/etc/inc/config.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/config.inc @ 9c98515d

1	5b237745	Scott Ullrich	<?php
2	f5da67d0	Bill Marquette	/***h pfSense/config
3			* NAME
4			* config.inc - Functions to manipulate config.xml
5			* DESCRIPTION
6			* This include contains various config.xml specific functions.
7			* HISTORY
8			* $Id$
9			******
10
11	5b237745	Scott Ullrich	config.inc
12	0e16b9ca	Scott Ullrich	Copyright (C) 2004-2006 Scott Ullrich
13	cfc707f7	Scott Ullrich	All rights reserved.
14	5b237745	Scott Ullrich
15	cfc707f7	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
16	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
17			All rights reserved.
18
19			Redistribution and use in source and binary forms, with or without
20			modification, are permitted provided that the following conditions are met:
21
22			1. Redistributions of source code must retain the above copyright notice,
23			this list of conditions and the following disclaimer.
24
25			2. Redistributions in binary form must reproduce the above copyright
26			notice, this list of conditions and the following disclaimer in the
27			documentation and/or other materials provided with the distribution.
28
29			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
30			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
31			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
32			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
33			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38			POSSIBILITY OF SUCH DAMAGE.
39			*/
40
41	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
42
43	96447b25	Scott Ullrich	/* do not load this file twice. */
44			if($config_inc_loaded == true)
45			return;
46			else
47			$config_inc_loaded = true;
48
49	5b237745	Scott Ullrich	/* include globals/utility/XML parser files */
50			require_once("globals.inc");
51	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
52	5b237745	Scott Ullrich	require_once("util.inc");
53	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
54	5957111e	Scott Ullrich	require_once("pfsense-utils.inc");
55	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
56	5b237745	Scott Ullrich	require_once("xmlparse.inc");
57	5a81a54e	Scott Ullrich	if($g['booting']) echo ".";
58			require_once("services.inc");
59	5b237745	Scott Ullrich
60			/* read platform */
61	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
62	5b237745	Scott Ullrich	if (file_exists("{$g['etc_path']}/platform")) {
63			$g['platform'] = chop(file_get_contents("{$g['etc_path']}/platform"));
64			} else {
65			$g['platform'] = "unknown";
66			}
67
68	727a2b91	Scott Ullrich	/* if /debugging exists, lets set $debugging
69			so we can output more information */
70	1324a93a	Scott Ullrich	if(file_exists("/debugging")) {
71	727a2b91	Scott Ullrich	$debugging = true;
72	1324a93a	Scott Ullrich	$g['debug'] = true;
73			}
74	727a2b91	Scott Ullrich
75	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
76	49ed889c	Scott Ullrich	if(file_exists("/cf/conf/config.xml")) {
77			$config_contents = file_get_contents("/cf/conf/config.xml");
78	0394c816	Scott Ullrich	if(stristr($config_contents, "<m0n0wall>") == true) {
79	87294955	Scott Ullrich	if($g['booting']) echo ".";
80	49ed889c	Scott Ullrich	/* user has just upgraded to m0n0wall, replace root xml tags */
81	5e2a2a1e	Scott Ullrich	log_error("Upgrading m0n0wall configuration to pfSense... ");
82	d9413241	Scott Ullrich	$config_contents = str_replace("m0n0wall","pfsense", $config_contents);
83	d2b70684	Scott Ullrich	if (!config_validate("{$g['conf_path']}/config.xml"))
84	37db27bb	Scott Ullrich	log_error("ERROR! Could not convert m0n0wall -> pfsense in config.xml");
85	9bbf0b4e	Scott Ullrich	conf_mount_rw();
86	49ed889c	Scott Ullrich	$fd = fopen("/cf/conf/config.xml", "w");
87			fwrite($fd, $config_contents);
88			fclose($fd);
89	4efd4885	Scott Ullrich	mwexec("sync");
90	37db27bb	Scott Ullrich	conf_mount_ro();
91	49ed889c	Scott Ullrich	}
92	e9208daf	Scott Ullrich	}
93	727a2b91	Scott Ullrich
94	6e8c1d1c	Scott Ullrich	/* if our config file exists bail out, we're already set. */
95			if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) {
96	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
97	5b237745	Scott Ullrich	/* find the device where config.xml resides and write out an fstab */
98			unset($cfgdevice);
99	87294955	Scott Ullrich	if($g['booting']) echo ".";
100	5b237745	Scott Ullrich	/* check if there's already an fstab (NFS booting?) */
101			if (!file_exists("{$g['etc_path']}/fstab")) {
102	87294955	Scott Ullrich	if($g['booting']) echo ".";
103	5b237745	Scott Ullrich	if (strstr($g['platform'], "cdrom")) {
104			/* config is on floppy disk for CD-ROM version */
105			$cfgdevice = $cfgpartition = "fd0";
106	e76de94e	Scott Ullrich	$dmesg = `dmesg -a`;
107	da9de371	Scott Ullrich	if(ereg("da0", $dmesg) == true) {
108	e76de94e	Scott Ullrich	$cfgdevice = $cfgpartition = "da0" ;
109	da9de371	Scott Ullrich	if (mwexec("/sbin/mount -r /dev/{$cfgdevice} /cf")) {
110	e76de94e	Scott Ullrich	/* could not mount, fallback to floppy */
111			$cfgdevice = $cfgpartition = "fd0";
112			}
113			}
114	5b237745	Scott Ullrich	$cfgfstype = "msdos";
115	c3cbc094	Scott Ullrich	echo "CDROM build\n";
116			echo " CFG: {$cfgpartition}\n";
117			echo " TYPE: {$cfgfstype}\n";
118	5b237745	Scott Ullrich	} else {
119	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
120	5b237745	Scott Ullrich	/* probe kernel known disks until we find one with config.xml */
121			$disks = explode(" ", trim(preg_replace("/kern.disks: /", "", exec("/sbin/sysctl kern.disks"))));
122			foreach ($disks as $mountdisk) {
123			/* skip mfs mounted filesystems */
124			if (strstr($mountdisk, "md"))
125			continue;
126			if (mwexec("/sbin/mount -r /dev/{$mountdisk}a {$g['cf_path']}") == 0) {
127			if (file_exists("{$g['cf_conf_path']}/config.xml")) {
128			/* found it */
129			$cfgdevice = $mountdisk;
130			$cfgpartition = $cfgdevice . "a";
131			$cfgfstype = "ufs";
132			echo "Found configuration on $cfgdevice.\n";
133			}
134
135			mwexec("/sbin/umount -f {$g['cf_path']}");
136
137	655a80eb	Scott Ullrich	if ($cfgdevice)
138			break;
139			}
140			if (mwexec("/sbin/mount -r /dev/{$mountdisk}d {$g['cf_path']}") == 0) {
141	87294955	Scott Ullrich	if($g['booting']) echo ".";
142	655a80eb	Scott Ullrich	if (file_exists("{$g['cf_conf_path']}/config.xml")) {
143			/* found it */
144			$cfgdevice = $mountdisk;
145	4de945fa	Scott Ullrich	$cfgpartition = $cfgdevice . "d";
146	655a80eb	Scott Ullrich	$cfgfstype = "ufs";
147			echo "Found configuration on $cfgdevice.\n";
148			}
149
150			mwexec("/sbin/umount -f {$g['cf_path']}");
151
152	5b237745	Scott Ullrich	if ($cfgdevice)
153			break;
154			}
155			}
156			}
157	1d9652cf	Scott Ullrich	if($g['booting']) echo ".";
158	5b237745	Scott Ullrich	if (!$cfgdevice) {
159	1a23410c	Scott Ullrich	$last_backup = discover_last_backup();
160			if($last_backup) {
161			log_error("No config.xml found, attempting last known config restore.");
162	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
163	1a23410c	Scott Ullrich	restore_backup("/cf/conf/backup/{$last_backup}");
164			} else {
165			/* no device found, print an error and die */
166			echo <<<EOD
167	5b237745	Scott Ullrich
168			*******************************************************************************
169			* FATAL ERROR *
170			* The device that contains the configuration file (config.xml) could not be *
171	36d0358b	Scott Ullrich	* found. {$g['product_name']} cannot continue booting. *
172	5b237745	Scott Ullrich	*******************************************************************************
173
174
175			EOD;
176
177	1a23410c	Scott Ullrich	mwexec("/sbin/halt");
178			exit;
179			}
180	5b237745	Scott Ullrich	}
181
182			/* write device name to a file for rc.firmware */
183			$fd = fopen("{$g['varetc_path']}/cfdevice", "w");
184			fwrite($fd, $cfgdevice . "\n");
185			fclose($fd);
186
187			/* write out an fstab */
188			$fd = fopen("{$g['etc_path']}/fstab", "w");
189
190			$fstab = "/dev/{$cfgpartition} {$g['cf_path']} {$cfgfstype} ro 1 1\n";
191			$fstab .= "proc /proc procfs rw 0 0\n";
192
193			fwrite($fd, $fstab);
194			fclose($fd);
195			}
196	87294955	Scott Ullrich	if($g['booting']) echo ".";
197	5b237745	Scott Ullrich	/* mount all filesystems */
198			mwexec("/sbin/mount -a");
199			}
200
201	f5da67d0	Bill Marquette	/***f config/parse_config
202			* NAME
203			* parse_config - Read in config.cache or config.xml if needed and return $config array
204			* INPUTS
205			* $parse - boolean to force parse_config() to read config.xml and generate config.cache
206			* RESULT
207			* $config - array containing all configuration variables
208			******/
209	781beaaa	Colin Smith	function parse_config($parse = false) {
210	baa7645c	Colin Smith	global $g;
211	1b07cd63	Scott Ullrich	if(filesize("{$g['conf_path']}/config.xml") == 0) {
212			$last_backup = discover_last_backup();
213			if($last_backup) {
214			log_error("No config.xml found, attempting last known config restore.");
215	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
216	1b07cd63	Scott Ullrich	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
217			} else {
218			die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.");
219			}
220			}
221	87294955	Scott Ullrich	if($g['booting']) echo ".";
222	d9e8c3bc	Bill Marquette	config_lock();
223	781beaaa	Colin Smith	if(!$parse) {
224			if(file_exists($g['tmp_path'] . '/config.cache')) {
225			$config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache'));
226	baa7645c	Colin Smith	if(is_null($config)) {
227	d9e8c3bc	Bill Marquette	config_unlock();
228	baa7645c	Colin Smith	parse_config(true);
229			}
230	781beaaa	Colin Smith	} else {
231	d9e8c3bc	Bill Marquette	config_unlock();
232	db9db2a8	Scott Ullrich	if(!file_exists($g['conf_path'] . "/config.xml")) {
233	a0a0c545	Scott Ullrich	log_error("No config.xml found, attempting last known config restore.");
234	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
235	db9db2a8	Scott Ullrich	$last_backup = discover_last_backup();
236			if ($last_backup)
237			restore_backup("/cf/conf/backup/{$last_backup}");
238			else
239	a0a0c545	Scott Ullrich	log_error("Could not restore config.xml.");
240	db9db2a8	Scott Ullrich	}
241	baa7645c	Colin Smith	$config = parse_config(true);
242	781beaaa	Colin Smith	}
243	ffd1b445	Scott Ullrich	} else {
244	63cc5ece	Scott Ullrich	if(!file_exists($g['conf_path'] . "/config.xml")) {
245	87294955	Scott Ullrich	if($g['booting']) echo ".";
246	a0a0c545	Scott Ullrich	log_error("No config.xml found, attempting last known config restore.");
247	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
248	63cc5ece	Scott Ullrich	$last_backup = discover_last_backup();
249			if ($last_backup)
250			restore_backup("/cf/conf/backup/{$last_backup}");
251			else
252	a0a0c545	Scott Ullrich	log_error("Could not restore config.xml.");
253	63cc5ece	Scott Ullrich	}
254	781beaaa	Colin Smith	$config = parse_xml_config($g['conf_path'] . '/config.xml', $g['xml_rootobj']);
255	3e1aaa57	Scott Ullrich	if($config == "-1") {
256			$last_backup = discover_last_backup();
257			if ($last_backup)
258			restore_backup("/cf/conf/backup/{$last_backup}");
259			else
260			log_error(gettext("Could not restore config.xml."));
261			}
262	baa7645c	Colin Smith	generate_config_cache($config);
263	781beaaa	Colin Smith	}
264	87294955	Scott Ullrich	if($g['booting']) echo ".";
265	918a884d	Bill Marquette	alias_make_table($config);
266	d9e8c3bc	Bill Marquette	config_unlock();
267	aa9fd9e6	Scott Ullrich
268			/* override some global configuration parms if they exist
269			* instead of hard coding these checks into the codebase
270	9bbf0b4e	Scott Ullrich	*/
271	aa9fd9e6	Scott Ullrich	if($config['pptp']['n_pptp_units'])
272			$g['n_pptp_units'] = $config['pptp']['n_pptp_units'];
273			if($config['pptp']['pptp_subnet'])
274			$g['pptp_subnet'] = $config['pptp']['pptp_subnet'];
275	9bbf0b4e	Scott Ullrich
276	aa9fd9e6	Scott Ullrich	if($config['pppoe']['n_pppoe_units'])
277			$g['n_pppoe_units'] = $config['pppoe']['n_pppoe_units'];
278			if($config['pppoe']['pppoe_subnet'])
279			$g['pppoe_subnet'] = $config['pppoe']['pppoe_subnet'];
280
281	baa7645c	Colin Smith	return $config;
282	41508358	Scott Ullrich	}
283	5b237745	Scott Ullrich
284	840c97dc	Colin Smith	/***f config/generate_config_cache
285			* NAME
286			* generate_config_cache - Write serialized configuration to cache.
