/src/etc/inc/upgrade_config.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/upgrade_config.inc @ 75bb92c4

1	791bcfd4	Bill Marquette	<?php
2			/*
3	ce77a9c4	Phil Davis	upgrade_config.inc
4			*/
5	995df6c3	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without modification,
9			* are permitted provided that the following conditions are met:
10			*
11			* 1. Redistributions of source code must retain the above copyright notice,
12			* this list of conditions and the following disclaimer.
13			*
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in
16			* the documentation and/or other materials provided with the
17			* distribution.
18			*
19			* 3. All advertising materials mentioning features or use of this software
20			* must display the following acknowledgment:
21			* "This product includes software developed by the pfSense Project
22			* for use in the pfSense software distribution. (http://www.pfsense.org/).
23			*
24			* 4. The names "pfSense" and "pfSense Project" must not be used to
25			* endorse or promote products derived from this software without
26			* prior written permission. For written permission, please contact
27			* coreteam@pfsense.org.
28			*
29			* 5. Products derived from this software may not be called "pfSense"
30			* nor may "pfSense" appear in their names without prior written
31			* permission of the Electric Sheep Fencing, LLC.
32			*
33			* 6. Redistributions of any form whatsoever must retain the following
34			* acknowledgment:
35			*
36			* "This product includes software developed by the pfSense Project
37			* for use in the pfSense software distribution (http://www.pfsense.org/).
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			*
52			* ====================================================================
53			*
54			*/
55	791bcfd4	Bill Marquette
56	751533a2	Phil Davis	if (!function_exists("dump_rrd_to_xml")) {
57	901aa044	Scott Ullrich	require("rrd.inc");
58	751533a2	Phil Davis	}
59	901aa044	Scott Ullrich
60	791bcfd4	Bill Marquette	/* Upgrade functions must be named:
61			* upgrade_XXX_to_YYY
62			* where XXX == previous version, zero padded, and YYY == next version, zero padded
63			*/
64			function upgrade_010_to_011() {
65			global $config;
66			$opti = 1;
67			$ifmap = array('lan' => 'lan', 'wan' => 'wan', 'pptp' => 'pptp');
68
69			/* convert DMZ to optional, if necessary */
70			if (isset($config['interfaces']['dmz'])) {
71
72			$dmzcfg = &$config['interfaces']['dmz'];
73
74			if ($dmzcfg['if']) {
75			$config['interfaces']['opt' . $opti] = array();
76			$optcfg = &$config['interfaces']['opt' . $opti];
77
78			$optcfg['enable'] = $dmzcfg['enable'];
79			$optcfg['descr'] = "DMZ";
80			$optcfg['if'] = $dmzcfg['if'];
81			$optcfg['ipaddr'] = $dmzcfg['ipaddr'];
82			$optcfg['subnet'] = $dmzcfg['subnet'];
83
84			$ifmap['dmz'] = "opt" . $opti;
85			$opti++;
86			}
87
88			unset($config['interfaces']['dmz']);
89			}
90
91			/* convert WLAN1/2 to optional, if necessary */
92			for ($i = 1; isset($config['interfaces']['wlan' . $i]); $i++) {
93
94			if (!$config['interfaces']['wlan' . $i]['if']) {
95			unset($config['interfaces']['wlan' . $i]);
96			continue;
97			}
98
99			$wlancfg = &$config['interfaces']['wlan' . $i];
100			$config['interfaces']['opt' . $opti] = array();
101			$optcfg = &$config['interfaces']['opt' . $opti];
102
103			$optcfg['enable'] = $wlancfg['enable'];
104			$optcfg['descr'] = "WLAN" . $i;
105			$optcfg['if'] = $wlancfg['if'];
106			$optcfg['ipaddr'] = $wlancfg['ipaddr'];
107			$optcfg['subnet'] = $wlancfg['subnet'];
108			$optcfg['bridge'] = $wlancfg['bridge'];
109
110			$optcfg['wireless'] = array();
111			$optcfg['wireless']['mode'] = $wlancfg['mode'];
112			$optcfg['wireless']['ssid'] = $wlancfg['ssid'];
113			$optcfg['wireless']['channel'] = $wlancfg['channel'];
114			$optcfg['wireless']['wep'] = $wlancfg['wep'];
115
116			$ifmap['wlan' . $i] = "opt" . $opti;
117
118			unset($config['interfaces']['wlan' . $i]);
119			$opti++;
120			}
121
122			/* convert filter rules */
123			$n = count($config['filter']['rule']);
124			for ($i = 0; $i < $n; $i++) {
125
126			$fr = &$config['filter']['rule'][$i];
127
128			/* remap interface */
129	751533a2	Phil Davis	if (array_key_exists($fr['interface'], $ifmap)) {
130	791bcfd4	Bill Marquette	$fr['interface'] = $ifmap[$fr['interface']];
131	751533a2	Phil Davis	} else {
132	791bcfd4	Bill Marquette	/* remove the rule */
133	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
134			"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
135	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
136			continue;
137			}
138
139			/* remap source network */
140			if (isset($fr['source']['network'])) {
141	751533a2	Phil Davis	if (array_key_exists($fr['source']['network'], $ifmap)) {
142	791bcfd4	Bill Marquette	$fr['source']['network'] = $ifmap[$fr['source']['network']];
143	751533a2	Phil Davis	} else {
144	791bcfd4	Bill Marquette	/* remove the rule */
145	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
146			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
147	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
148			continue;
149			}
150			}
151
152			/* remap destination network */
153			if (isset($fr['destination']['network'])) {
154	751533a2	Phil Davis	if (array_key_exists($fr['destination']['network'], $ifmap)) {
155	791bcfd4	Bill Marquette	$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
156	751533a2	Phil Davis	} else {
157	791bcfd4	Bill Marquette	/* remove the rule */
158	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
159			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
160	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
161			continue;
162			}
163			}
164			}
165
166			/* convert shaper rules */
167			$n = count($config['pfqueueing']['rule']);
168	751533a2	Phil Davis	if (is_array($config['pfqueueing']['rule'])) {
169			for ($i = 0; $i < $n; $i++) {
170	791bcfd4	Bill Marquette
171	751533a2	Phil Davis	$fr = &$config['pfqueueing']['rule'][$i];
172	791bcfd4	Bill Marquette
173	751533a2	Phil Davis	/* remap interface */
174			if (array_key_exists($fr['interface'], $ifmap)) {
175			$fr['interface'] = $ifmap[$fr['interface']];
176			} else {
177	791bcfd4	Bill Marquette	/* remove the rule */
178	4d511e5b	Renato Botelho	printf(gettext("%sWarning: traffic shaper rule removed " .
179	751533a2	Phil Davis	"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
180	791bcfd4	Bill Marquette	unset($config['pfqueueing']['rule'][$i]);
181			continue;
182			}
183
184	751533a2	Phil Davis	/* remap source network */
185			if (isset($fr['source']['network'])) {
186			if (array_key_exists($fr['source']['network'], $ifmap)) {
187			$fr['source']['network'] = $ifmap[$fr['source']['network']];
188			} else {
189			/* remove the rule */
190			printf(gettext("%sWarning: traffic shaper rule removed " .
191			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
192			unset($config['pfqueueing']['rule'][$i]);
193			continue;
194			}
195			}
196
197			/* remap destination network */
198			if (isset($fr['destination']['network'])) {
199			if (array_key_exists($fr['destination']['network'], $ifmap)) {
200			$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
201			} else {
202			/* remove the rule */
203			printf(gettext("%sWarning: traffic shaper rule removed " .
204			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
205			unset($config['pfqueueing']['rule'][$i]);
206			continue;
207			}
208	791bcfd4	Bill Marquette	}
209			}
210			}
211			}
212
213
214			function upgrade_011_to_012() {
215			global $config;
216			/* move LAN DHCP server config */
217			$tmp = $config['dhcpd'];
218			$config['dhcpd'] = array();
219			$config['dhcpd']['lan'] = $tmp;
220
221			/* encrypt password */
222			$config['system']['password'] = crypt($config['system']['password']);
223			}
224
225
226			function upgrade_012_to_013() {
227			global $config;
228			/* convert advanced outbound NAT config */
229			for ($i = 0; isset($config['nat']['advancedoutbound']['rule'][$i]); $i++) {
230			$curent = &$config['nat']['advancedoutbound']['rule'][$i];
231			$src = $curent['source'];
232			$curent['source'] = array();
233			$curent['source']['network'] = $src;
234			$curent['destination'] = array();
235			$curent['destination']['any'] = true;
236			}
237
238			/* add an explicit type="pass" to all filter rules to make things consistent */
239			for ($i = 0; isset($config['filter']['rule'][$i]); $i++) {
240			$config['filter']['rule'][$i]['type'] = "pass";
241			}
242			}
243
244
245			function upgrade_013_to_014() {
246			global $config;
247			/* convert shaper rules (make pipes) */
248			if (is_array($config['pfqueueing']['rule'])) {
249			$config['pfqueueing']['pipe'] = array();
250
251			for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) {
252			$curent = &$config['pfqueueing']['rule'][$i];
253
254			/* make new pipe and associate with this rule */
255			$newpipe = array();
256			$newpipe['descr'] = $curent['descr'];
257			$newpipe['bandwidth'] = $curent['bandwidth'];
258			$newpipe['delay'] = $curent['delay'];
259			$newpipe['mask'] = $curent['mask'];
260			$config['pfqueueing']['pipe'][$i] = $newpipe;
261
262			$curent['targetpipe'] = $i;
263
264			unset($curent['bandwidth']);
265			unset($curent['delay']);
266			unset($curent['mask']);
267			}
268			}
269			}
270
271
272			function upgrade_014_to_015() {
273			global $config;
274			/* Default route moved */
275	751533a2	Phil Davis	if (isset($config['interfaces']['wan']['gateway'])) {
276			if ($config['interfaces']['wan']['gateway'] <> "") {
277	839966e3	Phil Davis	$config['system']['gateway'] = $config['interfaces']['wan']['gateway'];
278	751533a2	Phil Davis	}
279	fa6e5ba5	Phil Davis	unset($config['interfaces']['wan']['gateway']);
280	751533a2	Phil Davis	}
281	791bcfd4	Bill Marquette
282			/* Queues are no longer interface specific */
283	751533a2	Phil Davis	if (isset($config['interfaces']['lan']['schedulertype'])) {
284	791bcfd4	Bill Marquette	unset($config['interfaces']['lan']['schedulertype']);
285	751533a2	Phil Davis	}
286			if (isset($config['interfaces']['wan']['schedulertype'])) {
287	791bcfd4	Bill Marquette	unset($config['interfaces']['wan']['schedulertype']);
288	751533a2	Phil Davis	}
289	791bcfd4	Bill Marquette
290			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
291	751533a2	Phil Davis	if (isset($config['interfaces']['opt' . $i]['schedulertype'])) {
292	791bcfd4	Bill Marquette	unset($config['interfaces']['opt' . $i]['schedulertype']);
293	751533a2	Phil Davis	}
294	791bcfd4	Bill Marquette	}
295			}
296
297
298			function upgrade_015_to_016() {
299			global $config;
300			/* Alternate firmware URL moved */
301			if (isset($config['system']['firmwareurl']) && isset($config['system']['firmwarename'])) { // Only convert if both are defined.
302			$config['system']['alt_firmware_url'] = array();
303			$config['system']['alt_firmware_url']['enabled'] = "";
304			$config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl'];
305			$config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename'];
306	fa6e5ba5	Phil Davis	}
307			if (isset($config['system']['firmwareurl'])) {
308			unset($config['system']['firmwareurl']);
309			}
310			if (isset($config['system']['firmwarename'])) {
311			unset($config['system']['firmwarename']);
312	791bcfd4	Bill Marquette	}
313			}
314
315
316			function upgrade_016_to_017() {
317			global $config;
318			/* wipe previous shaper configuration */
319	fa6e5ba5	Phil Davis	if (isset($config['shaper']['queue'])) {
320			unset($config['shaper']['queue']);
321			}
322			if (isset($config['shaper']['rule'])) {
323			unset($config['shaper']['rule']);
324			}
325			if (isset($config['interfaces']['wan']['bandwidth'])) {
326			unset($config['interfaces']['wan']['bandwidth']);
327			}
328			if (isset($config['interfaces']['wan']['bandwidthtype'])) {
329			unset($config['interfaces']['wan']['bandwidthtype']);
330			}
331			if (isset($config['interfaces']['lan']['bandwidth'])) {
332			unset($config['interfaces']['lan']['bandwidth']);
333			}
334			if (isset($config['interfaces']['lan']['bandwidthtype'])) {
335			unset($config['interfaces']['lan']['bandwidthtype']);
336			}
337	791bcfd4	Bill Marquette	$config['shaper']['enable'] = FALSE;
338			}
339
340
341			function upgrade_017_to_018() {
342			global $config;
343	751533a2	Phil Davis	if (isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) {
344	791bcfd4	Bill Marquette	$proxyarp = &$config['proxyarp']['proxyarpnet'];
345	751533a2	Phil Davis	foreach ($proxyarp as $arpent) {
346	791bcfd4	Bill Marquette	$vip = array();
347			$vip['mode'] = "proxyarp";
348			$vip['interface'] = $arpent['interface'];
349			$vip['descr'] = $arpent['descr'];
350			if (isset($arpent['range'])) {
351			$vip['range'] = $arpent['range'];
352			$vip['type'] = "range";
353			} else {
354			$subnet = explode('/', $arpent['network']);
355			$vip['subnet'] = $subnet[0];
356			if (isset($subnet[1])) {
357			$vip['subnet_bits'] = $subnet[1];
358			$vip['type'] = "network";
359			} else {
360			$vip['subnet_bits'] = "32";
361			$vip['type'] = "single";
362			}
363			}
364			$config['virtualip']['vip'][] = $vip;
365			}
366			unset($config['proxyarp']);
367			}
368	751533a2	Phil Davis	if (isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) {
369	791bcfd4	Bill Marquette	$carp = &$config['installedpackages']['carp']['config'];
370	751533a2	Phil Davis	foreach ($carp as $carpent) {
371	791bcfd4	Bill Marquette	$vip = array();
372			$vip['mode'] = "carp";
373			$vip['interface'] = "AUTO";
374	4d511e5b	Renato Botelho	$vip['descr'] = sprintf(gettext("CARP vhid %s"), $carpent['vhid']);
375	791bcfd4	Bill Marquette	$vip['type'] = "single";
376			$vip['vhid'] = $carpent['vhid'];
377			$vip['advskew'] = $carpent['advskew'];
378			$vip['password'] = $carpent['password'];
379			$vip['subnet'] = $carpent['ipaddress'];
380			$vip['subnet_bits'] = $carpent['netmask'];
381			$config['virtualip']['vip'][] = $vip;
382			}
383			unset($config['installedpackages']['carp']);
384			}
385			/* Server NAT is no longer needed */
386	fa6e5ba5	Phil Davis	if (isset($config['nat']['servernat'])) {
387			unset($config['nat']['servernat']);
388			}
389	791bcfd4	Bill Marquette
390			/* enable SSH */
391			if ($config['version'] == "1.8") {
392			$config['system']['sshenabled'] = true;
393			}
394			}
395
396
397			function upgrade_018_to_019() {
398			global $config;
399			}
400
401
402			function upgrade_019_to_020() {
403			global $config;
404	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
405	791bcfd4	Bill Marquette	reset($config['ipsec']['tunnel']);
406			while (list($index, $tunnel) = each($config['ipsec']['tunnel'])) {
407			/* Sanity check on required variables */
408			/* This fixes bogus <tunnel> entries - remnant of bug #393 */
409			if (!isset($tunnel['local-subnet']) && !isset($tunnel['remote-subnet'])) {
410			unset($config['ipsec']['tunnel'][$tunnel]);
411			}
412			}
413			}
414			}
415
416			function upgrade_020_to_021() {
417			global $config;
418			/* shaper scheduler moved */
419	751533a2	Phil Davis	if (isset($config['system']['schedulertype'])) {
420	791bcfd4	Bill Marquette	$config['shaper']['schedulertype'] = $config['system']['schedulertype'];
421			unset($config['system']['schedulertype']);
422			}
423			}
424
425
426			function upgrade_021_to_022() {
427			global $config;
428			/* move gateway to wan interface */
429			$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
430			}
431
432			function upgrade_022_to_023() {
433			global $config;
434	751533a2	Phil Davis	if (isset($config['shaper'])) {
435	791bcfd4	Bill Marquette	/* wipe previous shaper configuration */
436			unset($config['shaper']);
437			}
438			}
439
440
441			function upgrade_023_to_024() {
442			global $config;
443			}
444
445
446			function upgrade_024_to_025() {
447			global $config;
448			$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
449	fa6e5ba5	Phil Davis	if (isset($config['system']['use_rrd_gateway'])) {
450			unset($config['system']['use_rrd_gateway']);
451			}
452	791bcfd4	Bill Marquette	}
453
454
455			function upgrade_025_to_026() {
456			global $config;
457			$cron_item = array();
458			$cron_item['minute'] = "0";
459			$cron_item['hour'] = "*";
460			$cron_item['mday'] = "*";
461			$cron_item['month'] = "*";
462			$cron_item['wday'] = "*";
463			$cron_item['who'] = "root";
464			$cron_item['command'] = "/usr/bin/nice -n20 newsyslog";
465
466			$config['cron']['item'][] = $cron_item;
467
468			$cron_item = array();
469			$cron_item['minute'] = "1,31";
470			$cron_item['hour'] = "0-5";
471			$cron_item['mday'] = "*";
472			$cron_item['month'] = "*";
473			$cron_item['wday'] = "*";
474			$cron_item['who'] = "root";
475			$cron_item['command'] = "/usr/bin/nice -n20 adjkerntz -a";
476
477			$config['cron']['item'][] = $cron_item;
478
479			$cron_item = array();
480			$cron_item['minute'] = "1";
481			$cron_item['hour'] = "*";
482			$cron_item['mday'] = "1";
483			$cron_item['month'] = "*";
484			$cron_item['wday'] = "*";
485			$cron_item['who'] = "root";
486			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_bogons.sh";
487
488			$config['cron']['item'][] = $cron_item;
489
490			$cron_item = array();
491			$cron_item['minute'] = "*/60";
492			$cron_item['hour'] = "*";
493			$cron_item['mday'] = "*";
494			$cron_item['month'] = "*";
495			$cron_item['wday'] = "*";
496			$cron_item['who'] = "root";
497			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout";
498
499			$config['cron']['item'][] = $cron_item;
500
501			$cron_item = array();
502			$cron_item['minute'] = "1";
503			$cron_item['hour'] = "1";
504			$cron_item['mday'] = "*";
505			$cron_item['month'] = "*";
506			$cron_item['wday'] = "*";
507			$cron_item['who'] = "root";
508			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update";
509
510			$config['cron']['item'][] = $cron_item;
511
512			$cron_item = array();
513			$cron_item['minute'] = "*/60";
514			$cron_item['hour'] = "*";
515			$cron_item['mday'] = "*";
516			$cron_item['month'] = "*";
517			$cron_item['wday'] = "*";
518			$cron_item['who'] = "root";
519			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot";
520
521			$config['cron']['item'][] = $cron_item;
522
523			$cron_item = array();
524			$cron_item['minute'] = "*/60";
525			$cron_item['hour'] = "*";
526			$cron_item['mday'] = "*";
527			$cron_item['month'] = "*";
528			$cron_item['wday'] = "*";
529			$cron_item['who'] = "root";
530			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c";
531
532			$config['cron']['item'][] = $cron_item;
533			}
534
535
536			function upgrade_026_to_027() {
537			global $config;
538			}
539
540
541			function upgrade_027_to_028() {
542			global $config;
543			}
544
545
546			function upgrade_028_to_029() {
547			global $config;
548			$rule_item = array();
549			$a_filter = &$config['filter']['rule'];
550			$rule_item['interface'] = "enc0";
551			$rule_item['type'] = "pass";
552			$rule_item['source']['any'] = true;
553			$rule_item['destination']['any'] = true;
554	4d511e5b	Renato Botelho	$rule_item['descr'] = gettext("Permit IPsec traffic.");
555	791bcfd4	Bill Marquette	$rule_item['statetype'] = "keep state";
556			$a_filter[] = $rule_item;
557			}
558
559
560			function upgrade_029_to_030() {
561			global $config;
562			/* enable the rrd config setting by default */
563			$config['rrd']['enable'] = true;
564			}
565
566
567			function upgrade_030_to_031() {
568			global $config;
569			/* Insert upgrade code here */
570			}
571
572
573			function upgrade_031_to_032() {
574			global $config;
575			/* Insert upgrade code here */
576			}
577
578
579			function upgrade_032_to_033() {
580			global $config;
581			/* Insert upgrade code here */
582			}
583
584
585			function upgrade_033_to_034() {
586			global $config;
587			/* Insert upgrade code here */
588			}
589
590
591			function upgrade_034_to_035() {
592			global $config;
593			/* Insert upgrade code here */
594			}
595
596
597			function upgrade_035_to_036() {
598			global $config;
599			/* Insert upgrade code here */
600			}
601
602
603			function upgrade_036_to_037() {
604			global $config;
605			/* Insert upgrade code here */
606			}
607
608
609			function upgrade_037_to_038() {
610			global $config;
611	db7f618b	Seth Mos	/* Insert upgrade code here */
612	791bcfd4	Bill Marquette	}
613
614
615			function upgrade_038_to_039() {
616			global $config;
617	ef026950	Ermal Lu?i	/* Insert upgrade code here */
618	791bcfd4	Bill Marquette	}
619
620
621			function upgrade_039_to_040() {
622	879f7db7	Erik Fonnesbeck	global $config, $g;
623	791bcfd4	Bill Marquette	$config['system']['webgui']['auth_method'] = "session";
624			$config['system']['webgui']['backing_method'] = "htpasswd";
625
