/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 7241feb1

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	0f282d7a	Scott Ullrich
33	8e9fa41d	Scott Ullrich	function activate_powerd() {
34			global $config, $g;
35			if(isset($config['system']['powerd_enable'])) {
36			exec("/usr/sbin/powerd -b adp -a adp");
37			} else {
38			exec("/usr/bin/killall powerd");
39			}
40			}
41
42	6df9d7e3	Scott Ullrich	function activate_sysctls() {
43			global $config, $g;
44	d36e6e3b	Ermal Luçi
45	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
46	ddcb7b8c	Bill Marquette	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
47	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
48	c0192947	Scott Ullrich	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
49	99e88aa0	Ermal Luçi
50			if (is_array($config['sysctl']))
51			foreach ($config['sysctl']['item'] as $tunable)
52			mwexec("sysctl " . $tunable['tunable'] . "=\""
53			. $tunable['value'] . "\"");
54	6df9d7e3	Scott Ullrich	}
55
56	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
57	c3f535c0	Seth Mos	global $config, $g;
58
59			if(isset($config['system']['developerspew'])) {
60			$mt = microtime();
61			echo "system_resolvconf_generate() being called $mt\n";
62			}
63	ef217c69	Scott Ullrich
64			$syscfg = $config['system'];
65
66			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
67			if (!$fd) {
68			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
69			return 1;
70			}
71
72			$resolvconf = "domain {$syscfg['domain']}\n";
73
74			$havedns = false;
75
76			if (isset($syscfg['dnsallowoverride'])) {
77	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
78			$ns = array_unique(get_nameservers());
79			foreach($ns as $nameserver) {
80			if($nameserver) {
81			$resolvconf .= "nameserver $nameserver\n";
82			$havedns = true;
83	e428c94d	Scott Ullrich	}
84	c3f535c0	Seth Mos	}
85	ef217c69	Scott Ullrich	}
86			if (!$havedns && is_array($syscfg['dnsserver'])) {
87	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
88			if ($ns) {
89			$resolvconf .= "nameserver $ns\n";
90			$havedns = true;
91	e428c94d	Scott Ullrich	}
92	e180a6e3	Scott Ullrich	}
93	c3f535c0	Seth Mos	}
94	0f282d7a	Scott Ullrich
95	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
96			fclose($fd);
97	0f282d7a	Scott Ullrich
98	ef217c69	Scott Ullrich	if (!$g['booting']) {
99	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
100			if (!$dynupdate)
101			services_dhcpd_configure();
102	ef217c69	Scott Ullrich	}
103
104	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
105			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
106			/* setup static routes for dns servers */
107			$dnsgw = "dns{$dnscounter}gwint";
108			if (isset($config['system'][$dnsgw])) {
109			$interface = $config['system'][$dnsgw];
110			if (($interface <> "") && ($interface <> "none")) {
111			$gatewayip = get_interface_gateway($interface);
112			if(is_ipaddr($gatewayip)) {
113			/* dns server array starts at 0 */
114	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
115	c3f535c0	Seth Mos	mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}");
116			mwexec("route add -host {$syscfg['dnsserver'][$dnscountermo]} {$gatewayip}");
117	b875f306	Scott Ullrich	}
118			}
119	e180a6e3	Scott Ullrich	}
120	c3f535c0	Seth Mos	}
121
122			return 0;
123	5b237745	Scott Ullrich	}
124
125	3d00ccaa	Scott Ullrich	function get_nameservers() {
126			global $config, $g;
127			$master_list = array();
128	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
129	0cbcf355	Scott Ullrich	if(is_array($dns_lists)) {
130	60951398	Scott Ullrich	foreach($dns_lists as $dns) {
131			if(!$dns)
132			continue;
133			$items = split("\n", file_get_contents($dns));
134			foreach($items as $item)
135			if($item <> "")
136			$master_list[] = $item;
137			}
138	3d00ccaa	Scott Ullrich	}
139	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
140			return $master_list;
141			$dns = `cat /var/etc/nameservers.conf`;
142			$dns_s = split("\n", $dns);
143	0dbac999	Scott Ullrich	if(is_array($dns_s))
144			foreach($dns_s as $dns)
145			$master_list[] = $dns;
146	3d00ccaa	Scott Ullrich	return $master_list;
147			}
148
149	5b237745	Scott Ullrich	function system_hosts_generate() {
150	f19d3b7a	Scott Ullrich	global $config, $g;
151	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
152			$mt = microtime();
153	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
154	f19d3b7a	Scott Ullrich	}
155	0f282d7a	Scott Ullrich
156	5b237745	Scott Ullrich	$syscfg = $config['system'];
157			$lancfg = $config['interfaces']['lan'];
158	a55e9c70	Ermal Lu?i	$lancfgip = get_interface_ip("lan");
159	5b237745	Scott Ullrich	$dnsmasqcfg = $config['dnsmasq'];
160
161			if (!is_array($dnsmasqcfg['hosts'])) {
162			$dnsmasqcfg['hosts'] = array();
163			}
164			$hostscfg = $dnsmasqcfg['hosts'];
165	0f282d7a	Scott Ullrich
166	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
167			if (!$fd) {
168	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
169	5b237745	Scott Ullrich	return 1;
170			}
