/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ 86900074

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33			pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
34			pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/bin/netstat /usr/sbin/syslogd
35			pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36			pfSense_BUILDER_BINARIES: /usr/bin/tar /bin/sync /usr/local/sbin/ntpd /usr/sbin/ntpdate
37			pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit
38			pfSense_MODULE: utils
39			*/
40	0f282d7a	Scott Ullrich
41	8e9fa41d	Scott Ullrich	function activate_powerd() {
42			global $config, $g;
43			if(isset($config['system']['powerd_enable'])) {
44			exec("/usr/sbin/powerd -b adp -a adp");
45			} else {
46			exec("/usr/bin/killall powerd");
47			}
48			}
49
50	6df9d7e3	Scott Ullrich	function activate_sysctls() {
51			global $config, $g;
52	d36e6e3b	Ermal Luçi
53	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
54	ddcb7b8c	Bill Marquette	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
55	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
56	c0192947	Scott Ullrich	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
57	99e88aa0	Ermal Luçi
58			if (is_array($config['sysctl']))
59			foreach ($config['sysctl']['item'] as $tunable)
60			mwexec("sysctl " . $tunable['tunable'] . "=\""
61			. $tunable['value'] . "\"");
62	6df9d7e3	Scott Ullrich	}
63
64	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
65	c3f535c0	Seth Mos	global $config, $g;
66
67			if(isset($config['system']['developerspew'])) {
68			$mt = microtime();
69			echo "system_resolvconf_generate() being called $mt\n";
70			}
71	ef217c69	Scott Ullrich
72			$syscfg = $config['system'];
73
74			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
75			if (!$fd) {
76			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
77			return 1;
78			}
79
80			$resolvconf = "domain {$syscfg['domain']}\n";
81
82			$havedns = false;
83
84			if (isset($syscfg['dnsallowoverride'])) {
85	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
86			$ns = array_unique(get_nameservers());
87			foreach($ns as $nameserver) {
88			if($nameserver) {
89			$resolvconf .= "nameserver $nameserver\n";
90			$havedns = true;
91	e428c94d	Scott Ullrich	}
92	c3f535c0	Seth Mos	}
93	ef217c69	Scott Ullrich	}
94			if (!$havedns && is_array($syscfg['dnsserver'])) {
95	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
96			if ($ns) {
97			$resolvconf .= "nameserver $ns\n";
98			$havedns = true;
99	e428c94d	Scott Ullrich	}
100	e180a6e3	Scott Ullrich	}
101	c3f535c0	Seth Mos	}
102	0f282d7a	Scott Ullrich
103	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
104			fclose($fd);
105	0f282d7a	Scott Ullrich
106	ef217c69	Scott Ullrich	if (!$g['booting']) {
107	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
108			if (!$dynupdate)
109			services_dhcpd_configure();
110	ef217c69	Scott Ullrich	}
111
112	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
113			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
114			/* setup static routes for dns servers */
115			$dnsgw = "dns{$dnscounter}gwint";
116			if (isset($config['system'][$dnsgw])) {
117			$interface = $config['system'][$dnsgw];
118			if (($interface <> "") && ($interface <> "none")) {
119			$gatewayip = get_interface_gateway($interface);
120			if(is_ipaddr($gatewayip)) {
121			/* dns server array starts at 0 */
122	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
123	c3f535c0	Seth Mos	mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}");
124			mwexec("route add -host {$syscfg['dnsserver'][$dnscountermo]} {$gatewayip}");
125	b875f306	Scott Ullrich	}
126			}
127	e180a6e3	Scott Ullrich	}
128	c3f535c0	Seth Mos	}
129
130			return 0;
131	5b237745	Scott Ullrich	}
132
133	3d00ccaa	Scott Ullrich	function get_nameservers() {
134			global $config, $g;
135			$master_list = array();
136	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
137	0cbcf355	Scott Ullrich	if(is_array($dns_lists)) {
138	60951398	Scott Ullrich	foreach($dns_lists as $dns) {
139			if(!$dns)
140			continue;
141			$items = split("\n", file_get_contents($dns));
142			foreach($items as $item)
143			if($item <> "")
144			$master_list[] = $item;
145			}
146	3d00ccaa	Scott Ullrich	}
147	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
148			return $master_list;
149			$dns = `cat /var/etc/nameservers.conf`;
150			$dns_s = split("\n", $dns);
151	0dbac999	Scott Ullrich	if(is_array($dns_s))
152			foreach($dns_s as $dns)
153			$master_list[] = $dns;
154	3d00ccaa	Scott Ullrich	return $master_list;
155			}
156
157	5b237745	Scott Ullrich	function system_hosts_generate() {
158	f19d3b7a	Scott Ullrich	global $config, $g;
159	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
160			$mt = microtime();
161	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
162	f19d3b7a	Scott Ullrich	}
163	0f282d7a	Scott Ullrich
164	5b237745	Scott Ullrich	$syscfg = $config['system'];
165			$lancfg = $config['interfaces']['lan'];
166	a55e9c70	Ermal Lu?i	$lancfgip = get_interface_ip("lan");
167	5b237745	Scott Ullrich	$dnsmasqcfg = $config['dnsmasq'];
168
169			if (!is_array($dnsmasqcfg['hosts'])) {
170			$dnsmasqcfg['hosts'] = array();
171			}
172			$hostscfg = $dnsmasqcfg['hosts'];
173	0f282d7a	Scott Ullrich
