From 207037ab55c3006111b68436b38de7467d43a545 Mon Sep 17 00:00:00 2001 From: mkasper Date: Sun, 8 Jan 2006 10:31:12 +0000 Subject: [PATCH] Import m0n0wall 1.2b8 files. git-svn-id: https://svn.m0n0.ch/wall/trunk@19 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- captiveportal/index.php | 46 +- captiveportal/radius_accounting.inc | 70 ++- etc/rc | 7 +- etc/rc.firmware | 6 +- etc/rc.initial | 4 +- phpconf/inc/captiveportal.inc | 146 +++--- phpconf/inc/config.inc | 8 +- phpconf/inc/filter.inc | 63 +-- phpconf/inc/functions.inc | 2 +- phpconf/inc/globals.inc | 5 +- phpconf/inc/interfaces.inc | 59 ++- phpconf/inc/services.inc | 37 +- phpconf/inc/shaper.inc | 10 +- phpconf/inc/system.inc | 26 +- phpconf/inc/util.inc | 2 +- phpconf/inc/vpn.inc | 25 +- phpconf/inc/xmlparse.inc | 2 +- phpconf/rc.banner | 6 +- phpconf/rc.bootup | 5 +- phpconf/rc.initial.defaults | 2 +- phpconf/rc.initial.password | 2 +- phpconf/rc.initial.ping | 2 +- phpconf/rc.initial.reboot | 2 +- phpconf/rc.initial.setlanip | 7 +- phpconf/rc.initial.setports | 8 +- phpconf/rc.newwanip | 6 +- phpconf/rc.prunecaptiveportal | 2 +- webgui/cal.gif | Bin 0 -> 127 bytes webgui/datetimepicker.js | 487 +++++++++++++++++++++ webgui/diag_backup.php | 18 +- webgui/diag_defaults.php | 16 +- webgui/diag_dhcp_leases.php | 38 +- webgui/diag_ipsec_sad.php | 18 +- webgui/diag_ipsec_spd.php | 20 +- webgui/diag_logs.php | 18 +- webgui/diag_logs_dhcp.php | 21 +- webgui/diag_logs_filter.php | 20 +- webgui/diag_logs_portal.php | 87 ++++ webgui/diag_logs_settings.php | 42 +- webgui/diag_logs_vpn.php | 20 +- webgui/diag_ping.php | 21 +- webgui/diag_resetstate.php | 19 +- webgui/exec.php | 29 +- webgui/exec_raw.php | 2 +- webgui/fbegin.inc | 27 ++ webgui/fend.inc | 6 +- webgui/firewall_aliases.php | 15 +- webgui/firewall_aliases_edit.php | 21 +- webgui/firewall_nat.php | 23 +- webgui/firewall_nat_1to1.php | 29 +- webgui/firewall_nat_1to1_edit.php | 54 ++- webgui/firewall_nat_edit.php | 21 +- webgui/firewall_nat_out.php | 26 +- webgui/firewall_nat_out_edit.php | 24 +- webgui/firewall_nat_server.php | 26 +- webgui/firewall_nat_server_edit.php | 18 +- webgui/firewall_rules.php | 128 ++++-- webgui/firewall_rules_edit.php | 37 +- webgui/firewall_shaper.php | 26 +- webgui/firewall_shaper_edit.php | 27 +- webgui/firewall_shaper_magic.php | 47 +- webgui/firewall_shaper_pipes.php | 44 +- webgui/firewall_shaper_pipes_edit.php | 45 +- webgui/firewall_shaper_queues.php | 24 +- webgui/firewall_shaper_queues_edit.php | 19 +- webgui/graph.php | 4 +- webgui/graph_cpu.php | 174 ++++++++ webgui/gui.css | 25 ++ webgui/guiconfig.inc | 11 +- webgui/ifstats.cgi | Bin 4136 -> 0 bytes webgui/index.php | 41 +- webgui/interfaces_assign.php | 37 +- webgui/interfaces_lan.php | 19 +- webgui/interfaces_opt.php | 24 +- webgui/interfaces_vlan.php | 23 +- webgui/interfaces_vlan_edit.php | 16 +- webgui/interfaces_wan.php | 43 +- webgui/interfaces_wlan.inc | 44 +- webgui/license.php | 56 +-- webgui/reboot.php | 15 +- webgui/services_captiveportal.php | 61 +-- webgui/services_captiveportal_ip.php | 18 +- webgui/services_captiveportal_ip_edit.php | 15 +- webgui/services_captiveportal_mac.php | 18 +- webgui/services_captiveportal_mac_edit.php | 17 +- webgui/services_captiveportal_users.php | 243 ++++++++++ webgui/services_dhcp.php | 38 +- webgui/services_dhcp_edit.php | 21 +- webgui/services_dhcp_relay.php | 31 +- webgui/services_dnsmasq.php | 25 +- webgui/services_dnsmasq_edit.php | 19 +- webgui/services_dyndns.php | 52 +-- webgui/services_proxyarp.php | 15 +- webgui/services_proxyarp_edit.php | 20 +- webgui/services_snmp.php | 19 +- webgui/services_wol.php | 21 +- webgui/services_wol_edit.php | 21 +- webgui/stats.cgi | Bin 0 -> 6266 bytes webgui/status_captiveportal.php | 15 +- webgui/status_graph.php | 17 +- webgui/status_graph_cpu.php | 41 ++ webgui/status_interfaces.php | 55 +-- webgui/status_wireless.php | 57 +-- webgui/system.php | 25 +- webgui/system_advanced.php | 53 ++- webgui/system_firmware.php | 26 +- webgui/system_routes.php | 15 +- webgui/system_routes_edit.php | 21 +- webgui/uploadconfig.php | 56 +++ webgui/vpn_ipsec.php | 22 +- webgui/vpn_ipsec_edit.php | 54 +-- webgui/vpn_ipsec_keys.php | 19 +- webgui/vpn_ipsec_keys_edit.php | 19 +- webgui/vpn_ipsec_mobile.php | 55 +-- webgui/vpn_openvpn.php | 13 +- webgui/vpn_openvpn_cli.php | 15 +- webgui/vpn_openvpn_cli_edit.php | 13 +- webgui/vpn_pptp.php | 37 +- webgui/vpn_pptp_users.php | 19 +- webgui/vpn_pptp_users_edit.php | 21 +- 120 files changed, 2364 insertions(+), 1613 deletions(-) create mode 100644 webgui/cal.gif create mode 100644 webgui/datetimepicker.js create mode 100644 webgui/diag_logs_portal.php create mode 100644 webgui/graph_cpu.php delete mode 100644 webgui/ifstats.cgi create mode 100644 webgui/services_captiveportal_users.php create mode 100644 webgui/stats.cgi create mode 100644 webgui/status_graph_cpu.php create mode 100644 webgui/uploadconfig.php diff --git a/captiveportal/index.php b/captiveportal/index.php index 497e506..28cecd3 100644 --- a/captiveportal/index.php +++ b/captiveportal/index.php @@ -4,7 +4,7 @@ index.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,8 +32,8 @@ require("globals.inc"); require("util.inc"); require("config.inc"); -require("radius_authentication.inc") ; -require("radius_accounting.inc") ; +require("radius_authentication.inc"); +require("radius_accounting.inc"); header("Expires: 0"); header("Cache-Control: no-store, no-cache, must-revalidate"); @@ -73,21 +73,41 @@ if ($clientmac && portal_mac_fixed($clientmac)) { $radiusservers[0]['port'], $radiusservers[0]['key']); if ($auth_val == 2) { + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']); if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'], $sessionid, $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key']); + $radiusservers[0]['key'], + $clientip); } } else { + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); readfile("{$g['varetc_path']}/captiveportal-error.html"); } } else { readfile("{$g['varetc_path']}/captiveportal-error.html"); } + +} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { + + //check against local usermanager + //erase expired accounts + if(trim($config['users'][$_POST['auth_user']]['expirationdate'])!="" && strtotime("-1 day")>strtotime($config['users'][$_POST['auth_user']]['expirationdate'])){ + unset($config['users'][$_POST['auth_user']]); + write_config(); + } + + if($config['users'][$_POST['auth_user']]['password']==md5($_POST['auth_pass'])){ + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); + portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0); + } else { + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); + readfile("{$g['varetc_path']}/captiveportal-error.html"); + } } else if ($_POST['accept'] && $clientip) { portal_allow($clientip, $clientmac, "unauthenticated"); } else if ($_POST['logout_id']) { @@ -209,7 +229,8 @@ function portal_allow($clientip,$clientmac,$clientuser) { $cpdb[$i][0], // start time $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key']); + $radiusservers[0]['key'], + $clientip); } mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); unset($cpdb[$i]); @@ -385,9 +406,11 @@ function disconnect_client($sessionid) { $cpdb[$i][0], // start time $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key']); + $radiusservers[0]['key'], + $cpdb[$i][2]); } mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); + captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"LOGOUT"); unset($cpdb[$i]); break; } @@ -404,4 +427,15 @@ function disconnect_client($sessionid) { portal_unlock(); } + +/* log successful captive portal authentication to syslog */ +/* part of this code from php.net */ +function captiveportal_logportalauth($user,$mac,$ip,$status) { + define_syslog_variables(); + openlog("logportalauth", LOG_PID, LOG_LOCAL4); + // Log it + syslog(LOG_INFO, "$status: $user, $mac, $ip"); + closelog(); +} + ?> diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc index 7004971..4000fcc 100644 --- a/captiveportal/radius_accounting.inc +++ b/captiveportal/radius_accounting.inc @@ -26,10 +26,15 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ + // This version of radius_accounting.inc has been modified by + // Rob Parker . Changes made include: + // * now sends Framed-IP-Address (client IP) + // * now sends Called-Station-ID (NAS IP) + // * now sends Calling-Station-ID (client IP) +*/ -function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey) { +function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) { $sharedsecret=$radiuskey ; # $debug = 1 ; @@ -44,6 +49,14 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad /* set 5 second timeout on socket i/o */ stream_set_timeout($fd, 5) ; + $nas_ip_address = get_nas_ip(); + + if(!isset($clientip)) { + //if there's no client ip, we'll need to use the NAS ip + $clientip=$nas_ip_address; + } + $ip_exp=explode(".",$clientip); + if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; @@ -58,11 +71,12 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad 6+ // nasPortType 6+ // Acct Status Type 6+ // Acct RADIUS Authenticated - 2+strlen($sessionid); // Acct SessionID + 2+strlen($sessionid)+ // Acct SessionID + 6; // Framed-IP-Address // v v v v v v v v v 1 v // Line # 1 2 3 4 5 6 7 8 9 0 E - $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*", + $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header 0,0,0,0, // authcode 6,6,0,0,0,1, // service type @@ -72,7 +86,8 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,1, // Acct Status Type = Start 45,6,0,0,0,1, // Acct RADIUS Authenticated - 44,2+strlen($sessionid),$sessionid // Acct Session ID + 44,2+strlen($sessionid),$sessionid, // Acct Session ID + 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); /* Generate Accounting Request Authenticator */ @@ -80,7 +95,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad // v v v v v v v v v 1 v // Line # 1 2 3 4 5 6 7 8 9 0 E - $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*", + $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header $RA, // authcode 6,6,0,0,0,1, // service type @@ -90,7 +105,8 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,1, // Acct Status Type = Start 45,6,0,0,0,1, // Acct RADIUS Authenticated - 44,2+strlen($sessionid),$sessionid // Acct Session ID + 44,2+strlen($sessionid),$sessionid, // Acct Session ID + 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); if($debug) { @@ -119,7 +135,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad // See RFC2866 for this. } -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey) { +function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip) { $sharedsecret=$radiuskey ; # $debug = 1 ; @@ -146,6 +162,14 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius /* set 5 second timeout on socket i/o */ stream_set_timeout($fd, 5) ; + $nas_ip_address = get_nas_ip(); + + if(!isset($clientip)) { + //if there's no client ip, we'll need to use the NAS ip + $clientip=$nas_ip_address; + } + $ip_exp=explode(".",$clientip); + if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; @@ -166,11 +190,15 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 6+ // input bytes 6+ // input packets 6+ // output bytes - 6; // output packets + 6+ // output packets + 2+strlen($nas_ip_address)+ //Called-Station-ID + 2+strlen($clientip)+ //Calling-Station-ID + + 6; //Framed-IP-Address // v v v v v v v v v 1 1 1 1 1 1 1 v // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E - $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN", + $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header 0,0,0,0, // authcode 6,6,0,0,0,1, // service type @@ -186,7 +214,11 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets 43,6,$output_bytes, // Output Octets - 48,6,$output_pkts // Output Packets + 48,6,$output_pkts, // Output Packets + 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID + 31,2+strlen($clientip),$clientip, //Calling-Station-ID + + 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); /* Generate Accounting Request Authenticator */ @@ -194,7 +226,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius // v v v v v v v v v 1 1 1 1 1 1 1 v // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E - $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN", + $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header $RA, // authcode 6,6,0,0,0,1, // service type @@ -210,7 +242,11 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets 43,6,$output_bytes, // Output Octets - 48,6,$output_pkts // Output Packets + 48,6,$output_pkts, // Output Packets + 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID + 31,2+strlen($clientip),$clientip, //Calling-Station-ID + + 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); if($debug) { @@ -238,4 +274,12 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius // 5 -> Accounting-Response // See RFC2866 for this. } + +function get_nas_ip() { + global $config; + + /* static WAN IP address */ + return $config['interfaces']['wan']['ipaddr']; +} + ?> diff --git a/etc/rc b/etc/rc index ddae7c5..eed4c35 100644 --- a/etc/rc +++ b/etc/rc @@ -1,9 +1,9 @@ #!/bin/sh # /etc/rc -# part of m0n0wall (http://neon1.net/m0n0wall) +# part of m0n0wall (http://m0n0.ch/wall) # -# Copyright (C) 2003-2004 Manuel Kasper . +# Copyright (C) 2003-2005 Manuel Kasper . # All rights reserved. stty status '^T' @@ -25,6 +25,7 @@ mkdir /var/run /var/log /var/etc /var/db clog -i -s 262144 /var/log/system.log clog -i -s 262144 /var/log/filter.log clog -i -s 65536 /var/log/vpn.log +clog -i -s 32768 /var/log/portalauth.log clog -i -s 32768 /var/log/dhcpd.log chmod 0600 /var/log/*.log @@ -37,7 +38,7 @@ cd /var/run && cp /dev/null utmp && chmod 644 utmp dev_mkdb # Run ldconfig -/sbin/ldconfig -elf /usr/lib +/sbin/ldconfig -elf /usr/lib /usr/local/lib # let the PHP-based configuration subsystem set up the system now /etc/rc.bootup diff --git a/etc/rc.firmware b/etc/rc.firmware index 56fc7a4..2b28070 100644 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -1,9 +1,9 @@ #!/bin/sh # /etc/rc.firmware -# part of m0n0wall (http://neon1.net/m0n0wall) +# part of m0n0wall (http://m0n0.ch/wall) # -# Copyright (C) 2003 Manuel Kasper . +# Copyright (C) 2003-2005 Manuel Kasper . # All rights reserved. CFDEVICE=`cat /var/etc/cfdevice` @@ -14,7 +14,7 @@ fi case $1 in enable) - /sbin/mount_mfs -s 15360 -T qp120at -b 8192 -f 1024 dummy /ftmp \ + /sbin/mount_mfs -s 16384 -T qp120at -b 8192 -f 1024 dummy /ftmp \ > /dev/null 2>&1 ;; upgrade) diff --git a/etc/rc.initial b/etc/rc.initial index d311fea..8b6c306 100644 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -1,9 +1,9 @@ #!/bin/sh # /etc/rc.initial -# part of m0n0wall (http://neon1.net/m0n0wall) +# part of m0n0wall (http://m0n0.ch/wall) # -# Copyright (C) 2003-2004 Manuel Kasper . +# Copyright (C) 2003-2005 Manuel Kasper . # All rights reserved. # make sure the user can't kill us by pressing Ctrl-C diff --git a/phpconf/inc/captiveportal.inc b/phpconf/inc/captiveportal.inc index f12f1da..d02363c 100644 --- a/phpconf/inc/captiveportal.inc +++ b/phpconf/inc/captiveportal.inc @@ -3,7 +3,7 @@ captiveportal.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,6 +26,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + This version of captiveportal.inc has been modified by Rob Parker + to include changes for per-user bandwidth management + via returned RADIUS attributes. This page has been modified to delete any + added rules which may have been created by other per-user code (index.php, etc). + These changes are (c) 2004 Keycom PLC. */ /* include all configuration functions */ @@ -56,7 +62,7 @@ function captiveportal_configure() { mwexec("/sbin/kldload ipfw"); /* stop accounting on all clients */ - captiveportal_radius_stop_all() ; + captiveportal_radius_stop_all(); /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal.nextrule"); @@ -180,21 +186,22 @@ EOD; "/etc/rc.prunecaptiveportal"); /* generate passthru mac database */ - captiveportal_passthrumac_configure() ; + captiveportal_passthrumac_configure(); /* create allowed ip database and insert ipfw rules to make it so */ - captiveportal_allowedip_configure() ; + captiveportal_allowedip_configure(); /* generate radius server database */ - if($config['captiveportal']['radiusip']) { - $radiusip = $config['captiveportal']['radiusip'] ; + if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || + ($config['captiveportal']['auth_method'] == "radius"))) { + $radiusip = $config['captiveportal']['radiusip']; - if($config['captiveportal']['radiusport']) - $radiusport = $config['captiveportal']['radiusport'] ; + if ($config['captiveportal']['radiusport']) + $radiusport = $config['captiveportal']['radiusport']; else $radiusport = 1812; - if($config['captiveportal']['radiusacctport']) - $radiusacctport = $config['captiveportal']['radiusacctport'] ; + if ($config['captiveportal']['radiusacctport']) + $radiusacctport = $config['captiveportal']['radiusacctport']; else $radiusacctport = 1813; @@ -205,20 +212,22 @@ EOD; printf("Error: cannot open radius DB file in captiveportal_configure().