diff options
Diffstat (limited to 'config')
77 files changed, 2813 insertions, 1642 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 69cc2126..63960b9e 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -49,7 +49,10 @@ function apache_mod_security_install() { generate_apache_configuration(); $filename = "apache_mod_security.sh"; - $start = APACHEDIR . "/sbin/httpd -k start"; + if (APACHEDIR != "/usr/local") { + $start = "/sbin/ldconfig -m " . APACHEDIR . "/lib\n"; + } + $start .= APACHEDIR . "/sbin/httpd -k start"; $stop = APACHEDIR . "/sbin/httpd -k stop"; write_rcfile(array( @@ -73,6 +76,9 @@ function apache_mod_security_deinstall() { // Check Apache configuration syntax function apache_mod_security_checkconfig() { global $config, $g; + if (APACHEDIR != "/usr/local") { + mwexec("/sbin/ldconfig -m " . APACHEDIR . "/lib"); + } $status = mwexec(APACHEDIR . "/sbin/httpd -t"); if ($status) { $input_errors[] = "[apache_mod_security]: There was an error parsing the Apache configuration: {$status}"; @@ -550,7 +556,7 @@ LoadModule status_module libexec/{$apache_version}/mod_status.so LoadModule autoindex_module libexec/{$apache_version}/mod_autoindex.so LoadModule asis_module libexec/{$apache_version}/mod_asis.so LoadModule info_module libexec/{$apache_version}/mod_info.so -LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so +# LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so LoadModule vhost_alias_module libexec/{$apache_version}/mod_vhost_alias.so LoadModule negotiation_module libexec/{$apache_version}/mod_negotiation.so LoadModule dir_module libexec/{$apache_version}/mod_dir.so diff --git a/config/apache_mod_security/apache_mod_security.priv.inc b/config/apache_mod_security/apache_mod_security.priv.inc new file mode 100644 index 00000000..e3989c9f --- /dev/null +++ b/config/apache_mod_security/apache_mod_security.priv.inc @@ -0,0 +1,42 @@ +<?php +/* + apache_mod_security.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-apache-modsecurity'] = array(); +$priv_list['page-services-apache-modsecurity']['name'] = "WebCfg - Services: ModSecurity/Apache Proxy Server"; +$priv_list['page-services-apache-modsecurity']['descr'] = "Allow access to ModSecurity/Apache Proxy Server package GUI"; + +$priv_list['page-services-apache-modsecurity']['match'] = array(); +$priv_list['page-services-apache-modsecurity']['match'][] = "pkg.php?xml=apache_mod_security.xml*"; +$priv_list['page-services-apache-modsecurity']['match'][] = "pkg.php?xml=apache_mod_security_settings.xml*"; +$priv_list['page-services-apache-modsecurity']['match'][] = "pkg_edit.php?xml=apache_mod_security.xml*"; +$priv_list['page-services-apache-modsecurity']['match'][] = "pkg_edit.php?xml=apache_mod_security_settings.xml*"; +$priv_list['page-services-apache-modsecurity']['match'][] = "apache_mod_security_view_logs.php*"; + +?> diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index ee8c7fbb..a5b6e009 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>apache_mod_security</name> - <version>0.1.8</version> + <version>0.1.9</version> <title>Services: Mod_Security+Apache+Proxy: Site Proxies</title> <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> <menu> @@ -62,6 +62,10 @@ <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/priv/inc/</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_settings.xml</item> </additional_files_needed> diff --git a/config/apcupsd/apcupsd.priv.inc b/config/apcupsd/apcupsd.priv.inc new file mode 100644 index 00000000..5526b99f --- /dev/null +++ b/config/apcupsd/apcupsd.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + apcupsd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-apcupsd'] = array(); +$priv_list['page-services-apcupsd']['name'] = "WebCfg - Services: apcupsd"; +$priv_list['page-services-apcupsd']['descr'] = "Allow access to apcupsd package GUI"; +$priv_list['page-services-apcupsd']['match'] = array(); +$priv_list['page-services-apcupsd']['match'][] = "pkg_edit.php?xml=apcupsd.xml*"; +$priv_list['page-services-apcupsd']['match'][] = "apcupsd_status.php*"; + +?> diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index 38c84e81..cb33b8ef 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -41,17 +41,20 @@ </copyright> <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> - <category>Monitoring</category> - <version>0.3.7</version> + <version>0.3.9</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> - <addedit_string>Apcupsd has been created/modified.</addedit_string> - <delete_string>Apcupsd has been deleted.</delete_string> + <addedit_string>Apcupsd configuration has been created/modified.</addedit_string> + <delete_string>Apcupsd configuration has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/apcupsd.sh restart</restart_command> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item> <prefix>/usr/local/www/</prefix> </additional_files_needed> @@ -67,18 +70,18 @@ <name>Apcupsd</name> <tooltiptext>Setup Apcupsd specific settings</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=apcupsd.xml&id=0</url> + <url>/pkg_edit.php?xml=apcupsd.xml</url> </menu> <service> <name>apcupsd</name> <rcfile>apcupsd.sh</rcfile> <executable>apcupsd</executable> - <description>Apcupsd a daemon for controlling APC UPSes</description> + <description>APC UPS Daemon</description> </service> <tabs> <tab> <text>General</text> - <url>/pkg_edit.php?xml=apcupsd.xml&id=0</url> + <url>/pkg_edit.php?xml=apcupsd.xml</url> <active/> </tab> <tab> @@ -88,19 +91,19 @@ </tabs> <fields> <field> - <name>General configuration parameters</name> + <name>General Configuration Parameters</name> <type>listtopic</type> </field> <field> <fielddescr>Enable</fielddescr> <fieldname>apcupsdenabled</fieldname> - <description>Enable APC UPS Daemon service</description> + <description>Enable APC UPS Daemon service.</description> <type>checkbox</type> </field> <field> <fielddescr>UPS Name</fielddescr> <fieldname>upsname</fieldname> - <description>Use this to give your UPS a name in log files and such</description> + <description>Use this to give your UPS a name in log files and such.</description> <type>input</type> <size>60</size> <required>true</required> @@ -199,7 +202,7 @@ <field> <fielddescr>Kill on Power Fail</fielddescr> <fieldname>killonpowerfail</fieldname> - <description>Hibernate UPS on powerfail</description> + <description>Hibernate UPS on powerfail.</description> <type>checkbox</type> </field> <field> @@ -322,7 +325,7 @@ <default_value>3551</default_value> </field> <field> - <name>Configuration statements used if sharing</name> + <name>UPS Sharing Configuration</name> <type>listtopic</type> </field> <field> diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index 5bf40736..9a7d67a1 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -82,6 +82,10 @@ if ($_REQUEST['download']) { $pgtitle = "Diagnostics: Auto Configuration Backup"; } +/* Set up time zones for conversion. See #5250 */ +$acbtz = new DateTimeZone('America/Chicago'); +$mytz = new DateTimeZone(date_default_timezone_get()); + include("head.inc"); function get_hostnames() { @@ -193,7 +197,9 @@ function get_hostnames() { $savemsg = "An error occurred while trying to remove the item from portal.pfsense.org."; } else { curl_close($curl_session); - $savemsg = "Backup revision {$_REQUEST['rmver']} has been removed."; + $budate = new DateTime($_REQUEST['rmver'], $acbtz); + $budate->setTimezone($mytz); + $savemsg = "Backup revision " . htmlspecialchars($budate->format(DATE_RFC2822)) . " has been removed."; } print_info_box($savemsg); } @@ -350,12 +356,19 @@ EOF; // Loop through and create new confvers $data_split = split("\n", $data); $confvers = array(); + foreach ($data_split as $ds) { $ds_split = split($oper_sep, $ds); $tmp_array = array(); $tmp_array['username'] = $ds_split[0]; $tmp_array['reason'] = $ds_split[1]; $tmp_array['time'] = $ds_split[2]; + + /* Convert the time from server time to local. See #5250 */ + $budate = new DateTime($tmp_array['time'], $acbtz); + $budate->setTimezone($mytz); + $tmp_array['localtime'] = $budate->format(DATE_RFC2822); + if ($ds_split[2] && $ds_split[0]) { $confvers[] = $tmp_array; } @@ -398,16 +411,16 @@ EOF; foreach ($confvers as $cv): ?> <tr valign="top"> - <td class="listlr"> <?= $cv['time']; ?></td> + <td class="listlr"> <?= $cv['localtime']; ?></td> <td class="listbg"> <?= $cv['reason']; ?></td> <td colspan="2" valign="middle" class="list" nowrap="nowrap"> - <a title="Restore this revision" onclick="return confirm('Are you sure you want to restore <?= $cv['time']; ?>?')" href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&newver=<?=urlencode($cv['time']);?>"> + <a title="Restore this revision" onclick="return confirm('Are you sure you want to restore <?= $cv['localtime']; ?>?')" href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&newver=<?=urlencode($cv['time']);?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> </a> <a title="Show info" href="autoconfigbackup.php?download=<?=urlencode($cv['time']);?>&hostname=<?=urlencode($hostname)?>&reason=<?php echo urlencode($cv['reason']);?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="" /> </a> - <a title="Delete" onclick="return confirm('Are you sure you want to delete <?= $cv['time']; ?>?')"href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&rmver=<?=urlencode($cv['time']);?>"> + <a title="Delete" onclick="return confirm('Are you sure you want to delete <?= $cv['localtime']; ?>?')"href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&rmver=<?=urlencode($cv['time']);?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /> </a> </td> diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index dd83a9c7..f2fd8785 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -43,7 +43,7 @@ <description>Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server. Requires Gold Subscription from https://portal.pfsense.org</description> <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> - <version>1.29</version> + <version>1.32</version> <title>Diagnostics: Auto Configuration Backup</title> <savetext>Change</savetext> <include_file>/usr/local/pkg/autoconfigbackup.inc</include_file> diff --git a/config/checkmk-agent/checkmk.inc b/config/checkmk-agent/checkmk.inc index 67d82e6b..1ab92400 100644 --- a/config/checkmk-agent/checkmk.inc +++ b/config/checkmk-agent/checkmk.inc @@ -27,10 +27,11 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("filter.inc"); +require_once("pfsense-utils.inc"); +require_once("util.inc"); + define('ETC_SERVICES', '/etc/services'); -define('ETC_INETD', '/etc/inetd.conf'); -define('ETC_HOSTS_ALLOW', '/etc/hosts.allow'); -define('ETC_RC_CONF', '/etc/rc.conf.local'); function checkmk_install() { /* @@ -39,24 +40,62 @@ function checkmk_install() { */ $checkmk_bin = "/usr/local/bin/check_mk_agent"; $checkmk_url = 'http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob_plain;f=agents/check_mk_agent.freebsd;hb=e13899bde8bdafe13780427811c8153c59be807f'; - mwexec("fetch -o {$checkmk_bin} \"{$checkmk_url}\""); + mwexec("/usr/bin/fetch -o {$checkmk_bin} \"{$checkmk_url}\""); chmod($checkmk_bin, 0755); - sync_package_checkmk(); + /* Detect possible junk left over after previous bad package versions */ + checkmk_decrapify(); +} + +function checkmk_deinstall() { + /* Remove entry from /etc/services file */ + checkmk_cleanup_etc_services_file(); + /* Remove check_mk_agent script fetched via checkmk_install() */ + unlink_if_exists("/usr/local/bin/check_mk_agent"); + /* Detect possible junk left over after previous bad package versions */ + checkmk_decrapify(); +} + +function checkmk_decrapify() { + $i = 0; + if (exec("/usr/bin/wc -l /etc/hosts.allow | /usr/bin/awk '{ print $1 }'") > 5) { + log_error("[check_mk-agent] Possibly redundant lines found in /etc/hosts.allow."); + $i++; + } + if (exec("/usr/bin/wc -l /etc/inetd.conf | /usr/bin/awk '{ print $1 }'") > 1) { + log_error("[check_mk-agent] Possibly redundant lines found in /etc/inetd.conf."); + $i++; + } + if (file_exists("/etc/rc.conf.local")) { + log_error("[check_mk-agent] /etc/rc.conf.local file found; this file does not exist normally on pfSense."); + $i++; + } + if ($i > 0) { + log_error("[check_mk-agent] Inconsistent configuration files; possibly caused by previous check_mk package versions."); + log_error("[check_mk-agent] Please, compare those against default distribution files at https://github.com/pfsense/pfsense and fix as required manually."); + file_notice("check_mk-agent", "Inconsistent configuration files found, possibly caused by previous check_mk package versions. See Status - System Logs - General for details.", "Packages", ""); + } } function checkmk_text_area_decode($text) { return preg_replace('/\r\n/', "\n", base64_decode($text)); } +function checkmk_cleanup_etc_services_file() { + preg_match_all("/check_mk.*/", file_get_contents(ETC_SERVICES), $matches); + foreach ($matches[0] as $match => $value) { + if (!empty($value)) { + remove_text_from_file(ETC_SERVICES, "{$value}\n"); + } + } +} + function sync_package_checkmk() { global $config, $g, $mk_config; - $update_conf = 0; if (!is_array($config['installedpackages']['checkmk']['config'])) { return; } - $mk_config = $config['installedpackages']['checkmk']['config'][0]; $checkmk_bin = "/usr/local/bin/check_mk_agent"; @@ -71,193 +110,200 @@ function sync_package_checkmk() { conf_mount_rw(); - - /* Check services file. */ - $mk_services = file(ETC_SERVICES); + /* Check /etc/services file; remove any previous entries first since port could have changed */ + checkmk_cleanup_etc_services_file(); $port = ($mk_config['checkmkport'] ? $mk_config['checkmkport'] : "6556"); - foreach ($mk_services as $mk_service) { - if (!preg_match("/check_mk/", $mk_service)) { - $mk_service_file.=chop($mk_service)."\n"; - } - } - if ($mk_config['checkmkenable']=="on") { - $mk_service_file .= "check_mk {$port}/tcp #check_mk agent\n"; - file_put_contents(ETC_SERVICES, $mk_service_file, LOCK_EX); - } - - /* Check inetd file. */ - $mk_inetds = file(ETC_INETD); - foreach ($mk_inetds as $mk_inetd) { - if (!preg_match("/check_mk/",$mk_inetd)) { - $mk_inetd_file.=chop($mk_inetd)."\n"; - } - } - if ($mk_config['checkmkenable']=="on") { - $mk_inetd_file .= "check_mk stream tcp nowait root /usr/local/bin/check_mk_agent check_mk\n"; - } - file_put_contents(ETC_INETD, $mk_inetd_file, LOCK_EX); - - /* Check hosts.allow file. */ - $mk_hosts = file(ETC_HOSTS_ALLOW); - $inet_daemons_count = 0; - foreach ($mk_hosts as $mk_host) { - if (!preg_match("/check_mk/",$mk_host)) { - $mk_hosts_file .= chop($mk_host) . "\n"; - } - if (preg_match("/^\w+/")) { - $inet_daemons_count++; - } - } if ($mk_config['checkmkenable'] == "on") { - foreach (explode(',',$mk_config['checkmkhosts']) as $check_mk_host) { - $mk_hosts_file .= "check_mk : {$check_mk_host} : allow\n"; - $inet_daemons_count++; - } + $mk_service_file = "check_mk {$port}/tcp #check_mk agent\n"; + add_text_to_file(ETC_SERVICES, $mk_service_file); } - file_put_contents(ETC_HOSTS_ALLOW, $mk_hosts_file, LOCK_EX); - /* Check inetd daemon rc_conf option. */ - $mk_rc_confs= file(ETC_RC_CONF); - foreach ($mk_rc_confs as $mk_rc_conf) { - if (!preg_match("/inetd_/",$mk_rc_conf)) { - $mk_rc_conf_file .= chop($mk_rc_conf)."\n"; + conf_mount_ro(); + + /* Run XMLRPC sync if not booting */ + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; } + } elseif ($g['booting']) { + return; + } else { + checkmk_sync_on_changes(); } - if ($mk_config['checkmkenable']=="on") { - $mk_rc_conf_file .= 'inetd_enable="YES"' . "\n"; - $mk_rc_conf_file .= 'inetd_flags="-wW"' . "\n"; - } +} - file_put_contents(ETC_RC_CONF, $mk_rc_conf_file, LOCK_EX); - if ($inet_daemons_count > 0) { - mwexec("/etc/rc.d/inetd restart"); +function checkmk_generate_rules($type) { + global $config; + + if (is_array($config['installedpackages']['checkmk']['config'])) { + $mk_config = $config['installedpackages']['checkmk']['config'][0]; } else { - mwexec("/etc/rc.d/inetd stop"); + $mk_config = array(); } - - /* Write config if any file from filesystem was loaded. */ - if ($update_conf > 0) { - write_config(); + $mk_config = $config['installedpackages']['checkmk']['config'][0]; + if ($mk_config['checkmkenable'] != "on") { + return; } - conf_mount_ro(); + if ($type != "nat") { + return; + } - checkmk_sync_on_changes(); + /* Add checkmk daemon to inetd */ + $inetd_fd = fopen("/var/etc/inetd.conf", "a+"); + fwrite($inetd_fd, "check_mk\t\tstream\ttcp\tnowait\t\troot\t/usr/local/bin/check_mk_agent\tcheck_mk \n"); + fclose($inetd_fd); + + /* Generate NAT rules */ + if (!empty($mk_config['checkmkifaces'])) { + $checkmkifs = explode(",", $mk_config['checkmkifaces']); + $checkmkhosts = $mk_config['checkmkhosts'] ?: "any"; + $checkmkport = $mk_config['checkmkport'] ?: "6556"; + foreach ($checkmkifs as $checkmkif) { + if (empty($checkmkif)) { + continue; + } + $interface = get_real_interface($checkmkif); + if (empty($interface)) { + continue; + } + $ip = find_interface_ip($interface); + if (!is_ipaddrv4($ip)) { + continue; + } + + if (is_subnetv4($checkmkhosts) || is_ipaddr($checkmkhosts) || $checkmkhosts == "any") { + $natrules .= "rdr on {$interface} proto tcp from {$checkmkhosts} to {$ip} port {$checkmkport} -> 127.0.0.1 port {$checkmkport}\n"; + } elseif (is_alias($checkmkhosts)) { + $natrules .= "rdr on {$interface} proto tcp from \${$checkmkhosts} to {$ip} port {$checkmkport} -> 127.0.0.1 port {$checkmkport}\n"; + } + } + } + return $natrules; } function checkmk_validate_input($post, &$input_errors) { - foreach ($post as $key => $value) { - if (empty($value)) { - continue; - } - if (substr($key, 0, 3) == "port" && !preg_match("/^\d+$/", $value)) { - $input_errors[] = "{$value} is no a valid port number"; - } - if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) { - $input_errors[] = "Do not use special characters on description"; - } - if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) { - $input_errors[] = "Do not use special characters on filename"; - } - + if (!empty($post["checkmkport"]) && !is_port($post["checkmkport"])) { + $input_errors[] = "You must specify a valid port in 'Listen Port' field."; + + } + if (empty($post["checkmkifaces"])) { + $input_errors[] = "One or more 'Listen Interface(s)' must be selected"; + } + if (!empty($post["checkmkhosts"]) && !(is_alias($post["checkmkhosts"]) || is_subnetv4($post["checkmkhosts"]) || is_ipaddrv4($post["checkmkhosts"]))) { + $input_errors[] = "You must specify a valid IP address, subnet or alias in 'Hosts Allowed' field."; } } /* Uses XMLRPC to synchronize the changes to a remote node. */ function checkmk_sync_on_changes() { - global $config, $g; + global $config; + if (is_array($config['installedpackages']['checkmksync']['config'])) { $checkmk_sync = $config['installedpackages']['checkmksync']['config'][0]; $synconchanges = $checkmk_sync['synconchanges']; - $synctimeout = $checkmk_sync['synctimeout']; + $synctimeout = $checkmk_sync['synctimeout'] ?: '250'; switch ($synconchanges) { case "manual": - if (is_array($checkmk_sync[row])) { - $rs = $checkmksync[row]; + if (is_array($checkmk_sync['row'])) { + $rs = $checkmk_sync['row']; } else { - log_error("[check_mk-agent] XMLRPC sync is enabled but there is no hosts to push on squid config."); + log_error("[check_mk-agent] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { - $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[check_mk-agent] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } } else { - log_error("[check_mk-agent] XMLRPC sync is enabled but there is no system backup hosts to push squid config."); + log_error("[check_mk-agent] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; } break; default: return; - break; + break; } if (is_array($rs)) { log_error("[check_mk-agent] XMLRPC sync is starting."); foreach ($rs as $sh) { - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($sh['username']) { - $username = $sh['username']; - } else { - $username = 'admin'; - } - if ($password && $sync_to_ip) { - checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + checkmk_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[check_mk-agent] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } } - log_error("[check_mk-agent] XMLRPC sync is ending."); } + log_error("[check_mk-agent] XMLRPC sync completed."); } - } + } } /* Do the actual XMLRPC sync. */ -function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { +function checkmk_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if (!$username) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[check_mk-agent] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$password) { - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - if (!$sync_to_ip) { - return; - } + $url = "{$protocol}://{$sync_to_ip}"; - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* If port is empty, let's rely on the protocol selection. */ - if ($port == "") { - if($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $sync_to_ip; - - /* xml will hold the sections to sync. */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['checkmk'] = $config['installedpackages']['checkmk']; - /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* Set a few variables needed for sync code; borrowed from filter.inc. */ - $url = $synchronizetoip; - log_error("[check_mk-agent] Beginning checkmk XMLRPC sync to {$url}:{$port}."); + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -265,17 +311,17 @@ function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) if ($g['debug']) { $cli->setDebug(1); } - /* Send our XMLRPC message and timeout after 250 seconds. */ + /* Send our XMLRPC message and timeout after defined sync timeout value */ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "[check_mk-agent] A communications error occurred while attempting checkmk XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[check_mk-agent] {$error}"); file_notice("sync_settings", $error, "checkmk Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[check_mk-agent] An error code was received while attempting checkmk XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[check_mk-agent] {$error}"); file_notice("sync_settings", $error, "checkmk Settings Sync", ""); } else { log_error("[check_mk-agent] XMLRPC sync successfully completed with {$url}:{$port}."); @@ -286,25 +332,21 @@ function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) $execcmd = "require_once('/usr/local/pkg/checkmk.inc');\n"; $execcmd .