287			* INPUTS
288			* $config - array containing current firewall configuration
289			* RESULT
290			* boolean - true on completion
291			******/
292	baa7645c	Colin Smith	function generate_config_cache($config) {
293			global $g;
294	51db4c34	Scott Ullrich	config_lock();
295	842bf9f1	Scott Ullrich	conf_mount_rw();
296	41508358	Scott Ullrich	$configcache = fopen($g['tmp_path'] . '/config.cache', "w");
297			fwrite($configcache, serialize($config));
298			fclose($configcache);
299	4efd4885	Scott Ullrich	mwexec("sync");
300	842bf9f1	Scott Ullrich	conf_mount_ro();
301	51db4c34	Scott Ullrich	config_unlock();
302	41508358	Scott Ullrich	return true;
303			}
304
305	ed4f9cd6	Scott Ullrich	function discover_last_backup() {
306	10333416	Scott Ullrich	$backups = split("\n", `cd /cf/conf/backup && ls -ltr *.xml \| awk '{print \$9}'`);
307	df78790f	Scott Ullrich	$last_backup = "";
308	ed4f9cd6	Scott Ullrich	foreach($backups as $backup)
309	10333416	Scott Ullrich	if($backup)
310			$last_backup = $backup;
311	ed4f9cd6	Scott Ullrich	return $last_backup;
312			}
313
314			function restore_backup($file) {
315	8008038a	Scott Ullrich	config_lock();
316	ed4f9cd6	Scott Ullrich	if(file_exists($file)) {
317			conf_mount_rw();
318	604eed79	Scott Ullrich	copy("$file","/cf/conf/config.xml");
319	8008038a	Scott Ullrich	unlink_if_exists("/tmp/config.cache");
320	36d0358b	Scott Ullrich	log_error("{$g['product_name']} is restoring the configuration $file");
321			file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "pfSenseConfigurator", "");
322	4efd4885	Scott Ullrich	mwexec("sync");
323	8008038a	Scott Ullrich	conf_mount_ro();
324	ed4f9cd6	Scott Ullrich	}
325	8008038a	Scott Ullrich	config_unlock();
326	ed4f9cd6	Scott Ullrich	}
327
328	840c97dc	Colin Smith	/***f config/parse_config_bootup
329			* NAME
330			* parse_config_bootup - Bootup-specific configuration checks.
331			* RESULT
332			* null
333			******/
334	41508358	Scott Ullrich	function parse_config_bootup() {
335	a8a5bdfc	Scott Ullrich	global $config, $g, $noparseconfig;
336	87294955	Scott Ullrich	if($g['booting']) echo ".";
337	41508358	Scott Ullrich	if (!$noparseconfig) {
338	5b237745	Scott Ullrich	if (!file_exists("{$g['conf_path']}/config.xml")) {
339	41508358	Scott Ullrich	config_lock();
340	5b237745	Scott Ullrich	if ($g['booting']) {
341			if (strstr($g['platform'], "cdrom")) {
342			/* try copying the default config. to the floppy */
343	c3cbc094	Scott Ullrich	echo "Resetting factory defaults...\n";
344	5b237745	Scott Ullrich	reset_factory_defaults();
345	ed4f9cd6	Scott Ullrich	if (file_exists("{$g['conf_path']}/config.xml")) {
346	cfd6d14f	Scott Ullrich	/* do nothing, we have a file. */
347	ed4f9cd6	Scott Ullrich	} else {
348			echo "No XML configuration file found - using factory defaults.\n";
349			echo "Make sure that the configuration floppy disk with the conf/config.xml\n";
350			echo "file is inserted. If it isn't, your configuration changes will be lost\n";
351			echo "on reboot.\n";
352			}
353	5b237745	Scott Ullrich	} else {
354	ed4f9cd6	Scott Ullrich	$last_backup = discover_last_backup();
355			if($last_backup) {
356			log_error("No config.xml found, attempting last known config restore.");
357	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
358	ed4f9cd6	Scott Ullrich	restore_backup("/cf/conf/backup/{$last_backup}");
359			}
360			if(!file_exists("{$g['conf_path']}/config.xml")) {
361	36d0358b	Scott Ullrich	echo "XML configuration file not found. {$g['product_name']} cannot continue booting.\n";
362	ed4f9cd6	Scott Ullrich	mwexec("/sbin/halt");
363			exit;
364			}
365			log_error("Last known config found and restored. Please double check your configuration file for accuracy.");
366	5b95638a	Scott Ullrich	file_notice("config.xml", "Last known config found and restored. Please double check your configuration file for accuracy.", "pfSenseConfigurator", "");
367	5b237745	Scott Ullrich	}
368			} else {
369			config_unlock();
370			exit(0);
371			}
372			}
373	41508358	Scott Ullrich	}
374	be973d8c	Scott Ullrich	if(filesize("{$g['conf_path']}/config.xml") == 0) {
375			$last_backup = discover_last_backup();
376			if($last_backup) {
377			log_error("No config.xml found, attempting last known config restore.");
378	5b95638a	Scott Ullrich	file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
379	be973d8c	Scott Ullrich	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
380			} else {
381			die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.");
382			}
383			}
384	5c6d0f65	Colin Smith	parse_config(true);
385	9bbf0b4e	Scott Ullrich
386	41508358	Scott Ullrich	if ((float)$config['version'] > (float)$g['latest_config']) {
387	5c6d0f65	Colin Smith	echo <<<EOD
388	5b237745	Scott Ullrich
389
390			*******************************************************************************
391			* WARNING! *
392	36d0358b	Scott Ullrich	* The current configuration has been created with a newer version of {$g['product_name']} *
393	5b237745	Scott Ullrich	* than this one! This can lead to serious misbehavior and even security *
394	36d0358b	Scott Ullrich	* holes! You are urged to either upgrade to a newer version of {$g['product_name']} or *
395	5b237745	Scott Ullrich	* revert to the default configuration immediately! *
396			*******************************************************************************
397
398
399			EOD;
400			}
401
402			/* make alias table (for faster lookups) */
403	918a884d	Bill Marquette	alias_make_table($config);
404	d9e8c3bc	Bill Marquette	config_unlock();
405	5b237745	Scott Ullrich	}
406
407	840c97dc	Colin Smith	/***f config/conf_mount_rw
408			* NAME
409			* conf_mount_rw - Mount filesystems read/write.
410			* RESULT
411			* null
412			******/
413	5b237745	Scott Ullrich	/* mount flash card read/write */
414			function conf_mount_rw() {
415			global $g;
416
417	875e24be	Scott Ullrich	/* do not mount on cdrom platform */
418	6f4f5eb3	Scott Ullrich	if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
419	875e24be	Scott Ullrich	return;
420	d5cfa74b	Scott Ullrich
421	1772b830	Scott Ullrich	$status = mwexec("/sbin/mount -u -w {$g['cf_path']}");
422	4fde4ce4	Colin Smith	if($status <> 0) {
423	9bbf0b4e	Scott Ullrich	if($g['booting'])
424			echo "Disk is dirty. Running fsck -y\n";
425	4fde4ce4	Colin Smith	mwexec("/sbin/fsck -y {$g['cf_path']}");
426	1772b830	Scott Ullrich	$status = mwexec("/sbin/mount -u -w {$g['cf_path']}");
427	18859f3b	Scott Ullrich	}
428	14249fda	Scott Ullrich
429	578d4f38	Scott Ullrich	/* if the platform is soekris or wrap or pfSense, lets mount the
430			* compact flash cards root.
431			*/
432	3e52930a	Scott Ullrich	if($g['platform'] == "wrap" or $g['platform'] == "net45xx"
433			or $g['platform'] == "embedded") {
434	1772b830	Scott Ullrich	$status = mwexec("/sbin/mount -u -w /");
435	1ef6e981	Scott Ullrich	/* we could not mount this correctly. kick off fsck */
436	4fde4ce4	Colin Smith	if($status <> 0) {
437	1ef6e981	Scott Ullrich	log_error("File system is dirty. Launching FSCK for /");
438	1772b830	Scott Ullrich	mwexec("/sbin/fsck -y /");
439			$status = mwexec("/sbin/mount -u -w /");
440	1ef6e981	Scott Ullrich	}
441	c8b8a2b7	Scott Ullrich	}
442	5b237745	Scott Ullrich	}
443
444	840c97dc	Colin Smith	/***f config/conf_mount_ro
445	9bbf0b4e	Scott Ullrich	* NAME
446	840c97dc	Colin Smith	* conf_mount_ro - Mount filesystems readonly.
447			* RESULT
448	9bbf0b4e	Scott Ullrich	* null
449	840c97dc	Colin Smith	******/
450	5b237745	Scott Ullrich	function conf_mount_ro() {
451	669e1adb	Bill Marquette	global $g;
452	f699da52	Scott Ullrich
453	81e3bbc7	Scott Ullrich	if($g['booting'] == true)
454			return;
455	9bbf0b4e	Scott Ullrich
456	87294955	Scott Ullrich	/* firmare upgrade in progress */
457			if(file_exists($g['varrun_path'] . "/fwup.enabled"))
458			return;
459
460	81e3bbc7	Scott Ullrich	/* do not umount if generating ssh keys */
461			if(file_exists("/tmp/keys_generating"))
462			return;
463	9bbf0b4e	Scott Ullrich
464	1dc67b04	Scott Ullrich	/* do not umount on cdrom or pfSense platforms */
465			if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
466	ac4878f9	Scott Ullrich	return;
467	5b237745	Scott Ullrich
468	1772b830	Scott Ullrich	/* sync data, then force a remount of /cf */
469	1dc67b04	Scott Ullrich	mwexec("/bin/sync");
470	1772b830	Scott Ullrich	mwexec("/sbin/mount -u -r -f {$g['cf_path']}");
471			mwexec("/sbin/mount -u -r -f /");
472	5b237745	Scott Ullrich	}
473
474	840c97dc	Colin Smith	/***f config/convert_config
475	9bbf0b4e	Scott Ullrich	* NAME
476	840c97dc	Colin Smith	* convert_config - Attempt to update config.xml.
477			* DESCRIPTION
478			* convert_config() reads the current global configuration
479			* and attempts to convert it to conform to the latest
480			* config.xml version. This allows major formatting changes
481			* to be made with a minimum of breakage.
