diff options
Diffstat (limited to 'config')
63 files changed, 2652 insertions, 2120 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 6d626e3a..005a193a 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -1,19 +1,12 @@ <?php -/* copyright */ -/* ========================================================================== */ /* freeradius.inc - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC All rights reserved. - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -34,9 +27,7 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - +*/ require_once('config.inc'); require_once('service-utils.inc'); require_once("util.inc"); @@ -630,7 +621,7 @@ if (is_array($arrusers) && !empty($arrusers)) { // If an octet limit is NOT set we delete the files for the limit and the counter. else { if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername"); } - if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername"); } + if (file_exists("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername")) { unlink("/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername*"); } } if ($varusersadditionaloptionsreplyitems != '') { if ($varusersreplyitem != '') { $varusersreplyitem .=","; } @@ -824,7 +815,7 @@ if (is_array($arrmacs) && !empty($arrmacs)) { // If an octet limit is NOT set we delete the files for the limit and the counter. else { if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress"); } - if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress"); } + if (file_exists("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress")) { unlink("/var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/used-octets-$varmacsaddress*"); } } if ($varmacsadditionaloptionsreplyitems != '') { if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } @@ -2571,163 +2562,181 @@ conf_mount_ro(); /* Uses XMLRPC to synchronize the changes to a remote node */ function freeradius_sync_on_changes() { - global $config, $g; - if (is_array($config['installedpackages']['freeradiussync'])){ + global $config; + + if (is_array($config['installedpackages']['freeradiussync'])) { $synconchanges = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout']; - } - else - { + $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'] ?: '150'; + } else { return; } // if checkbox is NOT checked do nothing - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])){ - $rs=$config['installedpackages']['freeradiussync']['config'][0]['row']; - } - else{ - log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config."); + if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])) { + $rs = $config['installedpackages']['freeradiussync']['config'][0]['row']; + } else { + log_error("[FreeRADIUS]: XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['varsyncdestinenable']="on"; - $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); - if (! is_ipaddr($system_carp['synchronizetoip'])){ - log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['varsyncprotocol'] = "http"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = "https"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } + } else { + log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } break; default: return; - break; - } - if (is_array($rs)){ - log_error("[FreeRADIUS]: xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); - foreach($rs as $sh){ - if($sh['varsyncdestinenable']){ - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - if($password && $sync_to_ip) - freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); - else - log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + break; + } + if (is_array($rs)) { + log_error("[FreeRADIUS]: XMLRPC sync is starting with timeout {$varsynctimeout} seconds."); + foreach ($rs as $sh) { + if ($sh['varsyncdestinenable']) { + $sync_to_ip = $sh['varsyncipaddress']; + $varsyncport = $sh['varsyncport']; + $varsyncprotocol = $sh['varsyncprotocol']; + $username = $sh['varsyncusername'] ?: 'admin'; + $password = $sh['varsyncpassword']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; } - else { - log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; } + if (!is_port($varsyncport)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout); + } else { + log_error("[FreeRADIUS]: XMLRPC Sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } else { + log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } - log_error("[FreeRADIUS]: xmlrpc sync is ending."); - } + } + log_error("[FreeRADIUS]: XMLRPC sync is ending."); + } } /* Do the actual XMLRPC sync */ -function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { +function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout) { global $config, $g; - if($varsynctimeout == '' || $varsynctimeout == 0) - $varsynctimeout = 150; - - if(!$password) + /* Detect boot process, do nothing during boot. */ + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } + } elseif ($g['booting']) { return; + } - if(!$sync_to_ip) - return; - - if(!$varsyncport) + if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") { + log_error("[FreeRADIUS]: A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - if(!$varsyncprotocol) - return; - - // Check and choose correct protocol type, port number and IP address - $synchronizetoip .= "$varsyncprotocol" . '://'; - $port = "$varsyncport"; + /* Take care of IPv6 literal address */ + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - $synchronizetoip .= $sync_to_ip; + $url = "{$varsyncprotocol}://{$sync_to_ip}"; + $port = $varsyncport; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['freeradius'] = $config['installedpackages']['freeradius']; $xml['freeradiusauthorizedmacs'] = $config['installedpackages']['freeradiusauthorizedmacs']; $xml['freeradiusclients'] = $config['installedpackages']['freeradiusclients']; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; + /* Set a few variables needed for sync code */ log_error("[FreeRADIUS]: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after $varsynctimeout seconds */ + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + /* Send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; + log_error("[FreeRADIUS]: {$error}"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; - log_error("[FreeRADIUS]: $error"); - file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error("[FreeRADIUS]: $error"); - file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); - } else { - log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}."); - } + $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[FreeRADIUS]: {$error}"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); + } else { + log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}."); + } - /* tell FreeRADIUS to reload our settings on the destionation sync host. */ + /* Tell FreeRADIUS to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/freeradius.inc');\n"; - // pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions + /* pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions */ $execcmd .= "freeradius_all_after_XMLRPC_resync();"; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); log_error("[FreeRADIUS]: XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; + log_error("[FreeRADIUS]: {$error}"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); - } else { - log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); - } - + $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[FreeRADIUS]: {$error}"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); + } else { + log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + } } // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) @@ -2738,7 +2747,7 @@ function freeradius_all_after_XMLRPC_resync() { freeradius_authorizedmacs_resync(); freeradius_clients_resync(); - log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart"); } @@ -4123,20 +4132,20 @@ function freeradius_modulesdatacounter_resync() { $conf .= <<<EOD exec datacounterdaily { wait = yes - program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" } exec datacounterweekly { wait = yes - program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" } exec datacountermonthly { wait = yes - program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" } exec datacounterforever { wait = yes - program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}" - } + program = "/bin/sh {$varFREERADIUS_ETC}/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" + } EOD; $filename = FREERADIUS_ETC . '/raddb/modules/datacounter_acct'; @@ -4162,18 +4171,19 @@ TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' ` ### This is to make sure there is a used-octets file after the cronjob resetted the counter if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ] && [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" + rm "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-"* fi ### The next two lines are just for getting values for logging output -MAXOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024)) -USEDOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`/1024/1024)) - +MAXOCTETSUSERNAMEMB=$((`/bin/cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024)) +USEDOCTETSUSERNAMEMB=`/bin/cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\${USERNAME}"* | /usr/bin/awk '{ SUM += \$1; } END { print int(SUM/1024/1024); }'` + ### We check if MAX-OCTETS-USERNAME is greater than USED-OCTETS-USERNAME and accept or reject the user -if [ `cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"` -gt `cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"` ]; then - logger -f /var/log/system.log "FreeRADIUS: Used amount of \$TIMERANGE traffic by \$USERNAME is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was accepted!!!" +if [ \$MAXOCTETSUSERNAMEMB -gt \$USEDOCTETSUSERNAMEMB ]; then + logger -f /var/log/system.log "FreeRADIUS: User \$USERNAME has used \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB \$TIMERANGE allotted traffic. The login request was accepted." exit 0 else - logger -f /var/log/system.log "FreeRADIUS: Credentials are probably correct but the user \$USERNAME has reached the \$TIMERANGE Amount of Upload and Download Traffic which is \$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB! The user was rejected!!!" + logger -f /var/log/system.log "FreeRADIUS: User \$USERNAME has reached the \$TIMERANGE amount of upload and download traffic (\$USEDOCTETSUSERNAMEMB MB of \$MAXOCTETSUSERNAMEMB MB). The login request was denied." exit 99 fi EOD; @@ -4198,6 +4208,8 @@ USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z.:_-]/X/g' ` TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' ` ACCTINPUTOCTETS=`echo -n "\\$3" | sed 's/[^0-9]/0/g' ` ACCTOUTPUTOCTETS=`echo -n "\\$4" | sed 's/[^0-9]/0/g' ` +UPDATETYPE=\$5 +SESSIONID=\$6 ### If we do not get Octets we set some default values if [ ! \$ACCTINPUTOCTETS ]; then @@ -4216,11 +4228,23 @@ else if [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" fi -### The following two lines (chose the one or the other) are a bad workaround to make accounting accurate with stop/start accounting on pfsense 2.0.1 - it only works if the session will not be interrupted (host disconnects) -### USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS)) - USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS+`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`)) - - echo "\$USEDOCTETS" > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" + + USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS)) + + # If this is an interim update, track it in a separate session file + # since the incoming data is a gauge not a counter. + if [ \$UPDATETYPE = "Interim-Update" ]; then + echo \$USEDOCTETS > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID" + else + USEDOCTETS=\$((\$USEDOCTETS+`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`)) + + # If there was a session file for this session (from interim updates) clear it since the equivalent + # value was just added to the total. + if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID" ]; then + rm "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME-\$SESSIONID" + fi + echo "\$USEDOCTETS" > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" + fi exit 0 fi diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 4563ef62..eab6b09a 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -45,7 +45,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>freeradius</name> - <version>1.6.13</version> + <version>1.6.17</version> <title>FreeRADIUS: Users</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <menu> diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index 61c7eecb..d36c8b3f 100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -1,51 +1,47 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> -<![CDATA[ + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -freeradiussync.xml -part of pfSense (http://www.pfSense.com) -Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> -Copyright (C) 2013 Marcello Coutinho <marcellocoutinho@gmail.com> -based on pfblocker_sync.xml -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. -All rights reserved. + freeradiussync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]></copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +/* ====================================================================================== */ + ]]> + </copyright> <name>freeradiussync</name> <version>2.2.0</version> <title>FreeRADIUS: XMLRPC Sync</title> @@ -111,8 +107,13 @@ POSSIBILITY OF SUCH DAMAGE. <field> <fielddescr>Enable Sync</fielddescr> <fieldname>varsyncenablexmlrpc</fieldname> - <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> - <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <description> + <![CDATA[ + Select a sync method for FreeRADIUS.<br /> + <b>Important:</b> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> <default_value>auto</default_value> @@ -127,7 +128,7 @@ POSSIBILITY OF SUCH DAMAGE. <fieldname>varsynctimeout</fieldname> <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> <type>input</type> - <default_value>150</default_value> + <default_value>150</default_value> <size>5</size> </field> @@ -144,7 +145,7 @@ POSSIBILITY OF SUCH DAMAGE. <rowhelperfield> <fielddescr>GUI Protocol</fielddescr> <fieldname>varsyncprotocol</fieldname> - <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <description><![CDATA[Choose the protocol of the destination host (HTTP or HTTPS).]]></description> <type>select</type> <default_value>HTTP</default_value> <options> @@ -153,9 +154,9 @@ POSSIBILITY OF SUCH DAMAGE. </options> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI IP-Address</fielddescr> + <fielddescr>GUI IP Address/Hostname</fielddescr> <fieldname>varsyncipaddress</fieldname> - <description><![CDATA[IP Address of the destination host.]]></description> + <description><![CDATA[IP Address or hostname of the destination host.]]></description> <type>input</type> <size>15</size> </rowhelperfield> @@ -178,7 +179,7 @@ POSSIBILITY OF SUCH DAMAGE. </fields> <custom_delete_php_command> freeradius_sync_on_changes(); - </custom_delete_php_command> + </custom_delete_php_command> <custom_php_resync_config_command> freeradius_sync_on_changes(); </custom_php_resync_config_command> diff --git a/config/nut/nut.xml b/config/nut/nut.xml index ca7ca956..e066bc83 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -41,7 +41,7 @@ ]]> </copyright> <name>nut</name> - <version>2.0.5</version> + <version>2.1.1</version> <title>Services: NUT</title> <savetext>Change</savetext> <aftersaveredirect>/status_nut.php</aftersaveredirect> @@ -77,6 +77,18 @@ <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <item>https://packages.pfsense.org/packages/config/nut/ups_status.widget.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/javascript/</prefix> + <item>https://packages.pfsense.org/packages/config/nut/ups_status.js</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/include/</prefix> + <item>https://packages.pfsense.org/packages/config/nut/ups_status.inc</item> + </additional_files_needed> <advanced_options>enabled</advanced_options> <fields> <field> diff --git a/config/nut/ups_status.inc b/config/nut/ups_status.inc new file mode 100644 index 00000000..8953ff94 --- /dev/null +++ b/config/nut/ups_status.inc @@ -0,0 +1,7 @@ +<?php + +// set variable for custom title +$ups_status_title = "UPS Status"; +$ups_status_title_link = "status_nut.php"; + +?> diff --git a/config/nut/ups_status.js b/config/nut/ups_status.js new file mode 100644 index 00000000..4c64498f --- /dev/null +++ b/config/nut/ups_status.js @@ -0,0 +1,81 @@ +/* + ups_status.js + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2015 SunStroke <andrey.b.nikitin@gmail.com> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +//should be called from "ups_status.widget.php" +function showUPSData() { + + //get data from ups_status.widget.php + url = "/widgets/widgets/ups_status.widget.php?getUPSData=1" + //IE fix to disable cache when using http:// , just append timespan + + new Date().getTime(); + + jQuery.ajax(url, { + type: 'get', + success: function(data) { + var upsData = data || ""; + updateUPSWidgetContent(upsData); + }, + error: function(jqXHR, status, error){ + updateUPSWidgetContent("Error getting data from [ups_status.widget.php]"); + } + }); + + //call itself in 11 seconds + window.setTimeout(showUPSData, 11000); +} + +function updateUPSWidgetContent(upsData) { + + upsdata_array = upsData.split(":"); + + if(upsdata_array.length > 1) { + jQuery("#ups_monitoring").html(upsdata_array[0]); + jQuery("#ups_model").html(upsdata_array[1]); + jQuery("#ups__status").html(upsdata_array[2]); + jQuery("#ups_batmeter_graph").css('width', upsdata_array[3]); + jQuery("#ups_batmeter").html(upsdata_array[3]); + jQuery("#ups_runtime").html(upsdata_array[4]); + // Change title to "Battery Voltage" or "Battery Temp" + if(upsdata_array[5].indexOf("V")) { + jQuery("#ups_celltitle_VT").html("Battery Voltage"); + } else if(upsdata_array[5].indexOf("C")) { + jQuery("#ups_celltitle_VT").html("Battery Temp"); + } + jQuery("#ups_bvoltage").html(upsdata_array[5]); + jQuery("#ups_loadmeter_graph").css('width', upsdata_array[6]); + jQuery("#ups_loadmeter").html(upsdata_array[6]); + jQuery("#ups_inputv").html(upsdata_array[7]); + jQuery("#ups_outputv").html(upsdata_array[8]); + jQuery("#ups_widget").css('opacity', '1'); + jQuery("#ups_error_description").html(""); + } else { + // print error description ($condition variable from ups_status.widget.php) + jQuery("#ups_widget").css('opacity', '0.2'); + jQuery("#ups_error_description").html("ERROR: " + upsdata_array[0]); + } +} diff --git a/config/nut/ups_status.widget.php b/config/nut/ups_status.widget.php new file mode 100644 index 00000000..f2a766e1 --- /dev/null +++ b/config/nut/ups_status.widget.php @@ -0,0 +1,216 @@ +<?php +/* + ups_status.widget.php + part of pfSense (https://www.pfsense.org/) + Copyright (C) 2015 SunStroke <andrey.b.nikitin@gmail.com> + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("guiconfig.inc"); // NOTE: maybe not needed (no GUI settings)? Remove if so. +require_once("/usr/local/www/widgets/include/ups_status.inc"); + +//called by showUPSData() (jQuery Ajax call) in ups_status.js +if (isset($_GET["getUPSData"])) { + //get UPS data and return it in ajax response + echo getUPSData(); + return; +} + +function getUPSData() { + + global $config; + $data = ""; + $cmd = ""; + $nut_config = $config['installedpackages']['nut']['config'][0]; + + if ($nut_config['monitor'] == "local") { + // "Monitoring" field - upsdata_array[0] + $data = gettext("Local UPS"); + $cmd = "upsc {$nut_config['name']}@localhost"; + } elseif ($nut_config['monitor'] == "remote") { + // "Monitoring" field - upsdata_array[0] + $data = gettext("Remote UPS"); + $cmd = "upsc {$nut_config['remotename']}@{$nut_config['remoteaddr']}"; + } elseif ($nut_config['monitor'] == "snmp") { + // "Monitoring" field - upsdata_array[0] + $data = gettext("SNMP UPS"); + $cmd = "upsc {$nut_config['snmpname']}@localhost"; + } + + if (is_process_running('upsmon')) { + $handle = popen($cmd, 'r'); + if ($handle) { + $read = fread($handle, 4096); + pclose($handle); + $lines = explode("\n", $read); + if (count($lines) == 1) { + $condition = gettext("Data stale!"); + } else { + $ups = array(); + foreach ($lines as $line) { + $line = explode(':', $line); + $ups[$line[0]] = trim($line[1]); + } + } + } + } else { + $condition = gettext("NUT enabled, but service not running!"); + if ($nut_config['monitor'] == "snmp") { + $condition .= gettext("\nSNMP UPS may be unreachable."); + } + } + if (isset($condition)) { + // Return error description + return $condition; + } + // "Model" field - upsdata_array[1] + $data .= ":" . (($ups['ups.model'] != "") ? $ups['ups.model'] : gettext("n/a")); + // "Status" field - upsdata_array[2] + $status = explode(" ", $ups['ups.status']); + foreach($status as $condition) { + if($disp_status) $disp_status .= ", "; + switch ($condition) { + case "WAIT": + $disp_status .= gettext("Waiting"); + break; + case "OFF": + $disp_status .= gettext("Off Line"); + break; + case "OL": + $disp_status .= gettext("On Line"); + break; + case "OB": + $disp_status .= gettext("On Battery"); + break; + case "TRIM": + $disp_status .= gettext("SmartTrim"); + break; + case "BOOST": + $disp_status .= gettext("SmartBoost"); + break; + case "OVER": + $disp_status .= gettext("Overload"); + break; + case "LB": + $disp_status .= gettext("Battery Low"); + break; + case "RB": + $disp_status .= gettext("Replace Battery"); + break; + case "CAL": + $disp_status .= gettext("Calibration"); + break; + case "CHRG": + $disp_status .= gettext("Charging"); + break; + default: + $disp_status .= $condition; + break; + } + } + $data .= ":" . $disp_status; + // "Battery Charge" bars and field - upsdata_array[3] + $data .= ":" . $ups['battery.charge'] . "%"; + // "Time Remaning" field - upsdata_array[4] + $secs = $ups['battery.runtime']; + if ($secs < 0 || $secs == "") { + $data .= ":" . gettext("n/a"); + } else { + $m = (int)($secs / 60); + $h = (int)($m / 60) % 24; + $m = $m % 60; + $s = $secs % 60; + $data .= ":" . $h."h " . $m."m " . $s."s"; + } + // "Battery Voltage or Battery Temp" field - upsdata_array[5] + if($ups['battery.voltage'] > 0) { + $data .= ":" . $ups['battery.voltage'] . " V"; + } elseif ($ups['ups.temperature'] > 0) { + $data .= ":" . $ups['ups.temperature'] . "&#176;C"; + } else { + $data .= ":" . ""; + } + // "Load" bars and field - upsdata_array[6] + $data .= ":" . $ups['ups.load'] . "%"; + // "Input Voltage" field - upsdata_array[7] + $data .= ":" . $ups['input.voltage'] . " V"; + // "Output Voltage" field - upsdata_array[8] + $data .= ":" . $ups['output.voltage'] . " V"; + + return $data; + +} +?