diff options
Diffstat (limited to 'config')
33 files changed, 2747 insertions, 133 deletions
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml new file mode 100644 index 00000000..f81be0e3 --- /dev/null +++ b/config/dansguardian/dansguardian.xml @@ -0,0 +1,211 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + pfblocker.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardian</name> + <version>1.0</version> + <title>Services: Sansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <menu> + <name>dansguardian</name> + <tooltiptext>Configure dansguardian</tooltiptext> + <section>Firewall</section> + <url>pkg_edit.php?xml=dansguardian.xml</url> + </menu> + <additional_files_needed> + <item>http:/www.pfsense.org/packages/config/pf-blocker/dansguardian.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/pf-blocker/dansguardian.widget.php</item> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_lists.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + <active/> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Listening Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable dansguardian</fielddescr> + <fieldname>enable_cb</fieldname> + <type>checkbox</type> + <description></description> + </field> + <field> + <fielddescr>Listen Interface(s)</fielddescr> + <fieldname>inbound_interface</fieldname> + <description><![CDATA[Default: <strong>WAN</strong><br>Select interface(s) that you want to block incoming traffic.]]></description> + <type>interfaces_selection</type> + <required/> + <multiple/> + </field> + <field> + <fielddescr>Listen port</fielddescr> + <fieldname>filterports</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>8080</strong><br>The port(s) that DansGuardian listens to.]]></description> + </field> + <field> + <fielddescr>Daemon Options</fielddescr> + <fieldname>daemon_options</fieldname> + <description><![CDATA[Daemon Options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>nodaemon (off)</name><value>nodaemon</value></option> + <option><name>softrestart (on)</name><value>softrestart</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <fielddescr>Min/Max Children</fielddescr> + <fieldname>children</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>8/120</strong><br> + Sets the minimun and maximum number of processes to spawn to handle the incoming connections.<br> + Max value usually 250 depending on OS.<br> + On large sites you might want to try 32/180.]]></description> + </field> + <field> + <fielddescr>Min/Max Spare Children</fielddescr> + <fieldname>minsparechildren</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>4/32</strong><br> + Sets the minimum and maximun number of processes to be kept ready to handle connections.<br> + On large sites you might want to try 8/64.]]></description> + </field> + <field> + <fielddescr>Max Age Children</fielddescr> + <fieldname>maxagechildren</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>500</strong><br> + Sets the maximum age of a child process before it croaks it.<br> + This is the number of connections they handle before exiting.<br> + On large sites you might want to try 10000.]]></description> + </field> + <field> + <fielddescr>Max Ips</fielddescr> + <fieldname>maxips</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Default: <strong>0</strong><br> + Sets the maximum number client IP addresses allowed to connect at once.<br> + Use this to set a hard limit on the number of users allowed to concurrently<br> + browse the web. Set to 0 for no limit, and to disable the IP cache process.]]></description> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml new file mode 100644 index 00000000..41e3c335 --- /dev/null +++ b/config/dansguardian/dansguardian_config.xml @@ -0,0 +1,228 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_config.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianconfig</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Config Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Url cache number</fielddescr> + <fieldname>urlcachenumber</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Positive (clean) result caching for URLs Caches good pages so they don't need to be scanned again.It also works with AV plugins.<br> + 0 = off (recommended for ISPs with users with disimilar browsing)<br> + <strong>1000 = recommended for most user</strong><br> + 5000 = suggested max upper limit<br> + If you're using an AV plugin then use at least 5000.]]></description> + </field> + <field> + <fielddescr>Url cache age</fielddescr> + <fieldname>urlcacheage</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[Age before cache are stale and should be ignored in seconds<br> + <strong>900 = 15 mins(recommended)</strong><br> + 0 = never]]></description> + </field> + <field> + <fielddescr>Scan Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Scan options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> + <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> + <option><name>Force quick search (off)</name><value>forcequicksearch</value></option> + <option><name>Reverse address lookups (off)</name><value>reverseaddresslookups</value></option> + <option><name>Reverse client ip lookups (off)</name><value>reverseclientiplookups</value></option> + <option><name>Log client hostnames (off)</name><value>logclienthostnames</value></option> + <option><name>Create list cache files (on)</name><value>createlistcachefiles</value></option> + <option><name>Prefer cached lists (off)</name><value>prefercachedlists</value></option> + <option><name>deletedownloadedtempfiles (on)</name><value>deletedownloadedtempfiles</value></option> + </options> + <multiple/> + <size>10</size> + </field> + <field> + <fielddescr>Weighted phrase mode</fielddescr> + <fieldname>weightedphrasemode</fieldname> + <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, + including banned & exception phrases (not just weighted), search term filtering, and scanning for links to banned URLs.]]></description> + <type>select</type> + <options> + <option><name>Singular = each weighted phrase found only counts once on a page. (default)</name><value>2</value></option> + <option><name>Normal = normal weighted phrase operation.</name><value>1</value></option> + <option><name>Off = do not use the weighted phrase feature.</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Phrase filter mode</fielddescr> + <fieldname>phrasefiltermode</fieldname> + <description><![CDATA[Smart, Raw and Meta/Title phrase content filtering options<br> + Smart is where the multiple spaces and HTML are removed before phrase filtering<br> + Raw is where the raw HTML including meta tags are phrase filtered<br> + Meta/Title is where only meta and title tags are phrase filtered (v. quick)<br> + CPU usage can be effectively halved by using setting 0 or 1 compared to 2]]></description> + <type>select</type> + <options> + <option><name>use both (default)</name><value>2</value></option> + <option><name>meta/title</name><value>3</value></option> + <option><name>smart only</name><value>1</value></option> + <option><name>raw only</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Lower casing options</fielddescr> + <fieldname>preservecase</fieldname> + <description><![CDATA[When a document is scanned the uppercase letters are converted to lower case in order to compare them with the phrases.<br> + However this can break Big5 and other 16-bit texts. If needed preserve the case.]]></description> + <type>select</type> + <options> + <option><name>Force lower case (default)</name><value>0</value></option> + <option><name>Do not change case</name><value>1</value></option> + <option><name>Scan first in lower case, then in original case</name><value>2</value></option> + </options> + </field> + <field> + <name>Content Scanner</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Content Scanners</fielddescr> + <fieldname>content_scanners</fieldname> + <description><![CDATA[Content Scanners options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>clamdscan (on)</name><value>icapscan</value></option> + <option><name>icapscan (on)</name><value>icapscan</value></option> + </options> + <multiple/> + <size>3</size> + </field> + <field> + <fielddescr>Content scanner timeout</fielddescr> + <fieldname>contentscannertimeout</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 60</strong><br> + Some of the content scanners support using a timeout value to stop processing (eg AV scanning) the file if it takes too long.<br> + If supported this will be used.<br> + The default of 60 seconds is probably reasonable.]]></description> + </field> + <field> + <fielddescr>Content scan exceptions</fielddescr> + <fieldname>contentscanexceptions</fieldname> + <type>checkbox</type> + <description><![CDATA[If 'on' exception sites, urls, users etc will be scanned.<br> + This is probably not desirable behavour as exceptions are supposed to be trusted and will increase load.<br> + Correct use of grey lists are a better idea.]]></description> + </field> + <field> + <name>Misc settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Misc Options</fielddescr> + <fieldname>misc_options</fieldname> + <description><![CDATA[Misc options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>recheckreplacedurls (off)</name><value>recheckreplacedurls</value></option> + <option><name>forwardedfor (off)</name><value>forwardedfor</value></option> + <option><name>usexforwardedfor (off)</name><value>usexforwardedfor</value></option> + </options> + <multiple/> + <size>4</size> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_filters.xml b/config/dansguardian/dansguardian_filters.xml new file mode 100755 index 00000000..42f1c0ae --- /dev/null +++ b/config/dansguardian/dansguardian_filters.xml @@ -0,0 +1,241 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + pfblocker_lists.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2011 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>pfblockerlists</name> + <version>1.0</version> + <title>Firewall: pfBlocker</title> + <include_file>/usr/local/pkg/pfblocker.inc</include_file> + <menu> + <name>pfBlocker </name> + <tooltiptext></tooltiptext> + <section>Firewall</section> + <configfile>pfblocker_lists.xml</configfile> + </menu> +<tabs> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=pfblocker.xml&id=0</url> + </tab> + <tab> + <text>Lists</text> + <url>/pkg.php?xml=pfblocker_lists.xml</url> + <active/> + </tab> + + <tab> + <text>Top Spammers</text> + <url>/pkg_edit.php?xml=pfblocker_topspammers.xml&id=0</url> + </tab> + + <tab> + <text>Africa</text> + <url>/pkg_edit.php?xml=pfblocker_Africa.xml&id=0</url> + + </tab> + <tab> + <text>Asia</text> + <url>/pkg_edit.php?xml=pfblocker_Asia.xml&id=0</url> + + </tab> + <tab> + <text>Europe</text> + <url>/pkg_edit.php?xml=pfblocker_Europe.xml&id=0</url> + </tab> + <tab> + <text>North America</text> + <url>/pkg_edit.php?xml=pfblocker_NorthAmerica.xml&id=0</url> + </tab> + <tab> + <text>Oceania</text> + <url>/pkg_edit.php?xml=pfblocker_Oceania.xml&id=0</url> + </tab> + <tab> + <text>South America</text> + <url>/pkg_edit.php?xml=pfblocker_SouthAmerica.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=pfblocker_sync.xml&id=0</url> + </tab> +</tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Alias</fielddescr> + <fieldname>aliasname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Network ranges / CIDR lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Alias Name</fielddescr> + <fieldname>aliasname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br> + Example: Badguys<br> + Do not include pfBlocker name, it's done by package.