174	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
175			if (!$fd) {
176	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
177	5b237745	Scott Ullrich	return 1;
178			}
179	0f282d7a	Scott Ullrich
180	5b237745	Scott Ullrich	$hosts = <<<EOD
181			127.0.0.1 localhost localhost.{$syscfg['domain']}
182	a55e9c70	Ermal Lu?i
183			EOD;
184			if (is_ipaddr($lancfgip))
185			$hosts .= <<<EOD
186			{$lancfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
187	5b237745	Scott Ullrich
188			EOD;
189	0f282d7a	Scott Ullrich
190	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
191			if ($host['host'])
192			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
193			else
194			$hosts .= "{$host['ip']} {$host['domain']}\n";
195			}
196	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
197			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
198			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
199	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
200	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
201			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
202	a56e787d	Scott Ullrich	}
203	5b237745	Scott Ullrich	fwrite($fd, $hosts);
204			fclose($fd);
205	0f282d7a	Scott Ullrich
206	5b237745	Scott Ullrich	return 0;
207			}
208
209			function system_hostname_configure() {
210	f19d3b7a	Scott Ullrich	global $config, $g;
211	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
212			$mt = microtime();
213	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
214	333f8ef0	Scott Ullrich	}
215	0f282d7a	Scott Ullrich
216	5b237745	Scott Ullrich	$syscfg = $config['system'];
217	0f282d7a	Scott Ullrich
218	5b237745	Scott Ullrich	/* set hostname */
219	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
220	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
221	6bfccde7	Scott Ullrich
222			/* Setup host GUID ID. This is used by ZFS. */
223			mwexec("/etc/rc.d/hostid start");
224
225			return $status;
226	5b237745	Scott Ullrich	}
227
228			function system_routing_configure() {
229	f19d3b7a	Scott Ullrich	global $config, $g;
230	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
231			$mt = microtime();
232	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
233	58c7450e	Scott Ullrich	}
234	333f8ef0	Scott Ullrich
235	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
236			if(isset($config['staticroutes']['enablefastrouting']))
237			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
238
239	6e17413e	Ermal Lu?i	$route_str = exec_command("/usr/bin/netstat -rn");
240	e0b4e47f	Seth Mos
241	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
242			if (file_exists("{$g['vardb_path']}/routes.db")) {
243			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
244			if (!$fd) {
245			printf("Error: cannot open routes DB file in system_routing_configure().\n");
246	0f282d7a	Scott Ullrich	return 1;
247	5b237745	Scott Ullrich	}
248			while (!feof($fd)) {
249	b24bda08	Scott Ullrich	$oldrt = trim(fgets($fd));
250			if (($oldrt) && (stristr($route_str, $oldrt)))
251			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
252	5b237745	Scott Ullrich	}
253			fclose($fd);
254			unlink("{$g['vardb_path']}/routes.db");
255			}
256	0f282d7a	Scott Ullrich
257	d173230c	Seth Mos	/* if list */
258	b6db9217	Ermal Luçi	$iflist = get_configured_interface_list();
259	d173230c	Seth Mos
260	b24bda08	Scott Ullrich	$dont_remove_route = false;
261			foreach ($iflist as $ifent => $ifname) {
262	6e17413e	Ermal Lu?i	/*
263			* XXX: The value of this is really when this function can take
264			* an interface as parameter.
265			*/
266	b24bda08	Scott Ullrich	/* do not process interfaces that will end up with gateways */
267	6e17413e	Ermal Lu?i	if (interface_has_gateway($ifent) \|\|
268			$config['interfaces'][$ifent]['ipaddr'] == "carpdev-dhcp") {
269	b24bda08	Scott Ullrich	$dont_remove_route = true;
270	6e17413e	Ermal Lu?i	break;
271			}
272	b24bda08	Scott Ullrich	}
273	d173230c	Seth Mos
274	6e17413e	Ermal Lu?i	if ($dont_remove_route == false) {
275	b24bda08	Scott Ullrich	/* remove default route */
276			mwexec("/sbin/route delete default", true);
277	d173230c	Seth Mos	}
278
279			$dont_add_route = false;
280			/* if OLSRD is enabled, allow WAN to house DHCP. */
281			if($config['installedpackages']['olsrd']) {
282			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
283			if($olsrd['enabledyngw'] == "on") {
284			$dont_add_route = true;
285	6e17413e	Ermal Lu?i	break;
286	d173230c	Seth Mos	}
287			}
288			}
289
290			if($dont_add_route == false) {
291	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
292	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
293			if(isset($gateway['defaultgw'])) {
294	b24bda08	Scott Ullrich	$gatewayip = $gateway['gateway'];
295			$interfacegw = $gateway['interface'];
296	3b9758de	Seth Mos	}
297	d173230c	Seth Mos	}
298	b24bda08	Scott Ullrich	if(($interfacegw <> "bgpd") && (is_ipaddr($gatewayip)))
299			mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
300	ef9ed4cd	Chris Buechler	} else {
301	69c8c66c	Seth Mos	/* FIXME */
302	ef9ed4cd	Chris Buechler	/* adding gateway for 1.2-style configs without the new
303			gateway setup configured.
304			Force WAN to be default gateway because that is the
305			1.2 behavior.
