diff options
Diffstat (limited to 'config')
54 files changed, 1227 insertions, 1591 deletions
diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index 2b166994..e3b9b587 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -40,7 +40,6 @@ function php_install_apcupsd() { function php_deinstall_apcupsd() { global $config, $g; - conf_mount_rw(); $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('APCUPSD_BASE', '/usr/pbi/apcupsd-' . php_uname("m")); @@ -48,7 +47,6 @@ function php_deinstall_apcupsd() { define('APCUPSD_BASE', '/usr/local'); } - exec("/usr/bin/killall apcupsd"); unlink_if_exists(APCUPSD_BASE . "/etc/rc.d/apcupsd.sh"); unlink_if_exists(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf"); unlink_if_exists("/var/log/apcupsd/apcupsd.log"); @@ -61,7 +59,6 @@ function php_deinstall_apcupsd() { exec("/bin/rm -rf /var/run/apcupsd/"); } - conf_mount_ro(); } function validate_input_apcupsd($post, &$input_errors) { diff --git a/config/asterisk/asterisk.inc b/config/asterisk/asterisk.inc index 22a7b96c..ed835b25 100644 --- a/config/asterisk/asterisk.inc +++ b/config/asterisk/asterisk.inc @@ -42,11 +42,6 @@ function asterisk_install() { sync_package_asterisk(); } -function asterisk_deinstall() { - stop_service("asterisk"); - unlink_if_exists("/usr/local/etc/rc.d/asterisk.sh"); -} - function sync_package_asterisk() { conf_mount_rw(); diff --git a/config/asterisk/asterisk.xml b/config/asterisk/asterisk.xml index 2eef359f..97c2e26f 100644 --- a/config/asterisk/asterisk.xml +++ b/config/asterisk/asterisk.xml @@ -84,9 +84,6 @@ <custom_php_install_command> asterisk_install(); </custom_php_install_command> - <custom_php_deinstall_command> - asterisk_deinstall(); - </custom_php_deinstall_command> <custom_php_resync_config_command> sync_package_asterisk(); </custom_php_resync_config_command> diff --git a/config/avahi/avahi.inc b/config/avahi/avahi.inc index 7d69af78..4c824e71 100644 --- a/config/avahi/avahi.inc +++ b/config/avahi/avahi.inc @@ -36,8 +36,6 @@ if ($pfs_version == "2.1" || $pfs_version == "2.2") { } function avahi_install() { - conf_mount_rw(); - if (!file_exists('/usr/local/etc/gnome.subr')) { @symlink(AVAHI_BASE . '/etc/gnome.subr', '/usr/local/etc/gnome.subr'); } @@ -49,21 +47,10 @@ function avahi_install() { if (!exec("/usr/sbin/pw groupshow avahi")) { exec("/usr/sbin/pw groupadd avahi -g 558"); } - - conf_mount_ro(); } function avahi_deinstall() { - conf_mount_rw(); - - // Stop services and remove created rc script and symlink - if (is_process_running("avahi-daemon")) { - exec("/usr/bin/killall -9 avahi-daemon"); - } - if (is_process_running("dbus-daemon")) { - exec("/usr/bin/killall -9 dbus-daemon"); - } - unlink_if_exists("/usr/local/etc/rc.d/avahi-daemon.sh"); + // Remove created symlink unlink_if_exists("/usr/local/etc/gnome.subr"); // Remove created users and groups if they exist @@ -73,8 +60,6 @@ function avahi_deinstall() { if (exec("/usr/sbin/pw usershow avahi")) { exec("/usr/sbin/pw userdel avahi"); } - - conf_mount_ro(); } function avahi_write_config() { diff --git a/config/backup/backup.inc b/config/backup/backup.inc index 1a5eeab1..f77b5865 100644 --- a/config/backup/backup.inc +++ b/config/backup/backup.inc @@ -47,11 +47,9 @@ function backup_sync_package() { } function backup_install_command() { - conf_mount_rw(); // Create the backup directory safe_mkdir("/root/backup/"); backup_sync_package(); - conf_mount_ro(); } ?> diff --git a/config/bacula-client/bacula-client.inc b/config/bacula-client/bacula-client.inc index 07be3067..397cf7a4 100644 --- a/config/bacula-client/bacula-client.inc +++ b/config/bacula-client/bacula-client.inc @@ -44,15 +44,8 @@ function baculaclient_custom_php_install_command() { } function baculaclient_custom_php_deinstall_command(){ - conf_mount_rw(); - // Delete our config file unlink_if_exists(BACULA_LOCALBASE . "/etc/bacula/bacula-fd.conf"); - // Stop service and delete our rc file - stop_service("bacula-client"); - unlink_if_exists(BACULA_STARTUP_SCRIPT); - - conf_mount_ro(); } function baculaclient_custom_php_write_config(){ diff --git a/config/bacula-client/bacula-client.xml b/config/bacula-client/bacula-client.xml index ce07e77e..cbfe8757 100644 --- a/config/bacula-client/bacula-client.xml +++ b/config/bacula-client/bacula-client.xml @@ -150,6 +150,9 @@ <custom_php_install_command> baculaclient_custom_php_install_command(); </custom_php_install_command> + <custom_php_deinstall_command> + baculaclient_custom_php_deinstall_command(); + </custom_php_deinstall_command> <custom_php_resync_config_command> baculaclient_custom_php_write_config(); </custom_php_resync_config_command> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 9364cbbc..0029a05d 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -45,13 +45,10 @@ switch ($pfs_version) { } function bandwidthd_install_deinstall() { - conf_mount_rw(); - stop_service("bandwidthd"); mwexec("/bin/rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs"); mwexec("/bin/rm -f /usr/local/www/bandwidthd"); // Remove the cron job, if it is there install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); - conf_mount_ro(); } function bandwidthd_install_config() { diff --git a/config/cron/cron.inc b/config/cron/cron.inc index 7a7a8993..645575d9 100644 --- a/config/cron/cron.inc +++ b/config/cron/cron.inc @@ -40,7 +40,6 @@ function cron_sync_package() { } function cron_install_command() { - conf_mount_rw(); // Clean up possible lingering garbage after previous package versions unlink_if_exists("/usr/local/etc/rc.d/cron.sh"); cron_sync_package(); diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 8472ea5e..6d626e3a 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -90,8 +90,7 @@ function freeradius_deinstall_command() { function freeradius_install_command() { global $config, $frlib; - conf_mount_rw(); - + // We create here different folders for different counters. @mkdir("/var/log/radacct/datacounter/daily", 0755, true); @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); @@ -186,7 +185,6 @@ SERVICENAME="radiusd" EOD; $rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop'; write_rcfile($rcfile); - conf_mount_ro(); start_service("radiusd"); } diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc index de1963b0..e9bdbf47 100644 --- a/config/haproxy-devel/pkg/haproxy.inc +++ b/config/haproxy-devel/pkg/haproxy.inc @@ -380,10 +380,6 @@ function haproxy_custom_php_install_command() { $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n"; update_output_window($static_output); - $static_output .= "HAProxy, conf_mount_rw\n"; - update_output_window($static_output); - conf_mount_rw(); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version == "2.1" || $pf_version == "2.2") $haproxy_binary = "/usr/pbi/haproxy-devel-" . php_uname("m") . "/sbin/haproxy"; @@ -488,10 +484,6 @@ EOD; require_once('haproxy_upgrade_config.inc'); haproxy_upgrade_config(); - $static_output .= "HAProxy, conf_mount_ro\n"; - update_output_window($static_output); - conf_mount_ro(); - $static_output .= "HAProxy, starting haproxy (if previously enabled)\n"; update_output_window($static_output); haproxy_check_run(1); diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc index 9058b4a6..55b86882 100644 --- a/config/haproxy-legacy/haproxy.inc +++ b/config/haproxy-legacy/haproxy.inc @@ -69,7 +69,6 @@ function migrate_old_sync_config(){ } function haproxy_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $haproxy = <<<EOD #!/bin/sh @@ -118,7 +117,6 @@ EOD; fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); migrate_old_sync_config(); - conf_mount_ro(); exec("/usr/local/etc/rc.d/haproxy.sh start"); } diff --git a/config/haproxy-legacy/haproxy.xml b/config/haproxy-legacy/haproxy.xml index 8892c77c..99345ac5 100644 --- a/config/haproxy-legacy/haproxy.xml +++ b/config/haproxy-legacy/haproxy.xml @@ -109,7 +109,6 @@ /* included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); - conf_mount_rw(); `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ @@ -120,4 +119,4 @@ </custom_php_deinstall_command> <custom_php_command_before_form> </custom_php_command_before_form> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc index 6d4ba0e5..7ededa97 100644 --- a/config/haproxy/haproxy.inc +++ b/config/haproxy/haproxy.inc @@ -73,7 +73,6 @@ function haproxy_custom_php_deinstall_command() { function haproxy_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $haproxy = <<<EOD #!/bin/sh @@ -228,8 +227,6 @@ EOD; write_config(); } - conf_mount_ro(); - exec("/usr/local/etc/rc.d/haproxy.sh start"); } diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml index 3be05802..ac8a35f2 100644 --- a/config/haproxy/haproxy.xml +++ b/config/haproxy/haproxy.xml @@ -89,17 +89,10 @@ <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pool_edit.php</item> </additional_files_needed> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> <custom_php_install_command> /* included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); - conf_mount_rw(); `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ @@ -108,6 +101,4 @@ <custom_php_deinstall_command> haproxy_custom_php_deinstall_command(); </custom_php_deinstall_command> - <custom_php_command_before_form> - </custom_php_command_before_form> </packagegui> diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc index eceef783..8ba7e437 100644 --- a/config/haproxy1_5/pkg/haproxy.inc +++ b/config/haproxy1_5/pkg/haproxy.inc @@ -360,10 +360,6 @@ function haproxy_custom_php_install_command() { $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n"; update_output_window($static_output); - $static_output .= "HAProxy, conf_mount_rw\n"; - update_output_window($static_output); - conf_mount_rw(); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version == "2.1" || $pf_version == "2.2") $haproxy_binary = "/usr/pbi/haproxy-devel-" . php_uname("m") . "/sbin/haproxy"; @@ -468,10 +464,6 @@ EOD; require_once('haproxy_upgrade_config.inc'); haproxy_upgrade_config(); - $static_output .= "HAProxy, conf_mount_ro\n"; - update_output_window($static_output); - conf_mount_ro(); - $static_output .= "HAProxy, starting haproxy (if previously enabled)\n"; update_output_window($static_output); haproxy_check_run(1); diff --git a/config/ipguard/ipguard.inc b/config/ipguard/ipguard.inc index 1891b24b..53284c96 100644 --- a/config/ipguard/ipguard.inc +++ b/config/ipguard/ipguard.inc @@ -1,88 +1,81 @@ <?php - -/* ========================================================================== */ -/* - ipguard.inc - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - require_once("config.inc"); - require_once("util.inc"); - -function ipguard_custom_php_deinstall_command(){ - global $g, $config; - - conf_mount_rw(); - + ipguard.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("config.inc"); +require_once("util.inc"); + +function ipguard_custom_php_deinstall_command() { stop_service('ipguard'); - $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; - if (is_file($ipguard_sh_file)) - chmod($ipguard_sh_file,0444); - - conf_mount_ro(); - } + unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh"); + $files = glob("/usr/local/etc/ipguard_*.conf"); + unlink_if_exists($files); +} -function ipguard_custom_php_write_config(){ +function ipguard_custom_php_write_config() { global $g, $config; - - # detect boot process - if (is_array($_POST)){ - if (!preg_match("/\w+/",$_POST['__csrf_magic'])) - return; - } - - if (is_array($config['installedpackages']['ipguard']['config'])){ + /* Detect boot process and do nothing */ + if (platform_booting()) { + return; + } + + if (is_array($config['installedpackages']['ipguard']['config'])) { // Read config $new_config=array(); - foreach ($config['installedpackages']['ipguard']['config'] as $ipguard){ - if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']){ - $new_config[$ipguard['interface']].= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n"; + foreach ($config['installedpackages']['ipguard']['config'] as $ipguard) { + if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']) { + $new_config[$ipguard['interface']] .= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n"; } } } - //Save /etc/ssh/ipguard_extra - $script="/usr/local/etc/rc.d/ipguard.sh"; $start=""; $stop="pkill -anx ipguard"; conf_mount_rw(); - if (count ($new_config) > 0 && $ipguard['enable']){ - foreach ($new_config as $key => $value){ - $conf_file="/usr/local/etc/ipguard_{$key}.conf"; - file_put_contents($conf_file,$value,LOCK_EX); - $config_file=file_put_contents($conf_file,$new_config[$key],LOCK_EX); - $iface=convert_friendly_interface_to_real_interface_name($key); - $start.="/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t"; + /* Create rc script and restart service if ipguard is enabled */ + if (count($new_config) > 0 && $ipguard['enable']) { + foreach ($new_config as $key => $value) { + $conf_file = "/usr/local/etc/ipguard_{$key}.conf"; + file_put_contents($conf_file, $value, LOCK_EX); + $config_file = file_put_contents($conf_file, $new_config[$key], LOCK_EX); + /* Hack around PBI stupidity; ipguard does not find its own conf files otherwise */ + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == "2.2") { + $conf_file_link = "/usr/pbi/ipguard-" . php_uname("m") . "/local/etc/ipguard_{$key}.conf"; + /* Better recreate this every time just in case users shuffle interfaces assignment somehow */ + if (is_link($conf_file_link)) { + unlink($conf_file_link); + } + symlink($conf_file, $conf_file_link); + } + $iface = convert_friendly_interface_to_real_interface_name($key); + $start .= "/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t"; } write_rcfile(array( 'file' => 'ipguard.sh', @@ -90,38 +83,36 @@ function ipguard_custom_php_write_config(){ 'stop' => $stop )); restart_service('ipguard'); - - } - else{ - #remove config files + + } else { + /* Otherwise, stop the service and remove rc script */ stop_service('ipguard'); - $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; - if (is_file($ipguard_sh_file)) - chmod($ipguard_sh_file,0444); + unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh"); + } - // Mount Read-only conf_mount_ro(); - - //sync config with other pfsense servers + + /* Sync config with other pfSense servers */ ipguard_sync_on_changes(); - } +} /* Uses XMLRPC to synchronize the changes to a remote node */ function ipguard_sync_on_changes() { global $config, $g; - + if (is_array($config['installedpackages']['ipguardsync'])) { - if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { - log_error("[ipguard] xmlrpc sync is starting."); - foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { + log_error("[ipguard] XMLRPC sync is starting."); + foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ) { + foreach ($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if($password && $sync_to_ip) + if ($password && $sync_to_ip) { ipguard_do_xmlrpc_sync($sync_to_ip, $password); + } } } - log_error("[ipguard] xmlrpc sync is ending."); + log_error("[ipguard] XMLRPC sync is ending."); } } } @@ -130,53 +121,57 @@ function ipguard_sync_on_changes() { function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { global $config, $g; - if(!$password) + if (!$password) { return; + } - if(!$sync_to_ip) + if (!$sync_to_ip) { return; + } - $username='admin'; + $username = 'admin'; $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* If port is empty, let's rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; - else + } else { $port = "443"; - } + } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ $xml = array(); $xml['ipguard'] = $config['installedpackages']['ipguard']; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* Set a few variables needed for sync code; borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning ipguard XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); + } /* send our XMLRPC message and timeout after 250 seconds */ $resp = $cli->send($msg, "250"); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -185,27 +180,27 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { } else { log_error("ipguard XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell ipguard to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; $execcmd .= "ipguard_custom_php_write_config();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("ipguard XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, "250"); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -215,4 +210,5 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { log_error("ipguard XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } - ?>
\ No newline at end of file + +?> diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml index 74b58f86..2b13e7e0 100644 --- a/config/ipguard/ipguard.xml +++ b/config/ipguard/ipguard.xml @@ -1,55 +1,55 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - ipguard.xml - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + ipguard.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>ipguard</name> - <version>1.0</version> - <title>Ipguard</title> - <description>Ipguard macs/ip</description> + <version>0.1.1</version> + <title>Firewall: IPguard</title> + <description>IPguard MACs/IP</description> <savetext>Save</savetext> <include_file>/usr/local/pkg/ipguard.inc</include_file> <menu> - <name>Ipguard</name> - <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing</tooltiptext> + <name>IPguard</name> + <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing.</tooltiptext> <section>Firewall</section> <url>/pkg.php?xml=ipguard.xml</url> </menu> @@ -57,17 +57,15 @@ <name>ipguard</name> <rcfile>ipguard.sh</rcfile> <executable>ipguard</executable> - <description>Tool designed to protect LAN IP address space by ARP spoofing.</description> + <description>IPguard ARP Spoofing Daemon</description> </service> <configpath>installedpackages->package->ipguard</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>755</chmod> <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>755</chmod> <item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item> </additional_files_needed> <tabs> @@ -92,11 +90,11 @@ <fieldname>interface</fieldname> </columnitem> <columnitem> - <fielddescr>Mac Address</fielddescr> + <fielddescr>MAC Address</fielddescr> <fieldname>mac</fieldname> </columnitem> <columnitem> - <fielddescr>Ip Address(es)</fielddescr> + <fielddescr>IP Address(es)</fielddescr> <fieldname>ip</fieldname> </columnitem> <columnitem> @@ -104,43 +102,53 @@ <fieldname>description</fieldname> </columnitem> <movable>on</movable> - <description><![CDATA[If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br>This will prevent not permitted host from working properly in the specified ethernet segment.]]></description> + <description> + <![CDATA[ + If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br /> + This will prevent not permitted host from working properly in the specified ethernet segment. + ]]> + </description> </adddeleteeditpagefields> <fields> <field> <type>listtopic</type> - <name>Ipguard Options</name> + <name>IPguard Options</name> <fieldname>temp</fieldname> </field> <field> - <fielddescr>sortable</fielddescr> - <fieldname>sortable</fieldname> - <display_maximum_rows>20</display_maximum_rows> - <type>sorting</type> - <include_filtering_inputbox/> - <sortablefields> - <item> - <name>Mac Address</name> - <fieldname>mac</fieldname> - <regex>/%FILTERTEXT%/i</regex> - </item> - <item> - <name>Ip Address</name> - <fieldname>ip</fieldname> - <regex>/%FILTERTEXT%/i</regex> - </item> - </sortablefields> + <fielddescr>sortable</fielddescr> + <fieldname>sortable</fieldname> + <display_maximum_rows>20</display_maximum_rows> + <type>sorting</type> + <include_filtering_inputbox/> + <sortablefields> + <item> + <name>MAC Address</name> + <fieldname>mac</fieldname> + <regex>/%FILTERTEXT%/i</regex> + </item> + <item> + <name>IP Address</name> + <fieldname>ip</fieldname> + <regex>/%FILTERTEXT%/i</regex> + </item> + </sortablefields> </field> <field> - <fielddescr>Enable</fielddescr> + <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description><![CDATA[Enable this mac rule.<br><strong>Important Note:</strong> Always create rules for pfsense mac and ip address to avoid denying access to pfsense gui.]]></description> + <description> + <![CDATA[ + Enable this MAC rule.<br /> + <strong>Important Note:</strong> Always create rules for pfSense MAC and IP address to avoid denying access to pfFense GUI! + ]]> + </description> </field> <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>The interface on which ipguard server will check this mac</description> + <description>The interface on which IPguard server will check this MAC.</description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> @@ -148,39 +156,44 @@ <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Describe this mac rule.</description> + <description>Describe this MAC rule.</description> <type>input</type> <size>50</size> <required/> </field> <field> - <fielddescr>Mac address</fielddescr> + <fielddescr>MAC Address</fielddescr> <fieldname>mac</fieldname> - <description><![CDATA[Insert mac address you want to filter.<br> - <strong>To include a permit rule, use mac=00:00:00:00:00:00</strong>]]></description> + <description> + <![CDATA[ + Insert MAC address you want to filter.<br /> + <strong>To include a permit rule, use MAC 00:00:00:00:00:00</strong> + ]]> + </description> <type>input</type> <size>25</size> <required/> </field> <field> - <fielddescr>Ip address</fielddescr> + <fielddescr>IP Address</fielddescr> <fieldname>ip</fieldname> - <description><![CDATA[Insert ip address, hostname or network cidr you want to apply on this ipguard rule.<br> - <strong>To include a permit rule, use your lan cidr or 0.0.0.0</strong>]]></description> + <description> + <![CDATA[ + Insert IP address, hostname or network CIDR you want to apply on this IPguard rule.<br> + <strong>To include a permit rule, use your LAN CIDR or 0.0.0.0</strong> + ]]> + </description> <type>input</type> <size>40</size> <required/> </field> </fields> - <custom_delete_php_command> ipguard_custom_php_write_config(); </custom_delete_php_command> <custom_add_php_command> ipguard_custom_php_write_config(); </custom_add_php_command> - <custom_php_install_command> - </custom_php_install_command> <custom_php_deinstall_command> ipguard_custom_php_deinstall_command(); </custom_php_deinstall_command> @@ -190,5 +203,4 @@ <custom_php_command_before_form> unset($_POST['temp']); </custom_php_command_before_form> - -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/ipguard/ipguard_sync.xml b/config/ipguard/ipguard_sync.xml index 0b5ffecb..609dd6ca 100755 --- a/config/ipguard/ipguard_sync.xml +++ b/config/ipguard/ipguard_sync.xml @@ -1,49 +1,49 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - ipguard_sync.xml - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + ipguard_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>ipguardsync</name> - <version>1.0</version> - <title>Ipguard - Sync</title> + <version>0.1.1</version> + <title>IPguard - Sync</title> <include_file>/usr/local/pkg/ipguard.inc</include_file> <tabs> <tab> @@ -89,8 +89,6 @@ </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> ipguard_custom_php_write_config(); </custom_php_resync_config_command> diff --git a/config/notes/notes.inc b/config/notes/notes.inc deleted file mode 100644 index ddc54a3f..00000000 --- a/config/notes/notes.inc +++ /dev/null @@ -1,37 +0,0 @@ -<?php -/* - notes.inc - part of pfSense (https://www.pfSense.org/) - Copyright (C) 2008 Mark J Crane - Copyright (C) 2015 ESF, LLC - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -function notes_deinstall_command() { - conf_mount_rw(); - unlink_if_exists("/usr/local/pkg/notes.xml"); - unlink_if_exists("/usr/local/pkg/notes.inc"); - conf_mount_ro(); -} - -?