/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 67d285e4

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			/* include all configuration functions */
33			require_once("functions.inc");
34	0f282d7a	Scott Ullrich
35	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
36	ef217c69	Scott Ullrich	global $config, $g;
37
38			$syscfg = $config['system'];
39
40			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
41			if (!$fd) {
42			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
43			return 1;
44			}
45
46			$resolvconf = "domain {$syscfg['domain']}\n";
47
48			$havedns = false;
49
50			if (isset($syscfg['dnsallowoverride'])) {
51			/* get dynamically assigned DNS servers (if any) */
52			$nfd = @fopen("{$g['varetc_path']}/nameservers.conf", "r");
53			if ($nfd) {
54			while (!feof($nfd)) {
55			$dnss = trim(fgets($nfd));
56			if ($dnss) {
57			$resolvconf .= "nameserver $dnss\n";
58			$havedns = true;
59			}
60			}
61			fclose($nfd);
62			}
63	aad37fd2	Jeb Campbell	$nfd = @fopen("{$g['varetc_path']}/defaultdomain.conf", "r");
64			if ($nfd and $havedns) {
65			while (!feof($nfd)) {
66			$dnss = trim(fgets($nfd));
67			if ($dnss) {
68			$resolvconf .= "search $dnss\n";
69			}
70			}
71			fclose($nfd);
72			}
73	ef217c69	Scott Ullrich	}
74			if (!$havedns && is_array($syscfg['dnsserver'])) {
75			foreach ($syscfg['dnsserver'] as $ns) {
76	65c2df02	Scott Ullrich	if ($ns) {
77	e1b58215	Scott Ullrich
78	ef217c69	Scott Ullrich	$resolvconf .= "nameserver $ns\n";
79	65c2df02	Scott Ullrich	$havedns = true;
80			}
81	ef217c69	Scott Ullrich	}
82			}
83	0f282d7a	Scott Ullrich
84	e1b58215	Scott Ullrich	$ns = str_replace("nameserver nameserver ", "nameserver ", $resolvconf);
85
86	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
87			fclose($fd);
88	0f282d7a	Scott Ullrich
89	ef217c69	Scott Ullrich	if (!$g['booting']) {
90			/* restart dhcpd (nameservers may have changed) */
91			if (!$dynupdate)
92			services_dhcpd_configure();
93			}
94
95			return 0;
96	5b237745	Scott Ullrich	}
97
98			function system_hosts_generate() {
99			global $config, $g;
100	0f282d7a	Scott Ullrich
101	5b237745	Scott Ullrich	$syscfg = $config['system'];
102			$lancfg = $config['interfaces']['lan'];
103			$dnsmasqcfg = $config['dnsmasq'];
104
105			if (!is_array($dnsmasqcfg['hosts'])) {
106			$dnsmasqcfg['hosts'] = array();
107			}
108			$hostscfg = $dnsmasqcfg['hosts'];
109	0f282d7a	Scott Ullrich
110	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
111			if (!$fd) {
112			printf("Error: cannot open hosts file in system_hosts_generate().\n");
113			return 1;
114			}
115	0f282d7a	Scott Ullrich
116	5b237745	Scott Ullrich	$hosts = <<<EOD
117			127.0.0.1 localhost localhost.{$syscfg['domain']}
118			{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
119
120			EOD;
121	0f282d7a	Scott Ullrich
122	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
123			if ($host['host'])
124			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
125			else
126			$hosts .= "{$host['ip']} {$host['domain']}\n";
127			}
128			fwrite($fd, $hosts);
129			fclose($fd);
130	0f282d7a	Scott Ullrich
131	5b237745	Scott Ullrich	return 0;
132			}
133
134			function system_hostname_configure() {
135			global $config, $g;
136	0f282d7a	Scott Ullrich
137	5b237745	Scott Ullrich	$syscfg = $config['system'];
138	0f282d7a	Scott Ullrich
139	5b237745	Scott Ullrich	/* set hostname */
140			return mwexec("/bin/hostname " .