306			*/
307			if (is_ipaddr($config['interfaces']['wan']['gateway'])) {
308			$gatewayip = $config['interfaces']['wan']['gateway'];
309	4e7a2819	Seth Mos	mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
310	ef9ed4cd	Chris Buechler	}
311	d173230c	Seth Mos	}
312			}
313
314	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
315	0f282d7a	Scott Ullrich
316	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
317			if (!$fd) {
318			printf("Error: cannot open routes DB file in system_routing_configure().\n");
319	0f282d7a	Scott Ullrich	return 1;
320	5b237745	Scott Ullrich	}
321	0f282d7a	Scott Ullrich
322	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
323	c66f54e4	Seth Mos	unset($gatewayip);
324			unset($interfacegw);
325	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
326	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
327			if($rtent['gateway'] == $gateway['name']) {
328			$gatewayip = $gateway['gateway'];
329			$interfacegw = $gateway['interface'];
330			}
331	d173230c	Seth Mos	}
332			}
333	b24bda08	Scott Ullrich	if((is_ipaddr($rtent['gateway'])) && ($gatewayip == "")) {
334			$gatewayip = $rtent['gateway'];
335			$interfacegw = $rtent['interface'];
336			}
337	c66f54e4	Seth Mos	if((isset($rtent['interfacegateway'])) && (! is_ipaddr($gatewayip))){
338	b24bda08	Scott Ullrich	mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
339			" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw)));
340			} else {
341			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
342			" " . escapeshellarg($gatewayip));
343	7a98edde	Seth Mos	}
344	b24bda08	Scott Ullrich	/* record route so it can be easily removed later (if necessary) */
345			fwrite($fd, $rtent['network'] . "\n");
346	5b237745	Scott Ullrich	}
347	0f282d7a	Scott Ullrich	fclose($fd);
348	5b237745	Scott Ullrich	}
349	67ee1ec5	Ermal Luçi
350	b9c501ea	Seth Mos	return 0;
351	5b237745	Scott Ullrich	}
352
353	b24bda08	Scott Ullrich
354	5b237745	Scott Ullrich	function system_routing_enable() {
355	f19d3b7a	Scott Ullrich	global $config, $g;
356	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
357			$mt = microtime();
358	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
359	58c7450e	Scott Ullrich	}
360	0f282d7a	Scott Ullrich
361	5e041d5f	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
362	5b237745	Scott Ullrich	}
363
364			function system_syslogd_start() {
365	f19d3b7a	Scott Ullrich	global $config, $g;
366	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
367			$mt = microtime();
368	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
369	58c7450e	Scott Ullrich	}
370	0f282d7a	Scott Ullrich
371	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
372
373	0f282d7a	Scott Ullrich	if ($g['booting'])
374	f05740c1	Scott Ullrich	echo "Starting syslog...";
375	5b237745	Scott Ullrich	else
376			killbypid("{$g['varrun_path']}/syslog.pid");
377	0f282d7a	Scott Ullrich
378	fa60d6f7	Scott Ullrich	mwexec("/usr/bin/killall -9 syslogd");
379			mwexec("/usr/bin/killall -9 fifolog_writer");
380	7ee97cb3	Scott Ullrich
381			// Define carious commands for logging
382			$fifolog_create = "/usr/sbin/fifolog_create -s ";
383			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
384			$clog_create = "/usr/sbin/clog -i -s ";
385			$clog_log = "%";
386
387			// Which logging type are we using this week??
388			if(isset($config['system']['usefifolog'])) {
389			$log_directive = $fifolog_log;
390			$log_create_directive = $fifolog_create;
391			} else { // Defaults to CLOG
392			$log_directive = $clog_log;
393			$log_create_directive = $clog_create;
394			}
395
396	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
397	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
398	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
399	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
400			if($package['logging']) {
401	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
402	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
403	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
404	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
405	fe5f3b38	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
406	a728d2ea	Colin Smith	}
407	0d9d2a1b	Scott Ullrich	}
408			}
409	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
410	0d9d2a1b	Scott Ullrich	/* write syslog.conf */
411	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
412			if (!$fd) {
413			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
414			return 1;
415			}
416	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
417	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
418	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
419	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
420	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
421	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
422	a164029f	Seth Mos	$syslogconf .= "!apinger\n";
423			if (!isset($syslogcfg['disablelocallogging']))
424			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/slbd.log\n";
425	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
426			if($syslogcfg['remoteserver'])
427			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
428			if($syslogcfg['remoteserver2'])
429			$syslogconf .= ". @{$syslogcfg['remoteserver2']}\n";
430			if($syslogcfg['remoteserver3'])
431			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
432			}
433	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
434	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
435	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
436	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
437			if($syslogcfg['remoteserver'])
438			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
439			if($syslogcfg['remoteserver2'])
440			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
441			if($syslogcfg['remoteserver3'])
442			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
443			}
444	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
445	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
446	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
447	fe5f3b38	Scott Ullrich	local0.* {$log_directive}{$g['varlog_path']}/filter.log
448	f441ab68	Ermal Lu?i	!mpd
449			. {$log_directive}{$g['varlog_path']}/vpn.log