> diff --git a/config/notes/notes.xml b/config/notes/notes.xml index e74a76f1..03c0a01a 100644 --- a/config/notes/notes.xml +++ b/config/notes/notes.xml @@ -45,7 +45,6 @@ <name>Notes</name> <version>0.2.6</version> <title>Settings</title> - <include_file>/usr/local/pkg/notes.inc</include_file> <menu> <name>Notes</name> <tooltiptext>Notes.</tooltiptext> @@ -61,10 +60,6 @@ </tab> </tabs> <configpath>installedpackages->package->$packagename->configuration->notes</configpath> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <item>https://packages.pfsense.org/packages/config/notes/notes.inc</item> - </additional_files_needed> <adddeleteeditpagefields> <columnitem> <fielddescr>Title</fielddescr> @@ -103,7 +98,4 @@ <rows>20</rows> </field> </fields> - <custom_php_deinstall_command> - notes_deinstall_command(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index b5e6a7d9..08aeb5c4 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -51,7 +51,6 @@ define('NRPE_RCFILE', '/usr/local/etc/rc.d/nrpe2.sh'); function nrpe2_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $NRPE_BASE = NRPE_BASE; $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; @@ -159,14 +158,6 @@ EOD; fclose($fd); chmod(NRPE_RCFILE, 0755); - conf_mount_ro(); -} - -function nrpe2_custom_php_deinstall_command() { - global $g, $config; - conf_mount_rw(); - - conf_mount_ro(); } function nrpe2_custom_php_write_config() { diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index 1204e8ec..f70835c3 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -179,7 +179,6 @@ nrpe2_custom_php_service(); </custom_php_install_command> <custom_php_deinstall_command> - nrpe2_custom_php_deinstall_command(); nrpe2_custom_php_write_config(); </custom_php_deinstall_command> <custom_php_resync_config_command> diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml index 57354f61..6ba86525 100644 --- a/config/ntop2/ntop.xml +++ b/config/ntop2/ntop.xml @@ -160,9 +160,6 @@ <custom_php_install_command> sync_package_ntop(); </custom_php_install_command> - <custom_php_deinstall_command> - exec("rm /usr/local/etc/rc.d/ntop*"); - </custom_php_deinstall_command> <custom_php_validation_command> <![CDATA[ if ($_POST) { diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 6467ec13..71b06932 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -156,9 +156,6 @@ } function deinstall_package_nut() { - stop_service("nut"); - - unlink_if_exists(NUT_RCFILE); unlink_if_exists(NUT_DIR.'/upsmon.conf'); unlink_if_exists(NUT_DIR.'/ups.conf'); unlink_if_exists(NUT_DIR.'/upsd.conf'); diff --git a/config/open-vm-tools_2/open-vm-tools.inc b/config/open-vm-tools_2/open-vm-tools.inc index f005074e..02449a1d 100644 --- a/config/open-vm-tools_2/open-vm-tools.inc +++ b/config/open-vm-tools_2/open-vm-tools.inc @@ -27,20 +27,14 @@ POSSIBILITY OF SUCH DAMAGE. */ function open_vm_tools_deinstall() { - conf_mount_rw(); - stop_service("vmware-guestd"); - unlink_if_exists("/usr/local/etc/rc.d/vmware-guestd.sh"); unlink_if_exists("/usr/local/etc/rc.d/vmware-kmod.sh"); unlink_if_exists("/boot/kernel/vmblock.ko"); unlink_if_exists("/boot/kernel/vmhgfs.ko"); unlink_if_exists("/boot/kernel/vmmemctl.ko"); unlink_if_exists("/boot/kernel/vmxnet.ko"); - conf_mount_ro(); } function open_vm_tools_install() { - conf_mount_rw(); - // Clean up old .ko files if they exist unlink_if_exists("/boot/kernel/vmblock.ko"); unlink_if_exists("/boot/kernel/vmhgfs.ko"); diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 038ffa11..102c937d 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -319,14 +319,6 @@ function openbgpd_put_raw_config($conffile) { } } -function deinstall_openbgpd() { - global $config, $g; - - exec("rm /usr/local/etc/rc.d/bgpd.sh"); - exec("rm /usr/local/www/openbgpd_status.php"); - exec("killall bgpd"); -} - function check_group_usage($groupname) { global $config, $g; diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 83e0122c..07810c0c 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -182,9 +182,6 @@ </rowhelper> </field> </fields> - <custom_php_deinstall_command> - deinstall_openbgpd(); - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openbgpd/openbgpd_groups.xml b/config/openbgpd/openbgpd_groups.xml index f43ab466..3ece75f2 100644 --- a/config/openbgpd/openbgpd_groups.xml +++ b/config/openbgpd/openbgpd_groups.xml @@ -105,9 +105,6 @@ <size>80</size> </field> </fields> - <custom_php_deinstall_command> - deinstall_openbgpd(); - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 963a2604..4dbc7302 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -62,18 +62,7 @@ function openvpn_client_export_install() { } function openvpn_client_export_deinstall() { - global $current_openvpn_version; - conf_mount_rw(); - $phpfile = "vpn_openvpn_export.php"; - $phpfile2 = "vpn_openvpn_export_shared.php"; - $ovpndir = "/usr/local/share/openvpn"; - $workdir = "{$ovpndir}/client-export"; - - unlink_if_exists("/usr/local/www/{$phpfile}"); - unlink_if_exists("/usr/local/www/{$phpfile2}"); - unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"); - exec("/bin/rm -r {$workdir}"); - conf_mount_ro(); + exec("/bin/rm -r /usr/local/share/openvpn/client-export"); } function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { diff --git a/config/phpservice/phpservice.inc b/config/phpservice/phpservice.inc index cffdb09f..d04e021a 100644 --- a/config/phpservice/phpservice.inc +++ b/config/phpservice/phpservice.inc @@ -104,7 +104,6 @@ EOF; } function phpservice_install_command() { - conf_mount_rw(); write_rcfile(array( "file" => "phpservice.sh", "start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", @@ -112,15 +111,6 @@ function phpservice_install_command() { ) ); phpservice_sync_package(); - conf_mount_ro(); -} - - -function phpservice_deinstall_command() { - conf_mount_rw(); - stop_service("phpservice"); - unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh"); - conf_mount_ro(); } ?> diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index e437be20..6bada596 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -81,7 +81,4 @@ <custom_php_install_command> phpservice_install_command(); </custom_php_install_command> - <custom_php_deinstall_command> - phpservice_deinstall_command(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/routed/routed.inc b/config/routed/routed.inc index 471c2772..3bcef0aa 100644 --- a/config/routed/routed.inc +++ b/config/routed/routed.inc @@ -105,21 +105,17 @@ function setup_etc_gateways($iface="", $mode="") { } function routed_install_command() { - conf_mount_rw(); write_rcfile(array( "file" => "routed.sh", "start" => "/usr/bin/nohup /sbin/routed > /dev/null 2>&1 &", "stop" => "/bin/pkill routed" ) ); - conf_mount_ro(); } function routed_deinstall_command() { stop_service("routed"); - conf_mount_rw(); unlink_if_exists("/usr/local/etc/rc.d/routed.sh"); - conf_mount_ro(); } ?> diff --git a/config/shellcmd/shellcmd.inc b/config/shellcmd/shellcmd.inc index 04cbf3d6..113b645c 100644 --- a/config/shellcmd/shellcmd.inc +++ b/config/shellcmd/shellcmd.inc @@ -1,14 +1,11 @@ <?php -/* $Id$ */ -/* -/* ========================================================================== */ -/* - shellcmd.inc - Copyright (C) 2008 Mark J Crane - All rights reserved. - */ -/* ========================================================================== */ /* + shellcmd.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Mark J Crane + Copyright (C) 2015 ESF, LLC + All rights reserved. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -30,58 +27,278 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +function shellcmd_install_command() { + global $config; + + /* Remove garbage left over by previous broken package versions */ + unlink_if_exists("/usr/local/etc/rc.d/shellcmd.sh"); + if (is_dir("/usr/local/www/packages/shellcmd")) { + mwexec("/bin/rm -rf /usr/local/www/packages/shellcmd/"); + } + + shellcmd_import_config(); + shellcmd_sync_package(); + +} + -require_once("services.inc"); - -if (!function_exists("pkg_is_service_running")) { - function pkg_is_service_running($servicename) - { - exec("/bin/ps ax | awk '{ print $5 }'", $psout); - array_shift($psout); - foreach($psout as $line) { - $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line))))); - } - if(is_service_running($servicename, $ps) or is_process_running($servicename) ) { - return true; - } - else { - return false; - } +function shellcmd_delete_php_command() { + global $config; + + /* When 'Delete item' is clicked in Shellcmd Settings */ + if ($_GET['act'] == "del") { + + /* System earlyshellcmd commands */ + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) { + $a_earlyshellcmd = array(); + } + /* Shellcmd package commands */ + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + + /* First check for a couple of special cases that we do NOT want deleted */ + /* TODO: Create a function for these checks */ + $pkg = ''; + /* pfBlockerNG - function to restore archived aliastables on nanobsd (see pfblockerng.inc) */ + $pfbcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh"; + /* If the entry exists in system config ... */ + if (in_array($pfbcmd, $a_earlyshellcmd)) { + $cnta = 0; + /* ... but does not exist in package config ... */ + foreach ($a_shellcmd_config as $item => $value) { + if (in_array($pfbcmd, $value)) { + $cnta++; + } + } + /* ... the user has deleted this protected entry. */ + if ($cnta === 0) { + $pkg .= "[pfBlockerNG]"; + /* Force reimport. */ + shellcmd_forced_restore($pkg); + } + } + /* System Patches auto-apply patch feature (see patches.inc) */ + $spcmd = "/usr/local/bin/php -f /usr/local/bin/apply_patches.php"; + if (in_array($spcmd, $a_earlyshellcmd)) { + $cntb = 0; + foreach ($a_shellcmd_config as $item => $value) { + if (in_array($spcmd, $value)) { + $cntb++; + } + } + if ($cntb === 0) { + $pkg .