version>
<title>Suricata: XMLRPC Sync</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<tabs>
@@ -183,11 +176,11 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>IP-Address</fielddescr>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>varsyncipaddress</fieldname>
- <description><![CDATA[IP Address of the destination host.]]></description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>15</size>
+ <size>40</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>Port</fielddescr>
@@ -213,8 +206,6 @@ POSSIBILITY OF SUCH DAMAGE.
</rowhelper>
</field>
</fields>
- <custom_delete_php_command>
- </custom_delete_php_command>
<custom_php_resync_config_command>
write_config("Suricata pkg: updating CARP sync info.");suricata_sync_on_changes();
</custom_php_resync_config_command>
diff --git a/config/tinydns/tinydns_xmlrpc_sync.php b/config/syslog-ng/syslog-ng.priv.inc
index 0610e286..96722a7b 100644
--- a/config/tinydns/tinydns_xmlrpc_sync.php
+++ b/config/syslog-ng/syslog-ng.priv.inc
@@ -1,9 +1,8 @@
<?php
-
-/* $Id$ */
/*
- tinydns_xmlrcpc_sync.php
- Copyright (C) 2006 Scott Ullrich
+ syslog-ng.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,33 +26,19 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+global $priv_list;
-/* NOTE: this file gets included from the pfSense filter.inc plugin process */
-
-require_once("config.inc");
-require_once("/usr/local/pkg/tinydns.inc");
-require_once("service-utils.inc");
-
-if($notnow) {
+$priv_list['page-services-syslogng'] = array();
+$priv_list['page-services-syslogng']['name'] = "WebCfg - Services: syslog-ng package";
+$priv_list['page-services-syslogng']['descr'] = "Allow access to syslog-ng package GUI";
+$priv_list['page-services-syslogng']['match'] = array();
- /* disabled until Ticket #1318 can be fixed */
+$priv_list['page-services-syslogng']['match'][] = "pkg.php?xml=syslog-ng.xml*";
+$priv_list['page-services-syslogng']['match'][] = "pkg.php?xml=syslog-ng_advanced.xml*";
- if(!$config) {
- log_error("\$config is not enabled from tinydns_xmlrpc_sync.php!!");
- } else {
- if($config['installedpackages']['carpsettings']['config'])
- $password = $config['installedpackages']['carpsettings']['config'][0]['password'];
- if($config['installedpackages']['carpsettings']['config'])
- $syncip = $config['installedpackages']['carpsettings']['config'][0]['synchronizetoip'];
- if($config['installedpackages']['carpsettings']['config'])
- $syncxmlrpc = $config['installedpackages']['tinydns']['config'][0]['syncxmlrpc'];
- /* option enabled? */
- if($syncxmlrpc)
- if($syncip)
- if($password)
- tinydns_do_xmlrpc_sync($syncip, $password);
- }
+$priv_list['page-services-syslogng']['match'][] = "pkg_edit.php?xml=syslog-ng.xml*";
+$priv_list['page-services-syslogng']['match'][] = "pkg_edit.php?xml=syslog-ng_advanced.xml*";
-}
+$priv_list['page-services-syslogng']['match'][] = "syslog-ng_log_viewer.php*";
-?> \ No newline at end of file
+?>
diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml
index 9b0ccffc..81942926 100644
--- a/config/syslog-ng/syslog-ng.xml
+++ b/config/syslog-ng/syslog-ng.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>Syslog-ng</name>
- <version>1.0.8</version>
+ <version>1.1.1</version>
<title>Services: Syslog-ng</title>
<include_file>/usr/local/pkg/syslog-ng.inc</include_file>
<menu>
@@ -76,6 +76,10 @@
<item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item>
</additional_files_needed>
diff --git a/config/tftp2/tftp.inc b/config/tftp2/tftp.inc
index 67054619..75ddaac8 100644
--- a/config/tftp2/tftp.inc
+++ b/config/tftp2/tftp.inc
@@ -50,10 +50,10 @@ function tftp_install_command() {
// Restore backup if it exists
if (file_exists($tftpbackup)) {
- system("/usr/bin/tar xvpfz {$tftpbackup} -C /");
- system("/bin/chmod -R 0744 {$tftpdir}/*");
- unset($tftpbackup);
+ mwexec("/usr/bin/tar xvpfz {$tftpbackup} -C /");
+ mwexec("/bin/chmod -R 0744 {$tftpdir}/*");
}
+ unset($tftpdir, $tftpbackup);
}
function tftp_deinstall_command() {
@@ -68,11 +68,9 @@ function tftp_generate_rules($type) {
return;
}
- // Open inetd.conf write handle
+ // Add tftpd daemon to inetd
$inetd_fd = fopen("/var/etc/inetd.conf", "a+");
- // Add tftp daemon
fwrite($inetd_fd, "tftp\t\tdgram\tudp\twait\t\troot\t/usr/libexec/tftpd\ttftpd /tftpboot\n");
- // Close file handle
fclose($inetd_fd);
if (!empty($config['installedpackages']['tftpd']['config'][0]['tftpdinterface'])) {
diff --git a/config/tftp2/tftp.priv.inc b/config/tftp2/tftp.priv.inc
new file mode 100644
index 00000000..14691924
--- /dev/null
+++ b/config/tftp2/tftp.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ tftp.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-tftp'] = array();
+$priv_list['page-services-tftp']['name'] = "WebCfg - Services: TFTP package";
+$priv_list['page-services-tftp']['descr'] = "Allow access to TFTP package GUI";
+$priv_list['page-services-tftp']['match'] = array();
+
+$priv_list['page-services-tftp']['match'][] = "tftp_files.php*";
+
+?>
diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml
index 2a526a4c..33fb9c3d 100644
--- a/config/tftp2/tftp.xml
+++ b/config/tftp2/tftp.xml
@@ -43,7 +43,7 @@
]]>
</copyright>
<name>tftp Settings</name>
- <version>2.0</version>
+ <version>2.2.2</version>
<title>TFTP: Settings</title>
<include_file>/usr/local/pkg/tftp.inc</include_file>
<menu>
@@ -56,23 +56,21 @@
<service>
<name>tftp</name>
<executable>inetd</executable>
- <description>TFTP daemon</description>
+ <description>TFTP Daemon</description>
</service>
- <tabs>
- <tab>
- <text>Files</text>
- <url>tftp_files.php</url>
- </tab>
- </tabs>
<configpath>installedpackages->$packagename</configpath>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/tftp2/tftp.inc</item>
- </additional_files_needed>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/tftp2/tftp.priv.inc</item>
+ </additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/tftp2/tftp_files.php</item>
- </additional_files_needed>
+ </additional_files_needed>
<custom_php_install_command>
tftp_install_command();
</custom_php_install_command>
diff --git a/config/tftp2/tftp_files.php b/config/tftp2/tftp_files.php
index eebe4c5e..0352f4a0 100644
--- a/config/tftp2/tftp_files.php
+++ b/config/tftp2/tftp_files.php
@@ -29,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
+require_once("util.inc");
require_once("/usr/local/pkg/tftp.inc");
$pconfig['tftpdinterface'] = explode(",", $config['installedpackages']['tftpd']['config'][0]['tftpdinterface']);
@@ -43,7 +44,7 @@ if (($_GET['a'] == "download") && $_GET['t'] == "backup") {
conf_mount_rw();
$filename = $backup_filename;
$download_dir = $backup_dir;
- system("tar -czC / -f {$backup_path} tftpboot");
+ mwexec("/usr/bin/tar -czC / -f {$backup_path} tftpboot");
conf_mount_ro();
}
@@ -73,8 +74,8 @@ if ($_GET['a'] == "other") {
if (file_exists($backup_path)) {
//echo "The file $filename exists";
conf_mount_rw();
- system("tar -xpzC / -f {$backup_path}");
- system("chmod -R 744 {$files_dir}/*");
+ mwexec("/usr/bin/tar -xpzC / -f {$backup_path}");
+ mwexec("/bin/chmod -R 744 {$files_dir}/*");
header( 'Location: tftp_files.php?savemsg=Backup+has+been+restored.' ) ;
conf_mount_ro();
} else {
@@ -100,7 +101,7 @@ if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_na
conf_mount_rw();
move_uploaded_file($_FILES['ulfile']['tmp_name'], "{$files_dir}/{$_FILES['ulfile']['name']}");
$savemsg = "Uploaded file to {$files_dir}/" . htmlentities($_FILES['ulfile']['name']);
- system('chmod -R 744 {$files_dir}/*');
+ mwexec('/bin/chmod -R 744 {$files_dir}/*');
unset($_POST['txtCommand']);
conf_mount_ro();
}
@@ -122,7 +123,7 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">TFTP: Files</p>
+<p class="pgtitle">TFTP: Settings/Files</p>
<?php
$savemsg = $_GET["savemsg"];
@@ -137,7 +138,7 @@ if ($savemsg) {
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Files"), false, "tftp_files.php");
+ $tab_array[] = array(gettext("TFTP"), false, "tftp_files.php");
display_top_tabs($tab_array);
?>
@@ -145,14 +146,16 @@ if ($savemsg) {
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td class="tabcont">
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <td colspan="2" class="listtopic">TFTP Daemon Interfaces</td>
+ </tr>
<tr>
+ <td width="22%" class="vncell">Select TFTP Daemon Interface(s).</td>
<td width="78%" class="vtable">
<form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmInterfaces" onsubmit="">
- <p><span class="vexpl"><strong>TFTP Daemon Interfaces</strong></span></p>
- <?=gettext("Choose the interfaces where you want the TFTP daemon to accept connections.");?><br/><br/>
<select name="tftpdinterface[]" multiple="multiple" class="formselect" size="3">
<?php
$ifdescs = get_configured_interface_with_descr();
@@ -164,70 +167,46 @@ if ($savemsg) {
echo "\t\t\t<option value=\"{$ifent}\"{$selected}>" . $ifdesc . "</option>\n";
}
?>
- </select><br />
- <input name="submit" type="submit" class="button" id="save" value="Save" />
+ </select><br /><br />
+ <span class="vexpl">
+ Choose the interfaces where you want the TFTP Daemon to accept connections.<br/>
+ <strong>Hint:</strong> If you simply need to (re)start tftpd/inetd, just use the Save button without making any changes here.<br /><br />
+ </span>
+ <input name="submit" type="submit" class="formbtns" id="save" value="Save" title="Save settings" />
</form>
</td>
</tr>
<tr>
- <td>
- <p><span class="vexpl"><span class="red"><strong>TFTP files</strong></span><br />
- Trivial File Transport Protocol is a very simple file transfer protocol.<br />
- Use the file upload to add files to the /tftpboot directory.<br />
- Click on the file from the file list below to download it.<br />
- </span></p>
- </td>
+ <td colspan="2" class="listtopic">TFTP Files Upload</td>
</tr>
- </table>
- <br />
- <div id="niftyOutter">
- <form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit="">
- <table>
- <tr>
- <td align="right">File to upload:</td>
- <td valign="top" class="label">
- <input name="ulfile" type="file" class="button" id="ulfile" />
- </td>
- </tr>
- <tr>
- <td valign="top">&nbsp;&nbsp;&nbsp;</td>
- <td valign="top" class="label">
- <input name="submit" type="submit" class="button" id="upload" value="Upload" />
- </td>
- </tr>
- </table>
- </form>
- </div>
- <br /><br />
-
- <table width='690' cellpadding='0' cellspacing='0' border='0'>
<tr>
- <td width='80%'>
- <strong>Backup / Restore</strong><br />
- The 'Backup' button compresses /tftpboot/ to /root/backup/tftp.bak.tgz; after that it presents the backup for download.<br />
- If the backup file does not exist in /root/backup/tftp.bak.tgz then the 'Restore' button will be hidden.<br />
- Use Diagnostics -> Command -> File to upload: to browse to the file and then click on upload.<br />
- After that, backup will be ready to be restored.<br /><br />
- </td>
- <td width='20%' valign='middle' align='right'>
- <input type="button" value="Backup" onclick="document.location.href='tftp_files.php?a=download&amp;t=backup'" />
- <?php
- if (file_exists('/root/backup/tftp.bak.tgz')) {
- echo "<input type='button' value='Restore' onclick=\"document.location.href='tftp_files.php?a=other&amp;t=restore';\" />\n";
- }
- ?>
+ <td width="22%" class="vncell">Use the file upload to add files to the /tftpboot directory.</td>
+ <td width="78%" class="vtable">
+ <form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit="">
+ <span class="vexpl">1. Select file to upload:&nbsp;</span>
+ <input name="ulfile" type="file" class="formbtns" id="ulfile" title="Select file to upload" />
+ <br />
+ <span class="vexpl">2. Upload the selected file:&nbsp;</span>
+ <input name="submit" type="submit" class="formbtns" id="upload" value="Upload" title="Upload file" />
+ </form>
</td>
</tr>
- </table>
- <br /><br />
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td width="25%" class="listhdrr">File Name (download)</td>
- <td width="50%" class="listhdr">Last Modified</td>
- <td width="50%" class="listhdr">Size</td>
+ <td colspan="3" class="listtopic">TFTP Files Download</td>
</tr>
+ <tr>
+ <td colspan="3" class="vexpl">Click on the file from the file list below to download it.</td>
+ </tr>
+ <tr>
+ <td colspan="3">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">File Name (download)</td>
+ <td width="50%" class="listhdr">Last Modified</td>
+ <td width="50%" class="listhdr">Size</td>
+ </tr>
<?php
if ($handle = opendir('/tftpboot')) {
@@ -267,13 +246,37 @@ if ($handle = opendir('/tftpboot')) {
}
?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list"></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
<tr>
- <td class="list" colspan="3"></td>
- <td class="list"></td>
+ <td colspan="2" class="listtopic">TFTP Backup / Restore</td>
</tr>
- </table>
- </td>
+ <tr>
+ <td width="22%" class="vncell">Use the file upload to add files to the /tftpboot directory.</td>
+ <td width="78%" class="vtable">
+ <span class="vexpl"><strong>Backup:</strong> 'Backup' button compresses /tftpboot/ to /root/backup/tftp.bak.tgz; after that it presents the backup for download.<br />
+ <strong>Restore:</strong> If the backup file does not exist in /root/backup/tftp.bak.tgz then the 'Restore' button will be hidden.