450	fe5f3b38	Scott Ullrich	local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
451			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
452			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
453			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
454			local7.none {$log_directive}{$g['varlog_path']}/system.log
455			security.* {$log_directive}{$g['varlog_path']}/system.log
456			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
457			local1.* {$log_directive}{$g['varlog_path']}/relayd.log
458	9dac9942	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
459			.emerg
460	0a123b4c	Scott Ullrich
461	5b237745	Scott Ullrich	EOD;
462	be5d59d7	Scott Ullrich	if (isset($syslogcfg['filter'])) {
463			if($syslogcfg['remoteserver'])
464			$syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n";
465			if($syslogcfg['remoteserver2'])
466			$syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n";
467			if($syslogcfg['remoteserver3'])
468			$syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n";
469
470			}
471			if (isset($syslogcfg['vpn'])) {
472			if($syslogcfg['remoteserver'])
473			$syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n";
474			if($syslogcfg['remoteserver2'])
475			$syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n";
476			if($syslogcfg['remoteserver3'])
477			$syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n";
478			}
479			if (isset($syslogcfg['portalauth'])) {
480			if($syslogcfg['remoteserver'])
481			$syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n";
482			if($syslogcfg['remoteserver2'])
483			$syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n";
484			if($syslogcfg['remoteserver3'])
485			$syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n";
486			}
487			if (isset($syslogcfg['dhcp'])) {
488			if($syslogcfg['remoteserver'])
489			$syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n";
490			if($syslogcfg['remoteserver2'])
491			$syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n";
492			if($syslogcfg['remoteserver3'])
493			$syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n";
494			}
495			if (isset($syslogcfg['system'])) {
496			if($syslogcfg['remoteserver'])
497			$syslogconf .= <<<EOD
498	9dac9942	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
499			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
500			security.* @{$syslogcfg['remoteserver']}
501			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
502			*.emerg @{$syslogcfg['remoteserver']}
503	d2834563	Scott Ullrich
504	5b237745	Scott Ullrich	EOD;
505	be5d59d7	Scott Ullrich
506			if (isset($syslogcfg['system'])) {
507			if($syslogcfg['remoteserver2'])
508			$syslogconf .= <<<EOD
509			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']}
510			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']}
511			security.* @{$syslogcfg['remoteserver2']}
512			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']}
513			*.emerg @{$syslogcfg['remoteserver2']}
514
515			EOD;
516
517			if (isset($syslogcfg['system'])) {
518			if($syslogcfg['remoteserver3'])
519			$syslogconf .= <<<EOD
520			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']}
521			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']}
522			security.* @{$syslogcfg['remoteserver3']}
523			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']}
524			*.emerg @{$syslogcfg['remoteserver3']}
525
526			EOD;
527
528			}
529	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
530	be5d59d7	Scott Ullrich	if($syslogcfg['remoteserver'])
531			$syslogconf .= <<<EOD
532	4ef2d703	Chris Buechler	. @{$syslogcfg['remoteserver']}
533
534			EOD;
535	be5d59d7	Scott Ullrich
536			}
537			if($syslogcfg['remoteserver2'])
538			$syslogconf .= <<<EOD
539			. @{$syslogcfg['remoteserver2']}
540
541			EOD;
542
543			}
544			if($syslogcfg['remoteserver3'])
545			$syslogconf .= <<<EOD
546			. @{$syslogcfg['remoteserver3']}
547
548			EOD;
549
550			}
551	5b237745	Scott Ullrich	fwrite($fd, $syslogconf);
552			fclose($fd);
553	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
554			if(strpos($syslogconf, "@") != false)
555	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
556	6a638a89	Scott Ullrich	else
557	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
558	5b237745	Scott Ullrich
559			} else {
560	c9f8d4f5	Ermal Lu?i	$retval = mwexec("/usr/sbin/syslogd -c");
561	5b237745	Scott Ullrich	}
562	0f282d7a	Scott Ullrich
563	5b237745	Scott Ullrich	if ($g['booting'])
564	5c6d0f65	Colin Smith	echo "done.\n";
565	0f282d7a	Scott Ullrich
566	5b237745	Scott Ullrich	return $retval;
567			}
568
569			function system_pccard_start() {
570	f19d3b7a	Scott Ullrich	global $config, $g;
571	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
572			$mt = microtime();
573	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
574	58c7450e	Scott Ullrich	}
575	0f282d7a	Scott Ullrich
576	5b237745	Scott Ullrich	if ($g['booting'])
577	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
578	0f282d7a	Scott Ullrich
579	5b237745	Scott Ullrich	/* kill any running pccardd */
580			killbypid("{$g['varrun_path']}/pccardd.pid");
581	0f282d7a	Scott Ullrich
582	5b237745	Scott Ullrich	/* fire up pccardd */
583			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
584	0f282d7a	Scott Ullrich
585	5b237745	Scott Ullrich	if ($g['booting']) {
586			if ($res == 0)
587	5c6d0f65	Colin Smith	echo "done.\n";
588	5b237745	Scott Ullrich	else
589	5c6d0f65	Colin Smith	echo "failed!\n";
590	5b237745	Scott Ullrich	}
591	0f282d7a	Scott Ullrich
592	5b237745	Scott Ullrich	return $res;
593			}
594
595	819197a8	Scott Ullrich
596	5b237745	Scott Ullrich	function system_webgui_start() {
597	f19d3b7a	Scott Ullrich	global $config, $g;
598	877ac35d	Scott Ullrich
599			if ($g['booting'])
600	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
601	877ac35d	Scott Ullrich
602	383a4439	Scott Ullrich	/* kill any running lighttpd */
603	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
604
605	e9d0bf64	Scott Ullrich	sleep(1);
606
607	877ac35d	Scott Ullrich	chdir($g['www_path']);
608
609	fb1266d3	Matthew Grooms	/* defaults */
610			$portarg = "80";
611			$crt = "";
612			$key = "";
613	2cf6ddcb	Nigel Graham	$ca = "";
614	fb1266d3	Matthew Grooms
615	877ac35d	Scott Ullrich	/* non-standard port? */