141			escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
142			}
143
144			function system_routing_configure() {
145			global $config, $g;
146	0f282d7a	Scott Ullrich
147			/* Enable fast routing, if enabled */
148			if(isset($config['staticroutes']['enablefastrouting']))
149			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
150
151	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
152			if (file_exists("{$g['vardb_path']}/routes.db")) {
153			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
154			if (!$fd) {
155			printf("Error: cannot open routes DB file in system_routing_configure().\n");
156	0f282d7a	Scott Ullrich	return 1;
157	5b237745	Scott Ullrich	}
158			while (!feof($fd)) {
159			$oldrt = fgets($fd);
160			if ($oldrt)
161			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
162			}
163			fclose($fd);
164			unlink("{$g['vardb_path']}/routes.db");
165			}
166	0f282d7a	Scott Ullrich
167	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
168	0f282d7a	Scott Ullrich
169	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
170			if (!$fd) {
171			printf("Error: cannot open routes DB file in system_routing_configure().\n");
172	0f282d7a	Scott Ullrich	return 1;
173	5b237745	Scott Ullrich	}
174	0f282d7a	Scott Ullrich
175	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
176	0f282d7a	Scott Ullrich	mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
177	5b237745	Scott Ullrich	" " . escapeshellarg($rtent['gateway']));
178	0f282d7a	Scott Ullrich
179	5b237745	Scott Ullrich	/* record route so it can be easily removed later (if necessary) */
180			fwrite($fd, $rtent['network'] . "\n");
181			}
182	0f282d7a	Scott Ullrich
183			fclose($fd);
184	5b237745	Scott Ullrich	}
185	0f282d7a	Scott Ullrich
186	5b237745	Scott Ullrich	return 0;
187			}
188
189			function system_routing_enable() {
190			global $config, $g;
191	0f282d7a	Scott Ullrich
192	5b237745	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
193			}
194
195			function system_syslogd_start() {
196			global $config, $g;
197	0f282d7a	Scott Ullrich
198	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
199
200	0f282d7a	Scott Ullrich	if ($g['booting'])
201	5c6d0f65	Colin Smith	echo "Starting syslog... ";
202	5b237745	Scott Ullrich	else
203			killbypid("{$g['varrun_path']}/syslog.pid");
204	0f282d7a	Scott Ullrich
205	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
206	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
207			foreach($config['installedpackages']['package'] as $package) {
208			if($package['logging']) {
209			$pkgfacilities[] = $package['logging']['facilityname'];
210	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
211			mwexec("clog -i -s 10000 {$g['varlog_path']}/{$package['logging']['logfilename']}");
212			$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t%{$g['varlog_path']}/{$package['logging']['logfilename']}\n!-{$facilitylist}\n";
213	a728d2ea	Colin Smith	}
214			}
215			}
216	5b237745	Scott Ullrich	/* write syslog.conf */
217			$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
218			if (!$fd) {
219			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
220			return 1;
221			}
222	1cdec603	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
223	a728d2ea	Colin Smith	$syslogconf .= <<<EOD
224	3575403e	Colin Smith	!racoon
225	bc7f52e2	Colin Smith	. %{$g['varlog_path']}/ipsec.log
226	84e86846	Colin Smith	!-racoon,{$facilitylist}
227	bc328042	Bill Marquette	local0.* %{$g['varlog_path']}/filter.log
228			local3.* %{$g['varlog_path']}/vpn.log
229			local4.* %{$g['varlog_path']}/portalauth.log
