From 963596380423d96585242667ed35d9a6d07181cc Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 16:58:33 +0200
Subject: Delete tinc_config.xml

Content moved to tinc.xml
---
 config/tinc/tinc_config.xml | 215 --------------------------------------------
 1 file changed, 215 deletions(-)
 delete mode 100644 config/tinc/tinc_config.xml

(limited to 'config')

diff --git a/config/tinc/tinc_config.xml b/config/tinc/tinc_config.xml
deleted file mode 100644
index d6ee9c26..00000000
--- a/config/tinc/tinc_config.xml
+++ /dev/null
@@ -1,215 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
-<packagegui>
-        <copyright>
-        <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
-    tinc_config.xml
-    part of pfSense (http://www.pfSense.com)
-    Copyright (C) 2007-2008 Scott Ullrich
-    All rights reserved.
-                                                                              */
-/* ========================================================================== */
-/*
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-     1. Redistributions of source code must retain the above copyright notice,
-        this list of conditions and the following disclaimer.
-
-     2. Redistributions in binary form must reproduce the above copyright
-        notice, this list of conditions and the following disclaimer in the
-        documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-                                                                              */
-/* ========================================================================== */
-        ]]>
-        </copyright>
-	<name>tinc</name>
-	<version>1.0.19</version>
-	<title>VPN: tinc</title>
-
-	<!-- configpath gets expanded out automatically and config items will be
-         stored in that location -->
-	<configpath>['installedpackages']['package']['$packagename']['config']</configpath>
-         
-	<tabs>
-		<tab>
-			<text>Config</text>
-			<url>/pkg_edit.php?xml=tinc_config.xml</url>
-			<active/>
-		</tab>
-		<tab>
-			<text>Hosts</text>
-			<url>/pkg.php?xml=tinc_hosts.xml</url>
-		</tab>
-	</tabs>
-	<advanced_options>enabled</advanced_options>
-	<fields>
-		<field>
-			<fielddescr>Name</fielddescr>
-			<fieldname>name</fieldname>
-			<description>This is the name which identifies this tinc daemon.  It must be unique for the virtual private network this daemon will connect to.</description>
-			<type>input</type>
-		</field>
-		<field>
-			<fielddescr>Local IP</fielddescr>
-			<fieldname>localip</fieldname>
-			<description>IP Address of local tunnel interface.  This is often the same IP as your routers LAN address, for example 192.168.2.1</description>
-			<type>input</type>
-		</field>
-		<field>
-			<fielddescr>Local Subnet</fielddescr>
-			<fieldname>localsubnet</fieldname>
-			<description>Subnet behind this router that should be advertised to the mesh.  This is usually your LAN subnet, for example 192.168.2.0/24</description>
-			<type>input</type>
-		</field>
-		<field>
-			<fielddescr>VPN Netmask</fielddescr>
-			<fieldname>vpnnetmask</fieldname>
-			<description>This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.  It is usually broader then your local netmask, for example 255.255.0.0</description>
-			<type>input</type>
-		</field>
-		<field>
-			<fielddescr>AddressFamily</fielddescr>
-			<fieldname>addressfamily</fieldname>
-			<description>This option affects the address family of listening and outgoing sockets.  If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.</description>
-			<type>select</type>
-			<options>
-				<option>
-					<name>ipv4</name>
-					<value>ipv4</value>
-				</option>
-				<option>
-					<name>ipv6</name>
-					<value>ipv6</value>
-				</option>
-				<option>
-					<name>any</name>
-					<value>any</value>
-				</option>
-			</options>
-		</field>
-                <field>
-                        <fielddescr>RSA private key</fielddescr>
-                        <fieldname>cert_key</fieldname>
-                        <description>RSA private key used for this host.  Include the BEGIN and END lines. &lt;br&gt;</description>
-                        <type>textarea</type>
-			<encoding>base64</encoding>
-                        <rows>7</rows>
-                        <cols>65</cols>
-                </field>
-                <field>
-                        <fielddescr>RSA public key</fielddescr>
-                        <fieldname>cert_pub</fieldname>
-                        <description>RSA public key used for this host.  Include the BEGIN and END lines. &lt;br&gt;</description>
-                        <type>textarea</type>
-			<encoding>base64</encoding>
-                        <rows>7</rows>
-                        <cols>65</cols>
-                </field>
-                <field>
-                        <fielddescr>Generate RSA key pair</fielddescr>
-                        <fieldname>gen_rsa</fieldname>
-                        <description>This will generate a new RSA key pair in the fields above.</description>
-                        <type>checkbox</type>
-                </field>
-                <field>
-                        <fielddescr>Extra Tinc Parameters</fielddescr>
-                        <fieldname>extra</fieldname>
-                        <description>Anything entered here will be added at the end of the tinc.conf configuration file. &lt;br&gt;</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Extra Host Parameters</fielddescr>
-                        <fieldname>host_extra</fieldname>
-                        <description>Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine. &lt;br&gt;</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Interface Up Script</fielddescr>
-                        <fieldname>tinc_up</fieldname>
-                        <description>This script is executed right after the tinc daemon has connected to the virtual network device.  By default a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group.  Entering a value here complely replaces the default script so be sure to bring up the interface in this script.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Interface Down Script</fielddescr>
-                        <fieldname>tinc_down</fieldname>
-                        <description>This script is executed right before the tinc daemon is going to close.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Host Up Script</fielddescr>
-                        <fieldname>host_up</fieldname>
-                        <description>This script is executed when any host becomes reachable.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Host Down Script</fielddescr>
-                        <fieldname>host_down</fieldname>
-                        <description>This script is executed when any host becomes unreachable.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Subnet Up Script</fielddescr>
-                        <fieldname>subnet_up</fieldname>
-                        <description>This script is executed when any subnet becomes reachable.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-                <field>
-                        <fielddescr>Subnet Down Script</fielddescr>
-                        <fieldname>subnet_down</fieldname>
-                        <description>This script is executed when any subnet becomes unreachable.</description>
-                        <type>textarea</type>
-                        <encoding>base64</encoding>
-                        <rows>8</rows>
-                        <cols>65</cols>
-			<advancedfield/>
-                </field>
-	</fields>
-	<include_file>/usr/local/pkg/tinc.inc</include_file>
-	<custom_php_resync_config_command>
-		tinc_save();
-	</custom_php_resync_config_command>
-</packagegui>
-- 
cgit v1.2.3