616	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
617	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
618	877ac35d	Scott Ullrich
619			if ($config['system']['webgui']['protocol'] == "https") {
620
621	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
622			if(is_array($cert) && $cert['crt'] && $cert['prv']) {
623			$crt = base64_decode($cert['crt']);
624			$key = base64_decode($cert['prv']);
625			if(!$config['system']['webgui']['port'])
626			$portarg = "443";
627	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
628	fb1266d3	Matthew Grooms	} else
629			log_error("Invalid webConfigurator https certificate, defaulting to http");
630	877ac35d	Scott Ullrich	}
631
632			/* generate lighttpd configuration */
633			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
634	2cf6ddcb	Nigel Graham	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
635	877ac35d	Scott Ullrich
636			/* attempt to start lighthttpd */
637			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
638
639			if ($g['booting']) {
640			if ($res == 0)
641			echo "done.\n";
642			else
643			echo "failed!\n";
644			}
645
646			return $res;
647			}
648
649	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
650			$cert,
651			$key,
652	2cf6ddcb	Nigel Graham	$ca,
653	eb0f441c	Scott Ullrich	$pid_file,
654			$port = 80,
655			$document_root = "/usr/local/www/",
656			$cert_location = "cert.pem",
657	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
658	b5317d07	Scott Ullrich	$max_procs = 2,
659	eb0f441c	Scott Ullrich	$max_requests = "1",
660			$fast_cgi_enable = true,
661			$captive_portal = false) {
662	58c7450e	Scott Ullrich
663	f19d3b7a	Scott Ullrich	global $config, $g;
664
665	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
666			$mt = microtime();
667	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
668	58c7450e	Scott Ullrich	}
669
670	eb0f441c	Scott Ullrich	if($captive_portal == true) {
671			$captiveportal = ",\"mod_rewrite\"";
672	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
673	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
674			$maxprocperip = $config['captiveportal']['maxprocperip'];
675	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
676			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
677			else
678			$captive_portal_mod_evasive = "";
679	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
680			exec("mkdir -p /tmp/captiveportal");
681			exec("chmod a-w /tmp/captiveportal");
682	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
683	b0bdc06e	Scott Ullrich	} else {
684			$captive_portal_module = "";
685			$captive_portal_mod_evasive = "";
686	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
687	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
688	eb0f441c	Scott Ullrich	}
689	3306a341	Scott Ullrich
690	28cae949	Scott Ullrich	if($port <> "")
691			$lighty_port = $port;
692			else
693			$lighty_port = "80";
694	3d77d4c4	Scott Ullrich
695			$memory = get_memory();
696			$avail = $memory[0];
697
698	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
699			$fast_cgi_enable = false;
700			}
701
702			if($avail > 65 and $avail < 98) {
703	f994f4d6	Scott Ullrich	$max_procs = 1;
704	52624d2c	Scott Ullrich	}
705	1a043fa7	Scott Ullrich
706	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
707	04f4a116	Ermal Luçi	$max_procs = 1;
708	b0bdc06e	Scott Ullrich	}
709
710			if($avail > 127 and $avail < 256) {
711	04f4a116	Ermal Luçi	$max_procs = 1;
712	b0bdc06e	Scott Ullrich	}
713
714			if($avail > 255 and $avail < 384) {
715			$max_procs = 3;
716			}
717
718	8cd294de	Chris Buechler	if($avail > 383) {
719	b0bdc06e	Scott Ullrich	$max_procs = 4;
720			}
721
722	6e337a84	Scott Ullrich	if($captive_portal == true) {
723			$bin_environment = <<<EOC
724	5e041d5f	Scott Ullrich	"bin-environment" => (
725			"PHP_FCGI_CHILDREN" => "16",
726			"PHP_FCGI_MAX_REQUESTS" => "{$max_requests}"
727	6e337a84	Scott Ullrich	),
728			EOC;
729
730	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
731			$bin_environment = <<<EOC
732			"bin-environment" => (
733			"PHP_FCGI_CHILDREN" => "1",
734	b024bf2f	Scott Ullrich	/* This problem seems to stem from a little-known issue with PHP:
735			* PHP stops accepting new FastCGI connections after handling 500 requests;
736			* unfortunately, there is a potential race condition during the PHP cleanup
737			* code in which PHP can be shutting down but still have the socket open, so
738			* lighty can send request number 501 to PHP and have it "accepted", but then
739			* PHP appears to simply exit, causing a 500 return from lighty.
740			*/
741			"PHP_FCGI_MAX_REQUESTS" => "500",
742			"PHP_FCGI_CHILDREN" => "50"
743	04f4a116	Ermal Luçi	),
744
745			EOC;
746			} else
747	6e337a84	Scott Ullrich	$bin_environment = "";
748
749	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
750	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
751	4edb490d	Scott Ullrich	$cgi_config = "";
752			$fastcgi_config = <<<EOD
753			#### fastcgi module
754			## read fastcgi.txt for more info
755	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
756			( "localhost" =>
757			(
758			"socket" => "/tmp/php-fastcgi.socket",
759	5e041d5f	Scott Ullrich	"min-procs" => 1,
760	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
761	6e337a84	Scott Ullrich	{$bin_environment}
762	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
763			)
764			)
765			)
766	4edb490d	Scott Ullrich
767	dde4f60c	Scott Ullrich	#### CGI module
768	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
769	dde4f60c	Scott Ullrich
770	4edb490d	Scott Ullrich	EOD;
771			} else {
772			$fastcgi_config = "";
773			$module = "\"mod_cgi\"";
774			$cgi_config = <<<EOD
775			#### CGI module
776			cgi.assign = ( ".php" => "/usr/local/bin/php",
777	d4302f46	Espen Johansen	".cgi" => "" )
778	333f8ef0	Scott Ullrich
779	4edb490d	Scott Ullrich	EOD;
780			}
781	333f8ef0	Scott Ullrich
782	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
783	28cae949	Scott Ullrich	#
784	a632cf43	Scott Ullrich	# lighttpd configuration file
785			#
786			# use a it as base for lighttpd 1.0.0 and above
787	28cae949	Scott Ullrich	#
788	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
789
790	770b4b9c	Scott Ullrich	## FreeBSD!
