diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/AccountsController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/AccountsController.php index 2000717b7..314358a89 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/AccountsController.php +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/AccountsController.php @@ -1,4 +1,5 @@ callBackend( - ["test-sftp-connection"], - ["sftp_host", "sftp_host_key", "sftp_port", "sftp_user", "sftp_identity_type", "sftp_remote_path", "sftp_chmod", "sftp_chgrp"])) { - + if ( + $response = $this->callBackend( + ["test-sftp-connection"], + ["sftp_host", "sftp_host_key", "sftp_port", "sftp_user", "sftp_identity_type", "sftp_remote_path", "sftp_chmod", "sftp_chgrp"] + ) + ) { return $response; } @@ -116,7 +119,9 @@ class ActionsController extends ApiMutableModelControllerBase if (preg_match('/^\[.+\]$/ms', $result) || preg_match('/^\{.+\}$/ms', $result)) { try { $result = json_decode($result, true, 64, JSON_THROW_ON_ERROR); - } catch (\Exception $ignored) {/*pass as is when json parsing fails*/} + } catch (\Exception $ignored) { +/*pass as is when json parsing fails*/ + } } return $result; } diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php index 99cad52cb..ba222e885 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php @@ -1,4 +1,5 @@ "failed"); + $result = array("result" => "failed"); if ($this->request->isPost()) { $mdlAcme = new AcmeClient(); @@ -116,7 +117,7 @@ class CertificatesController extends ApiMutableModelControllerBase */ public function removekeyAction($uuid) { - $result = array("result"=>"failed"); + $result = array("result" => "failed"); $mdlAcme = new AcmeClient(); if ($uuid != null) { $node = $mdlAcme->getNodeByReference('certificates.certificate.' . $uuid); @@ -136,7 +137,7 @@ class CertificatesController extends ApiMutableModelControllerBase */ public function revokeAction($uuid) { - $result = array("result"=>"failed"); + $result = array("result" => "failed"); if ($this->request->isPost()) { $mdlAcme = new AcmeClient(); diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ServiceController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ServiceController.php index 185c492ae..2577251ff 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ServiceController.php +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ServiceController.php @@ -1,4 +1,5 @@ statusAction(); // stop acmeclient when disabled - if ($runStatus['status'] == "running" && - ($mdlAcme->settings->enabled->__toString() == 0 || $force_restart)) { + if ( + $runStatus['status'] == "running" && + ($mdlAcme->settings->enabled->__toString() == 0 || + $force_restart) + ) { $this->stopAction(); } diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php index 307c98229..9dd98cef0 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php @@ -1,4 +1,5 @@ settings->UpdateCron == "" and + if ( + (string)$mdlAcme->settings->UpdateCron == "" and (string)$mdlAcme->settings->autoRenewal == "1" and - (string)$mdlAcme->settings->enabled == "1") { + (string)$mdlAcme->settings->enabled == "1" + ) { $mdlCron = new Cron(); // NOTE: Only configd actions are valid commands for cronjobs // and they *must* provide a description that is not empty. @@ -88,9 +91,11 @@ class SettingsController extends ApiMutableModelControllerBase $result['result'] = "unable to add cron"; } // Delete cronjob if AcmeClient or AutoRenewal is disabled. - } elseif ((string)$mdlAcme->settings->UpdateCron != "" and + } elseif ( + (string)$mdlAcme->settings->UpdateCron != "" and ((string)$mdlAcme->settings->autoRenewal == "0" or - (string)$mdlAcme->settings->enabled == "0")) { + (string)$mdlAcme->settings->enabled == "0") + ) { // Get UUID, clean existin entry $cron_uuid = (string)$mdlAcme->settings->UpdateCron; $mdlAcme->settings->UpdateCron = null; @@ -133,8 +138,10 @@ class SettingsController extends ApiMutableModelControllerBase // Setup only if AcmeClient and HAProxy integration is enabled. // NOTE: We provide HAProxy integration no matter if the HAProxy plugin // is actually enabled or not. This should avoid confusion. - if ((string)$mdlAcme->settings->haproxyIntegration == "1" and - (string)$mdlAcme->settings->enabled == "1") { + if ( + (string)$mdlAcme->settings->haproxyIntegration == "1" and + (string)$mdlAcme->settings->enabled == "1" + ) { $mdlHAProxy = new \OPNsense\HAProxy\HAProxy(); $backend = new Backend(); @@ -311,9 +318,11 @@ class SettingsController extends ApiMutableModelControllerBase // Ensure HAProxy frontend additions have been applied. foreach ($mdlAcme->getNodeByReference('validations.validation')->iterateItems() as $validation) { // Find all (enabled) validation methods with HAProxy integration. - if ((string)$validation->enabled == "1" and + if ( + (string)$validation->enabled == "1" and (string)$validation->method == "http01" and - (string)$validation->http_service == "haproxy") { + (string)$validation->http_service == "haproxy" + ) { // Check if HAProxy frontends were specified. if (empty((string)$validation->http_haproxyFrontends)) { // Skip item, no HAProxy frontends were specified. diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ValidationsController.php b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ValidationsController.php index ce052d789..f786f257e 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ValidationsController.php +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/ValidationsController.php @@ -1,4 +1,5 @@ outputs = $pipes; $this->inputs = [array_shift($this->outputs)]; - foreach ($this->outputs as $stream) + foreach ($this->outputs as $stream) { stream_set_blocking($stream, false); + } self::manageOpenedProcess($this->handle); } else { @@ -108,8 +110,9 @@ class Process { $this->close(); - if ($this->isRunning()) + if ($this->isRunning()) { $this->close(true); + } } public function get($timeout = 5, $max_length = 8192, $ending = PHP_EOL) @@ -133,14 +136,17 @@ class Process { if ($this->isRunning() && is_resource($stdin = $this->inputs[0]) && !feof($stdin)) { fwrite($stdin, $data); - if ($append) + if ($append) { fwrite($stdin, $append); + } } } public function closeInput() { - if (!feof($stdin = $this->inputs[0])) fclose($stdin); + if (!feof($stdin = $this->inputs[0])) { + fclose($stdin); + } } public function close($force = false) @@ -170,8 +176,9 @@ class Process : false; if (is_array($status)) { - if (!