<br> + <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <fielddescr><![CDATA[Lists]]></fielddescr> + <fieldname>none</fieldname> + <description><![CDATA['Format' - Choose the file format that url will retrieve or local file format.<br> + 'Url or local file' - Add direct link to list (Example: <a target=_new href='http://list.iblocklist.com/?list=bt_ads&fileformat=p2p&archiveformat=gz'>Ads</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz'>Spyware</a>, + <a target=_new href='http://list.iblocklist.com/?list=bt_proxy&fileformat=p2p&archiveformat=gz'>Proxies</a> )<br> + <br><strong>Note: </strong><br> + Compressed lists must be in gz format.<br> + Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:<br> + Network ranges: <strong>172.16.1.0-172.16.1.255</strong><br> + IP Address: <strong>172.16.1.10</strong><br> + CIDR: <strong>172.16.1.0/24</strong> + ]]></description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>Format</fielddescr> + <fieldname>format</fieldname> + <type>select</type> + <options> + <option><name>gz</name><value>gz</value></option> + <option><name>txt</name><value>txt</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Url or localfile</fielddescr> + <fieldname>url</fieldname> + <type>input</type> + <size>75</size> + </rowhelperfield> + </rowhelper> + </field> + <field> + <fielddescr>List Action</fielddescr> + <description><![CDATA[Default:<strong>Deny Inbound</strong><br> + Select action for network on lists you have selected.<br><br> + <strong>Note: </strong><br>'Deny Both' - Will deny access on Both directions.<br> + 'Deny Inbound' - Will deny access from selected lists to your network.<br> + 'Deny Outbound' - Will deny access from your users to ip lists you selected to block.<br> + 'Permit Inbound' - Will allow access from selected lists to your network.<br> + 'Permit Outbound' - Will allow access from your users to ip lists you selected to block.<br> + 'Disabled' - Will just keep selection and do nothing to selected Lists.<br> + 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.<br><br> + <strong>While creating rules with this list, keep aliasname in the beggining of rule description and do not end description with 'rule'.<br></strong> + custom rules with 'Aliasname something rule' description will be removed by package.]]></description> + <fieldname>action</fieldname> + <type>select</type> + <options> + <option><name>Deny Inbound</name><value>Deny_Inbound</value></option> + <option><name>Deny Outbound</name><value>Deny_Outbound</value></option> + <option><name>Deny Both</name><value>Deny_Both</value></option> + <option><name>Permit Inbound</name><value>Permit_Inbound</value></option> + <option><name>Permit Outbound</name><value>Permit_Outbound</value></option> + <option><name>Alias only</name><value>Alias_only</value></option> + <option><name>Disabled</name><value>Disabled</value></option> + </options> + </field> + <field> + <fielddescr>Update frequency</fielddescr> + <fieldname>cron</fieldname> + <description><![CDATA[Default:<strong>Never</strong><br> + Select how often pfsense will download List files]]></description> + <type>select</type> + <options> + <option><name>Never</name><value>Never</value></option> + <option><name>Every Hour</name><value>01hour</value></option> + <option><name>Every 4 Hours</name><value>04hours</value></option> + <option><name>Every 12 Hours</name><value>12hours</value></option> + <option><name>Once a day</name><value>EveryDay</value></option> + </options> + </field> + <field> + <name>Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>CIDR</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + pfblocker_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblocker_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblocker_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_pfblocker(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml new file mode 100644 index 00000000..ecc3c020 --- /dev/null +++ b/config/dansguardian/dansguardian_limits.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_config.xml + part of the dansguardian for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlimits</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + <active/> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Limits</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Max upload size</fielddescr> + <fieldname>maxuploadsize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kibibytes after MIME encoding and header bumph<br> + use 0 for a complete block<br> + use higher (e.g. 512 = 512Kbytes) for limiting<br> + use -1 for no blocking(default)]]></description> + </field> + <field> + <fielddescr>Max content filter size</fielddescr> + <fieldname>maxcontentfiltersize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 256</strong><br>Sometimes web servers label binary files as text which can be very large which causes a huge drain on memory and cpu resources.<br> + To counter this, you can limit the size of the document to be filtered and get it to just pass it straight through.<br> + This setting also applies to content regular expression modification.<br> + The value must not be higher than maxcontentramcachescansize<br> + The size is in Kibibytes - eg 2048 = 2Mb<br> + use 0 to set it to maxcontentramcachescansize]]></description> + </field> + <field> + <fielddescr>Max content ram cache scan size</fielddescr> + <fieldname>maxcontentramcachescansize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 2000</strong><br> + This is only used if you use a content scanner plugin such as AV. This is the max size of file that DG will download and cache in RAM.<br> + After this limit is reached it will cache to disk. This value must be less than or equal to maxcontentfilecachescansize.<br> + The size is in Kibibytes - eg 10240 = 10Mb<br> + use 0 to set it to maxcontentfilecachescansize<br> + This option may be ignored by the configured download manager.]]></description> + </field> + <field> + <fielddescr>Max content file cache scan size</fielddescr> + <fieldname>maxcontentfilecachescansize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 2000</strong><br> + This is only used if you use a content scanner plugin such as AV. This is the max size file that DG will download so that it can be scanned or virus checked.<br> + This value must be greater or equal to maxcontentramcachescansize.<br> + The size is in Kibibytes - eg 10240 = 10Mb]]></description> + </field> + <field> + <fielddescr>Initial Trickle delay</fielddescr> + <fieldname>initialtrickledelay</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 20</strong><br> + This is the number of seconds a browser connection is left waiting before first being sent *something* to keep it alive.<br> + Do not choose a value too low or normal web pages will be affected. A value between 20 and 110 would be sensible<br> + This may be ignored by the configured download manager.]]></description> + </field> + <field> + <fielddescr>Trickle delay</fielddescr> + <fieldname>trickledelay</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[<strong>Default is 20</strong><br> + This is the number of seconds a browser connection is left waiting before being sent more *something* to keep it alive.<br> + This may be ignored by the configured download manager.]]></description> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_lists.xml b/config/dansguardian/dansguardian_lists.xml new file mode 100755 index 00000000..e78658cd --- /dev/null +++ b/config/dansguardian/dansguardian_lists.xml @@ -0,0 +1,329 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_lists.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlists</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + <active/> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>Group name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Group mode</fielddescr> + <fieldname>mode</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + + <columnitem> + <fielddescr>Action</fielddescr> + <fieldname>action</fieldname> + </columnitem> + <columnitem> + <fielddescr>Update Frequency</fielddescr> + <fieldname>cron</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Description</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Filter Group Name</fielddescr> + <fieldname>groupname</fieldname> + <description><![CDATA[Enter lists Alias Names.<br> + Example: Badguys<br> + Do not include pfBlocker name, it's done by package.<br> + <strong>International, special or space caracters will be ignored in pfsense alias name.</strong><br>]]></description> + <type>input</type> + <size>20</size> + </field> + <field> + <fielddescr>Filter Group Mode</fielddescr> + <fieldname>groupmode</fieldname> + <description><![CDATA[ This option determines whether members of this group have their web access unfiltered, filtered, or banned.<br> + This mechanism replaces the "banneduserlist"]]></description> + <type>select</type> + <options> + <option><name>Filtered (default)</name><value>1</value></option> + <option><name>unfiltered (exception)</name><value>2</value></option> + <option><name>banned</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>List Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>90</size> + </field> + <field> + <name>Values</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reporting Level</fielddescr> + <fieldname>report_level</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)<br> + If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> + <type>select</type> + <options> + <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Report fully</name><value>2</value></option> + <option><name>Report why but not what denied phrase</name><value>1</value></option> + <option><name>Just say 'Access Denied'</name><value>0</value></option> + <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> + </options> + </field> + <field> + <fielddescr>Weighted phrase mode</fielddescr> + <fieldname>weightedphrasemode</fieldname> + <description><![CDATA[Optional; overrides the weightedphrasemode option in dansguardian.conf for this particular group.<br> + See documentation for supported values in that file.]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Naughtiness limite</fielddescr> + <fieldname>naughtynesslimit</fieldname> + <description><![CDATA[This the limit over which the page will be blocked. Each weighted phrase is given a value either positive or negative and the values added up.<br> + Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br> + See the weightedphraselist file for examples.<br> + As a guide:<br> + <strong>50 is for young children, 100 for old children, 160 for young adults.</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Search term limit</fielddescr> + <fieldname>searchtermlimit</fieldname> + <description><![CDATA[<strong>Default 30</strong><br>The limit over which requests will be blocked for containing search terms which match the weightedphraselist.<br> + This should usually be lower than the 'naughtynesslimit' value above, because the amount of text being filtered is only a few words, rather than a whole page.<br> + A value of 0 here indicates that search terms should be extracted, for logging/reporting purposes, but no filtering should be performed on the resulting text.]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Category display threshold</fielddescr> + <fieldname>categorydisplaythreshold</fieldname> + <description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br> + Defines the minimum score that must be accumulated within a particular category in order for it to show up on the block pages' category list.<br> + All categories under which the page scores positively will be logged; those that were not displayed to the user appear in brackets.