/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 06a45374

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33			pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
34	b368b35a	Ermal	pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/sbin/syslogd
35	523855b0	Scott Ullrich	pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36	cf180ccc	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/bin/ntpd /usr/sbin/ntpdate
37	c3b13d60	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
38	523855b0	Scott Ullrich	pfSense_MODULE: utils
39			*/
40	0f282d7a	Scott Ullrich
41	8e9fa41d	Scott Ullrich	function activate_powerd() {
42			global $config, $g;
43	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
44			return;
45	53c210dd	Cristian Feldman	if(is_process_running("powerd"))
46			exec("/usr/bin/killall powerd");
47	8e9fa41d	Scott Ullrich	if(isset($config['system']['powerd_enable'])) {
48	c3b13d60	jim-p	if ($g["platform"] == "nanobsd")
49			exec("/sbin/kldload cpufreq");
50	53c210dd	Cristian Feldman	$mode = "hadp";
51			if (!empty($config['system']['powerd_mode']))
52			$mode = $config['system']['powerd_mode'];
53			mwexec("/usr/sbin/powerd -b $mode -a $mode");
54	8e9fa41d	Scott Ullrich	}
55			}
56
57	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
58			global $sysctls;
59	f3c91cb5	Erik Fonnesbeck
60			if (isset($sysctls[$id]))
61			return $sysctls[$id];
62	3a35f55f	Scott Ullrich	}
63
64	6df9d7e3	Scott Ullrich	function activate_sysctls() {
65			global $config, $g;
66	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
67			return;
68	050fd8ad	Ermal	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x0001");
69			exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x0001");
70			exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x0002");
71			exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0002");
72	99e88aa0	Ermal Luçi
73	3a35f55f	Scott Ullrich	if(is_array($config['sysctl'])) {
74	cac19f50	Scott Ullrich	foreach($config['sysctl']['item'] as $tunable) {
75	b2d0140c	Scott Ullrich	if($tunable['value'] == "default") {
76			$value = get_default_sysctl_value($tunable['tunable']);
77			mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $value . "\"");
78			} else {
79	09f82b11	Administrator	mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\"");
80	b2d0140c	Scott Ullrich	}
81	d0b461f5	sullrich	}
82			}
83	6df9d7e3	Scott Ullrich	}
84
85	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
86	c3f535c0	Seth Mos	global $config, $g;
87
88			if(isset($config['system']['developerspew'])) {
89			$mt = microtime();
90			echo "system_resolvconf_generate() being called $mt\n";
91			}
92	ef217c69	Scott Ullrich
93	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
94	ef217c69	Scott Ullrich
95	53bbbf04	Scott Ullrich	// Do not create blank domain lines, it breaks tools like dig.
96			if($syscfg['domain'])
97			$resolvconf = "domain {$syscfg['domain']}\n";
98	ef217c69	Scott Ullrich
99	af6576a8	jim-p	if (isset($config['dnsmasq']['enable']) && !isset($config['system']['dnslocalhost']))
100	6c86a39f	Ermal	$resolvconf .= "nameserver 127.0.0.1\n";
101	8ac329da	Ermal
102	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
103	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
104	86dcdfc9	Ermal	$ns = array_unique(get_searchdomains());
105			foreach($ns as $searchserver) {
106	8e866217	Ermal	if($searchserver)
107	86dcdfc9	Ermal	$resolvconf .= "search {$searchserver}\n";
108			}
109	c3f535c0	Seth Mos	$ns = array_unique(get_nameservers());
110			foreach($ns as $nameserver) {
111	8e866217	Ermal	if($nameserver)
112	c3f535c0	Seth Mos	$resolvconf .= "nameserver $nameserver\n";
113			}
114	30cee7b2	Scott Ullrich	}
115	8e866217	Ermal	if (is_array($syscfg['dnsserver'])) {
116	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
117	8e866217	Ermal	if ($ns)
118	c3f535c0	Seth Mos	$resolvconf .= "nameserver $ns\n";
119	e180a6e3	Scott Ullrich	}
120	c3f535c0	Seth Mos	}
121	0f282d7a	Scott Ullrich
122	d97ff036	Ermal	$dnslock = lock('resolvconf', LOCK_EX);
123
124	e1daff07	Ermal	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
125			if (!$fd) {
126			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
127	d97ff036	Ermal	unlock($dnslock);
128	e1daff07	Ermal	return 1;
129			}
130
131	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
132			fclose($fd);
133	0f282d7a	Scott Ullrich
134	30cee7b2	Scott Ullrich	if (!$g['booting']) {
135	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
136			if (!$dynupdate)
137			services_dhcpd_configure();
138	30cee7b2	Scott Ullrich	}
139	ef217c69	Scott Ullrich
140	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
141			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
142			/* setup static routes for dns servers */
143	c935003d	Seth Mos	$dnsgw = "dns{$dnscounter}gw";
144	c3f535c0	Seth Mos	if (isset($config['system'][$dnsgw])) {
145	c935003d	Seth Mos	$gwname = $config['system'][$dnsgw];
146			if (($gwname <> "") && ($gwname <> "none")) {
147			$gatewayip = lookup_gateway_ip_by_name($gwname);
148			if (is_ipaddrv4($gatewayip)) {
149	c3f535c0	Seth Mos	/* dns server array starts at 0 */
150	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
151	4c41b626	Ermal	mwexec("route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
152	b875f306	Scott Ullrich	}
153	c935003d	Seth Mos	if (is_ipaddrv6($gatewayip)) {
154			/* dns server array starts at 0 */
155			$dnscountermo = $dnscounter - 1;
156	64a8dbf2	jim-p	mwexec("route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
157	c935003d	Seth Mos	}
158	b875f306	Scott Ullrich	}
159	e180a6e3	Scott Ullrich	}
160	c3f535c0	Seth Mos	}
161	d97ff036	Ermal
162			unlock($dnslock);
163
164	c3f535c0	Seth Mos	return 0;
165	5b237745	Scott Ullrich	}
166
167	86dcdfc9	Ermal	function get_searchdomains() {
168			global $config, $g;
169
170			$master_list = array();
171
172			// Read in dhclient nameservers
173	e1daff07	Ermal	$search_list = glob("/var/etc/searchdomain_*");
174	86dcdfc9	Ermal	if (is_array($search_lists)) {
175	807fd6cd	Ermal	foreach($search_lists as $fdns) {
176			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
177			if (!is_array($contents))
178			continue;
179			foreach ($contents as $dns) {
180			if(is_hostname($dns))
181			$master_list[] = $dns;
182			}
183	86dcdfc9	Ermal	}
184			}
185
186			return $master_list;
187			}
188
189	3d00ccaa	Scott Ullrich	function get_nameservers() {
190			global $config, $g;
191			$master_list = array();
192	30cee7b2	Scott Ullrich
193	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
194	e1daff07	Ermal	$dns_lists = glob("/var/etc/nameserver_*");
195	1033de74	Ermal	if (is_array($dns_lists)) {
196	807fd6cd	Ermal	foreach($dns_lists as $fdns) {
197			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
198			if (!is_array($contents))
199			continue;
200			foreach ($contents as $dns) {
201			if(is_ipaddr($dns))
202			$master_list[] = $dns;
203			}
204	60951398	Scott Ullrich	}
205	3d00ccaa	Scott Ullrich	}
206	2a1226ad	Scott Ullrich
207			// Read in any extra nameservers
208			if(file_exists("/var/etc/nameservers.conf")) {
209	33818198	Ermal	$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
210	e1daff07	Ermal	if(is_array($dns_s)) {
211	2a1226ad	Scott Ullrich	foreach($dns_s as $dns)
212	1033de74	Ermal	if (is_ipaddr($dns))
213			$master_list[] = $dns;
214	e1daff07	Ermal	}
215	2a1226ad	Scott Ullrich	}
216
217	3d00ccaa	Scott Ullrich	return $master_list;
218			}
219
220	5b237745	Scott Ullrich	function system_hosts_generate() {
221	f19d3b7a	Scott Ullrich	global $config, $g;
222	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
223			$mt = microtime();
224	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
225	f19d3b7a	Scott Ullrich	}
226	0f282d7a	Scott Ullrich
227	5b237745	Scott Ullrich	$syscfg = $config['system'];
228			$dnsmasqcfg = $config['dnsmasq'];
229
230			if (!is_array($dnsmasqcfg['hosts'])) {
231			$dnsmasqcfg['hosts'] = array();
232			}
233			$hostscfg = $dnsmasqcfg['hosts'];
234	0f282d7a	Scott Ullrich
235	58db1fc4	Ermal	$hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
236	aa994814	Andrew Thompson	$lhosts = "";
237			$dhosts = "";
238	a55e9c70	Ermal Lu?i
239	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
240			$cfgip = get_interface_ip("lan");
241	f38f8062	Ermal	if (is_ipaddr($cfgip))
242			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
243	e5995f9d	Ermal	} else {
244			$sysiflist = get_configured_interface_list();
245			foreach ($sysiflist as $sysif) {
246			if (!interface_has_gateway($sysif)) {
247			$cfgip = get_interface_ip($sysif);
248			if (is_ipaddr($cfgip)) {
249			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
250			break;
251			}
252			}
253			}
254	f38f8062	Ermal	}
255	0f282d7a	Scott Ullrich
256	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
257			if ($host['host'])
258	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
259	5b237745	Scott Ullrich	else
260	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['domain']}\n";
261	5db4d1eb	jim-p	if (!is_array($host['aliases']) \|\| !is_array($host['aliases']['item']))
262			continue;
