From ff12f2bc124b7ffa7ff71acd7911ee279d6f6464 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Tue, 17 Nov 2015 17:30:22 +0100
Subject: olsrd package fixes, add privileges configuration

- Fix service handling
- Add input validations
- Disable the dynamic gateways options since the required plugin is missing in the package
- Couple of other clenaups
---
 config/olsrd/olsrd.xml | 111 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 68 insertions(+), 43 deletions(-)

(limited to 'config')

diff --git a/config/olsrd/olsrd.xml b/config/olsrd/olsrd.xml
index 6623c31f..8023f818 100644
--- a/config/olsrd/olsrd.xml
+++ b/config/olsrd/olsrd.xml
@@ -9,7 +9,7 @@
 /*
 	olsrd.xml
 	part of pfSense (https://www.pfSense.org/)
-	Copyright (C) 2012 Ermal Luçi
+	Copyright (C) 2006 Scott Ullrich
 	Copyright (C) 2015 ESF, LLC
 	All rights reserved.
 */
@@ -42,37 +42,58 @@
 	]]>
 	</copyright>
 	<name>olsrd</name>
-	<version>1.0.3</version>
-	<title>OLSRD</title>
+	<version>1.0.4</version>
+	<title>Services: OLSRD Settings</title>
 	<include_file>/usr/local/pkg/olsrd.inc</include_file>
 	<menu>
 		<name>OLSRD</name>
 		<section>Services</section>
 		<configfile>olsrd.xml</configfile>
+		<url>/pkg_edit.php?xml=olsrd.xml</url>
 	</menu>
 	<service>
-		<name>OLSRD</name>
-		<rcfile>/usr/local/sbin/olsrd -f /var/etc/olsr.conf</rcfile>
+		<name>olsrd</name>
+		<rcfile>olsrd.sh</rcfile>
+		<executable>olsrd</executable>
+		<description>Optimized Link State Routing Protocol Daemon</description>
 	</service>
-	<tabs>
-		<tab>
-			<text>OLSRD Settings</text>
-			<url>/pkg_edit.php?xml=olsrd.xml&amp;id=0</url>
-			<active/>
-		</tab>
-	</tabs>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
 		<item>https://packages.pfsense.org/packages/config/olsrd/olsrd.inc</item>
 	</additional_files_needed>
-	<configpath>['installedpackages']['OLSRD']['config']</configpath>
+	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/olsrd/olsrd.priv.inc</item>
+	</additional_files_needed>
 	<fields>
+		<field>
+			<name>Service Settings</name>
+			<type>listtopic</type>
+		</field>
 		<field>
 			<fielddescr>Enable OLSR</fielddescr>
 			<fieldname>enable</fieldname>
 			<description>Enables the dynamic mesh linking daemon.</description>
 			<type>checkbox</type>
 		</field>
+		<field>
+			<fielddescr>Enable Secure Mode</fielddescr>
+			<fieldname>enabledsecure</fieldname>
+			<description>Enables the secure mode.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Key</fielddescr>
+			<fieldname>securekey</fieldname>
+			<description>Paste the secure key information here.</description>
+			<type>textarea</type>
+			<rows>5</rows>
+			<cols>50</cols>
+		</field>
+		<field>
+			<name>General Settings</name>
+			<type>listtopic</type>
+		</field>
 		<field>
 			<fielddescr>Link Quality Level</fielddescr>
 			<fieldname>enablelqe</fieldname>
@@ -83,6 +104,7 @@
 				<option><value>0</value><name>0</name></option>
 				<option><value>1</value><name>1</name></option>
 			</options>
+			<default_value>2</default_value>
 		</field>
 		<field>
 			<fielddescr>Interfaces</fielddescr>
@@ -98,6 +120,7 @@
 			<fieldname>enablehttpinfo</fieldname>
 			<description>Enables the OLSR stats web server.</description>
 			<type>checkbox</type>
+			<enablefields>port,allowedhttpinfohost,allowedhttpinfosubnet</enablefields>
 		</field>
 		<field>
 			<fielddescr>HTTPInfo Port</fielddescr>
@@ -106,65 +129,67 @@
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Allowed host(s)</fielddescr>