<br> + -1 = display only the highest scoring category<br> + <strong>0 = display all categories (default)</strong><br> + > 0 = minimum score for a category to be displayed]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Embedded URL weighting</fielddescr> + <fieldname>embeddedurlweight</fieldname> + <description><![CDATA[ When set to something greater than zero, this option causes URLs embedded within a page's HTML (from links, image tags, etc.) to be extracted and checked against the bannedsitelist and bannedurllist.<br> + Each link to a banned page causes the amount set here to be added to the page's weighting.<br> + The behaviour of this option with regards to multiple occurrences of a site/URL is affected by the weightedphrasemode setting.<br><br> + <strong>Set to 0 to disable(default)</strong>. + WARNING: This option is highly CPU intensive!]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Temporary Denied Page Bypass</fielddescr> + <fieldname>bypass</fieldname> + <description><![CDATA[This provides a link on the denied page to bypass the ban for a few minutes. To be secure it uses a random hashed secret generated at daemon startup.<br> + You define the number of seconds the bypass will function for before the deny will appear again.<br> + To allow the link on the denied page to appear you will need to edit the template.html or dansguardian.pl file for your language.<br> + 300 = enable for 5 minutes<br> + <strong>0 = disable ( defaults to 0 )</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <fielddescr>Infection/Scan Error Bypass</fielddescr> + <fieldname>infectionbypass</fieldname> + <description><![CDATA[Similar to the 'bypass' setting, but specifically for bypassing files scanned and found to be infected, or files that trigger scanner errors - for example, archive types with recognised but unsupported compression schemes, or corrupt archives.<br> + The option specifies the number of seconds for which the bypass link will be valid.<br> + 300 = enable for 5 minutes<br> + <strong>0 = disable ( defaults to 0 )</strong>]]></description> + <type>input</type> + <size>10</size> + </field> + <field> + <name>Lists</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Group Options</fielddescr> + <fieldname>group_options</fieldname> + <description><![CDATA[Select options to apply on this group. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Scan clean cache (on)</name><value>scancleancache</value></option> + <option><name>Hex decode content (off)</name><value>hexdecodecontent</value></option> + <option><name>Block Download not in Exception Lists (off)</name><value>blockdownloads</value></option> + <option><name>Enable PICS rating support (off)</name><value>enablepics</value></option> + <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> + <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> + <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> + <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option> + <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> + </options> + <multiple/> + <size>10</size> + </field> + <field> + <fielddescr>Content filtering</fielddescr> + <fieldname>group_options</fieldname> + <description><![CDATA[Select List you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Banned Phrase List</name><value>bannedphraselist</value></option> + <option><name>Weighted Phrase List</name><value>weightedphraselist</value></option> + <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> + <option><name>Banned Site List</name><value>bannedsitelist</value></option> + <option><name>Grey Site List</name><value>greysitelist</value></option> + <option><name>Exception Site List</name><value>exceptionsitelist</value></option> + <option><name>Grey Url List</name><value>greyurllist</value></option> + <option><name>Exception Url List</name><value>exceptionurllist</value></option> + <option><name>Exception Regexp Url List</name><value>exceptionregexpurllist</value></option> + <option><name>Banned Regexp Url List</name><value>bannedregexpurllist</value></option> + <option><name>Content Regexp List</name><value>contentregexplist</value></option> + <option><name>Pics File</name><value>picsfile</value></option> + <option><name>Url Regexp List</name><value>urlregexplist</value></option> + </options> + <multiple/> + <size>14</size> + </field> + <field> + <fielddescr>File type filtering</fielddescr> + <fieldname>file_options</fieldname> + <description><![CDATA[Select List you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Exception Extension List</name><value>exceptionextensionlist</value></option> + <option><name>Exception Mime Type List</name><value>exceptionmimetypelist</value></option> + <option><name>Exception Phrase List</name><value>exceptionphraselist</value></option> + <option><name>Banned Extension List</name><value>bannedextensionlist</value></option> + <option><name>Banned Mime Type List</name><value>bannedmimetypelist</value></option> + <option><name>Exception File Site ist</name><value>exceptionfileurllist</value></option> + </options> + <multiple/> + <size>7</size> + </field> + <field> + <fielddescr>search engine filtering</fielddescr> + <fieldname>file_options</fieldname> + <description><![CDATA[Select search engine filtering you want to apply on this group.]]></description> + <type>select</type> + <options> + <option><name>Search Engine Regexp List</name><value>searchengineregexplist</value></option> + <option><name>Banned Search Termlist</name><value>exceptionmimetypelist</value></option> + <option><name>Weightd Search Term List</name><value>weightedsearchtermlist</value></option> + <option><name>Exception Search Term List</name><value>exceptionsearchtermlist</value></option> + </options> + <multiple/> + <size>5</size> + </field> + <field> + <name>Custom list</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>CIDR</fielddescr> + <fieldname>custom</fieldname> + <description><![CDATA[Enter networks you want to include in this alias. One network per line in CIDR format.<br> + Example: 192.168.1.0/24]]></description> + <type>textarea</type> + <cols>50</cols> + <rows>10</rows> + <encoding>base64</encoding> + </field> + </fields> + <custom_php_install_command> + pfblocker_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + pfblocker_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + pfblocker_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_pfblocker(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml new file mode 100644 index 00000000..885aebf8 --- /dev/null +++ b/config/dansguardian/dansguardian_log.xml @@ -0,0 +1,215 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_log.xml + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianlimits</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + <active/> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Reporting</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Reporting Level</fielddescr> + <fieldname>report_level</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)]]></description> + <type>select</type> + <options> + <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Report fully</name><value>2</value></option> + <option><name>Report why but not what denied phrase</name><value>1</value></option> + <option><name>Just say 'Access Denied'</name><value>0</value></option> + <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> + </options> + </field> + <field> + <fielddescr>Report Language</fielddescr> + <fieldname>report_language</fieldname> + <description><![CDATA[Language to use in HTML reports]]></description> + <type>select</type> + <options> + <option><name>ukenglish</name><value>ukenglish</value></option> + <option><name>arspanish</name><value>arspanish</value></option> + <option><name>bulgarian</name><value>bulgarian</value></option> + <option><name>chinesebig5</name><value>chinesebig5</value></option> + <option><name>chinesegb2312</name><value>chinesegb2312</value></option> + <option><name>czech</name><value>czech</value></option> + <option><name>danish</name><value>danish</value></option> + <option><name>dutch</name><value>dutch</value></option> + <option><name>french</name><value>french</value></option> + <option><name>german</name><value>german</value></option> + <option><name>hebrew</name><value>hebrew</value></option> + <option><name>hungarian</name><value>hungarian</value></option> + <option><name>indonesian</name><value>indonesian</value></option> + <option><name>italian</name><value>italian</value></option> + <option><name>japanese</name><value>japanese</value></option> + <option><name>lithuanian</name><value>lithuanian</value></option> + <option><name>malay</name><value>malay</value></option> + <option><name>mxspanish</name><value>mxspanish</value></option> + <option><name>polish</name><value>polish</value></option> + <option><name>portuguese</name><value>portuguese</value></option> + <option><name>ptbrazilian</name><value>ptbrazilian</value></option> + <option><name>russian-1251</name><value>russian-1251</value></option> + <option><name>russian-koi8-r</name><value>russian-koi8-r</value></option> + <option><name>slovak</name><value>slovak</value></option> + <option><name>spanish</name><value>spanish</value></option> + <option><name>swedish</name><value>swedish</value></option> + <option><name>turkish</name><value>turkish</value></option> + </options> + </field> + <field> + <fielddescr>Reporting Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Reporting options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>Show weighted found (on)</name><value>showweightedfound</value></option> + <option><name>Use custom banned flash (on)</name><value>usecustombannedflash</value></option> + <option><name>Use custom banned image (on)</name><value>usecustombannedimage</value></option> + <option><name>Non standard delimiter (on)</name><value>nonstandarddelimiter</value></option> + </options> + <multiple/> + <size>5</size> + </field> + <field> + <name>Logging</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Logging Options</fielddescr> + <fieldname>report_options</fieldname> + <description><![CDATA[Logging options. Default values are in ( )]]></description> + <type>select</type> + <options> + <option><name>logchildprocesshandling (off)</name><value>logchildprocesshandling</value></option> + <option><name>logconnectionhandlingerrors (on)</name><value>logconnectionhandlingerrors</value></option> + <option><name>nologger (off)</name><value>nologger</value></option> + <option><name>logadblocks (off)</name><value>logadblocks</value></option> + <option><name>Anonymize logs (off)</name><value>anonymizelogs</value></option> + </options> + <multiple/> + <size>6</size> + </field> + <field> + <fielddescr>Log Level</fielddescr> + <fieldname>loglevel</fieldname> + <description><![CDATA[Web Access Denied Reporting (does not affect logging)]]></description> + <type>select</type> + <options> + <option><name>All text based (default)</name><value>2</value></option> + <option><name>All requests</name><value>3</value></option> + <option><name>Just denied</name><value>1</value></option> + <option><name>None</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Log Exception Hints</fielddescr> + <fieldname>logexceptionhits</fieldname> + <description><![CDATA[ Log if an exception (user, ip, URL, phrase) is matched and so the page gets let through.<br> + Can be useful for diagnosing why a site gets through the filter.]]