From 08efcbb61112e9e5743f13790fc9ca81856db846 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:02:37 +0200
Subject: tinc - pfSense 2.2.x fixes, code style and improvements

- Add copyright header
- XHTML valid code
- Fix code style, whitespace and indentation
- Removed the useless checks for clog location on pfSense <2.1.2
---
 config/tinc/status_tinc.php | 119 +++++++++++++++++++++++++-------------------
 1 file changed, 69 insertions(+), 50 deletions(-)

(limited to 'config')

diff --git a/config/tinc/status_tinc.php b/config/tinc/status_tinc.php
index f50ea640..59a1cb6e 100644
--- a/config/tinc/status_tinc.php
+++ b/config/tinc/status_tinc.php
@@ -1,88 +1,107 @@
 <?php
+/*
+	status_tinc.php
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2012-2015 ESF, LLC
+	All rights reserved.
 
-$pgtitle = array(gettext("Status"), "tinc");
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
 require("guiconfig.inc");
 
-function tinc_status_1() {
-        exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1");
+function tinc_status_usr1() {
+	exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1");
 	usleep(500000);
-	$clog_path = "";
+	$clog_path = "/usr/local/sbin/clog";
 	$result = array();
-	if (is_executable("/usr/local/sbin/clog")) {
-		$clog_path = "/usr/local/sbin/clog";
-	} elseif (is_executable("/usr/sbin/clog")) {
-		$clog_path = "/usr/sbin/clog";
-	}
 
-	if (!empty($clog_path))
-		exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result);
-	$i=0;
-	foreach($result as $line)
-	{
-		if(preg_match("/Connections:/",$line))
-			$begin=$i;
-		if(preg_match("/End of connections./",$line))
-			$end=$i;
+	exec("{$clog_path} /var/log/tinc.log | /usr/bin/sed -e 's/.*tinc\[.*\]: //'", $result);
+	$i = 0;
+	foreach ($result as $line) {
+		if (preg_match("/Connections:/", $line)) {
+			$begin = $i;
+		}
+		if (preg_match("/End of connections./", $line)) {
+			$end = $i;
+		}
 		$i++;
 	}
-	$output="";
-	$i=0;
-	foreach($result as $line)
-	{
-		if($i >= $begin && $i<= $end)
+	$output = "";
+	$i = 0;
+	foreach ($result as $line) {
+		if ($i >= $begin && $i<= $end) {
 			$output .= $line . "\n";
+		}
 		$i++;
 	}
 	return $output;
 }
 
-function tinc_status_2() {
-        exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2");
+function tinc_status_usr2() {
+	exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2");
 	usleep(500000);
-	$clog_path = "";
+	$clog_path = "/usr/local/sbin/clog";
 	$result = array();
-	if (is_executable("/usr/local/sbin/clog")) {
-		$clog_path = "/usr/local/sbin/clog";
-	} elseif (is_executable("/usr/sbin/clog")) {
-		$clog_path = "/usr/sbin/clog";
-	}
 
-	if (!empty($clog_path))
-		exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result);
-	$i=0;
-	foreach($result as $line)
-	{
-		if(preg_match("/Statistics for Generic BSD tun device/",$line))
-			$begin=$i;
-		if(preg_match("/End of subnet list./",$line))
-			$end=$i;
+	exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result);
+	$i = 0;
+	foreach ($result as $line) {
+		if (preg_match("/Statistics for Generic BSD tun device/",$line)) {
+			$begin = $i;
+		}
+		if (preg_match("/End of subnet list./",$line)) {
+			$end = $i;
+		}
 		$i++;
 	}
 	$output="";
-	$i=0;
-	foreach($result as $line)
-	{
-		if($i >= $begin && $i<= $end)
+	$i = 0;
+	foreach ($result as $line) {
+		if ($i >= $begin && $i<= $end) {
 			$output .= $line . "\n";
+		}
 		$i++;
 	}
 	return $output;
 }
 
 $shortcut_section = "tinc";
-include("head.inc"); ?>
+$pgtitle = array(gettext("Status"), "tinc");
+include("head.inc");
+?>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>">
 <?php include("fbegin.inc"); ?>
 
-Connection list:<BR>
+<strong>Connection list:</strong><br />
 <pre>
-<?php print tinc_status_1(); ?>
+<?php print tinc_status_usr1(); ?>
 </pre>
-<BR>
-Virtual network device statistics, all known nodes, edges and subnets:<BR>
+<br />
+<strong>Virtual network device statistics, all known nodes, edges and subnets:</strong><br />
 <pre>
-<?php print tinc_status_2(); ?>
+<?php print tinc_status_usr2(); ?>
 </pre>
 
