From c7ab9481a46979187047e556b1ad9aec050e64fd Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Thu, 6 Aug 2015 21:40:39 +0200
Subject: widentd - code style and multiple improvements/bugfixes

-  Fix copyright header
-  FIx indentation, code cleanup
-  Add input validation (username, sysname, IPv4)
-  Actually make the default values (username, sysname) work, previously nothing was set if left empty
- Fix Bug 3434 by adding custom_php_resync_config_command
---
 config/widentd/widentd.xml | 174 +++++++++++++++++++++++++++------------------
 1 file changed, 105 insertions(+), 69 deletions(-)

diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml
index ca73d436..ea6f538a 100644
--- a/config/widentd/widentd.xml
+++ b/config/widentd/widentd.xml
@@ -1,58 +1,54 @@
 <?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
 <packagegui>
-        <copyright>
-        <![CDATA[
+	<copyright>
+	<![CDATA[
 /* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
 /*
-    authng.xml
-    part of pfSense (http://www.pfSense.com)
-    Copyright (C) 2007 to whom it may belong
-    All rights reserved.
-
-    Based on m0n0wall (http://m0n0.ch/wall)
-    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-    All rights reserved.
-                                                                              */
-/* ========================================================================== */
+	widentd.xml
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2009 Bill Marquette
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+*/
+/* ====================================================================================== */
 /*
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
 
-     1. Redistributions of source code must retain the above copyright notice,
-        this list of conditions and the following disclaimer.
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
 
-     2. Redistributions in binary form must reproduce the above copyright
-        notice, this list of conditions and the following disclaimer in the
-        documentation and/or other materials provided with the distribution.
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
 
