/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 7cb5af21

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			/* include all configuration functions */
33			require_once("functions.inc");
34	0f282d7a	Scott Ullrich
35	adf4b768	Scott Ullrich	function opcode_cache_configuration() {
36	4184c024	Scott Ullrich	global $g;
37			if($g['platform'] == "cdrom")
38			return;
39	adf4b768	Scott Ullrich	/* get system memory amount */
40			$memory = get_memory();
41			$avail = $memory[0];
42
43			/* disable apc for platforms less than 90 megs of ram */
44			if($memory > 90) {
45			$opcode_cacher = "extension=apc.so\n";
46			$opcode_cacher .= "apc.enabled=\"1\"\n";
47			$opcode_cacher .= "apc.enable_cli=\"1\"\n";
48	6a71103a	Scott Ullrich	$opcode_cacher .= "apc.shm_size=\"10\"\n";
49	adf4b768	Scott Ullrich	} else {
50			$opcode_cacher = "";
51			}
52
53			/* create a php.ini variable */
54			$php_conf = file_get_contents("/usr/local/lib/php.ini");
55
56			$php_ini = <<<EOFF
57			output_buffering = "0"
58			implicit_flush = true
59			magic_quotes_gpc = Off
60			max_execution_time = 99999999
61			max_input_time = 99999999
62			register_argc_argv = On
63			file_uploads = On
64	afd5cfd7	Scott Ullrich	extension_dir=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/
65	adf4b768	Scott Ullrich	upload_tmp_dir = /tmp
66			upload_max_filesize = 100M
67			post_max_size = 100M
68			html_errors = Off
69	69f4b3a7	Scott Ullrich	memory_limit = 32M
70	adf4b768	Scott Ullrich	include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg"
71			extension=radius.so
72			{$opcode_cacher}
73
74			EOFF;
75
76			conf_mount_rw();
77
78			/* open up php.ini and write back out contents */
79			$fd = fopen("/usr/local/lib/php.ini","w");
80			fwrite($fd, $php_ini);
81			fclose($fd);
82
83			conf_mount_ro();
84			}
85
86	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
87	f19d3b7a	Scott Ullrich	global $config, $g;
88	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
89			$mt = microtime();
90	dcf0598e	Scott Ullrich	echo "system_resolvconf_generate() being called $mt\n";
91	333f8ef0	Scott Ullrich	}
92	ef217c69	Scott Ullrich
93			$syscfg = $config['system'];
94
95			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
96			if (!$fd) {
97			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
98			return 1;
99			}
100
101			$resolvconf = "domain {$syscfg['domain']}\n";
102
103			$havedns = false;
104
105			if (isset($syscfg['dnsallowoverride'])) {
106			/* get dynamically assigned DNS servers (if any) */
107	5c83df30	Scott Ullrich	$ns = array_unique(get_nameservers());
108	3d00ccaa	Scott Ullrich	foreach($ns as $nameserver) {
109	e428c94d	Scott Ullrich	if($nameserver) {
110			$resolvconf .= "nameserver $nameserver\n";
111			$havedns = true;
112			}
113	3d00ccaa	Scott Ullrich	}
114	ef217c69	Scott Ullrich	}
115			if (!$havedns && is_array($syscfg['dnsserver'])) {
116			foreach ($syscfg['dnsserver'] as $ns) {
117	e428c94d	Scott Ullrich	if ($ns) {
118	ef217c69	Scott Ullrich	$resolvconf .= "nameserver $ns\n";
119	e428c94d	Scott Ullrich	$havedns = true;
120			}
121	ef217c69	Scott Ullrich	}
122			}
123	0f282d7a	Scott Ullrich
124	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
125			fclose($fd);
126	0f282d7a	Scott Ullrich
127	ef217c69	Scott Ullrich	if (!$g['booting']) {
128			/* restart dhcpd (nameservers may have changed) */
129			if (!$dynupdate)
130			services_dhcpd_configure();
131			}
132
133			return 0;
134	5b237745	Scott Ullrich	}
135
136	3d00ccaa	Scott Ullrich	function get_nameservers() {
137			global $config, $g;
138			$master_list = array();
139	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
140	3d00ccaa	Scott Ullrich	foreach($dns_lists as $dns) {
141			$items = split("\n", file_get_contents($dns));
142			foreach($items as $item)
143			if($item <> "")
144			$master_list[] = $item;
145			}
146	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
147			return $master_list;
148			$dns = `cat /var/etc/nameservers.conf`;
149			$dns_s = split("\n", $dns);
150	0dbac999	Scott Ullrich	if(is_array($dns_s))
151			foreach($dns_s as $dns)
152			$master_list[] = $dns;
153	3d00ccaa	Scott Ullrich	return $master_list;
154			}
155
156	5b237745	Scott Ullrich	function system_hosts_generate() {
157	f19d3b7a	Scott Ullrich	global $config, $g;
158	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
159			$mt = microtime();
160	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
161	f19d3b7a	Scott Ullrich	}
162	0f282d7a	Scott Ullrich
163	5b237745	Scott Ullrich	$syscfg = $config['system'];
164			$lancfg = $config['interfaces']['lan'];
165			$dnsmasqcfg = $config['dnsmasq'];
166
167			if (!is_array($dnsmasqcfg['hosts'])) {
168			$dnsmasqcfg['hosts'] = array();
169			}
170			$hostscfg = $dnsmasqcfg['hosts'];
171	0f282d7a	Scott Ullrich
172	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
173			if (!$fd) {
174	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
175	5b237745	Scott Ullrich	return 1;
176			}
177	0f282d7a	Scott Ullrich
178	5b237745	Scott Ullrich	$hosts = <<<EOD
179			127.0.0.1 localhost localhost.{$syscfg['domain']}
180			{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
181
182			EOD;
183	0f282d7a	Scott Ullrich
184	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
185			if ($host['host'])
186			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
187			else
188			$hosts .= "{$host['ip']} {$host['domain']}\n";
189			}
190	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
191			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
192			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
193	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
194	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
195			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
196	a56e787d	Scott Ullrich	}
197	5b237745	Scott Ullrich	fwrite($fd, $hosts);
198			fclose($fd);
199	0f282d7a	Scott Ullrich
200	5b237745	Scott Ullrich	return 0;
201			}
202
203			function system_hostname_configure() {
204	f19d3b7a	Scott Ullrich	global $config, $g;
205	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
206			$mt = microtime();
207	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
208	333f8ef0	Scott Ullrich	}
209	0f282d7a	Scott Ullrich
210	5b237745	Scott Ullrich	$syscfg = $config['system'];
211	0f282d7a	Scott Ullrich
212	5b237745	Scott Ullrich	/* set hostname */
213			return mwexec("/bin/hostname " .