230			local7.* %{$g['varlog_path']}/dhcpd.log
231	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; %{$g['varlog_path']}/system.log
232			news.err;local0.none;local3.none;local4.none; %{$g['varlog_path']}/system.log
233			local7.none %{$g['varlog_path']}/system.log
234	bc328042	Bill Marquette	security.* %{$g['varlog_path']}/system.log
235			auth.info;authpriv.info;daemon.info %{$g['varlog_path']}/system.log
236	a5dba545	Scott Ullrich	local1.* %{$g['varlog_path']}/slbd.log
237	5b237745	Scott Ullrich	.emerg
238
239			EOD;
240	e1c0c35a	Scott Ullrich	}
241	5b237745	Scott Ullrich
242			if (isset($syslogcfg['filter'])) {
243			$syslogconf .= <<<EOD
244			local0.* @{$syslogcfg['remoteserver']}
245
246			EOD;
247			}
248	0f282d7a	Scott Ullrich
249	5b237745	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
250			$syslogconf .= <<<EOD
251			local3.* @{$syslogcfg['remoteserver']}
252	0a123b4c	Scott Ullrich
253	3f2b92d2	Scott Ullrich	EOD;
254			}
255
256	5b237745	Scott Ullrich
257	3f2b92d2	Scott Ullrich	if (isset($syslogcfg['portalauth'])) {
258			$syslogconf .= <<<EOD
259			local4.* @{$syslogcfg['remoteserver']}
260	0a123b4c	Scott Ullrich
261	5b237745	Scott Ullrich	EOD;
262			}
263
264	3f2b92d2	Scott Ullrich
265	5b237745	Scott Ullrich	if (isset($syslogcfg['dhcp'])) {
266			$syslogconf .= <<<EOD
267			local7.* @{$syslogcfg['remoteserver']}
268	0a123b4c	Scott Ullrich
269	5b237745	Scott Ullrich	EOD;
270			}
271
272			if (isset($syslogcfg['system'])) {
273			$syslogconf .= <<<EOD
274	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
275			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
276	5b237745	Scott Ullrich	security.* @{$syslogcfg['remoteserver']}
277			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
278			*.emerg @{$syslogcfg['remoteserver']}
279			EOD;
280			}
281			fwrite($fd, $syslogconf);
282			fclose($fd);
283	0f282d7a	Scott Ullrich
284	5b237745	Scott Ullrich	$retval = mwexec("/usr/sbin/syslogd -s -f {$g['varetc_path']}/syslog.conf");
285
286			} else {
287			$retval = mwexec("/usr/sbin/syslogd -ss");
288			}
289	0f282d7a	Scott Ullrich
290	5b237745	Scott Ullrich	if ($g['booting'])
291	5c6d0f65	Colin Smith	echo "done.\n";
292	0f282d7a	Scott Ullrich
293	5b237745	Scott Ullrich	return $retval;
294			}
295
296			function system_pccard_start() {
297			global $config, $g;
298	0f282d7a	Scott Ullrich
299	5b237745	Scott Ullrich	if ($g['booting'])
300	5c6d0f65	Colin Smith	echo "Initializing PCMCIA... ";
301	0f282d7a	Scott Ullrich
302	5b237745	Scott Ullrich	/* kill any running pccardd */
303			killbypid("{$g['varrun_path']}/pccardd.pid");
304	0f282d7a	Scott Ullrich
305	5b237745	Scott Ullrich	/* fire up pccardd */
306			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
307	0f282d7a	Scott Ullrich
308	5b237745	Scott Ullrich	if ($g['booting']) {
309			if ($res == 0)
310	5c6d0f65	Colin Smith	echo "done.\n";
311	5b237745	Scott Ullrich	else
312	5c6d0f65	Colin Smith	echo "failed!\n";
313	5b237745	Scott Ullrich	}
314	0f282d7a	Scott Ullrich
315	5b237745	Scott Ullrich	return $res;
316			}
317
318			function system_webgui_start() {
319			global $config, $g;
320	0f282d7a	Scott Ullrich
321	5b237745	Scott Ullrich	if ($g['booting'])
322	a632cf43	Scott Ullrich	echo "Starting webConfigurator... ";
323	0f282d7a	Scott Ullrich
324	5b237745	Scott Ullrich	/* kill any running mini_httpd */
325	a632cf43	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
326	0f282d7a	Scott Ullrich
327	5b237745	Scott Ullrich	/* generate password file */
328			system_password_configure();