482			* RESULT
483	9bbf0b4e	Scott Ullrich	* null
484	840c97dc	Colin Smith	******/
485	5b237745	Scott Ullrich	/* convert configuration, if necessary */
486			function convert_config() {
487	669e1adb	Bill Marquette	global $config, $g;
488	5b237745	Scott Ullrich
489	232c07a7	Scott Ullrich	/* special case upgrades */
490			/* fix every minute crontab bogons entry */
491			$cron_item_count = count($config['cron']['item']);
492			for($x=0; $x<$cron_item_count; $x++) {
493	64f4155b	Scott Ullrich	if(stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
494			if($config['cron']['item'][$x]['hour'] == "*" ) {
495	2672d65d	Scott Ullrich	$config['cron']['item'][$x]['hour'] = "3";
496			write_config("Updated bogon update frequency to 3am");
497			log_error("Updated bogon update frequency to 3am");
498	64f4155b	Scott Ullrich	}
499			}
500	232c07a7	Scott Ullrich	}
501	5b237745	Scott Ullrich	if ($config['version'] == $g['latest_config'])
502			return; /* already at latest version */
503
504	d05dff82	Bill Marquette	// Save off config version
505			$prev_version = $config['version'];
506
507	5b237745	Scott Ullrich	/* convert 1.0 -> 1.1 */
508	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.0) {
509	5b237745	Scott Ullrich	$opti = 1;
510			$ifmap = array('lan' => 'lan', 'wan' => 'wan', 'pptp' => 'pptp');
511
512			/* convert DMZ to optional, if necessary */
513			if (isset($config['interfaces']['dmz'])) {
514
515			$dmzcfg = &$config['interfaces']['dmz'];
516
517			if ($dmzcfg['if']) {
518			$config['interfaces']['opt' . $opti] = array();
519			$optcfg = &$config['interfaces']['opt' . $opti];
520
521			$optcfg['enable'] = $dmzcfg['enable'];
522			$optcfg['descr'] = "DMZ";
523			$optcfg['if'] = $dmzcfg['if'];
524			$optcfg['ipaddr'] = $dmzcfg['ipaddr'];
525			$optcfg['subnet'] = $dmzcfg['subnet'];
526
527			$ifmap['dmz'] = "opt" . $opti;
528			$opti++;
529			}
530
531			unset($config['interfaces']['dmz']);
532			}
533
534			/* convert WLAN1/2 to optional, if necessary */
535			for ($i = 1; isset($config['interfaces']['wlan' . $i]); $i++) {
536
537			if (!$config['interfaces']['wlan' . $i]['if']) {
538			unset($config['interfaces']['wlan' . $i]);
539			continue;
540			}
541
542			$wlancfg = &$config['interfaces']['wlan' . $i];
543			$config['interfaces']['opt' . $opti] = array();
544			$optcfg = &$config['interfaces']['opt' . $opti];
545
546			$optcfg['enable'] = $wlancfg['enable'];
547			$optcfg['descr'] = "WLAN" . $i;
548			$optcfg['if'] = $wlancfg['if'];
549			$optcfg['ipaddr'] = $wlancfg['ipaddr'];
550			$optcfg['subnet'] = $wlancfg['subnet'];
551			$optcfg['bridge'] = $wlancfg['bridge'];
552
553			$optcfg['wireless'] = array();
554			$optcfg['wireless']['mode'] = $wlancfg['mode'];
555			$optcfg['wireless']['ssid'] = $wlancfg['ssid'];
556			$optcfg['wireless']['channel'] = $wlancfg['channel'];
557			$optcfg['wireless']['wep'] = $wlancfg['wep'];
558
559			$ifmap['wlan' . $i] = "opt" . $opti;
560
561			unset($config['interfaces']['wlan' . $i]);
562			$opti++;
563			}
564
565			/* convert filter rules */
566			$n = count($config['filter']['rule']);
567			for ($i = 0; $i < $n; $i++) {
568
569			$fr = &$config['filter']['rule'][$i];
570
571			/* remap interface */
572			if (array_key_exists($fr['interface'], $ifmap))
573			$fr['interface'] = $ifmap[$fr['interface']];
574			else {
575			/* remove the rule */
576			echo "\nWarning: filter rule removed " .
577			"(interface '{$fr['interface']}' does not exist anymore).";
578			unset($config['filter']['rule'][$i]);
579			continue;
580			}
581
582			/* remap source network */
583			if (isset($fr['source']['network'])) {
584			if (array_key_exists($fr['source']['network'], $ifmap))
585			$fr['source']['network'] = $ifmap[$fr['source']['network']];
586			else {
587			/* remove the rule */
588			echo "\nWarning: filter rule removed " .
589			"(source network '{$fr['source']['network']}' does not exist anymore).";
590			unset($config['filter']['rule'][$i]);
591			continue;
592			}
593			}
594
595			/* remap destination network */
596			if (isset($fr['destination']['network'])) {
597			if (array_key_exists($fr['destination']['network'], $ifmap))
598			$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
599			else {
600			/* remove the rule */
601			echo "\nWarning: filter rule removed " .
602			"(destination network '{$fr['destination']['network']}' does not exist anymore).";
603			unset($config['filter']['rule'][$i]);
604			continue;
605			}
606			}
607			}
608
609			/* convert shaper rules */
610			$n = count($config['pfqueueing']['rule']);
611			if (is_array($config['pfqueueing']['rule']))
612			for ($i = 0; $i < $n; $i++) {
613
614			$fr = &$config['pfqueueing']['rule'][$i];
615
616			/* remap interface */
617			if (array_key_exists($fr['interface'], $ifmap))
618			$fr['interface'] = $ifmap[$fr['interface']];
619			else {
620			/* remove the rule */
621			echo "\nWarning: traffic shaper rule removed " .
622			"(interface '{$fr['interface']}' does not exist anymore).";
623			unset($config['pfqueueing']['rule'][$i]);
624			continue;
625			}
626
627			/* remap source network */
628			if (isset($fr['source']['network'])) {
629			if (array_key_exists($fr['source']['network'], $ifmap))
630			$fr['source']['network'] = $ifmap[$fr['source']['network']];
631			else {
632			/* remove the rule */
633			echo "\nWarning: traffic shaper rule removed " .
634			"(source network '{$fr['source']['network']}' does not exist anymore).";
635			unset($config['pfqueueing']['rule'][$i]);
636			continue;
637			}
638			}
639
640			/* remap destination network */
641			if (isset($fr['destination']['network'])) {
642			if (array_key_exists($fr['destination']['network'], $ifmap))
643			$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
644			else {
645			/* remove the rule */
646			echo "\nWarning: traffic shaper rule removed " .
647			"(destination network '{$fr['destination']['network']}' does not exist anymore).";
648			unset($config['pfqueueing']['rule'][$i]);
649			continue;
650			}
651			}
652			}
653
654			$config['version'] = "1.1";
655			}
656
657			/* convert 1.1 -> 1.2 */
658	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.1) {
659	5b237745	Scott Ullrich	/* move LAN DHCP server config */
660			$tmp = $config['dhcpd'];
661			$config['dhcpd'] = array();
662			$config['dhcpd']['lan'] = $tmp;
663
664			/* encrypt password */
665			$config['system']['password'] = crypt($config['system']['password']);
666
667			$config['version'] = "1.2";
668			}
669
670			/* convert 1.2 -> 1.3 */
671	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.2) {
672	5b237745	Scott Ullrich	/* convert advanced outbound NAT config */
673			for ($i = 0; isset($config['nat']['advancedoutbound']['rule'][$i]); $i++) {
674			$curent = &$config['nat']['advancedoutbound']['rule'][$i];
675			$src = $curent['source'];
676			$curent['source'] = array();
677			$curent['source']['network'] = $src;
678			$curent['destination'] = array();
679			$curent['destination']['any'] = true;
680			}
681
682			/* add an explicit type="pass" to all filter rules to make things consistent */
683			for ($i = 0; isset($config['filter']['rule'][$i]); $i++) {
684			$config['filter']['rule'][$i]['type'] = "pass";
685			}
686
687			$config['version'] = "1.3";
688			}
689
690			/* convert 1.3 -> 1.4 */
691	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.3) {
692	5b237745	Scott Ullrich	/* convert shaper rules (make pipes) */
693			if (is_array($config['pfqueueing']['rule'])) {
694			$config['pfqueueing']['pipe'] = array();
695
696			for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) {
697			$curent = &$config['pfqueueing']['rule'][$i];
698
699			/* make new pipe and associate with this rule */
700			$newpipe = array();
701			$newpipe['descr'] = $curent['descr'];
702			$newpipe['bandwidth'] = $curent['bandwidth'];
703			$newpipe['delay'] = $curent['delay'];
704			$newpipe['mask'] = $curent['mask'];
705			$config['pfqueueing']['pipe'][$i] = $newpipe;
706
707			$curent['targetpipe'] = $i;
708
709			unset($curent['bandwidth']);
710			unset($curent['delay']);
711			unset($curent['mask']);
712			}
713			}
714
715			$config['version'] = "1.4";
716			}
717
718	88f66e13	Bill Marquette	/* Convert 1.4 -> 1.5 */
719	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.4) {
720	88f66e13	Bill Marquette
721			/* Default route moved */
722			if (isset($config['interfaces']['wan']['gateway']))
723			if ($config['interfaces']['wan']['gateway'] <> "")
724	588a183b	Scott Ullrich	$config['interfaces']['wan']['gateway'] = $config['interfaces']['wan']['gateway'];
725	88f66e13	Bill Marquette	unset($config['interfaces']['wan']['gateway']);
726
727			/* Queues are no longer interface specific */
728			if (isset($config['interfaces']['lan']['schedulertype']))
729			unset($config['interfaces']['lan']['schedulertype']);
730			if (isset($config['interfaces']['wan']['schedulertype']))
731			unset($config['interfaces']['wan']['schedulertype']);
732
733			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
734			if(isset($config['interfaces']['opt' . $i]['schedulertype']))
735			unset($config['interfaces']['opt' . $i]['schedulertype']);
736			}
737
738			$config['version'] = "1.5";
739			}
740
741	45cb953d	Colin Smith	/* Convert 1.5 -> 1.6 */
742	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.5) {
743	208c4390	Colin Smith	/* Alternate firmware URL moved */
744			if (isset($config['system']['firmwareurl']) && isset($config['system']['firmwarename'])) { // Only convert if both are defined.