214			escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
215			}
216
217			function system_routing_configure() {
218	f19d3b7a	Scott Ullrich	global $config, $g;
219	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
220			$mt = microtime();
221	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
222	58c7450e	Scott Ullrich	}
223	333f8ef0	Scott Ullrich
224	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
225			if(isset($config['staticroutes']['enablefastrouting']))
226			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
227
228	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
229			if (file_exists("{$g['vardb_path']}/routes.db")) {
230			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
231			if (!$fd) {
232			printf("Error: cannot open routes DB file in system_routing_configure().\n");
233	0f282d7a	Scott Ullrich	return 1;
234	5b237745	Scott Ullrich	}
235			while (!feof($fd)) {
236			$oldrt = fgets($fd);
237			if ($oldrt)
238			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
239			}
240			fclose($fd);
241			unlink("{$g['vardb_path']}/routes.db");
242			}
243	0f282d7a	Scott Ullrich
244	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
245	0f282d7a	Scott Ullrich
246	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
247			if (!$fd) {
248			printf("Error: cannot open routes DB file in system_routing_configure().\n");
249	0f282d7a	Scott Ullrich	return 1;
250	5b237745	Scott Ullrich	}
251	0f282d7a	Scott Ullrich
252	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
253	fef3a8ef	Scott Ullrich	if(isset($rtent['interfacegateway'])) {
254			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
255	333f8ef0	Scott Ullrich	" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($rtent['interface'])));
256	fef3a8ef	Scott Ullrich	} else {
257			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
258			" " . escapeshellarg($rtent['gateway']));
259			}
260	5b237745	Scott Ullrich	/* record route so it can be easily removed later (if necessary) */
261			fwrite($fd, $rtent['network'] . "\n");
262			}
263	0f282d7a	Scott Ullrich
264			fclose($fd);
265	5b237745	Scott Ullrich	}
266	0f282d7a	Scott Ullrich
267	5b237745	Scott Ullrich	return 0;
268			}
269
270			function system_routing_enable() {
271	f19d3b7a	Scott Ullrich	global $config, $g;
272	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
273			$mt = microtime();
274	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
275	58c7450e	Scott Ullrich	}
276	0f282d7a	Scott Ullrich
277	5b237745	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
278			}
279
280			function system_syslogd_start() {
281	f19d3b7a	Scott Ullrich	global $config, $g;
282	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
283			$mt = microtime();
284	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
285	58c7450e	Scott Ullrich	}
286	0f282d7a	Scott Ullrich
287	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
288
289	0f282d7a	Scott Ullrich	if ($g['booting'])
290	f05740c1	Scott Ullrich	echo "Starting syslog...";
291	5b237745	Scott Ullrich	else
292			killbypid("{$g['varrun_path']}/syslog.pid");
293	0f282d7a	Scott Ullrich
294	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
295	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
296	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
297			foreach($config['installedpackages']['package'] as $package) {
298	333f8ef0	Scott Ullrich	if($package['logging']) {
299	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
300	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
301	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
302			mwexec("clog -i -s 10000 {$g['varlog_path']}/{$package['logging']['logfilename']}");
303	d2834563	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t%{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
304	a728d2ea	Colin Smith	}
305			}
306			}
307	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
308	5b237745	Scott Ullrich	/* write syslog.conf */
309			$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
310			if (!$fd) {
311			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
312			return 1;
313			}
314	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
315	18330d38	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
316			$syslogconf .= <<<EOD
317			. %{$g['varlog_path']}/ntpd.log
318
319			EOD;
320			}
321	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
322	1cdec603	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
323	0260caec	Scott Ullrich	$syslogconf .= <<<EOD
324	bc7f52e2	Colin Smith	. %{$g['varlog_path']}/ipsec.log
325	0260caec	Scott Ullrich
326			EOD;
327			}
328			if (isset($syslogcfg['vpn'])) {
329			$syslogconf .= <<<EOD
330			. @{$syslogcfg['remoteserver']}
331
332			EOD;
333			}
334	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
335	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
336			$syslogconf .= <<<EOD
337			. %{$g['varlog_path']}/openvpn.log
338
339			EOD;
340			}
341			if (isset($syslogcfg['vpn'])) {
342			$syslogconf .= <<<EOD
343			. @{$syslogcfg['remoteserver']}
344
345			EOD;
346			}
347	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
348	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
349			$syslogconf .= <<<EOD
350	bc328042	Bill Marquette	local0.* %{$g['varlog_path']}/filter.log
351			local3.* %{$g['varlog_path']}/vpn.log
352			local4.* %{$g['varlog_path']}/portalauth.log
