Add support to edit FirewallD config files manually

Introduced with: https://github.com/webmin/webmin/commit/f46cc45

acl/acl-lib.pl

@@ -774,14 +774,16 @@ if ($oldpass ne $user->{'pass'} &&
 	my $nolock = $oldpass;
 	$nolock =~ s/^\!//;
 	$user->{'olds'} ||= [];
-	unshift(@{$user->{'olds'}}, $nolock);
-	if ($miniserv->{'pass_oldblock'}) {
-		while(scalar(@{$user->{'olds'}}) >
-		      $miniserv->{'pass_oldblock'}) {
-			pop(@{$user->{'olds'}});
+	if (&indexof($nolock, @{$user->{'olds'}}) < 0) {
+		unshift(@{$user->{'olds'}}, $nolock);
+		if ($miniserv->{'pass_oldblock'}) {
+			while(scalar(@{$user->{'olds'}}) >
+			      $miniserv->{'pass_oldblock'}) {
+				pop(@{$user->{'olds'}});
+				}
 			}
+		$user->{'lastchange'} = time();
 		}
-	$user->{'lastchange'} = time();
 	}
 }
 

backup-config/backup-config-lib.pl

@@ -159,7 +159,9 @@ $rv .= "<table id='show_backup_destination' cellpadding=1 cellspacing=0>";
 # Local file field
 $rv .= "<tr><td>".&ui_oneradio("$_[0]_mode", 0, undef, $mode == 0)."</td>\n";
 $rv .= "<td>$text{'backup_mode0'}&nbsp;</td><td colspan='3'>".
-	&ui_textbox("$_[0]_file", $mode == 0 ? $path : "", 60).
+	&ui_textbox("$_[0]_file", $mode == 0 ? $path : "", 60, undef, undef,
+	    ($_[2] != 1 && $config{'date_subs'}) ?
+	        'placeholder="/backups/configs-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
 	" ".&file_chooser_button("$_[0]_file")."</td> </tr>\n";
 
 # FTP file fields

backup-config/config

@@ -1,3 +1,3 @@
-date_subs=0
+date_subs=1
 webmin_subs=0
 apply=1

backup-config/index.cgi

@@ -48,13 +48,12 @@ if (@backups) {
 	print &ui_columns_end();
 	}
 else {
-	print "<b>$text{'index_none'}</b><p>\n";
+	print "<strong>$text{'index_none'}</strong><br>\n";
 	}
 print &ui_link("edit.cgi?new=1", $text{'index_add'});
-print "<p>\n";
+print "\n";
 if ($using_strftime && !$config{'date_subs'}) {
-	print "<font color=#ff0000><b>$text{'index_nostrftime'}",
-	      "</b></font><p>\n";
+	print &ui_alert_box($text{'index_nostrftime'}, 'warn'),"\n";
 	}
 print &ui_tabs_end_tab();
 

backup-config/lang/en

@@ -16,7 +16,7 @@ index_now2=Restore Now
 index_apply=Apply configurations?
 index_test=Just show what will be restored?
 index_jobs=Scheduled Backups
-index_nostrftime=Warning - some backup jobs use % in their filenames, but strftime substitution is not enabled on the Module Config page.
+index_nostrftime=Some backup jobs use % in their filenames, but strftime substitution is not enabled on the Module Config page.
 index_tabsched=Scheduled backups
 index_tabbackup=Backup now
 index_tabrestore=Restore now

bind8/bind8-lib.pl

@@ -376,9 +376,22 @@ return @rv ? wantarray ? @rv : $rv[0]
 sub find_value
 {
 my @v = &find($_[0], $_[1]);
-if (!@v) { return undef; }
-elsif (wantarray) { return map { $_->{'value'} } @v; }
-else { return $v[0]->{'value'}; }
+if (!@v) {
+	return undef;
+	}
+elsif (wantarray) {
+	return map { &extract_value($_) } @v;
+	}
+else {
+	return &extract_value($v[0]);
+	}
+}
+
+sub extract_value
+{
+my ($dir) = @_;
+return defined($dir->{'value'}) ? $dir->{'value'} :
+       @{$dir->{'values'}} ? $dir->{'values'}->[0] : undef;
 }
 
 # base_directory([&config], [no-cache])
@@ -500,9 +513,8 @@ for(my $i=0; $i<@oldv || $i<@newv; $i++) {
 sub recursive_set_value
 {
 my ($dir) = @_;
-if ($dir->{'values'}) {
-	my @v = @{$dir->{'values'}};
-	$dir->{'value'} = @v ? $v[0] : undef;
+if (!defined($dir->{'value'})) {
+	$dir->{'value'} = &extract_value($dir);
 	}
 if ($dir->{'type'} && $dir->{'type'} == 1 && $dir->{'members'}) {
 	foreach my $m (@{$dir->{'members'}}) {

cron/cron-lib.pl

@@ -1209,63 +1209,6 @@ foreach $w (@wds) {
 $_[0]->{'weekdays'} = join(",", @wds);
 }
 
-=head2 create_wrapper(wrapper-path, module, script)
-
-Creates a wrapper script which calls a script in some module's directory
-with the proper webmin environment variables set. This should always be used
-when setting up a cron job, instead of attempting to run a command in the
-module directory directly.
-
-The parameters are :
-
-=item wrapper-path - Full path to the wrapper to create, like /etc/webmin/yourmodule/foo.pl
-
-=item module - Module containing the real script to call.
-
-=item script - Program within that module for the wrapper to run.
-
-=cut
-sub create_wrapper
-{
-local $perl_path = &get_perl_path();
-&open_tempfile(CMD, ">$_[0]");
-&print_tempfile(CMD, <<EOF
-#!$perl_path
-open(CONF, "<$config_directory/miniserv.conf") || die "Failed to open $config_directory/miniserv.conf : \$!";
-while(<CONF>) {
-        \$root = \$1 if (/^root=(.*)/);
-        }
-close(CONF);
-\$root || die "No root= line found in $config_directory/miniserv.conf";
-\$ENV{'PERLLIB'} = "\$root";
-\$ENV{'WEBMIN_CONFIG'} = "$ENV{'WEBMIN_CONFIG'}";
-\$ENV{'WEBMIN_VAR'} = "$ENV{'WEBMIN_VAR'}";
-delete(\$ENV{'MINISERV_CONFIG'});
-EOF
-	);
-if ($gconfig{'os_type'} eq 'windows') {
-	# On windows, we need to chdir to the drive first, and use system
-	&print_tempfile(CMD, "if (\$root =~ /^([a-z]:)/i) {\n");
-	&print_tempfile(CMD, "       chdir(\"\$1\");\n");
-	&print_tempfile(CMD, "       }\n");
-	&print_tempfile(CMD, "chdir(\"\$root/$_[1]\");\n");
-	&print_tempfile(CMD, "exit(system(\"\$root/$_[1]/$_[2]\", \@ARGV));\n");
-	}
-else {
-	# Can use exec on Unix systems
-	if ($_[1]) {
-		&print_tempfile(CMD, "chdir(\"\$root/$_[1]\");\n");
-		&print_tempfile(CMD, "exec(\"\$root/$_[1]/$_[2]\", \@ARGV) || die \"Failed to run \$root/$_[1]/$_[2] : \$!\";\n");
-		}
-	else {
-		&print_tempfile(CMD, "chdir(\"\$root\");\n");
-		&print_tempfile(CMD, "exec(\"\$root/$_[2]\", \@ARGV) || die \"Failed to run \$root/$_[2] : \$!\";\n");
-		}
-	}
-&close_tempfile(CMD);
-chmod(0755, $_[0]);
-}
-
 =head2 cron_file(&job)
 
 Returns the file that a cron job is in, or will be in when it is created

firewalld/config

@@ -1,2 +1,3 @@
 firewall_cmd=firewall-cmd
 init_name=firewalld
+config_dir=/etc/firewalld

firewalld/config.info

@@ -1,2 +1,3 @@
 firewall_cmd=Full path to firewall-cmd program,0
 init_name=FirewallD init script name,0
+config_dir=FirewallD configuration directory,0

firewalld/edit_manual.cgi

@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+# Show a page for manually editing FirewallD config files
+
+require './firewalld-lib.pl';
+&ui_print_header(undef, $text{'manual_title'}, "");
+&ReadParse();
+my @files = &unique(&get_config_files());
+my $file = $in{'file'} || $files[0];
+&indexof($file, @files) >= 0 || &error($text{'manual_efile'});
+
+# Show the file selector
+print &ui_form_start("edit_manual.cgi");
+print "<b>$text{'manual_editsel'}</b>\n";
+print &ui_select("file", $file, \@files),"\n";
+print &ui_submit($text{'manual_ok'});
+print &ui_form_end();
+
+# Show the file contents
+print &ui_form_start("save_manual.cgi", "form-data");
+print &ui_hidden("file", $file);
+print &ui_table_start(undef, undef, 2);
+$data = &read_file_contents($file);
+print &ui_table_row(undef, ui_textarea("data", $data, 20, 80), 2);
+print &ui_table_end();
+print &ui_form_end([ [ "save", $text{'save'} ] ]);
+
+&ui_print_footer("", $text{'index_return'});
+

firewalld/firewalld-lib.pl

@@ -495,4 +495,21 @@ $out = &backquote_logged(&$get_cmd('permanent')." 2>&1 </dev/null");
 return $? ? $out : undef;
 }
 