329	0f282d7a	Scott Ullrich
330	5b237745	Scott Ullrich	chdir($g['www_path']);
331	0f282d7a	Scott Ullrich
332	5b237745	Scott Ullrich	/* non-standard port? */
333			if ($config['system']['webgui']['port'])
334			$portarg = "-p {$config['system']['webgui']['port']}";
335			else
336			$portarg = "";
337	0f282d7a	Scott Ullrich
338	5b237745	Scott Ullrich	if ($config['system']['webgui']['protocol'] == "https") {
339	0f282d7a	Scott Ullrich
340	5b237745	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
341			$cert = base64_decode($config['system']['webgui']['certificate']);
342			$key = base64_decode($config['system']['webgui']['private-key']);
343			} else {
344			/* default certificate/key */
345			$cert = <<<EOD
346			-----BEGIN CERTIFICATE-----
347	83a43b5f	Scott Ullrich	MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJOQTEL
348			MAkGA1UECBMCTkExCzAJBgNVBAcTAk5BMQswCQYDVQQKEwJOQTELMAkGA1UECxMC
349			TkExCzAJBgNVBAMTAk5BMQswCQYDVQQGEwJVUzAeFw0wNTAzMDYwMDE1NDJaFw0x
350			NTAzMDQwMDE1NDJaMFsxCzAJBgNVBAYTAk5BMQswCQYDVQQIEwJOQTELMAkGA1UE
351			BxMCTkExCzAJBgNVBAoTAk5BMQswCQYDVQQLEwJOQTELMAkGA1UEAxMCTkExCzAJ
352			BgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF7luuy70OvHrl
353			xnW9ID6srsfxEFCF4d9LmlZ6XdW1rEUHQ6KTgz4iSD+pxEOxxlY+bCH6HTkAy5Sa
354			zt3eT7javvF+ILZgarwoY2x+NbDctd0VBJVkH0fEvBf1xqU7wpkOiWkw1RmfEvZI
355			6XnGi6VSjSmkm0UoQMKg9R7niRtE4QIDAQABo4G2MIGzMB0GA1UdDgQWBBTgvk9F
356			alPK6/OcZrkaE8BhBrRo2DCBgwYDVR0jBHwweoAU4L5PRWpTyuvznGa5GhPAYQa0
357			aNihX6RdMFsxCzAJBgNVBAYTAk5BMQswCQYDVQQIEwJOQTELMAkGA1UEBxMCTkEx
358			CzAJBgNVBAoTAk5BMQswCQYDVQQLEwJOQTELMAkGA1UEAxMCTkExCzAJBgNVBAYT
359			AlVTggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAv9+GXdYIWs2R
360			8B0zI4jAbHcaRsfohuzpNHD5re7ZK8H4fYbHIfmPY2UM3yOU7J2rLP8KGfKztay1
361			Z3RNW7SKJI/CagbdQOuYdMrlEyA4ZImM6NNzUbH6rNKtmDIDo1kHL3cXjzXEjBE+
362			ZZYTREFcdhtzUH5lYzJz1uVFeCSwozk=
363	5b237745	Scott Ullrich	-----END CERTIFICATE-----
364			EOD;
365
366			$key = <<<EOD
367			-----BEGIN RSA PRIVATE KEY-----
368	83a43b5f	Scott Ullrich	MIICXAIBAAKBgQDF7luuy70OvHrlxnW9ID6srsfxEFCF4d9LmlZ6XdW1rEUHQ6KT
369			gz4iSD+pxEOxxlY+bCH6HTkAy5Sazt3eT7javvF+ILZgarwoY2x+NbDctd0VBJVk
370			H0fEvBf1xqU7wpkOiWkw1RmfEvZI6XnGi6VSjSmkm0UoQMKg9R7niRtE4QIDAQAB
371			AoGAF9dMJ9PWo+3EB+VNzUgTBI3Q+5JxgI7ibKLcg8TFtypW7jcRYB9Q3qRBNtuz
372			I7i2LrKrrQrUEOp0rej5BIwpwcjtEE2NsZwgYwDyywptoqt3WO86nPXYz2KhkQmP
373			YCDmPrff4vXCv6zgefb/AIgrOkgD3ViEoePhCAg+0l3fEIECQQD7C68Nb6KAWUND
374			Q9B0RxYrlgXikQ8yVHhlyM433APe/NCJ9kl5dLXpyjuvrWB+ml6TlLrcroLGejbd
375			tYXvIiyJAkEAydZVHqB4MpMtuY7VJoHNgl06YBoeTI+BJptPaOUNl4SlUKIYJMhX
376			oOXIGk9uDjfSNS7HvunZBjgz092GShWvmQJAQ8NhmwTZHj/58fwqFljh2R4DtKZn
377			LbSzUvYjA9z1holDWRoLtycTu2mFNuRbuZC9mqR40/ye/CgdCzdmUagt0QJBAKq1
378			00ySINd10Cive+yTwMPQIj2CGbpbbbq/hYyMntBWapQmZRFHOYZmkrZeFBGGeQ5u
379			QJdipiIyivNY2+nxKZECQCvumJPfZYxCeCAEC+G2xezrP6bC6FhzUOw6410UARTM
380			fuFjHpSfOiG62lfRdZgCPAr1L/1pJF+8RqjGlFfAuFA=
381	5b237745	Scott Ullrich	-----END RSA PRIVATE KEY-----
382			EOD;
383			}
384	a632cf43	Scott Ullrich	} else {
385			$cert = "";
386			$key = "";
387			}
388
389			/* generate lighttpd configuration */
390			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
391			$key, $cert, "lighty-webConfigurator.pid");
392
393			/* attempt to start lighthttpd */
394			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
395	0f282d7a	Scott Ullrich
396	a632cf43	Scott Ullrich	if ($g['booting']) {
397			if ($res == 0)
398			echo "done.\n";
399			else
400			echo "failed!\n";
401			}
402
403			return $res;
404			}
405
