aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/apache_mod_security/apache_mod_security.inc10
-rw-r--r--config/apache_mod_security/apache_mod_security.priv.inc42
-rw-r--r--config/apache_mod_security/apache_mod_security.xml6
-rw-r--r--config/apcupsd/apcupsd.priv.inc38
-rw-r--r--config/apcupsd/apcupsd.xml27
-rw-r--r--config/autoconfigbackup/autoconfigbackup.php21
-rw-r--r--config/autoconfigbackup/autoconfigbackup.xml2
-rw-r--r--config/checkmk-agent/checkmk.inc338
-rw-r--r--config/checkmk-agent/checkmk.xml41
-rw-r--r--config/checkmk-agent/checkmk_sync.xml108
-rw-r--r--config/ipguard/ipguard.inc181
-rw-r--r--config/ipguard/ipguard.priv.inc41
-rw-r--r--config/ipguard/ipguard.xml8
-rwxr-xr-xconfig/ipguard/ipguard_sync.xml99
-rw-r--r--config/ladvd/ladvd.inc23
-rw-r--r--config/ladvd/ladvd.priv.inc43
-rw-r--r--config/ladvd/ladvd.xml24
-rw-r--r--config/lcdproc-dev/lcdproc.priv.inc40
-rw-r--r--config/lcdproc-dev/lcdproc.xml12
-rw-r--r--config/lcdproc-dev/lcdproc_screens.xml10
-rw-r--r--config/lcdproc/lcdproc.priv.inc40
-rw-r--r--config/lcdproc/lcdproc.xml12
-rw-r--r--config/lcdproc/lcdproc_screens.xml10
-rw-r--r--config/mtr-nox11/mtr-nox11.priv.inc37
-rw-r--r--config/mtr-nox11/mtr-nox11.xml28
-rw-r--r--config/netio/netio.priv.inc43
-rw-r--r--config/netio/netio.xml29
-rw-r--r--config/netio/netioserver.xml18
-rw-r--r--config/notes/notes.priv.inc38
-rw-r--r--config/notes/notes.xml19
-rw-r--r--config/ntop2/ntop.inc157
-rw-r--r--config/ntop2/ntop.priv.inc37
-rw-r--r--config/ntop2/ntop.xml162
-rw-r--r--config/ntopng/ntopng.inc22
-rw-r--r--config/ntopng/ntopng.priv.inc37
-rw-r--r--config/ntopng/ntopng.xml6
-rw-r--r--config/nut/nut.priv.inc40
-rw-r--r--config/nut/nut.xml8
-rw-r--r--config/phpsysinfo/phpsysinfo.inc156
-rw-r--r--config/phpsysinfo/phpsysinfo.xml121
-rw-r--r--config/routed/routed.inc30
-rw-r--r--config/routed/routed.priv.inc38
-rw-r--r--config/routed/routed.xml14
-rw-r--r--config/rrd-summary/rrd-summary.priv.inc37
-rw-r--r--config/rrd-summary/rrd-summary.xml6
-rw-r--r--config/shellcmd/shellcmd.priv.inc38
-rw-r--r--config/shellcmd/shellcmd.xml8
-rw-r--r--config/spamd/spamd.priv.inc46
-rw-r--r--config/spamd/spamd.xml8
-rw-r--r--config/squidGuard-devel/squidguard.inc320
-rw-r--r--config/squidGuard-devel/squidguard.xml18
-rw-r--r--config/squidGuard-devel/squidguard_sync.xml118
-rw-r--r--config/squidGuard/squidguard.inc320
-rw-r--r--config/squidGuard/squidguard.xml18
-rw-r--r--config/squidGuard/squidguard_sync.xml118
-rw-r--r--config/suricata/suricata.xml2
-rw-r--r--config/suricata/suricata_barnyard.php80
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php73
-rw-r--r--config/suricata/suricata_flow_stream.php16
-rw-r--r--config/suricata/suricata_generate_yaml.php25
-rw-r--r--config/suricata/suricata_global.php2
-rw-r--r--config/suricata/suricata_interfaces_edit.php2
-rw-r--r--config/suricata/suricata_migrate_config.php20
-rw-r--r--config/suricata/suricata_post_install.php30
-rw-r--r--config/suricata/suricata_yaml_template.inc1
-rw-r--r--config/systempatches/patches.inc15
66 files changed, 2252 insertions, 1285 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index 69cc2126..63960b9e 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -49,7 +49,10 @@ function apache_mod_security_install() {
generate_apache_configuration();
$filename = "apache_mod_security.sh";
- $start = APACHEDIR . "/sbin/httpd -k start";
+ if (APACHEDIR != "/usr/local") {
+ $start = "/sbin/ldconfig -m " . APACHEDIR . "/lib\n";
+ }
+ $start .= APACHEDIR . "/sbin/httpd -k start";
$stop = APACHEDIR . "/sbin/httpd -k stop";
write_rcfile(array(
@@ -73,6 +76,9 @@ function apache_mod_security_deinstall() {
// Check Apache configuration syntax
function apache_mod_security_checkconfig() {
global $config, $g;
+ if (APACHEDIR != "/usr/local") {
+ mwexec("/sbin/ldconfig -m " . APACHEDIR . "/lib");
+ }
$status = mwexec(APACHEDIR . "/sbin/httpd -t");
if ($status) {
$input_errors[] = "[apache_mod_security]: There was an error parsing the Apache configuration: {$status}";
@@ -550,7 +556,7 @@ LoadModule status_module libexec/{$apache_version}/mod_status.so
LoadModule autoindex_module libexec/{$apache_version}/mod_autoindex.so
LoadModule asis_module libexec/{$apache_version}/mod_asis.so
LoadModule info_module libexec/{$apache_version}/mod_info.so
-LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so
+# LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so
LoadModule vhost_alias_module libexec/{$apache_version}/mod_vhost_alias.so
LoadModule negotiation_module libexec/{$apache_version}/mod_negotiation.so
LoadModule dir_module libexec/{$apache_version}/mod_dir.so
diff --git a/config/apache_mod_security/apache_mod_security.priv.inc b/config/apache_mod_security/apache_mod_security.priv.inc
new file mode 100644
index 00000000..e3989c9f
--- /dev/null
+++ b/config/apache_mod_security/apache_mod_security.priv.inc
@@ -0,0 +1,42 @@
+<?php
+/*
+ apache_mod_security.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-apache-modsecurity'] = array();
+$priv_list['page-services-apache-modsecurity']['name'] = "WebCfg - Services: ModSecurity/Apache Proxy Server";
+$priv_list['page-services-apache-modsecurity']['descr'] = "Allow access to ModSecurity/Apache Proxy Server package GUI";
+
+$priv_list['page-services-apache-modsecurity']['match'] = array();
+$priv_list['page-services-apache-modsecurity']['match'][] = "pkg.php?xml=apache_mod_security.xml*";
+$priv_list['page-services-apache-modsecurity']['match'][] = "pkg.php?xml=apache_mod_security_settings.xml*";
+$priv_list['page-services-apache-modsecurity']['match'][] = "pkg_edit.php?xml=apache_mod_security.xml*";
+$priv_list['page-services-apache-modsecurity']['match'][] = "pkg_edit.php?xml=apache_mod_security_settings.xml*";
+$priv_list['page-services-apache-modsecurity']['match'][] = "apache_mod_security_view_logs.php*";
+
+?>
diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml
index ee8c7fbb..a5b6e009 100644
--- a/config/apache_mod_security/apache_mod_security.xml
+++ b/config/apache_mod_security/apache_mod_security.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>apache_mod_security</name>
- <version>0.1.8</version>
+ <version>0.1.9</version>
<title>Services: Mod_Security+Apache+Proxy: Site Proxies</title>
<include_file>/usr/local/pkg/apache_mod_security.inc</include_file>
<menu>
@@ -62,6 +62,10 @@
<item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/priv/inc/</prefix>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_settings.xml</item>
</additional_files_needed>
diff --git a/config/apcupsd/apcupsd.priv.inc b/config/apcupsd/apcupsd.priv.inc
new file mode 100644
index 00000000..5526b99f
--- /dev/null
+++ b/config/apcupsd/apcupsd.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ apcupsd.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-apcupsd'] = array();
+$priv_list['page-services-apcupsd']['name'] = "WebCfg - Services: apcupsd";
+$priv_list['page-services-apcupsd']['descr'] = "Allow access to apcupsd package GUI";
+$priv_list['page-services-apcupsd']['match'] = array();
+$priv_list['page-services-apcupsd']['match'][] = "pkg_edit.php?xml=apcupsd.xml*";
+$priv_list['page-services-apcupsd']['match'][] = "apcupsd_status.php*";
+
+?>
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml
index 38c84e81..cb33b8ef 100644
--- a/config/apcupsd/apcupsd.xml
+++ b/config/apcupsd/apcupsd.xml
@@ -41,17 +41,20 @@
</copyright>
<name>Apcupsd</name>
<title>Services: Apcupsd (General)</title>
- <category>Monitoring</category>
- <version>0.3.7</version>
+ <version>0.3.9</version>
<include_file>/usr/local/pkg/apcupsd.inc</include_file>
- <addedit_string>Apcupsd has been created/modified.</addedit_string>
- <delete_string>Apcupsd has been deleted.</delete_string>
+ <addedit_string>Apcupsd configuration has been created/modified.</addedit_string>
+ <delete_string>Apcupsd configuration has been deleted.</delete_string>
<restart_command>/usr/local/etc/rc.d/apcupsd.sh restart</restart_command>
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
+ <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item>
<prefix>/usr/local/www/</prefix>
</additional_files_needed>
@@ -67,18 +70,18 @@
<name>Apcupsd</name>
<tooltiptext>Setup Apcupsd specific settings</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=apcupsd.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=apcupsd.xml</url>
</menu>
<service>
<name>apcupsd</name>
<rcfile>apcupsd.sh</rcfile>
<executable>apcupsd</executable>
- <description>Apcupsd a daemon for controlling APC UPSes</description>
+ <description>APC UPS Daemon</description>
</service>
<tabs>
<tab>
<text>General</text>
- <url>/pkg_edit.php?xml=apcupsd.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=apcupsd.xml</url>
<active/>
</tab>
<tab>
@@ -88,19 +91,19 @@
</tabs>
<fields>
<field>
- <name>General configuration parameters</name>
+ <name>General Configuration Parameters</name>
<type>listtopic</type>
</field>
<field>
<fielddescr>Enable</fielddescr>
<fieldname>apcupsdenabled</fieldname>
- <description>Enable APC UPS Daemon service</description>
+ <description>Enable APC UPS Daemon service.</description>
<type>checkbox</type>
</field>
<field>
<fielddescr>UPS Name</fielddescr>
<fieldname>upsname</fieldname>
- <description>Use this to give your UPS a name in log files and such</description>
+ <description>Use this to give your UPS a name in log files and such.</description>
<type>input</type>
<size>60</size>
<required>true</required>
@@ -199,7 +202,7 @@
<field>
<fielddescr>Kill on Power Fail</fielddescr>
<fieldname>killonpowerfail</fieldname>
- <description>Hibernate UPS on powerfail</description>
+ <description>Hibernate UPS on powerfail.</description>
<type>checkbox</type>
</field>
<field>
@@ -322,7 +325,7 @@
<default_value>3551</default_value>
</field>
<field>
- <name>Configuration statements used if sharing</name>
+ <name>UPS Sharing Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 5bf40736..9a7d67a1 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -82,6 +82,10 @@ if ($_REQUEST['download']) {
$pgtitle = "Diagnostics: Auto Configuration Backup";
}
+/* Set up time zones for conversion. See #5250 */
+$acbtz = new DateTimeZone('America/Chicago');
+$mytz = new DateTimeZone(date_default_timezone_get());
+
include("head.inc");
function get_hostnames() {
@@ -193,7 +197,9 @@ function get_hostnames() {
$savemsg = "An error occurred while trying to remove the item from portal.pfsense.org.";
} else {
curl_close($curl_session);
- $savemsg = "Backup revision {$_REQUEST['rmver']} has been removed.";
+ $budate = new DateTime($_REQUEST['rmver'], $acbtz);
+ $budate->setTimezone($mytz);
+ $savemsg = "Backup revision " . htmlspecialchars($budate->format(DATE_RFC2822)) . " has been removed.";
}
print_info_box($savemsg);
}
@@ -350,12 +356,19 @@ EOF;
// Loop through and create new confvers
$data_split = split("\n", $data);
$confvers = array();
+
foreach ($data_split as $ds) {
$ds_split = split($oper_sep, $ds);
$tmp_array = array();
$tmp_array['username'] = $ds_split[0];
$tmp_array['reason'] = $ds_split[1];
$tmp_array['time'] = $ds_split[2];
+
+ /* Convert the time from server time to local. See #5250 */
+ $budate = new DateTime($tmp_array['time'], $acbtz);
+ $budate->setTimezone($mytz);
+ $tmp_array['localtime'] = $budate->format(DATE_RFC2822);
+
if ($ds_split[2] && $ds_split[0]) {
$confvers[] = $tmp_array;
}
@@ -398,16 +411,16 @@ EOF;
foreach ($confvers as $cv):
?>
<tr valign="top">
- <td class="listlr"> <?= $cv['time']; ?></td>
+ <td class="listlr"> <?= $cv['localtime']; ?></td>
<td class="listbg"> <?= $cv['reason']; ?></td>
<td colspan="2" valign="middle" class="list" nowrap="nowrap">
- <a title="Restore this revision" onclick="return confirm('Are you sure you want to restore <?= $cv['time']; ?>?')" href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&newver=<?=urlencode($cv['time']);?>">
+ <a title="Restore this revision" onclick="return confirm('Are you sure you want to restore <?= $cv['localtime']; ?>?')" href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&newver=<?=urlencode($cv['time']);?>">
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
</a>
<a title="Show info" href="autoconfigbackup.php?download=<?=urlencode($cv['time']);?>&hostname=<?=urlencode($hostname)?>&reason=<?php echo urlencode($cv['reason']);?>">
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="" />
</a>
- <a title="Delete" onclick="return confirm('Are you sure you want to delete <?= $cv['time']; ?>?')"href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&rmver=<?=urlencode($cv['time']);?>">
+ <a title="Delete" onclick="return confirm('Are you sure you want to delete <?= $cv['localtime']; ?>?')"href="autoconfigbackup.php?hostname=<?=urlencode($hostname)?>&rmver=<?=urlencode($cv['time']);?>">
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
</a>
</td>
diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml
index dd83a9c7..f2fd8785 100644
--- a/config/autoconfigbackup/autoconfigbackup.xml
+++ b/config/autoconfigbackup/autoconfigbackup.xml
@@ -43,7 +43,7 @@
<description>Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server. Requires Gold Subscription from https://portal.pfsense.org</description>
<requirements>pfSense Portal subscription</requirements>
<name>AutoConfigBackup</name>
- <version>1.29</version>
+ <version>1.32</version>
<title>Diagnostics: Auto Configuration Backup</title>
<savetext>Change</savetext>
<include_file>/usr/local/pkg/autoconfigbackup.inc</include_file>
diff --git a/config/checkmk-agent/checkmk.inc b/config/checkmk-agent/checkmk.inc
index 67d82e6b..1ab92400 100644
--- a/config/checkmk-agent/checkmk.inc
+++ b/config/checkmk-agent/checkmk.inc
@@ -27,10 +27,11 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
+require_once("filter.inc");
+require_once("pfsense-utils.inc");
+require_once("util.inc");
+
define('ETC_SERVICES', '/etc/services');
-define('ETC_INETD', '/etc/inetd.conf');
-define('ETC_HOSTS_ALLOW', '/etc/hosts.allow');
-define('ETC_RC_CONF', '/etc/rc.conf.local');
function checkmk_install() {
/*
@@ -39,24 +40,62 @@ function checkmk_install() {
*/
$checkmk_bin = "/usr/local/bin/check_mk_agent";
$checkmk_url = 'http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob_plain;f=agents/check_mk_agent.freebsd;hb=e13899bde8bdafe13780427811c8153c59be807f';
- mwexec("fetch -o {$checkmk_bin} \"{$checkmk_url}\"");
+ mwexec("/usr/bin/fetch -o {$checkmk_bin} \"{$checkmk_url}\"");
chmod($checkmk_bin, 0755);
- sync_package_checkmk();
+ /* Detect possible junk left over after previous bad package versions */
+ checkmk_decrapify();
+}
+
+function checkmk_deinstall() {
+ /* Remove entry from /etc/services file */
+ checkmk_cleanup_etc_services_file();
+ /* Remove check_mk_agent script fetched via checkmk_install() */
+ unlink_if_exists("/usr/local/bin/check_mk_agent");
+ /* Detect possible junk left over after previous bad package versions */
+ checkmk_decrapify();
+}
+
+function checkmk_decrapify() {
+ $i = 0;
+ if (exec("/usr/bin/wc -l /etc/hosts.allow | /usr/bin/awk '{ print $1 }'") > 5) {
+ log_error("[check_mk-agent] Possibly redundant lines found in /etc/hosts.allow.");
+ $i++;
+ }
+ if (exec("/usr/bin/wc -l /etc/inetd.conf | /usr/bin/awk '{ print $1 }'") > 1) {
+ log_error("[check_mk-agent] Possibly redundant lines found in /etc/inetd.conf.");
+ $i++;
+ }
+ if (file_exists("/etc/rc.conf.local")) {
+ log_error("[check_mk-agent] /etc/rc.conf.local file found; this file does not exist normally on pfSense.");
+ $i++;
+ }
+ if ($i > 0) {
+ log_error("[check_mk-agent] Inconsistent configuration files; possibly caused by previous check_mk package versions.");
+ log_error("[check_mk-agent] Please, compare those against default distribution files at https://github.com/pfsense/pfsense and fix as required manually.");
+ file_notice("check_mk-agent", "Inconsistent configuration files found, possibly caused by previous check_mk package versions. See Status - System Logs - General for details.", "Packages", "");
+ }
}
function checkmk_text_area_decode($text) {
return preg_replace('/\r\n/', "\n", base64_decode($text));
}
+function checkmk_cleanup_etc_services_file() {
+ preg_match_all("/check_mk.*/", file_get_contents(ETC_SERVICES), $matches);
+ foreach ($matches[0] as $match => $value) {
+ if (!empty($value)) {
+ remove_text_from_file(ETC_SERVICES, "{$value}\n");
+ }
+ }
+}
+
function sync_package_checkmk() {
global $config, $g, $mk_config;
- $update_conf = 0;
if (!is_array($config['installedpackages']['checkmk']['config'])) {
return;
}
-
$mk_config = $config['installedpackages']['checkmk']['config'][0];
$checkmk_bin = "/usr/local/bin/check_mk_agent";
@@ -71,193 +110,200 @@ function sync_package_checkmk() {
conf_mount_rw();
-
- /* Check services file. */
- $mk_services = file(ETC_SERVICES);
+ /* Check /etc/services file; remove any previous entries first since port could have changed */
+ checkmk_cleanup_etc_services_file();
$port = ($mk_config['checkmkport'] ? $mk_config['checkmkport'] : "6556");
- foreach ($mk_services as $mk_service) {
- if (!preg_match("/check_mk/", $mk_service)) {
- $mk_service_file.=chop($mk_service)."\n";
- }
- }
- if ($mk_config['checkmkenable']=="on") {
- $mk_service_file .= "check_mk {$port}/tcp #check_mk agent\n";
- file_put_contents(ETC_SERVICES, $mk_service_file, LOCK_EX);
- }
-
- /* Check inetd file. */
- $mk_inetds = file(ETC_INETD);
- foreach ($mk_inetds as $mk_inetd) {
- if (!preg_match("/check_mk/",$mk_inetd)) {
- $mk_inetd_file.=chop($mk_inetd)."\n";
- }
- }
- if ($mk_config['checkmkenable']=="on") {
- $mk_inetd_file .= "check_mk stream tcp nowait root /usr/local/bin/check_mk_agent check_mk\n";
- }
- file_put_contents(ETC_INETD, $mk_inetd_file, LOCK_EX);
-
- /* Check hosts.allow file. */
- $mk_hosts = file(ETC_HOSTS_ALLOW);
- $inet_daemons_count = 0;
- foreach ($mk_hosts as $mk_host) {
- if (!preg_match("/check_mk/",$mk_host)) {
- $mk_hosts_file .= chop($mk_host) . "\n";
- }
- if (preg_match("/^\w+/")) {
- $inet_daemons_count++;
- }
- }
if ($mk_config['checkmkenable'] == "on") {
- foreach (explode(',',$mk_config['checkmkhosts']) as $check_mk_host) {
- $mk_hosts_file .= "check_mk : {$check_mk_host} : allow\n";
- $inet_daemons_count++;
- }
+ $mk_service_file = "check_mk {$port}/tcp #check_mk agent\n";
+ add_text_to_file(ETC_SERVICES, $mk_service_file);
}
- file_put_contents(ETC_HOSTS_ALLOW, $mk_hosts_file, LOCK_EX);
- /* Check inetd daemon rc_conf option. */
- $mk_rc_confs= file(ETC_RC_CONF);
- foreach ($mk_rc_confs as $mk_rc_conf) {
- if (!preg_match("/inetd_/",$mk_rc_conf)) {
- $mk_rc_conf_file .= chop($mk_rc_conf)."\n";
+ conf_mount_ro();
+
+ /* Run XMLRPC sync if not booting */
+ if (function_exists("platform_booting")) {
+ if (platform_booting()) {
+ return;
}
+ } elseif ($g['booting']) {
+ return;
+ } else {
+ checkmk_sync_on_changes();
}
- if ($mk_config['checkmkenable']=="on") {