= "sync_package_checkmk();"; /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("[check_mk-agent] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "[check_mk-agent] A communications error occurred while attempting checkmk XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[check_mk-agent] {$error}"); file_notice("sync_settings", $error, "checkmk Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[check_mk-agent] An error code was received while attempting checkmk XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[check_mk-agent] {$error}"); file_notice("sync_settings", $error, "checkmk Settings Sync", ""); } else { log_error("[check_mk-agent] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml index b24edca7..6ded083c 100644 --- a/config/checkmk-agent/checkmk.xml +++ b/config/checkmk-agent/checkmk.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>checkmk</name> - <version>0.1.5</version> + <version>0.1.6</version> <title>check_mk Agent</title> <include_file>/usr/local/pkg/checkmk.inc</include_file> <additional_files_needed> @@ -63,22 +63,26 @@ <section>Diagnostics</section> <url>/pkg_edit.php?xml=checkmk.xml</url> </menu> + <service> + <name>check_mk</name> + <executable>inetd</executable> + <description>check_mk Agent</description> + </service> <tabs> <tab> - <text>Config</text> + <text>Settings</text> <url>/pkg_edit.php?xml=checkmk.xml</url> <active/> </tab> <tab> - <text>XMLRPC Sync</text> + <text>Sync</text> <url>/pkg_edit.php?xml=checkmk_sync.xml</url> </tab> </tabs> <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> - <name>check_mk Agent Configuration</name> + <name>General Settings</name> </field> <field> <fielddescr>Enable check_mk Agent</fielddescr> @@ -91,19 +95,29 @@ For reference, see <a href="https://github.com/sileht/check_mk/tree/master/doc">project documentation at GitHub</a>. ]]> </description> - <required/> </field> <field> <fielddescr>Listen Port</fielddescr> <fieldname>checkmkport</fieldname> <type>input</type> <size>10</size> - <description>Enter port to listen on. Leave empty to use Default port 6556.</description> + <default_value>6556</default_value> + <description>Enter port to listen on. (Default: 6556)</description> + <required/> + </field> + <field> + <fielddescr>Listen Interface(s)</fielddescr> + <fieldname>checkmkifaces</fieldname> + <type>interfaces_selection</type> + <size>5</size> + <description>Select interface(s) to listen on.</description> + <hideinterfaceregex>loopback</hideinterfaceregex> + <required/> </field> <field> - <fielddescr>Hosts.allow</fielddescr> + <fielddescr>Hosts Allowed</fielddescr> <fieldname>checkmkhosts</fieldname> - <description>Enter hosts (comma separated) that can communicate with this agent.</description> + <description>Enter an IP address, subnet or alias for host(s) that can communicate with this agent. (Leave empty to allow any host.)</description> <type>input</type> <size>60</size> </field> @@ -111,13 +125,16 @@ <custom_php_install_command> checkmk_install(); </custom_php_install_command> + <custom_php_deinstall_command> + checkmk_deinstall(); + </custom_php_deinstall_command> <custom_php_validation_command> checkmk_validate_input($_POST, $input_errors); </custom_php_validation_command> - <custom_delete_php_command> - sync_package_checkmk(); - </custom_delete_php_command> <custom_php_resync_config_command> sync_package_checkmk(); </custom_php_resync_config_command> + <filter_rules_needed> + checkmk_generate_rules + </filter_rules_needed> </packagegui> diff --git a/config/checkmk-agent/checkmk_sync.xml b/config/checkmk-agent/checkmk_sync.xml index 1165152c..c08d280f 100644 --- a/config/checkmk-agent/checkmk_sync.xml +++ b/config/checkmk-agent/checkmk_sync.xml @@ -42,16 +42,16 @@ ]]> </copyright> <name>checkmksync</name> - <version>0.1.4</version> + <version>0.1.6</version> <title>check_mk Agent: Sync</title> <include_file>/usr/local/pkg/checkmk.inc</include_file> <tabs> <tab> - <text>Config</text> + <text>Settings</text> <url>/pkg_edit.php?xml=checkmk.xml</url> </tab> <tab> - <text>XMLRPC Sync</text> + <text>Sync</text> <url>/pkg_edit.php?xml=checkmk_sync.xml</url> <active/> </tab> @@ -59,88 +59,91 @@ <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> - <name>Enable check_mk configuration sync</name> + <name>XMLRPC Sync</name> </field> <field> - <fielddescr>Sync Option</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Automatically sync check_mk configuration changes.</description> + <description> + <![CDATA[ + Select a sync method for check_mk agent.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> - <option> - <name>Sync to configured system backup server</name> - <value>auto</value> - </option> - <option> - <name>Sync to host(s) defined below</name> - <value>manual</value> - </option> - <option> - <name>Do not sync this package configuration</name> - <value>disabled</value> - </option> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> </options> </field> <field> <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> - <description>Select sync max wait time</description> + <description>XMLRPC timeout in seconds.</description> <type>select</type> <required/> <default_value>250</default_value> <options> - <option> - <name>250 seconds (Default)</name> - <value>250</value> - </option> - <option> - <name>120 seconds</name> - <value>120</value> - </option> - <option> - <name>90 seconds</name> - <value>90</value> - </option> - <option> - <name>60 seconds</name> - <value>60</value> - </option> - <option> - <name>30 seconds</name> - <value>30</value> - </option> + <option><name>250 seconds (Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> </options> </field> <field> - <fielddescr>Remote Servers</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>IP Address</fielddescr> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>20</size> - <required/> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Username</fielddescr> + <fielddescr>Username (admin)</fielddescr> <fieldname>username</fieldname> - <description>Username on remote server</description> + <description><![CDATA[Enter the username account for administration.]]></description> <type>input</type> <size>20</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Password</fielddescr> + <fielddescr>Admin Password</fielddescr> <fieldname>password</fieldname> - <description>Password for remote server</description> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> <size>20</size> - <required/> </rowhelperfield> </rowhelper> </field> @@ -148,7 +151,4 @@ <custom_php_resync_config_command> checkmk_sync_on_changes(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> </packagegui> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 005a193a..f23e6c38 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -135,6 +135,7 @@ function freeradius_install_command() { freeradius_sqlconf_resync(); freeradius_eapconf_resync(); freeradius_clients_resync(); + freeradius_modulesldap_resync(); $rcfile = array(); $rcfile['file'] = 'radiusd.sh'; diff --git a/config/freeradius2/freeradius.priv.inc b/config/freeradius2/freeradius.priv.inc new file mode 100644 index 00000000..0f9e248e --- /dev/null +++ b/config/freeradius2/freeradius.priv.inc @@ -0,0 +1,60 @@ +<?php +/* + freeradius.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-freeradius'] = array(); +$priv_list['page-services-freeradius']['name'] = "WebCfg - Services: FreeRADIUS"; +$priv_list['page-services-freeradius']['descr'] = "Allow access to FreeRADIUS package GUI"; + +$priv_list['page-services-freeradius']['match'] = array(); +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradius.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiusauthorizedmacs.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiusclients.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiusinterfaces.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiussettings.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiuseapconf.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiussqlconf.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiuscerts.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiusmodulesldap.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg.php?xml=freeradiussync.xml*"; + +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradius.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiusauthorizedmacs.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiusclients.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiusinterfaces.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiussettings.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiuseapconf.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiussqlconf.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiuscerts.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiusmodulesldap.xml*"; +$priv_list['page-services-freeradius']['match'][] = "pkg_edit.php?xml=freeradiussync.xml*"; + +$priv_list['page-services-freeradius']['match'][] = "freeradius_view_config.php*"; + +?> diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index eab6b09a..eeea1605 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -1,26 +1,24 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> -<![CDATA[ + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* freeradius.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2015 ESF, LLC All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. @@ -28,6 +26,7 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -38,14 +37,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -]]> </copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>freeradius</name> - <version>1.6.17</version> + <version>1.6.18</version> <title>FreeRADIUS: Users</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <menu> @@ -58,9 +55,8 @@ <name>radiusd</name> <rcfile>radiusd.sh</rcfile> <executable>radiusd</executable> - <description><![CDATA[FreeRADIUS Server]]></description> + <description>FreeRADIUS Server</description> </service> - <tabs> <tab> <text>Users</text> @@ -110,57 +106,50 @@ </tabs> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> - </additional_files_needed> + </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item> </additional_files_needed> <adddeleteeditpagefields> @@ -228,54 +217,81 @@ <field> <fielddescr>Username</fielddescr> <fieldname>varusersusername</fieldname> - <description><![CDATA[Enter the username. Whitespace is possible. If you do not want to use username/password but custom options then leave this field empty.]]></description> + <description> + <![CDATA[ + Enter the username. Whitespace is possible. If you do not want to use username/password but custom options then leave this field empty. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Password</fielddescr> <fieldname>varuserspassword</fieldname> - <description><![CDATA[Enter the password for this username. If you do not want to use username/password but custom options then leave this field empty.]]></description> + <description> + <![CDATA[ + Enter the password for this username. If you do not want to use username/password but custom options then leave this field empty. + ]]> + </description> <type>password</type> </field> <field> - <fielddescr>Password encryption</fielddescr> - <fieldname>varuserspasswordencryption</fieldname> - <description><![CDATA[Select the password encryption for this user. Default: Cleartext-Password]]></description> + <fielddescr>Password Encryption</fielddescr> + <fieldname>varuserspasswordencryption</fieldname> + <description> + <![CDATA[ + Select the password encryption for this user. Default: Cleartext-Password + ]]> + </description> <type>select</type> <default_value>Cleartext-Password</default_value> - <options> - <option><name>Cleartext-Password</name><value>Cleartext-Password</value></option> - <option><name>MD5-Password</name><value>MD5-Password</value></option> - </options> + <options> + <option><name>Cleartext-Password</name><value>Cleartext-Password</value></option> + <option><name>MD5-Password</name><value>MD5-Password</value></option> + </options> </field> <field> <fielddescr>Enable One-Time-Password for this user</fielddescr> <fieldname>varusersmotpenable</fieldname> - <description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client to generate OTP can be installed on various mobile device plattforms like Android and more.<br><br> - <b>IMPORTANT:</b> You need to enabled mOTP first in FreeRADIUS => Settings (Default: unchecked)]]></description> + <description> + <![CDATA[ + This enables the possibility to authenticate against an username and an one-time-password. The client to generate OTP can be installed on various mobile device plattforms like Android and more.<br/><br/> + <b>IMPORTANT:</b> You need to enabled mOTP first in FreeRADIUS => Settings (Default: unchecked) + ]]> + </description> <type>checkbox</type> <enablefields>varusersmotpinitsecret,varusersmotppin,varusersmotpoffset</enablefields> </field> <field> <fielddescr>Init-Secret</fielddescr> <fieldname>varusersmotpinitsecret</fieldname> - <description><![CDATA[This is the generated init secret you get when you initialize the toke the first time on a client (mobile device).]]></description> + <description> + <![CDATA[ + This is the generated init secret you get when you initialize the toke the first time on a client (mobile device). + ]]> + </description> <type>password</type> </field> <field> <fielddescr>PIN</fielddescr> <fieldname>varusersmotppin</fieldname> - <description><![CDATA[This is the PIN the user has to enter on his mobile device to generate a one-time-password.]]></description> + <description> + <![CDATA[ + This is the PIN the user has to enter on his mobile device to generate a one-time-password. + ]]> + </description> <type>password</type> </field> <field> <fielddescr>Time Offset</fielddescr> <fieldname>varusersmotpoffset</fieldname> - <description><![CDATA[If the client is not in the correct time zone or is not changing time zone automatically than you have to calculate the offset and enter it here. To calculate it do the following:<br><br> - - 1. Write down the first 9 digits of the Epoch-Time on the client.<br> - 2. Check with <b>date +%s</b> the Epoch-Time on your FreeRADIUS server and write down the first 9 digits.<br> - 3. Subtract both values, multiply the result with 10 and enter the value in this field. Example: 30 or -180 (Default: 0)]]></description> + <description> + <![CDATA[ + If the client is not in the correct time zone or is not changing time zone automatically than you have to calculate the offset and enter it here. To calculate it do the following:<br/><br/> + 1. Write down the first 9 digits of the Epoch-Time on the client.<br/> + 2. Check with <b>date +%s</b> the Epoch-Time on your FreeRADIUS server and write down the first 9 digits.<br/> + 3. Subtract both values, multiply the result with 10 and enter the value in this field. Example: 30 or -180 (Default: 0) + ]]> + </description> <type>input</type> <default_value>0</default_value> </field> @@ -284,21 +300,34 @@ <type>listtopic</type> </field> <field> - <fielddescr>Number of simultaneous connections</fielddescr> + <fielddescr>Number of Simultaneous Connections</fielddescr> <fieldname>varuserssimultaneousconnect</fieldname> - <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with Captive Portal you should leave this empty. Read the documentation!]]></description> + <description> + <![CDATA[ + The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with Captive Portal you should leave this empty. + Read the documentation! + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Redirection URL</fielddescr> - <fieldname>varuserswisprredirectionurl</fieldname> - <description><![CDATA[Enter the URL the user should be redirected to after successful login. (e.g.: http://www.google.com)]]></description> + <fieldname>varuserswisprredirectionurl</fieldname> + <description> + <![CDATA[ + Enter the URL the user should be redirected to after successful login. (e.g.: http://www.google.com) + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description><![CDATA[Enter any description for this user you like.]]></description> + <fieldname>description</fieldname> + <description> + <![CDATA[ + Enter any description for this user you like. + ]]> + </description> <type>input</type> </field> <field> @@ -308,80 +337,107 @@ <field> <fielddescr>IP Address</fielddescr> <fieldname>varusersframedipaddress</fieldname> - <description><![CDATA[<b>Framed-IP-Address</b> must be supported by NAS.<br><br> - If you want this user to be assigned a specific IP address from radius, enter the IP address here.<br> - Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br><br> - <b>IMPORTANT:</b> You must enter an IP address here if you checked "RADIUS issued IP" on VPN PPTP or VPN PPPoE configuration.]]></description> + <description> + <![CDATA[ + <b>Framed-IP-Address</b> must be supported by NAS.<br/><br/> + If you want this user to be assigned a specific IP address from radius, enter the IP address here.<br/> + Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br/><br/> + <b>IMPORTANT:</b> You must enter an IP address here if you checked "RADIUS issued IP" on VPN PPTP or VPN PPPoE configuration. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Subnet Mask</fielddescr> - <fieldname>varusersframedipnetmask</fieldname> - <description><![CDATA[<b>Framed-IP-Netmask</b> must be supported by NAS. (e.g. 255.255.255.0)]]></description> + <fieldname>varusersframedipnetmask</fieldname> + <description> + <![CDATA[ + <b>Framed-IP-Netmask</b> must be supported by NAS. (e.g. 255.255.255.0) + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Gateway</fielddescr> - <fieldname>varusersframedroute</fieldname> + <fieldname>varusersframedroute</fieldname> <description><![CDATA[<b>Framed-Route</b> must be supported by NAS. Format is: Subnet Gateway Metric (e.g. 192.168.10.0 192.168.10.1 1).]]></description> <type>input</type> </field> <field> <fielddescr>VLAN ID</fielddescr> - <fieldname>varusersvlanid</fieldname> - <description><![CDATA[Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.<br> - Must be supported by the NAS.<br> - This setting can be used for a NAS that supports the following RADIUS parameters:<br><br> - - Tunnel-Type = VLAN<br> - Tunnel-Medium-Type = IEEE-802<br> - Tunnel-Private-Group-ID = "<b>THIS IS YOUR INPUT</b>"]]></description> + <fieldname>varusersvlanid</fieldname> + <description> + <![CDATA[ + Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.<br/> + Must be supported by the NAS.<br/> + This setting can be used for a NAS that supports the following RADIUS parameters:<br/><br/> + Tunnel-Type = VLAN<br/> + Tunnel-Medium-Type = IEEE-802<br/> + Tunnel-Private-Group-ID = "<b>THIS IS YOUR INPUT</b>" + ]]> + </description> <type>input</type> - </field> + </field> <field> <name>Time Configuration</name> <type>listtopic</type> </field> <field> <fielddescr>Expiration Date</fielddescr> - <fieldname>varusersexpiration</fieldname> - <description><![CDATA[Enter the date when this account should expire. Format is: Mmm dd yyyy (e.g. Jan 01 2012).]]></description> + <fieldname>varusersexpiration</fieldname> + <description> + <![CDATA[ + Enter the date when this account should expire. Format is: Mmm dd yyyy (e.g. Jan 01 2012). + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Session Timeout</fielddescr> - <fieldname>varuserssessiontimeout</fieldname> + <fieldname>varuserssessiontimeout</fieldname> <description><![CDATA[Enter the time this user has until relogin in seconds.]]></description> <type>input</type> </field> <field> <fielddescr>Possible Login Times</fielddescr> - <fieldname>varuserslogintime</fieldname> - <description><![CDATA[Enter the time when this user should have access. If no time is entered it means "always".<br> - Every time string contains a day (Mo,Tu,We,Th,Fr,Sa,Su) or all weekdays which is from monday till friday (Wk).<br> - All weekdays plus weekend which means all days from monday till sunday is (Al).<br><br> - <b>Wk0855-2305,Sa,Su2230-0230</b><br><br> - This means weekdays after 8:55 AM and before 11:05 PM | any time on saturday | sunday after 10:30 PM and before 02:30 AM.]]></description> + <fieldname>varuserslogintime</fieldname> + <description> + <![CDATA[ + Enter the time when this user should have access. If no time is entered it means "always".<br/> + Every time string contains a day (Mo,Tu,We,Th,Fr,Sa,Su) or all weekdays which is from monday till friday (Wk).<br/> + All weekdays plus weekend which means all days from monday till sunday is (Al).<br/><br/> + <b>Wk0855-2305,Sa,Su2230-0230</b><br/><br/> + This means weekdays after 8:55 AM and before 11:05 PM | any time on saturday | sunday after 10:30 PM and before 02:30 AM. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Amount of Time</fielddescr> - <fieldname>varusersamountoftime</fieldname> - <description><![CDATA[Enter the amount of time for this user in minutes.]]></description> + <fieldname>varusersamountoftime</fieldname> + <description> + <![CDATA[ + Enter the amount of time for this user in minutes. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Time Period</fielddescr> - <fieldname>varuserspointoftime</fieldname> - <description><![CDATA[Select the time period for the amount of time.]]></description> + <fieldname>varuserspointoftime</fieldname> + <description> + <![CDATA[ + Select the time period for the amount of time. + ]]> + </description> <type>select</type> <default_value>daily</default_value> - <options> - <option><name>Daily</name><value>Daily</value></option> - <option><name>Weekly</name><value>Weekly</value></option> - <option><name>Monthly</name><value>Monthly</value></option> - <option><name>Forever</name><value>Forever</value></option> - </options> + <options> + <option><name>Daily</name><value>Daily</value></option> + <option><name>Weekly</name><value>Weekly</value></option> + <option><name>Monthly</name><value>Monthly</value></option> + <option><name>Forever</name><value>Forever</value></option> + </options> </field> <field> <name>Traffic and Bandwidth</name> @@ -389,39 +445,60 @@ </field> <field> <fielddescr>Amount of Download and Upload Traffic</fielddescr> - <fieldname>varusersmaxtotaloctets</fieldname> - <description><![CDATA[Enter the amount of download and upload traffic (summarized) for this user in <b>MegaByte (MB)</b>. There is a bug in CP (pfSense v2.0.x) which counts the real traffic many times faster and incorrect.]]></description> + <fieldname>varusersmaxtotaloctets</fieldname> + <description> + <![CDATA[ + Enter the amount of download and upload traffic (summarized) for this user in <b>MegaByte (MB)</b>. There is a bug in CP (pfSense v2.0.x) which counts the real traffic many times faster and incorrect. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Time Period</fielddescr> - <fieldname>varusersmaxtotaloctetstimerange</fieldname> - <description><![CDATA[Select the time period for the amount of download and upload traffic. This does not automatically reset the counter. You need to setup a cronjob (with cron package) which will reset the counter. Read the documentation!]]></description> + <fieldname>varusersmaxtotaloctetstimerange</fieldname> + <description> + <![CDATA[ + Select the time period for the amount of download and upload traffic. This does not automatically reset the counter.<br/> + You need to setup a cronjob (with cron package) which will reset the counter. Read the documentation! + ]]> + </description> <type>select</type> <default_value>daily</default_value> - <options> - <option><name>Daily</name><value>daily</value></option> - <option><name>Weekly</name><value>weekly</value></option> - <option><name>Monthly</name><value>monthly</value></option> - <option><name>Forever</name><value>forever</value></option> - </options> + <options> + <option><name>Daily</name><value>daily</value></option> + <option><name>Weekly</name><value>weekly</value></option> + <option><name>Monthly</name><value>monthly</value></option> + <option><name>Forever</name><value>forever</value></option> + </options> </field> <field> <fielddescr>Maximum Bandwidth Down</fielddescr> - <fieldname>varusersmaxbandwidthdown</fieldname> - <description><![CDATA[Enter the maximum bandwidth for download in <b>KiloBits</b> per second.]]></description> + <fieldname>varusersmaxbandwidthdown</fieldname> + <description> + <![CDATA[ + Enter the maximum bandwidth for download in <b>KiloBits</b> per second. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Maximum Bandwidth Up</fielddescr> - <fieldname>varusersmaxbandwidthup</fieldname> - <description><![CDATA[Enter the maximum bandwidth for upload in <b>KiloBits</b> per second.]]></description> + <fieldname>varusersmaxbandwidthup</fieldname> + <description> + <![CDATA[ + Enter the maximum bandwidth for upload in <b>KiloBits</b> per second. + ]]> + </description> <type>input</type> </field> <field> <fielddescr>Accounting Interim Interval</fielddescr> - <fieldname>varusersacctinteriminterval</fieldname> - <description><![CDATA[Enter the seconds which should be between every interim-update. It MUST be more than 60s and SHOULD NOT be less than 600s. (Default: 600)]]></description> + <fieldname>varusersacctinteriminterval</fieldname> + <description> + <![CDATA[ + Enter the seconds which should be between every interim-update. It MUST be more than 60s and SHOULD NOT be less than 600s. (Default: 600) + ]]> + </description> <type>input</type> </field> <field> @@ -430,39 +507,51 @@ </field> <field> <fielddescr>Additional RADIUS Attributes on the TOP of this entry</fielddescr> - <fieldname>varuserstopadditionaloptions</fieldname> - <description><![CDATA[This is for experts only and should be treat with care!<br> - You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br> - To put a command in a new line use a vertical bar (|).<br><br> - Example: DEFAULT Auth-Type = System<br><br> - <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br> - Verify your changes by checking users file (View config -> users).]]></description> + <fieldname>varuserstopadditionaloptions</fieldname> + <description> + <![CDATA[ + This is for experts only and should be treat with care!<br/> + You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br/> + To put a command in a new line use a vertical bar (|).<br/><br/> + Example: DEFAULT Auth-Type = System<br/><br/> + <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br/> + Verify your changes by checking users file (View config -> users). + ]]> + </description> <type>textarea</type> <rows>4</rows> <cols>75</cols> </field> <field> <fielddescr>Additional RADIUS Attributes (CHECK-ITEM).</fielddescr> - <fieldname>varuserscheckitemsadditionaloptions</fieldname> - <description><![CDATA[This is for experts only and should be treat with care!<br> - You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br> - To put a command in a new line use a vertical bar (|).<br><br> - Example: Max-Daily-Session := 36000<br><br> - <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br> - Verify your changes by checking users file (View config -> users).]]></description> + <fieldname>varuserscheckitemsadditionaloptions</fieldname> + <description> + <![CDATA[ + This is for experts only and should be treat with care!<br/> + You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br/> + To put a command in a new line use a vertical bar (|).<br/><br/> + Example: Max-Daily-Session := 36000<br/><br/> + <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br/> + Verify your changes by checking users file (View config -> users). + ]]> + </description> <type>textarea</type> <rows>4</rows> <cols>75</cols> </field> <field> <fielddescr>Additional RADIUS Attributes (REPLY-ITEM).</fielddescr> - <fieldname>varusersreplyitemsadditionaloptions</fieldname> - <description><![CDATA[This is for experts only and should be treat with care!<br> - You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br> - To put a command in a new line use a vertical bar (|).<br><br> - Example: Service-Type == Login-User,|Login-Service == Telnet,|Login-IP-Host == 192.168.1.2<br><br> - <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br> - Verify your changes by checking users file (View config -> users).]]></description> + <fieldname>varusersreplyitemsadditionaloptions</fieldname> + <description> + <![CDATA[ + This is for experts only and should be treat with care!<br/> + You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br/> + To put a command in a new line use a vertical bar (|).<br/><br/> + Example: Service-Type == Login-User,|Login-Service == Telnet,|Login-IP-Host == 192.168.1.2<br/><br/> + <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br/> + Verify your changes by checking users file (View config -> users). + ]]> + </description> <type>textarea</type> <rows>4</rows> <cols>75</cols> diff --git a/config/iperf/iperf.priv.inc b/config/iperf/iperf.priv.inc new file mode 100644 index 00000000..794810a2 --- /dev/null +++ b/config/iperf/iperf.priv.inc @@ -0,0 +1,43 @@ +<?php +/* + iperf.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-iperf-client'] = array(); +$priv_list['page-diagnostics-iperf-client']['name'] = "WebCfg - Diagnostics: iperf client"; +$priv_list['page-diagnostics-iperf-client']['descr'] = "Allow access to iperf client GUI"; +$priv_list['page-diagnostics-iperf-client']['match'] = array(); +$priv_list['page-diagnostics-iperf-client']['match'][] = "pkg_edit.php?xml=iperf.xml*"; + +$priv_list['page-diagnostics-iperf-server'] = array(); +$priv_list['page-diagnostics-iperf-server']['name'] = "WebCfg - Diagnostics: iperf server"; +$priv_list['page-diagnostics-iperf-server']['descr'] = "Allow access to iperf server GUI"; +$priv_list['page-diagnostics-iperf-server']['match'] = array(); +$priv_list['page-diagnostics-iperf-server']['match'][] = "pkg_edit.php?xml=iperfserver.xml*"; + +?> diff --git a/config/iperf/iperf.xml b/config/iperf/iperf.xml index 182d866b..b7e27871 100644 --- a/config/iperf/iperf.xml +++ b/config/iperf/iperf.xml @@ -42,35 +42,40 @@ ]]> </copyright> <name>iperf</name> - <version>2.0.5.2</version> + <version>2.0.5.3</version> <title>iperf: Client</title> + <savetext>Run iperf client</savetext> <preoutput>yes</preoutput> <donotsave>true</donotsave> <menu> <name>iperf</name> - <tooltiptext>Run iperf in client or server mode.</tooltiptext> <section>Diagnostics</section> <configfile>iperf.xml</configfile> </menu> <service> <name>iperf</name> <executable>iperf</executable> - <description>iperf network performance testing daemon/client</description> + <description>iperf Network Performance Testing Daemon/Client</description> </service> <tabs> <tab> <text>Client</text> - <url>/pkg_edit.php?xml=iperf.xml&id=0</url> + <url>/pkg_edit.php?xml=iperf.xml</url> <active/> </tab> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=iperfserver.xml&id=0</url> + <url>/pkg_edit.php?xml=iperfserver.xml</url> </tab> </tabs> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/iperf/iperfserver.xml</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/iperf/iperf.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>Server</fielddescr> diff --git a/config/iperf/iperfserver.xml b/config/iperf/iperfserver.xml index 524e8366..6cd0e5ec 100644 --- a/config/iperf/iperfserver.xml +++ b/config/iperf/iperfserver.xml @@ -42,8 +42,9 @@ ]]> </copyright> <name>iperf</name> - <version>2.0.5.2</version> + <version>2.0.5.3</version> <title>iperf: Server</title> + <savetext>Run iperf server</savetext> <preoutput>yes</preoutput> <donotsave>true</donotsave> <menu> @@ -55,11 +56,11 @@ <tabs> <tab> <text>Client</text> - <url>/pkg_edit.php?xml=iperf.xml&id=0</url> + <url>/pkg_edit.php?xml=iperf.xml</url> </tab> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=iperfserver.xml&id=0</url> + <url>/pkg_edit.php?xml=iperfserver.xml</url> <active/> </tab> </tabs> diff --git a/config/ipguard/ipguard.inc b/config/ipguard/ipguard.inc index 68e08e9f..d51e4fe2 100644 --- a/config/ipguard/ipguard.inc +++ b/config/ipguard/ipguard.inc @@ -31,7 +31,6 @@ require_once("config.inc"); require_once("util.inc"); function ipguard_custom_php_deinstall_command() { - stop_service('ipguard'); unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh"); $files = glob("/usr/local/etc/ipguard_*.conf"); unlink_if_exists($files); @@ -50,8 +49,7 @@ function ipguard_custom_php_write_config() { } if (is_array($config['installedpackages']['ipguard']['config'])) { - // Read config - $new_config=array(); + $new_config = array(); foreach ($config['installedpackages']['ipguard']['config'] as $ipguard) { if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']) { $new_config[$ipguard['interface']] .= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n"; @@ -59,8 +57,8 @@ function ipguard_custom_php_write_config() { } } - $start=""; - $stop="pkill -anx ipguard"; + $start = ""; + $stop = "/bin/pkill -anx ipguard"; conf_mount_rw(); /* Create rc script and restart service if ipguard is enabled */ if (count($new_config) > 0 && $ipguard['enable']) { @@ -81,13 +79,8 @@ function ipguard_custom_php_write_config() { $iface = convert_friendly_interface_to_real_interface_name($key); $start .= "/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t"; } - write_rcfile(array( - 'file' => 'ipguard.sh', - 'start' => $start, - 'stop' => $stop - )); + write_rcfile(array('file' => 'ipguard.sh', 'start' => $start, 'stop' => $stop)); restart_service('ipguard'); - } else { /* Otherwise, stop the service and remove rc script */ stop_service('ipguard'); @@ -96,7 +89,6 @@ function ipguard_custom_php_write_config() { } conf_mount_ro(); - /* Sync config with other pfSense servers */ ipguard_sync_on_changes(); } @@ -104,64 +96,111 @@ function ipguard_custom_php_write_config() { function ipguard_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['ipguardsync'])) { - if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { + if (is_array($config['installedpackages']['ipguardsync']['config'])) { + $ipguard_sync = $config['installedpackages']['ipguardsync']['config'][0]; + $synconchanges = $ipguard_sync['synconchanges']; + $synctimeout = $ipguard_sync['synctimeout'] ?: '250'; + switch ($synconchanges) { + case "manual": + if (is_array($ipguard_sync['row'])) { + $rs = $ipguard_sync['row']; + } else { + log_error("[ipguard] XMLRPC sync is enabled but there are no hosts configured as replication targets."); + return; + } + break; + case "auto": + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[ipguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } + } else { + log_error("[ipguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)) { log_error("[ipguard] XMLRPC sync is starting."); - foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ) { - foreach ($rs['row'] as $sh) { + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; $password = $sh['password']; - if ($password && $sync_to_ip) { - ipguard_do_xmlrpc_sync($sync_to_ip, $password); + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + ipguard_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[ipguard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); } } } - log_error("[ipguard] XMLRPC sync is ending."); + log_error("[ipguard] XMLRPC sync completed."); } - } + } } /* Do the actual XMLRPC sync */ -function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { - global $config, $g; +function ipguard_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { + global $config; - if (!$password) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[ipguard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$sync_to_ip) { - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $username = 'admin'; - $xmlrpc_sync_neighbor = $sync_to_ip; - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* If port is empty, let's rely on the protocol selection */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $sync_to_ip; + $url = "{$protocol}://{$sync_to_ip}"; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['ipguard'] = $config['installedpackages']['ipguard']; - /* Assemble XMLRPC payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* Set a few variables needed for sync code; borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("Beginning ipguard XMLRPC sync to {$url}:{$port}."); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -169,49 +208,45 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { if ($g['debug']) { $cli->setDebug(1); } - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* Send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[ipguard] {$error}"); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[ipguard] {$error}"); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); } else { - log_error("ipguard XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[ipguard] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell ipguard to reload our settings on the destination sync host. */ + /* Tell ipguard to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; $execcmd .= "ipguard_custom_php_write_config();"; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("ipguard XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[ipguard] {$error}"); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[ipguard] {$error}"); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); } else { - log_error("ipguard XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[ipguard] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/ipguard/ipguard.priv.inc b/config/ipguard/ipguard.priv.inc new file mode 100644 index 00000000..bfa0e71a --- /dev/null +++ b/config/ipguard/ipguard.priv.inc @@ -0,0 +1,41 @@ +<?php +/* + ipguard.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-firewall-ipguard'] = array(); +$priv_list['page-firewall-ipguard']['name'] = "WebCfg - Firewall: IPguard package"; +$priv_list['page-firewall-ipguard']['descr'] = "Allow access to IPguard package GUI"; + +$priv_list['page-firewall-ipguard']['match'] = array(); +$priv_list['page-firewall-ipguard']['match'][] = "pkg.php?xml=ipguard.xml*"; +$priv_list['page-firewall-ipguard']['match'][] = "pkg.php?xml=ipguard_sync.xml*"; +$priv_list['page-firewall-ipguard']['match'][] = "pkg_edit.php?xml=ipguard.xml*"; +$priv_list['page-firewall-ipguard']['match'][] = "pkg_edit.php?xml=ipguard_sync.xml*"; + +?> diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml index 2b13e7e0..71ea7fa2 100644 --- a/config/ipguard/ipguard.xml +++ b/config/ipguard/ipguard.xml @@ -42,14 +42,12 @@ ]]> </copyright> <name>ipguard</name> - <version>0.1.1</version> + <version>0.1.3</version> <title>Firewall: IPguard</title> - <description>IPguard MACs/IP</description> <savetext>Save</savetext> <include_file>/usr/local/pkg/ipguard.inc</include_file> <menu> <name>IPguard</name> - <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing.</tooltiptext> <section>Firewall</section> <url>/pkg.php?xml=ipguard.xml</url> </menu> @@ -65,6 +63,10 @@ <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item> </additional_files_needed> diff --git a/config/ipguard/ipguard_sync.xml b/config/ipguard/ipguard_sync.xml index 609dd6ca..e477ce3f 100755 --- a/config/ipguard/ipguard_sync.xml +++ b/config/ipguard/ipguard_sync.xml @@ -42,8 +42,8 @@ ]]> </copyright> <name>ipguardsync</name> - <version>0.1.1</version> - <title>IPguard - Sync</title> + <version>0.1.3</version> + <title>Firewall: IPguard: Sync</title> <include_file>/usr/local/pkg/ipguard.inc</include_file> <tabs> <tab> @@ -62,30 +62,89 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync configuration changes</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Automatically sync changes to the hosts defined below.</description> - <type>checkbox</type> + <description> + <![CDATA[ + Select a sync method for IPguard.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>Sync Timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>XMLRPC timeout in seconds.</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds (Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> + </field> + <field> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Username (admin)</fielddescr> + <fieldname>username</fieldname> + <description><![CDATA[Enter the username account for administration.]]></description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> diff --git a/config/ladvd/ladvd.inc b/config/ladvd/ladvd.inc index da37a1a9..c1d769ab 100644 --- a/config/ladvd/ladvd.inc +++ b/config/ladvd/ladvd.inc @@ -36,18 +36,24 @@ require_once("pkg-utils.inc"); function ladvd_resync_config() { global $config; - conf_mount_rw(); - - if (!is_array($config['installedpackages']['ladvd'])) + if (!is_array($config['installedpackages']['ladvd'])) { return; - if (!is_array($config['installedpackages']['ladvd']['config'])) + } + if (!is_array($config['installedpackages']['ladvd']['config'])) { return; + } $ladvd_conf = &$config['installedpackages']['ladvd']['config'][0]; + conf_mount_rw(); /* ladvd is turned off in package settings */ - if (empty($ladvd_conf['enable'])) + if (empty($ladvd_conf['enable'])) { + if (is_service_running("ladvd")) { + stop_service("ladvd"); + } + unlink_if_exists("/usr/local/etc/rc.d/ladvd.sh"); return; + } $cmdline = ""; @@ -98,7 +104,12 @@ function ladvd_resync_config() { ) ); - restart_service("ladvd"); + if (is_service_running("ladvd")) { + restart_service("ladvd"); + } else { + start_service("ladvd"); + } + sleep(1); conf_mount_ro(); } diff --git a/config/ladvd/ladvd.priv.inc b/config/ladvd/ladvd.priv.inc new file mode 100644 index 00000000..5dd30d44 --- /dev/null +++ b/config/ladvd/ladvd.priv.inc @@ -0,0 +1,43 @@ +<?php +/* + ladvd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-ladvd'] = array(); +$priv_list['page-services-ladvd']['name'] = "WebCfg - Services: ladvd"; +$priv_list['page-services-ladvd']['descr'] = "Allow access to ladvd package GUI"; +$priv_list['page-services-ladvd']['match'] = array(); +$priv_list['page-services-ladvd']['match'][] = "pkg_edit.php?xml=ladvd.xml*"; + +$priv_list['page-services-ladvd-status'] = array(); +$priv_list['page-services-ladvd-status']['name'] = "WebCfg - Status: ladvd"; +$priv_list['page-services-ladvd-status']['descr'] = "Allow access to ladvd status page"; +$priv_list['page-services-ladvd-status']['match'] = array(); +$priv_list['page-services-ladvd-status']['match'][] = "status_ladvd.php*"; + +?