$this->exitCode && $this->exitCode !== 0 && !$status["running"]) + if (!$this->exitCode && $this->exitCode !== 0 && !$status["running"]) { $this->exitCode = $status["exitcode"]; + } return $status["running"]; } diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php index aaefc5e2d..39c905bdd 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php @@ -1,4 +1,5 @@ config_path = realpath($config_path); @@ -85,8 +88,10 @@ class SSHKeys touch($this->known_hosts_file) && chmod($this->known_hosts_file, self::KNOWN_HOSTS_FILE_CREATE_MODE); - Utils::requireThat($file_created, - "Failed creating file '{$this->known_hosts_file}' with permission " . self::KNOWN_HOSTS_FILE_CREATE_MODE); + Utils::requireThat( + $file_created, + "Failed creating file '{$this->known_hosts_file}' with permission " . self::KNOWN_HOSTS_FILE_CREATE_MODE + ); } return $this->known_hosts_file; @@ -110,8 +115,9 @@ class SSHKeys $host_key = false; } else { $host_key = self::getHostKeyInfo($host_key); - if ($host_key === false) + if ($host_key === false) { return ["ok" => false, "error" => "Invalid host_key specified."]; + } } @@ -157,8 +163,7 @@ class SSHKeys $is_key_known = false; if ($known_by_host && $host_key && $host_key === $known_by_host["key_info"]) { $is_key_known = true; - - } else if ($known_by_key) { + } elseif ($known_by_key) { if (strcasecmp(trim($host), trim($known_by_key["host"])) != 0) { Utils::log()->info("Host key is in known_hosts but hostname differs. Changing '$host' to '{$known_by_key["host"]}'."); $host = $known_by_key["host"]; @@ -169,18 +174,18 @@ class SSHKeys // Check if we don't have a matching known_hosts entry and add or update it as required. if (!$is_key_known && !$no_modification_allowed) { - // Query the key. $key_type = $host_key ? $host_key["key_type"] : self::DEFAULT_KEY_TYPE; $remote_host_keys = $addKeyInfo($this->queryHostKey($host, $key_type, $port, $query_error)); // Retry with ALTERNATE_DEFAULT_KEY_TYPE when DEFAULT_KEY_TYPE was applied in the first place. - if (empty($remote_host_keys) + if ( + empty($remote_host_keys) && $query_error && $query_error["connection_refused"] && !$host_key - && self::ALTERNATE_DEFAULT_KEY_TYPE != self::DEFAULT_KEY_TYPE) { - + && self::ALTERNATE_DEFAULT_KEY_TYPE != self::DEFAULT_KEY_TYPE + ) { $key_type = self::ALTERNATE_DEFAULT_KEY_TYPE; $remote_host_keys = $addKeyInfo($this->queryHostKey($host, $key_type, $port, $query_error)); } @@ -198,18 +203,20 @@ class SSHKeys foreach ($matching_remote_host_keys as $key) { Utils::log()->info("Adding known_hosts entry: " . json_encode($key["key_info"], JSON_UNESCAPED_SLASHES)); $ok = file_put_contents($this->knownHostsFile(), $key["host_key"] . PHP_EOL, FILE_APPEND); - if (!$ok) + if (!$ok) { Utils::log()->error("Failed adding known_hosts entry {$key["host_key"]}"); + } } // Verify that known_hosts contains the correct keys after adding them (using recursion). return $this->trustHost($host, $matching_remote_host_keys[0]["host_key"], $port, true); - } else { if (empty($remote_host_keys)) { $msg = "No connection to '$host'; Failed querying host key from server."; } else { - $remote_infos = array_map(function ($key) { return $key["key_info"]; }, $remote_host_keys); + $remote_infos = array_map(function ($key) { + return $key["key_info"]; + }, $remote_host_keys); $msg = "Key mismatch for '$host'; " . "The expected key (" . json_encode($host_key) . ") was not found in (" . json_encode($remote_infos) . ")"; } @@ -241,8 +248,9 @@ class SSHKeys $has_ip = ($ip = gethostbyname($host)) && ($ip !== $host || preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $ip)); - if ($has_ip) + if ($has_ip) { $search_list[] = strtolower($ip); + } // Add FQDN to search list if reverse lookup provides a valid one. $has_fqdn = $has_ip @@ -250,8 +258,9 @@ class SSHKeys && $reverse_fqdn !== $ip && gethostbyname($reverse_fqdn) === $ip; - if ($has_fqdn && isset($reverse_fqdn)) + if ($has_fqdn && isset($reverse_fqdn)) { $search_list[] = strtolower($reverse_fqdn); + } // Build unique search list (dedup list) $search_list = array_filter($search_list, function ($value, $index) use (&$search_list) { @@ -295,16 +304,18 @@ class SSHKeys $lines = []; while (($line = $p->get(60)) !== false) { $line = trim($line); - if (empty($line) || $line[0] == "#") + if (empty($line) || $line[0] == "#") { continue; + } if (!$failed) { - foreach ($expected_errors as $err) + foreach ($expected_errors as $err) { if (preg_match($err[1], $line)) { $error = [$err[0] => true]; $failed = true; break; } + } } $lines[] = $line; @@ -327,8 +338,9 @@ class SSHKeys if (empty($keys)) { Utils::log()->info("Couldn't fetch public host key ($key_type) from {$host}:{$port}"); - if (!is_array($error) || empty($error)) + if (!is_array($error) || empty($error)) { $error = ["connection_refused" => true]; + } } return $keys; @@ -349,8 +361,9 @@ class SSHKeys $lines = []; while (($line = $p->get()) !== false) { $line = trim($line); - if (empty($line) || $line[0] == "#") + if (empty($line) || $line[0] == "#") { continue; + } $lines[] = $line; } @@ -366,8 +379,7 @@ class SSHKeys "host_key" => $lines[0], "host_query" => $name_or_ip, ]; - - } else if ($p->exitCode != 1 /* 1 == NOT_FOUND */) { + } elseif ($p->exitCode != 1 /* 1 == NOT_FOUND */) { $output = empty($lines) ? "" : PHP_EOL . join(PHP_EOL, $lines); @@ -377,8 +389,9 @@ class SSHKeys } } - if (empty($keys)) + if (empty($keys)) { Utils::log()->info("Didn't find $host in known_hosts"); + } return $keys; } @@ -394,8 +407,9 @@ class SSHKeys if ($p = Process::open(["ssh-keygen", "-R", $host, "-f", $this->knownHostsFile()])) { $ok = $p->close() === 0; - if (!$ok) + if (!