353			local7.* %{$g['varlog_path']}/dhcpd.log
354	d2834563	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; %{$g['varlog_path']}/system.log
355	f3b064aa	Scott Ullrich	news.err;local0.none;local3.none;local4.none; %{$g['varlog_path']}/system.log
356	7e77107f	Scott Ullrich	local7.none %{$g['varlog_path']}/system.log
357	bc328042	Bill Marquette	security.* %{$g['varlog_path']}/system.log
358			auth.info;authpriv.info;daemon.info %{$g['varlog_path']}/system.log
359	a5dba545	Scott Ullrich	local1.* %{$g['varlog_path']}/slbd.log
360	d2834563	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
361	5b237745	Scott Ullrich	.emerg
362
363			EOD;
364	e1c0c35a	Scott Ullrich	}
365	5b237745	Scott Ullrich
366			if (isset($syslogcfg['filter'])) {
367			$syslogconf .= <<<EOD
368			local0.* @{$syslogcfg['remoteserver']}
369
370			EOD;
371			}
372	0f282d7a	Scott Ullrich
373	5b237745	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
374			$syslogconf .= <<<EOD
375			local3.* @{$syslogcfg['remoteserver']}
376	0a123b4c	Scott Ullrich
377	3f2b92d2	Scott Ullrich	EOD;
378			}
379
380	5b237745	Scott Ullrich
381	3f2b92d2	Scott Ullrich	if (isset($syslogcfg['portalauth'])) {
382			$syslogconf .= <<<EOD
383			local4.* @{$syslogcfg['remoteserver']}
384	0a123b4c	Scott Ullrich
385	5b237745	Scott Ullrich	EOD;
386			}
387
388	3f2b92d2	Scott Ullrich
389	5b237745	Scott Ullrich	if (isset($syslogcfg['dhcp'])) {
390			$syslogconf .= <<<EOD
391			local7.* @{$syslogcfg['remoteserver']}
392	0a123b4c	Scott Ullrich
393	5b237745	Scott Ullrich	EOD;
394			}
395
396			if (isset($syslogcfg['system'])) {
397			$syslogconf .= <<<EOD
398	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
399			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
400	5b237745	Scott Ullrich	security.* @{$syslogcfg['remoteserver']}
401			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
402			*.emerg @{$syslogcfg['remoteserver']}
403	d2834563	Scott Ullrich
404	5b237745	Scott Ullrich	EOD;
405			}
406			fwrite($fd, $syslogconf);
407			fclose($fd);
408	0f282d7a	Scott Ullrich
409	5b237745	Scott Ullrich	$retval = mwexec("/usr/sbin/syslogd -s -f {$g['varetc_path']}/syslog.conf");
410
411			} else {
412			$retval = mwexec("/usr/sbin/syslogd -ss");
413			}
414	0f282d7a	Scott Ullrich
415	5b237745	Scott Ullrich	if ($g['booting'])
416	5c6d0f65	Colin Smith	echo "done.\n";
417	0f282d7a	Scott Ullrich
418	5b237745	Scott Ullrich	return $retval;
419			}
420
421			function system_pccard_start() {
422	f19d3b7a	Scott Ullrich	global $config, $g;
423	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
424			$mt = microtime();
425	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
426	58c7450e	Scott Ullrich	}
427	0f282d7a	Scott Ullrich
428	5b237745	Scott Ullrich	if ($g['booting'])
429	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
430	0f282d7a	Scott Ullrich
431	5b237745	Scott Ullrich	/* kill any running pccardd */
432			killbypid("{$g['varrun_path']}/pccardd.pid");
433	0f282d7a	Scott Ullrich
434	5b237745	Scott Ullrich	/* fire up pccardd */
435			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
436	0f282d7a	Scott Ullrich
437	5b237745	Scott Ullrich	if ($g['booting']) {
438			if ($res == 0)
439	5c6d0f65	Colin Smith	echo "done.\n";
440	5b237745	Scott Ullrich	else
441	5c6d0f65	Colin Smith	echo "failed!\n";
442	5b237745	Scott Ullrich	}
443	0f282d7a	Scott Ullrich
444	5b237745	Scott Ullrich	return $res;
445			}
446
447	819197a8	Scott Ullrich
448	5b237745	Scott Ullrich	function system_webgui_start() {
449	f19d3b7a	Scott Ullrich	global $config, $g;
450	877ac35d	Scott Ullrich
451			if ($g['booting'])
452	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
453	877ac35d	Scott Ullrich
454	383a4439	Scott Ullrich	/* kill any running lighttpd */
455	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
456
457	e9d0bf64	Scott Ullrich	sleep(1);
458
459	877ac35d	Scott Ullrich	/* generate password file */
460			system_password_configure();
461
462			chdir($g['www_path']);
463
464			/* non-standard port? */
465			if ($config['system']['webgui']['port'])
466	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
467	877ac35d	Scott Ullrich	else
468			$portarg = "";
469
470			if ($config['system']['webgui']['protocol'] == "https") {
471
472	1b2db323	Scott Ullrich	if(!$config['system']['webgui']['port'])
473			$portarg = "443";
474
475	877ac35d	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
476			$cert = base64_decode($config['system']['webgui']['certificate']);
477			$key = base64_decode($config['system']['webgui']['private-key']);
478			} else {
479			/* default certificate/key */
480			$cert = <<<EOD
481			-----BEGIN CERTIFICATE-----
482	6e0f3899	Scott Ullrich	MIIDEzCCAnygAwIBAgIJAJM91W+s6qptMA0GCSqGSIb3DQEBBAUAMGUxCzAJBgNV
483			BAYTAlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UE
484			ChMHcGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTAe
485			Fw0wNjAzMTAyMzQ1MTlaFw0xNjAzMDcyMzQ1MTlaMGUxCzAJBgNVBAYTAlVTMQsw
486			CQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMHcGZTZW5z
487			ZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTCBnzANBgkqhkiG
488			9w0BAQEFAAOBjQAwgYkCgYEA3lPNTFH6qge/ygaqe/BS4oH59O6KvAesWcRzSu5N
489			21lyVE5tBbL0zqOSXmlLyReMSbtAMZqt1P8EPYFoOcaEQHIWm2VQF80Z18+8Gh4O
490			UQGjHq88OeaLqyk3OLpSKzSpXuCFrSN7q9Kez8zp5dQEu7sIW30da3pAbdqYOimA
491			1VsCAwEAAaOByjCBxzAdBgNVHQ4EFgQUAnx+ggC4SzJ0CK+rhPhJ2ZpyunEwgZcG