\n"); return 1; } else { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey) ; + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); } - fclose($fd) ; + fclose($fd); } - if ($g['booting']) echo "done\n"; } else { killbypid("{$g['varrun_path']}/mini_httpd.cp.pid"); killbypid("{$g['varrun_path']}/minicron.pid"); - captiveportal_radius_stop_all() ; + + captiveportal_radius_stop_all(); + mwexec("/sbin/sysctl net.link.ether.ipfw=0"); + if (!isset($config['shaper']['enable'])) { /* unload ipfw */ mwexec("/sbin/kldunload ipfw"); @@ -359,17 +368,8 @@ function captiveportal_prune_old() { } if ($timedout) { - /* this client needs to be deleted - remove ipfw rules */ - if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key']); - } - mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); + captiveportal_disconnect($cpdb[$i], $radiusservers); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); unset($cpdb[$i]); } } @@ -380,6 +380,34 @@ function captiveportal_prune_old() { captiveportal_unlock(); } +/* remove a single client according to the DB entry */ +function captiveportal_disconnect($dbent, $radiusservers) { + + global $g, $config; + + /* this client needs to be deleted - remove ipfw rules */ + if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { + RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno + $dbent[4], // username + $dbent[5], // sessionid + $dbent[0], // start time + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], + $dbent[2]); //clientip + } + + mwexec("/sbin/ipfw delete " . $dbent[1] . " " . ($dbent[1]+10000)); + + //KEYCOM: we need to delete +40500 and +45500 as well... + //these are the rule numbers we use to control traffic shaping for each logged in user via captive portal + //we only need to remove our rules if peruserbw is turned on. + if (isset($config['captiveportal']['peruserbw'])) { + mwexec("/sbin/ipfw delete " . ($dbent[1]+40500)); + mwexec("/sbin/ipfw delete " . ($dbent[1]+45500)); + } +} + /* remove a single client by ipfw rule number */ function captiveportal_disconnect_client($id) { @@ -394,17 +422,8 @@ function captiveportal_disconnect_client($id) { /* find entry */ for ($i = 0; $i < count($cpdb); $i++) { if ($cpdb[$i][1] == $id) { - /* this client needs to be deleted - remove ipfw rules */ - if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key']); - } - mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); + captiveportal_disconnect($cpdb[$i], $radiusservers); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); unset($cpdb[$i]); break; } @@ -420,8 +439,8 @@ function captiveportal_disconnect_client($id) { function captiveportal_radius_stop_all() { global $g, $config; - captiveportal_lock() ; - $cpdb = captiveportal_read_db() ; + captiveportal_lock(); + $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); @@ -433,25 +452,27 @@ function captiveportal_radius_stop_all() { $cpdb[$i][0], // start time $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key']); + $radiusservers[0]['key'], + $cpdb[$i][2]); //clientip } } - captiveportal_unlock() ; + captiveportal_unlock(); } function captiveportal_passthrumac_configure() { global $config, $g; + captiveportal_lock(); + /* clear out passthru macs, if necessary */ - if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) { - unlink("{$g['vardb_path']}/captiveportal_mac.db"); - } + unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); if (is_array($config['captiveportal']['passthrumac'])) { $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db", "w"); if (!$fd) { printf("Error: cannot open passthru mac DB file in captiveportal_passthrumac_configure().\n"); + captiveportal_unlock(); return 1; } @@ -463,13 +484,15 @@ function captiveportal_passthrumac_configure() { fclose($fd); } + captiveportal_unlock(); + return 0; } function captiveportal_allowedip_configure() { global $config, $g; - captiveportal_lock() ; + captiveportal_lock(); /* clear out existing allowed ips, if necessary */ if (file_exists("{$g['vardb_path']}/captiveportal_ip.db")) { @@ -477,13 +500,13 @@ function captiveportal_allowedip_configure() { if ($fd) { while (!feof($fd)) { $line = trim(fgets($fd)); - if($line) { + if ($line) { list($ip,$rule) = explode(",",$line); - mwexec("/sbin/ipfw delete $rule") ; + mwexec("/sbin/ipfw delete $rule"); } } } - fclose($fd) ; + fclose($fd); unlink("{$g['vardb_path']}/captiveportal_ip.db"); } @@ -498,22 +521,25 @@ function captiveportal_allowedip_configure() { $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "w"); if (!$fd) { printf("Error: cannot open allowed ip DB file in captiveportal_allowedip_configure().\n"); - captiveportal_unlock() ; + captiveportal_unlock(); return 1; } foreach ($config['captiveportal']['allowedip'] as $ipent) { + /* record allowed ip so it can be recognized and removed later */ fwrite($fd, $ipent['ip'] . "," . $ruleno ."\n"); + /* insert ipfw rule to allow ip thru */ - if($ipent['dir'] == "from") { - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from ".$ipent['ip']." to any in") ; - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to ".$ipent['ip']." out") ; + if ($ipent['dir'] == "from") { + mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from " . $ipent['ip'] . " to any in"); + mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to " . $ipent['ip'] . " out"); } else { - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to ".$ipent['ip']." in") ; - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from ".$ipent['ip']." to any out") ; + mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to " . $ipent['ip'] . " in"); + mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from " . $ipent['ip'] . " to any out"); } - $ruleno++ ; + + $ruleno++; if ($ruleno > 19899) $ruleno = 10000; } @@ -528,7 +554,7 @@ function captiveportal_allowedip_configure() { } } - captiveportal_unlock() ; + captiveportal_unlock(); return 0; } @@ -640,4 +666,14 @@ function captiveportal_unlock() { unlink($lockfile); } +/* log successful captive portal authentication to syslog */ +/* part of this code from php.net */ +function captiveportal_logportalauth($user,$mac,$ip,$status) { + define_syslog_variables(); + openlog("logportalauth", LOG_PID, LOG_LOCAL4); + // Log it + syslog(LOG_INFO, "$status: $user, $mac, $ip"); + closelog(); +} + ?> diff --git a/phpconf/inc/config.inc b/phpconf/inc/config.inc index 18d443a..5925ac7 100644 --- a/phpconf/inc/config.inc +++ b/phpconf/inc/config.inc @@ -3,7 +3,7 @@ config.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -35,9 +35,11 @@ require_once("xmlparse.inc"); /* read platform */ if (file_exists("{$g['etc_path']}/platform")) { - $g['platform'] = chop(file_get_contents("{$g['etc_path']}/platform")); + $g['fullplatform'] = chop(file_get_contents("{$g['etc_path']}/platform")); + $pla = explode("_", $g['fullplatform']); + $g['platform'] = $pla[0]; } else { - $g['platform'] = "unknown"; + $g['platform'] = $g['fullplatform'] = "unknown"; } if ($g['booting']) { diff --git a/phpconf/inc/filter.inc b/phpconf/inc/filter.inc index 9b41729..8c26e54 100644 --- a/phpconf/inc/filter.inc +++ b/phpconf/inc/filter.inc @@ -3,7 +3,7 @@ filter.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -50,12 +50,12 @@ function filter_configure() { echo "Configuring firewall... "; /* set TCP timeouts */ - $tcpidletimeout = 9000; + $tcpidletimeout = 9000*2; if ($config['filter']['tcpidletimeout']) - $tcpidletimeout = $config['filter']['tcpidletimeout']; + $tcpidletimeout = $config['filter']['tcpidletimeout']*2; mwexec("/sbin/sysctl net.inet.ipf.fr_tcpidletimeout={$tcpidletimeout}"); mwexec("/sbin/sysctl net.inet.ipf.fr_tcphalfclosed=480"); - mwexec("/sbin/sysctl net.inet.ipf.fr_udpacktimeout=240"); /* SIP... */ + mwexec("/sbin/sysctl net.inet.ipf.fr_udpacktimeout=480"); /* SIP... */ /* generate ipnat rules */ $ipnatrules = filter_nat_rules_generate(); @@ -258,23 +258,15 @@ function filter_nat_rules_generate() { } } - if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") { - - if ($pptpdcfg['mode'] == "server") - $pptpdtarget = "127.0.0.1"; - else if ($pptpdcfg['mode'] == "redir") - $pptpdtarget = $pptpdcfg['redir']; - - if ($pptpdtarget) { + if ($pptpdcfg['mode'] == "redir" && $pptpdcfg['redir']) { $natrules .= << $pptpdtarget port 0 gre -rdr $wanif 0/0 port 1723 -> $pptpdtarget port 1723 tcp +rdr $wanif 0/0 port 0 -> {$pptpdcfg['redir']} port 0 gre +rdr $wanif 0/0 port 1723 -> {$pptpdcfg['redir']} port 1723 tcp EOD; - } } return $natrules; @@ -290,6 +282,8 @@ function filter_rules_generate() { $lanif = $lancfg['if']; $wanif = get_real_wan_interface(); + $curwanip = get_current_wan_address(); + /* rule groups (optional interfaces: see below) */ $ifgroups = array("lan" => 100, "wan" => 200); @@ -317,6 +311,7 @@ function filter_rules_generate() { } } $oic['bridge'] = 1; + $oic['bridge_if'] = $oc['bridge']; } else { $oic['ip'] = $oc['ipaddr']; $oic['sn'] = $oc['subnet']; @@ -375,7 +370,7 @@ EOD; /* pass traffic between statically routed subnets and the subnet on the interface in question to avoid problems with complicated routing topologies */ - if (is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { + if (isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { foreach ($config['staticroutes']['route'] as $route) { unset($sa); @@ -445,12 +440,22 @@ pass in quick on $wanif proto udp from any port = 67 to any port = 68 EOD; - /* LAN spoof check */ - $ipfrules .= filter_rules_spoofcheck_generate('lan', $lanif, $lansa, $lansn, $log); + /* LAN spoof check */ + /* omit if any interface is bridged to LAN and the filtering bridge is on */ + $lanbridge = false; + foreach ($optcfg as $on => $oc) { + if ($oc['bridge'] && $oc['bridge_if'] == "lan") { + $lanbridge = true; + break; + } + } + if (!$lanbridge || !isset($config['bridge']['filteringbridge'])) + $ipfrules .= filter_rules_spoofcheck_generate('lan', $lanif, $lansa, $lansn, $log); /* OPT spoof check */ foreach ($optcfg as $on => $oc) { - if ($oc['ip']) + /* omit for bridged interfaces when the filtering bridge is on */ + if ($oc['ip'] && (!$oc['bridge'] || !isset($config['bridge']['filteringbridge']))) $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log); } @@ -473,8 +478,6 @@ EOD; count($config['ipsec']['tunnel'])) || isset($config['ipsec']['mobileclients']['enable']))) { - $curwanip = get_current_wan_address(); - if ($curwanip) $ipfrules .= filter_rules_ipsec_generate($wanif, $curwanip); @@ -548,17 +551,19 @@ EOD; if ($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off")) { if ($pptpdcfg['mode'] == "server") - $pptpdtarget = "127.0.0.1"; + $pptpdtarget = $curwanip; else $pptpdtarget = $pptpdcfg['redir']; - - $ipfrules .= <<. + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/inc/globals.inc b/phpconf/inc/globals.inc index eef6cff..bee5769 100644 --- a/phpconf/inc/globals.inc +++ b/phpconf/inc/globals.inc @@ -3,7 +3,7 @@ globals.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -48,7 +48,8 @@ $g = array( "pptp_subnet" => 28, "debug" => false, "latest_config" => "1.4", - "nopccard_platforms" => array("wrap", "net48xx") + "nopccard_platforms" => array("wrap", "net48xx"), + "wireless_regex" => "/^(wi|ath|an)/" ); ?> diff --git a/phpconf/inc/interfaces.inc b/phpconf/inc/interfaces.inc index 6decac1..80d823d 100644 --- a/phpconf/inc/interfaces.inc +++ b/phpconf/inc/interfaces.inc @@ -3,7 +3,7 @@ interfaces.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -112,8 +112,12 @@ function interfaces_lan_configure() { mwexec($cmd); } + $addflags = ""; + if (strpos($lancfg['if'], "fxp") !== false) + $addflags .= " link0"; + mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " " . - escapeshellarg($lancfg['ipaddr'] . "/" . $lancfg['subnet'])); + escapeshellarg($lancfg['ipaddr'] . "/" . $lancfg['subnet']) . $addflags); if (!$g['booting']) { /* make new hosts file */ @@ -167,6 +171,8 @@ function interfaces_optional_configure() { if (isset($config['bridge']['filteringbridge'])) mwexec("/sbin/sysctl net.link.ether.bridge_ipf=1"); + else + mwexec("/sbin/sysctl net.link.ether.bridge_ipf=0"); mwexec("/sbin/sysctl net.link.ether.bridge=1"); } else { @@ -235,6 +241,10 @@ function interfaces_optional_configure_if($opti) { if (strstr($if, "tap")) ovpn_link_tap(); } + + $addflags = ""; + if (strpos($optcfg['if'], "fxp") !== false) + $addflags .= " link0"; /* bridged? */ if ($optcfg['bridge']) { @@ -249,7 +259,7 @@ function interfaces_optional_configure_if($opti) { ":" . $opti; } else { mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . " " . - escapeshellarg($optcfg['ipaddr'] . "/" . $optcfg['subnet'])); + escapeshellarg($optcfg['ipaddr'] . "/" . $optcfg['subnet']) . $addflags); } } else { mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) . @@ -288,21 +298,32 @@ function interfaces_wireless_configure($if, $wlcfg) { $ifcargs .= "wepmode off "; } + if (strstr($if, "ath")) { + if ($wlcfg['standard']) + $ifcargs .= "mode {$wlcfg['standard']} "; + } + switch ($wlcfg['mode']) { case 'hostap': - if (strstr($if, "wi")) + if (strstr($if, "ath")) + $ifcargs .= "-mediaopt adhoc mediaopt hostap "; + else if (strstr($if, "wi")) $ifcargs .= "-mediaopt ibss mediaopt hostap "; break; case 'ibss': case 'IBSS': - if (strstr($if, "wi")) + if (strstr($if, "ath")) + $ifcargs .= "-mediaopt hostap mediaopt adhoc "; + else if (strstr($if, "wi")) $ifcargs .= "-mediaopt hostap mediaopt ibss "; else if (strstr($if, "an")) $ifcargs .= "mediaopt adhoc "; break; case 'bss': case 'BSS': - if (strstr($if, "wi")) + if (strstr($if, "ath")) + $ifcargs .= "-mediaopt hostap -mediaopt adhoc "; + else if (strstr($if, "wi")) $ifcargs .= "-mediaopt hostap -mediaopt ibss "; else if (strstr($if, "an")) $ifcargs .= "-mediaopt adhoc "; @@ -362,6 +383,10 @@ function interfaces_wan_configure() { mwexec($cmd); } + $addflags = ""; + if (strpos($wancfg['if'], "fxp") !== false) + $addflags .= " link0"; + switch ($wancfg['ipaddr']) { case 'dhcp': @@ -385,10 +410,10 @@ function interfaces_wan_configure() { if (isset($wancfg['ispointtopoint']) && $wancfg['pointtopoint']) { mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . escapeshellarg($wancfg['ipaddr'] . "/" . $wancfg['subnet']) . - " " . escapeshellarg($wancfg['pointtopoint']) . " up"); + " " . escapeshellarg($wancfg['pointtopoint']) . $addflags . " up"); } else { mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " . - escapeshellarg($wancfg['ipaddr'] . "/" . $wancfg['subnet'])); + escapeshellarg($wancfg['ipaddr'] . "/" . $wancfg['subnet']) . $addflags); } /* install default route */ @@ -463,12 +488,14 @@ EOD; } function interfaces_wan_dhcp_down() { - mwexec("/sbin/dhclient -r"); + mwexec("/sbin/dhclient -r"); + sleep(3); } function interfaces_wan_dhcp_up() { - interfaces_wan_dhcp_configure(); + interfaces_wan_dhcp_configure(); + sleep(3); } @@ -571,13 +598,15 @@ EOD; function interfaces_wan_pppoe_down() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR2"); + sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR2"); + sleep(3); } function interfaces_wan_pppoe_up() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR1"); + sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR1"); + sleep(3); } @@ -683,13 +712,15 @@ EOD; function interfaces_wan_pptp_down() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR2"); + sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR2"); + sleep(3); } function interfaces_wan_pptp_up() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR1"); + sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR1"); + sleep(3); } diff --git a/phpconf/inc/services.inc b/phpconf/inc/services.inc index df5f499..5151eca 100644 --- a/phpconf/inc/services.inc +++ b/phpconf/inc/services.inc @@ -3,7 +3,7 @@ services.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -189,12 +189,18 @@ function services_dhcrelay_configure() { /* DHCPRelay enabled on any interfaces? */ $dhcrelayenable = false; - foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) { - if (isset($dhcrelayifconf['enable']) && - (($dhcrelayif == "lan") || - (isset($config['interfaces'][$dhcrelayif]['enable']) && - $config['interfaces'][$dhcrelayif]['if'] && (!