263	5a2a8349	Lorenz Schori	foreach ($host['aliases']['item'] as $alias) {
264			if ($alias['host'])
265			$lhosts .= "{$host['ip']} {$alias['host']}.{$alias['domain']} {$alias['host']}\n";
266			else
267			$lhosts .= "{$host['ip']} {$alias['domain']}\n";
268			}
269	5b237745	Scott Ullrich	}
270	da6155e0	Erik Fonnesbeck	if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
271	6a01ea44	Bill Marquette	foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
272			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
273	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
274	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
275	aa994814	Andrew Thompson	$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
276	4b2bf4fc	smos	}
277			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
278	7c6856f8	jim-p	foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf)
279			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
280			foreach ($dhcpifconf['staticmap'] as $host)
281			if ($host['ipaddrv6'] && $host['hostname'])
282			$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
283	a56e787d	Scott Ullrich	}
284	58db1fc4	Ermal
285	aa994814	Andrew Thompson	if (isset($dnsmasqcfg['dhcpfirst']))
286			$hosts .= $dhosts . $lhosts;
287			else
288			$hosts .= $lhosts . $dhosts;
289
290	58db1fc4	Ermal	/*
291			* Do not remove this because dhcpleases monitors with kqueue it needs to be
292			* killed before writing to hosts files.
293			*/
294			if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
295			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
296			@unlink("{$g['varrun_path']}/dhcpleases.pid");
297			}
298			$fd = fopen("{$g['varetc_path']}/hosts", "w");
299			if (!$fd) {
300			log_error("Error: cannot open hosts file in system_hosts_generate().\n");
301			return 1;
302			}
303	5b237745	Scott Ullrich	fwrite($fd, $hosts);
304			fclose($fd);
305	0f282d7a	Scott Ullrich
306	24d619f5	Ermal	system_dhcpleases_configure();
307
308			return 0;
309			}
310
311			function system_dhcpleases_configure() {
312	15d456b9	gnhb	global $config, $g;
313
314	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
315			return;
316	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
317			if (isset($config['dnsmasq']['regdhcp'])) {
318			/* Make sure we do not error out */
319			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
320	15d456b9	gnhb	if (file_exists("{$g['varrun_path']}/dhcpleases.pid"))
321			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
322			else
323			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
324			} else {
325			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
326			@unlink("{$g['varrun_path']}/dhcpleases.pid");
327			}
328	5b237745	Scott Ullrich	}
329
330			function system_hostname_configure() {
331	f19d3b7a	Scott Ullrich	global $config, $g;
332	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
333			$mt = microtime();
334	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
335	333f8ef0	Scott Ullrich	}
336	0f282d7a	Scott Ullrich
337	5b237745	Scott Ullrich	$syscfg = $config['system'];
338	0f282d7a	Scott Ullrich
339	5b237745	Scott Ullrich	/* set hostname */
340	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
341	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
342	6bfccde7	Scott Ullrich
343			/* Setup host GUID ID. This is used by ZFS. */
344			mwexec("/etc/rc.d/hostid start");
345
346			return $status;
347	5b237745	Scott Ullrich	}
348
349	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
350	962625aa	Ermal	global $config, $g;
351	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
352			return;
353	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
354			$mt = microtime();
355	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
356	58c7450e	Scott Ullrich	}
357	333f8ef0	Scott Ullrich
358	a529aced	Ermal	$gatewayip = "";
359			$interfacegw = "";
360	3cc07282	Ermal	$foundgw = false;
361	5a5413bb	Seth Mos	$gatewayipv6 = "";
362			$interfacegwv6 = "";
363			$foundgwv6 = false;
364	a529aced	Ermal	/* tack on all the hard defined gateways as well */
365			if (is_array($config['gateways']['gateway_item'])) {
366	d499c12b	Ermal	mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true);
367	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
368	08ab5cd2	jim-p	if (isset($gateway['defaultgw']) && ((is_ipaddrv4($gateway['gateway'])) \|\| ($gateway['gateway'] == "dynamic"))) {
369	911a262f	smos	if(strstr($gateway['gateway'], ":"))
370			break;
371	a529aced	Ermal	if ($gateway['gateway'] == "dynamic")
372			$gateway['gateway'] = get_interface_gateway($gateway['interface']);
373			$gatewayip = $gateway['gateway'];
374			$interfacegw = $gateway['interface'];
375	924f202e	Ermal	if (!empty($interfacegw)) {
376			$defaultif = get_real_interface($gateway['interface']);
377			if ($defaultif)
378			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
379			}
380			$foundgw = true;
381	a529aced	Ermal	break;
382			}
383	6e17413e	Ermal Lu?i	}
384	5a5413bb	Seth Mos	foreach ($config['gateways']['gateway_item'] as $gateway) {
385	08ab5cd2	jim-p	if (isset($gateway['defaultgw']) && ((is_ipaddrv6($gateway['gateway'])) \|\| ($gateway['gateway'] == "dynamic6"))) {
386	1a40ed8a	smos	if ($gateway['gateway'] == "dynamic6")
387	5a5413bb	Seth Mos	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
388			$gatewayipv6 = $gateway['gateway'];
389			$interfacegwv6 = $gateway['interface'];
390			if (!empty($interfacegwv6)) {
391	4f332466	Seth Mos	$defaultifv6 = get_real_interface($gateway['interface']);
392			if ($defaultifv6)
393	17a5b095	Seth Mos	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
394	5a5413bb	Seth Mos	}
395			$foundgwv6 = true;
396			break;
397			}
398			}
399	b24bda08	Scott Ullrich	}
400	3cc07282	Ermal	if ($foundgw == false) {
401			$defaultif = get_real_interface("wan");
402			$interfacegw = "wan";
403			$gatewayip = get_interface_gateway("wan");
404			@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
405			}
406	5a5413bb	Seth Mos	if ($foundgwv6 == false) {
407	4f332466	Seth Mos	$defaultifv6 = get_real_interface("wan");
408			$interfacegwv6 = "wan";
409			$gatewayipv6 = get_interface_gateway_v6("wan");
410	5a5413bb	Seth Mos	@touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6");
411	17a5b095	Seth Mos	}
412	d173230c	Seth Mos	$dont_add_route = false;
413			/* if OLSRD is enabled, allow WAN to house DHCP. */
414			if($config['installedpackages']['olsrd']) {
415			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
416	f581cb10	Chris Buechler	if(($olsrd['enabledyngw'] == "on") && ($olsrd['enable'] == "on")) {
417	d173230c	Seth Mos	$dont_add_route = true;
418	f581cb10	Chris Buechler	log_error(sprintf(gettext("Not adding default route because OLSR dynamic gateway is enabled.")));
419	6e17413e	Ermal Lu?i	break;
420	d173230c	Seth Mos	}
421			}
422			}
423	07b54e8c	smos
424	1ea67f2e	Ermal	if ($dont_add_route == false ) {
425	8d29cef4	Ermal	if (!empty($interface) && $interface != $interfacegw)
426	1ea67f2e	Ermal	;
427	5a5413bb	Seth Mos	else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) {
428	b368b35a	Ermal	log_error("ROUTING: setting default route to $gatewayip");
429			mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
430	d173230c	Seth Mos	}
431
432	17a5b095	Seth Mos	if (!empty($interface) && $interface != $interfacegwv6)
433	5a5413bb	Seth Mos	;
434			else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) {
435	26ecc19c	smos	if(preg_match("/fe80::/i", $gatewayipv6))
436			$ifscope = "%{$defaultifv6}";
437	ea91a8c0	smos	log_error("ROUTING: setting IPv6 default route to {$gatewayipv6}{$ifscope}");
438	02091d23	smos	mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");
439	5a5413bb	Seth Mos	}
440			}
441
442	f898c1a9	jim-p	$static_routes = get_staticroutes();
443			if (count($static_routes)) {
444	6fdea6a2	smos	$gateways_arr = return_gateways_array(false, true);
445	0f282d7a	Scott Ullrich
446	f898c1a9	jim-p	foreach ($static_routes as $rtent) {
447	a529aced	Ermal	$gatewayip = "";
448	a02708b1	Ermal	if (empty($gateways_arr[$rtent['gateway']])) {
449	4a896b86	Carlos Eduardo Ramos	log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
450	a529aced	Ermal	continue;
451			}
452	a02708b1	Ermal	$gateway = $gateways_arr[$rtent['gateway']];
453	1801c223	Ermal	if (!empty($interface) && $interface != $gateway['friendlyiface'])
454	a02708b1	Ermal	continue;
455	9740fad8	Seth Mos
456	bfe407e5	Warren Baker	if(isset($rtent['disabled'])) {
457			mwexec("/sbin/route delete " . escapeshellarg($rtent['network']), true);
458			continue;
459			}
460
461	a02708b1	Ermal	$gatewayip = $gateway['gateway'];
462			$interfacegw = $gateway['interface'];
463	a529aced	Ermal
464	5a5413bb	Seth Mos	if(is_ipaddrv6($gatewayip)) {
465	2db19fec	Seth Mos	$inetfamily = "-inet6";
466	5a5413bb	Seth Mos	} else {
467	2db19fec	Seth Mos	$inetfamily = "-inet";
468	5a5413bb	Seth Mos	}
469	1e5f47bb	smos	$blackhole = "";
470			if(preg_match("/^Null/i", $rtent['gateway']))
471			$blackhole = "-blackhole";
472
473	86ed4ec3	maho	if (is_ipaddr($gatewayip) && ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) \|\| (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