626	fa6e5ba5	Phil Davis	if (isset($config['system']['username'])) {
627	791bcfd4	Bill Marquette	$config['system']['group'] = array();
628			$config['system']['group'][0]['name'] = "admins";
629	4d511e5b	Renato Botelho	$config['system']['group'][0]['description'] = gettext("System Administrators");
630	791bcfd4	Bill Marquette	$config['system']['group'][0]['scope'] = "system";
631	ebcdcaaa	jim-p	$config['system']['group'][0]['priv'] = "page-all";
632	791bcfd4	Bill Marquette	$config['system']['group'][0]['home'] = "index.php";
633			$config['system']['group'][0]['gid'] = "110";
634
635			$config['system']['user'] = array();
636			$config['system']['user'][0]['name'] = "{$config['system']['username']}";
637	9ff73b79	jim-p	$config['system']['user'][0]['descr'] = "System Administrator";
638	791bcfd4	Bill Marquette	$config['system']['user'][0]['scope'] = "system";
639			$config['system']['user'][0]['groupname'] = "admins";
640			$config['system']['user'][0]['password'] = "{$config['system']['password']}";
641			$config['system']['user'][0]['uid'] = "0";
642	6d8e6b22	jim-p	/* Ensure that we follow what this new "admin" username should be in the session. */
643			$_SESSION["Username"] = "{$config['system']['username']}";
644	791bcfd4	Bill Marquette
645			$config['system']['user'][0]['priv'] = array();
646			$config['system']['user'][0]['priv'][0]['id'] = "lockwc";
647			$config['system']['user'][0]['priv'][0]['name'] = "Lock webConfigurator";
648	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][0]['descr'] = gettext("Indicates whether this user will lock access to the webConfigurator for other users.");
649	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][1]['id'] = "lock-ipages";
650			$config['system']['user'][0]['priv'][1]['name'] = "Lock individual pages";
651	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][1]['descr'] = gettext("Indicates whether this user will lock individual HTML pages after having accessed a particular page (the lock will be freed if the user leaves or saves the page form).");
652	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][2]['id'] = "hasshell";
653			$config['system']['user'][0]['priv'][2]['name'] = "Has shell access";
654	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][2]['descr'] = gettext("Indicates whether this user is able to login for example via SSH.");
655	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
656			$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
657	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][3]['descr'] = sprintf(gettext("Indicates whether this user is allowed to copy files onto the %s appliance via SCP/SFTP. If you are going to use this privilege, you must install scponly on the appliance (Hint: pkg_add -r scponly)."), $g['product_name']);
658	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][4]['id'] = "isroot";
659			$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
660	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][4]['descr'] = gettext("This user is associated with the UNIX root user (you should associate this privilege only with one single user).");
661	791bcfd4	Bill Marquette
662			$config['system']['nextuid'] = "111";
663			$config['system']['nextgid'] = "111";
664
665			/* wipe previous auth configuration */
666	fa6e5ba5	Phil Davis	unset($config['system']['username']);
667			if (isset($config['system']['password'])) {
668			unset($config['system']['password']);
669			}
670	791bcfd4	Bill Marquette	}
671			}
672
673			function upgrade_040_to_041() {
674			global $config;
675	751533a2	Phil Davis	if (!$config['sysctl']) {
676	791bcfd4	Bill Marquette	$config['sysctl']['item'] = array();
677
678			$config['sysctl']['item'][0]['tunable'] = "net.inet.tcp.blackhole";
679	4816e5ca	Renato Botelho	$config['sysctl']['item'][0]['descr'] = gettext("Drop packets to closed TCP ports without returning a RST");
680	908c4eea	sullrich	$config['sysctl']['item'][0]['value'] = "default";
681	791bcfd4	Bill Marquette
682			$config['sysctl']['item'][1]['tunable'] = "net.inet.udp.blackhole";
683	4816e5ca	Renato Botelho	$config['sysctl']['item'][1]['descr'] = gettext("Do not send ICMP port unreachable messages for closed UDP ports");
684	908c4eea	sullrich	$config['sysctl']['item'][1]['value'] = "default";
685	791bcfd4	Bill Marquette
686			$config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id";
687	4816e5ca	Renato Botelho	$config['sysctl']['item'][2]['descr'] = gettext("Randomize the ID field in IP packets (default is 0: sequential IP IDs)");
688	908c4eea	sullrich	$config['sysctl']['item'][2]['value'] = "default";
689	791bcfd4	Bill Marquette
690			$config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin";
691	4816e5ca	Renato Botelho	$config['sysctl']['item'][3]['descr'] = gettext("Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)");
692	908c4eea	sullrich	$config['sysctl']['item'][3]['value'] = "default";
693	791bcfd4	Bill Marquette
694			$config['sysctl']['item'][4]['tunable'] = "net.inet.ip.redirect";
695	4816e5ca	Renato Botelho	$config['sysctl']['item'][4]['descr'] = gettext("Sending of IPv4 ICMP redirects");
696	908c4eea	sullrich	$config['sysctl']['item'][4]['value'] = "default";
697	791bcfd4	Bill Marquette
698			$config['sysctl']['item'][5]['tunable'] = "net.inet6.ip6.redirect";
699	4816e5ca	Renato Botelho	$config['sysctl']['item'][5]['descr'] = gettext("Sending of IPv6 ICMP redirects");
700	908c4eea	sullrich	$config['sysctl']['item'][5]['value'] = "default";
701	791bcfd4	Bill Marquette
702			$config['sysctl']['item'][6]['tunable'] = "net.inet.tcp.syncookies";
703	4816e5ca	Renato Botelho	$config['sysctl']['item'][6]['descr'] = gettext("Generate SYN cookies for outbound SYN-ACK packets");
704	908c4eea	sullrich	$config['sysctl']['item'][6]['value'] = "default";
705	791bcfd4	Bill Marquette
706			$config['sysctl']['item'][7]['tunable'] = "net.inet.tcp.recvspace";
707	4816e5ca	Renato Botelho	$config['sysctl']['item'][7]['descr'] = gettext("Maximum incoming TCP datagram size");
708	908c4eea	sullrich	$config['sysctl']['item'][7]['value'] = "default";
709	791bcfd4	Bill Marquette
710			$config['sysctl']['item'][8]['tunable'] = "net.inet.tcp.sendspace";
711	4816e5ca	Renato Botelho	$config['sysctl']['item'][8]['descr'] = gettext("Maximum outgoing TCP datagram size");
712	908c4eea	sullrich	$config['sysctl']['item'][8]['value'] = "default";
713	791bcfd4	Bill Marquette
714	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][9]['tunable'] = "net.inet.tcp.delayed_ack";
715			$config['sysctl']['item'][9]['descr'] = gettext("Do not delay ACK to try and piggyback it onto a data packet");
716	908c4eea	sullrich	$config['sysctl']['item'][9]['value'] = "default";
717	791bcfd4	Bill Marquette
718	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][10]['tunable'] = "net.inet.udp.maxdgram";
719			$config['sysctl']['item'][10]['descr'] = gettext("Maximum outgoing UDP datagram size");
720	908c4eea	sullrich	$config['sysctl']['item'][10]['value'] = "default";
721	791bcfd4	Bill Marquette
722	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][11]['tunable'] = "net.link.bridge.pfil_onlyip";
723			$config['sysctl']['item'][11]['descr'] = gettext("Handling of non-IP packets which are not passed to pfil (see if_bridge(4))");
724	908c4eea	sullrich	$config['sysctl']['item'][11]['value'] = "default";
725	791bcfd4	Bill Marquette
726	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][12]['tunable'] = "net.link.tap.user_open";
727			$config['sysctl']['item'][12]['descr'] = gettext("Allow unprivileged access to tap(4) device nodes");
728	908c4eea	sullrich	$config['sysctl']['item'][12]['value'] = "default";
729	791bcfd4	Bill Marquette
730	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][13]['tunable'] = "kern.randompid";
731			$config['sysctl']['item'][13]['descr'] = gettext("Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())");
732	908c4eea	sullrich	$config['sysctl']['item'][13]['value'] = "default";
733	791bcfd4	Bill Marquette
734	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][14]['tunable'] = "net.inet.tcp.inflight.enable";
735			$config['sysctl']['item'][14]['descr'] = gettext("The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. ");
736			$config['sysctl']['item'][14]['value'] = "default";
737
738			$config['sysctl']['item'][15]['tunable'] = "net.inet.icmp.icmplim";
739			$config['sysctl']['item'][15]['descr'] = gettext("Set ICMP Limits");
740	908c4eea	sullrich	$config['sysctl']['item'][15]['value'] = "default";
741	791bcfd4	Bill Marquette
742	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.tso";
743			$config['sysctl']['item'][16]['descr'] = gettext("TCP Offload engine");
744	908c4eea	sullrich	$config['sysctl']['item'][16]['value'] = "default";
745	791bcfd4	Bill Marquette
746	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][17]['tunable'] = "net.inet.ip.portrange.first";
747			$config['sysctl']['item'][17]['descr'] = "Set the ephemeral port range starting port";
748	908c4eea	sullrich	$config['sysctl']['item'][17]['value'] = "default";
749	791bcfd4	Bill Marquette
750	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][18]['tunable'] = "hw.syscons.kbd_reboot";
751			$config['sysctl']['item'][18]['descr'] = "Enables ctrl+alt+delete";
752	908c4eea	sullrich	$config['sysctl']['item'][18]['value'] = "default";
753	2d563280	Renato Botelho
754	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][19]['tunable'] = "kern.ipc.maxsockbuf";
755			$config['sysctl']['item'][19]['descr'] = "Maximum socket buffer size";
756	558dda01	Scott Ullrich	$config['sysctl']['item'][19]['value'] = "default";
757	908c4eea	sullrich
758	791bcfd4	Bill Marquette	}
759			}
760
761
762			function upgrade_041_to_042() {
763			global $config;
764	751533a2	Phil Davis	if (isset($config['shaper'])) {
765	791bcfd4	Bill Marquette	unset($config['shaper']);
766	751533a2	Phil Davis	}
767			if (isset($config['ezshaper'])) {
768	791bcfd4	Bill Marquette	unset($config['ezshaper']);
769	751533a2	Phil Davis	}
770	791bcfd4	Bill Marquette	}
771
772
773			function upgrade_042_to_043() {
774			global $config;
775			/* migrate old interface gateway to the new gateways config */
776	ab0eced7	Ermal	$iflist = get_configured_interface_list(false, true);
777	791bcfd4	Bill Marquette	$gateways = array();
778			$i = 0;
779	751533a2	Phil Davis	foreach ($iflist as $ifname => $interface) {
780	4de8f7ba	Phil Davis	if (!interface_has_gateway($ifname)) {
781	fc85edaf	Seth Mos	continue;
782			}
783	b314ab72	Ermal	$config['gateways']['gateway_item'][$i] = array();
784	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['gateway'])) {
785	3240836a	Seth Mos	$config['gateways']['gateway_item'][$i]['gateway'] = $config['interfaces'][$ifname]['gateway'];
786	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Static Gateway"), $ifname);
787	2328dcc5	Seth Mos	} else {
788			$config['gateways']['gateway_item'][$i]['gateway'] = "dynamic";
789	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Dynamic Gateway"), $ifname);
790	2328dcc5	Seth Mos	}
791			$config['gateways']['gateway_item'][$i]['interface'] = $ifname;
792			$config['gateways']['gateway_item'][$i]['name'] = "GW_" . strtoupper($ifname);
793			/* add default gateway bit for wan on upgrade */
794	751533a2	Phil Davis	if ($ifname == "wan") {
795	2d563280	Renato Botelho	$config['gateways']['gateway_item'][$i]['defaultgw'] = true;
796	2328dcc5	Seth Mos	}
797	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['use_rrd_gateway'])) {
798	2328dcc5	Seth Mos	$config['gateways']['gateway_item'][$i]['monitor'] = $config['interfaces'][$ifname]['use_rrd_gateway'];
799			unset($config['interfaces'][$ifname]['use_rrd_gateway']);
800			}
801			$config['interfaces'][$ifname]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
802	3240836a	Seth Mos
803	2328dcc5	Seth Mos	/* Update all filter rules which might reference this gateway */
804			$j = 0;
805	751533a2	Phil Davis	foreach ($config['filter']['rule'] as $rule) {
806			if (is_ipaddr($rule['gateway'])) {
807			if ($rule['gateway'] == $config['gateways']['gateway_item'][$i]['gateway']) {
808	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
809	751533a2	Phil Davis	} else if ($rule['gateway'] == $ifname) {
810	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
811	751533a2	Phil Davis	}
812	3240836a	Seth Mos	}
813	2328dcc5	Seth Mos	$j++;
814	791bcfd4	Bill Marquette	}
815	c9ba2835	smos
816			/* rename old Quality RRD files in the process */
817			$rrddbpath = "/var/db/rrd";
818			$gwname = "GW_" . strtoupper($ifname);
819	751533a2	Phil Davis	if (is_readable("{$rrddbpath}/{$ifname}-quality.rrd")) {
820	c9ba2835	smos	rename("{$rrddbpath}/{$ifname}-quality.rrd", "{$rrddbpath}/{$gwname}-quality.rrd");
821			}
822	2328dcc5	Seth Mos	$i++;
823	791bcfd4	Bill Marquette	}
824			}
825
826
827			function upgrade_043_to_044() {
828			global $config;
829	a842e988	Ermal
830			/* migrate static routes to the new gateways config */
831			$gateways = return_gateways_array(true);
832	6cae2c44	Ermal	$i = 0;
833	a842e988	Ermal	if (is_array($config['staticroutes']['route'])) {
834	323f3f9c	smos	$gwmap = array();
835	a842e988	Ermal	foreach ($config['staticroutes']['route'] as $idx => $sroute) {
836			$found = false;
837			foreach ($gateways as $gwname => $gw) {
838			if ($gw['gateway'] == $sroute['gateway']) {
839			$config['staticroutes']['route'][$idx]['gateway'] = $gwname;
840			$found = true;
841			break;
842			}
843			}
844	751533a2	Phil Davis	if ($gwmap[$sroute['gateway']]) {
845	323f3f9c	smos	/* We already added a gateway name for this IP */
846			$config['staticroutes']['route'][$idx]['gateway'] = "{$gwmap[$sroute['gateway']]}";
847			$found = true;
848	2d563280	Renato Botelho	}
849
850	a842e988	Ermal	if ($found == false) {
851			$gateway = array();
852	323f3f9c	smos	$gateway['name'] = "SROUTE{$i}";
853			$gwmap[$sroute['gateway']] = $gateway['name'];
854	a842e988	Ermal	$gateway['gateway'] = $sroute['gateway'];
855			$gateway['interface'] = $sroute['interface'];
856	4d511e5b	Renato Botelho	$gateway['descr'] = sprintf(gettext("Upgraded static route for %s"), $sroute['network']);
857	751533a2	Phil Davis	if (!is_array($config['gateways']['gateway_item'])) {
858	a842e988	Ermal	$config['gateways']['gateway_item'] = array();
859	751533a2	Phil Davis	}
860	a842e988	Ermal	$config['gateways']['gateway_item'][] = $gateway;
861			$config['staticroutes']['route'][$idx]['gateway'] = $gateway['name'];
862	6cae2c44	Ermal	$i++;
863	a842e988	Ermal	}
864			}
865			}
866	791bcfd4	Bill Marquette	}
867
868
869			function upgrade_044_to_045() {
870			global $config;
871	da74e673	Seth Mos	$iflist = get_configured_interface_list(false, true);
872	791bcfd4	Bill Marquette	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
873	3d039701	smos	$i = 0;
874	da74e673	Seth Mos	foreach ($config['vlans']['vlan'] as $id => $vlan) {
875			/* Make sure to update the interfaces section with the right name */
876	62958eae	smos	$vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}";
877	751533a2	Phil Davis	foreach ($iflist as $ifname) {
878			if ($config['interfaces'][$ifname]['if'] == "vlan{$i}") {
879	62958eae	smos	$config['interfaces'][$ifname]['if'] = $vlan_name;
880			continue;
881	da74e673	Seth Mos	}
882			}
883	62958eae	smos	$config['vlans']['vlan'][$i]['vlanif'] = "{$vlan_name}";
884	2d563280	Renato Botelho	$i++;
885	da74e673	Seth Mos	}
886	791bcfd4	Bill Marquette	}
887			}
888
889
890			function upgrade_045_to_046() {
891			global $config;
892	2d563280	Renato Botelho	/* Load up monitors that are in the default config for 2.0 but not in 1.2.3
893	506514e7	jim-p	thus wouldn't be in an upgraded config. */
894			$config['load_balancer']['monitor_type'] = array (
895	751533a2	Phil Davis	array ('name' => 'ICMP',
896	506514e7	jim-p	'type' => 'icmp',
897			'descr' => 'ICMP',
898			'options' => '',
899			),
900	751533a2	Phil Davis	array ('name' => 'TCP',
901	506514e7	jim-p	'type' => 'tcp',
902			'descr' => 'Generic TCP',
903			'options' => '',
904			),
905	751533a2	Phil Davis	array ('name' => 'HTTP',
906	506514e7	jim-p	'type' => 'http',
907			'descr' => 'Generic HTTP',
908			'options' =>
909	751533a2	Phil Davis	array ('path' => '/',
910	506514e7	jim-p	'host' => '',
911			'code' => '200',
912			),
913			),
914	751533a2	Phil Davis	array ('name' => 'HTTPS',
915	506514e7	jim-p	'type' => 'https',
916			'descr' => 'Generic HTTPS',
917			'options' =>
918	751533a2	Phil Davis	array ('path' => '/',
919	506514e7	jim-p	'host' => '',
920			'code' => '200',
921			),
922			),
923	751533a2	Phil Davis	array ('name' => 'SMTP',
924	506514e7	jim-p	'type' => 'send',
925			'descr' => 'Generic SMTP',
926			'options' =>
927	751533a2	Phil Davis	array ('send' => '',
928	520d4137	jim-p	'expect' => '220 *',
929	506514e7	jim-p	),
930			),
931			);
932	791bcfd4	Bill Marquette	/* Upgrade load balancer from slb to relayd */
933			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
934			$vs_a = &$config['load_balancer']['virtual_server'];
935			$pool_a = &$config['load_balancer']['lbpool'];
936			$pools = array();
937	25753b5b	sullrich	/* Index pools by name */
938	751533a2	Phil Davis	if (is_array($pool_a)) {
939	791bcfd4	Bill Marquette	for ($i = 0; isset($pool_a[$i]); $i++) {
940	751533a2	Phil Davis	if ($pool_a[$i]['type'] == "server") {
941	791bcfd4	Bill Marquette	$pools[$pool_a[$i]['name']] = $pool_a[$i];
942			}
943			}
944			}
945			/* Convert sitedown entries to pools and re-attach */
946			for ($i = 0; isset($vs_a[$i]); $i++) {
947	d30afa60	jim-p	/* Set mode while we're here. */
948			$vs_a[$i]['mode'] = "redirect_mode";
949	791bcfd4	Bill Marquette	if (isset($vs_a[$i]['sitedown'])) {
950			$pool = array();
951			$pool['type'] = 'server';
952			$pool['behaviour'] = 'balance';
953			$pool['name'] = "{$vs_a[$i]['name']}-sitedown";
954	4816e5ca	Renato Botelho	$pool['descr'] = sprintf(gettext("Sitedown pool for VS: %s"), $vs_a[$i]['name']);
955	751533a2	Phil Davis	if (is_array($vs_a[$i]['pool'])) {
956	6e9b046e	jim-p	$vs_a[$i]['pool'] = $vs_a[$i]['pool'][0];
957	751533a2	Phil Davis	}
958	791bcfd4	Bill Marquette	$pool['port'] = $pools[$vs_a[$i]['pool']]['port'];
959			$pool['servers'] = array();
960			$pool['servers'][] = $vs_a[$i]['sitedown'];
961			$pool['monitor'] = $pools[$vs_a[$i]['pool']]['monitor'];
962			$pool_a[] = $pool;
963			$vs_a[$i]['sitedown'] = $pool['name'];
964			}
965			}
966			}
967	751533a2	Phil Davis	if (count($config['load_balancer']) == 0) {
968	0b5b4f32	Seth Mos	unset($config['load_balancer']);
969			}
970	a09d8bfc	jim-p	mwexec('/usr/sbin/pw groupadd -n _relayd -g 913');
971			mwexec('/usr/sbin/pw useradd -n _relayd -c "Relay Daemon" -d /var/empty -s /usr/sbin/nologin -u 913 -g 913');
972	791bcfd4	Bill Marquette	}
973
974
975			function upgrade_046_to_047() {
976			global $config;
977			/* Upgrade IPsec from tunnel to phase1/phase2 */
978
979	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
980	791bcfd4	Bill Marquette
981			$a_phase1 = array();
982			$a_phase2 = array();
983			$ikeid = 0;
984
985			foreach ($config['ipsec']['tunnel'] as $tunnel) {
986
987			unset($ph1ent);
988			unset($ph2ent);
989
990			/*
991			* attempt to locate an enabled phase1
992			* entry that matches the peer gateway
993			*/
994
995			if (!isset($tunnel['disabled'])) {
996
997			$remote_gateway = $tunnel['remote-gateway'];
998
999			foreach ($a_phase1 as $ph1tmp) {
1000			if ($ph1tmp['remote-gateway'] == $remote_gateway) {
1001			$ph1ent = $ph1tmp;
1002			break;
1003			}
1004			}
1005			}
1006
1007			/* none found, create a new one */
1008
1009	751533a2	Phil Davis	if (!isset($ph1ent)) {
1010	791bcfd4	Bill Marquette
1011			/* build new phase1 entry */
1012
1013			$ph1ent = array();
1014
1015			$ph1ent['ikeid'] = ++$ikeid;
1016
1017	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
1018	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
1019	751533a2	Phil Davis	}
1020	791bcfd4	Bill Marquette
1021	443f2e6e	smos	/* convert to the new vip[$vhid] name */
1022	751533a2	Phil Davis	if (preg_match("/^carp/", $tunnel['interface'])) {
1023	bc75a430	smos	$carpid = str_replace("carp", "", $tunnel['interface']);
1024	4aa58d46	smos	$tunnel['interface'] = "vip" . $config['virtualip']['vip'][$carpid]['vhid'];
1025	443f2e6e	smos	}
1026	791bcfd4	Bill Marquette	$ph1ent['interface'] = $tunnel['interface'];
1027			$ph1ent['remote-gateway'] = $tunnel['remote-gateway'];
1028			$ph1ent['descr'] = $tunnel['descr'];
1029
1030			$ph1ent['mode'] = $tunnel['p1']['mode'];
1031
1032	751533a2	Phil Davis	if (isset($tunnel['p1']['myident']['myaddress'])) {
1033	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "myaddress";
1034	751533a2	Phil Davis	}
1035	791bcfd4	Bill Marquette	if (isset($tunnel['p1']['myident']['address'])) {
1036			$ph1ent['myid_type'] = "address";
1037			$ph1ent['myid_data'] = $tunnel['p1']['myident']['address'];
