lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

inc: partial PSR12 style sweep

Browse Source
This commit is contained in:
Franco Fichtner 2019-12-09 06:36:17 +01:00
parent 266df11e4c
commit b20f6fa400
16 changed files with 267 additions and 227 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
src/etc/inc/IPv6.inc
View File

@ -258,7 +258,7 @@ class Net_IPv6
*/
public static function getNetmask($ip, $bits = null)
{
if (null==$bits) {
if (null == $bits) {
$elements = explode('/', $ip);
if (2 == count($elements)) {
$addr = $elements[0];
@ -271,7 +271,7 @@ class Net_IPv6
}
$addr = Net_IPv6::uncompress($addr);
$binNetmask = str_repeat('1', $bits).str_repeat('0', 128 - $bits);
$binNetmask = str_repeat('1', $bits) . str_repeat('0', 128 - $bits);
return Net_IPv6::_bin2Ip(Net_IPv6::_ip2Bin($addr) & $binNetmask);
}
@ -318,9 +318,11 @@ class Net_IPv6
$binIp = Net_IPv6::_ip2Bin(Net_IPv6::removeNetmaskSpec($ip));
$binNetmask = Net_IPv6::_ip2Bin(Net_IPv6::removeNetmaskSpec($netmask));
if (null != $bits
if (
null != $bits
&& "" != $bits
&& 0 == strncmp($binNetmask, $binIp, $bits)) {
&& 0 == strncmp($binNetmask, $binIp, $bits)
) {
return true;
}
@ -367,9 +369,9 @@ class Net_IPv6
if (0 == strncmp(str_repeat('0', 128), $binip, 128)) { // ::/128
return NET_IPV6_UNSPECIFIED;
} elseif (0 == strncmp(str_repeat('0', 127).'1', $binip, 128)) { // ::/128
} elseif (0 == strncmp(str_repeat('0', 127) . '1', $binip, 128)) { // ::/128
return NET_IPV6_LOOPBACK;
} elseif (0 == strncmp(str_repeat('0', 80).str_repeat('1', 16), $binip, 96)) { // ::ffff/96
} elseif (0 == strncmp(str_repeat('0', 80) . str_repeat('1', 16), $binip, 96)) { // ::ffff/96
return NET_IPV6_IPV4MAPPING;
} elseif (0 == strncmp('1111111010', $binip, 10)) {
return NET_IPV6_LOCAL_LINK;
@ -381,14 +383,17 @@ class Net_IPv6
return NET_IPV6_MULTICAST;
} elseif (0 == strncmp('00000000', $binip, 8)) {
return NET_IPV6_RESERVED;
} elseif (0 == strncmp('00000001', $binip, 8)
|| 0 == strncmp('1111110', $binip, 7)) {
} elseif (
0 == strncmp('00000001', $binip, 8)
|| 0 == strncmp('1111110', $binip, 7)
) {
return NET_IPV6_UNASSIGNED;
} elseif (0 == strncmp('0000001', $binip, 7)) {
return NET_IPV6_RESERVED_NSAP;
} elseif (0 == strncmp('0000010', $binip, 7)) {
return NET_IPV6_RESERVED_IPX;
} elseif (0 == strncmp('0000011', $binip, 7) ||
} elseif (
0 == strncmp('0000011', $binip, 7) ||
0 == strncmp('111110', $binip, 6) ||
0 == strncmp('11110', $binip, 5) ||
0 == strncmp('00001', $binip, 5) ||
@ -397,7 +402,8 @@ class Net_IPv6
0 == strncmp('001', $binip, 3) ||
0 == strncmp('011', $binip, 3) ||
0 == strncmp('101', $binip, 3) ||
0 == strncmp('110', $binip, 3)) {
0 == strncmp('110', $binip, 3)
) {
return NET_IPV6_UNASSIGNED;
} elseif (0 == strncmp('010', $binip, 3)) {
return NET_IPV6_UNICAST_PROVIDER;
@ -446,7 +452,7 @@ class Net_IPv6
$prefix = '';
} else {
$ip = Net_IPv6::removePrefixLength($ip);
$prefix = '/'.$prefix;
$prefix = '/' . $prefix;
}
$netmask = Net_IPv6::getNetmaskSpec($ip);
@ -482,13 +488,13 @@ class Net_IPv6
if (-1 == $c1 && -1 == $c2) { // ::
$uip = "0:0:0:0:0:0:0:0";
} elseif (-1 == $c1) { // ::xxx
$fill = str_repeat('0:', 7-$c2);
$fill = str_repeat('0:', 7 - $c2);
$uip = str_replace('::', $fill, $uip);
} elseif (-1 == $c2) { // xxx::
$fill = str_repeat(':0', 7-$c1);
$fill = str_repeat(':0', 7 - $c1);
$uip = str_replace('::', $fill, $uip);
} else { // xxx::xxx
$fill = str_repeat(':0:', max(1, 6-$c2-$c1));
$fill = str_repeat(':0:', max(1, 6 - $c2 - $c1));
$uip = str_replace('::', $fill, $uip);
$uip = str_replace('::', ':', $uip);
}
@ -504,10 +510,10 @@ class Net_IPv6
}
if ('' != $netmask) {
$uip = $uip.'/'.$netmask;
$uip = $uip . '/' . $netmask;
}
return $uip.$prefix;
return $uip . $prefix;
}
// }}}
@ -558,7 +564,7 @@ class Net_IPv6
$prefix = '';
} else {
$ip = Net_IPv6::removePrefixLength($ip);
$prefix = '/'.$prefix;
$prefix = '/' . $prefix;
}
$netmask = Net_IPv6::getNetmaskSpec($ip);
@ -588,10 +594,10 @@ class Net_IPv6
$cip = preg_replace('/((^:)|(:$))/', '::', $cip);
if ('' != $netmask) {
$cip = $cip.'/'.$netmask;
$cip = $cip . '/' . $netmask;
}
return $cip.$prefix;
return $cip . $prefix;
}
// }}}
@ -614,8 +620,10 @@ class Net_IPv6
// RFC5952 4.2.2
// The symbol "::" MUST NOT be used to shorten just one
// 16-bit 0 field.
if ((substr_count($compressed, ':') == 7) &&
(strpos($compressed, '::') !== false)) {
if (
(substr_count($compressed, ':') == 7) &&
(strpos($compressed, '::') !== false)
) {
$compressed = str_replace('::', ':0:', $compressed);
}
return $compressed;
@ -721,8 +729,10 @@ class Net_IPv6
$dec = hexdec($ipv6[$i]);
$hex = strtoupper(preg_replace("/^[0]{1,3}(.*[0-9a-fA-F])$/", "\\1", $ipv6[$i]));
if ($ipv6[$i] >= 0 && $dec <= 65535
&& $hex == strtoupper(dechex($dec))) {
if (
$ipv6[$i] >= 0 && $dec <= 65535
&& $hex == strtoupper(dechex($dec))
) {
$count++;
}
}
@ -733,8 +743,10 @@ class Net_IPv6
$ipv4 = explode('.', $ipPart[1]);
$count = 0;
for ($i = 0; $i < count($ipv4); $i++) {
if ($ipv4[$i] >= 0 && (integer)$ipv4[$i] <= 255
&& preg_match("/^\d{1,3}$/", $ipv4[$i])) {
if (
$ipv4[$i] >= 0 && (int)$ipv4[$i] <= 255
&& preg_match("/^\d{1,3}$/", $ipv4[$i])
) {
$count++;
}
}
@ -790,7 +802,7 @@ class Net_IPv6
$bitmask = $bits;
}
$binNetmask = str_repeat('1', $bitmask).
$binNetmask = str_repeat('1', $bitmask) .
str_repeat('0', 128 - $bitmask);
$maxNetmask = str_repeat('1', 128);
@ -856,7 +868,7 @@ class Net_IPv6
foreach ($parts as $v) {
$str = base_convert($v, 2, 16);
$ip .= $str.":";
$ip .= $str . ":";
}
$ip = substr($ip, 0, -1);
return $ip;