$config['interfaces'][$dhcrelayif]['bridge'])))) - $dhcrelayenable = true; + + if (is_array($dhcrelaycfg)) { + foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) { + if (isset($dhcrelayifconf['enable']) && + (($dhcrelayif == "lan") || + (isset($config['interfaces'][$dhcrelayif]['enable']) && + $config['interfaces'][$dhcrelayif]['if'] && (!$config['interfaces'][$dhcrelayif]['bridge'])))) { + + $dhcrelayenable = true; + break; + } + } } if (!$dhcrelayenable) @@ -463,8 +469,9 @@ function services_dnsupdate_process() { if (isset($config['dnsupdate']['enable'])) { $wanip = get_current_wan_address(); + if ($wanip) { - + $keyname = $config['dnsupdate']['keyname']; /* trailing dot */ if (substr($keyname, -1) != ".") @@ -480,7 +487,7 @@ function services_dnsupdate_process() { but nsupdate insists on having both */ $fd = fopen("{$g['varetc_path']}/K{$keyname}+157+00000.private", "w"); $privkey .= <<. + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -353,6 +353,14 @@ function shaper_rules_generate() { $line .= "delay {$pipe['delay']} "; } + if ($pipe['plr']) { + $line .= "plr {$pipe['plr']} "; + } + + if ($pipe['qsize']) { + $line .= "queue {$pipe['qsize']} "; + } + switch ($pipe['mask']) { case 'source': $line .= "mask src-ip 0xffffffff "; diff --git a/phpconf/inc/system.inc b/phpconf/inc/system.inc index 2333f23..700e039 100644 --- a/phpconf/inc/system.inc +++ b/phpconf/inc/system.inc @@ -3,7 +3,7 @@ system.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -195,8 +195,9 @@ function system_syslogd_start() { $syslogconf = <<. + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/inc/vpn.inc b/phpconf/inc/vpn.inc index b73af46..8ce9373 100644 --- a/phpconf/inc/vpn.inc +++ b/phpconf/inc/vpn.inc @@ -3,7 +3,7 @@ vpn.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -64,7 +64,10 @@ function vpn_ipsec_configure($ipchg = false) { mwexec("/usr/sbin/setkey -F"); /* prefer old SAs only for 30 seconds, then use the new one */ - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); + if (!isset($config['ipsec']['preferoldsa'])) + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); + else + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=1"); if (isset($ipseccfg['enable'])) { @@ -302,12 +305,14 @@ EOD; /* start racoon */ mwexec("/usr/local/sbin/racoon -d -f {$g['varetc_path']}/racoon.conf"); - foreach ($ipseccfg['tunnel'] as $tunnel) { - if (isset($tunnel['auto'])) { - $remotehost = substr($tunnel['remote-subnet'],0,strpos($tunnel['remote-subnet'],"/")); - $srchost = vpn_endpoint_determine($tunnel, $curwanip); - if ($srchost) - mwexec_bg("/sbin/ping -c 1 -S {$srchost} {$remotehost}"); + if (is_array($ipseccfg['tunnel'])) { + foreach ($ipseccfg['tunnel'] as $tunnel) { + if (isset($tunnel['auto'])) { + $remotehost = substr($tunnel['remote-subnet'],0,strpos($tunnel['remote-subnet'],"/")); + $srchost = vpn_endpoint_determine($tunnel, $curwanip); + if ($srchost) + mwexec_bg("/sbin/ping -c 1 -S {$srchost} {$remotehost}"); + } } } } @@ -419,7 +424,9 @@ EOD; EOD; } - if (isset($config['dnsmasq']['enable'])) { + if (is_array($pptpdcfg['dnsserver']) && ($pptpdcfg['dnsserver'][0])) { + $mpdconf .= " set ipcp dns " . join(" ", $pptpdcfg['dnsserver']) . "\n"; + } else if (isset($config['dnsmasq']['enable'])) { $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; diff --git a/phpconf/inc/xmlparse.inc b/phpconf/inc/xmlparse.inc index 2684d49..cd85866 100644 --- a/phpconf/inc/xmlparse.inc +++ b/phpconf/inc/xmlparse.inc @@ -4,7 +4,7 @@ functions to parse/dump configuration files in XML format part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.banner b/phpconf/rc.banner index bb0804f..6fc23f5 100644 --- a/phpconf/rc.banner +++ b/phpconf/rc.banner @@ -4,7 +4,7 @@ rc.banner part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -40,8 +40,8 @@ *** This is m0n0wall, version {$version} - built on {$buildtime} for {$g['platform']} - Copyright (C) 2002-2004 by Manuel Kasper. All rights reserved. + built on {$buildtime} for {$g['fullplatform']} + Copyright (C) 2002-2005 by Manuel Kasper. All rights reserved. Visit http://m0n0.ch/wall for updates. diff --git a/phpconf/rc.bootup b/phpconf/rc.bootup index 2530362..10f2e63 100644 --- a/phpconf/rc.bootup +++ b/phpconf/rc.bootup @@ -4,7 +4,7 @@ rc.bootup part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -122,6 +122,9 @@ /* start DHCP service */ services_dhcpd_configure(); + /* start DHCP relay */ + services_dhcrelay_configure(); + /* start SNMP service */ services_snmpd_configure(); diff --git a/phpconf/rc.initial.defaults b/phpconf/rc.initial.defaults index 8e33fd2..c3c30c7 100644 --- a/phpconf/rc.initial.defaults +++ b/phpconf/rc.initial.defaults @@ -4,7 +4,7 @@ rc.initial.defaults part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.password b/phpconf/rc.initial.password index 7859e2c..9d79811 100644 --- a/phpconf/rc.initial.password +++ b/phpconf/rc.initial.password @@ -4,7 +4,7 @@ rc.initial.password part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.ping b/phpconf/rc.initial.ping index d069566..760a16c 100644 --- a/phpconf/rc.initial.ping +++ b/phpconf/rc.initial.ping @@ -4,7 +4,7 @@ rc.initial.ping part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.reboot b/phpconf/rc.initial.reboot index 053d492..5c3b9ef 100644 --- a/phpconf/rc.initial.reboot +++ b/phpconf/rc.initial.reboot @@ -4,7 +4,7 @@ rc.initial.reboot part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.setlanip b/phpconf/rc.initial.setlanip index 99fd922..a5196ee 100644 --- a/phpconf/rc.initial.setlanip +++ b/phpconf/rc.initial.setlanip @@ -4,7 +4,7 @@ rc.initial.setlanip part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -85,12 +85,15 @@ unset($config['dhcpd']['lan']['enable']); } + $proto = "http"; if ($config['system']['webgui']['protocol'] == "https") { echo "\nDo you want to revert to HTTP as the webGUI protocol? (y/n) "; if (strcasecmp(chop(fgets($fp)), "y") == 0) $config['system']['webgui']['protocol'] = "http"; + else + $proto = "https"; } if (isset($config['system']['webgui']['noantilockout'])) { @@ -107,7 +110,7 @@ The LAN IP address has been set to $lanip/$lanbits. You can now access the webGUI by opening the following URL in your browser: -http://$lanip/ +$proto://$lanip/ Press ENTER to continue. diff --git a/phpconf/rc.initial.setports b/phpconf/rc.initial.setports index 049879a..e08b574 100644 --- a/phpconf/rc.initial.setports +++ b/phpconf/rc.initial.setports @@ -4,7 +4,7 @@ rc.initial.setports part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -184,7 +184,7 @@ EOD; if (strcasecmp(chop(fgets($fp)), "y") == 0) { $config['interfaces']['lan']['if'] = $lanif; - if (preg_match("/^(wi|awi|an)/", $lanif)) { + if (preg_match($g['wireless_regex'], $lanif)) { if (!is_array($config['interfaces']['lan']['wireless'])) $config['interfaces']['lan']['wireless'] = array(); } else { @@ -192,7 +192,7 @@ EOD; } $config['interfaces']['wan']['if'] = $wanif; - if (preg_match("/^(wi|awi|an)/", $wanif)) { + if (preg_match($g['wireless_regex'], $wanif)) { if (!is_array($config['interfaces']['wan']['wireless'])) $config['interfaces']['wan']['wireless'] = array(); } else { @@ -206,7 +206,7 @@ EOD; $config['interfaces']['opt' . ($i+1)]['if'] = $optif[$i]; /* wireless interface? */ - if (preg_match("/^(wi|awi|an)/", $optif[$i])) { + if (preg_match($g['wireless_regex'], $optif[$i])) { if (!is_array($config['interfaces']['opt' . ($i+1)]['wireless'])) $config['interfaces']['opt' . ($i+1)]['wireless'] = array(); } else { diff --git a/phpconf/rc.newwanip b/phpconf/rc.newwanip index d61069e..6868cfd 100644 --- a/phpconf/rc.newwanip +++ b/phpconf/rc.newwanip @@ -4,7 +4,7 @@ rc.newwanip part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -54,8 +54,8 @@ return 0; /* nothing to do */ } - /* resync ipfilter */ - filter_resync(); + /* reload firewall rules */ + filter_rules_generate(); /* flush NAT table */ filter_flush_nat_table(); diff --git a/phpconf/rc.prunecaptiveportal b/phpconf/rc.prunecaptiveportal index 108b029..39e7b7e 100644 --- a/phpconf/rc.prunecaptiveportal +++ b/phpconf/rc.prunecaptiveportal @@ -4,7 +4,7 @@ rc.prunecaptiveportal part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/cal.gif b/webgui/cal.gif new file mode 100644 index 0000000000000000000000000000000000000000..8526cf5d19a915aa8073cf344873c4505491970d GIT binary patch literal 127 zcmZ?wbhEHb6krfwSj51v)Yr?)cd3`J*V1K6uU)?O9}E~67!-f9FfuT(G3WrDe9t*l=0) && (parseInt(intMonth,10)<12)) + Cal.Month=intMonth; + //end parse month + //parse Date + if ((parseInt(strDate,10)<=Cal.GetMonDays()) && (parseInt(strDate,10)>=1)) + Cal.Date=strDate; + //end parse Date + //parse year + strYear=exDateTime.substring(Sp2+1,Sp2+5); + YearPattern=/^\d{4}$/; + if (YearPattern.test(strYear)) + Cal.Year=parseInt(strYear,10); + //end parse year + //parse time + if (Cal.ShowTime==true) + { + tSp1=exDateTime.indexOf(":",0) + tSp2=exDateTime.indexOf(":",(parseInt(tSp1)+1)); + strHour=exDateTime.substring(tSp1,(tSp1)-2); + Cal.SetHour(strHour); + strMinute=exDateTime.substring(tSp1+1,tSp2); + Cal.SetMinute(strMinute); + strSecond=exDateTime.substring(tSp2+1,tSp2+3); + Cal.SetSecond(strSecond); + } + } + winCal=window.open("","DateTimePicker","toolbar=0,status=0,menubar=0,fullscreen=no,width=195,height=200,resizable=0,top="+cnTop+",left="+cnLeft); + docCal=winCal.document; + RenderCal(); +} + +function RenderCal() +{ + var vCalHeader; + var vCalData; + var vCalTime; + var i; + var j; + var SelectStr; + var vDayCount=0; + var vFirstDay; + + docCal.open(); + docCal.writeln(""+WindowTitle+""); + docCal.writeln(""); + docCal.writeln(""); + docCal.writeln("
"); + + vCalHeader="\n"; + //Month Selector + vCalHeader+="\n\n"; + vCalHeader+=""; + //Calendar header shows Month and Year + if (ShowMonthYear) + vCalHeader+="\n"; + //Week day header + vCalHeader+=""; + for (i=0;i<7;i++) + { + vCalHeader+=""; + } + vCalHeader+=""; + docCal.write(vCalHeader); + + //Calendar detail + CalDate=new Date(Cal.Year,Cal.Month); + CalDate.setDate(1); + vFirstDay=CalDate.getDay(); + vCalData=""; + for (i=0;i\n"; + } + } + docCal.writeln(vCalData); + //Time picker + if (Cal.ShowTime) + { + var showHour; + showHour=Cal.getShowHour(); + vCalTime="\n\n"; + docCal.write(vCalTime); + } + //end time picker + docCal.writeln("\n
"; + //Year selector + vCalHeader+="\n
\n"; + vCalHeader+="< "+Cal.Year+" >
"+Cal.GetMonthName(ShowLongMonth)+" "+Cal.Year+"
"+WeekDayName[i].substr(0,WeekChar)+"
"; + vCalTime+=""; + vCalTime+=" : "; + vCalTime+=""; + vCalTime+=" : "; + vCalTime+=""; + if (TimeMode==12) + { + var SelectAm =(parseInt(Cal.Hours,10)<12)? "Selected":""; + var SelectPm =(parseInt(Cal.Hours,10)>=12)? "Selected":""; + + vCalTime+=""; + } + vCalTime+="\n
"); + docCal.writeln("
"); + docCal.close(); +} + +function GenCell(pValue,pHighLight,pColor)//Generate table cell with value +{ + var PValue; + var PCellStr; + var vColor; + var vHLstr1;//HighLight string + var vHlstr2; + var vTimeStr; + + if (pValue==null) + PValue=""; + else + PValue=pValue; + + if (pColor!=null) + vColor="bgcolor=\""+pColor+"\""; + else + vColor=""; + if ((pHighLight!=null)&&(pHighLight)) + {vHLstr1="color='red'>";vHLstr2="";} + else + {vHLstr1=">";vHLstr2="";} + + if (Cal.ShowTime) + { + vTimeStr="winMain.document.getElementById('"+Cal.Ctrl+"').value+=' '+"+"winMain.Cal.getShowHour()"+"+':'+"+"winMain.Cal.Minutes"+"+':'+"+"winMain.Cal.Seconds"; + if (TimeMode==12) + vTimeStr+="+' '+winMain.Cal.AMorPM"; + } + else + vTimeStr=""; + PCellStr=""+PValue+""+vHLstr2+""; + return PCellStr; +} + +function Calendar(pDate,pCtrl) +{ + //Properties + this.Date=pDate.getDate();//selected date + this.Month=pDate.getMonth();//selected month number + this.Year=pDate.getFullYear();//selected year in 4 digits + this.Hours=pDate.getHours(); + + if (pDate.getMinutes()<10) + this.Minutes="0"+pDate.getMinutes(); + else + this.Minutes=pDate.getMinutes(); + + if (pDate.getSeconds()<10) + this.Seconds="0"+pDate.getSeconds(); + else + this.Seconds=pDate.getSeconds(); + + this.MyWindow=winCal; + this.Ctrl=pCtrl; + this.Format="ddMMyyyy"; + this.Separator=DateSeparator; + this.ShowTime=false; + if (pDate.getHours()<12) + this.AMorPM="AM"; + else + this.AMorPM="PM"; +} + +function GetMonthIndex(shortMonthName) +{ + for (i=0;i<12;i++) + { + if (MonthName[i].substring(0,3).toUpperCase()==shortMonthName.toUpperCase()) + { return i;} + } +} +Calendar.prototype.GetMonthIndex=GetMonthIndex; + +function IncYear() +{ Cal.Year++;} +Calendar.prototype.IncYear=IncYear; + +function DecYear() +{ Cal.Year--;} +Calendar.prototype.DecYear=DecYear; + +function SwitchMth(intMth) +{ Cal.Month=intMth;} +Calendar.prototype.SwitchMth=SwitchMth; + +function SetHour(intHour) +{ + var MaxHour; + var MinHour; + if (TimeMode==24) + { MaxHour=23;MinHour=0} + else if (TimeMode==12) + { MaxHour=12;MinHour=1} + else + alert("TimeMode can only be 12 or 24"); + var HourExp=new RegExp("^\\d\\d$"); + if (HourExp.test(intHour) && (parseInt(intHour,10)<=MaxHour) && (parseInt(intHour,10)>=MinHour)) + { + if ((TimeMode==12) && (Cal.AMorPM=="PM")) + { + if (parseInt(intHour,10)==12) + Cal.Hours=12; + else + Cal.Hours=parseInt(intHour,10)+12; + } + else if ((TimeMode==12) && (Cal.AMorPM=="AM")) + { + if (intHour==12) + intHour-=12; + Cal.Hours=parseInt(intHour,10); + } + else if (TimeMode==24) + Cal.Hours=parseInt(intHour,10); + } +} +Calendar.prototype.SetHour=SetHour; + +function SetMinute(intMin) +{ + var MinExp=new RegExp("^\\d\\d$"); + if (MinExp.test(intMin) && (intMin<60)) + Cal.Minutes=intMin; +} +Calendar.prototype.SetMinute=SetMinute; + +function SetSecond(intSec) +{ + var SecExp=new RegExp("^\\d\\d$"); + if (SecExp.test(intSec) && (intSec<60)) + Cal.Seconds=intSec; +} +Calendar.prototype.SetSecond=SetSecond; + +function SetAmPm(pvalue) +{ + this.AMorPM=pvalue; + if (pvalue=="PM") + { + this.Hours=(parseInt(this.Hours,10))+12; + if (this.Hours==24) + this.Hours=12; + } + else if (pvalue=="AM") + this.Hours-=12; +} +Calendar.prototype.SetAmPm=SetAmPm; + +function getShowHour() +{ + var finalHour; + if (TimeMode==12) + { + if (parseInt(this.Hours,10)==0) + { + this.AMorPM="AM"; + finalHour=parseInt(this.Hours,10)+12; + } + else if (parseInt(this.Hours,10)==12) + { + this.AMorPM="PM"; + finalHour=12; + } + else if (this.Hours>12) + { + this.AMorPM="PM"; + if ((this.Hours-12)<10) + finalHour="0"+((parseInt(this.Hours,10))-12); + else + finalHour=parseInt(this.Hours,10)-12; + } + else + { + this.AMorPM="AM"; + if (this.Hours<10) + finalHour="0"+parseInt(this.Hours,10); + else + finalHour=this.Hours; + } + } + else if (TimeMode==24) + { + if (this.Hours<10) + finalHour="0"+parseInt(this.Hours,10); + else + finalHour=this.Hours; + } + return finalHour; +} +Calendar.prototype.getShowHour=getShowHour; + +function GetMonthName(IsLong) +{ + var Month=MonthName[this.Month]; + if (IsLong) + return Month; + else + return Month.substr(0,3); +} +Calendar.prototype.GetMonthName=GetMonthName; + +function GetMonDays()//Get number of days in a month +{ + var DaysInMonth=[31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]; + if (this.IsLeapYear()) + { + DaysInMonth[1]=29; + } + return DaysInMonth[this.Month]; +} +Calendar.prototype.GetMonDays=GetMonDays; + +function IsLeapYear() +{ + if ((this.Year%4)==0) + { + if ((this.Year%100==0) && (this.Year%400)!=0) + { + return false; + } + else + { + return true; + } + } + else + { + return false; + } +} +Calendar.prototype.IsLeapYear=IsLeapYear; + +function FormatDate(pDate) +{ + if (this.Format.toUpperCase()=="DDMMYYYY") + return (pDate+DateSeparator+(this.Month+1)+DateSeparator+this.Year); + else if (this.Format.toUpperCase()=="DDMMMYYYY") + return (pDate+DateSeparator+this.GetMonthName(false)+DateSeparator+this.Year); + else if (this.Format.toUpperCase()=="MMDDYYYY") + return ((this.Month+1)+DateSeparator+pDate+DateSeparator+this.Year); + else if (this.Format.toUpperCase()=="MMMDDYYYY") + return (this.GetMonthName(false)+DateSeparator+pDate+DateSeparator+this.Year); +} +Calendar.prototype.FormatDate=FormatDate; \ No newline at end of file diff --git a/webgui/diag_backup.php b/webgui/diag_backup.php index bc4d9d4..0ebe120 100644 --- a/webgui/diag_backup.php +++ b/webgui/diag_backup.php @@ -4,7 +4,7 @@ diag_backup.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Backup/restore"); + /* omit no-cache headers because it confuses IE with file downloads */ $omit_nocacheheaders = true; require("guiconfig.inc"); @@ -71,17 +73,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Diagnostics: Backup/restore");?> - - - - - -