171	0f282d7a	Scott Ullrich
172	5b237745	Scott Ullrich	$hosts = <<<EOD
173			127.0.0.1 localhost localhost.{$syscfg['domain']}
174	a55e9c70	Ermal Lu?i
175			EOD;
176			if (is_ipaddr($lancfgip))
177			$hosts .= <<<EOD
178			{$lancfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
179	5b237745	Scott Ullrich
180			EOD;
181	0f282d7a	Scott Ullrich
182	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
183			if ($host['host'])
184			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
185			else
186			$hosts .= "{$host['ip']} {$host['domain']}\n";
187			}
188	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
189			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
190			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
191	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
192	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
193			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
194	a56e787d	Scott Ullrich	}
195	5b237745	Scott Ullrich	fwrite($fd, $hosts);
196			fclose($fd);
197	0f282d7a	Scott Ullrich
198	5b237745	Scott Ullrich	return 0;
199			}
200
201			function system_hostname_configure() {
202	f19d3b7a	Scott Ullrich	global $config, $g;
203	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
204			$mt = microtime();
205	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
206	333f8ef0	Scott Ullrich	}
207	0f282d7a	Scott Ullrich
208	5b237745	Scott Ullrich	$syscfg = $config['system'];
209	0f282d7a	Scott Ullrich
210	5b237745	Scott Ullrich	/* set hostname */
211	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
212	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
213	6bfccde7	Scott Ullrich
214			/* Setup host GUID ID. This is used by ZFS. */
215			mwexec("/etc/rc.d/hostid start");
216
217			return $status;
218	5b237745	Scott Ullrich	}
219
220			function system_routing_configure() {
221	f19d3b7a	Scott Ullrich	global $config, $g;
222	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
223			$mt = microtime();
224	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
225	58c7450e	Scott Ullrich	}
226	333f8ef0	Scott Ullrich
227	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
228			if(isset($config['staticroutes']['enablefastrouting']))
229			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
230
231	6e17413e	Ermal Lu?i	$route_str = exec_command("/usr/bin/netstat -rn");
232	e0b4e47f	Seth Mos
233	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
234			if (file_exists("{$g['vardb_path']}/routes.db")) {
235			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
236			if (!$fd) {
237			printf("Error: cannot open routes DB file in system_routing_configure().\n");
238	0f282d7a	Scott Ullrich	return 1;
239	5b237745	Scott Ullrich	}
240			while (!feof($fd)) {
241	b24bda08	Scott Ullrich	$oldrt = trim(fgets($fd));
242			if (($oldrt) && (stristr($route_str, $oldrt)))
243			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
244	5b237745	Scott Ullrich	}
245			fclose($fd);
246			unlink("{$g['vardb_path']}/routes.db");
247			}
248	0f282d7a	Scott Ullrich
249	d173230c	Seth Mos	/* if list */
250	b6db9217	Ermal Luçi	$iflist = get_configured_interface_list();
251	d173230c	Seth Mos
252	b24bda08	Scott Ullrich	$dont_remove_route = false;
253			foreach ($iflist as $ifent => $ifname) {
254	6e17413e	Ermal Lu?i	/*
255			* XXX: The value of this is really when this function can take
256			* an interface as parameter.
257			*/
258	b24bda08	Scott Ullrich	/* do not process interfaces that will end up with gateways */
259	6e17413e	Ermal Lu?i	if (interface_has_gateway($ifent) \|\|
260			$config['interfaces'][$ifent]['ipaddr'] == "carpdev-dhcp") {
261	b24bda08	Scott Ullrich	$dont_remove_route = true;
262	6e17413e	Ermal Lu?i	break;
263			}
264	b24bda08	Scott Ullrich	}
265	d173230c	Seth Mos
266	6e17413e	Ermal Lu?i	if ($dont_remove_route == false) {
267	b24bda08	Scott Ullrich	/* remove default route */
268			mwexec("/sbin/route delete default", true);
269	d173230c	Seth Mos	}
270
271			$dont_add_route = false;
272			/* if OLSRD is enabled, allow WAN to house DHCP. */
273			if($config['installedpackages']['olsrd']) {
274			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
275			if($olsrd['enabledyngw'] == "on") {
276			$dont_add_route = true;
277	6e17413e	Ermal Lu?i	break;
278	d173230c	Seth Mos	}
279			}
280			}
281
282			if($dont_add_route == false) {
283	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
284	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
285			if(isset($gateway['defaultgw'])) {
286	b24bda08	Scott Ullrich	$gatewayip = $gateway['gateway'];
287			$interfacegw = $gateway['interface'];
288	3b9758de	Seth Mos	}
289	d173230c	Seth Mos	}
290	b24bda08	Scott Ullrich	if(($interfacegw <> "bgpd") && (is_ipaddr($gatewayip)))
291			mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
292	ef9ed4cd	Chris Buechler	} else {
293	69c8c66c	Seth Mos	/* FIXME */
294	ef9ed4cd	Chris Buechler	/* adding gateway for 1.2-style configs without the new
295			gateway setup configured.
296			Force WAN to be default gateway because that is the
297			1.2 behavior.