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-                                                                              */
-/* ========================================================================== */
-        ]]>
-        </copyright>
-    <description>Describe your package here</description>
-    <requirements>Describe your package requirements here</requirements>
-    <faq>Currently there are no FAQ items provided.</faq>
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+	]]>
+	</copyright>
 	<name>widentd</name>
-	<version>1.03_1</version>
+	<version>1.0.4</version>
 	<title>Services: widentd</title>
 	<menu>
 		<name>widentd</name>
 		<tooltiptext>Modify widentd settings.</tooltiptext>
 		<section>Services</section>
-                <url>pkg_edit.php?xml=widentd.xml&amp;id=0</url>
+		<url>pkg_edit.php?xml=widentd.xml&amp;id=0</url>
 	</menu>
 	<service>
 		<name>widentd</name>
@@ -62,61 +58,101 @@
 	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
 	<fields>
 		<field>
-		    <fielddescr>Listening interface</fielddescr>
-		    <fieldname>interface</fieldname>
-		    <description>Enter the desired listening interface here.</description>
-		    <type>interfaces_selection</type>
+			<fielddescr>Listening interface</fielddescr>
+			<fieldname>interface</fieldname>
+			<description>
+				<![CDATA[
+				Enter the desired listening interface here.<br />
+				(Default: WAN)
+				]]>
+			</description>
+			<type>interfaces_selection</type>
+			<default_value>wan</default_value>
+			<required/>
 		</field>
 		<field>
-                    <fielddescr>Username</fielddescr>
-                    <fieldname>username</fieldname>
-                    <description>Enter the username you'd like displayed via widentd.</description>
-                    <type>input</type>
+			<fielddescr>Username</fielddescr>
+			<fieldname>username</fieldname>
+			<description>
+				<![CDATA[
+				Enter the username you'd like displayed via widentd. Allowed characters: [a-zA-Z] only.<br />
+				(Defaults to 'user' if left empty.)
+				]]>
+			</description>
+			<type>input</type>
 		</field>
 		<field>
-		    <fielddescr>System name</fielddescr>
-		    <fieldname>sysname</fieldname>
-		    <description>Enter the system name you'd like displayed via widentd</description>
-		    <type>input</type>
-		    <value>pfSense</value>
+			<fielddescr>System name</fielddescr>
+			<fieldname>sysname</fieldname>
+			<description>
+				<![CDATA[
+				Enter the system name you'd like displayed via widentd. Allowed characters: [a-zA-Z] only.<br />
+				(Defaults to 'UNIX' if left empty.)
+				]]>
+			</description>
+			<type>input</type>
 		</field>
-        </fields>
+	</fields>
 	<custom_php_global_functions>
+	<![CDATA[
 	function sync_package_widentd() {
 		conf_mount_rw();
 		config_lock();
 		global $config;
-        if (!isset($config['installedpackages']['widentd']['config'][0]['interface'])) {
-            $config['installedpackages']['widentd']['config'][0]['interface'] = 'WAN';
-        }
-        if (!isset($config['installedpackages']['widentd']['config'][0]['username'])) {
-            $config['installedpackages']['widentd']['config'][0]['username'] = 'user';
-        }
-        if (!isset($config['installedpackages']['widentd']['config'][0]['sysname'])) {
-            $config['installedpackages']['widentd']['config'][0]['sysname'] = 'UNIX';
-        }
+
+		/* Write widentd.sh */
 		$int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['widentd']['config'][0]['interface']);
 		$ip = find_interface_ip($int);
-		$user = $config['installedpackages']['widentd']['config'][0]['username'];
-		$system = $config['installedpackages']['widentd']['config'][0]['sysname'];
+		$user = $config['installedpackages']['widentd']['config'][0]['username'] ?: 'user';
+		$system = $config['installedpackages']['widentd']['config'][0]['sysname'] ?: 'UNIX';
 		$start = "/usr/local/sbin/widentd -u {$user} -o {$system} -i {$ip}";
 		$stop = "/usr/bin/killall widentd";
 		write_rcfile(array(
 			"file" => "widentd.sh",
 			"start" => $start,
-			"stop" =>  $stop
+			"stop" => $stop
 			)
 		);
+		
 		restart_service("widentd");
-		conf_mount_ro();
 		config_unlock();
+		conf_mount_ro();
 	}
+
+
+	function validate_input_widentd($post, &$input_errors) {
+		/* Only allow ^[a-zA-Z\.]+$ otherwise the daemon will not start; see widentd manpage */
+		if (($post['username'] != "") && !preg_match("/^[a-zA-Z\.]+$/", $post['username'])) {
+			$input_errors[] = 'Username may only contain uppercase and lowercase letters [a-zA-Z] and "." character.';
+		}
+
+		/* Technically, ^[A-Z][A-Z0-9\-.\/]+[A-Z0-9]$ should be valid characters here
+		https://www.iana.org/assignments/operating-system-names/operating-system-names.xhtml
+		However this is not supported by widentd; the service will not start.
+		*/
+		if (($post['sysname'] != "") && !preg_match("/^[a-zA-Z]+$/", $post['sysname'])) {
+			$input_errors[] .= 'System name may only contain uppercase and lowercase letters [a-zA-Z].';
+		}
+		
+		/* Check for IPv6-only interfaces */
+		$int = convert_friendly_interface_to_real_interface_name($post['interface']);
+		$ip = find_interface_ip($int);
+		if (!is_ipaddrv4($ip)) {
+			$input_errors[] .= 'The selected interface has no IPv4 configured. Widentd does not support IPv6.';
+		}
+	}
+	]]>
 	</custom_php_global_functions>
 	<custom_add_php_command>
 		sync_package_widentd();
 	</custom_add_php_command>
+	<custom_php_resync_config_command>
+		sync_package_widentd();
+	</custom_php_resync_config_command>
 	<custom_php_install_command>
 		unlink_if_exists("/usr/local/etc/rc.d/widentd.sh");
 	</custom_php_install_command>
+	<custom_php_validation_command>
+		validate_input_widentd($_POST, $input_errors);
+	</custom_php_validation_command>
 </packagegui>
-
-- 
cgit v1.2.3