Diagnostics: Backup/restore

@@ -92,7 +84,7 @@ if ($_POST) {   -

Click this button to download the system configuration + Click this button to download the system configuration in XML format.

@@ -121,5 +113,3 @@ if ($_POST) {

- - diff --git a/webgui/diag_defaults.php b/webgui/diag_defaults.php index 3ba3ea0..cd92302 100644 --- a/webgui/diag_defaults.php +++ b/webgui/diag_defaults.php @@ -4,7 +4,7 @@ diag_defaults.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Factory defaults"); + require("guiconfig.inc"); if ($_POST) { @@ -42,17 +44,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Diagnostics: Factory defaults");?> - - - - - -

Diagnostics: Factory defaults

If you click "Yes", the firewall will be reset @@ -69,5 +61,3 @@ if ($_POST) { - - diff --git a/webgui/diag_dhcp_leases.php b/webgui/diag_dhcp_leases.php index 4b730fa..931098d 100644 --- a/webgui/diag_dhcp_leases.php +++ b/webgui/diag_dhcp_leases.php @@ -4,7 +4,7 @@ diag_dhcp_leases.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Björn Pålsson and Manuel Kasper . + Copyright (C) 2003-2005 Björn Pålsson and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,19 +29,11 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "DHCP leases"); + require("guiconfig.inc"); ?> - - - -<?=gentitle("Diagnostics: DHCP leases");?> - - - - - -

Diagnostics: DHCP leases

Hostname Start End + $dhcpifconf) { + if (($lip >= ip2long($dhcpifconf['range']['from'])) && ($lip <= ip2long($dhcpifconf['range']['to']))) { + $data['if'] = $dhcpif; + break; + } + } echo "\n"; echo "{$fspans}{$data['ip']}{$fspane} \n"; echo "{$fspans}{$data['mac']}{$fspane} \n"; echo "{$fspans}{$data['hostname']}{$fspane} \n"; - echo "{$fspans}{$data['start']}{$fspane} \n"; - echo "{$fspans}{$data['end']}{$fspane} \n"; + echo "{$fspans}" . adjust_gmt($data['start']) . "{$fspane} \n"; + echo "{$fspans}" . adjust_gmt($data['end']) . "{$fspane} \n"; + echo "\n"; echo "\n"; } } ?> -

+

@@ -182,8 +188,6 @@ foreach ($leases as $data) {
-

No leases file found. Is the DHCP server active?

+No leases file found. Is the DHCP server active? - - diff --git a/webgui/diag_ipsec_sad.php b/webgui/diag_ipsec_sad.php index caba9d1..2b2b649 100644 --- a/webgui/diag_ipsec_sad.php +++ b/webgui/diag_ipsec_sad.php @@ -4,7 +4,7 @@ diag_ipsec_sad.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,21 +29,13 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "IPsec"); + require("guiconfig.inc"); ?> - - - -<?=gentitle("Diagnostics: IPsec");?> - - - - - -

Diagnostics: IPsec

-
+
  • SAD
  • SPD
    • @@ -135,5 +127,3 @@ foreach ($sad as $sa): ?>
- - diff --git a/webgui/diag_ipsec_spd.php b/webgui/diag_ipsec_spd.php index 80cd066..48b2f34 100644 --- a/webgui/diag_ipsec_spd.php +++ b/webgui/diag_ipsec_spd.php @@ -4,7 +4,7 @@ diag_ipsec_spd.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,23 +29,15 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "IPsec"); + require("guiconfig.inc"); ?> - - - -<?=gentitle("Diagnostics: IPsec");?> - - - - - -

Diagnostics: IPsec

- @@ -151,5 +143,3 @@ foreach ($spd as $sp): ?>
+
- - diff --git a/webgui/diag_logs.php b/webgui/diag_logs.php index e28c36d..a06cbab 100644 --- a/webgui/diag_logs.php +++ b/webgui/diag_logs.php @@ -4,7 +4,7 @@ diag_logs.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Logs"); require("guiconfig.inc"); $nentries = $config['syslog']['nentries']; @@ -61,23 +62,14 @@ function dump_clog($logfile, $tail, $withorig = true) { } ?> - - - -<?=gentitle("Diagnostics: Logs");?> - - - - - -

Diagnostics: Logs

-
+
@@ -98,5 +90,3 @@ function dump_clog($logfile, $tail, $withorig = true) {
- - diff --git a/webgui/diag_logs_dhcp.php b/webgui/diag_logs_dhcp.php index 6a65360..b085915 100644 --- a/webgui/diag_logs_dhcp.php +++ b/webgui/diag_logs_dhcp.php @@ -4,7 +4,7 @@ diag_logs_dhcp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Logs"); require("guiconfig.inc"); $nentries = $config['syslog']['nentries']; @@ -61,23 +62,14 @@ function dump_clog($logfile, $tail, $withorig = true) { } ?> - - - -<?=gentitle("Diagnostics: Logs");?> - - - - - -

Diagnostics: Logs

-
+
@@ -98,6 +90,3 @@ function dump_clog($logfile, $tail, $withorig = true) {
- - - diff --git a/webgui/diag_logs_filter.php b/webgui/diag_logs_filter.php index 990089a..2e827ac 100644 --- a/webgui/diag_logs_filter.php +++ b/webgui/diag_logs_filter.php @@ -4,7 +4,7 @@ diag_logs_filter.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Logs"); require("guiconfig.inc"); $nentries = $config['syslog']['nentries']; @@ -116,23 +117,14 @@ function format_ipf_ip($ipfip) { } ?> - - - -<?=gentitle("Diagnostics: Logs");?> - - - - - -

Diagnostics: Logs

-
+
@@ -186,5 +178,3 @@ function format_ipf_ip($ipfip) {
- - diff --git a/webgui/diag_logs_portal.php b/webgui/diag_logs_portal.php new file mode 100644 index 0000000..fce4b32 --- /dev/null +++ b/webgui/diag_logs_portal.php @@ -0,0 +1,87 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log"); +} + +function dump_clog($logfile, $tail) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[5]) . "\n"; + echo "\n"; + } +} + +?> + + + + + + +
+ +
+ + + + + +
+ Last captive portal log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_settings.php b/webgui/diag_logs_settings.php index a0036b9..69b724f 100644 --- a/webgui/diag_logs_settings.php +++ b/webgui/diag_logs_settings.php @@ -4,7 +4,7 @@ diag_logs_settings.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Logs"); require("guiconfig.inc"); $pconfig['reverse'] = isset($config['syslog']['reverse']); @@ -36,6 +37,7 @@ $pconfig['nentries'] = $config['syslog']['nentries']; $pconfig['remoteserver'] = $config['syslog']['remoteserver']; $pconfig['filter'] = isset($config['syslog']['filter']); $pconfig['dhcp'] = isset($config['syslog']['dhcp']); +$pconfig['portalauth'] = isset($config['syslog']['portalauth']); $pconfig['vpn'] = isset($config['syslog']['vpn']); $pconfig['system'] = isset($config['syslog']['system']); $pconfig['enable'] = isset($config['syslog']['enable']); @@ -64,6 +66,7 @@ if ($_POST) { $config['syslog']['remoteserver'] = $_POST['remoteserver']; $config['syslog']['filter'] = $_POST['filter'] ? true : false; $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; + $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; $config['syslog']['system'] = $_POST['system'] ? true : false; $config['syslog']['enable'] = $_POST['enable'] ? true : false; @@ -86,12 +89,7 @@ if ($_POST) { } ?> - - - -<?=gentitle("Diagnostics: Logs");?> - - + - - - - -

Diagnostics: Logs

- @@ -180,7 +182,7 @@ function enable_change(enable_over) { - +
+
@@ -168,10 +164,16 @@ function enable_change(enable_over) { server
- IP address of remote syslog server

> - system events
> - firewall events
> - DHCP service events
> + IP address of remote syslog server

+ > + system events
+ > + firewall events
+ > + DHCP service events
+ > + Captive portal
+ > PPTP VPN events
   Note:
syslog sends UDP datagrams to port 514 on the specified remote syslog server. Be sure to set syslogd on the @@ -198,5 +200,3 @@ enable_change(false); //--> - - diff --git a/webgui/diag_logs_vpn.php b/webgui/diag_logs_vpn.php index 76c0ff1..52d5bf1 100644 --- a/webgui/diag_logs_vpn.php +++ b/webgui/diag_logs_vpn.php @@ -4,7 +4,7 @@ diag_logs_vpn.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Logs"); require("guiconfig.inc"); $nentries = $config['syslog']['nentries']; @@ -65,23 +66,14 @@ function dump_clog($logfile, $tail) { } ?> - - - -<?=gentitle("Diagnostics: Logs");?> - - - - - -

Diagnostics: Logs

-
+
@@ -107,5 +99,3 @@ function dump_clog($logfile, $tail) {
- - diff --git a/webgui/diag_ping.php b/webgui/diag_ping.php index 33ad4ac..cbc5f27 100644 --- a/webgui/diag_ping.php +++ b/webgui/diag_ping.php @@ -4,7 +4,7 @@ diag_ping.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Bob Zoller (bob@kludgebox.com) and Manuel Kasper . + Copyright (C) 2003-2005 Bob Zoller (bob@kludgebox.com) and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Ping"); require("guiconfig.inc"); define('MAX_COUNT', 10); @@ -49,7 +50,7 @@ if ($_POST) { if (!$input_errors) { $do_ping = true; - $host = preg_replace ("/[^A-Za-z0-9.]/","",$_POST['host']); + $host = $_POST['host']; $count = $_POST['count']; } @@ -60,29 +61,19 @@ if (!isset($do_ping)) { $count = DEFAULT_COUNT; } ?> - - - -<?=gentitle("Diagnostics: Ping");?> - - - - - -

Diagnostics: Ping

+
Host -
Count - @@ -109,5 +100,3 @@ if (!isset($do_ping)) {
- - diff --git a/webgui/diag_resetstate.php b/webgui/diag_resetstate.php index 3a7f028..f55b0af 100644 --- a/webgui/diag_resetstate.php +++ b/webgui/diag_resetstate.php @@ -4,7 +4,7 @@ diag_resetstate.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Reset state"); require("guiconfig.inc"); if ($_POST) { @@ -46,24 +47,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Diagnostics: Reset state");?> - - - - - -

Diagnostics: Reset state

- @@ -93,5 +84,3 @@ if ($_POST) {
 

+

NAT table
@@ -81,7 +72,7 @@ if ($_POST) {
NOTE: If you reset the firewall state table, the browser session may appear to be hung after clicking "Reset". - Simply refresh the page to continue.

+ Simply refresh the page to continue.
- - diff --git a/webgui/exec.php b/webgui/exec.php index 8f47fc5..af73d23 100644 --- a/webgui/exec.php +++ b/webgui/exec.php @@ -74,7 +74,7 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { ?> // Set pointer to end of recall buffer. - var intRecallPtr = arrRecallBuffer.length-1; + var intRecallPtr = arrRecallBuffer.length; // Functions to extend String class. function str_encode() { return escape( this ) } @@ -142,6 +142,23 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { return true; } + + // hansmi, 2005-01-13 + function txtCommand_onKey(e) { + if(!e) var e = window.event; // IE-Fix + var code = (e.keyCode?e.keyCode:(e.which?e.which:0)); + if(!code) return; + var f = document.getElementsByName('frmExecPlus')[0]; + if(!f) return; + switch(code) { + case 38: // up + btnRecall_onClick(f, -1); + break; + case 40: // down + btnRecall_onClick(f, 1); + break; + } + } //--> @@ -179,7 +196,11 @@ pre { --> - +>

Note: this function is unsupported. Use it @@ -205,10 +226,10 @@ if (!isBlank($_POST['txtCommand'])) { - + - + + network).
Command:
     diff --git a/webgui/exec_raw.php b/webgui/exec_raw.php index 6d1ca34..bccdc23 100644 --- a/webgui/exec_raw.php +++ b/webgui/exec_raw.php @@ -4,7 +4,7 @@ exec_raw.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/fbegin.inc b/webgui/fbegin.inc index cdcb085..039e50a 100644 --- a/webgui/fbegin.inc +++ b/webgui/fbegin.inc @@ -1,3 +1,27 @@ + + + + +<?=genhtmltitle($pgtitle);?> + + + + + - - - - -

Firewall: Aliases: Edit alias

- @@ -158,7 +149,7 @@ function typesel_change() { -
Name +
The name of the alias may only consist of the characters a-z, A-Z and 0-9.
Address + /

- -
+
  • Inbound
  • Server NAT
    • @@ -158,14 +149,12 @@ if ($_GET['act'] == "del") {
-

Note:
+


+ Note:
It is not possible to access NATed services using the WAN IP address from within LAN (or an optional - network).
- - diff --git a/webgui/firewall_nat_1to1.php b/webgui/firewall_nat_1to1.php index f4d2e20..a2dfde9 100644 --- a/webgui/firewall_nat_1to1.php +++ b/webgui/firewall_nat_1to1.php @@ -4,7 +4,7 @@ firewall_nat_1to1.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT"); require("guiconfig.inc"); if (!is_array($config['nat']['onetoone'])) { @@ -46,6 +47,7 @@ if ($_POST) { if (!file_exists($d_sysrebootreqd_path)) { config_lock(); $retval |= filter_configure(); + $retval |= services_proxyarp_configure(); config_unlock(); } $savemsg = get_std_save_message($retval); @@ -55,6 +57,8 @@ if ($_POST) { unlink($d_natconfdirty_path); if (file_exists($d_filterconfdirty_path)) unlink($d_filterconfdirty_path); + if (file_exists($d_proxyarpdirty_path)) + unlink($d_proxyarpdirty_path); } } } @@ -69,26 +73,17 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Firewall: NAT");?> - - - - - -

Firewall: NAT

You must apply the changes in order for them to take effect.");?>

-
+ + -
-

Note:
- Depending on the way your WAN connection is setup, you may also need proxy ARP.