+			<fielddescr>Allowed Host(s) IP Address/Subnet</fielddescr>
 			<fieldname>allowedhttpinfohost</fieldname>
-			<description>Hosts that are allowed to access the HTTPInfo web service.</description>
+			<description>IP(s) that are allowed to access the HTTPInfo web service.</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Allowed host(s) subnet</fielddescr>
+			<fielddescr>Allowed Host(s) Netmask</fielddescr>
 			<fieldname>allowedhttpinfosubnet</fieldname>
-			<description>Enter the subnet mask in form 255.255.255.0</description>
+			<description>Enter the subnet mask in long form (e.g. 255.255.255.0)</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Enable Dynamic Gateway</fielddescr>
-			<fieldname>enabledyngw</fieldname>
-			<description>Enables the OLSR Dynamic Gateways feature.</description>
-			<type>checkbox</type>
-		</field>
-		<field>
-			<fielddescr>Announce self as Dynamic Gateway</fielddescr>
+			<fielddescr>Announce Self as Dynamic Gateway</fielddescr>
 			<fieldname>enableannounce</fieldname>
 			<description>Enables the OLSR Dynamic Gateways Announcing feature.</description>
 			<type>checkbox</type>
 		</field>
 		<field>
-			<fielddescr>Announce Dynamic local route</fielddescr>
+			<fielddescr>Announce Dynamic Local Route</fielddescr>
 			<fieldname>announcedynamicroute</fieldname>
 			<description>Enter the IP/Netmask.</description>
 			<type>textarea</type>
 			<rows>3</rows>
 			<cols>50</cols>
 		</field>
+		<!-- Disabled since the required plugin is missing in the package -->
+		<!--
 		<field>
-			<fielddescr>Ping</fielddescr>
-			<fieldname>ping</fieldname>
-			<description>Pings this host to ensure connectivity.</description>
-			<type>input</type>
+			<name>Dynamic Gateway</name>
+			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Poll</fielddescr>
-			<fieldname>polling</fieldname>
-			<description>How often to look for a inet gw, in seconds.</description>
-			<type>input</type>
+			<fielddescr>Enable Dynamic Gateway</fielddescr>
+			<fieldname>enabledyngw</fieldname>
+			<description>Enables the OLSR Dynamic Gateways feature.</description>
+			<type>checkbox</type>
+			<enablefields>ping,polling</enablefields>
 		</field>
 		<field>
-			<fielddescr>Enable Secure Mode</fielddescr>
-			<fieldname>enabledsecure</fieldname>
-			<description>Enables the secure mode.</description>
-			<type>checkbox</type>
+			<fielddescr>Ping IP Address</fielddescr>
+			<fieldname>ping</fieldname>
+			<description>Pings this IPv4 address to ensure connectivity.</description>
+			<type>input</type>
+			<default_value>5</default_value>
 		</field>
 		<field>
-			<fielddescr>Key</fielddescr>
-			<fieldname>securekey</fieldname>
-			<description>Paste the secure key information here.</description>
-			<type>textarea</type>
-			<rows>5</rows>
-			<cols>50</cols>
+			<fielddescr>Poll Interval</fielddescr>
+			<fieldname>polling</fieldname>
+			<description>How often to look for an inet GW (in seconds).</description>
+			<type>input</type>
+			<default_value>5</default_value>
 		</field>
+		-->
 	</fields>
+	<custom_php_deinstall_command>
+		php_deinstall_olsrd();
+	</custom_php_deinstall_command>
 	<custom_php_resync_config_command>
 		setup_wireless_olsr($if);
 	</custom_php_resync_config_command>
+	<custom_php_validation_command>
+		validate_form_olsrd($_POST, $input_errors);
+	</custom_php_validation_command>
 </packagegui>
-- 
cgit v1.2.3