$ok) { Utils::log()->error("Failed removing known hosts for $host. Return code was: {$p->exitCode}"); + } } return $ok; @@ -438,8 +452,9 @@ class SSHKeys Utils::requireThat(in_array($identity_type, self::IDENTITY_TYPES), "Identity type '$identity_type' unknown."); list($key_type, $key_size) = explode('_', $identity_type, 2); - if (!$key_size && self::DEFAULT_IDENTITY_KEY_BITS[$key_type] > 0) + if (!$key_size && self::DEFAULT_IDENTITY_KEY_BITS[$key_type] > 0) { $key_size = self::DEFAULT_IDENTITY_KEY_BITS[$key_type]; + } $identity_path = "{$this->config_path}/id.{$identity_type}"; @@ -451,17 +466,20 @@ class SSHKeys "-N", "", ]; - if (intval($key_size) > 0) + if (intval($key_size) > 0) { array_push($generate_key, "-b", $key_size); + } if ($p = Process::open($generate_key)) { while (($line = $p->get(10)) !== false) { Utils::log()->info("SSH keygen: $line"); } - Utils::requireThat($p->close() == 0, + Utils::requireThat( + $p->close() == 0, "Failed generating identity $identity_path: Error code: {$p->exitCode}" . PHP_EOL - . "Command: " . join(" ", $generate_key)); + . "Command: " . join(" ", $generate_key) + ); } } @@ -479,15 +497,17 @@ class SSHKeys { $restrictions = ['restrict']; - if ($command) + if ($command) { $restrictions[] = 'command="' . $command . '"'; + } $restrict_ip = empty(trim($outgoing_ip)) ? (empty(trim($host)) ? false : self::getOutgoingIpFor($host)) : $outgoing_ip; - if ($restrict_ip) + if ($restrict_ip) { $restrictions[] = 'from="' . $restrict_ip . '"'; + } return count($restrictions) > 1 @@ -506,17 +526,19 @@ class SSHKeys $interface = null; if ($p = Process::open(["route", "-n", "get", $ip])) { - while (($line = $p->get(10)) !== false) + while (($line = $p->get(10)) !== false) { if (preg_match('/\s*interface:\s*([^\s]+).*$/', $line, $matches)) { $interface = $matches[1]; } + } } if ($interface && $p = Process::open(["ifconfig", $interface, "inet"])) { - while (($line = $p->get(10)) !== false) + while (($line = $p->get(10)) !== false) { if (preg_match('/\s*inet\s+([^\s]+)\s+netmask.*/', $line, $matches)) { return $matches[1]; } + } } return false; diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpClient.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpClient.php index 0292fa166..f9d2a0002 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpClient.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpClient.php @@ -1,4 +1,5 @@ ssh_keys->getIdentity($this->identity_type, true); if (is_file($identity) && is_readable($identity)) { - array_push($cmd, - "-i", $identity, - "-oPreferredAuthentications=publickey"); + array_push( + $cmd, + "-i", + $identity, + "-oPreferredAuthentications=publickey" + ); } else { Utils::log()->error("Failed adding client identity ($identity). Connect will likely fail."); } @@ -119,7 +122,7 @@ class SftpClient return false; } - private function processAvailableInput(float $timeout = 0, $expected_lines = 0, Callable $lines_consumer = null, $remaining_timeout = 0) + private function processAvailableInput(float $timeout = 0, $expected_lines = 0, callable $lines_consumer = null, $remaining_timeout = 0) { Utils::requireThat($this->process !== null, "SFTP: process not connected"); @@ -139,18 +142,22 @@ class SftpClient while (($line = $this->process->get($timeout)) !== false) { foreach ($expected_errors as $ee) { if (preg_match($ee[1], $line)) { - if (!$this->failed_status || $ee[0] !== "connection_closed") + if (!$this->failed_status || $ee[0] !== "connection_closed") { $this->failed_status = [$ee[0] => true, "error" => trim($line)]; + } break; } } $consumed = ($lines_consumer && $lines_consumer($line) === true); - if (!$consumed) + if (!$consumed) { Utils::log()->info("SFTP: " . rtrim($line)); + } if (!$lines_consumer || $consumed) { - if (--$expected_lines <= 0) $timeout = $remaining_timeout; + if (--$expected_lines <= 0) { + $timeout = $remaining_timeout; + } } } } @@ -166,15 +173,17 @@ class SftpClient $this->process = null; - if ($this->failed_status && $this->failed_status["connection_closed"]) + if ($this->failed_status && $this->failed_status["connection_closed"]) { $this->clearError(); + } } } public function lastError($timeout = 0.5) { - if ($this->failed_status === false) + if ($this->failed_status === false) { $this->processAvailableInput($timeout); + } return $this->failed_status; } diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php index b56bc2411..6742cd50c 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpUploader.php @@ -1,4 +1,5 @@ 0, "Failed writing content of '$remote_file' to '$local_file', disk full?"); - if (($time = intval($content_last_modified)) && $time > 0) + if (($time = intval($content_last_modified)) && $time > 0) { touch($local_file, $time); + } $remote_file = trim($remote_file); - if (empty($remote_file)) + if (empty($remote_file)) { $remote_file = basename($local_file); + } $local_file = $this->addFile($local_file, $remote_file, $chmod, $chgrp); $this->pending_files[$local_file]["delete_source"] = true; @@ -171,7 +173,6 @@ class SftpUploader // Uploading the files foreach ($files_to_upload as $file) { - // Managing pending files. $local_file = $this->current_file = $file["source"]; @@ -187,11 +188,11 @@ class SftpUploader // Changing remote directory if required. if (($target_dir = dirname($file["target"])) !== $remote_path) { - $absolute_target_dir = $this->sftp->resolve($target_dir, $remote_base_path); Utils::requireThat( $absolute_target_dir && strpos($absolute_target_dir, $remote_base_path) === 0, - "Illegal target directory '$absolute_target_dir' is not below '$remote_base_path'"); + "Illegal target directory '$absolute_target_dir' is not below '$remote_base_path'" + ); $dir_names = preg_split('-/+-', substr($absolute_target_dir, strlen($remote_base_path)), 0, PREG_SPLIT_NO_EMPTY); if (count($dir_names) == 1) { @@ -263,8 +264,9 @@ class SftpUploader if ($error = $this->sftp->put($local_file, $remote_filename, $preserve_times_and_mod)->lastError()) { Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'", $error); - if ($error["permission_denied"] !== true) + if ($error["permission_denied"] !