1038			}
1039			if (isset($tunnel['p1']['myident']['fqdn'])) {
1040			$ph1ent['myid_type'] = "fqdn";
1041			$ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn'];
1042			}
1043	dfa11031	jim-p	if (isset($tunnel['p1']['myident']['ufqdn'])) {
1044	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "user_fqdn";
1045	dfa11031	jim-p	$ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn'];
1046	791bcfd4	Bill Marquette	}
1047			if (isset($tunnel['p1']['myident']['asn1dn'])) {
1048			$ph1ent['myid_type'] = "asn1dn";
1049			$ph1ent['myid_data'] = $tunnel['p1']['myident']['asn1dn'];
1050			}
1051			if (isset($tunnel['p1']['myident']['dyn_dns'])) {
1052			$ph1ent['myid_type'] = "dyn_dns";
1053			$ph1ent['myid_data'] = $tunnel['p1']['myident']['dyn_dns'];
1054			}
1055
1056			$ph1ent['peerid_type'] = "peeraddress";
1057
1058			switch ($tunnel['p1']['encryption-algorithm']) {
1059			case "des":
1060	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1061			break;
1062	791bcfd4	Bill Marquette	case "3des":
1063	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1064			break;
1065	791bcfd4	Bill Marquette	case "blowfish":
1066	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1067			break;
1068	791bcfd4	Bill Marquette	case "cast128":
1069	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1070			break;
1071	791bcfd4	Bill Marquette	case "rijndael":
1072	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1073			break;
1074	791bcfd4	Bill Marquette	case "rijndael 256":
1075	a5187d43	jim-p	case "aes 256":
1076	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1077			break;
1078	791bcfd4	Bill Marquette	}
1079
1080			$ph1ent['encryption-algorithm'] = $ph1alg;
1081			$ph1ent['hash-algorithm'] = $tunnel['p1']['hash-algorithm'];
1082			$ph1ent['dhgroup'] = $tunnel['p1']['dhgroup'];
1083			$ph1ent['lifetime'] = $tunnel['p1']['lifetime'];
1084			$ph1ent['authentication_method'] = $tunnel['p1']['authentication_method'];
1085
1086	751533a2	Phil Davis	if (isset($tunnel['p1']['pre-shared-key'])) {
1087	791bcfd4	Bill Marquette	$ph1ent['pre-shared-key'] = $tunnel['p1']['pre-shared-key'];
1088	751533a2	Phil Davis	}
1089			if (isset($tunnel['p1']['cert'])) {
1090	791bcfd4	Bill Marquette	$ph1ent['cert'] = $tunnel['p1']['cert'];
1091	751533a2	Phil Davis	}
1092			if (isset($tunnel['p1']['peercert'])) {
1093	791bcfd4	Bill Marquette	$ph1ent['peercert'] = $tunnel['p1']['peercert'];
1094	751533a2	Phil Davis	}
1095			if (isset($tunnel['p1']['private-key'])) {
1096	791bcfd4	Bill Marquette	$ph1ent['private-key'] = $tunnel['p1']['private-key'];
1097	751533a2	Phil Davis	}
1098	791bcfd4	Bill Marquette
1099			$ph1ent['nat_traversal'] = "on";
1100			$ph1ent['dpd_enable'] = 1;
1101			$ph1ent['dpd_delay'] = 10;
1102			$ph1ent['dpd_maxfail'] = 5;
1103
1104			$a_phase1[] = $ph1ent;
1105			}
1106
1107			/* build new phase2 entry */
1108
1109			$ph2ent = array();
1110
1111			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1112
1113	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
1114	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
1115	751533a2	Phil Davis	}
1116	791bcfd4	Bill Marquette
1117	4d511e5b	Renato Botelho	$ph2ent['descr'] = sprintf(gettext("phase2 for %s"), $tunnel['descr']);
1118	791bcfd4	Bill Marquette
1119			$type = "lan";
1120	751533a2	Phil Davis	if ($tunnel['local-subnet']['network']) {
1121	791bcfd4	Bill Marquette	$type = $tunnel['local-subnet']['network'];
1122	751533a2	Phil Davis	}
1123	791bcfd4	Bill Marquette	if ($tunnel['local-subnet']['address']) {
1124	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['local-subnet']['address']);
1125	751533a2	Phil Davis	if (is_null($netbits)) {
1126	791bcfd4	Bill Marquette	$type = "address";
1127	751533a2	Phil Davis	} else {
1128	791bcfd4	Bill Marquette	$type = "network";
1129	751533a2	Phil Davis	}
1130	791bcfd4	Bill Marquette	}
1131
1132			switch ($type) {
1133			case "address":
1134	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address);
1135	751533a2	Phil Davis	break;
1136	791bcfd4	Bill Marquette	case "network":
1137	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address, 'netbits' => $netbits);
1138	751533a2	Phil Davis	break;
1139	791bcfd4	Bill Marquette	default:
1140	751533a2	Phil Davis	$ph2ent['localid'] = array('type' => $type);
1141			break;
1142	791bcfd4	Bill Marquette	}
1143
1144	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['remote-subnet']);
1145			$ph2ent['remoteid'] = array('type' => 'network', 'address' => $address, 'netbits' => $netbits);
1146	791bcfd4	Bill Marquette
1147			$ph2ent['protocol'] = $tunnel['p2']['protocol'];
1148
1149			$aes_count = 0;
1150	751533a2	Phil Davis	foreach ($tunnel['p2']['encryption-algorithm-option'] as $tunalg) {
1151	791bcfd4	Bill Marquette	$aes_found = false;
1152			switch ($tunalg) {
1153			case "des":
1154	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1155			break;
1156	791bcfd4	Bill Marquette	case "3des":
1157	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1158			break;
1159	791bcfd4	Bill Marquette	case "blowfish":
1160	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1161			break;
1162	791bcfd4	Bill Marquette	case "cast128":
1163	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1164			break;
1165	791bcfd4	Bill Marquette	case "rijndael":
1166			case "rijndael 256":
1167	a5187d43	jim-p	case "aes 256":
1168	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1169			$aes_found = true;
1170			$aes_count++;
1171			break;
1172	791bcfd4	Bill Marquette	}
1173
1174	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1175	791bcfd4	Bill Marquette	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1176	751533a2	Phil Davis	}
1177	791bcfd4	Bill Marquette	}
1178
1179			$ph2ent['hash-algorithm-option'] = $tunnel['p2']['hash-algorithm-option'];
1180			$ph2ent['pfsgroup'] = $tunnel['p2']['pfsgroup'];
1181			$ph2ent['lifetime'] = $tunnel['p2']['lifetime'];
1182
1183	751533a2	Phil Davis	if (isset($tunnel['pinghost']['pinghost'])) {
1184	87e07f52	mgrooms	$ph2ent['pinghost'] = $tunnel['pinghost'];
1185	751533a2	Phil Davis	}
1186	87e07f52	mgrooms
1187	791bcfd4	Bill Marquette	$a_phase2[] = $ph2ent;
1188			}
1189
1190			unset($config['ipsec']['tunnel']);
1191			$config['ipsec']['phase1'] = $a_phase1;
1192			$config['ipsec']['phase2'] = $a_phase2;
1193			}
1194	49bb5c07	jim-p
1195			/* Upgrade Mobile IPsec */
1196	751533a2	Phil Davis	if (isset($config['ipsec']['mobileclients']) &&
1197			is_array($config['ipsec']['mobileclients']) &&
1198			is_array($config['ipsec']['mobileclients']['p1']) &&
1199			is_array($config['ipsec']['mobileclients']['p2'])) {
1200	49bb5c07	jim-p
1201			if (isset($config['ipsec']['mobileclients']['enable'])) {
1202			$config['ipsec']['client']['enable'] = true;
1203			$config['ipsec']['client']['user_source'] = 'system';
1204			$config['ipsec']['client']['group_source'] = 'system';
1205			}
1206
1207			$mobilecfg = $config['ipsec']['mobileclients'];
1208
1209			$ph1ent = array();
1210			$ph1ent['ikeid'] = ++$ikeid;
1211
1212	751533a2	Phil Davis	if (!isset($mobilecfg['enable'])) {
1213	49bb5c07	jim-p	$ph1ent['disabled'] = true;
1214	751533a2	Phil Davis	}
1215	49bb5c07	jim-p
1216			/* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */
1217			$ph1ent['interface'] = 'wan';
1218			$ph1ent['descr'] = "Mobile Clients (upgraded)";
1219			$ph1ent['mode'] = $mobilecfg['p1']['mode'];
1220
1221	751533a2	Phil Davis	if (isset($mobilecfg['p1']['myident']['myaddress'])) {
1222	49bb5c07	jim-p	$ph1ent['myid_type'] = "myaddress";
1223	751533a2	Phil Davis	}
1224	49bb5c07	jim-p	if (isset($mobilecfg['p1']['myident']['address'])) {
1225			$ph1ent['myid_type'] = "address";
1226			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address'];
1227			}
1228			if (isset($mobilecfg['p1']['myident']['fqdn'])) {
1229			$ph1ent['myid_type'] = "fqdn";
1230			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn'];
1231			}
1232			if (isset($mobilecfg['p1']['myident']['ufqdn'])) {
1233			$ph1ent['myid_type'] = "user_fqdn";
1234			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn'];
1235			}
1236			if (isset($mobilecfg['p1']['myident']['asn1dn'])) {
1237			$ph1ent['myid_type'] = "asn1dn";
1238			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn'];
1239			}
1240			if (isset($mobilecfg['p1']['myident']['dyn_dns'])) {
1241			$ph1ent['myid_type'] = "dyn_dns";
1242			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns'];
1243			}
1244			$ph1ent['peerid_type'] = "fqdn";
1245			$ph1ent['peerid_data'] = "";
1246
1247			switch ($mobilecfg['p1']['encryption-algorithm']) {
1248			case "des":
1249	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1250			break;
1251	49bb5c07	jim-p	case "3des":
1252	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1253			break;
1254	49bb5c07	jim-p	case "blowfish":
1255	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1256			break;
1257	49bb5c07	jim-p	case "cast128":
1258	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1259			break;
1260	49bb5c07	jim-p	case "rijndael":
1261	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1262			break;
1263	49bb5c07	jim-p	case "rijndael 256":
1264	a5187d43	jim-p	case "aes 256":
1265	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1266			break;
1267	49bb5c07	jim-p	}
1268
1269			$ph1ent['encryption-algorithm'] = $ph1alg;
1270			$ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm'];
1271			$ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup'];
1272			$ph1ent['lifetime'] = $mobilecfg['p1']['lifetime'];
1273			$ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method'];
1274
1275	751533a2	Phil Davis	if (isset($mobilecfg['p1']['cert'])) {
1276	49bb5c07	jim-p	$ph1ent['cert'] = $mobilecfg['p1']['cert'];
1277	751533a2	Phil Davis	}
1278			if (isset($mobilecfg['p1']['peercert'])) {
1279	49bb5c07	jim-p	$ph1ent['peercert'] = $mobilecfg['p1']['peercert'];
1280	751533a2	Phil Davis	}
1281			if (isset($mobilecfg['p1']['private-key'])) {
1282	49bb5c07	jim-p	$ph1ent['private-key'] = $mobilecfg['p1']['private-key'];
1283	751533a2	Phil Davis	}
1284	49bb5c07	jim-p
1285			$ph1ent['nat_traversal'] = "on";
1286			$ph1ent['dpd_enable'] = 1;
1287			$ph1ent['dpd_delay'] = 10;
1288			$ph1ent['dpd_maxfail'] = 5;
1289			$ph1ent['mobile'] = true;
1290
1291			$ph2ent = array();
1292			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1293			$ph2ent['descr'] = "phase2 for ".$mobilecfg['descr'];
1294			$ph2ent['localid'] = array('type' => 'none');
1295			$ph2ent['remoteid'] = array('type' => 'mobile');
1296			$ph2ent['protocol'] = $mobilecfg['p2']['protocol'];
1297
1298			$aes_count = 0;
1299	751533a2	Phil Davis	foreach ($mobilecfg['p2']['encryption-algorithm-option'] as $tunalg) {
1300	49bb5c07	jim-p	$aes_found = false;
1301			switch ($tunalg) {
1302			case "des":
1303	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1304			break;
1305	49bb5c07	jim-p	case "3des":
1306	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1307			break;
1308	49bb5c07	jim-p	case "blowfish":
1309	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1310			break;
1311	49bb5c07	jim-p	case "cast128":
1312	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1313			break;
1314	49bb5c07	jim-p	case "rijndael":
1315			case "rijndael 256":
1316	a5187d43	jim-p	case "aes 256":
1317	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1318			$aes_found = true;
1319			$aes_count++;
1320			break;
1321	49bb5c07	jim-p	}
1322
1323	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1324	49bb5c07	jim-p	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1325	751533a2	Phil Davis	}
1326	49bb5c07	jim-p	}
1327			$ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option'];
1328			$ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup'];
1329			$ph2ent['lifetime'] = $mobilecfg['p2']['lifetime'];
1330			$ph2ent['mobile'] = true;
1331
1332			$config['ipsec']['phase1'][] = $ph1ent;
1333			$config['ipsec']['phase2'][] = $ph2ent;
1334			unset($config['ipsec']['mobileclients']);
1335			}
1336	791bcfd4	Bill Marquette	}
1337
1338
1339			function upgrade_047_to_048() {
1340			global $config;
1341	e31c90fc	Ermal	if (!empty($config['dyndns'])) {
1342			$config['dyndnses'] = array();
1343			$config['dyndnses']['dyndns'] = array();
1344	751533a2	Phil Davis	if (isset($config['dyndns'][0]['host'])) {
1345	246aceaa	smos	$tempdyn = array();
1346			$tempdyn['enable'] = isset($config['dyndns'][0]['enable']);
1347			$tempdyn['type'] = $config['dyndns'][0]['type'];
1348			$tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']);
1349	7d62c4c8	Ermal	$tempdyn['username'] = $config['dyndns'][0]['username'];
1350			$tempdyn['password'] = $config['dyndns'][0]['password'];
1351	246aceaa	smos	$tempdyn['host'] = $config['dyndns'][0]['host'];
1352	2d563280	Renato Botelho	$tempdyn['mx'] = $config['dyndns'][0]['mx'];
1353	246aceaa	smos	$tempdyn['interface'] = "wan";
1354	4d511e5b	Renato Botelho	$tempdyn['descr'] = sprintf(gettext("Upgraded Dyndns %s"), $tempdyn['type']);
1355	246aceaa	smos	$config['dyndnses']['dyndns'][] = $tempdyn;
1356			}
1357	791bcfd4	Bill Marquette	unset($config['dyndns']);
1358	2d563280	Renato Botelho	}
1359	e31c90fc	Ermal	if (!empty($config['dnsupdate'])) {
1360	2b1b78e6	jim-p	$pconfig = $config['dnsupdate'][0];
1361	751533a2	Phil Davis	if (!$pconfig['ttl']) {
1362	2b1b78e6	jim-p	$pconfig['ttl'] = 60;
1363	751533a2	Phil Davis	}
1364			if (!$pconfig['keytype']) {
1365	2b1b78e6	jim-p	$pconfig['keytype'] = "zone";
1366	751533a2	Phil Davis	}
1367	e31c90fc	Ermal	$pconfig['interface'] = "wan";
1368	791bcfd4	Bill Marquette	$config['dnsupdates']['dnsupdate'][] = $pconfig;
1369			unset($config['dnsupdate']);
1370			}
1371
1372	1f0c76cf	jim-p	if (is_array($config['pppoe']) && is_array($config['pppoe'][0])) {
1373	791bcfd4	Bill Marquette	$pconfig = array();
1374	1f0c76cf	jim-p	$pconfig['username'] = $config['pppoe'][0]['username'];
1375			$pconfig['password'] = $config['pppoe'][0]['password'];
1376			$pconfig['provider'] = $config['pppoe'][0]['provider'];
1377			$pconfig['ondemand'] = isset($config['pppoe'][0]['ondemand']);
1378			$pconfig['timeout'] = $config['pppoe'][0]['timeout'];
1379	791bcfd4	Bill Marquette	unset($config['pppoe']);
1380			$config['interfaces']['wan']['pppoe_username'] = $pconfig['username'];
1381			$config['interfaces']['wan']['pppoe_password'] = $pconfig['password'];
1382			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1383			$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1384			$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1385			}
1386			if (is_array($config['pptp'])) {
1387			$pconfig = array();
1388			$pconfig['username'] = $config['pptp']['username'];
1389			$pconfig['password'] = $config['pptp']['password'];
1390			$pconfig['provider'] = $config['pptp']['provider'];
1391			$pconfig['ondemand'] = isset($config['pptp']['ondemand']);
1392			$pconfig['timeout'] = $config['pptp']['timeout'];
1393			unset($config['pptp']);
1394			$config['interfaces']['wan']['pptp_username'] = $pconfig['username'];
1395			$config['interfaces']['wan']['pptp_password'] = $pconfig['password'];
1396			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1397	751533a2	Phil Davis	$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1398	791bcfd4	Bill Marquette	$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1399			}
1400			}
1401
1402
1403			function upgrade_048_to_049() {
1404			global $config;
1405			/* setup new all users group */
1406			$all = array();
1407			$all['name'] = "all";
1408	4d511e5b	Renato Botelho	$all['description'] = gettext("All Users");
1409	791bcfd4	Bill Marquette	$all['scope'] = "system";
1410			$all['gid'] = 1998;
1411			$all['member'] = array();
1412
1413	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1414	84924e76	Ermal	$config['system']['user'] = array();
1415	751533a2	Phil Davis	}
1416			if (!is_array($config['system']['group'])) {
1417	791bcfd4	Bill Marquette	$config['system']['group'] = array();
1418	751533a2	Phil Davis	}
1419	791bcfd4	Bill Marquette
1420			/* work around broken uid assignments */
1421			$config['system']['nextuid'] = 2000;
1422			foreach ($config['system']['user'] as & $user) {
1423	751533a2	Phil Davis	if (isset($user['uid']) && !$user['uid']) {
1424	791bcfd4	Bill Marquette	continue;
1425	751533a2	Phil Davis	}
1426	791bcfd4	Bill Marquette	$user['uid'] = $config['system']['nextuid']++;
1427			}
1428
1429			/* work around broken gid assignments */
1430			$config['system']['nextgid'] = 2000;
1431			foreach ($config['system']['group'] as & $group) {
1432	751533a2	Phil Davis	if ($group['name'] == $g['admin_group']) {
1433	791bcfd4	Bill Marquette	$group['gid'] = 1999;
1434	751533a2	Phil Davis	} else {
1435	791bcfd4	Bill Marquette	$group['gid'] = $config['system']['nextgid']++;
1436	751533a2	Phil Davis	}
1437	791bcfd4	Bill Marquette	}
1438
1439			/* build group membership information */
1440			foreach ($config['system']['group'] as & $group) {
1441			$group['member'] = array();
1442			foreach ($config['system']['user'] as & $user) {
1443			$groupnames = explode(",", $user['groupname']);
1444	4de8f7ba	Phil Davis	if (in_array($group['name'], $groupnames)) {
1445	791bcfd4	Bill Marquette	$group['member'][] = $user['uid'];
1446	751533a2	Phil Davis	}
1447	791bcfd4	Bill Marquette	}
1448			}
1449
1450			/* reset user group information */
1451			foreach ($config['system']['user'] as & $user) {
1452			unset($user['groupname']);
1453			$all['member'][] = $user['uid'];
1454			}
1455
1456			/* reset group scope information */
1457	751533a2	Phil Davis	foreach ($config['system']['group'] as & $group) {
1458			if ($group['name'] != $g['admin_group']) {
1459			$group['scope'] = "user";
1460			}
1461			}
1462	791bcfd4	Bill Marquette
1463			/* insert new all group */
1464			$groups = Array();
1465			$groups[] = $all;
1466	4de8f7ba	Phil Davis	$groups = array_merge($config['system']['group'], $groups);
1467	791bcfd4	Bill Marquette	$config['system']['group'] = $groups;
1468			}
1469
1470
1471			function upgrade_049_to_050() {
1472			global $config;
1473	84924e76	Ermal
1474	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1475	84924e76	Ermal	$config['system']['user'] = array();
1476	751533a2	Phil Davis	}
1477	791bcfd4	Bill Marquette	/* update user privileges */
1478			foreach ($config['system']['user'] as & $user) {
1479			$privs = array();
1480			if (!is_array($user['priv'])) {
1481			unset($user['priv']);
1482			continue;
1483			}
1484			foreach ($user['priv'] as $priv) {
1485	751533a2	Phil Davis	switch ($priv['id']) {
1486	791bcfd4	Bill Marquette	case "hasshell":
1487	751533a2	Phil Davis	$privs[] = "user-shell-access";
1488			break;
1489	791bcfd4	Bill Marquette	case "copyfiles":
1490	751533a2	Phil Davis	$privs[] = "user-copy-files";
1491			break;
1492	791bcfd4	Bill Marquette	}
1493			}
1494			$user['priv'] = $privs;
1495			}
1496
1497			/* update group privileges */
1498			foreach ($config['system']['group'] as & $group) {
1499			$privs = array();
1500			if (!is_array($group['pages'])) {
1501			unset($group['pages']);
1502			continue;
1503			}
1504			foreach ($group['pages'] as $page) {
1505			$priv = map_page_privname($page);
1506	751533a2	Phil Davis	if ($priv) {
1507	791bcfd4	Bill Marquette	$privs[] = $priv;
1508	751533a2	Phil Davis	}
1509	791bcfd4	Bill Marquette	}
1510			unset($group['pages']);
1511			$group['priv'] = $privs;
1512			}
1513
1514			/* sync all local account information */
1515			local_sync_accounts();
1516			}
1517
1518
1519			function upgrade_050_to_051() {
1520			global $config;
1521			$pconfig = array();
1522	15864861	jim-p	$pconfig['descr'] = "Set to 0 to disable filtering on the incoming and outgoing member interfaces.";
1523	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_member";
1524			$pconfig['value'] = "1";
1525			$config['sysctl']['item'][] = $pconfig;
1526			$pconfig = array();
1527	15864861	jim-p	$pconfig['descr'] = "Set to 1 to enable filtering on the bridge interface";
1528	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_bridge";
1529			$pconfig['value'] = "0";
1530			$config['sysctl']['item'][] = $pconfig;
1531
1532	fa6e5ba5	Phil Davis	if (isset($config['bridge'])) {
1533			unset($config['bridge']);
1534			}
1535	791bcfd4	Bill Marquette
1536			$convert_bridges = false;
1537	751533a2	Phil Davis	foreach ($config['interfaces'] as $intf) {
1538	791bcfd4	Bill Marquette	if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1539			$config['bridges'] = array();
1540			$config['bridges']['bridged'] = array();
1541			$convert_bridges = true;
1542			break;
1543			}
1544			}
1545			if ($convert_bridges == true) {
1546			$i = 0;
1547			foreach ($config['interfaces'] as $ifr => &$intf) {
1548			if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1549			$nbridge = array();
1550			$nbridge['members'] = "{$ifr},{$intf['bridge']}";
