/etc/inc/config.lib.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/config.lib.inc @ 857a4a79

-df7edc
+<?php
 /****h* pfSense/config
  * NAME
-c40c7
+ *   config.lib.inc - Functions to manipulate config.xml
-df7edc
+ * DESCRIPTION
  *   This include contains various config.xml specific functions.
  * HISTORY
  * $Id$
  ******
 	config.lib.inc
 	Ported from config.inc by Erik Kristensen
-c40c7
+	Copyright (C) 2004-2010 Scott Ullrich
-df7edc
+	All rights reserved.
 	originally part of m0n0wall (http://m0n0.ch/wall)
 	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
 	All rights reserved.
 	Redistribution and use in source and binary forms, with or without
 	modification, are permitted provided that the following conditions are met:
 . Redistributions of source code must retain the above copyright notice,
 	   this list of conditions and the following disclaimer.
 . Redistributions in binary form must reproduce the above copyright
 	   notice, this list of conditions and the following disclaimer in the
 	   documentation and/or other materials provided with the distribution.
 	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
-ba5a8de
+	pfSense_BUILDER_BINARIES:	/sbin/mount	/sbin/sysctl	/sbin/umount	/sbin/halt	/sbin/fsck
-df7edc
+	pfSense_MODULE:	config
 */
 /****f* config/encrypted_configxml
  * NAME
  *   encrypted_configxml - Checks to see if config.xml is encrypted and if so, prompts to unlock.
  * INPUTS
  *   None
  * RESULT
  *   $config 	- rewrites config.xml without encryption
  ******/
 function encrypted_configxml() {
 	global $g, $config;
-e9880e
+            Ermal
 	if (!file_exists($g['conf_path'] . "/config.xml"))
 		return;
 	if (!$g['booting'])
 		return;
 	$configtxt = file_get_contents($g['conf_path'] . "/config.xml");
 	if(tagfile_deformat($configtxt, $configtxt, "config.xml")) {
 		$fp = fopen('php://stdin', 'r');
 		$data = "";
 		echo "\n\n*** Encrypted config.xml detected ***\n";
 		while($data == "") {
 			echo "\nEnter the password to decrypt config.xml: ";
 			$decrypt_password = chop(fgets($fp));
 			$data = decrypt_data($configtxt, $decrypt_password);
 			if(!strstr($data, "<pfsense>"))
-df7edc
+				$data = "";
-e9880e
+			if($data) {
 				$fd = fopen($g['conf_path'] . "/config.xml.tmp", "w");
 				fwrite($fd, $data);
 				fclose($fd);
 				exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml");
 				echo "\nConfig.xml unlocked.\n";
 				fclose($fp);
 			} else {
 				echo "\nInvalid password entered.  Please try again.\n";
-df7edc
+            Erik
+		}
+	}
+}
 /****f* config/parse_config
  * NAME
  *   parse_config - Read in config.cache or config.xml if needed and return $config array
  * INPUTS
  *   $parse       - boolean to force parse_config() to read config.xml and generate config.cache
  * RESULT
  *   $config      - array containing all configuration variables
  ******/
-e769
+function parse_config($parse = false) {
-e9a3392
+	global $g, $config_parsed, $config_extra;
-e9880e
+            Ermal
-df7edc
+	$lockkey = lock('config');
-af381c2
+	$config_parsed = false;
-e9880e
+            Ermal
-df7edc
+	if (!file_exists("{$g['conf_path']}/config.xml") || filesize("{$g['conf_path']}/config.xml") == 0) {
 		$last_backup = discover_last_backup();
 		if($last_backup) {
 			log_error("No config.xml found, attempting last known config restore.");
 			file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
 			restore_backup("{$g['conf_path']}/backup/{$last_backup}");
 		} else {
 			unlock($lockkey);
