Add button to switch between read/write and read-only on Diag > NanoBSD; Add setting to keep the media read/write at all times; Add indication of ro/rw status on Dashboard.
Make sure admin can always write the config
Add initial support for a privilege that denies write access to the config.NOTE: This only prevents writing to config.xml - it does NOT prevent other changes/execution that do not involve writing to config.xml (e.g. applying settings, exec, killing states, etc)
Remove extra curly to allow checking braces closure easily in vi[m]
The function split() is replaced by the function explode(). Starting with PHP 5.3 this is deprecated and with version 6 gone.Replacing it surpresses all the warnings
Add version to backup.cache in one more place
Also show the config version in the backup history.
Setup the serial port in the factory reset as well, in case the default config in a rebrand has the serial console active.
Ticket #1279. Decrease the refcount even though we're in booting phase. This helps the refcount to work as intended and help in making filesystem read only correctly on embedded platfroms. While here put some exceptions to refcount API and silent any related errors that might trigger. Also take not of the NOTE on the php manual that after a share memory is opened further references to it for size and access mode should be 0.
Merge remote-tracking branch 'mainline/master' into inc
Conflicts: etc/inc/priv.defs.inc
Use empty() so we don't use it if it's defined but blank.
If available, also track the IP used by a user making a config change.
Do a more thorough check for platform on the ro call, or factory reset blows up.
Conflicts: etc/inc/gwlb.inc
Fixup text.
Actually re-parse the config if a valid config was not written. (Should help stop installs from blowing up on failed config upgrades). Save the bad config for inspection, and print a message to the console about what was done.
Check for function existence before calling it.
Conflicts: etc/inc/voucher.inc
Backing this out to see if it unbreaks NanoBSD upgrades with packages involved. Revert "Workaround for conf_mount_rw/ro during boot to only allow it to change at the start and end. Fixes #1279"
This reverts commit 548be1fd6697ab115cbb29d61bc5507744488094.
Conflicts: etc/inc/interfaces.inc etc/inc/priv.defs.inc etc/inc/shaper.inc etc/inc/system.inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/priv.defs.inc etc/inc/services.inc...
Workaround for conf_mount_rw/ro during boot to only allow it to change at the start and end. Fixes #1279
Add code to allow custom upgrade code to run after the pfSense upgrade code for the same version switching(Just the custom upgrade functions should have _custom at the end of their name.
When doing conf_mount_ro/rw on NanoBSD, pass sync,noatime to mount to preserve the options we have already set in fstab. Ticket #1279 and Ticket #444
Comment out the "config write on bootup" error. This is normal now with the package reinstall, and the known issues with it should be OK now. The error is just confusing people.
Merge branch 'master' into inc
Conflicts: etc/inc/captiveportal.inc etc/inc/config.console.inc etc/inc/config.lib.inc etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/ipsec.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc...
Better way to determine the username for config descrs
Fix variable name reference
Stop spewing backup info on bootup
Add back booting check that existed prior to refcount code. We will improve upon this next week.
Improve parse_config to not be recursive for no reason. This fixes some strange cases of config lock being left held and blocking GUI.
Add some more safe belts and remove code that is commented from long time now. Reported on http://forum.pfsense.org/index.php/topic,28202.15.html
nuke trailing carriage returns
No need to output 'Loading new configuration'. We already have a line written out telling the user what we are doing
Merge remote branch 'mainline/master' into inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/gwlb.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc...
Do a fflush of file before closing and sync(2). Fix whitespace while here.
Use pfSense_sync()
Call sync after writing the file and before returning to continue processing.
Use product name
Check for pfsense root object name in config.xml as a fallback if the configured name is not found.
Upon restoring a config, replacing whole sections, or editing config.xml in edit.php, prevent possible accidental lockout from DNS rebind and HTTP referrer checks by disabling them until reboot or the next time they pass, whichever comes sooner. Ticket #1027
Remove trailing carriage return
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/priv.defs.inc etc/inc/system.inc etc/inc/upgrade_config.inc etc/inc/vpn.inc
Correctly call die() in the places needed. Also remove unused global.
Fix quotes to use %N$X on gettext calls
Fix gettext calls with printf to permit change strings order
Conflicts: etc/inc/config.lib.inc
Do not output duplicate done
Implement gettext() calls on config.lib.inc
Move all console related configuration items to config.console.inc. This will mean that these items are not included when the webConfigurator is being used and only on bootup on the console.
Fix typo in interface name.
Remove config.extra.xml, I will just merge the remote configuration areas right into config.xml
Comment out this line for now, since it was preventing config saving.
If config.extra.xml exists parse and merge its contents into the array as long as we are not writing out the config.
Correct ifconfig syntax
Do not set max_execution time here.
Refactor this function a little so it will also rebuild the cache if it does not already exist. Fixes missing config history after reboot on NanoBSD.
Do not bail out when we write a new config. Seems that we can write some special characters but might not be able to read them back but we still should be able to recover from this. Include globals.inc before calling any config.lib.inc functions.
Ticket #544. Restore locking, seems w+ migh already lock the file sometimes. While there improve the locking to a read/write locking schema. Make the default locking a read only lock and if explicitly specified a write locking can be specified through LOCK_EX optional parameter to lock(). During config manipulation do the filesystem mounting in rw, if needed, before doing any locking to avoid possible problems and also to be consistent through out the code on the method used. Also update calls to config to lock exclusively where required.
Tag all config write cases with the username.
Include username of person making the change in config change description, and in the config itself.
Correct file_notice usage.
Add enable bits.
backup_config() does not need to be wrapped with conf_mount_rw().
Unbreak ACB
The user owner of /dev/pf is root the group will be left to proxy to allow packages to become member of this group to modify firewall.
Ticket #434. Do not die when parsing config since we know how to recover. Only die during packages.
Ticket #417. Fix installation on embedded by using a refcount system for the mount command.
Move check upper to suit the platforms not needing it better.
Move call up to where it belongs.
Propperly initialize variables so they function is as expected.
Put safe_write_file to the include it belongs to.
Add var/empty to excludes list
Use safe_write_file() like RELENG_1_2 does. Not sure how this diverged?!
Write out config.xml.tmp first and then move into place after it is written trying to avoid half written files during panic or livelock situations
Align LAN and WAN interfaces print (just cosmetic)
Set variable instead of using comparison operator
Be consistent where we write and where we read the new config.
Show Loading new configuration to make bootup text unfiorm
Fix missing include for config upgrade 1.2 -> 2.0Fix missing include for /etc/rc.reload_all
Dedicate 6 characters
Do not dedicate 16 characters to interface name
remove functional code from config.inc and place it in a library file config.lib.inc