= "[System Patches]"; + shellcmd_forced_restore($pkg); + } + } + + /* Otherwise, sync package and system configuration normally */ + shellcmd_sync_package(); } } -function shellcmd_sync_package() -{ - global $config; - //synch shellcmd tab - //configure_shellcmd(); - //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r"); - //pclose($handle); - //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh start", "r"); - //pclose($handle); +/* Force restore of protected (early)shellcmds from system config */ +function shellcmd_forced_restore($pkg) { + log_error("[shellcmd] Refused to delete {$pkg} earlyshellcmd. Use {$pkg} to configure this entry."); + shellcmd_import_config(); + write_config("[shellcmd] Restore of {$pkg} earlyshellcmd forced."); + /* Send the user back to settings */ + header("Location: pkg.php?xml=shellcmd.xml"); + exit; } - -function shellcmd_install_command() -{ +function shellcmd_sync_package() { global $config; conf_mount_rw(); - shellcmd_sync_package(); - conf_mount_ro(); + + $cmd = ''; + $cmdtype = ''; + $a_shellcmd = array(); + $a_earlyshellcmd = array(); + /* afterfilterchangeshellcmd is NOT treated as an array, it's a string! */ + /* See /etc/inc/xmlparse.inc and /etc/inc/xmlreader.inc */ + $afterfilterchangeshellcmd = ''; + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + $i = 0; + /* When an item is added to shellcmd package configuration, make sure */ + /* we add corresponding entry to $config['system'] as well */ + foreach ($a_shellcmd_config as $item) { + /* Get the command from package configuration here */ + $cmd = $a_shellcmd_config[$i]['cmd']; + /* Lets see what type of command we are adding first... */ + $cmdtype = $a_shellcmd_config[$i]['cmdtype']; + /* shellcmd */ + if ($cmdtype == "shellcmd") { + $a_shellcmd[] = $cmd; + $i++; + /* earlyshellcmd */ + } elseif ($cmdtype == "earlyshellcmd") { + $a_earlyshellcmd[] = $cmd; + $i++; + /* afterfilterchangeshellcmd */ + } elseif ($cmdtype == "afterfilterchangeshellcmd") { + $afterfilterchangeshellcmd = $cmd; + $i++; + /* Either disabled, or possibly someone messing with config.xml manually?! */ + } else { + $i++; + } + } + + /* Write the new system configuration to config.xml from scratch when done */ + unset($config['system']['shellcmd']); + $config['system']['shellcmd'] = $a_shellcmd; + unset($config['system']['earlyshellcmd']); + $config['system']['earlyshellcmd'] = $a_earlyshellcmd; + unset($config['system']['afterfilterchangeshellcmd']); + $config['system']['afterfilterchangeshellcmd'] = $afterfilterchangeshellcmd; + write_config("[shellcmd] Successfully (re)synced shellcmd configuration."); } -function shellcmd_deinstall_command() -{ +function shellcmd_import_config() { + global $config; - conf_mount_rw(); - $handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r"); - //unlink_if_exists("/usr/local/etc/rc.d/shellcmd.sh"); - conf_mount_ro(); + $shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($shellcmd_config)) { + $shellcmd_config = array(); + } + + $i = 0; + + /* First, preserve any disabled items */ + $a_shellcmd_config = &$shellcmd_config; + foreach ($a_shellcmd_config as $item => $value) { + $cmd = $value['cmd']; + $cmdtype = $value['cmdtype']; + $description = $value['description']; + if ($cmdtype == "disabled") { + $shellcmd_config[$i]['cmd'] = $cmd; + $shellcmd_config[$i]['cmdtype'] = "disabled"; + $shellcmd_config[$i]['description'] = $description ?: "Imported disabled item ({$i})"; + $i++; + } + } + + /* Import earlyshellcmd entries which were either created by previous package versions, */ + /* or manually, or added by some other package(s) (if there are any in config.xml) */ + /* Two currently known special cases are handled here - System Patches and pfBlockerNG */ + if (is_array($config['system']['earlyshellcmd'])) { + $earlyshellcmds = &$config['system']['earlyshellcmd']; + $pfbcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh"; + $spcmd = "/usr/local/bin/php -f /usr/local/bin/apply_patches.php"; + foreach ($earlyshellcmds as $earlyshellcmd) { + /* pfBlockerNG - function to restore archived aliastables on nanobsd (see pfblockerng.inc) */ + if (stristr($earlyshellcmd, "{$pfbcmd}")) { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = "pfBlockerNG default earlyshellcmd. DO NOT EDIT/DELETE!"; + $i++; + /* System Patches auto-apply patch feature (see patches.inc) */ + } elseif (stristr($earlyshellcmd, "{$spcmd}")) { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = "System Patches default earlyshellcmd. DO NOT EDIT/DELETE!"; + $i++; + /* Other manually added earlyshellcmd entries */ + } else { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported earlyshellcmd ({$i})"; + $i++; + } + + } + } + /* Import shellcmd entries which were created manually (if there are any in config.xml) */ + if (is_array($config['system']['shellcmd'])) { + $shellcmds = &$config['system']['shellcmd']; + foreach ($shellcmds as $shellcmd) { + $shellcmd_config[$i]['cmd'] = $shellcmd; + $shellcmd_config[$i]['cmdtype'] = "shellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported shellcmd ({$i})"; + $i++; + } + } + + /* Import afterfilterchangeshellcmd entry which was created manually (if there is any in config.xml) */ + /* afterfilterchangeshellcmd is NOT treated as an array, it's a string! See /etc/inc/xmlparse.inc and /etc/inc/xmlreader.inc */ + if ($config['system']['afterfilterchangeshellcmd'] != '') { + $shellcmd_config[$i]['cmd'] = $config['system']['afterfilterchangeshellcmd']; + $shellcmd_config[$i]['cmdtype'] = "afterfilterchangeshellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported afterfilterchangeshellcmd"; + $i++; + } + + /* Write the new config.xml when import is finished */ + write_config("[shellcmd] Successfully imported package configuration from config.xml."); + +} + +function shellcmd_validate_input($post, &$input_errors) { + global $config; + $a_shellcmd = &$config['system']['shellcmd']; + if (!is_array($a_shellcmd)) { + $a_shellcmd = array(); + } + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) { + $a_earlyshellcmd = array(); + } + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + /* afterfilterchangeshellcmd is NOT an array */ + $afterfilterchangeshellcmd = $config['system']['afterfilterchangeshellcmd']; + + /* Make sure we don't add the same command twice as it's just pointless */ + if (($post['cmd']) != '') { + $id = $post['id']; + if ($post['cmdtype'] == "shellcmd") { + if (in_array($post['cmd'], $a_shellcmd)) { + /* Allow changing description */ + if ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + } else { + $input_errors[] = "{$post['cmd']} already exists as shellcmd."; + } + } + } + if ($post['cmdtype'] == "earlyshellcmd") { + if (in_array($post['cmd'], $a_earlyshellcmd)) { + /* Allow changing description */ + if ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + } else { + $input_errors[] = "{$post['cmd']} already exists as earlyshellcmd."; + } + } + } + /* Only ONE item of this type may be configured */ + if ($post['cmdtype'] == "afterfilterchangeshellcmd") { + // Not yet configured, OK + if ($afterfilterchangeshellcmd == '') { + return; + // Allow changing description + } elseif ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + // Tired of input validation... Needs something better in future. + } else { + $input_errors[] = "Only ONE afterfilterchangeshellcmd may be configured! Delete the existing entry and try again!"; + } + } + } } diff --git a/config/shellcmd/shellcmd.php b/config/shellcmd/shellcmd.php deleted file mode 100644 index fd386910..00000000 --- a/config/shellcmd/shellcmd.php +++ /dev/null @@ -1,179 +0,0 @@ -<?php -/* $Id$ */ -/* - shellcmd.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/shellcmd.inc"); - -$a_earlyshellcmd = &$config['system']['earlyshellcmd']; -$a_shellcmd = &$config['system']['shellcmd']; -//$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">Shellcmd: Settings</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php"); - display_top_tabs($tab_array); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="shellcmd.php" method="post" name="iform" id="iform"> -<?php - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("This is an info box."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><!--<span class="vexpl"><span class="red"><strong>shellcmd<br></strong></span>--> - The shellcmd utility is used to manage commands on system startup. - <br /><br /> - <!--For more information see: <a href='http://www.' target='_blank'>http://www.</a>--> - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">Command</td> - <td width="30%" class="listhdrr">Type</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - -<?php - - $categories = array("earlyshellcmd","shellcmd"); - //$categories = array("earlyshellcmd","shellcmd","afterfilterchangeshellcmd"); - - foreach ($categories as $category) { - $i = 0; - // dynamically create the category config name - $category_config = "a_".$category; - if (count($$category_config) > 0) { - foreach ($$category_config as $ent) { - // previous versions of shellcmd stored the command in an additional <command>-xmltag, this unnests this for backwards compatibility - if (is_array($ent)) { $ent = $ent['command']; } - - echo " <tr>\n"; - echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?t=".$category."&id=".$i."';\">\n"; - echo " ".$ent."\n"; - echo " </td>\n"; - echo " <td class=\"listbg\" ondblclick=\"document.location='shellcmd_edit.php?t=".$category."&id=".$i."';\">\n"; - echo " ".$category."\n"; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - echo " <td valign=\"middle\"><a href=\"shellcmd_edit.php?t=".$category."&id=".$i."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"shellcmd_edit.php?t=".$category."&type=cmd&act=del&id=".$i."\" onclick=\"return confirm('Do you really want to delete this?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo " </tr>"; - $i++; - } - } - } - - -?> - - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml index 094c3d30..f6b34ee4 100644 --- a/config/shellcmd/shellcmd.xml +++ b/config/shellcmd/shellcmd.xml @@ -1,115 +1,157 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - shellcmd.xml - Copyright (C) 2008 Mark J Crane - All rights reserved. - */ -/* ========================================================================== */ + shellcmd.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Mark J Crane + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Shellcmd</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>Shellcmd Settings</name> - <version>0.4</version> - <title>Settings</title> + <version>1.0</version> + <title>Shellcmd Settings</title> <include_file>/usr/local/pkg/shellcmd.inc</include_file> + <aftersaveredirect>/pkg.php?xml=shellcmd.xml</aftersaveredirect> + <addedit_string>[shellcmd] Successfully created/modified custom (early)shellcmd.</addedit_string> + <delete_string>[shellcmd] Successfully deleted custom (early)shellcmd.</delete_string> <menu> <name>Shellcmd</name> - <tooltiptext>shellcmd settings.</tooltiptext> <section>Services</section> <configfile>shellcmd.xml</configfile> - <url>/packages/shellcmd/shellcmd.php</url> + <url>/pkg.php?xml=shellcmd.xml</url> </menu> <tabs> <tab> <text>Settings</text> - <url>/pkg_edit.php?xml=shellcmd.xml&id=0</url> + <url>/pkg.php?xml=shellcmd.xml</url> <active/> </tab> - <tab> - <text>Settings</text> - <url>/packages/shellcmd/shellcmd.php</url> - <active/> - </tab> </tabs> - <configpath>installedpackages->package->$packagename->configuration->shellcmd</configpath> + <configpath>['installedpackages']['shellcmdsettings']['config']</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/packages/shellcmd/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/packages/shellcmd/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd_edit.php</item> - </additional_files_needed> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Command</fielddescr> + <fieldname>cmd</fieldname> + </columnitem> + <columnitem> + <fielddescr>Shellcmd Type</fielddescr> + <fieldname>cmdtype</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + <addtext>Add a new (early)shellcmd entry</addtext> + <edittext>Edit this (early)shellcmd entry</edittext> + <deletetext>Delete this (early)shellcmd entry</deletetext> + </adddeleteeditpagefields> <fields> <field> - <fielddescr>Variable One</fielddescr> - <fieldname>var1</fieldname> - <description>Enter the variable one here.</description> + <type>listtopic</type> + <fieldname>none</fieldname> + <name>Shellcmd Configuration</name> + </field> + <field> + <fielddescr>Command</fielddescr> + <fieldname>cmd</fieldname> <type>input</type> + <size>60</size> + <description>Enter the command to run.