 			die("Config.xml is corrupted and is 0 bytes.  Could not restore a previous backup.");
+		}
+	}
-e9880e
+            Ermal
 	if($g['booting'])
 		echo ".";
-df7edc
+	// Check for encrypted config.xml
 	encrypted_configxml();
-e9880e
+            Ermal
-df7edc
+	if(!$parse) {
-e9880e
+		if (file_exists($g['tmp_path'] . '/config.cache')) {
-df7edc
+			$config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache'));
-e9880e
+			if (is_null($config))
 				$parse = true;
 		} else
 			$parse = true;
+	}
 	if ($parse == true) {
-df7edc
+		if(!file_exists($g['conf_path'] . "/config.xml")) {
-e9880e
+			if($g['booting'])
 				echo ".";
-df7edc
+			log_error("No config.xml found, attempting last known config restore.");
 			file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
 			$last_backup = discover_last_backup();
 			if ($last_backup)
 				restore_backup("/cf/conf/backup/{$last_backup}");
-cafcf3
+			else {
-df7edc
+				log_error("Could not restore config.xml.");
-cafcf3
+				unlock($lockkey);
 				die("Config.xml is corrupted and is 0 bytes.  Could not restore a previous backup.");
+			}
-df7edc
+            Erik
-d7c03
+		$config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense'));
-e9880e
+		if($config == -1) {
-df7edc
+			$last_backup = discover_last_backup();
 			if ($last_backup)
 				restore_backup("/cf/conf/backup/{$last_backup}");
-cafcf3
+			else {
-df7edc
+				log_error(gettext("Could not restore config.xml."));
-cafcf3
+				unlock($lockkey);
 				die("Config.xml is corrupted and is 0 bytes.  Could not restore a previous backup.");
+			}
-df7edc
+            Erik
 		generate_config_cache($config);
+	}
-e9880e
+            Ermal
 	if($g['booting'])
 		echo ".";
-df7edc
+	$config_parsed = true;
 	unlock($lockkey);
-e9880e
+	alias_make_table($config);
-df7edc
+	return $config;
+}
 /****f* config/generate_config_cache
  * NAME
  *   generate_config_cache - Write serialized configuration to cache.
  * INPUTS
  *   $config	- array containing current firewall configuration
  * RESULT
  *   boolean	- true on completion
  ******/
 function generate_config_cache($config) {
-e9a3392
+	global $g, $config_extra;
-df7edc
+            Erik
 	$configcache = fopen($g['tmp_path'] . '/config.cache', "w");
 	fwrite($configcache, serialize($config));
 	fclose($configcache);
-e9a3392
+	unset($configcache);
 	/* Used for config.extra.xml */
 	if(file_exists($g['tmp_path'] . '/config.extra.cache') && $config_extra) {
 		$configcacheextra = fopen($g['tmp_path'] . '/config.extra.cache', "w");
 		fwrite($configcacheextra, serialize($config_extra));
 		fclose($configcacheextra);
 		unset($configcacheextra);
+	}
-df7edc
+            Erik
 function discover_last_backup() {
         $backups = split("\n", `cd /cf/conf/backup && ls -ltr *.xml | awk '{print \$9}'`);
 	$last_backup = "";
         foreach($backups as $backup)
         	if($backup)
 	        	$last_backup = $backup;
         return $last_backup;
+}
 function restore_backup($file) {
 	global $g;
 	if (file_exists($file)) {
 		conf_mount_rw();
 		unlink_if_exists("{$g['tmp_path']}/config.cache");
-            e490f995
+		copy("$file","/cf/conf/config.xml");
-f806eca
+		disable_security_checks();
-df7edc
+		log_error("{$g['product_name']} is restoring the configuration $file");
-            b3405363
+		file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "{$g['product_name']}Configurator", "");
-df7edc
+		conf_mount_ro();
+	}
+}
 /****f* config/parse_config_bootup
  * NAME
  *   parse_config_bootup - Bootup-specific configuration checks.