1551	4d511e5b	Renato Botelho	$nbridge['descr'] = sprintf(gettext("Converted bridged %s"), $ifr);
1552	791bcfd4	Bill Marquette	$nbridge['bridgeif'] = "bridge{$i}";
1553			$config['bridges']['bridged'][] = $nbridge;
1554			unset($intf['bridge']);
1555			$i++;
1556			}
1557			}
1558			}
1559			}
1560
1561
1562			function upgrade_051_to_052() {
1563			global $config;
1564			$config['openvpn'] = array();
1565	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1566	9ad72e5e	jim-p	$config['ca'] = array();
1567	751533a2	Phil Davis	}
1568			if (!is_array($config['cert'])) {
1569	9ad72e5e	jim-p	$config['cert'] = array();
1570	751533a2	Phil Davis	}
1571	791bcfd4	Bill Marquette
1572			$vpnid = 1;
1573
1574			/* openvpn server configurations */
1575			if (is_array($config['installedpackages']['openvpnserver'])) {
1576			$config['openvpn']['openvpn-server'] = array();
1577
1578			$index = 1;
1579	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnserver']['config'] as $server) {
1580	791bcfd4	Bill Marquette
1581	751533a2	Phil Davis	if (!is_array($server)) {
1582	791bcfd4	Bill Marquette	continue;
1583	751533a2	Phil Davis	}
1584	791bcfd4	Bill Marquette
1585			if ($server['auth_method'] == "pki") {
1586
1587			/* create ca entry */
1588			$ca = array();
1589			$ca['refid'] = uniqid();
1590	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Server CA #{$index}";
1591	791bcfd4	Bill Marquette	$ca['crt'] = $server['ca_cert'];
1592	9ad72e5e	jim-p	$config['ca'][] = $ca;
1593	791bcfd4	Bill Marquette
1594			/* create ca reference */
1595			unset($server['ca_cert']);
1596			$server['caref'] = $ca['refid'];
1597
1598	47319bfb	jim-p	/* create a crl entry if needed */
1599	ab75b4ee	jim-p	if (!empty($server['crl'][0])) {
1600	47319bfb	jim-p	$crl = array();
1601			$crl['refid'] = uniqid();
1602			$crl['descr'] = "Imported OpenVPN CRL #{$index}";
1603			$crl['caref'] = $ca['refid'];
1604	ab75b4ee	jim-p	$crl['text'] = $server['crl'][0];
1605	751533a2	Phil Davis	if (!is_array($config['crl'])) {
1606	90e64fad	Warren Baker	$config['crl'] = array();
1607	751533a2	Phil Davis	}
1608	fc3e88f1	jim-p	$config['crl'][] = $crl;
1609	47319bfb	jim-p	$server['crlref'] = $crl['refid'];
1610			}
1611			unset($server['crl']);
1612
1613	791bcfd4	Bill Marquette	/* create cert entry */
1614			$cert = array();
1615			$cert['refid'] = uniqid();
1616	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Server Certificate #{$index}";
1617	791bcfd4	Bill Marquette	$cert['crt'] = $server['server_cert'];
1618			$cert['prv'] = $server['server_key'];
1619	9ad72e5e	jim-p	$config['cert'][] = $cert;
1620	791bcfd4	Bill Marquette
1621			/* create cert reference */
1622			unset($server['server_cert']);
1623			unset($server['server_key']);
1624			$server['certref'] = $cert['refid'];
1625
1626			$index++;
1627			}
1628
1629			/* determine operational mode */
1630			if ($server['auth_method'] == 'pki') {
1631	751533a2	Phil Davis	if ($server['nopool']) {
1632	791bcfd4	Bill Marquette	$server['mode'] = "p2p_tls";
1633			} else {
1634			$server['mode'] = "server_tls";
1635			}
1636			} else {
1637			$server['mode'] = "p2p_shared_key";
1638			}
1639			unset($server['auth_method']);
1640
1641			/* modify configuration values */
1642			$server['dh_length'] = 1024;
1643			unset($server['dh_params']);
1644	751533a2	Phil Davis	if (!$server['interface']) {
1645	a15a7738	jim-p	$server['interface'] = 'any';
1646	751533a2	Phil Davis	}
1647	791bcfd4	Bill Marquette	$server['tunnel_network'] = $server['addresspool'];
1648			unset($server['addresspool']);
1649	a843870d	jim-p	if (isset($server['use_lzo']) && ($server['use_lzo'] == "on")) {
1650	8b666514	jim-p	$server['compression'] = "on";
1651	da831323	Ermal Lu?i	unset($server['use_lzo']);
1652			}
1653	751533a2	Phil Davis	if ($server['nopool']) {
1654	791bcfd4	Bill Marquette	$server['pool_enable'] = false;
1655	751533a2	Phil Davis	} else {
1656	791bcfd4	Bill Marquette	$server['pool_enable'] = "yes";
1657	751533a2	Phil Davis	}
1658	791bcfd4	Bill Marquette	unset($server['nopool']);
1659			$server['dns_domain'] = $server['dhcp_domainname'];
1660			unset($server['dhcp_domainname']);
1661	c3ae41e6	jim-p
1662			$tmparr = explode(";", $server['dhcp_dns'], 4);
1663			$d=1;
1664			foreach ($tmparr as $tmpa) {
1665			$server["dns_server{$d}"] = $tmpa;
1666			$d++;
1667			}
1668	791bcfd4	Bill Marquette	unset($server['dhcp_dns']);
1669	c3ae41e6	jim-p
1670			$tmparr = explode(";", $server['dhcp_ntp'], 2);
1671			$d=1;
1672			foreach ($tmparr as $tmpa) {
1673			$server["ntp_server{$d}"] = $tmpa;
1674			$d++;
1675			}
1676	791bcfd4	Bill Marquette	unset($server['dhcp_ntp']);
1677	c3ae41e6	jim-p
1678	751533a2	Phil Davis	if ($server['dhcp_nbtdisable']) {
1679	791bcfd4	Bill Marquette	$server['netbios_enable'] = false;
1680	751533a2	Phil Davis	} else {
1681	791bcfd4	Bill Marquette	$server['netbios_enable'] = "yes";
1682	751533a2	Phil Davis	}
1683	791bcfd4	Bill Marquette	unset($server['dhcp_nbtdisable']);
1684			$server['netbios_ntype'] = $server['dhcp_nbttype'];
1685			unset($server['dhcp_nbttype']);
1686			$server['netbios_scope'] = $server['dhcp_nbtscope'];
1687			unset($server['dhcp_nbtscope']);
1688	c3ae41e6	jim-p
1689			$tmparr = explode(";", $server['dhcp_nbdd'], 2);
1690			$d=1;
1691			foreach ($tmparr as $tmpa) {
1692			$server["nbdd_server{$d}"] = $tmpa;
1693			$d++;
1694			}
1695	791bcfd4	Bill Marquette	unset($server['dhcp_nbdd']);
1696	c3ae41e6	jim-p
1697			$tmparr = explode(";", $server['dhcp_wins'], 2);
1698			$d=1;
1699			foreach ($tmparr as $tmpa) {
1700			$server["wins_server{$d}"] = $tmpa;
1701			$d++;
1702			}
1703	791bcfd4	Bill Marquette	unset($server['dhcp_wins']);
1704
1705	751533a2	Phil Davis	if (!empty($server['disable'])) {
1706	763a1b52	jim-p	$server['disable'] = true;
1707	751533a2	Phil Davis	} else {
1708	763a1b52	jim-p	unset($server['disable']);
1709	751533a2	Phil Davis	}
1710	763a1b52	jim-p
1711	791bcfd4	Bill Marquette	/* allocate vpnid */
1712			$server['vpnid'] = $vpnid++;
1713
1714	4f1ebacb	Ermal	if (!empty($server['custom_options'])) {
1715			$cstmopts = array();
1716			$tmpcstmopts = explode(";", $server['custom_options']);
1717	48e24ada	jim-p	$assigned_if = "";
1718	4f1ebacb	Ermal	$tmpstr = "";
1719			foreach ($tmpcstmopts as $tmpcstmopt) {
1720			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1721	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1722	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1723	4f1ebacb	Ermal	continue;
1724	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1725	9bc27ae5	jim-p	$localip = substr($tmpstr, 5);
1726	8fd0badd	Ermal	$server['ipaddr'] = str_replace("\n", "", $localip);
1727	751533a2	Phil Davis	} else {
1728	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1729	751533a2	Phil Davis	}
1730	4f1ebacb	Ermal	}
1731			$server['custom_options'] = implode(";", $cstmopts);
1732	48e24ada	jim-p	if (!empty($assigned_if)) {
1733	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1734	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1735	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}";
1736			break;
1737			}
1738			}
1739			}
1740			}
1741
1742	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-server'][] = $server;
1743			}
1744			unset($config['installedpackages']['openvpnserver']);
1745			}
1746
1747			/* openvpn client configurations */
1748			if (is_array($config['installedpackages']['openvpnclient'])) {
1749			$config['openvpn']['openvpn-client'] = array();
1750
1751			$index = 1;
1752	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnclient']['config'] as $client) {
1753	791bcfd4	Bill Marquette
1754	751533a2	Phil Davis	if (!is_array($client)) {
1755	791bcfd4	Bill Marquette	continue;
1756	751533a2	Phil Davis	}
1757	791bcfd4	Bill Marquette
1758			if ($client['auth_method'] == "pki") {
1759
1760			/* create ca entry */
1761			$ca = array();
1762			$ca['refid'] = uniqid();
1763	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Client CA #{$index}";
1764	791bcfd4	Bill Marquette	$ca['crt'] = $client['ca_cert'];
1765			$ca['crl'] = $client['crl'];
1766	9ad72e5e	jim-p	$config['ca'][] = $ca;
1767	791bcfd4	Bill Marquette
1768			/* create ca reference */
1769			unset($client['ca_cert']);
1770			unset($client['crl']);
1771			$client['caref'] = $ca['refid'];
1772
1773			/* create cert entry */
1774			$cert = array();
1775			$cert['refid'] = uniqid();
1776	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Client Certificate #{$index}";
1777	791bcfd4	Bill Marquette	$cert['crt'] = $client['client_cert'];
1778			$cert['prv'] = $client['client_key'];
1779	9ad72e5e	jim-p	$config['cert'][] = $cert;
1780	791bcfd4	Bill Marquette
1781			/* create cert reference */
1782			unset($client['client_cert']);
1783			unset($client['client_key']);
1784			$client['certref'] = $cert['refid'];
1785
1786			$index++;
1787			}
1788
1789			/* determine operational mode */
1790	751533a2	Phil Davis	if ($client['auth_method'] == 'pki') {
1791	791bcfd4	Bill Marquette	$client['mode'] = "p2p_tls";
1792	751533a2	Phil Davis	} else {
1793	791bcfd4	Bill Marquette	$client['mode'] = "p2p_shared_key";
1794	751533a2	Phil Davis	}
1795	791bcfd4	Bill Marquette	unset($client['auth_method']);
1796
1797			/* modify configuration values */
1798	751533a2	Phil Davis	if (!$client['interface']) {
1799	791bcfd4	Bill Marquette	$client['interface'] = 'wan';
1800	751533a2	Phil Davis	}
1801	791bcfd4	Bill Marquette	$client['tunnel_network'] = $client['interface_ip'];
1802			unset($client['interface_ip']);
1803			$client['server_addr'] = $client['serveraddr'];
1804			unset($client['serveraddr']);
1805			$client['server_port'] = $client['serverport'];
1806			unset($client['serverport']);
1807			$client['proxy_addr'] = $client['poxy_hostname'];
1808			unset($client['proxy_addr']);
1809	a843870d	jim-p	if (isset($client['use_lzo']) && ($client['use_lzo'] == "on")) {
1810	8b666514	jim-p	$client['compression'] = "on";
1811	da831323	Ermal Lu?i	unset($client['use_lzo']);
1812			}
1813	791bcfd4	Bill Marquette	$client['resolve_retry'] = $client['infiniteresolvretry'];
1814			unset($client['infiniteresolvretry']);
1815
1816			/* allocate vpnid */
1817			$client['vpnid'] = $vpnid++;
1818
1819	4f1ebacb	Ermal	if (!empty($client['custom_options'])) {
1820			$cstmopts = array();
1821			$tmpcstmopts = explode(";", $client['custom_options']);
1822	48e24ada	jim-p	$assigned_if = "";
1823	4f1ebacb	Ermal	$tmpstr = "";
1824			foreach ($tmpcstmopts as $tmpcstmopt) {
1825			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1826	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1827	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1828	4f1ebacb	Ermal	continue;
1829	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1830	2d563280	Renato Botelho	$localip = substr($tmpstr, 5);
1831			$client['ipaddr'] = str_replace("\n", "", $localip);
1832	751533a2	Phil Davis	} else {
1833	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1834	751533a2	Phil Davis	}
1835	4f1ebacb	Ermal	}
1836			$client['custom_options'] = implode(";", $cstmopts);
1837	48e24ada	jim-p	if (!empty($assigned_if)) {
1838	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1839	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1840	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}";
1841			break;
1842			}
1843			}
1844			}
1845			}
1846
1847	751533a2	Phil Davis	if (!empty($client['disable'])) {
1848	763a1b52	jim-p	$client['disable'] = true;
1849	751533a2	Phil Davis	} else {
1850	763a1b52	jim-p	unset($client['disable']);
1851	751533a2	Phil Davis	}
1852	763a1b52	jim-p
1853	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-client'][] = $client;
1854			}
1855
1856			unset($config['installedpackages']['openvpnclient']);
1857			}
1858
1859			/* openvpn client specific configurations */
1860			if (is_array($config['installedpackages']['openvpncsc'])) {
1861			$config['openvpn']['openvpn-csc'] = array();
1862
1863	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpncsc']['config'] as $csc) {
1864	791bcfd4	Bill Marquette
1865	751533a2	Phil Davis	if (!is_array($csc)) {
1866	791bcfd4	Bill Marquette	continue;
1867	751533a2	Phil Davis	}
1868	791bcfd4	Bill Marquette
1869			/* modify configuration values */
1870			$csc['common_name'] = $csc['commonname'];
1871			unset($csc['commonname']);
1872			$csc['tunnel_network'] = $csc['ifconfig_push'];
1873			unset($csc['ifconfig_push']);
1874			$csc['dns_domain'] = $csc['dhcp_domainname'];
1875			unset($csc['dhcp_domainname']);
1876	c3ae41e6	jim-p
1877			$tmparr = explode(";", $csc['dhcp_dns'], 4);
1878			$d=1;
1879			foreach ($tmparr as $tmpa) {
1880			$csc["dns_server{$d}"] = $tmpa;
1881			$d++;
1882			}
1883	791bcfd4	Bill Marquette	unset($csc['dhcp_dns']);
1884	c3ae41e6	jim-p
1885			$tmparr = explode(";", $csc['dhcp_ntp'], 2);
1886			$d=1;
1887			foreach ($tmparr as $tmpa) {
1888			$csc["ntp_server{$d}"] = $tmpa;
1889			$d++;
1890			}
1891	791bcfd4	Bill Marquette	unset($csc['dhcp_ntp']);
1892	c3ae41e6	jim-p
1893	751533a2	Phil Davis	if ($csc['dhcp_nbtdisable']) {
1894	791bcfd4	Bill Marquette	$csc['netbios_enable'] = false;
1895	751533a2	Phil Davis	} else {
1896	791bcfd4	Bill Marquette	$csc['netbios_enable'] = "yes";
1897	751533a2	Phil Davis	}
1898	791bcfd4	Bill Marquette	unset($csc['dhcp_nbtdisable']);
1899			$csc['netbios_ntype'] = $csc['dhcp_nbttype'];
1900			unset($csc['dhcp_nbttype']);
1901			$csc['netbios_scope'] = $csc['dhcp_nbtscope'];
1902			unset($csc['dhcp_nbtscope']);
1903	c3ae41e6	jim-p
1904			$tmparr = explode(";", $csc['dhcp_nbdd'], 2);
1905			$d=1;
1906			foreach ($tmparr as $tmpa) {
1907			$csc["nbdd_server{$d}"] = $tmpa;
1908			$d++;
1909			}
1910	791bcfd4	Bill Marquette	unset($csc['dhcp_nbdd']);
1911	c3ae41e6	jim-p
1912			$tmparr = explode(";", $csc['dhcp_wins'], 2);
1913			$d=1;
1914			foreach ($tmparr as $tmpa) {
1915			$csc["wins_server{$d}"] = $tmpa;
1916			$d++;
1917			}
1918	791bcfd4	Bill Marquette	unset($csc['dhcp_wins']);
1919
1920	751533a2	Phil Davis	if (!empty($csc['disable'])) {
1921	1e68a58b	jim-p	$csc['disable'] = true;
1922	751533a2	Phil Davis	} else {
1923	1e68a58b	jim-p	unset($csc['disable']);
1924	751533a2	Phil Davis	}
1925	1e68a58b	jim-p
1926	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-csc'][] = $csc;
1927			}
1928
1929			unset($config['installedpackages']['openvpncsc']);
1930			}
1931
1932	c73bd8f0	Ermal Lu?i	if (count($config['openvpn']['openvpn-server']) > 0 \|\|
1933	751533a2	Phil Davis	count($config['openvpn']['openvpn-client']) > 0) {
1934	c73bd8f0	Ermal Lu?i	$ovpnrule = array();
1935	2d563280	Renato Botelho	$ovpnrule['type'] = "pass";
1936			$ovpnrule['interface'] = "openvpn";
1937			$ovpnrule['statetype'] = "keep state";
1938			$ovpnrule['source'] = array();
1939			$ovpnrule['destination'] = array();
1940			$ovpnrule['source']['any'] = true;
1941			$ovpnrule['destination']['any'] = true;
1942			$ovpnrule['descr'] = gettext("Auto added OpenVPN rule from config upgrade.");
1943	c73bd8f0	Ermal Lu?i	$config['filter']['rule'][] = $ovpnrule;
1944			}
1945
1946	791bcfd4	Bill Marquette	/*
1947			* FIXME: hack to keep things working with no installedpackages
1948			* or carp array in the configuration data.
1949			*/
1950	751533a2	Phil Davis	if (!is_array($config['installedpackages'])) {
1951	791bcfd4	Bill Marquette	$config['installedpackages'] = array();
1952	751533a2	Phil Davis	}
1953			if (!is_array($config['installedpackages']['carp'])) {
1954	791bcfd4	Bill Marquette	$config['installedpackages']['carp'] = array();
1955	751533a2	Phil Davis	}
1956	791bcfd4	Bill Marquette
1957			}
1958
1959
1960			function upgrade_052_to_053() {
1961			global $config;
1962	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1963	9ad72e5e	jim-p	$config['ca'] = array();
1964	751533a2	Phil Davis	}
1965			if (!is_array($config['cert'])) {
1966	9ad72e5e	jim-p	$config['cert'] = array();
1967	751533a2	Phil Davis	}
1968	791bcfd4	Bill Marquette
1969	f416763b	Phil Davis	/* migrate advanced admin page webui ssl to certificate manager */
1970	791bcfd4	Bill Marquette	if ($config['system']['webgui']['certificate'] &&
1971	751533a2	Phil Davis	$config['system']['webgui']['private-key']) {
1972	791bcfd4	Bill Marquette
1973			/* create cert entry */
1974			$cert = array();
1975			$cert['refid'] = uniqid();
1976	f2a86ca9	jim-p	$cert['descr'] = "webConfigurator SSL Certificate";
1977	791bcfd4	Bill Marquette	$cert['crt'] = $config['system']['webgui']['certificate'];
1978			$cert['prv'] = $config['system']['webgui']['private-key'];
1979	9ad72e5e	jim-p	$config['cert'][] = $cert;
1980	791bcfd4	Bill Marquette
1981			/* create cert reference */
1982			unset($config['system']['webgui']['certificate']);
1983			unset($config['system']['webgui']['private-key']);
1984			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
1985			}
1986
1987			/* migrate advanced admin page ssh keys to user manager */
1988			if ($config['system']['ssh']['authorizedkeys']) {
1989			$admin_user =& getUserEntryByUID(0);
1990			$admin_user['authorizedkeys'] = $config['system']['ssh']['authorizedkeys'];
1991			unset($config['system']['ssh']['authorizedkeys']);
1992			}
1993			}
1994
1995
1996			function upgrade_053_to_054() {
1997			global $config;
1998	751533a2	Phil Davis	if (is_array($config['load_balancer']['lbpool'])) {
1999	38b5beaf	sullrich	$lbpool_arr = $config['load_balancer']['lbpool'];
2000	791bcfd4	Bill Marquette	$lbpool_srv_arr = array();
2001			$gateway_group_arr = array();
2002	816a5aff	Seth Mos	$gateways = return_gateways_array();
2003	ce107ca5	jim-p	$group_name_changes = array();
2004	4de8f7ba	Phil Davis	if (!is_array($config['gateways']['gateway_item'])) {
2005	bf02c784	Ermal	$config['gateways']['gateway_item'] = array();
2006	751533a2	Phil Davis	}
2007	d827f9cc	smos
2008	bf02c784	Ermal	$a_gateways =& $config['gateways']['gateway_item'];
2009	751533a2	Phil Davis	foreach ($lbpool_arr as $lbpool) {
2010			if ($lbpool['type'] == "gateway") {
2011	ce107ca5	jim-p	// Gateway Groups have to have valid names in pf, old lb pools did not. Clean them up.
2012	751533a2	Phil Davis	$group_name = preg_replace("/[^A-Za-z0-9]/", "", $lbpool['name']);
2013	ce107ca5	jim-p	// If we made and changes, check for collisions and note the change.
2014			if ($group_name != $lbpool['name']) {
2015			// Make sure the name isn't already in use.
2016			foreach ($gateway_group_arr as $gwg) {
2017			// If the name is in use, add some random bits to avoid collision.
2018	751533a2	Phil Davis	if ($gwg['name'] == $group_name) {
2019	ce107ca5	jim-p	$group_name .= uniqid();
2020	751533a2	Phil Davis	}
2021	ce107ca5	jim-p	}
2022			$group_name_changes[$lbpool['name']] = $group_name;
2023			}
2024			$gateway_group['name'] = $group_name;
2025	e988813d	jim-p	$gateway_group['descr'] = $lbpool['descr'];
2026	791bcfd4	Bill Marquette	$gateway_group['trigger'] = "down";
2027			$gateway_group['item'] = array();
2028	cb945ced	sullrich	$i = 0;
2029	751533a2	Phil Davis	foreach ($lbpool['servers'] as $member) {
2030	2ce660ad	smos	$split = explode("\|", $member);
2031	791bcfd4	Bill Marquette	$interface = $split[0];
2032	d9d4c637	Seth Mos	$monitor = $split[1];
2033	2328dcc5	Seth Mos	/* on static upgraded configuration we automatically prepend GW_ */
2034			$static_name = "GW_" . strtoupper($interface);
2035	751533a2	Phil Davis	if (is_ipaddr($monitor)) {
2036			foreach ($a_gateways as & $gw) {
2037			if ($gw['name'] == $static_name) {
2038	d2b20ab6	jim-p	$gw['monitor'] = $monitor;
2039	751533a2	Phil Davis	}
2040			}
2041			}
2042	d2b20ab6	jim-p
2043	6ee1b7eb	Seth Mos	/* on failover increment tier. Else always assign 1 */
2044	751533a2	Phil Davis	if ($lbpool['behaviour'] == "failover") {
2045	6ee1b7eb	Seth Mos	$i++;
2046			} else {
2047			$i = 1;
2048			}
2049	685a26fc	smos	$gateway_group['item'][] = "$static_name\|$i";
2050	791bcfd4	Bill Marquette	}
2051			$gateway_group_arr[] = $gateway_group;
2052			} else {
2053			$lbpool_srv_arr[] = $lbpool;
2054			}
2055			}
2056	38b5beaf	sullrich	$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2057	791bcfd4	Bill Marquette	$config['gateways']['gateway_group'] = $gateway_group_arr;
2058			}
2059			// Unset lbpool if we no longer have any server pools
2060			if (count($lbpool_srv_arr) == 0) {
2061	751533a2	Phil Davis	if (empty($config['load_balancer'])) {
2062	0b5b4f32	Seth Mos	unset($config['load_balancer']);
2063	92a2ceae	Seth Mos	} else {
2064	fa6e5ba5	Phil Davis	if (isset($config['load_balancer']['lbpool'])) {
2065			unset($config['load_balancer']['lbpool']);
2066			}
2067	0b5b4f32	Seth Mos	}
2068	791bcfd4	Bill Marquette	} else {
2069			$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2070			}
2071			// Only set the gateway group array if we converted any
2072			if (count($gateway_group_arr) != 0) {
2073			$config['gateways']['gateway_group'] = $gateway_group_arr;
2074	ce107ca5	jim-p	// Update any rules that had a gateway change, if any.