+sub get_config_files
+{
+my $conf_dir = $config{'config_dir'} || '/etc/firewalld';
+my @conf_files;
+my @dirpath = ($conf_dir);
+eval "use File::Find;";
+if (!$@) {
+	find(sub {
+		my $file = $File::Find::name;
+		push(@conf_files, $file)
+			if (-f $file && $file =~ /\.(conf|xml)$/);
+		}, @dirpath);
+	}
+push(@conf_files, "$conf_dir/direct.xml");
+return @conf_files;
+}
+
 1;

firewalld/index.cgi

@@ -76,6 +76,7 @@ if ($ok) {
 	                       $text{'index_sadd'}),
 		      &ui_link("edit_forward.cgi?new=1&zone=".&urlize($zone->{'name'}),
 	                       $text{'index_fadd'}),
+		      &ui_link("edit_manual.cgi", $text{'index_manual'}),
 		    );
 	if (@{$zone->{'services'}} || @{$zone->{'ports'}}) {
 		my @tds = ( "width=5" );

firewalld/lang/en

@@ -38,6 +38,14 @@ index_restart_firewalld=Reload FirewallD
 index_restart_firewallddesc=Reload the FirewallD server and apply the rules that were permanently created.
 index_listrules_restartdesc=List details about existing rich and direct FirewallD rules in $1 zone.
 index_dependent=Failed to restart $1 dependent service
+index_manual=Edit Config Files.
+
+manual_title=Edit Config Files
+manual_editsel=Edit FirewallD configuration file
+manual_err=Failed to save config file
+manual_efile=Selected configuration file is not valid
+manual_ok=Edit
+
 
 port_edit=Edit Port
 port_create=Add Port

firewalld/save_manual.cgi

@@ -0,0 +1,19 @@
+#!/usr/local/bin/perl
+# Update the manually edited FirewallD config file
+
+require './firewalld-lib.pl';
+&ReadParseMime();
+&error_setup($text{'manual_err'});
+my @files = &unique(&get_config_files());
+my $file = $in{'file'};
+&indexof($file, @files) >= 0 || &error($text{'manual_efile'});
+
+$in{'data'} =~ s/\r//g;
+
+&open_lock_tempfile(my $data, ">$file");
+&print_tempfile($data, $in{'data'});
+&close_tempfile($data);
+
+&webmin_log("manual", undef, $file);
+&redirect("");
+

fsdump/config

@@ -1,4 +1,4 @@
-date_subs=0
+date_subs=1
 webmin_subs=0
 run_mode=1
 always_tar=0

fsdump/freebsd-lib.pl

@@ -26,7 +26,9 @@ sub dump_form
 print &ui_table_row(&hlink($text{'dump_dest'}, "dest"),
    &ui_radio("mode", $_[0]->{'host'} ? 1 : 0,
 	[ [ 0, $text{'dump_file'}." ".
-	       &ui_textbox("file", $_[0]->{'file'}, 50).
+	       &ui_textbox("file", $_[0]->{'file'}, 50, undef, undef,
+	    $config{'date_subs'} ?
+	        'placeholder="/backups/filename-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
 	       " ".&file_chooser_button("file")."<br>" ],
 	  [ 1, &text('dump_host',
 		     &ui_textbox("host", $_[0]->{'host'}, 20),

fsdump/index.cgi

@@ -70,8 +70,7 @@ else {
 	print "<b>$text{'index_none2'}</b><p>\n";
 	}
 if ($using_strftime && !$config{'date_subs'}) {
-	print "<font color=#ff0000><b>$text{'index_nostrftime'}",
-	      "</b></font><p>\n";
+	print &ui_alert_box($text{'index_nostrftime'}, 'warn');
 	}
 
 # Form to add

fsdump/irix-lib.pl

@@ -23,7 +23,9 @@ sub dump_form
 print &ui_table_row(&hlink($text{'dump_dest'}, "dest"),
    &ui_radio("mode", $_[0]->{'host'} ? 1 : 0,
 	[ [ 0, $text{'dump_file'}." ".
-	       &ui_textbox("file", $_[0]->{'file'}, 50).
+	       &ui_textbox("file", $_[0]->{'file'}, 50, undef, undef,
+	    $config{'date_subs'} ?
+	        'placeholder="/backups/filename-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
 	       " ".&file_chooser_button("file")."<br>" ],
 	  [ 1, &text('dump_host',
 		     &ui_textbox("host", $_[0]->{'host'}, 15),

fsdump/lang/en

@@ -22,7 +22,7 @@ index_now=Backup..
 index_follow=After $1
 index_forcetar=In TAR format
 index_delete=Delete Selected Backups
-index_nostrftime=Warning - some backup jobs use % in their filenames, but strftime substitution is not enabled on the Module Config page.
+index_nostrftime=Some backup jobs use % in their filenames, but strftime substitution is not enabled on the Module Config page.
 
 dump_dir=Directory to backup
 dump_dirs=Directories to backup

fsdump/linux-lib.pl

@@ -37,7 +37,9 @@ sub dump_form
 print &ui_table_row(&hlink($text{'dump_dest'}, "dest"),
    &ui_radio("mode", $_[0]->{'host'} ? 1 : 0,
 	[ [ 0, $text{'dump_file'}." ".
-	       &ui_textbox("file", $_[0]->{'file'}, 50).
+	       &ui_textbox("file", $_[0]->{'file'}, 50, undef, undef,
+	    $config{'date_subs'} ?
+	        'placeholder="/backups/filename-%y-%m-%d-%H-%M-%S.tar.gz"' : undef).
 	       " ".&file_chooser_button("file")."<br>" ],
 	  [ 1, &text('dump_host',
 		     &ui_textbox("host", $_[0]->{'host'}, 20),

gray-theme/left.cgi

@@ -68,7 +68,7 @@ if (indexof($mode, (map { $_->{'id'} } @has)) < 0) {
 if (@has > 1) {
 	print "<div class='mode'>";
 	foreach my $m (@has) {
-		print "<b>";
+		print "<b data-mode='$m->{'id'}'>";
 		if ($m->{'id'} ne $mode) {
 			print "<a href='left.cgi?mode=$m->{'id'}'>";
 			}

gray-theme/theme.pl

@@ -332,7 +332,7 @@ return $rv;
 # label and 1+ column value.
 sub theme_ui_table_row
 {
-my ($label, $value, $cols, $tds) = @_;
+my ($label, $value, $cols, $tds, $trs) = @_;
 $cols ||= 1;
 $tds ||= $main::ui_table_default_tds;
 my $rv;
@@ -352,7 +352,9 @@ if (defined($label) &&
 	my $id = $1;
 	$label = "<label for=\"".&quote_escape($id)."\">$label</label>";
 	}
-$rv .= "<tr class='ui_form_pair'>\n" if ($main::ui_table_pos%$main::ui_table_cols == 0);
+my $trtags_attrs = ref($trs) eq 'ARRAY' && $trs->[0] ? " $trs->[0]" : "";
+my $trtags_class = ref($trs) eq 'ARRAY' && $trs->[1] ? " $trs->[1]" : "";
+$rv .= "<tr class='ui_form_pair$trtags_class'$trtags_attrs>\n" if ($main::ui_table_pos%$main::ui_table_cols == 0);
 $rv .= "<td class='ui_form_label' $tds->[0]><b>$label</b></td>\n" if (defined($label));
 $rv .= "<td class='ui_form_value' colspan=$cols $tds->[1]>$value</td>\n";
 $main::ui_table_pos += $cols+(defined($label) ? 1 : 0);

gray-theme/unauthenticated/gray-theme.css

@@ -478,10 +478,39 @@ details.ui_hidden_table_start > summary::-webkit-details-marker {
   filter: brightness(1.35) contrast(0.75) saturate(1.35);
 }
 
+@keyframes fadeIn {
+    from { opacity: 0; }
+    to { opacity: 1; }
+}
 body > .mode  {
+  opacity: 0;
   font-size: 110%;
   margin-bottom: 4px;
   filter: saturate(1.5);
+  animation: fadeIn 0.22s;
+  animation-delay: 0.11s;
+  animation-fill-mode: forwards;
+}
+body > .mode + .wrapper.leftmenu {
+  opacity: 0;
+  animation: fadeIn 0.22s;
+  animation-delay: 0.11s;
+  animation-fill-mode: forwards; 
+}
+body > .mode img {
+  visibility: hidden;
+}
+body > .mode img[src*="vm2.png"] {
+  width: 18.59px;
+  height: 0;
+}
+body > .mode img[src*="virtualmin.png"] {
+  width: 17.16px;
+  height: 0;
+}
+body > .mode img[src*="webmin-small.png"] {
+  width: 16.52px;
+  height: 0;
 }
 body > .mode .ff {
   font-size: 120%;
@@ -511,18 +540,18 @@ body > .mode > b > a {
 }
 
 /* Light blue for Webmin */
-body > .mode > b > a:has(i.ff-webmin),
-body > .mode > b > a:has(i.ff-webmin) > .ff-webmin {
+body > .mode > b[data-mode="mailbox"] > a,
+body > .mode > b[data-mode="mailbox"] > a > .ff-webmin {
   color: #0a6bca;
 }
 /* Green for Usermin */
-body > .mode > b > a:has(i.ff-usermin),
-body > .mode > b > a:has(i.ff-usermin) > .ff-usermin {
+body > .mode > b[data-mode="mailbox"] > a,
+body > .mode > b[data-mode="mailbox"] > a > .ff-usermin {
   color: #19950d;
 }
 /* Orange for Cloudmin  */
-body > .mode > b > a:has(i.ff-cloudmin),
-body > .mode > b > a:has(i.ff-cloudmin) > .ff-cloudmin {
+body > .mode > b[data-mode="server-manager"] > a,
+body > .mode > b[data-mode="server-manager"] > a > .ff-cloudmin {
   color: #cb6d2f;
 }
 

htpasswd-file/htpasswd-file-lib.pl

@@ -161,7 +161,7 @@ else {
 		# Use built-in encryption code and use system default
 		my $salt = $old;
 		&foreign_require('useradmin');
-		return &useradmin::encrypt_password($str, $salt, 1);
+		return &useradmin::encrypt_password($str, $salt, 0, 1);
 		}
 	}
 }

ldap-client/edit_server.cgi

@@ -78,13 +78,15 @@ print &ui_table_row($text{'server_rootbindpw'},
 # SSL options
 print &ui_table_hr();
 
