From a4f7ab6ec229d15aa6b7606516090b73ba50ff2a Mon Sep 17 00:00:00 2001 From: Daniel Stefan Haischt Date: Sun, 21 Jan 2007 00:06:40 +0000 Subject: * results of a coding binge ... --- packages/freenas/pkg/freenas_services.inc | 90 +++- packages/freenas/pkg/freenas_utils.inc | 1 + packages/freenas/www/services_nfs.php | 658 ++++++++++++++++++++++++++++-- 3 files changed, 702 insertions(+), 47 deletions(-) (limited to 'packages/freenas') diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc index 5c206413..1bd9b980 100644 --- a/packages/freenas/pkg/freenas_services.inc +++ b/packages/freenas/pkg/freenas_services.inc @@ -40,8 +40,9 @@ */ /* ========================================================================== */ -define (FTP_BACKEND_PAM, "pam"); -define (FTP_BACKEND_PLAINTEXT, "plaintext"); +define ("FTP_BACKEND_PAM", "pam"); +define ("FTP_BACKEND_PLAINTEXT", "plaintext"); +define ("NFS_SERVICE_PORTS", "111 2049"); $freenas_config =& $config['installedpackages']['freenas']['config'][0]; @@ -410,12 +411,26 @@ function services_nfs_configure() { return 1; } - list($network,$subnet) = - explode('/', $freenas_config['nfs']['nfsnetwork']); - - $subnet = gen_subnet_mask($subnet); $a_mount = &$freenas_config['mounts']['mount']; + /* TODO: ATM network authorization does not work on a per mount basis */ + if (is_array($freenas_config['nfs']['nfsnetwork'])) { + $a_nfsnetworks = array(); + $pfnetworks = array(); + + foreach ($freenas_config['nfs']['nfsnetwork'] as $netel) { + list($network,$subnet) = + explode('/', $netel); + + $subnet = gen_subnet_mask($subnet); + $a_nfsnetworks[] = "-network {$network} -mask {$subnet}"; + $pfnetworks[] = $network; + } + + $nfsnetworks_str = implode(' ', $a_nfsnetworks); + services_setup_transparency_for("nfs", implode(" ", $pfnetworks)); + } + foreach ($a_mount as $mount) { /* -mapall and -maproot mutually exclusive */ $mapping = $freenas_config['nfs']['mapall'] == "yes" ? "-mapall=root" : "-maproot=root"; @@ -425,28 +440,83 @@ function services_nfs_configure() { EOD; $nfsconf .= << 0) { + file_notice("FREENAS", "There were error(s) flushing the exclude table", "FREENAS", ""); + } +} + +function services_setup_transparency_for($whom, $networks) { + global $config, $freenas_config; + + if ($whom == "" || $networks == "") { return; } + + $generatedLANSubnet = gen_subnet($config['interfaces']['lan']['ipaddr'], + $config['interfaces']['lan']['subnet']); + $aliases = ""; + + /* stolen from filter.inc */ + $real_wanif = get_real_wan_interface(); + $wanip = find_interface_ip($real_wanif); + + $wan_aliases = " " . link_ip_to_carp_interface($wanip); + + if (link_int_to_bridge_interface("wan")) + $wan_aliases .= " " . link_int_to_bridge_interface("wan"); + + if ($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "pptp") { + $aliases .= "ng0 = \"{ {$config['interfaces']['wan']['if']} {$real_wanif} }\" \n"; + $aliases .= "wan = \"{ {$config['interfaces']['wan']['if']} {$wan_aliases} ng0 }\"\n"; + } else { + $aliases .= "wan = \"{ {$real_wanif} {$wan_aliases} }\"\n"; + } + + $trans_file = fopen("/tmp/freenas-{$whom}.rules","w"); + fwrite($trans_file, "{$aliases}\n"); + + switch ($whom) { + case "nfs": + $nfs_ports = explode(" ", NFS_SERVICE_PORTS); + + foreach ($nfs_ports as $port) { + fwrite($trans_file, "pass in quick on \$wan proto { tcp udp } from { {$networks} } to {$freenas_config['nfs']['bindto']} port = {$port} keep state label \"FreeNAS related rule for {$whom}-{$port}\"\n"); + } + break; + } + fclose($trans_file); + $service_result = mwexec ("pfctl -a \"passin-package-freenas-{$whom}\" -f /tmp/freenas-{$whom}.rules"); + if($service_result <> 0) { + file_notice("FREENAS", "There were error(s) loading the transparency rules", "FREENAS", ""); + } + //add_trans_table($whom); +} + function services_ftpd_configure() { global $freenas_config, $g; // services_vsftpd_configure(); diff --git a/packages/freenas/pkg/freenas_utils.inc b/packages/freenas/pkg/freenas_utils.inc index 1e812412..6e5d8872 100644 --- a/packages/freenas/pkg/freenas_utils.inc +++ b/packages/freenas/pkg/freenas_utils.inc @@ -585,6 +585,7 @@ function get_ata_disks_list() { if ($dmesgtab[0]!