2075	751533a2	Phil Davis	if (count($group_name_changes) > 0) {
2076			foreach ($config['filter']['rule'] as & $rule) {
2077			if (!empty($rule["gateway"]) && array_key_exists($rule["gateway"], $group_name_changes)) {
2078	ce107ca5	jim-p	$rule["gateway"] = $group_name_changes[$rule["gateway"]];
2079	751533a2	Phil Davis	}
2080			}
2081			}
2082	791bcfd4	Bill Marquette	}
2083			}
2084
2085
2086			function upgrade_054_to_055() {
2087			global $config;
2088	54f8bad0	Seth Mos	global $g;
2089
2090	791bcfd4	Bill Marquette	/* RRD files changed for quality, traffic and packets graphs */
2091	59cfe65d	Ermal	//ini_set("max_execution_time", "1800");
2092	791bcfd4	Bill Marquette	/* convert traffic RRD file */
2093			global $parsedcfg, $listtags;
2094			$listtags = array("ds", "v", "rra", "row");
2095
2096			$rrddbpath = "/var/db/rrd/";
2097			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2098	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
2099	e34cf1f6	smos	/* restore the databases, if we have one */
2100	8bdb6879	Darren Embry	if (restore_rrd()) {
2101	e34cf1f6	smos	/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
2102	8560c756	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
2103	e34cf1f6	smos	}
2104			}
2105	791bcfd4	Bill Marquette
2106			$rrdinterval = 60;
2107			$valid = $rrdinterval * 2;
2108
2109			/* Asume GigE for now */
2110			$downstream = 125000000;
2111			$upstream = 125000000;
2112
2113			/* build a list of quality databases */
2114			/* roundtrip has become delay */
2115			function divide_delay($delayval) {
2116			$delayval = floatval($delayval);
2117			$delayval = ($delayval / 1000);
2118			$delayval = " ". sprintf("%1.10e", $delayval) ." ";
2119			return $delayval;
2120			}
2121			/* the roundtrip times need to be divided by 1000 to get seconds, really */
2122			$databases = array();
2123	751533a2	Phil Davis	if (!file_exists($rrddbpath)) {
2124	af0b07d3	jim-p	@mkdir($rrddbpath);
2125	751533a2	Phil Davis	}
2126	4cb9abc3	jim-p	chdir($rrddbpath);
2127			$databases = glob("*-quality.rrd");
2128	791bcfd4	Bill Marquette	rsort($databases);
2129	751533a2	Phil Davis	foreach ($databases as $database) {
2130	791bcfd4	Bill Marquette	$xmldump = "{$database}.old.xml";
2131			$xmldumpnew = "{$database}.new.xml";
2132
2133	751533a2	Phil Davis	if (platform_booting()) {
2134	9bc8b6b6	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6 \n";
2135	751533a2	Phil Davis	}
2136	791bcfd4	Bill Marquette	mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1");
2137
2138			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2139	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2140	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2141
2142			$i = 0;
2143	751533a2	Phil Davis	foreach ($rrdold['rra'] as $rra) {
2144	791bcfd4	Bill Marquette	$l = 0;
2145	751533a2	Phil Davis	foreach ($rra['database']['row'] as $row) {
2146	791bcfd4	Bill Marquette	$vnew = divide_delay($row['v'][1]);
2147			$rrdold['rra'][$i]['database']['row'][$l]['v'][1] = $vnew;
2148			$l++;
2149			}
2150			$i++;
2151			}
2152
2153	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw($rrdold, "rrd"));
2154	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2155
2156	1005d4bf	Seth Mos	unset($rrdold);
2157	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2158			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2159	791bcfd4	Bill Marquette	}
2160
2161			/* build a list of traffic and packets databases */
2162	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2163	791bcfd4	Bill Marquette	rsort($databases);
2164	751533a2	Phil Davis	foreach ($databases as $database) {
2165	791bcfd4	Bill Marquette	$databasetmp = "{$database}.tmp";
2166			$xmldump = "{$database}.old.xml";
2167			$xmldumptmp = "{$database}.tmp.xml";
2168			$xmldumpnew = "{$database}.new.xml";
2169
2170	751533a2	Phil Davis	if (platform_booting()) {
2171	34834e7e	jim-p	echo "Migrate RRD database {$database} to new format \n";
2172	751533a2	Phil Davis	}
2173	791bcfd4	Bill Marquette	/* rename DS source */
2174			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r in:inpass 2>&1");
2175			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r out:outpass 2>71");
2176
2177			/* dump contents to xml and move database out of the way */
2178			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2179
2180			/* create new rrd database file */
2181			$rrdcreate = "$rrdtool create {$g['tmp_path']}/{$databasetmp} --step $rrdinterval ";
2182			$rrdcreate .= "DS:inpass:COUNTER:$valid:0:$downstream ";
2183			$rrdcreate .= "DS:outpass:COUNTER:$valid:0:$upstream ";
2184			$rrdcreate .= "DS:inblock:COUNTER:$valid:0:$downstream ";
2185			$rrdcreate .= "DS:outblock:COUNTER:$valid:0:$upstream ";
2186			$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
2187			$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
2188			$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
2189	eb346e0b	Seth Mos	$rrdcreate .= "RRA:AVERAGE:0.5:720:1000 ";
2190	791bcfd4	Bill Marquette
2191			create_new_rrd("$rrdcreate");
2192			/* create temporary xml from new RRD */
2193			dump_rrd_to_xml("{$g['tmp_path']}/{$databasetmp}", "{$g['tmp_path']}/{$xmldumptmp}");
2194
2195	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2196	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2197
2198	1005d4bf	Seth Mos	$rrdnew = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldumptmp}"), 1, "tag");
2199	791bcfd4	Bill Marquette	$rrdnew = $rrdnew['rrd'];
2200
2201			/* remove any MAX RRA's. Not needed for traffic. */
2202			$i = 0;
2203			foreach ($rrdold['rra'] as $rra) {
2204	751533a2	Phil Davis	if (trim($rra['cf']) == "MAX") {
2205	791bcfd4	Bill Marquette	unset($rrdold['rra'][$i]);
2206			}
2207			$i++;
2208			}
2209
2210	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw(migrate_rrd_format($rrdold, $rrdnew), "rrd"));
2211	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2212	eb346e0b	Seth Mos	/* we now have the rrd with the new fields, adjust the size now. */
2213			/* RRA 2 is 60 minutes, RRA 3 is 720 minutes */
2214			mwexec("/bin/sync");
2215	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 2 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2216	eb346e0b	Seth Mos	mwexec("/bin/sync");
2217	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 3 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2218	1005d4bf	Seth Mos	unset($rrdxmlarray);
2219	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2220			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2221	791bcfd4	Bill Marquette	}
2222	751533a2	Phil Davis	if (!platform_booting()) {
2223	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2224	751533a2	Phil Davis	}
2225	e34cf1f6	smos	/* Let's save the RRD graphs after we run enable RRD graphing */
2226			/* The function will restore the rrd.tgz so we will save it after */
2227	8bdb6879	Darren Embry	exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2228	e7f65689	Renato Botelho	unlink_if_exists("{$g['vardb_path']}/rrd/*.xml");
2229	751533a2	Phil Davis	if (platform_booting()) {
2230	34834e7e	jim-p	echo "Updating configuration...";
2231	751533a2	Phil Davis	}
2232	791bcfd4	Bill Marquette	}
2233
2234
2235			function upgrade_055_to_056() {
2236			global $config;
2237
2238	751533a2	Phil Davis	if (!is_array($config['ca'])) {
2239	9ad72e5e	jim-p	$config['ca'] = array();
2240	751533a2	Phil Davis	}
2241			if (!is_array($config['cert'])) {
2242	9ad72e5e	jim-p	$config['cert'] = array();
2243	751533a2	Phil Davis	}
2244	791bcfd4	Bill Marquette
2245			/* migrate ipsec ca's to cert manager */
2246			if (is_array($config['ipsec']['cacert'])) {
2247	751533a2	Phil Davis	foreach ($config['ipsec']['cacert'] as & $cacert) {
2248	791bcfd4	Bill Marquette	$ca = array();
2249			$ca['refid'] = uniqid();
2250	751533a2	Phil Davis	if (is_array($cacert['cert'])) {
2251	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'][0];
2252	751533a2	Phil Davis	} else {
2253	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'];
2254	751533a2	Phil Davis	}
2255	f2a86ca9	jim-p	$ca['descr'] = $cacert['ident'];
2256	9ad72e5e	jim-p	$config['ca'][] = $ca;
2257	791bcfd4	Bill Marquette	}
2258			unset($config['ipsec']['cacert']);
2259			}
2260
2261			/* migrate phase1 certificates to cert manager */
2262			if (is_array($config['ipsec']['phase1'])) {
2263	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as & $ph1ent) {
2264	791bcfd4	Bill Marquette	$cert = array();
2265			$cert['refid'] = uniqid();
2266	f2a86ca9	jim-p	$cert['descr'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
2267	751533a2	Phil Davis	if (is_array($ph1ent['cert'])) {
2268	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'][0];
2269	751533a2	Phil Davis	} else {
2270	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'];
2271	751533a2	Phil Davis	}
2272	791bcfd4	Bill Marquette	$cert['prv'] = $ph1ent['private-key'];
2273	9ad72e5e	jim-p	$config['cert'][] = $cert;
2274	791bcfd4	Bill Marquette	$ph1ent['certref'] = $cert['refid'];
2275	751533a2	Phil Davis	if ($ph1ent['cert']) {
2276	791bcfd4	Bill Marquette	unset($ph1ent['cert']);
2277	751533a2	Phil Davis	}
2278			if ($ph1ent['private-key']) {
2279	791bcfd4	Bill Marquette	unset($ph1ent['private-key']);
2280	751533a2	Phil Davis	}
2281			if ($ph1ent['peercert']) {
2282	791bcfd4	Bill Marquette	unset($ph1ent['peercert']);
2283	751533a2	Phil Davis	}
2284	791bcfd4	Bill Marquette	}
2285			}
2286			}
2287
2288
2289			function upgrade_056_to_057() {
2290			global $config;
2291	84924e76	Ermal
2292	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2293	4830e56a	Erik Fonnesbeck	$config['system']['user'] = array();
2294	751533a2	Phil Davis	}
2295	791bcfd4	Bill Marquette	/* migrate captivate portal to user manager */
2296			if (is_array($config['captiveportal']['user'])) {
2297	751533a2	Phil Davis	foreach ($config['captiveportal']['user'] as $user) {
2298	791bcfd4	Bill Marquette	// avoid user conflicts
2299	4830e56a	Erik Fonnesbeck	$found = false;
2300			foreach ($config['system']['user'] as $userent) {
2301			if ($userent['name'] == $user['name']) {
2302			$found = true;
2303			break;
2304			}
2305			}
2306	751533a2	Phil Davis	if ($found) {
2307	791bcfd4	Bill Marquette	continue;
2308	751533a2	Phil Davis	}
2309	791bcfd4	Bill Marquette	$user['scope'] = "user";
2310			if (isset($user['expirationdate'])) {
2311			$user['expires'] = $user['expirationdate'];
2312			unset($user['expirationdate']);
2313			}
2314			if (isset($user['password'])) {
2315			$user['md5-hash'] = $user['password'];
2316			unset($user['password']);
2317			}
2318	4830e56a	Erik Fonnesbeck	$user['uid'] = $config['system']['nextuid']++;
2319	791bcfd4	Bill Marquette	$config['system']['user'][] = $user;
2320			}
2321			unset($config['captiveportal']['user']);
2322			}
2323			}
2324	4b96b367	mgrooms
2325			function upgrade_057_to_058() {
2326			global $config;
2327			/* set all phase2 entries to tunnel mode */
2328	751533a2	Phil Davis	if (is_array($config['ipsec']['phase2'])) {
2329			foreach ($config['ipsec']['phase2'] as & $ph2ent) {
2330	4b96b367	mgrooms	$ph2ent['mode'] = 'tunnel';
2331	751533a2	Phil Davis	}
2332			}
2333	4b96b367	mgrooms	}
2334	60120e37	Ermal Lu?i
2335			function upgrade_058_to_059() {
2336			global $config;
2337
2338			if (is_array($config['schedules']['schedule'])) {
2339	751533a2	Phil Davis	foreach ($config['schedules']['schedule'] as & $schedl) {
2340	60120e37	Ermal Lu?i	$schedl['schedlabel'] = uniqid();
2341	751533a2	Phil Davis	}
2342	60120e37	Ermal Lu?i	}
2343			}
2344	2523c923	Seth Mos
2345			function upgrade_059_to_060() {
2346	fcf5afa0	Seth Mos	global $config;
2347	a0588fad	Scott Ullrich	require_once("/etc/inc/certs.inc");
2348	9ad72e5e	jim-p	if (is_array($config['ca'])) {
2349	2cf6ddcb	Nigel Graham	/* Locate issuer for all CAs */
2350	9ad72e5e	jim-p	foreach ($config['ca'] as & $ca) {
2351	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($ca['crt']);
2352			$issuer = cert_get_issuer($ca['crt']);
2353	751533a2	Phil Davis	if ($issuer <> $subject) {
2354	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2355	751533a2	Phil Davis	if ($issuer_crt) {
2356	2cf6ddcb	Nigel Graham	$ca['caref'] = $issuer_crt['refid'];
2357	751533a2	Phil Davis	}
2358	2cf6ddcb	Nigel Graham	}
2359			}
2360	2d563280	Renato Botelho
2361	2cf6ddcb	Nigel Graham	/* Locate issuer for all certificates */
2362	9ad72e5e	jim-p	if (is_array($config['cert'])) {
2363			foreach ($config['cert'] as & $cert) {
2364	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($cert['crt']);
2365			$issuer = cert_get_issuer($cert['crt']);
2366	751533a2	Phil Davis	if ($issuer <> $subject) {
2367	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2368	751533a2	Phil Davis	if ($issuer_crt) {
2369	2cf6ddcb	Nigel Graham	$cert['caref'] = $issuer_crt['refid'];
2370	751533a2	Phil Davis	}
2371	2cf6ddcb	Nigel Graham	}
2372			}
2373	9d3dab70	Scott Ullrich	}
2374	2cf6ddcb	Nigel Graham	}
2375			}
2376	d43ad788	Scott Ullrich
2377	6a688547	Ermal	function upgrade_060_to_061() {
2378			global $config;
2379	3cfa11c2	Scott Ullrich
2380	751533a2	Phil Davis	if (is_array($config['interfaces']['wan'])) {
2381	6a688547	Ermal	$config['interfaces']['wan']['enable'] = true;
2382	751533a2	Phil Davis	}
2383			if (is_array($config['interfaces']['lan'])) {
2384	6a688547	Ermal	$config['interfaces']['lan']['enable'] = true;
2385	751533a2	Phil Davis	}
2386	1cad6f6c	jim-p
2387			/* On 1.2.3 the "mtu" field adjusted MSS.
2388			On 2.x the "mtu" field is actually the MTU. Rename accordingly.
2389			See redmine ticket #1886
2390			*/
2391			foreach ($config['interfaces'] as $ifr => &$intf) {
2392			if (isset($intf['mtu']) && is_numeric($intf['mtu'])) {
2393			$intf['mss'] = $intf['mtu'];
2394			unset($intf['mtu']);
2395			}
2396			}
2397	6a688547	Ermal	}
2398	3cfa11c2	Scott Ullrich
2399	59ecde49	Renato Botelho	function upgrade_061_to_062() {
2400			global $config;
2401
2402			/* Convert NAT port forwarding rules */
2403			if (is_array($config['nat']['rule'])) {
2404			$a_nat = &$config['nat']['rule'];
2405
2406			foreach ($a_nat as &$natent) {
2407			$natent['disabled'] = false;
2408			$natent['nordr'] = false;
2409
2410			$natent['source'] = array(
2411			"not" => false,
2412			"any" => true,
2413			"port" => ""
2414			);
2415
2416			$natent['destination'] = array(
2417			"not" => false,
2418			"address" => $natent['external-address'],
2419			"port" => $natent['external-port']
2420			);
2421
2422	743ce9f8	Erik Fonnesbeck	if (empty($natent['destination']['address'])) {
2423	fcf4e8cd	Erik Fonnesbeck	unset($natent['destination']['address']);
2424			$natent['destination']['network'] = $natent['interface'] . 'ip';
2425	743ce9f8	Erik Fonnesbeck	} else if ($natent['destination']['address'] == 'any') {
2426			unset($natent['destination']['address']);
2427			$natent['destination']['any'] = true;
2428			}
2429
2430	59ecde49	Renato Botelho	unset($natent['external-address']);
2431			unset($natent['external-port']);
2432			}
2433
2434			unset($natent);
2435			}
2436			}
2437
2438	0f8266ed	smos	function upgrade_062_to_063() {
2439	168a1e48	smos	/* Upgrade legacy Themes to the new pfsense_ng */
2440	995df6c3	Stephen Beaver	// Not supported in 2.3+
2441	2d563280	Renato Botelho
2442	168a1e48	smos	}
2443	c2b2b571	gnhb
2444			function upgrade_063_to_064() {
2445			global $config;
2446	4de8f7ba	Phil Davis	$j = 0;
2447	d09ca87e	gnhb	$ifcfg = &$config['interfaces'];
2448	2d563280	Renato Botelho
2449			if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
2450	c2b2b571	gnhb	foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
2451	d09ca87e	gnhb	$config['ppps']['ppp'][$pppid]['if'] = "ppp".$j;
2452			$config['ppps']['ppp'][$pppid]['ptpid'] = $j;
2453			$j++;
2454	751533a2	Phil Davis	if (isset($ppp['port'])) {
2455	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['ports'] = $ppp['port'];
2456			unset($config['ppps']['ppp'][$pppid]['port']);
2457			}
2458	751533a2	Phil Davis	if (!isset($ppp['type'])) {
2459	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['type'] = "ppp";
2460			}
2461	751533a2	Phil Davis	if (isset($ppp['defaultgw'])) {
2462	6fdfa8fb	gnhb	unset($config['ppps']['ppp'][$pppid]['defaultgw']);
2463	751533a2	Phil Davis	}
2464	c2b2b571	gnhb	}
2465			}
2466	2d563280	Renato Botelho
2467	751533a2	Phil Davis	if (!is_array($config['ppps']['ppp'])) {
2468	c2b2b571	gnhb	$config['ppps']['ppp'] = array();
2469	751533a2	Phil Davis	}
2470	c2b2b571	gnhb	$a_ppps = &$config['ppps']['ppp'];
2471
2472			foreach ($ifcfg as $ifname => $ifinfo) {
2473			$ppp = array();
2474			// For pppoe conversion
2475	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe" \|\| $ifinfo['ipaddr'] == "pptp") {
2476			if (isset($ifinfo['ptpid'])) {
2477	c2b2b571	gnhb	continue;
2478	751533a2	Phil Davis	}
2479	4de8f7ba	Phil Davis	$ppp['ptpid'] = $j;
2480	c2b2b571	gnhb	$ppp['type'] = $ifinfo['ipaddr'];
2481	d09ca87e	gnhb	$ppp['if'] = $ifinfo['ipaddr'].$j;
2482	c2b2b571	gnhb	$ppp['ports'] = $ifinfo['if'];
2483	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe") {
2484	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pppoe_username'];
2485			$ppp['password'] = base64_encode($ifinfo['pppoe_password']);
2486			}
2487	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pptp") {
2488	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pptp_username'];
2489			$ppp['password'] = base64_encode($ifinfo['pptp_password']);
2490			}
2491	2d563280	Renato Botelho
2492	751533a2	Phil Davis	if (isset($ifinfo['provider'])) {
2493	c2b2b571	gnhb	$ppp['provider'] = $ifinfo['provider'];
2494	751533a2	Phil Davis	}
2495			if (isset($ifinfo['ondemand'])) {
2496	c2b2b571	gnhb	$ppp['ondemand'] = true;
2497	751533a2	Phil Davis	}
2498			if (isset($ifinfo['timeout'])) {
2499	c2b2b571	gnhb	$ppp['idletimeout'] = $ifinfo['timeout'];
2500	751533a2	Phil Davis	}
2501			if (isset($ifinfo['pppoe']['pppoe-reset-type'])) {
2502	c2b2b571	gnhb	$ppp['pppoe-reset-type'] = $ifinfo['pppoe']['pppoe-reset-type'];
2503			if (is_array($config['cron']['item'])) {
2504			for ($i = 0; $i < count($config['cron']['item']); $i++) {
2505			$item = $config['cron']['item'][$i];
2506	751533a2	Phil Davis	if (strpos($item['command'], "/conf/pppoe{$ifname}restart") !== false) {
2507	f7480829	gnhb	$config['cron']['item'][$i]['command'] = "/var/etc/pppoe_restart_" . $ppp['if'];
2508	751533a2	Phil Davis	}
2509	c2b2b571	gnhb	}
2510			}
2511			}
2512	751533a2	Phil Davis	if (isset($ifinfo['local'])) {
2513	c2b2b571	gnhb	$ppp['localip'] = $ifinfo['local'];
2514	751533a2	Phil Davis	}
2515			if (isset($ifinfo['subnet'])) {
2516	c2b2b571	gnhb	$ppp['subnet'] = $ifinfo['subnet'];
2517	751533a2	Phil Davis	}
2518			if (isset($ifinfo['remote'])) {
2519	c2b2b571	gnhb	$ppp['gateway'] = $ifinfo['remote'];
2520	751533a2	Phil Davis	}
2521	f7480829	gnhb
2522	d09ca87e	gnhb	$ifcfg[$ifname]['if'] = $ifinfo['ipaddr'].$j;
2523			$j++;
2524	2d563280	Renato Botelho
2525	c2b2b571	gnhb	unset($ifcfg[$ifname]['pppoe_username']);
2526			unset($ifcfg[$ifname]['pppoe_password']);
2527			unset($ifcfg[$ifname]['provider']);
2528			unset($ifcfg[$ifname]['ondemand']);
2529			unset($ifcfg[$ifname]['timeout']);
2530			unset($ifcfg[$ifname]['pppoe_reset']);
2531			unset($ifcfg[$ifname]['pppoe_preset']);
2532			unset($ifcfg[$ifname]['pppoe']);
2533			unset($ifcfg[$ifname]['pptp_username']);
2534			unset($ifcfg[$ifname]['pptp_password']);
2535			unset($ifcfg[$ifname]['local']);
2536			unset($ifcfg[$ifname]['subnet']);
2537			unset($ifcfg[$ifname]['remote']);
2538	2d563280	Renato Botelho
2539	c2b2b571	gnhb	$a_ppps[] = $ppp;
2540	2d563280	Renato Botelho
2541	c2b2b571	gnhb	}
2542			}
2543			}
2544
2545	56a5a0ab	jim-p	function upgrade_064_to_065() {
2546			/* Disable TSO and LRO in upgraded configs */
2547			global $config;
2548			$config['system']['disablesegmentationoffloading'] = true;
2549			$config['system']['disablelargereceiveoffloading'] = true;
2550			}
2551
2552	2f06cc3f	Ermal	function upgrade_065_to_066() {
2553			global $config;
2554
2555			$dhcrelaycfg =& $config['dhcrelay'];
2556
2557	2d563280	Renato Botelho	if (is_array($dhcrelaycfg)) {
2558			$dhcrelayifs = array();
2559	2f06cc3f	Ermal	$foundifs = false;
2560	2d563280	Renato Botelho	/* DHCPRelay enabled on any interfaces? */
2561			foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
2562			if (isset($dhcrelayifconf['enable'])) {
2563	2f06cc3f	Ermal	$dhcrelayifs[] = $dhcrelayif;
2564			unset($dhcrelaycfg['dhcrelayif']);
2565			$foundifs = true;
2566			}
2567	2d563280	Renato Botelho	}
2568	751533a2	Phil Davis	if ($foundifs == true) {
2569	2f06cc3f	Ermal	$dhcrelaycfg['interface'] = implode(",", $dhcrelayifs);
2570	751533a2	Phil Davis	}
2571	2d563280	Renato Botelho	}
2572	2f06cc3f	Ermal	}
2573
2574	9ad72e5e	jim-p	function upgrade_066_to_067() {
2575			global $config;
2576			if (isset($config['system']['ca'])) {
2577			$config['ca'] = $config['system']['ca'];
2578	661de3e7	Phil Davis	unset($config['system']['ca']);
2579	9ad72e5e	jim-p	}
2580			if (isset($config['system']['cert'])) {
2581			$config['cert'] = $config['system']['cert'];
2582	661de3e7	Phil Davis	unset($config['system']['cert']);
2583	9ad72e5e	jim-p	}
2584			}
2585
2586	6ae9f9b7	Ermal	function upgrade_067_to_068() {
2587			global $config;
2588
2589			if (!empty($config['pppoe'])) {
2590			$config['pppoes'] = array();
2591			$config['pppoes']['pppoe'] = array();
2592			$config['pppoes']['pppoe'][] = $config['pppoe'][0];
2593	ce968051	Ermal
2594			if (is_array($config['pppoe']['user'])) {
2595	2d563280	Renato Botelho	$username = array();
2596	ce968051	Ermal	foreach ($config['pppoe']['user'] as $user) {
2597	2fc29020	Ermal	$usr = $user['name'] . ":" . base64_encode($user['password']);
2598	751533a2	Phil Davis	if ($user['ip']) {
2599	ce968051	Ermal	$usr .= ":{$user['ip']}";
2600	751533a2	Phil Davis	}
2601	ce968051	Ermal	$username[] = $usr;
2602			}
2603			$config['pppoes']['pppoe'][0]['username'] = implode(" ", $username);
2604			}
2605	6ae9f9b7	Ermal	unset($config['pppoe']);
2606			}
2607			}
2608
2609	18de0728	Ermal	function upgrade_068_to_069() {
2610	8fefb9dd	jim-p	global $config;
2611	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2612	8fefb9dd	jim-p	return;
2613	751533a2	Phil Davis	}
2614	8fefb9dd	jim-p	foreach ($config['system']['user'] as & $user) {
2615	751533a2	Phil Davis	if (!is_array($user['cert'])) {
2616	8fefb9dd	jim-p	continue;
2617	751533a2	Phil Davis	}
2618	8fefb9dd	jim-p	$rids = array();
2619			foreach ($user['cert'] as $id => $cert) {
2620	751533a2	Phil Davis	if (!isset($cert['descr'])) {
2621	8fefb9dd	jim-p	continue;
2622	751533a2	Phil Davis	}
2623	8fefb9dd	jim-p	$tcert = $cert;
2624			// Make sure each cert gets a refid
2625	751533a2	Phil Davis	if (!isset($tcert['refid'])) {
2626	8fefb9dd	jim-p	$tcert['refid'] = uniqid();
2627	751533a2	Phil Davis	}
2628	8fefb9dd	jim-p	// Keep the cert references for this user
2629			$rids[] = $tcert['refid'];
2630			$config['cert'][] = $tcert;
2631			}
2632			// Replace user certs with cert references instead.