  * RESULT
  *   null
  ******/
 function parse_config_bootup() {
-cafcf3
+	global $config, $g;
-df7edc
+            Erik
-e9880e
+	if($g['booting'])
 		echo ".";
-df7edc
+            Erik
 	$lockkey = lock('config');
-cafcf3
+	if (!file_exists("{$g['conf_path']}/config.xml")) {
 		if ($g['booting']) {
 			if (strstr($g['platform'], "cdrom")) {
 				/* try copying the default config. to the floppy */
 				echo "Resetting factory defaults...\n";
 				reset_factory_defaults(true);
 				if (!file_exists("{$g['conf_path']}/config.xml")) {
 					echo "No XML configuration file found - using factory defaults.\n";
 					echo "Make sure that the configuration floppy disk with the conf/config.xml\n";
 					echo "file is inserted. If it isn't, your configuration changes will be lost\n";
 					echo "on reboot.\n";
-df7edc
+            Erik
 			} else {
-cafcf3
+				$last_backup = discover_last_backup();
 				if($last_backup) {
 					log_error("No config.xml found, attempting last known config restore.");
 					file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
 					restore_backup("/cf/conf/backup/{$last_backup}");
+				}
 				if(!file_exists("{$g['conf_path']}/config.xml")) {
 					echo "XML configuration file not found.  {$g['product_name']} cannot continue booting.\n";
-e9880e
+					unlock($lockkey);
-cafcf3
+					mwexec("/sbin/halt");
 					exit;
+				}
 				log_error("Last known config found and restored.  Please double check your configuration file for accuracy.");
 				file_notice("config.xml", "Last known config found and restored.  Please double check your configuration file for accuracy.", "pfSenseConfigurator", "");
-df7edc
+            Erik
-cafcf3
+		} else {
 			unlock($lockkey);
 			exit(0);
-df7edc
+            Erik
+	}
-cafcf3
+            Ermal
-df7edc
+	if (filesize("{$g['conf_path']}/config.xml") == 0) {
 		$last_backup = discover_last_backup();
 		if($last_backup) {
 			log_error("No config.xml found, attempting last known config restore.");
 			file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
 			restore_backup("{$g['conf_path']}/backup/{$last_backup}");
 		} else {
 			unlock($lockkey);
 			die("Config.xml is corrupted and is 0 bytes.  Could not restore a previous backup.");
+		}
+	}
 	unlock($lockkey);
 	parse_config(true);
 	if ((float)$config['version'] > (float)$g['latest_config']) {
 		echo <<<EOD
 *******************************************************************************
 * WARNING!                                                                    *
 * The current configuration has been created with a newer version of {$g['product_name']}  *
 * than this one! This can lead to serious misbehavior and even security       *
 * holes! You are urged to either upgrade to a newer version of {$g['product_name']} or     *
 * revert to the default configuration immediately!                            *
 *******************************************************************************
 EOD;
+		}
 	/* make alias table (for faster lookups) */
 	alias_make_table($config);
+}
 /****f* config/conf_mount_rw
  * NAME
  *   conf_mount_rw - Mount filesystems read/write.
  * RESULT
  *   null
  ******/
 /* mount flash card read/write */
-e18082
+function conf_mount_rw() {
-df7edc
+	global $g;
 	/* do not mount on cdrom platform */
 	if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
 		return;
-            a45e27ba
+            Ermal
 	if (refcount_reference(1000) > 1)
-df7edc
+		return;
-            e8567e89
+	$status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}");
-df7edc
+	if($status <> 0) {
 		if($g['booting'])
 			echo "Disk is dirty.  Running fsck -y\n";
 		mwexec("/sbin/fsck -y {$g['cf_path']}");
-            e8567e89
+		$status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}");
-df7edc
+            Erik
 	/*    if the platform is soekris or wrap or pfSense, lets mount the
 	 *    compact flash cards root.
-e18082
+         */
-            e8567e89
+	$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
-            a45e27ba
+	/* we could not mount this correctly.  kick off fsck */
 	if($status <> 0) {
 		log_error("File system is dirty.  Launching FSCK for /");
 		mwexec("/sbin/fsck -y /");
-            e8567e89
+		$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
-df7edc
+            Erik
 	mark_subsystem_dirty('mount');
+}
 /****f* config/conf_mount_ro
  * NAME
  *   conf_mount_ro - Mount filesystems readonly.
  * RESULT
  *   null
  ******/
-e18082
+function conf_mount_ro() {
-df7edc
+	global $g;
-f0ca50
+	/* do not umount on cdrom or pfSense platforms */
 	if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
 		return;
-e18082
+	if($g['booting'])
-f4c092
+		return;
-            a45e27ba
+	if (refcount_unreference(1000) > 0)
-df7edc
+		return;
 	clear_subsystem_dirty('mount');
 	/* sync data, then force a remount of /cf */
-ba5a8de
+	pfSense_sync();
-            e8567e89
+	mwexec("/sbin/mount -u -r -f -o sync,noatime {$g['cf_path']}");
 	mwexec("/sbin/mount -u -r -f -o sync,noatime /");
-df7edc
+            Erik
 /****f* config/convert_config
  * NAME
  *   convert_config - Attempt to update config.xml.
