/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 7f951c63

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33	971de1f9	Renato Botelho	pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/route
34	b368b35a	Ermal	pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/sbin/syslogd
35	523855b0	Scott Ullrich	pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36	fdfa8f43	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/sbin/ntpd /usr/local/sbin/ntpdate
37	c3b13d60	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
38	356e86d4	Renato Botelho	pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns
39	523855b0	Scott Ullrich	pfSense_MODULE: utils
40			*/
41	0f282d7a	Scott Ullrich
42	8e9fa41d	Scott Ullrich	function activate_powerd() {
43			global $config, $g;
44	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
45			return;
46	53c210dd	Cristian Feldman	if(is_process_running("powerd"))
47			exec("/usr/bin/killall powerd");
48	8e9fa41d	Scott Ullrich	if(isset($config['system']['powerd_enable'])) {
49	c3b13d60	jim-p	if ($g["platform"] == "nanobsd")
50			exec("/sbin/kldload cpufreq");
51	a358eec2	N0YB
52			$ac_mode = "hadp";
53			if (!empty($config['system']['powerd_ac_mode']))
54			$ac_mode = $config['system']['powerd_ac_mode'];
55
56			$battery_mode = "hadp";
57			if (!empty($config['system']['powerd_battery_mode']))
58			$battery_mode = $config['system']['powerd_battery_mode'];
59
60	3d77cc35	Steven Selph	$normal_mode = "hadp";
61			if (!empty($config['system']['powerd_normal_mode']))
62			$normal_mode = $config['system']['powerd_normal_mode'];
63
64			mwexec("/usr/sbin/powerd -b $battery_mode -a $ac_mode -n $normal_mode");
65	8e9fa41d	Scott Ullrich	}
66			}
67
68	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
69			global $sysctls;
70	f3c91cb5	Erik Fonnesbeck
71			if (isset($sysctls[$id]))
72			return $sysctls[$id];
73	3a35f55f	Scott Ullrich	}
74
75	d87fcac9	Ermal	function get_sysctl_descr($sysctl) {
76			unset($output);
77			$_gb = exec("/sbin/sysctl -nd {$sysctl}", $output);
78
79			return $output[0];
80			}
81
82			function system_get_sysctls() {
83			global $config, $sysctls;
84
85			$disp_sysctl = array();
86			$disp_cache = array();
87			if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
88			foreach($config['sysctl']['item'] as $id => $tunable) {
89			if ($tunable['value'] == "default")
90			$value = get_default_sysctl_value($tunable['tunable']);
91			else
92			$value = $tunable['value'];
93
94			$disp_sysctl[$id] = $tunable;
95			$disp_sysctl[$id]['modified'] = true;
96			$disp_cache[$tunable['tunable']] = 'set';
97			}
98			}
99
100			foreach ($sysctls as $sysctl => $value) {
101			if (isset($disp_cache[$sysctl]))
102			continue;
103
104			$disp_sysctl[$sysctl] = array('tunable' => $sysctl, 'value' => $value, 'descr' => get_sysctl_descr($sysctl));
105			}
106			unset($disp_cache);
107			return $disp_sysctl;
108			}
109
110	6df9d7e3	Scott Ullrich	function activate_sysctls() {
111	c46f9695	Ermal	global $config, $g, $sysctls;
112	971de1f9	Renato Botelho
113	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
114			return;
115	971de1f9	Renato Botelho
116	d87fcac9	Ermal	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
117	cac19f50	Scott Ullrich	foreach($config['sysctl']['item'] as $tunable) {
118	971de1f9	Renato Botelho	if($tunable['value'] == "default")
119	b2d0140c	Scott Ullrich	$value = get_default_sysctl_value($tunable['tunable']);
120	971de1f9	Renato Botelho	else
121			$value = $tunable['value'];
122
123			$sysctls[$tunable['tunable']] = $value;
124	d0b461f5	sullrich	}
125			}
126	971de1f9	Renato Botelho
127			set_sysctl($sysctls);
128	6df9d7e3	Scott Ullrich	}
129
130	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
131	c3f535c0	Seth Mos	global $config, $g;
132
133			if(isset($config['system']['developerspew'])) {
134			$mt = microtime();
135			echo "system_resolvconf_generate() being called $mt\n";
136			}
137	ef217c69	Scott Ullrich
138	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
139	ef217c69	Scott Ullrich
140	95834f84	Chris Buechler	if (((isset($config['dnsmasq']['enable']) && (!isset($config['dnsmasq']['port']) \|\| $config['dnsmasq']['port'] == "53") && (empty($config['dnsmasq']['interface']) \|\| in_array("lo0", explode(",", $config['dnsmasq']['interface']))))
141	9eabb248	Chris Buechler	\|\| (isset($config['unbound']['enable'])) && (!isset($config['unbound']['port']) \|\| $config['unbound']['port'] == "53") && (empty($config['unbound']['active_interface']) \|\| in_array("lo0", explode(",", $config['unbound']['active_interface'])) \|\| in_array("all", explode(",", $config['unbound']['active_interface']), true)))
142	bd5737dc	jim-p	&& !isset($config['system']['dnslocalhost']))
143	6c86a39f	Ermal	$resolvconf .= "nameserver 127.0.0.1\n";
144	8ac329da	Ermal
145	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
146	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
147	86dcdfc9	Ermal	$ns = array_unique(get_searchdomains());
148			foreach($ns as $searchserver) {
149	8e866217	Ermal	if($searchserver)
150	86dcdfc9	Ermal	$resolvconf .= "search {$searchserver}\n";
151			}
152	c3f535c0	Seth Mos	$ns = array_unique(get_nameservers());
153			foreach($ns as $nameserver) {
154	8e866217	Ermal	if($nameserver)
155	c3f535c0	Seth Mos	$resolvconf .= "nameserver $nameserver\n";
156			}
157	e8b5f724	Chris Buechler	} else {
158			// Do not create blank search/domain lines, it can break tools like dig.
159			if($syscfg['domain'])
160	97383d2b	Chris Buechler	$resolvconf .= "search {$syscfg['domain']}\n";
161	30cee7b2	Scott Ullrich	}
162	8e866217	Ermal	if (is_array($syscfg['dnsserver'])) {
163	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
164	8e866217	Ermal	if ($ns)
165	c3f535c0	Seth Mos	$resolvconf .= "nameserver $ns\n";
166	e180a6e3	Scott Ullrich	}
167	c3f535c0	Seth Mos	}
168	0f282d7a	Scott Ullrich
169	3b95d9ec	Warren Baker	// Add EDNS support
170			if (isset($config['unbound']['enable']) && isset($config['unbound']['edns']))
171			$resolvconf .= "options edns0\n";
172
173	d97ff036	Ermal	$dnslock = lock('resolvconf', LOCK_EX);
174
175	e1daff07	Ermal	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
176			if (!$fd) {
177			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
178	d97ff036	Ermal	unlock($dnslock);
179	e1daff07	Ermal	return 1;
180			}
181
182	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
183			fclose($fd);
184	0f282d7a	Scott Ullrich
185	0000cdf7	Warren Baker	// Prevent resolvconf(8) from rewriting our resolv.conf
186			$fd = fopen("{$g['varetc_path']}/resolvconf.conf", "w");
187			if (!$fd) {
188			printf("Error: cannot open resolvconf.conf in system_resolvconf_generate().\n");
189			return 1;
190			}
191			fwrite($fd, "resolv_conf=\"/dev/null\"\n");
192			fclose($fd);
193
194	285ef132	Ermal LUÇI	if (!platform_booting()) {
195	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
196			if (!$dynupdate)
197			services_dhcpd_configure();
198	30cee7b2	Scott Ullrich	}
199	ef217c69	Scott Ullrich
200	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
201			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
202			/* setup static routes for dns servers */
203	c935003d	Seth Mos	$dnsgw = "dns{$dnscounter}gw";
204	c3f535c0	Seth Mos	if (isset($config['system'][$dnsgw])) {
205	c935003d	Seth Mos	$gwname = $config['system'][$dnsgw];
206			if (($gwname <> "") && ($gwname <> "none")) {
207			$gatewayip = lookup_gateway_ip_by_name($gwname);
208			if (is_ipaddrv4($gatewayip)) {
209	c3f535c0	Seth Mos	/* dns server array starts at 0 */
210	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
211	12f77b03	Ermal	mwexec("/sbin/route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
212	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
213			$mt = microtime();
214			log_error("ROUTING debug: $mt - route change -host {$syscfg['dnsserver'][$dnscountermo]} $gatewayip ");
215			}
216	b875f306	Scott Ullrich	}
217	c935003d	Seth Mos	if (is_ipaddrv6($gatewayip)) {
218			/* dns server array starts at 0 */
219			$dnscountermo = $dnscounter - 1;
220	12f77b03	Ermal	mwexec("/sbin/route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
221	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
222			$mt = microtime();
223			log_error("ROUTING debug: $mt - route change -host -inet6 {$syscfg['dnsserver'][$dnscountermo]} $gatewayip ");
224			}
225	c935003d	Seth Mos	}
226	b875f306	Scott Ullrich	}
227	e180a6e3	Scott Ullrich	}
228	c3f535c0	Seth Mos	}
229	d97ff036	Ermal
230			unlock($dnslock);
231
232	c3f535c0	Seth Mos	return 0;
233	5b237745	Scott Ullrich	}
234
235	86dcdfc9	Ermal	function get_searchdomains() {
236			global $config, $g;
237
238			$master_list = array();
239
240			// Read in dhclient nameservers
241	e1daff07	Ermal	$search_list = glob("/var/etc/searchdomain_*");
242	f4a4bcbc	Renato Botelho	if (is_array($search_list)) {
243			foreach($search_list as $fdns) {
244	807fd6cd	Ermal	$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
245			if (!is_array($contents))
246			continue;
247			foreach ($contents as $dns) {
248			if(is_hostname($dns))
249			$master_list[] = $dns;
250			}
251	86dcdfc9	Ermal	}
252			}
253
254			return $master_list;
255			}
256
257	3d00ccaa	Scott Ullrich	function get_nameservers() {
258			global $config, $g;
259			$master_list = array();
260	30cee7b2	Scott Ullrich
261	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
262	e1daff07	Ermal	$dns_lists = glob("/var/etc/nameserver_*");
263	1033de74	Ermal	if (is_array($dns_lists)) {
264	807fd6cd	Ermal	foreach($dns_lists as $fdns) {
265			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
266			if (!is_array($contents))
267			continue;
268			foreach ($contents as $dns) {
269			if(is_ipaddr($dns))
270			$master_list[] = $dns;
271			}
272	60951398	Scott Ullrich	}
273	3d00ccaa	Scott Ullrich	}
274	2a1226ad	Scott Ullrich
275			// Read in any extra nameservers
276			if(file_exists("/var/etc/nameservers.conf")) {
277	33818198	Ermal	$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
278	e1daff07	Ermal	if(is_array($dns_s)) {
279	2a1226ad	Scott Ullrich	foreach($dns_s as $dns)