+ To 'Restore' a previously downloaded backup, use <a href="diag_backup.php" title="Upload file">Diagnostics -> Command Prompt -> File to upload</a> to browse to the file and then click on upload.<br />
+ After that, backup will be ready to be restored.<br /><br />
+ </span>
+ <input type="button" value="Backup" title="Create backup" onclick="document.location.href='tftp_files.php?a=download&amp;t=backup'" />
+ <?php
+ if (file_exists('/root/backup/tftp.bak.tgz')) {
+ echo "<input type='button' value='Restore' title='Restore backup' onclick=\"document.location.href='tftp_files.php?a=other&amp;t=restore';\" />\n";
+ }
+ ?>
+ </td>
</tr>
+ </table>
+
+</div>
+</td></tr>
</table>
</div>
diff --git a/config/tinc/tinc.priv.inc b/config/tinc/tinc.priv.inc
new file mode 100644
index 00000000..d8b45c5b
--- /dev/null
+++ b/config/tinc/tinc.priv.inc
@@ -0,0 +1,44 @@
+<?php
+/*
+ tinc.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-vpn-tinc'] = array();
+$priv_list['page-vpn-tinc']['name'] = "WebCfg - VPN: tinc package";
+$priv_list['page-vpn-tinc']['descr'] = "Allow access to tinc package GUI";
+$priv_list['page-vpn-tinc']['match'] = array();
+
+$priv_list['page-vpn-tinc']['match'][] = "pkg.php?xml=tinc.xml*";
+$priv_list['page-vpn-tinc']['match'][] = "pkg.php?xml=tinc_hosts.xml*";
+
+$priv_list['page-vpn-tinc']['match'][] = "pkg_edit.php?xml=tinc.xml*";
+$priv_list['page-vpn-tinc']['match'][] = "pkg_edit.php?xml=tinc_hosts.xml*";
+
+$priv_list['page-vpn-tinc']['match'][] = "status_tinc.php*";
+
+?>
diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml
index 89d1e8ce..0f71e03d 100644
--- a/config/tinc/tinc.xml
+++ b/config/tinc/tinc.xml
@@ -42,8 +42,8 @@
</copyright>
<description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description>
<name>tinc</name>
- <version>1.2.2</version>
- <title>VPN: tinc - Config</title>
+ <version>1.2.4</version>
+ <title>VPN: Tinc: Settings</title>
<include_file>/usr/local/pkg/tinc.inc</include_file>
<configpath>['installedpackages']['package']['$packagename']['config']</configpath>
<menu>
@@ -53,7 +53,7 @@
<url>/pkg_edit.php?xml=tinc.xml</url>
</menu>
<menu>
- <name>tinc VPN</name>
+ <name>Tinc VPN</name>
<section>Status</section>
<url>/status_tinc.php</url>
</menu>
@@ -65,7 +65,7 @@
</service>
<tabs>
<tab>
- <text>Config</text>
+ <text>Settings</text>
<url>/pkg_edit.php?xml=tinc.xml</url>
<active/>
</tab>
@@ -79,6 +79,10 @@
<item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/tinc/tinc.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item>
</additional_files_needed>
@@ -119,7 +123,7 @@
<fieldname>localip</fieldname>
<description>
<![CDATA[
- IP Address of local tunnel interface.<br />
+ IP address of local tunnel interface.<br />
This is often the same IP as your routers LAN address. (Example: 192.168.2.1)
]]>
</description>
@@ -143,7 +147,7 @@
<fieldname>vpnnetmask</fieldname>
<description>
<![CDATA[
- This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.<br />
+ This is the netmask that defines what traffic is routed to the VPNs tunnel interface.<br />
It is usually broader then your local netmask. (Example: 255.255.0.0)
]]>
</description>
diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml
index b521d4a2..a10c1a9e 100644
--- a/config/tinc/tinc_hosts.xml
+++ b/config/tinc/tinc_hosts.xml
@@ -41,13 +41,13 @@
]]>
</copyright>
<name>tinchosts</name>
- <version>1.2.2</version>
- <title>VPN: tinc - Hosts</title>
+ <version>1.2.4</version>
+ <title>VPN: Tinc: Hosts</title>
<include_file>/usr/local/pkg/tinc.inc</include_file>
<configpath>['installedpackages']['package']['$packagename']['config']</configpath>
<tabs>
<tab>
- <text>Config</text>
+ <text>Settings</text>
<url>/pkg_edit.php?xml=tinc.xml</url>
</tab>
<tab>
@@ -75,7 +75,6 @@
<fieldname>connect</fieldname>
<type>checkbox</type>
</columnitem>
-
</adddeleteeditpagefields>
<fields>
<field>
@@ -107,7 +106,7 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>RSA public key</fielddescr>
+ <fielddescr>RSA Public Key</fielddescr>
<fieldname>cert_pub</fieldname>
<description>
<![CDATA[
diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc
index 3bf64777..5e61fc05 100644
--- a/config/tinydns/tinydns.inc
+++ b/config/tinydns/tinydns.inc
@@ -1,11 +1,10 @@
<?php
-
-/* $Id$ */
/*
tinydns.inc
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2006, 2007, 2008, 2009 Scott Ullrich
- Parts Copyright (C) 2007 Goffredo Andreone
- part of pfSense
+ Copyright (C) 2007 Goffredo Andreone
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -29,7 +28,6 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-
if(!function_exists("filter_configure"))
require_once("filter.inc");
@@ -208,6 +206,35 @@ function tinydns_custom_php_deinstall_command() {
conf_mount_ro();
}
+function tinydns_upgrade_config() {
+ /* Remove obsolete XMLRPC sync configuration */
+ if (is_array($config['installedpackages']['tinydnssync']['config'])) {
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress']);
+ }
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress2'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress2']);
+ }
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress3'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress3']);
+ }
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['password'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['password']);
+ }
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['password2'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['password2']);
+ }
+ if (isset($config['installedpackages']['tinydnssync']['config'][0]['password3'])) {
+ unset($config['installedpackages']['tinydnssync']['config'][0]['password3']);
+ }
+ }
+ if (is_array($config['installedpackages']['tinydns']['config'])) {
+ if (isset($config['installedpackages']['tinydns']['config'][0]['syncxmlrpc'])) {
+ unset($config['installedpackages']['tinydns']['config'][0]['syncxmlrpc']);
+ }
+ }
+}
+
function tinydns_custom_php_changeip_command() {
global $g, $config;
conf_mount_rw();
@@ -232,10 +259,18 @@ function tinydns_custom_php_changeip_command() {
if(!is_dir("{$g['varrun_path']}/service"))
exec("/bin/mkdir -p {$g['varrun_path']}/service");
- exec("/usr/sbin/pw useradd Gtinydns");
- exec("/usr/sbin/pw useradd Gdnslog");
- exec("/usr/sbin/pw useradd Gdnscache");
- exec("/usr/sbin/pw useradd Gaxfrdns");
+ if (!exec("/usr/sbin/pw usershow Gtinydns")) {
+ exec("/usr/sbin/pw useradd Gtinydns");
+ }
+ if (!exec("/usr/sbin/pw usershow Gdnslog")) {
+ exec("/usr/sbin/pw useradd Gdnslog");
+ }
+ if (!exec("/usr/sbin/pw usershow Gdnscache")) {
+ exec("/usr/sbin/pw useradd Gdnscache");
+ }
+ if (!exec("/usr/sbin/pw usershow Gaxfrdns")) {
+ exec("/usr/sbin/pw useradd Gaxfrdns");
+ }
exec("/bin/rm -r {$g['varetc_path']}/dnscache*");
exec("/bin/rm -r {$g['varrun_path']}/service/dnscache*");
@@ -259,21 +294,14 @@ function tinydns_custom_php_changeip_command() {
foreach ($interfaces as $dnsidx => $dnsif) {
$dnscacheif = convert_friendly_interface_to_real_interface_name($dnsif);
$dnscacheip = find_interface_ip($dnscacheif);
- if (intval($config['version']) >= 6)
- $ipmask = find_interface_subnet($dnscacheif);
- else
- $ipmask = $config['interfaces'][$dnsif]['subnet'];
-
- if (intval($config['version']) <= 8) {
- if (is_ipaddr($ipaddress))
- $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
- } else {
- if (is_ipaddrv4($ipaddress)) {
- $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
- } elseif (is_ipaddrv6($ipaddress)) {
- $arr = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask);
- }
+ $ipmask = find_interface_subnet($dnscacheif);
+
+ if (is_ipaddrv4($ipaddress)) {
+ $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
+ } elseif (is_ipaddrv6($ipaddress)) {
+ $arr = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask);
}
+
$dnsuserip = $arr[0];
//exec("/bin/mkdir -p {$g['varetc_path']}/dnscache{$dnsidx}");
exec("/usr/local/bin/dnscache-conf Gdnscache Gdnslog {$g['varetc_path']}/dnscache{$dnsidx} {$dnscacheip}");
@@ -305,7 +333,7 @@ function tinydns_custom_php_changeip_command() {
exec("{$svc_path} -xk {$g['varetc_path']}/dnscache{$dnsidx}");
}
} else {
- $interfaces = explode(",", $$config['installedpackages']['tinydns']['config'][0]['interface']);
+ $interfaces = explode(",", $config['installedpackages']['tinydns']['config'][0]['interface']);
foreach ($interfaces as $dnsidx => $dnsif) {
if(is_dir("{$g['varetc_path']}/dnscache{$dnsidx}"))
dnscache_use_root_servers($dnsidx);
@@ -517,10 +545,7 @@ function tinydns_create_zone_file() {
foreach ($interfaces as $dnsif) {
$dnsrif = convert_friendly_interface_to_real_interface_name($dnsif);
$dnsrip = find_interface_ip($dnsrif);
- if (intval($config['version']) >= 6)
- $ipmask = find_interface_subnet($dnsrif);
- else
- $ipmask = $config['interfaces'][$dnsif]['subnet'];
+ $ipmask = find_interface_subnet($dnsrif);
$dhcpdfqdn = "{$dhcpdhostname}.{$dhcpddomain}";
tinydns_complete_soa_record($fd, $dnsrip, $ipmask, $dhcpdhostname, $dhcpddomain);
}
@@ -544,10 +569,7 @@ function tinydns_create_zone_file() {
$dnsrif = convert_friendly_interface_to_real_interface_name($dnsif);
$dnsrip = find_interface_ip($dnsrif);
- if (intval($config['version']) >= 6)
- $ipmask = find_interface_subnet($dnsrif);
- else
- $ipmask = $config['interfaces'][$dnsif]['subnet'];
+ $ipmask = find_interface_subnet($dnsrif);
$dhcpdfqdn = "{$dhcpdhostname}.{$dhcpddomain}";
tinydns_complete_soa_record($fd, $dnsrip, $ipmask, $dhcpdhostname, $dhcpddomain);
@@ -606,15 +628,10 @@ function tinydns_create_zone_file() {
if($record_data) {
fwrite($fd, $record_data . "\n");
if ($domain['rdns'] || ($domain['recordtype'] == 'PTR')) {
- if (intval($config['version']) <= 8) {
- if (is_ipaddr($ipaddress))
- $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32);
- } else {
- if (is_ipaddrv4($ipaddress)) {
- $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32);
- } elseif (is_ipaddrv6($ipaddress)) {
- $rip = tinydns_get_ip6_subnet_arpa($ipaddress, 128);
- }
+ if (is_ipaddrv4($ipaddress)) {
+ $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32);
+ } elseif (is_ipaddrv6($ipaddress)) {
+ $rip = tinydns_get_ip6_subnet_arpa($ipaddress, 128);
}
if($rip)
@@ -651,95 +668,146 @@ function tinydns_create_zone_file() {
function tinydns_sync_on_changes() {
global $g, $config;
- log_error("[tinydns] tinydns_xmlrpc_sync.php is starting.");
- $synconchanges = $config['installedpackages']['tinydnssync']['config'][0]['synconchanges'];
- if(!$synconchanges)
- return;
- $sync_hosts = $config['installedpackages']['tinydnssync']['config'];
- $previous_ip = "";
- $x=0;
- $sh = $config['installedpackages']['tinydnssync']['config'][0];
- for($x=1; $x<5; $x++) {
- if($x > 1)
- $counter = $x;
- else
- $counter = "";
- $sync_to_ip = "";
- $password = "";
- if($sh['ipaddress' . $counter]) {
- $sync_to_ip = $sh['ipaddress' . $counter];
- $password = $sh['password' . $counter];
+
+ /* XMLRPC sync */
+ if (is_array($config['installedpackages']['tinydnssync']['config'])) {
+ $tinydns_sync = $config['installedpackages']['tinydnssync']['config'][0];
+ $synconchanges = $tinydns_sync['synconchanges'];
+ $synctimeout = $tinydns_sync['synctimeout'] ?: '250';
+ switch ($synconchanges) {
+ case "manual":
+ if (is_array($tinydns_sync['row'])) {
+ $rs = $tinydns_sync['row'];
+ } else {
+ log_error("[tinydns] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[tinydns] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
+ }
+ } else {
+ log_error("[tinydns] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
}
- if($password && $sync_to_ip)
- tinydns_do_xmlrpc_sync($sync_to_ip, $password);
- }
- tinydns_create_zone_file();
- if ($config['installedpackages']['tinydns']['config'][0]['enableipmonitoring']) {
- tinydns_setup_ping_items();
- }
- log_error("[tinydns] tinydns_xmlrpc_sync.php is ending.");
+ if (is_array($rs)) {
+ log_error("[tinydns] XMLRPC sync is starting.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
+ $sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
+ $password = $sh['password'];
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ tinydns_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[tinydns] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ }
+ }
+ log_error("[tinydns] tinydns_xmlrpc_sync.php is ending.");
+ }
+ }
}
-function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
+/* Do the actual XMLRPC sync. */
+function tinydns_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
global $config, $g;
- if(!$password)
+ /* Detect boot process, do nothing during boot. */
+ if (function_exists("platform_booting")) {
+ if (platform_booting()) {
+ return;
+ }
+ } elseif ($g['booting']) {
return;
+ }
- if(!$sync_to_ip)
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[tinydns] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
+ }
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http")
- $port = "80";
- else
- $port = "443";
- }
- $synchronizetoip .= $sync_to_ip;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
+ }
- /* xml will hold the sections to sync */
+ $url = "{$protocol}://{$sync_to_ip}";
+
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['tinydnsdomains'] = $config['installedpackages']['tinydnsdomains'];
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("Beginning TinyDNS XMLRPC sync to {$url}:{$port}.");