60
src/etc/inc/XMLRPC_Client.inc
View File

@ -1,31 +1,29 @@
<?php
/**
* Copyright (C) 2015 Deciso B.V.
/*
* Copyright (C) 2015 Deciso B.V.
* All rights reserved.
*
* All rights reserved.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("IXR/IXR_Library.php");
@ -116,7 +114,7 @@ class SimpleXMLRPC_Client
$request_xml = $request->getXml();
// setup http headers
$headers = 'Host: '. $this->server . "\r\n";
$headers = 'Host: ' . $this->server . "\r\n";
$headers .= "User-Agent: XML_RPC\r\n";
$headers .= "Content-Type: text/xml\r\n";
$headers .= 'Content-Length: ' . $request->getLength() . "\r\n";
@ -124,9 +122,9 @@ class SimpleXMLRPC_Client
$headers .= $this->authHeader;
}
$this->request_send = $headers.$request_xml;
$this->request_send = $headers . $request_xml;
if ($this->debug) {
echo ">>> send : \n".$this->request_send."\n";
echo ">>> send : \n" . $this->request_send . "\n";
}
// setup a stream context
@ -136,9 +134,9 @@ class SimpleXMLRPC_Client
'content' => $request_xml,
'timeout' => $this->timeout
),
"ssl"=>array(
"verify_peer"=>false,
"verify_peer_name"=>false,
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
)
));
@ -149,7 +147,7 @@ class SimpleXMLRPC_Client
}
if ($this->debug) {
echo ">>> received : \n".$this->response_received."\n";
echo ">>> received : \n" . $this->response_received . "\n";
}
$this->message = new IXR_Message($this->response_received);
@ -185,9 +183,9 @@ class SimpleXMLRPC_Client
public function getDetails()
{
$result = "send >>> \n" . $this->request_send;
$result .= "received >>> \n".$this->response_received;
$result .= "received >>> \n" . $this->response_received;
if ($this->error != null) {
$result .= "error >>> \n".$this->error;
$result .= "error >>> \n" . $this->error;
}
return $result;

34
src/etc/inc/auth.inc
View File

@ -57,12 +57,16 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$http_host = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host[0];
}
if (is_ipaddr($http_host) || $_SERVER['SERVER_ADDR'] == "127.0.0.1" ||
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1") {
if (
is_ipaddr($http_host) || $_SERVER['SERVER_ADDR'] == "127.0.0.1" ||
strcasecmp($http_host, "localhost") == 0 or $_SERVER['SERVER_ADDR'] == "::1"
) {
$found_host = true;
}
if (strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($http_host, $config['system']['hostname']) == 0) {
if (
strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($http_host, $config['system']['hostname']) == 0
) {
$found_host = true;
}
@ -119,8 +123,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
$referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
$referrer_host = str_replace(array("[", "]"), "", $referrer_host);
if ($referrer_host) {
if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($referrer_host, $config['system']['hostname']) == 0) {
if (
strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 ||
strcasecmp($referrer_host, $config['system']['hostname']) == 0
) {
$found_host = true;
}
@ -380,8 +386,10 @@ function auth_get_shells($uid = 0)
$etc_shells = explode("\n", $etc_shells);
foreach ($etc_shells as $shell) {
$shell = trim($shell);
if (!empty($shell) && strpos($shell, '#') !== 0 &&
strpos($shell, '/usr/local/sbin/opnsense-') !== 0) {
if (
!empty($shell) && strpos($shell, '#') !== 0 &&
strpos($shell, '/usr/local/sbin/opnsense-') !== 0
) {
$shells[$shell] = $shell;
}
}
@ -521,9 +529,9 @@ function local_user_set(&$user, $force_password = false)
$comment = str_replace(array(':', '!', '@'), ' ', $user['descr']);
/* add or mod pw db */
$cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}".
" -g {$user_group} -s {$user_shell} -d {$user_home}".
" -c ".escapeshellarg($comment)." -H 0 2>&1";
$cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}" .
" -g {$user_group} -s {$user_shell} -d {$user_home}" .
" -c " . escapeshellarg($comment) . " -H 0 2>&1";
$fd = popen($cmd, 'w');
fwrite($fd, $user_pass);
pclose($fd);
@ -773,7 +781,7 @@ function get_authenticator($authcfg = null)
}
}
$authFactory = new OPNsense\Auth\AuthenticationFactory;
$authFactory = new OPNsense\Auth\AuthenticationFactory();
return $authFactory->get($authName);
}
@ -783,7 +791,7 @@ function authenticate_user($username, $password, $authcfg = null)
if ($authenticator != null) {
return $authenticator->authenticate($username, $password);
} else {
log_error('Unable to retrieve authenticator for '. $username);
log_error('Unable to retrieve authenticator for ' . $username);
return false;
}
}