280	1033de74	Ermal	if (is_ipaddr($dns))
281			$master_list[] = $dns;
282	e1daff07	Ermal	}
283	2a1226ad	Scott Ullrich	}
284
285	3d00ccaa	Scott Ullrich	return $master_list;
286			}
287
288	5b237745	Scott Ullrich	function system_hosts_generate() {
289	f19d3b7a	Scott Ullrich	global $config, $g;
290	f6248774	Warren Baker	if (isset($config['system']['developerspew'])) {
291	58c7450e	Scott Ullrich	$mt = microtime();
292	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
293	f19d3b7a	Scott Ullrich	}
294	0f282d7a	Scott Ullrich
295	5b237745	Scott Ullrich	$syscfg = $config['system'];
296	21713b25	Renato Botelho	if (isset($config['unbound']) && isset($config['unbound']['enable']))
297			$dnsmasqcfg = $config['unbound'];
298			else
299			$dnsmasqcfg = $config['dnsmasq'];
300	5b237745	Scott Ullrich
301	21713b25	Renato Botelho	$hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
302			$hosts .= "::1 localhost localhost.{$syscfg['domain']}\n";
303	aa994814	Andrew Thompson	$lhosts = "";
304			$dhosts = "";
305	a55e9c70	Ermal Lu?i
306	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
307			$cfgip = get_interface_ip("lan");
308	f38f8062	Ermal	if (is_ipaddr($cfgip))
309			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
310	fb64f3aa	Chris Buechler	$cfgipv6 = get_interface_ipv6("lan");
311			if (is_ipaddrv6($cfgipv6))
312			$hosts .= "{$cfgipv6} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
313	e5995f9d	Ermal	} else {
314			$sysiflist = get_configured_interface_list();
315	fb64f3aa	Chris Buechler	$hosts_if_found = false;
316	e5995f9d	Ermal	foreach ($sysiflist as $sysif) {
317			if (!interface_has_gateway($sysif)) {
318			$cfgip = get_interface_ip($sysif);
319			if (is_ipaddr($cfgip)) {
320			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
321	fb64f3aa	Chris Buechler	$hosts_if_found = true;
322			}
323			$cfgipv6 = get_interface_ipv6($sysif);
324			if (is_ipaddrv6($cfgipv6)) {
325			$hosts .= "{$cfgipv6} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
326			$hosts_if_found = true;
327	e5995f9d	Ermal	}
328	fb64f3aa	Chris Buechler	if ($hosts_if_found == true)
329			break;
330	e5995f9d	Ermal	}
331			}
332	f38f8062	Ermal	}
333	0f282d7a	Scott Ullrich
334	a80cb9ca	PiBa-NL	if (isset($dnsmasqcfg['enable'])) {
335	ea1aca13	Renato Botelho	if (!is_array($dnsmasqcfg['hosts']))
336			$dnsmasqcfg['hosts'] = array();
337
338			foreach ($dnsmasqcfg['hosts'] as $host) {
339			if ($host['host'])
340			$lhosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
341	5a2a8349	Lorenz Schori	else
342	ea1aca13	Renato Botelho	$lhosts .= "{$host['ip']} {$host['domain']}\n";
343			if (!is_array($host['aliases']) \|\| !is_array($host['aliases']['item']))
344			continue;
345			foreach ($host['aliases']['item'] as $alias) {
346			if ($alias['host'])
347			$lhosts .= "{$host['ip']} {$alias['host']}.{$alias['domain']} {$alias['host']}\n";
348			else
349			$lhosts .= "{$host['ip']} {$alias['domain']}\n";
350			}
351			}
352			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
353			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
354			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
355			foreach ($dhcpifconf['staticmap'] as $host)
356	2ec52b3e	Daniel Becker	if ($host['ipaddr'] && $host['hostname'] && $host['domain'])
357			$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
358			else if ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain'])
359			$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
360			else if ($host['ipaddr'] && $host['hostname'])
361	ea1aca13	Renato Botelho	$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
362			}
363			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
364			foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf)
365			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
366			foreach ($dhcpifconf['staticmap'] as $host)
367	2ec52b3e	Daniel Becker	if ($host['ipaddrv6'] && $host['hostname'] && $host['domain'])
368			$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n";
369			else if ($host['ipaddrv6'] && $host['hostname'] && $dhcpifconf['domain'])
370			$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n";
371			else if ($host['ipaddrv6'] && $host['hostname'])
372	ea1aca13	Renato Botelho	$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
373	5a2a8349	Lorenz Schori	}
374	58db1fc4	Ermal
375	ea1aca13	Renato Botelho	if (isset($dnsmasqcfg['dhcpfirst']))
376			$hosts .= $dhosts . $lhosts;
377			else
378			$hosts .= $lhosts . $dhosts;
379			}
380	aa994814	Andrew Thompson
381	58db1fc4	Ermal	/*
382			* Do not remove this because dhcpleases monitors with kqueue it needs to be
383			* killed before writing to hosts files.
384			*/
385			if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
386			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
387	ea1aca13	Renato Botelho	@unlink("{$g['varrun_path']}/dhcpleases.pid");
388	58db1fc4	Ermal	}
389			$fd = fopen("{$g['varetc_path']}/hosts", "w");
390			if (!$fd) {
391			log_error("Error: cannot open hosts file in system_hosts_generate().\n");
392			return 1;
393			}
394	5b237745	Scott Ullrich	fwrite($fd, $hosts);
395			fclose($fd);
396	0f282d7a	Scott Ullrich
397	3f06e538	Warren Baker	if (isset($config['unbound']['enable'])) {
398			require_once("unbound.inc");
399	f6248774	Warren Baker	unbound_hosts_generate();
400	3f06e538	Warren Baker	}
401	f6248774	Warren Baker
402	24d619f5	Ermal	return 0;
403			}
404
405			function system_dhcpleases_configure() {
406	15d456b9	gnhb	global $config, $g;
407
408	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
409			return;
410	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
411	f6248774	Warren Baker	if ((isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcp']))
412			\|\| (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcp']))) {
413	956950de	Ermal	/* Make sure we do not error out */
414	abdd01f5	Ermal	mwexec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/db");
415			if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"))
416			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
417	4dbcf2fb	Renato Botelho
418	21713b25	Renato Botelho	if (isset($config['unbound']['enable'])) {
419	4dbcf2fb	Renato Botelho	$dns_pid = "unbound.pid";
420	21713b25	Renato Botelho	$unbound_conf = "-u {$g['unbound_chroot_path']}/dhcpleases_entries.conf";
421			} else {
422	4dbcf2fb	Renato Botelho	$dns_pid = "dnsmasq.pid";
423	21713b25	Renato Botelho	$unbound_conf = "";
424			}
425	4dbcf2fb	Renato Botelho
426			$pidfile = "{$g['varrun_path']}/dhcpleases.pid";
427			if (isvalidpid($pidfile)) {
428			/* Make sure dhcpleases is using correct unbound or dnsmasq */
429			$_gb = exec("/bin/pgrep -F {$pidfile} -f {$dns_pid}", $output, $retval);
430			if (intval($retval) == 0) {
431			sigkillbypid($pidfile, "HUP");
432			return;
433			} else
434			sigkillbypid($pidfile, "TERM");
435	69e593c1	jim-p	}
436	4dbcf2fb	Renato Botelho
437			/* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */
438			if (is_process_running("dhcpleases"))
439	21713b25	Renato Botelho	sigkillbyname('dhcpleases', "TERM");
440			@unlink($pidfile);
441			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/{$dns_pid} {$unbound_conf} -h {$g['varetc_path']}/hosts");
442	15d456b9	gnhb	} else {
443	21713b25	Renato Botelho	sigkillbypid($pidfile, "TERM");
444			@unlink($pidfile);
445	15d456b9	gnhb	}
446	5b237745	Scott Ullrich	}
447
448			function system_hostname_configure() {
449	f19d3b7a	Scott Ullrich	global $config, $g;
450	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
451			$mt = microtime();
452	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
453	333f8ef0	Scott Ullrich	}
454	0f282d7a	Scott Ullrich
455	5b237745	Scott Ullrich	$syscfg = $config['system'];
456	0f282d7a	Scott Ullrich
457	5b237745	Scott Ullrich	/* set hostname */
458	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
459	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
460	6bfccde7	Scott Ullrich
461			/* Setup host GUID ID. This is used by ZFS. */
462			mwexec("/etc/rc.d/hostid start");
463
464			return $status;
465	5b237745	Scott Ullrich	}
466
467	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
468	962625aa	Ermal	global $config, $g;
469	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
470			return;
471	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
472			$mt = microtime();
473	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
474	58c7450e	Scott Ullrich	}
475	333f8ef0	Scott Ullrich
476	a529aced	Ermal	$gatewayip = "";
477			$interfacegw = "";
478	5a5413bb	Seth Mos	$gatewayipv6 = "";
479			$interfacegwv6 = "";
480	d35dfaae	Ermal	$foundgw = false;
481	5a5413bb	Seth Mos	$foundgwv6 = false;
482	a529aced	Ermal	/* tack on all the hard defined gateways as well */
483			if (is_array($config['gateways']['gateway_item'])) {
484	873c1701	Renato Botelho	array_map('unlink', glob("{$g['tmp_path']}/*_defaultgw{,v6}", GLOB_BRACE));
485	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
486	f934af33	Ermal	if (isset($gateway['defaultgw'])) {
487	d35dfaae	Ermal	if ($foundgw == false && ($gateway['ipprotocol'] != "inet6" && (is_ipaddrv4($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic"))) {
488			if(strpos($gateway['gateway'], ":"))
489	f934af33	Ermal	continue;
490			if ($gateway['gateway'] == "dynamic")
491			$gateway['gateway'] = get_interface_gateway($gateway['interface']);
492	9d595f6a	Ermal	$gatewayip = $gateway['gateway'];
493	03e96afb	Renato Botelho	$interfacegw = $gateway['interface'];
494	f934af33	Ermal	if (!empty($gateway['interface'])) {
495			$defaultif = get_real_interface($gateway['interface']);
496			if ($defaultif)
497			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gateway['gateway']);
498			}
499			$foundgw = true;
500	d35dfaae	Ermal	} else if ($foundgwv6 == false && ($gateway['ipprotocol'] == "inet6" && (is_ipaddrv6($gateway['gateway']) \|\| $gateway['gateway'] == "dynamic"))) {
501	d07bc322	Renato Botelho	if ($gateway['gateway'] == "dynamic")
502	f934af33	Ermal	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
503	9d595f6a	Ermal	$gatewayipv6 = $gateway['gateway'];