406	28cae949	Scott Ullrich	function system_generate_lighty_config($filename, $cert, $key, $pid_file, $port = "") {
407
408			/* create directory to hold compressed items */
409			if(!is_dir("/tmp/lighttpd/cache/compress/"))
410	8418b403	Scott Ullrich	system("mkdir -p /tmp/lighttpd/cache/compress/");
411	28cae949	Scott Ullrich
412			if($port <> "")
413			$lighty_port = $port;
414			else
415			$lighty_port = "80";
416	a632cf43	Scott Ullrich
417			$lighy_config .= <<<EOD
418	28cae949	Scott Ullrich	#
419	a632cf43	Scott Ullrich	# lighttpd configuration file
420			#
421			# use a it as base for lighttpd 1.0.0 and above
422	28cae949	Scott Ullrich	#
423	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
424
425			## modules to load
426			server.modules = (
427	28cae949	Scott Ullrich	"mod_rewrite",
428			"mod_redirect",
429	a632cf43	Scott Ullrich	"mod_access",
430	28cae949	Scott Ullrich	"mod_setenv",
431			"mod_fastcgi",
432			"mod_compress")
433
434			## Unused modules
435			# "mod_ssi",
436			# "mod_usertrack",
437			# "mod_expire",
438			# "mod_secdownload",
439			# "mod_rrdtool",
440	a632cf43	Scott Ullrich	# "mod_auth",
441			# "mod_status",
442	28cae949	Scott Ullrich	# "mod_alias",
443	a632cf43	Scott Ullrich	# "mod_proxy",
444			# "mod_simple_vhost",
445			# "mod_evhost",
446			# "mod_userdir",
447	28cae949	Scott Ullrich	# "mod_cgi",
448			# "mod_accesslog"
449	a632cf43	Scott Ullrich
450			## a static document-root, for virtual-hosting take look at the
451			## server.virtual-* options
452	67d285e4	Scott Ullrich	server.document-root = "/usr/local/www/"
453	a632cf43	Scott Ullrich
454			## where to send error-messages to
455			server.errorlog = "/var/log/lighttpd.error.log"
456
457			# files to check for if .../ is requested
458			server.indexfiles = ( "index.php", "index.html",
459			"index.htm", "default.htm" )
460
461			# mimetype mapping
462			mimetype.assign = (
463			".pdf" => "application/pdf",
464			".sig" => "application/pgp-signature",
465			".spl" => "application/futuresplash",
466			".class" => "application/octet-stream",
467			".ps" => "application/postscript",
468			".torrent" => "application/x-bittorrent",
469			".dvi" => "application/x-dvi",
470			".gz" => "application/x-gzip",
471			".pac" => "application/x-ns-proxy-autoconfig",
472			".swf" => "application/x-shockwave-flash",
473			".tar.gz" => "application/x-tgz",
474			".tgz" => "application/x-tgz",
475			".tar" => "application/x-tar",
476			".zip" => "application/zip",
477			".mp3" => "audio/mpeg",
478			".m3u" => "audio/x-mpegurl",
479			".wma" => "audio/x-ms-wma",
480			".wax" => "audio/x-ms-wax",
481			".ogg" => "audio/x-wav",
482			".wav" => "audio/x-wav",
483			".gif" => "image/gif",
484			".jpg" => "image/jpeg",
485			".jpeg" => "image/jpeg",
486			".png" => "image/png",
487			".xbm" => "image/x-xbitmap",
488			".xpm" => "image/x-xpixmap",
489			".xwd" => "image/x-xwindowdump",
490			".css" => "text/css",
491			".html" => "text/html",
492			".htm" => "text/html",
493			".js" => "text/javascript",
494			".asc" => "text/plain",
495			".c" => "text/plain",
496			".conf" => "text/plain",
497			".text" => "text/plain",
498			".txt" => "text/plain",
499			".dtd" => "text/xml",
500			".xml" => "text/xml",
501			".mpeg" => "video/mpeg",
502			".mpg" => "video/mpeg",
503			".mov" => "video/quicktime",
504			".qt" => "video/quicktime",
505			".avi" => "video/x-msvideo",
506			".asf" => "video/x-ms-asf",
507			".asx" => "video/x-ms-asf",
508			".wmv" => "video/x-ms-wmv",
509			".bz2" => "application/x-bzip",
510			".tbz" => "application/x-bzip-compressed-tar",