81
src/etc/inc/certs.inc
View File

@ -1,31 +1,31 @@
<?php
/*
Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
* Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
* Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
@ -191,8 +191,7 @@ function ca_create(&$ca, $keylen_curve, $lifetime, $dn, $digest_alg)
return true;
}
function cert_import(& $cert, $crt_str, $key_str)
function cert_import(&$cert, $crt_str, $key_str)
{
$cert['crt'] = base64_encode($crt_str);
$cert['prv'] = base64_encode($key_str);
@ -269,8 +268,10 @@ function cert_create(&$cert, $caref, $keylen_curve, $lifetime, $dn, $digest_alg,
}
// export our certificate data
if (!openssl_pkey_export($res_key, $str_key) ||
!openssl_x509_export($res_crt, $str_crt)) {
if (
!openssl_pkey_export($res_key, $str_key) ||
!openssl_x509_export($res_crt, $str_crt)
) {
return false;
}
@ -465,13 +466,15 @@ function cert_get_purpose($str_crt, $decode = true)
$crt_details = openssl_x509_parse($str_crt);
$purpose = array();
$purpose['ca'] = (stristr($crt_details['extensions']['basicConstraints'], 'CA:TRUE') === false) ? 'No': 'Yes';
if (isset($crt_details['extensions']['extendedKeyUsage']) &&
$purpose['ca'] = (stristr($crt_details['extensions']['basicConstraints'], 'CA:TRUE') === false) ? 'No' : 'Yes';
if (
isset($crt_details['extensions']['extendedKeyUsage']) &&
strstr($crt_details['extensions']['extendedKeyUsage'], 'TLS Web Server Authentication') !== false &&
isset($crt_details['extensions']['keyUsage']) &&
strpos($crt_details['extensions']['keyUsage'], 'Digital Signature') !== false &&
(strpos($crt_details['extensions']['keyUsage'], 'Key Encipherment') !== false ||
strpos($crt_details['extensions']['keyUsage'], 'Key Agreement') !== false)) {
strpos($crt_details['extensions']['keyUsage'], 'Key Agreement') !== false)
) {
$purpose['server'] = 'Yes';
} else {
$purpose['server'] = 'No';
@ -594,7 +597,7 @@ function cert_in_use($certref)
is_ipsec_cert($certref));
}
function crl_update(& $crl)
function crl_update(&$crl)
{
$ca =& lookup_ca($crl['caref']);
if (!$ca) {
@ -618,7 +621,7 @@ function crl_update(& $crl)
return $crl_res;
}
function cert_revoke($cert, & $crl, $reason = OCSP_REVOKED_STATUS_UNSPECIFIED)
function cert_revoke($cert, &$crl, $reason = OCSP_REVOKED_STATUS_UNSPECIFIED)
{
if (is_cert_revoked($cert, $crl['refid'])) {
return true;
@ -644,10 +647,12 @@ function cert_compare($cert1, $cert2)
being identical. */
$c1 = base64_decode($cert1['crt']);
$c2 = base64_decode($cert2['crt']);
if ((cert_get_issuer($c1, false) == cert_get_issuer($c2, false))
&& (cert_get_subject($c1, false) == cert_get_subject($c2, false))
&& (cert_get_serial($c1, false) == cert_get_serial($c2, false))
&& (cert_get_modulus($c1, false) == cert_get_modulus($c2, false))) {
if (
(cert_get_issuer($c1, false) == cert_get_issuer($c2, false))
&& (cert_get_subject($c1, false) == cert_get_subject($c2, false))
&& (cert_get_serial($c1, false) == cert_get_serial($c2, false))
&& (cert_get_modulus($c1, false) == cert_get_modulus($c2, false))
) {
return true;
} else {
return false;

30
src/etc/inc/console.inc
View File

@ -32,9 +32,9 @@ function timeout($timer = 5)
{
while (!isset($key)) {
if ($timer >= 9) {
echo chr(8) . chr(8) . ($timer==9 ? chr(32) : null) . "{$timer}";
echo chr(8) . chr(8) . ($timer == 9 ? chr(32) : null) . "{$timer}";
} else {
echo chr(8). "{$timer}";
echo chr(8) . "{$timer}";
}
shell_exec('/bin/stty -icanon min 0 time 25');
$key = shell_exec('/bin/dd count=1 status=none');
@ -289,8 +289,8 @@ EOD;
$ifarr = array_merge(array($lanif, $wanif), $optif);
$again = false;
for ($k = 0; $k < (count($ifarr)-1); $k++) {
for ($j = ($k+1); $j < count($ifarr); $j++) {
for ($k = 0; $k < (count($ifarr) - 1); $k++) {
for ($j = ($k + 1); $j < count($ifarr); $j++) {
if ($ifarr[$k] == $ifarr[$j]) {
$again = true;
echo <<<EOD
@ -318,7 +318,7 @@ EOD;
echo "LAN -> " . $lanif . "\n";
}
for ($i = 0; $i < count($optif); $i++) {
echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n";
echo "OPT" . ($i + 1) . " -> " . $optif[$i] . "\n";
}
} else {
echo "\nNo interfaces will be assigned!\n";
@ -423,24 +423,24 @@ EOD;
}
for ($i = 0; $i < count($optif); $i++) {
config_read_array('interfaces', 'opt' . ($i+1));
$config['interfaces']['opt' . ($i+1)]['if'] = $optif[$i];
config_read_array('interfaces', 'opt' . ($i + 1));
$config['interfaces']['opt' . ($i + 1)]['if'] = $optif[$i];
if (match_wireless_interface($optif[$i])) {
config_read_array('interfaces', 'opt' . ($i+1), 'wireless');
} elseif (isset($config['interfaces']['opt' . ($i+1)]['wireless'])) {
unset($config['interfaces']['opt' . ($i+1)]['wireless']);
config_read_array('interfaces', 'opt' . ($i + 1), 'wireless');
} elseif (isset($config['interfaces']['opt' . ($i + 1)]['wireless'])) {
unset($config['interfaces']['opt' . ($i + 1)]['wireless']);
}
if (empty($config['interfaces']['opt' . ($i+1)]['descr'])) {
$config['interfaces']['opt' . ($i+1)]['descr'] = "OPT" . ($i+1);
unset($config['interfaces']['opt' . ($i+1)]['enable']);
if (empty($config['interfaces']['opt' . ($i + 1)]['descr'])) {
$config['interfaces']['opt' . ($i + 1)]['descr'] = "OPT" . ($i + 1);
unset($config['interfaces']['opt' . ($i + 1)]['enable']);
}
}
/* remove all other (old) optional interfaces */
for (; isset($config['interfaces']['opt' . ($i+1)]); $i++) {
unset($config['interfaces']['opt' . ($i+1)]);
for (; isset($config['interfaces']['opt' . ($i + 1)]); $i++) {
unset($config['interfaces']['opt' . ($i + 1)]);
}
echo "\nWriting configuration...";