- $mk_rc_conf_file .= 'inetd_enable="YES"' . "\n";
- $mk_rc_conf_file .= 'inetd_flags="-wW"' . "\n";
- }
+}
- file_put_contents(ETC_RC_CONF, $mk_rc_conf_file, LOCK_EX);
- if ($inet_daemons_count > 0) {
- mwexec("/etc/rc.d/inetd restart");
+function checkmk_generate_rules($type) {
+ global $config;
+
+ if (is_array($config['installedpackages']['checkmk']['config'])) {
+ $mk_config = $config['installedpackages']['checkmk']['config'][0];
} else {
- mwexec("/etc/rc.d/inetd stop");
+ $mk_config = array();
}
-
- /* Write config if any file from filesystem was loaded. */
- if ($update_conf > 0) {
- write_config();
+ $mk_config = $config['installedpackages']['checkmk']['config'][0];
+ if ($mk_config['checkmkenable'] != "on") {
+ return;
}
- conf_mount_ro();
+ if ($type != "nat") {
+ return;
+ }
- checkmk_sync_on_changes();
+ /* Add checkmk daemon to inetd */
+ $inetd_fd = fopen("/var/etc/inetd.conf", "a+");
+ fwrite($inetd_fd, "check_mk\t\tstream\ttcp\tnowait\t\troot\t/usr/local/bin/check_mk_agent\tcheck_mk \n");
+ fclose($inetd_fd);
+
+ /* Generate NAT rules */
+ if (!empty($mk_config['checkmkifaces'])) {
+ $checkmkifs = explode(",", $mk_config['checkmkifaces']);
+ $checkmkhosts = $mk_config['checkmkhosts'] ?: "any";
+ $checkmkport = $mk_config['checkmkport'] ?: "6556";
+ foreach ($checkmkifs as $checkmkif) {
+ if (empty($checkmkif)) {
+ continue;
+ }
+ $interface = get_real_interface($checkmkif);
+ if (empty($interface)) {
+ continue;
+ }
+ $ip = find_interface_ip($interface);
+ if (!is_ipaddrv4($ip)) {
+ continue;
+ }
+
+ if (is_subnetv4($checkmkhosts) || is_ipaddr($checkmkhosts) || $checkmkhosts == "any") {
+ $natrules .= "rdr on {$interface} proto tcp from {$checkmkhosts} to {$ip} port {$checkmkport} -> 127.0.0.1 port {$checkmkport}\n";
+ } elseif (is_alias($checkmkhosts)) {
+ $natrules .= "rdr on {$interface} proto tcp from \${$checkmkhosts} to {$ip} port {$checkmkport} -> 127.0.0.1 port {$checkmkport}\n";
+ }
+ }
+ }
+ return $natrules;
}
function checkmk_validate_input($post, &$input_errors) {
- foreach ($post as $key => $value) {
- if (empty($value)) {
- continue;
- }
- if (substr($key, 0, 3) == "port" && !preg_match("/^\d+$/", $value)) {
- $input_errors[] = "{$value} is no a valid port number";
- }
- if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) {
- $input_errors[] = "Do not use special characters on description";
- }
- if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) {
- $input_errors[] = "Do not use special characters on filename";
- }
-
+ if (!empty($post["checkmkport"]) && !is_port($post["checkmkport"])) {
+ $input_errors[] = "You must specify a valid port in 'Listen Port' field.";
+
+ }
+ if (empty($post["checkmkifaces"])) {
+ $input_errors[] = "One or more 'Listen Interface(s)' must be selected";
+ }
+ if (!empty($post["checkmkhosts"]) && !(is_alias($post["checkmkhosts"]) || is_subnetv4($post["checkmkhosts"]) || is_ipaddrv4($post["checkmkhosts"]))) {
+ $input_errors[] = "You must specify a valid IP address, subnet or alias in 'Hosts Allowed' field.";
}
}
/* Uses XMLRPC to synchronize the changes to a remote node. */
function checkmk_sync_on_changes() {
- global $config, $g;
+ global $config;
+
if (is_array($config['installedpackages']['checkmksync']['config'])) {
$checkmk_sync = $config['installedpackages']['checkmksync']['config'][0];
$synconchanges = $checkmk_sync['synconchanges'];
- $synctimeout = $checkmk_sync['synctimeout'];
+ $synctimeout = $checkmk_sync['synctimeout'] ?: '250';
switch ($synconchanges) {
case "manual":
- if (is_array($checkmk_sync[row])) {
- $rs = $checkmksync[row];
+ if (is_array($checkmk_sync['row'])) {
+ $rs = $checkmk_sync['row'];
} else {
- log_error("[check_mk-agent] XMLRPC sync is enabled but there is no hosts to push on squid config.");
+ log_error("[check_mk-agent] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
}
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) {
- $system_carp = $config['installedpackages']['carpsettings']['config'][0];
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
$rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
$rs[0]['username'] = $system_carp['username'];
$rs[0]['password'] = $system_carp['password'];
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[check_mk-agent] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
+ }
} else {
- log_error("[check_mk-agent] XMLRPC sync is enabled but there is no system backup hosts to push squid config.");
+ log_error("[check_mk-agent] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
}
break;
default:
return;
- break;
+ break;
}
if (is_array($rs)) {
log_error("[check_mk-agent] XMLRPC sync is starting.");
foreach ($rs as $sh) {
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if ($sh['username']) {
- $username = $sh['username'];
- } else {
- $username = 'admin';
- }
- if ($password && $sync_to_ip) {
- checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout);
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
+ $sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
+ $password = $sh['password'];
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ checkmk_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[check_mk-agent] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
}
- log_error("[check_mk-agent] XMLRPC sync is ending.");
}
+ log_error("[check_mk-agent] XMLRPC sync completed.");
}
- }
+ }
}
/* Do the actual XMLRPC sync. */
-function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) {
+function checkmk_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
global $config, $g;
- if (!$username) {
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[check_mk-agent] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- if (!$password) {
- return;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- if (!$sync_to_ip) {
- return;
- }
+ $url = "{$protocol}://{$sync_to_ip}";
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* If port is empty, let's rely on the protocol selection. */
- if ($port == "") {
- if($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $synchronizetoip .= $sync_to_ip;
-
- /* xml will hold the sections to sync. */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['checkmk'] = $config['installedpackages']['checkmk'];
-
/* Assemble XMLRPC payload. */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* Set a few variables needed for sync code; borrowed from filter.inc. */
- $url = $synchronizetoip;
- log_error("[check_mk-agent] Beginning checkmk XMLRPC sync to {$url}:{$port}.");
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -265,17 +311,17 @@ function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout)
if ($g['debug']) {
$cli->setDebug(1);
}
- /* Send our XMLRPC message and timeout after 250 seconds. */
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "[check_mk-agent] A communications error occurred while attempting checkmk XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[check_mk-agent] {$error}");
file_notice("sync_settings", $error, "checkmk Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "[check_mk-agent] An error code was received while attempting checkmk XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[check_mk-agent] {$error}");
file_notice("sync_settings", $error, "checkmk Settings Sync", "");
} else {
log_error("[check_mk-agent] XMLRPC sync successfully completed with {$url}:{$port}.");
@@ -286,25 +332,21 @@ function checkmk_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout)
$execcmd = "require_once('/usr/local/pkg/checkmk.inc');\n";
$execcmd .= "sync_package_checkmk();";
/* Assemble XMLRPC payload. */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("[check_mk-agent] XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
$resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "[check_mk-agent] A communications error occurred while attempting checkmk XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error("[check_mk-agent] {$error}");
file_notice("sync_settings", $error, "checkmk Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
$resp = $cli->send($msg, $synctimeout);
- $error = "[check_mk-agent] An error code was received while attempting checkmk XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[check_mk-agent] {$error}");
file_notice("sync_settings", $error, "checkmk Settings Sync", "");
} else {
log_error("[check_mk-agent] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml
index b24edca7..6ded083c 100644
--- a/config/checkmk-agent/checkmk.xml
+++ b/config/checkmk-agent/checkmk.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>checkmk</name>
- <version>0.1.5</version>
+ <version>0.1.6</version>
<title>check_mk Agent</title>
<include_file>/usr/local/pkg/checkmk.inc</include_file>
<additional_files_needed>
@@ -63,22 +63,26 @@
<section>Diagnostics</section>
<url>/pkg_edit.php?xml=checkmk.xml</url>
</menu>
+ <service>
+ <name>check_mk</name>
+ <executable>inetd</executable>
+ <description>check_mk Agent</description>
+ </service>
<tabs>
<tab>
- <text>Config</text>
+ <text>Settings</text>
<url>/pkg_edit.php?xml=checkmk.xml</url>
<active/>
</tab>
<tab>
- <text>XMLRPC Sync</text>
+ <text>Sync</text>
<url>/pkg_edit.php?xml=checkmk_sync.xml</url>
</tab>
</tabs>
<fields>
<field>
<type>listtopic</type>
- <fieldname>temp</fieldname>
- <name>check_mk Agent Configuration</name>
+ <name>General Settings</name>
</field>
<field>
<fielddescr>Enable check_mk Agent</fielddescr>
@@ -91,19 +95,29 @@
For reference, see <a href="https://github.com/sileht/check_mk/tree/master/doc">project documentation at GitHub</a>.
]]>
</description>
- <required/>
</field>
<field>
<fielddescr>Listen Port</fielddescr>
<fieldname>checkmkport</fieldname>
<type>input</type>
<size>10</size>
- <description>Enter port to listen on. Leave empty to use Default port 6556.</description>
+ <default_value>6556</default_value>
+ <description>Enter port to listen on. (Default: 6556)</description>
+ <required/>
+ </field>
+ <field>
+ <fielddescr>Listen Interface(s)</fielddescr>
+ <fieldname>checkmkifaces</fieldname>
+ <type>interfaces_selection</type>
+ <size>5</size>
+ <description>Select interface(s) to listen on.</description>
+ <hideinterfaceregex>loopback</hideinterfaceregex>
+ <required/>
</field>
<field>
- <fielddescr>Hosts.allow</fielddescr>
+ <fielddescr>Hosts Allowed</fielddescr>
<fieldname>checkmkhosts</fieldname>
- <description>Enter hosts (comma separated) that can communicate with this agent.</description>
+ <description>Enter an IP address, subnet or alias for host(s) that can communicate with this agent. (Leave empty to allow any host.)</description>
<type>input</type>
<size>60</size>
</field>
@@ -111,13 +125,16 @@
<custom_php_install_command>
checkmk_install();
</custom_php_install_command>
+ <custom_php_deinstall_command>
+ checkmk_deinstall();
+ </custom_php_deinstall_command>
<custom_php_validation_command>
checkmk_validate_input($_POST, $input_errors);
</custom_php_validation_command>
- <custom_delete_php_command>
- sync_package_checkmk();
- </custom_delete_php_command>
<custom_php_resync_config_command>
sync_package_checkmk();
</custom_php_resync_config_command>
+ <filter_rules_needed>
+ checkmk_generate_rules
+ </filter_rules_needed>
</packagegui>
diff --git a/config/checkmk-agent/checkmk_sync.xml b/config/checkmk-agent/checkmk_sync.xml
index 1165152c..c08d280f 100644
--- a/config/checkmk-agent/checkmk_sync.xml
+++ b/config/checkmk-agent/checkmk_sync.xml
@@ -42,16 +42,16 @@
]]>
</copyright>
<name>checkmksync</name>
- <version>0.1.4</version>
+ <version>0.1.6</version>
<title>check_mk Agent: Sync</title>
<include_file>/usr/local/pkg/checkmk.inc</include_file>
<tabs>
<tab>
- <text>Config</text>
+ <text>Settings</text>
<url>/pkg_edit.php?xml=checkmk.xml</url>
</tab>
<tab>
- <text>XMLRPC Sync</text>
+ <text>Sync</text>
<url>/pkg_edit.php?xml=checkmk_sync.xml</url>
<active/>
</tab>
@@ -59,88 +59,91 @@
<fields>
<field>
<type>listtopic</type>
- <fieldname>temp</fieldname>
- <name>Enable check_mk configuration sync</name>
+ <name>XMLRPC Sync</name>
</field>
<field>
- <fielddescr>Sync Option</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Automatically sync check_mk configuration changes.</description>
+ <description>
+ <![CDATA[
+ Select a sync method for check_mk agent.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
- <option>
- <name>Sync to configured system backup server</name>
- <value>auto</value>
- </option>
- <option>
- <name>Sync to host(s) defined below</name>
- <value>manual</value>
- </option>
- <option>
- <name>Do not sync this package configuration</name>
- <value>disabled</value>
- </option>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
</options>
</field>
<field>
<fielddescr>Sync Timeout</fielddescr>
<fieldname>synctimeout</fieldname>
- <description>Select sync max wait time</description>
+ <description>XMLRPC timeout in seconds.</description>
<type>select</type>
<required/>
<default_value>250</default_value>
<options>
- <option>
- <name>250 seconds (Default)</name>
- <value>250</value>
- </option>
- <option>
- <name>120 seconds</name>
- <value>120</value>
- </option>
- <option>
- <name>90 seconds</name>
- <value>90</value>
- </option>
- <option>
- <name>60 seconds</name>
- <value>60</value>
- </option>
- <option>
- <name>30 seconds</name>
- <value>30</value>
- </option>
+ <option><name>250 seconds (Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
</options>
</field>
<field>
- <fielddescr>Remote Servers</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
- <fielddescr>IP Address</fielddescr>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>ipaddress</fieldname>
- <description>IP Address of remote server</description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>20</size>
- <required/>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Username</fielddescr>
+ <fielddescr>Username (admin)</fielddescr>
<fieldname>username</fieldname>
- <description>Username on remote server</description>
+ <description><![CDATA[Enter the username account for administration.]]></description>
<type>input</type>
<size>20</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>Password</fielddescr>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>password</fieldname>
- <description>Password for remote server</description>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
<size>20</size>
- <required/>
</rowhelperfield>
</rowhelper>
</field>
@@ -148,7 +151,4 @@
<custom_php_resync_config_command>
checkmk_sync_on_changes();
</custom_php_resync_config_command>
- <custom_php_command_before_form>
- unset($_POST['temp']);
- </custom_php_command_before_form>
</packagegui>
diff --git a/config/ipguard/ipguard.inc b/config/ipguard/ipguard.inc
index 68e08e9f..d51e4fe2 100644
--- a/config/ipguard/ipguard.inc
+++ b/config/ipguard/ipguard.inc
@@ -31,7 +31,6 @@ require_once("config.inc");
require_once("util.inc");
function ipguard_custom_php_deinstall_command() {
- stop_service('ipguard');
unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh");
$files = glob("/usr/local/etc/ipguard_*.conf");
unlink_if_exists($files);
@@ -50,8 +49,7 @@ function ipguard_custom_php_write_config() {
}
if (is_array($config['installedpackages']['ipguard']['config'])) {
- // Read config
- $new_config=array();
+ $new_config = array();
foreach ($config['installedpackages']['ipguard']['config'] as $ipguard) {
if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']) {
$new_config[$ipguard['interface']] .= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n";
@@ -59,8 +57,8 @@ function ipguard_custom_php_write_config() {
}
}
- $start="";
- $stop="pkill -anx ipguard";
+ $start = "";
+ $stop = "/bin/pkill -anx ipguard";
conf_mount_rw();
/* Create rc script and restart service if ipguard is enabled */
if (count($new_config) > 0 && $ipguard['enable']) {
@@ -81,13 +79,8 @@ function ipguard_custom_php_write_config() {
$iface = convert_friendly_interface_to_real_interface_name($key);
$start .= "/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t";
}
- write_rcfile(array(
- 'file' => 'ipguard.sh',
- 'start' => $start,
- 'stop' => $stop
- ));
+ write_rcfile(array('file' => 'ipguard.sh', 'start' => $start, 'stop' => $stop));
restart_service('ipguard');
-
} else {
/* Otherwise, stop the service and remove rc script */
stop_service('ipguard');
@@ -96,7 +89,6 @@ function ipguard_custom_php_write_config() {
}
conf_mount_ro();
- /* Sync config with other pfSense servers */
ipguard_sync_on_changes();
}
@@ -104,64 +96,111 @@ function ipguard_custom_php_write_config() {
function ipguard_sync_on_changes() {
global $config, $g;
- if (is_array($config['installedpackages']['ipguardsync'])) {
- if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) {
+ if (is_array($config['installedpackages']['ipguardsync']['config'])) {
+ $ipguard_sync = $config['installedpackages']['ipguardsync']['config'][0];
+ $synconchanges = $ipguard_sync['synconchanges'];
+ $synctimeout = $ipguard_sync['synctimeout'] ?: '250';
+ switch ($synconchanges) {
+ case "manual":
+ if (is_array($ipguard_sync['row'])) {
+ $rs = $ipguard_sync['row'];
+ } else {
+ log_error("[ipguard] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['ipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['username'] = $system_carp['username'];
+ $rs[0]['password'] = $system_carp['password'];
+ $rs[0]['syncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == "http") {
+ $rs[0]['syncprotocol'] = "http";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['syncprotocol'] = "https";
+ $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443';
+ }
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[ipguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ } else {
+ $rs[0]['syncdestinenable'] = TRUE;
+ }
+ } else {
+ log_error("[ipguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
+ }
+ if (is_array($rs)) {
log_error("[ipguard] XMLRPC sync is starting.");
- foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ) {
- foreach ($rs['row'] as $sh) {
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['syncdestinenable']) {
$sync_to_ip = $sh['ipaddress'];
+ $port = $sh['syncport'];
+ $username = $sh['username'] ?: 'admin';
$password = $sh['password'];
- if ($password && $sync_to_ip) {
- ipguard_do_xmlrpc_sync($sync_to_ip, $password);
+ $protocol = $sh['syncprotocol'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
+ }
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
+ }
+ if (!is_port($port)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ ipguard_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout);
+ } else {
+ log_error("[ipguard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
}
}
}
- log_error("[ipguard] XMLRPC sync is ending.");
+ log_error("[ipguard] XMLRPC sync completed.");
}
- }
+ }
}
/* Do the actual XMLRPC sync */
-function ipguard_do_xmlrpc_sync($sync_to_ip, $password) {
- global $config, $g;
