/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ a9f250d6

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33			pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
34	b368b35a	Ermal	pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/sbin/syslogd
35	523855b0	Scott Ullrich	pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36	cf180ccc	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/bin/ntpd /usr/sbin/ntpdate
37	c3b13d60	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
38	523855b0	Scott Ullrich	pfSense_MODULE: utils
39			*/
40	0f282d7a	Scott Ullrich
41	8e9fa41d	Scott Ullrich	function activate_powerd() {
42			global $config, $g;
43	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
44			return;
45	53c210dd	Cristian Feldman	if(is_process_running("powerd"))
46			exec("/usr/bin/killall powerd");
47	8e9fa41d	Scott Ullrich	if(isset($config['system']['powerd_enable'])) {
48	c3b13d60	jim-p	if ($g["platform"] == "nanobsd")
49			exec("/sbin/kldload cpufreq");
50	53c210dd	Cristian Feldman	$mode = "hadp";
51			if (!empty($config['system']['powerd_mode']))
52			$mode = $config['system']['powerd_mode'];
53			mwexec("/usr/sbin/powerd -b $mode -a $mode");
54	8e9fa41d	Scott Ullrich	}
55			}
56
57	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
58			global $sysctls;
59	f3c91cb5	Erik Fonnesbeck
60			if (isset($sysctls[$id]))
61			return $sysctls[$id];
62	3a35f55f	Scott Ullrich	}
63
64	6df9d7e3	Scott Ullrich	function activate_sysctls() {
65			global $config, $g;
66	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
67			return;
68	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
69	ddcb7b8c	Bill Marquette	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
70	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
71	c0192947	Scott Ullrich	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
72	99e88aa0	Ermal Luçi
73	3a35f55f	Scott Ullrich	if(is_array($config['sysctl'])) {
74	cac19f50	Scott Ullrich	foreach($config['sysctl']['item'] as $tunable) {
75	b2d0140c	Scott Ullrich	if($tunable['value'] == "default") {
76			$value = get_default_sysctl_value($tunable['tunable']);
77			mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $value . "\"");
78			} else {
79	09f82b11	Administrator	mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\"");
80	b2d0140c	Scott Ullrich	}
81	d0b461f5	sullrich	}
82			}
83	6df9d7e3	Scott Ullrich	}
84
85	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
86	c3f535c0	Seth Mos	global $config, $g;
87
88			if(isset($config['system']['developerspew'])) {
89			$mt = microtime();
90			echo "system_resolvconf_generate() being called $mt\n";
91			}
92	ef217c69	Scott Ullrich
93	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
94	ef217c69	Scott Ullrich
95	53bbbf04	Scott Ullrich	// Do not create blank domain lines, it breaks tools like dig.
96			if($syscfg['domain'])
97			$resolvconf = "domain {$syscfg['domain']}\n";
98	ef217c69	Scott Ullrich
99	af6576a8	jim-p	if (isset($config['dnsmasq']['enable']) && !isset($config['system']['dnslocalhost']))
100	6c86a39f	Ermal	$resolvconf .= "nameserver 127.0.0.1\n";
101	8ac329da	Ermal
102	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
103	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
104	86dcdfc9	Ermal	$ns = array_unique(get_searchdomains());
105			foreach($ns as $searchserver) {
106	8e866217	Ermal	if($searchserver)
107	86dcdfc9	Ermal	$resolvconf .= "search {$searchserver}\n";
108			}
109	c3f535c0	Seth Mos	$ns = array_unique(get_nameservers());
110			foreach($ns as $nameserver) {
111	8e866217	Ermal	if($nameserver)
112	c3f535c0	Seth Mos	$resolvconf .= "nameserver $nameserver\n";
113			}
114	30cee7b2	Scott Ullrich	}
115	8e866217	Ermal	if (is_array($syscfg['dnsserver'])) {
116	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
117	8e866217	Ermal	if ($ns)
118	c3f535c0	Seth Mos	$resolvconf .= "nameserver $ns\n";
119	e180a6e3	Scott Ullrich	}
120	c3f535c0	Seth Mos	}
121	0f282d7a	Scott Ullrich
122	d97ff036	Ermal	$dnslock = lock('resolvconf', LOCK_EX);
123
124	e1daff07	Ermal	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
125			if (!$fd) {
126			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
127	d97ff036	Ermal	unlock($dnslock);
128	e1daff07	Ermal	return 1;
129			}
130
131	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
132			fclose($fd);
133	0f282d7a	Scott Ullrich
134	30cee7b2	Scott Ullrich	if (!$g['booting']) {
135	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
136			if (!$dynupdate)
137			services_dhcpd_configure();
138	30cee7b2	Scott Ullrich	}
139	ef217c69	Scott Ullrich
140	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
141			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
142			/* setup static routes for dns servers */
143	c935003d	Seth Mos	$dnsgw = "dns{$dnscounter}gw";
144	c3f535c0	Seth Mos	if (isset($config['system'][$dnsgw])) {
145	c935003d	Seth Mos	$gwname = $config['system'][$dnsgw];
146			if (($gwname <> "") && ($gwname <> "none")) {
147			$gatewayip = lookup_gateway_ip_by_name($gwname);