> diff --git a/config/ladvd/ladvd.xml b/config/ladvd/ladvd.xml index 5862afca..42c6485e 100644 --- a/config/ladvd/ladvd.xml +++ b/config/ladvd/ladvd.xml @@ -44,17 +44,19 @@ </copyright> <description>Link Layer Discovery Protocol</description> <name>LADVD</name> - <version>1.0.4.2</version> + <version>1.0.4.3</version> <category>Network Management</category> <title>Services: LADVD</title> - <savetext>Save</savetext> <include_file>/usr/local/pkg/ladvd.inc</include_file> - <aftersaveredirect>/pkg_edit.php?xml=ladvd.xml&id=0</aftersaveredirect> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/ladvd/ladvd.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/ladvd/ladvd.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/ladvd/status_ladvd.php</item> </additional_files_needed> @@ -62,7 +64,7 @@ <name>LADVD</name> <tooltiptext>Modify LADVD settings.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=ladvd.xml&id=0</url> + <url>/pkg_edit.php?xml=ladvd.xml</url> </menu> <menu> <name>LADVD Status</name> @@ -74,12 +76,12 @@ <name>ladvd</name> <rcfile>ladvd.sh</rcfile> <executable>ladvd</executable> - <description>Send and decode link layer advertisements.</description> + <description>Link Layer Discovery Protocol Daemon</description> </service> <tabs> <tab> <text>General</text> - <url>/pkg_edit.php?xml=ladvd.xml&id=0</url> + <url>/pkg_edit.php?xml=ladvd.xml</url> <active/> </tab> <tab> @@ -89,7 +91,7 @@ </tabs> <fields> <field> - <fielddescr>Enable ladvd</fielddescr> + <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <description>Enable or disable ladvd.</description> <enablefields>iface_array[],autoenable,silent,management,location,lldp,cdp,edp,ndp</enablefields> @@ -105,7 +107,7 @@ <description>Select the interfaces that LADVD will bind to. You can use the CTRL or COMMAND key to select multiple interfaces.</description> </field> <field> - <fielddescr>Auto-enable protocols</fielddescr> + <fielddescr>Auto-Enable Protocols</fielddescr> <fieldname>autoenable</fieldname> <description>Auto-enable protocols based on received packets (also enables receive mode).</description> <type>checkbox</type> @@ -113,11 +115,11 @@ <field> <fielddescr>Silent</fielddescr> <fieldname>silent</fieldname> - <description>Silent, don't transmit packets.</description> + <description>Silent mode, do not transmit packets.</description> <type>checkbox</type> </field> <field> - <fielddescr>Management interfaces</fielddescr> + <fielddescr>Management Interfaces</fielddescr> <fieldname>management</fieldname> <value>lan</value> <type>interfaces_selection</type> @@ -151,7 +153,7 @@ <field> <fielddescr>Enable NDP</fielddescr> <fieldname>ndp</fieldname> - <description>Enable NDP (Nortel Discovery Protocol) formerly called SynOptics Network Management Protocol (SONMP).</description> + <description>Enable NDP (Nortel Discovery Protocol); formerly called SynOptics Network Management Protocol (SONMP).</description> <type>checkbox</type> </field> </fields> diff --git a/config/lcdproc-dev/lcdproc.priv.inc b/config/lcdproc-dev/lcdproc.priv.inc new file mode 100644 index 00000000..6b2c061f --- /dev/null +++ b/config/lcdproc-dev/lcdproc.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + lcdproc.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-lcdproc'] = array(); +$priv_list['page-services-lcdproc']['name'] = "WebCfg - Services: LCDproc package"; +$priv_list['page-services-lcdproc']['descr'] = "Allow access to LCDproc package GUI"; +$priv_list['page-services-lcdproc']['match'] = array(); +$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc_screens.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc_screens.xml*"; + +?> diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index ce62cb5c..e5915e69 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -45,31 +45,35 @@ </copyright> <title>Services: LCDproc</title> <name>lcdproc</name> - <version>0.9.13</version> + <version>0.9.15</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> <active/> </tab> <tab> <text>Screens</text> - <url>/pkg_edit.php?xml=lcdproc_screens.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc_screens.xml</url> </tab> </tabs> <menu> <name>LCDproc</name> <tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </menu> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> diff --git a/config/lcdproc-dev/lcdproc_screens.xml b/config/lcdproc-dev/lcdproc_screens.xml index c3ba7aa1..ca2b0f87 100644 --- a/config/lcdproc-dev/lcdproc_screens.xml +++ b/config/lcdproc-dev/lcdproc_screens.xml @@ -44,18 +44,18 @@ ]]> </copyright> <title>Services: LCDproc: Screens</title> - <name>lcdproc_screens</name> - <version>0.9.13</version> + <name>lcdprocscreens</name> + <version>0.9.15</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </tab> <tab> <text>Screens</text> - <url>/pkg_edit.php?xml=lcdproc_screens.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc_screens.xml</url> <active/> </tab> </tabs> @@ -63,7 +63,7 @@ <name>LCDproc</name> <tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </menu> <fields> <field> diff --git a/config/lcdproc/lcdproc.priv.inc b/config/lcdproc/lcdproc.priv.inc new file mode 100644 index 00000000..6b2c061f --- /dev/null +++ b/config/lcdproc/lcdproc.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + lcdproc.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-lcdproc'] = array(); +$priv_list['page-services-lcdproc']['name'] = "WebCfg - Services: LCDproc package"; +$priv_list['page-services-lcdproc']['descr'] = "Allow access to LCDproc package GUI"; +$priv_list['page-services-lcdproc']['match'] = array(); +$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc_screens.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc.xml*"; +$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc_screens.xml*"; + +?> diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml index 4f109e47..33e61288 100644 --- a/config/lcdproc/lcdproc.xml +++ b/config/lcdproc/lcdproc.xml @@ -45,31 +45,35 @@ </copyright> <title>Services: LCDproc</title> <name>lcdproc</name> - <version>1.0.3</version> + <version>1.0.5</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> <active/> </tab> <tab> <text>Screens</text> - <url>/pkg_edit.php?xml=lcdproc_screens.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc_screens.xml</url> </tab> </tabs> <menu> <name>LCDproc</name> <tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </menu> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> diff --git a/config/lcdproc/lcdproc_screens.xml b/config/lcdproc/lcdproc_screens.xml index def770e6..6b6e283b 100644 --- a/config/lcdproc/lcdproc_screens.xml +++ b/config/lcdproc/lcdproc_screens.xml @@ -44,18 +44,18 @@ ]]> </copyright> <title>Services: LCDproc: Screens</title> - <name>lcdproc_screens</name> - <version>1.0.3</version> + <name>lcdprocscreens</name> + <version>1.0.5</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> <tab> <text>Server</text> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </tab> <tab> <text>Screens</text> - <url>/pkg_edit.php?xml=lcdproc_screens.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc_screens.xml</url> <active/> </tab> </tabs> @@ -63,7 +63,7 @@ <name>LCDproc</name> <tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=lcdproc.xml&id=0</url> + <url>/pkg_edit.php?xml=lcdproc.xml</url> </menu> <fields> <field> diff --git a/config/mtr-nox11/mtr-nox11.priv.inc b/config/mtr-nox11/mtr-nox11.priv.inc new file mode 100644 index 00000000..22e2488c --- /dev/null +++ b/config/mtr-nox11/mtr-nox11.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + mtr-nox11.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-mtr-nox11'] = array(); +$priv_list['page-diagnostics-mtr-nox11']['name'] = "WebCfg - Diagnostics: mtr-nox11"; +$priv_list['page-diagnostics-mtr-nox11']['descr'] = "Allow access to mtr-nox11 package GUI"; +$priv_list['page-diagnostics-mtr-nox11']['match'] = array(); +$priv_list['page-diagnostics-mtr-nox11']['match'][] = "pkg_edit.php?xml=mtr-nox11.xml*"; + +?> diff --git a/config/mtr-nox11/mtr-nox11.xml b/config/mtr-nox11/mtr-nox11.xml index 396e860d..133f61f2 100644 --- a/config/mtr-nox11/mtr-nox11.xml +++ b/config/mtr-nox11/mtr-nox11.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ @@ -8,7 +8,7 @@ /* ====================================================================================== */ /* mtr-nox11.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2014-2015 ESF, LLC All rights reserved. */ @@ -40,23 +40,21 @@ /* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>mtr</name> - <version>0.85_3</version> + <version>0.85.4</version> <title>Diagnostics: mtr</title> <savetext>Run mtr</savetext> <preoutput>yes</preoutput> - <!-- Invokes a simple input menu and will not update the configuration database. --> <donotsave>true</donotsave> - <!-- Menu is where this packages menu will appear --> <menu> <name>mtr</name> - <tooltiptext>mtr combines the functionality of the "traceroute" and "ping" programs into a single network diagnostic tool</tooltiptext> <section>Diagnostics</section> - <configfile>mtr-nox11.xml</configfile> + <url>/pkg_edit.php?xml=mtr-nox11.xml</url> </menu> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/mtr-nox11/mtr-nox11.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>IP or Hostname</fielddescr> @@ -70,7 +68,7 @@ <fieldname>count</fieldname> <description>This is the number of pings to send, each one takes 1 second.</description> <type>input</type> - <typehint>(Defaults to 10)</typehint> + <typehint>(Defaults to 10.)</typehint> </field> <field> <fielddescr>No DNS Lookup</fielddescr> @@ -111,8 +109,8 @@ $int_interval = (is_numeric($_POST['interval']) ? (abs(intval($_POST['interval']))) : 1); if (!is_hostname($_POST['hostname']) && !is_ipaddr($_POST['hostname'])) { - echo "<div class=\"errmsg\">ERROR: No valid IP or Hostname given. Fix this and try again!</div>"; - echo "\n<input class=\"formbtn\" type=\"button\" value=\"Back to mtr\" onclick=\"history.back()\">"; + echo "<strong><span class='errmsg'>ERROR:</span> No valid IP or Hostname given. Fix this and try again!</strong>\n"; + echo "\n<input class='formbtn' type='button' value='Back to mtr' onclick='history.back()'>"; die(); } @@ -136,7 +134,7 @@ $mtr_options .= " " . $_POST['hostname']; echo "Running mtr $mtr_options:\n\n"; system("/usr/local/sbin/mtr" . $mtr_options); - echo "\n<input class=\"formbtn\" type=\"button\" value=\"Back to mtr\" onclick=\"history.back()\">"; + echo "\n<input class='formbtn' type='button' value='Back to mtr' onclick='history.back()'>"; ]]> </custom_add_php_command> </packagegui> diff --git a/config/netio/netio.priv.inc b/config/netio/netio.priv.inc new file mode 100644 index 00000000..f07d33dc --- /dev/null +++ b/config/netio/netio.priv.inc @@ -0,0 +1,43 @@ +<?php +/* + netio.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-netio-client'] = array(); +$priv_list['page-diagnostics-netio-client']['name'] = "WebCfg - Diagnostics: netio client"; +$priv_list['page-diagnostics-netio-client']['descr'] = "Allow access to netio client GUI"; +$priv_list['page-diagnostics-netio-client']['match'] = array(); +$priv_list['page-diagnostics-netio-client']['match'][] = "pkg_edit.php?xml=netio.xml*"; + +$priv_list['page-diagnostics-netio-server'] = array(); +$priv_list['page-diagnostics-netio-server']['name'] = "WebCfg - Diagnostics: netio server"; +$priv_list['page-diagnostics-netio-server']['descr'] = "Allow access to netio server GUI"; +$priv_list['page-diagnostics-netio-server']['match'] = array(); +$priv_list['page-diagnostics-netio-server']['match'][] = "pkg_edit.php?xml=netioserver.xml*"; + +?> diff --git a/config/netio/netio.xml b/config/netio/netio.xml index 34f188c2..3bb079d8 100644 --- a/config/netio/netio.xml +++ b/config/netio/netio.xml @@ -42,16 +42,21 @@ ]]> </copyright> <name>netio</name> - <version>1.27</version> - <title>netio: Client</title> + <version>1.28</version> + <title>Diagnostics: netio: Client</title> + <savetext>Run netio client</savetext> <preoutput>yes</preoutput> <donotsave>true</donotsave> <menu> <name>netio</name> - <tooltiptext>Run netio in client or server mode.</tooltiptext> <section>Diagnostics</section> - <configfile>netio.xml</configfile> + <url>/pkg_edit.php?xml=netio.xml</url> </menu> + <service> + <name>netio</name> + <executable>netio</executable> + <description>netio Network Throughput Benchmark Server/Client</description> + </service> <tabs> <tab> <text>Client</text> @@ -64,6 +69,11 @@ </tab> </tabs> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/netio/netio.priv.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/netio/netioserver.xml</item> </additional_files_needed> <fields> @@ -78,16 +88,17 @@ <fieldname>port</fieldname> <description>Enter the port that netio will connect to. (Default: 18767)</description> <type>input</type> + <default_value>18767</default_value> </field> </fields> <custom_add_php_command> <![CDATA[ mwexec("/usr/bin/killall netio"); - $netio_options = ""; - if ($_POST['port'] != "") { - $netio_options .= " -p {$_POST['port']}"; - $netio_options .= $_POST['hostname']; - system("/usr/local/bin/netio " . $netio_options); + if ($_POST['port'] != "" && $_POST['hostname'] != "") { + $port = escapeshellarg($_POST['port']); + $hostname = escapeshellarg($_POST['hostname']); + $netio_options = "-p {$port} {$hostname}"; + system("/usr/local/bin/netio {$netio_options}"); } ]]> </custom_add_php_command> diff --git a/config/netio/netioserver.xml b/config/netio/netioserver.xml index da73e902..bbe32665 100644 --- a/config/netio/netioserver.xml +++ b/config/netio/netioserver.xml @@ -42,16 +42,11 @@ ]]> </copyright> <name>netioserver</name> - <version>1.27</version> - <title>netio: Server</title> + <version>1.28</version> + <title>Diagnostics: netio: Server</title> + <savetext>Run netio server</savetext> <preoutput>yes</preoutput> <donotsave>true</donotsave> - <menu> - <name>netio</name> - <tooltiptext>Run netio in client or server mode.</tooltiptext> - <section>Diagnostics</section> - <configfile>netio.xml</configfile> - </menu> <tabs> <tab> <text>Client</text> @@ -69,14 +64,15 @@ <fieldname>port</fieldname> <description>Enter the port that netio will bind to. (Default: 18767)</description> <type>input</type> + <default_value>18767</default_value> </field> </fields> <custom_add_php_command> <![CDATA[ mwexec("/usr/bin/killall netio"); - if($_POST['port'] != "") { - $netioserver_options = " -p {$_POST['port']}"; - system("/usr/local/bin/netio -s" . $netioserver_options); + if ($_POST['port'] != "") { + $port = escapeshellarg($_POST['port']); + system("/usr/local/bin/netio -s -p {$port}"); } ]]> </custom_add_php_command> diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index cbf1b15a..45a87d64 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -27,10 +27,12 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("pkg-utils.inc"); +require_once("util.inc"); function nmap_install() { $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.1": $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/share/nmap/nmap-mac-prefixes"; @@ -48,17 +50,23 @@ function nmap_install() { } } +function nmap_deinstall() { + $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; + if (is_link($destination_file)) { + @unlink($destination_file); + } +} + function nmap_custom_php_validation_command($post, &$input_errors) { - global $_POST, $savemsg, $config; - if (empty($_POST['hostname'])) { + if (empty($post['hostname'])) { $input_errors[] = gettext("You must enter an IP address to scan."); - } elseif (!(is_ipaddr($_POST['hostname']) || is_subnet($_POST['hostname']) || is_hostname($_POST['hostname']))) { + } elseif (!(is_ipaddr($post['hostname']) || is_subnet($post['hostname']) || is_hostname($post['hostname']))) { $input_errors[] = gettext("You must enter a valid IP address to scan."); } - if(!empty($_POST['interface'])) { + if(!empty($post['interface'])) { $interfaces = get_configured_interface_with_descr(); - if (!array_key_exists($_POST['interface'], $interfaces)) { + if (!array_key_exists($post['interface'], $interfaces)) { $input_errors[] = gettext("Invalid interface."); } } @@ -122,7 +130,7 @@ function nmap_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " " . $mode . ": " . htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $nmap_ifs[] = $tmp; } diff --git a/config/nmap/nmap.priv.inc b/config/nmap/nmap.priv.inc new file mode 100644 index 00000000..131d6d99 --- /dev/null +++ b/config/nmap/nmap.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nmap.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-nmap'] = array(); +$priv_list['page-diagnostics-nmap']['name'] = "WebCfg - Diagnostics: nmap package"; +$priv_list['page-diagnostics-nmap']['descr'] = "Allow access to nmap package GUI"; +$priv_list['page-diagnostics-nmap']['match'] = array(); +$priv_list['page-diagnostics-nmap']['match'][] = "pkg_edit.php?xml=nmap.xml*"; + +?> diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index 446ba461..665b40e9 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>nmap</name> - <version>1.4</version> + <version>1.4.1</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -50,7 +50,6 @@ <include_file>/usr/local/pkg/nmap.inc</include_file> <menu> <name>NMap</name> - <tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext> <section>Diagnostics</section> <configfile>nmap.xml</configfile> </menu> @@ -58,6 +57,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nmap/nmap.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nmap/nmap.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>IP or Hostname</fielddescr> @@ -68,7 +71,7 @@ <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>Enter the source interface here.</description> + <description>Select the source interface here.</description> <type>select_source</type> <source><![CDATA[nmap_get_interfaces()]]></source> <source_name>name</source_name> @@ -86,28 +89,44 @@ <option><name>UDP</name><value>udp</value></option> <option><name>ARP (directly connected networks only!)</name><value>arp</value></option> </options> - <typehint>Scan method</typehint> + <typehint>Select scan method.</typehint> </field> <field> <fielddescr>-P0</fielddescr> <fieldname>noping</fieldname> - <description>This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com. Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes. By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80.</description> + <description> + <![CDATA[ + Do not try to ping hosts at all before scanning them. This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall.<br/> + microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com.<br/> + Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes.<br/> + By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80. + ]]> + </description> <type>checkbox</type> - <typehint>Do not try to ping hosts at all before scanning them.</typehint> </field> <field> <fielddescr>-sV</fielddescr> <fieldname>servicever</fieldname> - <description>After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running. A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect. Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version).</description> + <description> + <![CDATA[ + Try to identify service versions. After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running.<br/> + A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect.<br/> + Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version). + ]]> + </description> <type>checkbox</type> - <typehint>Try to identify service versions.</typehint> </field> <field> <fielddescr>-O</fielddescr> <fieldname>osdetect</fieldname> - <description>This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning.</description> + <description> + <![CDATA[ + Turn on OS detection. This option activates remote host identification via TCP/IP fingerprinting.<br/> + In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning.<br/> + It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning. + ]]> + </description> <type>checkbox</type> - <typehint>Turn on OS detection.</typehint> </field> </fields> <custom_add_php_command> @@ -119,4 +138,7 @@ <custom_php_install_command> nmap_install(); </custom_php_install_command> + <custom_php_deinstall_command> + nmap_deinstall(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/notes/notes.priv.inc b/config/notes/notes.priv.inc new file mode 100644 index 00000000..fe4adae4 --- /dev/null +++ b/config/notes/notes.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + notes.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-status-notes'] = array(); +$priv_list['page-status-notes']['name'] = "WebCfg - Status: Notes"; +$priv_list['page-status-notes']['descr'] = "Allow access to Notes package GUI"; +$priv_list['page-status-notes']['match'] = array(); +$priv_list['page-status-notes']['match'][] = "pkg.php?xml=notes.xml*"; +$priv_list['page-status-notes']['match'][] = "pkg_edit.php?xml=notes.xml*"; + +?> diff --git a/config/notes/notes.xml b/config/notes/notes.xml index 03c0a01a..d6fb9abf 100644 --- a/config/notes/notes.xml +++ b/config/notes/notes.xml @@ -43,23 +43,29 @@ </copyright> <description>Notes</description> <name>Notes</name> - <version>0.2.6</version> - <title>Settings</title> + <version>0.2.8</version> + <title>Status: Notes</title> + <aftersaveredirect>/pkg.php?xml=notes.xml</aftersaveredirect> + <addedit_string>[notes] Successfully created/modified a note.</addedit_string> + <delete_string>[notes] Successfully deleted a note.</delete_string> <menu> <name>Notes</name> - <tooltiptext>Notes.