+function ipguard_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) {
+ global $config;
- if (!$password) {
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") {
+ log_error("[ipguard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
}
- if (!$sync_to_ip) {
- return;
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
}
- $username = 'admin';
- $xmlrpc_sync_neighbor = $sync_to_ip;
- if ($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* If port is empty, let's rely on the protocol selection */
- if ($port == "") {
- if ($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$protocol}://{$sync_to_ip}";
- /* xml will hold the sections to sync */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['ipguard'] = $config['installedpackages']['ipguard'];
- /* Assemble XMLRPC payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* Set a few variables needed for sync code; borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("Beginning ipguard XMLRPC sync to {$url}:{$port}.");
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -169,49 +208,45 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) {
if ($g['debug']) {
$cli->setDebug(1);
}
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
+ /* Send our XMLRPC message and timeout after defined sync timeout value */
+ $resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port}.";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[ipguard] {$error}");
file_notice("sync_settings", $error, "ipguard Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[ipguard] {$error}");
file_notice("sync_settings", $error, "ipguard Settings Sync", "");
} else {
- log_error("ipguard XMLRPC sync successfully completed with {$url}:{$port}.");
+ log_error("[ipguard] XMLRPC sync successfully completed with {$url}:{$port}.");
}
- /* tell ipguard to reload our settings on the destination sync host. */
+ /* Tell ipguard to reload our settings on the destination sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n";
$execcmd .= "ipguard_custom_php_write_config();";
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
- log_error("ipguard XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials($username, $password);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
if (!$resp) {
- $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
- log_error($error);
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error("[ipguard] {$error}");
file_notice("sync_settings", $error, "ipguard Settings Sync", "");
} elseif ($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
- $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
+ $resp = $cli->send($msg, $synctimeout);
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[ipguard] {$error}");
file_notice("sync_settings", $error, "ipguard Settings Sync", "");
} else {
- log_error("ipguard XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ log_error("[ipguard] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
}
diff --git a/config/ipguard/ipguard.priv.inc b/config/ipguard/ipguard.priv.inc
new file mode 100644
index 00000000..bfa0e71a
--- /dev/null
+++ b/config/ipguard/ipguard.priv.inc
@@ -0,0 +1,41 @@
+<?php
+/*
+ ipguard.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-firewall-ipguard'] = array();
+$priv_list['page-firewall-ipguard']['name'] = "WebCfg - Firewall: IPguard package";
+$priv_list['page-firewall-ipguard']['descr'] = "Allow access to IPguard package GUI";
+
+$priv_list['page-firewall-ipguard']['match'] = array();
+$priv_list['page-firewall-ipguard']['match'][] = "pkg.php?xml=ipguard.xml*";
+$priv_list['page-firewall-ipguard']['match'][] = "pkg.php?xml=ipguard_sync.xml*";
+$priv_list['page-firewall-ipguard']['match'][] = "pkg_edit.php?xml=ipguard.xml*";
+$priv_list['page-firewall-ipguard']['match'][] = "pkg_edit.php?xml=ipguard_sync.xml*";
+
+?>
diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml
index 2b13e7e0..71ea7fa2 100644
--- a/config/ipguard/ipguard.xml
+++ b/config/ipguard/ipguard.xml
@@ -42,14 +42,12 @@
]]>
</copyright>
<name>ipguard</name>
- <version>0.1.1</version>
+ <version>0.1.3</version>
<title>Firewall: IPguard</title>
- <description>IPguard MACs/IP</description>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/ipguard.inc</include_file>
<menu>
<name>IPguard</name>
- <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing.</tooltiptext>
<section>Firewall</section>
<url>/pkg.php?xml=ipguard.xml</url>
</menu>
@@ -65,6 +63,10 @@
<item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item>
</additional_files_needed>
diff --git a/config/ipguard/ipguard_sync.xml b/config/ipguard/ipguard_sync.xml
index 609dd6ca..e477ce3f 100755
--- a/config/ipguard/ipguard_sync.xml
+++ b/config/ipguard/ipguard_sync.xml
@@ -42,8 +42,8 @@
]]>
</copyright>
<name>ipguardsync</name>
- <version>0.1.1</version>
- <title>IPguard - Sync</title>
+ <version>0.1.3</version>
+ <title>Firewall: IPguard: Sync</title>
<include_file>/usr/local/pkg/ipguard.inc</include_file>
<tabs>
<tab>
@@ -62,30 +62,89 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync configuration changes</fielddescr>
+ <fielddescr>Enable Sync</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>Automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>
+ <![CDATA[
+ Select a sync method for IPguard.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
+ <type>select</type>
+ <required/>
+ <default_value>disabled</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
</field>
<field>
- <fielddescr>Remote Server</fielddescr>
+ <fielddescr>Sync Timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>XMLRPC timeout in seconds.</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds (Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
- <rowhelperfield>
- <fielddescr>IP Address</fielddescr>
- <fieldname>ipaddress</fieldname>
- <description>IP Address of remote server</description>
- <type>input</type>
- <size>20</size>
- </rowhelperfield>
- <rowhelperfield>
- <fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Password for remote server.</description>
- <type>password</type>
- <size>20</size>
- </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>syncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Protocol</fielddescr>
+ <fieldname>syncprotocol</fieldname>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
+ <type>select</type>
+ <default_value>HTTP</default_value>
+ <options>
+ <option><name>HTTP</name><value>http</value></option>
+ <option><name>HTTPS</name><value>https</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>IP Address/Hostname</fielddescr>
+ <fieldname>ipaddress</fieldname>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
+ <type>input</type>
+ <size>40</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Port</fielddescr>
+ <fieldname>syncport</fieldname>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
+ <type>input</type>
+ <size>3</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Username (admin)</fielddescr>
+ <fieldname>username</fieldname>
+ <description><![CDATA[Enter the username account for administration.]]></description>
+ <type>input</type>
+ <size>20</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
+ <fieldname>password</fieldname>
+ <description><![CDATA[Password of the user "admin" on the destination host.]]></description>
+ <type>password</type>
+ <size>20</size>
+ </rowhelperfield>
</rowhelper>
</field>
</fields>
diff --git a/config/ladvd/ladvd.inc b/config/ladvd/ladvd.inc
index da37a1a9..c1d769ab 100644
--- a/config/ladvd/ladvd.inc
+++ b/config/ladvd/ladvd.inc
@@ -36,18 +36,24 @@ require_once("pkg-utils.inc");
function ladvd_resync_config() {
global $config;
- conf_mount_rw();
-
- if (!is_array($config['installedpackages']['ladvd']))
+ if (!is_array($config['installedpackages']['ladvd'])) {
return;
- if (!is_array($config['installedpackages']['ladvd']['config']))
+ }
+ if (!is_array($config['installedpackages']['ladvd']['config'])) {
return;
+ }
$ladvd_conf = &$config['installedpackages']['ladvd']['config'][0];
+ conf_mount_rw();
/* ladvd is turned off in package settings */
- if (empty($ladvd_conf['enable']))
+ if (empty($ladvd_conf['enable'])) {
+ if (is_service_running("ladvd")) {
+ stop_service("ladvd");
+ }
+ unlink_if_exists("/usr/local/etc/rc.d/ladvd.sh");
return;
+ }
$cmdline = "";
@@ -98,7 +104,12 @@ function ladvd_resync_config() {
)
);
- restart_service("ladvd");
+ if (is_service_running("ladvd")) {
+ restart_service("ladvd");
+ } else {
+ start_service("ladvd");
+ }
+
sleep(1);
conf_mount_ro();
}
diff --git a/config/ladvd/ladvd.priv.inc b/config/ladvd/ladvd.priv.inc
new file mode 100644
index 00000000..5dd30d44
--- /dev/null
+++ b/config/ladvd/ladvd.priv.inc
@@ -0,0 +1,43 @@
+<?php
+/*
+ ladvd.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-ladvd'] = array();
+$priv_list['page-services-ladvd']['name'] = "WebCfg - Services: ladvd";
+$priv_list['page-services-ladvd']['descr'] = "Allow access to ladvd package GUI";
+$priv_list['page-services-ladvd']['match'] = array();
+$priv_list['page-services-ladvd']['match'][] = "pkg_edit.php?xml=ladvd.xml*";
+
+$priv_list['page-services-ladvd-status'] = array();
+$priv_list['page-services-ladvd-status']['name'] = "WebCfg - Status: ladvd";
+$priv_list['page-services-ladvd-status']['descr'] = "Allow access to ladvd status page";
+$priv_list['page-services-ladvd-status']['match'] = array();
+$priv_list['page-services-ladvd-status']['match'][] = "status_ladvd.php*";
+
+?>
diff --git a/config/ladvd/ladvd.xml b/config/ladvd/ladvd.xml
index 5862afca..42c6485e 100644
--- a/config/ladvd/ladvd.xml
+++ b/config/ladvd/ladvd.xml
@@ -44,17 +44,19 @@
</copyright>
<description>Link Layer Discovery Protocol</description>
<name>LADVD</name>
- <version>1.0.4.2</version>
+ <version>1.0.4.3</version>
<category>Network Management</category>
<title>Services: LADVD</title>
- <savetext>Save</savetext>
<include_file>/usr/local/pkg/ladvd.inc</include_file>
- <aftersaveredirect>/pkg_edit.php?xml=ladvd.xml&amp;id=0</aftersaveredirect>
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/ladvd/ladvd.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/ladvd/ladvd.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/ladvd/status_ladvd.php</item>
</additional_files_needed>
@@ -62,7 +64,7 @@
<name>LADVD</name>
<tooltiptext>Modify LADVD settings.</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=ladvd.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=ladvd.xml</url>
</menu>
<menu>
<name>LADVD Status</name>
@@ -74,12 +76,12 @@
<name>ladvd</name>
<rcfile>ladvd.sh</rcfile>
<executable>ladvd</executable>
- <description>Send and decode link layer advertisements.</description>
+ <description>Link Layer Discovery Protocol Daemon</description>
</service>
<tabs>
<tab>
<text>General</text>
- <url>/pkg_edit.php?xml=ladvd.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=ladvd.xml</url>
<active/>
</tab>
<tab>
@@ -89,7 +91,7 @@
</tabs>
<fields>
<field>
- <fielddescr>Enable ladvd</fielddescr>
+ <fielddescr>Enable</fielddescr>
<fieldname>enable</fieldname>
<description>Enable or disable ladvd.</description>
<enablefields>iface_array[],autoenable,silent,management,location,lldp,cdp,edp,ndp</enablefields>
@@ -105,7 +107,7 @@
<description>Select the interfaces that LADVD will bind to. You can use the CTRL or COMMAND key to select multiple interfaces.</description>
</field>
<field>
- <fielddescr>Auto-enable protocols</fielddescr>
+ <fielddescr>Auto-Enable Protocols</fielddescr>
<fieldname>autoenable</fieldname>
<description>Auto-enable protocols based on received packets (also enables receive mode).</description>
<type>checkbox</type>
@@ -113,11 +115,11 @@
<field>
<fielddescr>Silent</fielddescr>
<fieldname>silent</fieldname>
- <description>Silent, don't transmit packets.</description>
+ <description>Silent mode, do not transmit packets.</description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>Management interfaces</fielddescr>
+ <fielddescr>Management Interfaces</fielddescr>
<fieldname>management</fieldname>
<value>lan</value>
<type>interfaces_selection</type>
@@ -151,7 +153,7 @@
<field>
<fielddescr>Enable NDP</fielddescr>
<fieldname>ndp</fieldname>
- <description>Enable NDP (Nortel Discovery Protocol) formerly called SynOptics Network Management Protocol (SONMP).</description>
+ <description>Enable NDP (Nortel Discovery Protocol); formerly called SynOptics Network Management Protocol (SONMP).</description>
<type>checkbox</type>
</field>
</fields>
diff --git a/config/lcdproc-dev/lcdproc.priv.inc b/config/lcdproc-dev/lcdproc.priv.inc
new file mode 100644
index 00000000..6b2c061f
--- /dev/null
+++ b/config/lcdproc-dev/lcdproc.priv.inc
@@ -0,0 +1,40 @@
+<?php
+/*
+ lcdproc.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-lcdproc'] = array();
+$priv_list['page-services-lcdproc']['name'] = "WebCfg - Services: LCDproc package";
+$priv_list['page-services-lcdproc']['descr'] = "Allow access to LCDproc package GUI";
+$priv_list['page-services-lcdproc']['match'] = array();
+$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc_screens.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc_screens.xml*";
+
+?>
diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml
index ce62cb5c..e5915e69 100644
--- a/config/lcdproc-dev/lcdproc.xml
+++ b/config/lcdproc-dev/lcdproc.xml
@@ -45,31 +45,35 @@
</copyright>
<title>Services: LCDproc</title>
<name>lcdproc</name>
- <version>0.9.13</version>
+ <version>0.9.15</version>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/lcdproc.inc</include_file>
<tabs>
<tab>
<text>Server</text>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
<active/>
</tab>
<tab>
<text>Screens</text>
- <url>/pkg_edit.php?xml=lcdproc_screens.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc_screens.xml</url>
</tab>
</tabs>
<menu>
<name>LCDproc</name>
<tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</menu>
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
+ <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
diff --git a/config/lcdproc-dev/lcdproc_screens.xml b/config/lcdproc-dev/lcdproc_screens.xml
index c3ba7aa1..ca2b0f87 100644
--- a/config/lcdproc-dev/lcdproc_screens.xml
+++ b/config/lcdproc-dev/lcdproc_screens.xml
@@ -44,18 +44,18 @@
]]>
</copyright>
<title>Services: LCDproc: Screens</title>
- <name>lcdproc_screens</name>
- <version>0.9.13</version>
+ <name>lcdprocscreens</name>
+ <version>0.9.15</version>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/lcdproc.inc</include_file>
<tabs>
<tab>
<text>Server</text>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</tab>
<tab>
<text>Screens</text>
- <url>/pkg_edit.php?xml=lcdproc_screens.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc_screens.xml</url>
<active/>
</tab>
</tabs>
@@ -63,7 +63,7 @@
<name>LCDproc</name>
<tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</menu>
<fields>
<field>
diff --git a/config/lcdproc/lcdproc.priv.inc b/config/lcdproc/lcdproc.priv.inc
new file mode 100644
index 00000000..6b2c061f
--- /dev/null
+++ b/config/lcdproc/lcdproc.priv.inc
@@ -0,0 +1,40 @@
+<?php
+/*
+ lcdproc.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-lcdproc'] = array();
+$priv_list['page-services-lcdproc']['name'] = "WebCfg - Services: LCDproc package";
+$priv_list['page-services-lcdproc']['descr'] = "Allow access to LCDproc package GUI";
+$priv_list['page-services-lcdproc']['match'] = array();
+$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg.php?xml=lcdproc_screens.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc.xml*";
+$priv_list['page-services-lcdproc']['match'][] = "pkg_edit.php?xml=lcdproc_screens.xml*";
+
+?>
diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml
index 4f109e47..33e61288 100644
--- a/config/lcdproc/lcdproc.xml
+++ b/config/lcdproc/lcdproc.xml
@@ -45,31 +45,35 @@
</copyright>
<title>Services: LCDproc</title>
<name>lcdproc</name>
- <version>1.0.3</version>
+ <version>1.0.5</version>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/lcdproc.inc</include_file>
<tabs>
<tab>
<text>Server</text>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
<active/>
</tab>
<tab>
<text>Screens</text>
- <url>/pkg_edit.php?xml=lcdproc_screens.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc_screens.xml</url>
</tab>
</tabs>
<menu>
<name>LCDproc</name>
<tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</menu>
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.inc</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.priv.inc</item>
+ <prefix>/etc/inc/priv/</prefix>
+ </additional_files_needed>
+ <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item>
<prefix>/usr/local/pkg/</prefix>
</additional_files_needed>
diff --git a/config/lcdproc/lcdproc_screens.xml b/config/lcdproc/lcdproc_screens.xml
index def770e6..6b6e283b 100644
--- a/config/lcdproc/lcdproc_screens.xml
+++ b/config/lcdproc/lcdproc_screens.xml
@@ -44,18 +44,18 @@
]]>
</copyright>
<title>Services: LCDproc: Screens</title>
- <name>lcdproc_screens</name>
- <version>1.0.3</version>
+ <name>lcdprocscreens</name>
+ <version>1.0.5</version>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/lcdproc.inc</include_file>
<tabs>
<tab>
<text>Server</text>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</tab>
<tab>
<text>Screens</text>
- <url>/pkg_edit.php?xml=lcdproc_screens.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc_screens.xml</url>
<active/>
</tab>
</tabs>
@@ -63,7 +63,7 @@
<name>LCDproc</name>
<tooltiptext>Set LCDproc settings such as display driver and COM port.</tooltiptext>
<section>Services</section>
- <url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=lcdproc.xml</url>
</menu>
<fields>
<field>
diff --git a/config/mtr-nox11/mtr-nox11.priv.inc b/config/mtr-nox11/mtr-nox11.priv.inc
new file mode 100644
index 00000000..22e2488c
--- /dev/null
+++ b/config/mtr-nox11/mtr-nox11.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+ mtr-nox11.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-diagnostics-mtr-nox11'] = array();
+$priv_list['page-diagnostics-mtr-nox11']['name'] = "WebCfg - Diagnostics: mtr-nox11";
+$priv_list['page-diagnostics-mtr-nox11']['descr'] = "Allow access to mtr-nox11 package GUI";
+$priv_list['page-diagnostics-mtr-nox11']['match'] = array();
+$priv_list['page-diagnostics-mtr-nox11']['match'][] = "pkg_edit.php?xml=mtr-nox11.xml*";
+
+?>
diff --git a/config/mtr-nox11/mtr-nox11.xml b/config/mtr-nox11/mtr-nox11.xml
index 396e860d..133f61f2 100644
--- a/config/mtr-nox11/mtr-nox11.xml
+++ b/config/mtr-nox11/mtr-nox11.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
<copyright>
<![CDATA[
@@ -8,7 +8,7 @@
/* ====================================================================================== */
/*
mtr-nox11.xml
- part of pfSense (http://www.pfSense.com)
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2014-2015 ESF, LLC
All rights reserved.