</description> + <required/> + </field> + <field> + <fielddescr>Shellcmd Type</fielddescr> + <fieldname>cmdtype</fieldname> + <type>select</type> + <options> + <option> + <name>shellcmd</name> + <value>shellcmd</value> + </option> + <option> + <name>earlyshellcmd</name> + <value>earlyshellcmd</value> + </option> + <option> + <name>afterfilterchangeshellcmd</name> + <value>afterfilterchangeshellcmd</value> + </option> + <option> + <name>disabled</name> + <value>disabled</value> + </option> + </options> + <description> + <![CDATA[ + Choose the shellcmd type.<br /><br /> + <strong>shellcmd</strong> will run the command specified towards the end of the boot process.<br /> + <strong>earlyshellcmd</strong> will run the command specified at the beginning of the boot process.<br /> + <strong>afterfilterchangeshellcmd</strong> will run after each filter_configure() call. + See <a href="https://github.com/pfsense/pfsense/blob/master/etc/inc/filter.inc">filter.inc source code</a> for "documentation". + <span class="errmsg">N.B.: Only one entry of this type can be configured!</span><br /> + <strong>disabled</strong> will save the command in package configuration but it will NOT run on boot.<br /><br /> + See <a href="https://doc.pfsense.org/index.php/Executing_commands_at_boot_time">Executing commands at boot time</a> for detailed explanation. + ]]> + </description> + <required/> </field> <field> - <fielddescr>Variable Two</fielddescr> - <fieldname>var1</fieldname> - <description>Enter the variable one here.</description> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter a description for this command.</description> <type>input</type> + <typehint>(This is for your reference only.)</typehint> + <size>60</size> </field> - </fields> - <custom_add_php_command> - </custom_add_php_command> + </fields> + <custom_php_install_command> + shellcmd_import_config(); + </custom_php_install_command> <custom_php_resync_config_command> shellcmd_sync_package(); </custom_php_resync_config_command> - <custom_delete_php_command> - shellcmd_sync_package(); + <custom_delete_php_command> + shellcmd_delete_php_command(); </custom_delete_php_command> - <custom_php_install_command> - shellcmd_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - shellcmd_deinstall_command(); - </custom_php_deinstall_command> + <custom_php_validation_command> + shellcmd_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/shellcmd/shellcmd_edit.php b/config/shellcmd/shellcmd_edit.php deleted file mode 100644 index 5ae466d5..00000000 --- a/config/shellcmd/shellcmd_edit.php +++ /dev/null @@ -1,303 +0,0 @@ -<?php -/* $Id$ */ -/* - - shellcmd_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/shellcmd.inc"); - - -$id = $_GET['id']; -if (strlen($_POST['id'])>0) { - $id = $_POST['id']; -} - -$type = $_GET['t']; -if (strlen($_POST['t'])>0) { - $type = $_POST['t']; -} - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'cmd') { - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - unset($a_earlyshellcmd[$_GET['id']]); - write_config(); - shellcmd_sync_package(); - header("Location: shellcmd.php"); - exit; - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - unset($a_shellcmd[$_GET['id']]); - write_config(); - shellcmd_sync_package(); - header("Location: shellcmd.php"); - exit; - break; - case "afterfilterchangeshellcmd": - // $a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - // unset($a_afterfilterchangeshellcmd[$_GET['id']]); - // write_config(); - // shellcmd_sync_package(); - // header("Location: shellcmd.php"); - // exit; - break; - default: - break; - } - - } -} - -//get value for the form edit value -if (strlen($id) > 0) { - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - if ($a_earlyshellcmd[$id]) { - $pconfig['command'] = $a_earlyshellcmd[$id]; - } - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - if ($a_shellcmd[$id]) { - $pconfig['command'] = $a_shellcmd[$id]; - } - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //if ($a_afterfilterchangeshellcmd[$id]) { - // $pconfig['command'] = $a_afterfilterchangeshellcmd[$id]; - //} - break; - default: - break; - } - - // previous version of shellcmd wrapped all commands in a <command>-xmltag, unnesting this for backwards compatibility - if (is_array($pconfig['command'])) $pconfig['command'] = $pconfig['command']['command']; - -} - -if ($_POST) { - - unset($input_errors); - - if (!$input_errors) { - if (strlen($_POST['command']) > 0) { - - $ent = $_POST['command']; - - if (strlen($id)>0) { - //update - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - if ($a_earlyshellcmd[$id]) { - $a_earlyshellcmd[$id] = $ent; - } - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - if ($a_shellcmd[$id]) { - $a_shellcmd[$id] = $ent; - } - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //if ($a_afterfilterchangeshellcmd[$id]) { - // $a_afterfilterchangeshellcmd[$id] = $ent; - //} - break; - default: - break; - } - - } - else { - //add - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - $a_earlyshellcmd[] = $ent; - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - $a_shellcmd[] = $ent; - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //$a_afterfilterchangeshellcmd[] = $ent; - break; - default: - break; - } - - } - - write_config(); - shellcmd_sync_package(); - } - - header("Location: shellcmd.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">Shellcmd: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php"); - display_top_tabs($tab_array); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>shellcmd<br> - </strong></span> - </p></td> - </tr> - </table> - --> - <br /> - - - <form action="shellcmd_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Command</td> - <td width="75%" class="vtable"> - <input name="command" type="text" class="formfld" id="command" size="40" value="<?=htmlspecialchars($pconfig['command']);?>"> - </td> - </tr> - - <tr> - <td width="25%" valign="top" class="vncellreq">Type</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='t' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - echo " <option value='earlyshellcmd' selected='yes'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - case "shellcmd": - echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd' selected='yes'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - case "afterfilterchangeshellcmd": - //echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - //echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd' selected='yes'>afterfilterchangeshellcmd</option>\n"; - break; - default: - echo " <option value=''></option>\n"; - echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - } - echo " </select>\n"; - ?> - </td> - </tr> - - - <!-- - <tr> - <td width="25%" valign="top" class="vncellreq">Description</td> - <td width="75%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br><span class="vexpl">Enter the description here.<br></span> - </td> - </tr> - --> - - <tr> - <td valign="top"> </td> - <td> - <?php if (strlen($id)>0) { ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php }; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index fb8cd9d8..b7d4299e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -3748,8 +3748,8 @@ function snort_sync_on_changes() { $syncdownloadrules = $snort_sync['vardownloadrules']; switch ($synconchanges){ case "manual": - if (is_array($snort_sync[row])){ - $rs=$snort_sync[row]; + if (is_array($snort_sync['row'])){ + $rs=$snort_sync['row']; } else{ log_error("[snort] xmlrpc sync is enabled but there are no hosts configured as replication targets."); @@ -3757,8 +3757,8 @@ function snort_sync_on_changes() { } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp=$config['hasync']; $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; $rs[0]['varsyncusername']=$system_carp['username']; $rs[0]['varsyncpassword']=$system_carp['password']; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index b8444009..18e6ef20 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.7</version> + <version>3.2.8</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/spamd/spamd.inc b/config/spamd/spamd.inc index a7be4587..a72d8770 100644 --- a/config/spamd/spamd.inc +++ b/config/spamd/spamd.inc @@ -284,22 +284,14 @@ function custom_php_install_command() { global $config, $g; system("touch /var/db/whitelist.txt"); system("touch /var/db/blacklist.txt"); - sync_package_spamd(); - conf_mount_rw(); exec("/usr/sbin/pw usermod _spamd -g proxy -G _spamd,proxy"); - exec("/bin/cp /usr/local/etc/spamd/spamd.conf.sample /usr/local/etc/spamd/spamd.conf"); - conf_mount_ro(); + sync_package_spamd(); } function custom_php_deinstall_command() { global $config, $g; - conf_mount_rw(); - exec("killall -9 spamd"); unlink_if_exists("/usr/local/pkg/pf/spamd_rules.php"); - unlink_if_exists("/usr/local/www/spamd_rules.php"); - unlink_if_exists("/usr/local/etc/rc.d/spamd.sh"); spamd_install_cron(false); - conf_mount_ro(); filter_configure(); } diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 12af3551..c7c19291 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -39,29 +39,23 @@ function restart_sshd() { function sshdcond_custom_php_install_command() { global $g, $config; - conf_mount_rw(); - /* We need to generate an outfile for our extra commands. The patched g_szSSHDFileGenerate php file then reads and appends that config. */ $fd = fopen("/etc/ssh/sshd_extra", 'w'); fclose($fd); - conf_mount_ro(); } function sshdcond_custom_php_deinstall_command() { global $g, $config; - conf_mount_rw(); - /* Delete our config file. */ unlink_if_exists("/etc/ssh/sshd_extra"); /* Re-run sshd config generation script. */ restart_sshd(); - conf_mount_ro(); } function sshdcond_custom_php_write_config() { diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 4398a0dc..7f3f9338 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -218,7 +218,6 @@ function stunnel_install() { write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); - conf_mount_rw(); $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); @@ -234,7 +233,6 @@ function stunnel_install() { } } fclose($fout); - conf_mount_ro(); } function stunnel_deinstall() { diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index f0c17ff1..57a94f96 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -52,7 +52,6 @@ function syslogng_get_real_interface_address($interface) { } function syslogng_install_command() { - conf_mount_rw(); if (is_link("/usr/local/lib/syslog-ng")) { unlink("/usr/local/lib/syslog-ng"); } @@ -60,20 +59,15 @@ function syslogng_install_command() { @symlink(SYSLOGNG_BASEDIR . "local/lib/syslog-ng", "/usr/local/lib/syslog-ng"); } syslogng_install_cron(true); - conf_mount_ro(); syslogng_resync(); } function syslogng_deinstall_command() { - conf_mount_rw(); - service_stop("syslog-ng"); - unlink_if_exists("/usr/local/etc/rc.d/syslog-ng.sh"); if (is_link("/usr/local/lib/syslog-ng")) unlink("/usr/local/lib/syslog-ng"); syslogng_install_cron(false); unlink_if_exists("/usr/local/etc/logrotate.conf"); unlink_if_exists("/usr/local/etc/syslog-ng.conf"); - conf_mount_ro(); filter_configure(); } diff --git a/config/tftp2/tftp.inc b/config/tftp2/tftp.inc index a2b7d1e3..67054619 100644 --- a/config/tftp2/tftp.inc +++ b/config/tftp2/tftp.inc @@ -45,7 +45,6 @@ function tftp_install_command() { $tftpbackup = "/root/backup/tftp.bak.tgz"; // Create the directories if required - conf_mount_rw(); safe_mkdir("{$tftpdir}", 0777); safe_mkdir("/root/backup/"); @@ -55,14 +54,11 @@ function tftp_install_command() { system("/bin/chmod -R 0744 {$tftpdir}/*"); unset($tftpbackup); } - conf_mount_ro(); } function tftp_deinstall_command() { - conf_mount_rw(); unlink_if_exists("/usr/local/etc/rc.d/tftp.sh"); unlink_if_exists("/tmp/pkg_mgr_tftp.log"); - conf_mount_ro(); } function tftp_generate_rules($type) { diff --git a/config/tinc/pkg_tinc.inc b/config/tinc/pkg_tinc.inc index b5b223b0..1ec4ebc0 100644 --- a/config/tinc/pkg_tinc.inc +++ b/config/tinc/pkg_tinc.inc @@ -3,7 +3,7 @@ global $shortcuts; $shortcuts['tinc'] = array(); -$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc_config.xml"; +$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc.xml"; $shortcuts['tinc']['status'] = "status_tinc.php"; $shortcuts['tinc']['log'] = "diag_pkglogs.php?pkg=tinc"; $shortcuts['tinc']['service'] = "tinc"; diff --git a/config/tinc/status_tinc.php b/config/tinc/status_tinc.php index f50ea640..59a1cb6e 100644 --- a/config/tinc/status_tinc.php +++ b/config/tinc/status_tinc.php @@ -1,88 +1,107 @@ <?php +/* + status_tinc.