+

+ Note:
+ Depending on the way your WAN connection is setup, you may also need proxy ARP.
- - diff --git a/webgui/firewall_nat_1to1_edit.php b/webgui/firewall_nat_1to1_edit.php index 7361c92..8775876 100644 --- a/webgui/firewall_nat_1to1_edit.php +++ b/webgui/firewall_nat_1to1_edit.php @@ -4,7 +4,7 @@ firewall_nat_1to1_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT", "Edit 1:1"); require("guiconfig.inc"); if (!is_array($config['nat']['onetoone'])) { @@ -75,12 +76,26 @@ if ($_POST) { $input_errors[] = "A valid internal subnet must be specified."; } + /* return the subnet address given a host address and a subnet bit count */ + if ($extsubnetip = gen_subnet($_POST['external'], $_POST['subnet'])) { + $_POST['external'] = $extsubnetip; + } else { + $input_errors[] = "Can't convert external ip to valid subnet address."; + } + + if ($intsubnetip = gen_subnet($_POST['internal'], $_POST['subnet'])) { + $_POST['internal'] = $intsubnetip; + } else { + $input_errors[] = "Can't convert internal ip to valid subnet address."; + } + if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) { if (check_subnets_overlap($_POST['external'], $_POST['subnet'], $config['interfaces']['wan']['ipaddr'], 32)) $input_errors[] = "The WAN IP address may not be used in a 1:1 rule."; } + /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) @@ -131,6 +146,18 @@ if ($_POST) { $a_1to1[] = $natent; touch($d_natconfdirty_path); + + if ($_POST['autoaddproxy']) { + /* auto-generate a matching proxy arp entry */ + $arpent = array(); + $arpent['interface'] = $_POST['interface']; + $arpent['network'] = $_POST['external'] . "/" . $_POST['subnet']; + $arpent['descr'] = "NAT " . $_POST['descr']; + + $config['proxyarp']['proxyarpnet'][] = $arpent; + + touch($d_proxyarpdirty_path); + } write_config(); @@ -139,17 +166,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Firewall: NAT: Edit 1:1");?> - - - - - -

Firewall: NAT: Edit 1:1

@@ -174,7 +191,7 @@ if ($_POST) { @@ -199,7 +216,14 @@ if ($_POST) {
You may enter a description here for your reference (not parsed). - + + + + +
External subnet - + /
Internal subnet - +
Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same).
  + + Auto-add a proxy ARP entry to this interface +
  @@ -212,5 +236,3 @@ if ($_POST) {
- - diff --git a/webgui/firewall_nat_edit.php b/webgui/firewall_nat_edit.php index d80865f..a5731db 100644 --- a/webgui/firewall_nat_edit.php +++ b/webgui/firewall_nat_edit.php @@ -4,7 +4,7 @@ firewall_nat_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT", "Edit"); require("guiconfig.inc"); if (!is_array($config['nat']['rule'])) { @@ -109,6 +110,8 @@ if ($_POST) { continue; if ($natent['external-address'] != $_POST['extaddr']) continue; + if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) + continue; list($begp,$endp) = explode("-", $natent['external-port']); if (!$endp) @@ -175,12 +178,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Firewall: NAT: Edit");?> - - + - - - - -

Firewall: NAT: Edit

@@ -304,7 +297,7 @@ function ext_rep_change() { @@ -361,5 +354,3 @@ ext_change(); //--> - - diff --git a/webgui/firewall_nat_out.php b/webgui/firewall_nat_out.php index 978f3b3..ce38a59 100644 --- a/webgui/firewall_nat_out.php +++ b/webgui/firewall_nat_out.php @@ -4,7 +4,7 @@ firewall_nat_out.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT"); require("guiconfig.inc"); if (!is_array($config['nat']['advancedoutbound']['rule'])) @@ -71,26 +72,17 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Firewall: NAT");?> - - - - - -

Firewall: NAT

You must apply the changes in order for them to take effect.");?>

-
NAT IP - +
Enter the internal IP address of the server on which you want to map the ports.
e.g. 192.168.1.12
+ +
- + Enable advanced outbound NAT

+

> - Enable advanced outbound NAT
-

@@ -121,7 +112,6 @@ if ($_GET['act'] == "del") {
-  
@@ -180,5 +170,3 @@ if ($_GET['act'] == "del") {
Interface
- - diff --git a/webgui/firewall_nat_out_edit.php b/webgui/firewall_nat_out_edit.php index 723de78..d446822 100644 --- a/webgui/firewall_nat_out_edit.php +++ b/webgui/firewall_nat_out_edit.php @@ -4,7 +4,7 @@ firewall_nat_out_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT", "Edit outbound mapping"); require("guiconfig.inc"); if (!is_array($config['nat']['advancedoutbound']['rule'])) @@ -174,12 +175,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Firewall: NAT: Edit outbound mapping");?> - - + - - - - -

Firewall: NAT: Edit outbound mapping

@@ -227,7 +218,7 @@ function typesel_change() {
Source - + /
Destination -> + > not
Use this option to invert the sense of the match.

+ + + @@ -307,5 +301,3 @@ typesel_change(); //--> - - diff --git a/webgui/firewall_nat_server.php b/webgui/firewall_nat_server.php index 11f44b6..e4d33c9 100644 --- a/webgui/firewall_nat_server.php +++ b/webgui/firewall_nat_server.php @@ -4,7 +4,7 @@ firewall_nat_server.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT"); require("guiconfig.inc"); if (!is_array($config['nat']['servernat'])) { @@ -81,17 +82,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Firewall: NAT");?> - - - - - -

Firewall: NAT

@@ -99,9 +90,10 @@ if ($_GET['act'] == "del") { You must apply the changes in order for them to take effect.");?>

-
Type:  
Address:   /
  Enter the destination network for the outbound NAT mapping.
+ + -
-

Note:
- The external IP addresses defined on this page may be used in inbound NAT mappings. Depending on the way your WAN connection is setup, you may also need proxy ARP.

+

+ Note:
+ The external IP addresses defined on this page may be used in inbound NAT mappings. Depending on the way your WAN connection is setup, you may also need proxy ARP.
- - diff --git a/webgui/firewall_nat_server_edit.php b/webgui/firewall_nat_server_edit.php index 4ed1f2d..67e4c05 100644 --- a/webgui/firewall_nat_server_edit.php +++ b/webgui/firewall_nat_server_edit.php @@ -4,7 +4,7 @@ firewall_nat_server_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "NAT", "Edit Server NAT"); require("guiconfig.inc"); if (!is_array($config['nat']['servernat'])) { @@ -109,25 +110,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Firewall: NAT: Edit Server NAT");?> - - - - - -

Firewall: NAT: Edit Server NAT

@@ -149,5 +139,3 @@ if ($_POST) {
External IP address - - +
- - diff --git a/webgui/firewall_rules.php b/webgui/firewall_rules.php index 9e78e72..9686a01 100644 --- a/webgui/firewall_rules.php +++ b/webgui/firewall_rules.php @@ -4,7 +4,7 @@ firewall_rules.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "Rules"); require("guiconfig.inc"); if (!is_array($config['filter']['rule'])) { @@ -51,7 +52,7 @@ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { } if (!$if || !isset($iflist[$if])) - $if = "lan"; + $if = "wan"; if ($_POST) { @@ -140,17 +141,57 @@ if (isset($_POST['del_x'])) { } ?> - - - -<?=gentitle("Firewall: Rules");?> - - - - - -

Firewall: Rules

+

@@ -158,28 +199,29 @@ if (isset($_POST['del_x'])) {

- -
+
    - $ifname): + $ifname): if ($ifent == $if): ?>
    • -
    • +
  • ">
    • - +
- + + - + - - + + - - - - - - + - - + + + + + + + + + @@ -306,16 +357,13 @@ if (isset($_POST['del_x'])) {
    Proto Source Port Destination PortDescriptionDescription
+
+ + + + + +   + - - +
@@ -248,6 +291,7 @@ if (isset($_POST['del_x'])) {
@@ -256,18 +300,25 @@ if (isset($_POST['del_x'])) { Click the button to add a new rule.
       - + + - +
-
-

+


Hint:
- rules are evaluated on a first-match basis (i.e. + Rules are evaluated on a first-match basis (i.e. the action of the first rule to match a packet will be executed). This means that if you use block rules, you'll have to pay attention to the rule order. Everything that isn't explicitly passed is blocked - by default.

- + by default. + - - diff --git a/webgui/firewall_rules_edit.php b/webgui/firewall_rules_edit.php index 023ddb8..43139af 100644 --- a/webgui/firewall_rules_edit.php +++ b/webgui/firewall_rules_edit.php @@ -4,7 +4,7 @@ firewall_rules_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,9 +29,10 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "Rules", "Edit"); require("guiconfig.inc"); -$specialsrcdst = explode(" ", "any lan pptp"); +$specialsrcdst = explode(" ", "any wanip lan pptp"); if (!is_array($config['filter']['rule'])) { $config['filter']['rule'] = array(); @@ -234,6 +235,10 @@ if ($_POST) { $_POST['dstendport'] = 0; } + if (($_POST['type'] == "reject") && ($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp")) { + $input_errors[] = "Reject only works when the protocol is set to either TCP or UDP."; + } + if (($_POST['srcbeginport'] && !is_port($_POST['srcbeginport']))) { $input_errors[] = "The start source port must be an integer between 1 and 65535."; } @@ -322,12 +327,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Firewall: Rules: Edit");?> - - + - - - - -

Firewall: Rules: Edit

Action -
Interface - 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; @@ -482,7 +477,7 @@ Hint: the difference between block and reject is that with reject, a packet (TCP
Protocol -
IP address - + /
- - diff --git a/webgui/interfaces_opt.php b/webgui/interfaces_opt.php index 8eb8bfc..8f33228 100644 --- a/webgui/interfaces_opt.php +++ b/webgui/interfaces_opt.php @@ -4,7 +4,7 @@ interfaces_opt.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -47,6 +47,8 @@ $pconfig['ipaddr'] = $optcfg['ipaddr']; $pconfig['subnet'] = $optcfg['subnet']; $pconfig['enable'] = isset($optcfg['enable']); +$pgtitle = array("Interfaces", "Optional $index (" . htmlspecialchars($optcfg['descr']) . ")"); + /* Wireless interface? */ if (isset($optcfg['wireless'])) { require("interfaces_wlan.inc"); @@ -141,12 +143,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Interfaces: Optional $index (" . htmlspecialchars($optcfg['descr']) . ")");?> - - + - - - - -

Interfaces: Optional ()

@@ -210,7 +202,7 @@ function ipaddr_change() {
Bridge with - "LAN", 'wan' => "WAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { @@ -228,7 +220,7 @@ function ipaddr_change() {
IP address - + / - @@ -133,10 +124,10 @@ if ($_GET['act'] == "del") { - @@ -145,5 +136,3 @@ if ($_GET['act'] == "del") {
+

+

Note:
 - Not all drivers/NICs support 802.1Q VLAN tagging properly. On cards that do not explicitly support it, VLAN tagging will still work, but the reduced MTU may cause problems. See the m0n0wall homepage for information on supported cards.

+ Not all drivers/NICs support 802.1Q VLAN tagging properly. On cards that do not explicitly support it, VLAN tagging will still work, but the reduced MTU may cause problems. See the m0n0wall homepage for information on supported cards. 		 
- - diff --git a/webgui/interfaces_vlan_edit.php b/webgui/interfaces_vlan_edit.php index 7932e2d..4d9cf4b 100644 --- a/webgui/interfaces_vlan_edit.php +++ b/webgui/interfaces_vlan_edit.php @@ -4,7 +4,7 @@ interfaces_vlan_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Interfaces", "Assign network ports", "Edit VLAN"); require("guiconfig.inc"); if (!is_array($config['vlans']['vlan'])) @@ -91,16 +92,7 @@ if ($_POST) { } } ?> - - -<?=gentitle("Interfaces: Assign network ports: VLANs: Edit");?> - - - - - -

Interfaces: Assign network ports: VLANs: Edit

@@ -119,7 +111,7 @@ if ($_POST) { @@ -142,5 +134,3 @@ if ($_POST) {
VLAN tag - +
802.1Q VLAN tag (between 1 and 4094)
- - diff --git a/webgui/interfaces_wan.php b/webgui/interfaces_wan.php index b4088d6..b89b0d6 100644 --- a/webgui/interfaces_wan.php +++ b/webgui/interfaces_wan.php @@ -4,7 +4,7 @@ interfaces_wan.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Interfaces", "WAN"); require("guiconfig.inc"); $wancfg = &$config['interfaces']['wan']; @@ -116,6 +117,8 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } + $_POST['spoofmac'] = str_replace("-", ":", $_POST['spoofmac']); + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { $input_errors[] = "A valid IP address must be specified."; } @@ -245,12 +248,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Interfaces: WAN");?> - - + - - - - -

Interfaces: WAN

- - - @@ -502,12 +495,12 @@ function type_change(enable_change,enable_change_pptp) { - - @@ -537,17 +530,17 @@ function type_change(enable_change,enable_change_pptp) { - - - - @@ -583,12 +576,12 @@ function type_change(enable_change,enable_change_pptp) { - - @@ -644,5 +637,3 @@ type_change(); //--> - - diff --git a/webgui/interfaces_wlan.inc b/webgui/interfaces_wlan.inc index 9b3c41c..57f50da 100644 --- a/webgui/interfaces_wlan.inc +++ b/webgui/interfaces_wlan.inc @@ -3,7 +3,7 @@ interfaces_wlan.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,9 +28,12 @@ POSSIBILITY OF SUCH DAMAGE. */ +$wlchannels = array(1,2,3,4,5,6,7,8,9,10,11,12,13,14); + function wireless_config_init() { global $optcfg, $pconfig; + $pconfig['standard'] = $optcfg['wireless']['standard']; $pconfig['mode'] = $optcfg['wireless']['mode']; $pconfig['ssid'] = $optcfg['wireless']['ssid']; $pconfig['stationname'] = $optcfg['wireless']['stationname']; @@ -70,6 +73,7 @@ function wireless_config_post() { if (!$input_errors) { + $optcfg['wireless']['standard'] = $_POST['standard']; $optcfg['wireless']['mode'] = $_POST['mode']; $optcfg['wireless']['ssid'] = $_POST['ssid']; $optcfg['wireless']['stationname'] = $_POST['stationname']; @@ -92,7 +96,7 @@ function wireless_config_post() { } function wireless_config_print() { - global $optcfg, $pconfig; + global $optcfg, $pconfig, $wlchannels; ?> @@ -100,12 +104,26 @@ function wireless_config_print() { + + + + + + - - + +
+ Note: Not all channels may be supported by your card @@ -144,8 +164,8 @@ function wireless_config_print() {
Type
IP address + / Point-to-point IP address - +
Gateway +
Username +
Password +
Username +
Password +
Local IP address + /
Remote IP address +
Username +
Password +
Wireless configuration
Standard
Mode
SSID +
Channel
Station name
WEP > - Enable WEP
-   + Enable WEP +
diff --git a/webgui/license.php b/webgui/license.php index 720905e..762228d 100644 --- a/webgui/license.php +++ b/webgui/license.php @@ -1,18 +1,10 @@ #!/usr/local/bin/php - - - - -<?=gentitle("License");?> - - - - - -

License

-

m0n0wall is Copyright © 2002-2004 by Manuel Kasper +

m0n0wall is Copyright © 2002-2005 by Manuel Kasper (mk@neon1.net).
All rights reserved.