504	03e96afb	Renato Botelho	$interfacegwv6 = $gateway['interface'];
505	f934af33	Ermal	if (!empty($gateway['interface'])) {
506	c79f717a	Ermal	$defaultifv6 = get_real_interface($gateway['interface']);
507	f934af33	Ermal	if ($defaultifv6)
508			@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gateway['gateway']);
509			}
510			$foundgwv6 = true;
511	924f202e	Ermal	}
512	a529aced	Ermal	}
513	f934af33	Ermal	if ($foundgw === true && $foundgwv6 === true)
514	5a5413bb	Seth Mos	break;
515			}
516	b24bda08	Scott Ullrich	}
517	3cc07282	Ermal	if ($foundgw == false) {
518			$defaultif = get_real_interface("wan");
519			$interfacegw = "wan";
520			$gatewayip = get_interface_gateway("wan");
521	d35dfaae	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
522	3cc07282	Ermal	}
523	5a5413bb	Seth Mos	if ($foundgwv6 == false) {
524	c79f717a	Ermal	$defaultifv6 = get_real_interface("wan");
525	4f332466	Seth Mos	$interfacegwv6 = "wan";
526			$gatewayipv6 = get_interface_gateway_v6("wan");
527	d35dfaae	Ermal	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
528	17a5b095	Seth Mos	}
529	d173230c	Seth Mos	$dont_add_route = false;
530			/* if OLSRD is enabled, allow WAN to house DHCP. */
531	f934af33	Ermal	if (is_array($config['installedpackages']['olsrd'])) {
532	d173230c	Seth Mos	foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
533	f581cb10	Chris Buechler	if(($olsrd['enabledyngw'] == "on") && ($olsrd['enable'] == "on")) {
534	d173230c	Seth Mos	$dont_add_route = true;
535	f581cb10	Chris Buechler	log_error(sprintf(gettext("Not adding default route because OLSR dynamic gateway is enabled.")));
536	6e17413e	Ermal Lu?i	break;
537	d173230c	Seth Mos	}
538			}
539			}
540	07b54e8c	smos
541	1ea67f2e	Ermal	if ($dont_add_route == false ) {
542	8d29cef4	Ermal	if (!empty($interface) && $interface != $interfacegw)
543	1ea67f2e	Ermal	;
544	cac386b6	Chris Buechler	else if (is_ipaddrv4($gatewayip)) {
545	b368b35a	Ermal	log_error("ROUTING: setting default route to $gatewayip");
546			mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
547	d173230c	Seth Mos	}
548
549	17a5b095	Seth Mos	if (!empty($interface) && $interface != $interfacegwv6)
550	5a5413bb	Seth Mos	;
551	cac386b6	Chris Buechler	else if (is_ipaddrv6($gatewayipv6)) {
552	8be135cd	Ermal	$ifscope = "";
553	7cdfe39e	Ermal	if (is_linklocal($gatewayipv6) && !strpos($gatewayipv6, '%'))
554	26ecc19c	smos	$ifscope = "%{$defaultifv6}";
555	ea91a8c0	smos	log_error("ROUTING: setting IPv6 default route to {$gatewayipv6}{$ifscope}");
556	ef74c9e4	Renato Botelho	mwexec("/sbin/route change -inet6 default " . escapeshellarg("{$gatewayipv6}{$ifscope}"));
557	5a5413bb	Seth Mos	}
558			}
559
560	2a2b9eea	Renato Botelho	system_staticroutes_configure($interface, false);
561
562			return 0;
563			}
564
565			function system_staticroutes_configure($interface = "", $update_dns = false) {
566			global $config, $g, $aliastable;
567
568	356e86d4	Renato Botelho	$filterdns_list = array();
569
570	e47d24e4	Renato Botelho	$static_routes = get_staticroutes(false, true);
571	f898c1a9	jim-p	if (count($static_routes)) {
572	6fdea6a2	smos	$gateways_arr = return_gateways_array(false, true);
573	0f282d7a	Scott Ullrich
574	f898c1a9	jim-p	foreach ($static_routes as $rtent) {
575	a02708b1	Ermal	if (empty($gateways_arr[$rtent['gateway']])) {
576	4a896b86	Carlos Eduardo Ramos	log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
577	a529aced	Ermal	continue;
578			}
579	a02708b1	Ermal	$gateway = $gateways_arr[$rtent['gateway']];
580	1801c223	Ermal	if (!empty($interface) && $interface != $gateway['friendlyiface'])
581	a02708b1	Ermal	continue;
582	9740fad8	Seth Mos
583	a02708b1	Ermal	$gatewayip = $gateway['gateway'];
584			$interfacegw = $gateway['interface'];
585	a529aced	Ermal
586	1e5f47bb	smos	$blackhole = "";
587	8be135cd	Ermal	if (!strcasecmp("Null", substr($rtent['gateway'], 0, 3)))
588	1e5f47bb	smos	$blackhole = "-blackhole";
589
590	e47d24e4	Renato Botelho	if (!is_fqdn($rtent['network']) && !is_subnet($rtent['network']))
591	2a2b9eea	Renato Botelho	continue;
592	046583c3	Renato Botelho
593	e47d24e4	Renato Botelho	$dnscache = array();
594			if ($update_dns === true) {
595			if (is_subnet($rtent['network']))
596	2a2b9eea	Renato Botelho	continue;
597	e47d24e4	Renato Botelho	$dnscache = explode("\n", trim(compare_hostname_to_dnscache($rtent['network'])));
598			if (empty($dnscache))
599			continue;
600			}
601	046583c3	Renato Botelho
602	e47d24e4	Renato Botelho	if (is_subnet($rtent['network']))
603			$ips = array($rtent['network']);
604			else {
605			if (!isset($rtent['disabled']))
606			$filterdns_list[] = $rtent['network'];
607			$ips = add_hostname_to_watch($rtent['network']);
608			}
609	2a2b9eea	Renato Botelho
610	e47d24e4	Renato Botelho	foreach ($dnscache as $ip) {
611			if (in_array($ip, $ips))
612			continue;
613			mwexec("/sbin/route delete " . escapeshellarg($ip), true);
614	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
615			$mt = microtime();
616			log_error("ROUTING debug: $mt - route delete $ip ");
617			}
618	e47d24e4	Renato Botelho	}
619	2a2b9eea	Renato Botelho
620	e47d24e4	Renato Botelho	if (isset($rtent['disabled'])) {
621	1f4ad8f4	Chris Buechler	/* XXX: This can break things by deleting routes that shouldn't be deleted - OpenVPN, dynamic routing scenarios, etc. redmine #3709 */
622	7bd413eb	Chris Buechler	foreach ($ips as $ip) {
623	2a2b9eea	Renato Botelho	mwexec("/sbin/route delete " . escapeshellarg($ip), true);
624	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
625			$mt = microtime();
626			log_error("ROUTING debug: $mt - route delete $ip ");
627			}
628			}
629	e47d24e4	Renato Botelho	continue;
630			}
631	2a2b9eea	Renato Botelho
632	e47d24e4	Renato Botelho	foreach ($ips as $ip) {
633			if (is_ipaddrv4($ip))
634			$ip .= "/32";
635	e78509cc	Chris Buechler	// do NOT do the same check here on v6, is_ipaddrv6 returns true when including the CIDR mask. doing so breaks v6 routes
636
637	e47d24e4	Renato Botelho	$inet = (is_subnetv6($ip) ? "-inet6" : "-inet");
638	2a2b9eea	Renato Botelho
639	e47d24e4	Renato Botelho	$cmd = "/sbin/route change {$inet} {$blackhole} " . escapeshellarg($ip) . " ";
640
641			if (is_subnet($ip))
642	7bd413eb	Chris Buechler	if (is_ipaddr($gatewayip)) {
643	e47d24e4	Renato Botelho	mwexec($cmd . escapeshellarg($gatewayip));
644	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
645			$mt = microtime();
646			log_error("ROUTING debug: $mt - $cmd $gatewayip");
647			}
648			} else if (!empty($interfacegw)) {
649	e47d24e4	Renato Botelho	mwexec($cmd . "-iface " . escapeshellarg($interfacegw));
650	7bd413eb	Chris Buechler	if (isset($config['system']['route-debug'])) {
651			$mt = microtime();
652			log_error("ROUTING debug: $mt - $cmd -iface $interfacegw ");
653			}
654			}
655	2a2b9eea	Renato Botelho	}
656	5b237745	Scott Ullrich	}
657	6a205b6a	Ermal	unset($gateways_arr);
658	5b237745	Scott Ullrich	}
659	6a205b6a	Ermal	unset($static_routes);
660	67ee1ec5	Ermal Luçi
661	e47d24e4	Renato Botelho	if ($update_dns === false) {
662			if (count($filterdns_list)) {
663			$interval = 60;
664			$hostnames = "";
665			array_unique($filterdns_list);
666			foreach ($filterdns_list as $hostname)
667			$hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload routedns\"'\n";
668			file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
669			unset($hostnames);
670
671			if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid"))
672			sigkillbypid("{$g['varrun_path']}/filterdns-route.pid", "HUP");
673			else
674			mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
675			} else {
676			killbypid("{$g['varrun_path']}/filterdns-route.pid");
677			@unlink("{$g['varrun_path']}/filterdns-route.pid");
678			}
679	356e86d4	Renato Botelho	}
680	e47d24e4	Renato Botelho	unset($filterdns_list);
681	356e86d4	Renato Botelho
682	b9c501ea	Seth Mos	return 0;
683	5b237745	Scott Ullrich	}
684
685			function system_routing_enable() {
686	f19d3b7a	Scott Ullrich	global $config, $g;
687	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
688			$mt = microtime();
689	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
690	58c7450e	Scott Ullrich	}
691	0f282d7a	Scott Ullrich
692	971de1f9	Renato Botelho	set_sysctl(array(
693			"net.inet.ip.forwarding" => "1",
694			"net.inet6.ip6.forwarding" => "1"
695			));
696
697	6da3df4e	Seth Mos	return;
698	5b237745	Scott Ullrich	}
699
700	bd29bb7b	jim-p	function system_syslogd_fixup_server($server) {
701			/* If it's an IPv6 IP alone, encase it in brackets */
702			if (is_ipaddrv6($server))
703			return "[$server]";
704			else
705			return $server;
706			}
707
708	236524c2	jim-p	function system_syslogd_get_remote_servers($syslogcfg, $facility = ".") {
709			// Rather than repeatedly use the same code, use this function to build a list of remote servers.
710			$facility .= " ".
711			$remote_servers = "";
712			$pad_to = 56;
713			$padding = ceil(($pad_to - strlen($facility))/8)+1;
714			if($syslogcfg['remoteserver'])
715	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
716	236524c2	jim-p	if($syslogcfg['remoteserver2'])
717	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
718	236524c2	jim-p	if($syslogcfg['remoteserver3'])
719	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
720	236524c2	jim-p	return $remote_servers;
721			}
722
723	5b237745	Scott Ullrich	function system_syslogd_start() {
724	f19d3b7a	Scott Ullrich	global $config, $g;
725	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
726			$mt = microtime();
727	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
728	58c7450e	Scott Ullrich	}
729	0f282d7a	Scott Ullrich
730	1fd3fe31	Scott Ullrich	mwexec("/etc/rc.d/hostid start");
731
732	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
733
734	285ef132	Ermal LUÇI	if (platform_booting())
735	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting syslog...");
736	0f282d7a	Scott Ullrich
737	100f3e71	Ermal	if (is_process_running("fifolog_writer"))
738	236524c2	jim-p	mwexec('/bin/pkill fifolog_writer');
739	7ee97cb3	Scott Ullrich
740			// Which logging type are we using this week??