</tooltiptext> <section>Status</section> <configfile>notes.xml</configfile> <url>/pkg.php?xml=notes.xml</url> </menu> <tabs> <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=notes.xml</url> + <text>Notes</text> + <url>/pkg.php?xml=notes.xml</url> <active/> </tab> </tabs> <configpath>installedpackages->package->$packagename->configuration->notes</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/notes/notes.priv.inc</item> + </additional_files_needed> <adddeleteeditpagefields> <columnitem> <fielddescr>Title</fielddescr> @@ -69,6 +75,9 @@ <fielddescr>Category</fielddescr> <fieldname>category</fieldname> </columnitem> + <addtext>Add a new note</addtext> + <edittext>Edit this note</edittext> + <deletetext>Delete this note</deletetext> </adddeleteeditpagefields> <fields> <field> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index 08aeb5c4..5a23a585 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -28,7 +28,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -require_once('filter.inc'); +require_once("filter.inc"); +require_once("pkg-utils.inc"); +require_once("util.inc"); global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); @@ -50,20 +52,9 @@ define('NRPE_RCFILE', '/usr/local/etc/rc.d/nrpe2.sh'); function nrpe2_custom_php_install_command() { - global $g, $config; - $NRPE_BASE = NRPE_BASE; - $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; - - $ip = $config['interfaces']['lan']['ipaddr']; - - if (!is_array($config['installedpackages']['nrpe2'])) { - $config['installedpackages']['nrpe2']['config'][0]['enabled'] = "on"; - $config['installedpackages']['nrpe2']['config'][0]['server_address'] = $ip; - $config['installedpackages']['nrpe2']['config'][0]['server_port'] = 5666; - $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] = "127.0.0.1"; - $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] = "on"; - } + global $config; + /* Create default commands configuration */ if (!is_array($config['installedpackages']['nrpe2']['config'][0]['row'])) { $config['installedpackages']['nrpe2']['config'][0]['row'] = array( 0 => array( @@ -107,8 +98,19 @@ function nrpe2_custom_php_install_command() { ) ); } + + /* Remove the rc script installed with the package */ unlink_if_exists(NRPE_CONFIG_DIR . '/rc.d/nrpe2'); - $nrpe2_binary = NRPE_BINARY; + +} + +function nrpe2_custom_php_deinstall_command() { + unlink_if_exists(NRPE_RCFILE); +} + +function nrpe2_write_rc_file() { + $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; + $NRPE2_BINARY = NRPE_BINARY; $fd = fopen(NRPE_RCFILE, 'w'); $rc_file = <<<EOD #!/bin/sh @@ -135,7 +137,7 @@ nrpe2_enable=\${nrpe2_enable-"YES"} name="nrpe2" rcvar="\${name}_enable" -command="{$nrpe2_binary}" +command="{$NRPE2_BINARY}" command_args="-d" extra_commands="reload" @@ -160,31 +162,34 @@ EOD; } +function nrpe2_resync_package() { + conf_mount_rw(); + nrpe2_custom_php_write_config(); + nrpe2_custom_php_service(); + conf_mount_ro(); +} + function nrpe2_custom_php_write_config() { - global $g, $config; + global $config; $nagios_check_path = NRPE_BASE . "/libexec/nagios"; - conf_mount_rw(); $cmds = array(); foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd) { $sudo_bin = "/usr/local/bin/sudo"; $sudo = (isset($cmd['sudo']) && is_executable($sudo_bin)) ? "{$sudo_bin} " : ""; $wcmd = !empty($cmd['warning']) ? "-w {$cmd['warning']}" : ""; $ccmd = !empty($cmd['critical']) ? "-c {$cmd['critical']}" : ""; - if (is_executable("{$nagios_check_path}/{$cmd['command']}")) + if (is_executable("{$nagios_check_path}/{$cmd['command']}")) { $cmds[] = "command[{$cmd['name']}]={$sudo}{$nagios_check_path}/{$cmd['command']} {$wcmd} {$ccmd} {$cmd['extra']}\n"; + } } $commands = implode($cmds); - $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port']; - $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts']; - $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe']; - if ($config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on") { - $dont_blame_nrpe = 1; - } else { - $dont_blame_nrpe = 0; - } + $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port'] ?: '5666'; + $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] ?: '127.0.0.1'; + $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on" ? '1' : '0'; + /* Create configuration file */ $fd = fopen(NRPE_CONFIG_DIR . '/nrpe.cfg', 'w'); $nrpe_cfg = <<<EOD log_facility=daemon @@ -199,22 +204,29 @@ command_timeout=60 connection_timeout=300 {$commands} EOD; - if (defined($config['installedpackages']['nrpe2']['config'][0]['server_address'])) { - $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address']; - $nrpe_cfg .= "server_address={$server_address}"; + if ($config['installedpackages']['nrpe2']['config'][0]['server_address'] != "") { + $nrpe_cfg .= "server_address={$config['installedpackages']['nrpe2']['config'][0]['server_address']}"; } fwrite($fd, $nrpe_cfg); fclose($fd); - conf_mount_ro(); + } function nrpe2_custom_php_service() { global $config; if ($config['installedpackages']['nrpe2']['config'][0]['enabled'] == "on") { - restart_service("nrpe2"); + nrpe2_write_rc_file(); + if (is_service_running("nrpe2")) { + restart_service("nrpe2"); + } else { + start_service("nrpe2"); + } } else { - stop_service("nrpe2"); + if (is_service_running("nrpe2")) { + stop_service("nrpe2"); + } + unlink_if_exists(NRPE_RCFILE); } } @@ -222,8 +234,26 @@ function nrpe2_get_commands() { $nagios_check_path = NRPE_BASE . "/libexec/nagios"; $commands = glob("{$nagios_check_path}/check_*"); $cmdarr = array(); - foreach ($commands as $cmd) + foreach ($commands as $cmd) { $cmdarr[]["command"] = basename($cmd); + } return $cmdarr; } + +function nrpe2_custom_php_validation_command($post, &$input_errors) { + if (!is_port($post['server_port'])) { + $input_errors[] = gettext("'Port Number' must be a valid port."); + } + if ($post['server_address'] != "") { + if (!is_ipaddr($post['server_address'])) { + $input_errors[] = gettext("'Bind IP Address' must be a valid IP address."); + } + } + foreach (explode(",", $post['allowed_hosts']) as $host) { + if (!empty($host) && !is_ipaddr($host)) { + $input_errors[] = gettext("'Nagios Server(s)' entry '{$host}' is not a valid IP address."); + } + } +} + ?> diff --git a/config/nrpe2/nrpe2.priv.inc b/config/nrpe2/nrpe2.priv.inc new file mode 100644 index 00000000..3014806a --- /dev/null +++ b/config/nrpe2/nrpe2.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nrpe2.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-nrpe2'] = array(); +$priv_list['page-services-nrpe2']['name'] = "WebCfg - Services: nrpe2 package"; +$priv_list['page-services-nrpe2']['descr'] = "Allow access to nrpe2 package GUI"; +$priv_list['page-services-nrpe2']['match'] = array(); +$priv_list['page-services-nrpe2']['match'][] = "pkg_edit.php?xml=nrpe2.xml*"; + +?> diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index f70835c3..dcd6a5a9 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -42,10 +42,9 @@ /* ====================================================================================== */ ]]> </copyright> - <description>Nagios NRPEv2</description> <name>nrpe2</name> - <version>2.2.1</version> - <title>NRPEv2</title> + <version>2.2.2</version> + <title>Services: NRPEv2</title> <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/nrpe2.inc</include_file> <menu> @@ -58,35 +57,39 @@ <name>nrpe2</name> <rcfile>nrpe2.sh</rcfile> <executable>nrpe2</executable> - <description>Nagios NRPE Daemon</description> + <description>Nagios NRPEv2 Daemon</description> </service> <configpath>installedpackages->package->nrpe2</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.priv.inc</item> + </additional_files_needed> <fields> <field> <type>listtopic</type> - <name>NRPE Options</name> - <fieldname>temp</fieldname> + <name>Service Options</name> </field> <field> - <fielddescr>Enabled</fielddescr> + <fielddescr>Enable NRPE</fielddescr> <fieldname>enabled</fieldname> <description>Check this to enable NRPE daemon.</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Configuration Options</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Port Number</fielddescr> <fieldname>server_port</fieldname> <description>Port number we should wait for connections on. (Default: 5666)</description> <type>input</type> + <default_value>5666</default_value> <required/> </field> <field> @@ -107,12 +110,12 @@ <fieldname>dont_blame_nrpe</fieldname> <description>Check this to enable accept NRPE arguments. (Default: 0)</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Commands</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Command Definitions that the Nagios server can call via the NRPE daemon.</fielddescr> @@ -158,34 +161,29 @@ <rowhelperfield> <fielddescr>Extra Options (Example: -s Z \$ARG1\$ \$ARG2\$)</fielddescr> <fieldname>extra</fieldname> - <description><![CDATA[<strong>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</strong>]]></description> + <description>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</description> <type>input</type> <size>25</size> </rowhelperfield> </rowhelper> </field> </fields> - <custom_delete_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_delete_php_command> - <custom_add_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_add_php_command> <custom_php_install_command> nrpe2_custom_php_install_command(); - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); </custom_php_install_command> <custom_php_deinstall_command> - nrpe2_custom_php_write_config(); + nrpe2_custom_php_deinstall_command(); </custom_php_deinstall_command> + <custom_add_php_command> + nrpe2_resync_package(); + </custom_add_php_command> + <custom_delete_php_command> + nrpe2_resync_package(); + </custom_delete_php_command> <custom_php_resync_config_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); + nrpe2_resync_package(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> + <custom_php_validation_command> + nrpe2_custom_php_validation_command($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/ntop2/ntop.inc b/config/ntop2/ntop.inc new file mode 100644 index 00000000..da017eac --- /dev/null +++ b/config/ntop2/ntop.inc @@ -0,0 +1,157 @@ +<?php +/* + ntop.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2011-2013 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("pkg-utils.inc"); + +function ntop_php_install_command() { + safe_mkdir("/var/db/ntop/rrd/graphics", 0755); + mwexec("/bin/chmod -R 0755 /var/db/ntop"); + mwexec("/usr/sbin/chown -R nobody:nobody /var/db/ntop"); + mwexec("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/"); + ntop_upgrade_config(); +} + +function ntop_php_deinstall_command() { + global $config; + + /* Wipe data and settings if the user does not wish to keep them */ + if (is_array($config['installedpackages']['ntop'])) { + $ntop_config = $config['installedpackages']['ntop']['config'][0]; + } else { + $ntop_config = array(); + } + if ($ntop_config['keepdata'] != "on") { + if (is_dir("/var/db/ntop/")) { + mwexec("rm -rf /var/db/ntop/"); + } + unset($config['installedpackages']['ntop']); + write_config("[ntop] Removed package settings on uninstall."); + log_error(gettext("[ntop] Removed package data and settings since 'Keep Data/Settings' is disabled.")); + } +} + +function ntop_upgrade_config() { + global $config; + /* Fix flipped --no-interface-merge configuration meaning */ + if (is_array($config['installedpackages']['ntop'])) { + if (isset($config['installedpackages']['ntop']['config'][0]['allowmerge'])) { + $config['installedpackages']['ntop']['config'][0]['disallowmerge'] = "on"; + unset($config['installedpackages']['ntop']['config'][0]['allowmerge']); + } + } +} + +function sync_package_ntop() { + global $config, $g; + + if (is_array($config['installedpackages']['ntop'])) { + $ntop_config = $config['installedpackages']['ntop']['config'][0]; + } else { + $ntop_config = array(); + } + conf_mount_rw(); + + /* Just stop services and unlink rc script if disabled */ + if ($ntop_config['enable'] != "on") { + ntop_stop_service(); + unlink_if_exists("/usr/local/etc/rc.d/ntop.sh"); + return; + } + + /* Set up ntop interfaces */ + $ifaces_final = ""; + $first = 0; + $mergeifs = $ntop_config['disallowmerge'] == "on" ? "-M" : ""; + + foreach ($ntop_config['interface_array'] as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + if ($if) { + if ($first == 1) { + $ifaces_final .= ","; + } + $ifaces_final .= $if; + $first = 1; + } + } + + $start = "/usr/local/bin/ntop -i {$ifaces_final} -u root -d -4 {$mergeifs} -x 8102 -X 8192 &"; + write_rcfile(array("file" => "ntop.sh", "start" => $start, "stop" => "/usr/bin/killall ntop")); + + /* Set up admin password and (re)start services if not booting */ + if ((function_exists("platform_booting")) && (!platform_booting())) { + ntop_stop_service(); + ntop_set_password(); + start_service("ntop"); + } elseif (!($g['booting'])) { + ntop_stop_service(); + ntop_set_password(); + start_service("ntop"); + } + + conf_mount_ro(); +} + +function ntop_stop_service() { + if (is_service_running("ntop")) { + stop_service("ntop"); + // Wait for ntop to shut down cleanly. + for ($i = 0; $i <= 10; $i++) { + if (!is_process_running("ntop")) { + break; + } + sleep(2); + } + } +} + +function ntop_set_password() { + global $config; + + if (is_array($config['installedpackages']['ntop'])) { + $ntop_config = $config['installedpackages']['ntop']['config'][0]; + } else { + $ntop_config = array(); + } + $ntop_password = $ntop_config['password'] ?: "admin"; + unlink_if_exists("/var/db/ntop/ntop_pw.db"); + mwexec("/usr/local/bin/ntop --set-admin-password={$ntop_password}"); + sleep(2); +} + +function ntop_validate_input($post, &$input_errors) { + if (empty($post['password']) || empty($post['passwordagain'])) { + $input_errors[] = "You must provide (and confirm) ntop's password."; + } + + if ($post['password'] != $post['passwordagain']) { + $input_errors[] = "The provided passwords did not match."; + } +} + +?> diff --git a/config/ntop2/ntop.priv.inc b/config/ntop2/ntop.priv.inc new file mode 100644 index 00000000..e8c80977 --- /dev/null +++ b/config/ntop2/ntop.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + ntop.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-ntop'] = array(); +$priv_list['page-diagnostics-ntop']['name'] = "WebCfg - Diagnostics: ntop package"; +$priv_list['page-diagnostics-ntop']['descr'] = "Allow access to ntop package GUI"; +$priv_list['page-diagnostics-ntop']['match'] = array(); +$priv_list['page-diagnostics-ntop']['match'][] = "pkg_edit.php?xml=ntop.xml*"; + +?> diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml index 6ba86525..5aab1e53 100644 --- a/config/ntop2/ntop.xml +++ b/config/ntop2/ntop.xml @@ -1,28 +1,31 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2008 Scott Ullrich + ntop.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2011-2013 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -35,19 +38,26 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ +/* ====================================================================================== */ ]]> </copyright> <name>ntop</name> - <version>3.0</version> + <version>2.3.2</version> <title>Diagnostics: ntop Settings</title> - <savetext>Change</savetext> - <aftersaveredirect>pkg_edit.php?xml=ntop.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/ntop.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/ntop2/ntop.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/ntop2/ntop.priv.inc</item> + </additional_files_needed> + <aftersaveredirect>pkg_edit.php?xml=ntop.xml</aftersaveredirect> <menu> <name>ntop Settings</name> - <tooltiptext>Set ntop settings such as password and port.</tooltiptext> <section>Diagnostics</section> - <url>/pkg_edit.php?xml=ntop.xml&id=0</url> + <url>/pkg_edit.php?xml=ntop.xml</url> </menu> <menu> <name>ntop</name> @@ -60,12 +70,12 @@ <name>ntop</name> <rcfile>ntop.sh</rcfile> <executable>ntop</executable> - <description>NTOP bandwidth monitoring/graphing</description> + <description>NTOP Network Traffic Monitor</description> </service> <tabs> <tab> - <text>ntop Settings</text> - <url>/pkg_edit.php?xml=ntop.xml&id=0</url> + <text>Settings</text> + <url>/pkg_edit.php?xml=ntop.xml</url> <active/> </tab> <tab> @@ -75,15 +85,37 @@ </tabs> <fields> <field> + <fielddescr>Enable ntop</fielddescr> + <fieldname>enable</fieldname> + <description>Check this to enable ntop.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Keep Data/Settings</fielddescr> + <fieldname>keepdata</fieldname> + <description> + <![CDATA[ + Check this to keep ntop settings, graphs and traffic data. (Default: on)<br /> + <strong><span class="errmsg">Note:</span> If 'Keep Data/Settings' is disabled, all settings and data will be wiped on package uninstall/reinstall/upgrade!</strong> + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> <fielddescr>ntop Admin Password</fielddescr> <fieldname>password</fieldname> - <description>Enter the password for the NTOP Web GUI. Minimum 5 characters.</description> + <description>Enter the password for the NTOP Web GUI. Minimum 5 characters.</description> <type>password</type> + <required>true</required> + <size>20</size> </field> <field> - <fielddescr>ntop Admin Password AGAIN</fielddescr> + <fielddescr>Confirm ntop Admin Password</fielddescr> <fieldname>passwordagain</fieldname> <type>password</type> + <required>true</required> + <size>20</size> </field> <field> <fielddescr>Interface</fielddescr> @@ -92,82 +124,30 @@ <size>3</size> <value>lan</value> <multiple>true</multiple> + <hideinterfaceregex>loopback</hideinterfaceregex> </field> <field> - <fielddescr>Allow merging interfaces<br>(Def: Do not merge)</fielddescr> - <fieldname>allowmerge</fieldname> + <fielddescr>Disallow merging interfaces</fielddescr> + <fieldname>disallowmerge</fieldname> + <description> + <![CDATA[ + By default, traffic information obtained by all the interfaces is merged together as if the traffic was seen by only one interface.<br /> + Use this option to keep traffic separate by interface. (Default: Disabled) + ]]> + </description> <type>checkbox</type> </field> </fields> - <custom_php_global_functions> - <![CDATA[ - function sync_package_ntop() { - conf_mount_rw(); - global $config; - global $input_errors; - if ($_POST) { - $config['installedpackages']['ntop']['config'] = array(); - $config['installedpackages']['ntop']['config'][0] = $_POST; - } - $ntop_config =& $config['installedpackages']['ntop']['config'][0]; - $if_final = ""; - $ifaces_final = ""; - system("/bin/mkdir -p /var/db/ntop"); - system("/bin/mkdir -p /var/db/ntop/rrd"); - system("/bin/mkdir -p /var/db/ntop/rrd/graphics"); - system("/bin/chmod -R 755 /var/db/ntop"); - system("/usr/sbin/chown -R nobody:nobody /var/db/ntop"); - system("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/"); - $first = 0; - $mergeifs = ($ntop_config['allowmerge'] == "on") ? "" : "-M"; - foreach($ntop_config['interface_array'] as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - if($if) { - if($first == 1) - $ifaces_final .= ","; - $ifaces_final .= $if; - $first = 1; - } - } - $start = "/usr/local/bin/ntop -i {$ifaces_final} -u root -d -4 {$mergeifs} -x 8102 -X 8192 &"; - write_rcfile(array( - "file" => "ntop.sh", - "start" => $start, - "stop" => "/usr/bin/killall ntop" - ) - ); - if (is_service_running("ntop")) { - stop_service("ntop"); - // Wait for ntop to shut down cleanly. - sleep(20); - } - if (empty($ntop_config['password'])) - $ntop_config['password'] = "admin"; - unlink_if_exists("/var/db/ntop/ntop_pw.db"); - exec("/usr/local/bin/ntop --set-admin-password={$ntop_config['password']}"); - sleep(2); - start_service("ntop"); - conf_mount_ro(); - } - ]]> - </custom_php_global_functions> - <custom_add_php_command> - sync_package_ntop(); - </custom_add_php_command> + <custom_php_install_command> + ntop_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + ntop_php_deinstall_command(); + </custom_php_deinstall_command> <custom_php_resync_config_command> sync_package_ntop(); </custom_php_resync_config_command> - <custom_php_install_command> - sync_package_ntop(); - </custom_php_install_command> <custom_php_validation_command> - <![CDATA[ - if ($_POST) { - if (empty($_POST['password']) || empty($_POST['passwordagain'])) - $input_errors[] = "You must provide (and confirm) ntop's password."; - if ($_POST['password'] != $_POST['passwordagain']) - $input_errors[] = "The provided passwords did not match."; - } - ]]> + ntop_validate_input($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/ntopng/ntopng.inc b/config/ntopng/ntopng.inc index 73db1ab0..92b0c5dd 100644 --- a/config/ntopng/ntopng.inc +++ b/config/ntopng/ntopng.inc @@ -94,6 +94,14 @@ function ntopng_sync_package() { $ifaces = ""; $ntopng_config =& $config['installedpackages']['ntopng']['config'][0]; + + /* Just stop services and unlink rc script if disabled */ + if ($ntopng_config['enable'] != "on") { + ntopng_services_stop(); + unlink_if_exists("/usr/local/etc/rc.d/ntopng.sh"); + return; + } + foreach ($ntopng_config['interface_array'] as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); if ($if) { @@ -168,19 +176,15 @@ function ntopng_sync_package() { /* Set up admin password */ ntopng_set_redis_password(); - /* Restart services if enabled and not booting */ + /* (Re)start services if not booting */ if ((function_exists("platform_booting")) && (!platform_booting())) { ntopng_services_stop(); - if ($ntopng_config['enable'] == "on") { - start_service("ntopng"); - sleep(20); - } + start_service("ntopng"); + sleep(20); } elseif (!($g['booting'])) { ntopng_services_stop(); - if ($ntopng_config['enable'] == "on") { - start_service("ntopng"); - sleep(20); - } + start_service("ntopng"); + sleep(20); } } diff --git a/config/ntopng/ntopng.priv.inc b/config/ntopng/ntopng.priv.inc new file mode 100644 index 00000000..6db26f02 --- /dev/null +++ b/config/ntopng/ntopng.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + ntopng.