298			*/
299			if (is_ipaddr($config['interfaces']['wan']['gateway'])) {
300			$gatewayip = $config['interfaces']['wan']['gateway'];
301	4e7a2819	Seth Mos	mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
302	ef9ed4cd	Chris Buechler	}
303	d173230c	Seth Mos	}
304			}
305
306	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
307	0f282d7a	Scott Ullrich
308	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
309			if (!$fd) {
310			printf("Error: cannot open routes DB file in system_routing_configure().\n");
311	0f282d7a	Scott Ullrich	return 1;
312	5b237745	Scott Ullrich	}
313	0f282d7a	Scott Ullrich
314	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
315	c66f54e4	Seth Mos	unset($gatewayip);
316			unset($interfacegw);
317	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
318	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
319			if($rtent['gateway'] == $gateway['name']) {
320			$gatewayip = $gateway['gateway'];
321			$interfacegw = $gateway['interface'];
322			}
323	d173230c	Seth Mos	}
324			}
325	b24bda08	Scott Ullrich	if((is_ipaddr($rtent['gateway'])) && ($gatewayip == "")) {
326			$gatewayip = $rtent['gateway'];
327			$interfacegw = $rtent['interface'];
328			}
329	c66f54e4	Seth Mos	if((isset($rtent['interfacegateway'])) && (! is_ipaddr($gatewayip))){
330	b24bda08	Scott Ullrich	mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
331			" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw)));
332			} else {
333			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
334			" " . escapeshellarg($gatewayip));
335	7a98edde	Seth Mos	}
336	b24bda08	Scott Ullrich	/* record route so it can be easily removed later (if necessary) */
337			fwrite($fd, $rtent['network'] . "\n");
338	5b237745	Scott Ullrich	}
339	0f282d7a	Scott Ullrich	fclose($fd);
340	5b237745	Scott Ullrich	}
341	67ee1ec5	Ermal Luçi
342	b9c501ea	Seth Mos	return 0;
343	5b237745	Scott Ullrich	}
344
345	b24bda08	Scott Ullrich
346	5b237745	Scott Ullrich	function system_routing_enable() {
347	f19d3b7a	Scott Ullrich	global $config, $g;
348	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
349			$mt = microtime();
350	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
351	58c7450e	Scott Ullrich	}
352	0f282d7a	Scott Ullrich
353	5e041d5f	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
354	5b237745	Scott Ullrich	}
355
356			function system_syslogd_start() {
357	f19d3b7a	Scott Ullrich	global $config, $g;
358	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
359			$mt = microtime();
360	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
361	58c7450e	Scott Ullrich	}
362	0f282d7a	Scott Ullrich
363	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
364
365	0f282d7a	Scott Ullrich	if ($g['booting'])
366	f05740c1	Scott Ullrich	echo "Starting syslog...";
367	5b237745	Scott Ullrich	else
368			killbypid("{$g['varrun_path']}/syslog.pid");
369	0f282d7a	Scott Ullrich
370	fa60d6f7	Scott Ullrich	mwexec("/usr/bin/killall -9 syslogd");
371			mwexec("/usr/bin/killall -9 fifolog_writer");
372	7ee97cb3	Scott Ullrich
373			// Define carious commands for logging
374			$fifolog_create = "/usr/sbin/fifolog_create -s ";
375			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
376			$clog_create = "/usr/sbin/clog -i -s ";
377			$clog_log = "%";
378
379			// Which logging type are we using this week??
380			if(isset($config['system']['usefifolog'])) {
381			$log_directive = $fifolog_log;
382			$log_create_directive = $fifolog_create;
383			} else { // Defaults to CLOG
384			$log_directive = $clog_log;
385			$log_create_directive = $clog_create;
386			}
387
388	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
389	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
390	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
391	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
392			if($package['logging']) {
393	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
394	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
395	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
396	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
397	fe5f3b38	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
398	a728d2ea	Colin Smith	}
399	0d9d2a1b	Scott Ullrich	}
400			}
401	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
402	0d9d2a1b	Scott Ullrich	/* write syslog.conf */
403	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
404			if (!$fd) {
405			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
406			return 1;
407			}
408	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
409	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
410	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
411	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
412	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
413	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
414	a164029f	Seth Mos	$syslogconf .= "!apinger\n";
415			if (!isset($syslogcfg['disablelocallogging']))
416			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/slbd.log\n";
417	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
418			if($syslogcfg['remoteserver'])
419			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
420			if($syslogcfg['remoteserver2'])
421			$syslogconf .= ". @{$syslogcfg['remoteserver2']}\n";
422			if($syslogcfg['remoteserver3'])
423			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
424			}
425	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
426	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
427	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
428	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
429			if($syslogcfg['remoteserver'])
430			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
431			if($syslogcfg['remoteserver2'])
432			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
433			if($syslogcfg['remoteserver3'])
434			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
435			}
436	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
437	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
438	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
439	fe5f3b38	Scott Ullrich	local0.* {$log_directive}{$g['varlog_path']}/filter.log