Redistribution and use in source and binary forms, with or without
@@ -73,8 +65,8 @@
Jim McBeath (monowall@j.jimmc.org)
    Filter rule patches - (ordering, block/pass, disabled); better status page;
-     webGUI assign network ports page
+ (ordering, block/pass, disabled); better status page;
+     webGUI assign network ports page

Chris Olive (chris@technologEase.com)
    enhanced "execute @@ -87,7 +79,7 @@     DHCP lease list page

Peter Allgeyer (allgeyer@web.de)
-     "reject" type filter rules; dial-on-demand; WAN connect/disconnect
+     "reject" type filter rules; dial-on-demand; WAN connect/disconnect; auto-add proxy ARP

Thierry Lechat (dev@lechat.org)
    SVG-based traffic grapher
@@ -99,34 +91,48 @@     NAT on optional interfaces

Dinesh Nair (dinesh@alphaque.com)
-     captive portal: pass-through MAC/IP addresses, RADIUS authentication & accounting;
-     HTTP server concurrency limit
+     captive portal: pass-through MAC/IP addresses, RADIUS authentication & accounting;
+     HTTP server concurrency limit

Justin Ellison (justin@techadvise.com)
    traffic shaper TOS matching; magic shaper; DHCP deny unknown clients;
    IPsec user FQDNs; DHCP relay

Fred Wright (fw@well.com)
-     ipfilter window scaling fix; ipnat ICMP checksum adjustment fix; IPsec dead SA fixes
+     ipfilter window scaling fix; ipnat ICMP checksum adjustment fix; IPsec dead SA fixes;
+     netgraph PPP PFC fixes; kernel build improvements;
+     updated DP83815 short cable bug workaround

Michael Hanselmann (m0n0@hansmi.ch)
-     IDE hard disk standby
+     IDE hard disk standby; exec.php arrow keys

Audun Larsen (larsen@xqus.com)
    CPU/memory usage display

Peter Curran (peter@closeconsultants.com)
-     OpenVPN support

+     OpenVPN support
+
+ Pavel A. Grodek (pg@abletools.com)
+     Traffic shaper packet loss rate/queue size
+
+ Rob Parker, Keycom PLC (rob.parker@keycom.co.uk)
+     Captive portal per-user bandwidth restrictions
+
+ Pascal Suter (d-monodev@psuter.ch)
+     Captive portal local user database
+
+ Matt Juszczak (matt@atopia.net)
+     Captive portal logging

m0n0wall is based upon/includes various free software packages, listed below.
The author of m0n0wall would like to thank the authors of these software packages for their efforts.

FreeBSD (http://www.freebsd.org)
- Copyright © 1994-2003 FreeBSD, Inc. All rights reserved.
+ Copyright © 1994-2005 FreeBSD, Inc. All rights reserved.

This product includes PHP, freely available from http://www.php.net.
- Copyright © 1999 - 2003 The PHP Group. All rights reserved.
+ Copyright © 1999 - 2005 The PHP Group. All rights reserved.

mini_httpd (http://www.acme.com/software/mini_httpd)
Copyright © 1999, 2000 by Jef Poskanzer <jef@acme.com>. @@ -136,7 +142,7 @@ Copyright © 1996-2003 Internet Software Consortium. All rights reserved.

- ipfilter (http://www.ipfilter.org)
+ ipfilter (http://coombs.anu.edu.au/ipfilter)
Copyright © 1993-2002 by Darren Reed.

MPD - Multi-link PPP daemon for FreeBSD (http://www.dellroad.org/mpd)
@@ -182,6 +188,4 @@ All rights reserved.

wol (http://ahh.sourceforge.net/wol)
Copyright © 2000,2001,2002,2003,2004 Thomas Krennwallner <krennwallner@aon.at> - - - + diff --git a/webgui/reboot.php b/webgui/reboot.php index 0dbd6d1..9723275 100644 --- a/webgui/reboot.php +++ b/webgui/reboot.php @@ -4,7 +4,7 @@ reboot.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Diagnostics", "Reboot system"); require("guiconfig.inc"); if ($_POST) { @@ -41,17 +42,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Reboot system");?> - - - - - -

Reboot system

Are you sure you want to reboot the system?

@@ -62,5 +53,3 @@ if ($_POST) { - - diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php index f2366c4..a25e997 100644 --- a/webgui/services_captiveportal.php +++ b/webgui/services_captiveportal.php @@ -4,7 +4,7 @@ services_captiveportal.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Captive portal"); require("guiconfig.inc"); if (!is_array($config['captiveportal'])) { @@ -49,6 +50,7 @@ $pconfig['cinterface'] = $config['captiveportal']['interface']; $pconfig['timeout'] = $config['captiveportal']['timeout']; $pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; $pconfig['enable'] = isset($config['captiveportal']['enable']); +$pconfig['auth_method'] = $config['captiveportal']['auth_method']; $pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); $pconfig['httpsname'] = $config['captiveportal']['httpsname']; @@ -120,6 +122,7 @@ if ($_POST) { $config['captiveportal']['timeout'] = $_POST['timeout']; $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; + $config['captiveportal']['auth_method'] = $_POST['auth_method']; $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; $config['captiveportal']['httpsname'] = $_POST['httpsname']; @@ -151,20 +154,9 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Captive portal");?> - - + - - - - -

Services: Captive portal

   
- @@ -253,7 +241,7 @@ Clients will be disconnected after this amount of inactivity. They may log in ag + If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs. @@ -271,9 +259,24 @@ to access after they've authenticated. If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. This is required when the MAC address of cannot be determined (usually because there are routers between m0n0wall and the clients). - + @@ -325,7 +328,7 @@ to access after they've authenticated. @@ -208,13 +192,13 @@ function enable_change(enable_change) { @@ -223,40 +207,34 @@ function enable_change(enable_change) { - - - @@ -287,5 +265,3 @@ enable_change(false); //--> - - diff --git a/webgui/services_proxyarp.php b/webgui/services_proxyarp.php index d9cf8d9..cbafef2 100644 --- a/webgui/services_proxyarp.php +++ b/webgui/services_proxyarp.php @@ -4,7 +4,7 @@ services_proxyarp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Proxy ARP"); require("guiconfig.inc"); if (!is_array($config['proxyarp']['proxyarpnet'])) { @@ -64,17 +65,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: Proxy ARP");?> - - - - - -

Services: Proxy ARP

@@ -131,5 +122,3 @@ if ($_GET['act'] == "del") { replies on an interface for other IP addresses than its own (e.g. for 1:1, advanced outbound or server NAT). It is not necessary on the WAN interface if you have a subnet routed to you or if you use PPPoE/PPTP, and it only works on the WAN interface if it's configured with a static IP address or DHCP.

- - diff --git a/webgui/services_proxyarp_edit.php b/webgui/services_proxyarp_edit.php index 7cfba55..09ceaee 100644 --- a/webgui/services_proxyarp_edit.php +++ b/webgui/services_proxyarp_edit.php @@ -4,7 +4,7 @@ services_proxyarp_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Proxy ARP", "Edit"); require("guiconfig.inc"); if (!is_array($config['proxyarp']['proxyarpnet'])) { @@ -131,12 +132,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Proxy ARP: Edit");?> - - + - - - - -

Services: Proxy ARP: Edit

+
> Enable logout popup window
- If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs. When RADIUS accounting is enabled, this option is implied.
Redirection URL
RADIUS serverAuthentication + + + + + + + + + + + + @@ -286,14 +289,14 @@ to access after they've authenticated. - +
> + No authentication
> + Local user manager
> + RADIUS authentication
  
IP address:
Accounting:   onClick="radacct_change()">>
Accounting port:  

- Enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave blank to disable RADIUS authentication. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813). + When using RADIUS authentication, enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813).
HTTPS login
Portal page contents -
+
View current page
@@ -376,5 +379,3 @@ enable_change(false); //--> - - diff --git a/webgui/services_captiveportal_ip.php b/webgui/services_captiveportal_ip.php index b3d406a..37da041 100644 --- a/webgui/services_captiveportal_ip.php +++ b/webgui/services_captiveportal_ip.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Captive portal"); require("guiconfig.inc"); if (!is_array($config['captiveportal']['allowedip'])) @@ -67,17 +68,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: Captive portal");?> - - - - - -

Services: Captive portal: Allowed IP addresses

@@ -85,11 +76,12 @@ if ($_GET['act'] == "del") {

- @@ -148,5 +140,3 @@ if ($_GET['act'] == "del") {
+
- - diff --git a/webgui/services_captiveportal_ip_edit.php b/webgui/services_captiveportal_ip_edit.php index 4b1cecf..85911e6 100644 --- a/webgui/services_captiveportal_ip_edit.php +++ b/webgui/services_captiveportal_ip_edit.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Captive portal", "Edit allowed IP address"); require("guiconfig.inc"); if (!is_array($config['captiveportal']['allowedip'])) @@ -92,17 +93,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Captive portal: Edit allowed IP address");?> - - - - - -

Services: Captive portal: Edit allowed IP address

@@ -125,7 +116,7 @@ if ($_POST) { @@ -148,5 +139,3 @@ if ($_POST) {
IP address - +
IP address
- - diff --git a/webgui/services_captiveportal_mac.php b/webgui/services_captiveportal_mac.php index d38c58c..fec1262 100644 --- a/webgui/services_captiveportal_mac.php +++ b/webgui/services_captiveportal_mac.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Captive portal"); require("guiconfig.inc"); if (!is_array($config['captiveportal']['passthrumac'])) @@ -67,17 +68,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: Captive portal");?> - - - - - -

Services: Captive portal: Pass-through MAC addresses

@@ -85,11 +76,12 @@ if ($_GET['act'] == "del") {

- @@ -129,5 +121,3 @@ if ($_GET['act'] == "del") {
+
- - diff --git a/webgui/services_captiveportal_mac_edit.php b/webgui/services_captiveportal_mac_edit.php index f763bac..f204d0f 100644 --- a/webgui/services_captiveportal_mac_edit.php +++ b/webgui/services_captiveportal_mac_edit.php @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Captive portal", "Edit pass-through MAC address"); require("guiconfig.inc"); if (!is_array($config['captiveportal']['passthrumac'])) @@ -57,6 +58,8 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $_POST['mac'] = str_replace("-", ":", $_POST['mac']); + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { $input_errors[] = "A valid MAC address must be specified. [".$_POST['mac']."]"; } @@ -90,24 +93,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Captive portal: Edit pass-through MAC address");?> - - - - - -

Services: Captive portal: Edit pass-through MAC address

@@ -130,5 +123,3 @@ if ($_POST) {
MAC address - +
MAC address (6 hex octets separated by colons)
- - diff --git a/webgui/services_captiveportal_users.php b/webgui/services_captiveportal_users.php new file mode 100644 index 0000000..e15c0dc --- /dev/null +++ b/webgui/services_captiveportal_users.php @@ -0,0 +1,243 @@ +#!/usr/local/bin/php +. + All rights reserved. + Copyright (C) 2005 Pascal Suter . + All rights reserved. + (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pgtitle = array("Services", "Captive portal"); +require("guiconfig.inc"); +if(isset($_POST['save'])){ + //value-checking + if(trim($_POST['password1'])!="********" && + trim($_POST['password1'])!="" && + trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed but don't match + $input_errors[]="passwords don't match"; + } + if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && + (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ + //assume password should be left as is if a password is set already. + if(!empty($config['users'][$_POST['old_username']]['password'])){ + $_POST['password1']="********"; + $_POST['password2']="********"; + } else { + $input_errors[]="password must not be empty"; + } + } else { + if(trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed or set but don't match + $input_errors[]="passwords don't match"; + } else { + //check password for invalid characters + if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ + $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; + //test pw: AZaz_-.@~()&*+§?!$£°%;: + } + } + } + if($_POST['username']==""){ + $input_errors[] = "username must not be empty!"; + } + //check for a valid expirationdate if one is set at all (valid means, strtotime() puts out a time stamp + //so any strtotime compatible time format may be used. to keep it simple for the enduser, we only claim + //to accept MM/DD/YYYY as inputs. advanced users may use inputs like "+1 day", which will be converted to + //MM/DD/YYYY based on "now" since otherwhise such an entry would lead to a never expiring expirationdate + if(trim($_POST['expirationdate'])!=""){ + if(strtotime($_POST['expirationdate'])>0){ + if(strtotime("-1 day")>strtotime(date("m/d/Y",strtotime($_POST['expirationdate'])))){ + $input_errors[] = "selected expiration date lies in the past"; + } else { + //convert from any strtotime compatible date to MM/DD/YYYY + $expdate = strtotime($_POST['expirationdate']); + $_POST['expirationdate'] = date("m/d/Y",$expdate); + } + } else { + $input_errors[] = "invalid expiration date format, use MM/DD/YYYY instead"; + } + } + //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can + //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml + //could not be parsed anymore! + if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ + $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; + } + + if(!empty($input_errors)){ + //there are illegal inputs --> print out error message and show formular again (and fill in all recently entered values + //except passwords + $_GET['act']="new"; + $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); + $_GET['username']=$_POST['old_username']; + foreach(Array("username","fullname","expirationdate") as $field){ + $config['users'][$_POST['old_username']][$field]=$_POST[$field]; + } + } else { + //all values are okay --> saving changes + $_POST['username']=trim($_POST['username']); + if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ + //change the username (which is used as array-index) + $config['users'][$_POST['username']]=$config['users'][$_POST['old_username']]; + unset($config['users'][$_POST['old_username']]); + } + foreach(Array('fullname','expirationdate') as $field){ + $config['users'][$_POST['username']][$field]=trim($_POST[$field]); + } + if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ + $config['users'][$_POST['username']]['password']=md5(trim($_POST['password1'])); + } + write_config(); + $savemsg=$_POST['username']." successfully saved
"; + } +} else if ($_GET['act']=="delete" && isset($_GET['username'])){ + unset($config['users'][$_GET['username']]); + write_config(); + $savemsg=$_GET['username']." successfully deleted
"; +} +//erase expired accounts +$changed=false; +if(is_array($config['users'])){ + foreach($config['users'] as $username => $user){ + if(trim($user['expirationdate'])!="" && strtotime("-1 day")>strtotime($user['expirationdate']) && empty($input_errors)){ + unset($config['users'][$username]); + $changed=true; + $savemsg.="$username has expired --> $username was deleted
"; + } + } + if($changed){ + write_config(); + } +} + +?> + + + + + + + + + +
+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Username + +
Password + ">
+ "> + (confirmation)
Full name + +
+ User's full name, for your own information only
Expiration date + + Pick a date +
+ Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy
  + + +
+
+ + + + + + + + + $user){ +?> + + + + + + + + + + + +
UsernameFull nameExpires
+   + +   + +   + +  
+ + +
+ diff --git a/webgui/services_dhcp.php b/webgui/services_dhcp.php index 9a8614c..9d60aeb 100644 --- a/webgui/services_dhcp.php +++ b/webgui/services_dhcp.php @@ -4,7 +4,7 @@ services_dhcp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "DHCP server"); require("guiconfig.inc"); $if = $_GET['if']; @@ -85,11 +86,11 @@ if ($_POST) { if (($_POST['wins1'] && !is_ipaddr($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddr($_POST['wins2']))) { $input_errors[] = "A valid IP address must be specified for the primary/secondary WINS server."; } - if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { - $input_errors[] = "The default lease time must be at least 60 seconds."; + if ($_POST['deftime'] && (!is_numericint($_POST['deftime']))) { + $input_errors[] = "The default lease time must be an integer."; } - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { - $input_errors[] = "The maximum lease time must be at least 60 seconds and higher than the default lease time."; + if ($_POST['maxtime'] && (!is_numericint($_POST['maxtime']) || ($_POST['maxtime'] <= $_POST['deftime']))) { + $input_errors[] = "The maximum lease time must be higher than the default lease time."; } if (!$input_errors) { @@ -152,12 +153,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: DHCP server");?> - - + - - - - -

Services: DHCP server

@@ -186,15 +177,15 @@ function enable_change(enable_over) {

- @@ -240,8 +231,8 @@ function enable_change(enable_over) { + +  to  @@ -289,7 +280,6 @@ function enable_change(enable_over) {

+
    - $ifname): + $ifname): if ($ifent == $if): ?>
    • -
    • +
  • ">
    • - +
Range - -  to 
WINS servers
-  
@@ -327,5 +317,3 @@ enable_change(false); //--> - - diff --git a/webgui/services_dhcp_edit.php b/webgui/services_dhcp_edit.php index 80f64a9..e531b6e 100644 --- a/webgui/services_dhcp_edit.php +++ b/webgui/services_dhcp_edit.php @@ -4,7 +4,7 @@ services_dhcp_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "DHCP server", "Edit static mapping"); require("guiconfig.inc"); $if = $_GET['if']; @@ -55,6 +56,8 @@ if (isset($id) && $a_maps[$id]) { $pconfig['mac'] = $a_maps[$id]['mac']; $pconfig['ipaddr'] = $a_maps[$id]['ipaddr']; $pconfig['descr'] = $a_maps[$id]['descr']; +} else { + $pconfig['mac'] = $_GET['mac']; } if ($_POST) { @@ -68,6 +71,8 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $_POST['mac'] = str_replace("-", ":", $_POST['mac']); + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { $input_errors[] = "A valid IP address must be specified."; } @@ -123,24 +128,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: DHCP: Edit static mapping");?> - - - - - -

Services: DHCP: Edit static mapping

MAC address
@@ -172,5 +167,3 @@ if ($_POST) {
MAC address - +
Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx
- - diff --git a/webgui/services_dhcp_relay.php b/webgui/services_dhcp_relay.php index 674077c..337c0ed 100644 --- a/webgui/services_dhcp_relay.php +++ b/webgui/services_dhcp_relay.php @@ -29,6 +29,9 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "DHCP relay"); +require("guiconfig.inc"); + function get_wan_dhcp_server() { global $config, $g; $dhclientfn = $g['vardb_path'] . "/dhclient.leases"; @@ -50,9 +53,6 @@ function get_wan_dhcp_server() { return $dhcpserver[1]; } - -require("guiconfig.inc"); - $if = $_GET['if']; if ($_POST['if']) $if = $_POST['if']; @@ -99,6 +99,7 @@ if ($_POST) { /* make sure that the DHCP server isn't enabled on this interface */ if (isset($config['dhcpd'][$if]['enable'])) $input_errors[] = "You must disable the DHCP server on the {$iflist[$if]} interface before enabling the DHCP Relay."; + /* make sure that the DHCP server isn't running on any of the implied interfaces */ foreach ($config['interfaces'] as $ifname => $ifcfg) { $subnet = $ifcfg['ipaddr'] . "/" . $ifcfg['subnet']; @@ -107,7 +108,7 @@ if ($_POST) { } if (!isset($destif)) $destif = "wan"; - if (isset($config['dhcpd'][$destif]['enable'])) + if (isset($config['dhcpd'][$destif]['enable']) && !$input_errors) $input_errors[] = "You must disable the DHCP server on the {$destif} interface before enabling the DHCP Relay."; /* if proxydhcp is selected, make sure DHCP is enabled on WAN */ @@ -136,12 +137,7 @@ if ($_POST) { } ?> - - - -<?=gentitle("Services: DHCP relay");?> - - + - - - - -

Services: DHCP relay

- @@ -225,5 +216,3 @@ enable_change(false); //--> - - diff --git a/webgui/services_dnsmasq.php b/webgui/services_dnsmasq.php index 00cd5af..231310d 100644 --- a/webgui/services_dnsmasq.php +++ b/webgui/services_dnsmasq.php @@ -4,7 +4,7 @@ services_dnsmasq.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Bob Zoller and Manuel Kasper . + Copyright (C) 2003-2005 Bob Zoller and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "DNS forwarder"); require("guiconfig.inc"); $pconfig['enable'] = isset($config['dnsmasq']['enable']); @@ -73,17 +74,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: DNS forwarder");?> - - - - - -

Services: DNS forwarder

@@ -92,20 +83,19 @@ if ($_GET['act'] == "del") {

+
    - $ifname): + $ifname): if ($ifent == $if): ?>
    • -
    • +
  • ">
    • - +
- + Enable DNS forwarder - @@ -130,7 +120,6 @@ if ($_GET['act'] == "del") { forwarders below.

