system: merge webgui pluginification from master

Includes a fix by Alexander Graf for IPv6 SSL cipher configuration.

system: merge webgui pluginification from master
Includes a fix by Alexander Graf for IPv6 SSL cipher configuration.
30930e15 · Franco Fichtner · c216d613 · 30930e15 · 30930e15 · 30930e15
Commit 30930e15 authored May 18, 2017 by Franco Fichtner
14 changed files
--- a/+POST_INSTALL
+++ b/+POST_INSTALL
@@ -44,13 +44,4 @@ if /usr/local/etc/rc.d/configd status > /dev/null; then
 	/usr/local/etc/rc.d/configd restart
 fi

-echo "Flush Phalcon volt templates"
-rm -f /usr/local/opnsense/mvc/app/cache/*.php
-
-echo "Reloading GUI configuration"
-/usr/local/etc/rc.php_ini_setup
-if pgrep -q php-cgi; then
-	pkill -HUP php-cgi
-fi
-
 /usr/local/etc/rc.configure_firmware
--- a/plist
+++ b/plist
@@ -53,6 +53,7 @@
 /usr/local/etc/inc/plugins.inc.d/squid/auth-user.php
 /usr/local/etc/inc/plugins.inc.d/suricata.inc
 /usr/local/etc/inc/plugins.inc.d/unbound.inc
+/usr/local/etc/inc/plugins.inc.d/webgui.inc
 /usr/local/etc/inc/rrd.inc
 /usr/local/etc/inc/services.inc
 /usr/local/etc/inc/system.inc
@@ -121,7 +122,6 @@
 /usr/local/etc/rc.newwanip
 /usr/local/etc/rc.newwanipv6
 /usr/local/etc/rc.openvpn
-/usr/local/etc/rc.php_ini_setup
 /usr/local/etc/rc.reboot
 /usr/local/etc/rc.recover
 /usr/local/etc/rc.reload_all
@@ -724,6 +724,10 @@
 /usr/local/opnsense/service/templates/OPNsense/Sample/sub2/example_sub2.txt
 /usr/local/opnsense/service/templates/OPNsense/Syslog/+TARGETS
 /usr/local/opnsense/service/templates/OPNsense/Syslog/newsyslog.conf
+/usr/local/opnsense/service/templates/OPNsense/WebGui/+TARGETS
+/usr/local/opnsense/service/templates/OPNsense/WebGui/php.etc.ini
+/usr/local/opnsense/service/templates/OPNsense/WebGui/php.ini
+/usr/local/opnsense/service/templates/OPNsense/WebGui/php.lib.ini
 /usr/local/opnsense/service/tests/__init__.py
 /usr/local/opnsense/service/tests/config/config.xml
 /usr/local/opnsense/service/tests/core.py

--- a/src/etc/inc/plugins.inc.d/webgui.inc
+++ b/src/etc/inc/plugins.inc.d/webgui.inc
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -231,9 +231,6 @@ echo "done."
 # Recreate capabilities DB
 /usr/bin/cap_mkdb /etc/login.conf

-# Set up the correct php.ini content
-/usr/local/etc/rc.php_ini_setup
-
 # Execute the early syshook / plugin commands
 /usr/local/etc/rc.syshook early


--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -103,7 +103,6 @@ system_resolvconf_generate(true);
 filter_configure_sync(true);
 filter_pflog_start(true);
 setup_gateways_monitor(true);
-system_webgui_configure(true);
 plugins_configure('earlybootup', true);
 system_cron_configure(true, true);
 system_routing_configure('', true);

--- a/src/etc/rc.php_ini_setup
+++ b/src/etc/rc.php_ini_setup
-#!/bin/sh
-
-# Copyright (C) 2014-2017 Franco Fichtner <franco@opnsense.org>
-# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice,
-#    this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-PHP_INI=$(mktemp -q /tmp/php_ini.XXXXXX)
-chmod 644 ${PHP_INI}
-
-# Fetch the timezone from the XML and set it here
-TIMEZONE=Etc/UTC
-if [ -f /conf/config.xml ]; then
-	TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`
-fi
-
-# Get a loaded module list in the stock php
-# Populate a dummy php.ini to avoid
-# the file being clobbered and the firewall
-# not being able to boot back up.
-cat >> ${PHP_INI} << EOF
-; File generated via rc.php_ini_setup
-output_buffering = "0"
-expose_php = Off
-implicit_flush = true
-magic_quotes_gpc = Off
-max_execution_time = 900
-max_input_time = 1800
-max_input_vars = 5000
-memory_limit = 384M
-register_argc_argv = On
-register_long_arrays = Off
-variables_order = "GPCS"
-file_uploads = On
-upload_tmp_dir = /tmp
-upload_max_filesize = 200M
-post_max_size = 200M
-html_errors = Off
-zlib.output_compression = Off
-zlib.output_compression_level = 1
-include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
-ignore_repeated_errors = on
-error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
-display_errors=on
-log_errors=on
-error_log=/tmp/PHP_errors.log
-date.timezone="${TIMEZONE}"
-
-[xdebug]
-xdebug.profiler_enable_trigger = 1
-xdebug.profiler_output_name = cachegrind.out.%t.%p
-EOF
-
-cp ${PHP_INI} /usr/local/etc/php.ini
-cp ${PHP_INI} /usr/local/lib/php.ini
-rm ${PHP_INI}
--- a/src/etc/rc.reload_all
+++ b/src/etc/rc.reload_all
@@ -42,10 +42,6 @@ if (count($argv) > 1 && is_numeric($argv[1])) {
    sleep($argv[1]);
 }