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. -$pgtitle = array(gettext("Status"), "tinc"); + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require("guiconfig.inc"); -function tinc_status_1() { - exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); +function tinc_status_usr1() { + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); usleep(500000); - $clog_path = ""; + $clog_path = "/usr/local/sbin/clog"; $result = array(); - if (is_executable("/usr/local/sbin/clog")) { - $clog_path = "/usr/local/sbin/clog"; - } elseif (is_executable("/usr/sbin/clog")) { - $clog_path = "/usr/sbin/clog"; - } - if (!empty($clog_path)) - exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Connections:/",$line)) - $begin=$i; - if(preg_match("/End of connections./",$line)) - $end=$i; + exec("{$clog_path} /var/log/tinc.log | /usr/bin/sed -e 's/.*tinc\[.*\]: //'", $result); + $i = 0; + foreach ($result as $line) { + if (preg_match("/Connections:/", $line)) { + $begin = $i; + } + if (preg_match("/End of connections./", $line)) { + $end = $i; + } $i++; } - $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) + $output = ""; + $i = 0; + foreach ($result as $line) { + if ($i >= $begin && $i<= $end) { $output .= $line . "\n"; + } $i++; } return $output; } -function tinc_status_2() { - exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); +function tinc_status_usr2() { + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); usleep(500000); - $clog_path = ""; + $clog_path = "/usr/local/sbin/clog"; $result = array(); - if (is_executable("/usr/local/sbin/clog")) { - $clog_path = "/usr/local/sbin/clog"; - } elseif (is_executable("/usr/sbin/clog")) { - $clog_path = "/usr/sbin/clog"; - } - if (!empty($clog_path)) - exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Statistics for Generic BSD tun device/",$line)) - $begin=$i; - if(preg_match("/End of subnet list./",$line)) - $end=$i; + exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $i = 0; + foreach ($result as $line) { + if (preg_match("/Statistics for Generic BSD tun device/",$line)) { + $begin = $i; + } + if (preg_match("/End of subnet list./",$line)) { + $end = $i; + } $i++; } $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) + $i = 0; + foreach ($result as $line) { + if ($i >= $begin && $i<= $end) { $output .= $line . "\n"; + } $i++; } return $output; } $shortcut_section = "tinc"; -include("head.inc"); ?> +$pgtitle = array(gettext("Status"), "tinc"); +include("head.inc"); +?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> <?php include("fbegin.inc"); ?> -Connection list:<BR> +<strong>Connection list:</strong><br /> <pre> -<?php print tinc_status_1(); ?> +<?php print tinc_status_usr1(); ?> </pre> -<BR> -Virtual network device statistics, all known nodes, edges and subnets:<BR> +<br /> +<strong>Virtual network device statistics, all known nodes, edges and subnets:</strong><br /> <pre> -<?php print tinc_status_2(); ?> +<?php print tinc_status_usr2(); ?> </pre> <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index 82d5b453..65f07e32 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -1,204 +1,255 @@ <?php - +/* + tinc.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* include_once('guiconfig.inc'); is needed for clear_log_file() during package installation while booting. + * However, guiconfig.inc includes authgui.inc which requires a valid php session_auth() and exits when not found. + * So we include the function here. +*/ if (!function_exists('clear_log_file')) { -//include_once('guiconfig.inc'); // needed for clear_log_file() during package installation while booting -//however guiconfig.inc includes authgui.inc which requires a valid php session_auth(), and exits when not found.. -//so include the function here.. + function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) { global $config, $g; - if ($restart_syslogd) + if ($restart_syslogd) { exec("/usr/bin/killall syslogd"); - if(isset($config['system']['disablesyslogclog'])) { + } + if (isset($config['system']['disablesyslogclog'])) { unlink($logfile); touch($logfile); } else { $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488"; - if(isset($config['system']['usefifolog'])) + if (isset($config['system']['usefifolog'])) { exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile)); - else + } else { exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile)); + } } - if ($restart_syslogd) + if ($restart_syslogd) { system_syslogd_start(); + } } } function tinc_save() { - global $config; + global $config, $configpath; + $configpath = '/usr/local/etc/tinc/'; + conf_mount_rw(); - exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old"); - safe_mkdir("/usr/local/etc/tinc"); - safe_mkdir("/usr/local/etc/tinc/hosts"); - exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); + + rename("{$configpath}", "{$configpath}.old"); + safe_mkdir("{$configpath}"); + safe_mkdir("{$configpath}/hosts"); + touch("{$configpath}/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); $tincconf = &$config['installedpackages']['tinc']['config'][0]; - $fout = fopen("/usr/local/etc/tinc/tinc.conf","w"); + $fout = fopen("{$configpath}/tinc.conf", "w"); // No proper config, bail out. - if (!isset($tincconf['name']) || empty($tincconf['name'])) + if (!isset($tincconf['name']) || empty($tincconf['name'])) { + log_error("[tinc] Cannot configure (name not set). Check your configuration."); return; + } - fwrite($fout, "name=".$tincconf['name']."\n"); - fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n"); - if(!is_array($config['installedpackages']['tinchosts']['config'])) { $config['installedpackages']['tinchosts']['config']=Array(); } - foreach($config['installedpackages']['tinchosts']['config'] as $host) { - if($host['connect']) - { + fwrite($fout, "name=" . $tincconf['name'] . "\n"); + fwrite($fout, "AddressFamily=" . $tincconf['addressfamily'] . "\n"); + if (!is_array($config['installedpackages']['tinchosts']['config'])) { + $config['installedpackages']['tinchosts']['config']= array(); + } + foreach ($config['installedpackages']['tinchosts']['config'] as $host) { + if($host['connect']) { fwrite($fout, "ConnectTo=" . $host['name'] . "\n"); } - - $_output = "Address=".$host['address']."\n"; - $_output .= "Subnet=".$host['subnet']."\n"; - $_output .= base64_decode($host['extra'])."\n"; - $_output .= base64_decode($host['cert_pub'])."\n"; - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output); - if($host['host_up']) - { - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',str_replace("\r", "", base64_decode($host['host_up']))."\n"); - chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744); + + $_output = "Address=" . $host['address'] . "\n"; + $_output .= "Subnet=" . $host['subnet'] . "\n"; + $_output .= base64_decode($host['extra']) . "\n"; + $_output .= base64_decode($host['cert_pub']) . "\n"; + file_put_contents("{$configpath}/hosts/" . $host['name'], $_output); + if ($host['host_up']) { + file_put_contents("{$configpath}/hosts/" . $host['name'] . '-up', str_replace("\r", "", base64_decode($host['host_up'])) . "\n"); + chmod("{$configpath}/hosts/" . $host['name'] . '-up', 0744); } - if($host['host_down']) - { - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',str_replace("\r", "", base64_decode($host['host_down']))."\n"); - chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744); + if ($host['host_down']) { + file_put_contents("{$configpath}/hosts/" . $host['name'] . '-down', str_replace("\r", "", base64_decode($host['host_down'])) . "\n"); + chmod("{$configpath}/hosts/" . $host['name'] . '-down', 0744); } } - fwrite($fout, base64_decode($tincconf['extra'])."\n"); + fwrite($fout, base64_decode($tincconf['extra']) . "\n"); fclose($fout); // Check if we need to generate a new RSA key pair. - if ($tincconf['gen_rsa']) - { - safe_mkdir("/usr/local/etc/tinc/tmp"); - exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K"); - $tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub')); - $tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv')); + if ($tincconf['gen_rsa']) { + safe_mkdir("{$configpath}/tmp"); + exec("/usr/local/sbin/tincd -c {$configpath}/tmp -K"); + $tincconf['cert_pub'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.pub")); + $tincconf['cert_key'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.priv")); $tincconf['gen_rsa'] = false; $config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub']; $config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key']; $config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa']; - rmdir_recursive("/usr/local/etc/tinc/tmp"); - write_config(); + rmdir_recursive("{$configpath}/tmp"); + write_config("[tinc] New RSA key pair generated."); } $_output = "Subnet=" . $tincconf['localsubnet'] . "\n"; $_output .= base64_decode($tincconf['host_extra']) . "\n"; $_output .= base64_decode($tincconf['cert_pub']) . "\n"; - file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output); - file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n"); - chmod("/usr/local/etc/tinc/rsa_key.priv", 0600); - if($tincconf['tinc_up']) - { + file_put_contents("{$configpath}/hosts/" . $tincconf['name'], $_output); + file_put_contents("{$configpath}/rsa_key.priv", base64_decode($tincconf['cert_key']) . "\n"); + chmod("{$configpath}/rsa_key.priv", 0600); + if ($tincconf['tinc_up']) { $_output = base64_decode($tincconf['tinc_up']) . "\n"; - } - else - { + } else { $_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n"; $_output .