511			".tar.bz2" => "application/x-bzip-compressed-tar"
512			)
513
514			# Use the "Content-Type" extended attribute to obtain mime type if possible
515			#mimetypes.use-xattr = "enable"
516
517			#### accesslog module
518			accesslog.filename = "/dev/null"
519
520			## deny access the file-extensions
521			#
522			# ~ is for backupfiles from vi, emacs, joe, ...
523			# .inc is often used for code includes which should in general not be part
524			# of the document-root
525			url.access-deny = ( "~", ".inc" )
526
527
528			######### Options that are good to be but not neccesary to be changed #######
529
530			## bind to port (default: 80)
531	28cae949	Scott Ullrich	server.port = {$lighty_port}
532	a632cf43	Scott Ullrich
533			## error-handler for status 404
534			#server.error-handler-404 = "/error-handler.html"
535			#server.error-handler-404 = "/error-handler.php"
536
537			## to help the rc.scripts
538			server.pid-file = "/var/run/{$pid_file}"
539
540			## virtual directory listings
541	28cae949	Scott Ullrich	server.dir-listing = "disable"
542	a632cf43	Scott Ullrich
543			## enable debugging
544	28cae949	Scott Ullrich	debug.log-request-header = "disable"
545			debug.log-response-header = "disable"
546			debug.log-request-handling = "disable"
547			debug.log-file-not-found = "disable"
548	a632cf43	Scott Ullrich
549			#### compress module
550			#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
551			#compress.filetype = ("text/plain", "text/html")
552
553			#### fastcgi module
554			## read fastcgi.txt for more info
555			fastcgi.server = ( ".php" =>
556			( "localhost" =>
557			(
558			"socket" => "/tmp/php-fastcgi.socket",
559			"bin-path" => "/usr/local/bin/php"
560			)
561			)
562			)
563
564			EOD;
565
566			if($cert <> "" and $key <> "") {
567	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/cert.pem", "w");
568			if (!$fd) {
569			printf("Error: cannot open cert.pem in system_webgui_start().\n");
570			return 1;
571			}
572			chmod("{$g['varetc_path']}/cert.pem", 0600);
573			fwrite($fd, $cert);
574			fwrite($fd, "\n");
575			fwrite($fd, $key);
576			fclose($fd);
577	a632cf43	Scott Ullrich	$lighty_config .= "\n";
578			$lighty_config .= "ssl.engine = \"enable\"\n";
579			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/cert.pem\"\n\n";
580	5b237745	Scott Ullrich	}
581	0f282d7a	Scott Ullrich
582	a632cf43	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$filename}", "w");
583			if (!$fd) {
584			printf("Error: cannot open {$g['varetc_path']}/{$filename} in system_generate_lighty_config().\n");
585			return 1;
586	5b237745	Scott Ullrich	}
587	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
588			fclose($fd);
589
590			return 0;
591	0f282d7a	Scott Ullrich
592	5b237745	Scott Ullrich	}
593
594			function system_password_configure() {
595			global $config, $g;
596	0f282d7a	Scott Ullrich
597	5b237745	Scott Ullrich	$fd = fopen("{$g['varrun_path']}/htpasswd", "w");
598			if (!$fd) {
599			printf("Error: cannot open htpasswd in system_password_configure().\n");
600			return 1;
601			}
602	0f282d7a	Scott Ullrich
603	5b237745	Scott Ullrich	if ($config['system']['username'])
604			$username = $config['system']['username'];
605			else
606			$username = "admin";
607	0f282d7a	Scott Ullrich
608	5b237745	Scott Ullrich	fwrite($fd, $username . ":" . $config['system']['password'] . "\n");
609			fclose($fd);
610			chmod("{$g['varrun_path']}/htpasswd", 0600);
611	0f282d7a	Scott Ullrich
612	5b237745	Scott Ullrich	return 0;
613			}
614
615			function system_timezone_configure() {