31
src/etc/inc/filter.inc
View File

@ -33,7 +33,6 @@
require_once('filter.lib.inc');
function is_bogonsv6_used()
{
global $config;
@ -202,7 +201,7 @@ function filter_configure_sync($verbose = false, $flush_states = false, $load_al
}
/* disable rule, suffix label to mark end of schedule */
$rule['disabled'] = true;
$rule['descr'] = "[FIN]".$rule['descr'];
$rule['descr'] = "[FIN]" . $rule['descr'];
}
break;
}
@ -213,8 +212,10 @@ function filter_configure_sync($verbose = false, $flush_states = false, $load_al
}
// manual outbound nat rules
if (!empty($config['nat']['outbound']['mode']) &&
in_array($config['nat']['outbound']['mode'], array("advanced", "hybrid"))) {
if (
!empty($config['nat']['outbound']['mode']) &&
in_array($config['nat']['outbound']['mode'], array("advanced", "hybrid"))
) {
if (!empty($config['nat']['outbound']['rule'])) {
foreach ($config['nat']['outbound']['rule'] as $rule) {
$fw->registerSNatRule(100, $rule);
@ -222,8 +223,10 @@ function filter_configure_sync($verbose = false, $flush_states = false, $load_al
}
}
if (empty($config['nat']['outbound']['mode']) ||
in_array($config['nat']['outbound']['mode'], array("automatic", "hybrid"))) {
if (
empty($config['nat']['outbound']['mode']) ||
in_array($config['nat']['outbound']['mode'], array("automatic", "hybrid"))
) {
// generate standard outbound rules when mode is automatic ot hybrid
$intfv4 = array();
foreach ($fw->getInterfaceMapping() as $intf => $intfcf) {
@ -446,7 +449,7 @@ function filter_configure_sync($verbose = false, $flush_states = false, $load_al
$line_number = $line_error[1];
$line_split = file('/tmp/rules.debug');
if (is_array($line_split)) {
$config_line = sprintf(' - ' . gettext('The line in question reads [%s]: %s'), $line_number, $line_split[$line_number-1]);
$config_line = sprintf(' - ' . gettext('The line in question reads [%s]: %s'), $line_number, $line_split[$line_number - 1]);
}
}
@ -537,12 +540,12 @@ function filter_generate_scrubing(&$FilterIflist)
$interfaces[] = $FilterIflist[$interface]['if'];
}
}
$scrub_rule_out .= count($interfaces) > 1 ? "{ ". implode(' ', $interfaces) . " } " : $interfaces[0];
$scrub_rule_out .= count($interfaces) > 1 ? "{ " . implode(' ', $interfaces) . " } " : $interfaces[0];
$scrub_rule_out .= $scrub_rule['proto'] != 'any' ? " proto " . $scrub_rule['proto'] : "";
$scrub_rule_out .= " from ";
if (is_alias($scrub_rule['src'])) {
$scrub_rule_out .= !empty($scrub_rule['srcnot']) ? "!" : "";
$scrub_rule_out .= '$'.$scrub_rule['src'];
$scrub_rule_out .= '$' . $scrub_rule['src'];
} elseif (is_ipaddr($scrub_rule['src'])) {
$scrub_rule_out .= !empty($scrub_rule['srcnot']) ? "!" : "";
$scrub_rule_out .= $scrub_rule['src'] . "/" . $scrub_rule['srcmask'];
@ -553,7 +556,7 @@ function filter_generate_scrubing(&$FilterIflist)
$scrub_rule_out .= " to ";
if (is_alias($scrub_rule['dst'])) {
$scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";
$scrub_rule_out .= '$'.$scrub_rule['dst'];
$scrub_rule_out .= '$' . $scrub_rule['dst'];
} elseif (is_ipaddr($scrub_rule['dst'])) {
$scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";
$scrub_rule_out .= $scrub_rule['dst'] . "/" . $scrub_rule['dstmask'];
@ -584,8 +587,10 @@ function filter_generate_scrubing(&$FilterIflist)
}
$mssclamp = '';
if (!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
!in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))) {
if (
!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
!in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))
) {
$mssclamp = 'max-mss ' . (intval($scrubcfg['mss'] - 40));
}
@ -818,7 +823,7 @@ function default_state_size()
$physmem = $memory[0];
/* Be cautious and only allocate 10% of system memory to the state table */
$max_states = (int) ($physmem/10)*1000;
$max_states = (int) ($physmem / 10) * 1000;
return $max_states;
}