= "ifconfig \$INTERFACE group tinc\n"; } - file_put_contents('/usr/local/etc/tinc/tinc-up',$_output); - chmod("/usr/local/etc/tinc/tinc-up", 0744); - if($tincconf['tinc_down']) - { - file_put_contents('/usr/local/etc/tinc/tinc-down',str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n"); - chmod("/usr/local/etc/tinc/tinc-down", 0744); - } - if($tincconf['host_up']) - { - file_put_contents('/usr/local/etc/tinc/host-up',str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n"); - chmod("/usr/local/etc/tinc/host-up", 0744); - } - if($tincconf['host_down']) - { - file_put_contents('/usr/local/etc/tinc/host-down',str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n"); - chmod("/usr/local/etc/tinc/host-down", 0744); - } - if($tincconf['subnet_up']) - { - file_put_contents('/usr/local/etc/tinc/subnet-up',str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n"); - chmod("/usr/local/etc/tinc/subnet-up", 0744); - } - if($tincconf['subnet_down']) - { - file_put_contents('/usr/local/etc/tinc/subnet-down',str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n"); - chmod("/usr/local/etc/tinc/subnet-down", 0744); - } - system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null"); - rmdir_recursive("/usr/local/etc/tinc.old"); + file_put_contents("{$configpath}/tinc-up", $_output); + chmod("{$configpath}/tinc-up", 0744); + if ($tincconf['tinc_down']) { + file_put_contents("{$configpath}/tinc-down", str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n"); + chmod("{$configpath}/tinc-down", 0744); + } + if ($tincconf['host_up']) { + file_put_contents("{$configpath}/host-up", str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n"); + chmod("{$configpath}/host-up", 0744); + } + if ($tincconf['host_down']) { + file_put_contents("{$configpath}/host-down", str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n"); + chmod("{$configpath}/host-down", 0744); + } + if ($tincconf['subnet_up']) { + file_put_contents("{$configpath}/subnet-up", str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n"); + chmod("{$configpath}/subnet-up", 0744); + } + if ($tincconf['subnet_down']) { + file_put_contents("{$configpath}/subnet-down", str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n"); + chmod("{$configpath}/subnet-down", 0744); + } + + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == "2.2") { + $pbietcpath = '/usr/pbi/tinc-' . php_uname("m") . '/local/etc'; + unlink_if_exists("{$pbietcpath}/tinc"); + symlink($configpath, "{$pbietcpath}/tinc"); + } + + if ($tincconf['enable'] != "") { + restart_service("tinc"); + } elseif (is_process_running("tincd")); { + stop_service("tinc"); + } + rmdir_recursive("/usr/local/etc/tinc.old"); conf_mount_ro(); } function tinc_install() { global $config; + safe_mkdir("/usr/local/etc/tinc"); safe_mkdir("/usr/local/etc/tinc/hosts"); - $_rcfile['file']='tinc.sh'; - $_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t"; - $_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t"; - write_rcfile($_rcfile); + $rc['file'] = 'tinc.sh'; + $rc['start'] .= "/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t"; + $rc['stop'] .= "/usr/local/sbin/tincd --kill \n\t"; + write_rcfile($rc); unlink_if_exists("/usr/local/etc/rc.d/tincd"); clear_log_file("/var/log/tinc.log"); - - conf_mount_rw(); - /* Create Interface Group */ - if (!is_array($config['ifgroups']['ifgroupentry'])) - $config['ifgroups']['ifgroupentry'] = array(); - - $a_ifgroups = &$config['ifgroups']['ifgroupentry']; - $ifgroupentry = array(); - $ifgroupentry['members'] = ''; - $ifgroupentry['descr'] = 'tinc mesh VPN interface group'; - $ifgroupentry['ifname'] = 'tinc'; - $a_ifgroups[] = $ifgroupentry; + /* Create Interface Group */ + if (!is_array($config['ifgroups']['ifgroupentry'])) { + $config['ifgroups']['ifgroupentry'] = array(); + } - /* XXX: Do not remove this. */ - mwexec("/bin/rm -f /tmp/config.cache"); + $a_ifgroups = &$config['ifgroups']['ifgroupentry']; + $ifgroupentry = array(); + $ifgroupentry['members'] = ''; + $ifgroupentry['descr'] = 'tinc mesh VPN interface group'; + $ifgroupentry['ifname'] = 'tinc'; + $a_ifgroups[] = $ifgroupentry; - write_config(); + /* XXX: Do not remove this. WTH?! */ + mwexec("/bin/rm -f /tmp/config.cache"); - conf_mount_ro(); + write_config("[tinc] Package installed."); } function tinc_deinstall() { global $config; - /* Remove Interface Group */ - conf_mount_rw(); - if (!is_array($config['ifgroups']['ifgroupentry'])) - $config['ifgroups']['ifgroupentry'] = array(); - - $a_ifgroups = &$config['ifgroups']['ifgroupentry']; - - $myid=-1; - $i = 0; - foreach ($a_ifgroups as $ifgroupentry) - { - if($ifgroupentry['ifname']=='tinc') - { - $myid=$i; - break; - } - $i++; - } - - if ($myid >= 0 && $a_ifgroups[$myid]) - { - $members = explode(" ", $a_ifgroups[$_GET['id']]['members']); - foreach ($members as $ifs) - { - $realif = get_real_interface($ifs); - if ($realif) - mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname'])); - } - unset($a_ifgroups[$myid]); - mwexec("/bin/rm -f /tmp/config.cache"); - write_config(); - } - conf_mount_ro(); + /* Remove Interface Group */ + if (!is_array($config['ifgroups']['ifgroupentry'])) { + $config['ifgroups']['ifgroupentry'] = array(); + } + + $a_ifgroups = &$config['ifgroups']['ifgroupentry']; + + $myid = -1; + $i = 0; + foreach ($a_ifgroups as $ifgroupentry) { + if ($ifgroupentry['ifname'] == 'tinc') { + $myid = $i; + break; + } + $i++; + } + + if ($myid >= 0 && $a_ifgroups[$myid]) { + $members = explode(" ", $a_ifgroups[$_GET['id']]['members']); + foreach ($members as $ifs) { + $realif = get_real_interface($ifs); + if ($realif) { + mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname'])); + } + } + unset($a_ifgroups[$myid]); + /* WTH?! */ + mwexec("/bin/rm -f /tmp/config.cache"); + write_config("[tinc] Package uninstalled."); + } rmdir_recursive("/var/tmp/tinc"); rmdir_recursive("/usr/local/etc/tinc*"); - unlink_if_exists("/usr/local/etc/rc.d/tinc.sh"); } +function tinc_validate_input($post, &$input_errors) { + if ($post['localip']) { + if ((!is_ipaddr($post['localip'])) && (!is_hostname($post['localip']))) { + $input_errors[] = gettext("'Local IP' must be a valid IP address or hostname."); + } + } + if ($post['address']) { + if ((!is_ipaddr($post['address'])) && (!is_hostname($post['address']))) { + $input_errors[] = gettext("'Host Address' must be a valid IP address or hostname."); + } + } + if (($post['localsubnet']) && (!is_subnet($post['localsubnet']))) { + $input_errors[] = gettext("'Local Subnet' must be a valid subnet."); + } + if (($post['subnet']) && (!is_subnet($post['subnet']))) { + $input_errors[] = gettext("'Subnet' must be a valid subnet."); + } +} ?> diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index 183ae161..89d1e8ce 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -1,103 +1,317 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - tinc.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + tinc.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> + <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> <name>tinc</name> - <version>1.0.23 v1.2.1</version> - <title>VPN: tinc</title> - <!-- Menu is where this packages menu will appear --> + <version>1.2.2</version> + <title>VPN: tinc - Config</title> + <include_file>/usr/local/pkg/tinc.inc</include_file> + <configpath>['installedpackages']['package']['$packagename']['config']</configpath> <menu> <name>tinc</name> - <tooltiptext>tinc is a mesh VPN daemon.</tooltiptext> <section>VPN</section> - <configfile>tinc_config.xml</configfile> - <url>/pkg_edit.php?xml=tinc_config.xml</url> + <configfile>tinc.xml</configfile> + <url>/pkg_edit.php?xml=tinc.xml</url> </menu> <menu> - <name>tincd</name> - <tooltiptext>Status of tinc VPN Daemon</tooltiptext> + <name>tinc VPN</name> <section>Status</section> <url>/status_tinc.php</url> </menu> - + <service> + <name>tinc</name> + <rcfile>tinc.sh</rcfile> + <executable>tincd</executable> + <description>Tinc Mesh VPN</description> + </service> + <tabs> + <tab> + <text>Config</text> + <url>/pkg_edit.php?xml=tinc.xml</url> + <active/> + </tab> + <tab> + <text>Hosts</text> + <url>/pkg.php?xml=tinc_hosts.xml</url> + </tab> + </tabs> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/tinc/tinc_config.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/tinc/status_tinc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc</item> </additional_files_needed> - - <service> - <name>tinc</name> - <rcfile>tinc.sh</rcfile> - <executable>tincd</executable> - <description>tinc mesh VPN</description> - </service> - <include_file>/usr/local/pkg/tinc.inc</include_file> - + <advanced_options>enabled</advanced_options> + <fields> + <field> + <name>Basic Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Tinc VPN</fielddescr> + <fieldname>enable</fieldname> + <description>Check this to enable tinc mesh VPN.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description> + <![CDATA[ + This is the name which identifies this tinc daemon.<br /> + It must be unique for the virtual private network this daemon will connect to. + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Local IP</fielddescr> + <fieldname>localip</fieldname> + <description> + <![CDATA[ + IP Address of local tunnel interface.<br /> + This is often the same IP as your routers LAN address. (Example: 192.168.2.1) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Local Subnet</fielddescr> + <fieldname>localsubnet</fieldname> + <description> + <![CDATA[ + Subnet behind this router that should be advertised to the mesh.<br /> + This is usually your LAN subnet. (Example: 192.168.2.0/24) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>VPN Netmask</fielddescr> + <fieldname>vpnnetmask</fieldname> + <description> + <![CDATA[ + This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.<br /> + It is usually broader then your local netmask. (Example: 255.255.0.0) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Address Family</fielddescr> + <fieldname>addressfamily</fieldname> + <description> + <![CDATA[ + This option affects the address family of listening and outgoing sockets.<br /> + If "Any" is selected, then - depending on the operating system - either both IPv4 and IPv6 or just IPv6 listening sockets will be created. + ]]> + </description> + <type>select</type> + <options> + <option> + <name>IPv4</name> + <value>ipv4</value> + </option> + <option> + <name>IPv6</name> + <value>ipv6</value> + </option> + <option> + <name>Any</name> + <value>any</value> + </option> + </options> + </field> + <field> + <fielddescr>RSA Private Key</fielddescr> + <fieldname>cert_key</fieldname> + <description> + <![CDATA[ + RSA private key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>70</cols> + </field> + <field> + <fielddescr>RSA Public Key</fielddescr> + <fieldname>cert_pub</fieldname> + <description> + <![CDATA[ + RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>70</cols> + </field> + <field> + <fielddescr>Generate RSA Key Pair</fielddescr> + <fieldname>gen_rsa</fieldname> + <description>This will generate a new RSA key pair in the fields above.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Extra Tinc Parameters</fielddescr> + <fieldname>extra</fieldname> + <description> + <![CDATA[ + Anything entered here will be added at the end of the tinc.conf configuration file.<br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Extra Host Parameters</fielddescr> + <fieldname>host_extra</fieldname> + <description> + <![CDATA[ + Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine.<br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Up Script</fielddescr> + <fieldname>tinc_up</fieldname> + <description> + <![CDATA[ + This script is executed right after the tinc daemon has connected to the virtual network device.<br /> + By default, a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group.<br /> + <strong>Note: Entering a value here complely replaces the default script; be sure to bring up the interface in this script!</strong> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Down Script</fielddescr> + <fieldname>tinc_down</fieldname> + <description>This script is executed right before the tinc daemon is going to close.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Up Script</fielddescr> + <fieldname>host_up</fieldname> + <description>This script is executed when any host becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Down Script</fielddescr> + <fieldname>host_down</fieldname> + <description>This script is executed when any host becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Up Script</fielddescr> + <fieldname>subnet_up</fieldname> + <description>This script is executed when any subnet becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Down Script</fielddescr> + <fieldname>subnet_down</fieldname> + <description>This script is executed when any subnet becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + </fields> <custom_php_install_command> tinc_install(); </custom_php_install_command> <custom_php_deinstall_command> tinc_deinstall(); </custom_php_deinstall_command> - + <custom_php_resync_config_command> + tinc_save(); + </custom_php_resync_config_command> + <custom_php_validation_command> + tinc_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/tinc/tinc_config.xml b/config/tinc/tinc_config.xml deleted file mode 100644 index d6ee9c26..00000000 --- a/config/tinc/tinc_config.xml +++ /dev/null @@ -1,215 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - tinc_config.