></description> + <type>select</type> + <options> + <option><name>always log and mark exceptions (default)</name><value>2</value></option> + <option><name>log exceptions, but do not explicitly mark them as such</name><value>1</value></option> + <option><name>never log exceptions</name><value>0</value></option> + </options> + </field> + <field> + <fielddescr>Log File Format</fielddescr> + <fieldname>logfileformat</fieldname> + <description><![CDATA[ Log File Format.]]></description> + <type>select</type> + <options> + <option><name>DansGuardian format -space delimited (default)</name><value>1</value></option> + <option><name>CSV-style format</name><value>2</value></option> + <option><name>Squid Log File Format</name><value>3</value></option> + <option><name>Tab delimited</name><value>4</value></option> + </options> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml new file mode 100755 index 00000000..9fb69102 --- /dev/null +++ b/config/dansguardian/dansguardian_sync.xml @@ -0,0 +1,124 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_sync.xml + part of the Dansguardian package for pfSense + Copyright (C) 2012 Marcello Coutinho + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardiansync</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> +<tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Filter Groups</text> + <url>/pkg.php?xml=dansguardian_lists.xml</url> + </tab> + <tab> + <text>Report and Log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + <active/> + </tab> + <tab> + <text>About</text> + <url>/pkg_edit.php?xml=dansguardian.php&id=0</url> + </tab> +</tabs> + <fields> + <field> + <name>Dansguardian XMLRPC Sync</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Automatically sync mailscanner configuration changes</fielddescr> + <fieldname>synconchanges</fieldname> + <description>pfSense will automatically sync changes to the hosts defined below.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Remote Server</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_install_command> + mailscanner_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + mailscanner_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + mailscanner_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_mailscanner(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 816eb984..6c64a615 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -82,7 +82,7 @@ function freeradius_install_command() { conf_mount_rw(); write_rcfile($rcfile); conf_mount_ro(); - restart_service("freeradius"); + start_service("radiusd"); } function freeradius_settings_resync() { @@ -249,7 +249,7 @@ checkrad = \${sbindir}/checkrad security { max_attributes = $varsettingsmaxattributes reject_delay = $varsettingsrejectdelay - status_server = yes + status_server = no } ### disbale proxy module. In most environments we do not need to proxy requests to another RADIUS PROXY server @@ -305,7 +305,7 @@ EOD; freeradius_modulescounter_resync(); freeradius_modulesmschap_resync(); freeradius_modulesrealm_resync(); - restart_service("freeradius"); + restart_service("radiusd"); } function freeradius_users_resync() { @@ -485,7 +485,7 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - restart_service("freeradius"); + restart_service("radiusd"); } @@ -793,6 +793,26 @@ function freeradius_serverdefault_resync() { global $config; $conf = ''; + + // Get Variables from freeradiusmodulesldap.xml + $arrmodulesldap = $config['installedpackages']['freeradiusmodulesldap']['config'][0]; + + // If unchecked then disable authorize + if (!$arrmodulesldap['varmodulesldapenableauthorize']) { + $varmodulesldapenableauthorize = '### ldap ###'; + } + else { + $varmodulesldapenableauthorize = 'ldap'; + } + + // If unchecked then disable authenticate + if (!$arrmodulesldap['varmodulesldapenableauthenticate']) { + $varmodulesldapenableauthenticate = "#Auth-Type LDAP {" . "\n\t\t\t#ldap" . "\n\t#}"; + } + else { + $varmodulesldapenableauthenticate = "Auth-Type LDAP {" . "\n\t\t\tldap" . "\n\t}"; + } + // Get Variables from freeradiussqlconf.xml $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0]; $varsqlconfenableauthorize = ($sqlconf['varsqlconfenableauthorize']?$sqlconf['varsqlconfenableauthorize']:'Disable'); @@ -1022,7 +1042,7 @@ authorize { # # The ldap module will set Auth-Type to LDAP if it has not # already been set -# ldap + $varmodulesldapenableauthorize # # Enforce daily limits on time spent logged in. @@ -1141,9 +1161,7 @@ authenticate { # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. -# Auth-Type LDAP { -# ldap -# } + $varmodulesldapenableauthenticate # # Allow EAP authentication. @@ -2258,4 +2276,288 @@ EOD; } +function freeradius_modulesldap_resync() { + global $config; + $conf = ''; + + $arrmodulesldap = $config['installedpackages']['freeradiusmodulesldap']['config'][0]; + + // Enable and Disable LDAP for "authorize" and "authenticate" will be done in "freeradius_serverdefault_resync" + + + // Variables for General Configuration + $varmodulesldapserver = ($arrmodulesldap['varmodulesldapserver']?$arrmodulesldap['varmodulesldapserver']:'ldap.your.domain'); + $varmodulesldapidentity = ($arrmodulesldap['varmodulesldapidentity']?$arrmodulesldap['varmodulesldapidentity']:'cn=admin,o=My Org,c=UA'); + $varmodulesldappassword = ($arrmodulesldap['varmodulesldappassword']?$arrmodulesldap['varmodulesldappassword']:'mypass'); + $varmodulesldapbasedn = ($arrmodulesldap['varmodulesldapbasedn']?$arrmodulesldap['varmodulesldapbasedn']:'o=My Org,c=UA'); + $varmodulesldapfilter = ($arrmodulesldap['varmodulesldapfilter']?$arrmodulesldap['varmodulesldapfilter']:'(uid=%{%{Stripped-User-Name}:-%{User-Name}})'); + $varmodulesldapbasefilter = ($arrmodulesldap['varmodulesldapbasefilter']?$arrmodulesldap['varmodulesldapbasefilter']:'(objectclass=radiusprofile)'); + $varmodulesldapldapconnectionsnumber = ($arrmodulesldap['varmodulesldapldapconnectionsnumber']?$arrmodulesldap['varmodulesldapldapconnectionsnumber']:'5'); + $varmodulesldaptimeout = ($arrmodulesldap['varmodulesldaptimeout']?$arrmodulesldap['varmodulesldaptimeout']:'4'); + $varmodulesldaptimelimit = ($arrmodulesldap['varmodulesldaptimelimit']?$arrmodulesldap['varmodulesldaptimelimit']:'3'); + $varmodulesldapnettimeout = ($arrmodulesldap['varmodulesldapnettimeout']?$arrmodulesldap['varmodulesldapnettimeout']:'1'); + + // Variables for TLS / Certificates - will be added later + + + // Miscellaneous Configuration + MS Active Directory Compatibility + $varmodulesldapmsadcompatibilityenable = ($arrmodulesldap['varmodulesldapmsadcompatibilityenable']?$arrmodulesldap['varmodulesldapmsadcompatibilityenable']:'Disable'); + if ($arrmodulesldap['varmodulesldapmsadcompatibilityenable'] == 'Disable') { + $varmodulesldapmsadcompatibility = '### MS Active Directory Compatibility is disabled ###'; + } + else { + $varmodulesldapmsadcompatibility = 'chase_referrals = yes' . "\n\trebind = yes"; + } + + // When disabled we put this in the file but commented (#) like in the default installation + if (!$arrmodulesldap['varmodulesldapdmiscenable']) { + $varmodulesldapdefaultprofile = '### default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" ###'; + $varmodulesldapprofileattribute = '### profile_attribute = "radiusProfileDn" ###'; + $varmodulesldapaccessattr = '### access_attr = "dialupAccess" ###'; + } + // When enabled we put in the default values so there is no empty entry if there is not input from GUI + else { + $varmodulesldapdefaultprofile = ($arrmodulesldap['varmodulesldapdefaultprofile']?$arrmodulesldap['varmodulesldapdefaultprofile']:'cn=radprofile,ou=dialup,o=My Org,c=UA'); + $varmodulesldapdefaultprofile = "default_profile = " . '"' . "$varmodulesldapdefaultprofile" . '"'; + $varmodulesldapprofileattribute = ($arrmodulesldap['varmodulesldapprofileattribute']?$arrmodulesldap['varmodulesldapprofileattribute']:'radiusProfileDn'); + $varmodulesldapprofileattribute = "profile_attribute = " . '"' . "$varmodulesldapprofileattribute" . '"'; + $varmodulesldapaccessattr = ($arrmodulesldap['varmodulesldapaccessattr']?$arrmodulesldap['varmodulesldapaccessattr']:'dialupAccess'); + $varmodulesldapaccessattr = "access_attr = " . '"' . "$varmodulesldapaccessattr" . '"'; + } + + // Group membership checking + // When disabled we put this in the file but commented (#) like in the default installation + if (!$arrmodulesldap['varmodulesldapgroupenable']) { + $varmodulesldapgroupnameattribute = '### groupname_attribute = cn ###'; + $varmodulesldapgroupmembershipfilter = '### groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))" ###'; + $varmodulesldapgroupmembershipattribute = '### groupmembership_attribute = radiusGroupName ###'; + $varmodulesldapcomparecheckitems = '### compare_check_items = yes ###'; + $varmodulesldapdoxlat = '### do_xlat = yes ###'; + $varmodulesldapaccessattrusedforallow = '### access_attr_used_for_allow = yes ###'; + } + + // When enabled we put in the default values so there is no empty entry if there is not input from GUI + else { + $varmodulesldapgroupnameattribute = ($arrmodulesldap['varmodulesldapgroupnameattribute']?$arrmodulesldap['varmodulesldapgroupnameattribute']:'cn'); + $varmodulesldapgroupnameattribute = "groupname_attribute = $varmodulesldapgroupnameattribute"; + $varmodulesldapgroupmembershipfilter = ($arrmodulesldap['varmodulesldapgroupmembershipfilter']?$arrmodulesldap['varmodulesldapgroupmembershipfilter']:'(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))'); + $varmodulesldapgroupmembershipfilter = "groupmembership_filter = " . '"' . "$varmodulesldapgroupmembershipfilter" . '"'; + $varmodulesldapgroupmembershipattribute = ($arrmodulesldap['varmodulesldapgroupmembershipattribute']?$arrmodulesldap['varmodulesldapgroupmembershipattribute']:'radiusGroupName'); + $varmodulesldapgroupmembershipattribute = "groupmembership_attribute = $varmodulesldapgroupmembershipattribute"; + + $varmodulesldapcomparecheckitems = ($arrmodulesldap['varmodulesldapcomparecheckitems']?$arrmodulesldap['varmodulesldapcomparecheckitems']:'yes'); + $varmodulesldapcomparecheckitems = "compare_check_items = $varmodulesldapcomparecheckitems"; + $varmodulesldapdoxlat = ($arrmodulesldap['varmodulesldapdoxlat']?$arrmodulesldap['varmodulesldapdoxlat']:'yes'); + $varmodulesldapdoxlat = "do_xlat = $varmodulesldapdoxlat"; + $varmodulesldapaccessattrusedforallow = ($arrmodulesldap['varmodulesldapaccessattrusedforallow']?$arrmodulesldap['varmodulesldapaccessattrusedforallow']:'yes'); + $varmodulesldapaccessattrusedforallow = "access_attr_used_for_allow = $varmodulesldapaccessattrusedforallow"; + } + + // Keepalive variables + $varmodulesldapkeepaliveidle = ($arrmodulesldap['varmodulesldapkeepaliveidle']?$arrmodulesldap['varmodulesldapkeepaliveidle']:'60'); + $varmodulesldapkeepaliveprobes = ($arrmodulesldap['varmodulesldapkeepaliveprobes']?$arrmodulesldap['varmodulesldapkeepaliveprobes']:'3'); + $varmodulesldapkeepaliveinterval = ($arrmodulesldap['varmodulesldapkeepaliveinterval']?$arrmodulesldap['varmodulesldapkeepaliveinterval']:'3'); + +$conf .