> + +<script type="text/javascript"> +//<![CDATA[ + //start showing ups data + //NOTE: the refresh interval will be reset to a proper value in showUPSData() (ups_status.js). + jQuery(document).ready(function() { + showUPSData(); + }); +//]]> +</script> + +<div id="UPSWidgetContainer"> + <table id="ups_widget" bgcolor="#990000" width="100%" border="0" cellspacing="0" cellpadding="0" summary="UPS status"> + <tr> + <td class="widgetsubheader" align="center"><strong><?php echo gettext("Monitoring"); ?></strong></td> + <td class="widgetsubheader" align="center"><strong><?php echo gettext("Model"); ?></strong></td> + <td class="widgetsubheader" align="center"><strong><?php echo gettext("Status"); ?></strong></td> + </tr> + <tr> + <td class="listlr" align="center" id="ups_monitoring"></td> + <td class="listr" align="center" id="ups_model"></td> + <td class="listr" align="center" id="ups__status"></td> + </tr> + <tr> + <td class="widgetsubheader" align="center"><?php echo gettext("Battery Charge"); ?></td> + <td class="widgetsubheader" align="center"><?php echo gettext("Time Remain"); ?></td> + <td class="widgetsubheader" align="center" id="ups_celltitle_VT"></td> + </tr> + <tr> + <td class="listlr" align="center" id="ups_charge"> + <div class="ui-progressbar ui-widget ui-widget-content ui-corner-all" role="progressbar"><div id="ups_batmeter_graph" class="ui-progressbar-value ui-widget-header ui-corner-left"></div></div> + <span id="ups_batmeter"></span> + </td> + <td class="listr" align="center" id="ups_runtime"></td> + <td class="listr" align="center" id="ups_bvoltage"></td> + </tr> + <tr> + <td class="widgetsubheader" align="center"><?php echo gettext("Load"); ?></td> + <td class="widgetsubheader" align="center"><?php echo gettext("Input Voltage"); ?></td> + <td class="widgetsubheader" align="center"><?php echo gettext("Output Voltage"); ?></td> + </tr> + <tr> + <td class="listlr" align="center" id="ups_load"> + <div class="ui-progressbar ui-widget ui-widget-content ui-corner-all" role="progressbar"><div id="ups_loadmeter_graph" class="ui-progressbar-value ui-widget-header ui-corner-left"></div></div> + <span id="ups_loadmeter"></span> + </td> + <td class="listr" align="center" id="ups_inputv"></td> + <td class="listr" align="center" id="ups_outputv"></td> + </tr> + </table> + <span id="ups_error_description"></span> +</div> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index 85410560..561f7c61 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -438,18 +438,20 @@ function sarg_validate_input($post, &$input_errors) { } # check squidguard - if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") - if (!is_array($config['installedpackages']['squidguardgeneral'])) + if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") { + if (!is_array($config['installedpackages']['squidguardgeneral'])) { $input_errors[]='squidguard package not detected'; + } + } # check squid if (substr($key, 0, 5) == "proxy_server" && $value == "squid") { if (is_array($config['installedpackages']['squid'])) { if (!$config['installedpackages']['squid']['log_enabled']) { - $input_errors[]='squidlogs not enabled'; + $input_errors[] = 'Squid logging not enabled'; } } else { - $input_errors[]='squid package not installed'; + $input_errors[] = 'Squid package not installed'; } } @@ -469,108 +471,113 @@ function sarg_validate_input($post, &$input_errors) { /* Uses XMLRPC to synchronize the changes to a remote node */ function sarg_sync_on_changes() { global $config, $g; + if (is_array($config['installedpackages']['sargsync']['config'])) { $sarg_sync = $config['installedpackages']['sargsync']['config'][0]; $synconchanges = $sarg_sync['synconchanges']; - $synctimeout = $sarg_sync['synctimeout']; + $synctimeout = $sarg_sync['synctimeout'] ?: '250'; switch ($synconchanges) { case "manual": - if (is_array($sarg_sync[row])) { - $rs = $sarg_sync[row]; + if (is_array($sarg_sync['row'])) { + $rs = $sarg_sync['row']; } else { - log_error("[sarg] xmlrpc sync is enabled but there is no hosts to push on sarg config."); + log_error("[sarg] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { - $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; - if ($system_carp['synchronizetoip'] == "" || $system_carp['username'] == "") { - log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[sarg] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['syncdestinenable'] = TRUE; } - } else { - log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); + log_error("[sarg] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; } break; default: return; - break; + break; } if (is_array($rs)) { - log_error("[sarg] xmlrpc sync is starting."); - foreach($rs as $sh) { - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($sh['username']) { - $username = $sh['username']; - } else { - $username = 'admin'; - } - if ($password && $sync_to_ip) { - sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + log_error("[sarg] XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + sarg_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[sarg] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } } } - log_error("[sarg] xmlrpc sync is ending."); + log_error("[sarg] XMLRPC sync completed."); } } } /* do the actual XMLRPC sync */ -function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { +function sarg_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if (!$username) { - return; - } - - if (!$password) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[sarg] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$sync_to_ip) { - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - if (!$synctimeout) { - $synctimeout="250"; - } - - $xmlrpc_sync_neighbor = $sync_to_ip; - - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty, let's rely on the protocol selection */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $sync_to_ip; + $url = "{$protocol}://{$sync_to_ip}"; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['sarg'] = $config['installedpackages']['sarg']; $xml['sarguser'] = $config['installedpackages']['sarguser']; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code */ - $url = $synchronizetoip; - log_error("Beginning sarg XMLRPC sync to {$url}:{$port}."); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -578,49 +585,45 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { if ($g['debug']) { $cli->setDebug(1); } - /* send our XMLRPC message and timeout after $synctimeout seconds */ + /* Send our XMLRPC message and timeout after defined sync timeout value */ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[sarg] {$error}"); file_notice("sync_settings", $error, "sarg Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[sarg] {$error}"); file_notice("sync_settings", $error, "sarg Settings Sync", ""); } else { - log_error("sarg XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[sarg] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell sarg to reload our settings on the destionation sync host. */ + /* Tell sarg to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n"; $execcmd .= "sync_package_sarg();"; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("sarg XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[sarg] {$error}"); file_notice("sync_settings", $error, "sarg Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[sarg] {$error}"); file_notice("sync_settings", $error, "sarg Settings Sync", ""); } else { - log_error("sarg XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[sarg] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 9ae141e5..64e93fe3 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>sargsync</name> - <version>0.6.5</version> + <version>0.6.6</version> <title>Status: Sarg Sync</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -82,9 +82,15 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically Sync Sarg Configuration Changes.</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for Sarg.</description> + <description> + <![CDATA[ + Select a sync method for Sarg.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> <default_value>auto</default_value> @@ -97,7 +103,7 @@ <field> <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> - <description>Select sync max wait time</description> + <description>XMLRPC timeout in seconds.</description> <type>select</type> <required/> <default_value>250</default_value> @@ -110,21 +116,45 @@ </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>IP Address</fielddescr> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>20</size> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Password</fielddescr> + <fielddescr>Admin Password</fielddescr> <fieldname>password</fieldname> - <description>Password for remote server.</description> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> <size>20</size> </rowhelperfield> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index b7d4299e..60959ad6 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3737,103 +3737,117 @@ function snort_sync_on_changes() { /* Do not attempt a package sync while booting up or installing package */ if ($g['booting'] || $g['snort_postinstall']) { - log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + log_error("[snort] Skipping XMLRPC sync when booting up or during package reinstallation."); return; } if (is_array($config['installedpackages']['snortsync']['config'])){ - $snort_sync=$config['installedpackages']['snortsync']['config'][0]; + $snort_sync = $config['installedpackages']['snortsync']['config'][0]; $synconchanges = $snort_sync['varsynconchanges']; - $synctimeout = $snort_sync['varsynctimeout']; + $synctimeout = $snort_sync['varsynctimeout'] ?: '150'; $syncdownloadrules = $snort_sync['vardownloadrules']; switch ($synconchanges){ case "manual": if (is_array($snort_sync['row'])){ $rs=$snort_sync['row']; - } - else{ - log_error("[snort] xmlrpc sync is enabled but there are no hosts configured as replication targets."); + } else { + log_error("[snort] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['hasync'])) { - $system_carp=$config['hasync']; - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncusername']=$system_carp['username']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncsnortstart']="no"; - if ($system_carp['synchronizetoip'] ==""){ - log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts configured as replication targets."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncsnortstart'] = FALSE; + $rs[0]['varsyncdestinenable'] = FALSE; + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['varsyncprotocol'] = "http"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = "https"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[snort] xmlrpc sync is enabled but there are no system backup hosts configured as replication targets."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[snort] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } + } else { + log_error("[snort] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } break; default: return; - break; + break; } if (is_array($rs)){ - log_error("[snort] Snort pkg xmlrpc sync is starting."); - foreach($rs as $sh){ - if ($sh['varsyncsnortstart']) - $syncstartsnort = $sh['varsyncsnortstart']; - else - $syncstartsnort = "OFF"; - $sync_to_ip = $sh['varsyncipaddress']; - $port = $sh['varsyncport']; - $password = $sh['varsyncpassword']; - if($sh['varsyncusername']) - $username = $sh['varsyncusername']; - else - $username = 'admin'; - if($password && $sync_to_ip) - snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort); + log_error("[snort] XMLRPC sync is starting."); + foreach ($rs as $sh){ + // Only sync enabled replication targets + if ($sh['varsyncdestinenable']) { + if ($sh['varsyncsnortstart']) { + $syncstartsnort = $sh['varsyncsnortstart']; + } else { + $syncstartsnort = "OFF"; + } + $sync_to_ip = $sh['varsyncipaddress']; + $port = $sh['varsyncport']; + $password = $sh['varsyncpassword']; + $protocol = $sh['varsyncprotocol']; + $error = ''; + $success = TRUE; + $username = $sh['varsyncusername'] ?: 'admin'; + if ($password == "") { + $error = "Password parameter is empty. "; + $success = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address. "; + $success = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $success = FALSE; + } + if ($success) { + snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout, $syncstartsnort); + } else { + log_error("[snort] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } } - log_error("[snort] Snort pkg xmlrpc sync completed."); + log_error("[snort] XMLRPC sync completed."); } } } /* Do the actual XMLRPC sync */ -function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsnort) { +function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout = 150, $syncstartsnort) { global $config, $g; /* Do not attempt a package sync while booting up or installing package */ if ($g['booting'] || $g['snort_postinstall']) { - log_error("[snort] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + log_error("[snort] Skipping XMLRPC sync when booting up or during package reinstallation."); return; } - if(!$username || !$password || !$sync_to_ip) { - log_error("[snort] A required XMLRPC sync parameter (user, host IP or password) is empty ... aborting pkg sync"); + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[snort] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - /* Test key variables and set defaults if empty */ - if(!$synctimeout) - $synctimeout=150; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - if ($port == "") - $port = $config['system']['webgui']['port']; - /* if port is empty let's rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $synchronizetoip .= $sync_to_ip; - $url = $synchronizetoip; + + $url = "{$protocol}://{$sync_to_ip}"; /*************************************************/ /* Send over any auto-SID management files */ @@ -3847,25 +3861,26 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $method = 'pfsense.exec_php'; $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); - log_error("[snort] Snort XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}."); + log_error("[snort] Snort XMLRPC sync sending auto-SID conf files to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); $error = ""; if(!$resp) { - $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + $error = "A communications error occurred while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file); log_error($error); file_notice("sync_settings", $error, "Snort Settings Sync", ""); } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Snort Settings Sync", ""); } } - if (!empty($sid_files) && $error == "") - log_error("[snort] Snort pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + if (!empty($sid_files) && $error == "") { + log_error("[snort] XMLRPC sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + } /*************************************************/ /* Send over any IPREP IP List files */ @@ -3879,25 +3894,26 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $method = 'pfsense.exec_php'; $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); - log_error("[snort] Snort XMLRPC CARP sync sending IPREP files to {$url}:{$port}."); + log_error("[snort] Snort XMLRPC sync sending IPREP files to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); $error = ""; - if(!$resp) { - $error = "A communications error occurred while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + if (!$resp) { + $error = "A communications error occurred while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file); log_error($error); file_notice("sync_settings", $error, "Snort Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Snort XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Snort Settings Sync", ""); } } - if (!empty($sid_files) && $error == "") - log_error("[snort] Snort pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + if (!empty($sid_files) && $error == "") { + log_error("[snort] XMLRPC sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + } /**************************************************/ /* Send over the <snortglobal> portion of the */ @@ -3911,7 +3927,7 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, XML_RPC_encode($xml) ); - log_error("[snort] Beginning Snort pkg configuration XMLRPC sync to {$url}:{$port}."); + log_error("[snort] Beginning package configuration XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -3919,16 +3935,16 @@ function snort_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, /* send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); } else { - log_error("[snort] Snort pkg configuration XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[snort] Package configuration XMLRPC sync successfully completed with {$url}:{$port}."); } $downloadrulescmd = ""; @@ -3992,16 +4008,16 @@ EOD; $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); } else { - log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[snort] XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php)."); } /*************************************************/ @@ -4016,16 +4032,16 @@ EOD; log_error("[snort] Snort XMLRPC sending {$url}:{$port} cmd to execute configuration reload."); $msg2 = new XML_RPC_Message($method, $params2); $resp = $cli->send($msg2, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting snort XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $error = "An error code was received while attempting snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "snort Settings Sync", ""); } else { - log_error("[snort] Snort pkg XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[snort] XMLRPC reload configuration success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml index 46922822..6b9e6a7f 100755 --- a/config/snort/snort_sync.xml +++ b/config/snort/snort_sync.xml @@ -172,11 +172,11 @@ </options> </rowhelperfield> <rowhelperfield> - <fielddescr>IP-Address</fielddescr> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>varsyncipaddress</fieldname> - <description><![CDATA[IP Address of the destination host.]]></description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>15</size> + <size>40</size> </rowhelperfield> <rowhelperfield> <fielddescr>Port</fielddescr> @@ -202,8 +202,6 @@ </rowhelper> </field> </fields> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> write_config("Snort pkg: saved changes to XMLRPC sync configuration.");snort_sync_on_changes(); </custom_php_resync_config_command> diff --git a/config/spamd/spamd.inc b/config/spamd/spamd.inc index 548a2934..13edb7ce 100644 --- a/config/spamd/spamd.inc +++ b/config/spamd/spamd.inc @@ -299,49 +299,6 @@ function remove_spaces($string) { return $string; } -function sync_spamd_config_to_backup() { - global $config; - if (is_array($config['installedpackages']['carpsettings']['config'])) { - foreach ($config['installedpackages']['carpsettings']['config'] as $carp) { - if ($carp['synchronizetoip'] != "") { - $synctoip = $carp['synchronizetoip']; - $password = $carp['password']; - if ($config['system']['username']) { - $username = $config['system']['username']; - } else { - $username = "admin"; - } - } - } - } - if ($synctoip and $password) { - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $params = array(XML_RPC_encode($password),XML_RPC_encode($xml)); - /* create files to sync array */ - $filetosync = array("/var/db/spamd", "/var/db/whitelist.txt"); - /* loop through files to sync list and sync them up */ - foreach ($filetosync as $f2s) { - $f2c_contents = file_get_contents($f2s); - xmlrpc_sync_file($url, $password, $f2s, $f2c_contents, $port); - } - /* signal remote process config reload */ - xmlrpc_exec_shell($url, $password, "/usr/bin/killall -HUP spamlogd", $port); - xmlrpc_exec_shell($url, $password, "/usr/bin/killall -HUP spamd", $port); - } -} - function custom_php_install_command() { global $config; system("touch /var/db/whitelist.txt"); diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index d565810c..df900e43 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -1854,8 +1854,8 @@ function squid_sync_on_changes() { $synctimeout = $squid_sync['synctimeout']; switch ($synconchanges){ case "manual": - if (is_array($squid_sync[row])){ - $rs=$squid_sync[row]; + if (is_array($squid_sync['row'])){ + $rs=$squid_sync['row']; } else{ log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config."); @@ -1863,8 +1863,8 @@ function squid_sync_on_changes() { } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress']=$system_carp['synchronizetoip']; $rs[0]['username']=$system_carp['username']; $rs[0]['password']=$system_carp['password']; diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index 0f71def8..57b49d5f 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -2314,8 +2314,8 @@ function squid_sync_on_changes() { $synctimeout = $squid_sync['synctimeout']; switch ($synconchanges){ case "manual": - if (is_array($squid_sync[row])){ - $rs=$squid_sync[row]; + if (is_array($squid_sync['row'])){ + $rs=$squid_sync['row']; } else{ log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config."); @@ -2323,8 +2323,8 @@ function squid_sync_on_changes() { } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress']=$system_carp['synchronizetoip']; $rs[0]['username']=$system_carp['username']; $rs[0]['password']=$system_carp['password']; diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index f4be3ee3..973bbf05 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -452,9 +452,6 @@ function squid_restart_services() { function squid_install_command() { global $config, $g; - update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); - update_output_window("Checking if there is configuration to migrate... One moment please..."); - /* Set storage system for nanobsd */ if (!is_array($config['installedpackages']['squidcache'])) { $config['installedpackages']['squidcache'] = array(); @@ -515,7 +512,6 @@ function squid_deinstall_command() { squid_install_cron(false); /* kill all running services */ - update_output_window("Stopping and removing services..."); mwexec('/usr/local/etc/rc.d/sqp_monitor.sh stop'); mwexec("/bin/ps awux | /usr/bin/egrep -i '[s]quid -f|\([s]quid\)' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); mwexec("/bin/ps awux | /usr/bin/grep '[d]iskd' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); @@ -542,8 +538,6 @@ function squid_deinstall_command() { $keep = ($squidsettings['keep_squid_data'] ? true : false); if (!