+ /* Set a few variables needed for sync code */
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
+ $cli->setCredentials($username, $password);
+ if ($g['debug']) {
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occured while attempting tinydns XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ }
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
+ $resp = $cli->send($msg, $synctimeout);
+ if (!$resp) {
+ $error = "A communications error occured while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[tinydns] {$error}");
file_notice("sync_settings", $error, "tinydns Settings Sync", "");
- } elseif($resp->faultCode()) {
+ } elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting tinydns XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[tinydns] {$error}");
file_notice("sync_settings", $error, "tinydns Settings Sync", "");
} else {
- log_error("tinydns XMLRPC sync successfully completed with {$url}:{$port}.");
+ log_error("[tinydns] XMLRPC sync successfully completed with {$url}:{$port}.");
}
- /* tell tinydns to reload our settings on the destionation sync host. */
+ /* Tell tinydns to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('functions.inc');\n";
$execcmd .= "require_once('/usr/local/pkg/tinydns.inc');\n";
@@ -749,31 +817,27 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
$execcmd .= "tinydns_setup_ping_items();\n";
}
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("tinydns XMLRPC reload data {$url}:{$port}.");
+ log_error("[tinydns] XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
- if(!$resp) {
- $error = "A communications error occured while attempting tinydns XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
+ if (!$resp) {
+ $error = "A communications error occured while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error("[tinydns] {$error}");
file_notice("sync_settings", $error, "tinydns Settings Sync", "");
- } elseif($resp->faultCode()) {
+ } elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting tinydns XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[tinydns] {$error}");
file_notice("sync_settings", $error, "tinydns Settings Sync", "");
} else {
- log_error("tinydns XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[tinydns] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
-
}
/* formats data as a tinydns data row item */
@@ -789,18 +853,15 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns
/* Note that some of these are simplistic versions of TinyDNS record handling. Uber-users can always do "raw" entries... */
case "SOA":
// .fqdn:ip:x:ttl:timestamp:lo
- if (intval($config['version']) <= 8) {
- $record_data = ".{$hostname}::{$recordip}{$ttl_string}";
+ if (is_ipaddrv6($hostname)) {
+ list($rip, $rmask) = explode("/", $hostname);
+ $rmask = empty($rmask) ? 128 : $rmask;
+ $ip6_arpa = tinydns_get_ip6_subnet_arpa($rip, $rmask);
+ $record_data = ".{$ip6_arpa[1]}::{$recordip}{$ttl_string}";
} else {
- if (is_ipaddrv6($hostname)) {
- list($rip, $rmask) = explode("/", $hostname);
- $rmask = empty($rmask) ? 128 : $rmask;
- $ip6_arpa = tinydns_get_ip6_subnet_arpa($rip, $rmask);
- $record_data = ".{$ip6_arpa[1]}::{$recordip}{$ttl_string}";
- } else {
- $record_data = ".{$hostname}::{$recordip}{$ttl_string}";
- }
+ $record_data = ".{$hostname}::{$recordip}{$ttl_string}";
}
+
break;
case "NS":
// &serious.panic.mil:1.8.248.6:a
@@ -832,17 +893,11 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns
case "PTR":
/* "^" creates "PTR" record only to allow reverse DNS */
// ^fqdn:p:ttl:timestamp:lo
-
- if (intval($config['version']) <= 8) {
- if (is_ipaddr($recordip))
- $record_data = "^{$hostname}:{$recordip}{$ttl_string}";
- } else {
- if (is_ipaddrv4($recordip)) {
- $record_data = "^{$hostname}:{$recordip}{$ttl_string}";
- } elseif (is_ipaddrv6($recordip)) {
- $ip6_arpa = tinydns_get_ip6_subnet_arpa($recordip, 128);
- $record_data = "^{$ip6_arpa[1]}:{$hostname}{$ttl_string}";
- }
+ if (is_ipaddrv4($recordip)) {
+ $record_data = "^{$hostname}:{$recordip}{$ttl_string}";
+ } elseif (is_ipaddrv6($recordip)) {
+ $ip6_arpa = tinydns_get_ip6_subnet_arpa($recordip, 128);
+ $record_data = "^{$ip6_arpa[1]}:{$hostname}{$ttl_string}";
}
break;
case "A":
@@ -1016,15 +1071,10 @@ function tinydns_complete_soa_record($fd, $ip, $ipmask, $nsname, $domain) {
global $config;
$fqdn = "{$nsname}.{$domain}";
- if (intval($config['version']) <= 8) {
- if (is_ipaddr($ipaddress))
- $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
- } else {
- if (is_ipaddrv4($ipaddress)) {
- $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
- } elseif (is_ipaddrv6($ipaddress)) {
- $rip = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask);
- }
+ if (is_ipaddrv4($ipaddress)) {
+ $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask);
+ } elseif (is_ipaddrv6($ipaddress)) {
+ $rip = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask);
}
$soa = ".{$domain}::{$fqdn}";
@@ -1181,53 +1231,20 @@ function tinydns_dnscache_forwarding_servers($index) {
global $g, $config;
exec("echo 1 > {$g['varetc_path']}/dnscache{$index}/env/FORWARDONLY");
- if(is_dir("{$g['varetc_path']}/dnscache{$index}/root/servers/"))
+ if (is_dir("{$g['varetc_path']}/dnscache{$index}/root/servers/")) {
exec("rm -R {$g['varetc_path']}/dnscache/root/servers/");
+ }
exec("/bin/mkdir -p {$g['varetc_path']}/dnscache{$index}/root/servers/");
- if (intval($config['version']) >= 6)
- if (!empty(glob("{$g['varetc_path']}/nameserver_*"))) {
- exec("/bin/cat {$g['varetc_path']}/nameserver_* > {$g['varetc_path']}/dnscache{$index}/root/servers/@");
- } else {
- $fw = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w");
- if (! $fw) {
- printf("Error: cannot open dnscache/root/servers/@ in tinydns_register_forwarding_servers().\n");
- return 1;
- }
- fwrite($fw, $config['system']['dnsserver'][0]);
- fclose($fw);
- }
- else {
- $fr = fopen("{$g['varetc_path']}/resolv.conf.dnscache", "r");
- if (! $fr) {
- printf("Error: cannot open resolv.conf.dnscache in tinydns_register_forwarding_servers().\n");
- return 1;
- }
- $lip = strlen("nameserver") + 1;
- $j = 0;
- $iprecords = "";
- while (!feof($fr)) {
- $routers = fgets($fr, 4096);
- $discard = ($routers[0] == "\n");
- if(!$discard) {
- if ($routerip = strstr($routers,"nameserver")) {
- $routerip = substr($routerip,$lip);
- if($routerip) {
- $j += 1;
- $routera = "{$routerip}";
- $iprecords .= $routera;
- }
- }
- }
- }
- fclose($fr);
- $fr = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w");
- if (! $fr) {
- printf("Error: cannot write to {$g['varetc_path']}/dnscache{$index}/root/servers/@ in tinydns_dnscache_forwarding_servers().\n");
+ if (!empty(glob("{$g['varetc_path']}/nameserver_*"))) {
+ exec("/bin/cat {$g['varetc_path']}/nameserver_* > {$g['varetc_path']}/dnscache{$index}/root/servers/@");
+ } else {
+ $fw = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w");
+ if (!$fw) {
+ printf("Error: cannot open dnscache/root/servers/@ in tinydns_register_forwarding_servers().\n");
return 1;
}
- if($iprecords)
- fwrite($fr, $iprecords);
- fclose($fr);
+ fwrite($fw, $config['system']['dnsserver'][0]);
+ fclose($fw);
}
}
diff --git a/config/tinydns/tinydns.xml b/config/tinydns/tinydns.xml
index 55ee3269..bbb1cfa2 100644
--- a/config/tinydns/tinydns.xml
+++ b/config/tinydns/tinydns.xml
@@ -44,7 +44,7 @@
]]>
</copyright>
<name>tinydns</name>
- <version>1.0</version>
+ <version>1.0.6.24</version>
<title>DNS Server: Settings</title>
<aftersaveredirect>/pkg_edit.php?xml=tinydns.xml&amp;id=0</aftersaveredirect>
<include_file>/usr/local/pkg/tinydns.inc</include_file>
@@ -59,13 +59,13 @@
<rcfile>svscan.sh</rcfile>
<executable>svscan</executable>
<description>Daemontools service directory watcher</description>
- </service>
+ </service>
<service>
<name>DNS Server</name>
<rcfile>tinydns.sh</rcfile>
<executable>tinydns</executable>
<description>TinyDNS DNS Server</description>
- </service>
+ </service>
<tabs>
<tab>
<text>Settings</text>
@@ -99,10 +99,6 @@
<item>https://packages.pfsense.org/packages/config/tinydns/tinydns.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/pf/</prefix>
- <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_xmlrpc_sync.php</item>
- </additional_files_needed>
- <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/tinydns/tinydns_domains.xml</item>
</additional_files_needed>
@@ -149,8 +145,7 @@
<field>
<type>listtopic</type>
<name>Binding IP Address</name>
- <fieldname>temp</fieldname>
- </field>
+ </field>
<field>
<fielddescr>IP Address</fielddescr>
<fieldname>ipaddress</fieldname>
@@ -160,8 +155,7 @@
<field>
<type>listtopic</type>
<name>Recursive DNS Resolver</name>
- <fieldname>temp</fieldname>
- </field>
+ </field>
<field>
<fielddescr>Enable recursive DNS responder</fielddescr>
<fieldname>enableforwarding</fieldname>
@@ -197,7 +191,6 @@
<field>
<type>listtopic</type>
<name>IP Monitoring</name>
- <fieldname>temp</fieldname>
</field>
<field>
<fielddescr>Enable IP monitoring</fielddescr>
@@ -213,19 +206,7 @@
</field>
<field>
<type>listtopic</type>
- <name>Sync TinyDNS settings via XMLRPC</name>
- <fieldname>temp</fieldname>
- </field>
- <field>
- <fielddescr>XMLRPC Sync</fielddescr>
- <fieldname>syncxmlrpc</fieldname>
- <description>Sync TinyDNS configuration to backup firewalls</description>
- <type>checkbox</type>
- </field>
- <field>
- <type>listtopic</type>
<name>Zone transfers</name>
- <fieldname>temp</fieldname>
</field>
<field>
<fielddescr>Hosts allowed to perform DNS Zone Transfers - Note: this requires TCP port 53 firewall permit rule!</fielddescr>
@@ -245,7 +226,7 @@
<description>Enter the DNS zone that this IP address is allowed to transfer (ex: domain.com)</description>
<type>input</type>
<size>20</size>
- </rowhelperfield>
+ </rowhelperfield>
</rowhelper>
</field>
</fields>
@@ -254,7 +235,7 @@
tinydns_custom_php_install_command();
tinydns_create_zone_file();
tinydns_setup_ping_items();
- tinydns_sync_on_changes();
+ tinydns_sync_on_changes();
</custom_delete_php_command>
<custom_php_validation_command>
tinydns_validate();
@@ -264,26 +245,24 @@
tinydns_custom_php_install_command();
tinydns_create_zone_file();
tinydns_setup_ping_items();
- tinydns_sync_on_changes();
+ tinydns_sync_on_changes();
</custom_add_php_command>
<custom_php_resync_config_command>
tinydns_custom_php_changeip_command();
tinydns_custom_php_install_command();
tinydns_create_zone_file();
tinydns_setup_ping_items();
- tinydns_sync_on_changes();
+ tinydns_sync_on_changes();
</custom_php_resync_config_command>
<custom_php_install_command>
tinydns_custom_php_install_command();
- tinydns_sync_on_changes();
+ tinydns_upgrade_config();
</custom_php_install_command>
<custom_php_deinstall_command>
tinydns_custom_php_deinstall_command();
- tinydns_sync_on_changes();
</custom_php_deinstall_command>
<custom_php_command_before_form>
<![CDATA[
- unset($_POST['temp']);
if (!is_process_running("svscan")) {
$savemsg = "NOTE: svscan is not running. Please <a href='/status_services.php?mode=restartservice&service=svscan'>start svscan</a> to bring up the DNS Server";
}
diff --git a/config/tinydns/tinydns_dhcp_filter.php b/config/tinydns/tinydns_dhcp_filter.php
index 85f5f8e7..5b245d7f 100644
--- a/config/tinydns/tinydns_dhcp_filter.php
+++ b/config/tinydns/tinydns_dhcp_filter.php
@@ -1,10 +1,10 @@
<?php
-/* $Id$ */
/*
tinydns_dhcp_filter.php
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2006 Scott Ullrich
- Parts Copyright (C) 2007 Goffredo Andreone <GAndreone@imapro.com>
- part of pfSense
+ Copyright (C) 2007 Goffredo Andreone
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -39,21 +39,17 @@
require("/usr/local/pkg/tinydns.inc");
require("guiconfig.inc");
+$closehead = false;
$pgtitle = "TinyDNS: DHCP Domains";
include("head.inc");
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
-if ($pf_version < 2.0)
- $one_two = true;
-
?>
+<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
+</head>
+
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<?php if($one_two): ?>
-<p class="pgtitle"><?=$pgtitle?></font></p>
-<?php endif; ?>
-
<?php if ($savemsg) print_info_box($savemsg); ?>
<div id="mainlevel">
@@ -64,7 +60,7 @@ if ($pf_version < 2.0)
$tab_array[] = array(gettext("Add/Edit Record"), false, "/tinydns_filter.php");
$tab_array[] = array(gettext("Failover Status"), false, "/tinydns_status.php");
$tab_array[] = array(gettext("Logs"), false, "/tinydns_view_logs.php");
- $tab_array[] = array(gettext("Zone Sync"), false, "/tinydns_xmlrpc_sync.php");
+ $tab_array[] = array(gettext("Zone Sync"), false, "/pkg_edit.php?xml=tinydns_sync.xml");
$tab_array[] = array(gettext("New domain wizard"), false, "/wizard.php?xml=new_zone_wizard.xml");
display_top_tabs($tab_array);
?>
@@ -124,6 +120,5 @@ while ($startofrecord < $datalen ){
</table>
</div>
<?php include("fend.inc"); ?>
-<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
</body>
</html>
diff --git a/config/tinydns/tinydns_sync.xml b/config/tinydns/tinydns_sync.xml
index 5fe8ac77..2f7da455 100644
--- a/config/tinydns/tinydns_sync.xml
+++ b/config/tinydns/tinydns_sync.xml
@@ -2,48 +2,48 @@
<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+ <![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
- tinydns_sync.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2008 Scott Ullrich
- All rights reserved.