-$ssl = &find_svalue("ssl", $conf);
-$ssl = "" if ($ssl eq "no");
-print &ui_table_row($text{'server_ssl'},
-	&ui_radio("ssl", &find_svalue("ssl", $conf),
-		  [ [ "yes", $text{'yes'} ],
-		    [ "start_tls", $text{'server_tls'} ],
-		    [ "", $text{'no'} ] ]));
+if (!$uri) {
+	$ssl = &find_svalue("ssl", $conf);
+	$ssl = "" if ($ssl eq "no");
+	print &ui_table_row($text{'server_ssl'},
+		&ui_radio("ssl", &find_svalue("ssl", $conf),
+			  [ [ "yes", $text{'yes'} ],
+			    [ "start_tls", $text{'server_tls'} ],
+			    [ "", $text{'no'} ] ]));
+	}
 
 print &ui_table_row($text{'server_peer'},
 	&ui_radio("peer", &find_svalue("tls_checkpeer", $conf),

ldap-client/save_server.cgi

@@ -112,7 +112,9 @@ else {
 	}
 
 # SSL mode
-&save_directive($conf, "ssl", $in{'ssl'} || undef);
+if (defined($in{'ssl'})) {
+	&save_directive($conf, "ssl", $in{'ssl'} || undef);
+	}
 
 # Check server SSL cert
 &save_directive($conf, "tls_checkpeer", $in{'peer'} || undef);

ldap-server/config.info

@@ -1,9 +1,11 @@
-line1=LDAP server options,11
+line1=Options for Webmin connection to LDAP server,11
 server=LDAP server hostname,3,This system,Remote system
 port=LDAP server port,3,Detect automatically
 user=Login for LDAP server,3,Detect automatically
 pass=Password for LDAP server,3,Detect automatically
 ssl=Use encryption with LDAP server?,1,-Detect automatically,1-Yes,2-Yes TLS,0-No
+
+line4=LDAP server options,11
 slapd=Full path to OpenLDAP server program,8
 config_file=OpenLDAP server configuration file or directory,8
 schema_dir=OpenLDAP schema directory,7

ldap-server/edit_ldif.cgi

@@ -33,6 +33,10 @@ elsif ($rootpw =~ /^{sha1}(.*)/i) {
 	$rootmode = 2;
 	$rootsha1 = $1;
 	}
+elsif ($rootpw =~ /^{ssha}(.*)/i) {
+	$rootmode = 4;
+	$rootssha = $1;
+	}
 elsif ($rootpw =~ /^{[a-z0-9]+}(.*)/i) {
 	$rootmode = 3;
 	$rootenc = $rootpw;
@@ -47,6 +51,7 @@ print &ui_table_row($text{'slapd_rootpw'},
 		    $rootmode == 1 ? &text('slapd_root1', $rootcrypt) :
 		    $rootmode == 2 ? &text('slapd_root2', $rootsha1) :
 		    $rootmode == 3 ? &text('slapd_root3', $rootenc) :
+		    $rootmode == 4 ? &text('slapd_root4', $rootssha) :
 		    $rootplain eq '' ? $text{'slapd_noroot'} :
 				     $rootplain);
 

ldap-server/edit_slapd.cgi

@@ -32,6 +32,10 @@ elsif ($rootpw =~ /^{sha1}(.*)/i) {
 	$rootmode = 2;
 	$rootsha1 = $1;
 	}
+elsif ($rootpw =~ /^{ssha}(.*)/i) {
+	$rootmode = 4;
+	$rootssha = $1;
+	}
 elsif ($rootpw =~ /^{[a-z0-9]+}(.*)/i) {
 	$rootmode = 3;
 	$rootenc = $rootpw;
@@ -46,6 +50,7 @@ print &ui_table_row($text{'slapd_rootpw'},
 		    $rootmode == 1 ? &text('slapd_root1', $rootcrypt) :
 		    $rootmode == 2 ? &text('slapd_root2', $rootsha1) :
 		    $rootmode == 3 ? &text('slapd_root3', $rootenc) :
+		    $rootmode == 4 ? &text('slapd_root4', $rootssha) :
 		    $rootplain eq '' ? $text{'slapd_noroot'} :
 				     $rootplain);
 

ldap-server/lang/en

@@ -39,6 +39,7 @@ slapd_rootpw=Administration password
 slapd_root1=Unix encrypted <tt>$1</tt>
 slapd_root2=SHA1 encrypted <tt>$1</tt>
 slapd_root3=Encrypted <tt>$1</tt>
+slapd_root4=SSHA encrypted <tt>$1</tt>
 slapd_noroot=<i>No password set</i>
 slapd_rootchange=New administration password
 slapd_leave=Don't change

ldap-server/ldap-server-lib.pl

@@ -942,5 +942,24 @@ foreach my $f (@ldap_lock_files) {
 @ldap_lock_files = ( );
 }
 
+# hash_ldap_password(pass)
+# Returns a password hashed in a format the LDAP server can accept in the config
+# file, with the appropriate prefix
+sub hash_ldap_password
+{
+my ($pass) = @_;
+my $rv;
+if (&has_command("slappasswd")) {
+	$rv = &backquote_command("slappasswd -s ".quotemeta($pass)." 2>/dev/null </dev/null");
+	$rv =~ s/\s+//g;
+	}
+if (!$rv) {
+	&seed_random();
+	my $salt = chr(int(rand(26))+65).chr(int(rand(26))+65);
+	$rv = "{crypt}".&unix_crypt($pass, $salt);
+	}
+return $rv;
+}
+
 1;
 

ldap-server/save_ldif.cgi

@@ -24,8 +24,8 @@ $in{'rootdn'} =~ /=/ || &error($text{'slapd_erootdn'});
 # Admin password
 if (!$in{'rootchange_def'}) {
 	$in{'rootchange'} =~ /\S/ || &error($text{'slapd_erootpw'});
-	$crypt = &unix_crypt($in{'rootchange'}, substr(time(), -2));
-	&save_ldif_directive($conf, 'olcRootPW', $defdb, "{crypt}".$crypt);
+	&save_ldif_directive($conf, 'olcRootPW', $defdb,
+			     &hash_ldap_password($in{'rootchange'}));
 	$config{'pass'} = $in{'rootchange'};
 	$save_config = 1;
 	}

ldap-server/save_slapd.cgi

@@ -23,8 +23,8 @@ $in{'rootdn'} =~ /=/ || &error($text{'slapd_erootdn'});
 # Admin password
 if (!$in{'rootchange_def'}) {
 	$in{'rootchange'} =~ /\S/ || &error($text{'slapd_erootpw'});
-	$crypt = &unix_crypt($in{'rootchange'}, substr(time(), -2));
-	&save_directive($conf, 'rootpw', "{crypt}".$crypt);
+	&save_directive($conf, 'rootpw',
+			&hash_ldap_password($in{'rootchange'}));
 	$config{'pass'} = $in{'rootchange'};
 	$save_config = 1;
 	}

miniserv.pl

@@ -1205,9 +1205,10 @@ while(1) {
 					# This must be the password .. try it
 					# and send back the results
 					local ($vu, $expired, $nonexist) =
-						&validate_user($conv->{'user'},
-							       $answer,
-							       $conf->{'host'});
+						&validate_user_caseless(
+							$conv->{'user'},
+							$answer,
+							$conf->{'host'});
 					local $ok = $vu ? 1 : 0;
 					print $outfd "2 $conv->{'user'} $ok $expired $notexist\n";
 					&end_pam_conversation($conv);
@@ -1717,8 +1718,8 @@ if (!$validated && !$deny_authentication && !$config{'session'} &&
 	($authuser, $authpass) = split(/:/, &b64decode($1), 2);
 	print DEBUG "handle_request: doing basic auth check authuser=$authuser authpass=$authpass\n";
 	local ($vu, $expired, $nonexist, $wvu) =
-		&validate_user($authuser, $authpass, $host,
-			       $acptip, $port);
+		&validate_user_caseless($authuser, $authpass, $host,
+				        $acptip, $port);
 	print DEBUG "handle_request: vu=$vu expired=$expired nonexist=$nonexist\n";
 	if ($vu && (!$expired || $config{'passwd_mode'} == 1)) {
 		$authuser = $vu;
@@ -1813,8 +1814,8 @@ if ($config{'session'} && !$deny_authentication &&
 			}
 
 		local ($vu, $expired, $nonexist, $wvu) =
-			&validate_user($in{'user'}, $in{'pass'}, $host,
-				       $acptip, $port);
+			&validate_user_caseless($in{'user'}, $in{'pass'}, $host,
+					        $acptip, $port);
 		if ($vu && $wvu) {
 			my $uinfo = &get_user_details($wvu, $vu);
 			if ($uinfo && $uinfo->{'twofactor_provider'}) {
@@ -3579,6 +3580,20 @@ sub urlize {
   return $tmp2;
 }
 