  * DESCRIPTION
  *   convert_config() reads the current global configuration
  *   and attempts to convert it to conform to the latest
  *   config.xml version. This allows major formatting changes
  *   to be made with a minimum of breakage.
  * RESULT
  *   null
  ******/
 /* convert configuration, if necessary */
 function convert_config() {
 	global $config, $g;
 	$now = date("H:i:s");
 	log_error("Start Configuration upgrade at $now, set execution timeout to 15 minutes");
-cfe65d
+	//ini_set("max_execution_time", "900");
-df7edc
+            Erik
 	/* special case upgrades */
 	/* fix every minute crontab bogons entry */
 	$cron_item_count = count($config['cron']['item']);
 	for($x=0; $x<$cron_item_count; $x++) {
 		if(stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
 			if($config['cron']['item'][$x]['hour'] == "*" ) {
 		        $config['cron']['item'][$x]['hour'] = "3";
 		 		write_config("Updated bogon update frequency to 3am");
 		 		log_error("Updated bogon update frequency to 3am");
+		 	}
+		}
+	}
 	if ($config['version'] == $g['latest_config'])
 		return;		/* already at latest version */
 	// Save off config version
 	$prev_version = $config['version'];
-            b96cad97
+	include_once('auth.inc');
-df7edc
+	include_once('upgrade_config.inc');
-            e58da189
+	if (file_exists("/etc/inc/upgrade_config_custom.inc"))
 		include_once("upgrade_config_custom.inc");
-df7edc
+	/* Loop and run upgrade_VER_to_VER() until we're at current version */
 	while ($config['version'] < $g['latest_config']) {
 		$cur = $config['version'] * 10;
 		$next = $cur + 1;
 		$migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next);
-            cb0e3f8e
+		if (function_exists($migration_function))
 			$migration_function();
-            e58da189
+		$migration_function = "{$migration_function}_custom";
 		if (function_exists($migration_function))
 			$migration_function();
-df7edc
+		$config['version'] = sprintf('%.1f', $next / 10);
-cf9fcd
+		if($g['booting'])
 			echo ".";
-df7edc
+            Erik
 	$now = date("H:i:s");
 	log_error("Ended Configuration upgrade at $now");
 	if ($prev_version != $config['version'])
 		write_config("Upgraded config version level from {$prev_version} to {$config['version']}");
+}
-            ddd42db3
+/****f* config/safe_write_file
  * NAME
  *   safe_write_file - Write a file out atomically
  * DESCRIPTION
  *   safe_write_file() Writes a file out atomically by first writing to a
  *   temporary file of the same name but ending with the pid of the current
  *   process, them renaming the temporary file over the original.
  * INPUTS
  *   $filename  - string containing the filename of the file to write
  *   $content   - string containing the file content to write to file
  *   $force_binary      - boolean denoting whether we should force binary
  *   mode writing.
  * RESULT
  *   boolean - true if successful, false if not
  ******/
 function safe_write_file($file, $content, $force_binary) {
-d1548
+	$tmp_file = $file . "." . getmypid();
 	$write_mode = $force_binary ? "wb" : "w";
-            ddd42db3
+            Ermal Lu?i
-d1548
+	$fd = fopen($tmp_file, $write_mode);
 	if (!$fd) {
 		// Unable to open temporary file for writing
 		return false;
-            ddd42db3
+            Ermal Lu?i
-d1548
+	if (!fwrite($fd, $content)) {
 		// Unable to write to temporary file
-bc5bcc
+		fclose($fd);
-d1548
+		return false;
+	}
 	fflush($fd);
 	fclose($fd);
-            ddd42db3
+            Ermal Lu?i
-d1548
+	if (!rename($tmp_file, $file)) {
 		// Unable to move temporary file to original
 		@unlink($tmp_file);
 		return false;
+	}
-bc5bcc
+            Scott Ullrich
-d1548
+	// Sync file before returning
 	pfSense_sync();
-bc5bcc
+            Scott Ullrich
-d1548
+	return true;
-            ddd42db3
+            Ermal Lu?i
-df7edc
+/****f* config/write_config
  * NAME
  *   write_config - Backup and write the firewall configuration.