- */
-/* ========================================================================== */
+ tinydns_sync.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2008 Scott Ullrich
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+*/
+/* ====================================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>tinydnssync</name>
- <version>1.0</version>
- <title>TinyDNS: Manual Sync</title>
+ <version>1.0.6.24</version>
+ <title>TinyDNS: XMLRPC Sync</title>
<include_file>/usr/local/pkg/tinydns.inc</include_file>
<tabs>
<tab>
@@ -76,71 +76,89 @@
<fields>
<field>
<type>listtopic</type>
- <fieldname>temp</fieldname>
- <name>Enable DNS zone sync</name>
+ <name>DNS zone synchronization</name>
</field>
<field>
- <fielddescr>Enable DNS zone synchronization</fielddescr>
+ <fielddescr>Enable synchronization</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>pfSense will automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
- </field>
- <field>
- <type>listtopic</type>
- <name>Sync host #1</name>
- <fieldname>temp</fieldname>
- </field>
- <field>
- <fielddescr>IP Address</fielddescr>
- <fieldname>ipaddress</fieldname>
- <description>IP address of the first TinyDNS sync host.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Admin password of the first TinyDNS sync host.</description>
- <type>password</type>
+ <description>
+ <![CDATA[
+ Select a sync method for TinyDNS.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
+ <type>select</type>
+ <required/>
+ <default_value>disabled</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
</field>
<field>
- <type>listtopic</type>
- <name>Sync host #2</name>
- <fieldname>temp</fieldname>
- </field>
- <field>
- <fielddescr>IP Address 2</fielddescr>
- <fieldname>ipaddress2</fieldname>
- <description>IP address of the second TinyDNS sync host. (optional)</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Password 2</fielddescr>
- <fieldname>password2</fieldname>
- <description>Admin password of the second TinyDNS sync host.</description>
- <type>password</type>
- </field>
- <field>
- <type>listtopic</type>
- <name>Sync host #3</name>
- <fieldname>temp</fieldname>
- </field>
- <field>
- <fielddescr>IP Address 3</fielddescr>
- <fieldname>ipaddress3</fieldname>
- <description>IP address of the third TinyDNS sync host. (optional)</description>
- <type>input</type>
+ <fielddescr>Sync Timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>XMLRPC timeout in seconds.</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds (Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
</field>
<field>
- <fielddescr>Password 3</fielddescr>
- <fieldname>password3</fieldname>
- <description>Admin password of the third TinyDNS sync host.</description>
- <type>password</type>
+ <fielddescr>Replication Targets</fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
+ <fieldname>ipaddress</fieldname>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
+ <type>input</type>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
+ <fieldname>password</fieldname>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
+ <type>password</type>
+ <size>20</size>
+ </rowhelperfield>
+ </rowhelper>
</field>
</fields>
<custom_php_resync_config_command>
tinydns_sync_on_changes();
</custom_php_resync_config_command>
- <custom_php_command_before_form>
- unset($_POST['temp']);
- </custom_php_command_before_form>
-</packagegui> \ No newline at end of file
+</packagegui>
diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc
index b0e2db45..b3ae7a7e 100644
--- a/config/vhosts/vhosts.inc
+++ b/config/vhosts/vhosts.inc
@@ -273,7 +273,7 @@ EOF;
// Set the default port
if (strlen($port) == 0) {
- $port = '8001';
+ $port = '10081';
}
if ($ipaddress . ':' . $port != $ipaddress_and_port_previous_value) {
diff --git a/config/vhosts/vhosts.priv.inc b/config/vhosts/vhosts.priv.inc
new file mode 100644
index 00000000..f29c0813
--- /dev/null
+++ b/config/vhosts/vhosts.priv.inc
@@ -0,0 +1,40 @@
+<?php
+/*
+ vhosts.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-vhosts'] = array();
+$priv_list['page-services-vhosts']['name'] = "WebCfg - Services: vHosts package";
+$priv_list['page-services-vhosts']['descr'] = "Allow access to vHosts package GUI";
+
+$priv_list['page-services-vhosts']['match'] = array();
+$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/vhosts_php.php*";
+$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/vhosts_php_edit.php*";
+$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/system_advanced_create_certs.php*";
+
+?>
diff --git a/config/vhosts/vhosts.xml b/config/vhosts/vhosts.xml
index 306ccc69..d1a6590c 100644
--- a/config/vhosts/vhosts.xml
+++ b/config/vhosts/vhosts.xml
@@ -43,7 +43,7 @@
</copyright>
<description>vHosts</description>
<name>vHosts Settings</name>
- <version>0.8.0</version>
+ <version>0.8.3</version>
<title>vHosts Settings</title>
<include_file>/usr/local/pkg/vhosts.inc</include_file>
<menu>
@@ -65,6 +65,10 @@
<item>https://packages.pfsense.org/packages/config/vhosts/vhosts.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/packages/vhosts/</prefix>
<item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php.php</item>
</additional_files_needed>
diff --git a/config/vhosts/vhosts_php_edit.php b/config/vhosts/vhosts_php_edit.php
index cb5a330f..a0969b9f 100644
--- a/config/vhosts/vhosts_php_edit.php
+++ b/config/vhosts/vhosts_php_edit.php
@@ -201,7 +201,7 @@ function openwindow(url) {
<td width="78%" class="vtable">
<input name="host" type="text" class="formfld" id="host" size="40" value="<?=htmlspecialchars($pconfig['host']);?>" />
<br />
- Required. If the host is intended for internal you can use the DNS forwarder to set a host name that is valid inside the local network. default: vhost01.local
+ Required. If the host is intended for internal you can use the DNS forwarder to set a host name that is valid inside the local network. Default: vhost01.local
</td>
</tr>
<tr>
@@ -209,7 +209,7 @@ function openwindow(url) {
<td width="78%" class="vtable">
<input name="ipaddress" type="text" class="formfld" id="ipaddress" size="40" value="<?=htmlspecialchars($pconfig['ipaddress']);?>" />
<br />
- Required. Make sure the IP and Port combination does not conflict with the local system. example: 192.168.0.1
+ Required. Make sure the IP and Port combination does not conflict with the local system. Example: 192.168.0.1
</td>
</tr>
<tr>
@@ -217,7 +217,7 @@ function openwindow(url) {
<td width="78%" class="vtable">
<input name="port" type="text" class="formfld" id="port" size="40" value="<?=htmlspecialchars($pconfig['port']);?>" />
<br />
- Make sure the IP and Port combination does not conflict with the local system. default: 8001
+ Make sure the IP and Port combination does not conflict with the local system. Default: 10081
</td>
</tr>
<tr>
diff --git a/config/vnstat2/vnstat2.priv.inc b/config/vnstat2/vnstat2.priv.inc
new file mode 100644
index 00000000..324ac435
--- /dev/null
+++ b/config/vnstat2/vnstat2.priv.inc
@@ -0,0 +1,44 @@
+<?php
+/*
+ vnstat2.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-status-vnstat2'] = array();
+$priv_list['page-status-vnstat2']['name'] = "WebCfg - Status: vnstat2 package";
+$priv_list['page-status-vnstat2']['descr'] = "Allow access to vnstat2 package GUI";
+
+$priv_list['page-status-vnstat2']['match'] = array();
+$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstat2.xml*";
+$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstati.xml*";
+$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstatoutput.xml*";
+$priv_list['page-status-vnstat2']['match'][] = "diag_vnstat.php*";
+$priv_list['page-status-vnstat2']['match'][] = "diag_vnstat2.php*";
+$priv_list['page-status-vnstat2']['match'][] = "vnstat2_img.php*";
+$priv_list['page-status-vnstat2']['match'][] = "vnstati.php*";
+
+?>
diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml
index 7e65d465..8d586f10 100644
--- a/config/vnstat2/vnstat2.xml
+++ b/config/vnstat2/vnstat2.xml
@@ -42,24 +42,24 @@
]]>
</copyright>
<name>vnstat2</name>
- <version>1.12.5</version>
+ <version>1.12.8</version>
<title>Vnstat2</title>
- <aftersaveredirect>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</aftersaveredirect>
+ <aftersaveredirect>/pkg_edit.php?xml=vnstat2.xml</aftersaveredirect>
<include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file>
<menu>
<name>Vnstat2</name>
<section>Status</section>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
</menu>
<tabs>
<tab>
<text>Config</text>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
<active/>
</tab>
<tab>
<text>Vnstati</text>
- <url>/pkg_edit.php?xml=vnstati.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstati.xml</url>
</tab>
<tab>
<text>Access vnstat php frontend</text>
@@ -67,7 +67,7 @@
</tab>
<tab>
<text>vnstat info</text>
- <url>/pkg_edit.php?xml=vnstatoutput.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstatoutput.xml</url>
</tab>
<tab>
<text>vnstat summary</text>
@@ -79,6 +79,10 @@
<item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/vnstat2/vnstati.xml</item>
</additional_files_needed>
diff --git a/config/vnstat2/vnstati.xml b/config/vnstat2/vnstati.xml
index b395e65f..373fa0eb 100644
--- a/config/vnstat2/vnstati.xml
+++ b/config/vnstat2/vnstati.xml
@@ -42,23 +42,23 @@
]]>
</copyright>
<name>vnstat2</name>
- <version>1.12.5</version>
+ <version>1.12.8</version>
<title>Vnstat2</title>
<aftersaveredirect>/vnstati.php</aftersaveredirect>
<include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file>
<menu>
<name>vnstat2</name>
<section>Status</section>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
</menu>
<tabs>
<tab>
<text>Config</text>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
</tab>
<tab>
<text>Vnstati</text>
- <url>/pkg_edit.php?xml=vnstati.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstati.xml</url>
<active/>
</tab>
<tab>
@@ -67,7 +67,7 @@
</tab>
<tab>
<text>vnstat info</text>
- <url>/pkg_edit.php?xml=vnstatoutput.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstatoutput.xml</url>
</tab>
<tab>
<text>vnstat summary</text>
diff --git a/config/vnstat2/vnstatoutput.xml b/config/vnstat2/vnstatoutput.xml
index 297c171a..668c5ba2 100644
--- a/config/vnstat2/vnstatoutput.xml
+++ b/config/vnstat2/vnstatoutput.xml
@@ -49,16 +49,16 @@
<menu>
<name>vnstat2</name>
<section>Status</section>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
</menu>
<tabs>
<tab>
<text>Config</text>
- <url>/pkg_edit.php?xml=vnstat2.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstat2.xml</url>
</tab>
<tab>
<text>Vnstati</text>
- <url>/pkg_edit.php?xml=vnstati.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstati.xml</url>
</tab>
<tab>
<text>Access vnstat php frontend</text>
@@ -66,7 +66,7 @@
</tab>
<tab>
<text>vnstat info</text>
- <url>/pkg_edit.php?xml=vnstatoutput.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=vnstatoutput.xml</url>
<active/>
</tab>
<tab>
diff --git a/config/widentd/widentd.priv.inc b/config/widentd/widentd.priv.inc
new file mode 100644
index 00000000..1d369627
--- /dev/null
+++ b/config/widentd/widentd.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ widentd.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-widentd'] = array();
+$priv_list['page-services-widentd']['name'] = "WebCfg - Services: widentd package";
+$priv_list['page-services-widentd']['descr'] = "Allow access to widentd package GUI";
+
+$priv_list['page-services-widentd']['match'] = array();
+$priv_list['page-services-widentd']['match'][] = "pkg_edit.php?xml=widentd.xml*";
+
+?>
diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml
index fe28ba2d..9730160c 100644
--- a/config/widentd/widentd.xml
+++ b/config/widentd/widentd.xml
@@ -42,28 +42,32 @@
]]>
</copyright>
<name>widentd</name>
- <version>1.0.4</version>
+ <version>1.0.5</version>
<title>Services: widentd</title>
<menu>
<name>widentd</name>
<tooltiptext>Modify widentd settings.</tooltiptext>
<section>Services</section>
- <url>pkg_edit.php?xml=widentd.xml&amp;id=0</url>
+ <url>pkg_edit.php?xml=widentd.xml</url>
</menu>
<service>
<name>widentd</name>
<rcfile>widentd.sh</rcfile>
<executable>widentd</executable>
</service>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/widentd/widentd.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
<fields>
<field>
- <fielddescr>Enable widentd daemon</fielddescr>
+ <fielddescr>Enable widentd Daemon</fielddescr>
<fieldname>enable</fieldname>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Listening interface</fielddescr>
+ <fielddescr>Listening Interface</fielddescr>
<fieldname>interface</fieldname>
<description>
<![CDATA[
@@ -87,7 +91,7 @@
<type>input</type>
</field>
<field>
- <fielddescr>System name</fielddescr>
+ <fielddescr>System Name</fielddescr>
<fieldname>sysname</fieldname>
<description>
<![CDATA[
@@ -98,72 +102,65 @@
<type>input</type>
</field>
</fields>
- <custom_php_global_functions>
+ <custom_php_resync_config_command>
<![CDATA[
- function sync_package_widentd() {
conf_mount_rw();
global $config;
- /* Write widentd.sh */
- $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['widentd']['config'][0]['interface']);
- $ip = find_interface_ip($int);
- $user = $config['installedpackages']['widentd']['config'][0]['username'] ?: 'user';
- $system = $config['installedpackages']['widentd']['config'][0]['sysname'] ?: 'UNIX';
- $start = "/usr/local/sbin/widentd -u {$user} -o {$system} -i {$ip}";
- $stop = "/usr/bin/killall widentd";
- write_rcfile(array(
- "file" => "widentd.sh",
- "start" => $start,
- "stop" => $stop
- )
- );
-
/* If the service is (being) disabled, stop it (if running) and do nothing else */
- if (!($config['installedpackages']['widentd']['config'][0][enable])) {
- if (is_process_running("widentd")) {
+ if ($config['installedpackages']['widentd']['config'][0][enable] != "on") {
+ if (is_service_running("widentd")) {
stop_service("widentd");
}
- return;
+ unlink_if_exists("/usr/local/etc/rc.d/widentd.sh");
} else {
- restart_service("widentd");
+ $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['widentd']['config'][0]['interface']);
+ $ip = find_interface_ip($int);
+ $user = $config['installedpackages']['widentd']['config'][0]['username'] ?: 'user';
+ $system = $config['installedpackages']['widentd']['config'][0]['sysname'] ?: 'UNIX';
+ $start = "/usr/local/sbin/widentd -u {$user} -o {$system} -i {$ip}";
+ $stop = "/usr/bin/killall widentd";
+ write_rcfile(array(
+ "file" => "widentd.sh",
+ "start" => $start,
+ "stop" => $stop
+ )
+ );
+ /* (Re)start service */
+ if (is_service_running("widentd")) {
+ restart_service("widentd");
+ } else {
+ start_service("widentd");
+ }
}
conf_mount_ro();
- }
-
-
- function validate_input_widentd($post, &$input_errors) {
+ ]]>
+ </custom_php_resync_config_command>
+ <custom_php_validation_command>
+ <![CDATA[
/* Only allow ^[a-zA-Z\.]+$ otherwise the daemon will not start; see widentd manpage */
- if (($post['username'] != "") && !preg_match("/^[a-zA-Z\.]+$/", $post['username'])) {
- $input_errors[] = 'Username may only contain uppercase and lowercase letters [a-zA-Z] and "." character.';
+ if ($_POST['username'] != "") {
+ if (!preg_match("/^[a-zA-Z\.]+$/", $_POST['username'])) {
+ $input_errors[] = 'Username may only contain uppercase and lowercase letters [a-zA-Z] and "." character.';
+ }
}
/* Technically, ^[A-Z][A-Z0-9\-.\/]+[A-Z0-9]$ should be valid characters here
https://www.iana.org/assignments/operating-system-names/operating-system-names.xhtml
However this is not supported by widentd; the service will not start.