+# validate_user_caseless(username, password, host, remote-ip, webmin-port)
+# Calls validate_user, but also checks the lower case name if the given login
+# is mixed case
+sub validate_user_caseless
+{
+my @args = @_;
+my @rv = &validate_user(@args);
+if (!$rv[0] && $args[0] ne lc($args[0])) {
+	$args[0] = lc($args[0]);
+	@rv = &validate_user(@args);
+	}
+return @rv;
+}
+
 # validate_user(username, password, host, remote-ip, webmin-port)
 # Checks if some username and password are valid. Returns the modified username,
 # the expired / temp pass flag, the non-existence flag, and the underlying
@@ -3680,13 +3695,16 @@ if ($use_pam) {
 	local $pamh = new Authen::PAM($config{'pam'}, $pam_username,
 				      \&pam_conv_func);
 	if (ref($pamh)) {
+		print DEBUG "validate_unix_user: using PAM\n";
 		$pamh->pam_set_item(PAM_RHOST(), $_[2]) if ($_[2]);
 		$pamh->pam_set_item(PAM_TTY(), $_[3]) if ($_[3]);
 		local $rcode = 0;
 		local $pam_ret = $pamh->pam_authenticate();
+		print DEBUG "validate_unix_user: pam_ret=$pam_ret\n";
 		if ($pam_ret == PAM_SUCCESS()) {
 			# Logged in OK .. make sure password hasn't expired
 			local $acct_ret = $pamh->pam_acct_mgmt();
+			print DEBUG "validate_unix_user: acct_ret=$acct_ret\n";
 			$pam_ret = $acct_ret;
 			if ($acct_ret == PAM_SUCCESS()) {
 				$pamh->pam_open_session();
@@ -3714,6 +3732,7 @@ elsif ($config{'pam_only'}) {
 elsif ($config{'passwd_file'}) {
 	# Check in a password file
 	local $rv = 0;
+	print DEBUG "validate_unix_user: reading $config{'passwd_file'}\n";
 	open(FILE, $config{'passwd_file'});
 	if ($config{'passwd_file'} eq '/etc/security/passwd') {
 		# Assume in AIX format
@@ -3742,8 +3761,9 @@ elsif ($config{'passwd_file'}) {
 					local $c = $l[$config{'passwd_cindex'}];
 					local $m = $l[$config{'passwd_mindex'}];
 					local $day = time()/(24*60*60);
-					if ($c =~ /^\d+/ && $m =~ /^\d+/ &&
-					    $day - $c > $m) {
+					print DEBUG "validate_unix_user: c=$c m=$m day=$day\n";
+					$m ||= 0;
+					if ($c =~ /^\d+/ && $m =~ /^\d+/ && $day - $c > $m) {
 						# Yep, it has ..
 						$rv = 2;
 						}

mysql/mysql-lib.pl

@@ -742,7 +742,7 @@ if (&compare_version_numbers($mysql_version, "4.1") >= 0 && !$config{'nopwd'}) {
 		local @cf = &parse_mysql_config($cf);
 		local $client = &find("client", \@cf);
 		next if (!$client);
-		local $password = &find("password", $client->{'members'});
+		local $password = &find_value("password", $client->{'members'});
 		return 0 if ($password ne '' && $password ne $realpass);
 		}
 	return 1;
@@ -1217,8 +1217,8 @@ local $file = @old ? $old[0]->{'file'} :
 local $lref = &read_file_lines($file);
 
 for(my $i=0; $i<@old || $i<@$values; $i++) {
-	local $old = $old[$i];
-	local $line = $values->[$i] eq "" ? $name :
+	local $old = $i < @old ? $old[$i] : undef;
+	local $line = $i < @$values || $values->[$i] eq "" ? $name :
 			"$name = $values->[$i]";
 	if ($old && defined($values->[$i])) {
 		# Updating

net/debian-linux-lib.pl

@@ -535,7 +535,8 @@ if ($gconfig{'os_version'} >= 3 || scalar(@autos)) {
 # Can some boot-time interface parameter be edited?
 sub can_edit
 {
-return $_[0];
+my ($what) = @_;
+return 1;
 }
 
 sub can_broadcast_def

net/edit_bifc.cgi

@@ -303,12 +303,21 @@ if ($in{'bridge'} || $b && $b->{'bridge'}) {
 			   [ [ "", $text{'bifc_nobridge'} ],
 			     @ethboot ],
 			   1, 0, $in{'new'} ? 0 : 1));
-	print &ui_table_row($text{'bifc_bridgestp'},
-		&ui_radio("bridgestp", $b->{'bridgestp'} ? $b->{'bridgestp'} : "off", [["off", "Off"], ["on", "On"]]));
-	print &ui_table_row($text{'bifc_bridgefd'},
-		&ui_textbox("bridgefd", $b->{'bridgefd'} ? $b->{'bridgefd'} : "0", 3)." seconds");
-	print &ui_table_row($text{'bifc_bridgewait'},
-		&ui_textbox("bridgewait", $b->{'bridgewait'} ? $b->{'bridgewait'} : "0", 3)." seconds");
+	if (&can_edit("bridgestp")) {
+		print &ui_table_row($text{'bifc_bridgestp'},
+			&ui_radio("bridgestp", $b->{'bridgestp'} || "off",
+				  [["off", "Off"], ["on", "On"]]));
+		}
+	if (&can_edit("bridgefd")) {
+		print &ui_table_row($text{'bifc_bridgefd'},
+			&ui_textbox("bridgefd", $b->{'bridgefd'} || "0", 3).
+			" seconds");
+		}
+	if (&can_edit("bridgewait")) {
+		print &ui_table_row($text{'bifc_bridgewait'},
+			&ui_textbox("bridgewait", $b->{'bridgewait'} || "0", 3).
+			" seconds");
+		}
 	}
 
 print &ui_table_end();

net/lang/en

@@ -118,8 +118,8 @@ bifc_nobridge=<None>
 bifc_ebridgeto=An existing Ethernet interface must be selected for this bridge to use
 bifc_ebridgeto2=The selected interface for the bridge must not have any address assigned
 bifc_ebridge=Bridge interface must be a number
-bifc_bridgestp=Spanning Tree Protocol
-bifc_bridgefd=Forward Delay
+bifc_bridgestp=Spanning tree protocol
+bifc_bridgefd=Forward delay
 bifc_bridgewait=Delay to become available
 bifc_ebond=Bond interface must be a number
 

net/netplan-lib.pl

@@ -15,10 +15,11 @@ foreach my $f (glob("$netplan_dir/*.yaml")) {
 	next if (!$yaml || !@$yaml);
 	my ($network) = grep { $_->{'name'} eq 'network' } @$yaml;
 	next if (!$network);
-	my ($ens) = grep { $_->{'name'} eq 'ethernets' }
+	my @ens = grep { $_->{'name'} eq 'ethernets' ||
+			 $_->{'name'} eq 'bridges' }
 			 @{$network->{'members'}};
-	next if (!$ens);
-	foreach my $e (@{$ens->{'members'}}) {
+	next if (!@ens);
+	foreach my $e (map { @{$_->{'members'}} } @ens) {
 		my $cfg = { 'name' => $e->{'name'},
 			    'fullname' => $e->{'name'},
 			    'file' => $f,
@@ -123,6 +124,27 @@ foreach my $f (glob("$netplan_dir/*.yaml")) {
 			$cfg->{'routes'} = $routes;
 			}
 
+		# Bridges
+		my ($interfaces) = grep { $_->{'name'} eq 'interfaces' }
+                                        @{$e->{'members'}};
+		if ($interfaces) {
+			$cfg->{'bridgeto'} = $interfaces->{'value'};
+			$cfg->{'bridge'} = 1;
+			}
+		my ($p) = grep { $_->{'name'} eq 'parameters' }
+                               @{$e->{'members'}};
+		if ($p) {
+			my ($stp) = grep { $_->{'name'} eq 'stp' }
+					 @{$p->{'members'}};
+			$cfg->{'bridgestp'} = $stp && $stp->{'value'} eq 'false' ? 'off' : 'on';
+			my ($fwd) = grep { $_->{'name'} eq 'forward-delay' }
+					 @{$p->{'members'}};
+			$cfg->{'bridgefd'} = $fwd->{'value'} if ($fwd);
+			}
+		else {
+			$cfg->{'bridgestp'} = 'on';
+			}
+
 		# Add IPv4 alias interfaces
 		my $i = 0;
 		foreach my $aa (@addrs) {
@@ -220,6 +242,16 @@ else {
 	if ($iface->{'routes'}) {
 		push(@lines, &yaml_lines($iface->{'routes'}, $id."    "));
 		}
+	if ($iface->{'bridgeto'}) {
+		push(@lines, $id."    "."interfaces: [".$iface->{'bridgeto'}."]");
+		push(@lines, $id."    "."parameters:");
+		push(@lines, $id."        "."stp: ".
+			($iface->{'bridgestp'} eq 'on' ? 'true' : 'false'));
+		if ($iface->{'bridgefd'}) {
+			push(@lines, $id."        "."forward-delay: ".
+				     $iface->{'bridgefd'});
+			}
+		}
 