  * DESCRIPTION
  *   write_config() handles backing up the current configuration,
  *   applying changes, and regenerating the configuration cache.
  * INPUTS
  *   $desc	- string containing the a description of configuration changes
  *   $backup	- boolean: do not back up current configuration if false.
  * RESULT
  *   null
  ******/
 /* save the system configuration */
 function write_config($desc="Unknown", $backup = true) {
 	global $config, $g;
-b8057
+	/* TODO: Not sure what this was added for; commenting out
 	 *       for now, since it was preventing config saving. */
 	// $config = parse_config(true, false, false);
-e9a3392
+            Scott Ullrich
-            a8f9f07e
+	/* Comment this check out for now. There aren't any current issues that
 	 *   make this problematic, and it makes users think there is a problem
 	 *   when one doesn't really exist.
-            fa09d1b8
+	if($g['booting'])
-df7edc
+		log_error("WARNING! Configuration written on bootup.  This can cause stray openvpn and load balancing items in config.xml");
-            a8f9f07e
+	*/
-df7edc
+            Erik
-            ba4f6e1d
+	$username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username'];
-df7edc
+	if($backup)
 		backup_config();
-af3a589
+	if (!is_array($config['revision']))
 		$config['revision'] = array();
-df7edc
+	if (time() > mktime(0, 0, 0, 9, 1, 2004))       /* make sure the clock settings are plausible */
-d5
+		$config['revision']['time'] = time();
-df7edc
+            Erik
 	/* Log the running script so it's not entirely unlogged what changed */
-c1c
+	if ($desc == "Unknown")
-d52a9b9
+		$desc = "{$_SERVER['SCRIPT_NAME']} made unknown change";
-df7edc
+            Erik
-            ba4f6e1d
+	$config['revision']['description'] = "{$username}: " . $desc;
 	$config['revision']['username'] = $username;
-df7edc
+            Erik
-            b6c34bfc
+	conf_mount_rw();
 	$lockkey = lock('config', LOCK_EX);
-df7edc
+            Erik
 	/* generate configuration XML */
 	$xmlconfig = dump_xml_config($config, $g['xml_rootobj']);
-bf8e8e
+	/* write new configuration */
 	if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) {
-df7edc
+		log_error("WARNING: Config contents could not be save. Could not open file!");
 		unlock($lockkey);
-f1ca1d
+		file_notice("config.xml", "Unable to open {$g['cf_conf_path']}/config.xml for writing in write_config()\n");
-d5
+		return -1;
-            e5977136
+            Scott Ullrich
-bf8e8e
+            Scott Ullrich
-df7edc
+	if($g['platform'] == "embedded" or $g['platform'] == "nanobsd") {
 		cleanup_backupcache(5, true);
 	} else {
 		cleanup_backupcache(30, true);
+	}
 	/* re-read configuration */
-d5
+	/* NOTE: We assume that the file can be parsed since we wrote it. */
-df7edc
+	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
-            e490f995
+	if ($config == -1) {
 		$last_backup = discover_last_backup();
 		if ($last_backup)
 			restore_backup("/cf/conf/backup/{$last_backup}");
 		else
 			log_error(gettext("Could not restore config.xml."));
 	} else
 		generate_config_cache($config);
-df7edc
+            Erik
 	unlock($lockkey);
 	unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
-b96ea6
+            Scott Ullrich
-            b6c34bfc
+	/* tell kernel to sync fs data */
 	conf_mount_ro();
-df7edc
+	/* sync carp entries to other firewalls */
-b96ea6
+	carp_sync_client();
-df7edc
+            Erik
 	if(is_dir("/usr/local/pkg/write_config")) {
 		/* process packager manager custom rules */
 		run_plugins("/usr/local/pkg/write_config/");
+	}
 	return $config;
+}
 /****f* config/reset_factory_defaults
  * NAME
  *   reset_factory_defaults - Reset the system to its default configuration.