$keep) { - update_output_window("Removing cache and logs ... One moment please..."); - update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); if (is_dir("{$cachedir}")) { if (substr($cachedir, 0, 11) === "/var/squid/") { mwexec_bg("/bin/rm -rf {$cachedir}"); @@ -558,7 +552,6 @@ function squid_deinstall_command() { log_error("[squid] Will NOT delete Squid log dir '{$logdir}' since it is not located under /var/squid. Delete manually if required."); } } - update_output_window("Removing remaining Squid directories ... One moment please..."); $dirs = array("/var/run/squid", "/var/squid"); foreach ($dirs as $dir) { if (is_dir("{$dir}")) { @@ -570,7 +563,6 @@ function squid_deinstall_command() { // remove antivirus integration features squid_antivirus_deinstall_command(); - update_output_window("Reloading filter..."); filter_configure(); /* Remove package settings from config if 'Keep Settings/Data' is disabled */ @@ -619,7 +611,6 @@ function squid_deinstall_command() { unset($config['installedpackages']['squidusers']); } } - update_output_window("Squid3 has been uninstalled."); } /* Migrate configuration from god knows which Squid package versions */ @@ -704,7 +695,6 @@ function squid_upgrade_config() { /* unset broken antivirus settings */ squid_antivirus_upgrade_config(); - update_output_window("Writing configuration... One moment please..."); write_config(); } @@ -2163,28 +2153,45 @@ function squid_generate_rules($type) { /* XMLRPC sync configuration */ function squid_sync_on_changes() { - global $config, $g; + global $config; + if (is_array($config['installedpackages']['squidsync']['config'])) { $squid_sync = $config['installedpackages']['squidsync']['config'][0]; $synconchanges = $squid_sync['synconchanges']; - $synctimeout = $squid_sync['synctimeout']; + $synctimeout = $squid_sync['synctimeout'] ?: '250'; switch ($synconchanges) { case "manual": if (is_array($squid_sync['row'])) { $rs = $squid_sync['row']; } else { - log_error("[squid] XMLRPC sync is enabled but there is no hosts to push on Squid config."); + log_error("[squid] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { - $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[squid] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } } else { - log_error("[squid] XMLRPC sync is enabled but there is no system backup hosts to push Squid config."); + log_error("[squid] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; } break; @@ -2195,45 +2202,56 @@ function squid_sync_on_changes() { if (is_array($rs)) { log_error("[squid] XMLRPC sync is starting."); foreach ($rs as $sh) { - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($sh['username']) { - $username = $sh['username']; - } else { - $username = 'admin'; - } - if ($password && $sync_to_ip) { - squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[squid] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } } } - log_error("[squid] XMLRPC sync is ending."); + log_error("[squid] XMLRPC sync completed."); } - } + } } /* Perform the actual XMLRPC sync */ -function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { +function squid_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if (!$username || !$password || !$sync_to_ip) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[squid] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$synctimeout) { - $synctimeout = 250; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $xmlrpc_sync_neighbor = $sync_to_ip; - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* If port is empty let's rely on the protocol selection */ - if ($port == "") { - $port = $config['system']['webgui']['protocol'] == "http" ? "80" : "443"; - } - $synchronizetoip .= $sync_to_ip; + $url = "{$protocol}://{$sync_to_ip}"; /* XML will hold the sections to sync */ $xml = array(); @@ -2249,14 +2267,9 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['squidauth'] = $config['installedpackages']['squidauth']; $xml['squidusers'] = $config['installedpackages']['squidusers']; /* Assemble XMLRPC payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); /* Set a few variables needed for sync */ - $url = $synchronizetoip; - log_error("[squid] Beginning XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -2267,14 +2280,14 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { /* Send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "[squid] Communication error occurred while attempting XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communication error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[squid] {$error}"); file_notice("sync_settings", $error, "Squid Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[squid] An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[squid] {$error}"); file_notice("sync_settings", $error, "Squid Settings Sync", ""); } else { log_error("[squid] XMLRPC sync successfully completed with {$url}:{$port}."); @@ -2285,25 +2298,21 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $execcmd = "require_once('/usr/local/pkg/squid.inc');\n"; $execcmd .= "squid_resync('yes');"; /* Assemble XMLRPC payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("[squid] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "[squid] Communication error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $error = "A communication error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[squid] {$error}"); file_notice("sync_settings", $error, "Squid Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[squid] An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[squid] {$error}"); file_notice("sync_settings", $error, "Squid Settings Sync", ""); } else { log_error("[squid] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index a7b53fca..28326d7f 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -399,7 +399,7 @@ <fieldname>private_subnet_proxy_off</fieldname> <description> <![CDATA[ - Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let is pass directly through the firewall. + Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let it pass directly through the firewall. ]]> </description> <type>checkbox</type> diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc index 4dc2c89a..fe8406e7 100644 --- a/config/squid3/34/squid_antivirus.inc +++ b/config/squid3/34/squid_antivirus.inc @@ -169,7 +169,6 @@ function squid_antivirus_deinstall_command() { mwexec("/bin/ps awux | /usr/bin/grep '[f]reshclam' | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); /* clean up created PBI symlinks */ - update_output_window("Finishing package cleanup."); if (SQUID_LOCALBASE != '/usr/local') { $ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap'); foreach ($ln_icap as $ln) { @@ -191,7 +190,6 @@ function squid_antivirus_deinstall_command() { $keep = ($squidsettings['keep_squid_data'] ? true : false); if (!$keep) { - update_output_window("Removing antivirus definitions and logs ... One moment please..."); $dirs = array("/var/run/c-icap", "/var/log/c-icap", "/var/log/clamav", "/var/run/clamav", "/var/db/clamav"); foreach ($dirs as $dir) { if (is_dir("{$dir}")) { @@ -218,7 +216,6 @@ function squid_antivirus_deinstall_command() { /* check if clamav/c_icap is enabled in rc.conf.local */ // XXX: This hasn't been used since 0.3.7; to be removed in future if (file_exists("/etc/rc.conf.local")) { - update_output_window("Removing antivirus services from /etc/rc.conf.local..."); $sample_file = file_get_contents("/etc/rc.conf.local"); $rcconf_local_m[0] = "@c_icap_enable(.*)\n@"; $rcconf_local_m[1] = "@clamav_clamd_enable(.*)\n@"; diff --git a/config/squid3/34/squid_reverse_sync.xml b/config/squid3/34/squid_reverse_sync.xml index 139c73c3..1091fce8 100755 --- a/config/squid3/34/squid_reverse_sync.xml +++ b/config/squid3/34/squid_reverse_sync.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidsync</name> - <version>0.4.1</version> + <version>0.4.2</version> <title>Reverse Proxy Server: XMLRPC Sync</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -78,12 +78,18 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync Squid configuration changes</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for Squid.</description> + <description> + <![CDATA[ + Select a sync method for Squid Reverse Proxy.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> <option><name>Sync to configured system backup server</name><value>auto</value></option> <option><name>Sync to host(s) defined below</name><value>manual</value></option> @@ -106,19 +112,45 @@ </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>IP Address</fielddescr> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>20</size> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Password (admin)</fielddescr> + <fielddescr>Admin Password</fielddescr> <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> <size>20</size> </rowhelperfield> diff --git a/config/squid3/34/squid_sync.xml b/config/squid3/34/squid_sync.xml index 2f86b7c6..a7670ff5 100755 --- a/config/squid3/34/squid_sync.xml +++ b/config/squid3/34/squid_sync.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidsync</name> - <version>0.4.1</version> + <version>0.4.2</version> <title>Proxy Server: XMLRPC Sync</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -94,12 +94,18 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync Squid configuration changes</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for Squid.</description> + <description> + <![CDATA[ + Select a sync method for Squid.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> <option><name>Sync to configured system backup server</name><value>auto</value></option> <option><name>Sync to host(s) defined below</name><value>manual</value></option> @@ -122,19 +128,45 @@ </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>IP Address</fielddescr> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>20</size> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Password (admin)</fielddescr> + <fielddescr>Admin Password</fielddescr> <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> <size>20</size> </rowhelperfield> diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 9c3a8bb9..7c1be614 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -37,8 +37,6 @@ function restart_sshd() { } function sshdcond_custom_php_install_command() { - global $g, $config; - /* We need to generate an outfile for our extra commands. The patched g_szSSHDFileGenerate php file then reads and appends that config. */ @@ -48,8 +46,6 @@ function sshdcond_custom_php_install_command() { } function sshdcond_custom_php_deinstall_command() { - global $g, $config; - /* Delete our config file. */ unlink_if_exists("/etc/ssh/sshd_extra"); @@ -59,7 +55,7 @@ function sshdcond_custom_php_deinstall_command() { } function sshdcond_custom_php_write_config() { - global $g, $config, $pkg_interface; + global $g, $config; /* Detect boot process, do nothing during boot. */ if (function_exists("platform_booting")) { @@ -113,71 +109,113 @@ function sshdcond_custom_php_write_config() { /* Uses XMLRPC to synchronize the changes to a remote node. */ function sshdcond_sync_on_changes() { - global $config, $g; - - /* Basically, this package was never configured */ - if (!is_array($config['installedpackages']['sshdcondsync'])) { - return; - } - /* Package is configured but XMLRPC sync is disabled */ - if (!isset($config['installedpackages']['sshdcondsync']['config'][0]['synconchanges'])) { - return; - } - /* Do XMLRPC sync */ - log_error("[sshdcond] xmlrpc sync is starting."); - foreach ($config['installedpackages']['sshdcondsync']['config'] as $rs) { - foreach($rs['row'] as $sh) { - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($password && $sync_to_ip) { - sshdcond_do_xmlrpc_sync($sync_to_ip, $password); + global $config; + + if (is_array($config['installedpackages']['sshdcondsync']['config'])) { + $sshdcond_sync = $config['installedpackages']['sshdcondsync']['config'][0]; + $synconchanges = $sshdcond_sync['synconchanges']; + $synctimeout = $sshdcond_sync['synctimeout'] ?: '150'; + switch ($synconchanges) { + case "manual": + if (is_array($sshdcond_sync['row'])) { + $rs = $sshdcond_sync['row']; + } else { + log_error("[sshdcond] XMLRPC sync is enabled but there are no hosts configured as replication targets."); + return; + } + break; + case "auto": + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[sshdcond] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } + } else { + log_error("[sshdcond] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)) { + log_error("[sshdcond] XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + sshdcond_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[sshdcond] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } } + log_error("[sshdcond] XMLRPC sync completed."); } - } - log_error("[sshdcond] xmlrpc sync is ending."); + } } /* Do the actual XMLRPC sync. */ -function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { +function sshdcond_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if (!$password) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[sshdcond] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$sync_to_ip) { - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $username='admin'; - $xmlrpc_sync_neighbor = $sync_to_ip; - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* If port is empty, let's rely on the protocol selection. */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $sync_to_ip; + $url = "{$protocol}://{$sync_to_ip}"; - /* xml will hold the sections to sync. */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['sshdcond'] = $config['installedpackages']['sshdcond']; /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* Set a few variables needed for sync code; borrowed from filter.inc. */ - $url = $synchronizetoip; - log_error("Beginning sshdcond XMLRPC sync to {$url}:{$port}."); + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -185,20 +223,20 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { if ($g['debug']) { $cli->setDebug(1); } - /* Send our XMLRPC message and timeout after 250 seconds. */ - $resp = $cli->send($msg, "250"); + /* Send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting sshdcond XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[sshdcond] {$error}"); file_notice("sync_settings", $error, "sshdcond Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sshdcond XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + log_error("[sshdcond] {$error}"); file_notice("sync_settings", $error, "sshdcond Settings Sync", ""); } else { - log_error("sshdcond XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[sshdcond] XMLRPC sync successfully completed with {$url}:{$port}."); } /* Tell sshdcond to reload our settings on the destination sync host. */ @@ -206,28 +244,24 @@ function sshdcond_do_xmlrpc_sync($sync_to_ip, $password) { $execcmd = "require_once('/usr/local/pkg/sshdcond.inc');\n"; $execcmd .= "sshdcond_custom_php_write_config();"; /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("sshdcond XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); if (!$resp) { $error = "A communications error occurred while attempting sshdcond XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + log_error("[sshdcond] {$error}"); file_notice("sync_settings", $error, "sshdcond Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sshdcond XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + log_error("[sshdcond] {$error}"); file_notice("sync_settings", $error, "sshdcond Settings Sync", ""); } else { - log_error("sshdcond XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[sshdcond] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } ?> diff --git a/config/sshdcond/sshdcond.priv.inc b/config/sshdcond/sshdcond.priv.inc new file mode 100644 index 00000000..fddb86c1 --- /dev/null +++ b/config/sshdcond/sshdcond.priv.inc @@ -0,0 +1,42 @@ +<?php +/* + sshdcond.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-sshdcond'] = array(); +$priv_list['page-services-sshdcond']['name'] = "WebCfg - Services: SSHDCond package"; +$priv_list['page-services-sshdcond']['descr'] = "Allow access to SSHDCond package GUI"; +$priv_list['page-services-sshdcond']['match'] = array(); + +$priv_list['page-services-sshdcond']['match'][] = "pkg.php?xml=sshdcond.xml*"; +$priv_list['page-services-sshdcond']['match'][] = "pkg.php?xml=sshdcond_sync.xml*"; + +$priv_list['page-services-sshdcond']['match'][] = "pkg_edit.php?xml=sshdcond.xml*"; +$priv_list['page-services-sshdcond']['match'][] = "pkg_edit.php?xml=sshdcond_sync.xml*"; + +?> diff --git a/config/sshdcond/sshdcond.xml b/config/sshdcond/sshdcond.xml index 11104e1d..f0e27c80 100644 --- a/config/sshdcond/sshdcond.xml +++ b/config/sshdcond/sshdcond.xml @@ -43,12 +43,10 @@ ]]> </copyright> <name>sshdcond</name> - <version>1.0.2</version> - <title>SSH Conditional</title> - <description>SSH Conditional blocks</description> + <version>1.0.6</version> + <title>Services: SSH Conditional Options</title> <savetext>Save</savetext> <include_file>/usr/local/pkg/sshdcond.inc</include_file> - <menu> <name>SSH Conditions</name> <tooltiptext>Configure SSH conditional exceptions</tooltiptext> @@ -61,6 +59,10 @@ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item> </additional_files_needed> @@ -93,7 +95,6 @@ <field> <type>listtopic</type> <name>Conditional SSH Options</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Enable</fielddescr> @@ -187,7 +188,4 @@ <custom_php_resync_config_command> sshdcond_custom_php_write_config(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> </packagegui> diff --git a/config/sshdcond/sshdcond_sync.xml b/config/sshdcond/sshdcond_sync.xml index 511df25b..f81f36b0 100755 --- a/config/sshdcond/sshdcond_sync.xml +++ b/config/sshdcond/sshdcond_sync.xml @@ -42,8 +42,8 @@ ]]> </copyright> <name>sshdcondsync</name> - <version>1.0.2</version> - <title>SSH Conditional - Sync</title> + <version>1.0.6</version> + <title>Services: SSH Conditional Options - Sync</title> <include_file>/usr/local/pkg/sshdcond.inc</include_file> <tabs> <tab> @@ -62,30 +62,74 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync configuration changes</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Automatically sync changes to the hosts defined below.</description> - <type>checkbox</type> + <description> + <![CDATA[ + When enabled, this will sync all configuration settings to the Replication Targets.<br/><br/> + <b>Important:</b> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. This will result in a loop! + ]]> + </description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>XMLRPC Timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description><![CDATA[XMLRPC timeout in seconds. Default: 150]]></description> + <type>input</type> + <default_value>150</default_value> + <size>5</size> + </field> + <field> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server.</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> diff --git a/config/stunnel/stunnel.priv.inc b/config/stunnel/stunnel.priv.inc new file mode 100644 index 00000000..f9857583 --- /dev/null +++ b/config/stunnel/stunnel.priv.inc @@ -0,0 +1,42 @@ +<?php +/* + stunnel.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-stunnel'] = array(); +$priv_list['page-services-stunnel']['name'] = "WebCfg - Services: stunnel package"; +$priv_list['page-services-stunnel']['descr'] = "Allow access to stunnel package GUI"; +$priv_list['page-services-stunnel']['match'] = array(); + +$priv_list['page-services-stunnel']['match'][] = "pkg.php?xml=stunnel.xml*"; +$priv_list['page-services-stunnel']['match'][] = "pkg.php?xml=stunnel_certs.xml*"; + +$priv_list['page-services-stunnel']['match'][] = "pkg_edit.php?xml=stunnel.xml*"; +$priv_list['page-services-stunnel']['match'][] = "pkg_edit.php?xml=stunnel_certs.xml*"; + +?> diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml index c8957ba8..b5dfd6bd 100644 --- a/config/stunnel/stunnel.xml +++ b/config/stunnel/stunnel.xml @@ -42,14 +42,10 @@ ]]> </copyright> <name>stunnel</name> - <version>5.20.2</version> + <version>5.20.3</version> <title>Services: Secure Tunnel</title> <menu> <name>STunnel</name> - <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. - It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. - It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. - It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> <section>Services</section> <configfile>stunnel.xml</configfile> </menu> @@ -59,6 +55,10 @@ <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item> </additional_files_needed> diff --git a/config/sudo/sudo.priv.inc b/config/sudo/sudo.priv.inc new file mode 100644 index 00000000..01cb2224 --- /dev/null +++ b/config/sudo/sudo.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + sudo.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-system-sudo'] = array(); +$priv_list['page-system-sudo']['name'] = "WebCfg - System: sudo package"; +$priv_list['page-system-sudo']['descr'] = "Allow access to sudo package GUI"; +$priv_list['page-system-sudo']['match'] = array(); + +$priv_list['page-system-sudo']['match'][] = "pkg_edit.php?xml=sudo.xml*"; + +?> diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 6124a641..e2b92cf1 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -1,4 +1,6 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ @@ -42,7 +44,7 @@ <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.2.7</version> + <version>0.2.8</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> @@ -56,6 +58,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/sudo/sudo.priv.inc</item> + </additional_files_needed> <fields> <field> <type>listtopic</type> @@ -63,11 +69,14 @@ </field> <field> <type>info</type> - <description><![CDATA[ -User permission definitions for allowing the use of sudo by shell users to run commands as other users, such as root. -<br /><br />More information on the full command options may be found in the <a href="http://www.sudo.ws/sudoers.man.html">sudoers manual</a>. -<br /><br />By default the command is "ALL" meaning the user can run any commands. Leaving the commands field blank assumes "ALL". A comma-separated list of commands can be supplied to limit the user to individual binaries. Full paths to binaries must be used. - ]]></description> + <description> + <![CDATA[ + User permission definitions for allowing the use of sudo by shell users to run commands as other users, such as root.<br /><br /> + More information on the full command options may be found in the <a href="http://www.sudo.ws/sudoers.man.html">sudoers manual</a>.<br /><br /> + By default the command is "ALL" meaning the user can run any commands. Leaving the commands field blank assumes "ALL".<br /><br /> + A comma-separated list of commands can be supplied to limit the user to individual binaries. <strong>Full paths to binaries must be used.