*/
- if (($post['sysname'] != "") && !preg_match("/^[a-zA-Z]+$/", $post['sysname'])) {
- $input_errors[] .= 'System name may only contain uppercase and lowercase letters [a-zA-Z].';
+ if ($_POST['sysname'] != "") {
+ if (!preg_match("/^[a-zA-Z]+$/", $_POST['sysname'])) {
+ $input_errors[] = 'System name may only contain uppercase and lowercase letters [a-zA-Z].';
+ }
}
/* Check for IPv6-only interfaces */
- $int = convert_friendly_interface_to_real_interface_name($post['interface']);
+ $int = convert_friendly_interface_to_real_interface_name($_POST['interface']);
$ip = find_interface_ip($int);
if (!is_ipaddrv4($ip)) {
- $input_errors[] .= 'The selected interface has no IPv4 configured. Widentd does not support IPv6.';
+ $input_errors[] = 'The selected interface has no IPv4 configured. Widentd does not support IPv6.';
}
- }
]]>
- </custom_php_global_functions>
- <custom_add_php_command>
- sync_package_widentd();
- </custom_add_php_command>
- <custom_php_resync_config_command>
- sync_package_widentd();
- </custom_php_resync_config_command>
- <custom_php_install_command>
- unlink_if_exists("/usr/local/etc/rc.d/widentd.sh");
- </custom_php_install_command>
- <custom_php_validation_command>
- validate_input_widentd($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc b/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc
new file mode 100644
index 00000000..433f3bb9
--- /dev/null
+++ b/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ zabbix-agent-lts.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-zabbix-agent-lts'] = array();
+$priv_list['page-services-zabbix-agent-lts']['name'] = "WebCfg - Services: Zabbix Agent LTS package";
+$priv_list['page-services-zabbix-agent-lts']['descr'] = "Allow access to Zabbix Agent LTS package GUI";
+
+$priv_list['page-services-zabbix-agent-lts']['match'] = array();
+$priv_list['page-services-zabbix-agent-lts']['match'][] = "pkg_edit.php?xml=zabbix-agent-lts.xml*";
+
+?>
diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.xml b/config/zabbix-agent-lts/zabbix-agent-lts.xml
index 8883ff22..3ced7d07 100644
--- a/config/zabbix-agent-lts/zabbix-agent-lts.xml
+++ b/config/zabbix-agent-lts/zabbix-agent-lts.xml
@@ -45,7 +45,7 @@
<name>zabbixagentlts</name>
<title>Services: Zabbix Agent LTS</title>
<category>Monitoring</category>
- <version>0.8.6</version>
+ <version>0.8.8</version>
<include_file>/usr/local/pkg/zabbix-agent-lts.inc</include_file>
<addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string>
<delete_string>Zabbix Agent LTS has been deleted.</delete_string>
@@ -53,6 +53,10 @@
<item>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
<menu>
<name>Zabbix Agent LTS</name>
<tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
diff --git a/config/zabbix-agent/zabbix-agent.xml b/config/zabbix-agent/zabbix-agent.xml
deleted file mode 100644
index 885a54e3..00000000
--- a/config/zabbix-agent/zabbix-agent.xml
+++ /dev/null
@@ -1,263 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<packagegui>
- <name>zabbixagent</name>
- <title>Services: Zabbix Agent</title>
- <category>Monitoring</category>
- <version>1.1</version>
- <addedit_string>Zabbix Agent has been created/modified.</addedit_string>
- <delete_string>Zabbix Agent has been deleted.</delete_string>
- <restart_command>/usr/local/etc/rc.d/zabbix_agentd.sh restart</restart_command>
- <menu>
- <name>Zabbix Agent</name>
- <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
- <section>Services</section>
- <url>/pkg_edit.php?xml=zabbix-agent.xml&amp;id=0</url>
- </menu>
- <service>
- <name>zabbix_agentd</name>
- <rcfile>zabbix_agentd.sh</rcfile>
- <executable>zabbix_agentd</executable>
- <description>Zabbix Agent host monitor daemon</description>
- </service>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=zabbix-agent.xml&amp;id=0</url>
- <active />
- </tab>
- </tabs>
- <fields>
- <field>
- <fielddescr>Server</fielddescr>
- <fieldname>server</fieldname>
- <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
- <value>127.0.0.1</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Server Port</fielddescr>
- <fieldname>serverport</fieldname>
- <description>Server port for sending active check (generally 10051)</description>
- <value>10051</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Hostname</fielddescr>
- <fieldname>hostname</fieldname>
- <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description>
- <value>localhost</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Listen IP</fielddescr>
- <fieldname>listenip</fieldname>
- <value>0.0.0.0</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- <description>Listen IP for connections from the server (generally 0.0.0.0 for all interfaces)</description>
- </field>
- <field>
- <fielddescr>Listen Port</fielddescr>
- <fieldname>listenport</fieldname>
- <value>10050</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- <description>Listen port for connections from the server (generally 10050)</description>
- </field>
- <field>
- <fielddescr>Refresh Active Checks</fielddescr>
- <fieldname>refreshactchecks</fieldname>
- <value>120</value>
- <type>input</type>
- <size>60</size>
- <required>false</required>
- <description>The agent will refresh list of active checks once per 120 (default) seconds.</description>
- </field>
- <field>
- <fielddescr>Timeout</fielddescr>
- <fieldname>timeout</fieldname>
- <value>3</value>
- <type>input</type>
- <size>60</size>
- <required>true</required>
- <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-255). The agent does not kill timeouted User Parameters processes!</description>
- </field>
- <field>
- <fielddescr>Disable active checks</fielddescr>
- <fieldname>disableactive</fieldname>
- <type>checkbox</type>
- <description>The agent will work only in passive mode listening for server. (generally net set)</description>
- </field>
- <field>
- <fielddescr>Disable passive checks</fielddescr>
- <fieldname>disablepassive</fieldname>
- <type>checkbox</type>
- <description>The agent will not listen on any TCP port. Only active checks will be processed. (generally not set)</description>
- </field>
- <field>
- <fielddescr>User Parameters</fielddescr>
- <fieldname>userparams</fieldname>
- <encoding>base64</encoding>
- <value></value>
- <type>textarea</type>
- <rows>5</rows>
- <cols>50</cols>
- <required>false</required>
- <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l &lt;br&gt;&lt;a href="https://www.zabbix.com/documentation/1.8/manual/tutorials/extending_agent" target="_new"&gt;See zabbix documentation for more information&lt;a&gt;</description>
- </field>
- </fields>
- <custom_php_install_command>
- <![CDATA[
- global $config, $g;
-
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
- switch ($pfs_version) {
- case "1.2":
- case "2.0":
- define('ZABBIX_AGENT_BASE','/usr/local');
- break;
- default:
- define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix-agent-' . php_uname("m"));
- }
-
- mwexec("mkdir -p /var/log/zabbix/");
- mwexec("mkdir -p /var/run/zabbix/");
-
- conf_mount_rw();
-
- /* create a few directories and ensure the sample files are in place */
- exec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix");
- exec("/bin/mkdir -p /var/log/zabbix");
- exec("/bin/mkdir -p /var/run/zabbix");
-
- exec("/bin/rm -f " . ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd");
-
- $start = "/bin/mkdir -p /var/log/zabbix\n";
- $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix\n";
-
- $start .= "/bin/mkdir -p /var/run/zabbix\n";
- $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix\n";
-
- $start .= "echo \"Starting Zabbix Agent\"...\n";
-
- /* start zabbix agent */
- $start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n";
-
- $stop = "echo \"Stopping Zabbix Agent\"\n";
- $stop .= "/usr/bin/killall zabbix_agentd\n";
- /* write out rc.d start/stop file */
- write_rcfile(array(
- "file" => "zabbix_agentd.sh",
- "start" => "{$start}",
- "restart" => "$stop\n" . "sleep 5\n" . "{$start}",
- "stop" => "$stop"
- )
- );
-
- conf_mount_ro();
- ]]>
- </custom_php_install_command>
- <custom_php_command_before_form></custom_php_command_before_form>
- <custom_php_after_head_command></custom_php_after_head_command>
- <custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>
- <![CDATA[
- global $_POST;
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
- switch ($pfs_version) {
- case "1.2":
- case "2.0":
- define('ZABBIX_AGENT_BASE','/usr/local');
- break;
- default:
- define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix-agent-' . php_uname("m"));
- }
-
- $ListenIP=$_POST['listenip'];
- if (!preg_match("/^(?:\d{1,3}\.){3}\d{1,3}$/", $ListenIP)) {
- $input_errors[]='Listen IP is not an IP address.';
- }
-
- $ListenPort=$_POST['listenport'];
- if (!preg_match("/^\d+$/", $ListenPort)) {
- $input_errors[]='Listen Port is not numeric.';
- }
-
- $ServerPort=$_POST['serverport'];
- if (!preg_match("/^\d+$/", $ServerPort)) {
- $input_errors[]='Server Port is not numeric.';
- }
-
- $RefreshActiveChecks=$_POST['refreshactchecks'];
- if (!preg_match("/^\d+$/", $RefreshActiveChecks)) {
- $input_errors[]='Refresh Active Checks is not numeric.';
- }
-
- $Timeout=$_POST['timeout'];
- if (!preg_match("/^\d+$/", $Timeout)) {
- $input_errors[]='Timeout is not numeric.';
- }
- ]]>
- </custom_php_validation_command>
- <custom_add_php_command></custom_add_php_command>
- <custom_php_resync_config_command>
- <![CDATA[
- conf_mount_rw();
- global $config;
- global $g;
-
- $Server=$config['installedpackages']['zabbixagent']['config'][0]['server'];
- $ServerPort=$config['installedpackages']['zabbixagent']['config'][0]['serverport'];
- $Hostname=$config['installedpackages']['zabbixagent']['config'][0]['hostname'];
- $ListenIP=$config['installedpackages']['zabbixagent']['config'][0]['listenip'];
- $ListenPort=$config['installedpackages']['zabbixagent']['config'][0]['listenport'];
- $RefreshActChecks=$config['installedpackages']['zabbixagent']['config'][0]['refreshactchecks'];
- $Timeout=$config['installedpackages']['zabbixagent']['config'][0]['timeout'];
- $DisableActive=$config['installedpackages']['zabbixagent']['config'][0]['disableactive'];
- $DisablePassive=$config['installedpackages']['zabbixagent']['config'][0]['disablepassive'];
- $UserParams=base64_decode($config['installedpackages']['zabbixagent']['config'][0]['userparams']);
-
- $conf = "Server=$Server\n";
- $conf .= "ServerPort=$ServerPort\n";
- $conf .= "Hostname=$Hostname\n";
- $conf .= "ListenIP=$ListenIP\n";
- $conf .= "ListenPort=$ListenPort\n";
- $conf .= "StartAgents=5\n";
- $conf .= "RefreshActiveChecks=$RefreshActChecks\n";
- $conf .= "DebugLevel=3\n";
- $conf .= "PidFile=/var/run/zabbix/zabbix_agentd.pid\n";
- $conf .= "LogFile=/var/log/zabbix/zabbix_agentd.log\n";
- $conf .= "LogFileSize=1\n";
- $conf .= "Timeout=$Timeout\n";
- if (isset($DisableActive) && ($DisableActive == "on")) {
- $conf .= "DisableActive=1\n";
- }
- if (isset($DisablePassive) && ($DisablePassive == "on")) {
- $conf .= "DisablePassive=1\n";
