pfsense · BBcan177 · Dec 30, 2019 · Dec 30, 2019 · Dec 30, 2019 · Dec 30, 2019
diff --git a/net/pfSense-pkg-pfBlockerNG-devel/Makefile b/net/pfSense-pkg-pfBlockerNG-devel/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-pfBlockerNG-devel
 PORTVERSION=	2.2.5
-PORTREVISION=	27
+PORTREVISION=	28
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/etc/inc/priv/pfblockerng.priv.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/etc/inc/priv/pfblockerng.priv.inc
@@ -23,8 +23,8 @@
 global $priv_list;
 
 $priv_list['page-firewall-pfblockerng'] = array();
-$priv_list['page-firewall-pfblockerng']['name'] = "WebCfg - Firewall: pfBlockerNG";
-$priv_list['page-firewall-pfblockerng']['descr'] = "Allow access to pfBlockerNG package gui";
+$priv_list['page-firewall-pfblockerng']['name'] = gettext("WebCfg - Firewall: pfBlockerNG");
+$priv_list['page-firewall-pfblockerng']['descr'] = gettext("Allow access to pfBlockerNG package gui");
 $priv_list['page-firewall-pfblockerng']['match'] = array();
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_general.php";
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_ip.php*";
@@ -49,9 +49,13 @@ $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_Pr
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_reputation.php";
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_blacklist.php*";
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/pfblockerng_threats.php*";
-
-$priv_list['page-firewall-pfblockerng']['match'][] = "widgets/widgets/pfblockerng.widget.php";
 $priv_list['page-firewall-pfblockerng']['match'][] = "pfblockerng/www/index.php";
-
 $priv_list['page-firewall-pfblockerng']['match'][] = "wizards/pfblockerng_wizard.xml";
+$priv_list['page-firewall-pfblockerng']['match'][] = "widgets/widgets/pfblockerng.widget.php";
+
+$priv_list['page-dashboard-pfblockerng'] = array();
+$priv_list['page-dashboard-pfblockerng']['name'] = gettext("WebCfg - Dashboard Widget (pfBlockerNG)");
+$priv_list['page-dashboard-pfblockerng']['descr'] = gettext("Allow access to dashboard (pfBlockerNG)");
+$priv_list['page-dashboard-pfblockerng']['match'] = array();
+$priv_list['page-dashboard-pfblockerng']['match'][] = "widgets/widgets/pfblockerng.widget.php";
 ?>
diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc
@@ -236,6 +236,7 @@ function pfb_global() {
 	$pfb['supp']		= $pfb['ipconfig']['suppression'];		// Enable Suppression
 	$pfb['cc']		= $pfb['ipconfig']['database_cc'];		// Disable Country database CRON updates
 	$pfb['maxmind_locale']	= $pfb['ipconfig']['maxmind_locale']	?: 'en';// MaxMind Localized Language setting
+	$pfb['maxmind_key']	= $pfb['ipconfig']['maxmind_key']	?: '';	// Maxmind License Key
 	$pfb['asn_reporting']	= $pfb['ipconfig']['asn_reporting']	?: 'disabled'; // ASN Reporting
 
 	$pfb['iplocal']		= $config['interfaces']['lan']['ipaddr'];	// Lan IP address
@@ -2283,7 +2284,7 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log
 						curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
 						curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3');
 						$log = "\n[ ! ] Downgrading SSL settings (Flex) ";
-						pfb_logger("{$log}", 1);
+						pfb_logger("{$log}", "{$logtype}");
 					}
 					else {
 						$log = curl_error($ch) . " Retry in 5 seconds...\n";
@@ -2297,16 +2298,16 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log
 				$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
 