2633	751533a2	Phil Davis	if (count($rids) > 0) {
2634	8fefb9dd	jim-p	$user['cert'] = $rids;
2635	751533a2	Phil Davis	}
2636	8fefb9dd	jim-p	}
2637			}
2638
2639	4c5b8653	Erik Fonnesbeck	function upgrade_069_to_070() {
2640			global $config;
2641
2642			/* Convert NAT 1:1 rules */
2643			if (is_array($config['nat']['onetoone'])) {
2644	a3bac4ce	Ermal	foreach ($config['nat']['onetoone'] as $nidx => $natent) {
2645	751533a2	Phil Davis	if ($natent['subnet'] == 32) {
2646	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal']);
2647	751533a2	Phil Davis	} else {
2648	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']);
2649	751533a2	Phil Davis	}
2650	4c5b8653	Erik Fonnesbeck
2651	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['destination'] = array("any" => true);
2652	4c5b8653	Erik Fonnesbeck
2653	a3bac4ce	Ermal	unset($config['nat']['onetoone'][$nidx]['internal']);
2654			unset($config['nat']['onetoone'][$nidx]['subnet']);
2655	4c5b8653	Erik Fonnesbeck	}
2656
2657			unset($natent);
2658			}
2659			}
2660
2661	65167fcc	Ermal	function upgrade_070_to_071() {
2662			global $config;
2663
2664			if (is_array($config['cron']['item'])) {
2665	751533a2	Phil Davis	foreach ($config['cron']['item'] as $idx => $cronitem) {
2666			if (stristr($cronitem['command'], "checkreload.sh")) {
2667	65167fcc	Ermal	unset($config['cron']['item'][$idx]);
2668			break;
2669			}
2670			}
2671			}
2672			}
2673	15864861	jim-p
2674	6751b3e7	jim-p	function rename_field(& $section, $oldname, $newname) {
2675	e988813d	jim-p	if (is_array($section)) {
2676	751533a2	Phil Davis	foreach ($section as & $item) {
2677			if (is_array($item) && !empty($item[$oldname])) {
2678	6751b3e7	jim-p	$item[$newname] = $item[$oldname];
2679	751533a2	Phil Davis	}
2680			if (is_array($item) && isset($item[$oldname])) {
2681	6751b3e7	jim-p	unset($item[$oldname]);
2682	751533a2	Phil Davis	}
2683	e988813d	jim-p	}
2684			}
2685			}
2686
2687	6751b3e7	jim-p	function upgrade_071_to_072() {
2688			global $config;
2689	751533a2	Phil Davis	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
2690	6bef0554	jim-p	rename_field($config['sysctl']['item'], 'desc', 'descr');
2691	751533a2	Phil Davis	}
2692	6751b3e7	jim-p	}
2693
2694	e988813d	jim-p	function upgrade_072_to_073() {
2695			global $config;
2696	751533a2	Phil Davis	if (!is_array($config['load_balancer'])) {
2697	6bef0554	jim-p	return;
2698	751533a2	Phil Davis	}
2699			if (is_array($config['load_balancer']['monitor_type'])) {
2700	6bef0554	jim-p	rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr');
2701	751533a2	Phil Davis	}
2702			if (is_array($config['load_balancer']['lbpool'])) {
2703	6bef0554	jim-p	rename_field($config['load_balancer']['lbpool'], 'desc', 'descr');
2704	751533a2	Phil Davis	}
2705			if (is_array($config['load_balancer']['lbaction'])) {
2706	6bef0554	jim-p	rename_field($config['load_balancer']['lbaction'], 'desc', 'descr');
2707	751533a2	Phil Davis	}
2708			if (is_array($config['load_balancer']['lbprotocol'])) {
2709	6bef0554	jim-p	rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr');
2710	751533a2	Phil Davis	}
2711			if (is_array($config['load_balancer']['virtual_server'])) {
2712	6bef0554	jim-p	rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr');
2713	751533a2	Phil Davis	}
2714	e988813d	jim-p	}
2715	9ff73b79	jim-p
2716			function upgrade_073_to_074() {
2717			global $config;
2718	6751b3e7	jim-p	rename_field($config['system']['user'], 'fullname', 'descr');
2719	9ff73b79	jim-p	}
2720	f2a86ca9	jim-p
2721			function upgrade_074_to_075() {
2722			global $config;
2723	751533a2	Phil Davis	if (is_array($config['ca'])) {
2724	6bef0554	jim-p	rename_field($config['ca'], 'name', 'descr');
2725	751533a2	Phil Davis	}
2726			if (is_array($config['cert'])) {
2727	6bef0554	jim-p	rename_field($config['cert'], 'name', 'descr');
2728	751533a2	Phil Davis	}
2729			if (is_array($config['crl'])) {
2730	6bef0554	jim-p	rename_field($config['crl'], 'name', 'descr');
2731	751533a2	Phil Davis	}
2732	f2a86ca9	jim-p	}
2733	9734b054	Scott Ullrich
2734	d0dc2fd1	jim-p	function upgrade_075_to_076() {
2735	7d9b3d5e	jim-p	global $config;
2736			$cron_item = array();
2737			$cron_item['minute'] = "30";
2738			$cron_item['hour'] = "12";
2739			$cron_item['mday'] = "*";
2740			$cron_item['month'] = "*";
2741			$cron_item['wday'] = "*";
2742			$cron_item['who'] = "root";
2743			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_urltables";
2744			$config['cron']['item'][] = $cron_item;
2745	d0dc2fd1	jim-p	}
2746
2747	9bc8b6b6	Seth Mos	function upgrade_076_to_077() {
2748	9956b38a	Seth Mos	global $config;
2749	751533a2	Phil Davis	foreach ($config['filter']['rule'] as & $rule) {
2750			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2751			$rule['protocol'] = strtolower($rule['protocol']);
2752			}
2753	9956b38a	Seth Mos	}
2754			}
2755
2756			function upgrade_077_to_078() {
2757	f33030aa	jim-p	global $config;
2758	751533a2	Phil Davis	if (is_array($config['pptpd']) && is_array($config['pptpd']['radius']) &&
2759			!is_array($config['pptpd']['radius']['server'])) {
2760	7171b7b6	jim-p	$radarr = array();
2761			$radsvr = array();
2762			$radsvr['ip'] = $config['pptpd']['radius']['server'];
2763			$radsvr['secret'] = $config['pptpd']['radius']['secret'];
2764			$radsvr['port'] = 1812;
2765			$radsvr['acctport'] = 1813;
2766			$radsvr['enable'] = isset($config['pptpd']['radius']['enable']);
2767			$radarr['accounting'] = isset($config['pptpd']['radius']['accounting']);
2768	751533a2	Phil Davis	if ($radarr['accounting']) {
2769	7171b7b6	jim-p	$radarr['acct_update'] = $radsvr['ip'];
2770	751533a2	Phil Davis	}
2771	7171b7b6	jim-p	$radarr['server'] = $radsvr;
2772			$config['pptpd']['radius'] = $radarr;
2773			}
2774	f7c8f633	jim-p	if (is_array($config['pptpd'])) {
2775			$config['pptpd']['n_pptp_units'] = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units'];
2776			}
2777	7171b7b6	jim-p	}
2778	27d0722d	jim-p	function upgrade_078_to_079() {
2779	838e4eb8	Warren Baker	global $g;
2780	5c723d9f	Warren Baker	/* Delete old and unused RRD file */
2781	838e4eb8	Warren Baker	unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
2782	5c723d9f	Warren Baker	}
2783
2784	58005e52	jim-p	function upgrade_079_to_080() {
2785	9bc8b6b6	Seth Mos	global $config;
2786	e6ee8fc6	Ermal
2787	f416763b	Phil Davis	/* Upgrade config in 1.2.3 specifying a username other than admin for syncing. */
2788	e6ee8fc6	Ermal	if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) &&
2789	751533a2	Phil Davis	is_array($config['installedpackages']['carpsettings']['config'])) {
2790	e6ee8fc6	Ermal	$config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username'];
2791			unset($config['system']['username']);
2792			}
2793			}
2794
2795	e49d4564	jim-p	function upgrade_080_to_081() {
2796			global $config;
2797	9bc8b6b6	Seth Mos	global $g;
2798	ff6677cf	smos	/* Welcome to the 2.1 migration path */
2799
2800			/* tag all the existing gateways as being IPv4 */
2801			$i = 0;
2802	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_item'])) {
2803			foreach ($config['gateways']['gateway_item'] as $gw) {
2804	ff6677cf	smos	$config['gateways']['gateway_item'][$i]['ipprotocol'] = "inet";
2805			$i++;
2806			}
2807			}
2808	9bc8b6b6	Seth Mos
2809			/* RRD files changed for quality, traffic and packets graphs */
2810			/* convert traffic RRD file */
2811			global $parsedcfg, $listtags;
2812			$listtags = array("ds", "v", "rra", "row");
2813
2814			$rrddbpath = "/var/db/rrd/";
2815			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2816
2817	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
2818	42ec9337	Renato Botelho	/* restore the databases, if we have one */
2819			if (restore_rrd()) {
2820			/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
2821	e1854cad	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
2822	42ec9337	Renato Botelho	}
2823			}
2824
2825	9bc8b6b6	Seth Mos	$rrdinterval = 60;
2826			$valid = $rrdinterval * 2;
2827
2828			/* Asume GigE for now */
2829			$downstream = 125000000;
2830			$upstream = 125000000;
2831
2832			/* build a list of traffic and packets databases */
2833	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2834	9bc8b6b6	Seth Mos	rsort($databases);
2835	751533a2	Phil Davis	foreach ($databases as $database) {
2836	9bc8b6b6	Seth Mos	$xmldump = "{$database}.old.xml";
2837			$xmldumpnew = "{$database}.new.xml";
2838
2839	751533a2	Phil Davis	if (platform_booting()) {
2840	d55ea970	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6.\n";
2841	751533a2	Phil Davis	}
2842	9bc8b6b6	Seth Mos
2843			/* dump contents to xml and move database out of the way */
2844			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2845
2846	fcaa56b1	smos	/* search and replace tags to add data sources */
2847			$ds_search = "<!-- Round Robin Archives -->";
2848			$ds_arr = array();
2849			$ds_arr[] = " <ds>
2850			<name> inpass6 </name>
2851			<type> COUNTER </type>
2852			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2853			<min> 0.0000000000e+00 </min>
2854			<max> 1.2500000000e+08 </max>
2855
2856			<!-- PDP Status -->
2857			<last_ds> 0 </last_ds>
2858			<value> NaN </value>
2859			<unknown_sec> 3 </unknown_sec>
2860			</ds>
2861			";
2862			$ds_arr[] = " <ds>
2863			<name> outpass6 </name>
2864			<type> COUNTER </type>
2865			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2866			<min> 0.0000000000e+00 </min>
2867			<max> 1.2500000000e+08 </max>
2868
2869			<!-- PDP Status -->
2870			<last_ds> 0 </last_ds>
2871			<value> NaN </value>
2872			<unknown_sec> 3 </unknown_sec>
2873			</ds>
2874			";
2875			$ds_arr[] = " <ds>
2876			<name> inblock6 </name>
2877			<type> COUNTER </type>
2878			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2879			<min> 0.0000000000e+00 </min>
2880			<max> 1.2500000000e+08 </max>
2881
2882			<!-- PDP Status -->
2883			<last_ds> 0 </last_ds>
2884			<value> NaN </value>
2885			<unknown_sec> 3 </unknown_sec>
2886			</ds>
2887			";
2888			$ds_arr[] = " <ds>
2889			<name> outblock6 </name>
2890			<type> COUNTER </type>
2891			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2892			<min> 0.0000000000e+00 </min>
2893			<max> 1.2500000000e+08 </max>
2894
2895			<!-- PDP Status -->
2896			<last_ds> 0 </last_ds>
2897			<value> NaN </value>
2898			<unknown_sec> 3 </unknown_sec>
2899			</ds>
2900			";
2901
2902			$cdp_search = "<\/cdp_prep>";
2903			$cdp_replace = "</cdp_prep>";
2904			$cdp_arr = array();
2905			$cdp_arr[] = " <ds>
2906			<primary_value> NaN </primary_value>
2907			<secondary_value> 0.0000000000e+00 </secondary_value>
2908			<value> NaN </value>
2909			<unknown_datapoints> 0 </unknown_datapoints>
2910			</ds>
2911			";
2912			$cdp_arr[] = " <ds>
2913			<primary_value> NaN </primary_value>
2914			<secondary_value> 0.0000000000e+00 </secondary_value>
2915			<value> NaN </value>
2916			<unknown_datapoints> 0 </unknown_datapoints>
2917			</ds>
2918			";
2919			$cdp_arr[] = " <ds>
2920			<primary_value> NaN </primary_value>
2921			<secondary_value> 0.0000000000e+00 </secondary_value>
2922			<value> NaN </value>
2923			<unknown_datapoints> 0 </unknown_datapoints>
2924			</ds>
2925			";
2926			$cdp_arr[] = " <ds>
2927			<primary_value> NaN </primary_value>
2928			<secondary_value> 0.0000000000e+00 </secondary_value>
2929			<value> NaN </value>
2930			<unknown_datapoints> 0 </unknown_datapoints>
2931			</ds>
2932			";
2933
2934			$value_search = "<\/row>";
2935			$value_replace = "</row>";
2936			$value = "<v> NaN </v>";
2937
2938			$xml = file_get_contents("{$g['tmp_path']}/{$xmldump}");
2939	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2940	fcaa56b1	smos	$xml = preg_replace("/$ds_search/s", "$ds{$ds_search}", $xml);
2941			}
2942	751533a2	Phil Davis	foreach ($cdp_arr as $cdp) {
2943	fcaa56b1	smos	$xml = preg_replace("/$cdp_search/s", "$cdp{$cdp_replace}", $xml);
2944			}
2945	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2946	fcaa56b1	smos	$xml = preg_replace("/$value_search/s", "$value{$value_replace}", $xml);
2947			}
2948	751533a2	Phil Davis
2949	fcaa56b1	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $xml);
2950			mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2951			unset($xml);
2952	73c569ea	Xon	# Default /tmp tmpfs is ~40mb, do not leave temp files around
2953	48047e3f	Renato Botelho	unlink_if_exists("{$g['tmp_path']}/{$xmldump}");
2954			unlink_if_exists("{$g['tmp_path']}/{$xmldumpnew}");
2955	9bc8b6b6	Seth Mos	}
2956	751533a2	Phil Davis	if (!platform_booting()) {
2957	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2958	751533a2	Phil Davis	}
2959	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
2960			/* The function will restore the rrd.tgz so we will save it after */
2961			exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2962	751533a2	Phil Davis	if (platform_booting()) {
2963	9bc8b6b6	Seth Mos	echo "Updating configuration...";
2964	751533a2	Phil Davis	}
2965			foreach ($config['filter']['rule'] as & $rule) {
2966			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2967	1c1a74fa	jim-p	$rule['protocol'] = strtolower($rule['protocol']);
2968	751533a2	Phil Davis	}
2969	7ec0e6e2	jim-p	}
2970	17640b28	Ermal	unset($rule);
2971	9bc8b6b6	Seth Mos	}
2972
2973	e49d4564	jim-p	function upgrade_081_to_082() {
2974	4cdf35a4	Chris Buechler	/* don't enable the allow IPv6 toggle */
2975	1f116988	Seth Mos	}
2976	b4792bf8	Ermal
2977			function upgrade_082_to_083() {
2978			global $config;
2979	7b47bd4c	Ermal
2980	b4792bf8	Ermal	/* Upgrade captiveportal config */
2981			if (!empty($config['captiveportal'])) {
2982			$tmpcp = $config['captiveportal'];
2983			$config['captiveportal'] = array();
2984	17640b28	Ermal	$config['captiveportal']['cpzone'] = array();
2985			$config['captiveportal']['cpzone'] = $tmpcp;
2986			$config['captiveportal']['cpzone']['zoneid'] = 8000;
2987	26b6e758	jim-p	$config['captiveportal']['cpzone']['zone'] = "cpzone";
2988	751533a2	Phil Davis	if ($config['captiveportal']['cpzone']['auth_method'] == "radius") {
2989	2d72659a	Renato Botelho	$config['captiveportal']['cpzone']['radius_protocol'] = "PAP";
2990	751533a2	Phil Davis	}
2991	b4792bf8	Ermal	}
2992	67e73dcd	Ermal	if (!empty($config['voucher'])) {
2993			$tmpcp = $config['voucher'];
2994			$config['voucher'] = array();
2995	17640b28	Ermal	$config['voucher']['cpzone'] = array();
2996			$config['voucher']['cpzone'] = $tmpcp;
2997	67e73dcd	Ermal	}
2998	b4792bf8	Ermal	}
2999	67e73dcd	Ermal
3000	f97a5b04	Darren Embry	function upgrade_083_to_084() {
3001			global $config;
3002			if (!isset($config['hasync'])) {
3003			if (!empty($config['installedpackages']) &&
3004			!empty($config['installedpackages']['carpsettings']) &&
3005			!empty($config['installedpackages']['carpsettings']['config'])) {
3006			$config['hasync'] = $config['installedpackages']['carpsettings']['config'][0];
3007			unset($config['installedpackages']['carpsettings']);
3008			}
3009	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']['carpsettings']) && isset($config['installedpackages']['carpsettings'])) {
3010	f97a5b04	Darren Embry	unset($config['installedpackages']['carpsettings']);
3011			}
3012	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']) && isset($config['installedpackages'])) {
3013	f97a5b04	Darren Embry	unset($config['installedpackages']);
3014			}
3015			}
3016			}
3017
3018	c3ce2ece	smos	function upgrade_084_to_085() {
3019			global $config;
3020
3021			$gateway_group_arr = array();
3022			$gateways = return_gateways_array();
3023			$oldnames = array();
3024			/* setup translation array */
3025	751533a2	Phil Davis	foreach ($gateways as $name => $gw) {
3026			if (isset($gw['dynamic'])) {
3027	c3ce2ece	smos	$oldname = strtoupper($config['interfaces'][$gw['friendlyiface']]['descr']);
3028	2d563280	Renato Botelho	$oldnames[$oldname] = $name;
3029	c3ce2ece	smos	} else {
3030			$oldnames[$name] = $name;
3031			}
3032			}
3033
3034			/* process the old array */
3035	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
3036	c3ce2ece	smos	$group_array_new = array();
3037	751533a2	Phil Davis	foreach ($config['gateways']['gateway_group'] as $name => $group) {
3038			if (is_array($group['item'])) {
3039	c3ce2ece	smos	$newlist = array();
3040	751533a2	Phil Davis	foreach ($group['item'] as $entry) {
3041	c3ce2ece	smos	$elements = explode("\|", $entry);
3042	751533a2	Phil Davis	if ($oldnames[$elements[0]] <> "") {
3043	c3ce2ece	smos	$newlist[] = "{$oldnames[$elements[0]]}\|{$elements[1]}";
3044	da12a8a4	smos	} else {
3045			$newlist[] = "{$elements[0]}\|{$elements[1]}";
3046	c3ce2ece	smos	}
3047			}
3048			$group['item'] = $newlist;
3049			$group_array_new[$name] = $group;
3050			}
3051			}
3052			$config['gateways']['gateway_group'] = $group_array_new;
3053			}
3054	d4d5f7b4	smos	/* rename old Quality RRD files in the process */
3055			$rrddbpath = "/var/db/rrd";
3056	751533a2	Phil Davis	foreach ($oldnames as $old => $new) {
3057			if (is_readable("{$rrddbpath}/{$old}-quality.rrd")) {
3058	17640b28	Ermal	@rename("{$rrddbpath}/{$old}-quality.rrd", "{$rrddbpath}/{$new}-quality.rrd");
3059	d4d5f7b4	smos	}
3060			}
3061	17640b28	Ermal	unset($gateways, $oldnames, $gateway_group_arr);
3062	c3ce2ece	smos	}
3063
3064	b22fc825	jim-p	function upgrade_085_to_086() {
3065	879f7db7	Erik Fonnesbeck	global $config, $g;
3066	b22fc825	jim-p
3067			/* XXX: Gross hacks in sight */
3068	12766374	Erik Fonnesbeck	if (is_array($config['virtualip']['vip'])) {
3069	b22fc825	jim-p	$vipchg = array();
3070	12766374	Erik Fonnesbeck	foreach ($config['virtualip']['vip'] as $vip) {
3071	751533a2	Phil Davis	if ($vip['mode'] != "carp") {
3072	fbda07b9	Ermal	continue;
3073	751533a2	Phil Davis	}
3074	f2cc3344	Renato Botelho	$config = array_replace_values_recursive(
3075			$config,
3076			'^vip' . $vip['vhid'] . '$',
3077			"{$vip['interface']}_vip{$vip['vhid']}"
3078			);
3079	fe47f1f2	Erik Fonnesbeck	}
3080	b22fc825	jim-p	}
3081			}
3082
3083	85a236e9	Ermal	function upgrade_086_to_087() {
3084			global $config, $dummynet_pipe_list;
3085
3086	751533a2	Phil Davis	if (!is_array($config['dnshaper']) \|\| !is_array($config['dnshaper']['queue'])) {
3087	85a236e9	Ermal	return;
3088	751533a2	Phil Davis	}
3089	85a236e9	Ermal
3090			$dnqueue_number = 1;
3091			$dnpipe_number = 1;
3092
3093			foreach ($config['dnshaper']['queue'] as $idx => $dnpipe) {
3094			$config['dnshaper']['queue'][$idx]['number'] = $dnpipe_number;
3095			$dnpipe_number++;
3096			if (is_array($dnpipe['queue'])) {
3097			foreach ($dnpipe['queue'] as $qidx => $dnqueue) {
3098			$config['dnshaper']['queue'][$idx]['queue'][$qidx]['number'] = $dnqueue_number;
3099			$dnqueue_number++;
3100			}
3101			}
3102			}
3103
3104			unset($dnqueue_number, $dnpipe_number, $qidx, $idx, $dnpipe, $dnqueue);
3105
3106	34823356	Phil Davis	if (!is_array($config['filter']) \|\| !is_array($config['filter']['rule'])) {
3107			return;
3108			}
3109
3110	85a236e9	Ermal	require_once("shaper.inc");
3111			read_dummynet_config();
3112
3113	628306af	Ermal	$dn_list = array();
3114	2d563280	Renato Botelho	if (is_array($dummynet_pipe_list)) {
3115			foreach ($dummynet_pipe_list as $dn) {
3116			$tmplist =& $dn->get_queue_list();
3117			foreach ($tmplist as $qname => $link) {
3118			$dn_list[$link] = $qname;
3119			}
3120			}
3121	17640b28	Ermal	unset($dummynet_pipe_list);
3122	2d563280	Renato Botelho	}
3123	628306af	Ermal
3124	85a236e9	Ermal	foreach ($config['filter']['rule'] as $idx => $rule) {
3125			if (!empty($rule['dnpipe'])) {
3126	751533a2	Phil Davis	if (!empty($dn_list[$rule['dnpipe']])) {
3127	628306af	Ermal	$config['filter']['rule'][$idx]['dnpipe'] = $dn_list[$rule['dnpipe']];
3128	751533a2	Phil Davis	}
3129	85a236e9	Ermal	}
3130			if (!empty($rule['pdnpipe'])) {
3131	751533a2	Phil Davis	if (!empty($dn_list[$rule['pdnpipe']])) {
3132	628306af	Ermal	$config['filter']['rule'][$idx]['pdnpipe'] = $dn_list[$rule['pdnpipe']];
3133	751533a2	Phil Davis	}
3134	85a236e9	Ermal	}
3135			}
3136			}
3137	7530177c	jim-p	function upgrade_087_to_088() {
3138			global $config;
3139			if (isset($config['system']['glxsb_enable'])) {
3140			unset($config['system']['glxsb_enable']);
3141			$config['system']['crypto_hardware'] = "glxsb";
3142			}
3143			}
3144	36f6ed35	bcyrill
3145			function upgrade_088_to_089() {
3146	2d563280	Renato Botelho	global $config;
3147	751533a2	Phil Davis	if (!is_array($config['ca'])) {
3148	2d563280	Renato Botelho	$config['ca'] = array();
3149	751533a2	Phil Davis	}
3150			if (!is_array($config['cert'])) {
3151	2d563280	Renato Botelho	$config['cert'] = array();
3152	751533a2	Phil Davis	}
3153	2d563280	Renato Botelho
3154	f416763b	Phil Davis	/* migrate captive portal ssl to certificate manager */
3155	2d563280	Renato Botelho	if (is_array($config['captiveportal'])) {
3156			foreach ($config['captiveportal'] as $id => &$setting) {
3157			if (isset($setting['httpslogin'])) {
3158			/* create cert entry */
3159			$cert = array();
3160			$cert['refid'] = uniqid();
3161			$cert['descr'] = "Captive Portal Cert - {$setting['zone']}";
3162			$cert['crt'] = $setting['certificate'];
3163			$cert['prv'] = $setting['private-key'];
3164
3165			if (!empty($setting['cacertificate'])) {
3166			/* create ca entry */
3167			$ca = array();
3168			$ca['refid'] = uniqid();
3169			$ca['descr'] = "Captive Portal CA - {$setting['zone']}";
3170			$ca['crt'] = $setting['cacertificate'];
3171			$config['ca'][] = $ca;
3172
3173			/* add ca reference to certificate */
3174			$cert['caref'] = $ca['refid'];
3175			}
3176
3177			$config['cert'][] = $cert;
3178
3179			/* create cert reference */
3180			$setting['certref'] = $cert['refid'];
3181
3182			unset($setting['certificate']);
3183			unset($setting['private-key']);
3184			unset($setting['cacertificate']);
3185
3186			}
3187			}
3188			}
3189	36f6ed35	bcyrill	}
3190	2d563280	Renato Botelho
3191	6e9b046e	jim-p	function upgrade_089_to_090() {
3192			global $config;
3193			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
3194			$vs_a = &$config['load_balancer']['virtual_server'];
3195			for ($i = 0; isset($vs_a[$i]); $i++) {
3196			if (is_array($vs_a[$i]['pool'])) {
3197			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'][0];
3198			unset($vs_a[$i]['pool']);
3199			} elseif (!empty($vs_a[$i]['pool'])) {
3200			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'];
3201			unset($vs_a[$i]['pool']);
3202			}
3203			}
3204			}
3205			}
3206	c9ba2f8a	Ermal
3207			function upgrade_090_to_091() {
3208			global $config;
3209
3210			if (is_array($config['dnshaper']) && is_array($config['dnshaper']['queue'])) {
3211			foreach ($config['dnshaper']['queue'] as $idx => $dnqueue) {
3212			if (!empty($dnqueue['bandwidth'])) {
3213			$bw = array();