</strong> + ]]> + </description> </field> <field> <fielddescr>User Permissions</fielddescr> @@ -100,7 +109,7 @@ User permission definitions for allowing the use of sudo by shell users to run c <rowhelperfield> <fielddescr>Command List</fielddescr> <fieldname>cmdlist</fieldname> - <description>Commands the user may run. Comma-separated list, full paths preferred. Default: ALL</description> + <description>Commands the user may run. Comma-separated list, full paths required. Default: ALL</description> <type>input</type> <size>30</size> <value>ALL</value> diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index e3028570..bd7a181b 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -3304,102 +3304,118 @@ function suricata_sync_on_changes() { /* Do not attempt a package sync while booting up or installing package */ if ($g['booting'] || $g['suricata_postinstall'] == TRUE) { - log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + log_error("[suricata] Skipping XMLRPC sync when booting up or during package reinstallation."); return; } - if (is_array($config['installedpackages']['suricatasync']['config'])){ - $suricata_sync=$config['installedpackages']['suricatasync']['config'][0]; + if (is_array($config['installedpackages']['suricatasync']['config'])) { + $suricata_sync = $config['installedpackages']['suricatasync']['config'][0]; $synconchanges = $suricata_sync['varsynconchanges']; - $synctimeout = $suricata_sync['varsynctimeout']; + $synctimeout = $suricata_sync['varsynctimeout'] ?: '150'; $syncdownloadrules = $suricata_sync['vardownloadrules']; - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($suricata_sync[row])){ - $rs=$suricata_sync[row]; - } - else{ - log_error("[suricata] xmlrpc CARP sync is enabled but there are no hosts configured as replication targets."); + if (is_array($suricata_sync['row'])) { + $rs = $suricata_sync['row']; + } else { + log_error("[suricata] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncusername']=$system_carp['username']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncsuricatastart']="no"; - if ($system_carp['synchronizetoip'] ==""){ - log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncsuricatastart'] = FALSE; + $rs[0]['varsyncdestinenable'] = FALSE; + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['varsyncprotocol'] = "http"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = "https"; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[suricata] xmlrpc CARP sync is enabled but there are no system backup hosts configured as replication targets."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[suricata] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } + } else { + log_error("[suricata] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } break; default: return; - break; + break; } - if (is_array($rs)){ - log_error("[suricata] Suricata pkg xmlrpc CARP sync is starting."); - foreach($rs as $sh){ - if ($sh['varsyncsuricatastart']) - $syncstartsuricata = $sh['varsyncsuricatastart']; - else - $syncstartsuricata = "OFF"; - $sync_to_ip = $sh['varsyncipaddress']; - $port = $sh['varsyncport']; - $password = $sh['varsyncpassword']; - if($sh['varsyncusername']) - $username = $sh['varsyncusername']; - else - $username = 'admin'; - if($password && $sync_to_ip) - suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout, $syncstartsuricata); + if (is_array($rs)) { + log_error("[suricata] XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['varsyncdestinenable']) { + if ($sh['varsyncsuricatastart']) { + $syncstartsuricata = $sh['varsyncsuricatastart']; + } else { + $syncstartsuricata = "OFF"; + } + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + $port = $sh['varsyncport']; + $protocol = $sh['varsyncprotocol']; + $error = ''; + $success = TRUE; + $username = $sh['varsyncusername'] ?: 'admin'; + if ($password == "") { + $error = "Password parameter is empty. "; + $success = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address. "; + $success = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $success = FALSE; + } + if ($success) { + suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout, $syncstartsuricata); + } else { + log_error("[suricata] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } } - log_error("[suricata] Suricata pkg xmlrpc CARP sync completed."); + log_error("[suricata] XMLRPC sync completed."); } } } /* Do the actual XMLRPC sync */ -function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $username, $password, $synctimeout = 150, $syncstartsuricata) { +function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $protocol, $username, $password, $synctimeout = 150, $syncstartsuricata) { global $config, $g; /* Do not attempt a package sync while booting up or installing package */ if ($g['booting'] || isset($g['suricata_postinstall'])) { - log_error("[suricata] No xmlrpc sync to CARP targets when booting up or during package reinstallation."); + log_error("[suricata] Skipping XMLRPC sync when booting up or during package reinstallation."); return; } - if($username == "" || $password == "" || $sync_to_ip == "") { - log_error("[suricata] A required XMLRPC CARP sync parameter (user, host IP or password) is empty ... aborting pkg sync"); + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[suricata] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - /* Test key variables and set defaults if empty */ - if(!$synctimeout) - $synctimeout=150; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $sync_to_ip; - $url = $synchronizetoip; + + $url = "{$protocol}://{$sync_to_ip}"; + /*************************************************/ /* Send over any auto-SID management files */ @@ -3413,25 +3429,26 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna $method = 'pfsense.exec_php'; $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); - log_error("[suricata] Suricata XMLRPC CARP sync sending auto-SID conf files to {$url}:{$port}."); + log_error("[suricata] XMLRPC sync sending auto-SID conf files to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); $error = ""; - if(!$resp) { - $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + if (!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); } } - if (!empty($sid_files) && $error == "") - log_error("[suricata] Suricata pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + if (!empty($sid_files) && $error == "") { + log_error("[suricata] XMLRPC sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + } /*************************************************/ /* Send over any IPREP IP List files */ @@ -3445,25 +3462,26 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna $method = 'pfsense.exec_php'; $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); - log_error("[suricata] Suricata XMLRPC CARP sync sending IPREP files to {$url}:{$port}."); + log_error("[suricata] Suricata XMLRPC sync sending IPREP files to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); $error = ""; - if(!$resp) { - $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + if (!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); } } - if (!empty($iprep_files) && $error == "") - log_error("[suricata] Suricata pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + if (!empty($iprep_files) && $error == "") { + log_error("[suricata] XMLRPC sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + } /**************************************************/ /* Send over the <suricata> portion of config.xml */ @@ -3477,7 +3495,7 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna XML_RPC_encode($xml) ); - log_error("[suricata] Beginning Suricata pkg configuration XMLRPC sync to {$url}:{$port}."); + log_error("[suricata] Beginning package configuration XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -3485,31 +3503,31 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna /* send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}."; + if (!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); } else { - log_error("[suricata] Suricata pkg configuration XMLRPC CARP sync successfully completed with {$url}:{$port}."); + log_error("[suricata] Package configuration XMLRPC sync successfully completed with {$url}:{$port}."); } $downloadrulescmd = ""; if ($syncdownloadrules == "yes") { - $downloadrulescmd = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Update of downloaded rule sets requested...\"));\n"; + $downloadrulescmd = "log_error(gettext(\"[suricata] XMLRPC pkg sync: Update of downloaded rule sets requested...\"));\n"; $downloadrulescmd .= "\tinclude_once(\"/usr/local/pkg/suricata/suricata_check_for_rule_updates.php\");\n"; } $suricatastart = ""; if ($syncstartsuricata == "ON") { - $suricatastart = "log_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Checking Suricata status...\"));\n"; + $suricatastart = "log_error(gettext(\"[suricata] XMLRPC pkg sync: Checking Suricata status...\"));\n"; $suricatastart .= "\tif (!is_process_running(\"suricata\")) {\n"; - $suricatastart .= "\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata not running. Sending a start command...\"));\n"; + $suricatastart .= "\t\tlog_error(gettext(\"[suricata] XMLRPC pkg sync: Suricata not running. Sending a start command...\"));\n"; $suricatastart .= "\t\t\$sh_script = RCFILEPREFIX . \"suricata.sh\";\n"; $suricatastart .= "\t\tmwexec_bg(\"{\$sh_script} start\");\n\t}\n"; - $suricatastart .= "\telse {\n\t\tlog_error(gettext(\"[suricata] XMLRPC pkg CARP sync: Suricata is running...\"));\n\t}\n"; + $suricatastart .= "\telse {\n\t\tlog_error(gettext(\"[suricata] XMLRPC pkg sync: Suricata is running...\"));\n\t}\n"; } /*************************************************/ @@ -3529,14 +3547,14 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna \$pkg_interface = "console"; {$downloadrulescmd} unset(\$g["suricata_postinstall"]); - log_error(gettext("[suricata] XMLRPC pkg CARP sync: Generating suricata.yaml file using Master Host settings...")); + log_error(gettext("[suricata] XMLRPC pkg sync: Generating suricata.yaml file using Master Host settings...")); \$rebuild_rules = true; conf_mount_rw(); sync_suricata_package_config(); conf_mount_ro(); \$rebuild_rules = false; {$suricatastart} - log_error(gettext("[suricata] XMLRPC pkg CARP sync process on this host is complete...")); + log_error(gettext("[suricata] XMLRPC pkg sync process on this host is complete...")); \$pkg_interface = \$orig_pkg_interface; unset(\$g["suricata_sync_in_progress"]); return true; @@ -3557,21 +3575,21 @@ EOD; XML_RPC_encode($execcmd) ); - log_error("[suricata] Suricata XMLRPC CARP sync sending reload configuration cmd set as a file to {$url}:{$port}."); + log_error("[suricata] XMLRPC sync sending reload configuration cmd set as a file to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php)."; + if (!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); } else { - log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[suricata] XMLRPC sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); } /*************************************************/ @@ -3583,19 +3601,19 @@ EOD; XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - log_error("[suricata] Suricata XMLRPC CARP sync sending {$url}:{$port} cmd to execute configuration reload."); + log_error("[suricata] XMLRPC sync sending {$url}:{$port} cmd to execute configuration reload."); $msg2 = new XML_RPC_Message($method, $params2); $resp = $cli->send($msg2, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port} (pfsense.exec_php)."; + if (!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } elseif ($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Suricata Settings Sync", ""); } else { - log_error("[suricata] Suricata pkg XMLRPC CARP sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[suricata] XMLRPC sync reload configuration success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/suricata/suricata_sync.xml b/config/suricata/suricata_sync.xml index 28083d8d..c2f5ec83 100644 --- a/config/suricata/suricata_sync.xml +++ b/config/suricata/suricata_sync.xml @@ -1,56 +1,49 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -based on snortsync.xml developed as part -of pfSense (http://www.pfSense.com) -Copyright (C) 2013 Marcello Coutinho -based on pfblocker_sync.xml -All rights reserved. - -modified for use with Suricata package -Copyright (C) 2014 Bill Meeks -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. -All rights reserved. + suricata_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2014-2015 Bill Meeks + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code MUST retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form MUST reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]></copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +/* ====================================================================================== */ + ]]> + </copyright> <name>suricatasync</name> - <version>1.0</version> + <version>2.1.8</version> <title>Suricata: XMLRPC Sync</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <tabs> @@ -183,11 +176,11 @@ POSSIBILITY OF SUCH DAMAGE. </options> </rowhelperfield> <rowhelperfield> - <fielddescr>IP-Address</fielddescr> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>varsyncipaddress</fieldname> - <description><![CDATA[IP Address of the destination host.]]></description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>15</size> + <size>40</size> </rowhelperfield> <rowhelperfield> <fielddescr>Port</fielddescr> @@ -213,8 +206,6 @@ POSSIBILITY OF SUCH DAMAGE. </rowhelper> </field> </fields> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> write_config("Suricata pkg: updating CARP sync info.");suricata_sync_on_changes(); </custom_php_resync_config_command> diff --git a/config/tinydns/tinydns_xmlrpc_sync.php b/config/syslog-ng/syslog-ng.priv.inc index 0610e286..96722a7b 100644 --- a/config/tinydns/tinydns_xmlrpc_sync.php +++ b/config/syslog-ng/syslog-ng.priv.inc @@ -1,9 +1,8 @@ <?php - -/* $Id$ */ /* - tinydns_xmlrcpc_sync.php - Copyright (C) 2006 Scott Ullrich + syslog-ng.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,33 +26,19 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +global $priv_list; -/* NOTE: this file gets included from the pfSense filter.inc plugin process */ - -require_once("config.inc"); -require_once("/usr/local/pkg/tinydns.inc"); -require_once("service-utils.inc"); - -if($notnow) { +$priv_list['page-services-syslogng'] = array(); +$priv_list['page-services-syslogng']['name'] = "WebCfg - Services: syslog-ng package"; +$priv_list['page-services-syslogng']['descr'] = "Allow access to syslog-ng package GUI"; +$priv_list['page-services-syslogng']['match'] = array(); - /* disabled until Ticket #1318 can be fixed */ +$priv_list['page-services-syslogng']['match'][] = "pkg.php?xml=syslog-ng.xml*"; +$priv_list['page-services-syslogng']['match'][] = "pkg.php?xml=syslog-ng_advanced.xml*"; - if(!$config) { - log_error("\$config is not enabled from tinydns_xmlrpc_sync.php!!"); - } else { - if($config['installedpackages']['carpsettings']['config']) - $password = $config['installedpackages']['carpsettings']['config'][0]['password']; - if($config['installedpackages']['carpsettings']['config']) - $syncip = $config['installedpackages']['carpsettings']['config'][0]['synchronizetoip']; - if($config['installedpackages']['carpsettings']['config']) - $syncxmlrpc = $config['installedpackages']['tinydns']['config'][0]['syncxmlrpc']; - /* option enabled? */ - if($syncxmlrpc) - if($syncip) - if($password) - tinydns_do_xmlrpc_sync($syncip, $password); - } +$priv_list['page-services-syslogng']['match'][] = "pkg_edit.php?xml=syslog-ng.xml*"; +$priv_list['page-services-syslogng']['match'][] = "pkg_edit.php?xml=syslog-ng_advanced.xml*"; -} +$priv_list['page-services-syslogng']['match'][] = "syslog-ng_log_viewer.php*"; -?>
\ No newline at end of file +?> diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml index 9b0ccffc..81942926 100644 --- a/config/syslog-ng/syslog-ng.xml +++ b/config/syslog-ng/syslog-ng.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>Syslog-ng</name> - <version>1.0.8</version> + <version>1.1.1</version> <title>Services: Syslog-ng</title> <include_file>/usr/local/pkg/syslog-ng.inc</include_file> <menu> @@ -76,6 +76,10 @@ <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item> </additional_files_needed> diff --git a/config/tftp2/tftp.inc b/config/tftp2/tftp.inc index 67054619..75ddaac8 100644 --- a/config/tftp2/tftp.inc +++ b/config/tftp2/tftp.inc @@ -50,10 +50,10 @@ function tftp_install_command() { // Restore backup if it exists if (file_exists($tftpbackup)) { - system("/usr/bin/tar xvpfz {$tftpbackup} -C /"); - system("/bin/chmod -R 0744 {$tftpdir}/*"); - unset($tftpbackup); + mwexec("/usr/bin/tar xvpfz {$tftpbackup} -C /"); + mwexec("/bin/chmod -R 0744 {$tftpdir}/*"); } + unset($tftpdir, $tftpbackup); } function tftp_deinstall_command() { @@ -68,11 +68,9 @@ function tftp_generate_rules($type) { return; } - // Open inetd.conf write handle + // Add tftpd daemon to inetd $inetd_fd = fopen("/var/etc/inetd.conf", "a+"); - // Add tftp daemon fwrite($inetd_fd, "tftp\t\tdgram\tudp\twait\t\troot\t/usr/libexec/tftpd\ttftpd /tftpboot\n"); - // Close file handle fclose($inetd_fd); if (!empty($config['installedpackages']['tftpd']['config'][0]['tftpdinterface'])) { diff --git a/config/tftp2/tftp.priv.inc b/config/tftp2/tftp.priv.inc new file mode 100644 index 00000000..14691924 --- /dev/null +++ b/config/tftp2/tftp.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + tftp.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-tftp'] = array(); +$priv_list['page-services-tftp']['name'] = "WebCfg - Services: TFTP package"; +$priv_list['page-services-tftp']['descr'] = "Allow access to TFTP package GUI"; +$priv_list['page-services-tftp']['match'] = array(); + +$priv_list['page-services-tftp']['match'][] = "tftp_files.php*"; + +?> diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml index 2a526a4c..33fb9c3d 100644 --- a/config/tftp2/tftp.xml +++ b/config/tftp2/tftp.xml @@ -43,7 +43,7 @@ ]]> </copyright> <name>tftp Settings</name> - <version>2.0</version> + <version>2.2.2</version> <title>TFTP: Settings</title> <include_file>/usr/local/pkg/tftp.inc</include_file> <menu> @@ -56,23 +56,21 @@ <service> <name>tftp</name> <executable>inetd</executable> - <description>TFTP daemon</description> + <description>TFTP Daemon</description> </service> - <tabs> - <tab> - <text>Files</text> - <url>tftp_files.php</url> - </tab> - </tabs> <configpath>installedpackages->$packagename</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/tftp2/tftp.inc</item> - </additional_files_needed> + </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/tftp2/tftp.priv.inc</item> + </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/tftp2/tftp_files.php</item> - </additional_files_needed> + </additional_files_needed> <custom_php_install_command> tftp_install_command(); </custom_php_install_command> diff --git a/config/tftp2/tftp_files.php b/config/tftp2/tftp_files.php index eebe4c5e..0352f4a0 100644 --- a/config/tftp2/tftp_files.php +++ b/config/tftp2/tftp_files.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); +require_once("util.inc"); require_once("/usr/local/pkg/tftp.inc"); $pconfig['tftpdinterface'] = explode(",", $config['installedpackages']['tftpd']['config'][0]['tftpdinterface']); @@ -43,7 +44,7 @@ if (($_GET['a'] == "download") && $_GET['t'] == "backup") { conf_mount_rw(); $filename = $backup_filename; $download_dir = $backup_dir; - system("tar -czC / -f {$backup_path} tftpboot"); + mwexec("/usr/bin/tar -czC / -f {$backup_path} tftpboot"); conf_mount_ro(); } @@ -73,8 +74,8 @@ if ($_GET['a'] == "other") { if (file_exists($backup_path)) { //echo "The file $filename exists"; conf_mount_rw(); - system("tar -xpzC / -f {$backup_path}"); - system("chmod -R 744 {$files_dir}/*"); + mwexec("/usr/bin/tar -xpzC / -f {$backup_path}"); + mwexec("/bin/chmod -R 744 {$files_dir}/*"); header( 'Location: tftp_files.php?savemsg=Backup+has+been+restored.' ) ; conf_mount_ro(); } else { @@ -100,7 +101,7 @@ if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_na conf_mount_rw(); move_uploaded_file($_FILES['ulfile']['tmp_name'], "{$files_dir}/{$_FILES['ulfile']['name']}"); $savemsg = "Uploaded file to {$files_dir}/" . htmlentities($_FILES['ulfile']['name']); - system('chmod -R 744 {$files_dir}/*'); + mwexec('/bin/chmod -R 744 {$files_dir}/*'); unset($_POST['txtCommand']); conf_mount_ro(); } @@ -122,7 +123,7 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<p class="pgtitle">TFTP: Files</p> +<p class="pgtitle">TFTP: Settings/Files</p> <?php $savemsg = $_GET["savemsg"]; @@ -137,7 +138,7 @@ if ($savemsg) { <?php $tab_array = array(); - $tab_array[] = array(gettext("Files"), false, "tftp_files.php"); + $tab_array[] = array(gettext("TFTP"), false, "tftp_files.php"); display_top_tabs($tab_array); ?> @@ -145,14 +146,16 @@ if ($savemsg) { </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <td colspan="2" class="listtopic">TFTP Daemon Interfaces</td> + </tr> <tr> + <td width="22%" class="vncell">Select TFTP Daemon Interface(s).</td> <td width="78%" class="vtable"> <form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmInterfaces" onsubmit=""> - <p><span class="vexpl"><strong>TFTP Daemon Interfaces</strong></span></p> - <?=gettext("Choose the interfaces where you want the TFTP daemon to accept connections.");?><br/><br/> <select name="tftpdinterface[]" multiple="multiple" class="formselect" size="3"> <?php $ifdescs = get_configured_interface_with_descr(); @@ -164,70 +167,46 @@ if ($savemsg) { echo "\t\t\t<option value=\"{$ifent}\"{$selected}>" . $ifdesc . "</option>\n"; } ?> - </select><br /> - <input name="submit" type="submit" class="button" id="save" value="Save" /> + </select><br /><br /> + <span class="vexpl"> + Choose the interfaces where you want the TFTP Daemon to accept connections.<br/> + <strong>Hint:</strong> If you simply need to (re)start tftpd/inetd, just use the Save button without making any changes here.<br /><br /> + </span> + <input name="submit" type="submit" class="formbtns" id="save" value="Save" title="Save settings" /> </form> </td> </tr> <tr> - <td> - <p><span class="vexpl"><span class="red"><strong>TFTP files</strong></span><br /> - Trivial File Transport Protocol is a very simple file transfer protocol.<br /> - Use the file upload to add files to the /tftpboot directory.<br /> - Click on the file from the file list below to download it.<br /> - </span></p> - </td> + <td colspan="2" class="listtopic">TFTP Files Upload</td> </tr> - </table> - <br /> - <div id="niftyOutter"> - <form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit=""> - <table> - <tr> - <td align="right">File to upload:</td> - <td valign="top" class="label"> - <input name="ulfile" type="file" class="button" id="ulfile" /> - </td> - </tr> - <tr> - <td valign="top"> </td> - <td valign="top" class="label"> - <input name="submit" type="submit" class="button" id="upload" value="Upload" /> - </td> - </tr> - </table> - </form> - </div> - <br /><br /> - - <table width='690' cellpadding='0' cellspacing='0' border='0'> <tr> - <td width='80%'> - <strong>Backup / Restore</strong><br /> - The 'Backup' button compresses /tftpboot/ to /root/backup/tftp.bak.tgz; after that it presents the backup for download.