 				if (isset($pfb['rfc7231'][$http_status])) {
-					if ($logtype != 3) {
-						pfb_logger(". {$pfb['rfc7231'][$http_status]}", 1);
+					if ($logtype < 3) {
+						pfb_logger(". {$pfb['rfc7231'][$http_status]}", $logtype);
 					} else {
-						pfb_logger(" {$file_dwn}\t\t{$pfb['rfc7231'][$http_status]}\n", 3);
+						pfb_logger(" {$file_dwn}\t\t{$pfb['rfc7231'][$http_status]}\n", $logtype);
 					}
 				} else {
-					if ($logtype != 3) {
-						pfb_logger(". unknown http status code | {$http_status}", 2);
+					if ($logtype < 3) {
+						pfb_logger(". unknown http status code | {$http_status}", $logtype);
 					} else {
-						pfb_logger(". unknown http status code | {$http_status}", 3);
+						pfb_logger(". unknown http status code | {$http_status}", $logtype);
 					}
 				}
 				curl_close($ch);
@@ -2346,7 +2347,7 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log
 			if ($type == 'geoip') {
 				// Extras - MaxMind downloads
 				@rename("{$file_dwn}.raw", strstr("{$file_dwn}.raw", '.raw', TRUE));
-				exec("/usr/bin/tar -xzf {$file_dwn} --strip=1 -C {$pfb['geoipshare']}");
+				exec("/usr/bin/tar -xzf {$file_dwn} --strip=1 -C {$pfb['geoipshare']} >/dev/null 2>&1");
 				return TRUE;
 			}
 			elseif ($type == 'blacklist') {
@@ -2377,9 +2378,12 @@ function pfb_download($list_url, $file_dwn, $pflex=FALSE, $header, $format, $log
 			// Extras - MaxMind/TOP1M downloads
 			if ($type == 'geoip' || $type == 'top1m') {
 				// Determine if Zip contains multiple files
-				$archive = exec("/usr/bin/tar -tf {$file_dwn}.raw | grep -c ^");
-				if ($archive > 1) {
-					exec("/usr/bin/tar -xf {$file_dwn}.raw --strip=1 -C {$header}");
+				exec("/usr/bin/tar -tf {$file_dwn}.raw 2>&1", $archive_count, $retval);
+				if ($archive_count[0] == 'tar: Failed to set default locale') {
+					unset($archive_count[0]);
+				}
+				if (count($archive_count) > 1) {
+					exec("/usr/bin/tar -xf {$file_dwn}.raw --strip=1 -C {$header} >/dev/null 2>&1");
 				} else {
 					exec("/usr/bin/tar -xOf {$file_dwn}.raw > {$header}");
 				}
@@ -3454,7 +3458,11 @@ function pfb_daemon_filterlog() {
 	}
 
 	// Application paths
-	$pathgeoip = "/usr/local/bin/mmdblookup -f {$pfb['geoipshare']}/GeoLite2-Country.mmdb -i";
+	if (file_exists('/usr/local/bin/mmdblookup') && file_exists("{$pfb['geoipshare']}/GeoLite2-Country.mmdb")) {
+		$pathgeoip = "/usr/local/bin/mmdblookup -f {$pfb['geoipshare']}/GeoLite2-Country.mmdb -i";
+	} else {
+		$pathgeoip = '';
+	}
 
 	// Proofpoint ET IQRisk header name reference
 	init_config_arr(array('installedpackages', 'pfblockerngreputation', 'config', 0));
@@ -3678,9 +3686,14 @@ function pfb_daemon_filterlog() {
 					}
 
 					// Determine GeoIP isocode of host
-					$geoip = exec("{$pathgeoip} {$host} country iso_code | grep -v '^$' | cut -d '\"' -f2 2>&1");
-					if (empty($geoip)) {
-						$geoip = 'Unknown';
+					if (!empty($pathgeoip)) {
+						$geoip = exec("{$pathgeoip} {$host} country iso_code | grep -v '^$' | cut -d '\"' -f2 2>&1");
+						if (empty($geoip)) {
+							$geoip = 'Unk';
+						}
+					}
+					else {
+						$geoip = 'Unk';
 					}
 
 					// Modify host for ASN query
@@ -6321,12 +6334,45 @@ function sync_package_pfblockerng($cron='') {
 		pfb_logger("{$log}", 1);
 	}
 
+	// Download MaxMind Databases if not found
+	$maxmind_verify = FALSE;
+	if (!empty($pfb['maxmind_key'])) {
+
+		$maxmind_verify = TRUE;
+		if (!file_exists("{$pfb['geoipshare']}/GeoLite2-Country.mmdb") ||
+		    !file_exists("{$pfb['geoipshare']}/GeoLite2-Country-Blocks-IPv4.csv") ||
+		    !file_exists("{$pfb['dbdir']}/geoip.txt") ||
+		    !file_exists("{$pfb['ccdir']}/Top_Spammers_v4.info")) {
+
+			// Check if MaxMind download already in progress
+			exec('/bin/ps -wax', $result_cron);
+			if (!preg_grep("/pfblockerng[.]php\s+dc/", $result_cron)) {
+				$log = "\nMaxMind Database downloading and processing ( approx 4MB ) ... Please wait ...\n";
+				pfb_logger("{$log}", 1);
+				exec("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> {$pfb['log']} 2>&1");
+			}
+			else {
+				$log = "\nMaxMind download already in process...\n";
+				pfb_logger("{$log}", 1);
+			}
+		}
+	}
+
+	$maxmind_run_once = TRUE;
 	foreach ($pfb['continents'] as $continent => $pfb_alias) {
 		if (isset($config['installedpackages']['pfblockerng' . strtolower(str_replace(' ', '', $continent))]['config'])) {
 			$continent_config = $config['installedpackages']['pfblockerng' . strtolower(str_replace(' ', '', $continent))]['config'][0];
 			$cc_name = 'pfblockerng' . strtolower(str_replace(' ', '', $continent));
 			if ($continent_config['action'] != 'Disabled' && $pfb['enable'] == 'on') {
 