*/
@@ -40,23 +40,21 @@
/* ====================================================================================== */
]]>
</copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
<name>mtr</name>
- <version>0.85_3</version>
+ <version>0.85.4</version>
<title>Diagnostics: mtr</title>
<savetext>Run mtr</savetext>
<preoutput>yes</preoutput>
- <!-- Invokes a simple input menu and will not update the configuration database. -->
<donotsave>true</donotsave>
- <!-- Menu is where this packages menu will appear -->
<menu>
<name>mtr</name>
- <tooltiptext>mtr combines the functionality of the "traceroute" and "ping" programs into a single network diagnostic tool</tooltiptext>
<section>Diagnostics</section>
- <configfile>mtr-nox11.xml</configfile>
+ <url>/pkg_edit.php?xml=mtr-nox11.xml</url>
</menu>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/mtr-nox11/mtr-nox11.priv.inc</item>
+ </additional_files_needed>
<fields>
<field>
<fielddescr>IP or Hostname</fielddescr>
@@ -70,7 +68,7 @@
<fieldname>count</fieldname>
<description>This is the number of pings to send, each one takes 1 second.</description>
<type>input</type>
- <typehint>(Defaults to 10)</typehint>
+ <typehint>(Defaults to 10.)</typehint>
</field>
<field>
<fielddescr>No DNS Lookup</fielddescr>
@@ -111,8 +109,8 @@
$int_interval = (is_numeric($_POST['interval']) ? (abs(intval($_POST['interval']))) : 1);
if (!is_hostname($_POST['hostname']) && !is_ipaddr($_POST['hostname'])) {
- echo "<div class=\"errmsg\">ERROR: No valid IP or Hostname given. Fix this and try again!</div>";
- echo "\n<input class=\"formbtn\" type=\"button\" value=\"Back to mtr\" onclick=\"history.back()\">";
+ echo "<strong><span class='errmsg'>ERROR:</span> No valid IP or Hostname given. Fix this and try again!</strong>\n";
+ echo "\n<input class='formbtn' type='button' value='Back to mtr' onclick='history.back()'>";
die();
}
@@ -136,7 +134,7 @@
$mtr_options .= " " . $_POST['hostname'];
echo "Running mtr $mtr_options:\n\n";
system("/usr/local/sbin/mtr" . $mtr_options);
- echo "\n<input class=\"formbtn\" type=\"button\" value=\"Back to mtr\" onclick=\"history.back()\">";
+ echo "\n<input class='formbtn' type='button' value='Back to mtr' onclick='history.back()'>";
]]>
</custom_add_php_command>
</packagegui>
diff --git a/config/netio/netio.priv.inc b/config/netio/netio.priv.inc
new file mode 100644
index 00000000..f07d33dc
--- /dev/null
+++ b/config/netio/netio.priv.inc
@@ -0,0 +1,43 @@
+<?php
+/*
+ netio.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-diagnostics-netio-client'] = array();
+$priv_list['page-diagnostics-netio-client']['name'] = "WebCfg - Diagnostics: netio client";
+$priv_list['page-diagnostics-netio-client']['descr'] = "Allow access to netio client GUI";
+$priv_list['page-diagnostics-netio-client']['match'] = array();
+$priv_list['page-diagnostics-netio-client']['match'][] = "pkg_edit.php?xml=netio.xml*";
+
+$priv_list['page-diagnostics-netio-server'] = array();
+$priv_list['page-diagnostics-netio-server']['name'] = "WebCfg - Diagnostics: netio server";
+$priv_list['page-diagnostics-netio-server']['descr'] = "Allow access to netio server GUI";
+$priv_list['page-diagnostics-netio-server']['match'] = array();
+$priv_list['page-diagnostics-netio-server']['match'][] = "pkg_edit.php?xml=netioserver.xml*";
+
+?>
diff --git a/config/netio/netio.xml b/config/netio/netio.xml
index 34f188c2..3bb079d8 100644
--- a/config/netio/netio.xml
+++ b/config/netio/netio.xml
@@ -42,16 +42,21 @@
]]>
</copyright>
<name>netio</name>
- <version>1.27</version>
- <title>netio: Client</title>
+ <version>1.28</version>
+ <title>Diagnostics: netio: Client</title>
+ <savetext>Run netio client</savetext>
<preoutput>yes</preoutput>
<donotsave>true</donotsave>
<menu>
<name>netio</name>
- <tooltiptext>Run netio in client or server mode.</tooltiptext>
<section>Diagnostics</section>
- <configfile>netio.xml</configfile>
+ <url>/pkg_edit.php?xml=netio.xml</url>
</menu>
+ <service>
+ <name>netio</name>
+ <executable>netio</executable>
+ <description>netio Network Throughput Benchmark Server/Client</description>
+ </service>
<tabs>
<tab>
<text>Client</text>
@@ -64,6 +69,11 @@
</tab>
</tabs>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/netio/netio.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/netio/netioserver.xml</item>
</additional_files_needed>
<fields>
@@ -78,16 +88,17 @@
<fieldname>port</fieldname>
<description>Enter the port that netio will connect to. (Default: 18767)</description>
<type>input</type>
+ <default_value>18767</default_value>
</field>
</fields>
<custom_add_php_command>
<![CDATA[
mwexec("/usr/bin/killall netio");
- $netio_options = "";
- if ($_POST['port'] != "") {
- $netio_options .= " -p {$_POST['port']}";
- $netio_options .= $_POST['hostname'];
- system("/usr/local/bin/netio " . $netio_options);
+ if ($_POST['port'] != "" && $_POST['hostname'] != "") {
+ $port = escapeshellarg($_POST['port']);
+ $hostname = escapeshellarg($_POST['hostname']);
+ $netio_options = "-p {$port} {$hostname}";
+ system("/usr/local/bin/netio {$netio_options}");
}
]]>
</custom_add_php_command>
diff --git a/config/netio/netioserver.xml b/config/netio/netioserver.xml
index da73e902..bbe32665 100644
--- a/config/netio/netioserver.xml
+++ b/config/netio/netioserver.xml
@@ -42,16 +42,11 @@
]]>
</copyright>
<name>netioserver</name>
- <version>1.27</version>
- <title>netio: Server</title>
+ <version>1.28</version>
+ <title>Diagnostics: netio: Server</title>
+ <savetext>Run netio server</savetext>
<preoutput>yes</preoutput>
<donotsave>true</donotsave>
- <menu>
- <name>netio</name>
- <tooltiptext>Run netio in client or server mode.</tooltiptext>
- <section>Diagnostics</section>
- <configfile>netio.xml</configfile>
- </menu>
<tabs>
<tab>
<text>Client</text>
@@ -69,14 +64,15 @@
<fieldname>port</fieldname>
<description>Enter the port that netio will bind to. (Default: 18767)</description>
<type>input</type>
+ <default_value>18767</default_value>
</field>
</fields>
<custom_add_php_command>
<![CDATA[
mwexec("/usr/bin/killall netio");
- if($_POST['port'] != "") {
- $netioserver_options = " -p {$_POST['port']}";
- system("/usr/local/bin/netio -s" . $netioserver_options);
+ if ($_POST['port'] != "") {
+ $port = escapeshellarg($_POST['port']);
+ system("/usr/local/bin/netio -s -p {$port}");
}
]]>
</custom_add_php_command>
diff --git a/config/notes/notes.priv.inc b/config/notes/notes.priv.inc
new file mode 100644
index 00000000..fe4adae4
--- /dev/null
+++ b/config/notes/notes.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ notes.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-status-notes'] = array();
+$priv_list['page-status-notes']['name'] = "WebCfg - Status: Notes";
+$priv_list['page-status-notes']['descr'] = "Allow access to Notes package GUI";
+$priv_list['page-status-notes']['match'] = array();
+$priv_list['page-status-notes']['match'][] = "pkg.php?xml=notes.xml*";
+$priv_list['page-status-notes']['match'][] = "pkg_edit.php?xml=notes.xml*";
+
+?>
diff --git a/config/notes/notes.xml b/config/notes/notes.xml
index 03c0a01a..d6fb9abf 100644
--- a/config/notes/notes.xml
+++ b/config/notes/notes.xml
@@ -43,23 +43,29 @@
</copyright>
<description>Notes</description>
<name>Notes</name>
- <version>0.2.6</version>
- <title>Settings</title>
+ <version>0.2.8</version>
+ <title>Status: Notes</title>
+ <aftersaveredirect>/pkg.php?xml=notes.xml</aftersaveredirect>
+ <addedit_string>[notes] Successfully created/modified a note.</addedit_string>
+ <delete_string>[notes] Successfully deleted a note.</delete_string>
<menu>
<name>Notes</name>
- <tooltiptext>Notes.</tooltiptext>
<section>Status</section>
<configfile>notes.xml</configfile>
<url>/pkg.php?xml=notes.xml</url>
</menu>
<tabs>
<tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=notes.xml</url>
+ <text>Notes</text>
+ <url>/pkg.php?xml=notes.xml</url>
<active/>
</tab>
</tabs>
<configpath>installedpackages->package->$packagename->configuration->notes</configpath>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/notes/notes.priv.inc</item>
+ </additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
<fielddescr>Title</fielddescr>
@@ -69,6 +75,9 @@
<fielddescr>Category</fielddescr>
<fieldname>category</fieldname>
</columnitem>
+ <addtext>Add a new note</addtext>
+ <edittext>Edit this note</edittext>
+ <deletetext>Delete this note</deletetext>
</adddeleteeditpagefields>
<fields>
<field>
diff --git a/config/ntop2/ntop.inc b/config/ntop2/ntop.inc
new file mode 100644
index 00000000..da017eac
--- /dev/null
+++ b/config/ntop2/ntop.inc
@@ -0,0 +1,157 @@
+<?php
+/*
+ ntop.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2011-2013 Jim Pingle
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("pkg-utils.inc");
+
+function ntop_php_install_command() {
+ safe_mkdir("/var/db/ntop/rrd/graphics", 0755);
+ mwexec("/bin/chmod -R 0755 /var/db/ntop");
+ mwexec("/usr/sbin/chown -R nobody:nobody /var/db/ntop");
+ mwexec("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/");
+ ntop_upgrade_config();
+}
+
+function ntop_php_deinstall_command() {
+ global $config;
+
+ /* Wipe data and settings if the user does not wish to keep them */
+ if (is_array($config['installedpackages']['ntop'])) {
+ $ntop_config = $config['installedpackages']['ntop']['config'][0];
+ } else {
+ $ntop_config = array();
+ }
+ if ($ntop_config['keepdata'] != "on") {
+ if (is_dir("/var/db/ntop/")) {
+ mwexec("rm -rf /var/db/ntop/");
+ }
+ unset($config['installedpackages']['ntop']);
+ write_config("[ntop] Removed package settings on uninstall.");
+ log_error(gettext("[ntop] Removed package data and settings since 'Keep Data/Settings' is disabled."));
+ }
+}
+
+function ntop_upgrade_config() {
+ global $config;
+ /* Fix flipped --no-interface-merge configuration meaning */
+ if (is_array($config['installedpackages']['ntop'])) {
+ if (isset($config['installedpackages']['ntop']['config'][0]['allowmerge'])) {
+ $config['installedpackages']['ntop']['config'][0]['disallowmerge'] = "on";
+ unset($config['installedpackages']['ntop']['config'][0]['allowmerge']);
+ }
+ }
+}
+
+function sync_package_ntop() {
+ global $config, $g;
+
+ if (is_array($config['installedpackages']['ntop'])) {
+ $ntop_config = $config['installedpackages']['ntop']['config'][0];
+ } else {
+ $ntop_config = array();
+ }
+ conf_mount_rw();
+
+ /* Just stop services and unlink rc script if disabled */
+ if ($ntop_config['enable'] != "on") {
+ ntop_stop_service();
+ unlink_if_exists("/usr/local/etc/rc.d/ntop.sh");
+ return;
+ }
+
+ /* Set up ntop interfaces */
+ $ifaces_final = "";
+ $first = 0;
+ $mergeifs = $ntop_config['disallowmerge'] == "on" ? "-M" : "";
+
+ foreach ($ntop_config['interface_array'] as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+ if ($if) {
+ if ($first == 1) {
+ $ifaces_final .= ",";
+ }
+ $ifaces_final .= $if;
+ $first = 1;
+ }
+ }
+
+ $start = "/usr/local/bin/ntop -i {$ifaces_final} -u root -d -4 {$mergeifs} -x 8102 -X 8192 &";
+ write_rcfile(array("file" => "ntop.sh", "start" => $start, "stop" => "/usr/bin/killall ntop"));
+
+ /* Set up admin password and (re)start services if not booting */
+ if ((function_exists("platform_booting")) && (!platform_booting())) {
+ ntop_stop_service();
+ ntop_set_password();
+ start_service("ntop");
+ } elseif (!($g['booting'])) {
+ ntop_stop_service();
+ ntop_set_password();
+ start_service("ntop");
+ }
+
+ conf_mount_ro();
+}
+
+function ntop_stop_service() {
+ if (is_service_running("ntop")) {
+ stop_service("ntop");
+ // Wait for ntop to shut down cleanly.
+ for ($i = 0; $i <= 10; $i++) {
+ if (!is_process_running("ntop")) {
+ break;
+ }
+ sleep(2);
+ }
+ }
+}
+
+function ntop_set_password() {
+ global $config;
+
+ if (is_array($config['installedpackages']['ntop'])) {
+ $ntop_config = $config['installedpackages']['ntop']['config'][0];
+ } else {
+ $ntop_config = array();
+ }
+ $ntop_password = $ntop_config['password'] ?: "admin";
+ unlink_if_exists("/var/db/ntop/ntop_pw.db");
+ mwexec("/usr/local/bin/ntop --set-admin-password={$ntop_password}");
+ sleep(2);
+}
+
+function ntop_validate_input($post, &$input_errors) {
+ if (empty($post['password']) || empty($post['passwordagain'])) {
+ $input_errors[] = "You must provide (and confirm) ntop's password.";
+ }
+
+ if ($post['password'] != $post['passwordagain']) {
+ $input_errors[] = "The provided passwords did not match.";
+ }
+}
+
+?>
diff --git a/config/ntop2/ntop.priv.inc b/config/ntop2/ntop.priv.inc
new file mode 100644
index 00000000..e8c80977
--- /dev/null
+++ b/config/ntop2/ntop.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+ ntop.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-diagnostics-ntop'] = array();
+$priv_list['page-diagnostics-ntop']['name'] = "WebCfg - Diagnostics: ntop package";
+$priv_list['page-diagnostics-ntop']['descr'] = "Allow access to ntop package GUI";
+$priv_list['page-diagnostics-ntop']['match'] = array();
+$priv_list['page-diagnostics-ntop']['match'][] = "pkg_edit.php?xml=ntop.xml*";
+
+?>
diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml
index 6ba86525..5aab1e53 100644
--- a/config/ntop2/ntop.xml
+++ b/config/ntop2/ntop.xml
@@ -1,28 +1,31 @@
<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
<copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2008 Scott Ullrich
+ ntop.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2011-2013 Jim Pingle
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
@@ -35,19 +38,26 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
]]>
</copyright>
<name>ntop</name>
- <version>3.0</version>
+ <version>2.3.2</version>
<title>Diagnostics: ntop Settings</title>
- <savetext>Change</savetext>
- <aftersaveredirect>pkg_edit.php?xml=ntop.xml&amp;id=0</aftersaveredirect>
+ <include_file>/usr/local/pkg/ntop.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/ntop2/ntop.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/ntop2/ntop.priv.inc</item>
+ </additional_files_needed>
+ <aftersaveredirect>pkg_edit.php?xml=ntop.xml</aftersaveredirect>
<menu>
<name>ntop Settings</name>
- <tooltiptext>Set ntop settings such as password and port.</tooltiptext>
<section>Diagnostics</section>
- <url>/pkg_edit.php?xml=ntop.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=ntop.xml</url>
</menu>
<menu>
<name>ntop</name>
@@ -60,12 +70,12 @@
<name>ntop</name>
<rcfile>ntop.sh</rcfile>
<executable>ntop</executable>
- <description>NTOP bandwidth monitoring/graphing</description>
+ <description>NTOP Network Traffic Monitor</description>
</service>
<tabs>
<tab>
- <text>ntop Settings</text>
- <url>/pkg_edit.php?xml=ntop.xml&amp;id=0</url>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=ntop.xml</url>
<active/>
</tab>
<tab>
@@ -75,15 +85,37 @@
</tabs>
<fields>
<field>
+ <fielddescr>Enable ntop</fielddescr>
+ <fieldname>enable</fieldname>
+ <description>Check this to enable ntop.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Keep Data/Settings</fielddescr>
+ <fieldname>keepdata</fieldname>
+ <description>
+ <![CDATA[
+ Check this to keep ntop settings, graphs and traffic data. (Default: on)<br />
+ <strong><span class="errmsg">Note:</span> If 'Keep Data/Settings' is disabled, all settings and data will be wiped on package uninstall/reinstall/upgrade!</strong>
+ ]]>
+ </description>
+ <type>checkbox</type>
+ <default_value>on</default_value>
+ </field>
+ <field>
<fielddescr>ntop Admin Password</fielddescr>
<fieldname>password</fieldname>
- <description>Enter the password for the NTOP Web GUI. Minimum 5 characters.</description>
+ <description>Enter the password for the NTOP Web GUI. Minimum 5 characters.</description>
<type>password</type>
+ <required>true</required>
+ <size>20</size>
</field>
<field>
- <fielddescr>ntop Admin Password AGAIN</fielddescr>
+ <fielddescr>Confirm ntop Admin Password</fielddescr>
<fieldname>passwordagain</fieldname>
<type>password</type>
+ <required>true</required>
+ <size>20</size>
</field>
<field>
<fielddescr>Interface</fielddescr>
@@ -92,82 +124,30 @@
<size>3</size>
<value>lan</value>
<multiple>true</multiple>
+ <hideinterfaceregex>loopback</hideinterfaceregex>
</field>
<field>
- <fielddescr>Allow merging interfaces&lt;br&gt;(Def: Do not merge)</fielddescr>
- <fieldname>allowmerge</fieldname>
+ <fielddescr>Disallow merging interfaces</fielddescr>
+ <fieldname>disallowmerge</fieldname>
+ <description>
+ <![CDATA[
+ By default, traffic information obtained by all the interfaces is merged together as if the traffic was seen by only one interface.<br />
+ Use this option to keep traffic separate by interface. (Default: Disabled)
+ ]]>
+ </description>
<type>checkbox</type>
</field>
</fields>
- <custom_php_global_functions>
- <![CDATA[
- function sync_package_ntop() {
- conf_mount_rw();
- global $config;
- global $input_errors;
- if ($_POST) {
- $config['installedpackages']['ntop']['config'] = array();
- $config['installedpackages']['ntop']['config'][0] = $_POST;
- }
- $ntop_config =& $config['installedpackages']['ntop']['config'][0];
- $if_final = "";
- $ifaces_final = "";
- system("/bin/mkdir -p /var/db/ntop");
- system("/bin/mkdir -p /var/db/ntop/rrd");
- system("/bin/mkdir -p /var/db/ntop/rrd/graphics");
- system("/bin/chmod -R 755 /var/db/ntop");
- system("/usr/sbin/chown -R nobody:nobody /var/db/ntop");
- system("/bin/cp -Rp /usr/local/lib/X11/fonts/webfonts/ /usr/local/lib/X11/fonts/TTF/");
- $first = 0;
- $mergeifs = ($ntop_config['allowmerge'] == "on") ? "" : "-M";
- foreach($ntop_config['interface_array'] as $iface) {
- $if = convert_friendly_interface_to_real_interface_name($iface);
- if($if) {
- if($first == 1)
- $ifaces_final .= ",";
- $ifaces_final .= $if;
- $first = 1;
- }
- }
- $start = "/usr/local/bin/ntop -i {$ifaces_final} -u root -d -4 {$mergeifs} -x 8102 -X 8192 &";
- write_rcfile(array(
- "file" => "ntop.sh",
- "start" => $start,
- "stop" => "/usr/bin/killall ntop"
- )
- );
- if (is_service_running("ntop")) {
- stop_service("ntop");
- // Wait for ntop to shut down cleanly.