745			$config['system']['alt_firmware_url'] = array();
746			$config['system']['alt_firmware_url']['enabled'] = "";
747			$config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl'];
748			$config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename'];
749			unset($config['system']['firmwareurl'], $config['system']['firmwarename']);
750			} else {
751			unset($config['system']['firmwareurl'], $config['system']['firmwarename']);
752			}
753	45cb953d	Colin Smith
754	208c4390	Colin Smith	$config['version'] = "1.6";
755			}
756	9bbf0b4e	Scott Ullrich
757	7756e2b7	Scott Ullrich	/* Convert 1.6 -> 1.7 */
758	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.6) {
759	7756e2b7	Scott Ullrich	/* wipe previous shaper configuration */
760			unset($config['shaper']['queue']);
761			unset($config['shaper']['rule']);
762			unset($config['interfaces']['wan']['bandwidth']);
763			unset($config['interfaces']['wan']['bandwidthtype']);
764			unset($config['interfaces']['lan']['bandwidth']);
765	9bbf0b4e	Scott Ullrich	unset($config['interfaces']['lan']['bandwidthtype']);
766	7756e2b7	Scott Ullrich	$config['shaper']['enable'] = FALSE;
767	9bbf0b4e	Scott Ullrich	$config['version'] = "1.7";
768	7756e2b7	Scott Ullrich	}
769	1425e067	Bill Marquette	/* Convert 1.7 -> 1.8 */
770	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.7) {
771	1425e067	Bill Marquette	if(isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) {
772			$proxyarp = &$config['proxyarp']['proxyarpnet'];
773			foreach($proxyarp as $arpent){
774			$vip = array();
775			$vip['mode'] = "proxyarp";
776			$vip['interface'] = $arpent['interface'];
777			$vip['descr'] = $arpent['descr'];
778			if (isset($arpent['range'])) {
779			$vip['range'] = $arpent['range'];
780			$vip['type'] = "range";
781			} else {
782			$subnet = explode('/', $arpent['network']);
783			$vip['subnet'] = $subnet[0];
784			if (isset($subnet[1])) {
785			$vip['subnet_bits'] = $subnet[1];
786			$vip['type'] = "network";
787			} else {
788			$vip['subnet_bits'] = "32";
789			$vip['type'] = "single";
790			}
791			}
792			$config['virtualip']['vip'][] = $vip;
793			}
794			unset($config['proxyarp']);
795			}
796			if(isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) {
797			$carp = &$config['installedpackages']['carp']['config'];
798			foreach($carp as $carpent){
799			$vip = array();
800			$vip['mode'] = "carp";
801			$vip['interface'] = "AUTO";
802			$vip['descr'] = "CARP vhid {$carpent['vhid']}";
803			$vip['type'] = "single";
804			$vip['vhid'] = $carpent['vhid'];
805			$vip['advskew'] = $carpent['advskew'];
806			$vip['password'] = $carpent['password'];
807			$vip['subnet'] = $carpent['ipaddress'];
808	c153d430	Bill Marquette	$vip['subnet_bits'] = $carpent['netmask'];
809	1425e067	Bill Marquette	$config['virtualip']['vip'][] = $vip;
810			}
811			unset($config['installedpackages']['carp']);
812			}
813	e82f32ef	Bill Marquette	/* Server NAT is no longer needed */
814			unset($config['nat']['servernat']);
815	9bbf0b4e	Scott Ullrich
816	e4662fc5	Scott Ullrich	/* enable SSH */
817			if ($config['version'] == "1.8") {
818			$config['system']['sshenabled'] = true;
819			}
820	9bbf0b4e	Scott Ullrich
821	e4662fc5	Scott Ullrich	$config['version'] = "1.9";
822	1425e067	Bill Marquette	}
823	e42cac89	Scott Ullrich
824			/* Convert 1.8 -> 1.9 */
825	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.8) {
826	e42cac89	Scott Ullrich	$config['theme']="metallic";
827			$config['version'] = "1.9";
828			}
829	1a82cbcb	Bill Marquette	/* Convert 1.9 -> 2.0 */
830	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 1.9) {
831	faee6cd6	Bill Marquette	if(is_array($config['ipsec']['tunnel'])) {
832			reset($config['ipsec']['tunnel']);
833	0e8f4e7b	Bill Marquette	while (list($index, $tunnel) = each($config['ipsec']['tunnel'])) {
834	faee6cd6	Bill Marquette	/* Sanity check on required variables */
835			/* This fixes bogus <tunnel> entries - remnant of bug #393 */
836			if (!isset($tunnel['local-subnet']) && !isset($tunnel['remote-subnet'])) {
837			unset($config['ipsec']['tunnel'][$tunnel]);
838			}
839			}
840			}
841	6823bfb6	Scott Ullrich	$config['version'] = "2.0";
842	faee6cd6	Bill Marquette	}
843	0f20c092	Bill Marquette	/* Convert 2.0 -> 2.1 */
844	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 2.0) {
845	0f20c092	Bill Marquette	/* shaper scheduler moved */
846			if(isset($config['system']['schedulertype'])) {
847			$config['shaper']['schedulertype'] = $config['system']['schedulertype'];
848			unset($config['system']['schedulertype']);
849			}
850			$config['version'] = "2.1";
851			}
852	1325678b	Scott Ullrich	/* Convert 2.1 -> 2.2 */
853	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 2.1) {
854	1325678b	Scott Ullrich	/* move gateway to wan interface */
855			$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
856			$config['version'] = "2.2";
857			}
858	e295675f	Scott Ullrich	/* Convert 2.2 -> 2.3 */
859	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 2.2) {
860	e295675f	Scott Ullrich	if(isset($config['shaper'])) {
861			/* wipe previous shaper configuration */
862			unset($config['shaper']);
863			}
864			$config['version'] = "2.3";
865			}
866	45cb953d	Colin Smith
867	f9ba50da	Seth Mos	/* Convert 2.4 -> 2.5 */
868	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 2.4) {
869	f9ba50da	Seth Mos	$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
870			unset($config['system']['use_rrd_gateway']);
871			$config['version'] = "2.5";
872			}
873	5a81a54e	Scott Ullrich
874	78730e65	Daniel Stefan Haischt	/* Convert 2.5 -> 2.6 */
875	1d2e463d	Daniel Stefan Haischt	if ($config['version'] <= 2.5) {
876	78730e65	Daniel Stefan Haischt	$cron_item = array();
877			$cron_item['minute'] = "0";
878			$cron_item['hour'] = "*";
879			$cron_item['mday'] = "*";
880			$cron_item['month'] = "*";
881			$cron_item['wday'] = "*";
882			$cron_item['who'] = "root";
883			$cron_item['command'] = "/usr/bin/nice -n20 newsyslog";
884	5a81a54e	Scott Ullrich
885	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
886	5a81a54e	Scott Ullrich
887	78730e65	Daniel Stefan Haischt	$cron_item = array();
888			$cron_item['minute'] = "1,31";
889			$cron_item['hour'] = "0-5";
890			$cron_item['mday'] = "*";
891			$cron_item['month'] = "*";
892			$cron_item['wday'] = "*";
893			$cron_item['who'] = "root";
894			$cron_item['command'] = "/usr/bin/nice -n20 adjkerntz -a";
895	5a81a54e	Scott Ullrich
896	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
897	5a81a54e	Scott Ullrich
898	78730e65	Daniel Stefan Haischt	$cron_item = array();
899			$cron_item['minute'] = "1";
900			$cron_item['hour'] = "*";
901			$cron_item['mday'] = "1";
902			$cron_item['month'] = "*";
903			$cron_item['wday'] = "*";
904			$cron_item['who'] = "root";
905			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_bogons.sh";
906	5a81a54e	Scott Ullrich
907	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
908	5a81a54e	Scott Ullrich
909	78730e65	Daniel Stefan Haischt	$cron_item = array();
910			$cron_item['minute'] = "*/60";
911			$cron_item['hour'] = "*";
912			$cron_item['mday'] = "*";
913			$cron_item['month'] = "*";
914			$cron_item['wday'] = "*";
915			$cron_item['who'] = "root";
916			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout";
917	5a81a54e	Scott Ullrich
918	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
919	5a81a54e	Scott Ullrich
920	78730e65	Daniel Stefan Haischt	$cron_item = array();
921			$cron_item['minute'] = "1";
922			$cron_item['hour'] = "1";
923			$cron_item['mday'] = "*";
924			$cron_item['month'] = "*";
925			$cron_item['wday'] = "*";
926			$cron_item['who'] = "root";
927			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update";
928	5a81a54e	Scott Ullrich
929	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
930	5a81a54e	Scott Ullrich
931	78730e65	Daniel Stefan Haischt	$cron_item = array();
932			$cron_item['minute'] = "*/60";
933			$cron_item['hour'] = "*";
934			$cron_item['mday'] = "*";
935			$cron_item['month'] = "*";
936			$cron_item['wday'] = "*";
937			$cron_item['who'] = "root";
938			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot";
939	5a81a54e	Scott Ullrich
940	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
941	5a81a54e	Scott Ullrich
942	78730e65	Daniel Stefan Haischt	$cron_item = array();
943			$cron_item['minute'] = "*/60";
944			$cron_item['hour'] = "*";
945			$cron_item['mday'] = "*";
946			$cron_item['month'] = "*";
947			$cron_item['wday'] = "*";
948			$cron_item['who'] = "root";
949			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c";
950	5a81a54e	Scott Ullrich
951	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
952	5a81a54e	Scott Ullrich
953	78730e65	Daniel Stefan Haischt	$cron_item = array();
954			$cron_item['minute'] = "*/5";
955			$cron_item['hour'] = "*";
956			$cron_item['mday'] = "*";
957			$cron_item['month'] = "*";
958			$cron_item['wday'] = "*";
959			$cron_item['who'] = "root";
960			$cron_item['command'] = "/usr/local/bin/checkreload.sh";
961	5a81a54e	Scott Ullrich
962	78730e65	Daniel Stefan Haischt	$config['cron']['item'][] = $cron_item;
963	7ef750ea	Daniel Stefan Haischt
964			/* write crontab entries to file */
965			configure_cron();
966	5a81a54e	Scott Ullrich
967	78730e65	Daniel Stefan Haischt	$config['version'] = "2.6";
968			}
969	f9ba50da	Seth Mos
970	e8c46ab7	Scott Ullrich	/* Convert 2.6 -> 2.7 */
971	c11bd851	Scott Ullrich	if ($config['version'] <= 2.6) {
972			$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
973			unset($config['system']['use_rrd_gateway']);
974			$config['version'] = "2.7";
975			}
976
977			/* Convert 2.7 -> 2.8 */
978	3d588570	Scott Ullrich	if ($config['version'] <= 2.7) {
979			$founditem = false;
980			foreach($config['cron']['item'] as $cronitem) {
981			if($cronitem['command'] == "/usr/local/bin/checkreload.sh")
982			$founditem = true;
983			}
984			if($founditem == false) {
985			$cron_item = array();
986			$cron_item['minute'] = "*/5";
987			$cron_item['hour'] = "*";
988			$cron_item['mday'] = "*";
989			$cron_item['month'] = "*";
990			$cron_item['wday'] = "*";
991			$cron_item['who'] = "root";
992			$cron_item['command'] = "/usr/local/bin/checkreload.sh";
993	fd416a10	Scott Ullrich	$config['cron']['item'][] = $cron_item;
994	3d588570	Scott Ullrich	}
995			$config['version'] = "2.8";
996			}
997
998	c11bd851	Scott Ullrich	/* Convert 2.8 -> 2.9 */
999	18576b93	Scott Ullrich	if ($config['version'] <= 2.8) {
1000	fd416a10	Scott Ullrich	$rule_item = array();
1001	ef5100e2	Scott Ullrich	$a_filter = &$config['filter']['rule'];
1002	4f135ed3	Scott Ullrich	$rule_item['interface'] = "enc0";
1003	fd416a10	Scott Ullrich	$rule_item['type'] = "pass";
1004	4f135ed3	Scott Ullrich	$rule_item['source']['any'] = true;
1005			$rule_item['destination']['any'] = true;
1006	5fc2f163	Chris Buechler	$rule_item['descr'] = "Permit IPsec traffic.";
1007	4f135ed3	Scott Ullrich	$rule_item['statetype'] = "keep state";
1008	ef5100e2	Scott Ullrich	$a_filter[] = $rule_item;
1009	f876cdc6	Scott Ullrich	$config['version'] = "2.9";
1010	fd416a10	Scott Ullrich	}
1011
1012	b0e2fb10	Seth Mos	/* Convert 2.9 -> 3.0 */
1013			if ($config['version'] <= 2.9) {
1014			/* enable the rrd config setting by default */
1015			$config['rrd']['enable'] = true;
1016			$config['version'] = "3.0";
1017			}
1018
1019			/* Convert 3.0 -> 4.0 */
1020	69487053	Seth Mos	if ($config['version'] <= 3.9) {