== true) { $retry_with_permission_change = false; + } if ($retry_with_permission_change) { Utils::log()->info("Retrying file '{$local_file}' to '{$file["target"]}' with adjusted permissions"); @@ -279,15 +281,13 @@ class SftpUploader // Second attempt when initial failed or was skipped due to write protection (only possible if we have chmod defined to reset permissions later) if ($retry_with_permission_change) { - $this->sftp->chmod($remote_filename, '0600'); if ($error = $this->sftp->put($local_file, $remote_filename)->lastError()) { Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'", $error); return self::UPLOAD_ERROR_NO_PERMISSION; } - - } else if ($remote_is_readonly) { + } elseif ($remote_is_readonly) { Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'. Existing file is write protected."); return self::UPLOAD_ERROR_NO_PERMISSION; } @@ -316,18 +316,20 @@ class SftpUploader $this->current_file = null; - if (empty($this->pending_files)) + if (empty($this->pending_files)) { $this->temporaryFile(true); + } return self::UPLOAD_SUCCESS; } private function deleteSourceIfRequested($file) { - if (isset($this->pending_files[$file]) + if ( + isset($this->pending_files[$file]) && is_array($existing = $this->pending_files[$file]) - && $existing["delete_source"] === true) { - + && $existing["delete_source"] === true + ) { unlink($existing["source"]); } } @@ -344,8 +346,9 @@ class SftpUploader register_shutdown_function(function () use (&$shared_temporary_files) { $count = 0; foreach ($shared_temporary_files as $temporary_files) { - if (!is_iterable($temporary_files)) + if (!is_iterable($temporary_files)) { continue; + } foreach ($temporary_files as $file) { if (is_file($file)) { unlink($file); @@ -354,8 +357,9 @@ class SftpUploader } } - if ($count > 0) + if ($count > 0) { Utils::log()->info("Removed $count files in shutdown hook instead of object destruction."); + } $shared_temporary_files = []; }); @@ -373,11 +377,12 @@ class SftpUploader // Dealing with temp file creation or cleanup if ($delete_all) { foreach ($temporary_files as $file) { - if (is_file($file)) unlink($file); + if (is_file($file)) { + unlink($file); + } } unset($shared_temporary_files[$index]); - } else { if ($file = tempnam(sys_get_temp_dir(), "sftp-upload-")) { $file = realpath($file); diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php index 89a89c5ae..f16d4082f 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php @@ -1,4 +1,5 @@ $result)); + echo json_encode(array('status' => $result)); break; case 'renew': $result = cert_action_validator($options["c"]); - echo json_encode(array('status'=>$result)); + echo json_encode(array('status' => $result)); break; case 'remove': $result = cert_action_validator($options["c"]); - echo json_encode(array('status'=>$result)); + echo json_encode(array('status' => $result)); break; case 'removekey': $result = cert_action_validator($options["c"]); - echo json_encode(array('status'=>$result)); + echo json_encode(array('status' => $result)); break; case 'revoke': $result = cert_action_validator($options["c"]); - echo json_encode(array('status'=>$result)); + echo json_encode(array('status' => $result)); break; default: echo "ERROR: invalid argument specified\n"; @@ -112,7 +112,7 @@ function cert_action_validator($opt_cert_id) { global $options; - $modelObj = new OPNsense\AcmeClient\AcmeClient; + $modelObj = new OPNsense\AcmeClient\AcmeClient(); // Store certs here after successful issue/renewal. Required for automations. $restart_certs = array(); @@ -459,7 +459,7 @@ function run_acme_validation($certObj, $valObj, $acctObj) // Required to run pre-defined commands. $backend = new Backend(); - $modelObj = new OPNsense\AcmeClient\AcmeClient; + $modelObj = new OPNsense\AcmeClient\AcmeClient(); // Collect account information $account_conf_dir = "/var/etc/acme-client/accounts/" . $acctObj->id; @@ -511,7 +511,7 @@ function run_acme_validation($certObj, $valObj, $acctObj) $last_update_time = new \DateTime(); $last_update_time->setTimestamp($last_update); $renew_interval = (string)$certObj->renewInterval; - $next_update = $last_update_time->add(new \DateInterval('P'.$renew_interval.'D')); + $next_update = $last_update_time->add(new \DateInterval('P' . $renew_interval . 'D')); // Check if it's time to renew the cert. if (isset($options["F"]) or ($current_time >= $next_update)) { @@ -899,7 +899,7 @@ function run_acme_validation($certObj, $valObj, $acctObj) switch ((string)$certObj->aliasmode) { case 'automatic': $name = "_acme-challenge." . ltrim((string)$certObj->name, '*.'); - if ($dst = dns_get_record($name, DNS_CNAME )) { + if ($dst = dns_get_record($name, DNS_CNAME)) { $altnames .= "--domain-alias " . $dst[0]['target'] . " "; } break; @@ -923,7 +923,7 @@ function run_acme_validation($certObj, $valObj, $acctObj) switch ((string)$certObj->aliasmode) { case 'automatic': $name = "_acme-challenge." . ltrim($altname, '*.'); - if ($dst = dns_get_record($name, DNS_CNAME )) { + if ($dst = dns_get_record($name, DNS_CNAME)) { $altnames .= "--domain-alias " . $dst[0]['target'] . " "; } break; @@ -935,7 +935,6 @@ function run_acme_validation($certObj, $valObj, $acctObj) break; } } - } } @@ -1409,12 +1408,12 @@ function dump_postponed_updates() 500 => 'internal error', ]; - $modelObj = new OPNsense\AcmeClient\AcmeClient; + $modelObj = new OPNsense\AcmeClient\AcmeClient(); foreach ($postponed_updates as $pupdate) { $_statusCode = $pupdate['statusCode']; $_uuid = $pupdate['uuid']; - $node = $modelObj->getNodeByReference('certificates.certificate.'.