="" && (strcasecmp($dmesgtab[0],$diskname) == 0) && strcmp($dmesgtab[1],"DMA") !=0) { $disklist[$diskname]['size'] = $dmesgtab[1]; + } } // end if } // end foreach } // end if diff --git a/packages/freenas/www/services_nfs.php b/packages/freenas/www/services_nfs.php index 092f71a6..ea5bbf92 100644 --- a/packages/freenas/www/services_nfs.php +++ b/packages/freenas/www/services_nfs.php @@ -55,9 +55,7 @@ if (!is_array($freenas_config['nfs'])) $pconfig['enable'] = isset($freenas_config['nfs']['enable']); $pconfig['mapall'] = $freenas_config['nfs']['mapall']; - -list($pconfig['network'],$pconfig['network_subnet']) = - explode('/', $freenas_config['nfs']['nfsnetwork']); +$pconfig['bindto'] = $freenas_config['nfs']['bindto']; if (! empty($_POST)) { @@ -68,24 +66,29 @@ if (! empty($_POST)) $pconfig = $_POST; /* input validation */ - $reqdfields = explode(" ", "network network_subnet"); - $reqdfieldsn = explode(",", "Destination network,Destination network bit count"); + $reqdfields = explode(" ", "authnetworks bindto"); + $reqdfieldsn = explode(",", "Destination network, IP address to bind to"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if (($_POST['network'] && !is_ipaddr($_POST['network']))) { - $error_bucket[] = array("error" => gettext("A valid network must be specified."), - "field" => "network"); - } - - if (($_POST['network_subnet'] && !is_numeric($_POST['network_subnet']))) { - $error_bucket[] = array("error" => gettext("A valid network bit count must be specified."), - "field" => "network_subnet"); - + if (isset($_POST['authnetworks']) && is_array($_POST['authnetworks'])) { + foreach ($_POST['authnetworks'] as $netel) { + list($_POST['network'], $_POST['network_subnet']) = explode('/', $netel); + + if (($_POST['network'] && !is_ipaddr($_POST['network']))) { + $error_bucket[] = array("error" => gettext("A valid network must be specified."), + "field" => "network"); + } + + if (($_POST['network_subnet'] && !is_numeric($_POST['network_subnet']))) { + $error_bucket[] = array("error" => gettext("A valid network bit count must be specified."), + "field" => "network_subnet"); + } + + $osn['nfsnetwork'][] = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; + } } - $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; - if (is_array($error_bucket)) foreach($error_bucket as $elem) $input_errors[] =& $elem["error"]; @@ -98,9 +101,10 @@ if (! empty($_POST)) if (!$input_errors) { + $freenas_config['nfs'] = $osn; $freenas_config['nfs']['enable'] = $_POST['enable'] ? true : false; $freenas_config['nfs']['mapall'] = $_POST['mapall']; - $freenas_config['nfs']['nfsnetwork'] = $osn; + $freenas_config['nfs']['bindto'] = $_POST['bindto']; write_config(); $retval = 0; @@ -123,9 +127,537 @@ include("head.inc"); /* put your custom HTML head content here */ /* using some of the $pfSenseHead function calls */ +$addressTransString = gettext("Address"); +$plusimgDescTransString = gettext("add to network list"); +$minusimgDescTransString = gettext("remove from network list"); +$currentnetTransString = gettext("Current networks"); +$networksTypehintTransString = gettext("Network that is authorised to access NFS shares"); + +$networkCount = count($freenas_config['nfs']['nfsnetwork']); +$generatedWANSubnet = gen_subnet($config['interfaces']['wan']['ipaddr'], + $config['interfaces']['wan']['subnet']); +$generatedLANSubnet = gen_subnet($config['interfaces']['lan']['ipaddr'], + $config['interfaces']['lan']['subnet']); + $jscriptstr = << @@ -166,6 +696,28 @@ echo $pfSenseHead->getHTML(); + + + + +
+ + + @@ -189,34 +741,65 @@ echo $pfSenseHead->getHTML(); - - / - -
- + + + + + +
: + +
  - " /> + + " onmousedown="selectnetel();" onkeydown="selectnetel();" />   - - - - + : +
+
    +
  • + + + +
    • +
  • + + + +
    • +
  • + + + +
    • +
@@ -226,6 +809,7 @@ echo $pfSenseHead->getHTML(); -- cgit v1.2.3