1021	fab7ff44	Bill Marquette	$config['system']['webgui']['auth_method'] = "session";
1022			$config['system']['webgui']['backing_method'] = "htpasswd";
1023
1024			if (isset ($config['system']['username'])) {
1025			$config['system']['group'] = array();
1026			$config['system']['group'][0]['name'] = "admins";
1027			$config['system']['group'][0]['description'] = "System Administrators";
1028			$config['system']['group'][0]['scope'] = "system";
1029			$config['system']['group'][0]['pages'] = "ANY";
1030			$config['system']['group'][0]['home'] = "index.php";
1031			$config['system']['group'][0]['gid'] = "110";
1032
1033			$config['system']['user'] = array();
1034			$config['system']['user'][0]['name'] = "{$config['system']['username']}";
1035			$config['system']['user'][0]['fullname'] = "System Administrator";
1036			$config['system']['user'][0]['scope'] = "system";
1037			$config['system']['user'][0]['groupname'] = "admins";
1038			$config['system']['user'][0]['password'] = "{$config['system']['password']}";
1039			$config['system']['user'][0]['uid'] = "0";
1040
1041			$config['system']['user'][0]['priv'] = array();
1042			$config['system']['user'][0]['priv'][0]['id'] = "lockwc";
1043			$config['system']['user'][0]['priv'][0]['name'] = "Lock webConfigurator";
1044			$config['system']['user'][0]['priv'][0]['descr'] = "Indicates whether this user will lock access to the webConfigurator for other users.";
1045			$config['system']['user'][0]['priv'][1]['id'] = "lock-ipages";
1046			$config['system']['user'][0]['priv'][1]['name'] = "Lock individual pages";
1047	4d8bf8ca	Bill Marquette	$config['system']['user'][0]['priv'][1]['descr'] = "Indicates whether this user will lock individual HTML pages after having accessed a particular page (the lock will be freed if the user leaves or saves the page form).";
1048	fab7ff44	Bill Marquette	$config['system']['user'][0]['priv'][2]['id'] = "hasshell";
1049			$config['system']['user'][0]['priv'][2]['name'] = "Has shell access";
1050			$config['system']['user'][0]['priv'][2]['descr'] = "Indicates whether this user is able to login for example via SSH.";
1051			$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
1052			$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
1053			$config['system']['user'][0]['priv'][3]['descr'] = "Indicates whether this user is allowed to copy files onto the {$g['product_name']} appliance via SCP/SFTP. If you are going to use this privilege, you must install scponly on the appliance (Hint: pkg_add -r scponly).";
1054			$config['system']['user'][0]['priv'][4]['id'] = "isroot";
1055			$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
1056			$config['system']['user'][0]['priv'][4]['descr'] = "This user is associated with the UNIX root user (you should associate this privilege only with one single user).";
1057
1058			$config['system']['nextuid'] = "111";
1059			$config['system']['nextgid'] = "111";
1060
1061			/* wipe previous auth configuration */
1062			unset ($config['system']['username']);
1063			unset ($config['system']['password']);
1064	e5b987f0	Scott Ullrich
1065	69487053	Seth Mos	$config['version'] = "4.0";
1066	fab7ff44	Bill Marquette	}
1067
1068	2f0c10b3	Scott Ullrich	}
1069
1070	69487053	Seth Mos	/* Convert 4.0 -> 4.1 */
1071			if ($config['version'] <= 4.0) {
1072	2f0c10b3	Scott Ullrich	if(!$config['sysctl']) {
1073
1074	08472116	Scott Ullrich	$config['sysctl']['item'] = array();
1075
1076			$config['sysctl']['item'][0]['tunable'] = "net.inet.tcp.blackhole";
1077			$config['sysctl']['item'][0]['desc'] = "Drop packets to closed TCP ports without returning a RST";
1078			$config['sysctl']['item'][0]['value'] = "2";
1079
1080			$config['sysctl']['item'][1]['tunable'] = "net.inet.udp.blackhole";
1081			$config['sysctl']['item'][1]['desc'] = "Do not send ICMP port unreachable messages for closed UDP ports";
1082			$config['sysctl']['item'][1]['value'] = "1";
1083
1084			$config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id";
1085			$config['sysctl']['item'][2]['desc'] = "Randomize the ID field in IP packets (default is 0: sequential IP IDs)";
1086			$config['sysctl']['item'][2]['value'] = "1";
1087
1088			$config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin";
1089			$config['sysctl']['item'][3]['desc'] = "Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)";
1090			$config['sysctl']['item'][3]['value'] = "1";
1091
1092			$config['sysctl']['item'][4]['tunable'] = "net.inet.ip.redirect";
1093			$config['sysctl']['item'][4]['desc'] = "Disable sending IPv4 redirects";
1094			$config['sysctl']['item'][4]['value'] = "0";
1095
1096			$config['sysctl']['item'][5]['tunable'] = "net.inet6.ip6.redirect";
1097	7ee2fccf	Scott Ullrich	$config['sysctl']['item'][5]['desc'] = "Disable sending IPv6 redirects";
1098	08472116	Scott Ullrich	$config['sysctl']['item'][5]['value'] = "0";
1099
1100			$config['sysctl']['item'][6]['tunable'] = "net.inet.tcp.syncookies";
1101			$config['sysctl']['item'][6]['desc'] = "Generate SYN cookies for outbound SYN-ACK packets";
1102			$config['sysctl']['item'][6]['value'] = "1";
1103
1104			$config['sysctl']['item'][7]['tunable'] = "net.inet.tcp.recvspace";
1105	7ee2fccf	Scott Ullrich	$config['sysctl']['item'][7]['desc'] = "Maximum incoming TCP datagram size";
1106	08472116	Scott Ullrich	$config['sysctl']['item'][7]['value'] = "65228";
1107
1108			$config['sysctl']['item'][8]['tunable'] = "net.inet.tcp.sendspace";
1109	7ee2fccf	Scott Ullrich	$config['sysctl']['item'][8]['desc'] = "Maximum outgoing TCP datagram size";
1110	08472116	Scott Ullrich	$config['sysctl']['item'][8]['value'] = "65228";
1111
1112			$config['sysctl']['item'][9]['tunable'] = "net.inet.ip.fastforwarding";
1113			$config['sysctl']['item'][9]['desc'] = "Fastforwarding (see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html)";
1114			$config['sysctl']['item'][9]['value'] = "1";
1115
1116			$config['sysctl']['item'][10]['tunable'] = "net.inet.tcp.delayed_ack";
1117			$config['sysctl']['item'][10]['desc'] = "Do not delay ACK to try and piggyback it onto a data packet";
1118			$config['sysctl']['item'][10]['value'] = "0";
1119
1120			$config['sysctl']['item'][11]['tunable'] = "net.inet.udp.maxdgram";
1121			$config['sysctl']['item'][11]['desc'] = "Maximum outgoing UDP datagram size";
1122			$config['sysctl']['item'][11]['value'] = "57344";
1123
1124			$config['sysctl']['item'][12]['tunable'] = "net.link.bridge.pfil_onlyip";
1125			$config['sysctl']['item'][12]['desc'] = "Handling of non-IP packets which are not passed to pfil (see if_bridge(4))";
1126			$config['sysctl']['item'][12]['value'] = "0";
1127
1128			$config['sysctl']['item'][13]['tunable'] = "net.link.tap.user_open";
1129			$config['sysctl']['item'][13]['desc'] = "Allow unprivileged access to tap(4) device nodes";
1130			$config['sysctl']['item'][13]['value'] = "1";
1131
1132			$config['sysctl']['item'][14]['tunable'] = "kern.rndtest.verbose";
1133			$config['sysctl']['item'][14]['desc'] = "Verbosity of the rndtest driver (0: do not display results on console)";
1134			$config['sysctl']['item'][14]['value'] = "0";
1135
1136			$config['sysctl']['item'][15]['tunable'] = "kern.randompid";
1137			$config['sysctl']['item'][15]['desc'] = "Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())";
1138			$config['sysctl']['item'][15]['value'] = "347";
1139
1140			$config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.inflight.enable";
1141			$config['sysctl']['item'][16]['desc'] = "The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. ";
1142			$config['sysctl']['item'][16]['value'] = "3";
1143	e5b987f0	Scott Ullrich
1144	69487053	Seth Mos	$config['version'] = "4.1";
1145	08472116	Scott Ullrich	}
1146			}
1147	fab7ff44	Bill Marquette
1148	197bfe96	Ermal Luçi	/* Convert 4.1 -> 4.2 */
1149			if ($config['version'] <= 4.0) {
1150			if (isset($config['shaper']))
1151			unset($config['shaper']);
1152			if (isset($config['ezshaper']))
1153			unset($config['ezshaper']);
1154
1155			$config['version'] = "4.2";
1156			}
1157	d05dff82	Bill Marquette	if ($prev_version != $config['version'])
1158	fc13ca75	Bill Marquette	write_config("Upgraded config version level from {$prev_version} to {$config['version']}");
1159	5b237745	Scott Ullrich	}
1160
1161	840c97dc	Colin Smith	/***f config/write_config
1162			* NAME
1163			* write_config - Backup and write the firewall configuration.
1164			* DESCRIPTION
1165			* write_config() handles backing up the current configuration,
1166			* applying changes, and regenerating the configuration cache.
1167			* INPUTS
1168			* $desc - string containing the a description of configuration changes
1169			* $backup - boolean: do not back up current configuration if false.
1170			* RESULT
1171	9bbf0b4e	Scott Ullrich	* null
1172	840c97dc	Colin Smith	******/
1173	5b237745	Scott Ullrich	/* save the system configuration */
1174	41508358	Scott Ullrich	function write_config($desc="Unknown", $backup = true) {
1175	5b237745	Scott Ullrich	global $config, $g;
1176
1177	5c88e187	Scott Ullrich	if($g['bootup'])
1178			log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml");
1179
1180	9bbf0b4e	Scott Ullrich	if($backup)
1181	cdccfea2	Scott Ullrich	backup_config();
1182	5b237745	Scott Ullrich
1183	41508358	Scott Ullrich	if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */
1184	cdccfea2	Scott Ullrich	$changetime = time();
1185	a331fd27	Colin Smith
1186	9bbf0b4e	Scott Ullrich	/* Log the running script so it's not entirely unlogged what changed */
1187			if ($desc == "Unknown")
1188			$desc = "{$_SERVER['SCRIPT_NAME']} made unknown change";
1189	b638fcfd	Colin Smith
1190	41508358	Scott Ullrich	$config['revision']['description'] = $desc;
1191			$config['revision']['time'] = $changetime;
1192	9bbf0b4e	Scott Ullrich
1193	41508358	Scott Ullrich	config_lock();
1194	5b237745	Scott Ullrich
1195			/* generate configuration XML */
1196			$xmlconfig = dump_xml_config($config, $g['xml_rootobj']);
1197
1198	04daa3c6	Scott Ullrich	conf_mount_rw();
1199
1200	41508358	Scott Ullrich	/* write new configuration */
1201	5b237745	Scott Ullrich	$fd = fopen("{$g['cf_conf_path']}/config.xml", "w");
1202			if (!$fd)
1203	2e523ffe	Bill Marquette	die("Unable to open {$g['cf_conf_path']}/config.xml for writing in write_config()\n");
1204	5b237745	Scott Ullrich	fwrite($fd, $xmlconfig);
1205			fclose($fd);
1206
1207	594c28ce	Scott Ullrich	if($g['platform'] == "embedded") {
1208	889044ca	Scott Ullrich	cleanup_backupcache(5);
1209			} else {
1210			cleanup_backupcache(30);
1211	594c28ce	Scott Ullrich	}
1212
1213	bc89f7d3	Scott Ullrich	if($g['booting'] <> true) {
1214	4efd4885	Scott Ullrich	mwexec("sync");
1215	02facbd0	Scott Ullrich	conf_mount_ro();
1216			}
1217
1218	4fa14081	Scott Ullrich	/* re-read configuration */
1219			$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
1220
1221			/* write config cache */
1222			$fd = @fopen("{$g['tmp_path']}/config.cache", "wb");
1223			if ($fd) {
1224			fwrite($fd, serialize($config));
1225			fclose($fd);
1226			}
1227
1228			/* tell kernel to sync fs data */
1229			mwexec("/bin/sync");
1230
1231	d8f4eede	Scott Ullrich	config_unlock();
1232
1233	917d4a96	Colin Smith	return $config;
1234	5b237745	Scott Ullrich	}
1235
1236	840c97dc	Colin Smith	/***f config/reset_factory_defaults
1237			* NAME
1238			* reset_factory_defaults - Reset the system to its default configuration.