791	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
792			server.network-backend = "writev"
793	096261af	Scott Ullrich
794	a632cf43	Scott Ullrich	## modules to load
795	4edb490d	Scott Ullrich	server.modules = (
796	c93ad789	Scott Ullrich	{$captive_portal_module}
797			"mod_access", "mod_accesslog", "mod_expire", "mod_compress",
798			{$module}{$captiveportal}
799			)
800	28cae949	Scott Ullrich
801			## Unused modules
802	6a019c11	Scott Ullrich	# "mod_setenv",
803			# "mod_compress"
804			# "mod_redirect",
805			# "mod_rewrite",
806	28cae949	Scott Ullrich	# "mod_ssi",
807			# "mod_usertrack",
808			# "mod_expire",
809			# "mod_secdownload",
810			# "mod_rrdtool",
811	a632cf43	Scott Ullrich	# "mod_auth",
812			# "mod_status",
813	28cae949	Scott Ullrich	# "mod_alias",
814	a632cf43	Scott Ullrich	# "mod_proxy",
815			# "mod_simple_vhost",
816			# "mod_evhost",
817			# "mod_userdir",
818	28cae949	Scott Ullrich	# "mod_cgi",
819			# "mod_accesslog"
820	a632cf43	Scott Ullrich
821	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
822			server.max-keep-alive-idle = 30
823
824	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
825			## server.virtual-* options
826	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
827	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
828	a632cf43	Scott Ullrich
829	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
830			server.max-write-idle = 999
831
832	a632cf43	Scott Ullrich	## where to send error-messages to
833	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
834	a632cf43	Scott Ullrich
835			# files to check for if .../ is requested
836			server.indexfiles = ( "index.php", "index.html",
837			"index.htm", "default.htm" )
838
839			# mimetype mapping
840			mimetype.assign = (
841			".pdf" => "application/pdf",
842			".sig" => "application/pgp-signature",
843			".spl" => "application/futuresplash",
844			".class" => "application/octet-stream",
845			".ps" => "application/postscript",
846			".torrent" => "application/x-bittorrent",
847			".dvi" => "application/x-dvi",
848			".gz" => "application/x-gzip",
849			".pac" => "application/x-ns-proxy-autoconfig",
850			".swf" => "application/x-shockwave-flash",
851			".tar.gz" => "application/x-tgz",
852			".tgz" => "application/x-tgz",
853			".tar" => "application/x-tar",
854			".zip" => "application/zip",
855			".mp3" => "audio/mpeg",
856			".m3u" => "audio/x-mpegurl",
857			".wma" => "audio/x-ms-wma",
858			".wax" => "audio/x-ms-wax",
859			".ogg" => "audio/x-wav",
860			".wav" => "audio/x-wav",
861			".gif" => "image/gif",
862			".jpg" => "image/jpeg",
863			".jpeg" => "image/jpeg",
864			".png" => "image/png",
865			".xbm" => "image/x-xbitmap",
866			".xpm" => "image/x-xpixmap",
867			".xwd" => "image/x-xwindowdump",
868			".css" => "text/css",
869			".html" => "text/html",
870			".htm" => "text/html",
871			".js" => "text/javascript",
872			".asc" => "text/plain",
873			".c" => "text/plain",
874			".conf" => "text/plain",
875			".text" => "text/plain",
876			".txt" => "text/plain",
877			".dtd" => "text/xml",
878			".xml" => "text/xml",
879			".mpeg" => "video/mpeg",
880			".mpg" => "video/mpeg",
881			".mov" => "video/quicktime",
882			".qt" => "video/quicktime",
883			".avi" => "video/x-msvideo",
884			".asf" => "video/x-ms-asf",
885			".asx" => "video/x-ms-asf",
886			".wmv" => "video/x-ms-wmv",
887			".bz2" => "application/x-bzip",
888			".tbz" => "application/x-bzip-compressed-tar",
889			".tar.bz2" => "application/x-bzip-compressed-tar"
890			)
891
892			# Use the "Content-Type" extended attribute to obtain mime type if possible
893			#mimetypes.use-xattr = "enable"
894
895			#### accesslog module
896	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
897	a632cf43	Scott Ullrich
898			## deny access the file-extensions
899			#
900			# ~ is for backupfiles from vi, emacs, joe, ...
901			# .inc is often used for code includes which should in general not be part
902			# of the document-root
903			url.access-deny = ( "~", ".inc" )
904
905
906			######### Options that are good to be but not neccesary to be changed #######
907
908			## bind to port (default: 80)
909	28cae949	Scott Ullrich	server.port = {$lighty_port}
910	a632cf43	Scott Ullrich
911			## error-handler for status 404
912			#server.error-handler-404 = "/error-handler.html"
913			#server.error-handler-404 = "/error-handler.php"
914
915			## to help the rc.scripts
916			server.pid-file = "/var/run/{$pid_file}"
917
918			## virtual directory listings
919	28cae949	Scott Ullrich	server.dir-listing = "disable"
920	a632cf43	Scott Ullrich
921			## enable debugging
922	28cae949	Scott Ullrich	debug.log-request-header = "disable"
923			debug.log-response-header = "disable"
924			debug.log-request-handling = "disable"
925			debug.log-file-not-found = "disable"
926	a632cf43	Scott Ullrich
927	3306a341	Scott Ullrich	{$server_upload_dirs}
928	1ef7b568	Scott Ullrich
929	a6e8af9c	Scott Ullrich	{$server_max_request_size}
930	ee959dc4	Scott Ullrich
931	4edb490d	Scott Ullrich	{$fastcgi_config}
932
933			{$cgi_config}
934	a632cf43	Scott Ullrich
935	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
936
937	569f47e9	Scott Ullrich	# Turn on Lighty caching directives
938			compress.cache-dir = "/tmp/"
939			compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css")
940
941			expire.url = (
942	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
943	569f47e9	Scott Ullrich	)
944
945	a632cf43	Scott Ullrich	EOD;
946
947	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
948	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
949	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
950	7aae518a	Scott Ullrich
951			$cert = str_replace("\n\n", "\n", $cert);
952	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
953	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
954	7aae518a	Scott Ullrich
955	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
956	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
957	5b237745	Scott Ullrich	if (!$fd) {