+

> - Enable DNS forwarder
-

+

> Register DHCP leases in DNS forwarder
If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in the DNS forwarder, so that their name can be resolved. You should also set the domain in System: - General setup to the proper value.

+ General setup to the proper value.
-  
@@ -164,5 +153,3 @@ if ($_GET['act'] == "del") {
Host
- - diff --git a/webgui/services_dnsmasq_edit.php b/webgui/services_dnsmasq_edit.php index 810a415..6701555 100644 --- a/webgui/services_dnsmasq_edit.php +++ b/webgui/services_dnsmasq_edit.php @@ -4,7 +4,7 @@ services_dnsmasq_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Bob Zoller and Manuel Kasper . + Copyright (C) 2003-2005 Bob Zoller and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "DNS forwarder", "Edit host"); require("guiconfig.inc"); if (!is_array($config['dnsmasq']['hosts'])) { @@ -101,17 +102,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: DNS forwarder: Edit host");?> - - - - - -

Services: DNS forwarder: Edit host

@@ -126,14 +117,14 @@ if ($_POST) { @@ -156,5 +147,3 @@ if ($_POST) {
Domain - +
Domain of the host
e.g. blah.com
IP address - +
IP address of the host
e.g. 192.168.100.100
- - diff --git a/webgui/services_dyndns.php b/webgui/services_dyndns.php index 20cdefd..0ee1af7 100644 --- a/webgui/services_dyndns.php +++ b/webgui/services_dyndns.php @@ -4,7 +4,7 @@ services_dyndns.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Dynamic DNS"); require("guiconfig.inc"); if (!is_array($config['dnsupdate'])) { @@ -50,9 +51,6 @@ if (!$pconfig['dnsupdate_ttl']) $pconfig['dnsupdate_ttl'] = 60; $pconfig['dnsupdate_keydata'] = $config['dnsupdate']['keydata']; $pconfig['dnsupdate_keyname'] = $config['dnsupdate']['keyname']; -$pconfig['dnsupdate_keytype'] = $config['dnsupdate']['keytype']; -if (!$pconfig['dnsupdate_keytype']) - $pconfig['dnsupdate_keytype'] = "zone"; $pconfig['dnsupdate_usetcp'] = isset($config['dnsupdate']['usetcp']); if ($_POST) { @@ -106,7 +104,6 @@ if ($_POST) { $config['dnsupdate']['host'] = $_POST['dnsupdate_host']; $config['dnsupdate']['ttl'] = $_POST['dnsupdate_ttl']; $config['dnsupdate']['keyname'] = $_POST['dnsupdate_keyname']; - $config['dnsupdate']['keytype'] = $_POST['dnsupdate_keytype']; $config['dnsupdate']['keydata'] = $_POST['dnsupdate_keydata']; $config['dnsupdate']['usetcp'] = $_POST['dnsupdate_usetcp'] ? true : false; @@ -125,12 +122,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Dynamic DNS client");?> - - + - - - - -

Services: Dynamic DNS client

@@ -175,7 +159,7 @@ function enable_change(enable_change) {
Service type - @@ -188,7 +172,7 @@ function enable_change(enable_change) {
Hostname - +
Username - +
Password - +
- - + + +
RFC 2163 Dynamic DNS updates onClick="enable_change(false)"> Enable
RFC 2136 Dynamic DNS updates onClick="enable_change(false)"> Enable
Hostname - +
TTL - + seconds
Key name - +
This must match the setting on the DNS server.
Key type - > Zone   - > Host   - > User -
Key - +
Paste an HMAC-MD5 key here.
@@ -192,6 +183,7 @@ function typesel_change() {
+ + + @@ -137,5 +128,3 @@ enable_change(false); //--> - - diff --git a/webgui/services_wol.php b/webgui/services_wol.php index 1ee5946..6bd5bd9 100644 --- a/webgui/services_wol.php +++ b/webgui/services_wol.php @@ -4,7 +4,7 @@ services_wol.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Wake on LAN"); require("guiconfig.inc"); if (!is_array($config['wol']['wolentry'])) { @@ -47,6 +48,8 @@ if ($_POST || $_GET['mac']) { $mac = $_POST['mac_input']; $if = $_POST['interface']; } + + $mac = str_replace("-", ":", $mac); /* input validation */ if (!$mac || !is_macaddr($mac)) @@ -73,17 +76,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("Services: Wake on LAN");?> - - - - - -

Services: Wake on LAN

@@ -91,7 +84,7 @@ if ($_GET['act'] == "del") { @@ -158,5 +151,3 @@ Click the MAC address to wake up a computer.
Type:  
Address:   /
Range:   - @@ -248,5 +242,3 @@ typesel_change(); //--> - - diff --git a/webgui/services_snmp.php b/webgui/services_snmp.php index 125187b..28e294f 100644 --- a/webgui/services_snmp.php +++ b/webgui/services_snmp.php @@ -4,7 +4,7 @@ services_snmp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "SNMP"); require("guiconfig.inc"); if (!is_array($config['snmpd'])) { @@ -72,12 +73,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: SNMP");?> - - + - - - - -

Services: SNMP

@@ -119,7 +110,7 @@ function enable_change(enable_change) {
Community - +
In most cases, "public" is used here
Interface - 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { if (isset($config['interfaces']['opt' . $i]['enable']) && @@ -109,7 +102,7 @@ if ($_GET['act'] == "del") {
MAC address - +
Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx
- - diff --git a/webgui/services_wol_edit.php b/webgui/services_wol_edit.php index 1d483f7..3e25b04 100644 --- a/webgui/services_wol_edit.php +++ b/webgui/services_wol_edit.php @@ -4,7 +4,7 @@ services_wol_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Services", "Wake on LAN", "Edit"); require("guiconfig.inc"); if (!is_array($config['wol']['wolentry'])) { @@ -58,6 +59,8 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $_POST['mac'] = str_replace("-", ":", $_POST['mac']); + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { $input_errors[] = "A valid MAC address must be specified."; } @@ -80,24 +83,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("Services: Wake on LAN: Edit entry");?> - - - - - -

Services: Wake on LAN: Edit entry

@@ -139,5 +132,3 @@ if ($_POST) {
Interface - 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { if (isset($config['interfaces']['opt' . $i]['enable']) && @@ -115,7 +108,7 @@ if ($_POST) {
MAC address - +
Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx
- - diff --git a/webgui/stats.cgi b/webgui/stats.cgi new file mode 100644 index 0000000000000000000000000000000000000000..745b7d2e71250955bb5ee56dd31cae0b10e68623 GIT binary patch literal 6266 zcmc&&e{2-T6`sQe4r&s|fs{5#Jta_q6xN221W0IY@M2qa;A(8@2$JP|-t!%~U%lHS zI5LUJaY-&0x9;yqp)GBr7DfC)Tctt@e_UfK3zbS%#2=(!1Z|?8g;kLX5vOtMe&5WF zSyHM-ZKaOx-J5Ub&3kWV-t5l4XU+DlKA&%aaLXJ~C48vwE>!#1f!}wV>R2ZNVxCwj zmWn0dLa=Y$AY?#g)Jbze)u1ZSH4^$rpFy3(KI$gPf<6H{@+l!m94~5BzifLIeW0so zuE8MMW&a$of^Btxpn&UTtbP1p`4mt*Tw$;L3 z7dZD-jjs`VfG2153lRmL_TVw#VbAy+a1G)UOxha&FTbSmLh&5%GW55*{+tH(jxPdt zyZSi)3&39g4gueX@w>n|pC5uA@!0z*ur2{qPJ-Iee-NDV02#$g%fBwbjzTeREU0wSDW>9cHK1*|fRc zv?v+3lTdgoGs=seerd?EdqYkLl0Dh1m32ZHsI-&4oMJE5Z$8#HN{*n6lVd~E252}lsjzXw# z{+U(z1AgJ$TQdDW;b9nDFPyuI*9X_v=N1gL`ihI#*ofBLt&FsCkADNGRVc_KG3%OmN7Y3`Ru>hF<5i zP6dkPLiqsA@AXxll1-dGz(NIXrQ)2cqR*q^HZ^LU8Z}%pCre#dePhM9s=BTf$EwV! zQrEQatzy^Nl6kJwbwTx9V$Zv!t_pj`N@fK@tHz4v$@AvPk~voDI;+ve58tU=ygdGR zIe%(;+$@jJU5YteJe{BPk1tyuUBn4(_?z53IroE;=P>Wl!hY-xA33811{ux}YMrQ| zBH*LH^c^DK7-OOON>B0nO>KLgS$q?I`q}C$4}MIh{$ny5AX8Vou2$po$|daKj5K@Y z<bA0Cz(o|!knSI4kwD;A>AihxpUxc zf8v``C$yZ|Q3hh)}c}Mk}m+*Xnr+j>FklXs< z#b1wqpQl`^z5spag5w3*p!U0wvu~5*19E*TCzY~cwaycFVDRwik>YiEW|l%G+RZUb zlo)Z=gNx;&Ih8*!C33e@ov)Hma@@zM=yQ-PnNz{aLvAbP;<)kN?AoQq=c#ezukL({ z=5+qRw8*(<>+V_0C38AhS*BIxr{?VYEJn-Lc{f^XpYp`fMWvL_68Q5i=?|3rOxwcR zE|mLorB2EyZP(O>tSMjd-B^poJKk)?LnFV5|1-|*kS|rujO9nB^AFGDuI=(XLn`%f zX9U~)AC@QWOwtIaExt&_3Zo&yi`8s-tTAajMm&~$(&)33b|!|`dOzOG2_qH>r*cV0 ztcXVjR^;&Wj2k>;G;K*G@uqiHclM|4jRCxlo%(b<6iY5#C_2n9cbPjntw+ty*6q!r z#q1Pl=y=T9(b>_qtwn^>yx_Ry5+3oLSOtxFN=Ur>@lM7&CSL=5Y^=mxmv_LoSOUK)x99s+9#V26+eKIqnAW5zKon@3-sSyBDgTxFDA0(?N56zodd+K;K)S zw?TgZ{RK1!_oX_}J)pIq&7cmDXxXx5V_;>=wysryaA2*m;Q?b^U~NOg+J^hrHUxIL zSMtZj|4UA91oxm}jnTl5hX1BbAfOUXs0ZB1C?3@{TpjI9S{TWcV;fDI+g3ZFK4C;d z*{Cpj`;!=`xRVh^#*Q25xFZaCr!*LF!jN}CBa@Q1I79v0QFW`7LqmyJSQud^mB|7t z)|bLaT=>wQN+b}&$^mZVCoKG);QBDORnd6xpMhE@Sg>o!k0%^I!kUNZyGCSNtInqv$mg9H$ZcLz; zlW>dHw;Nc?@flFYVW$teXt^FVP>%E9^W+lb%BbrSa4UPkDaW%wBN~9~zSmIqe&09X;mp|3 zMa%IyOPjh3Lhf}9z_lDX_e_^b3_Jp-_>AVaJpE%lGe*7oUPc1q&squkJXN5Z3(qH8 zRMtnGLxq)Po;QV+1)eK~)#~v4D6Do>zdNejNYr_QDtBcV_ex$enP*a%vp`%TJ{3lg zqA*?+M)068E)~WmpfLUvR@oN)-l=jkGK?qH&&&+=V-|DeZsY-~hA5Pxqz_q_V?DT42 z`OW6`ZvfZh=O7BU1MBthA^XI0-}=1L$NmH`ce@xibYfEmAPe2r)W=JWk~kgbEiL11qltQ&aRJumdn2Il^uiq&|3 z=BvPmin!x}bNoJV&VSm~Hwf&_lf3|}&sQBXh(o~3U|;9Sz76cv|0=LIPxfsQd{f>moN=;FE)p@qqAwg?YvBTtj>YX> zL!^!Sk%nsS+}>fex8d$=3HHU2P3uLL4LP%v)fZ3ogyNRG#aN--ezcmc*4B=uM@?(9 z+0wQRgLombdUJ_Hzex4$wZo3FW{pruHr2}8lPeHOWx}@Qq%1cFw#8%IYf#>vT!T`^ z+|~?JuD2Q}KNLbH&B$xFO#$9A TlPHscGSe7~+|cm}lZ*cVr91=O literal 0 HcmV?d00001 diff --git a/webgui/status_captiveportal.php b/webgui/status_captiveportal.php index 80f2eff..18b5ba4 100644 --- a/webgui/status_captiveportal.php +++ b/webgui/status_captiveportal.php @@ -4,7 +4,7 @@ status_captiveportal.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,19 +29,10 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Status", "Captive portal"); require("guiconfig.inc"); ?> - - - -<?=gentitle("Status: Captive portal");?> - - - - - -

Status: Captive portal

- - diff --git a/webgui/status_graph.php b/webgui/status_graph.php index 15330fd..dfd928d 100644 --- a/webgui/status_graph.php +++ b/webgui/status_graph.php @@ -4,7 +4,7 @@ status_graph.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Status", "Traffic graph"); require("guiconfig.inc"); $curif = "wan"; @@ -40,17 +41,7 @@ if ($curif == "wan") else $ifnum = $config['interfaces'][$curif]['if']; ?> - - - -<?=gentitle("Status: Traffic graph");?> - - - - - -

Status: Traffic graph

'WAN', 'lan' => 'LAN'); @@ -74,7 +65,5 @@ foreach ($ifdescrs as $ifn => $ifd) { -

Note: the Adobe SVG viewer is required to view the graph. +
Note: the Adobe SVG viewer is required to view the graph. - - diff --git a/webgui/status_graph_cpu.php b/webgui/status_graph_cpu.php new file mode 100644 index 0000000..b44d8a0 --- /dev/null +++ b/webgui/status_graph_cpu.php @@ -0,0 +1,41 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Status", "CPU load"); +require("guiconfig.inc"); +?> + +

+ +
+
Note: the Adobe SVG viewer is required to view the graph. + diff --git a/webgui/status_interfaces.php b/webgui/status_interfaces.php index 806ea26..7c8ffc9 100644 --- a/webgui/status_interfaces.php +++ b/webgui/status_interfaces.php @@ -4,7 +4,7 @@ status_interfaces.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Status", "Interfaces"); require("guiconfig.inc"); $wancfg = &$config['interfaces']['wan']; @@ -166,8 +167,11 @@ function get_interface_info($ifdescr) { if (preg_match("/channel (\S*)/", $ici, $matches)) { $ifinfo['channel'] = $matches[1]; } - if (preg_match("/ssid (\S*)/", $ici, $matches)) { - $ifinfo['ssid'] = $matches[1]; + if (preg_match("/ssid (\".*?\"|\S*)/", $ici, $matches)) { + if ($matches[1][0] == '"') + $ifinfo['ssid'] = substr($matches[1], 1, -1); + else + $ifinfo['ssid'] = $matches[1]; } } @@ -204,17 +208,7 @@ function get_interface_info($ifdescr) { } ?> - - - -<?=gentitle("Status: Interfaces");?> - - - - - -