80
src/etc/inc/filter.lib.inc
View File

@ -126,8 +126,10 @@ function filter_core_get_antilockout()
if ($config['system']['webgui']['protocol'] == 'https' && !isset($config['system']['webgui']['disablehttpredirect'])) {
$lockout_ports[] = '80';
}
if (isset($config['system']['ssh']['enabled']) ||
(!isset($config['system']['ssh']['noauto']) && is_install_media() && is_process_running('sshd'))) {
if (
isset($config['system']['ssh']['enabled']) ||
(!isset($config['system']['ssh']['noauto']) && is_install_media() && is_process_running('sshd'))
) {
$lockout_ports[] = empty($config['system']['ssh']['port']) ? '22' : $config['system']['ssh']['port'];
}
@ -208,13 +210,13 @@ function filter_core_rules_system($fw, $defaults)
// block All IPv6 except loopback traffic
$fw->registerFilterRule(
1,
array('interface' => 'loopback', 'ipprotocol'=>'inet6', 'disabled' => isset($config['system']['ipv6allow']),
array('interface' => 'loopback', 'ipprotocol' => 'inet6', 'disabled' => isset($config['system']['ipv6allow']),
'descr' => 'Pass all loopback IPv6', '#ref' => 'system_advanced_firewall.php#ipv6allow'),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet6','descr' => 'Block all IPv6', 'disabled' => isset($config['system']['ipv6allow']),
array('ipprotocol' => 'inet6','descr' => 'Block all IPv6', 'disabled' => isset($config['system']['ipv6allow']),
'#ref' => 'system_advanced_firewall.php#ipv6allow'),
$defaults['block']
);
@ -222,35 +224,35 @@ function filter_core_rules_system($fw, $defaults)
// default Deny rule (when no other rules match)
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet46', 'descr' => 'Default deny rule', 'quick' => false),
array('ipprotocol' => 'inet46', 'descr' => 'Default deny rule', 'quick' => false),
$defaults['block']
);
// IPv6 ICMP requirements
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '1,2,135,136',
array('ipprotocol' => 'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '1,2,135,136',
'statetype' => 'keep', 'descr' => 'IPv6 requirements (ICMP)'),
$defaults['pass']
);
// Allow only bare essential icmpv6 packets
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '129,133,134,135,136',
array('ipprotocol' => 'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '129,133,134,135,136',
'statetype' => 'keep', 'descr' => 'IPv6 requirements (ICMP)', 'from' => '(self)',
'to' => 'fe80::/10,ff02::/16', 'direction' => 'out' ),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '128,133,134,135,136',
array('ipprotocol' => 'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '128,133,134,135,136',
'statetype' => 'keep', 'descr' => 'IPv6 requirements (ICMP)', 'from' => 'fe80::/10',
'to' => 'fe80::/10,ff02::/16', 'direction' => 'in' ),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '128,133,134,135,136',
array('ipprotocol' => 'inet6', 'protocol' => 'ipv6-icmp', 'icmp6-type' => '128,133,134,135,136',
'statetype' => 'keep', 'descr' => 'IPv6 requirements (ICMP)', 'from' => 'ff02::/16',
'to' => 'fe80::/10', 'direction' => 'in' ),
$defaults['pass']
@ -259,7 +261,7 @@ function filter_core_rules_system($fw, $defaults)
foreach (array('from_port', 'to_port') as $target) {
$fw->registerFilterRule(
1,
array('ipprotocol'=>'inet46', 'protocol' => 'tcp/udp', $target => '0',
array('ipprotocol' => 'inet46', 'protocol' => 'tcp/udp', $target => '0',
'descr' => 'block all targetting port 0'),
$defaults['block']
);
@ -306,7 +308,7 @@ function filter_core_rules_system($fw, $defaults)
$fw->registerFilterRule(
5,
array('from' => "<bogons>", 'direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet',
'descr' => "Block bogon IPv4 networks from ".$intfinfo['descr'],
'descr' => "Block bogon IPv4 networks from " . $intfinfo['descr'],
'#ref' => "interfaces.php?if=" . $intf . "#blockbogons",
'disabled' => !isset($intfinfo['blockbogons'])),
$bogontmpl
@ -316,14 +318,14 @@ function filter_core_rules_system($fw, $defaults)
array('from' => "<bogonsv6>", 'direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet6',
'disabled' => !isset($config['system']['ipv6allow']) || !isset($intfinfo['blockbogons']),
'#ref' => "interfaces.php?if=" . $intf . "#blockbogons",
'descr' => "Block bogon IPv6 networks from ".$intfinfo['descr']),
'descr' => "Block bogon IPv6 networks from " . $intfinfo['descr']),
$bogontmpl
);
$fw->registerFilterRule(
5,
array('direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet',
'#ref' => "interfaces.php?if=" . $intf . "#blockpriv",
'descr' => "Block private networks from ".$intfinfo['descr'],
'descr' => "Block private networks from " . $intfinfo['descr'],
'disabled' => !isset($intfinfo['blockpriv'])),
$privtmpl
);
@ -331,7 +333,7 @@ function filter_core_rules_system($fw, $defaults)
5,
array('direction' => 'in', 'interface' => $intf, 'ipprotocol' => 'inet6',
'#ref' => "interfaces.php?if=" . $intf . "#blockpriv",
'descr' => "Block private networks from ".$intfinfo['descr'], 'from' => 'fc00::/7',
'descr' => "Block private networks from " . $intfinfo['descr'], 'from' => 'fc00::/7',
'disabled' => !isset($intfinfo['blockpriv'])),
$privtmpl
);
@ -344,14 +346,14 @@ function filter_core_rules_system($fw, $defaults)
$fw->registerFilterRule(
1,
array('protocol' => 'udp', 'from' => 'fe80::/10', 'from_port' => 546, 'to' => 'fe80::/10',
'interface' => $intf, 'to_port' => 546, 'descr' =>'allow dhcpv6 client in ' . $intfinfo['descr'],
'interface' => $intf, 'to_port' => 546, 'descr' => 'allow dhcpv6 client in ' . $intfinfo['descr'],
'#ref' => 'system_advanced_firewall.php#ipv6allow'),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('protocol' => 'udp', 'from_port' => 547,'to_port' => 546, 'direction' => 'in',
'interface' => $intf, 'descr' =>'allow dhcpv6 client in ' . $intfinfo['descr'],
'interface' => $intf, 'descr' => 'allow dhcpv6 client in ' . $intfinfo['descr'],
'#ref' => 'system_advanced_firewall.php#ipv6allow'),
$defaults['pass']
);
@ -376,14 +378,14 @@ function filter_core_rules_system($fw, $defaults)
5,
array('protocol' => 'tcp','to_port' => 1723, 'direction' => 'in', 'statetype' => 'modulate', 'quick' => false,
'#ref' => "interfaces.php?if=" . $intf . "#type",
'interface' => $intf, 'flags' => 'S/SA', 'descr' =>'allow PPTP client on ' . $intfinfo['descr']),
'interface' => $intf, 'flags' => 'S/SA', 'descr' => 'allow PPTP client on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => 'gre', 'direction' => 'in', 'statetype' => 'keep', 'quick' => false,
'#ref' => "interfaces.php?if=" . $intf . "#type",
'interface' => $intf, 'descr' =>'allow PPTP client on ' . $intfinfo['descr']),
'interface' => $intf, 'descr' => 'allow PPTP client on ' . $intfinfo['descr']),
$defaults['pass']
);
break;
@ -392,14 +394,14 @@ function filter_core_rules_system($fw, $defaults)
5,
array('protocol' => 'udp', 'direction' => 'in', 'quick' => false, 'from_port' => 67, 'to_port' => 68,
'#ref' => "interfaces.php?if=" . $intf . "#type",
'interface' => $intf, 'descr' =>'allow DHCP client on ' . $intfinfo['descr']),