- }
- $conf .= "$UserParams\n";
-
- file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix/zabbix_agentd.conf", $conf);
- conf_mount_ro();
-
- ]]>
- </custom_php_resync_config_command>
- <custom_php_deinstall_command>
- <![CDATA[
- exec("/usr/bin/killall zabbix_agentd");
-
- exec("/bin/rm " . ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd.sh");
-
- exec("/bin/rm -r /var/log/zabbix/");
- exec("/bin/rm -r /var/run/zabbix/");
- ]]>
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc b/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc
new file mode 100644
index 00000000..c6d30f65
--- /dev/null
+++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ zabbix-proxy-lts.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-zabbix-proxy-lts'] = array();
+$priv_list['page-services-zabbix-proxy-lts']['name'] = "WebCfg - Services: Zabbix Proxy LTS package";
+$priv_list['page-services-zabbix-proxy-lts']['descr'] = "Allow access to Zabbix Proxy LTS package GUI";
+
+$priv_list['page-services-zabbix-proxy-lts']['match'] = array();
+$priv_list['page-services-zabbix-proxy-lts']['match'][] = "pkg_edit.php?xml=zabbix-proxy-lts.xml*";
+
+?>
diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml
index 27092e59..f2e74265 100644
--- a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml
+++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml
@@ -45,7 +45,7 @@
<name>zabbixproxylts</name>
<title>Services: Zabbix Proxy LTS</title>
<category>Monitoring</category>
- <version>0.8.6</version>
+ <version>0.8.8</version>
<include_file>/usr/local/pkg/zabbix-proxy-lts.inc</include_file>
<addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
<delete_string>Zabbix Proxy has been deleted.</delete_string>
@@ -53,6 +53,10 @@
<item>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
<menu>
<name>Zabbix Proxy LTS</name>
<tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext>
diff --git a/config/zabbix-proxy/zabbix-proxy.xml b/config/zabbix-proxy/zabbix-proxy.xml
deleted file mode 100644
index 19930b49..00000000
--- a/config/zabbix-proxy/zabbix-proxy.xml
+++ /dev/null
@@ -1,250 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<packagegui>
- <name>zabbixproxy</name>
- <title>Services: Zabbix Proxy</title>
- <category>Monitoring</category>
- <version>1.1</version>
- <addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
- <delete_string>Zabbix Proxy has been deleted.</delete_string>
- <restart_command>/usr/local/etc/rc.d/zabbix_proxy.sh restart</restart_command>
- <menu>
- <name>Zabbix Proxy</name>
- <tooltiptext>Setup Zabbix Proxy specific settings</tooltiptext>
- <section>Services</section>
- <url>/pkg_edit.php?xml=zabbix-proxy.xml&amp;id=0</url>
- </menu>
- <service>
- <name>zabbix-proxy</name>
- <rcfile>zabbix-proxy.sh</rcfile>
- <executable>zabbix_proxy</executable>
- <description>Zabbix proxy collection daemon</description>
- </service>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=zabbix-proxy.xml&amp;id=0</url>
- <active />
- </tab>
- </tabs>
- <fields>
- <field>
- <fielddescr>Server</fielddescr>
- <fieldname>server</fieldname>
- <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
- <default_value>127.0.0.1</default_value>
- <type>input</type>
- <size>100</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Server Port</fielddescr>
- <fieldname>serverport</fieldname>
- <description>Server port (generally 10051)</description>
- <default_value>10051</default_value>
- <type>input</type>
- <size>6</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Hostname</fielddescr>
- <fieldname>hostname</fieldname>
- <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description>
- <default_value>localhost</default_value>
- <type>input</type>
- <size>100</size>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Active Mode</fielddescr>
- <fieldname>activemode</fieldname>
- <description>Check to run Zabbix proxy in active mode (default)</description>
- <default_value>on</default_value>
- <type>checkbox</type>
- <required>true</required>
- </field>
- <field>
- <fielddescr>Config Frequency</fielddescr>
- <fieldname>configfrequency</fieldname>
- <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description>
- <default_value>3600</default_value>
- <type>input</type>
- <size>10</size>
- <required>true</required>
- </field>
- </fields>
- <custom_php_install_command>
- <![CDATA[
- global $config, $g;
-
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
- switch ($pfs_version) {
- case "1.2":
- case "2.0":
- define('ZABBIX_PROXY_BASE', '/usr/local');
- break;
- default:
- define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix-proxy-' . php_uname("m"));
- }
-
- mwexec("mkdir -p /var/log/zabbix/");
- mwexec("mkdir -p /var/run/zabbix/");
- mwexec("mkdir -p /var/db/zabbix/");
-
- conf_mount_rw();
-
- /* create a few directories and ensure the sample files are in place */
- exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix");
- exec("/bin/mkdir -p /var/log/zabbix");
- exec("/bin/mkdir -p /var/run/zabbix");
- exec("/bin/mkdir -p /var/db/zabbix");
-
- exec("/bin/rm -f " . ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy");
-
- $start = "/bin/mkdir -p /var/log/zabbix\n";
- $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix\n";
-
- $start .= "/bin/mkdir -p /var/run/zabbix\n";
- $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix\n";
-
- $start .= "/bin/mkdir -p /var/db/zabbix\n";
- $start .= "/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix\n";
-
- $start .= "echo \"Starting Zabbix Proxy\"...\n";
-
- /* start zabbix proxy */
- $start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
-
- $stop = "echo \"Stopping Zabbix Proxy\"\n";
- $stop .= "kill `cat /var/run/zabbix/zabbix_proxy.pid`\n";
- /* write out rc.d start/stop file */
- write_rcfile(array(
- "file" => "zabbix_proxy.sh",
- "start" => "{$start}",
- "restart" => "$stop\n" . "sleep 5\n" . "{$start}",
- "stop" => "$stop"
- )
- );
-
- conf_mount_ro();
- ]]>
- </custom_php_install_command>
- <custom_php_command_before_form></custom_php_command_before_form>
- <custom_php_after_head_command></custom_php_after_head_command>
- <custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>
- <![CDATA[
- global $_POST;
-
- $ServerPort=$_POST['serverport'];
- if (!preg_match("/^\d+$/", $ServerPort)) {
- $input_errors[]='Server Port is not numeric.';
- }
-
- $ConfigFrequency=$_POST['configfrequency'];
- if (!preg_match("/^\d+$/", $ConfigFrequency)) {
- $input_errors[]='Config Frequency is not numeric.';
- }
- ]]>
- </custom_php_validation_command>
- <custom_add_php_command></custom_add_php_command>
- <custom_php_resync_config_command>
- <![CDATA[
- conf_mount_rw();
- global $config, $g;
-
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
- switch ($pfs_version) {
- case "1.2":
- case "2.0":
- define('ZABBIX_PROXY_BASE', '/usr/local');
- break;
- default:
- define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix-proxy-' . php_uname("m"));
- }
-
- $zabbixproxy_config = $config['installedpackages']['zabbixproxy']['config'][0];
-
- $Server=$zabbixproxy_config['server'];
- $ServerPort=$zabbixproxy_config['serverport'];
- $Hostname=$zabbixproxy_config['hostname'];
- $ListenPort=$zabbixproxy_config['listenport'];
- $ConfigFrequency=$zabbixproxy_config['configfrequency'];
- if(isset($zabbixproxy_config['activemode'])) {
- $Mode="0"; /* active */
- } else {
- $Mode="1"; /* passive */
- }
-
- $conf = "Server=$Server\n";
- $conf .= "ServerPort=$ServerPort\n";
- $conf .= "Hostname=$Hostname\n";
- $conf .= "PidFile=/var/run/zabbix/zabbix_proxy.pid\n";
- $conf .= "DBName=/var/db/zabbix/proxy.db\n";
- $conf .= "LogFile=/var/log/zabbix/zabbix_proxy.log\n";
- $conf .= "ConfigFrequency=$ConfigFrequency\n";
- $conf .= "FpingLocation=/usr/local/sbin/fping\n";
- /* there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin */
- $conf .= "Fping6Location=/usr/local/sbin/fping6\n";
- $conf .= "ProxyMode=$Mode\n";
-
- file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix/zabbix_proxy.conf", $conf);
-
- $want_sysctls = array(
- 'kern.ipc.shmall' => '2097152',
- 'kern.ipc.shmmax' => '2147483648',
- 'kern.ipc.semmsl' => '250'
- );
- $sysctls = array();
- if (file_exists("/etc/sysctl.conf")) {
- $sc = file_get_contents("/etc/sysctl.conf");
- $sc = explode("\n", $sc);
- foreach ($sc as $num => $line) {
- list($sysctl, $val) = explode("=", $line, 2);
- if (array_key_exists($sysctl, $want_sysctls) || empty($sysctl))
- unset($sc[$num]);
- }
- }
- foreach ($want_sysctls as $ws => $wv) {
- $sc[] = "{$ws}={$wv}";
- exec("/sbin/sysctl {$ws}={$wv}");
- }
- file_put_contents("/etc/sysctl.conf", implode("\n", $sc) . "\n");
-
- $want_tunables = array(
- 'kern.ipc.semopm' => '100',
- 'kern.ipc.semmni' => '128',
- 'kern.ipc.semmns' => '32000',
- 'kern.ipc.shmmni' => '4096'
- );
- $tunables = array();
- if (file_exists("/boot/loader.conf")) {
- $lt = file_get_contents("/boot/loader.conf");
- $lt = explode("\n", $lt);
- foreach ($lt as $num => $line) {
- list($tunable, $val) = explode("=", $line, 2);
- if (array_key_exists($tunable, $want_tunables) || empty($tunable))
- unset($lt[$num]);
- }
- }
- foreach ($want_tunables as $wt => $wv) {
- $lt[] = "{$wt}={$wv}";
- }
- file_put_contents("/boot/loader.conf", implode("\n", $lt) . "\n");
- chmod("/var/log/zabbix", 0755);
- chmod("/var/run/zabbix", 0755);
- conf_mount_ro();
-
- ]]>
- </custom_php_resync_config_command>
- <custom_php_deinstall_command>
- <![CDATA[
- exec("kill `cat /var/run/zabbix/zabbix_proxy.pid`");
-
- exec("/bin/rm " . ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy.sh");
-
- exec("/bin/rm -r /var/log/zabbix/");
- exec("/bin/rm -r /var/run/zabbix/");
- exec("/bin/rm -r /var/db/zabbix/");
- ]]>
- </custom_php_deinstall_command>
-</packagegui> \ No newline at end of file
diff --git a/config/zabbix2/zabbix2-agent.priv.inc b/config/zabbix2/zabbix2-agent.priv.inc
new file mode 100644
index 00000000..bdd3543d
--- /dev/null
+++ b/config/zabbix2/zabbix2-agent.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ zabbix2-agent.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-zabbix2-agent'] = array();
+$priv_list['page-services-zabbix2-agent']['name'] = "WebCfg - Services: Zabbix-2 Agent package";
+$priv_list['page-services-zabbix2-agent']['descr'] = "Allow access to Zabbix-2 Agent package GUI";
+
+$priv_list['page-services-zabbix2-agent']['match'] = array();
+$priv_list['page-services-zabbix2-agent']['match'][] = "pkg_edit.php?xml=zabbix2-agent.xml*";
+
+?>
diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml
index 3d2400ad..e02caefc 100644
--- a/config/zabbix2/zabbix2-agent.xml
+++ b/config/zabbix2/zabbix2-agent.xml
@@ -1,47 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
-<copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
- zabbix2-agent.xml
- part of the Zabbix package for pfSense
- Copyright (C) 2013 Danilo G. Baio
+ zabbix2-agent.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Danilo G. Baio
Copyright (C) 2013 Marcello Coutinho
-
- All rights reserved.