<br /> - If the backup file does not exist in /root/backup/tftp.bak.tgz then the 'Restore' button will be hidden.<br /> - Use Diagnostics -> Command -> File to upload: to browse to the file and then click on upload.<br /> - After that, backup will be ready to be restored.<br /><br /> - </td> - <td width='20%' valign='middle' align='right'> - <input type="button" value="Backup" onclick="document.location.href='tftp_files.php?a=download&t=backup'" /> - <?php - if (file_exists('/root/backup/tftp.bak.tgz')) { - echo "<input type='button' value='Restore' onclick=\"document.location.href='tftp_files.php?a=other&t=restore';\" />\n"; - } - ?> + <td width="22%" class="vncell">Use the file upload to add files to the /tftpboot directory.</td> + <td width="78%" class="vtable"> + <form action="tftp_files.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit=""> + <span class="vexpl">1. Select file to upload: </span> + <input name="ulfile" type="file" class="formbtns" id="ulfile" title="Select file to upload" /> + <br /> + <span class="vexpl">2. Upload the selected file: </span> + <input name="submit" type="submit" class="formbtns" id="upload" value="Upload" title="Upload file" /> + </form> </td> </tr> - </table> - <br /><br /> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td width="25%" class="listhdrr">File Name (download)</td> - <td width="50%" class="listhdr">Last Modified</td> - <td width="50%" class="listhdr">Size</td> + <td colspan="3" class="listtopic">TFTP Files Download</td> </tr> + <tr> + <td colspan="3" class="vexpl">Click on the file from the file list below to download it.</td> + </tr> + <tr> + <td colspan="3"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">File Name (download)</td> + <td width="50%" class="listhdr">Last Modified</td> + <td width="50%" class="listhdr">Size</td> + </tr> <?php if ($handle = opendir('/tftpboot')) { @@ -267,13 +246,37 @@ if ($handle = opendir('/tftpboot')) { } ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"></td> + </tr> + </table> + </td> + </tr> + <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> + <td colspan="2" class="listtopic">TFTP Backup / Restore</td> </tr> - </table> - </td> + <tr> + <td width="22%" class="vncell">Use the file upload to add files to the /tftpboot directory.</td> + <td width="78%" class="vtable"> + <span class="vexpl"><strong>Backup:</strong> 'Backup' button compresses /tftpboot/ to /root/backup/tftp.bak.tgz; after that it presents the backup for download.<br /> + <strong>Restore:</strong> If the backup file does not exist in /root/backup/tftp.bak.tgz then the 'Restore' button will be hidden. + To 'Restore' a previously downloaded backup, use <a href="diag_backup.php" title="Upload file">Diagnostics -> Command Prompt -> File to upload</a> to browse to the file and then click on upload.<br /> + After that, backup will be ready to be restored.<br /><br /> + </span> + <input type="button" value="Backup" title="Create backup" onclick="document.location.href='tftp_files.php?a=download&t=backup'" /> + <?php + if (file_exists('/root/backup/tftp.bak.tgz')) { + echo "<input type='button' value='Restore' title='Restore backup' onclick=\"document.location.href='tftp_files.php?a=other&t=restore';\" />\n"; + } + ?> + </td> </tr> + </table> + +</div> +</td></tr> </table> </div> diff --git a/config/tinc/tinc.priv.inc b/config/tinc/tinc.priv.inc new file mode 100644 index 00000000..d8b45c5b --- /dev/null +++ b/config/tinc/tinc.priv.inc @@ -0,0 +1,44 @@ +<?php +/* + tinc.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-vpn-tinc'] = array(); +$priv_list['page-vpn-tinc']['name'] = "WebCfg - VPN: tinc package"; +$priv_list['page-vpn-tinc']['descr'] = "Allow access to tinc package GUI"; +$priv_list['page-vpn-tinc']['match'] = array(); + +$priv_list['page-vpn-tinc']['match'][] = "pkg.php?xml=tinc.xml*"; +$priv_list['page-vpn-tinc']['match'][] = "pkg.php?xml=tinc_hosts.xml*"; + +$priv_list['page-vpn-tinc']['match'][] = "pkg_edit.php?xml=tinc.xml*"; +$priv_list['page-vpn-tinc']['match'][] = "pkg_edit.php?xml=tinc_hosts.xml*"; + +$priv_list['page-vpn-tinc']['match'][] = "status_tinc.php*"; + +?> diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index 89d1e8ce..0f71e03d 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -42,8 +42,8 @@ </copyright> <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> <name>tinc</name> - <version>1.2.2</version> - <title>VPN: tinc - Config</title> + <version>1.2.4</version> + <title>VPN: Tinc: Settings</title> <include_file>/usr/local/pkg/tinc.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['config']</configpath> <menu> @@ -53,7 +53,7 @@ <url>/pkg_edit.php?xml=tinc.xml</url> </menu> <menu> - <name>tinc VPN</name> + <name>Tinc VPN</name> <section>Status</section> <url>/status_tinc.php</url> </menu> @@ -65,7 +65,7 @@ </service> <tabs> <tab> - <text>Config</text> + <text>Settings</text> <url>/pkg_edit.php?xml=tinc.xml</url> <active/> </tab> @@ -79,6 +79,10 @@ <item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/tinc/tinc.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item> </additional_files_needed> @@ -119,7 +123,7 @@ <fieldname>localip</fieldname> <description> <![CDATA[ - IP Address of local tunnel interface.<br /> + IP address of local tunnel interface.<br /> This is often the same IP as your routers LAN address. (Example: 192.168.2.1) ]]> </description> @@ -143,7 +147,7 @@ <fieldname>vpnnetmask</fieldname> <description> <![CDATA[ - This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.<br /> + This is the netmask that defines what traffic is routed to the VPNs tunnel interface.<br /> It is usually broader then your local netmask. (Example: 255.255.0.0) ]]> </description> diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml index b521d4a2..a10c1a9e 100644 --- a/config/tinc/tinc_hosts.xml +++ b/config/tinc/tinc_hosts.xml @@ -41,13 +41,13 @@ ]]> </copyright> <name>tinchosts</name> - <version>1.2.2</version> - <title>VPN: tinc - Hosts</title> + <version>1.2.4</version> + <title>VPN: Tinc: Hosts</title> <include_file>/usr/local/pkg/tinc.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['config']</configpath> <tabs> <tab> - <text>Config</text> + <text>Settings</text> <url>/pkg_edit.php?xml=tinc.xml</url> </tab> <tab> @@ -75,7 +75,6 @@ <fieldname>connect</fieldname> <type>checkbox</type> </columnitem> - </adddeleteeditpagefields> <fields> <field> @@ -107,7 +106,7 @@ <type>checkbox</type> </field> <field> - <fielddescr>RSA public key</fielddescr> + <fielddescr>RSA Public Key</fielddescr> <fieldname>cert_pub</fieldname> <description> <![CDATA[ diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc index 3bf64777..5e61fc05 100644 --- a/config/tinydns/tinydns.inc +++ b/config/tinydns/tinydns.inc @@ -1,11 +1,10 @@ <?php - -/* $Id$ */ /* tinydns.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006, 2007, 2008, 2009 Scott Ullrich - Parts Copyright (C) 2007 Goffredo Andreone - part of pfSense + Copyright (C) 2007 Goffredo Andreone + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,7 +28,6 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - if(!function_exists("filter_configure")) require_once("filter.inc"); @@ -208,6 +206,35 @@ function tinydns_custom_php_deinstall_command() { conf_mount_ro(); } +function tinydns_upgrade_config() { + /* Remove obsolete XMLRPC sync configuration */ + if (is_array($config['installedpackages']['tinydnssync']['config'])) { + if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress']); + } + if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress2'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress2']); + } + if (isset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress3'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['ipaddress3']); + } + if (isset($config['installedpackages']['tinydnssync']['config'][0]['password'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['password']); + } + if (isset($config['installedpackages']['tinydnssync']['config'][0]['password2'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['password2']); + } + if (isset($config['installedpackages']['tinydnssync']['config'][0]['password3'])) { + unset($config['installedpackages']['tinydnssync']['config'][0]['password3']); + } + } + if (is_array($config['installedpackages']['tinydns']['config'])) { + if (isset($config['installedpackages']['tinydns']['config'][0]['syncxmlrpc'])) { + unset($config['installedpackages']['tinydns']['config'][0]['syncxmlrpc']); + } + } +} + function tinydns_custom_php_changeip_command() { global $g, $config; conf_mount_rw(); @@ -232,10 +259,18 @@ function tinydns_custom_php_changeip_command() { if(!is_dir("{$g['varrun_path']}/service")) exec("/bin/mkdir -p {$g['varrun_path']}/service"); - exec("/usr/sbin/pw useradd Gtinydns"); - exec("/usr/sbin/pw useradd Gdnslog"); - exec("/usr/sbin/pw useradd Gdnscache"); - exec("/usr/sbin/pw useradd Gaxfrdns"); + if (!exec("/usr/sbin/pw usershow Gtinydns")) { + exec("/usr/sbin/pw useradd Gtinydns"); + } + if (!exec("/usr/sbin/pw usershow Gdnslog")) { + exec("/usr/sbin/pw useradd Gdnslog"); + } + if (!exec("/usr/sbin/pw usershow Gdnscache")) { + exec("/usr/sbin/pw useradd Gdnscache"); + } + if (!exec("/usr/sbin/pw usershow Gaxfrdns")) { + exec("/usr/sbin/pw useradd Gaxfrdns"); + } exec("/bin/rm -r {$g['varetc_path']}/dnscache*"); exec("/bin/rm -r {$g['varrun_path']}/service/dnscache*"); @@ -259,21 +294,14 @@ function tinydns_custom_php_changeip_command() { foreach ($interfaces as $dnsidx => $dnsif) { $dnscacheif = convert_friendly_interface_to_real_interface_name($dnsif); $dnscacheip = find_interface_ip($dnscacheif); - if (intval($config['version']) >= 6) - $ipmask = find_interface_subnet($dnscacheif); - else - $ipmask = $config['interfaces'][$dnsif]['subnet']; - - if (intval($config['version']) <= 8) { - if (is_ipaddr($ipaddress)) - $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); - } else { - if (is_ipaddrv4($ipaddress)) { - $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); - } elseif (is_ipaddrv6($ipaddress)) { - $arr = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask); - } + $ipmask = find_interface_subnet($dnscacheif); + + if (is_ipaddrv4($ipaddress)) { + $arr = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); + } elseif (is_ipaddrv6($ipaddress)) { + $arr = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask); } + $dnsuserip = $arr[0]; //exec("/bin/mkdir -p {$g['varetc_path']}/dnscache{$dnsidx}"); exec("/usr/local/bin/dnscache-conf Gdnscache Gdnslog {$g['varetc_path']}/dnscache{$dnsidx} {$dnscacheip}"); @@ -305,7 +333,7 @@ function tinydns_custom_php_changeip_command() { exec("{$svc_path} -xk {$g['varetc_path']}/dnscache{$dnsidx}"); } } else { - $interfaces = explode(",", $$config['installedpackages']['tinydns']['config'][0]['interface']); + $interfaces = explode(",", $config['installedpackages']['tinydns']['config'][0]['interface']); foreach ($interfaces as $dnsidx => $dnsif) { if(is_dir("{$g['varetc_path']}/dnscache{$dnsidx}")) dnscache_use_root_servers($dnsidx); @@ -517,10 +545,7 @@ function tinydns_create_zone_file() { foreach ($interfaces as $dnsif) { $dnsrif = convert_friendly_interface_to_real_interface_name($dnsif); $dnsrip = find_interface_ip($dnsrif); - if (intval($config['version']) >= 6) - $ipmask = find_interface_subnet($dnsrif); - else - $ipmask = $config['interfaces'][$dnsif]['subnet']; + $ipmask = find_interface_subnet($dnsrif); $dhcpdfqdn = "{$dhcpdhostname}.{$dhcpddomain}"; tinydns_complete_soa_record($fd, $dnsrip, $ipmask, $dhcpdhostname, $dhcpddomain); } @@ -544,10 +569,7 @@ function tinydns_create_zone_file() { $dnsrif = convert_friendly_interface_to_real_interface_name($dnsif); $dnsrip = find_interface_ip($dnsrif); - if (intval($config['version']) >= 6) - $ipmask = find_interface_subnet($dnsrif); - else - $ipmask = $config['interfaces'][$dnsif]['subnet']; + $ipmask = find_interface_subnet($dnsrif); $dhcpdfqdn = "{$dhcpdhostname}.{$dhcpddomain}"; tinydns_complete_soa_record($fd, $dnsrip, $ipmask, $dhcpdhostname, $dhcpddomain); @@ -606,15 +628,10 @@ function tinydns_create_zone_file() { if($record_data) { fwrite($fd, $record_data . "\n"); if ($domain['rdns'] || ($domain['recordtype'] == 'PTR')) { - if (intval($config['version']) <= 8) { - if (is_ipaddr($ipaddress)) - $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32); - } else { - if (is_ipaddrv4($ipaddress)) { - $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32); - } elseif (is_ipaddrv6($ipaddress)) { - $rip = tinydns_get_ip6_subnet_arpa($ipaddress, 128); - } + if (is_ipaddrv4($ipaddress)) { + $rip = tinydns_get_ip_subnet_arpa($ipaddress, 32); + } elseif (is_ipaddrv6($ipaddress)) { + $rip = tinydns_get_ip6_subnet_arpa($ipaddress, 128); } if($rip) @@ -651,95 +668,146 @@ function tinydns_create_zone_file() { function tinydns_sync_on_changes() { global $g, $config; - log_error("[tinydns] tinydns_xmlrpc_sync.php is starting."); - $synconchanges = $config['installedpackages']['tinydnssync']['config'][0]['synconchanges']; - if(!$synconchanges) - return; - $sync_hosts = $config['installedpackages']['tinydnssync']['config']; - $previous_ip = ""; - $x=0; - $sh = $config['installedpackages']['tinydnssync']['config'][0]; - for($x=1; $x<5; $x++) { - if($x > 1) - $counter = $x; - else - $counter = ""; - $sync_to_ip = ""; - $password = ""; - if($sh['ipaddress' . $counter]) { - $sync_to_ip = $sh['ipaddress' . $counter]; - $password = $sh['password' . $counter]; + + /* XMLRPC sync */ + if (is_array($config['installedpackages']['tinydnssync']['config'])) { + $tinydns_sync = $config['installedpackages']['tinydnssync']['config'][0]; + $synconchanges = $tinydns_sync['synconchanges']; + $synctimeout = $tinydns_sync['synctimeout'] ?: '250'; + switch ($synconchanges) { + case "manual": + if (is_array($tinydns_sync['row'])) { + $rs = $tinydns_sync['row']; + } else { + log_error("[tinydns] XMLRPC sync is enabled but there are no hosts configured as replication targets."); + return; + } + break; + case "auto": + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[tinydns] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } + } else { + log_error("[tinydns] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; + default: + return; + break; } - if($password && $sync_to_ip) - tinydns_do_xmlrpc_sync($sync_to_ip, $password); - } - tinydns_create_zone_file(); - if ($config['installedpackages']['tinydns']['config'][0]['enableipmonitoring']) { - tinydns_setup_ping_items(); - } - log_error("[tinydns] tinydns_xmlrpc_sync.php is ending."); + if (is_array($rs)) { + log_error("[tinydns] XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + tinydns_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[tinydns] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } + } + log_error("[tinydns] tinydns_xmlrpc_sync.php is ending."); + } + } } -function tinydns_do_xmlrpc_sync($sync_to_ip, $password) { +/* Do the actual XMLRPC sync. */ +function tinydns_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if(!$password) + /* Detect boot process, do nothing during boot. */ + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } + } elseif ($g['booting']) { return; + } - if(!$sync_to_ip) + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[tinydns] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $sync_to_ip; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - /* xml will hold the sections to sync */ + $url = "{$protocol}://{$sync_to_ip}"; + + /* XML will hold the sections to sync. */ $xml = array(); $xml['tinydnsdomains'] = $config['installedpackages']['tinydnsdomains']; + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("Beginning TinyDNS XMLRPC sync to {$url}:{$port}."); + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) + $cli->setCredentials($username, $password); + if ($g['debug']) { $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occured while attempting tinydns XMLRPC sync with {$url}:{$port}."; - log_error($error); + } + /* Send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $synctimeout); + if (!$resp) { + $error = "A communications error occured while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[tinydns] {$error}"); file_notice("sync_settings", $error, "tinydns Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting tinydns XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[tinydns] {$error}"); file_notice("sync_settings", $error, "tinydns Settings Sync", ""); } else { - log_error("tinydns XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[tinydns] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell tinydns to reload our settings on the destionation sync host. */ + /* Tell tinydns to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('functions.inc');\n"; $execcmd .= "require_once('/usr/local/pkg/tinydns.inc');\n"; @@ -749,31 +817,27 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) { $execcmd .= "tinydns_setup_ping_items();\n"; } - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("tinydns XMLRPC reload data {$url}:{$port}."); + log_error("[tinydns] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); - if(!$resp) { - $error = "A communications error occured while attempting tinydns XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if (!$resp) { + $error = "A communications error occured while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[tinydns] {$error}"); file_notice("sync_settings", $error, "tinydns Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting tinydns XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[tinydns] {$error}"); file_notice("sync_settings", $error, "tinydns Settings Sync", ""); } else { - log_error("tinydns XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[tinydns] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - } /* formats data as a tinydns data row item */ @@ -789,18 +853,15 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns /* Note that some of these are simplistic versions of TinyDNS record handling. Uber-users can always do "raw" entries... */ case "SOA": // .fqdn:ip:x:ttl:timestamp:lo - if (intval($config['version']) <= 8) { - $record_data = ".{$hostname}::{$recordip}{$ttl_string}"; + if (is_ipaddrv6($hostname)) { + list($rip, $rmask) = explode("/", $hostname); + $rmask = empty($rmask) ? 128 : $rmask; + $ip6_arpa = tinydns_get_ip6_subnet_arpa($rip, $rmask); + $record_data = ".{$ip6_arpa[1]}::{$recordip}{$ttl_string}"; } else { - if (is_ipaddrv6($hostname)) { - list($rip, $rmask) = explode("/", $hostname); - $rmask = empty($rmask) ? 128 : $rmask; - $ip6_arpa = tinydns_get_ip6_subnet_arpa($rip, $rmask); - $record_data = ".{$ip6_arpa[1]}::{$recordip}{$ttl_string}"; - } else { - $record_data = ".{$hostname}::{$recordip}{$ttl_string}"; - } + $record_data = ".{$hostname}::{$recordip}{$ttl_string}"; } + break; case "NS": // &serious.panic.mil:1.8.248.6:a @@ -832,17 +893,11 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns case "PTR": /* "^" creates "PTR" record only to allow reverse DNS */ // ^fqdn:p:ttl:timestamp:lo - - if (intval($config['version']) <= 8) { - if (is_ipaddr($recordip)) - $record_data = "^{$hostname}:{$recordip}{$ttl_string}"; - } else { - if (is_ipaddrv4($recordip)) { - $record_data = "^{$hostname}:{$recordip}{$ttl_string}"; - } elseif (is_ipaddrv6($recordip)) { - $ip6_arpa = tinydns_get_ip6_subnet_arpa($recordip, 128); - $record_data = "^{$ip6_arpa[1]}:{$hostname}{$ttl_string}"; - } + if (is_ipaddrv4($recordip)) { + $record_data = "^{$hostname}:{$recordip}{$ttl_string}"; + } elseif (is_ipaddrv6($recordip)) { + $ip6_arpa = tinydns_get_ip6_subnet_arpa($recordip, 128); + $record_data = "^{$ip6_arpa[1]}:{$hostname}{$ttl_string}"; } break; case "A": @@ -1016,15 +1071,10 @@ function tinydns_complete_soa_record($fd, $ip, $ipmask, $nsname, $domain) { global $config; $fqdn = "{$nsname}.{$domain}"; - if (intval($config['version']) <= 8) { - if (is_ipaddr($ipaddress)) - $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); - } else { - if (is_ipaddrv4($ipaddress)) { - $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); - } elseif (is_ipaddrv6($ipaddress)) { - $rip = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask); - } + if (is_ipaddrv4($ipaddress)) { + $rip = tinydns_get_ip_subnet_arpa($ipaddress, $ipmask); + } elseif (is_ipaddrv6($ipaddress)) { + $rip = tinydns_get_ip6_subnet_arpa($ipaddress, $ipmask); } $soa = ".{$domain}::{$fqdn}"; @@ -1181,53 +1231,20 @@ function tinydns_dnscache_forwarding_servers($index) { global $g, $config; exec("echo 1 > {$g['varetc_path']}/dnscache{$index}/env/FORWARDONLY"); - if(is_dir("{$g['varetc_path']}/dnscache{$index}/root/servers/")) + if (is_dir("{$g['varetc_path']}/dnscache{$index}/root/servers/")) { exec("rm -R {$g['varetc_path']}/dnscache/root/servers/"); + } exec("/bin/mkdir -p {$g['varetc_path']}/dnscache{$index}/root/servers/"); - if (intval($config['version']) >= 6) - if (!empty(glob("{$g['varetc_path']}/nameserver_*"))) { - exec("/bin/cat {$g['varetc_path']}/nameserver_* > {$g['varetc_path']}/dnscache{$index}/root/servers/@"); - } else { - $fw = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w"); - if (! $fw) { - printf("Error: cannot open dnscache/root/servers/@ in tinydns_register_forwarding_servers().\n"); - return 1; - } - fwrite($fw, $config['system']['dnsserver'][0]); - fclose($fw); - } - else { - $fr = fopen("{$g['varetc_path']}/resolv.conf.dnscache", "r"); - if (! $fr) { - printf("Error: cannot open resolv.conf.dnscache in tinydns_register_forwarding_servers().\n"); - return 1; - } - $lip = strlen("nameserver") + 1; - $j = 0; - $iprecords = ""; - while (!feof($fr)) { - $routers = fgets($fr, 4096); - $discard = ($routers[0] == "\n"); - if(!$discard) { - if ($routerip = strstr($routers,"nameserver")) { - $routerip = substr($routerip,$lip); - if($routerip) { - $j += 1; - $routera = "{$routerip}"; - $iprecords .= $routera; - } - } - } - } - fclose($fr); - $fr = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w"); - if (! $fr) { - printf("Error: cannot write to {$g['varetc_path']}/dnscache{$index}/root/servers/@ in tinydns_dnscache_forwarding_servers().\n"); + if (!empty(glob("{$g['varetc_path']}/nameserver_*"))) { + exec("/bin/cat {$g['varetc_path']}/nameserver_* > {$g['varetc_path']}/dnscache{$index}/root/servers/@"); + } else { + $fw = fopen("{$g['varetc_path']}/dnscache{$index}/root/servers/@", "w"); + if (!$fw) { + printf("Error: cannot open dnscache/root/servers/@ in tinydns_register_forwarding_servers().