440			local3.* {$log_directive}{$g['varlog_path']}/vpn.log
441			local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
442			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
443			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
444			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
445			local7.none {$log_directive}{$g['varlog_path']}/system.log
446			security.* {$log_directive}{$g['varlog_path']}/system.log
447			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
448			local1.* {$log_directive}{$g['varlog_path']}/relayd.log
449	9dac9942	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
450			.emerg
451	0a123b4c	Scott Ullrich
452	5b237745	Scott Ullrich	EOD;
453	be5d59d7	Scott Ullrich	if (isset($syslogcfg['filter'])) {
454			if($syslogcfg['remoteserver'])
455			$syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n";
456			if($syslogcfg['remoteserver2'])
457			$syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n";
458			if($syslogcfg['remoteserver3'])
459			$syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n";
460
461			}
462			if (isset($syslogcfg['vpn'])) {
463			if($syslogcfg['remoteserver'])
464			$syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n";
465			if($syslogcfg['remoteserver2'])
466			$syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n";
467			if($syslogcfg['remoteserver3'])
468			$syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n";
469			}
470			if (isset($syslogcfg['portalauth'])) {
471			if($syslogcfg['remoteserver'])
472			$syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n";
473			if($syslogcfg['remoteserver2'])
474			$syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n";
475			if($syslogcfg['remoteserver3'])
476			$syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n";
477			}
478			if (isset($syslogcfg['dhcp'])) {
479			if($syslogcfg['remoteserver'])
480			$syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n";
481			if($syslogcfg['remoteserver2'])
482			$syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n";
483			if($syslogcfg['remoteserver3'])
484			$syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n";
485			}
486			if (isset($syslogcfg['system'])) {
487			if($syslogcfg['remoteserver'])
488			$syslogconf .= <<<EOD
489	9dac9942	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
490			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
491			security.* @{$syslogcfg['remoteserver']}
492			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
493			*.emerg @{$syslogcfg['remoteserver']}
494	d2834563	Scott Ullrich
495	5b237745	Scott Ullrich	EOD;
496	be5d59d7	Scott Ullrich
497			if (isset($syslogcfg['system'])) {
498			if($syslogcfg['remoteserver2'])
499			$syslogconf .= <<<EOD
500			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']}
501			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']}
502			security.* @{$syslogcfg['remoteserver2']}
503			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']}
504			*.emerg @{$syslogcfg['remoteserver2']}
505
506			EOD;
507
508			if (isset($syslogcfg['system'])) {
509			if($syslogcfg['remoteserver3'])
510			$syslogconf .= <<<EOD
511			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']}
512			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']}
513			security.* @{$syslogcfg['remoteserver3']}
514			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']}
515			*.emerg @{$syslogcfg['remoteserver3']}
516
517			EOD;
518
519			}
520	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
521	be5d59d7	Scott Ullrich	if($syslogcfg['remoteserver'])
522			$syslogconf .= <<<EOD
523	4ef2d703	Chris Buechler	. @{$syslogcfg['remoteserver']}
524
525			EOD;
526	be5d59d7	Scott Ullrich
527			}
528			if($syslogcfg['remoteserver2'])
529			$syslogconf .= <<<EOD
530			. @{$syslogcfg['remoteserver2']}
531
532			EOD;
533
534			}
535			if($syslogcfg['remoteserver3'])
536			$syslogconf .= <<<EOD
537			. @{$syslogcfg['remoteserver3']}
538
539			EOD;
540
541			}
542	5b237745	Scott Ullrich	fwrite($fd, $syslogconf);
543			fclose($fd);
544	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
545			if(strpos($syslogconf, "@") != false)
546	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
547	6a638a89	Scott Ullrich	else
548	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
549	5b237745	Scott Ullrich
550			} else {
551	c9f8d4f5	Ermal Lu?i	$retval = mwexec("/usr/sbin/syslogd -c");
552	5b237745	Scott Ullrich	}
553	0f282d7a	Scott Ullrich
554	5b237745	Scott Ullrich	if ($g['booting'])
555	5c6d0f65	Colin Smith	echo "done.\n";
556	0f282d7a	Scott Ullrich
557	5b237745	Scott Ullrich	return $retval;
558			}
559
560			function system_pccard_start() {
561	f19d3b7a	Scott Ullrich	global $config, $g;
562	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
563			$mt = microtime();
564	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
565	58c7450e	Scott Ullrich	}
566	0f282d7a	Scott Ullrich
567	5b237745	Scott Ullrich	if ($g['booting'])
568	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
569	0f282d7a	Scott Ullrich
570	5b237745	Scott Ullrich	/* kill any running pccardd */
571			killbypid("{$g['varrun_path']}/pccardd.pid");
572	0f282d7a	Scott Ullrich
573	5b237745	Scott Ullrich	/* fire up pccardd */
574			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
575	0f282d7a	Scott Ullrich
576	5b237745	Scott Ullrich	if ($g['booting']) {
577			if ($res == 0)
578	5c6d0f65	Colin Smith	echo "done.\n";
579	5b237745	Scott Ullrich	else
580	5c6d0f65	Colin Smith	echo "failed!\n";
581	5b237745	Scott Ullrich	}
582	0f282d7a	Scott Ullrich
583	5b237745	Scott Ullrich	return $res;
584			}
585
586	819197a8	Scott Ullrich
587	5b237745	Scott Ullrich	function system_webgui_start() {
588	f19d3b7a	Scott Ullrich	global $config, $g;
589	877ac35d	Scott Ullrich
590			if ($g['booting'])
591	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
592	877ac35d	Scott Ullrich
593	383a4439	Scott Ullrich	/* kill any running lighttpd */
594	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
595
596	e9d0bf64	Scott Ullrich	sleep(1);
597
598	877ac35d	Scott Ullrich	chdir($g['www_path']);
599