474	1e5f47bb	smos	mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
475	b24bda08	Scott Ullrich	" " . escapeshellarg($gatewayip));
476	86ed4ec3	maho	} else if (!empty($interfacegw) && ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) \|\| (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
477	1e5f47bb	smos	mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
478	a529aced	Ermal	" -iface " . escapeshellarg($interfacegw));
479	7a98edde	Seth Mos	}
480	5b237745	Scott Ullrich	}
481			}
482	67ee1ec5	Ermal Luçi
483	b9c501ea	Seth Mos	return 0;
484	5b237745	Scott Ullrich	}
485
486			function system_routing_enable() {
487	f19d3b7a	Scott Ullrich	global $config, $g;
488	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
489			$mt = microtime();
490	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
491	58c7450e	Scott Ullrich	}
492	0f282d7a	Scott Ullrich
493	6da3df4e	Seth Mos	mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
494			mwexec("/sbin/sysctl net.inet6.ip6.forwarding=1");
495			return;
496	5b237745	Scott Ullrich	}
497
498	bd29bb7b	jim-p	function system_syslogd_fixup_server($server) {
499			/* If it's an IPv6 IP alone, encase it in brackets */
500			if (is_ipaddrv6($server))
501			return "[$server]";
502			else
503			return $server;
504			}
505
506	236524c2	jim-p	function system_syslogd_get_remote_servers($syslogcfg, $facility = ".") {
507			// Rather than repeatedly use the same code, use this function to build a list of remote servers.
508			$facility .= " ".
509			$remote_servers = "";
510			$pad_to = 56;
511			$padding = ceil(($pad_to - strlen($facility))/8)+1;
512			if($syslogcfg['remoteserver'])
513	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
514	236524c2	jim-p	if($syslogcfg['remoteserver2'])
515	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
516	236524c2	jim-p	if($syslogcfg['remoteserver3'])
517	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
518	236524c2	jim-p	return $remote_servers;
519			}
520
521	5b237745	Scott Ullrich	function system_syslogd_start() {
522	f19d3b7a	Scott Ullrich	global $config, $g;
523	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
524			$mt = microtime();
525	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
526	58c7450e	Scott Ullrich	}
527	0f282d7a	Scott Ullrich
528	1fd3fe31	Scott Ullrich	mwexec("/etc/rc.d/hostid start");
529
530	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
531
532	0f282d7a	Scott Ullrich	if ($g['booting'])
533	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting syslog...");
534	5b237745	Scott Ullrich	else
535			killbypid("{$g['varrun_path']}/syslog.pid");
536	0f282d7a	Scott Ullrich
537	99f98b80	sullrich	if(is_process_running("syslogd"))
538	236524c2	jim-p	mwexec('/bin/pkill syslogd');
539	99f98b80	sullrich	if(is_process_running("fifolog_writer"))
540	236524c2	jim-p	mwexec('/bin/pkill fifolog_writer');
541	7ee97cb3	Scott Ullrich
542			// Define carious commands for logging
543			$fifolog_create = "/usr/sbin/fifolog_create -s ";
544			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
545			$clog_create = "/usr/sbin/clog -i -s ";
546			$clog_log = "%";
547
548			// Which logging type are we using this week??
549			if(isset($config['system']['usefifolog'])) {
550			$log_directive = $fifolog_log;
551	236524c2	jim-p	$log_create_directive = $fifolog_create;
552	7ee97cb3	Scott Ullrich	} else { // Defaults to CLOG
553			$log_directive = $clog_log;
554			$log_create_directive = $clog_create;
555			}
556
557	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
558	e0c45357	jim-p	$separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','unbound','dhcpd','dhcrelay','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd');
559	344016a8	Ermal	$syslogconf = "";
560	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
561	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
562			if($package['logging']) {
563	d589cccf	Warren Baker	array_push($separatelogfacilities, $package['logging']['facilityname']);
564	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
565	eeb52fea	Warren Baker	$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
566	a728d2ea	Colin Smith	}
567	0d9d2a1b	Scott Ullrich	}
568			}
569	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
570	e0c45357	jim-p	$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd\n";
571			if (!isset($syslogcfg['disablelocallogging']))
572			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/routing.log\n";
573
574			$syslogconf .= "!ntp,ntpd,ntpdate\n";
575	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
576	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
577
578	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
579			if (!isset($syslogcfg['disablelocallogging']))
580	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
581
582	a6607b5f	jim-p	$syslogconf .= "!pptps\n";
583	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
584	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptps.log\n";
585
586	a6607b5f	jim-p	$syslogconf .= "!poes\n";
587	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
588	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/poes.log\n";
589
590	a6607b5f	jim-p	$syslogconf .= "!l2tps\n";
591	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
592	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tps.log\n";
593
594	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
595	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
596	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
597			if (isset($syslogcfg['vpn']))
598			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
599
600	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
601	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
602	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
603			if (isset($syslogcfg['vpn']))
604			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
605
606	7bc41b19	jim-p	$syslogconf .= "!apinger\n";
607			if (!isset($syslogcfg['disablelocallogging']))
608	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/gateways.log\n";
609			if (isset($syslogcfg['apinger']))
610			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
611
612			$syslogconf .= "!dnsmasq,unbound\n";
613			if (!isset($syslogcfg['disablelocallogging']))
614			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/resolver.log\n";
615			if (isset($syslogcfg['apinger']))
616			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
617
618			$syslogconf .= "!dhcpd,dhcrelay\n";
619			if (!isset($syslogcfg['disablelocallogging']))
620			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/dhcpd.log\n";
621	236524c2	jim-p	if (isset($syslogcfg['apinger']))
622			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
623
624	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
625	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
626			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
627			if (isset($syslogcfg['relayd']))
628			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
629
630	689eaa4d	jim-p	$syslogconf .= "!hostapd\n";
631	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
632			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/wireless.log\n";
633			if (isset($syslogcfg['hostapd']))
634			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
635
636	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
637	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
638	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
639	236524c2	jim-p	local0.* {$log_directive}{$g['varlog_path']}/filter.log
640			local3.* {$log_directive}{$g['varlog_path']}/vpn.log
641			local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
642			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
643			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
644			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
645			local7.none {$log_directive}{$g['varlog_path']}/system.log
646			security.* {$log_directive}{$g['varlog_path']}/system.log
647			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
648			auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf 15
649			.emerg
650	be5d59d7	Scott Ullrich
651			EOD;
652	236524c2	jim-p	if (isset($syslogcfg['filter']))
653			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local0.*");
654			if (isset($syslogcfg['vpn']))
655			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
656			if (isset($syslogcfg['portalauth']))
657			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
658			if (isset($syslogcfg['dhcp']))
659			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
660	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
661	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
662			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
663			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
664			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
665			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
666			}
667	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
668	236524c2	jim-p	// Make everything mean everything, including facilities excluded above.