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <name>tinc</name> - <version>1.0.19</version> - <title>VPN: tinc</title> - - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> - <configpath>['installedpackages']['package']['$packagename']['config']</configpath> - - <tabs> - <tab> - <text>Config</text> - <url>/pkg_edit.php?xml=tinc_config.xml</url> - <active/> - </tab> - <tab> - <text>Hosts</text> - <url>/pkg.php?xml=tinc_hosts.xml</url> - </tab> - </tabs> - <advanced_options>enabled</advanced_options> - <fields> - <field> - <fielddescr>Name</fielddescr> - <fieldname>name</fieldname> - <description>This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon will connect to.</description> - <type>input</type> - </field> - <field> - <fielddescr>Local IP</fielddescr> - <fieldname>localip</fieldname> - <description>IP Address of local tunnel interface. This is often the same IP as your routers LAN address, for example 192.168.2.1</description> - <type>input</type> - </field> - <field> - <fielddescr>Local Subnet</fielddescr> - <fieldname>localsubnet</fieldname> - <description>Subnet behind this router that should be advertised to the mesh. This is usually your LAN subnet, for example 192.168.2.0/24</description> - <type>input</type> - </field> - <field> - <fielddescr>VPN Netmask</fielddescr> - <fieldname>vpnnetmask</fieldname> - <description>This is the Netmask that defines what traffic is routed to the VPNs tunnel interface. It is usually broader then your local netmask, for example 255.255.0.0</description> - <type>input</type> - </field> - <field> - <fielddescr>AddressFamily</fielddescr> - <fieldname>addressfamily</fieldname> - <description>This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.</description> - <type>select</type> - <options> - <option> - <name>ipv4</name> - <value>ipv4</value> - </option> - <option> - <name>ipv6</name> - <value>ipv6</value> - </option> - <option> - <name>any</name> - <value>any</value> - </option> - </options> - </field> - <field> - <fielddescr>RSA private key</fielddescr> - <fieldname>cert_key</fieldname> - <description>RSA private key used for this host. Include the BEGIN and END lines. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>7</rows> - <cols>65</cols> - </field> - <field> - <fielddescr>RSA public key</fielddescr> - <fieldname>cert_pub</fieldname> - <description>RSA public key used for this host. Include the BEGIN and END lines. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>7</rows> - <cols>65</cols> - </field> - <field> - <fielddescr>Generate RSA key pair</fielddescr> - <fieldname>gen_rsa</fieldname> - <description>This will generate a new RSA key pair in the fields above.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Extra Tinc Parameters</fielddescr> - <fieldname>extra</fieldname> - <description>Anything entered here will be added at the end of the tinc.conf configuration file. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Extra Host Parameters</fielddescr> - <fieldname>host_extra</fieldname> - <description>Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Interface Up Script</fielddescr> - <fieldname>tinc_up</fieldname> - <description>This script is executed right after the tinc daemon has connected to the virtual network device. By default a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group. Entering a value here complely replaces the default script so be sure to bring up the interface in this script.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Interface Down Script</fielddescr> - <fieldname>tinc_down</fieldname> - <description>This script is executed right before the tinc daemon is going to close.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Host Up Script</fielddescr> - <fieldname>host_up</fieldname> - <description>This script is executed when any host becomes reachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Host Down Script</fielddescr> - <fieldname>host_down</fieldname> - <description>This script is executed when any host becomes unreachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Subnet Up Script</fielddescr> - <fieldname>subnet_up</fieldname> - <description>This script is executed when any subnet becomes reachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Subnet Down Script</fielddescr> - <fieldname>subnet_down</fieldname> - <description>This script is executed when any subnet becomes unreachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - </fields> - <include_file>/usr/local/pkg/tinc.inc</include_file> - <custom_php_resync_config_command> - tinc_save(); - </custom_php_resync_config_command> -</packagegui> diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml index 7741b7be..b521d4a2 100644 --- a/config/tinc/tinc_hosts.xml +++ b/config/tinc/tinc_hosts.xml @@ -1,57 +1,54 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - tinc_hosts.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + tinc_hosts.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>tinc Hosts</description> - <requirements></requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>tinchosts</name> - <version>1.0.19</version> + <version>1.2.2</version> <title>VPN: tinc - Hosts</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> + <include_file>/usr/local/pkg/tinc.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['config']</configpath> - <tabs> <tab> <text>Config</text> - <url>/pkg_edit.php?xml=tinc_config.xml</url> + <url>/pkg_edit.php?xml=tinc.xml</url> </tab> <tab> <text>Hosts</text> @@ -60,9 +57,6 @@ </tab> </tabs> <advanced_options>enabled</advanced_options> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> <adddeleteeditpagefields> <columnitem> <fielddescr>Name</fielddescr> @@ -83,20 +77,20 @@ </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> <description>Name of this host.</description> <type>input</type> + <required/> </field> <field> <fielddescr>Address</fielddescr> <fieldname>address</fieldname> <description>IP address or hostname of server.</description> <type>input</type> + <required/> </field> <field> <fielddescr>Subnet</fielddescr> @@ -104,6 +98,7 @@ <description>Subnet behind host (like 192.168.254.0/24)</description> <type>input</type> <size>50</size> + <required/> </field> <field> <fielddescr>Connect at Startup</fielddescr> @@ -114,54 +109,66 @@ <field> <fielddescr>RSA public key</fielddescr> <fieldname>cert_pub</fieldname> - <description>RSA public key used for this host. Include the BEGIN and END lines.<br></description> + <description> + <![CDATA[ + RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> <field> <fielddescr>Extra Parameters</fielddescr> <fieldname>extra</fieldname> - <description>Anything entered here will be added just prior to the public certiciate in the host configuration file. <br></description> + <description> + <![CDATA[ + Anything entered here will be added just prior to the public certiciate in the host configuration file.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> <field> <fielddescr>Host Up Script</fielddescr> <fieldname>host_up</fieldname> - <description>This script will be run when this host becomes reachable. <br></description> + <description> + <![CDATA[ + This script will be run when this host becomes reachable.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> <field> <fielddescr>Host Down Script</fielddescr> <fieldname>host_down</fieldname> - <description>This script will be run when this host becomes unreachable. <br></description> + <description> + <![CDATA[ + This script will be run when this host becomes unreachable.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> - </fields> - <include_file>/usr/local/pkg/tinc.inc</include_file> - <custom_add_php_command> - </custom_add_php_command> + </fields> <custom_php_resync_config_command> tinc_save(); </custom_php_resync_config_command> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_php_after_form_command> - </custom_php_after_form_command> <custom_delete_php_command> tinc_save(); </custom_delete_php_command> + <custom_php_validation_command> + tinc_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index cf2f97b8..7ac027b9 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -622,7 +622,6 @@ EOF; function vhosts_install_command() { global $config; - conf_mount_rw(); safe_mkdir("/usr/local/vhosts/"); write_rcfile(array( @@ -637,13 +636,9 @@ function vhosts_install_command() { function vhosts_deinstall_command() { - conf_mount_rw(); - stop_service("vhosts-http"); - unlink_if_exists("/usr/local/etc/rc.d/vhosts-http.sh"); exec("/bin/rm -f /usr/local/etc/rc.d/vhosts*"); exec("/bin/rm -f /var/etc/vhosts*"); exec("/bin/rm -rf /usr/local/www/packages/vhosts"); - conf_mount_ro(); } ?> diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 89a8b7c2..86a95346 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -30,7 +30,6 @@ require_once("util.inc"); function vnstat_install_deinstall() { - conf_mount_rw(); global $config; // Remove Vnstat package and files exec("/bin/rm -d -R /usr/local/www/vnstat2"); @@ -39,7 +38,6 @@ function vnstat_install_deinstall() { exec("/bin/rm /usr/local/etc/vnstat.conf"); // Remove vnstat cron entry from config.xml vnstat2_install_cron(false); - conf_mount_ro(); } function vnstat2_install_cron($vnstat_cron_value) { diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.inc b/config/zabbix-agent-lts/zabbix-agent-lts.inc index 7eb7c564..ddf04f6f 100644 --- a/config/zabbix-agent-lts/zabbix-agent-lts.inc +++ b/config/zabbix-agent-lts/zabbix-agent-lts.inc @@ -41,10 +41,6 @@ if ($pf_version == "2.1" || $pf_version == "2.2") { } function php_deinstall_zabbix_agent_lts() { - conf_mount_rw(); - - stop_service("zabbix_agentd_lts"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh"); unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); unlink_if_exists("/var/log/zabbix-agent-lts/zabbix_agentd_lts.log"); unlink_if_exists("/var/run/zabbix-agent-lts/zabbix_agentd_lts.pid"); @@ -55,8 +51,6 @@ function php_deinstall_zabbix_agent_lts() { if (is_dir("/var/run/zabbix-agent-lts")) { mwexec("/bin/rm -rf /var/run/zabbix-agent-lts/"); } - - conf_mount_ro(); } function validate_input_zabbix_agent_lts($post, &$input_errors) { diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.inc b/config/zabbix-proxy-lts/zabbix-proxy-lts.inc index f1b877b5..39ef4f2b 100644 --- a/config/zabbix-proxy-lts/zabbix-proxy-lts.inc +++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.inc @@ -41,10 +41,6 @@ if ($pf_version == "2.1" || $pf_version == "2.2") { } function php_deinstall_zabbix_proxy_lts() { - conf_mount_rw(); - - stop_service("zabbix_proxy_lts"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh"); unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy_lts.conf"); unlink_if_exists("/var/log/zabbix-proxy-lts/zabbix_proxy_lts.log"); unlink_if_exists("/var/run/zabbix-proxy-lts/zabbix_proxy_lts.pid"); @@ -58,8 +54,6 @@ function php_deinstall_zabbix_proxy_lts() { if (is_dir("/var/db/zabbix-proxy-lts")) { mwexec("/bin/rm -rf /var/db/zabbix-proxy-lts/"); } - - conf_mount_ro(); } function validate_input_zabbix_proxy_lts($post, &$input_errors) { |