600	fb1266d3	Matthew Grooms	/* defaults */
601			$portarg = "80";
602			$crt = "";
603			$key = "";
604	2cf6ddcb	Nigel Graham	$ca = "";
605	fb1266d3	Matthew Grooms
606	877ac35d	Scott Ullrich	/* non-standard port? */
607	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
608	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
609	877ac35d	Scott Ullrich
610			if ($config['system']['webgui']['protocol'] == "https") {
611
612	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
613			if(is_array($cert) && $cert['crt'] && $cert['prv']) {
614			$crt = base64_decode($cert['crt']);
615			$key = base64_decode($cert['prv']);
616			if(!$config['system']['webgui']['port'])
617			$portarg = "443";
618	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
619	fb1266d3	Matthew Grooms	} else
620			log_error("Invalid webConfigurator https certificate, defaulting to http");
621	877ac35d	Scott Ullrich	}
622
623			/* generate lighttpd configuration */
624			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
625	2cf6ddcb	Nigel Graham	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
626	877ac35d	Scott Ullrich
627			/* attempt to start lighthttpd */
628			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
629
630			if ($g['booting']) {
631			if ($res == 0)
632			echo "done.\n";
633			else
634			echo "failed!\n";
635			}
636
637			return $res;
638			}
639
640	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
641			$cert,
642			$key,
643	2cf6ddcb	Nigel Graham	$ca,
644	eb0f441c	Scott Ullrich	$pid_file,
645			$port = 80,
646			$document_root = "/usr/local/www/",
647			$cert_location = "cert.pem",
648	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
649	b5317d07	Scott Ullrich	$max_procs = 2,
650	eb0f441c	Scott Ullrich	$max_requests = "1",
651			$fast_cgi_enable = true,
652			$captive_portal = false) {
653	58c7450e	Scott Ullrich
654	f19d3b7a	Scott Ullrich	global $config, $g;
655
656	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
657			$mt = microtime();
658	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
659	58c7450e	Scott Ullrich	}
660
661	eb0f441c	Scott Ullrich	if($captive_portal == true) {
662			$captiveportal = ",\"mod_rewrite\"";
663	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
664	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
665			$maxprocperip = $config['captiveportal']['maxprocperip'];
666	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
667			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
668			else
669			$captive_portal_mod_evasive = "";
670	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
671			exec("mkdir -p /tmp/captiveportal");
672			exec("chmod a-w /tmp/captiveportal");
673	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
674	b0bdc06e	Scott Ullrich	} else {
675			$captive_portal_module = "";
676			$captive_portal_mod_evasive = "";
677	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
678	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
679	eb0f441c	Scott Ullrich	}
680	3306a341	Scott Ullrich
681	28cae949	Scott Ullrich	if($port <> "")
682			$lighty_port = $port;
683			else
684			$lighty_port = "80";
685	3d77d4c4	Scott Ullrich
686			$memory = get_memory();
687			$avail = $memory[0];
688
689	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
690			$fast_cgi_enable = false;
691			}
692
693			if($avail > 65 and $avail < 98) {
694	f994f4d6	Scott Ullrich	$max_procs = 1;
695			$max_requests = 1;
696	52624d2c	Scott Ullrich	}
697	1a043fa7	Scott Ullrich
698	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
699	04f4a116	Ermal Luçi	$max_procs = 1;
700			$max_requests = 3;
701	b0bdc06e	Scott Ullrich	}
702
703			if($avail > 127 and $avail < 256) {
704	04f4a116	Ermal Luçi	$max_procs = 1;
705	6e337a84	Scott Ullrich	$max_requests = 5;
706	b0bdc06e	Scott Ullrich	}
707
708			if($avail > 255 and $avail < 384) {
709			$max_procs = 3;
710	6e337a84	Scott Ullrich	$max_requests = 10;
711	b0bdc06e	Scott Ullrich	}
712
713	8cd294de	Chris Buechler	if($avail > 383) {
714	b0bdc06e	Scott Ullrich	$max_procs = 4;
715	6e337a84	Scott Ullrich	$max_requests = 16;
716	b0bdc06e	Scott Ullrich	}
717
718	6e337a84	Scott Ullrich	if($captive_portal == true) {
719			$bin_environment = <<<EOC
720	5e041d5f	Scott Ullrich	"bin-environment" => (
721			"PHP_FCGI_CHILDREN" => "16",
722			"PHP_FCGI_MAX_REQUESTS" => "{$max_requests}"
723	6e337a84	Scott Ullrich	),
724			EOC;
725
726	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
727			$bin_environment = <<<EOC
728			"bin-environment" => (
729			"PHP_FCGI_CHILDREN" => "1",
730			"PHP_FCGI_MAX_REQUESTS" => "{$max_requests}"
731			),
732
733			EOC;
734			} else
735	6e337a84	Scott Ullrich	$bin_environment = "";
736
737	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
738	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
739	4edb490d	Scott Ullrich	$cgi_config = "";
740			$fastcgi_config = <<<EOD
741			#### fastcgi module
742			## read fastcgi.txt for more info
743	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
744			( "localhost" =>
745			(
746			"socket" => "/tmp/php-fastcgi.socket",
747	5e041d5f	Scott Ullrich	"min-procs" => 1,
748	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
749	6e337a84	Scott Ullrich	{$bin_environment}
750	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
751			)
752			)
753			)
754	4edb490d	Scott Ullrich
755	dde4f60c	Scott Ullrich	#### CGI module
756	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
757	dde4f60c	Scott Ullrich
758	4edb490d	Scott Ullrich	EOD;
759			} else {
760			$fastcgi_config = "";
761			$module = "\"mod_cgi\"";
762			$cgi_config = <<<EOD
763			#### CGI module
764			cgi.assign = ( ".php" => "/usr/local/bin/php",
765	d4302f46	Espen Johansen	".cgi" => "" )
766	333f8ef0	Scott Ullrich
767	4edb490d	Scott Ullrich	EOD;
768			}
769	333f8ef0	Scott Ullrich
770	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
771	28cae949	Scott Ullrich	#
772	a632cf43	Scott Ullrich	# lighttpd configuration file
773			#
774			# use a it as base for lighttpd 1.0.0 and above
775	28cae949	Scott Ullrich	#
776	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
777
778	770b4b9c	Scott Ullrich	## FreeBSD!