'interface' => $intf, 'descr' => 'allow DHCP client on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => 'udp', 'direction' => 'out', 'quick' => false, 'from_port' => 68, 'to_port' => 67,
'#ref' => "interfaces.php?if=" . $intf . "#type",
'interface' => $intf, 'descr' =>'allow DHCP client on ' . $intfinfo['descr']),
'interface' => $intf, 'descr' => 'allow DHCP client on ' . $intfinfo['descr']),
$defaults['pass']
);
break;
@ -409,21 +411,21 @@ function filter_core_rules_system($fw, $defaults)
5,
array('protocol' => 'udp', 'direction' => 'in', 'from_port' => 68, 'to' => '255.255.255.255',
'#ref' => "services_dhcp.php?if=" . $intf . "#enable",
'to_port' => 67, 'interface' => $intf, 'descr' =>'allow access to DHCP server'),
'to_port' => 67, 'interface' => $intf, 'descr' => 'allow access to DHCP server'),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => 'udp', 'direction' => 'in', 'from_port' => 68, 'to' => '(self)',
'#ref' => "services_dhcp.php?if=" . $intf . "#enable",
'to_port' => 67, 'interface' => $intf, 'descr' =>'allow access to DHCP server'),
'to_port' => 67, 'interface' => $intf, 'descr' => 'allow access to DHCP server'),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => 'udp', 'direction' => 'out', 'from_port' => 67, 'from' => '(self)',
'#ref' => "services_dhcp.php?if=" . $intf . "#enable",
'to_port' => 68, 'interface' => $intf, 'descr' =>'allow access to DHCP server'),
'to_port' => 68, 'interface' => $intf, 'descr' => 'allow access to DHCP server'),
$defaults['pass']
);
if (!empty($config['dhcpd'][$intf]['failover_peerip'])) {
@ -432,7 +434,7 @@ function filter_core_rules_system($fw, $defaults)
array('protocol' => 'tcp/udp', 'direction' => 'in', 'to' => '(self)', 'to_port' => '519,520',
'#ref' => "services_dhcp.php?if=" . $intf . "#failover_peerip",
'from' => $config['dhcpd'][$intf]['failover_peerip'],
'interface' => $intf, 'descr' =>'allow access to DHCP failover'),
'interface' => $intf, 'descr' => 'allow access to DHCP failover'),
$defaults['pass']
);
}
@ -446,14 +448,14 @@ function filter_core_rules_system($fw, $defaults)
5,
array('protocol' => '41', 'direction' => 'in', 'from' => $config['interfaces'][$intf]['gateway-6rd'],
'#ref' => "interfaces.php?if=" . $intf . "#type6",
'quick'=>false, 'interface' => $intf, 'descr' =>'Allow 6in4 traffic in for 6rd on '.$intfinfo['descr']),
'quick' => false, 'interface' => $intf, 'descr' => 'Allow 6in4 traffic in for 6rd on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => '41', 'direction' => 'out', 'to' => $config['interfaces'][$intf]['gateway-6rd'],
'#ref' => "interfaces.php?if=" . $intf . "#type6",
'quick'=>false, 'interface' => $intf, 'descr' =>'Allow 6in4 traffic out for 6rd on '.$intfinfo['descr']),
'quick' => false, 'interface' => $intf, 'descr' => 'Allow 6in4 traffic out for 6rd on ' . $intfinfo['descr']),
$defaults['pass']
);
break;
@ -462,14 +464,14 @@ function filter_core_rules_system($fw, $defaults)
5,
array('protocol' => '41', 'direction' => 'in', 'to' => '(self)','interface' => $intf,
'#ref' => "interfaces.php?if=" . $intf . "#type6",
'quick'=>false, 'descr' =>'Allow 6in4 traffic in for 6to4 on '.$intfinfo['descr']),
'quick' => false, 'descr' => 'Allow 6in4 traffic in for 6to4 on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('protocol' => '41', 'direction' => 'out', 'from' => '(self)','interface' => $intf,
'#ref' => "interfaces.php?if=" . $intf . "#type6",
'quick'=>false, 'descr' =>'Allow 6in4 traffic out for 6to4 on '.$intfinfo['descr']),
'quick' => false, 'descr' => 'Allow 6in4 traffic out for 6to4 on ' . $intfinfo['descr']),
$defaults['pass']
);
break;
@ -485,35 +487,35 @@ function filter_core_rules_system($fw, $defaults)
1,
array('protocol' => 'udp','ipprotocol' => 'inet6', 'from' => 'fe80::/10', 'to' => 'fe80::/10,ff02::/16',
'to_port' => 546, 'interface' => $intf,
'descr' =>'allow access to DHCPv6 server on '.$intfinfo['descr']),
'descr' => 'allow access to DHCPv6 server on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('protocol' => 'udp','ipprotocol' => 'inet6', 'from' => 'fe80::/10', 'to' => 'ff02::/16',
'to_port' => 547, 'interface' => $intf,
'descr' =>'allow access to DHCPv6 server on '.$intfinfo['descr']),
'descr' => 'allow access to DHCPv6 server on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('protocol' => 'udp','ipprotocol' => 'inet6', 'from' => 'ff02::/16', 'to' => 'fe80::/10',
'to_port' => 547, 'interface' => $intf,
'descr' =>'allow access to DHCPv6 server on '.$intfinfo['descr']),
'descr' => 'allow access to DHCPv6 server on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('protocol' => 'udp','ipprotocol' => 'inet6', 'from' => 'fe80::/10', 'to' => '(self)',
'to_port' => 546, 'interface' => $intf, 'direction' => 'in',
'descr' =>'allow access to DHCPv6 server on '.$intfinfo['descr']),
'descr' => 'allow access to DHCPv6 server on ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(
1,
array('protocol' => 'udp','ipprotocol' => 'inet6', 'from' => '(self)', 'to' => 'fe80::/10',
'from_port' => 547, 'interface' => $intf, 'direction' => 'out',
'descr' =>'allow access to DHCPv6 server on '.$intfinfo['descr']),
'descr' => 'allow access to DHCPv6 server on ' . $intfinfo['descr']),
$defaults['pass']
);
}
@ -521,11 +523,11 @@ function filter_core_rules_system($fw, $defaults)
}
}
// loopback
$fw->registerFilterRule(5, array('interface' => 'loopback', 'descr' =>'pass loopback'), $defaults['pass']);
$fw->registerFilterRule(5, array('interface' => 'loopback', 'descr' => 'pass loopback'), $defaults['pass']);
// out from this Firewall
$fw->registerFilterRule(
5,
array('direction' => 'out', 'statetype' =>'keep', 'allowopts' => true,
array('direction' => 'out', 'statetype' => 'keep', 'allowopts' => true,
'quick' => false, "descr" => "let out anything from firewall host itself"),
$defaults['pass']
);
@ -535,7 +537,7 @@ function filter_core_rules_system($fw, $defaults)
5,
array('direction' => 'out', 'statetype' => 'keep', 'quick' => false, 'interface' => 'enc0',
'#ref' => 'vpn_ipsec.php#enable',
'descr' =>'IPsec internal host to host'),
'descr' => 'IPsec internal host to host'),
$defaults['pass']
);
}
@ -563,13 +565,13 @@ function filter_core_rules_system($fw, $defaults)
$fw->registerFilterRule(
5,
array('direction' => 'in', 'interface' => 'wan', 'statetype' => 'modulate','protocol' => 'tcp',
'to' => '(self)', 'to_port' => '1723', 'quick' => false, 'descr' =>'allow pptpd'),
'to' => '(self)', 'to_port' => '1723', 'quick' => false, 'descr' => 'allow pptpd'),
$defaults['pass']
);
$fw->registerFilterRule(
5,
array('direction' => 'in', 'interface' => 'wan', 'statetype' => 'modulate',
'protocol' => 'gre', 'descr' =>'allow pptpd', 'quick' => false),
'protocol' => 'gre', 'descr' => 'allow pptpd', 'quick' => false),
$defaults['pass']
);
}
@ -594,7 +596,7 @@ function filter_core_rules_system($fw, $defaults)
$fw->registerFilterRule(
100000,
array('from' => $ifcfg['if'], 'direction' => 'out', 'gateway' => $gwname,
'destination' => array('network'=> $ifdescr, "not" => true),
'destination' => array('network' => $ifdescr, "not" => true),
'statetype' => 'keep',
'allowopts' => true,
'quick' => false,