$_uuid); + $node = $modelObj->getNodeByReference('certificates.certificate.' . $_uuid); if ($node != null) { log_error("AcmeClient: storing status '" . $status_descr[$_statusCode] . "' for cert " . (string)$node->name); $node->statusCode = $_statusCode; @@ -1492,7 +1491,7 @@ function local_cert_get_cn($crt, $decode = true) } // taken from system_camanager.php -function local_ca_import(& $ca, $str, $key = "", $serial = 0) +function local_ca_import(&$ca, $str, $key = "", $serial = 0) { global $config; @@ -1518,7 +1517,7 @@ function local_ca_import(& $ca, $str, $key = "", $serial = 0) if (is_array($config['ca'])) { foreach ($config['ca'] as & $oca) { $issuer = cert_get_issuer($oca['crt']); - if ($ca['refid']<>$oca['refid'] && $issuer==$subject) { + if ($ca['refid'] <> $oca['refid'] && $issuer == $subject) { $oca['caref'] = $ca['refid']; } } @@ -1526,7 +1525,7 @@ function local_ca_import(& $ca, $str, $key = "", $serial = 0) if (is_array($config['cert'])) { foreach ($config['cert'] as & $cert) { $issuer = cert_get_issuer($cert['crt']); - if ($issuer==$subject) { + if ($issuer == $subject) { $cert['caref'] = $ca['refid']; } } diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_highwinds.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_highwinds.php index 9f315ce59..d2c65442b 100755 --- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_highwinds.php +++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_highwinds.php @@ -41,7 +41,7 @@ $HIGHWINDS_API_URL = 'https://striketracker.highwinds.com/api/v1/accounts'; function find_certificate($acme_cert_id) { - $modelObj = new OPNsense\AcmeClient\AcmeClient; + $modelObj = new OPNsense\AcmeClient\AcmeClient(); $configObj = Config::getInstance()->object(); if (isset($configObj->OPNsense->AcmeClient->certificates) && $configObj->OPNsense->AcmeClient->certificates->count() > 0) { foreach ($configObj->OPNsense->AcmeClient->certificates->children() as $certObj) { @@ -93,7 +93,7 @@ function export_certificate($cert_refid) function upload_certificate($cert_name, $cert_refid, $acme_cert_id, $acme_automation_id) { - $modelObj = new OPNsense\AcmeClient\AcmeClient; + $modelObj = new OPNsense\AcmeClient\AcmeClient(); $configObj = Config::getInstance()->object(); if (isset($configObj->OPNsense->AcmeClient->actions) && $configObj->OPNsense->AcmeClient->actions->count() > 0) { foreach ($configObj->OPNsense->AcmeClient->actions->children() as $automObj) { diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php index f9d6977e4..05fc9443d 100755 --- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php +++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php @@ -154,15 +154,15 @@ function commandShowIdentity(array &$options): int $keys = new SSHKeys(configPath()); if (($id_file = $keys->getIdentity($identity_type)) && is_readable($id_file)) { - - if (!isset($options["unrestricted"]) - && ($restrictions = SSHKeys::getIdentityRestrictions($host, $source_ip))) { + if ( + !isset($options["unrestricted"]) + && ($restrictions = SSHKeys::getIdentityRestrictions($host, $source_ip)) + ) { echo "$restrictions "; } echo file_get_contents($id_file); return EXITCODE_SUCCESS; - } else { Utils::log()->error("Failed getting identity. See log output for details."); } @@ -197,14 +197,14 @@ function commandTestConnection(array &$options): int if ($result["success"]) { $result["actions"][] = "upload-tested"; - } else { - if ($error = $sftp->lastError(3)) + if ($error = $sftp->lastError(3)) { $result = array_merge($result, $error); + } if ($upload_result === SftpUploader::UPLOAD_ERROR_CHGRP_FAILED) { $result["chgrp_failed"] = true; - } else if ($upload_result === SftpUploader::UPLOAD_ERROR_CHMOD_FAILED) { + } elseif ($upload_result === SftpUploader::UPLOAD_ERROR_CHMOD_FAILED) { $result["chmod_failed"] = true; } } @@ -215,8 +215,9 @@ function commandTestConnection(array &$options): int SftpUploader::UPLOAD_ERROR_CHMOD_FAILED]); if ($remove_file) { - if ($error = $sftp->clearError()->rm($filename)->lastError(3)) + if ($error = $sftp->clearError()->rm($filename)->lastError(3)) { Utils::log()->error("Failed removing upload test file '$filename'", $error); + } } $sftp->close(); @@ -233,15 +234,15 @@ function commandUpload(array &$options): int // Includes host, upload all certs to the same host. if (isset($options["host"])) { return uploadCertificatesToHost($options); - } else { // Find the actions associated with the given certs. $tasks = []; $cert_ids = preg_split('/[,;\s]+/', $options["certificates"] ?: "", 0, PREG_SPLIT_NO_EMPTY); foreach (findCertificates($cert_ids, false) as $id => $cert) { foreach ($cert["automations"] as $action_id) { - if (!isset($tasks[$action_id])) + if (!isset($tasks[$action_id])) { $tasks[$action_id] = []; + } $tasks[$action_id][] = $id; } } @@ -251,17 +252,16 @@ function commandUpload(array &$options): int if (!empty($cert_list) && ($task_options = getOptionsById($action_id, true))) { $task_options = array_merge($options, $task_options, ["certificates" => join(",", $cert_list)]); $result = uploadCertificatesToHost($task_options); - if ($result != EXITCODE_SUCCESS) + if ($result != EXITCODE_SUCCESS) { break; + } } } return $result; } - - } else if (isset($options["host"])) { + } elseif (isset($options["host"])) { return uploadCertificatesToHost($options); - } else { Utils::log()->error("No work to do, neither --host nor --certificates is present."); return EXITCODE_ERROR_NOTHING_TO_UPLOAD; @@ -283,11 +283,11 @@ function uploadCertificatesToHost(array $options): int addFilesToUpload($options, $uploader); - if (empty($uploader->pending())) + if (empty($uploader->pending())) { return EXITCODE_ERROR_NOTHING_TO_UPLOAD; + } for ($max_restarts = 5; !empty($uploader->pending()) && $max_restarts > 0; $max_restarts--) { - $result = $uploader->upload(); if ($result != SftpUploader::UPLOAD_SUCCESS) { @@ -370,10 +370,12 @@ function getCommand() $command = null; $parsed_args = getopt("", ["command::"]); foreach (COMMANDS as $name => $cmd) { - if (in_array($name, $GLOBALS["argv"]) || $parsed_args["command"] === $name) + if (in_array($name, $GLOBALS["argv"]) || $parsed_args["command"] === $name) { $command = $cmd; - if ($cmd["default"] === true) + } + if ($cmd["default"] === true) { $default = $cmd; + } } return $command ?: $default; @@ -385,9 +387,12 @@ function getActionById($automation_id) $client = $config->OPNsense->AcmeClient; foreach ($client->actions->children() as $action) { - if ($automation_id === (string)$action->attributes()["uuid"] - || $automation_id === (string)$action->id) + if ( + $automation_id === (string)$action->attributes()["uuid"] + || $automation_id === (string)$action->id + ) { return $action; + } } return null; @@ -395,7 +400,9 @@ function getActionById($automation_id) function getOptionsById($automation_id, $silent = false) { - if (!