669			$syslogconf .= "!*\n";
670			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
671			}
672	be5d59d7	Scott Ullrich
673	a213ad18	Andrew Thompson	if (isset($syslogcfg['zmqserver'])) {
674			$syslogconf .= <<<EOD
675			. ^{$syslogcfg['zmqserver']}
676
677			EOD;
678			}
679	344016a8	Ermal	/* write syslog.conf */
680			if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
681			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
682			unset($syslogconf);
683			return 1;
684			}
685			unset($syslogconf);
686	42ee8bde	Scott Ullrich
687			// Ensure that the log directory exists
688	344016a8	Ermal	if (!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
689	42ee8bde	Scott Ullrich	exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
690
691	344016a8	Ermal	$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf");
692	5b237745	Scott Ullrich
693			} else {
694	344016a8	Ermal	$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l {$g['dhcpd_chroot_path']}/var/run/log");
695	5b237745	Scott Ullrich	}
696	0f282d7a	Scott Ullrich
697	5b237745	Scott Ullrich	if ($g['booting'])
698	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
699	0f282d7a	Scott Ullrich
700	5b237745	Scott Ullrich	return $retval;
701			}
702
703			function system_pccard_start() {
704	f19d3b7a	Scott Ullrich	global $config, $g;
705	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
706			$mt = microtime();
707	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
708	58c7450e	Scott Ullrich	}
709	0f282d7a	Scott Ullrich
710	5b237745	Scott Ullrich	if ($g['booting'])
711	4a896b86	Carlos Eduardo Ramos	echo gettext("Initializing PCMCIA...");
712	0f282d7a	Scott Ullrich
713	5b237745	Scott Ullrich	/* kill any running pccardd */
714			killbypid("{$g['varrun_path']}/pccardd.pid");
715	0f282d7a	Scott Ullrich
716	5b237745	Scott Ullrich	/* fire up pccardd */
717			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
718	0f282d7a	Scott Ullrich
719	5b237745	Scott Ullrich	if ($g['booting']) {
720			if ($res == 0)
721	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
722	5b237745	Scott Ullrich	else
723	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
724	5b237745	Scott Ullrich	}
725	0f282d7a	Scott Ullrich
726	5b237745	Scott Ullrich	return $res;
727			}
728
729	819197a8	Scott Ullrich
730	5b237745	Scott Ullrich	function system_webgui_start() {
731	f19d3b7a	Scott Ullrich	global $config, $g;
732	877ac35d	Scott Ullrich
733			if ($g['booting'])
734	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting webConfigurator...");
735	877ac35d	Scott Ullrich
736	383a4439	Scott Ullrich	/* kill any running lighttpd */
737	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
738
739	e9d0bf64	Scott Ullrich	sleep(1);
740
741	877ac35d	Scott Ullrich	chdir($g['www_path']);
742
743	fb1266d3	Matthew Grooms	/* defaults */
744			$portarg = "80";
745			$crt = "";
746			$key = "";
747	2cf6ddcb	Nigel Graham	$ca = "";
748	fb1266d3	Matthew Grooms
749	877ac35d	Scott Ullrich	/* non-standard port? */
750	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
751	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
752	877ac35d	Scott Ullrich
753			if ($config['system']['webgui']['protocol'] == "https") {
754	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
755	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
756	02b383fe	sullrich	if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
757	1e332e98	jim-p	if (!is_array($config['ca']))
758			$config['ca'] = array();
759			$a_ca =& $config['ca'];
760			if (!is_array($config['cert']))
761			$config['cert'] = array();
762			$a_cert =& $config['cert'];
763	e9954aef	Scott Ullrich	log_error("Creating SSL Certificate for this host");
764	aab4ca82	Scott Ullrich	$cert = array();
765			$cert['refid'] = uniqid();
766	4816e5ca	Renato Botelho	$cert['descr'] = gettext("webConfigurator default");
767	6955830f	Ermal Lu?i	mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
768			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha1 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
769			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
770			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
771			unlink("{$g['tmp_path']}/ssl.key");
772			unlink("{$g['tmp_path']}/ssl.crt");
773	aab4ca82	Scott Ullrich	cert_import($cert, $crt, $key);
774			$a_cert[] = $cert;
775			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
776	4a896b86	Carlos Eduardo Ramos	write_config(gettext("Importing HTTPS certificate"));
777	aab4ca82	Scott Ullrich	if(!$config['system']['webgui']['port'])
778			$portarg = "443";
779			$ca = ca_chain($cert);
780	edc8a9f8	jim-p	} else {
781	fb1266d3	Matthew Grooms	$crt = base64_decode($cert['crt']);
782			$key = base64_decode($cert['prv']);
783			if(!$config['system']['webgui']['port'])
784			$portarg = "443";
785	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
786	edc8a9f8	jim-p	}
787	877ac35d	Scott Ullrich	}
788
789			/* generate lighttpd configuration */
790			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
791	c41602e1	jim-p	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
792	98f20e35	Irving Popovetsky	"cert.pem", "ca.pem");
793	877ac35d	Scott Ullrich
794			/* attempt to start lighthttpd */
795			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
796
797			if ($g['booting']) {
798			if ($res == 0)
799	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
800	877ac35d	Scott Ullrich	else
801	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
802	877ac35d	Scott Ullrich	}
803
804			return $res;
805			}
806
807	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
808			$cert,
809			$key,
810	2cf6ddcb	Nigel Graham	$ca,
811	eb0f441c	Scott Ullrich	$pid_file,
812			$port = 80,
813			$document_root = "/usr/local/www/",
814			$cert_location = "cert.pem",
815	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
816	280b75d9	Scott Ullrich	$max_requests = "2",
817	eb0f441c	Scott Ullrich	$fast_cgi_enable = true,
818			$captive_portal = false) {
819	58c7450e	Scott Ullrich
820	f19d3b7a	Scott Ullrich	global $config, $g;
821
822	6955830f	Ermal Lu?i	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
823			mkdir("{$g['tmp_path']}/lighttpdcompress");
824	570ef08c	sullrich
825	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
826			$mt = microtime();
827	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
828	58c7450e	Scott Ullrich	}
829
830	6839a678	Ermal	if($captive_portal !== false) {
831	eb0f441c	Scott Ullrich	$captiveportal = ",\"mod_rewrite\"";
832	b4792bf8	Ermal	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n";
833	ec192fe5	Scott Ullrich	$captive_portal_module = "";
834	74a4edc3	Ermal
835	6844896c	bcyrill	$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
836	25fff267	Ermal	if(empty($maxprocperip))
837	74a4edc3	Ermal	$maxprocperip = 4;
838			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
839
840	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
841			exec("mkdir -p {$g['tmp_path']}/captiveportal");
842			exec("chmod a-w {$g['tmp_path']}/captiveportal");
843	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
844	b0bdc06e	Scott Ullrich	} else {
845	3435dc35	Ermal Lu?i	$captiveportal = "";
846			$captive_portal_rewrite = "";
847	b0bdc06e	Scott Ullrich	$captive_portal_module = "";
848			$captive_portal_mod_evasive = "";
849	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
850	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
851	eb0f441c	Scott Ullrich	}
852	3306a341	Scott Ullrich
853	28cae949	Scott Ullrich	if($port <> "")
854			$lighty_port = $port;
855			else
856			$lighty_port = "80";
857	3d77d4c4	Scott Ullrich
858			$memory = get_memory();
859			$avail = $memory[0];
860