3214			$bw['bw'] = $dnqueue['bandwidth'];
3215			$bw['bwscale'] = $dnqueue['bandwidthtype'];
3216			$bw['bwsched'] = "none";
3217			$config['dnshaper']['queue'][$idx]['bandwidth'] = array();
3218			$config['dnshaper']['queue'][$idx]['bandwidth']['item'] = array();
3219			$config['dnshaper']['queue'][$idx]['bandwidth']['item'][] = $bw;
3220			}
3221			}
3222			}
3223			}
3224	e99ba2d6	Renato Botelho
3225			function upgrade_091_to_092() {
3226			global $config;
3227
3228			if (is_array($config['nat']['advancedoutbound']) && is_array($config['nat']['advancedoutbound']['rule'])) {
3229			$nat_rules = &$config['nat']['advancedoutbound']['rule'];
3230			for ($i = 0; isset($nat_rules[$i]); $i++) {
3231			if (empty($nat_rules[$i]['interface'])) {
3232			$nat_rules[$i]['interface'] = 'wan';
3233			}
3234			}
3235			}
3236			}
3237	2d563280	Renato Botelho
3238	cba9d7d9	Renato Botelho	function upgrade_092_to_093() {
3239			global $g;
3240
3241			$suffixes = array("concurrent", "loggedin");
3242
3243	751533a2	Phil Davis	foreach ($suffixes as $suffix) {
3244			if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd")) {
3245	cba9d7d9	Renato Botelho	rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
3246			"{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
3247	751533a2	Phil Davis	}
3248			}
3249	cba9d7d9	Renato Botelho
3250	751533a2	Phil Davis	if (!platform_booting()) {
3251	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3252	751533a2	Phil Davis	}
3253	cba9d7d9	Renato Botelho	}
3254
3255	6015f75b	N0YB	function upgrade_093_to_094() {
3256			global $config;
3257
3258			if (isset($config['system']['powerd_mode'])) {
3259			$config['system']['powerd_ac_mode'] = $config['system']['powerd_mode'];
3260			$config['system']['powerd_battery_mode'] = $config['system']['powerd_mode'];
3261			unset($config['system']['powerd_mode']);
3262			}
3263			}
3264
3265	02203e6d	Renato Botelho	function upgrade_094_to_095() {
3266			global $config;
3267
3268	751533a2	Phil Davis	if (!isset($config['interfaces']) \|\| !is_array($config['interfaces'])) {
3269	02203e6d	Renato Botelho	return;
3270	751533a2	Phil Davis	}
3271	02203e6d	Renato Botelho
3272	751533a2	Phil Davis	foreach ($config['interfaces'] as $iface => $cfg) {
3273			if (isset($cfg['ipaddrv6']) && ($cfg['ipaddrv6'] == "track6")) {
3274			if (!isset($cfg['track6-prefix-id']) \|\| ($cfg['track6-prefix-id'] == "")) {
3275	02203e6d	Renato Botelho	$config['interfaces'][$iface]['track6-prefix-id'] = 0;
3276	751533a2	Phil Davis	}
3277			}
3278			}
3279	02203e6d	Renato Botelho	}
3280
3281	fa3b33a5	Renato Botelho	function upgrade_095_to_096() {
3282			global $config, $g;
3283
3284			$names = array("inpass", "outpass", "inblock", "outblock",
3285			"inpass6", "outpass6", "inblock6", "outblock6");
3286			$rrddbpath = "/var/db/rrd";
3287			$rrdtool = "/usr/local/bin/rrdtool";
3288
3289	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
3290	42ec9337	Renato Botelho	/* restore the databases, if we have one */
3291			if (restore_rrd()) {
3292			/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
3293	8560c756	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
3294	42ec9337	Renato Botelho	}
3295			}
3296
3297	fa3b33a5	Renato Botelho	/* Assume 210GigE for now /
3298			$stream = 2500000000;
3299
3300			/* build a list of traffic and packets databases */
3301			$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
3302			rsort($databases);
3303	751533a2	Phil Davis	foreach ($databases as $database) {
3304			if (platform_booting()) {
3305	fa3b33a5	Renato Botelho	echo "Update RRD database {$database}.\n";
3306	751533a2	Phil Davis	}
3307	fa3b33a5	Renato Botelho
3308			$cmd = "{$rrdtool} tune {$rrddbpath}/{$database}";
3309	751533a2	Phil Davis	foreach ($names as $name) {
3310	fa3b33a5	Renato Botelho	$cmd .= " -a {$name}:{$stream}";
3311	751533a2	Phil Davis	}
3312	fa3b33a5	Renato Botelho	mwexec("{$cmd} 2>&1");
3313
3314			}
3315	751533a2	Phil Davis	if (!platform_booting()) {
3316	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3317	751533a2	Phil Davis	}
3318	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
3319			/* The function will restore the rrd.tgz so we will save it after */
3320			exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
3321	fa3b33a5	Renato Botelho	}
3322
3323	1cf24f0a	jim-p	function upgrade_096_to_097() {
3324			global $config, $g;
3325			/* If the user had disabled default block rule logging before, then bogon/private network logging was already off, so respect their choice. */
3326			if (isset($config['syslog']['nologdefaultblock'])) {
3327			$config['syslog']['nologbogons'] = true;
3328			$config['syslog']['nologprivatenets'] = true;
3329			}
3330			}
3331	af0a477a	Renato Botelho
3332			function upgrade_097_to_098() {
3333			global $config, $g;
3334			/* Disable kill_states by default */
3335			$config['system']['kill_states'] = true;
3336			}
3337	67e5e3c6	Renato Botelho
3338			function upgrade_098_to_099() {
3339	a3cc1409	jim-p	global $config;
3340	759a6fcf	Ermal
3341	751533a2	Phil Davis	if (empty($config['dhcpd']) \|\| !is_array($config['dhcpd'])) {
3342	759a6fcf	Ermal	return;
3343	751533a2	Phil Davis	}
3344	759a6fcf	Ermal
3345	a3cc1409	jim-p	foreach ($config['dhcpd'] as & $dhcpifconf) {
3346			if (isset($dhcpifconf['next-server'])) {
3347			$dhcpifconf['nextserver'] = $dhcpifconf['next-server'];
3348	aa0753e3	jim-p	unset($dhcpifconf['next-server']);
3349	a3cc1409	jim-p	}
3350			}
3351			}
3352
3353			function upgrade_099_to_100() {
3354			require_once("/etc/inc/services.inc");
3355			install_cron_job("/usr/bin/nice -n20 newsyslog", false);
3356			}
3357
3358	20dad315	Ermal	function upgrade_100_to_101() {
3359			global $config, $g;
3360
3361	751533a2	Phil Davis	if (!is_array($config['voucher'])) {
3362	20dad315	Ermal	return;
3363	751533a2	Phil Davis	}
3364	20dad315	Ermal
3365			foreach ($config['voucher'] as $cpzone => $cp) {
3366	751533a2	Phil Davis	if (!is_array($cp['roll'])) {
3367	20dad315	Ermal	continue;
3368	751533a2	Phil Davis	}
3369	20dad315	Ermal	foreach ($cp['roll'] as $ridx => $rcfg) {
3370	751533a2	Phil Davis	if (!empty($rcfg['comment'])) {
3371	20dad315	Ermal	$config['voucher'][$cpzone]['roll'][$ridx]['descr'] = $rcfg['comment'];
3372	751533a2	Phil Davis	}
3373	20dad315	Ermal	}
3374			}
3375			}
3376
3377	eae91304	Ermal	function upgrade_101_to_102() {
3378	67e5e3c6	Renato Botelho	global $config, $g;
3379
3380	ee34e137	Phil Davis	if (is_array($config['captiveportal'])) {
3381			foreach ($config['captiveportal'] as $cpzone => $cp) {
3382	751533a2	Phil Davis	if (!is_array($cp['passthrumac'])) {
3383	ee34e137	Phil Davis	continue;
3384	751533a2	Phil Davis	}
3385	67e5e3c6	Renato Botelho
3386	751533a2	Phil Davis	foreach ($cp['passthrumac'] as $idx => $passthrumac) {
3387	ee34e137	Phil Davis	$config['captiveportal'][$cpzone]['passthrumac'][$idx]['action'] = 'pass';
3388	751533a2	Phil Davis	}
3389	ee34e137	Phil Davis	}
3390	67e5e3c6	Renato Botelho	}
3391	edba1982	jim-p
3392	eae91304	Ermal	/* Convert OpenVPN Compression option to the new style */
3393	edba1982	jim-p	// Nothing to do if there is no OpenVPN tag
3394	ee34e137	Phil Davis	if (isset($config['openvpn']) && is_array($config['openvpn'])) {
3395			if (is_array($config['openvpn']['openvpn-server'])) {
3396			foreach ($config['openvpn']['openvpn-server'] as &$vpn) {
3397	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3398	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3399	751533a2	Phil Davis	}
3400	ee34e137	Phil Davis	}
3401	edba1982	jim-p	}
3402	ee34e137	Phil Davis	if (is_array($config['openvpn']['openvpn-client'])) {
3403			foreach ($config['openvpn']['openvpn-client'] as &$vpn) {
3404	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3405	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3406	751533a2	Phil Davis	}
3407	ee34e137	Phil Davis	}
3408	edba1982	jim-p	}
3409			}
3410			}
3411	eef01b14	Renato Botelho
3412			function upgrade_102_to_103() {
3413			global $config;
3414
3415			if (isset($config['nat']['advancedoutbound']['enable'])) {
3416			$config['nat']['advancedoutbound']['mode'] = "advanced";
3417			unset($config['nat']['advancedoutbound']['enable']);
3418	751533a2	Phil Davis	} else {
3419	eef01b14	Renato Botelho	$config['nat']['advancedoutbound']['mode'] = "automatic";
3420	751533a2	Phil Davis	}
3421	eef01b14	Renato Botelho
3422			$config['nat']['outbound'] = $config['nat']['advancedoutbound'];
3423
3424	fa6e5ba5	Phil Davis	if (isset($config['nat']['ipsecpassthru'])) {
3425			unset($config['nat']['ipsecpassthru']);
3426			}
3427			if (isset($config['nat']['advancedoutbound'])) {
3428			unset($config['nat']['advancedoutbound']);
3429			}
3430	eef01b14	Renato Botelho	}
3431
3432	7997ed44	Renato Botelho	function upgrade_103_to_104() {
3433			global $config;
3434
3435			$changed_privs = array(
3436			"page-diag-system-activity" => "page-diagnostics-system-activity",
3437			"page-interfacess-groups" => "page-interfaces-groups",
3438			"page-interfacess-lagg" => "page-interfaces-lagg",
3439			"page-interfacess-qinq" => "page-interfaces-qinq"
3440			);
3441
3442			/* update user privileges */
3443			foreach ($config['system']['user'] as & $user) {
3444	751533a2	Phil Davis	if (!is_array($user['priv'])) {
3445	7997ed44	Renato Botelho	continue;
3446	751533a2	Phil Davis	}
3447	7997ed44	Renato Botelho	foreach ($user['priv'] as & $priv) {
3448	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3449	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3450	751533a2	Phil Davis	}
3451	7997ed44	Renato Botelho	}
3452			}
3453
3454			/* update group privileges */
3455			foreach ($config['system']['group'] as & $group) {
3456	751533a2	Phil Davis	if (!is_array($group['priv'])) {
3457	7997ed44	Renato Botelho	continue;
3458	751533a2	Phil Davis	}
3459	7997ed44	Renato Botelho	foreach ($group['priv'] as & $priv) {
3460	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3461	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3462	751533a2	Phil Davis	}
3463	7997ed44	Renato Botelho	}
3464			}
3465
3466			/* sync all local account information */
3467			local_sync_accounts();
3468			}
3469
3470	0a806969	Ermal	function upgrade_104_to_105() {
3471			global $config;
3472
3473			if (is_array($config['captiveportal'])) {
3474			$zoneid = 2;
3475			foreach ($config['captiveportal'] as $cpzone => $cpcfg) {
3476	55fae310	Phil Davis	if (empty($cpcfg['zoneid'])) {
3477	0a806969	Ermal	$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3478			$zoneid += 2;
3479			} else if ($cpcfg['zoneid'] > 4000) {
3480			$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3481			$zoneid += 2;
3482			}
3483			}
3484			}
3485			}
3486
3487	e7d35d84	Ermal	function upgrade_105_to_106() {
3488
3489	6f55af1c	Ermal	/* NOTE: This entry can be reused for something else since the upgrade code was reverted */
3490	e7d35d84	Ermal	}
3491
3492	31dce430	Ermal	function upgrade_106_to_107() {
3493			global $config;
3494
3495			if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
3496			$tracker = (int)microtime(true);
3497			foreach ($config['filter']['rule'] as $ridx => $rule) {
3498			if (empty($rule['tracker'])) {
3499			$config['filter']['rule'][$ridx]['tracker'] = $tracker;
3500			$tracker++;
3501			}
3502			}
3503			unset($tracker, $ridx);
3504			}
3505			if (is_array($config['nat']) && is_array($config['nat']['rule'])) {
3506			$tracker = (int)microtime(true);
3507			foreach ($config['nat']['rule'] as $ridx => $rule) {
3508			if (empty($rule['tracker'])) {
3509			$config['nat']['rule'][$ridx]['tracker'] = $tracker;
3510			$tracker++;
3511			}
3512			}
3513			unset($tracker, $ridx);
3514			}
3515			}
3516
3517	08f30320	Renato Botelho	function upgrade_107_to_108() {
3518			global $config;
3519
3520	751533a2	Phil Davis	if (isset($config['system']['webgui']['noautocomplete'])) {
3521	08f30320	Renato Botelho	unset($config['system']['webgui']['noautocomplete']);
3522	751533a2	Phil Davis	} else {
3523	08f30320	Renato Botelho	$config['system']['webgui']['loginautocomplete'] = true;
3524	751533a2	Phil Davis	}
3525	08f30320	Renato Botelho	}
3526
3527	c15b5ed8	Renato Botelho	function upgrade_108_to_109() {
3528			global $config;
3529
3530	751533a2	Phil Davis	if (!isset($config['filter']['rule']) \|\| !is_array($config['filter']['rule'])) {
3531	c15b5ed8	Renato Botelho	return;
3532	751533a2	Phil Davis	}
3533	c15b5ed8	Renato Botelho
3534			foreach ($config['filter']['rule'] as &$rule) {
3535	751533a2	Phil Davis	if (!isset($rule['dscp']) \|\| empty($rule['dscp'])) {
3536	c15b5ed8	Renato Botelho	continue;
3537	751533a2	Phil Davis	}
3538	c15b5ed8	Renato Botelho
3539			$pos = strpos($rule['dscp'], ' ');
3540	751533a2	Phil Davis	if ($pos !== false) {
3541	c15b5ed8	Renato Botelho	$rule['dscp'] = substr($rule['dscp'], 0, $pos);
3542	751533a2	Phil Davis	}
3543	c15b5ed8	Renato Botelho	unset($pos);
3544			}
3545			}
3546
3547	9b915686	Ermal	function upgrade_109_to_110() {
3548			global $config;
3549
3550	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3551	9b915686	Ermal	return;
3552	751533a2	Phil Davis	}
3553	9b915686	Ermal
3554			foreach ($config['ipsec']['phase2'] as &$rule) {
3555	751533a2	Phil Davis	if (!empty($rule['uniqid'])) {
3556	9b915686	Ermal	continue;
3557	751533a2	Phil Davis	}
3558	9b915686	Ermal
3559			$rule['uniqid'] = uniqid();
3560			}
3561			}
3562
3563	3f257101	Renato Botelho	function upgrade_110_to_111() {
3564			global $config;
3565
3566	bdbb4dba	Renato Botelho	/* Make sure unbound user exist */
3567			mwexec('/usr/sbin/pw groupadd -n unbound -g 59', true);
3568			mwexec('/usr/sbin/pw useradd -n unbound -c "Unbound DNS Resolver" -d /var/unbound -s /usr/sbin/nologin -u 59 -g 59', true);
3569
3570	c11b7ffe	Renato Botelho	/* cleanup old unbound package stuffs */
3571			unlink_if_exists("/usr/local/pkg/unbound.xml");
3572			unlink_if_exists("/usr/local/pkg/unbound.inc");
3573			unlink_if_exists("/usr/local/pkg/unbound_advanced.xml");
3574			unlink_if_exists("/usr/local/www/unbound_status.php");
3575			unlink_if_exists("/usr/local/www/unbound_acls.php");
3576			unlink_if_exists("/usr/local/bin/unbound_monitor.sh");
3577	b4db2d0e	Renato Botelho	unlink_if_exists("/usr/local/etc/rc.d/unbound.sh");
3578	c11b7ffe	Renato Botelho
3579			/* Remove old menu and service entries */
3580			if (isset($config['installedpackages']['menu']) && is_array($config['installedpackages']['menu'])) {
3581			foreach ($config['installedpackages']['menu'] as $idx => $menu) {
3582	751533a2	Phil Davis	if ($menu['name'] != 'Unbound DNS') {
3583	c11b7ffe	Renato Botelho	continue;
3584	751533a2	Phil Davis	}
3585	c11b7ffe	Renato Botelho
3586			unset($config['installedpackages']['menu'][$idx]);
3587			break;
3588			}
3589			}
3590
3591			if (isset($config['installedpackages']['service']) && is_array($config['installedpackages']['service'])) {
3592			foreach ($config['installedpackages']['service'] as $idx => $service) {
3593	751533a2	Phil Davis	if ($service['name'] != 'unbound') {
3594	c11b7ffe	Renato Botelho	continue;
3595	751533a2	Phil Davis	}
3596	c11b7ffe	Renato Botelho	unset($config['installedpackages']['service'][$idx]);
3597			break;
3598			}
3599			}
3600
3601	751533a2	Phil Davis	if (!isset($config['installedpackages']['unbound']['config'][0])) {
3602	3f257101	Renato Botelho	return;
3603	751533a2	Phil Davis	}
3604	3f257101	Renato Botelho
3605			$pkg = $config['installedpackages']['unbound']['config'][0];
3606
3607	751533a2	Phil Davis	if (isset($config['installedpackages']['unboundadvanced']['config'][0])) {
3608	3f257101	Renato Botelho	$pkg = array_merge($pkg, $config['installedpackages']['unboundadvanced']['config'][0]);
3609	751533a2	Phil Davis	}
3610	3f257101	Renato Botelho
3611			$new = array();
3612
3613			/* deal first with boolean fields */
3614			$fields = array(
3615			"enable" => "enable",
3616			"dnssec_status" => "dnssec",
3617			"forwarding_mode" => "forwarding",
3618			"regdhcp" => "regdhcp",
3619			"regdhcpstatic" => "regdhcpstatic",
3620			"txtsupport" => "txtsupport",
3621			"hide_id" => "hideidentity",
3622			"hide_version" => "hideversion",
3623			"prefetch" => "prefetch",
3624			"prefetch_key" => "prefetchkey",
3625			"harden_glue" => "hardenglue",
3626			"harden_dnssec_stripped" => "dnssec_stripped");
3627
3628			foreach ($fields as $oldk => $newk) {
3629			if (isset($pkg[$oldk])) {
3630	751533a2	Phil Davis	if ($pkg[$oldk] == 'on') {
3631	3f257101	Renato Botelho	$new[$newk] = true;
3632	751533a2	Phil Davis	}
3633	3f257101	Renato Botelho	unset($pkg[$oldk]);
3634			}
3635			}
3636
3637			$fields = array(
3638			"active_interface" => "network_interface",
3639			"query_interface" => "outgoing_interface",
3640			"unbound_verbosity" => "log_verbosity",
3641			"msg_cache_size" => "msgcachesize",
3642			"outgoing_num_tcp" => "outgoing_num_tcp",
3643			"incoming_num_tcp" => "incoming_num_tcp",
3644			"edns_buffer_size" => "edns_buffer_size",
3645			"num_queries_per_thread" => "num_queries_per_thread",
3646			"jostle_timeout" => "jostle_timeout",
3647			"cache_max_ttl" => "cache_max_ttl",
3648			"cache_min_ttl" => "cache_min_ttl",
3649			"infra_host_ttl" => "infra_host_ttl",
3650			"infra_cache_numhosts" => "infra_cache_numhosts",
3651			"unwanted_reply_threshold" => "unwanted_reply_threshold",
3652			"custom_options" => "custom_options");
3653
3654			foreach ($fields as $oldk => $newk) {
3655			if (isset($pkg[$oldk])) {
3656			$new[$newk] = $pkg[$oldk];
3657			unset($pkg[$oldk]);
3658			}
3659			}
3660
3661	751533a2	Phil Davis	if (isset($new['custom_options']) && !empty($new['custom_options'])) {
3662	fbf3d06e	Renato Botelho	$new['custom_options'] = str_replace("\r\n", "\n", $new['custom_options']);
3663	751533a2	Phil Davis	}
3664	c23f4d8f	Renato Botelho
3665	3f257101	Renato Botelho	/* Following options were removed, bring them as custom_options */
3666			if (isset($pkg['stats']) && $pkg['stats'] == "on") {
3667	751533a2	Phil Davis	if (isset($pkg['stats_interval'])) {
3668	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-interval: {$pkg['stats_interval']}";
3669	751533a2	Phil Davis	}
3670			if (isset($pkg['cumulative_stats'])) {
3671	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-cumulative: {$pkg['cumulative_stats']}";
3672	751533a2	Phil Davis	}
3673			if (isset($pkg['extended_stats']) && $pkg['extended_stats'] == "on") {
3674	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: yes";
3675	751533a2	Phil Davis	} else {
3676	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: no";
3677	751533a2	Phil Davis	}
3678	3f257101	Renato Botelho	}
3679
3680			$new['acls'] = array();
3681			if (isset($config['installedpackages']['unboundacls']['config']) &&
3682			is_array($config['installedpackages']['unboundacls']['config'])) {
3683	751533a2	Phil Davis	foreach ($config['installedpackages']['unboundacls']['config'] as $acl) {
3684	3f257101	Renato Botelho	$new['acls'][] = $acl;
3685	751533a2	Phil Davis	}
3686	3f257101	Renato Botelho	}
3687
3688			$config['unbound'] = $new;
3689
3690	751533a2	Phil Davis	if (isset($config['installedpackages']['unbound'])) {
3691	3f257101	Renato Botelho	unset($config['installedpackages']['unbound']);
3692	751533a2	Phil Davis	}
3693			if (isset($config['installedpackages']['unboundadvanced'])) {
3694	3f257101	Renato Botelho	unset($config['installedpackages']['unboundadvanced']);
3695	751533a2	Phil Davis	}
3696			if (isset($config['installedpackages']['unboundacls'])) {
3697	3f257101	Renato Botelho	unset($config['installedpackages']['unboundacls']);
3698	751533a2	Phil Davis	}
3699	3f257101	Renato Botelho
3700			unset($pkg, $new);
3701			}
3702
3703	b0885c5a	Renato Botelho	function upgrade_111_to_112() {
3704			global $config;
3705
3706			$config['cron']['item'][] = array(
3707			'minute' => '*/60',
3708			'hour' => '*',
3709			'mday' => '*',
3710			'month' => '*',
3711			'wday' => '*',
3712			'who' => 'root',
3713			'command' => '/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout'
3714			);
3715			}
3716
3717	ccf30846	Renato Botelho	function upgrade_112_to_113() {
3718			global $config;
3719
3720	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['ssl'])) {
3721			if ($config['notifications']['smtp']['ssl'] == "checked") {
3722			$config['notifications']['smtp']['ssl'] = true;
3723			} else {
3724			unset($config['notifications']['smtp']['ssl']);
3725			}
3726	751533a2	Phil Davis	}
3727	ccf30846	Renato Botelho
3728	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['tls'])) {
3729			if ($config['notifications']['smtp']['tls'] == "checked") {
3730			$config['notifications']['smtp']['tls'] = true;
3731			} else {
3732			unset($config['notifications']['smtp']['tls']);
3733			}
3734	751533a2	Phil Davis	}
3735	ccf30846	Renato Botelho	}
3736
3737	368d4910	Renato Botelho	function upgrade_113_to_114() {
3738			global $config;
3739
3740			if (!isset($config['ipsec']['phase1']) \|\|
3741	751533a2	Phil Davis	!is_array($config['ipsec']['phase1'])) {
3742	368d4910	Renato Botelho	return;
3743	751533a2	Phil Davis	}
3744	368d4910	Renato Botelho
3745	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as &$ph1ent) {
3746			if (!isset($ph1ent['iketype'])) {
3747	368d4910	Renato Botelho	$ph1ent['iketype'] = 'ikev1';
3748	751533a2	Phil Davis	}
3749			}
3750	368d4910	Renato Botelho	}
3751
3752	cfb5073f	Renato Botelho	function upgrade_114_to_115() {
3753			global $config;
3754
3755	751533a2	Phil Davis	if (isset($config['unbound']['custom_options'])) {
3756	cfb5073f	Renato Botelho	$config['unbound']['custom_options'] = base64_encode($config['unbound']['custom_options']);
3757	751533a2	Phil Davis	}
3758	cfb5073f	Renato Botelho	}
3759
3760	1fe208ec	Ermal LUÇI	function upgrade_115_to_116() {
3761			global $config;
3762
3763	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3764			return;
3765			}
3766	1fe208ec	Ermal LUÇI
3767	751533a2	Phil Davis	$keyid = 1;
3768			foreach ($config['ipsec']['phase2'] as $idx => $ph2) {
3769			$config['ipsec']['phase2'][$idx]['reqid'] = $keyid;
3770	1fe208ec	Ermal LUÇI	$keyid++;
3771			}
3772			}
3773
3774	b997da8b	xbipin	function upgrade_116_to_117() {
3775	751533a2	Phil Davis	global $config;
3776	b997da8b	xbipin
3777	877740ee	Renato Botelho	if (!isset($config['ipsec']['client']) \|\|
3778			!isset($config['ipsec']['client']['dns_split']) \|\|
3779			empty($config['ipsec']['client']['dns_split'])) {
3780			return;
3781			}
3782
3783			$config['ipsec']['client']['dns_split'] =
3784			preg_replace('/\s,\s/', ' ', trim($config['ipsec']['client']['dns_split']));
3785	74eaabbb	Ermal LUÇI
3786	877740ee	Renato Botelho	}
3787
3788			function upgrade_117_to_118() {
3789			global $config;
3790
3791	564f1356	Phil Davis	// Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them.