$silent) Utils::log()->info("Reading options from automation: $automation_id"); + if (!$silent) { + Utils::log()->info("Reading options from automation: $automation_id"); + } if (is_object($action = getActionById($automation_id))) { if ($action->enabled && "upload_sftp" === (string)$action->type) { @@ -414,7 +421,7 @@ function getOptionsById($automation_id, $silent = false) "ca-name" => trim((string)$action->sftp_filename_ca), "certificates" => "", // defaults to all (= empty), may be overridden via CLI ]; - } else if (!$silent) { + } elseif (!$silent) { Utils::log()->error("Ignoring disabled or invalid automation '$automation_id'"); } } else { @@ -434,14 +441,12 @@ function addFilesToUpload(array $options, SftpUploader &$uploader) $cert_ids = preg_split('/[,;\s]+/', $options["certificates"] ?: "", 0, PREG_SPLIT_NO_EMPTY); foreach (findCertificates($cert_ids) as $cert) { - if (!isset($cert["content"])) { Utils::log()->error("Ignoring upload for cert '{$cert["name"]}', since it is not available in trust storage."); continue; } foreach ($cert["content"] as $name => $content) { - if (empty($content)) { Utils::log()->error("Content for '{$name}.pem' in cert '{$cert["name"]}' is empty, skipping it."); continue; @@ -463,44 +468,46 @@ function addFilesToUpload(array $options, SftpUploader &$uploader) ? stripcslashes($cert[$index]) : "__unknown-template-param__{$index}__"; }, - $path_part); + $path_part + ); // Sanitize user input. Allow unicode chars, numbers and some special characters [_-@.]. // Also replace all ".." with "." to avoid upwards tree traversal. return preg_replace(['/\.+/', '/[^\w\d_\-@.]+/uim'], ['.', '-'], trim($path_part)); }, - preg_split('-[/\\\\]+-', $target_path, 0, PREG_SPLIT_NO_EMPTY))); + preg_split('-[/\\\\]+-', $target_path, 0, PREG_SPLIT_NO_EMPTY) + )); // Add the file to upload (if valid) - if (!empty($target_path) + if ( + !empty($target_path) && preg_match('-^(?!/).+?(?addContent($content, $target_path, $cert["updated"], $mod, $chgrp); - } else { Utils::log()->error("Cannot add '{$name}.pem' since the upload path '$target_path' is invalid."); } } } - if (empty($uploader->pending())) + if (empty($uploader->pending())) { Utils::log()->error("Didn't find any certificates to upload (cert-ids: " . (empty($cert_ids) ? "*all*" : join(", ", $cert_ids)) . ")."); - - } else if (isset($options["files"])) { + } + } elseif (isset($options["files"])) { $files = preg_split('/[,;\s]+/', $options["files"] ?: "", 0, PREG_SPLIT_NO_EMPTY); foreach ($files as $file) { $uploader->addFile($file, "", $chmod, $chgrp); }; - if (empty($uploader->pending())) + if (empty($uploader->pending())) { Utils::log()->error("Didn't files to upload (files: " . join(", ", $files) . ")."); - + } } else { Utils::log()->error("Neither '--certificates' nor '--files' was specified. Have nothing to upload."); } @@ -508,7 +515,9 @@ function addFilesToUpload(array $options, SftpUploader &$uploader) function findCertificates(array $certificate_ids_or_names, $load_content = true): array { - if (!class_exists("OPNsense\\Core\\Config")) return []; + if (!class_exists("OPNsense\\Core\\Config")) { + return []; + } $config = OPNsense\Core\Config::getInstance()->object(); $client = $config->OPNsense->AcmeClient; @@ -521,13 +530,15 @@ function findCertificates(array $certificate_ids_or_names, $load_content = true) $id = (string)$cert->id; $name = (string)$cert->name; - if (empty($certificate_ids_or_names) + if ( + empty($certificate_ids_or_names) || in_array($id, $certificate_ids_or_names) - || in_array($name, $certificate_ids_or_names)) { - + || in_array($name, $certificate_ids_or_names) + ) { if ($cert->enabled == 0) { - if (!empty($certificate_ids_or_names)) + if (!empty($certificate_ids_or_names)) { Utils::log()->error("Certificate '{$name}' (id: $id) is disabled, skipping it."); + } continue; } @@ -547,8 +558,9 @@ function findCertificates(array $certificate_ids_or_names, $load_content = true) if ($load_content && ($certificates = exportCertificates($refids))) { foreach ($result as &$cert_info) { $id = $cert_info["content_id"]; - if (isset($certificates[$id])) + if (isset($certificates[$id])) { $cert_info["content"] = $certificates[$id]; + } } } @@ -584,7 +596,9 @@ function configPath(): string __DIR__ ]; foreach ($paths as $path) { - if (is_dir($path)) return $path . DIRECTORY_SEPARATOR . 'sftp-config'; + if (is_dir($path)) { + return $path . DIRECTORY_SEPARATOR . 'sftp-config'; + } } die("Failed detecting config path"); } @@ -607,16 +621,18 @@ function main() if (isset($options["h"]) || isset($options["help"])) { help(); } else { - if (isset($options["log"])) + if (isset($options["log"])) { Utils::log(true)->info("Logging to stdout enabled"); + } $options = array_filter($options, function ($value) { return !is_string($value) || (!empty($value = trim($value)) && $value !== "__default_value"); }); - if (isset($options["automation-id"])) + if (isset($options["automation-id"])) { $options = array_merge(getOptionsById($options["automation-id"]), $options); + } if (is_callable($runner = $command["implementation"])) { $code = $runner($options); diff --git a/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc b/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc index d9e887ed4..6208828d9 100644 --- a/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc +++ b/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc @@ -32,8 +32,10 @@ function clamav_services() $services = array(); - if (isset($config['OPNsense']['clamav']['general']['enabled']) && - $config['OPNsense']['clamav']['general']['enabled'] == 1) { + if ( + isset($config['OPNsense']['clamav']['general']['enabled']) && + $config['OPNsense']['clamav']['general']['enabled'] == 1 + ) { $services[] = array( 'description' => gettext('ClamAV Daemon'), 'configd' => array( @@ -46,8 +48,10 @@ function clamav_services() ); } - if (isset($config['OPNsense']['clamav']['general']['fc_enabled']) && - $config['OPNsense']['clamav']['general']['fc_enabled'] == 1) { + if ( + isset($config['OPNsense']['clamav']['general']['fc_enabled']) && + $config['OPNsense']['clamav']['general']['fc_enabled'] == 1 + ) { $services[] = array( 'description' => gettext('freshclam daemon'), 'configd' => array( diff --git a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/UrlController.php b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/UrlController.php index f1b5356b3..603d9693d 100644 --- a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/UrlController.php +++ b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/UrlController.php @@ -1,4 +1,5 @@ * diff --git a/security/tinc/src/etc/inc/plugins.inc.d/tinc.inc b/security/tinc/src/etc/inc/plugins.inc.d/tinc.inc index d9120b10a..d2afe051b 100644 --- a/security/tinc/src/etc/inc/plugins.inc.d/tinc.inc +++ b/security/tinc/src/etc/inc/plugins.inc.d/tinc.inc @@ -51,7 +51,7 @@ function tinc_syslog() foreach ($mdl->networks->network->iterateItems() as $network) { if ($network->enabled == '1') { - $logfacilities['tinc']['facility'][] = 'tinc.'.$network->name; + $logfacilities['tinc']['facility'][] = 'tinc.' . $network->name; } } diff --git a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/Api/ServiceController.php b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/Api/ServiceController.php index ab8618bb4..1ad63da2d 100644 --- a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/Api/ServiceController.php +++ b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/Api/ServiceController.php @@ -1,4 +1,5 @@ getModel()->networks->network->Add(); return array("network" => $node->getNodes()); } else { - $node = $this->getModel()->getNodeByReference('networks.network.'.$uuid); + $node = $this->getModel()->getNodeByReference('networks.network.' . $uuid); if ($node != null) { // return node return array("network" => $node->getNodes()); @@ -71,7 +72,7 @@ class SettingsController extends ApiMutableModelControllerBase { if ($this->request->isPost() && $this->request->hasPost("network")) { if ($uuid != null) { - $node = $this->getModel()->getNodeByReference('networks.network.'.$uuid); + $node = $this->getModel()->getNodeByReference('networks.network.' . $uuid); } else { $node = $this->getModel()->networks->network->Add(); } @@ -85,7 +86,7 @@ class SettingsController extends ApiMutableModelControllerBase } return $this->validateAndSave($node, 'network'); } - return array("result"=>"failed"); + return array("result" => "failed"); } @@ -160,7 +161,7 @@ class SettingsController extends ApiMutableModelControllerBase $node = $this->getModel()->hosts->host->Add(); return array("host" => $node->getNodes()); } else { - $node = $this->getModel()->getNodeByReference('hosts.host.'.$uuid); + $node = $this->getModel()->getNodeByReference('hosts.host.' . $uuid); if ($node != null) { // return node return array("host" => $node->getNodes()); @@ -178,14 +179,14 @@ class SettingsController extends ApiMutableModelControllerBase { if ($this->request->isPost() && $this->request->hasPost("host")) { if ($uuid != null) { - $node = $this->getModel()->getNodeByReference('hosts.host.'.$uuid); + $node = $this->getModel()->getNodeByReference('hosts.host.' . $uuid); } else { $node = $this->getModel()->hosts->host->Add(); } $node->setNodes($this->request->getPost("host")); return $this->validateAndSave($node, 'host'); } - return array("result"=>"failed"); + return array("result" => "failed"); } diff --git a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.php b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.php index a4fb850fe..71df5c926 100644 --- a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.php +++ b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.php @@ -1,4 +1,5 @@ 'failed'); + $result = array('result' => 'failed'); if ($this->request->isPost()) { $mdl = new General(); $mdl->setNodes($this->request->getPost('general')); @@ -55,7 +55,7 @@ class GeneralController extends ApiMutableModelControllerBase if (!array_key_exists('validations', $result)) { $result['validations'] = array(); } - $result['validations']['general.'.$msg->getField()] = $msg->getMessage(); + $result['validations']['general.' . $msg->getField()] = $msg->getMessage(); } if ($valMsgs->count() == 0) { diff --git a/security/tor/src/opnsense/mvc/app/controllers/OPNsense/Tor/Api/RelayController.php b/security/tor/src/opnsense/mvc/app/controllers/OPNsense/Tor/Api/RelayController.php index 34641ca25..d1c1b889b 100644 --- a/security/tor/src/opnsense/mvc/app/controllers/OPNsense/Tor/Api/RelayController.php +++ b/security/tor/src/opnsense/mvc/app/controllers/OPNsense/Tor/Api/RelayController.php @@ -1,4 +1,5 @@ * diff --git a/sysutils/nut/src/opnsense/mvc/app/controllers/OPNsense/Nut/IndexController.php b/sysutils/nut/src/opnsense/mvc/app/controllers/OPNsense/Nut/IndexController.php index 764d5d8ae..d4be86d70 100644 --- a/sysutils/nut/src/opnsense/mvc/app/controllers/OPNsense/Nut/IndexController.php +++ b/sysutils/nut/src/opnsense/mvc/app/controllers/OPNsense/Nut/IndexController.php @@ -1,4 +1,5 @@ diff --git a/sysutils/nut/src/opnsense/mvc/app/models/OPNsense/Nut/Nut.php b/sysutils/nut/src/opnsense/mvc/app/models/OPNsense/Nut/Nut.php index 547dcba6b..a4cd0d50d 100644 --- a/sysutils/nut/src/opnsense/mvc/app/models/OPNsense/Nut/Nut.php +++ b/sysutils/nut/src/opnsense/mvc/app/models/OPNsense/Nut/Nut.php @@ -1,4 +1,5 @@ All rights reserved. diff --git a/sysutils/smart/src/opnsense/mvc/app/controllers/OPNsense/Smart/Api/ServiceController.php b/sysutils/smart/src/opnsense/mvc/app/controllers/OPNsense/Smart/Api/ServiceController.php index 0af8f6728..fd82ac6f0 100644 --- a/sysutils/smart/src/opnsense/mvc/app/controllers/OPNsense/Smart/Api/ServiceController.php +++ b/sysutils/smart/src/opnsense/mvc/app/controllers/OPNsense/Smart/Api/ServiceController.php @@ -70,7 +70,7 @@ class ServiceController extends ApiControllerBase $backend = new Backend(); - $output = $backend->configdpRun("smart", array("info", $type, "/dev/".