741	100f3e71	Ermal	if (isset($config['system']['disablesyslogclog'])) {
742			$log_directive = "";
743			$log_create_directive = "/usr/bin/touch ";
744			$log_size = "";
745			} else if (isset($config['system']['usefifolog'])) {
746			$log_directive = "\|/usr/sbin/fifolog_writer ";
747	c7a3356e	jim-p	$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "10240";
748	100f3e71	Ermal	$log_create_directive = "/usr/sbin/fifolog_create -s ";
749	7ee97cb3	Scott Ullrich	} else { // Defaults to CLOG
750	100f3e71	Ermal	$log_directive = "%";
751	c7a3356e	jim-p	$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "10240";
752	2a50fd8a	Renato Botelho	$log_create_directive = "/usr/local/sbin/clog -i -s ";
753	7ee97cb3	Scott Ullrich	}
754	66201c96	Ermal
755			$syslogd_extra = "";
756	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
757	20a95904	Ermal	$separatelogfacilities = array('ntp','ntpd','ntpdate','charon','ipsec_starter','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','filterdns','unbound','dhcpd','dhcrelay','dhclient','dhcp6c','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd','miniupnpd','filterlog');
758	344016a8	Ermal	$syslogconf = "";
759	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
760	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
761			if($package['logging']) {
762	d589cccf	Warren Baker	array_push($separatelogfacilities, $package['logging']['facilityname']);
763	100f3e71	Ermal	mwexec("{$log_create_directive} {$log_size} {$g['varlog_path']}/{$package['logging']['logfilename']}");
764	eeb52fea	Warren Baker	$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
765	a728d2ea	Colin Smith	}
766	0d9d2a1b	Scott Ullrich	}
767			}
768	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
769	5c8cbb26	jim-p	$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd\n";
770	e0c45357	jim-p	if (!isset($syslogcfg['disablelocallogging']))
771			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/routing.log\n";
772
773			$syslogconf .= "!ntp,ntpd,ntpdate\n";
774	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
775	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
776
777	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
778			if (!isset($syslogcfg['disablelocallogging']))
779	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
780
781	a6607b5f	jim-p	$syslogconf .= "!pptps\n";
782	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
783	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptps.log\n";
784
785	a6607b5f	jim-p	$syslogconf .= "!poes\n";
786	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
787	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/poes.log\n";
788
789	a6607b5f	jim-p	$syslogconf .= "!l2tps\n";
790	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
791	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tps.log\n";
792
793	20a95904	Ermal	$syslogconf .= "!charon,ipsec_starter\n";
794	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
795	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
796			if (isset($syslogcfg['vpn']))
797			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
798
799	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
800	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
801	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
802			if (isset($syslogcfg['vpn']))
803			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
804
805	7bc41b19	jim-p	$syslogconf .= "!apinger\n";
806			if (!isset($syslogcfg['disablelocallogging']))
807	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/gateways.log\n";
808			if (isset($syslogcfg['apinger']))
809			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
810
811	a89b7342	jim-p	$syslogconf .= "!dnsmasq,filterdns,unbound\n";
812	e0977fed	smos	if (!isset($syslogcfg['disablelocallogging']))
813			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/resolver.log\n";
814
815	b462fc5e	Renato Botelho	$syslogconf .= "!dhcpd,dhcrelay,dhclient,dhcp6c\n";
816	e0977fed	smos	if (!isset($syslogcfg['disablelocallogging']))
817			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/dhcpd.log\n";
818	80571c81	Phil Davis	if (isset($syslogcfg['dhcp']))
819	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
820
821	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
822	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
823			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
824			if (isset($syslogcfg['relayd']))
825			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
826
827	689eaa4d	jim-p	$syslogconf .= "!hostapd\n";
828	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
829			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/wireless.log\n";
830			if (isset($syslogcfg['hostapd']))
831			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
832
833	686777c4	Ermal	$syslogconf .= "!filterlog\n";
834			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/filter.log\n";
835			if (isset($syslogcfg['filter']))
836			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
837
838	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
839	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
840	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
841	236524c2	jim-p	local3.* {$log_directive}{$g['varlog_path']}/vpn.log
842			local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
843			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
844	2ba3ea05	Renato Botelho	*.notice;kern.debug;lpr.info;mail.crit;daemon.none; {$log_directive}{$g['varlog_path']}/system.log
845	236524c2	jim-p	news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
846			local7.none {$log_directive}{$g['varlog_path']}/system.log
847			security.* {$log_directive}{$g['varlog_path']}/system.log
848			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
849			auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf 15
850			.emerg
851	be5d59d7	Scott Ullrich
852			EOD;
853	236524c2	jim-p	if (isset($syslogcfg['vpn']))
854			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
855			if (isset($syslogcfg['portalauth']))
856			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
857			if (isset($syslogcfg['dhcp']))
858			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
859	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
860	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
861			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
862			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
863			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
864			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
865			}
866	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
867	236524c2	jim-p	// Make everything mean everything, including facilities excluded above.
868			$syslogconf .= "!*\n";
869			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
870			}
871	be5d59d7	Scott Ullrich
872	a213ad18	Andrew Thompson	if (isset($syslogcfg['zmqserver'])) {
873			$syslogconf .= <<<EOD
874			. ^{$syslogcfg['zmqserver']}
875
876			EOD;
877			}
878	344016a8	Ermal	/* write syslog.conf */
879			if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
880			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
881			unset($syslogconf);
882			return 1;
883			}
884			unset($syslogconf);
885	42ee8bde	Scott Ullrich
886			// Ensure that the log directory exists
887	344016a8	Ermal	if (!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
888	42ee8bde	Scott Ullrich	exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
889
890	cbe12b8d	jim-p	$sourceip = "";
891			if (!empty($syslogcfg['sourceip'])) {
892			if ($syslogcfg['ipproto'] == "ipv6") {
893			$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ipv6($syslogcfg['sourceip']);
894			if (!is_ipaddr($ifaddr))
895			$ifaddr = get_interface_ip($syslogcfg['sourceip']);
896			} else {
897			$ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ip($syslogcfg['sourceip']);
898			if (!is_ipaddr($ifaddr))
899			$ifaddr = get_interface_ipv6($syslogcfg['sourceip']);
900			}
901			if (is_ipaddr($ifaddr)) {
902			$sourceip = "-b {$ifaddr}";
903			}
904			}
905
906	66201c96	Ermal	$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
907	5b237745	Scott Ullrich	}
908	0f282d7a	Scott Ullrich
909	cfda8861	Chris Buechler	if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
910	264d17a5	Chris Buechler	sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM");
911	cfda8861	Chris Buechler	usleep(100000); // syslogd often doesn't respond to a TERM quickly enough for the starting of syslogd below to be successful
912			}
913
914			if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
915			// if it still hasn't responded to the TERM, KILL it.
916			sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL");
917			usleep(100000);
918			}
919
920	264d17a5	Chris Buechler
921			$retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}");
922	66201c96	Ermal
923	285ef132	Ermal LUÇI	if (platform_booting())
924	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
925	0f282d7a	Scott Ullrich
926	5b237745	Scott Ullrich	return $retval;
927			}
928
929	7c4c77ee	jim-p	function system_webgui_create_certificate() {
930			global $config, $g;
931
932			if (!is_array($config['ca']))
933			$config['ca'] = array();
934			$a_ca =& $config['ca'];
935			if (!is_array($config['cert']))
936			$config['cert'] = array();
937			$a_cert =& $config['cert'];
938			log_error("Creating SSL Certificate for this host");
939
940			$cert = array();
941			$cert['refid'] = uniqid();
942	2cf2c62b	jim-p	$cert['descr'] = gettext("webConfigurator default ({$cert['refid']})");
943	7c4c77ee	jim-p
944			$dn = array(
945			'countryName' => "US",
946			'stateOrProvinceName' => "State",
947			'localityName' => "Locality",
948			'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate",
949			'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}",
950	2cf2c62b	jim-p	'commonName' => "{$config['system']['hostname']}-{$cert['refid']}");
951	1444c08e	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
952	7c4c77ee	jim-p	if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")){
953			while($ssl_err = openssl_error_string()){
954			log_error("Error creating WebGUI Certificate: openssl library returns: " . $ssl_err);
955			}
956			error_reporting($old_err_level);
957			return null;
958			}
959			error_reporting($old_err_level);
960
961			$a_cert[] = $cert;
962			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
963	2cf2c62b	jim-p	write_config(gettext("Generated new self-signed HTTPS certificate ({$cert['refid']})"));
964	7c4c77ee	jim-p	return $cert;
965			}
966
967	5b237745	Scott Ullrich	function system_webgui_start() {
968	f19d3b7a	Scott Ullrich	global $config, $g;
969	877ac35d	Scott Ullrich
970	285ef132	Ermal LUÇI	if (platform_booting())
971	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting webConfigurator...");
972	877ac35d	Scott Ullrich
973			chdir($g['www_path']);
974
975	fb1266d3	Matthew Grooms	/* defaults */
976			$portarg = "80";
977			$crt = "";
978			$key = "";
979	2cf6ddcb	Nigel Graham	$ca = "";
980	fb1266d3	Matthew Grooms
981	877ac35d	Scott Ullrich	/* non-standard port? */
982	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
983	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
984	877ac35d	Scott Ullrich
985			if ($config['system']['webgui']['protocol'] == "https") {
986	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
987	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
988	0a8dd27b	Renato Botelho	if(!is_array($cert) \|\| !$cert['crt'] \|\| !$cert['prv'])
989	7c4c77ee	jim-p	$cert = system_webgui_create_certificate();
990	0a8dd27b	Renato Botelho	$crt = base64_decode($cert['crt']);
991			$key = base64_decode($cert['prv']);
992	7c4c77ee	jim-p
993			if(!$config['system']['webgui']['port'])
994			$portarg = "443";
995			$ca = ca_chain($cert);
996	877ac35d	Scott Ullrich	}
997
998			/* generate lighttpd configuration */
999			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
1000	c41602e1	jim-p	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
1001	98f20e35	Irving Popovetsky	"cert.pem", "ca.pem");
1002	877ac35d	Scott Ullrich
1003	a11bc497	Ermal	/* kill any running lighttpd */
1004			killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
1005
1006			sleep(1);
1007
1008			@unlink("{$g['varrun_path']}/lighty-webConfigurator.pid");
1009
1010	877ac35d	Scott Ullrich	/* attempt to start lighthttpd */
1011			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
1012
1013	285ef132	Ermal LUÇI	if (platform_booting()) {
1014	877ac35d	Scott Ullrich	if ($res == 0)
1015	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1016	877ac35d	Scott Ullrich	else
1017	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1018	877ac35d	Scott Ullrich	}
1019
1020			return $res;
1021			}
1022
1023	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
1024			$cert,
1025			$key,
1026	2cf6ddcb	Nigel Graham	$ca,
1027	eb0f441c	Scott Ullrich	$pid_file,
1028			$port = 80,
1029			$document_root = "/usr/local/www/",
1030			$cert_location = "cert.pem",
1031	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
1032	eb0f441c	Scott Ullrich	$captive_portal = false) {
1033	58c7450e	Scott Ullrich
1034	f19d3b7a	Scott Ullrich	global $config, $g;
1035
1036	6955830f	Ermal Lu?i	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
1037			mkdir("{$g['tmp_path']}/lighttpdcompress");
1038	570ef08c	sullrich
1039	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1040			$mt = microtime();
1041	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
1042	58c7450e	Scott Ullrich	}
1043
1044	a96f2d3d	Ermal	if ($captive_portal !== false) {
1045	f7bddb24	Ermal	$captiveportal = ",\"mod_rewrite\",\"mod_evasive\"";
1046	b4792bf8	Ermal	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n";
1047	74a4edc3	Ermal
1048	6844896c	bcyrill	$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
1049	a96f2d3d	Ermal	if (empty($maxprocperip))
1050	f7bddb24	Ermal	$maxprocperip = 10;
1051	74a4edc3	Ermal	$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
1052
1053	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
1054	6240ba7b	Phil Davis	if(!is_dir("{$g['tmp_path']}/captiveportal"))
1055	e570f0eb	Ermal	@mkdir("{$g['tmp_path']}/captiveportal", 0555);
1056	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
1057	b35fdb17	Ermal	$cgi_config = "";
1058	b0bdc06e	Scott Ullrich	} else {
1059	b35fdb17	Ermal	$captiveportal = ",\"mod_cgi\"";
1060	3435dc35	Ermal Lu?i	$captive_portal_rewrite = "";
1061	b0bdc06e	Scott Ullrich	$captive_portal_mod_evasive = "";
1062	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
1063	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
1064	b35fdb17	Ermal	$cgi_config = "cgi.assign = ( \".cgi\" => \"\" )";
1065	eb0f441c	Scott Ullrich	}
1066	3306a341	Scott Ullrich
1067	a96f2d3d	Ermal	if (empty($port))
1068	28cae949	Scott Ullrich	$lighty_port = "80";
1069	a96f2d3d	Ermal	else
1070			$lighty_port = $port;
1071	3d77d4c4	Scott Ullrich
1072			$memory = get_memory();
1073	6b0739ac	Phil Davis	$realmem = $memory[1];
1074	3d77d4c4	Scott Ullrich
1075	98f20e35	Irving Popovetsky	// Determine web GUI process settings and take into account low memory systems
1076	6b0739ac	Phil Davis	if ($realmem < 255)
1077	a96f2d3d	Ermal	$max_procs = 1;
1078			else
1079	98f20e35	Irving Popovetsky	$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
1080	f4ebc84a	Scott Ullrich
1081	98f20e35	Irving Popovetsky	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
1082	70e454e1	Ermal	if ($captive_portal !== false) {
1083	6b0739ac	Phil Davis	if ($realmem > 135 and $realmem < 256) {
1084	98f20e35	Irving Popovetsky	$max_procs += 1; // 2 worker processes
1085	6b0739ac	Phil Davis	} else if ($realmem > 255 and $realmem < 513) {
1086	a96f2d3d	Ermal	$max_procs += 2; // 3 worker processes
1087	6b0739ac	Phil Davis	} else if ($realmem > 512) {
1088	98f20e35	Irving Popovetsky	$max_procs += 4; // 6 worker processes
1089	70cc6249	Scott Ullrich	}
1090	a96f2d3d	Ermal	if ($max_procs > 1)
1091			$max_php_children = intval($max_procs/2);
1092			else
1093			$max_php_children = 1;
1094
1095	e384f16e	Ermal	} else {
1096	6b0739ac	Phil Davis	if ($realmem < 78)
1097	e384f16e	Ermal	$max_php_children = 0;
1098			else
1099			$max_php_children = 1;
1100			}
1101	980df75c	Scott Ullrich
1102	1cf24f0a	jim-p	if(!isset($config['syslog']['nologlighttpd'])) {
1103			$lighty_use_syslog = <<<EOD
1104			## where to send error-messages to
1105			server.errorlog-use-syslog="enable"
1106			EOD;
1107			}
1108
1109
1110	4aea91d8	Ermal	if ($captive_portal !== false) {
1111			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
1112			$fastcgi_config = <<<EOD
1113	4edb490d	Scott Ullrich	#### fastcgi module
1114			## read fastcgi.txt for more info
1115	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
1116	a96f2d3d	Ermal	( "localhost" =>
1117			(
1118			"socket" => "{$fast_cgi_path}",
1119			"max-procs" => {$max_procs},
1120	70e454e1	Ermal	"bin-environment" => (
1121			"PHP_FCGI_CHILDREN" => "{$max_php_children}",
1122			"PHP_FCGI_MAX_REQUESTS" => "500"
1123			),
1124	a96f2d3d	Ermal	"bin-path" => "/usr/local/bin/php"
1125			)
1126	b0bdc06e	Scott Ullrich	)
1127			)
1128	333f8ef0	Scott Ullrich
1129	4edb490d	Scott Ullrich	EOD;
1130	4aea91d8	Ermal	} else {
1131			$fast_cgi_path = "{$g['varrun_path']}/php-fpm.socket";
1132			$fastcgi_config = <<<EOD
1133			#### fastcgi module
1134			## read fastcgi.txt for more info
1135			fastcgi.server = ( ".php" =>
1136			( "localhost" =>
1137			(
1138			"socket" => "{$fast_cgi_path}",
1139			"broken-scriptfilename" => "enable"
1140			)
1141			)
1142			)
1143
1144			EOD;
1145			}
1146
1147	333f8ef0	Scott Ullrich
1148	a96f2d3d	Ermal	$lighty_config = <<<EOD
1149	28cae949	Scott Ullrich	#
1150	a632cf43	Scott Ullrich	# lighttpd configuration file
1151			#
1152			# use a it as base for lighttpd 1.0.0 and above
1153	28cae949	Scott Ullrich	#
1154	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
1155
1156	770b4b9c	Scott Ullrich	## FreeBSD!