 	# Add all extra YAML directives from the original config
 	my @poss = ("optional", "dhcp4", "dhcp6", "addresses", "gateway4",
@@ -249,9 +281,10 @@ else {
 		my $lref = &read_file_lines($iface->{'file'});
 		my $nline = -1;
 		my $eline = -1;
+		my $sect = $iface->{'bridge'} ? 'bridges' : 'ethernets';
 		for(my $i=0; $i<@$lref; $i++) {
 			$nline = $i if ($lref->[$i] =~ /^\s*network:/);
-			$eline = $i if ($lref->[$i] =~ /^\s*ethernets:/);
+			$eline = $i if ($lref->[$i] =~ /^\s*\Q$sect\E:/);
 			}
 		if ($nline < 0) {
 			$nline = scalar(@$lref);
@@ -259,7 +292,7 @@ else {
 			}
 		if ($eline < 0) {
 			$eline = $nline + 1;
-			splice(@$lref, $nline+1, 0, "    ethernets:");
+			splice(@$lref, $nline+1, 0, "    ".$sect.":");
 			}
 		splice(@$lref, $eline+1, 0, @lines);
 		&flush_file_lines($iface->{'file'});
@@ -306,7 +339,8 @@ return 1 if (!$yaml);
 my @rest = grep { $_->{'name'} ne 'network' } @$yaml;
 return 0 if (@rest);
 foreach my $n (@$yaml) {
-	my @rest = grep { $_->{'name'} ne 'ethernets' }
+	my @rest = grep { $_->{'name'} ne 'ethernets' &&
+			  $_->{'name'} ne 'bridges' }
 			@{$network->{'members'}};
 	return 0 if (@rest);
 	foreach my $ens (@{$network->{'members'}}) {
@@ -349,7 +383,7 @@ return 1;
 # Bridge interfaces can be created on debian
 sub supports_bridges
 {
-return 0;	# XXX fix later
+return 1;
 }
 
 # can_edit(what)
@@ -357,7 +391,8 @@ return 0;	# XXX fix later
 sub can_edit
 {
 my ($f) = @_;
-return $f ne "mtu";
+return $f eq "mtu" ? 0 :
+       $f eq "bridgewait" ? 0 : 1;
 }
 
 sub can_broadcast_def

net/redhat-linux-lib.pl

@@ -438,12 +438,9 @@ else {
 # Can some boot-time interface parameter be edited?
 sub can_edit
 {
-if ($supports_mtu) {
-	return 1;
-	}
-else {
-	return $_[0] ne "mtu";
-	}
+my ($f) = @_;
+return $f eq "mtu" ? $supports_mtu :
+       $f eq "bridgestp" || $f eq "bridgefd" || $f eq "bridgewait" ? 0 : 1;
 }
 
 sub can_broadcast_def

net/save_bifc.cgi

@@ -316,9 +316,15 @@ else {
 		($bt->{'address'} || $bt->{'dhcp'} || $bt->{'bootp'}) &&
 			&error($text{'bifc_ebridgeto2'});
 		$b->{'bridgeto'} = $in{'bridgeto'};
-		$b->{'bridgestp'} = $in{'bridgestp'};
-		$b->{'bridgefd'} = $in{'bridgefd'};
-		$b->{'bridgewait'} = $in{'bridgewait'};
+		if (&can_edit("bridgestp")) {
+			$b->{'bridgestp'} = $in{'bridgestp'};
+			}
+		if (&can_edit("bridgefd")) {
+			$b->{'bridgefd'} = $in{'bridgefd'};
+			}
+		if (&can_edit("bridgewait")) {
+			$b->{'bridgewait'} = $in{'bridgewait'};
+			}
 		}
 	else {
 		delete($b->{'bridgeto'});

postfix/header.cgi

@@ -20,21 +20,30 @@ print &ui_table_start($text{'header_title'}, "width=100%", 2);
 
 &option_mapfield("header_checks", 60);
 
+&option_mapfield("mime_header_checks", 60);
+
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);
 
 # Header map contents
 print &ui_hr();
-if (&get_current_value("header_checks") eq "")
-{
-    print $text{'no_map'},"<p>\n";
-}
-else
-{
+if (&get_real_value("header_checks") eq "") {
+    print $text{'opts_header_checks_no_map'},"<p>\n";
+} else {
     &generate_map_edit("header_checks", $text{'map_click'}." ".
 		       &hlink($text{'help_map_format'}, "header"), 1,
 		       $text{'header_name'}, $text{'header_value'});
 }
 
+# MIME header map contents
+print &ui_hr();
+if (&get_real_value("mime_header_checks") eq "") {
+    print $text{'opts_mime_header_checks_no_map'},"<p>\n";
+} else {
+    &generate_map_edit("mime_header_checks", $text{'map_click'}." ".
+		       &hlink($text{'help_map_format'}, "header"), 1,
+		       $text{'header_name'}, $text{'header_value'});
+}
+
 &ui_print_footer("", $text{'index_return'});
 

postfix/lang/en

@@ -295,6 +295,7 @@ opts_relay_domains_reject_code=SMTP server response on forbidden relaying
 opts_unknown_address_reject_code=SMTP server response on unknown domain reject
 opts_unknown_client_reject_code=SMTP server response on unknown client reject
 opts_unknown_hostname_reject_code=SMTP server response on unknown hostname reject
+opts_smtpd_discard_ehlo_keywords=SMTP EHLO keywords to not send
 smtpd_nomap=No map for allowed addresses for relaying has been entered yet.
 smtpd_nomap2=No map for restrictions on sender addresses has been entered yet.
 smtpd_map=Allowed addresses for relaying
@@ -638,7 +639,10 @@ searchq_none=No queued messages found.
 header_title=Header Checks
 header_ecannot=You are not allowed to edit header checks
 header_eregexp=The header checks map must be in the format <tt>regexp:</tt><i>filename</i>
-opts_header_checks=MIME header checking tables
+opts_header_checks=Header checking tables
+opts_mime_header_checks=MIME header checking tables
+opts_header_checks_no_map=(No header checking map is currently defined. Define a map first, then you can edit it)
+opts_mime_header_checks_no_map=(No MIME header checking map is currently defined. Define a map first, then you can edit it)
 header_name=Regular expression
 header_value=Action for matches
 header_discard=Discard (with log message..)

postfix/postfix-lib.pl

@@ -100,8 +100,10 @@ sub is_existing_parameter
 ## modified to allow main_parameter:subparameter 
 sub get_current_value
 {
+my ($n, $nodef) = @_;
+
 # First try to get the value from main.cf directly
-my ($name,$key)=split /:/,$_[0];
+my ($name, $key) = split(/:/, $n);
 my $lref = &read_file_lines($config{'postfix_config_file'});
 my $out;
 my ($begin_flag, $end_flag);
@@ -127,14 +129,14 @@ foreach my $l (@$lref) {
 		last;
 		}
 	}
-if (!defined($out) && !$_[1]) {
+if (!defined($out) && !$nodef) {
 	# Fall back to asking Postfix
 	# -h tells postconf not to output the name of the parameter
 	my $err;
 	&execute_command("$config{'postfix_config_command'} -c $config_dir -h ".
 			 quotemeta($name), undef, \$out, \$err, 0, 1);
 	if ($?) {
-		&error(&text('query_get_efailed', $name, $out));
+		&error(&text('query_get_efailed', $name, $out || $err));
 		}
 	elsif ($out =~ /warning:.*unknown\s+parameter/ ||
 	       $err =~ /warning:.*unknown\s+parameter/) {
@@ -694,6 +696,12 @@ sub regenerate_header_table
     &regenerate_any_table("header_checks");
 }
 
+# regenerate_mime_header_table()
+sub regenerate_mime_header_table
+{
+    &regenerate_any_table("mime_header_checks");
+}
+
 # regenerate_body_table()
 sub regenerate_body_table
 {
@@ -1617,6 +1625,24 @@ if ($_[1]->{'value'}) {
 return $rv;
 }
 
+# Functions for editing the mime_header_checks map nicely
+sub edit_name_mime_header_checks
+{
+return &edit_name_header_checks(@_);
+}
+sub parse_name_mime_header_checks
+{
+return &parse_name_header_checks(@_);
+}
+sub edit_value_mime_header_checks
+{
+return &edit_value_header_checks(@_);
+}
+sub parse_value_mime_header_checks
+{
+return &parse_value_header_checks(@_);
+}
+
 # Functions for editing the body_checks map (same as header_checks)
 sub edit_name_body_checks
 {

postfix/save_opts_header.cgi

@@ -19,15 +19,20 @@ $access{'header'} || &error($text{'header_ecannot'});
 
 &lock_postfix_files();
 &before_save();
-$in{'header_checks'} =~ /^(regexp|pcre):\/\S+$/ ||
+$in{'header_checks_def'} ||
+    $in{'header_checks'} =~ /^(regexp|pcre):\/\S+$/ ||
+	&error($text{'header_eregexp'});
+$in{'mime_header_checks_def'} ||
+    $in{'mime_header_checks'} =~ /^(regexp|pcre):\/\S+$/ ||
 	&error($text{'header_eregexp'});
 &save_options(\%in);
 &ensure_map("header_checks");
+&ensure_map("mime_header_checks");
 &after_save();
 &unlock_postfix_files();
 
-
 &regenerate_header_table();
+&regenerate_mime_header_table();
 
 $err = &reload_postfix();
 &error($err) if ($err);

postfix/smtpd.cgi

@@ -61,6 +61,8 @@ print &ui_table_start($text{'smtpd_title'}, "width=100%", 4);
 &option_freefield("unknown_client_reject_code", 15, $default);
 &option_freefield("unknown_hostname_reject_code", 15, $default);
 