From 607bd9b118ffd32b53647464f8c01b4a1d488ee8 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Tue, 17 Nov 2015 17:35:02 +0100
Subject: olsrd package fixes

- Fix service handling
- Fix plugin paths
- Disable the dynamic gateways options since the required plugin is missing in the package
- Add input validations
- Some other cleanups
---
 config/olsrd/olsrd.inc | 156 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 111 insertions(+), 45 deletions(-)

(limited to 'config')

diff --git a/config/olsrd/olsrd.inc b/config/olsrd/olsrd.inc
index 4e15f9cf..f65c1168 100644
--- a/config/olsrd/olsrd.inc
+++ b/config/olsrd/olsrd.inc
@@ -2,7 +2,7 @@
 /*
 	olsrd.inc
 	part of pfSense (https://www.pfSense.org/)
-	Copyright (C) 2012 Ermal Luçi
+	Copyright (C) 2006 Scott Ullrich
 	Copyright (C) 2015 ESF, LLC
 	All rights reserved.
 
@@ -28,27 +28,36 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 require_once("config.inc");
+require_once("service-utils.inc");
+require_once("util.inc");
+
+$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+	define('OLSRD_LOCALBASE', '/usr/pbi/olsrd-' . php_uname("m") . '/local');
+} else {
+	define('OLSRD_LOCALBASE', '/usr/local');
+}
 
 function setup_wireless_olsr() {
 	global $config, $g;
 
-	if ($g['platform'] == 'jail' || !$config['installedpackages']['olsrd'] || !$config['installedpackages']) {
-		return;
-	}
-	if (isset($config['system']['developerspew'])) {
-		$mt = microtime();
-		echo "setup_wireless_olsr($interface) being called $mt\n";
-	}
 	conf_mount_rw();
 
-	foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) {
-		$olsr_enable = $olsrd['enable'];
-		if ($olsr_enable <> "on") {
-			if (is_process_running("olsrd")) {
-				mwexec("/usr/bin/killall olsrd", true);
-			}
-			return;
+	if (is_array($config['installedpackages']['olsrd'])) {
+		$olsrd_config = $config['installedpackages']['olsrd']['config'][0];
+	} else {
+		$olsrd_config = array();
+	}
+
+	/* If disabled, stop service if needed, unlink the rc script and do nothing else */
+	if ($olsrd_config['enable'] != "on") {
+		if (is_service_running("olsrd")) {
+			stop_service("olsrd");
 		}
+		unlink_if_exists("/usr/local/etc/rc.d/olsrd.sh");
+		return;
+	} else {
+		/* parse package config and create configuration file */
 		$fd = fopen("{$g['varetc_path']}/olsr.conf", "w");
 
 		if ($olsrd['announcedynamicroute'] or $olsrd['enableannounce'] == "on") {
@@ -64,7 +73,8 @@ function setup_wireless_olsr() {
 		} else {
 			$enableannounce = "";
 		}
-
+		
+		$pluginpath = OLSRD_LOCALBASE . '/lib';
 		$olsr .= <<<EODA
 #
 # olsr.org OLSR daemon config file
@@ -201,10 +211,10 @@ MprCoverage	3
 
 EODA;
 
-	if ($olsrd['enablehttpinfo'] == "on") {
-		$olsr .= <<<EODB
+		if ($olsrd['enablehttpinfo'] == "on") {
+			$olsr .= <<<EODB
 
-LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1"
+LoadPlugin "{$pluginpath}/olsrd_httpinfo.so.0.1"
 {
     PlParam     "port"   "{$olsrd['port']}"
     PlParam     "Net"    "{$olsrd['allowedhttpinfohost']} {$olsrd['allowedhttpinfosubnet']}"
@@ -212,29 +222,29 @@ LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1"
 
 EODB;
 
-	}
+		}
 
-	if ($olsrd['enabledsecure'] == "on") {
-		@file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']);
-		$olsr .= <<<EODC
+		if ($olsrd['enabledsecure'] == "on") {
+			@file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']);
+			$olsr .= <<<EODC
 
-LoadPlugin "/usr/local/lib/olsrd_secure.so.0.5"
+LoadPlugin "{$pluginpath}/olsrd_secure.so.0.6"
 {
     PlParam     "Keyfile"   "{$g['tmp_path']}/olsrkey.txt"
 }
 
 EODC;
 
-	}
+		}
 
-	if ($olsrd['enabledyngw'] == "on") {
+		if ($olsrd['enabledyngw'] == "on") {
 
-	/* unset default route, olsr auto negotiates */
-	mwexec("/sbin/route delete default");
+		/* unset default route, olsr auto negotiates */
+		mwexec("/sbin/route delete default");
 
-	$olsr .= <<<EODE
+		$olsr .= <<<EODE
 
-LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4"
+LoadPlugin "{$pluginpath}/olsrd_dyn_gw.so.0.4"
 {
     # how often to look for a inet gw, in seconds
     # defaults to 5 secs, if commented out
@@ -252,13 +262,13 @@ LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4"
 
 EODE;
 
-	}
+		}
 
-	foreach ($config['installedpackages']['olsrd']['config'] as $conf) {
-		$interfaces = explode(',', $conf['iface_array']);
-		foreach ($interfaces as $interface) {
-			$realinterface = convert_friendly_interface_to_real_interface_name($interface);
-			$olsr .= <<<EODAD
+		foreach ($config['installedpackages']['olsrd']['config'] as $conf) {
+			$interfaces = explode(',', $conf['iface_array']);
+			foreach ($interfaces as $interface) {
+				$realinterface = convert_friendly_interface_to_real_interface_name($interface);
+				$olsr .= <<<EODAD
 Interface "{$realinterface}"
 {
 
@@ -301,22 +311,78 @@ Interface "{$realinterface}"
 
 EODAD;
 