1157	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
1158			server.network-backend = "writev"
1159	543ecd59	Seth Mos	#server.use-ipv6 = "enable"
1160	096261af	Scott Ullrich
1161	a632cf43	Scott Ullrich	## modules to load
1162	f7bddb24	Ermal	server.modules = ( "mod_access", "mod_expire", "mod_compress", "mod_redirect",
1163			{$captiveportal}, "mod_fastcgi"
1164	a41c5253	Seth Mos	)
1165	28cae949	Scott Ullrich
1166	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
1167			server.max-keep-alive-idle = 30
1168
1169	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
1170			## server.virtual-* options
1171	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
1172	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
1173	a632cf43	Scott Ullrich
1174	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
1175			server.max-write-idle = 999
1176
1177	1cf24f0a	jim-p	{$lighty_use_syslog}
1178	a632cf43	Scott Ullrich
1179			# files to check for if .../ is requested
1180			server.indexfiles = ( "index.php", "index.html",
1181			"index.htm", "default.htm" )
1182
1183			# mimetype mapping
1184			mimetype.assign = (
1185			".pdf" => "application/pdf",
1186			".sig" => "application/pgp-signature",
1187			".spl" => "application/futuresplash",
1188			".class" => "application/octet-stream",
1189			".ps" => "application/postscript",
1190			".torrent" => "application/x-bittorrent",
1191			".dvi" => "application/x-dvi",
1192			".gz" => "application/x-gzip",
1193			".pac" => "application/x-ns-proxy-autoconfig",
1194			".swf" => "application/x-shockwave-flash",
1195			".tar.gz" => "application/x-tgz",
1196			".tgz" => "application/x-tgz",
1197			".tar" => "application/x-tar",
1198			".zip" => "application/zip",
1199			".mp3" => "audio/mpeg",
1200			".m3u" => "audio/x-mpegurl",
1201			".wma" => "audio/x-ms-wma",
1202			".wax" => "audio/x-ms-wax",
1203			".ogg" => "audio/x-wav",
1204			".wav" => "audio/x-wav",
1205			".gif" => "image/gif",
1206			".jpg" => "image/jpeg",
1207			".jpeg" => "image/jpeg",
1208			".png" => "image/png",
1209			".xbm" => "image/x-xbitmap",
1210			".xpm" => "image/x-xpixmap",
1211			".xwd" => "image/x-xwindowdump",
1212			".css" => "text/css",
1213			".html" => "text/html",
1214			".htm" => "text/html",
1215			".js" => "text/javascript",
1216			".asc" => "text/plain",
1217			".c" => "text/plain",
1218			".conf" => "text/plain",
1219			".text" => "text/plain",
1220			".txt" => "text/plain",
1221			".dtd" => "text/xml",
1222			".xml" => "text/xml",
1223			".mpeg" => "video/mpeg",
1224			".mpg" => "video/mpeg",
1225			".mov" => "video/quicktime",
1226			".qt" => "video/quicktime",
1227			".avi" => "video/x-msvideo",
1228			".asf" => "video/x-ms-asf",
1229			".asx" => "video/x-ms-asf",
1230			".wmv" => "video/x-ms-wmv",
1231			".bz2" => "application/x-bzip",
1232			".tbz" => "application/x-bzip-compressed-tar",
1233			".tar.bz2" => "application/x-bzip-compressed-tar"
1234			)
1235
1236			# Use the "Content-Type" extended attribute to obtain mime type if possible
1237			#mimetypes.use-xattr = "enable"
1238
1239			## deny access the file-extensions
1240			#
1241			# ~ is for backupfiles from vi, emacs, joe, ...
1242			# .inc is often used for code includes which should in general not be part
1243			# of the document-root
1244			url.access-deny = ( "~", ".inc" )
1245
1246
1247	1444c08e	Phil Davis	######### Options that are good to be but not necessary to be changed #######
1248	a632cf43	Scott Ullrich
1249			## bind to port (default: 80)
1250	9cb94dd4	Ermal
1251			EOD;
1252
1253	6839a678	Ermal	$lighty_config .= "server.bind = \"0.0.0.0\"\n";
1254			$lighty_config .= "server.port = {$lighty_port}\n";
1255			$lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n";
1256			$lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n";
1257			if($cert <> "" and $key <> "") {
1258			$lighty_config .= "\n";
1259			$lighty_config .= "## ssl configuration\n";
1260			$lighty_config .= "ssl.engine = \"enable\"\n";
1261			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1262			if($ca <> "")
1263			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1264	543ecd59	Seth Mos	}
1265	6839a678	Ermal	$lighty_config .= " }\n";
1266	543ecd59	Seth Mos
1267	9cb94dd4	Ermal
1268			$lighty_config .= <<<EOD
1269	a632cf43	Scott Ullrich
1270			## error-handler for status 404
1271			#server.error-handler-404 = "/error-handler.html"
1272			#server.error-handler-404 = "/error-handler.php"
1273
1274			## to help the rc.scripts
1275	e141ea70	Ermal	server.pid-file = "{$g['varrun_path']}/{$pid_file}"
1276	a632cf43	Scott Ullrich
1277			## virtual directory listings
1278	28cae949	Scott Ullrich	server.dir-listing = "disable"
1279	a632cf43	Scott Ullrich
1280			## enable debugging
1281	28cae949	Scott Ullrich	debug.log-request-header = "disable"
1282			debug.log-response-header = "disable"
1283			debug.log-request-handling = "disable"
1284			debug.log-file-not-found = "disable"
1285	a632cf43	Scott Ullrich
1286	570ef08c	sullrich	# gzip compression
1287	6955830f	Ermal Lu?i	compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1288	570ef08c	sullrich	compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )
1289
1290	3306a341	Scott Ullrich	{$server_upload_dirs}
1291	1ef7b568	Scott Ullrich
1292	a6e8af9c	Scott Ullrich	{$server_max_request_size}
1293	ee959dc4	Scott Ullrich
1294	4edb490d	Scott Ullrich	{$fastcgi_config}
1295
1296	b35fdb17	Ermal	{$cgi_config}
1297
1298	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
1299
1300	569f47e9	Scott Ullrich	expire.url = (
1301	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
1302	569f47e9	Scott Ullrich	)
1303
1304	a632cf43	Scott Ullrich	EOD;
1305
1306	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1307	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1308	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
1309	7aae518a	Scott Ullrich
1310			$cert = str_replace("\n\n", "\n", $cert);
1311	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1312	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
1313	7aae518a	Scott Ullrich
1314	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
1315	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1316	5b237745	Scott Ullrich	if (!$fd) {
1317	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
1318	5b237745	Scott Ullrich	return 1;
1319			}
1320	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1321	5b237745	Scott Ullrich	fwrite($fd, $cert);
1322			fwrite($fd, "\n");
1323			fwrite($fd, $key);
1324			fclose($fd);
1325	546f30ca	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0))) {
1326	2cf6ddcb	Nigel Graham	$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1327			if (!$fd) {
1328	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
1329	2cf6ddcb	Nigel Graham	return 1;
1330			}
1331			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1332			fwrite($fd, $ca);
1333			fclose($fd);
1334			}
1335	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
1336	4a896b86	Carlos Eduardo Ramos	$lighty_config .= "## " . gettext("ssl configuration") . "\n";
1337	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1338	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1339	673ee7b1	Scott Ullrich
1340	756d867a	Chris Buechler	// SSLv2/3 is deprecated, force use of TLS
1341	673ee7b1	Scott Ullrich	$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
1342	5ff7f58e	jim-p	$lighty_config .= "ssl.use-sslv3 = \"disable\"\n";
1343	dce51b01	jim-p
1344	bd583dc2	Chris Buechler	// where ssl.cipher-list is set, this is automatically enabled, but set it explicitly anyway.