958			printf("Error: cannot open cert.pem in system_webgui_start().\n");
959			return 1;
960			}
961	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
962	5b237745	Scott Ullrich	fwrite($fd, $cert);
963			fwrite($fd, "\n");
964			fwrite($fd, $key);
965			fclose($fd);
966	2cf6ddcb	Nigel Graham	if($ca <> "") {
967			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
968			if (!$fd) {
969			printf("Error: cannot open ca.pem in system_webgui_start().\n");
970			return 1;
971			}
972			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
973			fwrite($fd, $ca);
974			fclose($fd);
975			}
976	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
977	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
978	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
979	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
980	2cf6ddcb	Nigel Graham	if($ca <> "")
981			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
982	5b237745	Scott Ullrich	}
983	0f282d7a	Scott Ullrich
984	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
985	a632cf43	Scott Ullrich	if (!$fd) {
986	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
987	a632cf43	Scott Ullrich	return 1;
988	5b237745	Scott Ullrich	}
989	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
990			fclose($fd);
991
992			return 0;
993	0f282d7a	Scott Ullrich
994	5b237745	Scott Ullrich	}
995
996			function system_timezone_configure() {
997	f19d3b7a	Scott Ullrich	global $config, $g;
998	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
999			$mt = microtime();
1000	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1001	333f8ef0	Scott Ullrich	}
1002	5b237745	Scott Ullrich
1003			$syscfg = $config['system'];
1004
1005			if ($g['booting'])
1006	f05740c1	Scott Ullrich	echo "Setting timezone...";
1007	5b237745	Scott Ullrich
1008			/* extract appropriate timezone file */
1009			$timezone = $syscfg['timezone'];
1010			if (!$timezone)
1011			$timezone = "Etc/UTC";
1012	0f282d7a	Scott Ullrich
1013	34febcde	Scott Ullrich	conf_mount_rw();
1014
1015	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1016	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1017
1018	4efd4885	Scott Ullrich	mwexec("sync");
1019	27150275	Scott Ullrich	conf_mount_ro();
1020	34febcde	Scott Ullrich
1021	5b237745	Scott Ullrich	if ($g['booting'])
1022	5c6d0f65	Colin Smith	echo "done.\n";
1023	5b237745	Scott Ullrich	}
1024
1025			function system_ntp_configure() {
1026	f19d3b7a	Scott Ullrich	global $config, $g;
1027	5b237745	Scott Ullrich
1028			$syscfg = $config['system'];
1029
1030	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
1031			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1032			if(!$fd) {
1033	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1034	20b90e0a	Scott Ullrich	return;
1035	5b237745	Scott Ullrich	}
1036
1037	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1038			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1039			fwrite($fd, "# \n\n");
1040	0f282d7a	Scott Ullrich
1041	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1042			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1043			fwrite($fd, "servers {$ts}\n");
1044	0f282d7a	Scott Ullrich
1045	5b6210e3	Bill Marquette	/* Setup listener(s) if the user has configured one */
1046	67ee1ec5	Ermal Luçi	if ($config['installedpackages']['openntpd']) {
1047			/* server config is in coregui1 */
1048	5b6210e3	Bill Marquette	$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1049			if ($xmlsettings['enable'] == 'on') {
1050			$ifaces = explode(',', $xmlsettings['interface']);
1051			$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
1052			$ifaces = array_filter($ifaces, 'does_interface_exist');
1053			$ips = array_map('find_interface_ip', $ifaces);
1054			foreach ($ips as $ip) {
1055	5e041d5f	Scott Ullrich	if (is_ipaddr($ip))
1056	5b6210e3	Bill Marquette	fwrite($fd, "listen on $ip\n");
1057			}
1058	95594e5a	Scott Ullrich	}
1059			}
1060
1061	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1062	0f282d7a	Scott Ullrich
1063	20b90e0a	Scott Ullrich	/* slurp! */
1064			fclose($fd);
1065
1066			/* if openntpd is running, kill it */
1067	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1068	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall ntpd", true);
1069	5f3e1f12	Scott Ullrich	}
1070
1071			/* if /var/empty does not exist, create it */
1072			if(!is_dir("/var/empty"))
1073			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1074
1075	4a40de3c	Scott Ullrich	if($g['booting'])
1076			return;
1077
1078	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1079			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1080	83eb4567	Scott Ullrich
1081			// Note that we are starting up
1082			exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log");
1083	0f282d7a	Scott Ullrich
1084	5b237745	Scott Ullrich	}
1085
1086	652cf082	Seth Mos	function sync_system_time() {
1087			global $config, $g;
1088
1089			$syscfg = $config['system'];
1090
1091			if ($g['booting'])
1092	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1093	652cf082	Seth Mos
1094			/* foreach through servers and write out to ntpd.conf */
1095			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1096			mwexec("/usr/sbin/ntpdate -s $ts");
1097			}
1098	4582b281	Scott Ullrich
1099			if ($g['booting'])
1100			echo "done.\n";
1101
1102	652cf082	Seth Mos	}
1103
1104	405e5de0	Scott Ullrich	function system_halt() {
1105			global $g;
1106
1107			system_reboot_cleanup();
1108
1109	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1110	405e5de0	Scott Ullrich	}
1111
1112	5b237745	Scott Ullrich	function system_reboot() {
1113			global $g;
1114	0f282d7a	Scott Ullrich
1115	5b237745	Scott Ullrich	system_reboot_cleanup();
1116	0f282d7a	Scott Ullrich
1117	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1118			}
1119
1120			function system_reboot_sync() {
1121			global $g;
1122	0f282d7a	Scott Ullrich
1123	5b237745	Scott Ullrich	system_reboot_cleanup();
1124	0f282d7a	Scott Ullrich
1125	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1126			}
1127
