/usr/local/www/system_firmware.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_firmware.php @ 75ba86da

1	4668f9f7	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	580182e2	Colin Smith	system_firmware.php
5	3469020b	Scott Ullrich	Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
6			All rights reserved.
7
8			originally part of m0n0wall (http://m0n0.ch/wall)
9			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11
12
13			originally part of m0n0wall (http://m0n0.ch/wall)
14	580182e2	Colin Smith
15			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
16			All rights reserved.
17
18			Redistribution and use in source and binary forms, with or without
19			modification, are permitted provided that the following conditions are met:
20
21			1. Redistributions of source code must retain the above copyright notice,
22			this list of conditions and the following disclaimer.
23
24			2. Redistributions in binary form must reproduce the above copyright
25			notice, this list of conditions and the following disclaimer in the
26			documentation and/or other materials provided with the distribution.
27
28			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
29			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
30			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
31			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
32			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37			POSSIBILITY OF SUCH DAMAGE.
38	5b237745	Scott Ullrich	*/
39
40	3958d63b	Colin Smith	$d_isfwfile = 1;
41	6605faea	Scott Ullrich	require_once("guiconfig.inc");
42	00b1a7eb	Scott Ullrich
43			$curcfg = $config['system']['firmware'];
44
45
46	6605faea	Scott Ullrich	require_once("xmlrpc_client.inc");
47	aa08f46b	Bill Marquette
48	00b1a7eb	Scott Ullrich	/* Allow additional execution time 0 = no limit. */
49			ini_set('max_execution_time', '3600');
50			ini_set('max_input_time', '3600');
51
52	8b7c81d7	Scott Ullrich	/* if upgrade in progress, alert user */
53			if(file_exists($d_firmwarelock_path)) {
54	9174b524	Scott Ullrich	$pgtitle = "System: Firmware: Manual Update";
55	8b7c81d7	Scott Ullrich	include("head.inc");
56			echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n";
57			include("fbegin.inc");
58			echo "<div>\n";
59	11d46d11	Scott Ullrich	print_info_box("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.<p><center><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif'>");
60	8b7c81d7	Scott Ullrich	echo "</div>\n";
61			include("fend.inc");
62			echo "</body>";
63			echo "</html>";
64			exit;
65			}
66
67	37f6b795	Scott Ullrich	if($_POST['kerneltype']) {
68			if($_POST['kerneltype'] == "single")
69			system("touch /boot/kernel/pfsense_kernel.txt");
70			else
71			system("echo {$_POST['kerneltype']} > /boot/kernel/pfsense_kernel.txt");
72			}
73
74	aa08f46b	Bill Marquette	/* Handle manual upgrade */
75	5b237745	Scott Ullrich	if ($_POST && !file_exists($d_firmwarelock_path)) {
76
77	580182e2	Colin Smith	unset($input_errors);
78			unset($sig_warning);
79	00b1a7eb	Scott Ullrich
80	580182e2	Colin Smith	if (stristr($_POST['Submit'], "Enable"))
81			$mode = "enable";
82			else if (stristr($_POST['Submit'], "Disable"))
83			$mode = "disable";
84			else if (stristr($_POST['Submit'], "Upgrade") \|\| $_POST['sig_override'])
85			$mode = "upgrade";
86			else if ($_POST['sig_no']) {
87	709f48f0	Scott Ullrich	if(file_exists("{$g['upload_path']}/firmware.tgz"))
88			unlink("{$g['upload_path']}/firmware.tgz");
89	580182e2	Colin Smith	}
90			if ($mode) {
91			if ($mode == "enable") {
92	b6f67235	Scott Ullrich	conf_mount_rw();
93	580182e2	Colin Smith	touch($d_fwupenabled_path);
94			} else if ($mode == "disable") {
95	b6f67235	Scott Ullrich	conf_mount_ro();
96	580182e2	Colin Smith	if (file_exists($d_fwupenabled_path))
97			unlink($d_fwupenabled_path);
98			} else if ($mode == "upgrade") {
99			if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
100			/* verify firmware image(s) */
101			if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override'])