 <?php include("fend.inc"); ?>
+</body>
+</html>
-- 
cgit v1.2.3


From 4b896c944ef69319f3e7186997029ab3fe41f148 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:04:54 +0200
Subject: tinc_config.xml does not exist any more, fix location accordingly

---
 config/tinc/pkg_tinc.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/tinc/pkg_tinc.inc b/config/tinc/pkg_tinc.inc
index b5b223b0..1ec4ebc0 100644
--- a/config/tinc/pkg_tinc.inc
+++ b/config/tinc/pkg_tinc.inc
@@ -3,7 +3,7 @@
 global $shortcuts;
 
 $shortcuts['tinc'] = array();
-$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc_config.xml";
+$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc.xml";
 $shortcuts['tinc']['status'] = "status_tinc.php";
 $shortcuts['tinc']['log'] = "diag_pkglogs.php?pkg=tinc";
 $shortcuts['tinc']['service'] = "tinc";
-- 
cgit v1.2.3


From cddbe8e902c6e194363bdf1cb13f68df56bf2200 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:09:44 +0200
Subject: tinc - pfSense 2.2.x fixes, code style and improvements

- Add copyright header
- Fix code style, whitespace and indentation
- Added some basic input validation
- Add a symlink to make this work on pfSense 2.2.x (fixes Bug #4409)
- Added an enable checkbox to make it possible to disable tinc without uninstalling the package
---
 config/tinc/tinc.inc | 323 +++++++++++++++++++++++++++++----------------------
 1 file changed, 187 insertions(+), 136 deletions(-)

(limited to 'config')

diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc
index 82d5b453..65f07e32 100644
--- a/config/tinc/tinc.inc
+++ b/config/tinc/tinc.inc
@@ -1,204 +1,255 @@
 <?php
-
+/*
+	tinc.inc
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2012-2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* include_once('guiconfig.inc'); is needed for clear_log_file() during package installation while booting.
+ * However, guiconfig.inc includes authgui.inc which requires a valid php session_auth() and exits when not found.
+ * So we include the function here.
+*/
 if (!function_exists('clear_log_file')) {
-//include_once('guiconfig.inc'); // needed for clear_log_file() during package installation while booting
-//however guiconfig.inc includes authgui.inc which requires a valid php session_auth(), and exits when not found..
-//so include the function here..
+
 	function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) {
 		global $config, $g;
-		if ($restart_syslogd)
+		if ($restart_syslogd) {
 			exec("/usr/bin/killall syslogd");
-		if(isset($config['system']['disablesyslogclog'])) {
+		}
+		if (isset($config['system']['disablesyslogclog'])) {
 			unlink($logfile);
 			touch($logfile);
 		} else {
 			$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488";
-			if(isset($config['system']['usefifolog']))
+			if (isset($config['system']['usefifolog'])) {
 				exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile));
-			else
+			} else {
 				exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile));
+			}
 		}
-		if ($restart_syslogd)
+		if ($restart_syslogd) {
 			system_syslogd_start();
+		}
 	}
 }
 
 function tinc_save() {
-	global $config;
+	global $config, $configpath;
+	$configpath = '/usr/local/etc/tinc/';
+
 	conf_mount_rw();
-	exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old");
-	safe_mkdir("/usr/local/etc/tinc");
-	safe_mkdir("/usr/local/etc/tinc/hosts");
-	exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI");
+
+	rename("{$configpath}", "{$configpath}.old");
+	safe_mkdir("{$configpath}");
+	safe_mkdir("{$configpath}/hosts");
+	touch("{$configpath}/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI");
 	$tincconf = &$config['installedpackages']['tinc']['config'][0];
-	$fout = fopen("/usr/local/etc/tinc/tinc.conf","w");
+	$fout = fopen("{$configpath}/tinc.conf", "w");
 
 	// No proper config, bail out.
-	if (!isset($tincconf['name']) || empty($tincconf['name']))
+	if (!isset($tincconf['name']) || empty($tincconf['name'])) {
+		log_error("[tinc] Cannot configure (name not set). Check your configuration.");
 		return;
+	}
 
-	fwrite($fout, "name=".$tincconf['name']."\n");
-	fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n");
-	if(!is_array($config['installedpackages']['tinchosts']['config'])) { $config['installedpackages']['tinchosts']['config']=Array(); }
-	foreach($config['installedpackages']['tinchosts']['config'] as $host) {
-		if($host['connect'])
-		{
+	fwrite($fout, "name=" . $tincconf['name'] . "\n");
+	fwrite($fout, "AddressFamily=" . $tincconf['addressfamily'] . "\n");
+	if (!is_array($config['installedpackages']['tinchosts']['config'])) {
+		$config['installedpackages']['tinchosts']['config']= array();
+	}
+	foreach ($config['installedpackages']['tinchosts']['config'] as $host) {
+		if($host['connect']) {
 			fwrite($fout, "ConnectTo=" . $host['name'] . "\n");
 		}
-		
-		$_output = "Address=".$host['address']."\n";
-		$_output .= "Subnet=".$host['subnet']."\n";
-		$_output .= base64_decode($host['extra'])."\n";
-		$_output .= base64_decode($host['cert_pub'])."\n";
-		file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output);
-		if($host['host_up'])
-		{
-			file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',str_replace("\r", "", base64_decode($host['host_up']))."\n");
-			chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744);
+
+		$_output = "Address=" . $host['address'] . "\n";
+		$_output .= "Subnet=" . $host['subnet'] . "\n";
+		$_output .= base64_decode($host['extra']) . "\n";
+		$_output .= base64_decode($host['cert_pub']) . "\n";
+		file_put_contents("{$configpath}/hosts/" . $host['name'], $_output);
+		if ($host['host_up']) {
+			file_put_contents("{$configpath}/hosts/" . $host['name'] . '-up', str_replace("\r", "", base64_decode($host['host_up'])) . "\n");
+			chmod("{$configpath}/hosts/" . $host['name'] . '-up', 0744);
 		}
-		if($host['host_down'])
-		{
-			file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',str_replace("\r", "", base64_decode($host['host_down']))."\n");
-			chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744);
+		if ($host['host_down']) {
+			file_put_contents("{$configpath}/hosts/" . $host['name'] . '-down', str_replace("\r", "", base64_decode($host['host_down'])) . "\n");
+			chmod("{$configpath}/hosts/" . $host['name'] . '-down', 0744);
 		}
 	}
-	fwrite($fout, base64_decode($tincconf['extra'])."\n");
+	fwrite($fout, base64_decode($tincconf['extra']) . "\n");
 	fclose($fout);
 