= <<<EOD + +# -*- text -*- +# +# $Id$ + +# Lightweight Directory Access Protocol (LDAP) +# +# This module definition allows you to use LDAP for +# authorization and authentication. +# +# See raddb/sites-available/default for reference to the +# ldap module in the authorize and authenticate sections. +# +# However, LDAP can be used for authentication ONLY when the +# Access-Request packet contains a clear-text User-Password +# attribute. LDAP authentication will NOT work for any other +# authentication method. +# +# This means that LDAP servers don't understand EAP. If you +# force "Auth-Type = LDAP", and then send the server a +# request containing EAP authentication, then authentication +# WILL NOT WORK. +# +# The solution is to use the default configuration, which does +# work. +# +# Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We +# really can't emphasize this enough. +# +ldap { + # + # Note that this needs to match the name in the LDAP + # server certificate, if you're using ldaps. + server = "$varmodulesldapserver" + identity = "$varmodulesldapidentity" + password = $varmodulesldappassword + basedn = "$varmodulesldapbasedn" + filter = "$varmodulesldapfilter" + base_filter = "$varmodulesldapbasefilter" + + # How many connections to keep open to the LDAP server. + # This saves time over opening a new LDAP socket for + # every authentication request. + ldap_connections_number = $varmodulesldapldapconnectionsnumber + + # seconds to wait for LDAP query to finish. default: 20 + timeout = $varmodulesldaptimeout + + # seconds LDAP server has to process the query (server-side + # time limit). default: 20 + # + # LDAP_OPT_TIMELIMIT is set to this value. + timelimit = $varmodulesldaptimelimit + + # + # seconds to wait for response of the server. (network + # failures) default: 10 + # + # LDAP_OPT_NETWORK_TIMEOUT is set to this value. + net_timeout = $varmodulesldapnettimeout + + # + # This subsection configures the tls related items + # that control how FreeRADIUS connects to an LDAP + # server. It contains all of the "tls_*" configuration + # entries used in older versions of FreeRADIUS. Those + # configuration entries can still be used, but we recommend + # using these. + # + tls { + # Set this to 'yes' to use TLS encrypted connections + # to the LDAP database by using the StartTLS extended + # operation. + # + # The StartTLS operation is supposed to be + # used with normal ldap connections instead of + # using ldaps (port 689) connections + start_tls = no + + # cacertfile = /path/to/cacert.pem + # cacertdir = /path/to/ca/dir/ + # certfile = /path/to/radius.crt + # keyfile = /path/to/radius.key + # randfile = /path/to/rnd + + # Certificate Verification requirements. Can be: + # "never" (don't even bother trying) + # "allow" (try, but don't fail if the cerificate + # can't be verified) + # "demand" (fail if the certificate doesn't verify.) + # + # The default is "allow" + # require_cert = "demand" + } + + $varmodulesldapdefaultprofile + $varmodulesldapprofileattribute + $varmodulesldapaccessattr + + # Mapping of RADIUS dictionary attributes to LDAP + # directory attributes. + dictionary_mapping = ${confdir}/ldap.attrmap + ################## THE BELOW IS NOT COMPILED WITH FREERADIUS ################################# + # Set password_attribute = nspmPassword to get the + # user's password from a Novell eDirectory + # backend. This will work ONLY IF FreeRADIUS has been + # built with the --with-edir configure option. + # + # See also the following links: + # + # http://www.novell.com/coolsolutions/appnote/16745.html + # https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html + # + # Novell may require TLS encrypted sessions before returning + # the user's password. + # + # password_attribute = userPassword + + # Un-comment the following to disable Novell + # eDirectory account policy check and intruder + # detection. This will work *only if* FreeRADIUS is + # configured to build with --with-edir option. + # + edir_account_policy_check = no + ################## THE ABOVE IS NOT COMPILED WITH FREERADIUS ################################# + # + # Group membership checking. Disabled by default. + # + $varmodulesldapgroupnameattribute + $varmodulesldapgroupmembershipfilter + $varmodulesldapgroupmembershipattribute + + $varmodulesldapcomparecheckitems + $varmodulesldapdoxlat + $varmodulesldapaccessattrusedforallow + + # + # The following two configuration items are for Active Directory + # compatibility. If you see the helpful "operations error" + # being returned to the LDAP module, uncomment the next + # two lines. + # + + $varmodulesldapmsadcompatibility + + # + # By default, if the packet contains a User-Password, + # and no other module is configured to handle the + # authentication, the LDAP module sets itself to do + # LDAP bind for authentication. + # + # THIS WILL ONLY WORK FOR PAP AUTHENTICATION. + # + # THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP). + # + # You can disable this behavior by setting the following + # configuration entry to "no". + # + # allowed values: {no, yes} + # set_auth_type = yes + + # ldap_debug: debug flag for LDAP SDK + # (see OpenLDAP documentation). Set this to enable + # huge amounts of LDAP debugging on the screen. + # You should only use this if you are an LDAP expert. + # + # default: 0x0000 (no debugging messages) + # Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS) + #ldap_debug = 0x0028 + + # + # Keepalive configuration. This MAY NOT be supported by your + # LDAP library. If these configuration entries appear in the + # output of "radiusd -X", then they are supported. Otherwise, + # they are unsupported, and changing them will do nothing. + # + keepalive { + # LDAP_OPT_X_KEEPALIVE_IDLE + idle = $varmodulesldapkeepaliveidle + + # LDAP_OPT_X_KEEPALIVE_PROBES + probes = $varmodulesldapkeepaliveprobes + + # LDAP_OPT_X_KEEPALIVE_INTERVAL + interval = $varmodulesldapkeepaliveinterval + } +} +EOD; + + $filename = RADDB . '/modules/ldap'; + conf_mount_rw(); + file_put_contents($filename, $conf); + chmod($filename, 0600); + conf_mount_ro(); + + // We need to rebuild "freeradius_serverdefault_resync" before restart service + // "freeradius_serverdefault_resync" needs to restart other dependencies so we are pointing directly to "freeradius_settings_resync()" + freeradius_settings_resync(); + +} + ?>
\ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index bcff9b17..f2cd3dcf 100755..100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -65,7 +65,7 @@ <tab> <text>Users</text> <url>/pkg.php?xml=freeradius.xml</url> - <active/> + <active/> </tab> <tab> <text>NAS / Clients</text> @@ -90,7 +90,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> @@ -101,6 +105,11 @@ </tab> </tabs> <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item> @@ -143,7 +152,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item> + <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item> </additional_files_needed> <adddeleteeditpagefields> <columnitem> diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index 14e37455..218a9abb 100755..100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -42,6 +42,7 @@ function get_file($file){ $files['server']="/usr/local/etc/raddb/certs/server.cnf"; $files['client']="/usr/local/etc/raddb/certs/client.cnf"; $files['index']="/usr/local/etc/raddb/certs/index.txt"; + $files['ldap']="/usr/local/etc/raddb/modules/ldap"; if ($files[$file]!="" && file_exists($files[$file])){ @@ -86,6 +87,7 @@ else{ $tab_array[] = array(gettext("EAP"), false, "/pkg_edit.php?xml=freeradiuseapconf.xml&id=0"); $tab_array[] = array(gettext("SQL"), false, "/pkg_edit.php?xml=freeradiussqlconf.xml&id=0"); $tab_array[] = array(gettext("Certificates"), false, "/pkg_edit.php?xml=freeradiuscerts.xml&id=0"); + $tab_array[] = array(gettext("LDAP"), false, "/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0"); $tab_array[] = array(gettext("View config"), true, "/freeradius_view_config.php"); $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=freeradiussync.xml&id=0"); display_top_tabs($tab_array); @@ -112,6 +114,7 @@ else{ <input type="button" onClick="get_freeradius_file('server');" id='btn_server' value="server.cnf"> <input type="button" onClick="get_freeradius_file('client');" id='btn_client' value="client.cnf"> <input type="button" onClick="get_freeradius_file('index');" id='btn_index' value="index.txt"> + <input type="button" onClick="get_freeradius_file('ldap');" id='btn_ldap' value="ldap"> </td> </tr> <tr> @@ -152,6 +155,7 @@ else{ $('btn_server').value="server.cnf"; $('btn_client').value="client.cnf"; $('btn_index').value="index.txt"; + $('btn_ldap').value="ldap"; scroll(0,0); } </script> diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index 34ab5a03..1393dea8 100755..100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -78,7 +78,11 @@ <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> <active/> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 8e5e6b5b..57ad1b7d 100755..100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -77,7 +77,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> @@ -86,7 +90,7 @@ <text>XMLRPC Sync</text> <url>/pkg_edit.php?xml=freeradiussync.xml&id=0</url> </tab> -</tabs> + </tabs> <adddeleteeditpagefields> <columnitem> <fielddescr>Client IP Address</fielddescr> diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index dd70a959..b319f198 100755..100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -78,7 +78,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index 3819908e..f15e998f 100755..100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -77,7 +77,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml new file mode 100644 index 00000000..317054d2 --- /dev/null +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -0,0 +1,345 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + freeradiusmodulesldap.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de> + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +]]> </copyright> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>freeradiusmodulesldap</name> + <version>none</version> + <title>FreeRADIUS: LDAP</title> + <aftersaveredirect>pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/freeradius.inc</include_file> + <tabs> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + </tab> + <tab> + <text>EAP</text> + <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> + </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> + <tab> + <text>Certificates</text> + <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + <active/> + </tab> + <tab> + <text>View config</text> + <url>/freeradius_view_config.php</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=freeradiussync.xml&id=0</url> + </tab> + </tabs> + <fields> + <field> + <name>ENABLE LDAP SUPPORT</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable LDAP For Authorization</fielddescr> + <fieldname>varmodulesldapenableauthorize</fieldname> + <description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable LDAP For Authentication</fielddescr> + <fieldname>varmodulesldapenableauthenticate</fieldname> + <description><![CDATA[This enables LDAP in authenticate section. Note that this means "check plain-text password against the ldap database", which means that EAP won't work, as it does not supply a plain-text password.]]