102	f44a6ab5	Bill Marquette	$input_errors[] = "The uploaded image file is not for this platform ({$g['platform']}).";
103	580182e2	Colin Smith	else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
104			/* probably out of memory for the MFS */
105			$input_errors[] = "Image upload failed (out of memory?)";
106			exec_rc_script("/etc/rc.firmware disable");
107			if (file_exists($d_fwupenabled_path))
108			unlink($d_fwupenabled_path);
109			} else {
110			/* move the image so PHP won't delete it */
111	1ef7b568	Scott Ullrich	rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
112	580182e2	Colin Smith
113			/* check digital signature */
114	1ef7b568	Scott Ullrich	$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
115	580182e2	Colin Smith
116			if ($sigchk == 1)
117			$sig_warning = "The digital signature on this image is invalid.";
118			else if ($sigchk == 2)
119			$sig_warning = "This image is not digitally signed.";
120			else if (($sigchk == 3) \|\| ($sigchk == 4))
121			$sig_warning = "There has been an error verifying the signature on this image.";
122
123	709f48f0	Scott Ullrich	if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
124	580182e2	Colin Smith	$input_errors[] = "The image file is corrupt.";
125	1ef7b568	Scott Ullrich	unlink("{$g['upload_path']}/firmware.tgz");
126	580182e2	Colin Smith	}
127			}
128			}
129	6e0df0d5	Scott Ullrich
130			run_plugins("/usr/local/pkg/firmware_upgrade");
131
132	1ef7b568	Scott Ullrich	/* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */
133			if (!$input_errors && !file_exists($d_firmwarelock_path) && (!$sig_warning \|\| $_POST['sig_override'])) {
134			if (file_exists("{$g['upload_path']}/firmware.tgz")) {
135			/* fire up the update script in the background */
136			touch($d_firmwarelock_path);
137			$savemsg = "The firmware is now being updated. The firewall will reboot automatically.";
138	b11a8cbf	Scott Ullrich	if(stristr($_FILES['ulfile']['name'],"nanobsd") or $_POST['isnano'] == "yes")
139	b250db6c	Scott Ullrich	mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz");
140			else if(stristr($_FILES['ulfile']['name'],"bdiff"))
141	00b1a7eb	Scott Ullrich	mwexec_bg("/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz");
142			else
143			mwexec_bg("/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/firmware.tgz");
144	1ef7b568	Scott Ullrich	} else {
145			$savemsg = "Firmware image missing or other error, please try again.";
146			}
147			}
148	580182e2	Colin Smith	}
149			}
150	5b237745	Scott Ullrich	}
151	e2fa4962	Scott Ullrich
152	3469020b	Scott Ullrich	$pgtitle = "System: Firmware: Manual Update";
153	52380979	Scott Ullrich	include("head.inc");
154
155	5b237745	Scott Ullrich	?>
156	580182e2	Colin Smith	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
157			<?php include("fbegin.inc"); ?>
158	3469020b	Scott Ullrich	<p class="pgtitle"><?=$pgtitle?></p>
159	580182e2	Colin Smith	<?php if ($input_errors) print_input_errors($input_errors); ?>
160	1ef7b568	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
161	580182e2	Colin Smith	<?php if ($fwinfo <> "") print_info_box($fwinfo); ?>
162	77720bd3	Colin Smith	<?php if ($sig_warning && !$input_errors): ?>
163	5b237745	Scott Ullrich	<form action="system_firmware.php" method="post">
164	4668f9f7	Scott Ullrich	<?php
165	5b237745	Scott Ullrich	$sig_warning = "<strong>" . $sig_warning . "</strong><br>This means that the image you uploaded " .
166	580182e2	Colin Smith	"is not an official/supported image and may lead to unexpected behavior or security " .
167			"compromises. Only install images that come from sources that you trust, and make sure ".
168			"that the image has not been tampered with.<br><br>".
169			"Do you want to install this image anyway (on your own risk)?";
170	5b237745	Scott Ullrich	print_info_box($sig_warning);
171	b11a8cbf	Scott Ullrich	if(stristr($_FILES['ulfile']['name'],"nanobsd"))
172			echo "<input type='hidden' name='isnano' id='isnano' value='yes'>\n";
173	5b237745	Scott Ullrich	?>
174			<input name="sig_override" type="submit" class="formbtn" id="sig_override" value=" Yes ">