- sleep(20);
- }
- if (empty($ntop_config['password']))
- $ntop_config['password'] = "admin";
- unlink_if_exists("/var/db/ntop/ntop_pw.db");
- exec("/usr/local/bin/ntop --set-admin-password={$ntop_config['password']}");
- sleep(2);
- start_service("ntop");
- conf_mount_ro();
- }
- ]]>
- </custom_php_global_functions>
- <custom_add_php_command>
- sync_package_ntop();
- </custom_add_php_command>
+ <custom_php_install_command>
+ ntop_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ ntop_php_deinstall_command();
+ </custom_php_deinstall_command>
<custom_php_resync_config_command>
sync_package_ntop();
</custom_php_resync_config_command>
- <custom_php_install_command>
- sync_package_ntop();
- </custom_php_install_command>
<custom_php_validation_command>
- <![CDATA[
- if ($_POST) {
- if (empty($_POST['password']) || empty($_POST['passwordagain']))
- $input_errors[] = "You must provide (and confirm) ntop's password.";
- if ($_POST['password'] != $_POST['passwordagain'])
- $input_errors[] = "The provided passwords did not match.";
- }
- ]]>
+ ntop_validate_input($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/ntopng/ntopng.inc b/config/ntopng/ntopng.inc
index 73db1ab0..92b0c5dd 100644
--- a/config/ntopng/ntopng.inc
+++ b/config/ntopng/ntopng.inc
@@ -94,6 +94,14 @@ function ntopng_sync_package() {
$ifaces = "";
$ntopng_config =& $config['installedpackages']['ntopng']['config'][0];
+
+ /* Just stop services and unlink rc script if disabled */
+ if ($ntopng_config['enable'] != "on") {
+ ntopng_services_stop();
+ unlink_if_exists("/usr/local/etc/rc.d/ntopng.sh");
+ return;
+ }
+
foreach ($ntopng_config['interface_array'] as $iface) {
$if = convert_friendly_interface_to_real_interface_name($iface);
if ($if) {
@@ -168,19 +176,15 @@ function ntopng_sync_package() {
/* Set up admin password */
ntopng_set_redis_password();
- /* Restart services if enabled and not booting */
+ /* (Re)start services if not booting */
if ((function_exists("platform_booting")) && (!platform_booting())) {
ntopng_services_stop();
- if ($ntopng_config['enable'] == "on") {
- start_service("ntopng");
- sleep(20);
- }
+ start_service("ntopng");
+ sleep(20);
} elseif (!($g['booting'])) {
ntopng_services_stop();
- if ($ntopng_config['enable'] == "on") {
- start_service("ntopng");
- sleep(20);
- }
+ start_service("ntopng");
+ sleep(20);
}
}
diff --git a/config/ntopng/ntopng.priv.inc b/config/ntopng/ntopng.priv.inc
new file mode 100644
index 00000000..6db26f02
--- /dev/null
+++ b/config/ntopng/ntopng.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+ ntopng.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-diagnostics-ntopng'] = array();
+$priv_list['page-diagnostics-ntopng']['name'] = "WebCfg - Diagnostics: ntopng package";
+$priv_list['page-diagnostics-ntopng']['descr'] = "Allow access to ntopng package GUI";
+$priv_list['page-diagnostics-ntopng']['match'] = array();
+$priv_list['page-diagnostics-ntopng']['match'][] = "pkg_edit.php?xml=ntopng.xml*";
+
+?>
diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml
index ee1a4d3e..9cd51aea 100644
--- a/config/ntopng/ntopng.xml
+++ b/config/ntopng/ntopng.xml
@@ -39,13 +39,17 @@
]]>
</copyright>
<name>ntopng</name>
- <version>0.8.0</version>
+ <version>0.8.2</version>
<title>Diagnostics: ntopng Settings</title>
<include_file>/usr/local/pkg/ntopng.inc</include_file>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/ntopng/ntopng.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/ntopng/ntopng.priv.inc</item>
+ </additional_files_needed>
<aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect>
<menu>
<name>ntopng Settings</name>
diff --git a/config/nut/nut.priv.inc b/config/nut/nut.priv.inc
new file mode 100644
index 00000000..44cb7402
--- /dev/null
+++ b/config/nut/nut.priv.inc
@@ -0,0 +1,40 @@
+<?php
+/*
+ nut.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-nut'] = array();
+$priv_list['page-services-nut']['name'] = "WebCfg - Services: NUT package";
+$priv_list['page-services-nut']['descr'] = "Allow access to NUT package GUI";
+
+$priv_list['page-services-nut']['match'] = array();
+$priv_list['page-services-nut']['match'][] = "pkg_edit.php?xml=nut.xml*";
+$priv_list['page-services-nut']['match'][] = "status_nut.php*";
+$priv_list['page-services-nut']['match'][] = "ups_status.widget.php*";
+
+?>
diff --git a/config/nut/nut.xml b/config/nut/nut.xml
index e066bc83..061a77de 100644
--- a/config/nut/nut.xml
+++ b/config/nut/nut.xml
@@ -41,7 +41,7 @@
]]>
</copyright>
<name>nut</name>
- <version>2.1.1</version>
+ <version>2.1.2</version>
<title>Services: NUT</title>
<savetext>Change</savetext>
<aftersaveredirect>/status_nut.php</aftersaveredirect>
@@ -65,7 +65,7 @@
</tab>
<tab>
<text>NUT Settings</text>
- <url>/pkg_edit.php?xml=nut.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=nut.xml</url>
<active/>
</tab>
</tabs>
@@ -74,6 +74,10 @@
<item>https://packages.pfsense.org/packages/config/nut/nut.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/nut/nut.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item>
</additional_files_needed>
diff --git a/config/phpsysinfo/phpsysinfo.inc b/config/phpsysinfo/phpsysinfo.inc
deleted file mode 100644
index 54ece241..00000000
--- a/config/phpsysinfo/phpsysinfo.inc
+++ /dev/null
@@ -1,156 +0,0 @@
-<?php
-function phpsysinfo_install_deinstall() {
- conf_mount_rw();
- exec("cd /var/db/pkg/ && pkg_delete `ls | grep mbmon`");
- exec("rm -d -R /usr/local/www/phpsysinfo");
- conf_mount_ro();
-}
-
-function phpsysinfo_install_config() {
-global $config, $g;
- conf_mount_rw();
- exec("cd ..");
- exec("tar -zxovf /usr/local/pkg/phpsysinfo-2.5.4.tar.gz");
- exec("mv phpsysinfo /usr/local/www/phpsysinfo");
-
-// link shared libraries
-// if ((!file_exists("/lib/libm.so.4")) AND (file_exists("/lib/libm.so.5"))) {
-// exec("ln -s /lib/libm.so.5 /lib/libm.so.4");
-// }
-
- /* lines need in config.php */
-$default_lng = en;
-$default_template= pfSense;
-$hide_picklist = "false";
-$show_vhostname = "false";
-$sensor_program = '""';
-$show_mount_point = "false";
-$show_inodes = "false";
-$hide_mounts = "array()";
-$hide_fstypes = "array()";
-$loadbar = "false";
-$showerrors = "false";
-$temperatureformat = '"c-f"';
-$hide_picklist = $config['installedpackages']['phpsysinfo']['config'][0]['hidepicklist'];
-if($hide_picklist)
- $hide_picklist = "true";
- else
- $hide_picklist = "false";
- $sensor_program = $config['installedpackages']['phpsysinfo']['config'][0]['sensorprogram'];
-if($sensor_program)
- $sensor_program= "mbmon";
- else
- $sensor_program = '""';
- $show_mount_point = $config['installedpackages']['phpsysinfo']['config'][0]['showmountpoint'];
-if($show_mount_point)
- $show_mount_point = "true";
- else
- $show_mount_point = "false";
- $hide_fstypes = $config['installedpackages']['phpsysinfo']['config'][0]['hidefstypes'];
-if($hide_fstypes)
- $hide_fstypes = "$hide_fstypes";
- $show_inodes = $config['installedpackages']['phpsysinfo']['config'][0]['showinodes'];
-if($show_inodes)
- $show_inodes = "true";
- else
- $show_inodes = "false";
- $loadbar = $config['installedpackages']['phpsysinfo']['config'][0]['loadbar'];
-if($loadbar)
- $loadbar = "true";
- else
- $loadbar = "false";
- $showerrors = $config['installedpackages']['phpsysinfo']['config'][0]['showerrors'];
-if($showerrors)
- $showerrors = "true";
- else
- $showerrors = "false";
- $hf = fopen("/usr/local/www/phpsysinfo/config.php","w");
-if(!$hf) {
- log_error("could not open /usr/local/www/phpsysinfo/config.php for writing");
-exit;
-}
-
-fwrite($hf, '<?php');
-fwrite($hf, "\n");
-// webpath but not used
-fwrite($hf, '$webpath = "";');
-fwrite($hf, "\n");
-// define the default lang and template here
-fwrite($hf, '$default_lng=');
-fwrite($hf, "'");
-fwrite($hf, $default_lng);
-fwrite($hf, "'");
-fwrite($hf, ';');
-fwrite($hf, "\n");
-fwrite($hf, '$default_template=');
-fwrite($hf, "'");
-fwrite($hf, $default_template);
-fwrite($hf, "'");
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// hide language and template picklist
-// false = display picklist
-// true = do not display picklist
-fwrite($hf, '$hide_picklist = ');
-fwrite($hf, $hide_picklist);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// display the virtual host name and address
-// default is canonical host name and address
-fwrite($hf, '$show_vhostname = ');
-fwrite($hf, $show_vhostname);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// define the motherboard monitoring program here
-fwrite($hf, '$sensor_program = ');
-fwrite($hf, $sensor_program);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// show mount point
-fwrite($hf, '$show_mount_point = ');
-fwrite($hf, $show_mount_point);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// show bind
-fwrite($hf, '$show_bind = false;');
-fwrite($hf, "\n");
-// show inode usage
-fwrite($hf, '$show_inodes = ');
-fwrite($hf, $show_inodes);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// show inode usage
-fwrite($hf, '$hide_mounts = ');
-fwrite($hf, $hide_mounts);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// Hide filesystem typess. Example: 'tmpfs', 'usbfs'
-fwrite($hf, '$hide_fstypes = array(');
-fwrite($hf, $hide_fstypes);
-fwrite($hf, ');');
-fwrite($hf, "\n");
-// show a graph for current cpuload
-fwrite($hf, '$loadbar = ');
-fwrite($hf, $loadbar);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// e.g. $addpaths = array('/opt/bin', '/opt/sbin');
-fwrite($hf, '$addpaths = array();');
-fwrite($hf, "\n");
-// display error messages at the top of the page
-fwrite($hf, '$showerrors = ');
-fwrite($hf, $showerrors);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// format in which temperature is displayed
-fwrite($hf, '$temperatureformat = ');
-fwrite($hf, $temperatureformat);
-fwrite($hf, ';');
-fwrite($hf, "\n");
-// The end of the config file
-fwrite($hf, '?>');
-fwrite($hf, "\n");
-fclose($hf);
- conf_mount_ro();
-}
-?>
diff --git a/config/phpsysinfo/phpsysinfo.xml b/config/phpsysinfo/phpsysinfo.xml
deleted file mode 100644
index 550c0785..00000000
--- a/config/phpsysinfo/phpsysinfo.xml
+++ /dev/null
@@ -1,121 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>phpsysinfo</name>
- <version>1.0</version>
- <title>phpsysinfo</title>
- <aftersaveredirect>/pkg_edit.php?xml=phpsysinfo.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/phpsysinfo.inc</include_file>
- <menu>
- <name>phpsysinfo</name>
- <tooltiptext></tooltiptext>
- <section>Status</section>
- <url>/pkg_edit.php?xml=phpsysinfo.xml&amp;id=0</url>
- </menu>
- <tabs>
- <tab>
- <text>phpsysinfo</text>
- <url>/pkg_edit.php?xml=phpsysinfo.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Access phpsysinfo</text>
- <url>/phpsysinfo</url>
- </tab>
- </tabs>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0644</chmod>
- <item>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0644</chmod>
- <item>https://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item>
- </additional_files_needed>
- <fields>
- <field>
- <fielddescr>Hide picklist</fielddescr>
- <fieldname>hidepicklist</fieldname>
- <description>Hide language and template picklist</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Show mbmon</fielddescr>
- <fieldname>sensorprogram</fieldname>
- <description>Define the motherboard monitoring program here. Note that not all motherboards are supported and some only partly.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Show mount point</fielddescr>
- <fieldname>showmountpoint</fieldname>
- <description>Show mount point</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Show inodes</fielddescr>
- <fieldname>showinodes</fieldname>
- <description>Show inode usage</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Show loadbar</fielddescr>
- <fieldname>loadbar</fieldname>
- <description>Show a graph for current cpuload</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Show errors</fielddescr>
- <fieldname>showerrors</fieldname>
- <description>Display error messages at the top of the page. Note that vmstat is added in 1.0.1-SNAPSHOT-03-15-2007 and later</description>
- <type>checkbox</type>
- </field>
- </fields>
- <custom_php_resync_config_command>phpsysinfo_install_config();</custom_php_resync_config_command>
- <custom_php_install_command>phpsysinfo_install_config();</custom_php_install_command>
- <custom_php_deinstall_command>phpsysinfo_install_deinstall();</custom_php_deinstall_command>
-</packagegui>
diff --git a/config/routed/routed.inc b/config/routed/routed.inc
index 3bcef0aa..c83b0052 100644
--- a/config/routed/routed.inc
+++ b/config/routed/routed.inc
@@ -29,7 +29,6 @@
*/
function setup_routed() {
global $config;
- $gw = "";
if (!is_array($config['installedpackages']['routed'])) {
return;
@@ -37,6 +36,10 @@ function setup_routed() {
if (!is_array($config['installedpackages']['routed']['config'])) {
return;
}
+
+ $gw = "";
+ conf_mount_rw();
+
if (isset($config['installedpackages']['routed']['config'][0]['enable']) &&
$config['installedpackages']['routed']['config'][0]['enable'] == "on") {
/* if user selected individual interfaces */
@@ -55,21 +58,30 @@ function setup_routed() {
/* setup for all interfaces */
$gw = setup_etc_gateways();
}
- conf_mount_rw();
file_put_contents("/etc/gateways", $gw);
- conf_mount_ro();
- restart_service("routed");
+ routed_write_rcfile();
+ if (is_service_running("routed")) {
+ restart_service("routed");
+ } else {
+ start_service("routed");
+ }
} else {
- stop_service("routed");
+ if (is_service_running("routed")) {
+ stop_service("routed");
+ }
+ unlink_if_exists("/etc/gateways");
+ unlink_if_exists("/usr/local/etc/rc.d/routed.sh");
}
+
+ conf_mount_ro();
}
-function setup_etc_gateways($iface="", $mode="") {
+function setup_etc_gateways($iface = "", $mode = "") {
global $config;
$ret = "";
if ($iface != "") {
- $realif=convert_friendly_interface_to_real_interface_name($iface);
+ $realif = convert_friendly_interface_to_real_interface_name($iface);
if (!empty($realif)) {
$ret = "if={$realif} ";
}
@@ -104,7 +116,7 @@ function setup_etc_gateways($iface="", $mode="") {
return $ret;
}
-function routed_install_command() {
+function routed_write_rcfile() {
write_rcfile(array(
"file" => "routed.sh",
"start" => "/usr/bin/nohup /sbin/routed > /dev/null 2>&1 &",
@@ -114,7 +126,7 @@ function routed_install_command() {
}
function routed_deinstall_command() {
- stop_service("routed");
+ unlink_if_exists("/etc/gateways");
unlink_if_exists("/usr/local/etc/rc.d/routed.sh");
}
diff --git a/config/routed/routed.priv.inc b/config/routed/routed.priv.inc
new file mode 100644
index 00000000..f0068f81
--- /dev/null
+++ b/config/routed/routed.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ routed.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-routed'] = array();
+$priv_list['page-services-routed']['name'] = "WebCfg - Services: Routed";
+$priv_list['page-services-routed']['descr'] = "Allow access to routed package GUI";
+$priv_list['page-services-routed']['match'] = array();
+$priv_list['page-services-routed']['match'][] = "pkg.php?xml=routed.xml*";
+$priv_list['page-services-routed']['match'][] = "pkg_edit.php?xml=routed.xml*";
+
+?>
diff --git a/config/routed/routed.xml b/config/routed/routed.xml
index b38d7ee3..960cf83b 100644
--- a/config/routed/routed.xml
+++ b/config/routed/routed.xml
@@ -42,17 +42,23 @@
]]>
</copyright>
<name>routed</name>
- <version>1.2</version>
+ <version>1.2.2</version>
<title>Services: RIP</title>
<include_file>/usr/local/pkg/routed.inc</include_file>
+ <aftersaveredirect>pkg_edit.php?xml=routed.xml</aftersaveredirect>
<additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/routed/routed.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/routed/routed.priv.inc</item>
+ </additional_files_needed>
<menu>
<name>RIP</name>
<section>Services</section>
<configfile>routed.xml</configfile>
- <url>pkg_edit.php?xml=routed.xml&amp;id=0</url>
+ <url>pkg_edit.php?xml=routed.xml</url>
</menu>
<service>
<name>routed</name>
@@ -117,13 +123,9 @@
<type>checkbox</type>
</field>
</fields>
- <aftersaveredirect>pkg_edit.php?xml=routed.xml&amp;id=0</aftersaveredirect>
<custom_php_resync_config_command>
setup_routed();
</custom_php_resync_config_command>
- <custom_php_install_command>
- routed_install_command();
- </custom_php_install_command>
<custom_php_deinstall_command>
routed_deinstall_command();
</custom_php_deinstall_command>
diff --git a/config/rrd-summary/rrd-summary.priv.inc b/config/rrd-summary/rrd-summary.priv.inc
new file mode 100644
index 00000000..f75315e8
--- /dev/null
+++ b/config/rrd-summary/rrd-summary.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+ rrd-summary.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-status-rrd-summary'] = array();
+$priv_list['page-status-rrd-summary']['name'] = "WebCfg - Status: RRD Summary";
+$priv_list['page-status-rrd-summary']['descr'] = "Allow access to RRD Summary package GUI";
+$priv_list['page-status-rrd-summary']['match'] = array();
+$priv_list['page-status-rrd-summary']['match'][] = "status_rrd_summary.php*";
+
+?>
diff --git a/config/rrd-summary/rrd-summary.xml b/config/rrd-summary/rrd-summary.xml
index 67c20937..309f23d1 100644
--- a/config/rrd-summary/rrd-summary.xml
+++ b/config/rrd-summary/rrd-summary.xml
@@ -43,7 +43,7 @@
</copyright>
<description>RRD Summary Page</description>
<name>RRD Summary</name>
- <version>1.2</version>
+ <version>1.2.1</version>
<title>Status: RRD Summary</title>
<menu>
<name>RRD Summary</name>
@@ -52,6 +52,10 @@
<url>/status_rrd_summary.php</url>