></description> + <type>checkbox</type> + </field> + <field> + <name>GENERAL CONFIGURATION</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>varmodulesldapserver</fieldname> + <description><![CDATA[No description. (Default: ldap.your.domain )]]></description> + <type>input</type> + <size>80</size> + <default_value>ldap.your.domain</default_value> + </field> + <field> + <fielddescr>Identity</fielddescr> + <fieldname>varmodulesldapidentity</fieldname> + <description><![CDATA[No description. (Default: cn=admin,o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[cn=admin,o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Password</fielddescr> + <fieldname>varmodulesldappassword</fieldname> + <description><![CDATA[No description. (Default: mypass)]]></description> + <type>password</type> + <size>80</size> + <default_value>mypass</default_value> + </field> + <field> + <fielddescr>Basedn</fielddescr> + <fieldname>varmodulesldapbasedn</fieldname> + <description><![CDATA[No description (Default: o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Filter</fielddescr> + <fieldname>varmodulesldapfilter</fieldname> + <description><![CDATA[No description. (Default: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(uid=%{%{Stripped-User-Name}:-%{User-Name}})]]></default_value> + </field> + <field> + <fielddescr>Base Filter</fielddescr> + <fieldname>varmodulesldapbasefilter</fieldname> + <description><![CDATA[No description. (Default: (objectclass=radiusprofile) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(objectclass=radiusprofile)]]></default_value> + </field> + <field> + <fielddescr>LDAP Connections Number</fielddescr> + <fieldname>varmodulesldapldapconnectionsnumber</fieldname> + <description><![CDATA[How many connections to keep open to the LDAP server. This saves time over opening a new LDAP socket for every authentication request. (Default: 5)]]></description> + <type>input</type> + <size>80</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>varmodulesldaptimeout</fieldname> + <description><![CDATA[Seconds to wait for LDAP query to finish. (Default: 4)]]></description> + <type>input</type> + <size>80</size> + <default_value>4</default_value> + </field> + <field> + <fielddescr>Timelimit</fielddescr> + <fieldname>varmodulesldaptimelimit</fieldname> + <description><![CDATA[Seconds the LDAP server has to process the query (server-side time limit). (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> + <field> + <fielddescr>Net Timeout</fielddescr> + <fieldname>varmodulesldapnettimeout</fieldname> + <description><![CDATA[Seconds to wait for response of the server because of network failures. (Default: 1)]]></description> + <type>input</type> + <size>80</size> + <default_value>1</default_value> + </field> + <field> + <name>MISCELLANEOUS CONFIGURATION</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Active Directory Compatibility</fielddescr> + <fieldname>varmodulesldapmsadcompatibilityenable</fieldname> + <description><![CDATA[If you see the helpful "operations error" being returned to the LDAP module enable this. (Default: Disable)]]></description> + <type>select</type> + <default_value>Disable</default_value> + <options> + <option><name>Disable</name><value>Disable</value></option> + <option><name>Enable</name><value>Enable</value></option> + </options> + </field> + <field> + <fielddescr>Enable Misc Configuration</fielddescr> + <fieldname>varmodulesldapdmiscenable</fieldname> + <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>varmodulesldapdefaultprofile,varmodulesldapprofileattribute,varmodulesldapaccessattr</enablefields> + </field> + <field> + <fielddescr>Default Profile</fielddescr> + <fieldname>varmodulesldapdefaultprofile</fieldname> + <description><![CDATA[No description. (Default: cn=radprofile,ou=dialup,o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[cn=radprofile,ou=dialup,o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Profile Attribute</fielddescr> + <fieldname>varmodulesldapprofileattribute</fieldname> + <description><![CDATA[No description. (Default: radiusProfileDn)]]></description> + <type>input</type> + <size>80</size> + <default_value>radiusProfileDn</default_value> + </field> + <field> + <fielddescr>Access Attribute</fielddescr> + <fieldname>varmodulesldapaccessattr</fieldname> + <description><![CDATA[No description. (Default: dialupAccess)]]></description> + <type>input</type> + <size>80</size> + <default_value>dialupAccess</default_value> + </field> + <field> + <name>Group Membership Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Group Membership Options</fielddescr> + <fieldname>varmodulesldapgroupenable</fieldname> + <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>varmodulesldapaccessattrusedforallow,varmodulesldapdoxlat,varmodulesldapcomparecheckitems,varmodulesldapgroupmembershipattribute,varmodulesldapgroupmembershipfilter,varmodulesldapgroupnameattribute</enablefields> + </field> + <field> + <fielddescr>Groupname Attribute</fielddescr> + <fieldname>varmodulesldapgroupnameattribute</fieldname> + <description><![CDATA[No description. (Default: cn)]]></description> + <type>input</type> + <size>80</size> + <default_value>cn</default_value> + </field> + <field> + <fielddescr>Groupmembership Filter</fielddescr> + <fieldname>varmodulesldapgroupmembershipfilter</fieldname> + <description><![CDATA[No description. (Default: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))]]></default_value> + </field> + <field> + <fielddescr>Groupmembership Attribute</fielddescr> + <fieldname>varmodulesldapgroupmembershipattribute</fieldname> + <description><![CDATA[No description. (Default: radiusGroupName)]]></description> + <type>input</type> + <size>80</size> + <default_value>radiusGroupName</default_value> + </field> + <field> + <fielddescr>Compare Check Items</fielddescr> + <fieldname>varmodulesldapcomparecheckitems</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Do XLAT</fielddescr> + <fieldname>varmodulesldapdoxlat</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Access Attribute Used For Allow</fielddescr> + <fieldname>varmodulesldapaccessattrusedforallow</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <name>KEEPALIVE CONFIGURATION</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE IDLE</fielddescr> + <fieldname>varmodulesldapkeepaliveidle</fieldname> + <description><![CDATA[No description. (Default: 60)]]></description> + <type>input</type> + <size>80</size> + <default_value>60</default_value> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE PROBES</fielddescr> + <fieldname>varmodulesldapkeepaliveprobes</fieldname> + <description><![CDATA[No description. (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE INTERVAL</fielddescr> + <fieldname>varmodulesldapkeepaliveinterval</fieldname> + <description><![CDATA[No description. (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> + </fields> + <custom_delete_php_command> + freeradius_modulesldap_resync(); + </custom_delete_php_command> + <custom_php_resync_config_command> + freeradius_modulesldap_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index e49aee1a..8115945a 100755..100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -78,7 +78,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> @@ -154,20 +158,18 @@ <field> <fielddescr>Logging Destination of RADIUS</fielddescr> <fieldname>varsettingslogdir</fieldname> - <description><![CDATA[Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log)]]></description> + <description><![CDATA[Choose the destination where freeRADIUS should log. This will log if service started or failed but no authentication information. (Default: radius.log)]]></description> <type>select</type> <default_value>syslog</default_value> <options> <option><name>/var/log/radius.log</name><value>files</value></option> <option><name>System Logs -> System</name><value>syslog</value></option> - <option><name>stdout</name><value>stdout</value></option> - <option><name>stderr</name><value>stderr</value></option> </options> </field> <field> <fielddescr>RADIUS Logging</fielddescr> <fieldname>varsettingsauth</fieldname> - <description><![CDATA[Choose if you want to enable logging. (Default: Disabled)]]></description> + <description><![CDATA[This enables logging if an authentication is accepted or rejected. (Default: Disabled)]]></description> <type>select</type> <default_value>yes</default_value> <options> @@ -178,7 +180,7 @@ <field> <fielddescr>Log Bad Authentication Attempts</fielddescr> <fieldname>varsettingsauthbadpass</fieldname> - <description><![CDATA[Choose if you want to log bad authentication attempts. Logging must be enabled. (Default: no)]]></description> + <description><![CDATA[If an authentication fails then it will log the username and <b>wrong</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> @@ -189,7 +191,7 @@ <field> <fielddescr>Log good authentication attempts?</fielddescr> <fieldname>varsettingsauthgoodpass</fieldname> - <description><![CDATA[Choose if you want to log good authentication attempts. Logging must be enabled. (Default: no)]]></description> + <description><![CDATA[If an authentication succeeds then it will log the username and <b>correct</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> @@ -200,7 +202,7 @@ <field> <fielddescr>Log Stripped Names</fielddescr> <fieldname>varsettingsstrippednames</fieldname> - <description><![CDATA[Choose if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no)]]></description> + <description><![CDATA[Choose this if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml index bce593fe..538ad45d 100755..100644 --- a/config/freeradius2/freeradiussqlconf.xml +++ b/config/freeradius2/freeradiussqlconf.xml @@ -78,7 +78,11 @@ <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index 4a15c8d2..66a2701f 100755..100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -90,7 +90,11 @@ POSSIBILITY OF SUCH DAMAGE. <tab> <text>Certificates</text> <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> - </tab> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0</url> + </tab> <tab> <text>View config</text> <url>/freeradius_view_config.php</url> diff --git a/config/lcdproc-dev/lcdproc.inc b/config/lcdproc-dev/lcdproc.inc index 1346b357..14e5dc73 100644 --- a/config/lcdproc-dev/lcdproc.inc +++ b/config/lcdproc-dev/lcdproc.inc @@ -74,9 +74,18 @@ case "none": continue; break; + case "com1": + continue; + break; case "com2": continue; break; + case "com1a": + continue; + break; + case "com2a": + continue; + break; case "ucom1": continue; break; @@ -137,6 +146,34 @@ break; } } + if($post['port_speed']) { + switch($post['port_speed']) { + case "0": + continue; + break; + case "1200": + continue; + break; + case "2400": + continue; + break; + case "9600": + continue; + break; + case "19200": + continue; + break; + case "57600": + continue; + break; + case "115200": + continue; + break; + default: + $input_errors[] = "The chosen port speed is not valid"; + break; + } + } } function validate_form_lcdproc_screens($post, $input_errors) { // No validation required ?! @@ -155,9 +192,18 @@ /* since config is written before this file invoked we don't need to read post data */ if($lcdproc_config['enable'] && ($lcdproc_config['comport'] != "none")) { switch($lcdproc_config['comport']) { + case "com1": + $realport = "/dev/cua0"; + break; case "com2": $realport = "/dev/cua1"; break; + case "com1a": + $realport = "/dev/cuau0"; + break; + case "com2a": + $realport = "/dev/cuau1"; + break; case "ucom1": $realport = "/dev/cuaU0"; break; @@ -211,16 +257,14 @@ case "bayrad": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Speed=9600\n"; break; case "CFontz": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Contrast=350\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=50\n"; - $config_text .= "Speed=9600\n"; + $config_text .= set_lcd_value("contrast", 1000, 350); + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 50); $config_text .= "NewFirmware=no\n"; $config_text .= "Reboot=no\n"; break; @@ -228,10 +272,9 @@ $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Contrast=350\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=50\n"; - $config_text .= "Speed=19200\n"; + $config_text .= set_lcd_value("contrast", 1000, 350); + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 50); $config_text .= "NewFirmware=yes\n"; $config_text .= "Reboot=yes\n"; break; @@ -240,10 +283,9 @@ $config_text .= "Device={$realport}\n"; $config_text .= "Model=635\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Contrast=350\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=50\n"; - $config_text .= "Speed=115200\n"; + $config_text .= set_lcd_value("contrast", 1000, 350); + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 50); $config_text .= "NewFirmware=yes\n"; $config_text .= "Reboot=yes\n"; break; @@ -262,26 +304,23 @@ $config_text .