 	// Check if we need to generate a new RSA key pair.
-	if ($tincconf['gen_rsa'])
-	{
-		safe_mkdir("/usr/local/etc/tinc/tmp");
-		exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K");
-		$tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub'));
-		$tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv'));
+	if ($tincconf['gen_rsa']) {
+		safe_mkdir("{$configpath}/tmp");
+		exec("/usr/local/sbin/tincd -c {$configpath}/tmp -K");
+		$tincconf['cert_pub'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.pub"));
+		$tincconf['cert_key'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.priv"));
 		$tincconf['gen_rsa'] = false;
 		$config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub'];
 		$config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key'];
 		$config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa'];
-		rmdir_recursive("/usr/local/etc/tinc/tmp");
-		write_config();
+		rmdir_recursive("{$configpath}/tmp");
+		write_config("[tinc] New RSA key pair generated.");
 	}
 
 	$_output = "Subnet=" . $tincconf['localsubnet'] . "\n";
 	$_output .= base64_decode($tincconf['host_extra']) . "\n";
 	$_output .= base64_decode($tincconf['cert_pub']) . "\n";
-	file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output);
-	file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n");
-	chmod("/usr/local/etc/tinc/rsa_key.priv", 0600);
-	if($tincconf['tinc_up'])
-	{
+	file_put_contents("{$configpath}/hosts/" . $tincconf['name'], $_output);
+	file_put_contents("{$configpath}/rsa_key.priv", base64_decode($tincconf['cert_key']) . "\n");
+	chmod("{$configpath}/rsa_key.priv", 0600);
+	if ($tincconf['tinc_up']) {
 		$_output = base64_decode($tincconf['tinc_up']) . "\n";
-	}
-	else
-	{
+	} else {
 		$_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n";
 		$_output .= "ifconfig \$INTERFACE group tinc\n";
 	}
-	file_put_contents('/usr/local/etc/tinc/tinc-up',$_output);
-	chmod("/usr/local/etc/tinc/tinc-up", 0744);
-	if($tincconf['tinc_down'])
-	{
-		file_put_contents('/usr/local/etc/tinc/tinc-down',str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n");
-		chmod("/usr/local/etc/tinc/tinc-down", 0744);
-	}
-	if($tincconf['host_up'])
-	{
-		file_put_contents('/usr/local/etc/tinc/host-up',str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n");
-		chmod("/usr/local/etc/tinc/host-up", 0744);
-	}
-	if($tincconf['host_down'])
-	{
-		file_put_contents('/usr/local/etc/tinc/host-down',str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n");
-		chmod("/usr/local/etc/tinc/host-down", 0744);
-	}
-	if($tincconf['subnet_up'])
-	{
-		file_put_contents('/usr/local/etc/tinc/subnet-up',str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n");
-		chmod("/usr/local/etc/tinc/subnet-up", 0744);
-	}
-	if($tincconf['subnet_down'])
-	{
-		file_put_contents('/usr/local/etc/tinc/subnet-down',str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n");
-		chmod("/usr/local/etc/tinc/subnet-down", 0744);
-	}
-	system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null");
-	rmdir_recursive("/usr/local/etc/tinc.old");
+	file_put_contents("{$configpath}/tinc-up", $_output);
+	chmod("{$configpath}/tinc-up", 0744);
+	if ($tincconf['tinc_down']) {
+		file_put_contents("{$configpath}/tinc-down", str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n");
+		chmod("{$configpath}/tinc-down", 0744);
+	}
+	if ($tincconf['host_up']) {
+		file_put_contents("{$configpath}/host-up", str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n");
+		chmod("{$configpath}/host-up", 0744);
+	}
+	if ($tincconf['host_down']) {
+		file_put_contents("{$configpath}/host-down", str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n");
+		chmod("{$configpath}/host-down", 0744);
+	}
+	if ($tincconf['subnet_up']) {
+		file_put_contents("{$configpath}/subnet-up", str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n");
+		chmod("{$configpath}/subnet-up", 0744);
+	}
+	if ($tincconf['subnet_down']) {
+		file_put_contents("{$configpath}/subnet-down", str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n");
+		chmod("{$configpath}/subnet-down", 0744);
+	}
+
+	$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+	if ($pfs_version == "2.2") {
+		$pbietcpath = '/usr/pbi/tinc-' . php_uname("m") . '/local/etc';
+		unlink_if_exists("{$pbietcpath}/tinc");
+		symlink($configpath, "{$pbietcpath}/tinc");
+	}
+
+	if ($tincconf['enable'] != "") {
+		restart_service("tinc");
+	} elseif (is_process_running("tincd")); {
+			stop_service("tinc");
+	}
 