</menu>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/rrd-summary/rrd-summary.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/</prefix>
<item>https://packages.pfsense.org/packages/config/rrd-summary/status_rrd_summary.php</item>
</additional_files_needed>
diff --git a/config/shellcmd/shellcmd.priv.inc b/config/shellcmd/shellcmd.priv.inc
new file mode 100644
index 00000000..ae64514d
--- /dev/null
+++ b/config/shellcmd/shellcmd.priv.inc
@@ -0,0 +1,38 @@
+<?php
+/*
+ shellcmd.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-shellcmd'] = array();
+$priv_list['page-services-shellcmd']['name'] = "WebCfg - Services: shellcmd";
+$priv_list['page-services-shellcmd']['descr'] = "Allow access to shellcmd package GUI";
+$priv_list['page-services-shellcmd']['match'] = array();
+$priv_list['page-services-shellcmd']['match'][] = "pkg.php?xml=shellcmd.xml*";
+$priv_list['page-services-shellcmd']['match'][] = "pkg_edit.php?xml=shellcmd.xml*";
+
+?>
diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml
index ea3144ff..78b876ff 100644
--- a/config/shellcmd/shellcmd.xml
+++ b/config/shellcmd/shellcmd.xml
@@ -42,8 +42,8 @@
]]>
</copyright>
<name>Shellcmd Settings</name>
- <version>1.0</version>
- <title>Shellcmd Settings</title>
+ <version>1.0.1</version>
+ <title>Services: Shellcmd Settings</title>
<include_file>/usr/local/pkg/shellcmd.inc</include_file>
<aftersaveredirect>/pkg.php?xml=shellcmd.xml</aftersaveredirect>
<addedit_string>[shellcmd] Successfully created/modified custom (early)shellcmd.</addedit_string>
@@ -66,6 +66,10 @@
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.priv.inc</item>
+ </additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
<fielddescr>Command</fielddescr>
diff --git a/config/spamd/spamd.priv.inc b/config/spamd/spamd.priv.inc
new file mode 100644
index 00000000..5a9c622b
--- /dev/null
+++ b/config/spamd/spamd.priv.inc
@@ -0,0 +1,46 @@
+<?php
+/*
+ spamd.priv.inc
+ part of pfSense (http://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-spamd'] = array();
+$priv_list['page-services-spamd']['name'] = "WebCfg - Services: spamd";
+$priv_list['page-services-spamd']['descr'] = "Allow access to spamd package GUI";
+
+$priv_list['page-services-spamd']['match'] = array();
+$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd.xml*";
+$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd_whitelist.xml*";
+$priv_list['page-services-spamd']['match'][] = "pkg.php?xml=spamd_settings.xml*";
+
+$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd.xml*";
+$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd_whitelist.xml*";
+$priv_list['page-services-spamd']['match'][] = "pkg_edit.php?xml=spamd_settings.xml*";
+
+$priv_list['page-services-spamd']['match'][] = "spamd_db.php*";
+
+?>
diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml
index 337aad00..7e11b9a9 100644
--- a/config/spamd/spamd.xml
+++ b/config/spamd/spamd.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>spamdsources</name>
- <version>1.1.6</version>
+ <version>1.1.7</version>
<title>SpamD: External Sources</title>
<include_file>/usr/local/pkg/spamd.inc</include_file>
<backup_file>/var/db/spamd</backup_file>
@@ -100,6 +100,10 @@
<item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd.priv.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item>
</additional_files_needed>
@@ -180,6 +184,6 @@
custom_php_deinstall_command();
</custom_php_deinstall_command>
<filter_rules_needed>
- spamd_generate_rules();
+ spamd_generate_rules
</filter_rules_needed>
</packagegui>
diff --git a/config/squidGuard-devel/squidguard.inc b/config/squidGuard-devel/squidguard.inc
index 0be94a6f..c9d51b8d 100644
--- a/config/squidGuard-devel/squidguard.inc
+++ b/config/squidGuard-devel/squidguard.inc
@@ -1,36 +1,34 @@
<?php
-# ------------------------------------------------------------------------------
-/* squidguard.inc
-
+/*
+ squidguard.inc
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2006-2011 Serg Dvoriancev
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
Copyright (C) 2013 Marcello Coutinho
-
- part of pfSense (www.pfSense.com)
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form MUST reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-# ------------------------------------------------------------------------------
-
require_once('globals.inc');
require_once('config.inc');
require_once('util.inc');
@@ -103,10 +101,22 @@ sg_init(convert_pfxml_to_sgxml());
# ==============================================================================
function squidguard_validate($post, &$input_errors)
{
+ global $config, $g;
$submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
# check config if 'Apply'
- if ($submit === APPLY_BTN) sg_check_config_data($input_errors);
+ if ($submit === APPLY_BTN) {
+ // XXX:Bug #4608
+ if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) {
+ $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot.";
+ }
+ if ($g['platform'] != "pfSense") {
+ if ($post['blacklist'] != "" || $post['blacklist_proxy'] != "" || $post['blacklist_url'] != "") {
+ $input_errors[] = "Blacklists usage is NOT supported on NanoBSD. Disable 'Blacklist' option in 'General settings'.";
+ }
+ }
+ sg_check_config_data($input_errors);
+ }
}
# ------------------------------------------------------------------------------
@@ -1469,100 +1479,114 @@ function squidguard_blacklist_list()
return $res;
}
-// ##### The following part is based on the code of pfblocker #####
-
/* Uses XMLRPC to synchronize the changes to a remote node */
function squidguard_sync_on_changes() {
global $config, $g;
- if (is_array($config['installedpackages']['squidguardsync'])){
+
+ if (is_array($config['installedpackages']['squidguardsync'])) {
$synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc'];
- $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
- }
- else
- {
+ $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'] ?: '150';
+ } else {
return;
}
- // if checkbox is NOT checked do nothing
- switch ($synconchanges){
+ switch ($synconchanges) {
case "manual":
- if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){
- $rs=$config['installedpackages']['squidguardsync']['config'][0]['row'];
- }
- else{
- log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config.");
+ if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])) {
+ $rs = $config['installedpackages']['squidguardsync']['config'][0]['row'];
+ } else {
+ log_error("[Squidguard] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
- }
+ }
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
- $rs[0]['varsyncdestinenable']="on";
- $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
- $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
- $rs[0]['varsyncpassword']=$system_carp['password'];
- $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
- if (! is_ipaddr($system_carp['synchronizetoip'])){
- log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
- return;
- }
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['varsyncusername'] = $system_carp['username'];
+ $rs[0]['varsyncpassword'] = $system_carp['password'];
+ $rs[0]['varsyncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == 'http') {
+ $rs[0]['varsyncprotocol'] = 'http';
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['varsyncprotocol'] = 'https';
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
}
- else{
- log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['varsyncdestinenable'] = TRUE;
}
- break;
+ } else {
+ log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
+ break;
default:
return;
- break;
- }
- if (is_array($rs)){
- log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
- foreach($rs as $sh){
- if($sh['varsyncdestinenable']){
- $varsyncprotocol = $sh['varsyncprotocol'];
- $sync_to_ip = $sh['varsyncipaddress'];
- $password = $sh['varsyncpassword'];
- $varsyncport = $sh['varsyncport'];
- if($password && $sync_to_ip)
- squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
- else
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+ break;
+ }
+ if (is_array($rs)) {
+ log_error("[SquidGuard] XMLRPC sync is starting with timeout {$varsynctimeout} seconds.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['varsyncdestinenable']) {
+ $varsyncprotocol = $sh['varsyncprotocol'];
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $username = $sh['varsyncusername'] ?: 'admin';
+ $password = $sh['varsyncpassword'];
+ $varsyncport = $sh['varsyncport'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
}
- else {
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
}
+ if (!is_port($varsyncport)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout);
+ } else {
+ log_error("[SquidGuard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ } else {
+ log_error("[SquidGuard] XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
}
- log_error("[SquidGuard] xmlrpc sync is ending.");
- }
+ }
+ log_error("[SquidGuard] XMLRPC sync is ending.");
+ }
}
/* Do the actual XMLRPC sync */
-function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
+function squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout) {
global $config, $g;
- if($varsynctimeout == '' || $varsynctimeout == 0)
- $varsynctimeout = 150;
-
- if(!$password)
- return;
-
- if(!$sync_to_ip)
- return;
-
- if(!$varsyncport)
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") {
+ log_error("[SquidGuard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
+ }
- if(!$varsyncprotocol)
- return;
-
- // Check and choose correct protocol type, port number and IP address
- $synchronizetoip .= "$varsyncprotocol" . '://';
- $port = "$varsyncport";
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
+ }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$varsyncprotocol}://{$sync_to_ip}";
+ $port = $varsyncport;
- /* xml will hold the sections to sync */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral'];
$xml['squidguardacl'] = $config['installedpackages']['squidguardacl'];
@@ -1570,82 +1594,74 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
$xml['squidguarddest'] = $config['installedpackages']['squidguarddest'];
$xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite'];
$xml['squidguardtime'] = $config['installedpackages']['squidguardtime'];
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}.");
+
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
+ log_error("[SquidGuard] Beginning XMLRPC sync with {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $cli->setCredentials($username, $password);
+ if ($g['debug']) {
+ $cli->setDebug(1);
+ }
+ /* Send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}.";
- log_error("SquidGuard: $error");
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error("SquidGuard: $error");
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } else {
- log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}.");
- }
-
- /* tell squidguard to reload our settings on the destionation sync host. */
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("[SquidGuard] XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* Tell Squidguard to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n";
- // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions
+ // Squidguard needs more functions; we point to a function below which contains all the required functions
$execcmd .= "squidguard_all_after_XMLRPC_resync();";
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
- log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}.");
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
+
+ log_error("[SquidGuard] XMLRPC is reloading data on {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (exec_php).";
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
- log_error($error);
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } else {
- log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
- }
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("[SquidGuard] XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
+ }
}
-// ##### The part above is based on the code of pfblocker #####
-
-// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files
+// This function restarts all other needed functions after XMLRPC sync so that the content of .XML + .INC will be written in the files
// Adding more functions will increase the time to sync
function squidguard_all_after_XMLRPC_resync() {
-
+
squidguard_resync_acl();
squidguard_resync_dest();
squidguard_resync();
-
- log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
+
+ log_error("[SquidGuard] Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
}
?>
diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml
index b7874f82..a7742917 100644
--- a/config/squidGuard-devel/squidguard.xml
+++ b/config/squidGuard-devel/squidguard.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidguardgeneral</name>
- <version>1.5.8</version>
+ <version>1.5.9</version>
<title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
@@ -148,7 +148,13 @@
<field>
<fielddescr>Enable</fielddescr>
<fieldname>squidguard_enable</fieldname>
- <description><![CDATA[Check this option to enable squidGuard]]></description>
+ <description>
+ <![CDATA[
+ Check this option to enable squidGuard.<br />
+ <strong><span class="errmsg">Important: </span></strong>Please set up at least one category on the 'Target Categories' tab before enabling.
+ See <a href="https://forum.pfsense.org/index.php?topic=94312.0">this link for details</a>.
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
@@ -244,8 +250,14 @@
<field>
<fielddescr>Blacklist</fielddescr>
<fieldname>blacklist</fieldname>
- <description><![CDATA[Check this option to enable blacklist]]></description>
+ <description>
+ <![CDATA[
+ Check this option to enable blacklist.<br />
+ <strong><span class="errmsg">Do NOT enable this on NanoBSD installs!</span></strong>
+ ]]>
+ </description>
<type>checkbox</type>
+ <enablefields>blacklist_proxy,blacklist_url</enablefields>
</field>
<field>
<fielddescr>Blacklist proxy</fielddescr>
diff --git a/config/squidGuard-devel/squidguard_sync.xml b/config/squidGuard-devel/squidguard_sync.xml
index f0537faf..7ab2cc6c 100644
--- a/config/squidGuard-devel/squidguard_sync.xml
+++ b/config/squidGuard-devel/squidguard_sync.xml
@@ -1,54 +1,50 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-squidguardsync.xml
-part of pfSense (http://www.pfSense.com)
-Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
-Copyright (C) 2013 Marcello Coutinho
-based on pfblocker_sync.xml
-All rights reserved.
-
-Based on m0n0wall (http://m0n0.ch/wall)
-Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-All rights reserved.
+ squidguardsync.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-/* ========================================================================== */
-]]></copyright>
- <description><![CDATA[Describe your package here]]></description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>squidguardsync</name>
- <version>1.3_1 pkg v.1.9</version>
- <title>Proxy filter SquidGuard: XMLRPC Sync</title>
+ <version>1.5.9</version>
+ <title>SquidGuard Proxy Filter: XMLRPC Sync</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<tabs>
<tab>
@@ -97,11 +93,16 @@ POSSIBILITY OF SUCH DAMAGE.
<field>
<fielddescr>Enable Sync</fielddescr>
<fieldname>varsyncenablexmlrpc</fieldname>
- <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br>
- <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
+ <description>
+ <![CDATA[
+ Select a sync method for SquidGuard.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
<option><name>Sync to configured system backup server</name><value>auto</value></option>
<option><name>Sync to host(s) defined below</name><value>manual</value></option>
@@ -109,28 +110,28 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</field>
<field>
- <fielddescr>XMLRPC timeout</fielddescr>
+ <fielddescr>XMLRPC Timeout</fielddescr>
<fieldname>varsynctimeout</fieldname>
- <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description>
+ <description>XMLRPC timeout in seconds. (Default: 150)</description>
<type>input</type>
- <default_value>150</default_value>
+ <default_value>150</default_value>
<size>5</size>
</field>
-
<field>
- <fielddescr>Destination Server</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
<fielddescr>Enable</fielddescr>
<fieldname>varsyncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
<type>checkbox</type>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Protocol</fielddescr>
+ <fielddescr>Protocol</fielddescr>
<fieldname>varsyncprotocol</fieldname>
- <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
<type>select</type>
<default_value>HTTP</default_value>
<options>
@@ -139,21 +140,21 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI IP-Address</fielddescr>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>varsyncipaddress</fieldname>
- <description><![CDATA[IP Address of the destination host.]]></description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>15</size>
+ <size>40</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Port</fielddescr>
+ <fielddescr>Port</fielddescr>
<fieldname>varsyncport</fieldname>
- <description><![CDATA[Choose the port of the destination host.]]></description>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
<type>input</type>
<size>3</size>
</rowhelperfield>
- <rowhelperfield>
- <fielddescr>GUI Admin Password</fielddescr>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>varsyncpassword</fieldname>
<description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
@@ -162,9 +163,6 @@ POSSIBILITY OF SUCH DAMAGE.