616			global $config, $g;
617
618			$syscfg = $config['system'];
619
620			if ($g['booting'])
621	5c6d0f65	Colin Smith	echo "Setting timezone... ";
622	5b237745	Scott Ullrich
623			/* extract appropriate timezone file */
624			$timezone = $syscfg['timezone'];
625			if (!$timezone)
626			$timezone = "Etc/UTC";
627	0f282d7a	Scott Ullrich
628	34febcde	Scott Ullrich	conf_mount_rw();
629
630	0f282d7a	Scott Ullrich	exec("/usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
631	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
632
633	27150275	Scott Ullrich	conf_mount_ro();
634	34febcde	Scott Ullrich
635	5b237745	Scott Ullrich	if ($g['booting'])
636	5c6d0f65	Colin Smith	echo "done.\n";
637	5b237745	Scott Ullrich	}
638
639			function system_ntp_configure() {
640			global $config, $g;
641
642			$syscfg = $config['system'];
643
644			if ($g['booting'])
645			echo "Starting NTP client... ";
646			else {
647			killbypid("{$g['varrun_path']}/runmsntp.pid");
648			killbypid("{$g['varrun_path']}/msntp.pid");
649			}
650
651			/* start ntp client if needed - needs to be forced into background */
652			$updateinterval = $syscfg['time-update-interval'];
653	0f282d7a	Scott Ullrich
654	5b237745	Scott Ullrich	if ($updateinterval > 0) {
655			if ($updateinterval < 6)
656			$updateinterval = 6;
657	0f282d7a	Scott Ullrich
658	5b237745	Scott Ullrich	$timeservers = "";
659			foreach (explode(' ', $syscfg['timeservers']) as $ts)
660			$timeservers .= " " . $ts;
661	0f282d7a	Scott Ullrich
662	5b237745	Scott Ullrich	mwexec_bg("/usr/local/bin/runmsntp.sh " .
663			escapeshellarg("{$g['varrun_path']}/runmsntp.pid") . " " .
664			escapeshellarg("{$g['varrun_path']}/msntp.pid") . " " .
665			escapeshellarg($updateinterval) . " " .
666			escapeshellarg($timeservers));
667			}
668	0f282d7a	Scott Ullrich
669	5b237745	Scott Ullrich	if ($g['booting'])
670	5c6d0f65	Colin Smith	echo "done.\n";
671	5b237745	Scott Ullrich	}
672
673	405e5de0	Scott Ullrich	function system_halt() {
674			global $g;
675
676			system_reboot_cleanup();
677
678			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
679			}
680
681	5b237745	Scott Ullrich	function system_reboot() {
682			global $g;
683	0f282d7a	Scott Ullrich
684	5b237745	Scott Ullrich	system_reboot_cleanup();
685	0f282d7a	Scott Ullrich
686	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
687			}
688
689			function system_reboot_sync() {
690			global $g;
691	0f282d7a	Scott Ullrich
692	5b237745	Scott Ullrich	system_reboot_cleanup();
693	0f282d7a	Scott Ullrich
694	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
695			}
696
697			function system_reboot_cleanup() {
698			captiveportal_radius_stop_all();
699			}
700
701			function system_do_shell_commands($early = 0) {
702			global $config, $g;
703	0f282d7a	Scott Ullrich
704	5b237745	Scott Ullrich	if ($early)
705			$cmdn = "earlyshellcmd";
706			else
707			$cmdn = "shellcmd";
708	0f282d7a	Scott Ullrich
709	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
710	0f282d7a	Scott Ullrich
711	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
712			exec($cmd);
713			}
714			}
715			}
716
717	a23d7248	Scott Ullrich	function system_do_extensions($early = false) {
718	5b237745	Scott Ullrich	global $config, $g;
719	0f282d7a	Scott Ullrich
720	5b237745	Scott Ullrich	if (!is_dir("{$g['etc_path']}/inc/ext"))
721			return;
722	0f282d7a	Scott Ullrich
723	5b237745	Scott Ullrich	$dh = @opendir("{$g['etc_path']}/inc/ext");
724			if ($dh) {
725			while (($extd = readdir($dh)) !== false) {
726			if (($extd === ".") \|\| ($extd === ".."))