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-ntopng'] = array(); +$priv_list['page-diagnostics-ntopng']['name'] = "WebCfg - Diagnostics: ntopng package"; +$priv_list['page-diagnostics-ntopng']['descr'] = "Allow access to ntopng package GUI"; +$priv_list['page-diagnostics-ntopng']['match'] = array(); +$priv_list['page-diagnostics-ntopng']['match'][] = "pkg_edit.php?xml=ntopng.xml*"; + +?> diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml index ee1a4d3e..9cd51aea 100644 --- a/config/ntopng/ntopng.xml +++ b/config/ntopng/ntopng.xml @@ -39,13 +39,17 @@ ]]> </copyright> <name>ntopng</name> - <version>0.8.0</version> + <version>0.8.2</version> <title>Diagnostics: ntopng Settings</title> <include_file>/usr/local/pkg/ntopng.inc</include_file> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/ntopng/ntopng.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/ntopng/ntopng.priv.inc</item> + </additional_files_needed> <aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect> <menu> <name>ntopng Settings</name> diff --git a/config/nut/nut.priv.inc b/config/nut/nut.priv.inc new file mode 100644 index 00000000..44cb7402 --- /dev/null +++ b/config/nut/nut.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + nut.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-nut'] = array(); +$priv_list['page-services-nut']['name'] = "WebCfg - Services: NUT package"; +$priv_list['page-services-nut']['descr'] = "Allow access to NUT package GUI"; + +$priv_list['page-services-nut']['match'] = array(); +$priv_list['page-services-nut']['match'][] = "pkg_edit.php?xml=nut.xml*"; +$priv_list['page-services-nut']['match'][] = "status_nut.php*"; +$priv_list['page-services-nut']['match'][] = "ups_status.widget.php*"; + +?> diff --git a/config/nut/nut.xml b/config/nut/nut.xml index e066bc83..061a77de 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -41,7 +41,7 @@ ]]> </copyright> <name>nut</name> - <version>2.1.1</version> + <version>2.1.2</version> <title>Services: NUT</title> <savetext>Change</savetext> <aftersaveredirect>/status_nut.php</aftersaveredirect> @@ -65,7 +65,7 @@ </tab> <tab> <text>NUT Settings</text> - <url>/pkg_edit.php?xml=nut.xml&id=0</url> + <url>/pkg_edit.php?xml=nut.xml</url> <active/> </tab> </tabs> @@ -74,6 +74,10 @@ <item>https://packages.pfsense.org/packages/config/nut/nut.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nut/nut.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item> </additional_files_needed> diff --git a/config/pfflowd/pfflowd.priv.inc b/config/pfflowd/pfflowd.priv.inc new file mode 100644 index 00000000..67074f52 --- /dev/null +++ b/config/pfflowd/pfflowd.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + pfflowd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-pfflowd'] = array(); +$priv_list['page-services-pfflowd']['name'] = "WebCfg - Services: pfflowd package"; +$priv_list['page-services-pfflowd']['descr'] = "Allow access to pfflowd package GUI"; +$priv_list['page-services-pfflowd']['match'] = array(); +$priv_list['page-services-pfflowd']['match'][] = "pkg_edit.php?xml=pfflowd.xml*"; + +?> diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml index 44294d69..25a68a2c 100644 --- a/config/pfflowd/pfflowd.xml +++ b/config/pfflowd/pfflowd.xml @@ -42,138 +42,130 @@ ]]> </copyright> <name>pfflowd</name> - <version>1.0.3</version> - <title>pfflowd: Settings</title> - <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> + <version>1.0.4</version> + <title>Services: pfflowd Settings</title> + <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect> <menu> <name>pfflowd</name> <tooltiptext>Modify pfflowd settings.</tooltiptext> <section>Services</section> <configfile>pfflowd.xml</configfile> - <url>/pkg_edit.php?xml=pfflowd.xml&id=0</url> + <url>/pkg_edit.php?xml=pfflowd.xml</url> </menu> <service> <name>pfflowd</name> <rcfile>pfflowd.sh</rcfile> <executable>pfflowd</executable> + <description>Netflow Export Daemon</description> </service> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item> + </additional_files_needed> <fields> <field> - <fielddescr>Host</fielddescr> + <fielddescr>Enable pfflowd</fielddescr> + <fieldname>enabled</fieldname> + <description>Check this to enable pfflowd daemon.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Destination Host</fielddescr> <fieldname>host</fieldname> - <description>Specify the host that datagrams are to be sent to.</description> + <description>Specify the IP address of the host that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Port</fielddescr> + <fielddescr>Destination Port</fielddescr> <fieldname>port</fieldname> <description>Enter the port that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Source Hostname/IP</fielddescr> + <fielddescr>Source IP</fielddescr> <fieldname>sourcehost</fieldname> - <description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description> + <description> + <![CDATA[ + Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong> + ]]> + </description> <type>input</type> </field> <field> - <fielddescr>pf rule direction restriction</fielddescr> + <fielddescr>pf Rule Direction Restriction</fielddescr> <fieldname>direction</fieldname> <description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description> <type>select</type> <options> - <option> - <name>Any</name> - <value>any</value> - </option> - <option> - <name>In</name> - <value>in</value> - </option> - <option> - <name>Out</name> - <value>out</value> - </option> + <option><name>Any</name><value>any</value></option> + <option><name>In</name><value>in</value></option> + <option><name>Out</name><value>out</value></option> </options> </field> <field> - <fielddescr>Netflow version</fielddescr> + <fielddescr>Netflow Version</fielddescr> <fieldname>version</fieldname> <description>Select which version of the NetFlow protocol to use.</description> <type>select</type> <options> - <option> - <name>9</name> - <value>9</value> - </option> - <option> - <name>5</name> - <value>5</value> - </option> - <option> - <name>1</name> - <value>1</value> - </option> + <option><name>9</name><value>9</value></option> + <option><name>5</name><value>5</value></option> + <option><name>1</name><value>1</value></option> </options> </field> </fields> <custom_php_global_functions> <![CDATA[ function sync_package_pfflowd() { - conf_mount_rw(); global $config; - foreach ($config['installedpackages']['pfflowd']['config'] as $cf) { - if ($cf['host'] != "") { - $start = "\n/sbin/ifconfig pfsync0 up\n"; - $start .= "/usr/local/sbin/pfflowd "; - $start .= " -n {$cf['host']}"; - if ($cf['port'] != "") { - $start .= ":{$cf['port']}"; - } - if (!empty($cf['sourcehost'])) { - $start .= " -s {$cf['sourcehost']} "; - } - if ($cf['direction'] != "") { - $start .= " -S {$cf['direction']}"; - } - if ($cf['version'] != "") { - $start .= " -v {$cf['version']}"; - } - write_rcfile(array( - "file" => "pfflowd.sh", - "start" => $start, - "stop" => "/usr/bin/killall pfflowd" - ) - ); + conf_mount_rw(); + if (is_array($config['installedpackages']['pfflowd']['config'])) { + $cf = $config['installedpackages']['pfflowd']['config'][0]; + } else { + $cf = array(); + } + if ($cf['enabled'] == "on") { + $start = "\n/sbin/ifconfig pfsync0 up\n"; + $start .= "/usr/local/sbin/pfflowd "; + $start .= " -n {$cf['host']}"; + $start .= ":{$cf['port']}"; + if (!empty($cf['sourcehost'])) { + $start .= " -s {$cf['sourcehost']} "; + } + if ($cf['direction'] != "") { + $start .= " -S {$cf['direction']}"; + } + if ($cf['version'] != "") { + $start .= " -v {$cf['version']}"; + } + write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd")); + if (is_service_running("pfflowd")) { restart_service("pfflowd"); - break; + } else { + start_service("pfflowd"); + } + } else { + if (is_service_running("pfflowd")) { + stop_service("pfflowd"); } + unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh"); } conf_mount_ro(); } function validate_form_pfflowd($post, &$input_errors) { - if (($post['host'] == "") || !is_ipaddr($post['host'])) { - $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; + if ($post['host'] != "" && !is_ipaddr($post['host'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field'; } - if (($post['port'] == "") || !is_port($post['port'])) { - $input_errors[] = 'You must specify a valid port number in the \'Port\' field'; + if ($post['port'] != "" && !is_port($post['port'])) { + $input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field'; } - } - - function cleanup_config_pfflowd() { - global $a_pkg; - $pffconf = array(); - if (is_array($a_pkg)) { - foreach($a_pkg as $cf) { - if ($cf['host'] != "") { - $pffconf = $cf; - } - } + if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field'; } - $a_pkg = array(); - $a_pkg[0] = $pffconf; } ]]> </custom_php_global_functions> @@ -183,7 +175,4 @@ <custom_php_validation_command> validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> - <custom_php_command_before_form> - cleanup_config_pfflowd(); - </custom_php_command_before_form> </packagegui> diff --git a/config/phpservice/phpservice.inc b/config/phpservice/phpservice.inc index d04e021a..8ccd4f3c 100644 --- a/config/phpservice/phpservice.inc +++ b/config/phpservice/phpservice.inc @@ -27,12 +27,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once('pkg-utils.inc'); + function phpservice_sync_package() { global $config; - + conf_mount_rw(); + if ($config['installedpackages']['phpservice']['config'] != "") { - - conf_mount_rw(); $tmp = <<<EOF <?php @@ -47,10 +48,10 @@ fclose($fp); unset($filename); function send_to_syslog($syslogaddress, $syslogport, $syslogmsg) { - + $syslogaddress = "127.0.0.1"; $syslogport = 514; - + $fp = fsockopen("udp://".$syslogaddress, $syslogport, $errno, $errstr); if (!$fp) { return; @@ -75,8 +76,8 @@ EOF; $tmp_php = base64_decode($rowhelper['php']); if (strlen($tmp_php) > 0) { $tmp .= "// name: ".$rowhelper['name']." \n"; - $tmp .= "// description: ".$rowhelper['description']." \n\n"; - $tmp .= base64_decode($rowhelper['php']); + $tmp .= "// description: " . $rowhelper['description'] . " \n\n"; + $tmp .= preg_replace('/\r\n/', "\n", base64_decode($rowhelper['php'])); $tmp .= "\n"; } } @@ -96,21 +97,36 @@ EOF; unset($tmp); fclose($fout); - restart_service("phpservice"); - conf_mount_ro(); + phpservice_write_rcfile(); + if (is_service_running("phpservice")) { + restart_service("phpservice"); + } else { + start_service("phpservice"); + } } else { stop_service("phpservice"); + unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh"); } + conf_mount_ro(); } -function phpservice_install_command() { +function phpservice_write_rcfile() { write_rcfile(array( "file" => "phpservice.sh", - "start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", + "start" => "/usr/local/bin/php -f /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", "stop" => "/bin/rm -f /tmp/phpmonitor.pid; sleep 3" ) ); - phpservice_sync_package(); +} + +function phpservice_custom_php_service_status_command() { + exec("/bin/pgrep -fq phpservice", $output, $retval); + return $retval; +} + +function phpservice_deinstall_command() { + rmdir_recursive("/usr/local/www/packages/phpservice"); + unlink_if_exists("/usr/local/pkg/phpservice.php"); } ?> diff --git a/config/phpservice/phpservice.priv.inc b/config/phpservice/phpservice.priv.inc new file mode 100644 index 00000000..ec10c77e --- /dev/null +++ b/config/phpservice/phpservice.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + phpservice.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-phpservice'] = array(); +$priv_list['page-services-phpservice']['name'] = "WebCfg - Services: PHPService package"; +$priv_list['page-services-phpservice']['descr'] = "Allow access to PHPService package GUI"; +$priv_list['page-services-phpservice']['match'] = array(); +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php.php*"; +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php_edit.php*"; + +?> diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index 6bada596..f55dfe23 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -41,14 +41,12 @@ /* ====================================================================================== */ ]]> </copyright> - <description>PHP Service</description> - <name>PHP Service Settings</name> - <version>0.5.0</version> - <title>Settings</title> + <name>phpservice</name> + <version>0.5.2</version> + <title>PHPService</title> <include_file>/usr/local/pkg/phpservice.inc</include_file> <menu> <name>PHPService</name> - <tooltiptext>PHP Service settings.</tooltiptext> <section>Services</section> <configfile>phpservice.xml</configfile> <url>/packages/phpservice/phpservice_php.php</url> @@ -59,7 +57,7 @@ <executable>phpservice</executable> <description>PHP script as a service</description> <custom_php_service_status_command> - exec("/bin/pgrep -fq phpservice"); + phpservice_custom_php_service_status_command(); </custom_php_service_status_command> </service> <configpath>installedpackages->package->$packagename->configuration->phpservice</configpath> @@ -68,6 +66,10 @@ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/phpservice/</prefix> <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php.php</item> </additional_files_needed> @@ -78,7 +80,7 @@ <custom_php_resync_config_command> phpservice_sync_package(); </custom_php_resync_config_command> - <custom_php_install_command> - phpservice_install_command(); - </custom_php_install_command> + <custom_php_deinstall_command> + phpservice_deinstall_command(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/phpsysinfo/phpsysinfo.inc b/config/phpsysinfo/phpsysinfo.inc deleted file mode 100644 index 54ece241..00000000 --- a/config/phpsysinfo/phpsysinfo.inc +++ /dev/null @@ -1,156 +0,0 @@ -<?php -function phpsysinfo_install_deinstall() { - conf_mount_rw(); - exec("cd /var/db/pkg/ && pkg_delete `ls | grep mbmon`"); - exec("rm -d -R /usr/local/www/phpsysinfo"); - conf_mount_ro(); -} - -function phpsysinfo_install_config() { -global $config, $g; - conf_mount_rw(); - exec("cd .."); - exec("tar -zxovf /usr/local/pkg/phpsysinfo-2.5.4.tar.gz"); - exec("mv phpsysinfo /usr/local/www/phpsysinfo"); - -// link shared libraries -// if ((!file_exists("/lib/libm.so.4")) AND (file_exists("/lib/libm.so.5"))) { -// exec("ln -s /lib/libm.so.5 /lib/libm.so.4"); -// } - - /* lines need in config.php */ -$default_lng = en; -$default_template= pfSense; -$hide_picklist = "false"; -$show_vhostname = "false"; -$sensor_program = '""'; -$show_mount_point = "false"; -$show_inodes = "false"; -$hide_mounts = "array()"; -$hide_fstypes = "array()"; -$loadbar = "false"; -$showerrors = "false"; -$temperatureformat = '"c-f"'; -$hide_picklist = $config['installedpackages']['phpsysinfo']['config'][0]['hidepicklist']; -if($hide_picklist) - $hide_picklist = "true"; - else - $hide_picklist = "false"; - $sensor_program = $config['installedpackages']['phpsysinfo']['config'][0]['sensorprogram']; -if($sensor_program) - $sensor_program= "mbmon"; - else - $sensor_program = '""'; - $show_mount_point = $config['installedpackages']['phpsysinfo']['config'][0]['showmountpoint']; -if($show_mount_point) - $show_mount_point = "true"; - else - $show_mount_point = "false"; - $hide_fstypes = $config['installedpackages']['phpsysinfo']['config'][0]['hidefstypes']; -if($hide_fstypes) - $hide_fstypes = "$hide_fstypes"; - $show_inodes = $config['installedpackages']['phpsysinfo']['config'][0]['showinodes']; -if($show_inodes) - $show_inodes = "true"; - else - $show_inodes = "false"; - $loadbar = $config['installedpackages']['phpsysinfo']['config'][0]['loadbar']; -if($loadbar) - $loadbar = "true"; - else - $loadbar = "false"; - $showerrors = $config['installedpackages']['phpsysinfo']['config'][0]['showerrors']; -if($showerrors) - $showerrors = "true"; - else - $showerrors = "false"; - $hf = fopen("/usr/local/www/phpsysinfo/config.php","w"); -if(!$hf) { - log_error("could not open /usr/local/www/phpsysinfo/config.php for writing"); -exit; -} - -fwrite($hf, '<?php'); -fwrite($hf, "\n"); -// webpath but not used -fwrite($hf, '$webpath = "";'); -fwrite($hf, "\n"); -// define the default lang and template here -fwrite($hf, '$default_lng='); -fwrite($hf, "'"); -fwrite($hf, $default_lng); -fwrite($hf, "'"); -fwrite($hf, ';'); -fwrite($hf, "\n"); -fwrite($hf, '$default_template='); -fwrite($hf, "'"); -fwrite($hf, $default_template); -fwrite($hf, "'"); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// hide language and template picklist -// false = display picklist -// true = do not display picklist -fwrite($hf, '$hide_picklist = '); -fwrite($hf, $hide_picklist); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// display the virtual host name and address -// default is canonical host name and address -fwrite($hf, '$show_vhostname = '); -fwrite($hf, $show_vhostname); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// define the motherboard monitoring program here -fwrite($hf, '$sensor_program = '); -fwrite($hf, $sensor_program); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// show mount point -fwrite($hf, '$show_mount_point = '); -fwrite($hf, $show_mount_point); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// show bind -fwrite($hf, '$show_bind = false;'); -fwrite($hf, "\n"); -// show inode usage -fwrite($hf, '$show_inodes = '); -fwrite($hf, $show_inodes); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// show inode usage -fwrite($hf, '$hide_mounts = '); -fwrite($hf, $hide_mounts); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// Hide filesystem typess. Example: 'tmpfs', 'usbfs' -fwrite($hf, '$hide_fstypes = array('); -fwrite($hf, $hide_fstypes); -fwrite($hf, ');'); -fwrite($hf, "\n"); -// show a graph for current cpuload -fwrite($hf, '$loadbar = '); -fwrite($hf, $loadbar); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// e.g. $addpaths = array('/opt/bin', '/opt/sbin'); -fwrite($hf, '$addpaths = array();'); -fwrite($hf, "\n"); -// display error messages at the top of the page -fwrite($hf, '$showerrors = '); -fwrite($hf, $showerrors); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// format in which temperature is displayed -fwrite($hf, '$temperatureformat = '); -fwrite($hf, $temperatureformat); -fwrite($hf, ';'); -fwrite($hf, "\n"); -// The end of the config file -fwrite($hf, '?>'); -fwrite($hf, "\n"); -fclose($hf); - conf_mount_ro(); -} -?> diff --git a/config/phpsysinfo/phpsysinfo.xml b/config/phpsysinfo/phpsysinfo.xml deleted file mode 100644 index 550c0785..00000000 --- a/config/phpsysinfo/phpsysinfo.xml +++ /dev/null @@ -1,121 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>phpsysinfo</name> - <version>1.0</version> - <title>phpsysinfo</title> - <aftersaveredirect>/pkg_edit.php?xml=phpsysinfo.xml&id=0</aftersaveredirect> - <include_file>/usr/local/pkg/phpsysinfo.inc</include_file> - <menu> - <name>phpsysinfo</name> - <tooltiptext></tooltiptext> - <section>Status</section> - <url>/pkg_edit.php?xml=phpsysinfo.xml&id=0</url> - </menu> - <tabs> - <tab> - <text>phpsysinfo</text> - <url>/pkg_edit.php?xml=phpsysinfo.xml&id=0</url> - <active/> - </tab> - <tab> - <text>Access phpsysinfo</text> - <url>/phpsysinfo</url> - </tab> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> - <item>https://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item> - </additional_files_needed> - <fields> - <field> - <fielddescr>Hide picklist</fielddescr> - <fieldname>hidepicklist</fieldname> - <description>Hide language and template picklist</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Show mbmon</fielddescr> - <fieldname>sensorprogram</fieldname> - <description>Define the motherboard monitoring program here. Note that not all motherboards are supported and some only partly.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Show mount point</fielddescr> - <fieldname>showmountpoint</fieldname> - <description>Show mount point</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Show inodes</fielddescr> - <fieldname>showinodes</fieldname> - <description>Show inode usage</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Show loadbar</fielddescr> - <fieldname>loadbar</fieldname> - <description>Show a graph for current cpuload</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Show errors</fielddescr> - <fieldname>showerrors</fieldname> - <description>Display error messages at the top of the page. Note that vmstat is added in 1.0.1-SNAPSHOT-03-15-2007 and later</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_resync_config_command>phpsysinfo_install_config();</custom_php_resync_config_command> - <custom_php_install_command>phpsysinfo_install_config();</custom_php_install_command> - <custom_php_deinstall_command>phpsysinfo_install_deinstall();</custom_php_deinstall_command> -</packagegui> diff --git a/config/routed/routed.inc b/config/routed/routed.inc index 3bcef0aa..c83b0052 100644 --- a/config/routed/routed.inc +++ b/config/routed/routed.inc @@ -29,7 +29,6 @@ */ function setup_routed() { global $config; - $gw = ""; if (!is_array($config['installedpackages']['routed'])) { return; @@ -37,6 +36,10 @@ function setup_routed() { if (!is_array($config['installedpackages']['routed']['config'])) { return; } + + $gw = ""; + conf_mount_rw(); + if (isset($config['installedpackages']['routed']['config'][0]['enable']) && $config['installedpackages']['routed']['config'][0]['enable'] == "on") { /* if user selected individual interfaces */ @@ -55,21 +58,30 @@ function setup_routed() { /* setup for all interfaces */ $gw = setup_etc_gateways(); } - conf_mount_rw(); file_put_contents("/etc/gateways", $gw); - conf_mount_ro(); - restart_service("routed"); + routed_write_rcfile(); + if (is_service_running("routed")) { + restart_service("routed"); + } else { + start_service("routed"); + } } else { - stop_service("routed"); + if (is_service_running("routed")) { + stop_service("routed"); + } + unlink_if_exists("/etc/gateways"); + unlink_if_exists("/usr/local/etc/rc.d/routed.sh"); } + + conf_mount_ro(); } -function setup_etc_gateways($iface="", $mode="") { +function setup_etc_gateways($iface = "", $mode = "") { global $config; $ret = ""; if ($iface != "") { - $realif=convert_friendly_interface_to_real_interface_name($iface); + $realif = convert_friendly_interface_to_real_interface_name($iface); if (!empty($realif)) { $ret = "if={$realif} "; } @@ -104,7 +116,7 @@ function setup_etc_gateways($iface="", $mode="") { return $ret; } -function routed_install_command() { +function routed_write_rcfile() { write_rcfile(array( "file" => "routed.sh", "start" => "/usr/bin/nohup /sbin/routed > /dev/null 2>&1 &", @@ -114,7 +126,7 @@ function routed_install_command() { } function routed_deinstall_command() { - stop_service("routed"); + unlink_if_exists("/etc/gateways"); unlink_if_exists("/usr/local/etc/rc.d/routed.sh"); } diff --git a/config/routed/routed.priv.inc b/config/routed/routed.priv.inc new file mode 100644 index 00000000..f0068f81 --- /dev/null +++ b/config/routed/routed.