\n"); return 1; } - if($iprecords) - fwrite($fr, $iprecords); - fclose($fr); + fwrite($fw, $config['system']['dnsserver'][0]); + fclose($fw); } } diff --git a/config/tinydns/tinydns.xml b/config/tinydns/tinydns.xml index 55ee3269..bbb1cfa2 100644 --- a/config/tinydns/tinydns.xml +++ b/config/tinydns/tinydns.xml @@ -44,7 +44,7 @@ ]]> </copyright> <name>tinydns</name> - <version>1.0</version> + <version>1.0.6.24</version> <title>DNS Server: Settings</title> <aftersaveredirect>/pkg_edit.php?xml=tinydns.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/tinydns.inc</include_file> @@ -59,13 +59,13 @@ <rcfile>svscan.sh</rcfile> <executable>svscan</executable> <description>Daemontools service directory watcher</description> - </service> + </service> <service> <name>DNS Server</name> <rcfile>tinydns.sh</rcfile> <executable>tinydns</executable> <description>TinyDNS DNS Server</description> - </service> + </service> <tabs> <tab> <text>Settings</text> @@ -99,10 +99,6 @@ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_xmlrpc_sync.php</item> - </additional_files_needed> - <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_domains.xml</item> </additional_files_needed> @@ -149,8 +145,7 @@ <field> <type>listtopic</type> <name>Binding IP Address</name> - <fieldname>temp</fieldname> - </field> + </field> <field> <fielddescr>IP Address</fielddescr> <fieldname>ipaddress</fieldname> @@ -160,8 +155,7 @@ <field> <type>listtopic</type> <name>Recursive DNS Resolver</name> - <fieldname>temp</fieldname> - </field> + </field> <field> <fielddescr>Enable recursive DNS responder</fielddescr> <fieldname>enableforwarding</fieldname> @@ -197,7 +191,6 @@ <field> <type>listtopic</type> <name>IP Monitoring</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Enable IP monitoring</fielddescr> @@ -213,19 +206,7 @@ </field> <field> <type>listtopic</type> - <name>Sync TinyDNS settings via XMLRPC</name> - <fieldname>temp</fieldname> - </field> - <field> - <fielddescr>XMLRPC Sync</fielddescr> - <fieldname>syncxmlrpc</fieldname> - <description>Sync TinyDNS configuration to backup firewalls</description> - <type>checkbox</type> - </field> - <field> - <type>listtopic</type> <name>Zone transfers</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Hosts allowed to perform DNS Zone Transfers - Note: this requires TCP port 53 firewall permit rule!</fielddescr> @@ -245,7 +226,7 @@ <description>Enter the DNS zone that this IP address is allowed to transfer (ex: domain.com)</description> <type>input</type> <size>20</size> - </rowhelperfield> + </rowhelperfield> </rowhelper> </field> </fields> @@ -254,7 +235,7 @@ tinydns_custom_php_install_command(); tinydns_create_zone_file(); tinydns_setup_ping_items(); - tinydns_sync_on_changes(); + tinydns_sync_on_changes(); </custom_delete_php_command> <custom_php_validation_command> tinydns_validate(); @@ -264,26 +245,24 @@ tinydns_custom_php_install_command(); tinydns_create_zone_file(); tinydns_setup_ping_items(); - tinydns_sync_on_changes(); + tinydns_sync_on_changes(); </custom_add_php_command> <custom_php_resync_config_command> tinydns_custom_php_changeip_command(); tinydns_custom_php_install_command(); tinydns_create_zone_file(); tinydns_setup_ping_items(); - tinydns_sync_on_changes(); + tinydns_sync_on_changes(); </custom_php_resync_config_command> <custom_php_install_command> tinydns_custom_php_install_command(); - tinydns_sync_on_changes(); + tinydns_upgrade_config(); </custom_php_install_command> <custom_php_deinstall_command> tinydns_custom_php_deinstall_command(); - tinydns_sync_on_changes(); </custom_php_deinstall_command> <custom_php_command_before_form> <![CDATA[ - unset($_POST['temp']); if (!is_process_running("svscan")) { $savemsg = "NOTE: svscan is not running. Please <a href='/status_services.php?mode=restartservice&service=svscan'>start svscan</a> to bring up the DNS Server"; } diff --git a/config/tinydns/tinydns_dhcp_filter.php b/config/tinydns/tinydns_dhcp_filter.php index 85f5f8e7..5b245d7f 100644 --- a/config/tinydns/tinydns_dhcp_filter.php +++ b/config/tinydns/tinydns_dhcp_filter.php @@ -1,10 +1,10 @@ <?php -/* $Id$ */ /* tinydns_dhcp_filter.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006 Scott Ullrich - Parts Copyright (C) 2007 Goffredo Andreone <GAndreone@imapro.com> - part of pfSense + Copyright (C) 2007 Goffredo Andreone + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -39,21 +39,17 @@ require("/usr/local/pkg/tinydns.inc"); require("guiconfig.inc"); +$closehead = false; $pgtitle = "TinyDNS: DHCP Domains"; include("head.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; - ?> +<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>"> +</head> + <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></font></p> -<?php endif; ?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> @@ -64,7 +60,7 @@ if ($pf_version < 2.0) $tab_array[] = array(gettext("Add/Edit Record"), false, "/tinydns_filter.php"); $tab_array[] = array(gettext("Failover Status"), false, "/tinydns_status.php"); $tab_array[] = array(gettext("Logs"), false, "/tinydns_view_logs.php"); - $tab_array[] = array(gettext("Zone Sync"), false, "/tinydns_xmlrpc_sync.php"); + $tab_array[] = array(gettext("Zone Sync"), false, "/pkg_edit.php?xml=tinydns_sync.xml"); $tab_array[] = array(gettext("New domain wizard"), false, "/wizard.php?xml=new_zone_wizard.xml"); display_top_tabs($tab_array); ?> @@ -124,6 +120,5 @@ while ($startofrecord < $datalen ){ </table> </div> <?php include("fend.inc"); ?> -<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>"> </body> </html> diff --git a/config/tinydns/tinydns_sync.xml b/config/tinydns/tinydns_sync.xml index 5fe8ac77..2f7da455 100644 --- a/config/tinydns/tinydns_sync.xml +++ b/config/tinydns/tinydns_sync.xml @@ -2,48 +2,48 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - tinydns_sync.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + tinydns_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>tinydnssync</name> - <version>1.0</version> - <title>TinyDNS: Manual Sync</title> + <version>1.0.6.24</version> + <title>TinyDNS: XMLRPC Sync</title> <include_file>/usr/local/pkg/tinydns.inc</include_file> <tabs> <tab> @@ -76,71 +76,89 @@ <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> - <name>Enable DNS zone sync</name> + <name>DNS zone synchronization</name> </field> <field> - <fielddescr>Enable DNS zone synchronization</fielddescr> + <fielddescr>Enable synchronization</fielddescr> <fieldname>synconchanges</fieldname> - <description>pfSense will automatically sync changes to the hosts defined below.</description> - <type>checkbox</type> - </field> - <field> - <type>listtopic</type> - <name>Sync host #1</name> - <fieldname>temp</fieldname> - </field> - <field> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP address of the first TinyDNS sync host.</description> - <type>input</type> - </field> - <field> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Admin password of the first TinyDNS sync host.</description> - <type>password</type> + <description> + <![CDATA[ + Select a sync method for TinyDNS.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> </field> <field> - <type>listtopic</type> - <name>Sync host #2</name> - <fieldname>temp</fieldname> - </field> - <field> - <fielddescr>IP Address 2</fielddescr> - <fieldname>ipaddress2</fieldname> - <description>IP address of the second TinyDNS sync host. (optional)</description> - <type>input</type> - </field> - <field> - <fielddescr>Password 2</fielddescr> - <fieldname>password2</fieldname> - <description>Admin password of the second TinyDNS sync host.</description> - <type>password</type> - </field> - <field> - <type>listtopic</type> - <name>Sync host #3</name> - <fieldname>temp</fieldname> - </field> - <field> - <fielddescr>IP Address 3</fielddescr> - <fieldname>ipaddress3</fieldname> - <description>IP address of the third TinyDNS sync host. (optional)</description> - <type>input</type> + <fielddescr>Sync Timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>XMLRPC timeout in seconds.</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds (Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> </field> <field> - <fielddescr>Password 3</fielddescr> - <fieldname>password3</fieldname> - <description>Admin password of the third TinyDNS sync host.</description> - <type>password</type> + <fielddescr>Replication Targets</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> </field> </fields> <custom_php_resync_config_command> tinydns_sync_on_changes(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index b0e2db45..b3ae7a7e 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -273,7 +273,7 @@ EOF; // Set the default port if (strlen($port) == 0) { - $port = '8001'; + $port = '10081'; } if ($ipaddress . ':' . $port != $ipaddress_and_port_previous_value) { diff --git a/config/vhosts/vhosts.priv.inc b/config/vhosts/vhosts.priv.inc new file mode 100644 index 00000000..f29c0813 --- /dev/null +++ b/config/vhosts/vhosts.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + vhosts.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-vhosts'] = array(); +$priv_list['page-services-vhosts']['name'] = "WebCfg - Services: vHosts package"; +$priv_list['page-services-vhosts']['descr'] = "Allow access to vHosts package GUI"; + +$priv_list['page-services-vhosts']['match'] = array(); +$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/vhosts_php.php*"; +$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/vhosts_php_edit.php*"; +$priv_list['page-services-vhosts']['match'][] = "packages/vhosts/system_advanced_create_certs.php*"; + +?> diff --git a/config/vhosts/vhosts.xml b/config/vhosts/vhosts.xml index 306ccc69..d1a6590c 100644 --- a/config/vhosts/vhosts.xml +++ b/config/vhosts/vhosts.xml @@ -43,7 +43,7 @@ </copyright> <description>vHosts</description> <name>vHosts Settings</name> - <version>0.8.0</version> + <version>0.8.3</version> <title>vHosts Settings</title> <include_file>/usr/local/pkg/vhosts.inc</include_file> <menu> @@ -65,6 +65,10 @@ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/vhosts/</prefix> <item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php.php</item> </additional_files_needed> diff --git a/config/vhosts/vhosts_php_edit.php b/config/vhosts/vhosts_php_edit.php index cb5a330f..a0969b9f 100644 --- a/config/vhosts/vhosts_php_edit.php +++ b/config/vhosts/vhosts_php_edit.php @@ -201,7 +201,7 @@ function openwindow(url) { <td width="78%" class="vtable"> <input name="host" type="text" class="formfld" id="host" size="40" value="<?=htmlspecialchars($pconfig['host']);?>" /> <br /> - Required. If the host is intended for internal you can use the DNS forwarder to set a host name that is valid inside the local network. default: vhost01.local + Required. If the host is intended for internal you can use the DNS forwarder to set a host name that is valid inside the local network. Default: vhost01.local </td> </tr> <tr> @@ -209,7 +209,7 @@ function openwindow(url) { <td width="78%" class="vtable"> <input name="ipaddress" type="text" class="formfld" id="ipaddress" size="40" value="<?=htmlspecialchars($pconfig['ipaddress']);?>" /> <br /> - Required. Make sure the IP and Port combination does not conflict with the local system. example: 192.168.0.1 + Required. Make sure the IP and Port combination does not conflict with the local system. Example: 192.168.0.1 </td> </tr> <tr> @@ -217,7 +217,7 @@ function openwindow(url) { <td width="78%" class="vtable"> <input name="port" type="text" class="formfld" id="port" size="40" value="<?=htmlspecialchars($pconfig['port']);?>" /> <br /> - Make sure the IP and Port combination does not conflict with the local system. default: 8001 + Make sure the IP and Port combination does not conflict with the local system. Default: 10081 </td> </tr> <tr> diff --git a/config/vnstat2/vnstat2.priv.inc b/config/vnstat2/vnstat2.priv.inc new file mode 100644 index 00000000..324ac435 --- /dev/null +++ b/config/vnstat2/vnstat2.priv.inc @@ -0,0 +1,44 @@ +<?php +/* + vnstat2.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-status-vnstat2'] = array(); +$priv_list['page-status-vnstat2']['name'] = "WebCfg - Status: vnstat2 package"; +$priv_list['page-status-vnstat2']['descr'] = "Allow access to vnstat2 package GUI"; + +$priv_list['page-status-vnstat2']['match'] = array(); +$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstat2.xml*"; +$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstati.xml*"; +$priv_list['page-status-vnstat2']['match'][] = "pkg_edit.php?xml=vnstatoutput.xml*"; +$priv_list['page-status-vnstat2']['match'][] = "diag_vnstat.php*"; +$priv_list['page-status-vnstat2']['match'][] = "diag_vnstat2.php*"; +$priv_list['page-status-vnstat2']['match'][] = "vnstat2_img.php*"; +$priv_list['page-status-vnstat2']['match'][] = "vnstati.php*"; + +?> diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml index 7e65d465..8d586f10 100644 --- a/config/vnstat2/vnstat2.xml +++ b/config/vnstat2/vnstat2.xml @@ -42,24 +42,24 @@ ]]> </copyright> <name>vnstat2</name> - <version>1.12.5</version> + <version>1.12.8</version> <title>Vnstat2</title> - <aftersaveredirect>/pkg_edit.php?xml=vnstat2.xml&id=0</aftersaveredirect> + <aftersaveredirect>/pkg_edit.php?xml=vnstat2.xml</aftersaveredirect> <include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file> <menu> <name>Vnstat2</name> <section>Status</section> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> </menu> <tabs> <tab> <text>Config</text> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> <active/> </tab> <tab> <text>Vnstati</text> - <url>/pkg_edit.php?xml=vnstati.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstati.xml</url> </tab> <tab> <text>Access vnstat php frontend</text> @@ -67,7 +67,7 @@ </tab> <tab> <text>vnstat info</text> - <url>/pkg_edit.php?xml=vnstatoutput.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstatoutput.xml</url> </tab> <tab> <text>vnstat summary</text> @@ -79,6 +79,10 @@ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/vnstat2/vnstati.xml</item> </additional_files_needed> diff --git a/config/vnstat2/vnstati.xml b/config/vnstat2/vnstati.xml index b395e65f..373fa0eb 100644 --- a/config/vnstat2/vnstati.xml +++ b/config/vnstat2/vnstati.xml @@ -42,23 +42,23 @@ ]]> </copyright> <name>vnstat2</name> - <version>1.12.5</version> + <version>1.12.8</version> <title>Vnstat2</title> <aftersaveredirect>/vnstati.php</aftersaveredirect> <include_file>/usr/local/pkg/vnstat2/vnstat2.inc</include_file> <menu> <name>vnstat2</name> <section>Status</section> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> </menu> <tabs> <tab> <text>Config</text> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> </tab> <tab> <text>Vnstati</text> - <url>/pkg_edit.php?xml=vnstati.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstati.xml</url> <active/> </tab> <tab> @@ -67,7 +67,7 @@ </tab> <tab> <text>vnstat info</text> - <url>/pkg_edit.php?xml=vnstatoutput.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstatoutput.xml</url> </tab> <tab> <text>vnstat summary</text> diff --git a/config/vnstat2/vnstatoutput.xml b/config/vnstat2/vnstatoutput.xml index 297c171a..668c5ba2 100644 --- a/config/vnstat2/vnstatoutput.xml +++ b/config/vnstat2/vnstatoutput.xml @@ -49,16 +49,16 @@ <menu> <name>vnstat2</name> <section>Status</section> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> </menu> <tabs> <tab> <text>Config</text> - <url>/pkg_edit.php?xml=vnstat2.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstat2.xml</url> </tab> <tab> <text>Vnstati</text> - <url>/pkg_edit.php?xml=vnstati.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstati.xml</url> </tab> <tab> <text>Access vnstat php frontend</text> @@ -66,7 +66,7 @@ </tab> <tab> <text>vnstat info</text> - <url>/pkg_edit.php?xml=vnstatoutput.xml&id=0</url> + <url>/pkg_edit.php?xml=vnstatoutput.xml</url> <active/> </tab> <tab> diff --git a/config/widentd/widentd.priv.inc b/config/widentd/widentd.priv.inc new file mode 100644 index 00000000..1d369627 --- /dev/null +++ b/config/widentd/widentd.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + widentd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-widentd'] = array(); +$priv_list['page-services-widentd']['name'] = "WebCfg - Services: widentd package"; +$priv_list['page-services-widentd']['descr'] = "Allow access to widentd package GUI"; + +$priv_list['page-services-widentd']['match'] = array(); +$priv_list['page-services-widentd']['match'][] = "pkg_edit.php?xml=widentd.xml*"; + +?> diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml index fe28ba2d..9730160c 100644 --- a/config/widentd/widentd.xml +++ b/config/widentd/widentd.xml @@ -42,28 +42,32 @@ ]]> </copyright> <name>widentd</name> - <version>1.0.4</version> + <version>1.0.5</version> <title>Services: widentd</title> <menu> <name>widentd</name> <tooltiptext>Modify widentd settings.</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=widentd.xml&id=0</url> + <url>pkg_edit.php?xml=widentd.xml</url> </menu> <service> <name>widentd</name> <rcfile>widentd.sh</rcfile> <executable>widentd</executable> </service> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/widentd/widentd.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> <fields> <field> - <fielddescr>Enable widentd daemon</fielddescr> + <fielddescr>Enable widentd Daemon</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> </field> <field> - <fielddescr>Listening interface</fielddescr> + <fielddescr>Listening Interface</fielddescr> <fieldname>interface</fieldname> <description> <![CDATA[ @@ -87,7 +91,7 @@ <type>input</type> </field> <field> - <fielddescr>System name</fielddescr> + <fielddescr>System Name</fielddescr> <fieldname>sysname</fieldname> <description> <![CDATA[ @@ -98,72 +102,65 @@ <type>input</type> </field> </fields> - <custom_php_global_functions> + <custom_php_resync_config_command> <![CDATA[ - function sync_package_widentd() { conf_mount_rw(); global $config; - /* Write widentd.sh */ - $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['widentd']['config'][0]['interface']); - $ip = find_interface_ip($int); - $user = $config['installedpackages']['widentd']['config'][0]['username'] ?: 'user'; - $system = $config['installedpackages']['widentd']['config'][0]['sysname'] ?: 'UNIX'; - $start = "/usr/local/sbin/widentd -u {$user} -o {$system} -i {$ip}"; - $stop = "/usr/bin/killall widentd"; - write_rcfile(array( - "file" => "widentd.sh", - "start" => $start, - "stop" => $stop - ) - ); - /* If the service is (being) disabled, stop it (if running) and do nothing else */ - if (!($config['installedpackages']['widentd']['config'][0][enable])) { - if (is_process_running("widentd")) { + if ($config['installedpackages']['widentd']['config'][0][enable] != "on") { + if (is_service_running("widentd")) { stop_service("widentd"); } - return; + unlink_if_exists("/usr/local/etc/rc.d/widentd.sh"); } else { - restart_service("widentd"); + $int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['widentd']['config'][0]['interface']); + $ip = find_interface_ip($int); + $user = $config['installedpackages']['widentd']['config'][0]['username'] ?: 'user'; + $system = $config['installedpackages']['widentd']['config'][0]['sysname'] ?: 'UNIX'; + $start = "/usr/local/sbin/widentd -u {$user} -o {$system} -i {$ip}"; + $stop = "/usr/bin/killall widentd"; + write_rcfile(array( + "file" => "widentd.sh", + "start" => $start, + "stop" => $stop + ) + ); + /* (Re)start service */ + if (is_service_running("widentd")) { + restart_service("widentd"); + } else { + start_service("widentd"); + } } conf_mount_ro(); - } - - - function validate_input_widentd($post, &$input_errors) { + ]]> + </custom_php_resync_config_command> + <custom_php_validation_command> + <![CDATA[ /* Only allow ^[a-zA-Z\.]+$ otherwise the daemon will not start; see widentd manpage */ - if (($post['username'] != "") && !preg_match("/^[a-zA-Z\.]+$/", $post['username'])) { - $input_errors[] = 'Username may only contain uppercase and lowercase letters [a-zA-Z] and "." character.'; + if ($_POST['username'] != "") { + if (!preg_match("/^[a-zA-Z\.]+$/", $_POST['username'])) { + $input_errors[] = 'Username may only contain uppercase and lowercase letters [a-zA-Z] and "." character.'; + } } /* Technically, ^[A-Z][A-Z0-9\-.\/]+[A-Z0-9]$ should be valid characters here https://www.iana.org/assignments/operating-system-names/operating-system-names.xhtml However this is not supported by widentd; the service will not start. */ - if (($post['sysname'] != "") && !preg_match("/^[a-zA-Z]+$/", $post['sysname'])) { - $input_errors[] .= 'System name may only contain uppercase and lowercase letters [a-zA-Z].'; + if ($_POST['sysname'] != "") { + if (!preg_match("/^[a-zA-Z]+$/", $_POST['sysname'])) { + $input_errors[] = 'System name may only contain uppercase and lowercase letters [a-zA-Z].'; + } } /* Check for IPv6-only interfaces */ - $int = convert_friendly_interface_to_real_interface_name($post['interface']); + $int = convert_friendly_interface_to_real_interface_name($_POST['interface']); $ip = find_interface_ip($int); if (!is_ipaddrv4($ip)) { - $input_errors[] .= 'The selected interface has no IPv4 configured. Widentd does not support IPv6.'; + $input_errors[] = 'The selected interface has no IPv4 configured. Widentd does not support IPv6.'; } - } ]]> - </custom_php_global_functions> - <custom_add_php_command> - sync_package_widentd(); - </custom_add_php_command> - <custom_php_resync_config_command> - sync_package_widentd(); - </custom_php_resync_config_command> - <custom_php_install_command> - unlink_if_exists("/usr/local/etc/rc.d/widentd.sh"); - </custom_php_install_command> - <custom_php_validation_command> - validate_input_widentd($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc b/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc new file mode 100644 index 00000000..433f3bb9 --- /dev/null +++ b/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + zabbix-agent-lts.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-zabbix-agent-lts'] = array(); +$priv_list['page-services-zabbix-agent-lts']['name'] = "WebCfg - Services: Zabbix Agent LTS package"; +$priv_list['page-services-zabbix-agent-lts']['descr'] = "Allow access to Zabbix Agent LTS package GUI"; + +$priv_list['page-services-zabbix-agent-lts']['match'] = array(); +$priv_list['page-services-zabbix-agent-lts']['match'][] = "pkg_edit.php?xml=zabbix-agent-lts.xml*"; + +?> diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.xml b/config/zabbix-agent-lts/zabbix-agent-lts.xml index 8883ff22..3ced7d07 100644 --- a/config/zabbix-agent-lts/zabbix-agent-lts.xml +++ b/config/zabbix-agent-lts/zabbix-agent-lts.xml @@ -45,7 +45,7 @@ <name>zabbixagentlts</name> <title>Services: Zabbix Agent LTS</title> <category>Monitoring</category> - <version>0.8.6</version> + <version>0.8.8</version> <include_file>/usr/local/pkg/zabbix-agent-lts.inc</include_file> <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string> <delete_string>Zabbix Agent LTS has been deleted.