861	98f20e35	Irving Popovetsky	// Determine web GUI process settings and take into account low memory systems
862	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
863			$fast_cgi_enable = false;
864			}
865	98f20e35	Irving Popovetsky	if($avail > 64 and $avail < 256) {
866			$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 1;
867			}
868			if($avail > 255 ) {
869			$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
870			}
871	f4ebc84a	Scott Ullrich
872	98f20e35	Irving Popovetsky	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
873	6839a678	Ermal	if($captive_portal !== false) {
874	98f20e35	Irving Popovetsky	if($avail > 107 and $avail < 256) {
875			$max_procs += 1; // 2 worker processes
876	70cc6249	Scott Ullrich	}
877	98f20e35	Irving Popovetsky	if($avail > 255 and $avail < 320) {
878			$max_procs += 1; // 3 worker processes
879	70cc6249	Scott Ullrich	}
880	98f20e35	Irving Popovetsky	if($avail > 319 and $avail < 384) {
881			$max_procs += 2; // 4 worker processes
882	70cc6249	Scott Ullrich	}
883	98f20e35	Irving Popovetsky	if($avail > 383 and $avail < 448) {
884			$max_procs += 3; // 5 worker processes
885	70cc6249	Scott Ullrich	}
886	98f20e35	Irving Popovetsky	if($avail > 447) {
887			$max_procs += 4; // 6 worker processes
888	70cc6249	Scott Ullrich	}
889	6e337a84	Scott Ullrich	$bin_environment = <<<EOC
890	5d2e5116	jim-p	"bin-environment" => (
891	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
892	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "500"
893			),
894	6e337a84	Scott Ullrich	EOC;
895
896	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
897			$bin_environment = <<<EOC
898	5d2e5116	jim-p	"bin-environment" => (
899	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
900	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "2",
901			),
902	04f4a116	Ermal Luçi
903			EOC;
904			} else
905	980df75c	Scott Ullrich	$bin_environment = <<<EOC
906	5d2e5116	jim-p	"bin-environment" => (
907	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
908	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "500"
909			),
910	980df75c	Scott Ullrich	EOC;
911
912	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
913	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
914	6839a678	Ermal	if ($captive_portal !== false)
915	b4792bf8	Ermal	$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
916			else
917			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi.socket";
918	4edb490d	Scott Ullrich	$cgi_config = "";
919			$fastcgi_config = <<<EOD
920			#### fastcgi module
921			## read fastcgi.txt for more info
922	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
923			( "localhost" =>
924			(
925	b4792bf8	Ermal	"socket" => "{$fast_cgi_path}",
926	980df75c	Scott Ullrich	"min-procs" => 0,
927	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
928	5d2e5116	jim-p	{$bin_environment}
929	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
930			)
931			)
932			)
933	4edb490d	Scott Ullrich
934	dde4f60c	Scott Ullrich	#### CGI module
935	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
936	dde4f60c	Scott Ullrich
937	4edb490d	Scott Ullrich	EOD;
938			} else {
939			$fastcgi_config = "";
940			$module = "\"mod_cgi\"";
941			$cgi_config = <<<EOD
942			#### CGI module
943			cgi.assign = ( ".php" => "/usr/local/bin/php",
944	d4302f46	Espen Johansen	".cgi" => "" )
945	333f8ef0	Scott Ullrich
946	4edb490d	Scott Ullrich	EOD;
947			}
948	333f8ef0	Scott Ullrich
949	3435dc35	Ermal Lu?i	$lighty_config = "";
950	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
951	28cae949	Scott Ullrich	#
952	a632cf43	Scott Ullrich	# lighttpd configuration file
953			#
954			# use a it as base for lighttpd 1.0.0 and above
955	28cae949	Scott Ullrich	#
956	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
957
958	770b4b9c	Scott Ullrich	## FreeBSD!
959	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
960			server.network-backend = "writev"
961	543ecd59	Seth Mos	#server.use-ipv6 = "enable"
962	096261af	Scott Ullrich
963	a632cf43	Scott Ullrich	## modules to load
964	4edb490d	Scott Ullrich	server.modules = (
965	a41c5253	Seth Mos	{$captive_portal_module}
966			"mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
967			{$module}{$captiveportal}
968			)
969	28cae949	Scott Ullrich
970			## Unused modules
971	6a019c11	Scott Ullrich	# "mod_setenv",
972			# "mod_rewrite",
973	28cae949	Scott Ullrich	# "mod_ssi",
974			# "mod_usertrack",
975			# "mod_expire",
976			# "mod_secdownload",
977			# "mod_rrdtool",
978	a632cf43	Scott Ullrich	# "mod_auth",
979			# "mod_status",
980	28cae949	Scott Ullrich	# "mod_alias",
981	a632cf43	Scott Ullrich	# "mod_proxy",
982			# "mod_simple_vhost",
983			# "mod_evhost",
984			# "mod_userdir",
985	28cae949	Scott Ullrich	# "mod_cgi",
986	a632cf43	Scott Ullrich
987	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
988			server.max-keep-alive-idle = 30
989
990	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
991			## server.virtual-* options
992	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
993	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
994	a632cf43	Scott Ullrich
995	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
996			server.max-write-idle = 999
997
998	a632cf43	Scott Ullrich	## where to send error-messages to
999	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
1000	a632cf43	Scott Ullrich
1001			# files to check for if .../ is requested
1002			server.indexfiles = ( "index.php", "index.html",
1003			"index.htm", "default.htm" )
1004
1005			# mimetype mapping
1006			mimetype.assign = (
1007			".pdf" => "application/pdf",
1008			".sig" => "application/pgp-signature",
1009			".spl" => "application/futuresplash",
1010			".class" => "application/octet-stream",
1011			".ps" => "application/postscript",
1012			".torrent" => "application/x-bittorrent",
1013			".dvi" => "application/x-dvi",
1014			".gz" => "application/x-gzip",
1015			".pac" => "application/x-ns-proxy-autoconfig",
1016			".swf" => "application/x-shockwave-flash",
1017			".tar.gz" => "application/x-tgz",
1018			".tgz" => "application/x-tgz",
1019			".tar" => "application/x-tar",
1020			".zip" => "application/zip",
1021			".mp3" => "audio/mpeg",
1022			".m3u" => "audio/x-mpegurl",
1023			".wma" => "audio/x-ms-wma",
1024			".wax" => "audio/x-ms-wax",
1025			".ogg" => "audio/x-wav",
1026			".wav" => "audio/x-wav",
1027			".gif" => "image/gif",
1028			".jpg" => "image/jpeg",
1029			".jpeg" => "image/jpeg",
1030			".png" => "image/png",
1031			".xbm" => "image/x-xbitmap",
1032			".xpm" => "image/x-xpixmap",
1033			".xwd" => "image/x-xwindowdump",
1034			".css" => "text/css",
1035			".html" => "text/html",
1036			".htm" => "text/html",
1037			".js" => "text/javascript",
1038			".asc" => "text/plain",
1039			".c" => "text/plain",
1040			".conf" => "text/plain",
1041			".text" => "text/plain",
1042			".txt" => "text/plain",
1043			".dtd" => "text/xml",
1044			".xml" => "text/xml",
1045			".mpeg" => "video/mpeg",
1046			".mpg" => "video/mpeg",
1047			".mov" => "video/quicktime",
1048			".qt" => "video/quicktime",
1049			".avi" => "video/x-msvideo",
1050			".asf" => "video/x-ms-asf",
1051			".asx" => "video/x-ms-asf",
1052			".wmv" => "video/x-ms-wmv",
1053			".bz2" => "application/x-bzip",
1054			".tbz" => "application/x-bzip-compressed-tar",
1055			".tar.bz2" => "application/x-bzip-compressed-tar"
1056			)
1057
1058			# Use the "Content-Type" extended attribute to obtain mime type if possible
1059			#mimetypes.use-xattr = "enable"
1060
1061			#### accesslog module
1062	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
1063	a632cf43	Scott Ullrich
1064			## deny access the file-extensions
1065			#
1066			# ~ is for backupfiles from vi, emacs, joe, ...