+	rmdir_recursive("/usr/local/etc/tinc.old");
 	conf_mount_ro();
 }
 
 function tinc_install() {
 	global $config;
+
 	safe_mkdir("/usr/local/etc/tinc");
 	safe_mkdir("/usr/local/etc/tinc/hosts");
-	$_rcfile['file']='tinc.sh';
-	$_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t";
-	$_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t";
-	write_rcfile($_rcfile);
+	$rc['file'] = 'tinc.sh';
+	$rc['start'] .= "/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t";
+	$rc['stop'] .= "/usr/local/sbin/tincd --kill \n\t";
+	write_rcfile($rc);
 	unlink_if_exists("/usr/local/etc/rc.d/tincd");
 	clear_log_file("/var/log/tinc.log");
-	
-	conf_mount_rw();
 
-        /* Create Interface Group */
-        if (!is_array($config['ifgroups']['ifgroupentry']))
-        $config['ifgroups']['ifgroupentry'] = array();
-
-        $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-        $ifgroupentry = array();
-        $ifgroupentry['members'] = '';
-        $ifgroupentry['descr'] = 'tinc mesh VPN interface group';
-        $ifgroupentry['ifname'] = 'tinc';
-        $a_ifgroups[] = $ifgroupentry;
+	/* Create Interface Group */
+	if (!is_array($config['ifgroups']['ifgroupentry'])) {
+		$config['ifgroups']['ifgroupentry'] = array();
+	}
 
-        /* XXX: Do not remove this. */
-        mwexec("/bin/rm -f /tmp/config.cache");
+	$a_ifgroups = &$config['ifgroups']['ifgroupentry'];
+	$ifgroupentry = array();
+	$ifgroupentry['members'] = '';
+	$ifgroupentry['descr'] = 'tinc mesh VPN interface group';
+	$ifgroupentry['ifname'] = 'tinc';
+	$a_ifgroups[] = $ifgroupentry;
 
-        write_config();
+	/* XXX: Do not remove this. WTH?! */
+	mwexec("/bin/rm -f /tmp/config.cache");
 
-	conf_mount_ro();
+	write_config("[tinc] Package installed.");
 }
 
 function tinc_deinstall() {
 	global $config;
-        /* Remove Interface Group */
-        conf_mount_rw();
-        if (!is_array($config['ifgroups']['ifgroupentry']))
-        $config['ifgroups']['ifgroupentry'] = array();
-
-        $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-
-        $myid=-1;
-        $i = 0;
-        foreach ($a_ifgroups as $ifgroupentry)
-        {
-                if($ifgroupentry['ifname']=='tinc')
-                {
-                        $myid=$i;
-                        break;
-                }
-                $i++;
-        }
-
-        if ($myid >= 0 && $a_ifgroups[$myid])
-        {
-                $members = explode(" ", $a_ifgroups[$_GET['id']]['members']);
-                foreach ($members as $ifs)
-                {
-                        $realif = get_real_interface($ifs);
-                        if ($realif)
-                                mwexec("/sbin/ifconfig  {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname']));
-                }
-                unset($a_ifgroups[$myid]);
-        	mwexec("/bin/rm -f /tmp/config.cache");
-        	write_config();
-        }
-	conf_mount_ro();
 
+	/* Remove Interface Group */
+	if (!is_array($config['ifgroups']['ifgroupentry'])) {
+		$config['ifgroups']['ifgroupentry'] = array();
+	}
+
+	$a_ifgroups = &$config['ifgroups']['ifgroupentry'];
+
+	$myid = -1;
+	$i = 0;
+	foreach ($a_ifgroups as $ifgroupentry) {
+		if ($ifgroupentry['ifname'] == 'tinc') {
+			$myid = $i;
+			break;
+		}
+		$i++;
+	}
+
+	if ($myid >= 0 && $a_ifgroups[$myid]) {
+		$members = explode(" ", $a_ifgroups[$_GET['id']]['members']);
+		foreach ($members as $ifs) {
+			$realif = get_real_interface($ifs);
+			if ($realif) {
+				mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname']));
+			}
+		}
+		unset($a_ifgroups[$myid]);
+		/* WTH?! */
+		mwexec("/bin/rm -f /tmp/config.cache");
+		write_config("[tinc] Package uninstalled.");
+	}
 	rmdir_recursive("/var/tmp/tinc");
 	rmdir_recursive("/usr/local/etc/tinc*");
-	unlink_if_exists("/usr/local/etc/rc.d/tinc.sh");
 }
 
+function tinc_validate_input($post, &$input_errors) {
+	if ($post['localip']) {
+		if ((!is_ipaddr($post['localip'])) && (!is_hostname($post['localip']))) {
+			$input_errors[] = gettext("'Local IP' must be a valid IP address or hostname.");
+		}
+	}
+	if ($post['address']) {
+		if ((!is_ipaddr($post['address'])) && (!is_hostname($post['address']))) {
+			$input_errors[] = gettext("'Host Address' must be a valid IP address or hostname.");
+		}
+	}
+	if (($post['localsubnet']) && (!is_subnet($post['localsubnet']))) {
+		$input_errors[] = gettext("'Local Subnet' must be a valid subnet.");
+	}
+	if (($post['subnet']) && (!is_subnet($post['subnet']))) {
+		$input_errors[] = gettext("'Subnet' must be a valid subnet.");
+	}
+}
 ?>
-- 
cgit v1.2.3


From 835c60a0917b47aa22e4ed9ea0113381fb920f1b Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:12:44 +0200
Subject: tinc - pfSense 2.2.x fixes, code style and improvements