1345			$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n";
1346	8304fb46	Renato Botelho
1347			$lighty_config .= "ssl.cipher-list = \"AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS\"\n";
1348	673ee7b1	Scott Ullrich
1349	75e9ed89	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0)))
1350	2cf6ddcb	Nigel Graham	$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1351	5b237745	Scott Ullrich	}
1352	a978a0ff	Chris Buechler
1353			// Add HTTP to HTTPS redirect
1354	6839a678	Ermal	if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1355	7921e8e5	Chris Buechler	if($lighty_port != "443")
1356			$redirectport = ":{$lighty_port}";
1357	d7e230ae	Chris Buechler	$lighty_config .= <<<EOD
1358			\$SERVER["socket"] == ":80" {
1359			\$HTTP["host"] =~ "(.*)" {
1360	7921e8e5	Chris Buechler	url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1361	d7e230ae	Chris Buechler	}
1362			}
1363	64a2da80	Chris Buechler	\$SERVER["socket"] == "[::]:80" {
1364			\$HTTP["host"] =~ "(.*)" {
1365			url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1366			}
1367			}
1368	d7e230ae	Chris Buechler	EOD;
1369			}
1370	0f282d7a	Scott Ullrich
1371	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1372	a632cf43	Scott Ullrich	if (!$fd) {
1373	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
1374	a632cf43	Scott Ullrich	return 1;
1375	5b237745	Scott Ullrich	}
1376	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1377			fclose($fd);
1378
1379			return 0;
1380	0f282d7a	Scott Ullrich
1381	5b237745	Scott Ullrich	}
1382
1383			function system_timezone_configure() {
1384	f19d3b7a	Scott Ullrich	global $config, $g;
1385	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1386			$mt = microtime();
1387	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1388	333f8ef0	Scott Ullrich	}
1389	5b237745	Scott Ullrich
1390			$syscfg = $config['system'];
1391
1392	285ef132	Ermal LUÇI	if (platform_booting())
1393	4a896b86	Carlos Eduardo Ramos	echo gettext("Setting timezone...");
1394	5b237745	Scott Ullrich
1395			/* extract appropriate timezone file */
1396			$timezone = $syscfg['timezone'];
1397	add913b1	Renato Botelho	if ($timezone) {
1398			exec('/usr/bin/tar -tvzf /usr/share/zoneinfo.tgz', $tzs);
1399			foreach ($tzs as $tz) {
1400			if (preg_match(",{$timezone}$,", $tz))
1401			break;
1402			if (preg_match(",{$timezone} link to (.)$,", $tz, $matches)) {
1403			$timezone = $matches[1];
1404			break;
1405			}
1406			}
1407			} else
1408	5b237745	Scott Ullrich	$timezone = "Etc/UTC";
1409	0f282d7a	Scott Ullrich
1410	34febcde	Scott Ullrich	conf_mount_rw();
1411
1412	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1413	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1414
1415	4efd4885	Scott Ullrich	mwexec("sync");
1416	27150275	Scott Ullrich	conf_mount_ro();
1417	34febcde	Scott Ullrich
1418	285ef132	Ermal LUÇI	if (platform_booting())
1419	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1420	5b237745	Scott Ullrich	}
1421
1422	5c8843d5	jim-p	function system_ntp_setup_gps($serialport) {
1423	142f7393	nagyrobi	global $config, $g;
1424	5c8843d5	jim-p	$gps_device = '/dev/gps0';
1425			$serialport = '/dev/'.$serialport;
1426
1427			if (!file_exists($serialport))
1428			return false;
1429
1430			conf_mount_rw();
1431			// Create symlink that ntpd requires
1432			unlink_if_exists($gps_device);
1433	964dcb25	Ermal LUÇI	@symlink($serialport, $gps_device);
1434	5c8843d5	jim-p
1435			/* Send the following to the GPS port to initialize the GPS */
1436	ec7bc948	Ermal	if (is_array($config['ntpd']) && is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['type'])) {
1437	142f7393	nagyrobi	$gps_init = base64_decode($config['ntpd']['gps']['initcmd']);
1438			}else{
1439			$gps_init = base64_decode('JFBVQlgsNDAsR1NWLDAsMCwwLDAqNTkNCiRQVUJYLDQwLEdMTCwwLDAsMCwwKjVDDQokUFVCWCw0MCxaREEsMCwwLDAsMCo0NA0KJFBVQlgsNDAsVlRHLDAsMCwwLDAqNUUNCiRQVUJYLDQwLEdTViwwLDAsMCwwKjU5DQokUFVCWCw0MCxHU0EsMCwwLDAsMCo0RQ0KJFBVQlgsNDAsR0dBLDAsMCwwLDANCiRQVUJYLDQwLFRYVCwwLDAsMCwwDQokUFVCWCw0MCxSTUMsMCwwLDAsMCo0Ng0KJFBVQlgsNDEsMSwwMDA3LDAwMDMsNDgwMCwwDQokUFVCWCw0MCxaREEsMSwxLDEsMQ==');
1440			}
1441	ec7bc948	Ermal
1442			/* XXX: Why not file_put_contents to the device */
1443			@file_put_contents('/tmp/gps.init', $gps_init);
1444	18080a21	jim-p	`cat /tmp/gps.init > $serialport`;
1445	5c8843d5	jim-p
1446			/* Add /etc/remote entry in case we need to read from the GPS with tip */
1447	ec7bc948	Ermal	if (intval(`grep -c '^gps0' /etc/remote`) == 0) {
1448	142f7393	nagyrobi	$gpsbaud = '4800';
1449	ec7bc948	Ermal	if (is_array($config['ntpd']) && is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['speed'])) {
1450	142f7393	nagyrobi	switch($config['ntpd']['gps']['speed']) {
1451			case '16':
1452			$gpsbaud = '9600';
1453			break;
1454			case '32':
1455			$gpsbaud = '19200';
1456			break;
1457			case '48':
1458			$gpsbaud = '38400';
1459			break;
1460			case '64':
1461			$gpsbaud = '57600';
1462			break;
1463			case '80':
1464			$gpsbaud = '115200';
1465			break;
1466			}
1467			}
1468	ec7bc948	Ermal	@file_put_contents("/etc/remote", "gps0:dv={$serialport}:br#{$gpsbaud}:pa=none:", FILE_APPEND);
1469			}
1470	5c8843d5	jim-p
1471			conf_mount_ro();
1472
1473			return true;
1474			}
1475
1476	142f7393	nagyrobi	function system_ntp_setup_pps($serialport) {
1477			global $config, $g;
1478	ec7bc948	Ermal
1479	142f7393	nagyrobi	$pps_device = '/dev/pps0';
1480			$serialport = '/dev/'.$serialport;
1481
1482			if (!file_exists($serialport))
1483			return false;
1484
1485			conf_mount_rw();
1486			// Create symlink that ntpd requires
1487			unlink_if_exists($pps_device);
1488	ec7bc948	Ermal	@symlink($serialport, $pps_device);
1489	142f7393	nagyrobi
1490			conf_mount_ro();
1491
1492			return true;
1493			}
1494
1495
1496	0b8e9d38	jim-p	function system_ntp_configure($start_ntpd=true) {
1497	f19d3b7a	Scott Ullrich	global $config, $g;
1498	ec7bc948	Ermal
1499	42135f07	jim-p	$driftfile = "/var/db/ntpd.drift";
1500	5c8843d5	jim-p	$statsdir = "/var/log/ntp";
1501			$gps_device = '/dev/gps0';
1502	5b237745	Scott Ullrich
1503	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
1504			return;
1505
1506	5c8843d5	jim-p	safe_mkdir($statsdir);
1507
1508	ec7bc948	Ermal	if (!is_array($config['ntpd']))
1509			$config['ntpd'] = array();
1510
1511	b2305621	Ermal	$ntpcfg = "# \n";
1512	42135f07	jim-p	$ntpcfg .= "# pfSense ntp configuration file \n";
1513	b2305621	Ermal	$ntpcfg .= "# \n\n";
1514	362c9bb0	jim-p	$ntpcfg .= "tinker panic 0 \n";
1515	0f282d7a	Scott Ullrich
1516	142f7393	nagyrobi	/* Add Orphan mode */
1517			$ntpcfg .= "# Orphan mode stratum\n";
1518			$ntpcfg .= 'tos orphan ';
1519			if (!empty($config['ntpd']['orphan'])) {
1520			$ntpcfg .= $config['ntpd']['orphan'];
1521			}else{
1522			$ntpcfg .= '12';
1523			}
1524			$ntpcfg .= "\n";
1525
1526			/* Add PPS configuration */
1527	964dcb25	Ermal LUÇI	if (is_array($config['ntpd']['pps']) && !empty($config['ntpd']['pps']['port'])
1528	142f7393	nagyrobi	&& file_exists('/dev/'.$config['ntpd']['pps']['port'])
1529			&& system_ntp_setup_pps($config['ntpd']['pps']['port'])) {
1530			$ntpcfg .= "\n";
1531			$ntpcfg .= "# PPS Setup\n";
1532			$ntpcfg .= 'server 127.127.22.0';
1533			$ntpcfg .= ' minpoll 4 maxpoll 4';
1534			if (empty($config['ntpd']['pps']['prefer'])) { /note: this one works backwards /
1535			$ntpcfg .= ' prefer';
1536			}
1537			if (!empty($config['ntpd']['pps']['noselect'])) {
1538			$ntpcfg .= ' noselect ';
1539			}
1540			$ntpcfg .= "\n";
1541			$ntpcfg .= 'fudge 127.127.22.0';
1542			if (!empty($config['ntpd']['pps']['fudge1'])) {
1543			$ntpcfg .= ' time1 ';
1544			$ntpcfg .= $config['ntpd']['pps']['fudge1'];
1545			}
1546			if (!empty($config['ntpd']['pps']['flag2'])) {
1547			$ntpcfg .= ' flag2 1';
1548			}
1549			if (!empty($config['ntpd']['pps']['flag3'])) {
1550			$ntpcfg .= ' flag3 1';
1551			}else{
1552			$ntpcfg .= ' flag3 0';
1553			}
1554			if (!empty($config['ntpd']['pps']['flag4'])) {
1555			$ntpcfg .= ' flag4 1';
1556			}
1557			if (!empty($config['ntpd']['pps']['refid'])) {
1558			$ntpcfg .= ' refid ';
1559			$ntpcfg .= $config['ntpd']['pps']['refid'];
1560			}
1561			$ntpcfg .= "\n";
1562			}
1563			/* End PPS configuration */
1564
1565			/* Add GPS configuration */
1566	964dcb25	Ermal LUÇI	if (is_array($config['ntpd']['gps']) && !empty($config['ntpd']['gps']['port'])
1567	142f7393	nagyrobi	&& file_exists('/dev/'.$config['ntpd']['gps']['port'])
1568			&& system_ntp_setup_gps($config['ntpd']['gps']['port'])) {
1569			$ntpcfg .= "\n";
1570			$ntpcfg .= "# GPS Setup\n";
1571			$ntpcfg .= 'server 127.127.20.0 mode ';
1572			if (!empty($config['ntpd']['gps']['nmea']) \|\| !empty($config['ntpd']['gps']['speed']) \|\| !empty($config['ntpd']['gps']['subsec'])) {
1573			if (!empty($config['ntpd']['gps']['nmea'])) {
1574			$ntpmode = (int) $config['ntpd']['gps']['nmea'];
1575			}
1576			if (!empty($config['ntpd']['gps']['speed'])) {
1577			$ntpmode += (int) $config['ntpd']['gps']['speed'];
1578			}
1579			if (!empty($config['ntpd']['gps']['subsec'])) {
1580			$ntpmode += 128;
1581			}
1582			$ntpcfg .= (string) $ntpmode;
1583			}else{
1584			$ntpcfg .= '0';
1585			}
1586			$ntpcfg .= ' minpoll 4 maxpoll 4';
1587			if (empty($config['ntpd']['gps']['prefer'])) { /note: this one works backwards /
1588			$ntpcfg .= ' prefer';
1589			}
1590			if (!empty($config['ntpd']['gps']['noselect'])) {
1591			$ntpcfg .= ' noselect ';
1592			}
1593			$ntpcfg .= "\n";
1594			$ntpcfg .= 'fudge 127.127.20.0';
1595			if (!empty($config['ntpd']['gps']['fudge1'])) {
1596			$ntpcfg .= ' time1 ';
1597			$ntpcfg .= $config['ntpd']['gps']['fudge1'];
1598			}
1599			if (!empty($config['ntpd']['gps']['fudge2'])) {
1600			$ntpcfg .= ' time2 ';
1601			$ntpcfg .= $config['ntpd']['gps']['fudge2'];
1602			}
1603			if (!empty($config['ntpd']['gps']['flag1'])) {
1604			$ntpcfg .= ' flag1 1';
1605			}else{
1606			$ntpcfg .= ' flag1 0';
1607			}
1608			if (!empty($config['ntpd']['gps']['flag2'])) {
1609			$ntpcfg .= ' flag2 1';
1610			}
1611			if (!empty($config['ntpd']['gps']['flag3'])) {
1612			$ntpcfg .= ' flag3 1';
1613			}else{
1614			$ntpcfg .= ' flag3 0';
1615			}
1616			if (!empty($config['ntpd']['gps']['flag4'])) {
1617			$ntpcfg .= ' flag4 1';
1618			}
1619			if (!empty($config['ntpd']['gps']['refid'])) {
1620			$ntpcfg .= ' refid ';
1621			$ntpcfg .= $config['ntpd']['gps']['refid'];
1622			}
1623			$ntpcfg .= "\n";
1624	964dcb25	Ermal LUÇI	}elseif (is_array($config['ntpd']) && !empty($config['ntpd']['gpsport'])
1625	5c8843d5	jim-p	&& file_exists('/dev/'.$config['ntpd']['gpsport'])
1626			&& system_ntp_setup_gps($config['ntpd']['gpsport'])) {
1627	142f7393	nagyrobi	/* This handles a 2.1 and earlier config */
1628	5c8843d5	jim-p	$ntpcfg .= "# GPS Setup\n";
1629			$ntpcfg .= "server 127.127.20.0 mode 0 minpoll 4 maxpoll 4 prefer\n";
1630			$ntpcfg .= "fudge 127.127.20.0 time1 0.155 time2 0.000 flag1 1 flag2 0 flag3 1\n";
1631			// Fall back to local clock if GPS is out of sync?