1067			# .inc is often used for code includes which should in general not be part
1068			# of the document-root
1069			url.access-deny = ( "~", ".inc" )
1070
1071
1072			######### Options that are good to be but not neccesary to be changed #######
1073
1074			## bind to port (default: 80)
1075	9cb94dd4	Ermal
1076			EOD;
1077
1078	6839a678	Ermal	$lighty_config .= "server.bind = \"0.0.0.0\"\n";
1079			$lighty_config .= "server.port = {$lighty_port}\n";
1080			$lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n";
1081			$lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n";
1082			if($cert <> "" and $key <> "") {
1083			$lighty_config .= "\n";
1084			$lighty_config .= "## ssl configuration\n";
1085			$lighty_config .= "ssl.engine = \"enable\"\n";
1086			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1087			if($ca <> "")
1088			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1089	543ecd59	Seth Mos	}
1090	6839a678	Ermal	$lighty_config .= " }\n";
1091	543ecd59	Seth Mos
1092	9cb94dd4	Ermal
1093			$lighty_config .= <<<EOD
1094	a632cf43	Scott Ullrich
1095			## error-handler for status 404
1096			#server.error-handler-404 = "/error-handler.html"
1097			#server.error-handler-404 = "/error-handler.php"
1098
1099			## to help the rc.scripts
1100			server.pid-file = "/var/run/{$pid_file}"
1101
1102			## virtual directory listings
1103	28cae949	Scott Ullrich	server.dir-listing = "disable"
1104	a632cf43	Scott Ullrich
1105			## enable debugging
1106	28cae949	Scott Ullrich	debug.log-request-header = "disable"
1107			debug.log-response-header = "disable"
1108			debug.log-request-handling = "disable"
1109			debug.log-file-not-found = "disable"
1110	a632cf43	Scott Ullrich
1111	570ef08c	sullrich	# gzip compression
1112	6955830f	Ermal Lu?i	compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1113	570ef08c	sullrich	compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )
1114
1115	3306a341	Scott Ullrich	{$server_upload_dirs}
1116	1ef7b568	Scott Ullrich
1117	a6e8af9c	Scott Ullrich	{$server_max_request_size}
1118	ee959dc4	Scott Ullrich
1119	4edb490d	Scott Ullrich	{$fastcgi_config}
1120
1121			{$cgi_config}
1122	a632cf43	Scott Ullrich
1123	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
1124
1125	569f47e9	Scott Ullrich	expire.url = (
1126	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
1127	569f47e9	Scott Ullrich	)
1128
1129	a632cf43	Scott Ullrich	EOD;
1130
1131	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1132	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1133	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
1134	7aae518a	Scott Ullrich
1135			$cert = str_replace("\n\n", "\n", $cert);
1136	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1137	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
1138	7aae518a	Scott Ullrich
1139	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
1140	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1141	5b237745	Scott Ullrich	if (!$fd) {
1142	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
1143	5b237745	Scott Ullrich	return 1;
1144			}
1145	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1146	5b237745	Scott Ullrich	fwrite($fd, $cert);
1147			fwrite($fd, "\n");
1148			fwrite($fd, $key);
1149			fclose($fd);
1150	546f30ca	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0))) {
1151	2cf6ddcb	Nigel Graham	$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1152			if (!$fd) {
1153	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
1154	2cf6ddcb	Nigel Graham	return 1;
1155			}
1156			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1157			fwrite($fd, $ca);
1158			fclose($fd);
1159			}
1160	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
1161	4a896b86	Carlos Eduardo Ramos	$lighty_config .= "## " . gettext("ssl configuration") . "\n";
1162	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1163	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1164	673ee7b1	Scott Ullrich
1165			// Harden SSL a bit for PCI conformance testing
1166			$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
1167	3cd2ea2c	jim-p	$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
1168	673ee7b1	Scott Ullrich
1169	75e9ed89	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0)))
1170	2cf6ddcb	Nigel Graham	$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1171	5b237745	Scott Ullrich	}
1172	a978a0ff	Chris Buechler
1173			// Add HTTP to HTTPS redirect
1174	6839a678	Ermal	if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1175	7921e8e5	Chris Buechler	if($lighty_port != "443")
1176			$redirectport = ":{$lighty_port}";
1177	d7e230ae	Chris Buechler	$lighty_config .= <<<EOD
1178			\$SERVER["socket"] == ":80" {
1179			\$HTTP["host"] =~ "(.*)" {
1180	7921e8e5	Chris Buechler	url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1181	d7e230ae	Chris Buechler	}
1182			}
1183			EOD;
1184			}
1185	0f282d7a	Scott Ullrich
1186	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1187	a632cf43	Scott Ullrich	if (!$fd) {
1188	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
1189	a632cf43	Scott Ullrich	return 1;
1190	5b237745	Scott Ullrich	}
1191	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1192			fclose($fd);
1193
1194			return 0;
1195	0f282d7a	Scott Ullrich
1196	5b237745	Scott Ullrich	}
1197
1198			function system_timezone_configure() {
1199	f19d3b7a	Scott Ullrich	global $config, $g;
1200	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1201			$mt = microtime();
1202	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1203	333f8ef0	Scott Ullrich	}
1204	5b237745	Scott Ullrich
1205			$syscfg = $config['system'];
1206
1207			if ($g['booting'])
1208	4a896b86	Carlos Eduardo Ramos	echo gettext("Setting timezone...");
1209	5b237745	Scott Ullrich
1210			/* extract appropriate timezone file */
1211			$timezone = $syscfg['timezone'];
1212			if (!$timezone)
1213			$timezone = "Etc/UTC";
1214	0f282d7a	Scott Ullrich
1215	34febcde	Scott Ullrich	conf_mount_rw();
1216
1217	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1218	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1219
1220	4efd4885	Scott Ullrich	mwexec("sync");
1221	27150275	Scott Ullrich	conf_mount_ro();
1222	34febcde	Scott Ullrich
1223	5b237745	Scott Ullrich	if ($g['booting'])
1224	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1225	5b237745	Scott Ullrich	}
1226
1227	5c8843d5	jim-p	function system_ntp_setup_gps($serialport) {
1228			$gps_device = '/dev/gps0';
1229			$serialport = '/dev/'.$serialport;
1230
1231			if (!file_exists($serialport))
1232			return false;
1233
1234			conf_mount_rw();
1235			// Create symlink that ntpd requires
1236			unlink_if_exists($gps_device);
1237			symlink($serialport, $gps_device);
1238
1239			/* Send the following to the GPS port to initialize the GPS */
1240			$gps_init = <<<EOF
1241			\$PUBX,40,GSV,0,0,0,0*59
1242			\$PUBX,40,GLL,0,0,0,0*5C
1243			\$PUBX,40,ZDA,0,0,0,0*44
1244			\$PUBX,40,VTG,0,0,0,0*5E
1245			\$PUBX,40,GSV,0,0,0,0*59
1246			\$PUBX,40,GSA,0,0,0,0*4E
1247			\$PUBX,40,GGA,0,0,0,0
1248			\$PUBX,40,TXT,0,0,0,0
1249			\$PUBX,40,RMC,0,0,0,0*46
1250			\$PUBX,41,1,0007,0003,4800,0
1251			\$PUBX,40,ZDA,1,1,1,1
1252			EOF;
1253	18080a21	jim-p	file_put_contents("/tmp/gps.init", $gps_init);
1254			`cat /tmp/gps.init > $serialport`;
1255	5c8843d5	jim-p
1256			/* Add /etc/remote entry in case we need to read from the GPS with tip */
1257			if (intval(`grep -c '^gps0' /etc/remote`) == 0)
1258			`echo "gps0:dv={$serialport}:br#4800:pa=none:" >> /etc/remote`;
1259
1260			conf_mount_ro();
1261
1262			return true;
1263			}
1264
1265	0b8e9d38	jim-p	function system_ntp_configure($start_ntpd=true) {
1266	f19d3b7a	Scott Ullrich	global $config, $g;
1267	42135f07	jim-p	$driftfile = "/var/db/ntpd.drift";
1268	5c8843d5	jim-p	$statsdir = "/var/log/ntp";
1269			$gps_device = '/dev/gps0';
1270	5b237745	Scott Ullrich
1271	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
1272			return;
1273
1274	5c8843d5	jim-p	safe_mkdir($statsdir);
1275
1276	b2305621	Ermal	$ntpcfg = "# \n";
1277	42135f07	jim-p	$ntpcfg .= "# pfSense ntp configuration file \n";
1278	b2305621	Ermal	$ntpcfg .= "# \n\n";
1279	362c9bb0	jim-p	$ntpcfg .= "tinker panic 0 \n";
1280	0f282d7a	Scott Ullrich
1281	5c8843d5	jim-p	if (!empty($config['ntpd']['gpsport'])
1282			&& file_exists('/dev/'.$config['ntpd']['gpsport'])
1283			&& system_ntp_setup_gps($config['ntpd']['gpsport'])) {
1284			$ntpcfg .= "# GPS Setup\n";
1285			$ntpcfg .= "server 127.127.20.0 mode 0 minpoll 4 maxpoll 4 prefer\n";
1286			$ntpcfg .= "fudge 127.127.20.0 time1 0.155 time2 0.000 flag1 1 flag2 0 flag3 1\n";
1287			// Fall back to local clock if GPS is out of sync?
