This is allowed nowadays with the proper escaping in the
template employed. However...
1. The parameter"s" are enforced by doing white-space
separated passing of individiual parts, but that breaks
backend scripts expecting either spaces to be part of
the parmeter or discarding additional parameters.
This matters, because...
2. https://docs.opnsense.org/manual/settingsmenu.html#cron
does not state any two parameter value of interest to
users apart from custom Cron glue.
I'd rather have "parameters" treated as a single first
parameter which can be passed with a %s to the shell, but
I'm unsure if configd will treat it that way? At least
the crontab part would not be the issue.
Let's test this theory:
# cat src/opnsense/service/conf/actions.d/actions_test.conf
[shell]
command:/bin/csh -c
parameters:%s
message:Running %s
type:script_output
description:Shell execution (use with care)
# configctl test shell "echo foo"
Parameter mismatch
# configctl test shell "echo\ foo"
foo
# configctl test shell "echo\ foo;echo\ bar"
foo
bar
So there seems to be a mishandling of spaces in general
which is probably why the parameters are treated as such
in the crontab file. Perhaps we need to discuss this.
Now an empty node name '' will stay on the same node allowing to
dump the full config.xml for whatever reason. Also change the
empty print behaviour to omit the spurious newline as that looks
better. Last but not least pretty-print JSON for better UX.
The terminology is confusing -- it's just a poll interval in
dpinger's alert thread like we have in gateway watcher (also
defaulting to 1 second). Since we do not want to expose
such values to the GUI without a pressing reason we better
do it this way than add more knobs that make support harder
and expectations less clear (reaction time suffers quickly when
increasing this value).
While here disable the alert thread completely in dpinger which
seems to be steered by passing the loss and delay. Also adjust
the default for the loss interval which is calculated by dpinger
as 4 times the probe interval, so the default was wrong also.
Under ideal circumstances (non-SIGKILL) the PID file and socket
are removed cleanly so they don't show up as readabe sockets in
dpinger_status(). When we kill the process the socket is there
but the open fails immediately. That only leaves a stuck process
not reacting to open, but we can deal with that by decreating the
timeout a bit more (from 3 to 1 seconds per socket). We still
want a sort of sensible timeout here that isn't too short and
assume that a system not being able to respond in time is having
other (and more criticial) issues to cope with.
Stop using the opportunistic "wan" gateway and emit a
log entry on failing to derive a viable interface name.
It's already somewhat questionable if we should use a
default gateway, but the code is what it is.
gatewaysIndexedByName() -> do not omit when defunct
getDefaultGW() -> omit when defunct
getInterfaceGateway() -> omit when defunct (debatable)
Otherwise strip gatewaysIndexedByName(true) where the behaviour
was likely to try and get defunct gateways as well and fix the
dpinger code accordingly to get rid of raw config access.
Since Xen terminal is now part of the file rewrite the integration
slightly to enable/disable unconditionally and use the "onifconsole"
idiosyncrasy employed by FreeBSD.
When a different CA is specified for client certificate validation than
the server certificate's CA, a wrong list of certificates was shown in
the Client Export dialog.
Key generation for the "256" EC does not work as secp256r1 does not
exist in OpenSSL, it's called secp256k1.
Also the names shown in the UI are ambiguous as there are several curves
with 256, 384 or 521 bits.