+&option_radios_freefield("smtpd_discard_ehlo_keywords", 65, $default);
+
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);
 

samba/samba-lib.pl

@@ -646,7 +646,7 @@ if ($has_pdbedit) {
 	local $out = &backquote_logged(
 		"cd / && $config{'pdbedit'} -a -s $config{'smb_conf'} -t -u ".
 		quotemeta($user->{'name'}).
-		($config{'sync_gid'} ? " -G $config{'sync_gid'}" : "").
+		($config{'sync_gid'} ? " -g $config{'sync_gid'}" : "").
 		" -c '[".join("", @opts)."]' $ws <$temp 2>&1");
 	$? && &error("$config{'pdbedit'} failed : <pre>$out</pre>");
 	}

sshd/edit_users.cgi

@@ -56,22 +56,20 @@ else {
 
 # Allow logins by root
 $root = &find_value("PermitRootLogin", $conf);
-if (!$root) {
-	# Default ways seems to be 'yes'
-	$root = "yes";
-	}
-@opts = ( [ 'yes', $text{'yes'} ],
+$rldef = $version{'number'} >= 7 ? $text{'users_nopwd'} : $text{'yes'};
+@opts = ( [ '', $text{'default'}.' ('.$rldef.')' ],
+          [ 'yes', $text{'yes'} ],
 	  [ 'no', $text{'no'} ] );
 if ($version{'type'} eq 'ssh') {
 	push(@opts, [ 'nopwd', $text{'users_nopwd'} ]);
 	}
 else {
-	push(@opts, [ 'without-password', $text{'users_nopwd'} ]);
+	push(@opts, [ 'prohibit-password', $text{'users_nopwd'} ]);
 	if ($version{'number'} >= 2) {
 		push(@opts, [ 'forced-commands-only', $text{'users_fcmd'} ]);
 		}
 	}
-print "</select></td>\n";
+$root = "prohibit-password" if ($root eq "without-password");
 print &ui_table_row($text{'users_root'},
 	&ui_select("root", lc($root), \@opts));
 
@@ -86,7 +84,7 @@ if (($version{'type'} eq 'ssh' && $version{'number'} < 3) ||
 # SSH 2 DSA authentication
 if ($version{'type'} eq 'openssh' && $version{'number'} >= 3) {
 	$dsa = &find_value("PubkeyAuthentication", $conf);
-	print &ui_table_row($text{'users_dsa'},
+	print &ui_table_row($text{'users_pkeyauth'},
 		&ui_yesno_radio('dsa', lc($dsa) ne 'no'));
 	}
 

sshd/lang/af.auto

@@ -36,6 +36,7 @@ users_nopwd=Slegs met RSA-toestemming
 users_fcmd=Slegs vir opdragte
 users_rsa=Laat RSA (SSH 1) -verifikasie toe?
 users_dsa=Laat DSA (SSH 2) -verifikasie toe?
+users_pkeyauth=Laat publieke sleutelstawing toe?
 users_strict=Kontroleer die regte op sleutellêers?
 users_rhosts=Ignoreer <tt>.hosts</tt> lêers?
 users_rrhosts=Ignoreer <tt>.hosts</tt> lêers vir die wortelgebruiker?

sshd/lang/ar.auto

@@ -36,6 +36,7 @@ users_nopwd=فقط مع مصادقة RSA
 users_fcmd=فقط للأوامر
 users_rsa=هل تسمح مصادقة RSA (SSH 1)؟
 users_dsa=هل تسمح مصادقة DSA (SSH 2)؟
+users_pkeyauth=السماح بمصادقة المفتاح العام؟
 users_strict=تحقق الأذونات على الملفات الرئيسية؟
 users_rhosts=Ignore <tt>.rhosts</tt> files?
 users_rrhosts=Ignore <tt>.rhosts</tt> files for root user?

sshd/lang/be.auto

@@ -36,6 +36,7 @@ users_nopwd=Толькі з RSA аўт
 users_fcmd=Толькі для каманд
 users_rsa=Дазволіць RSA (SSH 1) аўтэнтыфікацыю?
 users_dsa=Дазволіць праверку сапраўднасці DSA (SSH 2)?
+users_pkeyauth=Дазволіць аўтэнтыфікацыю з адкрытым ключом?
 users_strict=Праверце дазволы на ключавыя файлы?
 users_rhosts=Ігнараваць <tt>.rhosts</tt> файлы?
 users_rrhosts=Ігнараваць <tt>.rhosts</tt> файлы для каранёвага карыстальніка?

sshd/lang/bg.auto

@@ -0,0 +1 @@
+users_pkeyauth=Разрешаване на удостоверяване с публичен ключ?

sshd/lang/ca.auto

@@ -1,2 +1,3 @@
 users_rsa=Permetre l'autenticació RSA (SSH 1)?
 users_dsa=Permetre l'autenticació DSA (SSH 2)?
+users_pkeyauth=Vols permetre l'autenticació de clau pública?

sshd/lang/cs.auto

@@ -1,4 +1,5 @@
 users_dsa=Povolit ověřování DSA (SSH 2)?
+users_pkeyauth=Povolit ověřování veřejným klíčem?
 users_authkeys_set=Soubor doma
 users_eauthkeys=Chybějící nebo neplatně vypadající soubor autorizovaných klíčů
 users_maxauthtries=Maximální počet pokusů o přihlášení na připojení

sshd/lang/da.auto

@@ -36,6 +36,7 @@ users_nopwd=Kun med RSA-autorisation
 users_fcmd=Kun til kommandoer
 users_rsa=Tillad RSA (SSH 1) -godkendelse?
 users_dsa=Vil du tillade DSA (SSH 2) -godkendelse?
+users_pkeyauth=Tillad offentlig nøglegodkendelse?
 users_strict=Kontroller tilladelser på nøglefiler?
 users_rhosts=Ignorer <tt>.rhosts</tt> filer?
 users_rrhosts=Ignorer <tt>.rhosts</tt> filer til root-bruger?

sshd/lang/de.auto

@@ -0,0 +1 @@
+users_pkeyauth=Authentifizierung mit öffentlichem Schlüssel zulassen?

sshd/lang/el.auto

@@ -36,6 +36,7 @@ users_nopwd=Μόνο με auth RSA
 users_fcmd=Μόνο για εντολές
 users_rsa=Να επιτρέπεται ο έλεγχος ταυτότητας RSA (SSH 1);
 users_dsa=Να επιτρέπεται ο έλεγχος ταυτότητας DSA (SSH 2);
+users_pkeyauth=Να επιτρέπεται ο έλεγχος ταυτότητας με δημόσιο κλειδί;
 users_strict=Ελέγξτε τα δικαιώματα στα αρχεία κλειδιά;
 users_rhosts=Αγνόηση αρχείων <tt>.rhosts</tt>;
 users_rrhosts=Παράβλεψη αρχείων <tt>.rhosts</tt> για χρήστη root;

sshd/lang/en

@@ -36,6 +36,7 @@ users_nopwd=Only with RSA auth
 users_fcmd=Only for commands
 users_rsa=Allow RSA (SSH 1) authentication?
 users_dsa=Allow DSA (SSH 2) authentication?
+users_pkeyauth=Allow public key authentication?
 users_strict=Check permissions on key files?
 users_rhosts=Ignore <tt>.rhosts</tt> files?
 users_rrhosts=Ignore <tt>.rhosts</tt> files for root user?

sshd/lang/es.auto

@@ -4,6 +4,7 @@ index_rsa=RSA (para SSH v2)
 index_dsa=DSA (para SSH v2)
 
 users_dsa=¿Permitir autenticación DSA (SSH 2)?
+users_pkeyauth=¿Permitir autenticación de clave pública?
 users_authkeys_set=Archivo debajo de casa
 users_eauthkeys=Archivo de claves autorizadas faltantes o de aspecto no válido
 users_maxauthtries=Intentos máximos de inicio de sesión por conexión

sshd/lang/eu.auto

@@ -1,4 +1,5 @@
 users_expire_def=Inoiz ez
+users_pkeyauth=Gako publikoaren autentifikazioa baimendu?
 users_eauthkeys=Falta diren gakoen fitxategia falta edo baliogabea da
 users_maxauthtries=Konexio bakoitzeko gehieneko saiakera saiakera
 users_emaxauthtries=Konexio bakoitzeko saiakera saiakera kopurua edo ez zenbakizko bat falta da

sshd/lang/fa.auto

@@ -7,6 +7,7 @@ index_rsa=RSA (برای SSH v2)
 index_dsa=DSA (برای SSH v2)
 
 users_dsa=اجازه تأیید هویت DSA (SSH 2) را دارید؟
+users_pkeyauth=احراز هویت کلید عمومی مجاز است؟
 users_authkeys_set=پرونده در خانه
 users_eauthkeys=پرونده کلیدهای مجاز به ظاهر نامعتبر یا نامعتبر است
 users_maxauthtries=حداکثر تلاش برای ورود به هر اتصال

sshd/lang/fi.auto

@@ -36,6 +36,7 @@ users_nopwd=Vain RSA: n luvalla
 users_fcmd=Vain komennot
 users_rsa=Sallitaanko RSA (SSH 1) -todennus?
 users_dsa=Sallitaanko DSA (SSH 2) -todennus?
+users_pkeyauth=Sallitaanko julkisen avaimen todennus?
 users_strict=Tarkistetaan avaintiedostojen oikeudet?
 users_rhosts=Ohitetaanko <tt>.rhosts</tt> -tiedot?
 users_rrhosts=Ohitetaanko pääkäyttäjän <tt>.rhosts</tt> -tiedostot?

sshd/lang/fr.auto

@@ -0,0 +1 @@
+users_pkeyauth=Autoriser l'authentification par clé publique ?

sshd/lang/he.auto

@@ -36,6 +36,7 @@ users_nopwd=רק עם אישור RSA
 users_fcmd=רק לפקודות
 users_rsa=האם לאפשר אימות RSA (SSH 1)?
 users_dsa=האם לאפשר DSA (SSH 2) אימות?
+users_pkeyauth=האם לאפשר אימות מפתח ציבורי?
 users_strict=לבדוק הרשאות בקבצי מפתח?
 users_rhosts=Ignore <tt>.rhosts</tt> files?
 users_rrhosts=Ignore <tt>.rhosts</tt> files for root user?