  * RESULT
  *   integer	- indicates completion
  ******/
 function reset_factory_defaults($lock = false) {
 	global $g;
 	conf_mount_rw();
-            b6c34bfc
+	if (!$lock)
 		$lockkey = lock('config', LOCK_EX);
-df7edc
+            Erik
 	/* create conf directory, if necessary */
 	safe_mkdir("{$g['cf_conf_path']}");
 	/* clear out /conf */
 	$dh = opendir($g['conf_path']);
 	while ($filename = readdir($dh)) {
 		if (($filename != ".") && ($filename != "..")) {
 			unlink_if_exists($g['conf_path'] . "/" . $filename);
+		}
+	}
 	closedir($dh);
 	/* copy default configuration */
 	copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml");
-f806eca
+	disable_security_checks();
-df7edc
+	/* call the wizard */
 	touch("/conf/trigger_initial_wizard");
 	if (!$lock)
 		unlock($lockkey);
-            b6c34bfc
+	conf_mount_ro();
-df7edc
+            Erik
 	return 0;
+}
 function config_restore($conffile) {
 	global $config, $g;
 	if (!file_exists($conffile))
 		return 1;
 	backup_config();
-            f2087c85
+	conf_mount_rw();
-            b6c34bfc
+	$lockkey = lock('config', LOCK_EX);
-df7edc
+            Erik
 	unlink_if_exists("{$g['tmp_path']}/config.cache");
-            e490f995
+	copy($conffile, "{$g['cf_conf_path']}/config.xml");
-df7edc
+            Erik
-f806eca
+	disable_security_checks();
-df7edc
+	unlock($lockkey);
 	$config = parse_config(true);
 	conf_mount_ro();
-            e296b183
+	write_config("Reverted to " . array_pop(explode("/", $conffile)) . ".", false);
-df7edc
+	return 0;
+}
 function config_install($conffile) {
 	global $config, $g;
 	if (!file_exists($conffile))
 		return 1;
 	if (!config_validate("{$conffile}"))
 		return 1;
 	if($g['booting'] == true)
 		echo "Installing configuration...\n";
 	else
 		log_error("Installing configuration ....");
 	conf_mount_rw();
-            b6c34bfc
+	$lockkey = lock('config', LOCK_EX);
-df7edc
+            Erik
 	copy($conffile, "{$g['conf_path']}/config.xml");
-f806eca
+	disable_security_checks();
-df7edc
+	/* unlink cache file if it exists */
 	if(file_exists("{$g['tmp_path']}/config.cache"))
 		unlink("{$g['tmp_path']}/config.cache");
 	unlock($lockkey);
 	conf_mount_ro();
     return 0;
+}
-f806eca
+/*
  * Disable security checks for DNS rebind and HTTP referrer until next time
  * they pass (or reboot), to aid in preventing accidental lockout when
  * restoring settings like hostname, domain, IP addresses, and settings
  * related to the DNS rebind and HTTP referrer checks.
  * Intended for use when restoring a configuration or directly
  * modifying config.xml without an unconditional reboot.
  */
 function disable_security_checks() {
 	global $g;
 	touch("{$g['tmp_path']}/disable_security_checks");
+}
 /* Restores security checks.  Should be called after all succeed. */
 function restore_security_checks() {
 	global $g;
 	unlink_if_exists("{$g['tmp_path']}/disable_security_checks");
+}
 /* Returns status of security check temporary disable. */
 function security_checks_disabled() {
 	global $g;
 	return file_exists("{$g['tmp_path']}/disable_security_checks");
+}
-df7edc
+function config_validate($conffile) {
 	global $g, $xmlerr;
 	$xml_parser = xml_parser_create();
 	if (!($fp = fopen($conffile, "r"))) {
 		$xmlerr = "XML error: unable to open file";
 		return false;
+	}
 	while ($data = fread($fp, 4096)) {
 		if (!xml_parse($xml_parser, $data, feof($fp))) {
 			$xmlerr = sprintf("%s at line %d",
 						xml_error_string(xml_get_error_code($xml_parser)),
 						xml_get_current_line_number($xml_parser));
 			return false;
+		}
+	}
 	xml_parser_free($xml_parser);
 	fclose($fp);
 	return true;
+}
 function cleanup_backupcache($revisions = 30, $lock = false) {
 	global $g;
 	$i = false;
 	if (!$lock)
 		$lockkey = lock('config');
-            cd25a2b2
+            jim-p
 	conf_mount_rw();
 	$backups = get_backups();
 	if ($backups) {
-df7edc
+		$baktimes = $backups['versions'];
 		unset($backups['versions']);
-            cd25a2b2
+	} else {
 		$backups = array();
 		$baktimes = array();
+	}
 	$newbaks = array();
 	$bakfiles = glob($g['cf_conf_path'] . "/backup/config-*");
 	$tocache = array();
-df7edc
+            Erik
-            cd25a2b2
+	foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache.