- */
-/* ========================================================================== */
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+*/
+/* ====================================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
]]>
</copyright>
<name>zabbixagent</name>
<title>Services: Zabbix-2 Agent</title>
<category>Monitoring</category>
- <version>0.8.3</version>
+ <version>0.8.4</version>
<include_file>/usr/local/pkg/zabbix2.inc</include_file>
<addedit_string>Zabbix Agent has been created/modified.</addedit_string>
<delete_string>Zabbix Agent has been deleted.</delete_string>
@@ -49,7 +53,10 @@
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
<prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
</additional_files_needed>
<menu>
<name>Zabbix-2 Agent</name>
@@ -61,7 +68,7 @@
<name>zabbix_agentd</name>
<rcfile>zabbix2_agentd.sh</rcfile>
<executable>zabbix_agentd</executable>
- <description>Zabbix Agent host monitor daemon</description>
+ <description>Zabbix Agent Host Monitor Daemon</description>
</service>
<tabs>
<tab>
@@ -70,6 +77,7 @@
<active />
</tab>
</tabs>
+ <advanced_options>enabled</advanced_options>
<fields>
<field>
<name>Zabbix2 Agent Settings</name>
@@ -78,27 +86,27 @@
<field>
<fielddescr>Enable</fielddescr>
<fieldname>agentenabled</fieldname>
- <description>Enable Zabbix2 Agent service</description>
+ <description>Enable Zabbix2 Agent service.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Server</fielddescr>
<fieldname>server</fieldname>
- <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <description>List of comma delimited IP addresses (or hostnames) of Zabbix servers.</description>
<type>input</type>
<size>60</size>
</field>
<field>
<fielddescr>Server Active</fielddescr>
<fieldname>serveractive</fieldname>
- <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description>
+ <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.</description>
<type>input</type>
<size>60</size>
</field>
<field>
<fielddescr>Hostname</fielddescr>
<fieldname>hostname</fieldname>
- <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description>
+ <description>Unique, case sensitive hostname. Required for active checks and must match hostname as configured on the Zabbix server.</description>
<type>input</type>
<size>60</size>
</field>
@@ -108,7 +116,7 @@
<default_value>0.0.0.0</default_value>
<type>input</type>
<size>60</size>
- <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description>
+ <description>Listen IP for connections from the server. (Default: 0.0.0.0 - all interfaces)</description>
</field>
<field>
<fielddescr>Listen Port</fielddescr>
@@ -116,7 +124,7 @@
<default_value>10050</default_value>
<type>input</type>
<size>5</size>
- <description>Listen port for connections from the server (default 10050)</description>
+ <description>Listen port for connections from the server. (Default: 10050)</description>
</field>
<field>
<fielddescr>Refresh Active Checks</fielddescr>
@@ -124,7 +132,7 @@
<default_value>120</default_value>
<type>input</type>
<size>5</size>
- <description>The agent will refresh list of active checks once per 120 (default) seconds.</description>
+ <description>The agent will refresh list of active checks once per this number of seconds. (Default: 120)</description>
</field>
<field>
<fielddescr>Timeout</fielddescr>
@@ -132,7 +140,13 @@
<default_value>3</default_value>
<type>input</type>
<size>5</size>
- <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description>
+ <description>
+ <![CDATA[
+ Do not spend more that N seconds on getting requested value.<br />
+ Note: The agent does not kill timeouted User Parameters processes!<br />
+ (Default: 3. Valid range: 1-30)
+ ]]>
+ </description>
</field>
<field>
<fielddescr>Buffer Send</fielddescr>
@@ -140,7 +154,12 @@
<default_value>5</default_value>
<type>input</type>
<size>5</size>
- <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description>
+ <description>
+ <![CDATA[
+ Do not keep data longer than N seconds in buffer.<br />
+ (Default: 5. Valid range: 1-3600)
+ ]]>
+ </description>
</field>
<field>
<fielddescr>Buffer Size</fielddescr>
@@ -148,7 +167,12 @@
<default_value>100</default_value>
<type>input</type>
<size>5</size>
- <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description>
+ <description>
+ <![CDATA[
+ Maximum number of values in the memory buffer. The agent will send all collected data to Zabbix server or proxy if the buffer is full.<br />
+ (Default: 100. Valid range: 2-65535)
+ ]]>
+ </description>
</field>
<field>
<fielddescr>Start Agents</fielddescr>
@@ -156,7 +180,13 @@
<default_value>3</default_value>
<type>input</type>
<size>5</size>
- <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description>
+ <description>
+ <![CDATA[
+ Number of pre-forked instances of zabbix_agentd that process passive checks.<br />
+ Note: Setting to 0 disables passive checks and the agent will not listen on any TCP port.<br />
+ (Default: 3. Valid range: 0-100)
+ ]]>
+ </description>
</field>
<field>
<fielddescr>User Parameters</fielddescr>
@@ -165,15 +195,25 @@
<type>textarea</type>
<rows>5</rows>
<cols>50</cols>
- <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description>
+ <description>
+ <![CDATA[
+ User-defined parameter(s) to monitor. There can be multiple user-defined parameters.<br />
+ Example: <em>UserParameter=users,who|wc -l</em>
+ ]]>
+ </description>
+ <advancedfield/>
</field>
</fields>
- <custom_php_install_command>sync_package_zabbix2();</custom_php_install_command>
- <custom_php_command_before_form></custom_php_command_before_form>
- <custom_php_after_head_command></custom_php_after_head_command>
- <custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command>
- <custom_add_php_command></custom_add_php_command>
- <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command>
- <custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command>
+ <custom_php_install_command>
+ sync_package_zabbix2();
+ </custom_php_install_command>
+ <custom_php_validation_command>
+ validate_input_zabbix2($_POST, $input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_zabbix2();
+ </custom_php_resync_config_command>
+ <custom_php_deinstall_command>
+ php_deinstall_zabbix2_agent();
+ </custom_php_deinstall_command>
</packagegui>
diff --git a/config/zabbix2/zabbix2-proxy.priv.inc b/config/zabbix2/zabbix2-proxy.priv.inc
new file mode 100644
index 00000000..f3bfc5e1
--- /dev/null
+++ b/config/zabbix2/zabbix2-proxy.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ zabbix2-proxy.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-zabbix2-proxy'] = array();
+$priv_list['page-services-zabbix2-proxy']['name'] = "WebCfg - Services: Zabbix-2 Proxy package";
+$priv_list['page-services-zabbix2-proxy']['descr'] = "Allow access to Zabbix-2 Proxy package GUI";
+
+$priv_list['page-services-zabbix2-proxy']['match'] = array();
+$priv_list['page-services-zabbix2-proxy']['match'][] = "pkg_edit.php?xml=zabbix2-proxy.xml*";
+
+?>
diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml
index 00d9b106..398c3df4 100644
--- a/config/zabbix2/zabbix2-proxy.xml
+++ b/config/zabbix2/zabbix2-proxy.xml
@@ -1,47 +1,51 @@
<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
-<copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
- zabbix2-proxy.xml
- part of the Zabbix package for pfSense
- Copyright (C) 2013 Danilo G. Baio
- Copyright (C) 2013 Marcello Coutinho
-
- All rights reserved.
- */
-/* ========================================================================== */
+ zabbix2-proxy.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+*/
+/* ====================================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
]]>
</copyright>
<name>zabbixproxy</name>
<title>Services: Zabbix-2 Proxy</title>
<category>Monitoring</category>
- <version>0.8.3</version>
+ <version>0.8.4</version>
<include_file>/usr/local/pkg/zabbix2.inc</include_file>
<addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
<delete_string>Zabbix Proxy has been deleted.</delete_string>
@@ -49,7 +53,10 @@
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
<prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
</additional_files_needed>
<menu>
<name>Zabbix-2 Proxy</name>
@@ -61,7 +68,7 @@
<name>zabbix_proxy</name>
<rcfile>zabbix2_proxy.sh</rcfile>
<executable>zabbix_proxy</executable>
- <description>Zabbix proxy collection daemon</description>
+ <description>Zabbix Proxy Collection Daemon</description>
</service>
<tabs>
<tab>
@@ -70,6 +77,7 @@
<active />
</tab>
</tabs>
+ <advanced_options>enabled</advanced_options>
<fields>
<field>
<name>Zabbix2 Proxy Settings</name>
@@ -78,31 +86,31 @@
<field>
<fielddescr>Enable</fielddescr>
<fieldname>proxyenabled</fieldname>
- <description>Enable Zabbix2 Proxy service</description>
+ <description>Enable Zabbix2 Proxy service.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Server</fielddescr>
<fieldname>server</fieldname>
- <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <description>List of comma delimited IP addresses (or hostnames) of Zabbix servers.</description>
<default_value>127.0.0.1</default_value>
<type>input</type>
<size>60</size>
<required>true</required>
</field>
<field>
- <fielddescr>Server Port</fielddescr>
- <fieldname>serverport</fieldname>
- <description>Port of Zabbix trapper on Zabbix server. default value 10051</description>
- <default_value>10051</default_value>
- <type>input</type>
- <size>6</size>
- <required>true</required>
+ <fielddescr>Server Port</fielddescr>
+ <fieldname>serverport</fieldname>
+ <description>Port of Zabbix trapper on Zabbix server. (Default: 10051)</description>
+ <default_value>10051</default_value>
+ <type>input</type>
+ <size>6</size>
+ <required>true</required>
</field>
<field>
<fielddescr>Hostname</fielddescr>
<fieldname>hostname</fieldname>
- <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description>
+ <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server.</description>
<default_value>localhost</default_value>
<type>input</type>
<size>50</size>
@@ -111,7 +119,7 @@
<field>
<fielddescr>Proxy Mode</fielddescr>
<fieldname>proxymode</fieldname>
- <description>Select Zabbix proxy mode (Active is default)</description>
+ <description>Select Zabbix proxy mode. (Default: Active)</description>
<type>select</type>
<default_value>0</default_value>
<options>
@@ -136,15 +144,20 @@
<type>textarea</type>
<rows>5</rows>
<cols>50</cols>
- <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description>
+ <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Example: StartDiscoverers=10</description>
+ <advancedfield/>
</field>
</fields>
- <custom_php_install_command>sync_package_zabbix2();</custom_php_install_command>
- <custom_php_command_before_form></custom_php_command_before_form>
- <custom_php_after_head_command></custom_php_after_head_command>
- <custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command>
- <custom_add_php_command></custom_add_php_command>
- <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command>
- <custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command>
+ <custom_php_install_command>
+ sync_package_zabbix2();
+ </custom_php_install_command>
+ <custom_php_validation_command>
+ validate_input_zabbix2($_POST, $input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_zabbix2();
+ </custom_php_resync_config_command>
+ <custom_php_deinstall_command>
+ php_deinstall_zabbix2_proxy();
+ </custom_php_deinstall_command>
</packagegui>
diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc
index 77f1d6e1..9b5f3ed3 100644
--- a/config/zabbix2/zabbix2.inc
+++ b/config/zabbix2/zabbix2.inc
@@ -1,205 +1,213 @@
<?php
-/* $Id$ */
-/* ========================================================================== */
/*
- zabbix2.inc
- part of the Zabbix package for pfSense
- Copyright (C) 2013 Danilo G. Baio
- Copyright (C) 2013 Marcello Coutinho
-
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
+ zabbix2.inc
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
require_once("util.inc");
require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("globals.inc");
-function php_install_zabbix2(){
- sync_package_zabbix2();
+function php_zabbix2_pfs_version() {
+ $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ return $pfs_version;
}
-function php_deinstall_zabbix2_agent(){
- global $config, $g;
-
- conf_mount_rw();
- $pfs_version = php_zabbix2_pfs_version();
- $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
-
- if ($pfs_version > 2.0){
- define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m"));
- } else {
- define('ZABBIX_AGENT_BASE', '/usr/local');
- }
-
- exec("/usr/bin/killall zabbix_agentd");
- unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix2_agentd.sh");
- unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf");
- unlink_if_exists("/var/log/zabbix2/zabbix2_agentd.log");
- unlink_if_exists("/var/run/zabbix2/zabbix2_agentd.pid");
-
- if (!is_array($config['installedpackages']['zabbixproxy'])){
- if (is_dir("/var/log/zabbix2"))
- exec("/bin/rm -r /var/log/zabbix2/");
- if (is_dir("/var/run/zabbix2"))
- exec("/bin/rm -r /var/run/zabbix2/");
- }
-
- conf_mount_ro();
+function php_zabbix2_pkg_base($pfs_version) {
+ if ($pfs_version >= 2.2) {
+ // pfSense 2.2 with zabbix 2.4
+ $zabbix2_pkg_base = "zabbix24";
+ } else {
+ // pfSense 2.1 with zabbix 2.2
+ $zabbix2_pkg_base = "zabbix22";
+ }
+ return $zabbix2_pkg_base;
}
-function php_deinstall_zabbix2_proxy(){
- global $config, $g;
-
- conf_mount_rw();
- $pfs_version = php_zabbix2_pfs_version();
- $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
+function php_deinstall_zabbix2_agent() {
+ global $config, $g;
- if ($pfs_version > 2.0){
- define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
- } else {
- define('ZABBIX_PROXY_BASE', '/usr/local');
- }
+ $pfs_version = php_zabbix2_pfs_version();
+ $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
- exec("/usr/bin/killall zabbix_proxy");
- unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix2_proxy.sh");
- unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf");
- unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log");
- unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid");
+ if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+ define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m"));
+ } else {
+ define('ZABBIX_AGENT_BASE', '/usr/local');
+ }
- if (!is_array($config['installedpackages']['zabbixagent'])){
- if (is_dir("/var/log/zabbix2"))
- exec("/bin/rm -r /var/log/zabbix2/");
- if (is_dir("/var/run/zabbix2"))