492			A1UdIwSBjzCBjIAUAnx+ggC4SzJ0CK+rhPhJ2ZpyunGhaaRnMGUxCzAJBgNVBAYT
493			AlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMH
494			cGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZYIJAJM9
495			1W+s6qptMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAAviQpdoeabL8
496			1HSZiD7Yjx82pdLpyQOdXvAu3jEAYz53ckx0zSMrzsQ5r7Vae6AE7Xd7Pj+1Yihs
497			AJZzOQujnmsuim7qu6YSxzP34xonKwd1C9tZUlyNRNnEmtXOEDupn05bih1ugtLG
498			kqfPIgDbDLXuPtEAA6QDUypaunI6+1E=
499	877ac35d	Scott Ullrich	-----END CERTIFICATE-----
500	6e0f3899	Scott Ullrich
501	877ac35d	Scott Ullrich	EOD;
502
503			$key = <<<EOD
504			-----BEGIN RSA PRIVATE KEY-----
505	6e0f3899	Scott Ullrich	MIICXgIBAAKBgQDeU81MUfqqB7/KBqp78FLigfn07oq8B6xZxHNK7k3bWXJUTm0F
506			svTOo5JeaUvJF4xJu0Axmq3U/wQ9gWg5xoRAchabZVAXzRnXz7waHg5RAaMerzw5
507			5ourKTc4ulIrNKle4IWtI3ur0p7PzOnl1AS7uwhbfR1rekBt2pg6KYDVWwIDAQAB
508			AoGAP7E0VFP8Aq/7os3sE1uS8y8XQ7L+7cUo/AKKoQHKLjfeyAY7t3FALt6vdPqn
509			anGjkA/j4RIWELoKJfCnwj17703NDCPwB7klcmZvmTx5Om1ZrRyZdQ6RJs0pOOO1
510			r2wOnZNaNWStXE9Afpw3dj20Gh0V/Ioo5HXn3sHfxZm8dnkCQQDwv8OaUdp2Hl8t
511			FDfXB1CMvUG1hEAvbQvZK1ODkE7na2/ChKjVPddEI3DvfzG+nLrNuTrAyVWgRLte
512			r8qX5PQHAkEA7GlKx0S18LdiKo6wy2QeGu6HYkPncaHNFOWX8cTpvGGtQoWYSh0J
513			tjCt1/mz4/XkvZWuZyTNx2FdkVlNF5nHDQJBAIRWVTZqEjVlwpmsCHnp6mxCyHD4
514			DrRDNAUfnNuwIr9xPlDlzUzSnpc1CCqOd5C45LKbRGGfCrN7tKd66FmQoFcCQQCy
515			Kvw3R1pTCvHJnvYwoshphaC0dvaDVeyINiwYAk4hMf/wpVxLZqz+CJvLrB1dzOBR
516			3O+uPjdzbrakpweJpNQ1AkEA3ZtlgEj9eWsLAJP8aKlwB8VqD+EtG9OJSUMnCDiQ
517			WFFNj/t3Ze3IVuAyL/yMpiv3JNEnZhIxCta42eDFpIZAKw==
518	877ac35d	Scott Ullrich	-----END RSA PRIVATE KEY-----
519	6e0f3899	Scott Ullrich
520	877ac35d	Scott Ullrich	EOD;
521			}
522			} else {
523			$cert = "";
524			$key = "";
525			}
526
527			/* generate lighttpd configuration */
528			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
529	1b2db323	Scott Ullrich	$cert, $key, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
530	877ac35d	Scott Ullrich
531			/* attempt to start lighthttpd */
532			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
533
534			if ($g['booting']) {
535			if ($res == 0)
536			echo "done.\n";
537			else
538			echo "failed!\n";
539			}
540
541			return $res;
542			}
543
544			function system_webgui_start_old() {
545			global $config, $g;
546	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
547			$mt = microtime();
548	dcf0598e	Scott Ullrich	echo "system_webgui_start() being called $mt\n";
549	58c7450e	Scott Ullrich	}
550	0f282d7a	Scott Ullrich
551	819197a8	Scott Ullrich	if ($g['booting'])
552	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
553	0f282d7a	Scott Ullrich
554	819197a8	Scott Ullrich	/* kill any running mini_httpd */
555			killbypid("{$g['varrun_path']}/mini_httpd.pid");
556	0f282d7a	Scott Ullrich
557	819197a8	Scott Ullrich	/* generate password file */
558			system_password_configure();
559	0f282d7a	Scott Ullrich
560	819197a8	Scott Ullrich	chdir($g['www_path']);
561	0f282d7a	Scott Ullrich
562	819197a8	Scott Ullrich	/* non-standard port? */
563			if ($config['system']['webgui']['port'])
564			$portarg = "-p {$config['system']['webgui']['port']}";
565			else
566			$portarg = "";
567	0f282d7a	Scott Ullrich
568	819197a8	Scott Ullrich	if ($config['system']['webgui']['protocol'] == "https") {
569	0f282d7a	Scott Ullrich
570	819197a8	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
571			$cert = base64_decode($config['system']['webgui']['certificate']);
572	7aae518a	Scott Ullrich	$key = base64_decode($config['system']['webgui']['private-key']);
573	819197a8	Scott Ullrich	} else {
574			/* default certificate/key */
575			$cert = <<<EOD
576	5b237745	Scott Ullrich	-----BEGIN CERTIFICATE-----
577	819197a8	Scott Ullrich	MIIBlDCB/gIBADANBgkqhkiG9w0BAQQFADATMREwDwYDVQQKEwhtMG4wd2FsbDAe
578			Fw0wNTA1MTAxMjI0NDRaFw0wNzA1MTAxMjI0NDRaMBMxETAPBgNVBAoTCG0wbjB3
579			YWxsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAShszhFz+o8lsMWTGgTxs
580			TMPR+v4+qL5jXDyY97MLTGFK7aqQOtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+
581			83LPQmQoSPC0VqhfU3uYf3NzxiK8r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFP
582			C4jE2fvjkbzyVolPywBuewIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAFR962c4R5tV
583			cTn0OQcszYoW6WC+ini9tQQh5ku5jYDAiC+00atawJEVLnL3lwAcpSKTIWlTkD20
584			tl3lz5br1qFgYky+Rd0kwS2nk9jRbkxSXxd6KJVnNRCKre28aw3ENzZfCSurPQsX
585			UPp5er+NtwMT1g7s/JDmKTC4w1rGr5/c
586	5b237745	Scott Ullrich	-----END CERTIFICATE-----
587	819197a8	Scott Ullrich
588	5b237745	Scott Ullrich	EOD;
589
590	819197a8	Scott Ullrich	$key = <<<EOD
591	5b237745	Scott Ullrich	-----BEGIN RSA PRIVATE KEY-----
592	819197a8	Scott Ullrich	MIICXQIBAAKBgQDAShszhFz+o8lsMWTGgTxsTMPR+v4+qL5jXDyY97MLTGFK7aqQ
593			OtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+83LPQmQoSPC0VqhfU3uYf3NzxiK8
594			r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFPC4jE2fvjkbzyVolPywBuewIDAQAB
595			AoGAbJJrQW9fQrggJuLMz/hwsYW2m31oyOBmf5u463YQtjRuSuxe/gj87weZuNqY
596			H2rXq2k2K+ehl8hgW+egASyUL3L7kCkEAsVREujKTEyhSqqIRDPWTxo9S/YA9Gvn
597			2ZnJvkrcKjqCO9aHX3rvJOK/ErYI6akctgI3KmgkYw5XNmECQQDuZU97RTWH9rmP
598			aQr57ysNXxgFsyhetOOqeYkPtIVwpOiNbfwE1zi5RGdtO4Ku3fG1lV4J2UoWJ9yD
599			awdoyYIHAkEAzn0xJ90IjPsHk+8SODEj5JGdHSZPNu1tgtrbjEi9sfGWg4K7XTxr
600			QW90pWb1bKKU1uh5FzW6OhnFfuQXt1kC7QJAPSthqY+onKqCEnoxhtAHi/bKgyvl
601			P+fKQwPMV2tKkgy+XwvJjrRqqZ8TqsOKVLQ+QQmCh6RpjiXMPyxHSmvqIQJBAKLR