1288			$ntpcfg .= "server 127.127.1.0\n";
1289			$ntpcfg .= "fudge 127.127.1.0 stratum 12\n";
1290			}
1291
1292			$ntpcfg .= "\n\n# Upstream Servers\n";
1293	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1294	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts)
1295	42135f07	jim-p	$ntpcfg .= "server {$ts} iburst maxpoll 9\n";
1296
1297	5c8843d5	jim-p	$ntpcfg .= "enable monitor\n";
1298	d9c72958	jim-p	$ntpcfg .= "enable stats\n";
1299			$ntpcfg .= "statistics clockstats\n";
1300	5c8843d5	jim-p	$ntpcfg .= "statsdir {$statsdir}\n";
1301			$ntpcfg .= "logconfig =syncall +clockall\n";
1302	42135f07	jim-p	$ntpcfg .= "driftfile {$driftfile}\n";
1303	7b27db03	jim-p	$ntpcfg .= "restrict default kod nomodify notrap nopeer\n";
1304			$ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n";
1305	95594e5a	Scott Ullrich
1306	cf180ccc	jim-p	if (empty($config['ntpd']['interface']))
1307	e43d53b4	Phil Davis	if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface']))
1308	cf180ccc	jim-p	$interfaces = explode(",", $config['installedpackages']['openntpd']['config'][0]['interface']);
1309			else
1310			$interfaces = array();
1311			else
1312			$interfaces = explode(",", $config['ntpd']['interface']);
1313
1314			if (is_array($interfaces) && count($interfaces)) {
1315			$ntpcfg .= "interface ignore all\n";
1316			foreach ($interfaces as $interface) {
1317			if (!is_ipaddr($interface)) {
1318			$interface = get_real_interface($interface);
1319			}
1320			$ntpcfg .= "interface listen {$interface}\n";
1321			}
1322			}
1323
1324	b2305621	Ermal	/* open configuration for wrting or bail */
1325			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1326			if(!$fd) {
1327			log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1328			return;
1329			}
1330			fwrite($fd, $ntpcfg);
1331	0f282d7a	Scott Ullrich
1332	20b90e0a	Scott Ullrich	/* slurp! */
1333			fclose($fd);
1334
1335	0b8e9d38	jim-p	/* At bootup we just want to write out the config. */
1336			if (!$start_ntpd)
1337			return;
1338
1339	42135f07	jim-p	/* if ntpd is running, kill it */
1340	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1341	c8960970	Ermal	killbyname("ntpd");
1342	5f3e1f12	Scott Ullrich	}
1343
1344			/* if /var/empty does not exist, create it */
1345			if(!is_dir("/var/empty"))
1346			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1347
1348	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1349	7dab8995	jim-p	$oldset = array();
1350			pcntl_sigprocmask(SIG_SETMASK, array(), $oldset);
1351	cf180ccc	jim-p	exec("/usr/local/bin/ntpd -g -c {$g['varetc_path']}/ntpd.conf");
1352	7dab8995	jim-p	pcntl_sigprocmask(SIG_SETMASK, $oldset);
1353	83eb4567	Scott Ullrich
1354			// Note that we are starting up
1355	42135f07	jim-p	log_error("NTPD is starting up.");
1356	0b8e9d38	jim-p	return;
1357	5b237745	Scott Ullrich	}
1358
1359	652cf082	Seth Mos	function sync_system_time() {
1360			global $config, $g;
1361
1362			if ($g['booting'])
1363	4a896b86	Carlos Eduardo Ramos	echo gettext("Syncing system time before startup...");
1364	652cf082	Seth Mos
1365			/* foreach through servers and write out to ntpd.conf */
1366	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1367	652cf082	Seth Mos	mwexec("/usr/sbin/ntpdate -s $ts");
1368			}
1369	4582b281	Scott Ullrich
1370			if ($g['booting'])
1371	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1372	4582b281	Scott Ullrich
1373	652cf082	Seth Mos	}
1374
1375	405e5de0	Scott Ullrich	function system_halt() {
1376			global $g;
1377
1378			system_reboot_cleanup();
1379
1380	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1381	405e5de0	Scott Ullrich	}
1382
1383	5b237745	Scott Ullrich	function system_reboot() {
1384			global $g;
1385	0f282d7a	Scott Ullrich
1386	5b237745	Scott Ullrich	system_reboot_cleanup();
1387	0f282d7a	Scott Ullrich
1388	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1389			}
1390
1391			function system_reboot_sync() {
1392			global $g;
1393	0f282d7a	Scott Ullrich
1394	5b237745	Scott Ullrich	system_reboot_cleanup();
1395	0f282d7a	Scott Ullrich
1396	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1397			}
1398
1399			function system_reboot_cleanup() {
1400	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1401	04967d99	jim-p	require_once("captiveportal.inc");
1402	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1403	336e3c1c	Charlie	require_once("voucher.inc");
1404			voucher_save_db_to_config();
1405	60dd7649	jim-p	require_once("pkg-utils.inc");
1406			stop_packages();
1407	5b237745	Scott Ullrich	}
1408
1409			function system_do_shell_commands($early = 0) {
1410	f19d3b7a	Scott Ullrich	global $config, $g;
1411	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1412			$mt = microtime();
1413	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1414	58c7450e	Scott Ullrich	}
1415	0f282d7a	Scott Ullrich
1416	5b237745	Scott Ullrich	if ($early)
1417			$cmdn = "earlyshellcmd";
1418			else
1419			$cmdn = "shellcmd";
1420	0f282d7a	Scott Ullrich
1421	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1422	333f8ef0	Scott Ullrich
1423	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1424	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1425			exec($cmd);
1426			}
1427	245388b4	Scott Ullrich
1428			} elseif($config['system'][$cmdn] <> "") {
1429	333f8ef0	Scott Ullrich
1430	245388b4	Scott Ullrich	/* execute single item */
1431			exec($config['system'][$cmdn]);
1432
1433	5b237745	Scott Ullrich	}
1434			}
1435
1436			function system_console_configure() {
1437	f19d3b7a	Scott Ullrich	global $config, $g;
1438	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1439			$mt = microtime();
1440	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1441	333f8ef0	Scott Ullrich	}
1442	0f282d7a	Scott Ullrich
1443	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1444			touch("{$g['varetc_path']}/disableconsole");
1445			} else {
1446			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1447			}
1448			}
1449
1450			function system_dmesg_save() {
1451	f19d3b7a	Scott Ullrich	global $g;
1452	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1453			$mt = microtime();
1454	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1455	f19d3b7a	Scott Ullrich	}
1456	0f282d7a	Scott Ullrich
1457	767a716e	Scott Ullrich	$dmesg = "";
1458	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1459	0f282d7a	Scott Ullrich
1460	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1461			$lastcpline = 0;
1462	0f282d7a	Scott Ullrich
1463	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1464			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1465			$lastcpline = $i;
1466			}
1467	0f282d7a	Scott Ullrich
1468	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1469			if (!$fd) {
1470	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1471	5b237745	Scott Ullrich	return 1;
1472			}
1473	0f282d7a	Scott Ullrich
1474	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1475			fwrite($fd, $dmesg[$i] . "\n");
1476	0f282d7a	Scott Ullrich
1477	5b237745	Scott Ullrich	fclose($fd);
1478	0f282d7a	Scott Ullrich
1479	5b237745	Scott Ullrich	return 0;
1480			}
1481
1482			function system_set_harddisk_standby() {
1483	f19d3b7a	Scott Ullrich	global $g, $config;
1484	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1485			$mt = microtime();
1486	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1487	58c7450e	Scott Ullrich	}
1488	5b237745	Scott Ullrich
1489			if (isset($config['system']['harddiskstandby'])) {
1490			if ($g['booting']) {