- exec("/bin/rm -r /var/run/zabbix2/");
- }
+ mwexec("/usr/bin/killall zabbix_agentd");
- if (is_dir("/var/db/zabbix2"))
- exec("/bin/rm -r /var/db/zabbix2/");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf");
+ unlink_if_exists("/var/log/zabbix2/zabbix2_agentd.log");
+ unlink_if_exists("/var/run/zabbix2/zabbix2_agentd.pid");
- conf_mount_ro();
+ if (!is_array($config['installedpackages']['zabbixproxy'])) {
+ if (is_dir("/var/log/zabbix2")) {
+ mwexec("/bin/rm -rf /var/log/zabbix2/");
+ }
+ if (is_dir("/var/run/zabbix2")) {
+ mwexec("/bin/rm -rf /var/run/zabbix2/");
+ }
+ }
}
-function validate_input_zabbix2($post, &$input_errors){
+function php_deinstall_zabbix2_proxy() {
+ global $config, $g;
+
+ $pfs_version = php_zabbix2_pfs_version();
+ $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
+
+ if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+ define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
+ } else {
+ define('ZABBIX_PROXY_BASE', '/usr/local');
+ }
+
+ exec("/usr/bin/killall zabbix_proxy");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf");
+ unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log");
+ unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid");
+
+ if (!is_array($config['installedpackages']['zabbixagent'])) {
+ if (is_dir("/var/log/zabbix2")) {
+ exec("/bin/rm -r /var/log/zabbix2/");
+ }
+ if (is_dir("/var/run/zabbix2")) {
+ exec("/bin/rm -r /var/run/zabbix2/");
+ }
+ }
- if (isset($post['proxyenabled'])){
+ if (is_dir("/var/db/zabbix2")) {
+ exec("/bin/rm -r /var/db/zabbix2/");
+ }
+}
+
+function validate_input_zabbix2($post, &$input_errors) {
+ if (isset($post['proxyenabled'])) {
if (!is_numericint($post['serverport'])) {
- $input_errors[]='Server Port is not numeric.'.$ServerPort;
- }
-
+ $input_errors[] = "'Server Port' value is not numeric.";
+ } elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) {
+ $input_errors[] = "You must enter a valid value for 'Server Port'.";
+ }
+
if (!is_numericint($post['configfrequency'])) {
- $input_errors[]='Config Frequency is not numeric.';
- }
+ $input_errors[] = "'Config Frequency' value is not numeric.";
}
- if (isset($post['agentenabled'])){
+ }
+
+ if (isset($post['agentenabled'])) {
if (!preg_match("/\w+/", $post['server'])) {
- $input_errors[]='Server field is required.';
- }
-
+ $input_errors[] = "Server field is required.";
+ }
+
if (!preg_match("/\w+/", $post['hostname'])) {
- $input_errors[]='Hostname field is required.';
- }
-
+ $input_errors[] = "Hostname field is required.";
+ }
+
if ($post['listenip'] != '') {
- if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) {
- $input_errors[]='Listen IP is not a configured IP address.';
+ if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/", $post['listenip'])) {
+ $input_errors[] = "'Listen IP' is not a configured IP address.";
}
}
if ($post['listenport'] != '') {
- if (!preg_match("/^\d+$/", $post['listenport'])) {
- $input_errors[]='Listen Port is not numeric.';
- }
+ if (!is_numericint($post['listenport'])) {
+ $input_errors[] = "'Listen Port' value is not numeric.";
+ } elseif ($post['listenport'] < 1 || $post['listenport'] > 65535) {
+ $input_errors[] = "You must enter a valid value for 'Listen Port'.";
+ }
}
if ($post['refreshactchecks'] != '') {
- if (!preg_match("/^\d+$/", $post['refreshactchecks'])) {
- $input_errors[]='Refresh Active Checks is not numeric.';
- } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) {
- $input_errors[]='You must enter a valid value for \'Refresh Active Checks\'';
+ if (!is_numericint($post['refreshactchecks'])) {
+ $input_errors[] = "'Refresh Active Checks' value is not numeric.";
+ } elseif ($post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600) {
+ $input_errors[] = "You must enter a valid value for 'Refresh Active Checks'.";
}
}
if ($post['timeout'] != '') {
if (!is_numericint($post['timeout'])) {
- $input_errors[]='Timeout is not numeric.';
- } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) {
- $input_errors[]='You must enter a valid value for \'Timeout\'';
+ $input_errors[] = "Timeout value is not numeric.";
+ } elseif ($post['timeout'] < 1 || $post['timeout'] > 30) {
+ $input_errors[] = "You must enter a valid value for 'Timeout'.";
}
}
-
+
if ($post['buffersend'] != '') {
if (!is_numericint($post['buffersend'])) {
- $input_errors[]='Buffer Send is not numeric.';
- } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) {
- $input_errors[]='You must enter a valid value for \'Buffer Send\'';
+ $input_errors[] = "'Buffer Send' value is not numeric.";
+ } elseif ($post['buffersend'] < 1 || $post['buffersend'] > 3600) {
+ $input_errors[] = "You must enter a valid value for 'Buffer Send'.";
}
}
-
+
if ($post['buffersize'] != '') {
if (!is_numericint($post['buffersize'])) {
- $input_errors[]='Bufer Size is not numeric.';
- } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) {
- $input_errors[]='You must enter a valid value for \'Buffer Size\'';
+ $input_errors[] = "'Buffer Size' value is not numeric.";
+ } elseif ($post['buffersize'] < 2 || $post['buffersize'] > 65535) {
+ $input_errors[] = "You must enter a valid value for 'Buffer Size'.";
}
}
-
+
if ($post['startagents'] != '') {
if (!is_numericint($post['startagents'])) {
$input_errors[]='Start Agents is not numeric.';
- } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) {
- $input_errors[]='You must enter a valid value for \'Start Agents\'';
+ } elseif ($post['startagents'] < 0 || $post['startagents'] > 100) {
+ $input_errors[] = "You must enter a valid value for 'Start Agents'.";
}
}
- }
+ }
}
-function sync_package_zabbix2(){
+function sync_package_zabbix2() {
global $config, $g;
conf_mount_rw();
$pfs_version = php_zabbix2_pfs_version();
$zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
- if ($pfs_version > 2.0){
+ if ($pfs_version == "2.1" || $pfs_version == "2.2") {
define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m"));
define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
- }
- else {
+ } else {
define('ZABBIX_AGENT_BASE', '/usr/local');
define('ZABBIX_PROXY_BASE', '/usr/local');
}
- #check zabbix proxy config
- if (is_array($config['installedpackages']['zabbixproxy'])){
+ // Check zabbix proxy config
+ if (is_array($config['installedpackages']['zabbixproxy'])) {
$zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0];
- if ($zbproxy_config['proxyenabled']=="on"){
- $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0);
- $AdvancedParams=base64_decode($zbproxy_config['advancedparams']);
-
+ if ($zbproxy_config['proxyenabled'] == "on") {
+ $Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0);
+ $AdvancedParams = base64_decode($zbproxy_config['advancedparams']);
+
$zbproxy_conf_file = <<< EOF
Server={$zbproxy_config['server']}
ServerPort={$zbproxy_config['serverport']}
@@ -209,7 +217,8 @@ DBName=/var/db/zabbix2/proxy.db
LogFile=/var/log/zabbix2/zabbix_proxy.log
ConfigFrequency={$zbproxy_config['configfrequency']}
FpingLocation=/usr/local/sbin/fping
-#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin
+# There's currently no fping6 (IPv6) dependency in the package,
+# but if there was, the binary would likely also be in /usr/local/sbin.
Fping6Location=/usr/local/sbin/fping6
ProxyMode={$Mode}
{$AdvancedParams}
@@ -218,19 +227,19 @@ EOF;
file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
}
}
- /* check zabbix agent settings*/
- if (is_array($config['installedpackages']['zabbixagent'])){
+ // Check zabbix agent settings
+ if (is_array($config['installedpackages']['zabbixagent'])) {
$zbagent_config = $config['installedpackages']['zabbixagent']['config'][0];
- if ($zbagent_config['agentenabled']=="on"){
- $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120");
- $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" );
- $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100");
- $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" );
- $UserParams=base64_decode($zbagent_config['userparams']);
- $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0");
- $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050");
- $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3");
-
+ if ($zbagent_config['agentenabled'] == "on") {
+ $RefreshActChecks = (preg_match("/(\d+)/", $zbagent_config['refreshactchecks'], $matches) ? $matches[1] : "120");
+ $BufferSend = (preg_match("/(\d+)/", $zbagent_config['buffersend'], $matches) ? $matches[1] : "5");
+ $BufferSize = (preg_match("/(\d+)/", $zbagent_config['buffersize'], $matches) ? $matches[1] : "100");
+ $StartAgents = (preg_match("/(\d+)/", $zbagent_config['startagents'], $matches) ? $matches[1] : "3");
+ $UserParams = base64_decode($zbagent_config['userparams']);
+ $ListenIp = $zbagent_config['listenip'] ?: "0.0.0.0";
+ $ListenPort = $zbagent_config['listenport'] ?: "10050";
+ $TimeOut = $zbagent_config['timeout'] ?: "3";
+
$zbagent_conf_file = <<< EOF
Server={$zbagent_config['server']}
ServerActive={$zbagent_config['serveractive']}
@@ -249,33 +258,35 @@ StartAgents={$StartAgents}
{$UserParams}
EOF;
- file_put_contents(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
+ file_put_contents(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
}
}
+
$want_sysctls = array(
'kern.ipc.shmall' => '2097152',
'kern.ipc.shmmax' => '2147483648',
'kern.ipc.semmsl' => '250'
);
$sysctls = array();
- #check sysctl file values
+ // Check sysctl file values
$sc_file="";
if (file_exists("/etc/sysctl.conf")) {
$sc = file("/etc/sysctl.conf");
foreach ($sc as $line) {
list($sysk, $sysv) = explode("=", $line, 2);
- if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls))
- $sc_file.=$line;
+ if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) {
+ $sc_file .= $line;
}
+ }
}
- foreach ($want_sysctls as $ws=> $wv) {
+ foreach ($want_sysctls as $ws => $wv) {
$sc_file .= "{$ws}={$wv}\n";
- exec("/sbin/sysctl {$ws}={$wv}");
+ mwexec("/sbin/sysctl {$ws}={$wv}");
}
file_put_contents("/etc/sysctl.conf", $sc_file);
- #check bootloader values
- $lt_file="";
+ // Check bootloader values
+ $lt_file = "";
$want_tunables = array(
'kern.ipc.semopm' => '100',
'kern.ipc.semmni' => '128',
@@ -287,110 +298,91 @@ EOF;
$lt = file("/boot/loader.conf");
foreach ($lt as $line) {
list($tunable, $val) = explode("=", $line, 2);
- if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables))
- $lt_file.=$line;
+ if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) {
+ $lt_file .= $line;
+ }
}
}
foreach ($want_tunables as $wt => $wv) {
- $lt_file.= "{$wt}={$wv}\n";
+ $lt_file .= "{$wt}={$wv}\n";
}
file_put_contents("/boot/loader.conf", $lt_file);
- /*check startup script files*/
- /* create a few directories and ensure the sample files are in place */
- if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base))
- exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base);
-
- $dir_checks = <<< EOF
-if [ ! -d /var/log/zabbix2 ]
- then
- /bin/mkdir -p /var/log/zabbix2
- /usr/sbin/chmod 755 /var/log/zabbix2
- fi
-/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2
-
-if [ ! -d /var/run/zabbix2 ]
- then
- /bin/mkdir -p /var/run/zabbix2
- /usr/sbin/chmod 755 /var/run/zabbix2
- fi
-/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2
-
-if [ ! -d /var/db/zabbix2 ]
- then
- /bin/mkdir -p /var/db/zabbix2
- /usr/sbin/chmod 755 /var/db/zabbix2
- fi
-/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2
+ // Check startup script files
+ // Create a few directories and ensure the sample files are in place
+ if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) {
+ mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base);
+ }
+
+ $dir_checks = <<< EOF
+
+ if [ ! -d /var/log/zabbix2 ]; then
+ /bin/mkdir -p /var/log/zabbix2
+ /usr/sbin/chmod 755 /var/log/zabbix2
+ fi
+ /usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2
+
+ if [ ! -d /var/run/zabbix2 ]; then
+ /bin/mkdir -p /var/run/zabbix2
+ /usr/sbin/chmod 755 /var/run/zabbix2
+ fi
+ /usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2
+
+ if [ ! -d /var/db/zabbix2 ]; then
+ /bin/mkdir -p /var/db/zabbix2
+ /usr/sbin/chmod 755 /var/db/zabbix2
+ fi
+ /usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2
EOF;
-
- $zproxy_rcfile="/usr/local/etc/rc.d/zabbix2_proxy.sh";
- if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){
- $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n";
- /* start zabbix proxy */
+
+ $zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh";
+ if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") {
+ $zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n";
$zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
-
+
$zproxy_stop = "echo \"Stopping Zabbix Proxy\"\n";
$zproxy_stop .= "/usr/bin/killall zabbix_proxy\n";
$zproxy_stop .= "/bin/sleep 5\n";
- /* write out rc.d start/stop file */
write_rcfile(array(
"file" => "zabbix2_proxy.sh",
"start" => $zproxy_start,
"stop" => $zproxy_stop
)
);
- mwexec("{$zproxy_rcfile} restart");
- }else{
- if (file_exists($zproxy_rcfile)){
- mwexec("{$zproxy_rcfile} stop");
- unlink($zproxy_rcfile);
+ restart_service("zabbix_proxy");
+ } else {
+ if (is_service_running("zabbix_proxy")) {
+ stop_service("zabbix_proxy");
}
+ unlink_if_exists($zproxy_rcfile);
}
-
+
$zagent_rcfile="/usr/local/etc/rc.d/zabbix2_agentd.sh";
- if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){
+ if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on") {
$zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent...\"\n";
$zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n";
-
+
$zagent_stop = "echo \"Stopping Zabbix Agent...\"\n";
$zagent_stop .= "/usr/bin/killall zabbix_agentd\n";
$zagent_stop .= "/bin/sleep 5\n";
-
- /* write out rc.d start/stop file */
+
write_rcfile(array(
- "file" => "zabbix2_agentd.sh",
- "start" => "$zagent_start",
- "stop" => "$zagent_stop"
- )
+ "file" => "zabbix2_agentd.sh",
+ "start" => $zagent_start,
+ "stop" => $zagent_stop
+ )
);
- mwexec("{$zagent_rcfile} restart");
- }else{
- if (file_exists($zagent_rcfile)){
- mwexec("{$zagent_rcfile} stop");
- unlink($zagent_rcfile);
+ restart_service("zabbix_agentd");
+ } else {
+ if (is_service_running("zabbix_agentd")) {
+ stop_service("zabbix_agentd");
}
+ unlink_if_exists($zagent_rcfile);
}
-
- conf_mount_ro();
-}
-function php_zabbix2_pfs_version(){
- $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
- return $pfs_version;
-}
-
-function php_zabbix2_pkg_base($pfs_version){
- if ($pfs_version >= 2.2){
- // pfSense 2.2 with zabbix 2.4
- $zabbix2_pkg_base = "zabbix24";
- }else{
- // pfSense 2.1 with zabbix 2.2
- $zabbix2_pkg_base = "zabbix22";
- }
- return $zabbix2_pkg_base;
+ conf_mount_ro();
}
?>