602			HF1ucDuaBROkwx0DwmWMW/KMLpIFDQDNSaiIAuu4rxHrl4mhBoGGPNffI04RtILw
603			s+qVNs5xW8T+XaT4ztECQQDFHPnZeoPWE5z+AX/UUQIUWaDExz3XRzmIxRbOrlFi
604			CsF1s0TdJLi/wzNQRAL37A8vqCeVFR/ng3Xpg96Yg+8Z
605	5b237745	Scott Ullrich	-----END RSA PRIVATE KEY-----
606	208e9a9c	Scott Ullrich
607	819197a8	Scott Ullrich	EOD;
608			}
609	333f8ef0	Scott Ullrich
610	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
611			$key = str_replace("\r", "", $key);
612	333f8ef0	Scott Ullrich
613	819197a8	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/cert.pem", "w");
614			if (!$fd) {
615			printf("Error: cannot open cert.pem in system_webgui_start().\n");
616			return 1;
617			}
618			chmod("{$g['varetc_path']}/cert.pem", 0600);
619			fwrite($fd, $cert);
620			fwrite($fd, "\n");
621			fwrite($fd, $key);
622			fclose($fd);
623
624			$res = mwexec("/usr/local/sbin/mini_httpd -S -E {$g['varetc_path']}/cert.pem" .
625			" -c \".php\|.cgi\" -u root -maxproc 16 $portarg" .
626			" -i {$g['varrun_path']}/mini_httpd.pid");
627			} else {
628			$res = mwexec("/usr/local/sbin/mini_httpd -c \".php\|.cgi\" -u root" .
629			" -maxproc 16 $portarg -i {$g['varrun_path']}/mini_httpd.pid");
630			}
631	0f282d7a	Scott Ullrich
632	819197a8	Scott Ullrich	if ($g['booting']) {
633			if ($res == 0)
634			echo "done\n";
635			else
636			echo "failed\n";
637			}
638	a632cf43	Scott Ullrich
639	819197a8	Scott Ullrich	return $res;
640	a632cf43	Scott Ullrich	}
641
642	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
643			$cert,
644			$key,
645			$pid_file,
646			$port = 80,
647			$document_root = "/usr/local/www/",
648			$cert_location = "cert.pem",
649	b5317d07	Scott Ullrich	$max_procs = 2,
650	eb0f441c	Scott Ullrich	$max_requests = "1",
651			$fast_cgi_enable = true,
652			$captive_portal = false) {
653	58c7450e	Scott Ullrich
654	f19d3b7a	Scott Ullrich	global $config, $g;
655
656	d25b4a55	Scott Ullrich	/* only use freebsd-sendfile network handler on full installations
657			* tests have shown that it is actually slower on embedded.
658			*/
659			if(stristr("pfSense", $g['platform']))
660			$network_handler = "server.network-backend = \"freebsd-sendfile\"\n";
661	a19daac5	Scott Ullrich	else
662			$network_handler = "";
663	d25b4a55	Scott Ullrich
664	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
665			$mt = microtime();
666	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
667	58c7450e	Scott Ullrich	}
668
669	eb0f441c	Scott Ullrich	if($captive_portal == true) {
670			$captiveportal = ",\"mod_rewrite\"";
671	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
672	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
673			$maxprocperip = $config['captiveportal']['maxprocperip'];
674	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
675			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
676			else
677			$captive_portal_mod_evasive = "";
678	b0bdc06e	Scott Ullrich	} else {
679			$captive_portal_module = "";
680			$captive_portal_mod_evasive = "";
681	eb0f441c	Scott Ullrich	}
682
683	28cae949	Scott Ullrich	if($port <> "")
684			$lighty_port = $port;
685			else
686			$lighty_port = "80";
687	3d77d4c4	Scott Ullrich
688			$memory = get_memory();
689			$avail = $memory[0];
690
691	b0bdc06e	Scott Ullrich	if($avail > 0 and $avail < 98) {
692	f994f4d6	Scott Ullrich	$max_procs = 1;
693			$max_requests = 1;
694	52624d2c	Scott Ullrich	}
695	1a043fa7	Scott Ullrich
696	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
697			$max_procs = 2;
698			$max_requests = 1;
699			}
700
701			if($avail > 127 and $avail < 256) {
702			$max_procs = 2;
703			$max_requests = 1;
704			}
705
706			if($avail > 255 and $avail < 384) {
707			$max_procs = 3;
708			$max_requests = 1;
709			}
710
711			if($avail > 383 and $avail < 512) {
712			$max_procs = 4;
713			$max_requests = 1;
714			}
715
716	c9f740ab	Scott Ullrich	/* we told you that 64 megs would be slow */
717	1a043fa7	Scott Ullrich	if ($avail > 0 and $avail < 65)
718	26cea883	Scott Ullrich	$fast_cgi_enable = false;
719	333f8ef0	Scott Ullrich
720	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
721	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
722	4edb490d	Scott Ullrich	$cgi_config = "";
723			$fastcgi_config = <<<EOD
724			#### fastcgi module
725			## read fastcgi.txt for more info
726	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
727			( "localhost" =>
728			(
729			"socket" => "/tmp/php-fastcgi.socket",
730			"min-procs" => 1,
731			"max-procs" => {$max_procs},
732			"bin-path" => "/usr/local/bin/php"
733			)
734			)
735			)
736	4edb490d	Scott Ullrich
737	dde4f60c	Scott Ullrich	#### CGI module
738	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
739	dde4f60c	Scott Ullrich
740	4edb490d	Scott Ullrich	EOD;
741			} else {
742			$fastcgi_config = "";
743			$module = "\"mod_cgi\"";
744			$cgi_config = <<<EOD
745			#### CGI module
746			cgi.assign = ( ".php" => "/usr/local/bin/php",
747	d4302f46	Espen Johansen	".cgi" => "" )
748	333f8ef0	Scott Ullrich
749	4edb490d	Scott Ullrich	EOD;
750			}
751	333f8ef0	Scott Ullrich
752	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
753	28cae949	Scott Ullrich	#
754	a632cf43	Scott Ullrich	# lighttpd configuration file
755			#
756			# use a it as base for lighttpd 1.0.0 and above
757	28cae949	Scott Ullrich	#
758	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
759
760	770b4b9c	Scott Ullrich	## FreeBSD!