1491	4a896b86	Carlos Eduardo Ramos	echo gettext('Setting hard disk standby... ');
1492	5b237745	Scott Ullrich	}
1493
1494			$standby = $config['system']['harddiskstandby'];
1495			// Check for a numeric value
1496			if (is_numeric($standby)) {
1497			// Sync the disk(s)
1498	5ba5a8de	Scott Ullrich	pfSense_sync();
1499	5b237745	Scott Ullrich	if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1500			// Reinitialize ATA-drives
1501			mwexec('/usr/local/sbin/atareinit');
1502			if ($g['booting']) {
1503	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1504	5b237745	Scott Ullrich	}
1505			} else if ($g['booting']) {
1506	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1507	5b237745	Scott Ullrich	}
1508			} else if ($g['booting']) {
1509	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1510	5b237745	Scott Ullrich	}
1511			}
1512			}
1513
1514	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1515	f19d3b7a	Scott Ullrich	global $config;
1516	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1517			$mt = microtime();
1518	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1519	58c7450e	Scott Ullrich	}
1520	243aa7b9	Scott Ullrich
1521	6df9d7e3	Scott Ullrich	activate_sysctls();
1522
1523	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1524			system_disable_arp_wrong_if();
1525			}
1526			}
1527
1528			function system_disable_arp_wrong_if() {
1529	f19d3b7a	Scott Ullrich	global $config;
1530	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1531			$mt = microtime();
1532	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1533	333f8ef0	Scott Ullrich	}
1534	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1535	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1536	3ff9d424	Scott Ullrich	}
1537
1538	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1539	f19d3b7a	Scott Ullrich	global $config;
1540	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1541			$mt = microtime();
1542	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1543	58c7450e	Scott Ullrich	}
1544	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1545	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1546	243aa7b9	Scott Ullrich	}
1547
1548	a199b93e	Scott Ullrich	function enable_watchdog() {
1549			global $config;
1550	1a479479	Scott Ullrich	return;
1551	a199b93e	Scott Ullrich	$install_watchdog = false;
1552			$supported_watchdogs = array("Geode");
1553			$file = file_get_contents("/var/log/dmesg.boot");
1554			foreach($supported_watchdogs as $sd) {
1555			if(stristr($file, "Geode")) {
1556			$install_watchdog = true;
1557			}
1558			}
1559			if($install_watchdog == true) {
1560	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1561	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1562	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1563	a199b93e	Scott Ullrich	}
1564			}
1565	15f14889	Scott Ullrich
1566			function system_check_reset_button() {
1567	fa83737d	Scott Ullrich	global $g;
1568	223ef06a	Scott Ullrich	if($g['platform'] != "nanobsd")
1569	fa83737d	Scott Ullrich	return 0;
1570	15f14889	Scott Ullrich
1571	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
1572
1573	15f14889	Scott Ullrich	if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix")
1574			return 0;
1575
1576			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
1577
1578			if ($retval == 99) {
1579			/* user has pressed reset button for 2 seconds -
1580			reset to factory defaults */
1581			echo <<<EOD
1582
1583			***********************************************************************
1584			* Reset button pressed - resetting configuration to factory defaults. *
1585			* The system will reboot after this completes. *
1586			***********************************************************************
1587
1588
1589			EOD;
1590
1591			reset_factory_defaults();
1592			system_reboot_sync();
1593			exit(0);
1594			}
1595
1596			return 0;
1597			}
1598
1599	31c9379c	Scott Ullrich	/* attempt to identify the specific platform (for embedded systems)
1600			Returns an array with two elements:
1601			name => platform string (e.g. 'wrap', 'alix' etc.)
1602			descr => human-readable description (e.g. "PC Engines WRAP")
1603			*/
1604			function system_identify_specific_platform() {
1605			global $g;
1606
1607			if ($g['platform'] == 'generic-pc')
1608	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
1609	31c9379c	Scott Ullrich
1610			if ($g['platform'] == 'generic-pc-cdrom')
1611	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
1612	31c9379c	Scott Ullrich
1613			/* the rest of the code only deals with 'embedded' platforms */
1614	1a2911a7	Scott Ullrich	if ($g['platform'] != 'nanobsd')
1615	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
1616
1617			$dmesg = system_get_dmesg_boot();
1618
1619			if (strpos($dmesg, "PC Engines WRAP") !== false)
1620	4a896b86	Carlos Eduardo Ramos	return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
1621	31c9379c	Scott Ullrich
1622			if (strpos($dmesg, "PC Engines ALIX") !== false)
1623	4a896b86	Carlos Eduardo Ramos	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
1624	31c9379c	Scott Ullrich
1625			if (preg_match("/Soekris net45../", $dmesg, $matches))
1626			return array('name' => 'net45xx', 'descr' => $matches[0]);
1627
1628			if (preg_match("/Soekris net48../", $dmesg, $matches))
1629			return array('name' => 'net48xx', 'descr' => $matches[0]);
1630
1631			if (preg_match("/Soekris net55../", $dmesg, $matches))
1632			return array('name' => 'net55xx', 'descr' => $matches[0]);
1633
1634			/* unknown embedded platform */
1635	4a896b86	Carlos Eduardo Ramos	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
1636	31c9379c	Scott Ullrich	}
1637
1638			function system_get_dmesg_boot() {
1639			global $g;
1640	d16af75d	Scott Ullrich
1641	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1642			}
1643
1644	c82b2c3f	jim-p	function get_possible_listen_ips() {
1645	7401c8c4	jim-p	$interfaces = get_configured_interface_with_descr();
1646			$carplist = get_configured_carp_interface_list();
1647			$listenips = array();
1648			foreach ($carplist as $cif => $carpip)
1649			$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
1650			$aliaslist = get_configured_ip_aliases_list();
1651			foreach ($aliaslist as $aliasip => $aliasif)
1652			$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1653			foreach ($interfaces as $iface => $ifacename) {
1654			$tmp["name"] = $ifacename;
1655			$tmp["value"] = $iface;
1656			$listenips[] = $tmp;
1657			}
1658			$tmp["name"] = "Localhost";
1659			$tmp["value"] = "lo0";
1660			$listenips[] = $tmp;
1661			return $listenips;
1662			}
1663	943994ff	Scott Ullrich
1664	65101877	smos	/* Pick up IPv6 router advertisements on the interface */
1665			function pickup_ipv6_router_advertisement($interface) {
1666			global $g;
1667			$realif = get_real_interface($interface);
1668			exec("/sbin/rtsol -d {$realif} 2>&1", $out, $ret);
1669			if(!empty($out)) {
1670			foreach($out as $line) {
1671			if((stristr($line, "received")) && (!stristr($line, "unexpected"))) {
1672			$parts = explode(" ", $line);
1673			if(is_ipaddrv6($parts[3])) {
1674			log_error("Found IPv6 default gateway '{$parts[3]}' on interface {$realif} by RA.");
1675			file_put_contents("{$g['tmp_path']}/{$realif}_routerv6", "{$parts[3]}\n");
1676			file_put_contents("{$g['tmp_path']}/{$realif}_defaultgwv6", "{$parts[3]}\n");
1677			break;
1678			}
1679			}
1680			}
1681			}
1682			}
1683
1684	3b8a17a1	Ermal	?>

Project

General

Profile

pfSense