1632			$ntpcfg .= "server 127.127.1.0\n";
1633			$ntpcfg .= "fudge 127.127.1.0 stratum 12\n";
1634			}
1635	142f7393	nagyrobi	/* End GPS configuration */
1636
1637	5c8843d5	jim-p	$ntpcfg .= "\n\n# Upstream Servers\n";
1638	142f7393	nagyrobi	/* foreach through ntp servers and write out to ntpd.conf */
1639			foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1640			$ntpcfg .= "server {$ts} iburst maxpoll 9";
1641			if (substr_count($config['ntpd']['prefer'], $ts)) $ntpcfg .= ' prefer';
1642			if (substr_count($config['ntpd']['noselect'], $ts)) $ntpcfg .= ' noselect';
1643			$ntpcfg .= "\n";
1644			}
1645			unset($ts);
1646
1647			$ntpcfg .= "\n\n";
1648	e1a456e6	Chris Buechler	$ntpcfg .= "disable monitor\n"; //prevent NTP reflection attack, see https://forum.pfsense.org/index.php/topic,67189.msg389132.html#msg389132
1649	142f7393	nagyrobi	if (!empty($config['ntpd']['clockstats']) \|\| !empty($config['ntpd']['loopstats']) \|\| !empty($config['ntpd']['peerstats'])) {
1650			$ntpcfg .= "enable stats\n";
1651			$ntpcfg .= 'statistics';
1652			if (!empty($config['ntpd']['clockstats'])) {
1653			$ntpcfg .= ' clockstats';
1654			}
1655			if (!empty($config['ntpd']['loopstats'])) {
1656			$ntpcfg .= ' loopstats';
1657			}
1658			if (!empty($config['ntpd']['peerstats'])) {
1659			$ntpcfg .= ' peerstats';
1660			}
1661			$ntpcfg .= "\n";
1662			}
1663	5c8843d5	jim-p	$ntpcfg .= "statsdir {$statsdir}\n";
1664	142f7393	nagyrobi	$ntpcfg .= 'logconfig =syncall +clockall';
1665			if (!empty($config['ntpd']['logpeer'])) {
1666			$ntpcfg .= ' +peerall';
1667			}
1668			if (!empty($config['ntpd']['logsys'])) {
1669			$ntpcfg .= ' +sysall';
1670			}
1671			$ntpcfg .= "\n";
1672	42135f07	jim-p	$ntpcfg .= "driftfile {$driftfile}\n";
1673	142f7393	nagyrobi	/* Access restrictions */
1674			$ntpcfg .= 'restrict default';
1675			if (empty($config['ntpd']['kod'])) { /note: this one works backwards /
1676			$ntpcfg .= ' kod limited';
1677			}
1678			if (empty($config['ntpd']['nomodify'])) { /note: this one works backwards /
1679			$ntpcfg .= ' nomodify';
1680			}
1681			if (!empty($config['ntpd']['noquery'])) {
1682			$ntpcfg .= ' noquery';
1683			}
1684			if (empty($config['ntpd']['nopeer'])) { /note: this one works backwards /
1685			$ntpcfg .= ' nopeer';
1686			}
1687			if (empty($config['ntpd']['notrap'])) { /note: this one works backwards /
1688			$ntpcfg .= ' notrap';
1689			}
1690			if (!empty($config['ntpd']['noserve'])) {
1691			$ntpcfg .= ' noserve';
1692			}
1693			$ntpcfg .= "\nrestrict -6 default";
1694			if (empty($config['ntpd']['kod'])) { /note: this one works backwards /
1695			$ntpcfg .= ' kod limited';
1696			}
1697			if (empty($config['ntpd']['nomodify'])) { /note: this one works backwards /
1698			$ntpcfg .= ' nomodify';
1699			}
1700			if (!empty($config['ntpd']['noquery'])) {
1701			$ntpcfg .= ' noquery';
1702			}
1703			if (empty($config['ntpd']['nopeer'])) { /note: this one works backwards /
1704			$ntpcfg .= ' nopeer';
1705			}
1706			if (!empty($config['ntpd']['noserve'])) {
1707			$ntpcfg .= ' noserve';
1708			}
1709			if (empty($config['ntpd']['notrap'])) { /note: this one works backwards /
1710			$ntpcfg .= ' notrap';
1711			}
1712			$ntpcfg .= "\n";
1713
1714			/* A leapseconds file is really only useful if this clock is stratum 1 */
1715			$ntpcfg .= "\n";
1716			if (!empty($config['ntpd']['leapsec'])) {
1717			$leapsec .= base64_decode($config['ntpd']['leapsec']);
1718			file_put_contents('/var/db/leap-seconds', $leapsec);
1719			$ntpcfg .= "leapfile /var/db/leap-seconds\n";
1720			}
1721
1722	95594e5a	Scott Ullrich
1723	1ee360aa	Ermal LUÇI	if (empty($config['ntpd']['interface'])) {
1724	e43d53b4	Phil Davis	if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface']))
1725	cf180ccc	jim-p	$interfaces = explode(",", $config['installedpackages']['openntpd']['config'][0]['interface']);
1726			else
1727			$interfaces = array();
1728	1ee360aa	Ermal LUÇI	} else
1729	cf180ccc	jim-p	$interfaces = explode(",", $config['ntpd']['interface']);
1730
1731			if (is_array($interfaces) && count($interfaces)) {
1732			$ntpcfg .= "interface ignore all\n";
1733			foreach ($interfaces as $interface) {
1734			if (!is_ipaddr($interface)) {
1735			$interface = get_real_interface($interface);
1736			}
1737	8b650e57	jim-p	if (!empty($interface))
1738			$ntpcfg .= "interface listen {$interface}\n";
1739	cf180ccc	jim-p	}
1740			}
1741
1742	1444c08e	Phil Davis	/* open configuration for writing or bail */
1743	b9f29f84	Ermal	if (!@file_put_contents("{$g['varetc_path']}/ntpd.conf", $ntpcfg)) {
1744	b2305621	Ermal	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1745			return;
1746			}
1747	20b90e0a	Scott Ullrich
1748	0b8e9d38	jim-p	/* At bootup we just want to write out the config. */
1749			if (!$start_ntpd)
1750			return;
1751
1752	42135f07	jim-p	/* if ntpd is running, kill it */
1753	df40755d	Ermal	while (isvalidpid("{$g['varrun_path']}/ntpd.pid")) {
1754	b9f29f84	Ermal	killbypid("{$g['varrun_path']}/ntpd.pid");
1755	5f3e1f12	Scott Ullrich	}
1756	b9f29f84	Ermal	@unlink("{$g['varrun_path']}/ntpd.pid");
1757	5f3e1f12	Scott Ullrich
1758			/* if /var/empty does not exist, create it */
1759			if(!is_dir("/var/empty"))
1760	0fd64e94	nagyrobi	mkdir("/var/empty", 0775, true);
1761	5f3e1f12	Scott Ullrich
1762	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1763	0fd64e94	nagyrobi	mwexec("/usr/local/sbin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
1764	83eb4567	Scott Ullrich
1765			// Note that we are starting up
1766	42135f07	jim-p	log_error("NTPD is starting up.");
1767	0b8e9d38	jim-p	return;
1768	5b237745	Scott Ullrich	}
1769
1770	652cf082	Seth Mos	function sync_system_time() {
1771			global $config, $g;
1772
1773	285ef132	Ermal LUÇI	if (platform_booting())
1774	4a896b86	Carlos Eduardo Ramos	echo gettext("Syncing system time before startup...");
1775	652cf082	Seth Mos
1776			/* foreach through servers and write out to ntpd.conf */
1777	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1778	fdfa8f43	jim-p	mwexec("/usr/local/sbin/ntpdate -s $ts");
1779	652cf082	Seth Mos	}
1780	4582b281	Scott Ullrich
1781	285ef132	Ermal LUÇI	if (platform_booting())
1782	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1783	4582b281	Scott Ullrich
1784	652cf082	Seth Mos	}
1785
1786	405e5de0	Scott Ullrich	function system_halt() {
1787			global $g;
1788
1789			system_reboot_cleanup();
1790
1791	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1792	405e5de0	Scott Ullrich	}
1793
1794	5b237745	Scott Ullrich	function system_reboot() {
1795			global $g;
1796	0f282d7a	Scott Ullrich
1797	5b237745	Scott Ullrich	system_reboot_cleanup();
1798	0f282d7a	Scott Ullrich
1799	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1800			}
1801
1802			function system_reboot_sync() {
1803			global $g;
1804	0f282d7a	Scott Ullrich
1805	5b237745	Scott Ullrich	system_reboot_cleanup();
1806	0f282d7a	Scott Ullrich
1807	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1808			}
1809
1810			function system_reboot_cleanup() {
1811	62f20eab	Michael Newton	global $config, $cpzone;
1812
1813	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1814	04967d99	jim-p	require_once("captiveportal.inc");
1815	52034432	Renato Botelho	if (is_array($config['captiveportal'])) {
1816	34cb8645	Jean Cyr	foreach ($config['captiveportal'] as $cpzone=>$cp) {
1817			captiveportal_radius_stop_all();
1818			captiveportal_send_server_accounting(true);
1819			}
1820	62f20eab	Michael Newton	}
1821	336e3c1c	Charlie	require_once("voucher.inc");
1822			voucher_save_db_to_config();
1823	60dd7649	jim-p	require_once("pkg-utils.inc");
1824			stop_packages();
1825	5b237745	Scott Ullrich	}
1826
1827			function system_do_shell_commands($early = 0) {
1828	f19d3b7a	Scott Ullrich	global $config, $g;
1829	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1830			$mt = microtime();
1831	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1832	58c7450e	Scott Ullrich	}
1833	0f282d7a	Scott Ullrich
1834	5b237745	Scott Ullrich	if ($early)
1835			$cmdn = "earlyshellcmd";
1836			else
1837			$cmdn = "shellcmd";
1838	0f282d7a	Scott Ullrich
1839	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1840	333f8ef0	Scott Ullrich
1841	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1842	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1843			exec($cmd);
1844			}
1845	245388b4	Scott Ullrich
1846			} elseif($config['system'][$cmdn] <> "") {
1847	333f8ef0	Scott Ullrich
1848	245388b4	Scott Ullrich	/* execute single item */
1849			exec($config['system'][$cmdn]);
1850
1851	5b237745	Scott Ullrich	}
1852			}
1853
1854			function system_console_configure() {
1855	f19d3b7a	Scott Ullrich	global $config, $g;
1856	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1857			$mt = microtime();
1858	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1859	333f8ef0	Scott Ullrich	}
1860	0f282d7a	Scott Ullrich
1861	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1862			touch("{$g['varetc_path']}/disableconsole");
1863			} else {
1864			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1865			}
1866			}
1867
1868			function system_dmesg_save() {
1869	f19d3b7a	Scott Ullrich	global $g;
1870	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1871			$mt = microtime();
1872	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1873	f19d3b7a	Scott Ullrich	}
1874	0f282d7a	Scott Ullrich
1875	767a716e	Scott Ullrich	$dmesg = "";
1876	703b1ce1	Ermal	$_gb = exec("/sbin/dmesg", $dmesg);
1877	0f282d7a	Scott Ullrich
1878	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1879			$lastcpline = 0;
1880	0f282d7a	Scott Ullrich
1881	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1882			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1883			$lastcpline = $i;
1884			}
1885	0f282d7a	Scott Ullrich
1886	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1887			if (!$fd) {