sshd/lang/hr.auto

@@ -36,6 +36,7 @@ users_nopwd=Samo s RSA auth
 users_fcmd=Samo za naredbe
 users_rsa=Želite li omogućiti RSA (SSH 1) provjeru autentičnosti?
 users_dsa=Želite li dozvoliti provjeru autentičnosti DSA (SSH 2)?
+users_pkeyauth=Dopustiti autentifikaciju s javnim ključem?
 users_strict=Provjerite dopuštenja za ključne datoteke?
 users_rhosts=Zanemariti datoteke <tt>.rhosts</tt>?
 users_rrhosts=Zanemariti datoteke <tt>.rhosts</tt> za korijenskog korisnika?

sshd/lang/hu.auto

@@ -1 +1,2 @@
+users_pkeyauth=Engedélyezi a nyilvános kulcsú hitelesítést?
 users_chal=Használ kihívás-válasz hitelesítést?

sshd/lang/it.auto

@@ -1 +1,2 @@
+users_pkeyauth=Consentire l'autenticazione con chiave pubblica?
 users_chal=Utilizzare l'autenticazione challenge-response?

sshd/lang/ja.auto

@@ -1,4 +1,5 @@
 users_dsa=DSA（SSH 2）認証を許可しますか？
+users_pkeyauth=公開鍵認証を許可しますか?
 users_authkeys_set=ホームの下のファイル
 users_eauthkeys=認可されたキーファイルが見つからないか無効です
 users_maxauthtries=接続ごとの最大ログイン試行

sshd/lang/ko.auto

@@ -1,4 +1,5 @@
 users_dsa=DSA (SSH 2) 인증을 허용 하시겠습니까?
+users_pkeyauth=공개 키 인증을 허용하시겠습니까?
 users_authkeys_set=집에서 신청
 users_eauthkeys=권한이없는 키 파일이 없거나 잘못 표시됨
 users_maxauthtries=연결 당 최대 로그인 시도

sshd/lang/lt.auto

@@ -36,6 +36,7 @@ users_nopwd=Tik su RSA aut
 users_fcmd=Tik komandoms
 users_rsa=Leisti RSA (SSH 1) autentifikavimą?
 users_dsa=Leisti DSA (SSH 2) autentifikavimą?
+users_pkeyauth=Leisti autentifikuoti viešąjį raktą?
 users_strict=Patikrinti pagrindinių failų leidimus?
 users_rhosts=Nepaisyti <tt>.rhosts</tt> failų?
 users_rrhosts=Ignoruoti šakninio vartotojo <tt>.rhosts</tt> failus?

sshd/lang/lv.auto

@@ -36,6 +36,7 @@ users_nopwd=Tikai ar RSA atļauju
 users_fcmd=Tikai komandām
 users_rsa=Vai atļaut RSA (SSH 1) autentifikāciju?
 users_dsa=Vai atļaut DSA (SSH 2) autentifikāciju?
+users_pkeyauth=Vai atļaut publiskās atslēgas autentifikāciju?
 users_strict=Vai pārbaudīt atļaujas galvenajiem failiem?
 users_rhosts=Vai ignorēt <tt>.rhosts</tt> failus?
 users_rrhosts=Vai ignorēt saknes lietotāja <tt>.rhosts</tt> failus?

sshd/lang/ms.auto

@@ -35,6 +35,7 @@ users_nopwd=Hanya dengan auth RSA
 users_fcmd=Hanya untuk arahan
 users_rsa=Benarkan pengesahan RSA (SSH 1)?
 users_dsa=Benarkan pengesahan DSA (SSH 2)?
+users_pkeyauth=Benarkan pengesahan kunci awam?
 users_strict=Periksa kebenaran pada fail utama?
 users_rhosts=Abaikan <tt>.rhosts</tt> fail?
 users_rrhosts=Abaikan <tt>.rhosts</tt> fail untuk pengguna root?

sshd/lang/mt.auto

@@ -36,6 +36,7 @@ users_nopwd=Biss b'aut RSA
 users_fcmd=Biss għall-kmandi
 users_rsa=Ħalli l-awtentikazzjoni RSA (SSH 1)?
 users_dsa=Ħalli l-awtentikazzjoni DSA (SSH 2)?
+users_pkeyauth=Jippermetti l-awtentikazzjoni taċ-ċavetta pubblika?
 users_strict=Tivverifika l-permessi fuq fajls ewlenin?
 users_rhosts=Injora l-fajls <tt>.rhosts</tt>?
 users_rrhosts=Injora l-fajls <tt>.rhosts</tt> għall-utent tal-għeruq?

sshd/lang/nl.auto

@@ -1 +1,2 @@
+users_pkeyauth=Verificatie met openbare sleutel toestaan?
 users_chal=Gebruik uitdaging-respons authenticatie?

sshd/lang/no.auto

@@ -0,0 +1 @@
+users_pkeyauth=Vil du tillate offentlig nøkkelautentisering?

sshd/lang/pl.auto

@@ -0,0 +1 @@
+users_pkeyauth=Zezwolić na uwierzytelnianie za pomocą klucza publicznego?

sshd/lang/pt.auto

@@ -36,6 +36,7 @@ users_nopwd=Somente com autenticação RSA
 users_fcmd=Apenas para comandos
 users_rsa=Permitir autenticação RSA (SSH 1)?
 users_dsa=Permitir autenticação DSA (SSH 2)?
+users_pkeyauth=Permitir autenticação de chave pública?
 users_strict=Verificar permissões nos arquivos principais?
 users_rhosts=Ignorar arquivos <tt>.rhosts</tt>?
 users_rrhosts=Ignorar arquivos <tt>.rhosts</tt> para o usuário root?

sshd/lang/pt_BR.auto

@@ -36,6 +36,7 @@ users_nopwd=Somente com autenticação RSA
 users_fcmd=Apenas para comandos
 users_rsa=Permitir autenticação RSA (SSH 1)?
 users_dsa=Permitir autenticação DSA (SSH 2)?
+users_pkeyauth=Permitir autenticação de chave pública?
 users_strict=Verificar permissões nos arquivos principais?
 users_rhosts=Ignorar arquivos <tt>.rhosts</tt>?
 users_rrhosts=Ignorar arquivos <tt>.rhosts</tt> para o usuário root?

sshd/lang/ro.auto

@@ -36,6 +36,7 @@ users_nopwd=Numai cu RSA auth
 users_fcmd=Numai pentru comenzi
 users_rsa=Permiteți autentificarea RSA (SSH 1)?
 users_dsa=Permiteți autentificarea DSA (SSH 2)?
+users_pkeyauth=Permiteți autentificarea cu cheie publică?
 users_strict=Verificați permisiunile pentru fișierele cheie?
 users_rhosts=Ignorați fișierele <tt>.rhosts</tt>?
 users_rrhosts=Ignorați fișierele <tt>.rhosts</tt> pentru utilizatorul root?

sshd/lang/ru.auto

@@ -7,6 +7,7 @@ index_rsa=RSA (для SSH v2)
 index_dsa=DSA (для SSH v2)
 
 users_dsa=Разрешить аутентификацию DSA (SSH 2)?
+users_pkeyauth=Разрешить аутентификацию с открытым ключом?
 users_authkeys=Файл авторизованных ключей пользователя
 users_authkeys_def=Стандартный (~/.ssh/authorized_keys)
 users_authkeys_set=Файл под домом

sshd/lang/sk.auto

@@ -25,6 +25,7 @@ users_pempty=Povoliť prihlasovanie pomocou prázdnych hesiel?
 users_nopwd=Iba s autorizáciou RSA
 users_fcmd=Iba pre príkazy
 users_dsa=Povoliť overenie DSA (SSH 2)?
+users_pkeyauth=Povoliť overenie verejným kľúčom?
 users_rhosts=Ignorovať súbory <tt>.rhosts</tt>?
 users_rrhosts=Ignorovať súbory <tt>.rhosts</tt> pre užívateľa root?
 users_rrdef=Rovnaké ako ostatní používatelia

sshd/lang/sl.auto

@@ -36,6 +36,7 @@ users_nopwd=Samo z RSA avt
 users_fcmd=Samo za ukaze
 users_rsa=Dovoli preverjanje pristnosti RSA (SSH 1)?
 users_dsa=Dovoli preverjanje pristnosti DSA (SSH 2)?
+users_pkeyauth=Dovoliti preverjanje pristnosti javnega ključa?
 users_strict=Preverite dovoljenja za ključne datoteke?
 users_rhosts=Ali želite prezreti <tt>.rhosts</tt> datoteke?
 users_rrhosts=Zanemarite datoteke <tt>.rhosts</tt> za uporabnika root?

sshd/lang/sv.auto

@@ -36,6 +36,7 @@ users_nopwd=Endast med RSA-godkännande
 users_fcmd=Endast för kommandon
 users_rsa=Tillåter RSA (SSH 1) autentisering?
 users_dsa=Tillåter DSA (SSH 2) autentisering?
+users_pkeyauth=Vill du tillåta autentisering med offentlig nyckel?
 users_strict=Kontrollera behörigheter för nyckelfiler?
 users_rhosts=Ignorera <tt>.rhosts</tt> filer?
 users_rrhosts=Ignorera <tt>.rhosts</tt> -filer för root-användare?