From 80704e607ec5f4d680f4c9e0d77772e40fb525c8 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Thu, 6 Aug 2015 21:41:48 +0200
Subject: Bump widentd package version

---
 pkg_config.10.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 60f28e41..3bd7efd0 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -865,7 +865,7 @@
 		<website>http://www.webweaving.org/widentd</website>
 		<category>Services</category>
 		<depends_on_package_pbi>widentd-1.03_2-##ARCH##.pbi</depends_on_package_pbi>
-		<version>1.03_2</version>
+		<version>1.0.4</version>
 		<status>Stable</status>
 		<pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink>
 		<required_version>2.2</required_version>
-- 
cgit v1.2.3


From f8bbb4d41ffed2d7545666a48f8808312a6f87aa Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Thu, 6 Aug 2015 21:43:01 +0200
Subject: widentd.xml - fix remaining indentation issues

---
 config/widentd/widentd.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml
index ea6f538a..55f7aec2 100644
--- a/config/widentd/widentd.xml
+++ b/config/widentd/widentd.xml
@@ -113,7 +113,7 @@
 			"stop" => $stop
 			)
 		);
-		
+
 		restart_service("widentd");
 		config_unlock();
 		conf_mount_ro();
@@ -133,7 +133,7 @@
 		if (($post['sysname'] != "") && !preg_match("/^[a-zA-Z]+$/", $post['sysname'])) {
 			$input_errors[] .= 'System name may only contain uppercase and lowercase letters [a-zA-Z].';
 		}
-		
+
 		/* Check for IPv6-only interfaces */
 		$int = convert_friendly_interface_to_real_interface_name($post['interface']);
 		$ip = find_interface_ip($int);
-- 
cgit v1.2.3


From 42165ca9812cb69508c8a8bb052b5d459a7d3a13 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Thu, 6 Aug 2015 21:50:28 +0200
Subject: widentd.xml - fix username hint to match the input validation

---
 config/widentd/widentd.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml
index 55f7aec2..b0c12b72 100644
--- a/config/widentd/widentd.xml
+++ b/config/widentd/widentd.xml
@@ -75,7 +75,7 @@
 			<fieldname>username</fieldname>
 			<description>
 				<![CDATA[
-				Enter the username you'd like displayed via widentd. Allowed characters: [a-zA-Z] only.<br />
+				Enter the username you'd like displayed via widentd. Allowed characters: [a-zA-Z] and "." only.<br />
 				(Defaults to 'user' if left empty.)
 				]]>
 			</description>
-- 
cgit v1.2.3


From ed65780f737a9fa2f225d3664c4e8f7367b7cebe Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Thu, 6 Aug 2015 22:46:06 +0200
Subject: widentd.xml - add enable/disable feature

---
 config/widentd/widentd.xml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/config/widentd/widentd.xml b/config/widentd/widentd.xml
index b0c12b72..27a8ffe8 100644
--- a/config/widentd/widentd.xml
+++ b/config/widentd/widentd.xml
@@ -57,6 +57,11 @@
 	</service>
 	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
 	<fields>
+		<field>
+			<fielddescr>Enable widentd daemon</fielddescr>
+			<fieldname>enable</fieldname>
+			<type>checkbox</type>
+		</field>
 		<field>
 			<fielddescr>Listening interface</fielddescr>
 			<fieldname>interface</fieldname>
@@ -114,7 +119,15 @@
 			)
 		);
 
-		restart_service("widentd");
+		/* If the service is (being) disabled, stop it (if running) and do nothing else */
+		if (!($config['installedpackages']['widentd']['config'][0][enable])) {
+			if (is_process_running("widentd")) {
+				stop_service("widentd");
+			}
+			return;
+		} else {
+			restart_service("widentd");
+		}
 		config_unlock();
 		conf_mount_ro();
 	}
-- 
cgit v1.2.3