1888	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1889	5b237745	Scott Ullrich	return 1;
1890			}
1891	0f282d7a	Scott Ullrich
1892	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1893			fwrite($fd, $dmesg[$i] . "\n");
1894	0f282d7a	Scott Ullrich
1895	5b237745	Scott Ullrich	fclose($fd);
1896	703b1ce1	Ermal	unset($dmesg);
1897	0f282d7a	Scott Ullrich
1898	5b237745	Scott Ullrich	return 0;
1899			}
1900
1901			function system_set_harddisk_standby() {
1902	f19d3b7a	Scott Ullrich	global $g, $config;
1903	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1904			$mt = microtime();
1905	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1906	58c7450e	Scott Ullrich	}
1907	5b237745	Scott Ullrich
1908			if (isset($config['system']['harddiskstandby'])) {
1909	285ef132	Ermal LUÇI	if (platform_booting()) {
1910	4a896b86	Carlos Eduardo Ramos	echo gettext('Setting hard disk standby... ');
1911	5b237745	Scott Ullrich	}
1912
1913			$standby = $config['system']['harddiskstandby'];
1914			// Check for a numeric value
1915			if (is_numeric($standby)) {
1916			// Sync the disk(s)
1917	5ba5a8de	Scott Ullrich	pfSense_sync();
1918	971de1f9	Renato Botelho	if (set_single_sysctl('hw.ata.standby', (int)$standby)) {
1919	5b237745	Scott Ullrich	// Reinitialize ATA-drives
1920			mwexec('/usr/local/sbin/atareinit');
1921	285ef132	Ermal LUÇI	if (platform_booting()) {
1922	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1923	5b237745	Scott Ullrich	}
1924	285ef132	Ermal LUÇI	} else if (platform_booting()) {
1925	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1926	5b237745	Scott Ullrich	}
1927	285ef132	Ermal LUÇI	} else if (platform_booting()) {
1928	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1929	5b237745	Scott Ullrich	}
1930			}
1931			}
1932
1933	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1934	f19d3b7a	Scott Ullrich	global $config;
1935	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1936			$mt = microtime();
1937	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1938	58c7450e	Scott Ullrich	}
1939	243aa7b9	Scott Ullrich
1940	6df9d7e3	Scott Ullrich	activate_sysctls();
1941
1942	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1943			system_disable_arp_wrong_if();
1944			}
1945			}
1946
1947			function system_disable_arp_wrong_if() {
1948	f19d3b7a	Scott Ullrich	global $config;
1949	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1950			$mt = microtime();
1951	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1952	333f8ef0	Scott Ullrich	}
1953	971de1f9	Renato Botelho	set_sysctl(array(
1954			"net.link.ether.inet.log_arp_wrong_iface" => "0",
1955			"net.link.ether.inet.log_arp_movements" => "0"
1956			));
1957	3ff9d424	Scott Ullrich	}
1958
1959	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1960	f19d3b7a	Scott Ullrich	global $config;
1961	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1962			$mt = microtime();
1963	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1964	58c7450e	Scott Ullrich	}
1965	971de1f9	Renato Botelho	set_sysctl(array(
1966			"net.link.ether.inet.log_arp_wrong_iface" => "1",
1967			"net.link.ether.inet.log_arp_movements" => "1"
1968			));
1969	243aa7b9	Scott Ullrich	}
1970
1971	a199b93e	Scott Ullrich	function enable_watchdog() {
1972			global $config;
1973	1a479479	Scott Ullrich	return;
1974	a199b93e	Scott Ullrich	$install_watchdog = false;
1975			$supported_watchdogs = array("Geode");
1976			$file = file_get_contents("/var/log/dmesg.boot");
1977			foreach($supported_watchdogs as $sd) {
1978			if(stristr($file, "Geode")) {
1979			$install_watchdog = true;
1980			}
1981			}
1982			if($install_watchdog == true) {
1983	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1984	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1985	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1986	a199b93e	Scott Ullrich	}
1987			}
1988	15f14889	Scott Ullrich
1989			function system_check_reset_button() {
1990	fa83737d	Scott Ullrich	global $g;
1991	15f14889	Scott Ullrich
1992	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
1993
1994	7f360152	Renato Botelho	switch ($specplatform['name']) {
1995			case 'alix':
1996			case 'wrap':
1997			case 'FW7541':
1998			case 'APU':
1999	59eb0ce7	Ermal LUÇI	case 'C2358':
2000	7f360152	Renato Botelho	break;
2001			default:
2002	15f14889	Scott Ullrich	return 0;
2003	7f360152	Renato Botelho	}
2004	15f14889	Scott Ullrich
2005			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
2006
2007			if ($retval == 99) {
2008			/* user has pressed reset button for 2 seconds -
2009			reset to factory defaults */
2010			echo <<<EOD
2011
2012			***********************************************************************
2013			* Reset button pressed - resetting configuration to factory defaults. *
2014			* The system will reboot after this completes. *
2015			***********************************************************************
2016
2017
2018			EOD;
2019
2020			reset_factory_defaults();
2021			system_reboot_sync();
2022			exit(0);
2023			}
2024
2025			return 0;
2026			}
2027
2028	31c9379c	Scott Ullrich	/* attempt to identify the specific platform (for embedded systems)
2029			Returns an array with two elements:
2030			name => platform string (e.g. 'wrap', 'alix' etc.)
2031			descr => human-readable description (e.g. "PC Engines WRAP")
2032			*/
2033			function system_identify_specific_platform() {
2034			global $g;
2035
2036			if ($g['platform'] == 'generic-pc')
2037	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
2038	31c9379c	Scott Ullrich
2039			if ($g['platform'] == 'generic-pc-cdrom')
2040	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
2041	31c9379c	Scott Ullrich
2042	ef9ef75f	Chris Buechler	/* Try to guess from smbios strings */
2043			unset($output);
2044	0fcf26e4	Renato Botelho	$_gb = exec('/bin/kenv smbios.system.product 2>/dev/null', $output);
2045	ef9ef75f	Chris Buechler	switch ($output[0]) {
2046			case 'FW7541':
2047			return (array('name' => 'FW7541', 'descr' => 'Netgate FW7541'));
2048			break;
2049			case 'APU':
2050			return (array('name' => 'APU', 'descr' => 'Netgate APU'));
2051			break;
2052	59eb0ce7	Ermal LUÇI	case 'RCC-VE':
2053			return (array('name' => 'C2358', 'descr' => 'Netgate C2358'));
2054			break;
2055	ef9ef75f	Chris Buechler	}
2056
2057	31c9379c	Scott Ullrich	/* the rest of the code only deals with 'embedded' platforms */
2058	1a2911a7	Scott Ullrich	if ($g['platform'] != 'nanobsd')
2059	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
2060	f0014c64	Ermal
2061	971de1f9	Renato Botelho	$dmesg = get_single_sysctl('hw.model');
2062	f0014c64	Ermal
2063	31c9379c	Scott Ullrich	if (strpos($dmesg, "PC Engines WRAP") !== false)
2064	4a896b86	Carlos Eduardo Ramos	return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
2065	31c9379c	Scott Ullrich
2066			if (strpos($dmesg, "PC Engines ALIX") !== false)
2067	4a896b86	Carlos Eduardo Ramos	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
2068	31c9379c	Scott Ullrich
2069			if (preg_match("/Soekris net45../", $dmesg, $matches))
2070			return array('name' => 'net45xx', 'descr' => $matches[0]);
2071
2072			if (preg_match("/Soekris net48../", $dmesg, $matches))
2073			return array('name' => 'net48xx', 'descr' => $matches[0]);
2074
2075			if (preg_match("/Soekris net55../", $dmesg, $matches))
2076			return array('name' => 'net55xx', 'descr' => $matches[0]);
2077	6d043a1d	Renato Botelho
2078			unset($dmesg);
2079
2080			$dmesg_boot = system_get_dmesg_boot();
2081			if (strpos($dmesg_boot, "PC Engines ALIX") !== false)
2082			return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
2083			unset($dmesg_boot);
2084
2085	31c9379c	Scott Ullrich	/* unknown embedded platform */
2086	4a896b86	Carlos Eduardo Ramos	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
2087	31c9379c	Scott Ullrich	}
2088
2089			function system_get_dmesg_boot() {
2090			global $g;
2091	d16af75d	Scott Ullrich
2092	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
2093			}
2094
2095	81448ffa	jim-p	function get_possible_listen_ips($include_ipv6_link_local=false) {
2096	7401c8c4	jim-p	$interfaces = get_configured_interface_with_descr();
2097			$carplist = get_configured_carp_interface_list();
2098			$listenips = array();
2099			foreach ($carplist as $cif => $carpip)
2100			$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
2101			$aliaslist = get_configured_ip_aliases_list();
2102			foreach ($aliaslist as $aliasip => $aliasif)
2103			$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
2104			foreach ($interfaces as $iface => $ifacename) {
2105			$tmp["name"] = $ifacename;
2106			$tmp["value"] = $iface;
2107			$listenips[] = $tmp;
2108	81448ffa	jim-p	if ($include_ipv6_link_local) {
2109			$llip = find_interface_ipv6_ll(get_real_interface($iface));
2110			if (!empty($llip)) {
2111			$tmp["name"] = "{$ifacename} IPv6 Link-Local";
2112			$tmp["value"] = $llip;
2113			$listenips[] = $tmp;
2114			}
2115			}
2116	7401c8c4	jim-p	}
2117			$tmp["name"] = "Localhost";
2118			$tmp["value"] = "lo0";
2119			$listenips[] = $tmp;
2120			return $listenips;
2121			}
2122	943994ff	Scott Ullrich
2123	81448ffa	jim-p	function get_possible_traffic_source_addresses($include_ipv6_link_local=false) {
2124	0d56c06b	jim-p	global $config;
2125	81448ffa	jim-p	$sourceips = get_possible_listen_ips($include_ipv6_link_local);
2126	0d56c06b	jim-p	foreach (array('server', 'client') as $mode) {
2127			if (is_array($config['openvpn']["openvpn-{$mode}"])) {
2128			foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) {
2129			if (!isset($setting['disable'])) {
2130			$vpn = array();
2131			$vpn['value'] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid'];
2132			$vpn['name'] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']);
2133			$sourceips[] = $vpn;
2134			}
2135			}
2136			}
2137			}
2138			return $sourceips;
2139			}
2140	7f060014	Ermal LUÇI	?>

Project

General

Profile

pfSense