sshd/lang/th.auto

@@ -36,6 +36,7 @@ users_nopwd=เฉพาะ RSA auth เท่านั้น
 users_fcmd=สำหรับคำสั่งเท่านั้น
 users_rsa=อนุญาตการตรวจสอบสิทธิ์ RSA (SSH 1) หรือไม่
 users_dsa=อนุญาตการตรวจสอบ DSA (SSH 2) หรือไม่
+users_pkeyauth=อนุญาตการตรวจสอบสิทธิ์คีย์สาธารณะไหม
 users_strict=ตรวจสอบการอนุญาตสำหรับไฟล์คีย์?
 users_rhosts=ข้ามไฟล์ <tt>.rhosts</tt> หรือไม่
 users_rrhosts=ละเว้นไฟล์ <tt>.rhosts</tt> สำหรับผู้ใช้รูทหรือไม่

sshd/lang/tr.auto

@@ -36,6 +36,7 @@ users_nopwd=Yalnızca RSA yetkilendirmesi ile
 users_fcmd=Sadece komutlar için
 users_rsa=RSA (SSH 1) kimlik doğrulamasına izin verilsin mi?
 users_dsa=DSA (SSH 2) kimlik doğrulamasına izin verilsin mi?
+users_pkeyauth=Ortak anahtar kimlik doğrulamasına izin verilsin mi?
 users_strict=Anahtar dosyalardaki izinler kontrol edilsin mi?
 users_rhosts=<tt>.rhosts</tt> dosyaları yoksayılsın mı?
 users_rrhosts=Kök kullanıcı için <tt>.rhosts</tt> dosyaları yoksayılsın mı?

sshd/lang/uk.auto

@@ -7,6 +7,7 @@ index_rsa=RSA (для SSH v2)
 index_dsa=DSA (для SSH v2)
 
 users_dsa=Дозволити аутентифікацію DSA (SSH 2)?
+users_pkeyauth=Дозволити автентифікацію відкритим ключем?
 users_authkeys=Файл ключів, уповноважених користувачем
 users_authkeys_def=Default (~/.ssh/authorized_keys)
 users_authkeys_set=Файл під домашнім

sshd/lang/ur.auto

@@ -36,6 +36,7 @@ users_nopwd=صرف RSA تصنیف کے ساتھ
 users_fcmd=صرف احکامات کے لئے
 users_rsa=RSA (SSH 1) تصدیق کی اجازت دیں؟
 users_dsa=DSA (SSH 2) تصدیق کی اجازت دیں؟
+users_pkeyauth=عوامی کلید کی توثیق کی اجازت دیں؟
 users_strict=کلیدی فائلوں پر اجازت چیک کریں؟
 users_rhosts=Ignore <tt>.rhosts</tt> files?
 users_rrhosts=Ignore <tt>.rhosts</tt> files for root user?

sshd/lang/vi.auto

@@ -36,6 +36,7 @@ users_nopwd=Chỉ với RSA auth
 users_fcmd=Chỉ cho các lệnh
 users_rsa=Cho phép xác thực RSA (SSH 1)?
 users_dsa=Cho phép xác thực DSA (SSH 2)?
+users_pkeyauth=Cho phép xác thực khóa công khai?
 users_strict=Kiểm tra quyền trên các tập tin quan trọng?
 users_rhosts=Bỏ qua các tệp <tt>.rhosts</tt>?
 users_rrhosts=Bỏ qua các tệp <tt>.rhosts</tt> cho người dùng root?

sshd/lang/zh.auto

@@ -1,3 +1,5 @@
+users_pkeyauth=允许公钥认证？
+
 net_listen2=听地址
 net_laddress=地址
 net_lport=港口

sshd/lang/zh_TW.auto

@@ -36,6 +36,7 @@ users_nopwd=僅使用RSA身份驗證
 users_fcmd=僅用於命令
 users_rsa=允許RSA（SSH 1）身份驗證？
 users_dsa=允許DSA（SSH 2）身份驗證？
+users_pkeyauth=允許公鑰認證？
 users_strict=檢查密鑰文件的權限？
 users_rhosts=忽略<tt>.rhosts</tt>文件？
 users_rrhosts=忽略root用戶的<tt>.rhosts</tt>文件？

sshd/save_users.cgi

@@ -45,7 +45,7 @@ if ($version{'type'} ne 'ssh' || $version{'number'} < 3) {
 
 &save_directive("PermitEmptyPasswords", $conf, $in{'pempty'} ? 'yes' : 'no');
 
-&save_directive("PermitRootLogin", $conf, $in{'root'});
+&save_directive("PermitRootLogin", $conf, $in{'root'} || undef);
 
 if (($version{'type'} eq 'ssh' && $version{'number'} < 3) ||
     ($version{'type'} eq 'openssh' && $version{'number'} < 7.3)) {

status/edit_mon.cgi

@@ -18,7 +18,7 @@ if ($in{'type'}) {
 		}
 	else {
 		# Totally new
-		$serv = { 'notify' => 'email pager snmp sms',
+		$serv = { 'notify' => 'email pager snmp sms webhook',
 			  'fails' => 1,
 			  'nosched' => 0,
 			  'remote' => '*' };

status/edit_sched.cgi

@@ -95,6 +95,11 @@ print &ui_table_row($text{'sched_subject'},
 		  [ 2, $text{'sched_subject2'},
 			&ui_textbox("subject", $smode == 2 ? $config{'sched_subject'} : "", 40) ] ]), 3);
 
+# HTTP webhook URL
+print &ui_table_row($text{'sched_webhook'},
+	&ui_opt_textbox("webhook", $config{'sched_webhook'}, 60,
+		$text{'sched_webhookno'}, $text{'sched_webhookyes'}), 3);
+
 print &ui_table_end();
 print &ui_form_end([ [ "save", $text{'save'} ] ]);
 

status/index.cgi

@@ -42,7 +42,7 @@ if (@serv) {
 		local @st = stat($oldstatus_file);
 		if (@st) {
 			local $t = &make_date($st[9]);
-			print &text('index_oldtime', $t),"<br>\n";
+			print &ui_alert_box(&text('index_oldtime', $t), 'info');
 			}
 		}
 

status/lang/en

@@ -121,6 +121,7 @@ mon_notifyemail=Email
 mon_notifypager=Pager
 mon_notifysnmp=SNMP
 mon_notifysms=SMS
+mon_notifywebhook=Webhook
 mon_email=Also send email for this service to
 mon_depend=Don't check if monitor is down
 mon_edepend=A monitor cannot depend on itself
@@ -189,6 +190,10 @@ sched_subject0=None (alert is in the body)
 sched_subject1=Alert text (leave body empty)
 sched_subject2=Custom text
 sched_esubject=Missing SMS message subject
+sched_webhook=Send status to webhook
+sched_webhookno=Don't send
+sched_webhookyes=HTTP or HTTPS URL
+sched_ewebhook=Missing or invalid URL for webhook
 
 up_since=Up since $1
 depends_mod=The module $1 is not installed on your system

status/monitor.pl

@@ -200,6 +200,9 @@ foreach $serv (@services) {
 				$thisemail .= "\n";
 				$ecount++;
 				}
+			if ($notify{'webhook'}) {
+				push(@webhooks, [ $serv, $stat, $suffix, $host ]);
+				}
 			$lastsent{$serv->{'id'}} = $nowunix;
 			}
 		$newstats->{$r} = $up;
@@ -283,17 +286,21 @@ if ($pager_msg && !$config{'sched_single'}) {
 if ($sms_msg && !$config{'sched_single'}) {
 	&send_status_sms($sms_msg);
 	}
+foreach $w (@webhooks) {
+	&send_status_webhook(@$w);
+	}
 
 # send_status_email(text, subject, email-to)
 sub send_status_email
 {
-return if (!$_[2]);
+local ($text, $subject, $to) = @_;
+return if (!$to);
 &foreign_require("mailboxes", "mailboxes-lib.pl");
 
 # Construct and send the email (using correct encoding for body)
 local $from = $config{'sched_from'} ? $config{'sched_from'}
 				    : &mailboxes::get_from_address();
-&mailboxes::send_text_mail($from, $_[2], undef, $_[1], $_[0],
+&mailboxes::send_text_mail($from, $to, undef, $subject, $text,
 			   $config{'sched_smtp'});
 }
 
@@ -423,6 +430,34 @@ if (!$@) {
 print STDERR "No SNMP perl module found\n";
 }
 
+# send_status_webhook(&monitor, &status, what, host)
+# Make an HTTP call with monitor details and status as params
+sub send_status_webhook
+{
+my ($serv, $stat, $suffix, $host) = @_;
+return undef if (!$config{'sched_webhook'});
+my %params = ( 'status_value' => $stat->{'value'},
+	       'status_nice_value' => $stat->{'nice_value'},
+	       'status_desc' => $stat->{'desc'},
+	       'status' => $text{'mon_'.$suffix},
+	       'host' => $host,
+	       $suffix => 1,
+	     );
+foreach my $k (keys %$serv) {
+	next if ($k =~ /^_/);
+	next if ($serv->{$k} eq "");
+	$params{'service_'.$k} = $serv->{$k};
+	}
+my ($host, $port, $page, $ssl) = &parse_http_url($config{'sched_webhook'});
+my $params = join("&", map { $_."=".&urlize($params{$_}) } keys %params);
+$page .= ($page =~ /\?/ ? "?" : "&");
+$page .= $params;
+my ($out, $err);
+&http_download($host, $port, $page, \$out, \$err, undef, $ssl, undef, undef,
+	       5, 0, 1);
+return $err;
+}
+
 # run_on_command(&serv, command, remote-host)
 sub run_on_command
 {

status/save_sched.cgi

@@ -61,6 +61,14 @@ else {
 		}
 	$config{'sched_smtp'} = $in{'smtp'};
 	}
+if ($in{'webhook_def'}) {
+	delete($config{'sched_webhook'});
+	}
+else {
+	$in{'webhook'} =~ /^(http|https):\/\/\S+$/ ||
+		&error($text{'sched_ewebhook'});
+	$config{'sched_webhook'} = $in{'webhook'};
+	}
 $config{'sched_mode'} = $in{'mode'};
 $in{'int'} =~ /^\d+$/ || &error($text{'sched_eint'});
 $config{'sched_int'} = $in{'int'};