- Fix copyright header
- Nuke unused tags
- Add input validation
---
 config/tinc/tinc_hosts.xml | 121 ++++++++++++++++++++++++---------------------
 1 file changed, 64 insertions(+), 57 deletions(-)

(limited to 'config')

diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml
index 7741b7be..f210f23a 100644
--- a/config/tinc/tinc_hosts.xml
+++ b/config/tinc/tinc_hosts.xml
@@ -1,57 +1,54 @@
 <?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
 <packagegui>
-        <copyright>
-        <![CDATA[
+	<copyright>
+<![CDATA[
 /* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
 /*
-    tinc_hosts.xml
-    part of pfSense (http://www.pfSense.com)
-    Copyright (C) 2007-2009 Scott Ullrich
-    All rights reserved.
-                                                                              */
-/* ========================================================================== */
+	tinc_hosts.xml
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2012-2015 ESF, LLC
+	All rights reserved.
+*/
+/* ====================================================================================== */
 /*
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
 
-     1. Redistributions of source code must retain the above copyright notice,
-        this list of conditions and the following disclaimer.
 
-     2. Redistributions in binary form must reproduce the above copyright
-        notice, this list of conditions and the following disclaimer in the
-        documentation and/or other materials provided with the distribution.
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
 
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-                                                                              */
-/* ========================================================================== */
-        ]]>
-        </copyright>
-    <description>tinc Hosts</description>
-    <requirements></requirements>
-    <faq>Currently there are no FAQ items provided.</faq>
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+	]]>
+	</copyright>
 	<name>tinchosts</name>
-	<version>1.0.19</version>
+	<version>1.2.2</version>
 	<title>VPN: tinc - Hosts</title>
-	<!-- configpath gets expanded out automatically and config items will be
-         stored in that location -->
+	<include_file>/usr/local/pkg/tinc.inc</include_file>
 	<configpath>['installedpackages']['package']['$packagename']['config']</configpath>
-
 	<tabs>
 		<tab>
 			<text>Config</text>
-			<url>/pkg_edit.php?xml=tinc_config.xml</url>
+			<url>/pkg_edit.php?xml=tinc.xml</url>
 		</tab>
 		<tab>
 			<text>Hosts</text>
@@ -60,9 +57,6 @@
 		</tab>
 	</tabs>
 	<advanced_options>enabled</advanced_options>
-
-	<!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit
-         items.  An example of this would be the nat page where you add new nat redirects -->
 	<adddeleteeditpagefields>
 		<columnitem>
 			<fielddescr>Name</fielddescr>
@@ -83,20 +77,20 @@
 		</columnitem>
 
 	</adddeleteeditpagefields>
-	<!-- fields gets invoked when the user adds or edits a item.   the following items
-         will be parsed and rendered for the user as a gui with input, and selectboxes. -->
 	<fields>
 		<field>
 			<fielddescr>Name</fielddescr>
 			<fieldname>name</fieldname>
 			<description>Name of this host.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
 			<fielddescr>Address</fielddescr>
 			<fieldname>address</fieldname>
 			<description>IP address or hostname of server.</description>
 			<type>input</type>
+			<required/>
 		</field>
 		<field>
 			<fielddescr>Subnet</fielddescr>
@@ -104,6 +98,7 @@
 			<description>Subnet behind host (like 192.168.254.0/24)</description>
 			<type>input</type>
 			<size>50</size>
+			<required/>
 		</field>
 		<field>
 			<fielddescr>Connect at Startup</fielddescr>
@@ -114,7 +109,11 @@
 		<field>
 			<fielddescr>RSA public key</fielddescr>
 			<fieldname>cert_pub</fieldname>
-			<description>RSA public key used for this host. Include the BEGIN and END lines.&lt;br&gt;</description>
+			<description>
+				<![CDATA[
+				RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br />
+				]]>
+			</description>
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>7</rows>
@@ -123,7 +122,11 @@
 		<field>
 			<fielddescr>Extra Parameters</fielddescr>
 			<fieldname>extra</fieldname>
-			<description>Anything entered here will be added just prior to the public certiciate in the host configuration file. &lt;br&gt;</description>
+			<description>
+				<![CDATA[
+				Anything entered here will be added just prior to the public certiciate in the host configuration file.<br />
+				]]>
+			</description>
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
@@ -133,7 +136,11 @@
 		<field>
 			<fielddescr>Host Up Script</fielddescr>
 			<fieldname>host_up</fieldname>
-			<description>This script will be run when this host becomes reachable. &lt;br&gt;</description>
+			<description>
+				<![CDATA[
+				This script will be run when this host becomes reachable.<br />
+				]]>
+			</description>
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
@@ -143,25 +150,25 @@
 		<field>
 			<fielddescr>Host Down Script</fielddescr>
 			<fieldname>host_down</fieldname>
-			<description>This script will be run when this host becomes unreachable. &lt;br&gt;</description>
+			<description>
+				<![CDATA[
+				This script will be run when this host becomes unreachable.<br />
+				]]>
+			</description>
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
 			<cols>65</cols>
 			<advancedfield/>
 		</field>
-	</fields>	
-	<include_file>/usr/local/pkg/tinc.inc</include_file>
-	<custom_add_php_command>
-	</custom_add_php_command>
+	</fields>
 	<custom_php_resync_config_command>
 		tinc_save();
 	</custom_php_resync_config_command>
-	<custom_php_command_before_form>
-	</custom_php_command_before_form>
-	<custom_php_after_form_command>
-	</custom_php_after_form_command>
 	<custom_delete_php_command>
 		tinc_save();
 	</custom_delete_php_command>
+	<custom_php_validation_command>
+		tinc_validate_input($_POST, $input_errors);
+	</custom_php_validation_command>
 </packagegui>
-- 
cgit v1.2.3