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + routed.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-routed'] = array(); +$priv_list['page-services-routed']['name'] = "WebCfg - Services: Routed"; +$priv_list['page-services-routed']['descr'] = "Allow access to routed package GUI"; +$priv_list['page-services-routed']['match'] = array(); +$priv_list['page-services-routed']['match'][] = "pkg.php?xml=routed.xml*"; +$priv_list['page-services-routed']['match'][] = "pkg_edit.php?xml=routed.xml*"; + +?> diff --git a/config/routed/routed.xml b/config/routed/routed.xml index b38d7ee3..960cf83b 100644 --- a/config/routed/routed.xml +++ b/config/routed/routed.xml @@ -42,17 +42,23 @@ ]]> </copyright> <name>routed</name> - <version>1.2</version> + <version>1.2.2</version> <title>Services: RIP</title> <include_file>/usr/local/pkg/routed.inc</include_file> + <aftersaveredirect>pkg_edit.php?xml=routed.xml</aftersaveredirect> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/routed/routed.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/routed/routed.priv.inc</item> + </additional_files_needed> <menu> <name>RIP</name> <section>Services</section> <configfile>routed.xml</configfile> - <url>pkg_edit.php?xml=routed.xml&id=0</url> + <url>pkg_edit.php?xml=routed.xml</url> </menu> <service> <name>routed</name> @@ -117,13 +123,9 @@ <type>checkbox</type> </field> </fields> - <aftersaveredirect>pkg_edit.php?xml=routed.xml&id=0</aftersaveredirect> <custom_php_resync_config_command> setup_routed(); </custom_php_resync_config_command> - <custom_php_install_command> - routed_install_command(); - </custom_php_install_command> <custom_php_deinstall_command> routed_deinstall_command(); </custom_php_deinstall_command> diff --git a/config/rrd-summary/rrd-summary.priv.inc b/config/rrd-summary/rrd-summary.priv.inc new file mode 100644 index 00000000..f75315e8 --- /dev/null +++ b/config/rrd-summary/rrd-summary.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + rrd-summary.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-status-rrd-summary'] = array(); +$priv_list['page-status-rrd-summary']['name'] = "WebCfg - Status: RRD Summary"; +$priv_list['page-status-rrd-summary']['descr'] = "Allow access to RRD Summary package GUI"; +$priv_list['page-status-rrd-summary']['match'] = array(); +$priv_list['page-status-rrd-summary']['match'][] = "status_rrd_summary.php*"; + +?> diff --git a/config/rrd-summary/rrd-summary.xml b/config/rrd-summary/rrd-summary.xml index 67c20937..309f23d1 100644 --- a/config/rrd-summary/rrd-summary.xml +++ b/config/rrd-summary/rrd-summary.xml @@ -43,7 +43,7 @@ </copyright> <description>RRD Summary Page</description> <name>RRD Summary</name> - <version>1.2</version> + <version>1.2.1</version> <title>Status: RRD Summary</title> <menu> <name>RRD Summary</name> @@ -52,6 +52,10 @@ <url>/status_rrd_summary.php</url> </menu> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/rrd-summary/status_rrd_summary.php</item> </additional_files_needed> diff --git a/config/shellcmd/shellcmd.priv.inc b/config/shellcmd/shellcmd.priv.inc new file mode 100644 index 00000000..ae64514d --- /dev/null +++ b/config/shellcmd/shellcmd.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + shellcmd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-shellcmd'] = array(); +$priv_list['page-services-shellcmd']['name'] = "WebCfg - Services: shellcmd"; +$priv_list['page-services-shellcmd']['descr'] = "Allow access to shellcmd package GUI"; +$priv_list['page-services-shellcmd']['match'] = array(); +$priv_list['page-services-shellcmd']['match'][] = "pkg.php?xml=shellcmd.xml*"; +$priv_list['page-services-shellcmd']['match'][] = "pkg_edit.php?xml=shellcmd.xml*"; + +?> diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml index ea3144ff..78b876ff 100644 --- a/config/shellcmd/shellcmd.xml +++ b/config/shellcmd/shellcmd.xml @@ -42,8 +42,8 @@ ]]> </copyright> <name>Shellcmd Settings</name> - <version>1.0</version> - <title>Shellcmd Settings</title> + <version>1.0.1</version> + <title>Services: Shellcmd Settings</title> <include_file>/usr/local/pkg/shellcmd.inc</include_file> <aftersaveredirect>/pkg.php?xml=shellcmd.xml</aftersaveredirect> <addedit_string>[shellcmd] Successfully created/modified custom (early)shellcmd.</addedit_string> @@ -66,6 +66,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.priv.inc</item> + </additional_files_needed> <adddeleteeditpagefields> <columnitem> <fielddescr>Command</fielddescr> diff --git a/config/spamd/spamd.priv.inc b/config/spamd/spamd.priv.inc new file mode 100644 index 00000000..5a9c622b --- /dev/null +++ b/config/spamd/spamd.priv.inc @@ -0,0 +1,46 @@ +<?php +/* + spamd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-spamd'] = array(); +$priv_list['page-services-spamd']['name'] = "WebCfg - Services: spamd"; +$priv_list['page-services-spamd']['descr'] = "Allow access to spamd package GUI"; + +$priv_list['page-services-spamd']['match'] = array(); +$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd.xml*"; +$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd_whitelist.xml*"; +$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd_settings.xml*"; + +$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd.xml*"; +$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd_whitelist.xml*"; +$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd_settings.xml*"; + +$priv_list['page-services-spamd']['match'][] = "spamd_db.php*"; + +?> diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index 337aad00..7e11b9a9 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>spamdsources</name> - <version>1.1.6</version> + <version>1.1.7</version> <title>SpamD: External Sources</title> <include_file>/usr/local/pkg/spamd.inc</include_file> <backup_file>/var/db/spamd</backup_file> @@ -100,6 +100,10 @@ <item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/spamd/spamd.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item> </additional_files_needed> @@ -180,6 +184,6 @@ custom_php_deinstall_command(); </custom_php_deinstall_command> <filter_rules_needed> - spamd_generate_rules(); + spamd_generate_rules </filter_rules_needed> </packagegui> diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 973bbf05..b7eb9889 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -41,12 +41,6 @@ require_once('service-utils.inc'); if (!function_exists("filter_configure")) { require_once("filter.inc"); } -/* Squid reverse proxy */ -require_once('/usr/local/pkg/squid_reverse.inc'); -/* Squid javascript helpers */ -require_once('/usr/local/pkg/squid_js.inc'); -/* Squid antivirus intergration features helpers */ -require_once('/usr/local/pkg/squid_antivirus.inc'); $shortcut_section = "squid"; @@ -77,6 +71,13 @@ if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); } +/* Squid reverse proxy */ +require_once('/usr/local/pkg/squid_reverse.inc'); +/* Squid javascript helpers */ +require_once('/usr/local/pkg/squid_js.inc'); +/* Squid antivirus intergration features helpers */ +require_once('/usr/local/pkg/squid_antivirus.inc'); + /* * Utility functions */ @@ -642,6 +643,10 @@ function squid_upgrade_config() { $settingscache['donotcache'] = base64_encode(implode("\n", explode(",", $settingscache['donotcache']))); $config['installedpackages']['squidcache']['config'][0]['donotcache'] = $settingscache['donotcache']; } + /* unset broken dynamic caching patterns removed since Squid3 package v0.4.3 */ + if (!empty($config['installedpackages']['squidcache']['config']['refresh_patterns'])) { + unset($config['installedpackages']['squidcache']['config']['refresh_patterns']); + } /* migrate nac settings */ if (!empty($settingsnac['allowed_subnets']) && strstr($settingsnac['allowed_subnets'], ",")) { @@ -1218,9 +1223,14 @@ EOD; foreach ($real_ifaces as $iface) { list($ip, $mask) = $iface; $ip = long2ip(ip2long($ip) & ip2long($mask)); - $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); + $mask = 32 - log((ip2long($mask) ^ ip2long('255.255.255.255')) +1, 2); if (!preg_match("@$ip/$mask@", $src)) { - $src .= " $ip/$mask"; + // XXX: Do not add invalid subnets (Bug #4331, Bug #4526) + if (is_subnet("{$ip}/{$mask}")) { + $src .= " $ip/$mask"; + } else { + log_error("[squid] 'Allow Users on Interface' ACL skipped for '{$ip}/{$mask}' since it is not a valid subnet."); + } } } $conf .= "# Allow local network(s) on interface(s)\n"; @@ -1303,61 +1313,13 @@ function squid_resync_cache() { if (empty($settings['cache_dynamic_content'])) { $conf .= 'acl dynamic urlpath_regex cgi-bin \?' . "\n"; $conf .= "cache deny dynamic\n"; - } elseif (preg_match('/youtube/', $settings['refresh_patterns'])) { -// Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion) -/* $conf .= <<< EOC -# Break HTTP standard for flash videos. Keep them in cache even if asked not to. -refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private - -# Let the clients favorite video site through with full caching -acl youtube dstdomain .youtube.com -cache allow youtube - -EOC; -*/ - } - if (preg_match('/windows/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Windows Update refresh_pattern -range_offset_limit -1 -refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims -refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims -refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims - -EOC; - } - - if (preg_match('/symantec/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Symantec refresh_pattern -range_offset_limit -1 -refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims -refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims - -EOC; - } - if (preg_match('/avast/', $settings['refresh_patterns'])) { - $conf .= <<< EOC - -# Avast refresh_pattern -range_offset_limit -1 -refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims - -EOC; + } else { + if ($settings['custom_refresh_patterns'] != "") { + $conf .= sq_text_area_decode($settings['custom_refresh_patterns']) . "\n"; + } } - if (preg_match('/avira/', $settings['refresh_patterns'])) { - $conf.=<<< EOC - -# Avira refresh_pattern -range_offset_limit -1 -refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims -EOC; - } $refresh_conf = <<< EOC - # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 @@ -1366,10 +1328,6 @@ refresh_pattern . 0 20% 4320 EOC; - if ($settings['custom_refresh_patterns'] != "") { - $conf .= sq_text_area_decode($settings['custom_refresh_patterns']) . "\n"; - } - $conf .= <<< EOD cache_mem {$memory_cache_size} MB diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index b4f1aedf..ecb88d26 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidcache</name> - <version>0.4.1</version> + <version>0.4.3</version> <title>Proxy Server: Cache Management</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -361,33 +361,14 @@ <description> <![CDATA[ Select to <a href="http://wiki.squid-cache.org/ConfigExamples/DynamicContent">enable caching of dynamic content.</a><br/> - ]]> - </description> - <type>checkbox</type> - <size>10</size> - </field> - <field> - <fielddescr>Refresh Patterns</fielddescr> - <fieldname>refresh_patterns</fieldname> - <description> - <![CDATA[ With dynamic cache enabled, you can also apply refresh_patterns to sites like <a href="http://wiki.squid-cache.org/SquidFaq/WindowsUpdate">Windows Updates</a><br/><br/> <strong>Notes:</strong><br/> - Squid wiki suggests setting 'Finish transfer if less than x KB remaining' on 'Traffic Mgmt' tab to -1 (but you can apply your own values to control cache).<br/> - Set 'Maximum Download Size' on 'Traffic Mgmt' tab to a value that fits patterns your are applying. ]]> </description> - <type>select</type> - <default_value>none</default_value> - <options> - <!--<option><name>Youtube</name><value>youtube</value></option>--> - <option><name>Windows Update</name><value>windows</value></option> - <option><name>Symantec Antivirus</name><value>symantec</value></option> - <option><name>Avira</name><value>avira</value></option> - <option><name>Avast</name><value>avast</value></option> - </options> - <multiple/> - <size>05</size> + <type>checkbox</type> + <size>10</size> </field> <field> <fielddescr>Custom refresh_patterns</fielddescr> @@ -424,7 +405,7 @@ if ($cachedir_changed) { // only delete directories under sane paths automatically if (substr($oldcachedir, 0, 11) === "/var/squid/") { - log_error("Deleting Squid cache dir '{$oldcachedir}' since 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); + log_error("[squid] Deleting Squid cache dir '{$oldcachedir}' since 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); // cannot nuke disk cache while Squid is running squid_stop_monitor(); if (is_service_running('squid')) { @@ -435,8 +416,8 @@ // new cachedir will be created on squid_resync() below which calls squid_dash_z() // also the services will get restarted there } else { - log_error("'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); - log_error("Will NOT delete Squid cache dir '{$oldcachedir}' since it is not located under /var/squid. Delete manually if required."); + log_error("[squid] 'Hard Disk Cache Location' changed to '{$_POST['harddisk_cache_location']}'."); + log_error("[squid] Will NOT delete Squid cache dir '{$oldcachedir}' since it is not located under /var/squid. Delete manually if required."); } } squid_resync(); diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc index 0be94a6f..c9d51b8d 100644 --- a/config/squidGuard-devel/squidguard.inc +++ b/config/squidGuard-devel/squidguard.inc @@ -1,36 +1,34 @@ <?php -# ------------------------------------------------------------------------------ -/* squidguard.inc - +/* + squidguard.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006-2011 Serg Dvoriancev Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> Copyright (C) 2013 Marcello Coutinho - - part of pfSense (www.pfSense.com) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -# ------------------------------------------------------------------------------ - require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); @@ -103,10 +101,22 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== function squidguard_validate($post, &$input_errors) { + global $config, $g; $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data($input_errors); + if ($submit === APPLY_BTN) { + // XXX:Bug #4608 + if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) { + $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot."; + } + if ($g['platform'] != "pfSense") { + if ($post['blacklist'] != "" || $post['blacklist_proxy'] != "" || $post['blacklist_url'] != "") { + $input_errors[] = "Blacklists usage is NOT supported on NanoBSD. Disable 'Blacklist' option in 'General settings'."; + } + } + sg_check_config_data($input_errors); + } } # ------------------------------------------------------------------------------ @@ -1469,100 +1479,114 @@ function squidguard_blacklist_list() return $res; } -// ##### The following part is based on the code of pfblocker ##### - /* Uses XMLRPC to synchronize the changes to a remote node */ function squidguard_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['squidguardsync'])){ + + if (is_array($config['installedpackages']['squidguardsync'])) { $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; - } - else - { + $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'] ?: '150'; + } else { return; } - // if checkbox is NOT checked do nothing - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){ - $rs=$config['installedpackages']['squidguardsync']['config'][0]['row']; - } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config."); + if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])) { + $rs = $config['installedpackages']['squidguardsync']['config'][0]['row']; + } else { + log_error("[Squidguard] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['varsyncdestinenable']="on"; - $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); - if (! is_ipaddr($system_carp['synchronizetoip'])){ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == 'http') { + $rs[0]['varsyncprotocol'] = 'http'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = 'https'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } - break; + } else { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; default: return; - break; - } - if (is_array($rs)){ - log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); - foreach($rs as $sh){ - if($sh['varsyncdestinenable']){ - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - if($password && $sync_to_ip) - squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); - else - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + break; + } + if (is_array($rs)) { + log_error("[SquidGuard] XMLRPC sync is starting with timeout {$varsynctimeout} seconds."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['varsyncdestinenable']) { + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $username = $sh['varsyncusername'] ?: 'admin'; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; } - else { - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; } + if (!is_port($varsyncport)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout); + } else { + log_error("[SquidGuard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } else { + log_error("[SquidGuard] XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } - log_error("[SquidGuard] xmlrpc sync is ending."); - } + } + log_error("[SquidGuard] XMLRPC sync is ending."); + } } /* Do the actual XMLRPC sync */ -function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { +function squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout) { global $config, $g; - if($varsynctimeout == '' || $varsynctimeout == 0) - $varsynctimeout = 150; - - if(!$password) - return; - - if(!$sync_to_ip) - return; - - if(!$varsyncport) + if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") { + log_error("[SquidGuard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - if(!$varsyncprotocol) - return; - - // Check and choose correct protocol type, port number and IP address - $synchronizetoip .= "$varsyncprotocol" . '://'; - $port = "$varsyncport"; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - $synchronizetoip .= $sync_to_ip; + $url = "{$varsyncprotocol}://{$sync_to_ip}"; + $port = $varsyncport; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral']; $xml['squidguardacl'] = $config['installedpackages']['squidguardacl']; @@ -1570,82 +1594,74 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn $xml['squidguarddest'] = $config['installedpackages']['squidguarddest']; $xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite']; $xml['squidguardtime'] = $config['installedpackages']['squidguardtime']; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}."); + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ + log_error("[SquidGuard] Beginning XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after $varsynctimeout seconds */ + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + /* Send our XMLRPC message and timeout after $varsynctimeout seconds */ + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}."; - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}."); - } - - /* tell squidguard to reload our settings on the destionation sync host. */ + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* Tell Squidguard to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n"; - // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions + // Squidguard needs more functions; we point to a function below which contains all the required functions $execcmd .= "squidguard_all_after_XMLRPC_resync();"; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}."); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + + log_error("[SquidGuard] XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (exec_php)."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); - } + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + } } -// ##### The part above is based on the code of pfblocker ##### - -// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files +// This function restarts all other needed functions after XMLRPC sync so that the content of .XML + .INC will be written in the files // Adding more functions will increase the time to sync function squidguard_all_after_XMLRPC_resync() { - + squidguard_resync_acl(); squidguard_resync_dest(); squidguard_resync(); - - log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + + log_error("[SquidGuard] Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); } ?> diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml index b7874f82..a7742917 100644 --- a/config/squidGuard-devel/squidguard.xml +++ b/config/squidGuard-devel/squidguard.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidguardgeneral</name> - <version>1.5.8</version> + <version>1.5.9</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> @@ -148,7 +148,13 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>squidguard_enable</fieldname> - <description><![CDATA[Check this option to enable squidGuard]]></description> + <description> + <![CDATA[ + Check this option to enable squidGuard.<br /> + <strong><span class="errmsg">Important: </span></strong>Please set up at least one category on the 'Target Categories' tab before enabling. + See <a href="https://forum.pfsense.org/index.php?topic=94312.0">this link for details</a>. + ]]> + </description> <type>checkbox</type> </field> <field> @@ -244,8 +250,14 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description><![CDATA[Check this option to enable blacklist]]></description> + <description> + <![CDATA[ + Check this option to enable blacklist.<br /> + <strong><span class="errmsg">Do NOT enable this on NanoBSD installs!</span></strong> + ]]> + </description> <type>checkbox</type> + <enablefields>blacklist_proxy,blacklist_url</enablefields> </field> <field> <fielddescr>Blacklist proxy</fielddescr> diff --git a/config/squidGuard-devel/squidguard_sync.xml b/config/squidGuard-devel/squidguard_sync.xml index f0537faf..7ab2cc6c 100644 --- a/config/squidGuard-devel/squidguard_sync.xml +++ b/config/squidGuard-devel/squidguard_sync.xml @@ -1,54 +1,50 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -squidguardsync.xml -part of pfSense (http://www.pfSense.com) -Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> -Copyright (C) 2013 Marcello Coutinho -based on pfblocker_sync.xml -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. -All rights reserved. + squidguardsync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]></copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +/* ====================================================================================== */ + ]]> + </copyright> <name>squidguardsync</name> - <version>1.3_1 pkg v.1.9</version> - <title>Proxy filter SquidGuard: XMLRPC Sync</title> + <version>1.5.9</version> + <title>SquidGuard Proxy Filter: XMLRPC Sync</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <tabs> <tab> @@ -97,11 +93,16 @@ POSSIBILITY OF SUCH DAMAGE. <field> <fielddescr>Enable Sync</fielddescr> <fieldname>varsyncenablexmlrpc</fieldname> - <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> - <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <description> + <![CDATA[ + Select a sync method for SquidGuard.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> <option><name>Sync to configured system backup server</name><value>auto</value></option> <option><name>Sync to host(s) defined below</name><value>manual</value></option> @@ -109,28 +110,28 @@ POSSIBILITY OF SUCH DAMAGE. </options> </field> <field> - <fielddescr>XMLRPC timeout</fielddescr> + <fielddescr>XMLRPC Timeout</fielddescr> <fieldname>varsynctimeout</fieldname> - <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> + <description>XMLRPC timeout in seconds. (Default: 150)</description> <type>input</type> - <default_value>150</default_value> + <default_value>150</default_value> <size>5</size> </field> - <field> - <fielddescr>Destination Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Enable</fielddescr> <fieldname>varsyncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> <type>checkbox</type> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI Protocol</fielddescr> + <fielddescr>Protocol</fielddescr> <fieldname>varsyncprotocol</fieldname> - <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> <type>select</type> <default_value>HTTP</default_value> <options> @@ -139,21 +140,21 @@ POSSIBILITY OF SUCH DAMAGE. </options> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI IP-Address</fielddescr> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>varsyncipaddress</fieldname> - <description><![CDATA[IP Address of the destination host.]]></description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>15</size> + <size>40</size> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI Port</fielddescr> + <fielddescr>Port</fielddescr> <fieldname>varsyncport</fieldname> - <description><![CDATA[Choose the port of the destination host.]]></description> + <description><![CDATA[Choose the sync port of the destination host.]]></description> <type>input</type> <size>3</size> </rowhelperfield> - <rowhelperfield> - <fielddescr>GUI Admin Password</fielddescr> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> <fieldname>varsyncpassword</fieldname> <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> @@ -162,9 +163,6 @@ POSSIBILITY OF SUCH DAMAGE. </rowhelper> </field> </fields> - <custom_delete_php_command> - squidguard_sync_on_changes(); - </custom_delete_php_command> <custom_php_resync_config_command> squidguard_sync_on_changes(); </custom_php_resync_config_command> diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc index c4c47bcc..65e1ef50 100644 --- a/config/squidGuard/squidguard.inc +++ b/config/squidGuard/squidguard.inc @@ -1,36 +1,34 @@ <?php -# ------------------------------------------------------------------------------ -/* squidguard.inc - +/* + squidguard.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006-2011 Serg Dvoriancev Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> Copyright (C) 2013 Marcello Coutinho - - part of pfSense (www.pfSense.com) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -# ------------------------------------------------------------------------------ - require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); @@ -103,10 +101,22 @@ sg_init(convert_pfxml_to_sgxml()); # ============================================================================== function squidguard_validate(&$post, &$input_errors) { + global $config, $g; $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; # check config if 'Apply' - if ($submit === APPLY_BTN) sg_check_config_data($input_errors); + if ($submit === APPLY_BTN) { + // XXX:Bug #4608 + if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) { + $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot."; + } + if ($g['platform'] != "pfSense") { + if ($post['blacklist'] != "" || $post['blacklist_proxy'] != "" || $post['blacklist_url'] != "") { + $input_errors[] = "Blacklists usage is NOT supported on NanoBSD. Disable 'Blacklist' option in 'General settings'."; + } + } + sg_check_config_data($input_errors); + } } # ------------------------------------------------------------------------------ @@ -1470,100 +1480,114 @@ function squidguard_blacklist_list() return $res; } -// ##### The following part is based on the code of pfblocker ##### - /* Uses XMLRPC to synchronize the changes to a remote node */ function squidguard_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['squidguardsync'])){ + + if (is_array($config['installedpackages']['squidguardsync'])) { $synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout']; - } - else - { + $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'] ?: '150'; + } else { return; } - // if checkbox is NOT checked do nothing - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){ - $rs=$config['installedpackages']['squidguardsync']['config'][0]['row']; - } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config."); + if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])) { + $rs = $config['installedpackages']['squidguardsync']['config'][0]['row']; + } else { + log_error("[Squidguard] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['varsyncdestinenable']="on"; - $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); - $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; - $rs[0]['varsyncpassword']=$system_carp['password']; - $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); - if (! is_ipaddr($system_carp['synchronizetoip'])){ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['varsyncusername'] = $system_carp['username']; + $rs[0]['varsyncpassword'] = $system_carp['password']; + $rs[0]['varsyncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == 'http') { + $rs[0]['varsyncprotocol'] = 'http'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['varsyncprotocol'] = 'https'; + $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + if ($system_carp['synchronizetoip'] == "") { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['varsyncdestinenable'] = TRUE; } - break; + } else { + log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; default: return; - break; - } - if (is_array($rs)){ - log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); - foreach($rs as $sh){ - if($sh['varsyncdestinenable']){ - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - if($password && $sync_to_ip) - squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); - else - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + break; + } + if (is_array($rs)) { + log_error("[SquidGuard] XMLRPC sync is starting with timeout {$varsynctimeout} seconds."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['varsyncdestinenable']) { + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $username = $sh['varsyncusername'] ?: 'admin'; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; } - else { - log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; } + if (!is_port($varsyncport)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout); + } else { + log_error("[SquidGuard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } else { + log_error("[SquidGuard] XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } - log_error("[SquidGuard] xmlrpc sync is ending."); - } + } + log_error("[SquidGuard] XMLRPC sync is ending."); + } } /* Do the actual XMLRPC sync */ -function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { +function squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout) { global $config, $g; - if($varsynctimeout == '' || $varsynctimeout == 0) - $varsynctimeout = 150; - - if(!$password) - return; - - if(!$sync_to_ip) - return; - - if(!$varsyncport) + if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") { + log_error("[SquidGuard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - if(!$varsyncprotocol) - return; - - // Check and choose correct protocol type, port number and IP address - $synchronizetoip .= "$varsyncprotocol" . '://'; - $port = "$varsyncport"; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - $synchronizetoip .= $sync_to_ip; + $url = "{$varsyncprotocol}://{$sync_to_ip}"; + $port = $varsyncport; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral']; $xml['squidguardacl'] = $config['installedpackages']['squidguardacl']; @@ -1571,82 +1595,74 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn $xml['squidguarddest'] = $config['installedpackages']['squidguarddest']; $xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite']; $xml['squidguardtime'] = $config['installedpackages']['squidguardtime']; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}."); + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ + log_error("[SquidGuard] Beginning XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after $varsynctimeout seconds */ + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + /* Send our XMLRPC message and timeout after $varsynctimeout seconds */ + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}."; - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error("SquidGuard: $error"); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}."); - } - - /* tell squidguard to reload our settings on the destionation sync host. */ + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC sync successfully completed with {$url}:{$port}."); + } + + /* Tell Squidguard to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n"; - // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions + // Squidguard needs more functions; we point to a function below which contains all the required functions $execcmd .= "squidguard_all_after_XMLRPC_resync();"; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}."); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + + log_error("[SquidGuard] XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $varsynctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (exec_php)."; + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); - if(!$resp) { - $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $varsynctimeout); - $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "squidguard Settings Sync", ""); - } else { - log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); - } + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[SquidGuard] {$error}"); + file_notice("sync_settings", $error, "squidguard Settings Sync", ""); + } else { + log_error("[SquidGuard] XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + } } -// ##### The part above is based on the code of pfblocker ##### - -// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files +// This function restarts all other needed functions after XMLRPC sync so that the content of .XML + .INC will be written in the files // Adding more functions will increase the time to sync function squidguard_all_after_XMLRPC_resync() { - + squidguard_resync_acl(); squidguard_resync_dest(); squidguard_resync(); - - log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + + log_error("[SquidGuard] Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); } ?> diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index e7514f63..91922324 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>squidguardgeneral</name> - <version>1.9.16</version> + <version>1.9.17</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> @@ -148,7 +148,13 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>squidguard_enable</fieldname> - <description><![CDATA[Check this option to enable squidGuard]]></description> + <description> + <![CDATA[ + Check this option to enable squidGuard.<br /> + <strong><span class="errmsg">Important: </span></strong>Please set up at least one category on the 'Target Categories' tab before enabling. + See <a href="https://forum.pfsense.org/index.php?topic=94312.0">this link for details</a>. + ]]> + </description> <type>checkbox</type> </field> <field> @@ -244,8 +250,14 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description><![CDATA[Check this option to enable blacklist]]></description> + <description> + <![CDATA[ + Check this option to enable blacklist.<br /> + <strong><span class="errmsg">Do NOT enable this on NanoBSD installs!</span></strong> + ]]> + </description> <type>checkbox</type> + <enablefields>blacklist_proxy,blacklist_url</enablefields> </field> <field> <fielddescr>Blacklist proxy</fielddescr> diff --git a/config/squidGuard/squidguard_sync.xml b/config/squidGuard/squidguard_sync.xml index f0537faf..2d50ca24 100644 --- a/config/squidGuard/squidguard_sync.xml +++ b/config/squidGuard/squidguard_sync.xml @@ -1,54 +1,50 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -squidguardsync.xml -part of pfSense (http://www.pfSense.com) -Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> -Copyright (C) 2013 Marcello Coutinho -based on pfblocker_sync.xml -All rights reserved. - -Based on m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. -All rights reserved. + squidguardsync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -/* ========================================================================== */ -]]></copyright> - <description><![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> +/* ====================================================================================== */ + ]]> + </copyright> <name>squidguardsync</name> - <version>1.3_1 pkg v.1.9</version> - <title>Proxy filter SquidGuard: XMLRPC Sync</title> + <version>1.9.17</version> + <title>SquidGuard Proxy Filter: XMLRPC Sync</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <tabs> <tab> @@ -97,11 +93,16 @@ POSSIBILITY OF SUCH DAMAGE. <field> <fielddescr>Enable Sync</fielddescr> <fieldname>varsyncenablexmlrpc</fieldname> - <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> - <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> + <description> + <![CDATA[ + Select a sync method for SquidGuard.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> <option><name>Sync to configured system backup server</name><value>auto</value></option> <option><name>Sync to host(s) defined below</name><value>manual</value></option> @@ -109,28 +110,28 @@ POSSIBILITY OF SUCH DAMAGE. </options> </field> <field> - <fielddescr>XMLRPC timeout</fielddescr> + <fielddescr>XMLRPC Timeout</fielddescr> <fieldname>varsynctimeout</fieldname> - <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description> + <description>XMLRPC timeout in seconds. (Default: 150)</description> <type>input</type> - <default_value>150</default_value> + <default_value>150</default_value> <size>5</size> </field> - <field> - <fielddescr>Destination Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Enable</fielddescr> <fieldname>varsyncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> <type>checkbox</type> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI Protocol</fielddescr> + <fielddescr>Protocol</fielddescr> <fieldname>varsyncprotocol</fieldname> - <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> <type>select</type> <default_value>HTTP</default_value> <options> @@ -139,21 +140,21 @@ POSSIBILITY OF SUCH DAMAGE. </options> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI IP-Address</fielddescr> + <fielddescr>IP Address/Hostname</fielddescr> <fieldname>varsyncipaddress</fieldname> - <description><![CDATA[IP Address of the destination host.]]></description> + <description><![CDATA[IP address or hostname of the destination host.]]></description> <type>input</type> - <size>15</size> + <size>40</size> </rowhelperfield> <rowhelperfield> - <fielddescr>GUI Port</fielddescr> + <fielddescr>Port</fielddescr> <fieldname>varsyncport</fieldname> - <description><![CDATA[Choose the port of the destination host.]]></description> + <description><![CDATA[Choose the sync port of the destination host.]]></description> <type>input</type> <size>3</size> </rowhelperfield> - <rowhelperfield> - <fielddescr>GUI Admin Password</fielddescr> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> <fieldname>varsyncpassword</fieldname> <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> @@ -162,9 +163,6 @@ POSSIBILITY OF SUCH DAMAGE. </rowhelper> </field> </fields> - <custom_delete_php_command> - squidguard_sync_on_changes(); - </custom_delete_php_command> <custom_php_resync_config_command> squidguard_sync_on_changes(); </custom_php_resync_config_command> diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 6dc17ef6..6233679b 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -177,7 +177,7 @@ function stunnel_save($config) { if ($pkgconfig['sourceip']) { fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); } - fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); + fwrite($fout, "accept = " . ($pkgconfig['localip'] ? $pkgconfig['localip'] . ":" : "") . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } @@ -257,7 +257,7 @@ function stunnel_install() { if ($pkgconfig['sourceip']) { fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); } - fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); + fwrite($fout, "accept = " . ($pkgconfig['localip'] ? $pkgconfig['localip'] . ":" : "") . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 2298e170..1c6ea4ba 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -29,6 +29,7 @@ */ require_once("globals.inc"); require_once("util.inc"); +require_once("pfsense-utils.inc"); global $git_root_url, $patch_suffix, $patch_dir, $patch_cmd; $git_root_url = "https://github.com/pfsense/pfsense/commit/"; @@ -88,8 +89,20 @@ function patch_test_revert($patch, $fulldetail=false) { /* Fetch a patch from a URL or github */ function patch_fetch(& $patch) { + global $g; $url = patch_fixup_url($patch['location']); - $text = @file_get_contents($url); + $temp_filename = tempnam("{$g['tmp_path']}/", "system_patches"); + /* + * Backwards compatibility with older 2.1.x pfSense versions + * that did not contain download_file() function in pfsense-utils.inc + */ + if (!function_exists("download_file")) { + download_file_with_progress_bar($url, $temp_filename); + } else { + download_file($url, $temp_filename); + } + $text = @file_get_contents($temp_filename); + unlink($temp_filename); if (empty($text)) { return false; } else { @@ -162,6 +175,11 @@ function is_github_url($url) { function bootup_apply_patches() { global $config; + if (!isset($config['installedpackages']['patches']['item']) || + !is_array($config['installedpackages']['patches']['item'])) { + $config['installedpackages']['patches']['item'] = array(); + } + $a_patches = &$config['installedpackages']['patches']['item']; foreach ($a_patches as $patch) { diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 61f3df84..01501df7 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -43,7 +43,7 @@ </copyright> <description>System Patches applies patches supplied by the user to the firewall.</description> <name>System Patches</name> - <version>1.0.6</version> + <version>1.0.8</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> |