Status: Interfaces

'WAN', 'lan' => 'LAN'); @@ -237,13 +231,13 @@ function get_interface_info($ifdescr) { interface - + - + - + - + - + @@ -284,59 +278,59 @@ function get_interface_info($ifdescr) { - + - + - + - + - + - + - + - + - + - + @@ -345,11 +339,10 @@ function get_interface_info($ifdescr) {
StatusStatus
DHCPDHCP    @@ -254,7 +248,7 @@ function get_interface_info($ifdescr) {
PPPoEPPPoE    @@ -265,7 +259,7 @@ function get_interface_info($ifdescr) {
PPTPPPTP    @@ -276,7 +270,7 @@ function get_interface_info($ifdescr) {
MAC addressMAC address
IP addressIP address  
Subnet maskSubnet mask
GatewayGateway
ISP DNS serversISP DNS servers
MediaMedia
ChannelChannel
SSIDSSID
In/out packetsIn/out packets
In/out errorsIn/out errors
CollisionsCollisions
-

Note:
+
+Note:
Using dial-on-demand will bring the connection up again if any packet triggers it. To substantiate this point: disconnecting manually will not prevent dial-on-demand from making connections to the outside! Don't use dial-on-demand if you want to make sure that the line is kept disconnected. - - diff --git a/webgui/status_wireless.php b/webgui/status_wireless.php index c87c8d6..f8771bb 100644 --- a/webgui/status_wireless.php +++ b/webgui/status_wireless.php @@ -4,7 +4,7 @@ status_wireless.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Status", "Wireless"); require("guiconfig.inc"); function get_wireless_info($ifdescr) { @@ -78,35 +79,25 @@ function get_wireless_info($ifdescr) { } ?> - - - -<?=gentitle("Status: Wireless");?> - - - - - -

Status: Wireless

- 0): ?> + 0): ?> $ifname): @@ -122,7 +113,7 @@ function get_wireless_info($ifdescr) { interface (SSID "") - - + + + + @@ -270,6 +268,15 @@ function enable_change(enable_over) { By default, access to the webGUI on the LAN interface is always permitted, regardless of the user-defined filter rule set. Enable this feature to control webGUI access (make sure to have a filter rule in place that allows you in, or you will lock yourself out!).
Hint: the "set LAN IP address" option in the console menu resets this setting as well. + + + + @@ -285,5 +292,3 @@ enable_change(false); //--> - - diff --git a/webgui/system_firmware.php b/webgui/system_firmware.php index e008813..dc7edf4 100644 --- a/webgui/system_firmware.php +++ b/webgui/system_firmware.php @@ -4,7 +4,7 @@ system_firmware.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,13 +29,15 @@ POSSIBILITY OF SUCH DAMAGE. */ -$d_isfwfile = 1; require("guiconfig.inc"); +$d_isfwfile = 1; +$pgtitle = array("System", "Firmware"); +require("guiconfig.inc"); /* checks with m0n0.ch to see if a newer firmware version is available; returns any HTML message it gets from the server */ function check_firmware_version() { global $g; - $post = "platform=" . rawurlencode($g['platform']) . + $post = "platform=" . rawurlencode($g['fullplatform']) . "&version=" . rawurlencode(trim(file_get_contents("/etc/version"))); $rfd = @fsockopen("m0n0.ch", 80, $errno, $errstr, 3); @@ -94,8 +96,8 @@ if ($_POST && !file_exists($d_firmwarelock_path)) { } else if ($mode == "upgrade") { if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) { /* verify firmware image(s) */ - if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override']) - $input_errors[] = "The uploaded image file is not for this platfom ({$g['platform']})."; + if (!stristr($_FILES['ulfile']['name'], $g['fullplatform']) && !$_POST['sig_override']) + $input_errors[] = "The uploaded image file is not for this platform ({$g['fullplatform']})."; else if (!file_exists($_FILES['ulfile']['tmp_name'])) { /* probably out of memory for the MFS */ $input_errors[] = "Image upload failed (out of memory?)"; @@ -137,17 +139,7 @@ if ($_POST && !file_exists($d_firmwarelock_path)) { $fwinfo = check_firmware_version(); } ?> - - - -<?=gentitle("System: Firmware");?> - - - - - -

System: Firmware

@@ -169,7 +161,7 @@ print_info_box($sig_warning);

Click "Enable firmware - upload" below, then choose the image file (-*.img) + upload" below, then choose the image file (-*.img) to be uploaded.
Click "Upgrade firmware" to start the upgrade process.

@@ -202,5 +194,3 @@ print_info_box($sig_warning); - - diff --git a/webgui/system_routes.php b/webgui/system_routes.php index c4abdff..d60a111 100644 --- a/webgui/system_routes.php +++ b/webgui/system_routes.php @@ -4,7 +4,7 @@ system_routes.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("System", "Static routes"); require("guiconfig.inc"); if (!is_array($config['staticroutes']['route'])) @@ -68,17 +69,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("System: Static routes");?> - - - - - -

System: Static routes

@@ -122,5 +113,3 @@ if ($_GET['act'] == "del") {

Signal strength + Signal strength cache @@ -155,7 +146,7 @@ function get_wireless_info($ifdescr) {
Associated stations + Associated stations @@ -182,8 +173,6 @@ function get_wireless_info($ifdescr) {
-

No supported wireless interfaces were found for status display.

+No supported wireless interfaces were found for status display (only cards that use the wi[n] driver are supported). - - diff --git a/webgui/system.php b/webgui/system.php index bafb83d..a75ebf2 100644 --- a/webgui/system.php +++ b/webgui/system.php @@ -4,7 +4,7 @@ system.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("System", "General setup"); require("guiconfig.inc"); $pconfig['hostname'] = $config['system']['hostname']; @@ -154,36 +155,26 @@ if ($_POST) { } } ?> - - - -<?=gentitle("System: General setup");?> - - - - - -

System: General setup

-
+ - - - + PPTP VPN clients, though. @@ -261,5 +252,3 @@ if ($_POST) {
Hostname +
name of the firewall host, without domain part
e.g. firewall
Domain +
e.g. mycorp.com
DNS servers

+


@@ -197,7 +188,7 @@ if ($_POST) { If this option is set, m0n0wall will use DNS servers assigned by a DHCP/PPP server on WAN for its own purposes (including the DNS forwarder). They will not be assigned to DHCP and - PPTP VPN clients, though.
Username
- - diff --git a/webgui/system_advanced.php b/webgui/system_advanced.php index dbc665a..037a7dd 100644 --- a/webgui/system_advanced.php +++ b/webgui/system_advanced.php @@ -4,7 +4,7 @@ system_advanced.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("System", "Advanced setup"); require("guiconfig.inc"); $pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']); @@ -41,8 +42,10 @@ $pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck $pconfig['expanddiags'] = isset($config['system']['webgui']['expanddiags']); if ($g['platform'] == "generic-pc") $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; +$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; +$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); if ($_POST) { @@ -81,7 +84,10 @@ if ($_POST) { $config['system']['harddiskstandby'] = $_POST['harddiskstandby']; } $config['system']['webgui']['noantilockout'] = $_POST['noantilockout'] ? true : false; + $config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'] ? true : false; $config['filter']['tcpidletimeout'] = $_POST['tcpidletimeout']; + $oldpreferoldsa = $config['ipsec']['preferoldsa']; + $config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false; write_config(); @@ -104,18 +110,15 @@ if ($_POST) { config_lock(); $retval = filter_configure(); $retval |= interfaces_optional_configure(); + if ($config['ipsec']['preferoldsa'] != $oldpreferoldsa) + $retval |= vpn_ipsec_configure(); config_unlock(); } $savemsg = get_std_save_message($retval); } } ?> - - - -<?=gentitle("System: Advanced functions");?> - - + - - - - -

System: Advanced functions

Note: the @@ -238,17 +236,10 @@ function enable_change(enable_over) {

Hard disk standby time
@@ -261,6 +252,13 @@ function enable_change(enable_over) { 		> Keep diagnostics in navigation expanded
Static route filtering + > + Bypass firewall rules for traffic on the same interface
+ This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface.
webGUI anti-lockout
IPsec SA preferral + > + Prefer old IPsec SAs
+ By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old. + Select this option to always prefer old SAs over new ones. +
 
- - diff --git a/webgui/system_routes_edit.php b/webgui/system_routes_edit.php index 826a5f1..76519e3 100644 --- a/webgui/system_routes_edit.php +++ b/webgui/system_routes_edit.php @@ -4,7 +4,7 @@ system_routes_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("System", "Static routes", "Edit"); require("guiconfig.inc"); if (!is_array($config['staticroutes']['route'])) @@ -103,24 +104,14 @@ if ($_POST) { } } ?> - - - -<?=gentitle("System: Static routes: Edit route");?> - - - - - -

System: Static routes: Edit route

@@ -172,5 +163,3 @@ if ($_POST) {
Interface - 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; @@ -136,7 +127,7 @@ if ($_POST) {
Destination network - + /
Gateway - +
Gateway to be used to reach the destination network
- - diff --git a/webgui/uploadconfig.php b/webgui/uploadconfig.php new file mode 100644 index 0000000..a86b56b --- /dev/null +++ b/webgui/uploadconfig.php @@ -0,0 +1,56 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +header("Content-Type: text/plain"); + +/* get config.xml in POST variable "config" */ +if ($_POST['config']) { + $fd = @fopen("{$g['tmp_path']}/config.xml", "w"); + if (!$fd) { + echo "ERR Could not save configuration.\n"; + exit(0); + } + fwrite($fd, $_POST['config']); + fclose($fd); + if (config_install("{$g['tmp_path']}/config.xml") == 0) { + echo "OK\n"; + system_reboot(); + } else { + echo "ERR Could not install configuration.\n"; + } +} else { + echo "ERR Invalid configuration received.\n"; +} + +exit(0); +?> diff --git a/webgui/vpn_ipsec.php b/webgui/vpn_ipsec.php index 18fd5b8..ee66c3a 100644 --- a/webgui/vpn_ipsec.php +++ b/webgui/vpn_ipsec.php @@ -4,7 +4,7 @@ vpn_ipsec.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec"); require("guiconfig.inc"); if (!is_array($config['ipsec']['tunnel'])) { @@ -81,17 +82,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("VPN: IPsec");?> - - - - - -

VPN: IPsec

@@ -99,7 +90,7 @@ if ($_GET['act'] == "del") {

-
+
  • Tunnels
  • Mobile clients
    • @@ -110,10 +101,9 @@ if ($_GET['act'] == "del") {
- + Enable IPsec

+

> - Enable IPsec
-

@@ -188,5 +178,3 @@ if ($_GET['act'] == "del") {
- - diff --git a/webgui/vpn_ipsec_edit.php b/webgui/vpn_ipsec_edit.php index f0fafde..370c7f4 100644 --- a/webgui/vpn_ipsec_edit.php +++ b/webgui/vpn_ipsec_edit.php @@ -4,7 +4,7 @@ vpn_ipsec_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "IPsec", "Edit tunnel"); require("guiconfig.inc"); if (!is_array($config['ipsec']['tunnel'])) { @@ -77,7 +78,7 @@ function pconfig_to_address(&$adr, $padr, $pmask) { if (isset($id) && $a_ipsec[$id]) { $pconfig['disabled'] = isset($a_ipsec[$id]['disabled']); - $pconfig['auto'] = isset($a_ipsec[$id]['auto']); + //$pconfig['auto'] = isset($a_ipsec[$id]['auto']); if (!isset($a_ipsec[$id]['local-subnet'])) $pconfig['localnet'] = "lan"; @@ -131,6 +132,7 @@ if (isset($id) && $a_ipsec[$id]) { $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); $pconfig['p2pfsgroup'] = "0"; + $pconfig['remotebits'] = 32; } if ($_POST) { @@ -164,7 +166,7 @@ if ($_POST) { if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { $input_errors[] = "The P2 lifetime must be an integer."; } - if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] <= 0) || ($_POST['remotebits'] > 32))) { + if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] < 0) || ($_POST['remotebits'] > 32))) { $input_errors[] = "The remote network bits are invalid."; } if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) { @@ -190,7 +192,7 @@ if ($_POST) { if (!$input_errors) { $ipsecent['disabled'] = $_POST['disabled'] ? true : false; - $ipsecent['auto'] = $_POST['auto'] ? true : false; + //$ipsecent['auto'] = $_POST['auto'] ? true : false; $ipsecent['interface'] = $pconfig['interface']; pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']); $ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits']; @@ -238,12 +240,7 @@ if ($_POST) { } } ?> - - - -<?=gentitle("VPN: IPsec: Edit tunnel");?> - - + - - - - -

VPN: IPsec: Edit tunnel

@@ -287,16 +279,16 @@ function typesel_change() { Set this option to disable this tunnel without removing it from the list. - + -
Interface + + @@ -376,7 +370,7 @@ function typesel_change() { @@ -456,7 +450,7 @@ function typesel_change() {
Type:  
Address:   /
Remote subnet - + /
Remote gateway - +
Enter the public IP address of the remote gateway
Negotiation mode -
My identifier - $modename): ?>
Encryption algorithm - $algoname): ?>
Hash algorithm - $algoname): ?>
DH key group -
Pre-Shared Key - +
Protocol - $protoname): ?>
PFS key group - $keygroupname): ?>
- - diff --git a/webgui/vpn_openvpn_cli.php b/webgui/vpn_openvpn_cli.php index 3bd3d93..d022630 100644 --- a/webgui/vpn_openvpn_cli.php +++ b/webgui/vpn_openvpn_cli.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -67,17 +68,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("VPN: OpenVPN");?> - - - - - -

VPN: OpenVPN

@@ -89,7 +80,7 @@ if ($_GET['act'] == "del") { @@ -144,5 +135,3 @@ if ($_GET['act'] == "del") {
- - diff --git a/webgui/vpn_openvpn_cli_edit.php b/webgui/vpn_openvpn_cli_edit.php index 4c27709..a13b534 100644 --- a/webgui/vpn_openvpn_cli_edit.php +++ b/webgui/vpn_openvpn_cli_edit.php @@ -28,6 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "OpenVPN", "Edit client"); require("guiconfig.inc"); require_once("openvpn.inc"); @@ -187,17 +188,7 @@ if (isset($_POST['pull'])) { } ?> - - - -<?=gentitle("VPN: OpenVPN: Edit client");?> - - - - - -

VPN: OpenVPN: Edit client

@@ -349,5 +340,3 @@ if (isset($_POST['pull'])) {
- - diff --git a/webgui/vpn_pptp.php b/webgui/vpn_pptp.php index 6344afa..43a19e5 100644 --- a/webgui/vpn_pptp.php +++ b/webgui/vpn_pptp.php @@ -4,7 +4,7 @@ vpn_pptp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['radius'])) { @@ -121,11 +122,7 @@ if ($_POST) { } } ?> - - -<?=gentitle("VPN: PPTP");?> - - + - - - - -

VPN: PPTP

- @@ -220,7 +212,7 @@ function enable_change(enable_over) { @@ -229,7 +221,7 @@ function enable_change(enable_over) { + Sends accounting packets to the RADIUS server. - + Enter the IP address of the RADIUS server. - + to the RADIUS server. @@ -305,5 +294,3 @@ enable_change(false); //--> - - diff --git a/webgui/vpn_pptp_users.php b/webgui/vpn_pptp_users.php index 0122734..5b6d9da 100644 --- a/webgui/vpn_pptp_users.php +++ b/webgui/vpn_pptp_users.php @@ -4,7 +4,7 @@ vpn_pptp_users.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['user'])) { @@ -66,17 +67,7 @@ if ($_GET['act'] == "del") { } } ?> - - - -<?=gentitle("VPN: PPTP: Users");?> - - - - - -

VPN: PPTP: Users

+
  • Configuration
  • Users
    • @@ -202,7 +194,7 @@ function enable_change(enable_over) {
PPTP redirection - +
Enter the IP address of a host which will accept incoming PPTP connections.
Server address - +
Enter the IP address the PPTP server should use on its side for all clients.		Remote address range - + /
@@ -241,7 +233,6 @@ function enable_change(enable_over) {
RADIUS -

> Use a RADIUS server for authentication
When set, all users will be authenticated using @@ -250,24 +241,22 @@ function enable_change(enable_over) {
> Enable RADIUS accounting
- Sends accounting packets to the RADIUS server.

RADIUS server -

+


- Enter the IP address of the RADIUS server.
RADIUS shared secret -

+


Enter the shared secret that will be used to authenticate - to the RADIUS server.
- @@ -122,5 +113,3 @@ if ($_GET['act'] == "del") {
+
- - diff --git a/webgui/vpn_pptp_users_edit.php b/webgui/vpn_pptp_users_edit.php index 1b681ee..bbeddc1 100644 --- a/webgui/vpn_pptp_users_edit.php +++ b/webgui/vpn_pptp_users_edit.php @@ -4,7 +4,7 @@ vpn_pptp_users_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper . + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP", "Edit user"); require("guiconfig.inc"); if (!is_array($config['pptpd']['user'])) { @@ -109,30 +110,20 @@ if ($_POST) { } } ?> - - - -<?=gentitle("VPN: PPTP: Users: Edit");?> - - - - - -

VPN: PPTP: Users: Edit

@@ -155,5 +146,3 @@ if ($_POST) {
Username - +
Password - -
+ +
 (confirmation)
If you want to change the users' password, enter it here twice.
- - -- 2.25.1