</rowhelper>
</field>
</fields>
- <custom_delete_php_command>
- squidguard_sync_on_changes();
- </custom_delete_php_command>
<custom_php_resync_config_command>
squidguard_sync_on_changes();
</custom_php_resync_config_command>
diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc
index c4c47bcc..65e1ef50 100644
--- a/config/squidGuard/squidguard.inc
+++ b/config/squidGuard/squidguard.inc
@@ -1,36 +1,34 @@
<?php
-# ------------------------------------------------------------------------------
-/* squidguard.inc
-
+/*
+ squidguard.inc
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2006-2011 Serg Dvoriancev
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
Copyright (C) 2013 Marcello Coutinho
-
- part of pfSense (www.pfSense.com)
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form MUST reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-# ------------------------------------------------------------------------------
-
require_once('globals.inc');
require_once('config.inc');
require_once('util.inc');
@@ -103,10 +101,22 @@ sg_init(convert_pfxml_to_sgxml());
# ==============================================================================
function squidguard_validate(&$post, &$input_errors)
{
+ global $config, $g;
$submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
# check config if 'Apply'
- if ($submit === APPLY_BTN) sg_check_config_data($input_errors);
+ if ($submit === APPLY_BTN) {
+ // XXX:Bug #4608
+ if (($g['platform'] == "pfSense") && isset($config['system']['use_mfs_tmpvar'])) {
+ $input_errors[] = "Please, disable 'Use RAM Disks' under System: Advanced: Miscellaneous to avoid SquidGuard configuration breakage on reboot.";
+ }
+ if ($g['platform'] != "pfSense") {
+ if ($post['blacklist'] != "" || $post['blacklist_proxy'] != "" || $post['blacklist_url'] != "") {
+ $input_errors[] = "Blacklists usage is NOT supported on NanoBSD. Disable 'Blacklist' option in 'General settings'.";
+ }
+ }
+ sg_check_config_data($input_errors);
+ }
}
# ------------------------------------------------------------------------------
@@ -1470,100 +1480,114 @@ function squidguard_blacklist_list()
return $res;
}
-// ##### The following part is based on the code of pfblocker #####
-
/* Uses XMLRPC to synchronize the changes to a remote node */
function squidguard_sync_on_changes() {
global $config, $g;
- if (is_array($config['installedpackages']['squidguardsync'])){
+
+ if (is_array($config['installedpackages']['squidguardsync'])) {
$synconchanges = $config['installedpackages']['squidguardsync']['config'][0]['varsyncenablexmlrpc'];
- $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'];
- }
- else
- {
+ $varsynctimeout = $config['installedpackages']['squidguardsync']['config'][0]['varsynctimeout'] ?: '150';
+ } else {
return;
}
- // if checkbox is NOT checked do nothing
- switch ($synconchanges){
+ switch ($synconchanges) {
case "manual":
- if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])){
- $rs=$config['installedpackages']['squidguardsync']['config'][0]['row'];
- }
- else{
- log_error("[Squidguard] xmlrpc sync is enabled but there is no hosts to push on Squidguard config.");
+ if (is_array($config['installedpackages']['squidguardsync']['config'][0]['row'])) {
+ $rs = $config['installedpackages']['squidguardsync']['config'][0]['row'];
+ } else {
+ log_error("[Squidguard] XMLRPC sync is enabled but there are no hosts configured as replication targets.");
return;
- }
+ }
break;
case "auto":
- if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
- $system_carp=$config['installedpackages']['carpsettings']['config'][0];
- $rs[0]['varsyncdestinenable']="on";
- $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
- $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
- $rs[0]['varsyncpassword']=$system_carp['password'];
- $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
- if (! is_ipaddr($system_carp['synchronizetoip'])){
- log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
- return;
- }
+ if (is_array($config['hasync'])) {
+ $system_carp = $config['hasync'];
+ $rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
+ $rs[0]['varsyncusername'] = $system_carp['username'];
+ $rs[0]['varsyncpassword'] = $system_carp['password'];
+ $rs[0]['varsyncdestinenable'] = FALSE;
+
+ // XMLRPC sync is currently only supported over connections using the same protocol and port as this system
+ if ($config['system']['webgui']['protocol'] == 'http') {
+ $rs[0]['varsyncprotocol'] = 'http';
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
+ } else {
+ $rs[0]['varsyncprotocol'] = 'https';
+ $rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
}
- else{
- log_error("[Squidguard] xmlrpc sync is enabled but there is no system backup hosts to push squid config.");
+ if ($system_carp['synchronizetoip'] == "") {
+ log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
return;
+ } else {
+ $rs[0]['varsyncdestinenable'] = TRUE;
}
- break;
+ } else {
+ log_error("[Squidguard] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
+ return;
+ }
+ break;
default:
return;
- break;
- }
- if (is_array($rs)){
- log_error("[SquidGuard] xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
- foreach($rs as $sh){
- if($sh['varsyncdestinenable']){
- $varsyncprotocol = $sh['varsyncprotocol'];
- $sync_to_ip = $sh['varsyncipaddress'];
- $password = $sh['varsyncpassword'];
- $varsyncport = $sh['varsyncport'];
- if($password && $sync_to_ip)
- squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
- else
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+ break;
+ }
+ if (is_array($rs)) {
+ log_error("[SquidGuard] XMLRPC sync is starting with timeout {$varsynctimeout} seconds.");
+ foreach ($rs as $sh) {
+ // Only sync enabled replication targets
+ if ($sh['varsyncdestinenable']) {
+ $varsyncprotocol = $sh['varsyncprotocol'];
+ $sync_to_ip = $sh['varsyncipaddress'];
+ $username = $sh['varsyncusername'] ?: 'admin';
+ $password = $sh['varsyncpassword'];
+ $varsyncport = $sh['varsyncport'];
+
+ $error = '';
+ $valid = TRUE;
+
+ if ($password == "") {
+ $error = "Password parameter is empty. ";
+ $valid = FALSE;
}
- else {
- log_error("SquidGuard: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+ if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) {
+ $error .= "Misconfigured Replication Target IP Address or Hostname. ";
+ $valid = FALSE;
}
+ if (!is_port($varsyncport)) {
+ $error .= "Misconfigured Replication Target Port. ";
+ $valid = FALSE;
+ }
+ if ($valid) {
+ squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout);
+ } else {
+ log_error("[SquidGuard] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}");
+ }
+ } else {
+ log_error("[SquidGuard] XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
}
- log_error("[SquidGuard] xmlrpc sync is ending.");
- }
+ }
+ log_error("[SquidGuard] XMLRPC sync is ending.");
+ }
}
/* Do the actual XMLRPC sync */
-function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
+function squidguard_do_xmlrpc_sync($sync_to_ip, $varsyncport, $varsyncprotocol, $username, $password, $varsynctimeout) {
global $config, $g;
- if($varsynctimeout == '' || $varsynctimeout == 0)
- $varsynctimeout = 150;
-
- if(!$password)
- return;
-
- if(!$sync_to_ip)
- return;
-
- if(!$varsyncport)
+ if ($username == "" || $password == "" || $sync_to_ip == "" || $varsyncport == "" || $varsyncprotocol == "") {
+ log_error("[SquidGuard] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync");
return;
+ }
- if(!$varsyncprotocol)
- return;
-
- // Check and choose correct protocol type, port number and IP address
- $synchronizetoip .= "$varsyncprotocol" . '://';
- $port = "$varsyncport";
+ // Take care of IPv6 literal address
+ if (is_ipaddrv6($sync_to_ip)) {
+ $sync_to_ip = "[{$sync_to_ip}]";
+ }
- $synchronizetoip .= $sync_to_ip;
+ $url = "{$varsyncprotocol}://{$sync_to_ip}";
+ $port = $varsyncport;
- /* xml will hold the sections to sync */
+ /* XML will hold the sections to sync. */
$xml = array();
$xml['squidguardgeneral'] = $config['installedpackages']['squidguardgeneral'];
$xml['squidguardacl'] = $config['installedpackages']['squidguardacl'];
@@ -1571,82 +1595,74 @@ function squidguard_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
$xml['squidguarddest'] = $config['installedpackages']['squidguarddest'];
$xml['squidguardrewrite'] = $config['installedpackages']['squidguardrewrite'];
$xml['squidguardtime'] = $config['installedpackages']['squidguardtime'];
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- log_error("SquidGuard: Beginning squidguard XMLRPC sync with {$url}:{$port}.");
+
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($xml));
+
+ /* Set a few variables needed for sync code */
+ log_error("[SquidGuard] Beginning XMLRPC sync with {$url}:{$port}.");
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $cli->setCredentials($username, $password);
+ if ($g['debug']) {
+ $cli->setDebug(1);
+ }
+ /* Send our XMLRPC message and timeout after $varsynctimeout seconds */
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}.";
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port}.";
- log_error("SquidGuard: $error");
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error("SquidGuard: $error");
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } else {
- log_error("SquidGuard: XMLRPC has synced data successfully with {$url}:{$port}.");
- }
-
- /* tell squidguard to reload our settings on the destionation sync host. */
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("[SquidGuard] XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* Tell Squidguard to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/squidguard.inc');\n";
- // pfblocker just needed one fuction to reload after XMLRPC. squidguard needs more so we point to a fuction below which contains all fuctions
+ // Squidguard needs more functions; we point to a function below which contains all the required functions
$execcmd .= "squidguard_all_after_XMLRPC_resync();";
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($execcmd)
- );
- log_error("SquidGuard XMLRPC is reloading data on {$url}:{$port}.");
+ /* Assemble XMLRPC payload. */
+ $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd));
+
+ log_error("[SquidGuard] XMLRPC is reloading data on {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $varsynctimeout);
+ if (!$resp) {
+ $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (exec_php).";
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } elseif ($resp->faultCode()) {
+ $cli->setDebug(1);
$resp = $cli->send($msg, $varsynctimeout);
- if(!$resp) {
- $error = "A communications error occurred while squidguard was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
- log_error($error);
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } elseif($resp->faultCode()) {
- $cli->setDebug(1);
- $resp = $cli->send($msg, $varsynctimeout);
- $error = "An error code was received while squidguard XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "squidguard Settings Sync", "");
- } else {
- log_error("SquidGuard: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
- }
+ $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error("[SquidGuard] {$error}");
+ file_notice("sync_settings", $error, "squidguard Settings Sync", "");
+ } else {
+ log_error("[SquidGuard] XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
+ }
}
-// ##### The part above is based on the code of pfblocker #####
-
-// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files
+// This function restarts all other needed functions after XMLRPC sync so that the content of .XML + .INC will be written in the files
// Adding more functions will increase the time to sync
function squidguard_all_after_XMLRPC_resync() {
-
+
squidguard_resync_acl();
squidguard_resync_dest();
squidguard_resync();
-
- log_error("SquidGuard: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
+
+ log_error("[SquidGuard] Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
}
?>
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index e7514f63..91922324 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>squidguardgeneral</name>
- <version>1.9.16</version>
+ <version>1.9.17</version>
<title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
@@ -148,7 +148,13 @@
<field>
<fielddescr>Enable</fielddescr>
<fieldname>squidguard_enable</fieldname>
- <description><![CDATA[Check this option to enable squidGuard]]></description>
+ <description>
+ <![CDATA[
+ Check this option to enable squidGuard.<br />
+ <strong><span class="errmsg">Important: </span></strong>Please set up at least one category on the 'Target Categories' tab before enabling.
+ See <a href="https://forum.pfsense.org/index.php?topic=94312.0">this link for details</a>.
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
@@ -244,8 +250,14 @@
<field>
<fielddescr>Blacklist</fielddescr>
<fieldname>blacklist</fieldname>
- <description><![CDATA[Check this option to enable blacklist]]></description>
+ <description>
+ <![CDATA[
+ Check this option to enable blacklist.<br />
+ <strong><span class="errmsg">Do NOT enable this on NanoBSD installs!</span></strong>
+ ]]>
+ </description>
<type>checkbox</type>
+ <enablefields>blacklist_proxy,blacklist_url</enablefields>
</field>
<field>
<fielddescr>Blacklist proxy</fielddescr>
diff --git a/config/squidGuard/squidguard_sync.xml b/config/squidGuard/squidguard_sync.xml
index f0537faf..2d50ca24 100644
--- a/config/squidGuard/squidguard_sync.xml
+++ b/config/squidGuard/squidguard_sync.xml
@@ -1,54 +1,50 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
<packagegui>
- <copyright>
+ <copyright>
<![CDATA[
/* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-squidguardsync.xml
-part of pfSense (http://www.pfSense.com)
-Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
-Copyright (C) 2013 Marcello Coutinho
-based on pfblocker_sync.xml
-All rights reserved.
-
-Based on m0n0wall (http://m0n0.ch/wall)
-Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-All rights reserved.
+ squidguardsync.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
*/
-/* ========================================================================== */
+/* ====================================================================================== */
/*
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
*/
-/* ========================================================================== */
-]]></copyright>
- <description><![CDATA[Describe your package here]]></description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<name>squidguardsync</name>
- <version>1.3_1 pkg v.1.9</version>
- <title>Proxy filter SquidGuard: XMLRPC Sync</title>
+ <version>1.9.17</version>
+ <title>SquidGuard Proxy Filter: XMLRPC Sync</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<tabs>
<tab>
@@ -97,11 +93,16 @@ POSSIBILITY OF SUCH DAMAGE.
<field>
<fielddescr>Enable Sync</fielddescr>
<fieldname>varsyncenablexmlrpc</fieldname>
- <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br>
- <b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
+ <description>
+ <![CDATA[
+ Select a sync method for SquidGuard.<br/><br/>
+ <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A.
+ This will result in a loop!
+ ]]>
+ </description>
<type>select</type>
<required/>
- <default_value>auto</default_value>
+ <default_value>disabled</default_value>
<options>
<option><name>Sync to configured system backup server</name><value>auto</value></option>
<option><name>Sync to host(s) defined below</name><value>manual</value></option>
@@ -109,28 +110,28 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</field>
<field>
- <fielddescr>XMLRPC timeout</fielddescr>
+ <fielddescr>XMLRPC Timeout</fielddescr>
<fieldname>varsynctimeout</fieldname>
- <description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description>
+ <description>XMLRPC timeout in seconds. (Default: 150)</description>
<type>input</type>
- <default_value>150</default_value>
+ <default_value>150</default_value>
<size>5</size>
</field>
-
<field>
- <fielddescr>Destination Server</fielddescr>
+ <fielddescr>Replication Targets</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
<fielddescr>Enable</fielddescr>
<fieldname>varsyncdestinenable</fieldname>
+ <description><![CDATA[Enable this host as a replication target]]></description>
<type>checkbox</type>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Protocol</fielddescr>
+ <fielddescr>Protocol</fielddescr>
<fieldname>varsyncprotocol</fieldname>
- <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description>
+ <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description>
<type>select</type>
<default_value>HTTP</default_value>
<options>
@@ -139,21 +140,21 @@ POSSIBILITY OF SUCH DAMAGE.
</options>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI IP-Address</fielddescr>
+ <fielddescr>IP Address/Hostname</fielddescr>
<fieldname>varsyncipaddress</fieldname>
- <description><![CDATA[IP Address of the destination host.]]></description>
+ <description><![CDATA[IP address or hostname of the destination host.]]></description>
<type>input</type>
- <size>15</size>
+ <size>40</size>
</rowhelperfield>
<rowhelperfield>
- <fielddescr>GUI Port</fielddescr>
+ <fielddescr>Port</fielddescr>
<fieldname>varsyncport</fieldname>
- <description><![CDATA[Choose the port of the destination host.]]></description>
+ <description><![CDATA[Choose the sync port of the destination host.]]></description>
<type>input</type>
<size>3</size>
</rowhelperfield>
- <rowhelperfield>
- <fielddescr>GUI Admin Password</fielddescr>
+ <rowhelperfield>
+ <fielddescr>Admin Password</fielddescr>
<fieldname>varsyncpassword</fieldname>
<description><![CDATA[Password of the user "admin" on the destination host.]]></description>
<type>password</type>
@@ -162,9 +163,6 @@ POSSIBILITY OF SUCH DAMAGE.
</rowhelper>
</field>
</fields>
- <custom_delete_php_command>
- squidguard_sync_on_changes();
- </custom_delete_php_command>
<custom_php_resync_config_command>
squidguard_sync_on_changes();
</custom_php_resync_config_command>
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index e2c4735c..7c7e9e80 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
</copyright>
<description>Suricata IDS/IPS Package</description>
<name>suricata</name>
- <version>2.0.8 pkg v2.1.6</version>
+ <version>2.1.9</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index c4e438ba..81c7c503 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -14,7 +14,7 @@
* All rights reserved.
*
* Adapted for Suricata by:
- * Copyright (C) 2014 Bill Meeks
+ * Copyright (C) 2015 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -86,6 +86,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_bro_ids_dport'] = "47760";
if (empty($a_nat[$id]['barnyard_sensor_id']))
$pconfig['barnyard_sensor_id'] = "0";
+ if (empty($pconfig['barnyard_xff_logging']))
+ $pconfig['barnyard_xff_logging'] = "off";
+ if (empty($pconfig['barnyard_xff_mode']))
+ $pconfig['barnyard_xff_mode'] = "extra-data";
+ if (empty($pconfig['barnyard_xff_deployment']))
+ $pconfig['barnyard_xff_deployment'] = "reverse";
+ if (empty($pconfig['barnyard_xff_header']))
+ $pconfig['barnyard_xff_header'] = "X-Forwarded-For";
}
if ($_POST['save']) {
@@ -129,6 +137,9 @@ if ($_POST['save']) {
$input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer.");
}
+ if (empty($_POST['barnyard_xff_header']) && $_POST['barnyard_xff_logging'] == "on")
+ $input_errors[] = gettext("The value for the X-Forwarded-For Header cannot be blank when X-Forwarded-For logging is enabled.");
+
// Validate inputs if MySQL database loggging enabled
if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
if (empty($_POST['barnyard_dbhost']))
@@ -172,11 +183,13 @@ if ($_POST['save']) {
$natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
$natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
$natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
+ $natent['barnyard_xff_logging'] = $_POST['barnyard_xff_logging'] ? 'on' : 'off';
$natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0';
if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
+ if ($_POST['barnyard_xff_header']) $natent['barnyard_xff_header'] = $_POST['barnyard_xff_header']; else $natent['barnyard_xff_header'] = 'X-Forwarded-For';
if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
@@ -335,6 +348,56 @@ include_once("head.inc");
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("X-Forwarded-For Logging"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_xff_logging" id="barnyard_xff_logging" type="checkbox" value="on" <?php if ($pconfig['barnyard_xff_logging'] == "on") echo "checked"; ?> onClick="toggle_xff_log_options()"/>
+ <?php echo gettext("Enable logging of X-Forwarded-For IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tbody id="xff_options">
+ <tr id="barnyard_xff_mode_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("X-Forwarded-For Mode"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_xff_mode" id="barnyard_xff_mode" class="formselect">
+ <?php
+ $xff_modes = array( "extra-data", "overwrite" );
+ foreach ($xff_modes as $mode) {
+ $selected = "";
+ if ($mode == $pconfig['barnyard_xff_mode'])
+ $selected = " selected";
+ echo "<option value='{$mode}'{$selected}>" . $mode . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select HTTP X-Forwarded-For Operation Mode. Default is ") . "<strong>" . gettext("extra-data") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr id="barnyard_xff_deployment_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("X-Forwarded-For Deployment"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_xff_deployment" id="barnyard_xff_deployment" class="formselect">
+ <?php
+ $xff_deployments = array( "reverse", "forward" );
+ foreach ($xff_deployments as $deployment) {
+ $selected = "";
+ if ($mode == $pconfig['barnyard_xff_deployment'])
+ $selected = " selected";
+ echo "<option value='{$deployment}'{$selected}>" . $deployment . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select HTTP X-Forwarded-For Deployment. Default is ") . "<strong>" . gettext("reverse") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr id="barnyard_xff_header_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("X-Forwarded-For Header"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_xff_header" type="text" class="formfld unknown" id="barnyard_xff_header"
+ size="18" value="<?=htmlspecialchars($pconfig['barnyard_xff_header']); ?>"/>&nbsp;
+ <?php echo gettext("Enter header where actual IP address is reported. Default is ") . "<strong>" .
+ gettext("X-Forwarded-For") . "</strong>."; ?><br/><br/><?php echo gettext("If more than one IP address is present, the last one will be used.") ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
</tr>
<tr>
@@ -600,6 +663,16 @@ function toggle_bro_ids() {
document.getElementById("bro_ids_config_rows").style.display = "";
}
+function toggle_xff_log_options() {
+ var endis = !(document.iform.barnyard_xff_logging.checked);
+ if (endis) {
+ document.getElementById("xff_options").style.display = "none";
+ }
+ else {
+ document.getElementById("xff_options").style.display = "";
+ }
+}
+
function enable_change(enable_change) {
endis = !(document.iform.barnyard_enable.checked || enable_change);
// make sure a default answer is called if this is invoked.
@@ -610,6 +683,10 @@ function enable_change(enable_change) {
document.iform.barnyard_obfuscate_ip.disabled = endis;
document.iform.barnyard_sensor_id.disabled = endis;
document.iform.barnyard_sensor_name.disabled = endis;
+ document.iform.barnyard_xff_logging.disabled = endis;
+ document.iform.barnyard_xff_mode.disabled = endis;
+ document.iform.barnyard_xff_deployment.disabled = endis;
+ document.iform.barnyard_xff_header.disabled = endis;
document.iform.barnyard_mysql_enable.disabled = endis;
document.iform.barnyard_dbhost.disabled = endis;
document.iform.barnyard_dbname.disabled = endis;
@@ -636,6 +713,7 @@ toggle_mySQL();
toggle_syslog();
toggle_local_syslog();
toggle_bro_ids();
+toggle_xff_log_options();
enable_change(false);
</script>
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 67334957..e245d71e 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -13,7 +13,7 @@
* All rights reserved.