175			<input name="sig_no" type="submit" class="formbtn" id="sig_no" value=" No ">
176	819197a8	Scott Ullrich	</form>
177	5b237745	Scott Ullrich	<?php else: ?>
178			<?php if (!file_exists($d_firmwarelock_path)): ?>
179	819197a8	Scott Ullrich	<form action="system_firmware.php" method="post" enctype="multipart/form-data">
180	580182e2	Colin Smith	<table width="100%" border="0" cellpadding="0" cellspacing="0">
181			<tr>
182			<td>
183	4820d297	Scott Ullrich	<?php
184			$tab_array = array();
185			$tab_array[0] = array("Manual Update", true, "system_firmware.php");
186	00b1a7eb	Scott Ullrich	$tab_array[1] = array("Auto Update", false, "system_firmware_check.php");
187			$tab_array[2] = array("Updater Settings", false, "system_firmware_settings.php");
188	4820d297	Scott Ullrich	display_top_tabs($tab_array);
189			?>
190	580182e2	Colin Smith	</td>
191			</tr>
192	222494af	Colin Smith	<tr>
193	e12d98ea	Bill Marquette	<td>
194			<div id="mainarea">
195			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
196	3958d63b	Colin Smith	<tr>
197	00b1a7eb	Scott Ullrich	<td colspan="2" class="listtopic">Invoke <?=$g['product_name']?> Manual Upgrade</td>
198	580182e2	Colin Smith	</tr>
199			<td width="22%" valign="baseline" class="vncell"> </td>
200	db7f4f2b	Scott Ullrich	<td width="78%" class="vtable">
201	aa08f46b	Bill Marquette	<p>Click "Enable firmware
202	82cab169	Scott Ullrich	upload" below, then choose the image file (<?=$g['firmware_update_text'];?>)
203	580182e2	Colin Smith	to be uploaded.<br>Click "Upgrade firmware"
204	aa08f46b	Bill Marquette	to start the upgrade process.</p>
205	03c64985	Scott Ullrich	<?php if (!file_exists($d_sysrebootreqd_path)): ?>
206	5b237745	Scott Ullrich	<?php if (!file_exists($d_fwupenabled_path)): ?>
207			<input name="Submit" type="submit" class="formbtn" value="Enable firmware upload">
208	580182e2	Colin Smith	<?php else: ?>
209			<input name="Submit" type="submit" class="formbtn" value="Disable firmware upload">
210	5b237745	Scott Ullrich	<br><br>
211	580182e2	Colin Smith	<strong>Firmware image file: </strong>
212			<input name="ulfile" type="file" class="formfld">
213	5b237745	Scott Ullrich	<br><br>
214	ec402ba5	Scott Ullrich	<?php
215			if(!file_exists("/boot/kernel/pfsense_kernel.txt")) {
216			if($g['platform'] == "pfSense") {
217	37f6b795	Scott Ullrich	echo "Please select kernel type: ";
218			echo "<select name='kerneltype'>";
219	ec402ba5	Scott Ullrich	echo "<option value='SMP'>Multiprocessor kernel</option>";
220	9fce470b	Chris Buechler	echo "<option value='single'>Uniprocessor kernel</option>";
221	ec402ba5	Scott Ullrich	echo "<option value='wrap'>Embedded kernel</option>";
222	98d79efb	Scott Ullrich	echo "<option value='Developers'>Developers kernel</option>";
223	ec402ba5	Scott Ullrich	echo "</select>";
224	00b1a7eb	Scott Ullrich	echo "<br><br>";
225	ec402ba5	Scott Ullrich	}
226			}
227			?>
228	427a8ac9	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Upgrade firmware">
229	580182e2	Colin Smith	<?php endif; else: ?>
230	03c64985	Scott Ullrich	<strong>You must reboot the system before you can upgrade the firmware.</strong>
231	580182e2	Colin Smith	<?php endif; ?>
232	5b237745	Scott Ullrich	</td>
233	580182e2	Colin Smith	</td>
234	5b237745	Scott Ullrich	</tr>
235	4668f9f7	Scott Ullrich	<tr>
236	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
237			<td width="78%"><span class="vexpl"><span class="red"><strong>Warning:<br>
238	4668f9f7	Scott Ullrich	</strong></span>DO NOT abort the firmware upgrade once it
239			has started. The firewall will reboot automatically after
240	5b237745	Scott Ullrich	storing the new firmware. The configuration will be maintained.</span></td>
241			</table>
242	e12d98ea	Bill Marquette	</div>
243	580182e2	Colin Smith	</tr>
244			</td>
245	222494af	Colin Smith	</table>
246	580182e2	Colin Smith
247	5b237745	Scott Ullrich	</form>
248	03c64985	Scott Ullrich	<?php endif; endif; ?>
249	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
250			</body>
251			</html>

Project

General

Profile

pfSense