10
src/etc/inc/interfaces.lib.inc
View File

@ -157,7 +157,7 @@ function legacy_bridge_member($ifs, $member)
function legacy_vlan_tag($ifs, $member, $tag, $pcp)
{
$cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' vlandev ' . escapeshellarg($member) . ' vlan ' . escapeshellarg($tag) . ' vlanpcp '.escapeshellarg($pcp);
$cmd = '/sbin/ifconfig ' . escapeshellarg($ifs) . ' vlandev ' . escapeshellarg($member) . ' vlan ' . escapeshellarg($tag) . ' vlanpcp ' . escapeshellarg($pcp);
exec($cmd . ' 2>&1', $out, $ret);
if ($ret) {
@ -169,7 +169,7 @@ function legacy_interface_stats($ifs = null)
{
if ($ifs != null) {
// only request data for selected interface
$cmd = '/usr/local/sbin/ifinfo '. escapeshellarg($ifs);
$cmd = '/usr/local/sbin/ifinfo ' . escapeshellarg($ifs);
} else {
// all interfaces
$cmd = '/usr/local/sbin/ifinfo';
@ -263,7 +263,7 @@ function legacy_interfaces_details($intf = null)
if ($line_parts[$i] == 'netmask') {
$mask = substr_count(base_convert(hexdec($line_parts[$i + 1]), 10, 2), '1');
} elseif ($line_parts[$i] == 'vhid') {
$vhid = $line_parts[$i+1];
$vhid = $line_parts[$i + 1];
}
}
if (isset($mask)) {
@ -284,11 +284,11 @@ function legacy_interfaces_details($intf = null)
if ($line_parts[$i] == 'prefixlen') {
$tmp['subnetbits'] = intval($line_parts[$i + 1]);
} elseif ($line_parts[$i] == 'vhid') {
$tmp['vhid'] = $line_parts[$i+1];
$tmp['vhid'] = $line_parts[$i + 1];
}
if ($line_parts[$i] == '-->') {
$tmp['tunnel'] = true;
$tmp['endpoint'] = $line_parts[$i+1];
$tmp['endpoint'] = $line_parts[$i + 1];
}
}
if (isset($tmp['subnetbits'])) {

2
src/etc/inc/legacy_bindings.inc
View File

@ -141,7 +141,7 @@ function legacy_move_config_list_items($source, $id, $items)
}
/* copy all rules > $id and not selected */
for ($i = $id+1; $i < count($source); $i++) {
for ($i = $id + 1; $i < count($source); $i++) {
if (!in_array($i, $items)) {
$new_config[] = $source[$i];
}

9
src/etc/inc/plugins.inc
View File

@ -263,7 +263,9 @@ function plugins_configure($hook, $verbose = false, $args = array())
}
syslog(LOG_NOTICE, sprintf(
'plugins_configure %s (execute task : %s(%s))',
$hook, $argf, implode(',', array_slice($args, 0, $argc))
$hook,
$argf,
implode(',', array_slice($args, 0, $argc))
));
call_user_func_array($argf, array_slice($args, 0, $argc));
}
@ -303,7 +305,10 @@ function plugins_run($hook, $verbose = false, $args = array())
$argc = count($args);
}
syslog(LOG_NOTICE, sprintf(
'plugins_run %s (execute task : %s(%s))', $hook, $argf, implode(',', array_slice($args, 0, $argc))
'plugins_run %s (execute task : %s(%s))',
$hook,
$argf,
implode(',', array_slice($args, 0, $argc))
));
$ret[$name] = call_user_func_array($argf, array_slice($args, 0, $argc));
}

2
src/etc/inc/rrd.inc
View File

@ -90,7 +90,7 @@ function rrd_configure($verbose = false)
$trafficvalid = $rrdtrafficinterval * 2;
$wirelessvalid = $rrdwirelessinterval * 2;
$packetsvalid = $rrdpacketsinterval * 2;
$statesvalid = $rrdstatesinterval*2;
$statesvalid = $rrdstatesinterval * 2;
$procvalid = $rrdlbpoolinterval * 2;
$memvalid = $rrdmeminterval * 2;
$mbufvalid = $rrdmbufinterval * 2;

22
src/etc/inc/system.inc
View File

@ -548,17 +548,17 @@ function system_staticroutes_configure($interface = '')
$inet = (is_subnetv6($ip) ? "-inet6" : "-inet");
$cmd = " {$inet} {$blackhole} " . escapeshellarg($ip) . " ";
if (is_ipaddr($gatewayip)) {
mwexec("/sbin/route delete".$cmd . escapeshellarg($gatewayip), true);
mwexec("/sbin/route delete" . $cmd . escapeshellarg($gatewayip), true);
if ($fargw) {
mwexecf('/sbin/route delete %s %s -interface %s ', array($inet, $gatewayip, $interfacegw), true);
mwexecf('/sbin/route add %s %s -interface %s', array($inet, $gatewayip, $interfacegw), true);
} elseif (is_linklocal($gatewayip) && strpos($gatewayip, '%') === false) {
$gatewayip .= "%{$interfacegw}";
}
mwexec("/sbin/route add".$cmd . escapeshellarg($gatewayip), true);
mwexec("/sbin/route add" . $cmd . escapeshellarg($gatewayip), true);
} elseif (!empty($interfacegw)) {
mwexec("/sbin/route delete".$cmd . "-interface " . escapeshellarg($interfacegw), true);
mwexec("/sbin/route add".$cmd . "-interface " . escapeshellarg($interfacegw), true);
mwexec("/sbin/route delete" . $cmd . "-interface " . escapeshellarg($interfacegw), true);
mwexec("/sbin/route add" . $cmd . "-interface " . escapeshellarg($interfacegw), true);
}
}
}
@ -613,7 +613,7 @@ function system_syslogd_start($verbose = false, $restart = false)
$separatelogfacilities = array();
foreach ($syslogconfs as $logTopic => $logConfig) {
$syslogconf .= "!".implode(',', $logConfig['facility'])."\n";
$syslogconf .= "!" . implode(',', $logConfig['facility']) . "\n";
$separatelogfacilities = array_merge($logConfig['facility'], $separatelogfacilities);
if (!isset($syslogcfg['disablelocallogging'])) {
$syslogconf .= "*.* {$log_directive}/var/log/{$logTopic}.log\n";
@ -652,7 +652,7 @@ EOD;
$syslog_files = array_keys($syslogconfs);
$syslog_files = array_merge($syslog_files, array('system', 'vpn'));
foreach ($syslog_files as $syslog_fn) {
$filename = "/var/log/".basename($syslog_fn).".log";
$filename = "/var/log/" . basename($syslog_fn) . ".log";
if (!file_exists($filename)) {
mwexecf('/usr/local/sbin/clog -i -s %s %s', array($default_logfile_size, $filename));
}
@ -739,7 +739,7 @@ function get_memory()
$physmem = get_single_sysctl("hw.physmem");
$realmem = get_single_sysctl("hw.realmem");
/* convert from bytes to megabytes */
return array(($physmem/1048576),($realmem/1048576));
return array(($physmem / 1048576),($realmem / 1048576));
}
function system_firmware_configure($verbose = false)
@ -820,8 +820,10 @@ function system_timezone_configure($verbose = false)
$timezones = get_zoneinfo();
/* reset to default if empty or nonexistent */
if (empty($timezone) || !in_array($timezone, $timezones) ||
!file_exists(sprintf('/usr/share/zoneinfo/%s', $timezone))) {
if (
empty($timezone) || !in_array($timezone, $timezones) ||
!file_exists(sprintf('/usr/share/zoneinfo/%s', $timezone))
) {
$timezone = 'Etc/UTC';
}
@ -1085,7 +1087,7 @@ function system_login_configure($verbose = false)
if ($serial_enabled) {
@file_put_contents('/boot.config', "-S{$serialspeed} -D\n");
$new_boot_config['comconsole_speed'] = '"'.$serialspeed.'"';
$new_boot_config['comconsole_speed'] = '"' . $serialspeed . '"';
$new_boot_config['boot_serial'] = '"YES"';
} elseif (!$output_enabled) {
@file_put_contents('/boot.config', "-q -m\n");