*
* Adapted for Suricata by:
- * Copyright (C) 2014 Bill Meeks
+ * Copyright (C) 2015 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,7 +43,7 @@ require_once("service-utils.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
require_once("/usr/local/pkg/suricata/suricata_defs.inc");
-global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules;
+global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules, $static_output;
$suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
@@ -264,7 +264,7 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") {
/* error occurred. */
/**********************************************************/
- global $pkg_interface, $last_curl_error, $update_errors;
+ global $pkg_interface, $last_curl_error, $update_errors, $static_output;
$suricatadir = SURICATADIR;
$filename_md5 = basename($file_dst);
@@ -301,7 +301,8 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") {
$suricata_err_msg = gettext("Server returned error code {$rc}.");
if ($pkg_interface <> "console") {
update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ..."));
- update_output_window(gettext("{$desc} will not be updated.\n\t{$suricata_err_msg}"));
+ $static_output .= gettext("{$desc} will not be updated.\n\t{$suricata_err_msg}");
+ update_output_window($static_output);
}
log_error(gettext("[Suricata] {$desc} md5 download failed..."));
log_error(gettext("[Suricata] Server returned error code {$rc}..."));
@@ -333,7 +334,7 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* FALSE if download was not successful. */
/**********************************************************/
- global $pkg_interface, $last_curl_error, $update_errors;
+ global $pkg_interface, $last_curl_error, $update_errors, $static_output;
$suricatadir = SURICATADIR;
$filename = basename($file_dst);
@@ -354,8 +355,10 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
// Test integrity of the rules file. Turn off update if file has wrong md5 hash
if ($file_md5 != trim(md5_file($file_dst))){
- if ($pkg_interface <> "console")
- update_output_window(gettext("{$desc} file MD5 checksum failed..."));
+ if ($pkg_interface <> "console") {
+ $static_output .= gettext("{$desc} file MD5 checksum failed!\n");
+ update_output_window($static_output);
+ }
log_error(gettext("[Suricata] {$desc} file download failed. Bad MD5 checksum..."));
log_error(gettext("[Suricata] Downloaded File MD5: " . md5_file($file_dst)));
log_error(gettext("[Suricata] Expected File MD5: {$file_md5}"));
@@ -369,8 +372,10 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
return true;
}
else {
- if ($pkg_interface <> "console")
- update_output_window(gettext("{$desc} file download failed..."));
+ if ($pkg_interface <> "console") {
+ $static_output .= gettext("{$desc} file download failed!\n");
+ update_output_window($static_output);
+ }
log_error(gettext("[Suricata] {$desc} file download failed... server returned error '{$rc}'..."));
error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
if ($pkg_interface == "console")
@@ -451,7 +456,8 @@ if ($emergingthreats == 'on') {
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
if ($pkg_interface <> "console") {
update_status(gettext("Extracting {$et_name} rules..."));
- update_output_window(gettext("Installing {$et_name} rules..."));
+ $static_output .= gettext("Installing {$et_name} rules...");
+ update_output_window($static_output);
}
error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/");
@@ -509,7 +515,8 @@ if ($emergingthreats == 'on') {
}
if ($pkg_interface <> "console") {
update_status(gettext("Extraction of {$et_name} rules completed..."));
- update_output_window(gettext("Installation of {$et_name} rules completed..."));
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
rmdir_recursive("{$tmpfname}/emerging");
@@ -525,7 +532,8 @@ if ($snortdownload == 'on') {
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
- update_output_window(gettext("Installing Sourcefire VRT rules..."));
+ $static_output .= gettext("Installing Sourcefire VRT rules...");
+ update_output_window($static_output);
}
error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
@@ -549,7 +557,6 @@ if ($snortdownload == 'on') {
/* extract base etc files */
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT config and map files..."));
- update_output_window(gettext("Copying config and map files..."));
}
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/");
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -564,7 +571,8 @@ if ($snortdownload == 'on') {
}
if ($pkg_interface <> "console") {
update_status(gettext("Extraction of Snort VRT rules completed..."));
- update_output_window(gettext("Installation of Sourcefire VRT rules completed..."));
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
}
@@ -576,7 +584,8 @@ if ($snortcommunityrules == 'on') {
if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) {
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort GPLv2 Community Rules..."));
- update_output_window(gettext("Installing Snort GPLv2 Community Rules..."));
+ $static_output .= gettext("Installing Snort GPLv2 Community Rules...");
+ update_output_window($static_output);
}
error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/");
@@ -599,7 +608,8 @@ if ($snortcommunityrules == 'on') {
}
if ($pkg_interface <> "console") {
update_status(gettext("Extraction of Snort GPLv2 Community Rules completed..."));
- update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
rmdir_recursive("{$tmpfname}/community");
@@ -680,17 +690,20 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ...";
if ($pkg_interface <> "console"){
update_status(gettext($tmp));
- update_output_window(gettext("Please wait while Suricata interface files are being updated..."));
+ $static_output .= $tmp;
+ update_output_window($static_output);
}
suricata_apply_customizations($value, $if_real);
$tmp = "\t" . $tmp . "\n";
error_log($tmp, 3, SURICATA_RULES_UPD_LOGFILE);
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
}
else {
if ($pkg_interface <> "console") {
- update_output_window(gettext("Warning: No interfaces configured for Suricata were found..."));
- update_output_window(gettext("No interfaces currently have Suricata configured and enabled on them..."));
+ $static_output .= gettext("Warning: No interfaces configured for Suricata were found!\nNo interfaces currently have Suricata configured and enabled on them.");
+ update_output_window($static_output);
}
error_log(gettext("\tWarning: No interfaces configured for Suricata were found...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
}
@@ -707,7 +720,6 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
if ($pkg_interface <> "console") {
update_status(gettext('Signaling Suricata to live-load the new set of rules...'));
- update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
}
log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
@@ -721,34 +733,37 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
else {
if ($pkg_interface <> "console") {
update_status(gettext('Restarting Suricata to activate the new set of rules...'));
- update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
+ $static_output .= gettext("Restarting Suricata...");
+ update_output_window($static_output);
}
error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
restart_service("suricata");
- if ($pkg_interface <> "console")
- update_output_window(gettext("Suricata has restarted with your new set of rules..."));
+ if ($pkg_interface <> "console") {
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
+ }
log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
}
}
- else {
- if ($pkg_interface <> "console")
- update_output_window(gettext("The rules update task is complete..."));
- }
}
// Remove old $tmpfname files
if (is_dir("{$tmpfname}")) {
if ($pkg_interface <> "console") {
update_status(gettext("Cleaning up after rules extraction..."));
- update_output_window(gettext("Removing {$tmpfname} directory..."));
+ $static_output .= gettext("Removing {$tmpfname} directory...");
+ update_output_window($static_output);
}
rmdir_recursive("{$tmpfname}");
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
if ($pkg_interface <> "console") {
update_status(gettext("The Rules update has finished..."));
- update_output_window("");
+ $static_output .= gettext("Rules update task complete.\n");
+ update_output_window($static_output);
}
log_error(gettext("[Suricata] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, SURICATA_RULES_UPD_LOGFILE);
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 9467ea7c..4be8dc35 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -14,7 +14,7 @@
* All rights reserved.
*
* Adapted for Suricata by:
- * Copyright (C) 2014 Bill Meeks
+ * Copyright (C) 2015 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -250,8 +250,11 @@ elseif ($_POST['ResetAll']) {
$pconfig['flow_icmp_emerg_new_timeout'] = '10';
$pconfig['flow_icmp_emerg_established_timeout'] = '100';
- $pconfig['stream_memcap'] = '33554432';
+ // The default 'stream_memcap' value must be calculated as follows:
+ // 216 * prealloc_sessions * number of threads = memory use in bytes
+ // 64 MB is a decent all-around default, but some setups need more.
$pconfig['stream_prealloc_sessions'] = '32768';
+ $pconfig['stream_memcap'] = '67108864';
$pconfig['reassembly_memcap'] = '67108864';
$pconfig['reassembly_depth'] = '1048576';
$pconfig['reassembly_to_server_chunk'] = '2560';
@@ -298,7 +301,7 @@ elseif ($_POST['save'] || $_POST['apply']) {
if ($_POST['flow_icmp_emerg_new_timeout'] != "") { $natent['flow_icmp_emerg_new_timeout'] = $_POST['flow_icmp_emerg_new_timeout']; }else{ $natent['flow_icmp_emerg_new_timeout'] = "10"; }
if ($_POST['flow_icmp_emerg_established_timeout'] != "") { $natent['flow_icmp_emerg_established_timeout'] = $_POST['flow_icmp_emerg_established_timeout']; }else{ $natent['flow_icmp_emerg_established_timeout'] = "100"; }
- if ($_POST['stream_memcap'] != "") { $natent['stream_memcap'] = $_POST['stream_memcap']; }else{ $natent['stream_memcap'] = "33554432"; }
+ if ($_POST['stream_memcap'] != "") { $natent['stream_memcap'] = $_POST['stream_memcap']; }else{ $natent['stream_memcap'] = "67108864"; }
if ($_POST['stream_prealloc_sessions'] != "") { $natent['stream_prealloc_sessions'] = $_POST['stream_prealloc_sessions']; }else{ $natent['stream_prealloc_sessions'] = "32768"; }
if ($_POST['enable_midstream_sessions'] == "on") { $natent['enable_midstream_sessions'] = 'on'; }else{ $natent['enable_midstream_sessions'] = 'off'; }
if ($_POST['enable_async_sessions'] == "on") { $natent['enable_async_sessions'] = 'on'; }else{ $natent['enable_async_sessions'] = 'off'; }
@@ -764,8 +767,11 @@ if ($savemsg) {
<input name="stream_memcap" type="text" class="formfld unknown" id="stream_memcap" size="9"
value="<?=htmlspecialchars($pconfig['stream_memcap']);?>">&nbsp;
<?php echo gettext("Max memory to be used by stream engine. Default is ") .
- "<strong>" . gettext("33,554,432") . "</strong>" . gettext(" bytes (32MB)"); ?><br/><br/>
- <?php echo gettext("Sets the maximum amount of memory, in bytes, to be used by the stream engine."); ?>
+ "<strong>" . gettext("67,108,864") . "</strong>" . gettext(" bytes (64MB)"); ?><br/><br/>
+ <?php echo gettext("Sets the maximum amount of memory, in bytes, to be used by the stream engine. ");?><br/>
+ <span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
+ gettext("This number will likely need to be increased beyond the default value in systems with more than 4 processor cores. " .
+ "If Suricata fails to start and logs a memory allocation error, increase this value in 4 MB chunks until Suricata starts successfully."); ?>
</td>
</tr>
<tr>
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 328702b9..3394ad4c 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -292,6 +292,7 @@ if (!empty($suricatacfg['max_pcap_log_files']))
else
$pcap_log_max_files = "1000";
+// Unified2 Alert Log Settings
if ($suricatacfg['barnyard_enable'] == 'on')
$barnyard2_enabled = "yes";
else
@@ -307,6 +308,28 @@ if (isset($suricatacfg['barnyard_sensor_id']))
else
$unified2_sensor_id = "0";
+// Unified2 X-Forwarded-For logging options
+if ($suricatacfg['barnyard_xff_logging'] == 'on') {
+ $unified2_xff_output = "xff:";
+ $unified2_xff_output .= "\n enabled: yes";
+ if (!empty($suricatacfg['barnyard_xff_mode']))
+ $unified2_xff_output .= "\n mode: {$suricatacfg['barnyard_xff_mode']}";
+ else
+ $unified2_xff_output .= "\n mode: extra-data";
+ if (!empty($suricatacfg['barnyard_xff_deployment']))
+ $unified2_xff_output .= "\n deployment: {$suricatacfg['barnyard_xff_deployment']}";
+ else
+ $unified2_xff_output .= "\n deployment: reverse";
+ if (!empty($suricatacfg['barnyard_xff_header']))
+ $unified2_xff_output .= "\n header: {$suricatacfg['barnyard_xff_header']}";
+ else
+ $unified2_xff_output .= "\n header: X-Forwarded-For";
+}
+else {
+ $unified2_xff_output = "xff:";
+ $unified2_xff_output .= "\n enabled: no";
+}
+
// EVE JSON log output settings
if ($suricatacfg['enable_eve_log'] == 'on')
$enable_eve_log = "yes";
@@ -494,7 +517,7 @@ else
if (!empty($suricatacfg['stream_memcap']))
$stream_memcap = $suricatacfg['stream_memcap'];
else
- $stream_memcap = "33554432";
+ $stream_memcap = "67108864";
if (!empty($suricatacfg['stream_prealloc_sessions']))
$stream_prealloc_sessions = $suricatacfg['stream_prealloc_sessions'];
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 013cde3e..26fbd12e 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -308,7 +308,7 @@ if ($input_errors)
<td><input name="snort_rules_file" type="text" class="formfld unknown" id="snort_rules_file" size="52"
value="<?=htmlspecialchars($pconfig['snort_rules_file']);?>"/><br/>
<?php echo gettext("Enter the rules tarball filename (filename only, do not include the URL.)"); ?>
- <br/><span class="red"><strong><?php echo gettext("Example: ") . "</strong></span>" . gettext("snortrules-snapshot-2962.tar.gz");?><br/><br/></td>
+ <br/><span class="red"><strong><?php echo gettext("Example: ") . "</strong></span>" . gettext("snortrules-snapshot-2976.tar.gz");?><br/><br/></td>
</tr>
<tr>
<td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Oinkmaster Code:"); ?></strong></span>&nbsp;</td>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 4319182d..f188194d 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -372,7 +372,7 @@ if ($_POST["save"] && !$input_errors) {
$natent['flow_icmp_emerg_new_timeout'] = '10';
$natent['flow_icmp_emerg_established_timeout'] = '100';
- $natent['stream_memcap'] = '33554432';
+ $natent['stream_memcap'] = '67108864';
$natent['stream_prealloc_sessions'] = '32768';
$natent['reassembly_memcap'] = '67108864';
$natent['reassembly_depth'] = '1048576';
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index 2fd5f96e..4a4a489f 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -471,6 +471,26 @@ foreach ($rule as &$r) {
$updated_cfg = true;
}
+ /**********************************************************/
+ /* Create interface Unified2 XFF log settings if not set */
+ /**********************************************************/
+ if (!isset($pconfig['barnyard_xff_logging'])) {
+ $pconfig['barnyard_xff_logging'] = "off";
+ $updated_cfg = true;
+ }
+ if (!isset($pconfig['barnyard_xff_mode'])) {
+ $pconfig['barnyard_xff_mode'] = "extra-data";
+ $updated_cfg = true;
+ }
+ if (!isset($pconfig['barnyard_xff_deployment'])) {
+ $pconfig['barnyard_xff_deployment'] = "reverse";
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['barnyard_xff_header'])) {
+ $pconfig['barnyard_xff_header'] = "X-Forwarded-For";
+ $updated_cfg = true;
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index ea1d7b0a..42722d79 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -13,7 +13,7 @@
* All rights reserved.
*
* Adapted for Suricata by:
- * Copyright (C) 2014 Bill Meeks
+ * Copyright (C) 2015 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -50,7 +50,7 @@ require_once("functions.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
require("/usr/local/pkg/suricata/suricata_defs.inc");
-global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include;
+global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include, $static_output;
/****************************************
* Define any new constants here that *
@@ -201,11 +201,12 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
/****************************************************************/
/* Do one-time settings migration for new version configuration */
- update_output_window(gettext("Please wait... migrating settings to new configuration..."));
+ $static_output .= gettext("\nMigrating settings to new configuration...");
+ update_output_window($static_output);
include('/usr/local/pkg/suricata/suricata_migrate_config.php');
- update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
log_error(gettext("[Suricata] Downloading and updating configured rule types..."));
- update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface <> "console")
$suricata_gui_include = true;
include('/usr/local/pkg/suricata/suricata_check_for_rule_updates.php');
@@ -219,7 +220,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
$if_real = get_real_interface($suricatacfg['interface']);
$suricata_uuid = $suricatacfg['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
- update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "..."));
+ $static_output .= gettext("Generating YAML configuration file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "...");
+ update_output_window($static_output);
// Pull in the PHP code that generates the suricata.yaml file
// variables that will be substituted further down below.
@@ -238,6 +240,9 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
// create barnyard2.conf file for interface
if ($suricatacfg['barnyard_enable'] == 'on')
suricata_generate_barnyard2_conf($suricatacfg, $if_real);
+
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
// create Suricata bootup file suricata.sh
@@ -259,17 +264,21 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
$rebuild_rules = false;
- if ($pkg_interface <> "console")
- update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
+ if ($pkg_interface <> "console") {
+ $static_output .= gettext("Finished rebuilding Suricata configuration from saved settings.\n");
+ update_output_window($static_output);
+ }
log_error(gettext("[Suricata] Finished rebuilding installation from saved settings..."));
// Only try to start Suricata if not in reboot
if (!$g['booting']) {
if ($pkg_interface <> "console") {
update_status(gettext("Starting Suricata using rebuilt configuration..."));
- update_output_window(gettext("Please wait while Suricata is started..."));
+ $static_output .= gettext("Starting Suricata using the rebuilt configuration...");
+ update_output_window($static_output);
mwexec_bg("{$rcdir}suricata.sh start");
- update_output_window(gettext("Suricata is starting as a background task using the rebuilt configuration..."));
+ $static_output .= gettext(" done.\n");
+ update_output_window($static_output);
}
else
mwexec_bg("{$rcdir}suricata.sh start");
@@ -291,6 +300,7 @@ write_config("Suricata pkg v{$config['installedpackages']['package'][get_pkg_id(
// Done with post-install, so clear flag
unset($g['suricata_postinstall']);
log_error(gettext("[Suricata] Package post-installation tasks completed..."));
+update_status("");
return true;
?>
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index a8b06ebe..82723958 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -54,6 +54,7 @@ outputs:
filename: unified2.alert
limit: {$unified2_log_limit}
sensor-id: {$unified2_sensor_id}
+ {$unified2_xff_output}
- http-log:
enabled: {$http_log_enabled}
diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc
index 2298e170..92825799 100644
--- a/config/systempatches/patches.inc
+++ b/config/systempatches/patches.inc
@@ -29,6 +29,7 @@
*/
require_once("globals.inc");
require_once("util.inc");
+require_once("pfsense-utils.inc");
global $git_root_url, $patch_suffix, $patch_dir, $patch_cmd;
$git_root_url = "https://github.com/pfsense/pfsense/commit/";
@@ -88,8 +89,20 @@ function patch_test_revert($patch, $fulldetail=false) {
/* Fetch a patch from a URL or github */
function patch_fetch(& $patch) {
+ global $g;
$url = patch_fixup_url($patch['location']);
- $text = @file_get_contents($url);
+ $temp_filename = tempnam("{$g['tmp_path']}/", "system_patches");
+ /*
+ * Backwards compatibility with older 2.1.x pfSense versions
+ * that did not contain download_file() function in pfsense-utils.inc
+ */
+ if (!function_exists("download_file")) {
+ download_file_with_progress_bar($url, $temp_filename);
+ } else {
+ download_file($url, $temp_filename);
+ }
+ $text = @file_get_contents($temp_filename);
+ unlink($temp_filename);
if (empty($text)) {
return false;
} else {