761			server.event-handler = "freebsd-kqueue"
762
763	d25b4a55	Scott Ullrich	{$network_handler}
764	096261af	Scott Ullrich
765	a632cf43	Scott Ullrich	## modules to load
766	4edb490d	Scott Ullrich	server.modules = (
767	b0bdc06e	Scott Ullrich	{$captive_portal_module}
768	ee959dc4	Scott Ullrich	"mod_access", "mod_accesslog",
769	eb0f441c	Scott Ullrich	{$module}{$captiveportal}
770	4edb490d	Scott Ullrich	)
771	28cae949	Scott Ullrich
772			## Unused modules
773	6a019c11	Scott Ullrich	# "mod_setenv",
774			# "mod_compress"
775			# "mod_redirect",
776			# "mod_rewrite",
777	28cae949	Scott Ullrich	# "mod_ssi",
778			# "mod_usertrack",
779			# "mod_expire",
780			# "mod_secdownload",
781			# "mod_rrdtool",
782	a632cf43	Scott Ullrich	# "mod_auth",
783			# "mod_status",
784	28cae949	Scott Ullrich	# "mod_alias",
785	a632cf43	Scott Ullrich	# "mod_proxy",
786			# "mod_simple_vhost",
787			# "mod_evhost",
788			# "mod_userdir",
789	28cae949	Scott Ullrich	# "mod_cgi",
790			# "mod_accesslog"
791	a632cf43	Scott Ullrich
792			## a static document-root, for virtual-hosting take look at the
793			## server.virtual-* options
794	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
795	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
796	a632cf43	Scott Ullrich
797			## where to send error-messages to
798	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
799	a632cf43	Scott Ullrich
800			# files to check for if .../ is requested
801			server.indexfiles = ( "index.php", "index.html",
802			"index.htm", "default.htm" )
803
804			# mimetype mapping
805			mimetype.assign = (
806			".pdf" => "application/pdf",
807			".sig" => "application/pgp-signature",
808			".spl" => "application/futuresplash",
809			".class" => "application/octet-stream",
810			".ps" => "application/postscript",
811			".torrent" => "application/x-bittorrent",
812			".dvi" => "application/x-dvi",
813			".gz" => "application/x-gzip",
814			".pac" => "application/x-ns-proxy-autoconfig",
815			".swf" => "application/x-shockwave-flash",
816			".tar.gz" => "application/x-tgz",
817			".tgz" => "application/x-tgz",
818			".tar" => "application/x-tar",
819			".zip" => "application/zip",
820			".mp3" => "audio/mpeg",
821			".m3u" => "audio/x-mpegurl",
822			".wma" => "audio/x-ms-wma",
823			".wax" => "audio/x-ms-wax",
824			".ogg" => "audio/x-wav",
825			".wav" => "audio/x-wav",
826			".gif" => "image/gif",
827			".jpg" => "image/jpeg",
828			".jpeg" => "image/jpeg",
829			".png" => "image/png",
830			".xbm" => "image/x-xbitmap",
831			".xpm" => "image/x-xpixmap",
832			".xwd" => "image/x-xwindowdump",
833			".css" => "text/css",
834			".html" => "text/html",
835			".htm" => "text/html",
836			".js" => "text/javascript",
837			".asc" => "text/plain",
838			".c" => "text/plain",
839			".conf" => "text/plain",
840			".text" => "text/plain",
841			".txt" => "text/plain",
842			".dtd" => "text/xml",
843			".xml" => "text/xml",
844			".mpeg" => "video/mpeg",
845			".mpg" => "video/mpeg",
846			".mov" => "video/quicktime",
847			".qt" => "video/quicktime",
848			".avi" => "video/x-msvideo",
849			".asf" => "video/x-ms-asf",
850			".asx" => "video/x-ms-asf",
851			".wmv" => "video/x-ms-wmv",
852			".bz2" => "application/x-bzip",
853			".tbz" => "application/x-bzip-compressed-tar",
854			".tar.bz2" => "application/x-bzip-compressed-tar"
855			)
856
857			# Use the "Content-Type" extended attribute to obtain mime type if possible
858			#mimetypes.use-xattr = "enable"
859
860			#### accesslog module
861	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
862	a632cf43	Scott Ullrich
863			## deny access the file-extensions
864			#
865			# ~ is for backupfiles from vi, emacs, joe, ...