4
src/etc/inc/xmlrpc.inc
View File

@ -47,10 +47,10 @@ class XMLRPCServer
// load all xmlrpc published functions
foreach (glob(__DIR__ . "/xmlrpc/*.inc") as $filename) {
require_once($filename);
$publ_func = "xmlrpc_publishable_" .str_replace(".inc", "", basename($filename));
$publ_func = "xmlrpc_publishable_" . str_replace(".inc", "", basename($filename));
if (function_exists($publ_func)) {
foreach ($publ_func() as $function) {
$publish_name = $this->prefix.".".str_replace("_xmlrpc", "", $function);
$publish_name = $this->prefix . "." . str_replace("_xmlrpc", "", $function);
$this->xmlrpc_callbacks[$publish_name] = $function;
}
}

5
src/etc/inc/xmlrpc/legacy.inc
View File

@ -83,10 +83,11 @@ function merge_config_attributes(&$cnf_source, &$cnf_dest)
{
foreach ($cnf_source as $cnf_key => &$cnf_value) {
if (is_array($cnf_value)) {
if (!isset($cnf_dest[$cnf_key]) || !is_array($cnf_dest[$cnf_key]) || // new
if (
!isset($cnf_dest[$cnf_key]) || !is_array($cnf_dest[$cnf_key]) || // new
(count($cnf_dest[$cnf_key]) > 0 && isset($cnf_dest[$cnf_key][0])) || // sequenced item
(count($cnf_dest[$cnf_key]) > 0 && isset($cnf_dest[$cnf_key]['@attributes']['uuid'])) // mvc array
) {
) {
// (re)set destination array when new or containing a sequenced list of items
$cnf_dest[$cnf_key] = array();
}

46
src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/InterfaceController.php
View File

@ -1,29 +1,29 @@
<?php
/**
* Copyright (C) 2016 Deciso B.V.
* All rights reserved.
/*
* Copyright (C) 2016 Deciso B.V.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Diagnostics\Api;
@ -161,8 +161,10 @@ class InterfaceController extends ApiControllerBase
*/
public function delRouteAction()
{
if ($this->request->isPost() && $this->request->hasPost("destination")
&& $this->request->hasPost("gateway")) {
if (
$this->request->isPost() && $this->request->hasPost("destination")
&& $this->request->hasPost("gateway")
) {
$backend = new Backend();
$dest = $this->request->getPost("destination", "striptags", null);
$gw = $this->request->getPost("gateway", "striptags", null);

12
src/opnsense/mvc/app/models/OPNsense/IDS/Migrations/M1_0_4.php
View File

@ -69,31 +69,31 @@ class M1_0_4 extends BaseModelMigration
}
}
// map rulesets
if (!empty($csets['emerging-malware.rules']) && $csets['emerging-malware.rules']->enabled == "1"){
if (!empty($csets['emerging-malware.rules']) && $csets['emerging-malware.rules']->enabled == "1") {
$nsets['emerging-adware_pup.rules']->enabled = "1";
$nsets['emerging-adware_pup.rules']->filter = (string)$csets['emerging-malware.rules']->filter;
}
if (!empty($csets['emerging-current_events.rules']) && $csets['emerging-current_events.rules']->enabled == "1"){
if (!empty($csets['emerging-current_events.rules']) && $csets['emerging-current_events.rules']->enabled == "1") {
$nsets['emerging-phishing.rules']->enabled = "1";
$nsets['emerging-phishing.rules']->filter = (string)$csets['emerging-current_events.rules']->filter;
$nsets['emerging-exploit_kit.rules']->enabled = "1";
$nsets['emerging-exploit_kit.rules']->filter = (string)$csets['emerging-current_events.rules']->filter;
}
if (!empty($csets['emerging-trojan.rules']) && $csets['emerging-trojan.rules']->enabled == "1"){
if (!empty($csets['emerging-trojan.rules']) && $csets['emerging-trojan.rules']->enabled == "1") {
$nsets['emerging-coinminer.rules']->enabled = "1";
$nsets['emerging-coinminer.rules']->filter = (string)$csets['emerging-trojan.rules']->filter;
$nsets['emerging-malware.rules']->enabled = "1";
$nsets['emerging-malware.rules']->filter = (string)$csets['emerging-malware.rules']->filter;
}
if (!empty($csets['emerging-info.rules']) && $csets['emerging-info.rules']->enabled == "1"){
if (!empty($csets['emerging-info.rules']) && $csets['emerging-info.rules']->enabled == "1") {
$nsets['emerging-hunting.rules']->enabled = "1";
$nsets['emerging-hunting.rules']->filter = (string)$csets['emerging-info.rules']->filter;
}
if (!empty($csets['emerging-policy.rules']) && $csets['emerging-policy.rules']->enabled == "1"){
if (!empty($csets['emerging-policy.rules']) && $csets['emerging-policy.rules']->enabled == "1") {
$nsets['emerging-hunting.rules']->enabled = "1";
$nsets['emerging-hunting.rules']->filter = (string)$csets['emerging-policy.rules']->filter;
}
if (!empty($csets['emerging-trojan.rules'])){
if (!empty($csets['emerging-trojan.rules'])) {
// deprecated ruleset
$model->files->file->del($csets['emerging-trojan.rules']->getAttribute('uuid'));
}