From 12a4ff878a41e407aa1a446fb5b6a757c6207706 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:46:44 +0100
Subject: pfflowd - add privileges configuration, fixes and cleanups

- Add privileges configuration
- Add Enable checkbox instead of using the foreach() hack
- Validate Source IP as well
---
 config/pfflowd/pfflowd.xml | 149 +++++++++++++++++++++------------------------
 1 file changed, 69 insertions(+), 80 deletions(-)

diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml
index 44294d69..25a68a2c 100644
--- a/config/pfflowd/pfflowd.xml
+++ b/config/pfflowd/pfflowd.xml
@@ -42,138 +42,130 @@
 		]]>
 	</copyright>
 	<name>pfflowd</name>
-	<version>1.0.3</version>
-	<title>pfflowd: Settings</title>
-	<aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&amp;id=0</aftersaveredirect>
+	<version>1.0.4</version>
+	<title>Services: pfflowd Settings</title>
+	<aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect>
 	<menu>
 		<name>pfflowd</name>
 		<tooltiptext>Modify pfflowd settings.</tooltiptext>
 		<section>Services</section>
 		<configfile>pfflowd.xml</configfile>
-		<url>/pkg_edit.php?xml=pfflowd.xml&amp;id=0</url>
+		<url>/pkg_edit.php?xml=pfflowd.xml</url>
 	</menu>
 	<service>
 		<name>pfflowd</name>
 		<rcfile>pfflowd.sh</rcfile>
 		<executable>pfflowd</executable>
+		<description>Netflow Export Daemon</description>
 	</service>
 	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item>
+	</additional_files_needed>
 	<fields>
 		<field>
-			<fielddescr>Host</fielddescr>
+			<fielddescr>Enable pfflowd</fielddescr>
+			<fieldname>enabled</fieldname>
+			<description>Check this to enable pfflowd daemon.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Destination Host</fielddescr>
 			<fieldname>host</fieldname>
-			<description>Specify the host that datagrams are to be sent to.</description>
+			<description>Specify the IP address of the host that datagrams are to be sent to.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
-			<fielddescr>Port</fielddescr>
+			<fielddescr>Destination Port</fielddescr>
 			<fieldname>port</fieldname>
 			<description>Enter the port that datagrams are to be sent to.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
-			<fielddescr>Source Hostname/IP</fielddescr>
+			<fielddescr>Source IP</fielddescr>
 			<fieldname>sourcehost</fieldname>
-			<description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description>
+			<description>
+				<![CDATA[
+				Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong>
+				]]>
+			</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>pf rule direction restriction</fielddescr>
+			<fielddescr>pf Rule Direction Restriction</fielddescr>
 			<fieldname>direction</fieldname>
 			<description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description>
 			<type>select</type>
 			<options>
-				<option>
-					<name>Any</name>
-					<value>any</value>
-				</option>
-				<option>
-					<name>In</name>
-					<value>in</value>
-				</option>
-				<option>
-					<name>Out</name>
-					<value>out</value>
-				</option>
+				<option><name>Any</name><value>any</value></option>
+				<option><name>In</name><value>in</value></option>
+				<option><name>Out</name><value>out</value></option>
 			</options>
 		</field>
 		<field>
-			<fielddescr>Netflow version</fielddescr>
+			<fielddescr>Netflow Version</fielddescr>
 			<fieldname>version</fieldname>
 			<description>Select which version of the NetFlow protocol to use.</description>
 			<type>select</type>
 			<options>
-				<option>
-					<name>9</name>
-					<value>9</value>
-				</option>
-				<option>
-					<name>5</name>
-					<value>5</value>
-				</option>
-				<option>
-					<name>1</name>
-					<value>1</value>
-				</option>
+				<option><name>9</name><value>9</value></option>
+				<option><name>5</name><value>5</value></option>
+				<option><name>1</name><value>1</value></option>
 			</options>
 		</field>
 	</fields>
 	<custom_php_global_functions>
 		<![CDATA[
 		function sync_package_pfflowd() {
-			conf_mount_rw();
 			global $config;
-			foreach ($config['installedpackages']['pfflowd']['config'] as $cf) {
-				if ($cf['host'] != "") {
-					$start = "\n/sbin/ifconfig pfsync0 up\n";
-					$start .= "/usr/local/sbin/pfflowd ";
-					$start .= " -n {$cf['host']}";
-					if ($cf['port'] != "") {
-						$start .= ":{$cf['port']}";
-					}
-					if (!empty($cf['sourcehost'])) {
-						$start .= " -s {$cf['sourcehost']} ";
-					}
-					if ($cf['direction'] != "") {
-						$start .= " -S {$cf['direction']}";
-					}
-					if ($cf['version'] != "") {
-						$start .= " -v {$cf['version']}";
-					}
-					write_rcfile(array(
-							"file" => "pfflowd.sh",
-							"start" => $start,
-							"stop" => "/usr/bin/killall pfflowd"
-						)
-					);
+			conf_mount_rw();
+			if (is_array($config['installedpackages']['pfflowd']['config'])) {
+				$cf = $config['installedpackages']['pfflowd']['config'][0];
+			} else {
+				$cf = array();
+			}
+			if ($cf['enabled'] == "on") {
+				$start = "\n/sbin/ifconfig pfsync0 up\n";
+				$start .= "/usr/local/sbin/pfflowd ";
+				$start .= " -n {$cf['host']}";
+				$start .= ":{$cf['port']}";
+				if (!empty($cf['sourcehost'])) {
+					$start .= " -s {$cf['sourcehost']} ";
+				}
+				if ($cf['direction'] != "") {
+					$start .= " -S {$cf['direction']}";
+				}
+				if ($cf['version'] != "") {
+					$start .= " -v {$cf['version']}";
+				}
+				write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd"));
+				if (is_service_running("pfflowd")) {
 					restart_service("pfflowd");
-					break;
+				} else {
+					start_service("pfflowd");
+				}
+			} else {
+				if (is_service_running("pfflowd")) {
+					stop_service("pfflowd");
 				}
+				unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh");
 			}
 			conf_mount_ro();
 		}
 