From 417158f54818bb93b791085a32a71995658cb86a Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:15:02 +0200
Subject: Update tinc_hosts.xml

Fix columns number in textarea for RSA keys.
---
 config/tinc/tinc_hosts.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'config')

diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml
index f210f23a..b521d4a2 100644
--- a/config/tinc/tinc_hosts.xml
+++ b/config/tinc/tinc_hosts.xml
@@ -117,7 +117,7 @@
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>7</rows>
-			<cols>65</cols>
+			<cols>70</cols>
 		</field>
 		<field>
 			<fielddescr>Extra Parameters</fielddescr>
@@ -130,7 +130,7 @@
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
-			<cols>65</cols>
+			<cols>70</cols>
 			<advancedfield/>
 		</field>
 		<field>
@@ -144,7 +144,7 @@
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
-			<cols>65</cols>
+			<cols>70</cols>
 			<advancedfield/>
 		</field>
 		<field>
@@ -158,7 +158,7 @@
 			<type>textarea</type>
 			<encoding>base64</encoding>
 			<rows>8</rows>
-			<cols>65</cols>
+			<cols>70</cols>
 			<advancedfield/>
 		</field>
 	</fields>
-- 
cgit v1.2.3


From 4dd1f291e78746bd0cccb6ce27359f90f02693e1 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Wed, 26 Aug 2015 17:20:02 +0200
Subject: tinc - pfSense 2.2.x fixes, code style and improvements

- Fix copyright header
- All content from tinc_config.xml moved here
- Add basic input validation
- Added an enable checkbox to make it possible to disable tinc without uninstalling the package
- Fix textarea so that the generated RSA keys actually fit in without linewraps
- Cosmetics
---
 config/tinc/tinc.xml | 340 +++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 277 insertions(+), 63 deletions(-)

(limited to 'config')

diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml
index 183ae161..89d1e8ce 100644
--- a/config/tinc/tinc.xml
+++ b/config/tinc/tinc.xml
@@ -1,103 +1,317 @@
 <?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
 <packagegui>
-        <copyright>
-        <![CDATA[
+	<copyright>
+<![CDATA[
 /* $Id$ */
-/* ========================================================================== */
+/* ====================================================================================== */
 /*
-    tinc.xml
-    part of pfSense (http://www.pfSense.com)
-    Copyright (C) 2007-2008 Scott Ullrich
-    All rights reserved.
-                                                                              */
-/* ========================================================================== */
+	tinc.xml
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2012-2015 ESF, LLC
+	All rights reserved.
+*/
+/* ====================================================================================== */
 /*
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
 
-     1. Redistributions of source code must retain the above copyright notice,
-        this list of conditions and the following disclaimer.
 
-     2. Redistributions in binary form must reproduce the above copyright
-        notice, this list of conditions and the following disclaimer in the
-        documentation and/or other materials provided with the distribution.
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
 