-log_error("rc.reload_all: Reloading web GUI.");
-
-system_webgui_configure(true);
-
 log_error("rc.reload_all: Reloading all configuration settings.");

 system_firmware_configure(true);

--- a/src/etc/rc.restart_webgui
+++ b/src/etc/rc.restart_webgui
@@ -6,11 +6,12 @@ require_once('interfaces.inc');
 require_once('rrd.inc');
 require_once('util.inc');
 require_once('system.inc');
+require_once('plugins.inc.d/webgui.inc');

 if (count($argv) > 1 && is_numeric($argv[1])) {
    // starting delayed.
    sleep($argv[1]);
 }

-system_webgui_configure(true);
+webgui_configure_do(true);
 rrd_configure(true);
--- a/src/opnsense/service/templates/OPNsense/WebGui/+TARGETS
+++ b/src/opnsense/service/templates/OPNsense/WebGui/+TARGETS
+php.etc.ini:/usr/local/etc/php.ini
+php.lib.ini:/usr/local/lib/php.ini
--- a/src/opnsense/service/templates/OPNsense/WebGui/php.etc.ini
+++ b/src/opnsense/service/templates/OPNsense/WebGui/php.etc.ini
+php.ini
\ No newline at end of file
--- a/src/opnsense/service/templates/OPNsense/WebGui/php.ini
+++ b/src/opnsense/service/templates/OPNsense/WebGui/php.ini
+; File generated via configd
+output_buffering = "0"
+expose_php = Off
+implicit_flush = true
+magic_quotes_gpc = Off
+max_execution_time = 900
+max_input_time = 1800
+max_input_vars = 5000
+memory_limit = 384M
+register_argc_argv = On
+register_long_arrays = Off
+variables_order = "GPCS"
+file_uploads = On
+upload_tmp_dir = /tmp
+upload_max_filesize = 200M
+post_max_size = 200M
+html_errors = Off
+zlib.output_compression = {% if system.webgui.compression|default('') != "" %}On{%else%}Off{%endif%}
+
+zlib.output_compression_level = {{system.webgui.compression|default('1')}}
+include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
+ignore_repeated_errors = on
+error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
+display_errors=on
+log_errors=on
+error_log=/tmp/PHP_errors.log
+date.timezone="{{system.timezone|default('Etc/UTC')}}"
+
+[xdebug]
+xdebug.profiler_enable_trigger = 1
+xdebug.profiler_output_name = cachegrind.out.%t.%p
--- a/src/opnsense/service/templates/OPNsense/WebGui/php.lib.ini
+++ b/src/opnsense/service/templates/OPNsense/WebGui/php.lib.ini
+php.ini
\ No newline at end of file
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -39,6 +39,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
    $pconfig['webguiport'] = $config['system']['webgui']['port'];
    $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
+    $pconfig['compression'] = isset($config['system']['webgui']['compression']) ? $config['system']['webgui']['compression'] : null;
    if (!empty($config['system']['webgui']['ssl-ciphers'])) {
        $pconfig['ssl-ciphers'] = explode(':', $config['system']['webgui']['ssl-ciphers']);
    } else {
@@ -98,6 +99,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        if ($config['system']['webgui']['protocol'] != $pconfig['webguiproto'] ||
            $config['system']['webgui']['port'] != $pconfig['webguiport'] ||
            $config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] ||
+            $config['system']['webgui']['compression'] != $pconfig['compression'] ||
            $config['system']['webgui']['ssl-ciphers'] != $newciphers ||
            ($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect'])
            ) {
@@ -110,6 +112,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $config['system']['webgui']['port'] = $pconfig['webguiport'];
        $config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref'];
        $config['system']['webgui']['ssl-ciphers'] = $newciphers;
+        $config['system']['webgui']['compression'] = $pconfig['compression'];

        if ($pconfig['disablehttpredirect'] == "yes") {
            $config['system']['webgui']['disablehttpredirect'] = true;
@@ -485,6 +488,29 @@ include("head.inc");
                    </div>
                  </td>
                </tr>
+                <tr>
+                  <td><a id="help_for_compression" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WebGui Compression")?></td>
+                  <td width="78%">
+                    <select name="compression" class="formselect selectpicker">
+                        <option value="" <?=empty($pconfig['compression'])? 'selected="selected"' : '';?>>
+                          <?=gettext("Off");?>
+                        </option>
+                        <option value="1" <?=$pconfig['compression'] == "1" ? 'selected="selected"' : '';?>>
+                          <?=gettext("Low");?>
+                        </option>
+                        <option value="5" <?=$pconfig['compression'] == "5" ? 'selected="selected"' : '';?>>
+                          <?=gettext("Medium");?>
+                        </option>
+                        <option value="9" <?=$pconfig['compression'] == "9" ? 'selected="selected"' : '';?>>
+                          <?=gettext("High");?>
+                        </option>
+                    </select>
+                    <div class="hidden" for="help_for_compression">
+                      <?=gettext("Enable compression of webgui pages and dynamic content.");?><br/>
+                      <?=gettext("Transfer less data to the client for an additional cost in processing power.");?>
+                    </div>
+                  </td>
+                </tr>
                <tr>
                  <td><a id="help_for_nohttpreferercheck" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP_REFERER enforcement"); ?></td>
                  <td>