 		function validate_form_pfflowd($post, &$input_errors) {
-			if (($post['host'] == "") || !is_ipaddr($post['host'])) {
-				$input_errors[] = 'You must specify a valid ip address in the \'Host\' field';
+			if ($post['host'] != "" && !is_ipaddr($post['host'])) {
+				$input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field';
 			}
-			if (($post['port'] == "") || !is_port($post['port'])) {
-				$input_errors[] = 'You must specify a valid port number in the \'Port\' field';
+			if ($post['port'] != "" && !is_port($post['port'])) {
+				$input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field';
 			}
-		}
-
-		function cleanup_config_pfflowd() {
-			global $a_pkg;
-			$pffconf = array();
-			if (is_array($a_pkg)) {
-				foreach($a_pkg as $cf) {
-					if ($cf['host'] != "") {
-						$pffconf = $cf;
-					}
-				}
+			if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) {
+				$input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field';
 			}
-			$a_pkg = array();
-			$a_pkg[0] = $pffconf;
 		}
 		]]>
 	</custom_php_global_functions>
@@ -183,7 +175,4 @@
 	<custom_php_validation_command>
 		validate_form_pfflowd($_POST, $input_errors);
 	</custom_php_validation_command>
-	<custom_php_command_before_form>
-		cleanup_config_pfflowd();
-	</custom_php_command_before_form>
 </packagegui>
-- 
cgit v1.2.3


From 6e16cbfa352eeaaabd15c597e1c83ccdae4a62fa Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:47:57 +0100
Subject: Add privileges configuration to pfflowd package

---
 config/pfflowd/pfflowd.priv.inc | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 config/pfflowd/pfflowd.priv.inc

diff --git a/config/pfflowd/pfflowd.priv.inc b/config/pfflowd/pfflowd.priv.inc
new file mode 100644
index 00000000..67074f52
--- /dev/null
+++ b/config/pfflowd/pfflowd.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+	pfflowd.priv.inc
+	part of pfSense (http://www.pfSense.org/)
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-pfflowd'] = array();
+$priv_list['page-services-pfflowd']['name'] = "WebCfg - Services: pfflowd package";
+$priv_list['page-services-pfflowd']['descr'] = "Allow access to pfflowd package GUI";
+$priv_list['page-services-pfflowd']['match'] = array();
+$priv_list['page-services-pfflowd']['match'][] = "pkg_edit.php?xml=pfflowd.xml*";
+
+?>
-- 
cgit v1.2.3


From 55ed9e6d7c35959af3b8ac5742c38a39ce05a36d Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:48:50 +0100
Subject: Bump pfflowd package version

---
 pkg_config.8.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 1f90b15e..105334e6 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -929,7 +929,7 @@
 		<depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
 		<depends_on_package>pfflowd-0.8.tbz</depends_on_package>
 		<depends_on_package_pbi>pfflowd-0.8-i386.pbi</depends_on_package_pbi>
-		<version>0.8.3 pkg v1.0.1</version>
+		<version>0.8.3 pkg v1.0.4</version>
 		<status>Stable</status>
 		<required_version>2.0</required_version>
 		<configurationfile>pfflowd.xml</configurationfile>
-- 
cgit v1.2.3


From c99835168c9930bdb49b70256b38757505a15482 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:49:23 +0100
Subject: Bump pfflowd package version

---
 pkg_config.8.xml.amd64 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index bf958a26..1a9ba54a 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -916,7 +916,7 @@
 		<depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
 		<depends_on_package>pfflowd-0.8.tbz</depends_on_package>
 		<depends_on_package_pbi>pfflowd-0.8-amd64.pbi</depends_on_package_pbi>
-		<version>0.8.3 pkg v1.0.1</version>
+		<version>0.8.3 pkg v1.0.4</version>
 		<status>Stable</status>
 		<required_version>2.0</required_version>
 		<configurationfile>pfflowd.xml</configurationfile>
-- 
cgit v1.2.3


From d74b03f386cf2cb80c1be781e0ad82c8168a453e Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 15 Nov 2015 22:49:56 +0100
Subject: Bump pfflowd package version

---
 pkg_config.10.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 4277cede..a43b55cc 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -898,7 +898,7 @@
 		<category>Network Management</category>
 		<config_file>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.xml</config_file>
 		<depends_on_package_pbi>pfflowd-0.8_1-##ARCH##.pbi</depends_on_package_pbi>
-		<version>1.0.3</version>
+		<version>1.0.4</version>
 		<status>RELEASE</status>
 		<required_version>3.0</required_version>
 		<configurationfile>pfflowd.xml</configurationfile>
-- 
cgit v1.2.3