866			# .inc is often used for code includes which should in general not be part
867			# of the document-root
868			url.access-deny = ( "~", ".inc" )
869
870
871			######### Options that are good to be but not neccesary to be changed #######
872
873			## bind to port (default: 80)
874	28cae949	Scott Ullrich	server.port = {$lighty_port}
875	a632cf43	Scott Ullrich
876			## error-handler for status 404
877			#server.error-handler-404 = "/error-handler.html"
878			#server.error-handler-404 = "/error-handler.php"
879
880			## to help the rc.scripts
881			server.pid-file = "/var/run/{$pid_file}"
882
883			## virtual directory listings
884	28cae949	Scott Ullrich	server.dir-listing = "disable"
885	a632cf43	Scott Ullrich
886			## enable debugging
887	28cae949	Scott Ullrich	debug.log-request-header = "disable"
888			debug.log-response-header = "disable"
889			debug.log-request-handling = "disable"
890			debug.log-file-not-found = "disable"
891	a632cf43	Scott Ullrich
892			#### compress module
893			#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
894			#compress.filetype = ("text/plain", "text/html")
895
896	ee959dc4	Scott Ullrich	#server.network-backend = "writev"
897
898	f15b7e03	Scott Ullrich	server.upload-dirs = ( "{$g['upload_path']}", "/tmp", "/var/" )
899	1ef7b568	Scott Ullrich
900	ee959dc4	Scott Ullrich	server.max-request-size = 2097152
901
902	4edb490d	Scott Ullrich	{$fastcgi_config}
903
904			{$cgi_config}
905	a632cf43	Scott Ullrich
906	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
907
908	a632cf43	Scott Ullrich	EOD;
909
910	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
911	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
912	7aae518a	Scott Ullrich
913			$cert = str_replace("\n\n", "\n", $cert);
914	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
915	7aae518a	Scott Ullrich
916	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
917	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
918	5b237745	Scott Ullrich	if (!$fd) {
919			printf("Error: cannot open cert.pem in system_webgui_start().\n");
920			return 1;
921			}
922	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
923	5b237745	Scott Ullrich	fwrite($fd, $cert);
924			fwrite($fd, "\n");
925			fwrite($fd, $key);
926			fclose($fd);
927	a632cf43	Scott Ullrich	$lighty_config .= "\n";
928	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
929	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
930	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
931	5b237745	Scott Ullrich	}
932	0f282d7a	Scott Ullrich
933	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
934	a632cf43	Scott Ullrich	if (!$fd) {
935	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
936	a632cf43	Scott Ullrich	return 1;
937	5b237745	Scott Ullrich	}
938	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
939			fclose($fd);
940
941			return 0;
942	0f282d7a	Scott Ullrich
943	5b237745	Scott Ullrich	}
944
945			function system_password_configure() {
946	f19d3b7a	Scott Ullrich	global $config, $g;
947	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
948			$mt = microtime();
949	dcf0598e	Scott Ullrich	echo "system_password_configure() being called $mt\n";
950	f19d3b7a	Scott Ullrich	}
951
952	0d174c5f	Scott Ullrich	/* sync passwords */
953			sync_webgui_passwords();
954
955			/* !NOTE! conf_mount_ro is done by sync_webgui_passwords() */
956	0f282d7a	Scott Ullrich
957	5b237745	Scott Ullrich	return 0;
958			}
959
960			function system_timezone_configure() {
961	f19d3b7a	Scott Ullrich	global $config, $g;
962	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
963			$mt = microtime();
964	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
965	333f8ef0	Scott Ullrich	}
966	5b237745	Scott Ullrich
967			$syscfg = $config['system'];
968
969			if ($g['booting'])
970	f05740c1	Scott Ullrich	echo "Setting timezone...";
971	5b237745	Scott Ullrich
972			/* extract appropriate timezone file */
973			$timezone = $syscfg['timezone'];
974			if (!$timezone)
975			$timezone = "Etc/UTC";
976	0f282d7a	Scott Ullrich
977	34febcde	Scott Ullrich	conf_mount_rw();
978
979	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
980	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
981
982	27150275	Scott Ullrich	conf_mount_ro();
983	34febcde	Scott Ullrich
984	5b237745	Scott Ullrich	if ($g['booting'])
985	5c6d0f65	Colin Smith	echo "done.\n";
986	5b237745	Scott Ullrich	}
987
988			function system_ntp_configure() {
989	f19d3b7a	Scott Ullrich	global $config, $g;
990	5b237745	Scott Ullrich
991			$syscfg = $config['system'];
992
993	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
994			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
995			if(!$fd) {
996	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
997	20b90e0a	Scott Ullrich	return;
998	5b237745	Scott Ullrich	}
999
1000	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1001			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1002			fwrite($fd, "# \n\n");
1003	0f282d7a	Scott Ullrich
1004	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1005			$timeservers = "";
1006			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1007			fwrite($fd, "servers {$ts}\n");
1008	0f282d7a	Scott Ullrich
1009	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1010	0f282d7a	Scott Ullrich
1011	20b90e0a	Scott Ullrich	/* slurp! */
1012			fclose($fd);
1013
1014			/* if openntpd is running, kill it */
1015	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1016	20b90e0a	Scott Ullrich	exec("/usr/bin/killall ntpd");
1017	5f3e1f12	Scott Ullrich	sleep(3);
1018			}
1019
1020			/* if /var/empty does not exist, create it */
1021			if(!is_dir("/var/empty"))
1022			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1023
1024			sleep(1);
1025	20b90e0a	Scott Ullrich
1026			/* start opentpd, set time now and use /var/etc/ntpd.conf */
1027			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1028	0f282d7a	Scott Ullrich
1029	5b237745	Scott Ullrich	}
1030
1031	652cf082	Seth Mos	function sync_system_time() {
1032			global $config, $g;
1033
1034			$syscfg = $config['system'];
1035
1036			if ($g['booting'])
1037	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1038	652cf082	Seth Mos
1039			/* foreach through servers and write out to ntpd.conf */
1040			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1041			mwexec("/usr/sbin/ntpdate -s $ts");
1042			}
1043	4582b281	Scott Ullrich
1044			if ($g['booting'])
1045			echo "done.\n";
1046
1047	652cf082	Seth Mos	}
1048
1049	405e5de0	Scott Ullrich	function system_halt() {
1050			global $g;
1051