 		if(filesize($backup) == 0) {
 			unlink($backup);
 			continue;
+		}
 		$tocheck = array_shift(explode('.', array_pop(explode('-', $backup))));
 		if(!in_array($tocheck, $baktimes)) {
 			$i = true;
 			if($g['booting'])
 				echo ".";
-d7c03
+			$newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense'));
-            cd25a2b2
+			if($newxml == "-1") {
 				log_error("The backup cache file $backup is corrupted.  Unlinking.");
 				unlink($backup);
 				log_error("The backup cache file $backup is corrupted.  Unlinking.");
 				continue;
-df7edc
+            Erik
-            cd25a2b2
+			if($newxml['revision']['description'] == "")
 				$newxml['revision']['description'] = "Unknown";
 			$tocache[$tocheck] = array('description' => $newxml['revision']['description']);
-df7edc
+            Erik
-            cd25a2b2
+            jim-p
 	foreach($backups as $checkbak) {
 		if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) {
 			$newbaks[] = $checkbak;
 		} else {
 			$i = true;
 			if($g['booting']) print " " . $tocheck . "r";
+		}
+	}
 	foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']);
 	if(is_int($revisions) and (count($tocache) > $revisions)) {
 		$toslice = array_slice(array_keys($tocache), 0, $revisions);
 		foreach($toslice as $sliced)
 			$newcache[$sliced] = $tocache[$sliced];
 		foreach($tocache as $version => $versioninfo) {
 			if(!in_array($version, array_keys($newcache))) {
 				unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml');
-c42331b
+				//if($g['booting']) print " " . $tocheck . "d";
-df7edc
+            Erik
+		}
-            cd25a2b2
+		$tocache = $newcache;
-df7edc
+            Erik
-            cd25a2b2
+	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
 	fwrite($bakout, serialize($tocache));
 	fclose($bakout);
 	conf_mount_ro();
-df7edc
+	if (!$lock)
 		unlock($lockkey);
+}
 function get_backups() {
 	global $g;
 	if(file_exists("{$g['cf_conf_path']}/backup/backup.cache")) {
 		$confvers = unserialize(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"));
 		$bakvers = array_keys($confvers);
 		$toreturn = array();
 		sort($bakvers);
 		// 	$bakvers = array_reverse($bakvers);
 		foreach(array_reverse($bakvers) as $bakver)
 			$toreturn[] = array('time' => $bakver, 'description' => $confvers[$bakver]['description']);
 	} else {
 		return false;
+	}
 	$toreturn['versions'] = $bakvers;
 	return $toreturn;
+}
 function backup_config() {
 	global $config, $g;
 	if($g['platform'] == "cdrom")
 		return;
 	conf_mount_rw();
 	/* Create backup directory if needed */
 	safe_mkdir("{$g['cf_conf_path']}/backup");
     if($config['revision']['time'] == "") {
             $baktime = 0;
     } else {
             $baktime = $config['revision']['time'];
+    }
     if($config['revision']['description'] == "") {
             $bakdesc = "Unknown";
     } else {
             $bakdesc = $config['revision']['description'];
+    }
     copy($g['cf_conf_path'] . '/config.xml', $g['cf_conf_path'] . '/backup/config-' . $baktime . '.xml');
     if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) {
             $backupcache = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache'));
     } else {
             $backupcache = array();
+    }
     $backupcache[$baktime] = array('description' => $bakdesc);
     $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
     fwrite($bakout, serialize($backupcache));
     fclose($bakout);
 	conf_mount_ro();
 	return true;
+}
 function set_device_perms() {
 	$devices = array(
-c9548
+		'pf'	=> array(	'user'	=> 'root',
-df7edc
+					'group'	=> 'proxy',
 					'mode'	=> 0660),
 		);
 	foreach ($devices as $name => $attr) {
 		$path = "/dev/$name";
 		if (file_exists($path)) {
 			chown($path, $attr['user']);
 			chgrp($path, $attr['group']);
 			chmod($path, $attr['mode']);
+		}
+	}
+}
-e18082
+?>

Project

General

Profile

pfSense