727			continue;
728	a23d7248	Scott Ullrich	$rcfile = "{$g['etc_path']}/inc/ext/" . $extd . "/" . ($early ? "rc.early" : "rc");
729	5b237745	Scott Ullrich	if (file_exists($rcfile))
730			passthru($rcfile);
731			}
732			closedir($dh);
733			}
734			}
735
736			function system_console_configure() {
737			global $config, $g;
738	0f282d7a	Scott Ullrich
739	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
740			touch("{$g['varetc_path']}/disableconsole");
741			} else {
742			unlink_if_exists("{$g['varetc_path']}/disableconsole");
743			}
744			}
745
746			function system_dmesg_save() {
747			global $g;
748	0f282d7a	Scott Ullrich
749	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
750	0f282d7a	Scott Ullrich
751	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
752			$lastcpline = 0;
753	0f282d7a	Scott Ullrich
754	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
755			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
756			$lastcpline = $i;
757			}
758	0f282d7a	Scott Ullrich
759	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
760			if (!$fd) {
761			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
762			return 1;
763			}
764	0f282d7a	Scott Ullrich
765	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
766			fwrite($fd, $dmesg[$i] . "\n");
767	0f282d7a	Scott Ullrich
768	5b237745	Scott Ullrich	fclose($fd);
769	0f282d7a	Scott Ullrich
770	5b237745	Scott Ullrich	return 0;
771			}
772
773			function system_set_harddisk_standby() {
774			global $g, $config;
775
776			if ($g['platform'] != "generic-pc")
777			return;
778
779			if (isset($config['system']['harddiskstandby'])) {
780			if ($g['booting']) {
781	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
782	5b237745	Scott Ullrich	}
783
784			$standby = $config['system']['harddiskstandby'];
785			// Check for a numeric value
786			if (is_numeric($standby)) {
787			// Sync the disk(s)
788			mwexec('/bin/sync');
789			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
790			// Reinitialize ATA-drives
791			mwexec('/usr/local/sbin/atareinit');
792			if ($g['booting']) {
793	5c6d0f65	Colin Smith	echo "done.\n";
794	5b237745	Scott Ullrich	}
795			} else if ($g['booting']) {
796	5c6d0f65	Colin Smith	echo "failed!\n";
797	5b237745	Scott Ullrich	}
798			} else if ($g['booting']) {
799	5c6d0f65	Colin Smith	echo "failed!\n";
800	5b237745	Scott Ullrich	}
801			}
802			}
803
804	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
805	243aa7b9	Scott Ullrich	global $config;
806
807	3ff9d424	Scott Ullrich	$sysctl = return_filename_as_array("/etc/sysctl.conf");
808			foreach($sysctl as $sysc) {
809	89f7e23c	Scott Ullrich	if($sysc <> "")
810			mwexec("sysctl {$sysc}");
811	3ff9d424	Scott Ullrich	}
812	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
813			system_disable_arp_wrong_if();
814			}
815			}
816
817			function system_disable_arp_wrong_if() {
818			mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
819	3ff9d424	Scott Ullrich	}
820
821	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
822			mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
823			}
824
825
826	a79b98d4	Scott Ullrich	?>

Project

General

Profile

pfSense