1052			system_reboot_cleanup();
1053
1054			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
1055			}
1056
1057	5b237745	Scott Ullrich	function system_reboot() {
1058			global $g;
1059	0f282d7a	Scott Ullrich
1060	5b237745	Scott Ullrich	system_reboot_cleanup();
1061	0f282d7a	Scott Ullrich
1062	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1063			}
1064
1065			function system_reboot_sync() {
1066			global $g;
1067	0f282d7a	Scott Ullrich
1068	5b237745	Scott Ullrich	system_reboot_cleanup();
1069	0f282d7a	Scott Ullrich
1070	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1071			}
1072
1073			function system_reboot_cleanup() {
1074	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1075	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1076			}
1077
1078			function system_do_shell_commands($early = 0) {
1079	f19d3b7a	Scott Ullrich	global $config, $g;
1080	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1081			$mt = microtime();
1082	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1083	58c7450e	Scott Ullrich	}
1084	0f282d7a	Scott Ullrich
1085	5b237745	Scott Ullrich	if ($early)
1086			$cmdn = "earlyshellcmd";
1087			else
1088			$cmdn = "shellcmd";
1089	0f282d7a	Scott Ullrich
1090	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1091	333f8ef0	Scott Ullrich
1092	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1093	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1094			exec($cmd);
1095			}
1096	245388b4	Scott Ullrich
1097			} elseif($config['system'][$cmdn] <> "") {
1098	333f8ef0	Scott Ullrich
1099	245388b4	Scott Ullrich	/* execute single item */
1100			exec($config['system'][$cmdn]);
1101
1102	5b237745	Scott Ullrich	}
1103			}
1104
1105			function system_console_configure() {
1106	f19d3b7a	Scott Ullrich	global $config, $g;
1107	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1108			$mt = microtime();
1109	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1110	333f8ef0	Scott Ullrich	}
1111	0f282d7a	Scott Ullrich
1112	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1113			touch("{$g['varetc_path']}/disableconsole");
1114			} else {
1115			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1116			}
1117			}
1118
1119			function system_dmesg_save() {
1120	f19d3b7a	Scott Ullrich	global $g;
1121	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1122			$mt = microtime();
1123	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1124	f19d3b7a	Scott Ullrich	}
1125	0f282d7a	Scott Ullrich
1126	767a716e	Scott Ullrich	$dmesg = "";
1127	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1128	0f282d7a	Scott Ullrich
1129	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1130			$lastcpline = 0;
1131	0f282d7a	Scott Ullrich
1132	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1133			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1134			$lastcpline = $i;
1135			}
1136	0f282d7a	Scott Ullrich
1137	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1138			if (!$fd) {
1139			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1140			return 1;
1141			}
1142	0f282d7a	Scott Ullrich
1143	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1144			fwrite($fd, $dmesg[$i] . "\n");
1145	0f282d7a	Scott Ullrich
1146	5b237745	Scott Ullrich	fclose($fd);
1147	0f282d7a	Scott Ullrich
1148	5b237745	Scott Ullrich	return 0;
1149			}
1150
1151			function system_set_harddisk_standby() {
1152	f19d3b7a	Scott Ullrich	global $g, $config;
1153	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1154			$mt = microtime();
1155	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1156	58c7450e	Scott Ullrich	}
1157	5b237745	Scott Ullrich
1158			if (isset($config['system']['harddiskstandby'])) {
1159			if ($g['booting']) {
1160	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1161	5b237745	Scott Ullrich	}
1162
1163			$standby = $config['system']['harddiskstandby'];
1164			// Check for a numeric value
1165			if (is_numeric($standby)) {
1166			// Sync the disk(s)
1167			mwexec('/bin/sync');
1168			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1169			// Reinitialize ATA-drives
1170			mwexec('/usr/local/sbin/atareinit');
1171			if ($g['booting']) {
1172	5c6d0f65	Colin Smith	echo "done.\n";
1173	5b237745	Scott Ullrich	}
1174			} else if ($g['booting']) {
1175	5c6d0f65	Colin Smith	echo "failed!\n";
1176	5b237745	Scott Ullrich	}
1177			} else if ($g['booting']) {
1178	5c6d0f65	Colin Smith	echo "failed!\n";
1179	5b237745	Scott Ullrich	}
1180			}
1181			}
1182
1183	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1184	f19d3b7a	Scott Ullrich	global $config;
1185	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1186			$mt = microtime();
1187	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1188	58c7450e	Scott Ullrich	}
1189	243aa7b9	Scott Ullrich
1190	3ff9d424	Scott Ullrich	$sysctl = return_filename_as_array("/etc/sysctl.conf");
1191			foreach($sysctl as $sysc) {
1192	89f7e23c	Scott Ullrich	if($sysc <> "")
1193	beae8857	Scott Ullrich	mwexec("sysctl {$sysc} 2>/dev/null");
1194	3ff9d424	Scott Ullrich	}
1195	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1196			system_disable_arp_wrong_if();
1197			}
1198			}
1199
1200			function system_disable_arp_wrong_if() {
1201	f19d3b7a	Scott Ullrich	global $config;
1202	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1203			$mt = microtime();
1204	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1205	333f8ef0	Scott Ullrich	}
1206	3390eca7	Scott Ullrich	system("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0 2>/dev/null");
1207	3ff9d424	Scott Ullrich	}
1208
1209	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1210	f19d3b7a	Scott Ullrich	global $config;
1211	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1212			$mt = microtime();
1213	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1214	58c7450e	Scott Ullrich	}
1215	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1216			}
1217
1218	a199b93e	Scott Ullrich	function enable_watchdog() {
1219			global $config;
1220			$install_watchdog = false;
1221			$supported_watchdogs = array("Geode");
1222			$file = file_get_contents("/var/log/dmesg.boot");
1223			foreach($supported_watchdogs as $sd) {
1224			if(stristr($file, "Geode")) {
1225			$install_watchdog = true;
1226			}
1227			}
1228			if($install_watchdog == true) {
1229	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1230			exec("/usr/bin/killall watchdogd");
1231	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1232	a199b93e	Scott Ullrich	}
1233			}
1234	243aa7b9	Scott Ullrich
1235	7cb5af21	Scott Ullrich	?>

Project

General

Profile

pfSense