+				// Maxmind License Key verification and user notification
+				if ($maxmind_run_once && !$maxmind_verify) {
+					$mmsg = 'MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information.';
+					pfb_logger("\n\nURGENT:\n    {$mmsg}\n", 1);
+					file_notice('pfBlockerNG MaxMind', $mmsg, 'pfBlockerNG', '/pfblockerng/pfblockerng_ip.php', 2);
+					$maxmind_run_once = FALSE;
+				}
+
 				$urlvalue = '';	// Firewall: Aliases value field
 
 				// Determine if Continent lists require action (IPv4 and IPv6)
@@ -6541,6 +6587,7 @@ function sync_package_pfblockerng($cron='') {
 			}
 		}
 
+		$maxmind_run_once = TRUE;
 		foreach	($lists	as $list) {
 			if ($runonce_v4 && $list['vtype'] == '_v4') {
 				$runonce_v4 = FALSE;
@@ -6566,6 +6613,16 @@ function sync_package_pfblockerng($cron='') {
 							$custom	= FALSE;
 						}
 
+						// Maxmind License Key verification
+						if ($maxmind_run_once && $row['format'] == 'geoip') {
+							$mmsg = 'MaxMind now requires a License Key! Review the IP tab: MaxMind settings for more information.';
+							if (empty($pfb['maxmind_key'])) {
+								pfb_logger("\n\nURGENT:\n    {$mmsg}.\n", 1);
+								file_notice('pfBlockerNG MaxMind', $mmsg, 'pfBlockerNG', '/pfblockerng/pfblockerng_ip.php', 2);
+							}
+							$maxmind_run_once = FALSE;
+						}
+
 						// IPv4 Advanced Tunables
 						$pfbcidr = 'Disabled';
 						if (isset($list['suppression_cidr'])) {

diff --git a/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc b/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng_install.inc
@@ -22,125 +22,15 @@
 
 require_once('pfsense-utils.inc');
 require_once('/usr/local/pkg/pfblockerng/pfblockerng.inc');
-require_once('/usr/local/www/pfblockerng/pfblockerng.php');
 
 global $config, $g, $pfb;
 pfb_global();
 
 // Set 'Install flag' to skip sync process during installations.
 $g['pfblockerng_install'] = TRUE;
 