779	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
780			server.network-backend = "writev"
781	096261af	Scott Ullrich
782	a632cf43	Scott Ullrich	## modules to load
783	4edb490d	Scott Ullrich	server.modules = (
784	c93ad789	Scott Ullrich	{$captive_portal_module}
785			"mod_access", "mod_accesslog", "mod_expire", "mod_compress",
786			{$module}{$captiveportal}
787			)
788	28cae949	Scott Ullrich
789			## Unused modules
790	6a019c11	Scott Ullrich	# "mod_setenv",
791			# "mod_compress"
792			# "mod_redirect",
793			# "mod_rewrite",
794	28cae949	Scott Ullrich	# "mod_ssi",
795			# "mod_usertrack",
796			# "mod_expire",
797			# "mod_secdownload",
798			# "mod_rrdtool",
799	a632cf43	Scott Ullrich	# "mod_auth",
800			# "mod_status",
801	28cae949	Scott Ullrich	# "mod_alias",
802	a632cf43	Scott Ullrich	# "mod_proxy",
803			# "mod_simple_vhost",
804			# "mod_evhost",
805			# "mod_userdir",
806	28cae949	Scott Ullrich	# "mod_cgi",
807			# "mod_accesslog"
808	a632cf43	Scott Ullrich
809	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
810			server.max-keep-alive-idle = 30
811
812	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
813			## server.virtual-* options
814	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
815	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
816	a632cf43	Scott Ullrich
817	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
818			server.max-write-idle = 999
819
820	a632cf43	Scott Ullrich	## where to send error-messages to
821	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
822	a632cf43	Scott Ullrich
823			# files to check for if .../ is requested
824			server.indexfiles = ( "index.php", "index.html",
825			"index.htm", "default.htm" )
826
827			# mimetype mapping
828			mimetype.assign = (
829			".pdf" => "application/pdf",
830			".sig" => "application/pgp-signature",
831			".spl" => "application/futuresplash",
832			".class" => "application/octet-stream",
833			".ps" => "application/postscript",
834			".torrent" => "application/x-bittorrent",
835			".dvi" => "application/x-dvi",
836			".gz" => "application/x-gzip",
837			".pac" => "application/x-ns-proxy-autoconfig",
838			".swf" => "application/x-shockwave-flash",
839			".tar.gz" => "application/x-tgz",
840			".tgz" => "application/x-tgz",
841			".tar" => "application/x-tar",
842			".zip" => "application/zip",
843			".mp3" => "audio/mpeg",
844			".m3u" => "audio/x-mpegurl",
845			".wma" => "audio/x-ms-wma",
846			".wax" => "audio/x-ms-wax",
847			".ogg" => "audio/x-wav",
848			".wav" => "audio/x-wav",
849			".gif" => "image/gif",
850			".jpg" => "image/jpeg",
851			".jpeg" => "image/jpeg",
852			".png" => "image/png",
853			".xbm" => "image/x-xbitmap",
854			".xpm" => "image/x-xpixmap",
855			".xwd" => "image/x-xwindowdump",
856			".css" => "text/css",
857			".html" => "text/html",
858			".htm" => "text/html",
859			".js" => "text/javascript",
860			".asc" => "text/plain",
861			".c" => "text/plain",
862			".conf" => "text/plain",
863			".text" => "text/plain",
864			".txt" => "text/plain",
865			".dtd" => "text/xml",
866			".xml" => "text/xml",
867			".mpeg" => "video/mpeg",
868			".mpg" => "video/mpeg",
869			".mov" => "video/quicktime",
870			".qt" => "video/quicktime",
871			".avi" => "video/x-msvideo",
872			".asf" => "video/x-ms-asf",
873			".asx" => "video/x-ms-asf",
874			".wmv" => "video/x-ms-wmv",
875			".bz2" => "application/x-bzip",
876			".tbz" => "application/x-bzip-compressed-tar",
877			".tar.bz2" => "application/x-bzip-compressed-tar"
878			)
879
880			# Use the "Content-Type" extended attribute to obtain mime type if possible
881			#mimetypes.use-xattr = "enable"
882
883			#### accesslog module
884	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
885	a632cf43	Scott Ullrich
886			## deny access the file-extensions
887			#
888			# ~ is for backupfiles from vi, emacs, joe, ...
889			# .inc is often used for code includes which should in general not be part
890			# of the document-root
891			url.access-deny = ( "~", ".inc" )
892
893
894			######### Options that are good to be but not neccesary to be changed #######
895
896			## bind to port (default: 80)
897	28cae949	Scott Ullrich	server.port = {$lighty_port}
898	a632cf43	Scott Ullrich
899			## error-handler for status 404
900			#server.error-handler-404 = "/error-handler.html"
901			#server.error-handler-404 = "/error-handler.php"
902
903			## to help the rc.scripts
904			server.pid-file = "/var/run/{$pid_file}"
905
906			## virtual directory listings
907	28cae949	Scott Ullrich	server.dir-listing = "disable"
908	a632cf43	Scott Ullrich
909			## enable debugging
910	28cae949	Scott Ullrich	debug.log-request-header = "disable"
911			debug.log-response-header = "disable"
912			debug.log-request-handling = "disable"
913			debug.log-file-not-found = "disable"
914	a632cf43	Scott Ullrich
915	3306a341	Scott Ullrich	{$server_upload_dirs}
916	1ef7b568	Scott Ullrich
917	a6e8af9c	Scott Ullrich	{$server_max_request_size}
918	ee959dc4	Scott Ullrich
919	4edb490d	Scott Ullrich	{$fastcgi_config}
920
921			{$cgi_config}
922	a632cf43	Scott Ullrich
923	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
924
925	569f47e9	Scott Ullrich	# Turn on Lighty caching directives
926			compress.cache-dir = "/tmp/"
927			compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css")
928
929			expire.url = (
930	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
931	569f47e9	Scott Ullrich	)
932
933	a632cf43	Scott Ullrich	EOD;
934
935	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
936	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
937	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
938	7aae518a	Scott Ullrich
939			$cert = str_replace("\n\n", "\n", $cert);
940	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
941	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
942	7aae518a	Scott Ullrich
943	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
944	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
945	5b237745	Scott Ullrich	if (!$fd) {