3792			if (isset($config['system']['ca'])) {
3793			unset($config['system']['ca']);
3794			}
3795			if (isset($config['system']['cert'])) {
3796			unset($config['system']['cert']);
3797			}
3798
3799	faaab088	Renato Botelho	if (!isset($config['ipsec']['phase1'])) {
3800			return;
3801			}
3802
3803			$a_phase1 =& $config['ipsec']['phase1'];
3804
3805			foreach ($a_phase1 as &$ph1_entry) {
3806	6990ad35	Phil Davis	// update asn1dn strings from racoon's format to strongswan's
3807	faaab088	Renato Botelho	if (isset($ph1_entry['myid_type']) && $ph1_entry['myid_type'] == 'asn1dn') {
3808			$ph1_entry['myid_data'] =
3809			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['myid_data']);
3810			}
3811			if (isset($ph1_entry['peerid_type']) && $ph1_entry['peerid_type'] == 'asn1dn') {
3812			$ph1_entry['peerid_data'] =
3813			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['peerid_data']);
3814			}
3815			}
3816			}
3817
3818			function upgrade_118_to_119() {
3819			global $config;
3820
3821	2da055f0	Chris Buechler	if (!isset($config['ipsec']['phase1'])) {
3822			return;
3823			}
3824
3825	8691632c	Chris Buechler	// change peerid_type to 'any' for EAP types to retain previous behavior of omitting rightid
3826			$a_phase1 =& $config['ipsec']['phase1'];
3827
3828			foreach ($a_phase1 as &$ph1_entry) {
3829			if (strstr($ph1_entry['authentication_method'], 'eap')) {
3830	6990ad35	Phil Davis	$ph1_entry['peerid_type'] = "any";
3831	8691632c	Chris Buechler	}
3832			}
3833			}
3834
3835			function upgrade_119_to_120() {
3836	5d714d9c	jim-p	require_once("ipsec.inc");
3837	c53e411f	Matt Smith	global $config, $ipsec_log_cats;
3838
3839			if (!is_array($config['ipsec'])) {
3840			return;
3841			}
3842
3843			// add 1 to configured log levels as part of redmine #5340
3844			foreach ($ipsec_log_cats as $lkey => $ldescr) {
3845			if (isset($config['ipsec']["ipsec_{$lkey}"])) {
3846			$config['ipsec']["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"] + 1;
3847			}
3848			}
3849
3850			}
3851
3852
3853			function upgrade_120_to_121() {
3854	8691632c	Chris Buechler	global $config;
3855
3856	751533a2	Phil Davis	if (!isset($config['installedpackages']['miniupnpd']['config'][0])) {
3857	ee874f47	xbipin	return;
3858	751533a2	Phil Davis	}
3859	b997da8b	xbipin
3860	ee874f47	xbipin	$miniupnpd =& $config['installedpackages']['miniupnpd']['config'][0];
3861	b997da8b	xbipin
3862	ee874f47	xbipin	$miniupnpd['row'] = array();
3863	b997da8b	xbipin
3864	ee874f47	xbipin	for ($i = 1; $i <= 4; $i++) {
3865	751533a2	Phil Davis	if (isset($miniupnpd["permuser{$i}"]) && !empty($miniupnpd["permuser{$i}"])) {
3866	ee874f47	xbipin	$miniupnpd['row'][] = array('permuser' => $miniupnpd["permuser{$i}"]);
3867	751533a2	Phil Davis	}
3868	ee874f47	xbipin	unset($miniupnpd["permuser{$i}"]);
3869			}
3870	b997da8b	xbipin	}
3871	751533a2	Phil Davis
3872	c53e411f	Matt Smith	function upgrade_121_to_122() {
3873	8e717058	Jim Thompson	global $config;
3874			foreach ($config['system']['user'] as &$user) {
3875			if (isset($user['nt-hash'])) {
3876			unset($user['nt-hash']);
3877			}
3878			}
3879			}
3880
3881	c53e411f	Matt Smith	function upgrade_122_to_123() {
3882	c9d46a8e	Renato Botelho	global $config;
3883
3884			// PPTP server was removed
3885			if (isset($config['pptpd'])) {
3886			unset($config['pptpd']);
3887			}
3888
3889			// Cleanup firewall rules
3890			if (isset($config['filter']['rule']) && is_array($config['filter']['rule'])) {
3891	2975a608	Renato Botelho	$rules =& $config['filter']['rule'];
3892	c9d46a8e	Renato Botelho	$last_rule = count($rules) - 1;
3893			// Process in reverse order to be able to unset items
3894			for ($i = $last_rule; $i >= 0; $i--) {
3895	2975a608	Renato Botelho	if (isset($rules[$i]['interface']) && $rules[$i]['interface'] == 'pptp') {
3896			unset($config['filter']['rule'][$i]);
3897	c9d46a8e	Renato Botelho	continue;
3898			}
3899	2975a608	Renato Botelho	if (isset($rules[$i]['source']['network']) && $rules[$i]['source']['network'] == 'pptp') {
3900			unset($config['filter']['rule'][$i]);
3901	c9d46a8e	Renato Botelho	continue;
3902			}
3903	2975a608	Renato Botelho	if (isset($rules[$i]['destination']['network']) && $rules[$i]['destination']['network'] == 'pptp') {
3904			unset($config['filter']['rule'][$i]);
3905	c9d46a8e	Renato Botelho	continue;
3906			}
3907			}
3908			}
3909
3910			// Cleanup 1:1 NAT rules
3911			if (isset($config['nat']['onetoone']) && is_array($config['nat']['onetoone'])) {
3912			$onetoone =& $config['nat']['onetoone'];
3913	2975a608	Renato Botelho	$last_rule = count($onetoone) - 1;
3914	c9d46a8e	Renato Botelho	// Process in reverse order to be able to unset items
3915			for ($i = $last_rule; $i >= 0; $i--) {
3916	2975a608	Renato Botelho	if (isset($onetoone[$i]['interface']) && $onetoone[$i]['interface'] == 'pptp') {
3917			unset($config['nat']['onetoone'][$i]);
3918	c9d46a8e	Renato Botelho	continue;
3919			}
3920	2975a608	Renato Botelho	if (isset($onetoone[$i]['source']['network']) && $onetoone[$i]['source']['network'] == 'pptp') {
3921			unset($config['nat']['onetoone'][$i]);
3922	c9d46a8e	Renato Botelho	continue;
3923			}
3924	2975a608	Renato Botelho	if (isset($onetoone[$i]['destination']['network']) && $onetoone[$i]['destination']['network'] == 'pptp') {
3925			unset($config['nat']['onetoone'][$i]);
3926	c9d46a8e	Renato Botelho	continue;
3927			}
3928			}
3929			}
3930
3931			// Cleanup npt NAT rules
3932			if (isset($config['nat']['npt']) && is_array($config['nat']['npt'])) {
3933			$npt =& $config['nat']['npt'];
3934			$last_rule = count($npt) - 1;
3935			// Process in reverse order to be able to unset items
3936			for ($i = $last_rule; $i >= 0; $i--) {
3937	2975a608	Renato Botelho	if (isset($npt[$i]['interface']) && $npt[$i]['interface'] == 'pptp') {
3938			unset($config['nat']['npt'][$i]);
3939	c9d46a8e	Renato Botelho	continue;
3940			}
3941			}
3942			}
3943
3944			// Cleanup Port-forward NAT rules
3945			if (isset($config['nat']['rule']) && is_array($config['nat']['rule'])) {
3946	2975a608	Renato Botelho	$nat_rules =& $config['nat']['rule'];
3947	c9d46a8e	Renato Botelho	$last_rule = count($nat_rules) - 1;
3948			// Process in reverse order to be able to unset items
3949			for ($i = $last_rule; $i >= 0; $i--) {
3950	2975a608	Renato Botelho	if (isset($nat_rules[$i]['interface']) && $nat_rules[$i]['interface'] == 'pptp') {
3951			unset($config['nat']['rule'][$i]);
3952	c9d46a8e	Renato Botelho	continue;
3953			}
3954	2975a608	Renato Botelho	if (isset($nat_rules[$i]['source']['network']) && $nat_rules[$i]['source']['network'] == 'pptp') {
3955			unset($config['nat']['rule'][$i]);
3956	c9d46a8e	Renato Botelho	continue;
3957			}
3958	2975a608	Renato Botelho	if (isset($nat_rules[$i]['destination']['network']) && $nat_rules[$i]['destination']['network'] == 'pptp') {
3959			unset($config['nat']['rule'][$i]);
3960	c9d46a8e	Renato Botelho	continue;
3961			}
3962			}
3963			}
3964
3965			// Cleanup Port-forward NAT rules
3966			if (isset($config['nat']['outbound']['rule']) && is_array($config['nat']['outbound']['rule'])) {
3967	2975a608	Renato Botelho	$out_rules =& $config['nat']['outbound']['rule'];
3968	c9d46a8e	Renato Botelho	$last_rule = count($out_rules) - 1;
3969			// Process in reverse order to be able to unset items
3970			for ($i = $last_rule; $i >= 0; $i--) {
3971	2975a608	Renato Botelho	if (isset($out_rules[$i]['interface']) && $out_rules[$i]['interface'] == 'pptp') {
3972			unset($config['nat']['outbound']['rule'][$i]);
3973	c9d46a8e	Renato Botelho	continue;
3974			}
3975			}
3976			}
3977			}
3978
3979	c53e411f	Matt Smith	function upgrade_123_to_124() {
3980	0cdb94e1	Renato Botelho	if (isset($config['system']['altpkgrepo'])) {
3981			unset($config['system']['altpkgrepo']);
3982			}
3983	cf093b35	Renato Botelho
3984			if (isset($config['theme'])) {
3985			unset($config['theme']);
3986			}
3987	0cdb94e1	Renato Botelho	}
3988
3989	c53e411f	Matt Smith	function upgrade_124_to_125() {
3990	b061a3c6	Matt Smith	global $config;
3991
3992			/* Find interfaces with WEP configured. */
3993			foreach ($config['interfaces'] as $ifname => $intf) {
3994			if (!is_array($intf['wireless'])) {
3995			continue;
3996			}
3997
3998			/* Generate a notice, disable interface, remove WEP settings */
3999			if (isset($intf['wireless']['wep']['enable'])) {
4000	5679253c	Renato Botelho	if (!function_exists("file_notice")) {
4001			require_once("notices.inc");
4002			}
4003	b061a3c6	Matt Smith	file_notice("WirelessSettings", "WEP is no longer supported. It will be disabled on the {$ifname} interface and the interface will be disabled. Please reconfigure the interface.");
4004	b37b4034	Phil Davis	unset($config['interfaces'][$ifname]['wireless']['wep']);
4005	b061a3c6	Matt Smith	if (isset($intf['enable'])) {
4006			unset($config['interfaces'][$ifname]['enable']);
4007			}
4008			}
4009			}
4010			}
4011	b37b4034	Phil Davis
4012	c53e411f	Matt Smith	function upgrade_125_to_126() {
4013	4df73fa0	Matt Smith	require_once("ipsec.inc");
4014	c53e411f	Matt Smith	global $config, $ipsec_log_cats, $ipsec_log_sevs;
4015
4016			$def_loglevel = 1;
4017			if (!is_array($config['ipsec'])) {
4018			return;
4019			}
4020
4021			if (!isset($config['ipsec']['logging']) \|\| !is_array($config['ipsec']['logging'])) {
4022			$config['ipsec']['logging'] = array();
4023			}
4024
4025			/* subtract 2 from ipsec log levels. the value stored in the config.xml
4026			* will now match the strongswan level exactly.
4027			*/
4028	4e322e2c	Phil Davis	foreach (array_keys($ipsec_log_cats) as $cat) {
4029	c53e411f	Matt Smith	if (!isset($config['ipsec']["ipsec_{$cat}"])) {
4030			$new_level = $def_loglevel;
4031			} else {
4032			$new_level = intval($config['ipsec']["ipsec_{$cat}"]) - 2;
4033			}
4034
4035			if (in_array($new_level, array_keys($ipsec_log_sevs))) {
4036			$config['ipsec']['logging'][$cat] = $new_level;
4037			} else {
4038			$config['ipsec']['logging'][$cat] = $def_loglevel;
4039			}
4040			unset($config['ipsec']["ipsec_{$cat}"]);
4041			}
4042			}
4043
4044	1fd9322b	Stephen Beaver	// prior to v2.3 <widgets><sequence> contains a list of widgets with display types:
4045			// none, close, hide, & show
4046			// v2.3 & later uses:
4047			// close & open
4048			// widgets not in use are simply not in the list
4049			function upgrade_126_to_127() {
4050			global $config;
4051
4052			if (!isset($config['widgets']['sequence'])) {
4053			return;
4054			}
4055
4056			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4057			$new_widgets = array();
4058
4059			foreach ($cur_widgets as $widget) {
4060			list($file, $col, $display) = explode(':', $widget);
4061
4062			switch ($display) {
4063	153e3ac2	Stephen Beaver	case 'hide':
4064			$display = 'close';
4065			break;
4066			case 'show':
4067			$display = 'open';
4068			break;
4069	c8b0a653	Stephen Beaver	case 'open':
4070			break;
4071	153e3ac2	Stephen Beaver	default:
4072			continue 2;
4073	1fd9322b	Stephen Beaver	}
4074
4075			/* Remove '-container' from widget name */
4076			$file = preg_replace('/-container$/', '', $file);
4077
4078			$new_widgets[] = "{$file}:{$col}:{$display}";
4079			}
4080
4081			$config['widgets']['sequence'] = implode(',', $new_widgets);
4082
4083			}
4084	b061a3c6	Matt Smith
4085	2073c2d5	Phil Davis	function upgrade_127_to_128() {
4086			global $config;
4087
4088			// If bindip is not already specified then migrate the old SNMP bindlan flag to a bindip setting
4089			if (isset($config['snmpd']['bindlan'])) {
4090			if (!isset($config['snmpd']['bindip'])) {
4091			$config['snmpd']['bindip'] = 'lan';
4092			}
4093			unset($config['snmpd']['bindlan']);
4094			}
4095			}
4096
4097	da6f8482	Renato Botelho	function upgrade_128_to_129() {
4098			global $config;
4099
4100			/* net.inet.ip.fastforwarding does not exist in 2.3. */
4101	5540759e	Renato Botelho	if (!isset($config['sysctl']['item']) \|\|
4102			!is_array($config['sysctl']['item'])) {
4103			return;
4104			}
4105
4106			foreach ($config['sysctl']['item'] as $idx => $sysctl) {
4107			if ($sysctl['tunable'] == "net.inet.ip.fastforwarding") {
4108			unset($config['sysctl']['item'][$idx]);
4109	da6f8482	Renato Botelho	}
4110	c71d37a7	Chris Buechler	if ($sysctl['tunable'] == "net.inet.ipsec.debug") {
4111			$config['sysctl']['item'][$idx]['value'] = "0";
4112			}
4113	da6f8482	Renato Botelho	}
4114	efef9c1b	Renato Botelho
4115			/* IPSEC is always on in 2.3. */
4116	4e322e2c	Phil Davis	if (isset($config['ipsec']['enable'])) {
4117	efef9c1b	Renato Botelho	unset($config['ipsec']['enable']);
4118	33baf237	Renato Botelho	} else if (is_array($config['ipsec']['phase1'])) {
4119			/*
4120			* If IPsec was globally disabled, disable all
4121			* phase1 entries
4122			*/
4123			foreach ($config['ipsec']['phase1'] as $idx => $p1) {
4124			$config['ipsec']['phase1'][$idx]['disabled'] = true;
4125			}
4126	4e322e2c	Phil Davis	}
4127	da6f8482	Renato Botelho	}
4128
4129	9555dd35	jim-p	function upgrade_129_to_130() {
4130			global $config;
4131
4132			/* Change OpenVPN topology_subnet checkbox into topology multi-select #5526 */
4133			if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
4134			foreach ($config['openvpn']['openvpn-server'] as & $serversettings) {
4135			if (isset($serversettings['topology_subnet'])) {
4136			unset($serversettings['topology_subnet']);
4137			$serversettings['topology'] = "subnet";
4138			} else {
4139			$serversettings['topology'] = "net30";
4140			}
4141			}
4142			}
4143			}
4144
4145	b1c2bb34	Renato Botelho	function upgrade_130_to_131() {
4146			global $config;
4147
4148			if (isset($config['syslog']['apinger'])) {
4149			$config['syslog']['dpinger'] = true;
4150			unset($config['syslog']['apinger']);
4151			}
4152
4153			if (isset($config['system']['apinger_debug'])) {
4154			unset($config['system']['apinger_debug']);
4155			}
4156
4157			if (!isset($config['gateways']['gateway_item']) \|\|
4158			!is_array($config['gateways']['gateway_item'])) {
4159			return;
4160			}
4161
4162			foreach ($config['gateways']['gateway_item'] as &$gw) {
4163			// dpinger uses milliseconds
4164			if (isset($gw['interval']) &&
4165			is_numeric($gw['interval'])) {
4166			$gw['interval'] = $gw['interval'] * 1000;
4167			}
4168			if (isset($gw['down']) &&
4169			is_numeric($gw['down'])) {
4170			$gw['loss_interval'] = $gw['down'] * 1000;
4171			unset($gw['down']);
4172			}
4173
4174			if (isset($gw['avg_delay_samples'])) {
4175			unset($gw['avg_delay_samples']);
4176			}
4177			if (isset($gw['avg_delay_samples_calculated'])) {
4178			unset($gw['avg_delay_samples_calculated']);
4179			}
4180			if (isset($gw['avg_loss_samples'])) {
4181			unset($gw['avg_loss_samples']);
4182			}
4183			if (isset($gw['avg_loss_samples_calculated'])) {
4184			unset($gw['avg_loss_samples_calculated']);
4185			}
4186	20c5b5ee	Phil Davis	if (isset($gw['avg_loss_delay_samples'])) {
4187			unset($gw['avg_loss_delay_samples']);
4188	b1c2bb34	Renato Botelho	}
4189	20c5b5ee	Phil Davis	if (isset($gw['avg_loss_delay_samples_calculated'])) {
4190			unset($gw['avg_loss_delay_samples_calculated']);
4191	b1c2bb34	Renato Botelho	}
4192			}
4193			}
4194
4195	41df62c1	jim-p	function upgrade_131_to_132() {
4196			global $config;
4197			if (isset($config['system']['usefifolog'])) {
4198			unset($config['system']['usefifolog']);
4199			clear_all_log_files(false);
4200			}
4201			}
4202	f1b7a0b1	Renato Botelho
4203			function upgrade_132_to_133() {
4204			global $config;
4205
4206			if (isset($config['ipsec']['phase1']) &&
4207			is_array($config['ipsec']['phase1'])) {
4208			foreach ($config['ipsec']['phase1'] as &$p1) {
4209			if (isset($p1['encryption-algorithm']['name']) &&
4210			$p1['encryption-algorithm']['name'] == 'des') {
4211			$p1['disabled'] = true;
4212			file_notice("IPsec",
4213			"DES is no longer supported, IPsec phase 1 " .
4214			"item '{$p1['descr']}' is being disabled.");
4215			}
4216			}
4217			}
4218
4219			if (isset($config['ipsec']['phase2']) &&
4220			is_array($config['ipsec']['phase2'])) {
4221			foreach ($config['ipsec']['phase2'] as &$p2) {
4222			if (!isset($p2['encryption-algorithm-option']) \|\|
4223			!is_array($p2['encryption-algorithm-option'])) {
4224			continue;
4225			}
4226
4227			foreach ($p2['encryption-algorithm-option'] as $ealgo) {
4228			if ($ealgo['name'] == 'des') {
4229			$p2['disabled'] = true;
4230			file_notice("IPsec",
4231			"DES is no longer supported, IPsec phase 2 " .
4232			"item '{$p2['descr']}' is being disabled.");
4233			}
4234			}
4235			}
4236			}
4237			}
4238	29c0d920	Stephen Beaver
4239			// Determine the highest column number in use and set dashboardcolumns accordingly
4240			function upgrade_133_to_134() {
4241			global $config;
4242
4243			if (!isset($config['widgets']['sequence']) \|\| isset($config['system']['webgui']['dashboardcolumns'])) {
4244			return;
4245			}
4246
4247			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4248			$maxcols = 2;
4249
4250			foreach ($cur_widgets as $widget) {
4251			list($file, $col, $display) = explode(':', $widget);
4252
4253			if (($display != 'none') && ($display != 'hide')) {
4254			preg_match('#[0-9]+$#', $col, $column);
4255			if ($column[0] > $maxcols) {
4256			$maxcols = $column[0];
4257			}
4258			}
4259			}
4260
4261			$config['system']['webgui']['dashboardcolumns'] = $maxcols % 10;
4262			}
4263	c4104141	Chris Buechler
4264			function upgrade_134_to_135() {
4265			global $config;
4266
4267			if (isset($config['syslog']['nologlighttpd'])) {
4268			unset($config['syslog']['nologlighttpd']);
4269			$config['syslog']['nolognginx'] = true;
4270			}
4271			}
4272	faaab088	Renato Botelho	?>

Project

General

Profile

pfSense