= "Model=12232\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Speed=19200\n"; $config_text .= "Reboot=no\n"; break; case "ea65": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "OffBrightness=0\n"; - $config_text .= "Brightness=500\n"; + $config_text .= set_lcd_value("brightness", 1000, 500); break; case "EyeboxOne": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Backlight=yes\n"; - $config_text .= "Speed=19200\n"; break; case "glk": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Contrast=560\n"; - $config_text .= "Speed=19200\n"; + $config_text .= set_lcd_value("contrast", 1000, 350); break; case "hd44780": $config_text .= "[{$lcdproc_config['driver']}]\n"; @@ -289,9 +328,9 @@ $config_text .= "ConnectionType=lcd2usb\n"; $config_text .= "Speed=0\n"; $config_text .= "Keypad=no\n"; - $config_text .= "Contrast=850\n"; - $config_text .= "Brightness=800\n"; - $config_text .= "OffBrightness=0\n"; + $config_text .= set_lcd_value("contrast", 1000, 850); + $config_text .= set_lcd_value("brightness", 1000, 800); + $config_text .= set_lcd_value("offbrightness", 1000, 0); $config_text .= "Backlight=yes\n"; $config_text .= "OutputPort=no\n"; $config_text .= "Charmap=hd44780_default\n"; @@ -299,6 +338,20 @@ $config_text .= "DelayBus=true\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; break; + case "hd44780 fast": + $config_text .= "[{$lcdproc_config['driver']}]\n"; + $config_text .= "ConnectionType=lcd2usb\n"; + $config_text .= "Charmap=hd44780_default\n"; + $config_text .= "Keypad=yes\n"; + $config_text .= set_lcd_value("contrast", 1000, 850); + $config_text .= set_lcd_value("brightness", 1000, 800); + $config_text .= set_lcd_value("offbrightness", 1000, 0); + $config_text .= "Backlight=yes\n"; + $config_text .= "OutputPort=no\n"; + $config_text .= "DelayMult=1\n"; + $config_text .= "DelayBus=no\n"; + $config_text .= "Size={$lcdproc_config['size']}\n"; + break; case "icp_a106": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; @@ -310,8 +363,7 @@ case "lb216": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Brightness=255\n"; - $config_text .= "Speed=9600\n"; + $config_text .= set_lcd_value("brightness", 255, 255); $config_text .= "Reboot=no\n"; break; case "lcdm001": @@ -327,32 +379,30 @@ $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=0\n"; + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 0); break; case "ms6931": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Brightness=255\n"; $config_text .= "Reboot=no\n"; break; case "mtc_s16209x": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Brightness=255\n"; + $config_text .= set_lcd_value("brightness", 255, 255); $config_text .= "Reboot=no\n"; break; case "MtxOrb": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Contrast=480\n"; $config_text .= "Type=lcd\n"; $config_text .= "hasAdjustableBacklight=yes\n"; $config_text .= "Reboot=no\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=0\n"; - $config_text .= "Speed=19200\n"; + $config_text .= set_lcd_value("contrast", 1000, 480); + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 0); break; case "nexcom": $config_text .= "[{$lcdproc_config['driver']}]\n"; @@ -364,9 +414,8 @@ $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=0\n"; - $config_text .= "Speed=9600\n"; + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 0); $config_text .= "Parity=0\n"; $config_text .= "Reboot=no\n"; break; @@ -376,9 +425,10 @@ $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; $config_text .= "KeyTimeout=500\n"; - $config_text .= "Brightness=1000\n"; + $config_text .= set_lcd_value("contrast", 1000, 1000); + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 0); $config_text .= "Blacklight_Timer=60\n"; - $config_text .= "Contrast=1000\n"; $config_text .= "Keylights=on\n"; $config_text .= "Key0Light=on\n"; $config_text .= "Key1Light=off\n"; @@ -392,6 +442,9 @@ $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; break; + case "sdeclcd": + $config_text .= "[{$lcdproc_config['driver']}]\n"; + break; case "sed1330": $config_text .= "[{$lcdproc_config['driver']}]\n"; break; @@ -403,7 +456,6 @@ $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; $config_text .= "Type=AEDEX\n"; - $config_text .= "Speed=9600\n"; break; case "serialVFD": $config_text .= "[{$lcdproc_config['driver']}]\n"; @@ -411,9 +463,8 @@ $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; $config_text .= "Type=0\n"; //Just the first - $config_text .= "Brightness=1000\n"; - $config_text .= "OffBrightness=0\n"; - $config_text .= "Speed=9600\n"; + $config_text .= set_lcd_value("brightness", 1000, 1000); + $config_text .= set_lcd_value("offbrightness", 1000, 0); $config_text .= "ISO_8859_1=yes\n"; break; case "shuttleVFD": @@ -424,20 +475,23 @@ $config_text .= "driverpath =/usr/local/lib/lcdproc/\n"; $config_text .= "Device={$realport}\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; - $config_text .= "Edition=2\n"; - $config_text .= "Contrast=200\n"; - $config_text .= "Brightness=480\n"; - $config_text .= "Speed=19200\n"; + $config_text .= "Edition=2\n"; + $config_text .= set_lcd_value("contrast", 1000, 200); + $config_text .= set_lcd_value("brightness", 1000, 480); break; case "sli": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "Device={$realport}\n"; - $config_text .= "Speed=9600\n"; break; default: lcdproc_warn("The chosen lcdproc driver is not a valid choice"); unset($lcdproc_config[driver]); } + /* Port speed */ + if ($lcdproc_config[port_speed] <> '' && $lcdproc_config[port_speed] <> '0') { + $port_speed = $lcdproc_config[port_speed]; + $config_text .= "Speed={$port_speed}\n"; + } /* generate rc file start and stop */ $client_script = <<<EOD #!/bin/sh @@ -500,4 +554,30 @@ EOD; config_unlock(); lcdproc_notice("Sync: End package sync"); } + function set_lcd_value($fieldname, $max, $default_value) { + global $config; + $lcdproc_config = $config['installedpackages']['lcdproc']['config'][0]; + $value = $lcdproc_config[$fieldname]; + $returnvalue = ""; + if ($value != '' && $value != '-1') { + $realvalue = (int)($max * $value / 100); + } + else + { + $realvalue = $default_value; + } + switch ($fieldname) + { + case "brightness": + $returnvalue = "Brightness={$realvalue}\n"; + break; + case "offbrightness": + $returnvalue = "OffBrightness={$realvalue}\n"; + break; + case "contrast": + $returnvalue = "Contrast={$realvalue}\n"; + break; + } + return $returnvalue; + } ?>
\ No newline at end of file diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index 85e4ca23..fcb16997 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> - <title>Services: LCDproc 0.5.4 pkg v. 0.3</title> + <title>Services: LCDproc 0.5.4 pkg v. 0.6</title> <name>lcdproc</name> - <version>0.5.4 pkg v. 0.3</version> + <version>0.5.4 pkg v. 0.6</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> @@ -42,6 +42,11 @@ <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> + <additional_files_needed> + <item>http://files.pfsense.org/misc/sdeclcd.so</item> + <prefix>/usr/local/lib/lcdproc/</prefix> + <chmod>0755</chmod> + </additional_files_needed> <service> <name>lcdproc</name> <rcfile>lcdproc.sh</rcfile> @@ -65,10 +70,22 @@ <name>none</name> </option> <option> + <value>com1</value> + <name>Serial Com port 1 (/dev/cua0)</name> + </option> + <option> <value>com2</value> <name>Serial Com port 2 (/dev/cua1)</name> </option> <option> + <value>com1a</value> + <name>Serial Com port 1 alternate (/dev/cuau0)</name> + </option> + <option> + <value>com2a</value> + <name>Serial Com port 2 alternate (/dev/cuau1)</name> + </option> + <option> <value>ucom1</value> <name>USB Com port 1 (/dev/cuaU0)</name> </option> @@ -187,6 +204,10 @@ <name>hd44780</name> </option> <option> + <value>hd44780 fast</value> + <name>hd44780 fast</name> + </option> + <option> <value>icp_a106</value> <name>icp_a106</name> </option> @@ -237,7 +258,11 @@ <option> <value>pyramid</value> <name>pyramid</name> - </option> + </option> + <option> + <value>sdeclcd</value> + <name>sdeclcd (x86 only)</name> + </option> <option> <value>sed1330</value> <name>sed1330</name> @@ -313,6 +338,214 @@ </option> </options> <default_value>5</default_value> + </field> + <field> + <fieldname>port_speed</fieldname> + <fielddescr>Port speed</fielddescr> + <description>Set the port speed. Caution: not all the driver or panels support all the speeds, leave "default" if unsure.</description> + <type>select</type> + <options> + <option> + <value>0</value> + <name>Default</name> + </option> + <option> + <value>1200</value> + <name>1200 bps</name> + </option> + <option> + <value>2400</value> + <name>2400 bps</name> + </option> + <option> + <value>9600</value> + <name>9600 bps</name> + </option> + <option> + <value>19200</value> + <name>19200 bps</name> + </option> + <option> + <value>57600</value> + <name>57600 bps</name> + </option> + <option> + <value>115200</value> + <name>115200 bps</name> + </option> + </options> + <default_value>0</default_value> + </field> + <field> + <fieldname>brightness</fieldname> + <fielddescr>Brightness</fielddescr> + <description>Set the brightness of the LCD panel. This option is not supported by all the LCD panels, leave "default" if unsure.</description> + <type>select</type> + <options> + <option> + <value>-1</value> + <name>Default</name> + </option> + <option> + <value>0</value> + <name>0%</name> + </option> + <option> + <value>10</value> + <name>10%</name> + </option> + <option> + <value>20</value> + <name>20%</name> + </option> + <option> + <value>30</value> + <name>30%</name> + </option> + <option> + <value>40</value> + <name>40%</name> + </option> + <option> + <value>50</value> + <name>50%</name> + </option> + <option> + <value>60</value> + <name>60%</name> + </option> + <option> + <value>70</value> + <name>70%</name> + </option> + <option> + <value>80</value> + <name>80%</name> + </option> + <option> + <value>90</value> + <name>90%</name> + </option> + <option> + <value>100</value> + <name>100%</name> + </option> + </options> + <default_value>-1</default_value> + </field> + <field> + <fieldname>offbrightness</fieldname> + <fielddescr>Offrightness</fielddescr> + <description>Set the off-brightness of the LCD panel. This value is used when the display is normally switched off in case LCDd is inactive. This option is not supported by all the LCD panels, leave "default" if unsure.</description> + <type>select</type> + <options> + <option> + <value>-1</value> + <name>Default</name> + </option> + <option> + <value>0</value> + <name>0%</name> + </option> + <option> + <value>10</value> + <name>10%</name> + </option> + <option> + <value>20</value> + <name>20%</name> + </option> + <option> + <value>30</value> + <name>30%</name> + </option> + <option> + <value>40</value> + <name>40%</name> + </option> + <option> + <value>50</value> + <name>50%</name> + </option> + <option> + <value>60</value> + <name>60%</name> + </option> + <option> + <value>70</value> + <name>70%</name> + </option> + <option> + <value>80</value> + <name>80%</name> + </option> + <option> + <value>90</value> + <name>90%</name> + </option> + <option> + <value>100</value> + <name>100%</name> + </option> + </options> + <default_value>-1</default_value> + </field> + <field> + <fieldname>contrast</fieldname> + <fielddescr>Contrast</fielddescr> + <description>Set the contrast of the LCD panel. This option is not supported by all the LCD panels, leave "default" if unsure.