946			printf("Error: cannot open cert.pem in system_webgui_start().\n");
947			return 1;
948			}
949	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
950	5b237745	Scott Ullrich	fwrite($fd, $cert);
951			fwrite($fd, "\n");
952			fwrite($fd, $key);
953			fclose($fd);
954	2cf6ddcb	Nigel Graham	if($ca <> "") {
955			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
956			if (!$fd) {
957			printf("Error: cannot open ca.pem in system_webgui_start().\n");
958			return 1;
959			}
960			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
961			fwrite($fd, $ca);
962			fclose($fd);
963			}
964	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
965	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
966	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
967	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
968	2cf6ddcb	Nigel Graham	if($ca <> "")
969			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
970	5b237745	Scott Ullrich	}
971	0f282d7a	Scott Ullrich
972	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
973	a632cf43	Scott Ullrich	if (!$fd) {
974	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
975	a632cf43	Scott Ullrich	return 1;
976	5b237745	Scott Ullrich	}
977	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
978			fclose($fd);
979
980			return 0;
981	0f282d7a	Scott Ullrich
982	5b237745	Scott Ullrich	}
983
984			function system_timezone_configure() {
985	f19d3b7a	Scott Ullrich	global $config, $g;
986	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
987			$mt = microtime();
988	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
989	333f8ef0	Scott Ullrich	}
990	5b237745	Scott Ullrich
991			$syscfg = $config['system'];
992
993			if ($g['booting'])
994	f05740c1	Scott Ullrich	echo "Setting timezone...";
995	5b237745	Scott Ullrich
996			/* extract appropriate timezone file */
997			$timezone = $syscfg['timezone'];
998			if (!$timezone)
999			$timezone = "Etc/UTC";
1000	0f282d7a	Scott Ullrich
1001	34febcde	Scott Ullrich	conf_mount_rw();
1002
1003	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1004	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1005
1006	4efd4885	Scott Ullrich	mwexec("sync");
1007	27150275	Scott Ullrich	conf_mount_ro();
1008	34febcde	Scott Ullrich
1009	5b237745	Scott Ullrich	if ($g['booting'])
1010	5c6d0f65	Colin Smith	echo "done.\n";
1011	5b237745	Scott Ullrich	}
1012
1013			function system_ntp_configure() {
1014	f19d3b7a	Scott Ullrich	global $config, $g;
1015	5b237745	Scott Ullrich
1016			$syscfg = $config['system'];
1017
1018	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
1019			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1020			if(!$fd) {
1021	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1022	20b90e0a	Scott Ullrich	return;
1023	5b237745	Scott Ullrich	}
1024
1025	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1026			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1027			fwrite($fd, "# \n\n");
1028	0f282d7a	Scott Ullrich
1029	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1030			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1031			fwrite($fd, "servers {$ts}\n");
1032	0f282d7a	Scott Ullrich
1033	5b6210e3	Bill Marquette	/* Setup listener(s) if the user has configured one */
1034	67ee1ec5	Ermal Luçi	if ($config['installedpackages']['openntpd']) {
1035			/* server config is in coregui1 */
1036	5b6210e3	Bill Marquette	$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1037			if ($xmlsettings['enable'] == 'on') {
1038			$ifaces = explode(',', $xmlsettings['interface']);
1039			$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
1040			$ifaces = array_filter($ifaces, 'does_interface_exist');
1041			$ips = array_map('find_interface_ip', $ifaces);
1042			foreach ($ips as $ip) {
1043	5e041d5f	Scott Ullrich	if (is_ipaddr($ip))
1044	5b6210e3	Bill Marquette	fwrite($fd, "listen on $ip\n");
1045			}
1046	95594e5a	Scott Ullrich	}
1047			}
1048
1049	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1050	0f282d7a	Scott Ullrich
1051	20b90e0a	Scott Ullrich	/* slurp! */
1052			fclose($fd);
1053
1054			/* if openntpd is running, kill it */
1055	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1056	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall ntpd", true);
1057	5f3e1f12	Scott Ullrich	}
1058
1059			/* if /var/empty does not exist, create it */
1060			if(!is_dir("/var/empty"))
1061			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1062
1063	4a40de3c	Scott Ullrich	if($g['booting'])
1064			return;
1065
1066	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1067			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1068	83eb4567	Scott Ullrich
1069			// Note that we are starting up
1070			exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log");
1071	0f282d7a	Scott Ullrich
1072	5b237745	Scott Ullrich	}
1073
1074	652cf082	Seth Mos	function sync_system_time() {
1075			global $config, $g;
1076
1077			$syscfg = $config['system'];
1078
1079			if ($g['booting'])
1080	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1081	652cf082	Seth Mos
1082			/* foreach through servers and write out to ntpd.conf */
1083			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1084			mwexec("/usr/sbin/ntpdate -s $ts");
1085			}
1086	4582b281	Scott Ullrich
1087			if ($g['booting'])
1088			echo "done.\n";
1089
1090	652cf082	Seth Mos	}
1091
1092	405e5de0	Scott Ullrich	function system_halt() {
1093			global $g;
1094
1095			system_reboot_cleanup();
1096
1097			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
1098			}
1099
1100	5b237745	Scott Ullrich	function system_reboot() {
1101			global $g;
1102	0f282d7a	Scott Ullrich
1103	5b237745	Scott Ullrich	system_reboot_cleanup();
1104	0f282d7a	Scott Ullrich
1105	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1106			}
1107
1108			function system_reboot_sync() {
1109			global $g;
1110	0f282d7a	Scott Ullrich
1111	5b237745	Scott Ullrich	system_reboot_cleanup();
1112	0f282d7a	Scott Ullrich
1113	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1114			}
1115