</delete_string> @@ -53,6 +53,10 @@ <item>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> <menu> <name>Zabbix Agent LTS</name> <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext> diff --git a/config/zabbix-agent/zabbix-agent.xml b/config/zabbix-agent/zabbix-agent.xml deleted file mode 100644 index 885a54e3..00000000 --- a/config/zabbix-agent/zabbix-agent.xml +++ /dev/null @@ -1,263 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<packagegui> - <name>zabbixagent</name> - <title>Services: Zabbix Agent</title> - <category>Monitoring</category> - <version>1.1</version> - <addedit_string>Zabbix Agent has been created/modified.</addedit_string> - <delete_string>Zabbix Agent has been deleted.</delete_string> - <restart_command>/usr/local/etc/rc.d/zabbix_agentd.sh restart</restart_command> - <menu> - <name>Zabbix Agent</name> - <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=zabbix-agent.xml&id=0</url> - </menu> - <service> - <name>zabbix_agentd</name> - <rcfile>zabbix_agentd.sh</rcfile> - <executable>zabbix_agentd</executable> - <description>Zabbix Agent host monitor daemon</description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=zabbix-agent.xml&id=0</url> - <active /> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Server</fielddescr> - <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> - <value>127.0.0.1</value> - <type>input</type> - <size>60</size> - <required>true</required> - </field> - <field> - <fielddescr>Server Port</fielddescr> - <fieldname>serverport</fieldname> - <description>Server port for sending active check (generally 10051)</description> - <value>10051</value> - <type>input</type> - <size>60</size> - <required>true</required> - </field> - <field> - <fielddescr>Hostname</fielddescr> - <fieldname>hostname</fieldname> - <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description> - <value>localhost</value> - <type>input</type> - <size>60</size> - <required>true</required> - </field> - <field> - <fielddescr>Listen IP</fielddescr> - <fieldname>listenip</fieldname> - <value>0.0.0.0</value> - <type>input</type> - <size>60</size> - <required>true</required> - <description>Listen IP for connections from the server (generally 0.0.0.0 for all interfaces)</description> - </field> - <field> - <fielddescr>Listen Port</fielddescr> - <fieldname>listenport</fieldname> - <value>10050</value> - <type>input</type> - <size>60</size> - <required>true</required> - <description>Listen port for connections from the server (generally 10050)</description> - </field> - <field> - <fielddescr>Refresh Active Checks</fielddescr> - <fieldname>refreshactchecks</fieldname> - <value>120</value> - <type>input</type> - <size>60</size> - <required>false</required> - <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> - </field> - <field> - <fielddescr>Timeout</fielddescr> - <fieldname>timeout</fieldname> - <value>3</value> - <type>input</type> - <size>60</size> - <required>true</required> - <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-255). The agent does not kill timeouted User Parameters processes!</description> - </field> - <field> - <fielddescr>Disable active checks</fielddescr> - <fieldname>disableactive</fieldname> - <type>checkbox</type> - <description>The agent will work only in passive mode listening for server. (generally net set)</description> - </field> - <field> - <fielddescr>Disable passive checks</fielddescr> - <fieldname>disablepassive</fieldname> - <type>checkbox</type> - <description>The agent will not listen on any TCP port. Only active checks will be processed. (generally not set)</description> - </field> - <field> - <fielddescr>User Parameters</fielddescr> - <fieldname>userparams</fieldname> - <encoding>base64</encoding> - <value></value> - <type>textarea</type> - <rows>5</rows> - <cols>50</cols> - <required>false</required> - <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l <br><a href="https://www.zabbix.com/documentation/1.8/manual/tutorials/extending_agent" target="_new">See zabbix documentation for more information<a></description> - </field> - </fields> - <custom_php_install_command> - <![CDATA[ - global $config, $g; - - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); - switch ($pfs_version) { - case "1.2": - case "2.0": - define('ZABBIX_AGENT_BASE','/usr/local'); - break; - default: - define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix-agent-' . php_uname("m")); - } - - mwexec("mkdir -p /var/log/zabbix/"); - mwexec("mkdir -p /var/run/zabbix/"); - - conf_mount_rw(); - - /* create a few directories and ensure the sample files are in place */ - exec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix"); - exec("/bin/mkdir -p /var/log/zabbix"); - exec("/bin/mkdir -p /var/run/zabbix"); - - exec("/bin/rm -f " . ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd"); - - $start = "/bin/mkdir -p /var/log/zabbix\n"; - $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix\n"; - - $start .= "/bin/mkdir -p /var/run/zabbix\n"; - $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix\n"; - - $start .= "echo \"Starting Zabbix Agent\"...\n"; - - /* start zabbix agent */ - $start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; - - $stop = "echo \"Stopping Zabbix Agent\"\n"; - $stop .= "/usr/bin/killall zabbix_agentd\n"; - /* write out rc.d start/stop file */ - write_rcfile(array( - "file" => "zabbix_agentd.sh", - "start" => "{$start}", - "restart" => "$stop\n" . "sleep 5\n" . "{$start}", - "stop" => "$stop" - ) - ); - - conf_mount_ro(); - ]]> - </custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command> - <![CDATA[ - global $_POST; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); - switch ($pfs_version) { - case "1.2": - case "2.0": - define('ZABBIX_AGENT_BASE','/usr/local'); - break; - default: - define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix-agent-' . php_uname("m")); - } - - $ListenIP=$_POST['listenip']; - if (!preg_match("/^(?:\d{1,3}\.){3}\d{1,3}$/", $ListenIP)) { - $input_errors[]='Listen IP is not an IP address.'; - } - - $ListenPort=$_POST['listenport']; - if (!preg_match("/^\d+$/", $ListenPort)) { - $input_errors[]='Listen Port is not numeric.'; - } - - $ServerPort=$_POST['serverport']; - if (!preg_match("/^\d+$/", $ServerPort)) { - $input_errors[]='Server Port is not numeric.'; - } - - $RefreshActiveChecks=$_POST['refreshactchecks']; - if (!preg_match("/^\d+$/", $RefreshActiveChecks)) { - $input_errors[]='Refresh Active Checks is not numeric.'; - } - - $Timeout=$_POST['timeout']; - if (!preg_match("/^\d+$/", $Timeout)) { - $input_errors[]='Timeout is not numeric.'; - } - ]]> - </custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command> - <![CDATA[ - conf_mount_rw(); - global $config; - global $g; - - $Server=$config['installedpackages']['zabbixagent']['config'][0]['server']; - $ServerPort=$config['installedpackages']['zabbixagent']['config'][0]['serverport']; - $Hostname=$config['installedpackages']['zabbixagent']['config'][0]['hostname']; - $ListenIP=$config['installedpackages']['zabbixagent']['config'][0]['listenip']; - $ListenPort=$config['installedpackages']['zabbixagent']['config'][0]['listenport']; - $RefreshActChecks=$config['installedpackages']['zabbixagent']['config'][0]['refreshactchecks']; - $Timeout=$config['installedpackages']['zabbixagent']['config'][0]['timeout']; - $DisableActive=$config['installedpackages']['zabbixagent']['config'][0]['disableactive']; - $DisablePassive=$config['installedpackages']['zabbixagent']['config'][0]['disablepassive']; - $UserParams=base64_decode($config['installedpackages']['zabbixagent']['config'][0]['userparams']); - - $conf = "Server=$Server\n"; - $conf .= "ServerPort=$ServerPort\n"; - $conf .= "Hostname=$Hostname\n"; - $conf .= "ListenIP=$ListenIP\n"; - $conf .= "ListenPort=$ListenPort\n"; - $conf .= "StartAgents=5\n"; - $conf .= "RefreshActiveChecks=$RefreshActChecks\n"; - $conf .= "DebugLevel=3\n"; - $conf .= "PidFile=/var/run/zabbix/zabbix_agentd.pid\n"; - $conf .= "LogFile=/var/log/zabbix/zabbix_agentd.log\n"; - $conf .= "LogFileSize=1\n"; - $conf .= "Timeout=$Timeout\n"; - if (isset($DisableActive) && ($DisableActive == "on")) { - $conf .= "DisableActive=1\n"; - } - if (isset($DisablePassive) && ($DisablePassive == "on")) { - $conf .= "DisablePassive=1\n"; - } - $conf .= "$UserParams\n"; - - file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix/zabbix_agentd.conf", $conf); - conf_mount_ro(); - - ]]> - </custom_php_resync_config_command> - <custom_php_deinstall_command> - <![CDATA[ - exec("/usr/bin/killall zabbix_agentd"); - - exec("/bin/rm " . ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd.sh"); - - exec("/bin/rm -r /var/log/zabbix/"); - exec("/bin/rm -r /var/run/zabbix/"); - ]]> - </custom_php_deinstall_command> -</packagegui> diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc b/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc new file mode 100644 index 00000000..c6d30f65 --- /dev/null +++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + zabbix-proxy-lts.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-zabbix-proxy-lts'] = array(); +$priv_list['page-services-zabbix-proxy-lts']['name'] = "WebCfg - Services: Zabbix Proxy LTS package"; +$priv_list['page-services-zabbix-proxy-lts']['descr'] = "Allow access to Zabbix Proxy LTS package GUI"; + +$priv_list['page-services-zabbix-proxy-lts']['match'] = array(); +$priv_list['page-services-zabbix-proxy-lts']['match'][] = "pkg_edit.php?xml=zabbix-proxy-lts.xml*"; + +?> diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml index 27092e59..f2e74265 100644 --- a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml +++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml @@ -45,7 +45,7 @@ <name>zabbixproxylts</name> <title>Services: Zabbix Proxy LTS</title> <category>Monitoring</category> - <version>0.8.6</version> + <version>0.8.8</version> <include_file>/usr/local/pkg/zabbix-proxy-lts.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> @@ -53,6 +53,10 @@ <item>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> <menu> <name>Zabbix Proxy LTS</name> <tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext> diff --git a/config/zabbix-proxy/zabbix-proxy.xml b/config/zabbix-proxy/zabbix-proxy.xml deleted file mode 100644 index 19930b49..00000000 --- a/config/zabbix-proxy/zabbix-proxy.xml +++ /dev/null @@ -1,250 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<packagegui> - <name>zabbixproxy</name> - <title>Services: Zabbix Proxy</title> - <category>Monitoring</category> - <version>1.1</version> - <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> - <delete_string>Zabbix Proxy has been deleted.</delete_string> - <restart_command>/usr/local/etc/rc.d/zabbix_proxy.sh restart</restart_command> - <menu> - <name>Zabbix Proxy</name> - <tooltiptext>Setup Zabbix Proxy specific settings</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=zabbix-proxy.xml&id=0</url> - </menu> - <service> - <name>zabbix-proxy</name> - <rcfile>zabbix-proxy.sh</rcfile> - <executable>zabbix_proxy</executable> - <description>Zabbix proxy collection daemon</description> - </service> - <tabs> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=zabbix-proxy.xml&id=0</url> - <active /> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Server</fielddescr> - <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> - <default_value>127.0.0.1</default_value> - <type>input</type> - <size>100</size> - <required>true</required> - </field> - <field> - <fielddescr>Server Port</fielddescr> - <fieldname>serverport</fieldname> - <description>Server port (generally 10051)</description> - <default_value>10051</default_value> - <type>input</type> - <size>6</size> - <required>true</required> - </field> - <field> - <fielddescr>Hostname</fielddescr> - <fieldname>hostname</fieldname> - <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description> - <default_value>localhost</default_value> - <type>input</type> - <size>100</size> - <required>true</required> - </field> - <field> - <fielddescr>Active Mode</fielddescr> - <fieldname>activemode</fieldname> - <description>Check to run Zabbix proxy in active mode (default)</description> - <default_value>on</default_value> - <type>checkbox</type> - <required>true</required> - </field> - <field> - <fielddescr>Config Frequency</fielddescr> - <fieldname>configfrequency</fieldname> - <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description> - <default_value>3600</default_value> - <type>input</type> - <size>10</size> - <required>true</required> - </field> - </fields> - <custom_php_install_command> - <![CDATA[ - global $config, $g; - - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); - switch ($pfs_version) { - case "1.2": - case "2.0": - define('ZABBIX_PROXY_BASE', '/usr/local'); - break; - default: - define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix-proxy-' . php_uname("m")); - } - - mwexec("mkdir -p /var/log/zabbix/"); - mwexec("mkdir -p /var/run/zabbix/"); - mwexec("mkdir -p /var/db/zabbix/"); - - conf_mount_rw(); - - /* create a few directories and ensure the sample files are in place */ - exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix"); - exec("/bin/mkdir -p /var/log/zabbix"); - exec("/bin/mkdir -p /var/run/zabbix"); - exec("/bin/mkdir -p /var/db/zabbix"); - - exec("/bin/rm -f " . ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy"); - - $start = "/bin/mkdir -p /var/log/zabbix\n"; - $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix\n"; - - $start .= "/bin/mkdir -p /var/run/zabbix\n"; - $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix\n"; - - $start .= "/bin/mkdir -p /var/db/zabbix\n"; - $start .= "/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix\n"; - - $start .= "echo \"Starting Zabbix Proxy\"...\n"; - - /* start zabbix proxy */ - $start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; - - $stop = "echo \"Stopping Zabbix Proxy\"\n"; - $stop .= "kill `cat /var/run/zabbix/zabbix_proxy.pid`\n"; - /* write out rc.d start/stop file */ - write_rcfile(array( - "file" => "zabbix_proxy.sh", - "start" => "{$start}", - "restart" => "$stop\n" . "sleep 5\n" . "{$start}", - "stop" => "$stop" - ) - ); - - conf_mount_ro(); - ]]> - </custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command> - <![CDATA[ - global $_POST; - - $ServerPort=$_POST['serverport']; - if (!preg_match("/^\d+$/", $ServerPort)) { - $input_errors[]='Server Port is not numeric.'; - } - - $ConfigFrequency=$_POST['configfrequency']; - if (!preg_match("/^\d+$/", $ConfigFrequency)) { - $input_errors[]='Config Frequency is not numeric.'; - } - ]]> - </custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command> - <![CDATA[ - conf_mount_rw(); - global $config, $g; - - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); - switch ($pfs_version) { - case "1.2": - case "2.0": - define('ZABBIX_PROXY_BASE', '/usr/local'); - break; - default: - define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix-proxy-' . php_uname("m")); - } - - $zabbixproxy_config = $config['installedpackages']['zabbixproxy']['config'][0]; - - $Server=$zabbixproxy_config['server']; - $ServerPort=$zabbixproxy_config['serverport']; - $Hostname=$zabbixproxy_config['hostname']; - $ListenPort=$zabbixproxy_config['listenport']; - $ConfigFrequency=$zabbixproxy_config['configfrequency']; - if(isset($zabbixproxy_config['activemode'])) { - $Mode="0"; /* active */ - } else { - $Mode="1"; /* passive */ - } - - $conf = "Server=$Server\n"; - $conf .= "ServerPort=$ServerPort\n"; - $conf .= "Hostname=$Hostname\n"; - $conf .= "PidFile=/var/run/zabbix/zabbix_proxy.pid\n"; - $conf .= "DBName=/var/db/zabbix/proxy.db\n"; - $conf .= "LogFile=/var/log/zabbix/zabbix_proxy.log\n"; - $conf .= "ConfigFrequency=$ConfigFrequency\n"; - $conf .= "FpingLocation=/usr/local/sbin/fping\n"; - /* there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin */ - $conf .= "Fping6Location=/usr/local/sbin/fping6\n"; - $conf .= "ProxyMode=$Mode\n"; - - file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix/zabbix_proxy.conf", $conf); - - $want_sysctls = array( - 'kern.ipc.shmall' => '2097152', - 'kern.ipc.shmmax' => '2147483648', - 'kern.ipc.semmsl' => '250' - ); - $sysctls = array(); - if (file_exists("/etc/sysctl.conf")) { - $sc = file_get_contents("/etc/sysctl.conf"); - $sc = explode("\n", $sc); - foreach ($sc as $num => $line) { - list($sysctl, $val) = explode("=", $line, 2); - if (array_key_exists($sysctl, $want_sysctls) || empty($sysctl)) - unset($sc[$num]); - } - } - foreach ($want_sysctls as $ws => $wv) { - $sc[] = "{$ws}={$wv}"; - exec("/sbin/sysctl {$ws}={$wv}"); - } - file_put_contents("/etc/sysctl.conf", implode("\n", $sc) . "\n"); - - $want_tunables = array( - 'kern.ipc.semopm' => '100', - 'kern.ipc.semmni' => '128', - 'kern.ipc.semmns' => '32000', - 'kern.ipc.shmmni' => '4096' - ); - $tunables = array(); - if (file_exists("/boot/loader.conf")) { - $lt = file_get_contents("/boot/loader.conf"); - $lt = explode("\n", $lt); - foreach ($lt as $num => $line) { - list($tunable, $val) = explode("=", $line, 2); - if (array_key_exists($tunable, $want_tunables) || empty($tunable)) - unset($lt[$num]); - } - } - foreach ($want_tunables as $wt => $wv) { - $lt[] = "{$wt}={$wv}"; - } - file_put_contents("/boot/loader.conf", implode("\n", $lt) . "\n"); - chmod("/var/log/zabbix", 0755); - chmod("/var/run/zabbix", 0755); - conf_mount_ro(); - - ]]> - </custom_php_resync_config_command> - <custom_php_deinstall_command> - <![CDATA[ - exec("kill `cat /var/run/zabbix/zabbix_proxy.pid`"); - - exec("/bin/rm " . ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy.sh"); - - exec("/bin/rm -r /var/log/zabbix/"); - exec("/bin/rm -r /var/run/zabbix/"); - exec("/bin/rm -r /var/db/zabbix/"); - ]]> - </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file diff --git a/config/zabbix2/zabbix2-agent.priv.inc b/config/zabbix2/zabbix2-agent.priv.inc new file mode 100644 index 00000000..bdd3543d --- /dev/null +++ b/config/zabbix2/zabbix2-agent.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + zabbix2-agent.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-zabbix2-agent'] = array(); +$priv_list['page-services-zabbix2-agent']['name'] = "WebCfg - Services: Zabbix-2 Agent package"; +$priv_list['page-services-zabbix2-agent']['descr'] = "Allow access to Zabbix-2 Agent package GUI"; + +$priv_list['page-services-zabbix2-agent']['match'] = array(); +$priv_list['page-services-zabbix2-agent']['match'][] = "pkg_edit.php?xml=zabbix2-agent.xml*"; + +?> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 3d2400ad..e02caefc 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -1,47 +1,51 @@ <?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - zabbix2-agent.xml - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio + zabbix2-agent.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8.3</version> + <version>0.8.4</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> @@ -49,7 +53,10 @@ <additional_files_needed> <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> </additional_files_needed> <menu> <name>Zabbix-2 Agent</name> @@ -61,7 +68,7 @@ <name>zabbix_agentd</name> <rcfile>zabbix2_agentd.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent host monitor daemon</description> + <description>Zabbix Agent Host Monitor Daemon</description> </service> <tabs> <tab> @@ -70,6 +77,7 @@ <active /> </tab> </tabs> + <advanced_options>enabled</advanced_options> <fields> <field> <name>Zabbix2 Agent Settings</name> @@ -78,27 +86,27 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>agentenabled</fieldname> - <description>Enable Zabbix2 Agent service</description> + <description>Enable Zabbix2 Agent service.</description> <type>checkbox</type> </field> <field> <fielddescr>Server</fielddescr> <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <description>List of comma delimited IP addresses (or hostnames) of Zabbix servers.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Server Active</fielddescr> <fieldname>serveractive</fieldname> - <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description> + <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Hostname</fielddescr> <fieldname>hostname</fieldname> - <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description> + <description>Unique, case sensitive hostname. Required for active checks and must match hostname as configured on the Zabbix server.</description> <type>input</type> <size>60</size> </field> @@ -108,7 +116,7 @@ <default_value>0.0.0.0</default_value> <type>input</type> <size>60</size> - <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description> + <description>Listen IP for connections from the server. (Default: 0.0.0.0 - all interfaces)</description> </field> <field> <fielddescr>Listen Port</fielddescr> @@ -116,7 +124,7 @@ <default_value>10050</default_value> <type>input</type> <size>5</size> - <description>Listen port for connections from the server (default 10050)</description> + <description>Listen port for connections from the server. (Default: 10050)</description> </field> <field> <fielddescr>Refresh Active Checks</fielddescr> @@ -124,7 +132,7 @@ <default_value>120</default_value> <type>input</type> <size>5</size> - <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> + <description>The agent will refresh list of active checks once per this number of seconds. (Default: 120)</description> </field> <field> <fielddescr>Timeout</fielddescr> @@ -132,7 +140,13 @@ <default_value>3</default_value> <type>input</type> <size>5</size> - <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description> + <description> + <![CDATA[ + Do not spend more that N seconds on getting requested value.<br /> + Note: The agent does not kill timeouted User Parameters processes!<br /> + (Default: 3. Valid range: 1-30) + ]]> + </description> </field> <field> <fielddescr>Buffer Send</fielddescr> @@ -140,7 +154,12 @@ <default_value>5</default_value> <type>input</type> <size>5</size> - <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description> + <description> + <![CDATA[ + Do not keep data longer than N seconds in buffer.<br /> + (Default: 5. Valid range: 1-3600) + ]]> + </description> </field> <field> <fielddescr>Buffer Size</fielddescr> @@ -148,7 +167,12 @@ <default_value>100</default_value> <type>input</type> <size>5</size> - <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description> + <description> + <![CDATA[ + Maximum number of values in the memory buffer. The agent will send all collected data to Zabbix server or proxy if the buffer is full.