1128			function system_reboot_cleanup() {
1129	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1130	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1131	336e3c1c	Charlie	require_once("voucher.inc");
1132			voucher_save_db_to_config();
1133	5b237745	Scott Ullrich	}
1134
1135			function system_do_shell_commands($early = 0) {
1136	f19d3b7a	Scott Ullrich	global $config, $g;
1137	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1138			$mt = microtime();
1139	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1140	58c7450e	Scott Ullrich	}
1141	0f282d7a	Scott Ullrich
1142	5b237745	Scott Ullrich	if ($early)
1143			$cmdn = "earlyshellcmd";
1144			else
1145			$cmdn = "shellcmd";
1146	0f282d7a	Scott Ullrich
1147	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1148	333f8ef0	Scott Ullrich
1149	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1150	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1151			exec($cmd);
1152			}
1153	245388b4	Scott Ullrich
1154			} elseif($config['system'][$cmdn] <> "") {
1155	333f8ef0	Scott Ullrich
1156	245388b4	Scott Ullrich	/* execute single item */
1157			exec($config['system'][$cmdn]);
1158
1159	5b237745	Scott Ullrich	}
1160			}
1161
1162			function system_console_configure() {
1163	f19d3b7a	Scott Ullrich	global $config, $g;
1164	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1165			$mt = microtime();
1166	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1167	333f8ef0	Scott Ullrich	}
1168	0f282d7a	Scott Ullrich
1169	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1170			touch("{$g['varetc_path']}/disableconsole");
1171			} else {
1172			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1173			}
1174			}
1175
1176			function system_dmesg_save() {
1177	f19d3b7a	Scott Ullrich	global $g;
1178	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1179			$mt = microtime();
1180	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1181	f19d3b7a	Scott Ullrich	}
1182	0f282d7a	Scott Ullrich
1183	767a716e	Scott Ullrich	$dmesg = "";
1184	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1185	0f282d7a	Scott Ullrich
1186	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1187			$lastcpline = 0;
1188	0f282d7a	Scott Ullrich
1189	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1190			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1191			$lastcpline = $i;
1192			}
1193	0f282d7a	Scott Ullrich
1194	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1195			if (!$fd) {
1196			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1197			return 1;
1198			}
1199	0f282d7a	Scott Ullrich
1200	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1201			fwrite($fd, $dmesg[$i] . "\n");
1202	0f282d7a	Scott Ullrich
1203	5b237745	Scott Ullrich	fclose($fd);
1204	0f282d7a	Scott Ullrich
1205	5b237745	Scott Ullrich	return 0;
1206			}
1207
1208			function system_set_harddisk_standby() {
1209	f19d3b7a	Scott Ullrich	global $g, $config;
1210	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1211			$mt = microtime();
1212	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1213	58c7450e	Scott Ullrich	}
1214	5b237745	Scott Ullrich
1215			if (isset($config['system']['harddiskstandby'])) {
1216			if ($g['booting']) {
1217	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1218	5b237745	Scott Ullrich	}
1219
1220			$standby = $config['system']['harddiskstandby'];
1221			// Check for a numeric value
1222			if (is_numeric($standby)) {
1223			// Sync the disk(s)
1224			mwexec('/bin/sync');
1225			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1226			// Reinitialize ATA-drives
1227			mwexec('/usr/local/sbin/atareinit');
1228			if ($g['booting']) {
1229	5c6d0f65	Colin Smith	echo "done.\n";
1230	5b237745	Scott Ullrich	}
1231			} else if ($g['booting']) {
1232	5c6d0f65	Colin Smith	echo "failed!\n";
1233	5b237745	Scott Ullrich	}
1234			} else if ($g['booting']) {
1235	5c6d0f65	Colin Smith	echo "failed!\n";
1236	5b237745	Scott Ullrich	}
1237			}
1238			}
1239
1240	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1241	f19d3b7a	Scott Ullrich	global $config;
1242	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1243			$mt = microtime();
1244	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1245	58c7450e	Scott Ullrich	}
1246	243aa7b9	Scott Ullrich
1247	6df9d7e3	Scott Ullrich	activate_sysctls();
1248
1249	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1250			system_disable_arp_wrong_if();
1251			}
1252			}
1253
1254			function system_disable_arp_wrong_if() {
1255	f19d3b7a	Scott Ullrich	global $config;
1256	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1257			$mt = microtime();
1258	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1259	333f8ef0	Scott Ullrich	}
1260	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1261	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1262	3ff9d424	Scott Ullrich	}
1263
1264	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1265	f19d3b7a	Scott Ullrich	global $config;
1266	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1267			$mt = microtime();
1268	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1269	58c7450e	Scott Ullrich	}
1270	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1271	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1272	243aa7b9	Scott Ullrich	}
1273
1274	a199b93e	Scott Ullrich	function enable_watchdog() {
1275			global $config;
1276	1a479479	Scott Ullrich	return;
1277	a199b93e	Scott Ullrich	$install_watchdog = false;
1278			$supported_watchdogs = array("Geode");
1279			$file = file_get_contents("/var/log/dmesg.boot");
1280			foreach($supported_watchdogs as $sd) {
1281			if(stristr($file, "Geode")) {
1282			$install_watchdog = true;
1283			}
1284			}
1285			if($install_watchdog == true) {
1286	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1287	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1288	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1289	a199b93e	Scott Ullrich	}
1290			}
1291	243aa7b9	Scott Ullrich
1292	523855b0	Scott Ullrich	?>

Project

General

Profile

pfSense