1239			* RESULT
1240			* integer - indicates completion
1241			******/
1242	5b237745	Scott Ullrich	function reset_factory_defaults() {
1243			global $g;
1244
1245			config_lock();
1246			conf_mount_rw();
1247
1248			/* create conf directory, if necessary */
1249	d058b0be	Colin Smith	safe_mkdir("{$g['cf_conf_path']}");
1250	5b237745	Scott Ullrich
1251			/* clear out /conf */
1252			$dh = opendir($g['conf_path']);
1253			while ($filename = readdir($dh)) {
1254			if (($filename != ".") && ($filename != "..")) {
1255	e50b0c5d	Bill Marquette	unlink_if_exists($g['conf_path'] . "/" . $filename);
1256	5b237745	Scott Ullrich	}
1257			}
1258			closedir($dh);
1259
1260			/* copy default configuration */
1261	e50b0c5d	Bill Marquette	copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml");
1262	9bbf0b4e	Scott Ullrich
1263	4973d941	Scott Ullrich	/* call the wizard */
1264	cb21eb7b	Scott Ullrich	touch("/conf/trigger_initial_wizard");
1265	9bbf0b4e	Scott Ullrich
1266	4efd4885	Scott Ullrich	mwexec("sync");
1267	5b237745	Scott Ullrich	conf_mount_ro();
1268			config_unlock();
1269
1270			return 0;
1271			}
1272
1273	41508358	Scott Ullrich	function config_restore($conffile) {
1274	5b237745	Scott Ullrich	global $config, $g;
1275	9bbf0b4e	Scott Ullrich
1276	cdccfea2	Scott Ullrich	if (!file_exists($conffile))
1277			return 1;
1278	9bbf0b4e	Scott Ullrich
1279	cdccfea2	Scott Ullrich	config_lock();
1280	9bbf0b4e	Scott Ullrich	conf_mount_rw();
1281
1282	cdccfea2	Scott Ullrich	backup_config();
1283			copy($conffile, "{$g['cf_conf_path']}/config.xml");
1284	1f4adc3e	Colin Smith	$config = parse_config(true);
1285	cdccfea2	Scott Ullrich	write_config("Reverted to " . array_pop(explode("/", $conffile)) . ".", false);
1286	9bbf0b4e	Scott Ullrich
1287	4efd4885	Scott Ullrich	mwexec("sync");
1288	cdccfea2	Scott Ullrich	conf_mount_ro();
1289			config_unlock();
1290	41508358	Scott Ullrich
1291	cdccfea2	Scott Ullrich	return 0;
1292	41508358	Scott Ullrich	}
1293	5b237745	Scott Ullrich
1294	41508358	Scott Ullrich	function config_install($conffile) {
1295	cdccfea2	Scott Ullrich	global $config, $g;
1296	9bbf0b4e	Scott Ullrich
1297	cdccfea2	Scott Ullrich	if (!file_exists($conffile))
1298			return 1;
1299	7f8d1f3f	Scott Ullrich
1300	abf3737f	Scott Ullrich	if (!config_validate("{$g['conf_path']}/config.xml"))
1301	5af3e206	Scott Ullrich	return 1;
1302
1303	7f8d1f3f	Scott Ullrich	if($g['booting'] == true)
1304			echo "Installing configuration...\n";
1305	9bbf0b4e	Scott Ullrich
1306	cdccfea2	Scott Ullrich	config_lock();
1307			conf_mount_rw();
1308	9bbf0b4e	Scott Ullrich
1309	cdccfea2	Scott Ullrich	copy($conffile, "{$g['conf_path']}/config.xml");
1310	80c02328	Scott Ullrich
1311			/* unlink cache file if it exists */
1312			if(file_exists("{$g['tmp_path']}/config.cache"))
1313			unlink("{$g['tmp_path']}/config.cache");
1314	9bbf0b4e	Scott Ullrich
1315	4efd4885	Scott Ullrich	mwexec("sync");
1316	cdccfea2	Scott Ullrich	conf_mount_ro();
1317			config_unlock();
1318	41508358	Scott Ullrich
1319	cdccfea2	Scott Ullrich	return 0;
1320	5b237745	Scott Ullrich	}
1321
1322	5af3e206	Scott Ullrich	function config_validate($conffile) {
1323
1324			global $g, $xmlerr;
1325
1326			$xml_parser = xml_parser_create();
1327	9bbf0b4e	Scott Ullrich
1328	5af3e206	Scott Ullrich	if (!($fp = fopen($conffile, "r"))) {
1329			$xmlerr = "XML error: unable to open file";
1330			return false;
1331			}
1332	9bbf0b4e	Scott Ullrich
1333	5af3e206	Scott Ullrich	while ($data = fread($fp, 4096)) {
1334			if (!xml_parse($xml_parser, $data, feof($fp))) {
1335			$xmlerr = sprintf("%s at line %d",
1336			xml_error_string(xml_get_error_code($xml_parser)),
1337			xml_get_current_line_number($xml_parser));
1338			return false;
1339			}
1340			}
1341			xml_parser_free($xml_parser);
1342	9bbf0b4e	Scott Ullrich
1343	5af3e206	Scott Ullrich	fclose($fp);
1344	9bbf0b4e	Scott Ullrich
1345	5af3e206	Scott Ullrich	return true;
1346			}
1347
1348	9bbf0b4e	Scott Ullrich	/* lock configuration file, decide that the lock file
1349			* is stale after 10 seconds
1350	cdccfea2	Scott Ullrich	*/
1351	5b237745	Scott Ullrich	function config_lock() {
1352	7cf78912	Bill Marquette	global $g, $process_lock;
1353	5b237745	Scott Ullrich
1354	7cf78912	Bill Marquette	/* No need to continue if we're the ones holding the lock */
1355			if ($process_lock)
1356			return;
1357	5b237745	Scott Ullrich
1358			$lockfile = "{$g['varrun_path']}/config.lock";
1359
1360			$n = 0;
1361			while ($n < 10) {
1362			/* open the lock file in append mode to avoid race condition */
1363			if ($fd = @fopen($lockfile, "x")) {
1364			/* succeeded */
1365	7cf78912	Bill Marquette	$process_lock = true;
1366	5b237745	Scott Ullrich	fclose($fd);
1367			return;
1368			} else {
1369			/* file locked, wait and try again */
1370	7cf78912	Bill Marquette	$process_lock = false;
1371	5b237745	Scott Ullrich	sleep(1);
1372			$n++;
1373			}
1374			}
1375			}
1376
1377			/* unlock configuration file */
1378			function config_unlock() {
1379	7cf78912	Bill Marquette	global $g, $process_lock;
1380	5b237745	Scott Ullrich
1381			$lockfile = "{$g['varrun_path']}/config.lock";
1382	7cf78912	Bill Marquette	$process_lock = false;
1383	5b237745	Scott Ullrich
1384	e50b0c5d	Bill Marquette	unlink_if_exists($lockfile);
1385	5b237745	Scott Ullrich	}
1386
1387	afe53428	Scott Ullrich	function set_networking_interfaces_ports() {
1388	bb17ff99	Scott Ullrich	global $noreboot;
1389	c1666878	Scott Ullrich	global $config;
1390			global $g;
1391	e522f83c	Scott Ullrich	global $fp;
1392	bb17ff99	Scott Ullrich
1393	afe53428	Scott Ullrich	$fp = fopen('php://stdin', 'r');
1394
1395	65929949	Scott Ullrich	$memory = get_memory();
1396			$avail = $memory[0];
1397
1398	cc46fb88	Scott Ullrich	if($avail < $g['minimum_ram_warning']) {
1399	65929949	Scott Ullrich	echo "\n\n\n";
1400	cc46fb88	Scott Ullrich	echo "DANGER! WARNING! ACHTUNG!\n\n";
1401			echo "{$g['product_name']} requires AT LEAST {$g['minimum_ram_warning_text']} ram to function correctly.\n";
1402			echo "Only ({$avail}) megs of ram has been detected.\n";
1403			echo "\nPress ENTER to continue. ";
1404	65929949	Scott Ullrich	fgets($fp);
1405			echo "\n";
1406			}
1407
1408	4fde4ce4	Colin Smith	$iflist = get_interface_list();
1409	afe53428	Scott Ullrich
1410			echo <<<EOD
1411
1412			Valid interfaces are:
1413
1414
1415			EOD;
1416
1417	1d9118a1	Scott Ullrich	if(!is_array($iflist)) {
1418			echo "No interfaces found!\n";
1419			} else {
1420			foreach ($iflist as $iface => $ifa) {
1421			echo sprintf("% -8s%s%s\n", $iface, $ifa['mac'],
1422			$ifa['up'] ? " (up)" : "");
1423			}
1424	afe53428	Scott Ullrich	}
1425
1426			echo <<<EOD
1427
1428			Do you want to set up VLANs first?
1429	9bbf0b4e	Scott Ullrich	If you are not going to use VLANs, or only for optional interfaces, you should
1430	08b15f2d	Scott Ullrich	say no here and use the webConfigurator to configure VLANs later, if required.
1431	afe53428	Scott Ullrich
1432			Do you want to set up VLANs now [y\|n]?
1433			EOD;
1434
1435			if (strcasecmp(chop(fgets($fp)), "y") == 0)
1436			vlan_setup();
1437
1438			if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
1439
1440			echo "\n\nVLAN interfaces:\n\n";
1441			$i = 0;
1442			foreach ($config['vlans']['vlan'] as $vlan) {
1443
1444			echo sprintf("% -8s%s\n", "vlan{$i}",
1445			"VLAN tag {$vlan['tag']}, interface {$vlan['if']}");
1446
1447			$iflist['vlan' . $i] = array();
1448			$i++;
1449			}
1450			}
1451
1452			echo <<<EOD
1453
1454	cc46fb88	Scott Ullrich	NOTE {$g['product_name']} requires {$g['minimum_nic_count_text']} assigned interfaces to function.
1455	d9df12f7	Chris Buechler	If you do not have {$g['minimum_nic_count_text']} interfaces you CANNOT continue.
1456	95385647	Scott Ullrich
1457	cc46fb88	Scott Ullrich	If you do not have at least {$g['minimum_nic_count']} REAL network interface cards
1458	8d475853	Chris Buechler	or one interface with multiple VLANs then {$g['product_name']}
1459			WILL NOT function correctly.
1460	4fde4ce4	Colin Smith
1461	763f6238	Scott Ullrich	If you do not know the names of your interfaces, you may choose to use
1462	8d475853	Chris Buechler	auto-detection. In that case, disconnect all interfaces now before
1463	cc46fb88	Scott Ullrich	hitting 'a' to initiate auto detection.
1464	afe53428	Scott Ullrich
1465			EOD;
1466
1467	cc46fb88	Scott Ullrich	do {
1468			echo "\nEnter the WAN interface name or 'a' for auto-detection: ";
1469			$wanif = chop(fgets($fp));
1470			if ($wanif === "") {
1471			return;
1472			}
1473			if ($wanif === "a")
1474			$wanif = autodetect_interface("WAN", $fp);
1475			else if (!array_key_exists($wanif, $iflist)) {
1476			echo "\nInvalid interface name '{$wanif}'\n";
1477			unset($wanif);
1478			continue;
1479			}
1480			} while (!$wanif);
1481
1482	afe53428	Scott Ullrich	do {
1483	9c98515d	Chris Buechler	echo "\nEnter the LAN interface name or 'a' for auto-detection \n" .
1484			"(or nothing if finished): ";
1485	afe53428	Scott Ullrich	$lanif = chop(fgets($fp));
1486	9c98515d	Chris Buechler
1487	eb566cd3	Scott Ullrich	if($lanif == "exit") {
1488			exit;
1489			}
1490	cc46fb88	Scott Ullrich
1491			if($lanif == "") {
1492	ea5070be	Scott Ullrich	if($g['minimum_nic_count'] < 2) {
1493			unset($config['interfaces']['lan']);
1494	9c98515d	Chris Buechler	break;
1495			} else {
1496			fclose($fp);
1497			return;
1498	ea5070be	Scott Ullrich	}
1499	cc46fb88	Scott Ullrich	}
1500	eb566cd3	Scott Ullrich
1501	afe53428	Scott Ullrich	if ($lanif === "a")
1502			$lanif = autodetect_interface("LAN", $fp);
1503			else if (!array_key_exists($lanif, $iflist)) {
1504			echo "\nInvalid interface name '{$lanif}'\n";
1505			unset($lanif);
1506			continue;
1507			}
1508			} while (!$lanif);
1509
1510			/* optional interfaces */
1511			$i = 0;
1512			$optif = array();
1513
1514			while (1) {
1515			if ($optif[$i])
1516			$i++;
1517			$i1 = $i + 1;
1518	9bbf0b4e	Scott Ullrich
1519			if($config['interfaces']['opt' . $i1]['descr'])
1520	44cca5ee	Scott Ullrich	echo "\nOptional interface {$i1} description found: {$config['interfaces']['opt' . $i1]['descr']}";
1521	9bbf0b4e	Scott Ullrich
1522	afe53428	Scott Ullrich	echo "\nEnter the Optional {$i1} interface name or 'a' for auto-detection\n" .
1523			"(or nothing if finished): ";
1524	9bbf0b4e	Scott Ullrich
1525	afe53428	Scott Ullrich	$optif[$i] = chop(fgets($fp));
1526
1527			if ($optif[$i]) {
1528			if ($optif[$i] === "a") {
1529			$ad = autodetect_interface("Optional " . $i1, $fp);
1530			if ($ad)
1531			$optif[$i] = $ad;
1532			else
1533			unset($optif[$i]);
1534			} else if (!array_key_exists($optif[$i], $iflist)) {
1535			echo "\nInvalid interface name '{$optif[$i]}'\n";
1536			unset($optif[$i]);
1537			continue;
1538			}
1539			} else {
1540			unset($optif[$i]);
1541			break;
1542			}
1543			}
1544
1545			/* check for double assignments */
1546			$ifarr = array_merge(array($lanif, $wanif), $optif);
1547
1548			for ($i = 0; $i < (count($ifarr)-1); $i++) {
1549			for ($j = ($i+1); $j < count($ifarr); $j++) {
1550			if ($ifarr[$i] == $ifarr[$j]) {
1551			echo <<<EOD
1552
1553	763f6238	Scott Ullrich	Error: you cannot assign the same interface name twice!