<br /> + (Default: 100. Valid range: 2-65535) + ]]> + </description> </field> <field> <fielddescr>Start Agents</fielddescr> @@ -156,7 +180,13 @@ <default_value>3</default_value> <type>input</type> <size>5</size> - <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description> + <description> + <![CDATA[ + Number of pre-forked instances of zabbix_agentd that process passive checks.<br /> + Note: Setting to 0 disables passive checks and the agent will not listen on any TCP port.<br /> + (Default: 3. Valid range: 0-100) + ]]> + </description> </field> <field> <fielddescr>User Parameters</fielddescr> @@ -165,15 +195,25 @@ <type>textarea</type> <rows>5</rows> <cols>50</cols> - <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + <description> + <![CDATA[ + User-defined parameter(s) to monitor. There can be multiple user-defined parameters.<br /> + Example: <em>UserParameter=users,who|wc -l</em> + ]]> + </description> + <advancedfield/> </field> </fields> - <custom_php_install_command>sync_package_zabbix2();</custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> - <custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command> + <custom_php_install_command> + sync_package_zabbix2(); + </custom_php_install_command> + <custom_php_validation_command> + validate_input_zabbix2($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_zabbix2(); + </custom_php_resync_config_command> + <custom_php_deinstall_command> + php_deinstall_zabbix2_agent(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/zabbix2/zabbix2-proxy.priv.inc b/config/zabbix2/zabbix2-proxy.priv.inc new file mode 100644 index 00000000..f3bfc5e1 --- /dev/null +++ b/config/zabbix2/zabbix2-proxy.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + zabbix2-proxy.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-zabbix2-proxy'] = array(); +$priv_list['page-services-zabbix2-proxy']['name'] = "WebCfg - Services: Zabbix-2 Proxy package"; +$priv_list['page-services-zabbix2-proxy']['descr'] = "Allow access to Zabbix-2 Proxy package GUI"; + +$priv_list['page-services-zabbix2-proxy']['match'] = array(); +$priv_list['page-services-zabbix2-proxy']['match'][] = "pkg_edit.php?xml=zabbix2-proxy.xml*"; + +?> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index 00d9b106..398c3df4 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -1,47 +1,51 @@ <?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - zabbix2-proxy.xml - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + zabbix2-proxy.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8.3</version> + <version>0.8.4</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> @@ -49,7 +53,10 @@ <additional_files_needed> <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> </additional_files_needed> <menu> <name>Zabbix-2 Proxy</name> @@ -61,7 +68,7 @@ <name>zabbix_proxy</name> <rcfile>zabbix2_proxy.sh</rcfile> <executable>zabbix_proxy</executable> - <description>Zabbix proxy collection daemon</description> + <description>Zabbix Proxy Collection Daemon</description> </service> <tabs> <tab> @@ -70,6 +77,7 @@ <active /> </tab> </tabs> + <advanced_options>enabled</advanced_options> <fields> <field> <name>Zabbix2 Proxy Settings</name> @@ -78,31 +86,31 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>proxyenabled</fieldname> - <description>Enable Zabbix2 Proxy service</description> + <description>Enable Zabbix2 Proxy service.</description> <type>checkbox</type> </field> <field> <fielddescr>Server</fielddescr> <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <description>List of comma delimited IP addresses (or hostnames) of Zabbix servers.</description> <default_value>127.0.0.1</default_value> <type>input</type> <size>60</size> <required>true</required> </field> <field> - <fielddescr>Server Port</fielddescr> - <fieldname>serverport</fieldname> - <description>Port of Zabbix trapper on Zabbix server. default value 10051</description> - <default_value>10051</default_value> - <type>input</type> - <size>6</size> - <required>true</required> + <fielddescr>Server Port</fielddescr> + <fieldname>serverport</fieldname> + <description>Port of Zabbix trapper on Zabbix server. (Default: 10051)</description> + <default_value>10051</default_value> + <type>input</type> + <size>6</size> + <required>true</required> </field> <field> <fielddescr>Hostname</fielddescr> <fieldname>hostname</fieldname> - <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description> + <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server.</description> <default_value>localhost</default_value> <type>input</type> <size>50</size> @@ -111,7 +119,7 @@ <field> <fielddescr>Proxy Mode</fielddescr> <fieldname>proxymode</fieldname> - <description>Select Zabbix proxy mode (Active is default)</description> + <description>Select Zabbix proxy mode. (Default: Active)</description> <type>select</type> <default_value>0</default_value> <options> @@ -136,15 +144,20 @@ <type>textarea</type> <rows>5</rows> <cols>50</cols> - <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description> + <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Example: StartDiscoverers=10</description> + <advancedfield/> </field> </fields> - <custom_php_install_command>sync_package_zabbix2();</custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> - <custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command> + <custom_php_install_command> + sync_package_zabbix2(); + </custom_php_install_command> + <custom_php_validation_command> + validate_input_zabbix2($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_zabbix2(); + </custom_php_resync_config_command> + <custom_php_deinstall_command> + php_deinstall_zabbix2_proxy(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index 77f1d6e1..9b5f3ed3 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -1,205 +1,213 @@ <?php -/* $Id$ */ -/* ========================================================================== */ /* - zabbix2.inc - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + zabbix2.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("util.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); -function php_install_zabbix2(){ - sync_package_zabbix2(); +function php_zabbix2_pfs_version() { + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + return $pfs_version; } -function php_deinstall_zabbix2_agent(){ - global $config, $g; - - conf_mount_rw(); - $pfs_version = php_zabbix2_pfs_version(); - $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); - - if ($pfs_version > 2.0){ - define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m")); - } else { - define('ZABBIX_AGENT_BASE', '/usr/local'); - } - - exec("/usr/bin/killall zabbix_agentd"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix2_agentd.sh"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf"); - unlink_if_exists("/var/log/zabbix2/zabbix2_agentd.log"); - unlink_if_exists("/var/run/zabbix2/zabbix2_agentd.pid"); - - if (!is_array($config['installedpackages']['zabbixproxy'])){ - if (is_dir("/var/log/zabbix2")) - exec("/bin/rm -r /var/log/zabbix2/"); - if (is_dir("/var/run/zabbix2")) - exec("/bin/rm -r /var/run/zabbix2/"); - } - - conf_mount_ro(); +function php_zabbix2_pkg_base($pfs_version) { + if ($pfs_version >= 2.2) { + // pfSense 2.2 with zabbix 2.4 + $zabbix2_pkg_base = "zabbix24"; + } else { + // pfSense 2.1 with zabbix 2.2 + $zabbix2_pkg_base = "zabbix22"; + } + return $zabbix2_pkg_base; } -function php_deinstall_zabbix2_proxy(){ - global $config, $g; - - conf_mount_rw(); - $pfs_version = php_zabbix2_pfs_version(); - $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); +function php_deinstall_zabbix2_agent() { + global $config, $g; - if ($pfs_version > 2.0){ - define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); - } else { - define('ZABBIX_PROXY_BASE', '/usr/local'); - } + $pfs_version = php_zabbix2_pfs_version(); + $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); - exec("/usr/bin/killall zabbix_proxy"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix2_proxy.sh"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf"); - unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log"); - unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid"); + if ($pfs_version == "2.1" || $pfs_version == "2.2") { + define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m")); + } else { + define('ZABBIX_AGENT_BASE', '/usr/local'); + } - if (!is_array($config['installedpackages']['zabbixagent'])){ - if (is_dir("/var/log/zabbix2")) - exec("/bin/rm -r /var/log/zabbix2/"); - if (is_dir("/var/run/zabbix2")) - exec("/bin/rm -r /var/run/zabbix2/"); - } + mwexec("/usr/bin/killall zabbix_agentd"); - if (is_dir("/var/db/zabbix2")) - exec("/bin/rm -r /var/db/zabbix2/"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf"); + unlink_if_exists("/var/log/zabbix2/zabbix2_agentd.log"); + unlink_if_exists("/var/run/zabbix2/zabbix2_agentd.pid"); - conf_mount_ro(); + if (!is_array($config['installedpackages']['zabbixproxy'])) { + if (is_dir("/var/log/zabbix2")) { + mwexec("/bin/rm -rf /var/log/zabbix2/"); + } + if (is_dir("/var/run/zabbix2")) { + mwexec("/bin/rm -rf /var/run/zabbix2/"); + } + } } -function validate_input_zabbix2($post, &$input_errors){ +function php_deinstall_zabbix2_proxy() { + global $config, $g; + + $pfs_version = php_zabbix2_pfs_version(); + $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); + + if ($pfs_version == "2.1" || $pfs_version == "2.2") { + define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); + } else { + define('ZABBIX_PROXY_BASE', '/usr/local'); + } + + exec("/usr/bin/killall zabbix_proxy"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf"); + unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log"); + unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid"); + + if (!is_array($config['installedpackages']['zabbixagent'])) { + if (is_dir("/var/log/zabbix2")) { + exec("/bin/rm -r /var/log/zabbix2/"); + } + if (is_dir("/var/run/zabbix2")) { + exec("/bin/rm -r /var/run/zabbix2/"); + } + } - if (isset($post['proxyenabled'])){ + if (is_dir("/var/db/zabbix2")) { + exec("/bin/rm -r /var/db/zabbix2/"); + } +} + +function validate_input_zabbix2($post, &$input_errors) { + if (isset($post['proxyenabled'])) { if (!is_numericint($post['serverport'])) { - $input_errors[]='Server Port is not numeric.'.$ServerPort; - } - + $input_errors[] = "'Server Port' value is not numeric."; + } elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Server Port'."; + } + if (!is_numericint($post['configfrequency'])) { - $input_errors[]='Config Frequency is not numeric.'; - } + $input_errors[] = "'Config Frequency' value is not numeric."; } - if (isset($post['agentenabled'])){ + } + + if (isset($post['agentenabled'])) { if (!preg_match("/\w+/", $post['server'])) { - $input_errors[]='Server field is required.'; - } - + $input_errors[] = "Server field is required."; + } + if (!preg_match("/\w+/", $post['hostname'])) { - $input_errors[]='Hostname field is required.'; - } - + $input_errors[] = "Hostname field is required."; + } + if ($post['listenip'] != '') { - if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) { - $input_errors[]='Listen IP is not a configured IP address.'; + if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/", $post['listenip'])) { + $input_errors[] = "'Listen IP' is not a configured IP address."; } } if ($post['listenport'] != '') { - if (!preg_match("/^\d+$/", $post['listenport'])) { - $input_errors[]='Listen Port is not numeric.'; - } + if (!is_numericint($post['listenport'])) { + $input_errors[] = "'Listen Port' value is not numeric."; + } elseif ($post['listenport'] < 1 || $post['listenport'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Listen Port'."; + } } if ($post['refreshactchecks'] != '') { - if (!preg_match("/^\d+$/", $post['refreshactchecks'])) { - $input_errors[]='Refresh Active Checks is not numeric.'; - } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) { - $input_errors[]='You must enter a valid value for \'Refresh Active Checks\''; + if (!is_numericint($post['refreshactchecks'])) { + $input_errors[] = "'Refresh Active Checks' value is not numeric."; + } elseif ($post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600) { + $input_errors[] = "You must enter a valid value for 'Refresh Active Checks'."; } } if ($post['timeout'] != '') { if (!is_numericint($post['timeout'])) { - $input_errors[]='Timeout is not numeric.'; - } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) { - $input_errors[]='You must enter a valid value for \'Timeout\''; + $input_errors[] = "Timeout value is not numeric."; + } elseif ($post['timeout'] < 1 || $post['timeout'] > 30) { + $input_errors[] = "You must enter a valid value for 'Timeout'."; } } - + if ($post['buffersend'] != '') { if (!is_numericint($post['buffersend'])) { - $input_errors[]='Buffer Send is not numeric.'; - } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) { - $input_errors[]='You must enter a valid value for \'Buffer Send\''; + $input_errors[] = "'Buffer Send' value is not numeric."; + } elseif ($post['buffersend'] < 1 || $post['buffersend'] > 3600) { + $input_errors[] = "You must enter a valid value for 'Buffer Send'."; } } - + if ($post['buffersize'] != '') { if (!is_numericint($post['buffersize'])) { - $input_errors[]='Bufer Size is not numeric.'; - } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) { - $input_errors[]='You must enter a valid value for \'Buffer Size\''; + $input_errors[] = "'Buffer Size' value is not numeric."; + } elseif ($post['buffersize'] < 2 || $post['buffersize'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Buffer Size'."; } } - + if ($post['startagents'] != '') { if (!is_numericint($post['startagents'])) { $input_errors[]='Start Agents is not numeric.'; - } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) { - $input_errors[]='You must enter a valid value for \'Start Agents\''; + } elseif ($post['startagents'] < 0 || $post['startagents'] > 100) { + $input_errors[] = "You must enter a valid value for 'Start Agents'."; } } - } + } } -function sync_package_zabbix2(){ +function sync_package_zabbix2() { global $config, $g; conf_mount_rw(); $pfs_version = php_zabbix2_pfs_version(); $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); - if ($pfs_version > 2.0){ + if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m")); define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); - } - else { + } else { define('ZABBIX_AGENT_BASE', '/usr/local'); define('ZABBIX_PROXY_BASE', '/usr/local'); } - #check zabbix proxy config - if (is_array($config['installedpackages']['zabbixproxy'])){ + // Check zabbix proxy config + if (is_array($config['installedpackages']['zabbixproxy'])) { $zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0]; - if ($zbproxy_config['proxyenabled']=="on"){ - $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0); - $AdvancedParams=base64_decode($zbproxy_config['advancedparams']); - + if ($zbproxy_config['proxyenabled'] == "on") { + $Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0); + $AdvancedParams = base64_decode($zbproxy_config['advancedparams']); + $zbproxy_conf_file = <<< EOF Server={$zbproxy_config['server']} ServerPort={$zbproxy_config['serverport']} @@ -209,7 +217,8 @@ DBName=/var/db/zabbix2/proxy.db LogFile=/var/log/zabbix2/zabbix_proxy.log ConfigFrequency={$zbproxy_config['configfrequency']} FpingLocation=/usr/local/sbin/fping -#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin +# There's currently no fping6 (IPv6) dependency in the package, +# but if there was, the binary would likely also be in /usr/local/sbin. Fping6Location=/usr/local/sbin/fping6 ProxyMode={$Mode} {$AdvancedParams} @@ -218,19 +227,19 @@ EOF; file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); } } - /* check zabbix agent settings*/ - if (is_array($config['installedpackages']['zabbixagent'])){ + // Check zabbix agent settings + if (is_array($config['installedpackages']['zabbixagent'])) { $zbagent_config = $config['installedpackages']['zabbixagent']['config'][0]; - if ($zbagent_config['agentenabled']=="on"){ - $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120"); - $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" ); - $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100"); - $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" ); - $UserParams=base64_decode($zbagent_config['userparams']); - $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0"); - $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050"); - $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3"); - + if ($zbagent_config['agentenabled'] == "on") { + $RefreshActChecks = (preg_match("/(\d+)/", $zbagent_config['refreshactchecks'], $matches) ? $matches[1] : "120"); + $BufferSend = (preg_match("/(\d+)/", $zbagent_config['buffersend'], $matches) ? $matches[1] : "5"); + $BufferSize = (preg_match("/(\d+)/", $zbagent_config['buffersize'], $matches) ? $matches[1] : "100"); + $StartAgents = (preg_match("/(\d+)/", $zbagent_config['startagents'], $matches) ? $matches[1] : "3"); + $UserParams = base64_decode($zbagent_config['userparams']); + $ListenIp = $zbagent_config['listenip'] ?: "0.0.0.0"; + $ListenPort = $zbagent_config['listenport'] ?: "10050"; + $TimeOut = $zbagent_config['timeout'] ?: "3"; + $zbagent_conf_file = <<< EOF Server={$zbagent_config['server']} ServerActive={$zbagent_config['serveractive']} @@ -249,33 +258,35 @@ StartAgents={$StartAgents} {$UserParams} EOF; - file_put_contents(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); + file_put_contents(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); } } + $want_sysctls = array( 'kern.ipc.shmall' => '2097152', 'kern.ipc.shmmax' => '2147483648', 'kern.ipc.semmsl' => '250' ); $sysctls = array(); - #check sysctl file values + // Check sysctl file values $sc_file=""; if (file_exists("/etc/sysctl.conf")) { $sc = file("/etc/sysctl.conf"); foreach ($sc as $line) { list($sysk, $sysv) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls)) - $sc_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) { + $sc_file .= $line; } + } } - foreach ($want_sysctls as $ws=> $wv) { + foreach ($want_sysctls as $ws => $wv) { $sc_file .= "{$ws}={$wv}\n"; - exec("/sbin/sysctl {$ws}={$wv}"); + mwexec("/sbin/sysctl {$ws}={$wv}"); } file_put_contents("/etc/sysctl.conf", $sc_file); - #check bootloader values - $lt_file=""; + // Check bootloader values + $lt_file = ""; $want_tunables = array( 'kern.ipc.semopm' => '100', 'kern.ipc.semmni' => '128', @@ -287,110 +298,91 @@ EOF; $lt = file("/boot/loader.conf"); foreach ($lt as $line) { list($tunable, $val) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables)) - $lt_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) { + $lt_file .= $line; + } } } foreach ($want_tunables as $wt => $wv) { - $lt_file.= "{$wt}={$wv}\n"; + $lt_file .= "{$wt}={$wv}\n"; } file_put_contents("/boot/loader.conf", $lt_file); - /*check startup script files*/ - /* create a few directories and ensure the sample files are in place */ - if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) - exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base); - - $dir_checks = <<< EOF -if [ ! -d /var/log/zabbix2 ] - then - /bin/mkdir -p /var/log/zabbix2 - /usr/sbin/chmod 755 /var/log/zabbix2 - fi -/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2 - -if [ ! -d /var/run/zabbix2 ] - then - /bin/mkdir -p /var/run/zabbix2 - /usr/sbin/chmod 755 /var/run/zabbix2 - fi -/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2 - -if [ ! -d /var/db/zabbix2 ] - then - /bin/mkdir -p /var/db/zabbix2 - /usr/sbin/chmod 755 /var/db/zabbix2 - fi -/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2 + // Check startup script files + // Create a few directories and ensure the sample files are in place + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) { + mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base); + } + + $dir_checks = <<< EOF + + if [ ! -d /var/log/zabbix2 ]; then + /bin/mkdir -p /var/log/zabbix2 + /usr/sbin/chmod 755 /var/log/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2 + + if [ ! -d /var/run/zabbix2 ]; then + /bin/mkdir -p /var/run/zabbix2 + /usr/sbin/chmod 755 /var/run/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2 + + if [ ! -d /var/db/zabbix2 ]; then + /bin/mkdir -p /var/db/zabbix2 + /usr/sbin/chmod 755 /var/db/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2 EOF; - - $zproxy_rcfile="/usr/local/etc/rc.d/zabbix2_proxy.sh"; - if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){ - $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n"; - /* start zabbix proxy */ + + $zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh"; + if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") { + $zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n"; $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; - + $zproxy_stop = "echo \"Stopping Zabbix Proxy\"\n"; $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n"; $zproxy_stop .= "/bin/sleep 5\n"; - /* write out rc.d start/stop file */ write_rcfile(array( "file" => "zabbix2_proxy.sh", "start" => $zproxy_start, "stop" => $zproxy_stop ) ); - mwexec("{$zproxy_rcfile} restart"); - }else{ - if (file_exists($zproxy_rcfile)){ - mwexec("{$zproxy_rcfile} stop"); - unlink($zproxy_rcfile); + restart_service("zabbix_proxy"); + } else { + if (is_service_running("zabbix_proxy")) { + stop_service("zabbix_proxy"); } + unlink_if_exists($zproxy_rcfile); } - + $zagent_rcfile="/usr/local/etc/rc.d/zabbix2_agentd.sh"; - if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){ + if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on") { $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent...\"\n"; $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; - + $zagent_stop = "echo \"Stopping Zabbix Agent...\"\n"; $zagent_stop .= "/usr/bin/killall zabbix_agentd\n"; $zagent_stop .= "/bin/sleep 5\n"; - - /* write out rc.d start/stop file */ + write_rcfile(array( - "file" => "zabbix2_agentd.sh", - "start" => "$zagent_start", - "stop" => "$zagent_stop" - ) + "file" => "zabbix2_agentd.sh", + "start" => $zagent_start, + "stop" => $zagent_stop + ) ); - mwexec("{$zagent_rcfile} restart"); - }else{ - if (file_exists($zagent_rcfile)){ - mwexec("{$zagent_rcfile} stop"); - unlink($zagent_rcfile); + restart_service("zabbix_agentd"); + } else { + if (is_service_running("zabbix_agentd")) { + stop_service("zabbix_agentd"); } + unlink_if_exists($zagent_rcfile); } - - conf_mount_ro(); -} -function php_zabbix2_pfs_version(){ - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); - return $pfs_version; -} - -function php_zabbix2_pkg_base($pfs_version){ - if ($pfs_version >= 2.2){ - // pfSense 2.2 with zabbix 2.4 - $zabbix2_pkg_base = "zabbix24"; - }else{ - // pfSense 2.1 with zabbix 2.2 - $zabbix2_pkg_base = "zabbix22"; - } - return $zabbix2_pkg_base; + conf_mount_ro(); } ?> |