+			}
+			break;
 		}
-		break;
-	}
 
-	fwrite($fd, $olsr);
-	fclose($fd);
+		fwrite($fd, $olsr);
+		fclose($fd);
+
 
-}
 
-	if (is_process_running("olsrd")) {
-		mwexec("/usr/bin/killall olsrd", true);
+		/* create rc script and (re)start service */
+		$olsrd_start = "/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf";
+		$olsrd_stop = "/usr/bin/killall olsrd; sleep 3";
+		write_rcfile(array(
+			"file" => "olsrd.sh",
+			"start" => $olsrd_start,
+			"stop" => $olsrd_stop
+			)
+		);
+		if (is_service_running("olsrd")) {
+			restart_service("olsrd");
+		} else {
+			start_service("olsrd");
+		}
 	}
 
-	sleep(2);
-	mwexec_bg("/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf");
 	conf_mount_ro();
 }
 
+function validate_form_olsrd($post, &$input_errors) {
+	/*
+	if ($post['iface_array'] == "") {
+		$input_errors[] = 'You must select at least one interface for OSLRD.';
+	}
+	*/
+	if ($post['enablehttpinfo']) {
+		if (!$post['port'] || !$post['allowedhttpinfohost'] || !$post['allowedhttpinfosubnet']) {
+			$input_errors[] = "'HTTPInfo Port', 'Allowed Host(s) IP Address/Subnet' and 'Allowed Host(s) Netmask' must be filled in when HTTPInfo Plugin is enabled.";
+		}
+		if ($post['port'] && !is_port($post['port'])) {
+			$input_errors[] = "Invalid port entered for 'HTTPInfo Port'.";
+		}
+		if ($post['allowedhttpinfohost'] && !is_ipaddrv4($post['allowedhttpinfohost'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) IP Address/Subnet'.";
+		}
+		if ($post['allowedhttpinfosubnet'] && !is_ipaddrv4($post['allowedhttpinfosubnet'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) Netmask'.";
+		}
+		if ($post['allowedhttpinfohost'] && is_ipaddrv4($post['allowedhttpinfohost']) && $post['allowedhttpinfosubnet'] && is_ipaddrv4($post['allowedhttpinfosubnet'])) {
+			$cidr = 32 - log((ip2long($post['allowedhttpinfosubnet']) ^ ip2long('255.255.255.255')) + 1, 2);
+			$acl = "{$post['allowedhttpinfohost']}/{$cidr}";
+			if (!is_subnetv4($acl)) {
+				$input_errors[] = "'{$post['allowedhttpinfohost']}/{$post['allowedhttpinfosubnet']}' is not a valid IPv4 subnet.";
+			}
+		}
+	}
+	if ($post['enabledyngw']) {
+		if (!$post['ping'] || !$post['polling']) {
+			$input_errors[] = "'Ping IP Address' and 'Poll Interval' must be filled in when 'Enable Dynamic Gateway' is checked.";
+		}
+		if ($post['ping'] && !is_ipaddrv4($post['ping'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Ping IP Address'.";
+		}
+		if ($post['polling'] && (!is_numericint($post['polling']) || ($post['polling'] < 1))) {
+			$input_errors[] = "'Poll Interval' must be numeric integer greater than 0.";
+		}
+	}
+}
+
+function php_deinstall_olsrd() {
+	global $g;
+	unlink_if_exists("{$g['varetc_path']}/olsr.conf");
+	unlink_if_exists("{$g['tmp_path']}/olsrkey.txt");
+}
+
 ?>
-- 
cgit v1.2.3


From 5b3a7c0f3088ded1337b909ea9c4a2e036952e05 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Tue, 17 Nov 2015 17:38:13 +0100
Subject: Add privileges configuration to olsrd package

---
 config/olsrd/olsrd.priv.inc | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 config/olsrd/olsrd.priv.inc

(limited to 'config')

diff --git a/config/olsrd/olsrd.priv.inc b/config/olsrd/olsrd.priv.inc
new file mode 100644
index 00000000..159a2d36
--- /dev/null
+++ b/config/olsrd/olsrd.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+	olsrd.priv.inc
+	part of pfSense (http://www.pfSense.org/)
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-olsrd'] = array();
+$priv_list['page-services-olsrd']['name'] = "WebCfg - Services: OLSRD package";
+$priv_list['page-services-olsrd']['descr'] = "Allow access to OLSRD package GUI";
+$priv_list['page-services-olsrd']['match'] = array();
+$priv_list['page-services-olsrd']['match'][] = "pkg_edit.php?xml=olsrd.xml*";
+
+?>
-- 
cgit v1.2.3