$device)); + $output = $backend->configdpRun("smart", array("info", $type, "/dev/" . $device)); return array("output" => $output); } @@ -96,7 +96,7 @@ class ServiceController extends ApiControllerBase $backend = new Backend(); - $output = $backend->configdpRun("smart", array("log", $type, "/dev/".$device)); + $output = $backend->configdpRun("smart", array("log", $type, "/dev/" . $device)); return array("output" => $output); } @@ -122,7 +122,7 @@ class ServiceController extends ApiControllerBase $backend = new Backend(); - $output = $backend->configdpRun("smart", array("test", $type, "/dev/".$device)); + $output = $backend->configdpRun("smart", array("test", $type, "/dev/" . $device)); return array("output" => $output); } @@ -141,7 +141,7 @@ class ServiceController extends ApiControllerBase $backend = new Backend(); - $output = $backend->configdpRun("smart", array("abort", "/dev/".$device)); + $output = $backend->configdpRun("smart", array("abort", "/dev/" . $device)); return array("output" => $output); } diff --git a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc index 6d9895208..305408d15 100644 --- a/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc +++ b/www/c-icap/src/etc/inc/plugins.inc.d/cicap.inc @@ -32,8 +32,10 @@ function cicap_services() $services = array(); - if (isset($config['OPNsense']['cicap']['general']['enabled']) && - $config['OPNsense']['cicap']['general']['enabled'] == 1) { + if ( + isset($config['OPNsense']['cicap']['general']['enabled']) && + $config['OPNsense']['cicap']['general']['enabled'] == 1 + ) { $services[] = array( 'description' => gettext('C-ICAP server'), 'configd' => array( diff --git a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/Api/BansController.php b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/Api/BansController.php index 79f9edaa1..49d962709 100644 --- a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/Api/BansController.php +++ b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/Api/BansController.php @@ -1,4 +1,5 @@ nginx->getNodeByReference('http_server.'. $uuid); + $data = $this->nginx->getNodeByReference('http_server.' . $uuid); return isset($data); } @@ -190,7 +191,7 @@ class LogsController extends ApiControllerBase */ private function stream_exists($uuid) { - $data = $this->nginx->getNodeByReference('stream_server.'. $uuid); + $data = $this->nginx->getNodeByReference('stream_server.' . $uuid); return isset($data); } diff --git a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/IndexController.php b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/IndexController.php index 142466478..1325fd6b6 100644 --- a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/IndexController.php +++ b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/IndexController.php @@ -1,4 +1,5 @@ get($auth_server); return $authenticator->authenticate($username, $password); } diff --git a/www/nginx/src/opnsense/scripts/nginx/read_log.php b/www/nginx/src/opnsense/scripts/nginx/read_log.php index 35cae23f5..a74655b95 100755 --- a/www/nginx/src/opnsense/scripts/nginx/read_log.php +++ b/www/nginx/src/opnsense/scripts/nginx/read_log.php @@ -58,7 +58,7 @@ if ($server == 'global') { switch ($mode) { case 'error': case 'access': - if ($data = $nginx->getNodeByReference('http_server.'. $server)) { + if ($data = $nginx->getNodeByReference('http_server.' . $server)) { $server_names = (string)$data->servername; if (empty($server_names)) { die('{"error": "The server entry has no server name"}'); @@ -91,7 +91,7 @@ switch ($mode) { break; case 'streamerror': case 'streamaccess': - if ($data = $nginx->getNodeByReference('stream_server.'. $server)) { + if ($data = $nginx->getNodeByReference('stream_server.' . $server)) { $lines = []; $mode = str_replace('stream', '', $mode); $log_file_name = $log_prefix . 'stream_' . $server . '.' . $mode . $log_suffix; diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php index 931cfa7a3..901a002b3 100644 --- a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php +++ b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php @@ -92,7 +92,7 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController if ($this->request->isPost()) { $backend = new Backend(); $cnf = Config::getInstance()->object(); - $fqdn = $cnf->system->hostname .'.'.$cnf->system->domain; + $fqdn = $cnf->system->hostname . '.' . $cnf->system->domain; $username = escapeshellarg($this->request->getPost("login")); $pass = escapeshellarg($this->request->getPost("password")); @@ -111,7 +111,7 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController { $backend = new Backend(); $cnf = Config::getInstance()->object(); - $hostname = $cnf->system->hostname .'.'.$cnf->system->domain; + $hostname = $cnf->system->hostname . '.' . $cnf->system->domain; // LDAP $methods = explode(',', $cnf->OPNsense->proxy->forward->authentication->method); diff --git a/www/web-proxy-useracl/src/opnsense/mvc/app/controllers/OPNsense/ProxyUserACL/Api/SettingsController.php b/www/web-proxy-useracl/src/opnsense/mvc/app/controllers/OPNsense/ProxyUserACL/Api/SettingsController.php index 34b885dbe..cb801385c 100644 --- a/www/web-proxy-useracl/src/opnsense/mvc/app/controllers/OPNsense/ProxyUserACL/Api/SettingsController.php +++ b/www/web-proxy-useracl/src/opnsense/mvc/app/controllers/OPNsense/ProxyUserACL/Api/SettingsController.php @@ -306,11 +306,13 @@ class SettingsController extends ApiMutableModelControllerBase $ldapBindURL .= strpos($server['host'], "::") !== false ? "[{$server['host']}]" : $server['host']; $ldapBindURL .= !empty($server['ldap_port']) ? ":{$server['ldap_port']}" : ""; $ldap_auth_server = $authFactory->get($server["name"]); - if ($ldap_auth_server->connect( - $ldapBindURL, - $server["ldap_binddn"], - $server["ldap_bindpw"] - ) == false) { + if ( + $ldap_auth_server->connect( + $ldapBindURL, + $server["ldap_binddn"], + $server["ldap_bindpw"] + ) == false + ) { return gettext("Error connecting to LDAP server"); }