1554	afe53428	Scott Ullrich
1555			EOD;
1556	9bda2241	Scott Ullrich	fclose($fp);
1557	e196278c	Scott Ullrich	return;
1558	afe53428	Scott Ullrich	}
1559			}
1560			}
1561
1562	9c98515d	Chris Buechler	echo "The interfaces will be assigned as follows: \n\n";
1563	afe53428	Scott Ullrich
1564	9c98515d	Chris Buechler	if ($lanif != "")
1565			echo "LAN ->" . $lanif . "\n";
1566			echo "WAN ->" . $wanif . "\n";
1567	afe53428	Scott Ullrich	for ($i = 0; $i < count($optif); $i++) {
1568			echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n";
1569			}
1570
1571	bb17ff99	Scott Ullrich	echo <<<EOD
1572	afe53428	Scott Ullrich
1573			Do you want to proceed [y\|n]?
1574			EOD;
1575
1576			if (strcasecmp(chop(fgets($fp)), "y") == 0) {
1577
1578			$config['interfaces']['lan']['if'] = $lanif;
1579	fd91e85c	Scott Ullrich	if (preg_match($g['wireless_regex'], $lanif)) {
1580	afe53428	Scott Ullrich	if (!is_array($config['interfaces']['lan']['wireless']))
1581			$config['interfaces']['lan']['wireless'] = array();
1582			} else {
1583			unset($config['interfaces']['lan']['wireless']);
1584			}
1585	9bbf0b4e	Scott Ullrich
1586	afe53428	Scott Ullrich	$config['interfaces']['wan']['if'] = $wanif;
1587	fd91e85c	Scott Ullrich	if (preg_match($g['wireless_regex'], $wanif)) {
1588	afe53428	Scott Ullrich	if (!is_array($config['interfaces']['wan']['wireless']))
1589			$config['interfaces']['wan']['wireless'] = array();
1590			} else {
1591			unset($config['interfaces']['wan']['wireless']);
1592			}
1593	9bbf0b4e	Scott Ullrich
1594	afe53428	Scott Ullrich	for ($i = 0; $i < count($optif); $i++) {
1595			if (!is_array($config['interfaces']['opt' . ($i+1)]))
1596			$config['interfaces']['opt' . ($i+1)] = array();
1597	9bbf0b4e	Scott Ullrich
1598	afe53428	Scott Ullrich	$config['interfaces']['opt' . ($i+1)]['if'] = $optif[$i];
1599	9bbf0b4e	Scott Ullrich
1600	afe53428	Scott Ullrich	/* wireless interface? */
1601	fd91e85c	Scott Ullrich	if (preg_match($g['wireless_regex'], $optif[$i])) {
1602	afe53428	Scott Ullrich	if (!is_array($config['interfaces']['opt' . ($i+1)]['wireless']))
1603			$config['interfaces']['opt' . ($i+1)]['wireless'] = array();
1604			} else {
1605			unset($config['interfaces']['opt' . ($i+1)]['wireless']);
1606			}
1607	9bbf0b4e	Scott Ullrich
1608	afe53428	Scott Ullrich	unset($config['interfaces']['opt' . ($i+1)]['enable']);
1609			$config['interfaces']['opt' . ($i+1)]['descr'] = "OPT" . ($i+1);
1610			}
1611	9bbf0b4e	Scott Ullrich
1612	afe53428	Scott Ullrich	/* remove all other (old) optional interfaces */
1613			for (; isset($config['interfaces']['opt' . ($i+1)]); $i++)
1614			unset($config['interfaces']['opt' . ($i+1)]);
1615	9bbf0b4e	Scott Ullrich
1616	fd91e85c	Scott Ullrich	write_config();
1617	9bbf0b4e	Scott Ullrich
1618	afe53428	Scott Ullrich	echo <<<EOD
1619
1620	bb17ff99	Scott Ullrich
1621	afe53428	Scott Ullrich
1622			EOD;
1623	0912a5f5	Scott Ullrich
1624	9bda2241	Scott Ullrich	fclose($fp);
1625	82958e6d	Scott Ullrich	if($g['booting'])
1626	cf1aa877	Scott Ullrich	return;
1627	0912a5f5	Scott Ullrich
1628	01622555	Scott Ullrich	echo "One moment while we reload the settings...";
1629	71c5821b	Scott Ullrich
1630	e4fb0a1e	Scott Ullrich	$g['booting'] = false;
1631
1632	43637d9e	Scott Ullrich	/* resync everything */
1633			reload_all_sync();
1634	9bbf0b4e	Scott Ullrich
1635	111207b5	Scott Ullrich	echo " done!\n";
1636	9bbf0b4e	Scott Ullrich
1637	76612f46	Scott Ullrich	touch("{$g['tmp_path']}/assign_complete");
1638	afe53428	Scott Ullrich
1639			}
1640	1fc6d183	Scott Ullrich	}
1641	afe53428	Scott Ullrich
1642	1fc6d183	Scott Ullrich	function autodetect_interface($ifname, $fp) {
1643	9249b756	Colin Smith	$iflist_prev = get_interface_list("media");
1644	1fc6d183	Scott Ullrich	echo <<<EOD
1645	afe53428	Scott Ullrich
1646			Connect the {$ifname} interface now and make sure that the link is up.
1647			Then press ENTER to continue.
1648
1649			EOD;
1650	1fc6d183	Scott Ullrich	fgets($fp);
1651	9249b756	Colin Smith	$iflist = get_interface_list("media");
1652	4fde4ce4	Colin Smith
1653	1fc6d183	Scott Ullrich	foreach ($iflist_prev as $ifn => $ifa) {
1654			if (!$ifa['up'] && $iflist[$ifn]['up']) {
1655			echo "Detected link-up on interface {$ifn}.\n";
1656			return $ifn;
1657	afe53428	Scott Ullrich	}
1658			}
1659
1660	1fc6d183	Scott Ullrich	echo "No link-up detected.\n";
1661
1662			return null;
1663	e522f83c	Scott Ullrich	}
1664	afe53428	Scott Ullrich
1665	e522f83c	Scott Ullrich	function vlan_setup() {
1666			global $iflist, $config, $g, $fp;
1667	afe53428	Scott Ullrich
1668	d8dc587b	Scott Ullrich	$iflist = get_interface_list();
1669
1670	e522f83c	Scott Ullrich	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
1671
1672			echo <<<EOD
1673	afe53428	Scott Ullrich
1674			WARNING: all existing VLANs will be cleared if you proceed!
1675
1676			Do you want to proceed [y\|n]?
1677			EOD;
1678
1679	e522f83c	Scott Ullrich	if (strcasecmp(chop(fgets($fp)), "y") != 0)
1680			return;
1681			}
1682	afe53428	Scott Ullrich
1683	e522f83c	Scott Ullrich	$config['vlans']['vlan'] = array();
1684			echo "\n";
1685	afe53428	Scott Ullrich
1686	e522f83c	Scott Ullrich	while (1) {
1687			$vlan = array();
1688	afe53428	Scott Ullrich
1689	7695ef3f	Scott Ullrich	echo "\n\nVLAN Capable interfaces:\n\n";
1690			if(!is_array($iflist)) {
1691			echo "No interfaces found!\n";
1692			} else {
1693			$vlan_capable=0;
1694			foreach ($iflist as $iface => $ifa) {
1695	0ed78ddb	Scott Ullrich	if (is_jumbo_capable($iface)) {
1696	7695ef3f	Scott Ullrich	echo sprintf("% -8s%s%s\n", $iface, $ifa['mac'],
1697			$ifa['up'] ? " (up)" : "");
1698			$vlan_capable++;
1699			}
1700			}
1701			}
1702
1703			if($vlan_capable == 0) {
1704			echo "No VLAN capable interfaces detected.\n";
1705			return;
1706			}
1707
1708	e522f83c	Scott Ullrich	echo "\nEnter the parent interface name for the new VLAN (or nothing if finished): ";
1709			$vlan['if'] = chop(fgets($fp));
1710	afe53428	Scott Ullrich
1711	e522f83c	Scott Ullrich	if ($vlan['if']) {
1712	6a32d1e5	Scott Ullrich	if (!array_key_exists($vlan['if'], $iflist) or
1713			!is_jumbo_capable($vlan['if'])) {
1714	e522f83c	Scott Ullrich	echo "\nInvalid interface name '{$vlan['if']}'\n";
1715	afe53428	Scott Ullrich	continue;
1716			}
1717	e522f83c	Scott Ullrich	} else {
1718			break;
1719			}
1720
1721			echo "Enter the VLAN tag (1-4094): ";
1722			$vlan['tag'] = chop(fgets($fp));
1723	afe53428	Scott Ullrich
1724	e522f83c	Scott Ullrich	if (!is_numericint($vlan['tag']) \|\| ($vlan['tag'] < 1) \|\| ($vlan['tag'] > 4094)) {
1725			echo "\nInvalid VLAN tag '{$vlan['tag']}'\n";
1726			continue;
1727	afe53428	Scott Ullrich	}
1728	e522f83c	Scott Ullrich
1729			$config['vlans']['vlan'][] = $vlan;
1730	afe53428	Scott Ullrich	}
1731			}
1732
1733	dd78523c	Scott Ullrich	function system_start_ftp_helpers() {
1734	613bdee0	Scott Ullrich	require_once("interfaces.inc");
1735	5c6d0f65	Colin Smith	global $config, $g;
1736	9bbf0b4e	Scott Ullrich
1737	c8f7ec29	Scott Ullrich	mwexec("/usr/bin/killall ftpsesame");
1738	6873a9a4	Scott Ullrich
1739	c1ec2c2f	Scott Ullrich	/* build an array of interfaces to work with */
1740	7a5e1563	Scott Ullrich	$iflist = array("lan" => "lan");
1741	9bbf0b4e	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
1742	f46fe446	Scott Ullrich	$iflist['opt' . $i] = "opt{$i}";
1743	c1ec2c2f	Scott Ullrich
1744	68bf32da	Scott Ullrich	/* loop through all interfaces and handle ftp-proxy */
1745	c1ec2c2f	Scott Ullrich	$interface_counter = 0;
1746			foreach ($iflist as $ifent => $ifname) {
1747	68bf32da	Scott Ullrich	/* if the ftp proxy is disabled for this interface then kill ftp-proxy
1748	9bbf0b4e	Scott Ullrich	* instance and continue. note that the helpers for port forwards are
1749			* launched in a different sequence so we are filtering them out
1750	428a858d	Seth Mos	* here by not including -c {$port} -g 8021 first.
1751	c1ec2c2f	Scott Ullrich	*/
1752	cedeafc0	Scott Ullrich	/* only install a ftp helper for enabled interfaces. wan and lan are always enabled. */
1753			if(stristr($ifname, "opt") <> false)
1754			if(!isset($config['interfaces'][strtolower($ifname)]['enable']))
1755			continue;
1756	197bfe96	Ermal Luçi
1757			/* Get the ftp queue for this interface */
1758			if (isset($config['shaper'][$ifname]['ftpqueue']))
1759			$shaper_queue = $config['interfaces'][$ifname]['ftpqueue'];
1760
1761	c1ec2c2f	Scott Ullrich	$port = 8021 + $interface_counter;
1762	f46fe446	Scott Ullrich	if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
1763	c1ec2c2f	Scott Ullrich	/* item is disabled. lets ++ the interface counter and
1764	68bf32da	Scott Ullrich	* keep processing interfaces. kill ftp-proxy if already
1765	cdccfea2	Scott Ullrich	* running for this instance.