</description> + <type>select</type> + <options> + <option> + <value>-1</value> + <name>Default</name> + </option> + <option> + <value>0</value> + <name>0%</name> + </option> + <option> + <value>10</value> + <name>10%</name> + </option> + <option> + <value>20</value> + <name>20%</name> + </option> + <option> + <value>30</value> + <name>30%</name> + </option> + <option> + <value>40</value> + <name>40%</name> + </option> + <option> + <value>50</value> + <name>50%</name> + </option> + <option> + <value>60</value> + <name>60%</name> + </option> + <option> + <value>70</value> + <name>70%</name> + </option> + <option> + <value>80</value> + <name>80%</name> + </option> + <option> + <value>90</value> + <name>90%</name> + </option> + <option> + <value>100</value> + <name>100%</name> + </option> + </options> + <default_value>-1</default_value> </field> </fields> <custom_php_command_before_form> diff --git a/config/lcdproc-dev/lcdproc_screens.xml b/config/lcdproc-dev/lcdproc_screens.xml index acde02ca..0c967dff 100644 --- a/config/lcdproc-dev/lcdproc_screens.xml +++ b/config/lcdproc-dev/lcdproc_screens.xml @@ -2,7 +2,7 @@ <packagegui> <title>Services: LCDproc: Screens</title> <name>lcdproc_screens</name> - <version>0.5.4 pkg v. 0.3</version> + <version>0.5.4 pkg v. 0.6</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index 82ce84e7..1a4f284d 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -938,9 +938,12 @@ EOF; unlink_if_exists($libexec_dir.'clamav-wrapper'); } else{ - chown('/var/run/clamav/', 'postfix'); - chown('/var/log/clamav/', 'postfix'); - chown('/var/db/clamav/', 'postfix'); + if (file_exists('/var/run/clamav/')) + chown('/var/run/clamav/', 'postfix'); + if (file_exists('/var/log/clamav/')) + chown('/var/log/clamav/', 'postfix'); + if (file_exists('/var/db/clamav/')) + chown('/var/db/clamav/', 'postfix'); if (file_exists('/var/db/clamav/bytecode.cld')) chown('/var/db/clamav/bytecode.cld', 'postfix'); if (file_exists('/var/db/clamav/daily.cld')) @@ -987,14 +990,21 @@ EOF; } #clamd script file $script='/usr/local/etc/rc.d/clamav-clamd'; - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - chmod ($script,0755); + $script_file=file($script); + foreach ($script_file as $script_line){ + if(preg_match("/command=/",$script_line)){ + $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; + $new_clamav_startup.= "chown postfix /var/run/clamav\n"; + $new_clamav_startup.=$script_line; + } + elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { + $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); + } } - mwexec_bg("$script fastrestart"); - + file_put_contents($script, $new_clamav_startup, LOCK_EX); + chmod ($script,0755); + mwexec("$script stop"); + mwexec_bg("$script start"); } } else{ @@ -1010,7 +1020,6 @@ EOF; file_put_contents($script, $script_file, LOCK_EX); chmod ($script,0755); } - mwexec_bg("$script fastrestart"); #check dcc config file $script='/usr/local/dcc/dcc_conf'; $script_file=file_get_contents($script); @@ -1018,7 +1027,9 @@ EOF; $script_file=preg_replace("/DCCIFD_ENABLE=off/","DCCIFD_ENABLE=on",$script_file); file_put_contents($script, $script_file, LOCK_EX); } - + mwexec("$script stop"); + mwexec_bg("$script start"); + $script='/usr/local/etc/rc.d/mailscanner'; #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/mailscanner @@ -1037,13 +1048,16 @@ EOF; $script_file=file_get_contents($script); if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } + $script_file=preg_replace("/NO/","YES",$script_file); + file_put_contents($script, $script_file, LOCK_EX); + chmod ($script,0755); + } if($config['installedpackages']['mailscanner']['config'][0]['enable']){ log_error("Reload mailscanner"); chmod ($script,0755); - mwexec_bg("$script fastrestart"); + mwexec("$script stop"); + sleep(2); + mwexec_bg("$script start"); } else{ log_error("Stopping mailscanner if running"); @@ -1196,4 +1210,4 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { } } -?>
\ No newline at end of file +?> diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml index d7b7dab4..cf00023d 100644 --- a/config/mailscanner/mailscanner.xml +++ b/config/mailscanner/mailscanner.xml @@ -54,7 +54,7 @@ <service> <name>mailscanner</name> <rcfile>mailscanner</rcfile> - <executable>MailScanner</executable> + <executable>perl5.12.4</executable> <description>MailScanner</description> </service> <additional_files_needed> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 6b7b02ac..28ff3999 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -94,18 +94,26 @@ function before_form_nut($pkg) { /* return available serial ports */ - $handle = popen('dmesg | grep \'^sio[0-9]: type\'','r'); - $read = fread($handle, 2096); - pclose($handle); - /* explode at the newlines */ - $read = explode("\n",$read); - - /* parse resulting text */ - foreach($read as $line) { - if($line!= '') { - $names[] = 'ttyd'.$line{3}.' (COM'.($line{3}+1).')'; - $values[] = '/dev/ttyd'.$line{3}; + $serial_types = array("sio", "cua", "tty"); + $ignore_files = array(".lock", ".init"); + + foreach($serial_types as $st) { + $devices = glob("/dev/{$st}*"); + foreach($devices as $line) { + if($line != '') { + $ignore = false; + foreach($ignore_files as $if) { + if(strstr($line, $if)) { + $ignore = true; + continue; + } + } + if($ignore == false) { + $names[] = str_replace("/dev/", "", $line); + $values[] = $line; + } + } } } diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 9a951f56..151f710c 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -210,6 +210,8 @@ function squid_install_command() { exec("/bin/rm /usr/local/etc/rc.d/squid"); squid_write_rcfile(); exec("chmod a+rx /usr/local/libexec/squid/dnsserver"); + if(file_exists("/usr/local/pkg/swapstate_check.php")) + exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -581,20 +583,29 @@ function squid_install_cron($should_install) { global $config, $g; if($g['booting']==true) return; - $is_installed = false; + $rotate_is_installed = false; + $swapstate_is_installed = false; + if(!$config['cron']['item']) return; + $settings = $config['installedpackages']['squidcache']['config'][0]; $x=0; + $rotate_job_id=-1; + $swapstate_job_id=-1; foreach($config['cron']['item'] as $item) { if(strstr($item['task_name'], "squid_rotate_logs")) { - $is_installed = true; - break; + + $rotate_job_id = $x; + } elseif(strstr($item['task_name'], "squid_check_swapstate")) { + $swapstate_job_id = $x; } $x++; } + $need_write = false; switch($should_install) { case true: - if(!$is_installed) { + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + if($rotate_job_id < 0) { $cron_item = array(); $cron_item['task_name'] = "squid_rotate_logs"; $cron_item['minute'] = "0"; @@ -603,25 +614,46 @@ function squid_install_cron($should_install) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/sbin/squid -k rotate"; + $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; /usr/local/sbin/squid -k rotate"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($swapstate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_check_swapstate"; + $cron_item['minute'] = "*/15"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if ($need_write) { $config['cron']['item'][] = $cron_item; parse_config(true); - write_config("Squid Log Rotation"); - configure_cron(); + write_config("Adding Squid Cron Jobs"); } break; case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config(); - } - configure_cron(); - } + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($swapstate_job_id >= 0) { + unset($config['cron']['item'][$swapstate_job_id]); + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Removing Squid Cron Jobs"); + } break; } -} + configure_cron(); + } function squid_resync_general() { global $g, $config, $valid_acls; @@ -672,13 +704,12 @@ cache_store_log none EOD; - if (!empty($settings['log_rotate'])) { - $conf .= "logfile_rotate {$settings['log_rotate']}\n"; - squid_install_cron(true); - } - else { - squid_install_cron(false); - } +// Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen. +// Rotating also ensures that swap.state is rewritten, so is useful even if the logs +// are not being rotated. +$rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate']; +$conf .= "logfile_rotate {$rotate}\n"; +squid_install_cron(true); $conf .= <<<EOD shutdown_lifetime 3 seconds diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index f33327e4..5cb5ea4a 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -152,6 +152,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/squid-reverse/squid_cache.xml</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item> + </additional_files_needed> <fields> <field> <fielddescr>Proxy interface</fielddescr> diff --git a/config/squid-reverse/swapstate_check.php b/config/squid-reverse/swapstate_check.php new file mode 100644 index 00000000..ab5b11d8 --- /dev/null +++ b/config/squid-reverse/swapstate_check.php @@ -0,0 +1,48 @@ +#!/usr/local/bin/php -q +<?php +/* + swapstate_check.php + Copyright (C) 2011 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once('config.inc'); +require_once('util.inc'); + +$settings = $config['installedpackages']['squidcache']['config'][0]; +$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); +$swapstate = $cachedir . '/swap.state'; +$disktotal = disk_total_space(dirname($cachedir)); +$diskfree = disk_free_space(dirname($cachedir)); +$diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); +$swapstate_size = filesize($swapstate); +$swapstate_pct = round(($swapstate_size / $disktotal) * 100); + +// If the swap.state file is taking up more than 75% disk space, +// or the drive is 90% full and swap.state is larger than 1GB, +// kill it and initiate a rotate to write a fresh copy. +if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024))) { + mwexec_bg("/bin/rm $swapstate; /usr/local/sbin/squid -k rotate"); + log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); +} +?>
\ No newline at end of file diff --git a/config/squid/squid_auth.xml b/config/squid/squid_auth.xml index c8e34553..d28beb02 100644 --- a/config/squid/squid_auth.xml +++ b/config/squid/squid_auth.xml @@ -48,7 +48,7 @@ <name>squidauth</name> <version>none</version> <title>Proxy server: Authentication</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> diff --git a/config/squid/squid_cache.xml b/config/squid/squid_cache.xml index 55a1ca59..35c9a934 100644 --- a/config/squid/squid_cache.xml +++ b/config/squid/squid_cache.xml @@ -48,7 +48,7 @@ <name>squidcache</name> <version>none</version> <title>Proxy server: Cache management</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml index 401426a6..4ad3800c 100644 --- a/config/squid/squid_nac.xml +++ b/config/squid/squid_nac.xml @@ -48,7 +48,7 @@ <name>squidnac</name> <version>none</version> <title>Proxy server: Access control</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> diff --git a/config/squid/squid_traffic.xml b/config/squid/squid_traffic.xml index d560a7ad..c660a1ea 100644 --- a/config/squid/squid_traffic.xml +++ b/config/squid/squid_traffic.xml @@ -48,7 +48,7 @@ <name>squidtraffic</name> <version>none</version> <title>Proxy server: Traffic management</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> diff --git a/config/squid/squid_upstream.xml b/config/squid/squid_upstream.xml index ad494524..cd87edef 100644 --- a/config/squid/squid_upstream.xml +++ b/config/squid/squid_upstream.xml @@ -48,7 +48,7 @@ <name>squidupstream</name> <version>none</version> <title>Proxy server: Upstream proxy settings</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> <text>General</text> diff --git a/config/squid/squid_users.xml b/config/squid/squid_users.xml index eef6389f..272e53f8 100644 --- a/config/squid/squid_users.xml +++ b/config/squid/squid_users.xml @@ -48,7 +48,7 @@ <name>squidusers</name> <version>none</version> <title>Proxy server: Local users</title> - <include_file>squid.inc</include_file> + <include_file>/usr/local/pkg/squid.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> <tabs> |