1116			function system_reboot_cleanup() {
1117	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1118	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1119	336e3c1c	Charlie	require_once("voucher.inc");
1120			voucher_save_db_to_config();
1121	5b237745	Scott Ullrich	}
1122
1123			function system_do_shell_commands($early = 0) {
1124	f19d3b7a	Scott Ullrich	global $config, $g;
1125	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1126			$mt = microtime();
1127	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1128	58c7450e	Scott Ullrich	}
1129	0f282d7a	Scott Ullrich
1130	5b237745	Scott Ullrich	if ($early)
1131			$cmdn = "earlyshellcmd";
1132			else
1133			$cmdn = "shellcmd";
1134	0f282d7a	Scott Ullrich
1135	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1136	333f8ef0	Scott Ullrich
1137	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1138	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1139			exec($cmd);
1140			}
1141	245388b4	Scott Ullrich
1142			} elseif($config['system'][$cmdn] <> "") {
1143	333f8ef0	Scott Ullrich
1144	245388b4	Scott Ullrich	/* execute single item */
1145			exec($config['system'][$cmdn]);
1146
1147	5b237745	Scott Ullrich	}
1148			}
1149
1150			function system_console_configure() {
1151	f19d3b7a	Scott Ullrich	global $config, $g;
1152	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1153			$mt = microtime();
1154	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1155	333f8ef0	Scott Ullrich	}
1156	0f282d7a	Scott Ullrich
1157	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1158			touch("{$g['varetc_path']}/disableconsole");
1159			} else {
1160			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1161			}
1162			}
1163
1164			function system_dmesg_save() {
1165	f19d3b7a	Scott Ullrich	global $g;
1166	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1167			$mt = microtime();
1168	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1169	f19d3b7a	Scott Ullrich	}
1170	0f282d7a	Scott Ullrich
1171	767a716e	Scott Ullrich	$dmesg = "";
1172	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1173	0f282d7a	Scott Ullrich
1174	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1175			$lastcpline = 0;
1176	0f282d7a	Scott Ullrich
1177	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1178			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1179			$lastcpline = $i;
1180			}
1181	0f282d7a	Scott Ullrich
1182	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1183			if (!$fd) {
1184			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1185			return 1;
1186			}
1187	0f282d7a	Scott Ullrich
1188	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1189			fwrite($fd, $dmesg[$i] . "\n");
1190	0f282d7a	Scott Ullrich
1191	5b237745	Scott Ullrich	fclose($fd);
1192	0f282d7a	Scott Ullrich
1193	5b237745	Scott Ullrich	return 0;
1194			}
1195
1196			function system_set_harddisk_standby() {
1197	f19d3b7a	Scott Ullrich	global $g, $config;
1198	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1199			$mt = microtime();
1200	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1201	58c7450e	Scott Ullrich	}
1202	5b237745	Scott Ullrich
1203			if (isset($config['system']['harddiskstandby'])) {
1204			if ($g['booting']) {
1205	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1206	5b237745	Scott Ullrich	}
1207
1208			$standby = $config['system']['harddiskstandby'];
1209			// Check for a numeric value
1210			if (is_numeric($standby)) {
1211			// Sync the disk(s)
1212			mwexec('/bin/sync');
1213			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1214			// Reinitialize ATA-drives
1215			mwexec('/usr/local/sbin/atareinit');
1216			if ($g['booting']) {
1217	5c6d0f65	Colin Smith	echo "done.\n";
1218	5b237745	Scott Ullrich	}
1219			} else if ($g['booting']) {
1220	5c6d0f65	Colin Smith	echo "failed!\n";
1221	5b237745	Scott Ullrich	}
1222			} else if ($g['booting']) {
1223	5c6d0f65	Colin Smith	echo "failed!\n";
1224	5b237745	Scott Ullrich	}
1225			}
1226			}
1227
1228	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1229	f19d3b7a	Scott Ullrich	global $config;
1230	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1231			$mt = microtime();
1232	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1233	58c7450e	Scott Ullrich	}
1234	243aa7b9	Scott Ullrich
1235	6df9d7e3	Scott Ullrich	activate_sysctls();
1236
1237	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1238			system_disable_arp_wrong_if();
1239			}
1240			}
1241
1242			function system_disable_arp_wrong_if() {
1243	f19d3b7a	Scott Ullrich	global $config;
1244	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1245			$mt = microtime();
1246	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1247	333f8ef0	Scott Ullrich	}
1248	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1249	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1250	3ff9d424	Scott Ullrich	}
1251
1252	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1253	f19d3b7a	Scott Ullrich	global $config;
1254	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1255			$mt = microtime();
1256	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1257	58c7450e	Scott Ullrich	}
1258	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1259	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1260	243aa7b9	Scott Ullrich	}
1261
1262	a199b93e	Scott Ullrich	function enable_watchdog() {
1263			global $config;
1264	1a479479	Scott Ullrich	return;
1265	a199b93e	Scott Ullrich	$install_watchdog = false;
1266			$supported_watchdogs = array("Geode");
1267			$file = file_get_contents("/var/log/dmesg.boot");
1268			foreach($supported_watchdogs as $sd) {
1269			if(stristr($file, "Geode")) {
1270			$install_watchdog = true;
1271			}
1272			}
1273			if($install_watchdog == true) {
1274	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1275	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1276	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1277	a199b93e	Scott Ullrich	}
1278			}
1279	243aa7b9	Scott Ullrich
1280	be5d59d7	Scott Ullrich	?>

Project

General

Profile

pfSense