1766			*/
1767	e786fa1e	Scott Ullrich	$helpers = exec("/bin/ps awux \| grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" \| grep -v grep \| sed \"s/ */ /g\" \| cut -f2 -d\" \"");
1768	b1f23568	Scott Ullrich	if($helpers)
1769			mwexec("/bin/kill {$helpers}");
1770	c1ec2c2f	Scott Ullrich	$interface_counter++;
1771	5c1fd1d9	Scott Ullrich	} else {
1772	1324a93a	Scott Ullrich	/* grab the current interface IP address */
1773	6d648622	Scott Ullrich	$int = convert_friendly_interface_to_real_interface_name($ifname);
1774			$ip = find_interface_ip($int);
1775	652b8ce0	Seth Mos	/* are we in routed mode? no source nat rules and not a outside interface? */
1776			/* If we have advanced outbound nat we skip the FTP proxy, we use ftpsesame */
1777			if((isset($config['nat']['advancedoutbound']['enable'])) && (! interface_has_gateway($ifname))) {
1778	428a858d	Seth Mos	$sourcenat = 0;
1779			/* we are using advanced outbound nat, are we in routing mode? */
1780			/* if the interface address lies within a outbound NAT source network we should skip */
1781			if(! empty($config['nat']['advancedoutbound']['rule'])) {
1782			foreach($config['nat']['advancedoutbound']['rule'] as $natnetwork) {
1783			if(ip_in_subnet($ip, $natnetwork['source']['network'])) {
1784	9ba08fba	Seth Mos	/* if the interface address is matched in the AON Rule we need the ftp proxy */
1785	9c260551	Seth Mos	if(is_ipaddr($natnetwork['target']) && ($natnetwork['interface'] == "wan")) {
1786	e786fa1e	Scott Ullrich	$pftpxsourceaddr = "-a {$natnetwork['target']}";
1787	9c260551	Seth Mos	if($g['debug'])
1788			log_error("Config: AON: using the external ip source {$pftpxsourceaddr} for the ftp proxy");
1789			}
1790	428a858d	Seth Mos	$sourcenat++;
1791			}
1792			}
1793			}
1794			if($sourcenat == 0) {
1795	77109a5f	Seth Mos	if($g['debug'])
1796			log_error("Config: No AON rule matched for interface {$ifname} - not using FTP proxy");
1797	428a858d	Seth Mos	mwexec("/usr/local/sbin/ftpsesame -i $int");
1798			$interface_counter++;
1799			continue;
1800	9ba08fba	Seth Mos	} else {
1801	77109a5f	Seth Mos	if($g['debug'])
1802			log_error("Config: AON rule matched for interface {$ifname} - using FTP proxy");
1803	428a858d	Seth Mos	}
1804			}
1805	e786fa1e	Scott Ullrich	/* if ftp-proxy is already running then do not launch it again */
1806			$helpers = exec("/bin/ps awux \| grep \"/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port}\" \| grep -v grep \| sed \"s/ */ /g\"");
1807	1324a93a	Scott Ullrich	if(!$helpers && $ip)
1808	250845de	Scott Ullrich	mwexec("/usr/local/sbin/ftp-proxy {$shaper_queue} -p {$port} {$pftpxsourceaddr} {$ip}");
1809	b9f4a5f4	Scott Ullrich	if(!$ip)
1810	9c260551	Seth Mos	mwexec("/usr/local/sbin/ftpsesame {$shaper_queue} -i $int");
1811	5c1fd1d9	Scott Ullrich	$interface_counter++;
1812			}
1813	dce949b0	Scott Ullrich	}
1814	cf7f3ebc	Scott Ullrich	/* support bridged interfaces. even they need ftp mojo */
1815	51fd526d	Scott Ullrich	$num_bridges = find_number_of_created_bridges();
1816	cf7f3ebc	Scott Ullrich	$num_bridges++;
1817	51fd526d	Scott Ullrich	for($x=0; $x<$num_bridges; $x++) {
1818	5ca505e2	Scott Ullrich	mwexec("/usr/local/sbin/ftpsesame {$shaper_queue}-i bridge{$x}");
1819	9bbf0b4e	Scott Ullrich	}
1820	dd78523c	Scott Ullrich	}
1821
1822	7cc29855	Colin Smith	function cleanup_backupcache($revisions = 30) {
1823	392a9bb8	Colin Smith	global $g;
1824	41508358	Scott Ullrich	$i = false;
1825	e7e7584b	Scott Ullrich	config_lock();
1826	dc74c78a	Colin Smith	if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) {
1827	3fd7c6af	Scott Ullrich	conf_mount_rw();
1828	dc74c78a	Colin Smith	$backups = get_backups();
1829			$newbaks = array();
1830	8a421967	Colin Smith	$bakfiles = glob($g['cf_conf_path'] . "/backup/config-*");
1831	dc74c78a	Colin Smith	$baktimes = $backups['versions'];
1832			$tocache = array();
1833			unset($backups['versions']);
1834	6ec72f51	Scott Ullrich	foreach($bakfiles as $backup) { // Check for backups in the directory not represented in the cache.
1835			if(filesize($backup) == 0) {
1836			unlink($backup);
1837			continue;
1838			}
1839			$tocheck = array_shift(explode('.', array_pop(explode('-', $backup))));
1840			if(!in_array($tocheck, $baktimes)) {
1841			$i = true;
1842			if($g['booting'])
1843			print " " . $tocheck . "a";
1844			$newxml = parse_xml_config($backup, $g['xml_rootobj']);
1845	7fb87dbe	Scott Ullrich	if($newxml == "-1") {
1846			log_error("The backup cache file $backup is corrupted. Unlinking.");
1847			unlink($backup);
1848	197bfe96	Ermal Luçi	log_error("The backup cache file $backup is corrupted. Unlinking.");
1849	7fb87dbe	Scott Ullrich	continue;
1850			}
1851	6ec72f51	Scott Ullrich	if($newxml['revision']['description'] == "")
1852			$newxml['revision']['description'] = "Unknown";
1853			$tocache[$tocheck] = array('description' => $newxml['revision']['description']);
1854			}
1855			}
1856	dc74c78a	Colin Smith	foreach($backups as $checkbak) {
1857	6ec72f51	Scott Ullrich
1858	dc74c78a	Colin Smith	if(count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) {
1859			$newbaks[] = $checkbak;
1860			} else {
1861			$i = true;
1862	346089b0	Scott Ullrich	if($g['booting']) print " " . $tocheck . "r";
1863	dc74c78a	Colin Smith	}
1864	41508358	Scott Ullrich	}
1865	9bbf0b4e	Scott Ullrich	foreach($newbaks as $todo) $tocache[$todo['time']] = array('description' => $todo['description']);
1866	7cc29855	Colin Smith	if(is_int($revisions) and (count($tocache) > $revisions)) {
1867	dc74c78a	Colin Smith	$toslice = array_slice(array_keys($tocache), 0, $revisions);
1868	9bbf0b4e	Scott Ullrich	foreach($toslice as $sliced)
1869	cdccfea2	Scott Ullrich	$newcache[$sliced] = $tocache[$sliced];
1870	dc74c78a	Colin Smith	foreach($tocache as $version => $versioninfo) {
1871			if(!in_array($version, array_keys($newcache))) {
1872			unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml');
1873	346089b0	Scott Ullrich	if($g['booting']) print " " . $tocheck . "d";
1874	dc74c78a	Colin Smith	}
1875	41508358	Scott Ullrich	}
1876	dc74c78a	Colin Smith	$tocache = $newcache;
1877	41508358	Scott Ullrich	}
1878	dc74c78a	Colin Smith	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
1879	cdccfea2	Scott Ullrich	fwrite($bakout, serialize($tocache));
1880			fclose($bakout);
1881	4efd4885	Scott Ullrich	mwexec("sync");
1882	3fd7c6af	Scott Ullrich	conf_mount_ro();
1883	41508358	Scott Ullrich	}
1884	5c6d0f65	Colin Smith	if($g['booting']) {
1885	41508358	Scott Ullrich	if($i) {
1886	deebaae1	Scott Ullrich	print "done.\n";
1887	41508358	Scott Ullrich	}
1888			}
1889	e7e7584b	Scott Ullrich	config_unlock();
1890	41508358	Scott Ullrich	}
1891	9bbf0b4e	Scott Ullrich
1892			function get_backups() {
1893	e50b0c5d	Bill Marquette	global $g;
1894	cdccfea2	Scott Ullrich	if(file_exists("{$g['cf_conf_path']}/backup/backup.cache")) {
1895			$confvers = unserialize(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"));
1896	41508358	Scott Ullrich	$bakvers = array_keys($confvers);
1897			$toreturn = array();
1898			sort($bakvers);
1899	cdccfea2	Scott Ullrich	// $bakvers = array_reverse($bakvers);
1900	9bbf0b4e	Scott Ullrich	foreach(array_reverse($bakvers) as $bakver)
1901	cdccfea2	Scott Ullrich	$toreturn[] = array('time' => $bakver, 'description' => $confvers[$bakver]['description']);
1902	9bbf0b4e	Scott Ullrich	} else {
1903			return false;
1904	cdccfea2	Scott Ullrich	}
1905	41508358	Scott Ullrich	$toreturn['versions'] = $bakvers;
1906	cdccfea2	Scott Ullrich	return $toreturn;
1907	41508358	Scott Ullrich	}
1908	926312b6	Colin Smith
1909	41508358	Scott Ullrich	function backup_config() {
1910			global $config, $g;
1911	e50b0c5d	Bill Marquette
1912	8fb3a072	Scott Ullrich	if($g['platform'] == "cdrom")
1913			return;
1914
1915	865e08c2	Scott Ullrich	conf_mount_rw();
1916
1917	e50b0c5d	Bill Marquette	/* Create backup directory if needed */
1918			safe_mkdir("{$g['cf_conf_path']}/backup");
1919
1920	cdccfea2	Scott Ullrich	if($config['revision']['time'] == "") {
1921			$baktime = 0;
1922			} else {
1923			$baktime = $config['revision']['time'];
1924			}
1925			if($config['revision']['description'] == "") {
1926			$bakdesc = "Unknown";
1927			} else {
1928			$bakdesc = $config['revision']['description'];
1929			}
1930			copy($g['cf_conf_path'] . '/config.xml', $g['cf_conf_path'] . '/backup/config-' . $baktime . '.xml');
1931			if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) {
1932			$backupcache = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache'));
1933			} else {
1934			$backupcache = array();
1935			}
1936			$backupcache[$baktime] = array('description' => $bakdesc);
1937			$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
1938			fwrite($bakout, serialize($backupcache));
1939			fclose($bakout);
1940	9bbf0b4e	Scott Ullrich
1941	4efd4885	Scott Ullrich	mwexec("sync");
1942	865e08c2	Scott Ullrich	conf_mount_ro();
1943	9bbf0b4e	Scott Ullrich
1944	41508358	Scott Ullrich	return true;
1945			}
1946	dd2ab8f8	Scott Ullrich
1947			function mute_kernel_msgs() {
1948			exec("/sbin/conscontrol mute on");
1949			}
1950
1951			function unmute_kernel_msgs() {
1952			exec("/sbin/conscontrol mute off");
1953			}
1954
1955	caeb3b46	Scott Ullrich	function start_devd() {
1956			exec("/sbin/devd");
1957	f8779609	Scott Ullrich	sleep(1);
1958			if(file_exists("/tmp/rc.linkup"))
1959	9bbf0b4e	Scott Ullrich	unlink("/tmp/rc.linkup");
1960	caeb3b46	Scott Ullrich	}
1961
1962	92d24260	Scott Ullrich	function is_interface_mismatch() {
1963			global $config, $g;
1964	d6fed99e	Scott Ullrich	if(!$config['interfaces']['lan'])
1965			return false;
1966	92d24260	Scott Ullrich	$lan_if = $config['interfaces']['lan']['if'];
1967			$wan_if = get_real_wan_interface();
1968			$do_assign = 0;
1969			/* we need to ignore the vlan interface checks) */
1970			if (stristr($lan_if, "vlan") == false and stristr($wan_if, "vlan") == false) {
1971			if (does_interface_exist($lan_if) == false)
1972	c3317a8c	Chris Buechler	if($g['minimum_nic_count'] > 1)
1973			$do_assign = 1;
1974	92d24260	Scott Ullrich	if ($config['interfaces']['wan']['ipaddr'] <> "pppoe" && $config['interfaces']['wan']['ipaddr'] <> "pptp" && $do_assign == 0)
1975			if (does_interface_exist($wan_if) == false)
1976			$do_assign = 1;
1977			}
1978			/* XXX: enumerate OPT interfaces looking for mismatches */
1979			if (file_exists("{$g['tmp_path']}/assign_complete"))
1980			return false;
1981			if ($do_assign == 1)
1982			return true;
1983			else
1984			return false;
1985			}
1986
1987	09b949e1	Scott Ullrich	function set_device_perms() {
1988			$devices = array(
1989			'pf' => array( 'user' => 'proxy',
1990			'group' => 'proxy',
1991			'mode' => 0660),
1992			);
1993
1994			foreach ($devices as $name => $attr) {
1995			$path = "/dev/$name";
1996			if (file_exists($path)) {
1997			chown($path, $attr['user']);
1998			chgrp($path, $attr['group']);
1999			chmod($path, $attr['mode']);
2000			}
2001			}
2002			}
2003
2004	f1d634bb	Scott Ullrich	if($g['booting']) echo ".";
2005			$config = parse_config();
2006
2007	197bfe96	Ermal Luçi	?>

Project

General

Profile

pfSense