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-                                                                              */
-/* ========================================================================== */
-        ]]>
-        </copyright>
-    <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description>
-    <requirements>Describe your package requirements here</requirements>
-    <faq>Currently there are no FAQ items provided.</faq>
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+	]]>
+	</copyright>
+	<description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description>
 	<name>tinc</name>
-	<version>1.0.23 v1.2.1</version>
-	<title>VPN: tinc</title>
-	<!-- Menu is where this packages menu will appear -->
+	<version>1.2.2</version>
+	<title>VPN: tinc - Config</title>
+	<include_file>/usr/local/pkg/tinc.inc</include_file>
+	<configpath>['installedpackages']['package']['$packagename']['config']</configpath>
 	<menu>
 		<name>tinc</name>
-		<tooltiptext>tinc is a mesh VPN daemon.</tooltiptext>
 		<section>VPN</section>
-		<configfile>tinc_config.xml</configfile>
-		<url>/pkg_edit.php?xml=tinc_config.xml</url>
+		<configfile>tinc.xml</configfile>
+		<url>/pkg_edit.php?xml=tinc.xml</url>
 	</menu>
 	<menu>
-		<name>tincd</name>
-		<tooltiptext>Status of tinc VPN Daemon</tooltiptext>
+		<name>tinc VPN</name>
 		<section>Status</section>
 		<url>/status_tinc.php</url>
 	</menu>
-	
+	<service>
+		<name>tinc</name>
+		<rcfile>tinc.sh</rcfile>
+		<executable>tincd</executable>
+		<description>Tinc Mesh VPN</description>
+	</service>
+	<tabs>
+		<tab>
+			<text>Config</text>
+			<url>/pkg_edit.php?xml=tinc.xml</url>
+			<active/>
+		</tab>
+		<tab>
+			<text>Hosts</text>
+			<url>/pkg.php?xml=tinc_hosts.xml</url>
+		</tab>
+	</tabs>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
-		<chmod>0644</chmod>
 		<item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
-		<chmod>0644</chmod>
-		<item>https://packages.pfsense.org/packages/config/tinc/tinc_config.xml</item>
-	</additional_files_needed>
-	<additional_files_needed>
-		<prefix>/usr/local/pkg/</prefix>
-		<chmod>0644</chmod>
 		<item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/www/</prefix>
-		<chmod>0755</chmod>
 		<item>https://packages.pfsense.org/packages/config/tinc/status_tinc.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/www/shortcuts/</prefix>
-		<chmod>0644</chmod>
 		<item>https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc</item>
 	</additional_files_needed>
-         
-	<service>
-	  <name>tinc</name>
-	  <rcfile>tinc.sh</rcfile>
-	  <executable>tincd</executable>
-	  <description>tinc mesh VPN</description>
-	</service>
-	<include_file>/usr/local/pkg/tinc.inc</include_file>
-
+	<advanced_options>enabled</advanced_options>
+	<fields>
+		<field>
+			<name>Basic Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Enable Tinc VPN</fielddescr>
+			<fieldname>enable</fieldname>
+			<description>Check this to enable tinc mesh VPN.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Name</fielddescr>
+			<fieldname>name</fieldname>
+			<description>
+				<![CDATA[
+				This is the name which identifies this tinc daemon.<br />
+				It must be unique for the virtual private network this daemon will connect to.
+				]]>
+			</description>
+			<type>input</type>
+			<required/>
+		</field>
+		<field>
+			<fielddescr>Local IP</fielddescr>
+			<fieldname>localip</fieldname>
+			<description>
+				<![CDATA[
+				IP Address of local tunnel interface.<br />
+				This is often the same IP as your routers LAN address. (Example: 192.168.2.1)
+				]]>
+			</description>
+			<type>input</type>
+			<required/>
+		</field>
+		<field>
+			<fielddescr>Local Subnet</fielddescr>
+			<fieldname>localsubnet</fieldname>
+			<description>
+				<![CDATA[
+				Subnet behind this router that should be advertised to the mesh.<br />
+				This is usually your LAN subnet. (Example: 192.168.2.0/24)
+				]]>
+			</description>
+			<type>input</type>
+			<required/>
+		</field>
+		<field>
+			<fielddescr>VPN Netmask</fielddescr>
+			<fieldname>vpnnetmask</fieldname>
+			<description>
+				<![CDATA[
+				This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.<br />
+				It is usually broader then your local netmask. (Example: 255.255.0.0)
+				]]>
+			</description>
+			<type>input</type>
+			<required/>
+		</field>
+		<field>
+			<fielddescr>Address Family</fielddescr>
+			<fieldname>addressfamily</fieldname>
+			<description>
+				<![CDATA[
+				This option affects the address family of listening and outgoing sockets.<br />
+				If "Any" is selected, then - depending on the operating system - either both IPv4 and IPv6 or just IPv6 listening sockets will be created.
+				]]>
+			</description>
+			<type>select</type>
+			<options>
+				<option>
+					<name>IPv4</name>
+					<value>ipv4</value>
+				</option>
+				<option>
+					<name>IPv6</name>
+					<value>ipv6</value>
+				</option>
+				<option>
+					<name>Any</name>
+					<value>any</value>
+				</option>
+			</options>
+		</field>
+		<field>
+			<fielddescr>RSA Private Key</fielddescr>
+			<fieldname>cert_key</fieldname>
+			<description>
+				<![CDATA[
+				RSA private key used for this host. <strong>Include the BEGIN and END lines.</strong><br />
+				]]>
+				</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>7</rows>
+			<cols>70</cols>
+		</field>
+		<field>
+			<fielddescr>RSA Public Key</fielddescr>
+			<fieldname>cert_pub</fieldname>
+			<description>
+				<![CDATA[
+				RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br />
+				]]>
+			</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>7</rows>
+			<cols>70</cols>
+		</field>
+		<field>
+			<fielddescr>Generate RSA Key Pair</fielddescr>
+			<fieldname>gen_rsa</fieldname>
+			<description>This will generate a new RSA key pair in the fields above.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Extra Tinc Parameters</fielddescr>
+			<fieldname>extra</fieldname>
+			<description>
+				<![CDATA[
+				Anything entered here will be added at the end of the tinc.conf configuration file.<br />
+				]]>
+			</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Extra Host Parameters</fielddescr>
+			<fieldname>host_extra</fieldname>
+			<description>
+				<![CDATA[
+				Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine.<br />
+				]]>
+			</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Interface Up Script</fielddescr>
+			<fieldname>tinc_up</fieldname>
+			<description>
+				<![CDATA[
+				This script is executed right after the tinc daemon has connected to the virtual network device.<br />
+				By default, a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group.<br />
+				<strong>Note: Entering a value here complely replaces the default script; be sure to bring up the interface in this script!</strong>
+				]]>
+			</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Interface Down Script</fielddescr>
+			<fieldname>tinc_down</fieldname>
+			<description>This script is executed right before the tinc daemon is going to close.</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Host Up Script</fielddescr>
+			<fieldname>host_up</fieldname>
+			<description>This script is executed when any host becomes reachable.</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Host Down Script</fielddescr>
+			<fieldname>host_down</fieldname>
+			<description>This script is executed when any host becomes unreachable.</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Subnet Up Script</fielddescr>
+			<fieldname>subnet_up</fieldname>
+			<description>This script is executed when any subnet becomes reachable.</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+		<field>
+			<fielddescr>Subnet Down Script</fielddescr>
+			<fieldname>subnet_down</fieldname>
+			<description>This script is executed when any subnet becomes unreachable.</description>
+			<type>textarea</type>
+			<encoding>base64</encoding>
+			<rows>8</rows>
+			<cols>70</cols>
+			<advancedfield/>
+		</field>
+	</fields>
 	<custom_php_install_command>
 		tinc_install();
 	</custom_php_install_command>
 	<custom_php_deinstall_command>
 		tinc_deinstall();
 	</custom_php_deinstall_command>
-
+	<custom_php_resync_config_command>
+		tinc_save();
+	</custom_php_resync_config_command>
+	<custom_php_validation_command>
+		tinc_validate_input($_POST, $input_errors);
+	</custom_php_validation_command>
 </packagegui>
-- 
cgit v1.2.3