-// Only download MaxMind Database if files do not exist
-$maxmind_verify = FALSE;
-
-if (!file_exists("{$pfb['geoipshare']}/{$pfb['extras'][0]['file']}") ||
-    !file_exists("{$pfb['geoipshare']}/GeoLite2-Country-Blocks-IPv4.csv") ||
-    !file_exists("{$pfb['dbdir']}/geoip.txt") ||
-    !file_exists("{$pfb['ccdir']}/Top_Spammers_v4.info")) {
-
-	update_status("\nDownloading MaxMind GeoIP databases. This may take a minute...\n");
-
-	// Remove Alexa and Blacklist category feeds from download process
-	$pfb['extras'] = array_slice($pfb['extras'], 0, 2) ?: array();
-
-	foreach ($pfb['extras'] as $feed) {
-
-		$file_dwn = "{$pfb['geoipshare']}/{$feed['file_dwn']}";
-		if (($fhandle = @fopen("{$file_dwn}", 'w')) !== FALSE) {
-			if (empty($feed['file'])) {
-				$feed['file'] = 'GeoLite2-Country-CSV.zip';
-			}
-			update_status(" {$feed['file']}...");
-			if (!($ch = curl_init("{$feed['url']}"))) {
-				update_status(" Failed to create cURL resource.\n");
-				break;
-			}
-
-			curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36');
-			curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1.3, TLSv1.2');
-			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
-			curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
-			curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
-			curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
-			curl_setopt($ch, CURLOPT_FILE, $fhandle);
-			curl_setopt($ch, CURLOPT_TIMEOUT, 600);
-
-			// Attempt 3 Downloads before failing.
-			for ($retries = 1; $retries <= 3; $retries++) {
-				if (curl_exec($ch)) {
-					break;	// Break on success
-				}
-
-				$curl_error = curl_errno($ch);
-				update_status(" cURL Error: {$curl_error}. ", 1);
-			}
-
-			$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-			if ($http_status == '200 OK') {
-				if (strpos($file_dwn, '.gz') !== FALSE) {
-					exec("/usr/bin/tar -xzf {$file_dwn} --strip=1 -C {$pfb['geoipshare']}");
-				} elseif (strpos($file_dwn, '.zip') !== FALSE) {
-					exec("/usr/bin/tar -xf {$file_dwn} --strip=1 -C {$pfb['geoipshare']}");
-				}
-				unlink_if_exists("{$file_dwn}");
-				update_status(" done.\n");
-
-				if ($feed['file'] == 'GeoLite2-Country-CSV.zip') {
-					$maxmind_verify = TRUE;
-				}
-			}
-			else {
-				update_status(" Failed!\n");
-			}
-		}
-		curl_close($ch);
-		@fclose($fhandle);
-	}
-
-	if (!$maxmind_verify) {
-		update_status("MaxMind download Failed! Fetching MaxMind archive from pfSense package repo...\n");
-		// Fetch archived MaxMind database
-		$url = 'https://packages.pfsense.org/packages/config/pfblockerng/countrycodes.tar.bz2';
-		$retval = '';
-		exec("/usr/bin/fetch -o /tmp/countrycodes.tar.bz2 {$url}", $output, $retval);
-		if ($retval == 0) {
-			// Uncompress archived GeoIP code file
-			$retval = '';
-			exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f /tmp/countrycodes.tar.bz2", $output, $retval);
-			if ($retval == 0) {
-				$maxmind_verify = TRUE;
-				update_status("Fetch done.\n");
-			} else {
-				update_status("Fetch Failed!\n");
-			}
-		}
-		else {
-			update_status(" Failed!\n");
-		}
-	}
-	else {
-		update_status("Downloading MaxMind GeoIP databases... done.\n");
-	}
-
-	// Proceed with conversion of MaxMind files on download success
-	if ($maxmind_verify) {
-		update_status("Converting MaxMind GeoIP databases for pfBlockerNG.\n This may take a few minutes...\n");
-		pfblockerng_uc_countries();
-		update_status("Creating pfBlockerNG Continent PHP files...\n");
-		pfblockerng_get_countries();
-	}
-	else {
-		update_status("\n\nMaxMind update has Failed! Please fix connectivity and re-install package again!\n\n");
-	}
-}
-else {
-	update_status("\nMaxMind GeoIP databases previously downloaded.\n");
-	update_status("Re-creating pfBlockerNG Continent PHP files... ");
-	pfblockerng_get_countries();
-	update_status("done.\n");
-}
-
+// MaxMind Database is no longer pre-installed during package installation
+update_status("\nMaxMind GeoIP databases are not pre-installed during installation.\nTo utilize the MaxMind GeoIP functionalities, you will require to register for a free MaxMind user account and access key. Review the IP tab: MaxMind Settings for more details.\n\n");
 
 if ($pfb['keep'] == 'on' && isset($pfb['widgets']) && strpos($pfb['widgets'], 'pfblockerng') !== FALSE) {
 	update_status("\nRestoring previous pfBlockerNG Widget settings...");
@@ -504,11 +394,13 @@ if (file_exists('/var/db/pfblockerng/dnsbl_info') &&
 							. " VALUES ( :group0, :group1, :group2, :group3 );\n";
 
 					$stmt = $db_handle->prepare($db_update);
-					$stmt->bindValue(':group0', $group[0], SQLITE3_TEXT);
-					$stmt->bindValue(':group1', $group[1], SQLITE3_TEXT);
-					$stmt->bindValue(':group2', $group[2], SQLITE3_TEXT);
-					$stmt->bindValue(':group3', $group[3], SQLITE3_INTEGER);
-					$stmt->execute();
+					if ($stmt) {
+						$stmt->bindValue(':group0', $group[0], SQLITE3_TEXT);
+						$stmt->bindValue(':group1', $group[1], SQLITE3_TEXT);
+						$stmt->bindValue(':group2', $group[2], SQLITE3_TEXT);
+						$stmt->bindValue(':group3', $group[3], SQLITE3_INTEGER);
+						$stmt->execute();
+					}
 				}
 			}
 		}