148			if (is_ipaddrv4($gatewayip)) {
149	c3f535c0	Seth Mos	/* dns server array starts at 0 */
150	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
151	4c41b626	Ermal	mwexec("route change -host " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
152	b875f306	Scott Ullrich	}
153	c935003d	Seth Mos	if (is_ipaddrv6($gatewayip)) {
154			/* dns server array starts at 0 */
155			$dnscountermo = $dnscounter - 1;
156	64a8dbf2	jim-p	mwexec("route change -host -inet6 " . $syscfg['dnsserver'][$dnscountermo] . " {$gatewayip}");
157	c935003d	Seth Mos	}
158	b875f306	Scott Ullrich	}
159	e180a6e3	Scott Ullrich	}
160	c3f535c0	Seth Mos	}
161	d97ff036	Ermal
162			unlock($dnslock);
163
164	c3f535c0	Seth Mos	return 0;
165	5b237745	Scott Ullrich	}
166
167	86dcdfc9	Ermal	function get_searchdomains() {
168			global $config, $g;
169
170			$master_list = array();
171
172			// Read in dhclient nameservers
173	e1daff07	Ermal	$search_list = glob("/var/etc/searchdomain_*");
174	86dcdfc9	Ermal	if (is_array($search_lists)) {
175	807fd6cd	Ermal	foreach($search_lists as $fdns) {
176			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
177			if (!is_array($contents))
178			continue;
179			foreach ($contents as $dns) {
180			if(is_hostname($dns))
181			$master_list[] = $dns;
182			}
183	86dcdfc9	Ermal	}
184			}
185
186			return $master_list;
187			}
188
189	3d00ccaa	Scott Ullrich	function get_nameservers() {
190			global $config, $g;
191			$master_list = array();
192	30cee7b2	Scott Ullrich
193	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
194	e1daff07	Ermal	$dns_lists = glob("/var/etc/nameserver_*");
195	1033de74	Ermal	if (is_array($dns_lists)) {
196	807fd6cd	Ermal	foreach($dns_lists as $fdns) {
197			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
198			if (!is_array($contents))
199			continue;
200			foreach ($contents as $dns) {
201			if(is_ipaddr($dns))
202			$master_list[] = $dns;
203			}
204	60951398	Scott Ullrich	}
205	3d00ccaa	Scott Ullrich	}
206	2a1226ad	Scott Ullrich
207			// Read in any extra nameservers
208			if(file_exists("/var/etc/nameservers.conf")) {
209	33818198	Ermal	$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
210	e1daff07	Ermal	if(is_array($dns_s)) {
211	2a1226ad	Scott Ullrich	foreach($dns_s as $dns)
212	1033de74	Ermal	if (is_ipaddr($dns))
213			$master_list[] = $dns;
214	e1daff07	Ermal	}
215	2a1226ad	Scott Ullrich	}
216
217	3d00ccaa	Scott Ullrich	return $master_list;
218			}
219
220	5b237745	Scott Ullrich	function system_hosts_generate() {
221	f19d3b7a	Scott Ullrich	global $config, $g;
222	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
223			$mt = microtime();
224	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
225	f19d3b7a	Scott Ullrich	}
226	0f282d7a	Scott Ullrich
227	5b237745	Scott Ullrich	$syscfg = $config['system'];
228			$dnsmasqcfg = $config['dnsmasq'];
229
230			if (!is_array($dnsmasqcfg['hosts'])) {
231			$dnsmasqcfg['hosts'] = array();
232			}
233			$hostscfg = $dnsmasqcfg['hosts'];
234	0f282d7a	Scott Ullrich
235	58db1fc4	Ermal	$hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
236	aa994814	Andrew Thompson	$lhosts = "";
237			$dhosts = "";
238	a55e9c70	Ermal Lu?i
239	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
240			$cfgip = get_interface_ip("lan");
241	f38f8062	Ermal	if (is_ipaddr($cfgip))
242			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
243	e5995f9d	Ermal	} else {
244			$sysiflist = get_configured_interface_list();
245			foreach ($sysiflist as $sysif) {
246			if (!interface_has_gateway($sysif)) {
247			$cfgip = get_interface_ip($sysif);
248			if (is_ipaddr($cfgip)) {
249			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
250			break;
251			}
252			}
253			}
254	f38f8062	Ermal	}
255	0f282d7a	Scott Ullrich
256	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
257			if ($host['host'])
258	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
259	5b237745	Scott Ullrich	else
260	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['domain']}\n";
261	5db4d1eb	jim-p	if (!is_array($host['aliases']) \|\| !is_array($host['aliases']['item']))
262			continue;
263	5a2a8349	Lorenz Schori	foreach ($host['aliases']['item'] as $alias) {
264			if ($alias['host'])
265			$lhosts .= "{$host['ip']} {$alias['host']}.{$alias['domain']} {$alias['host']}\n";
266			else
267			$lhosts .= "{$host['ip']} {$alias['domain']}\n";
268			}
269	5b237745	Scott Ullrich	}
270	da6155e0	Erik Fonnesbeck	if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
271	6a01ea44	Bill Marquette	foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
272			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
273	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
274	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
275	aa994814	Andrew Thompson	$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
276	4b2bf4fc	smos	}
277			if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) {
278	7c6856f8	jim-p	foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf)
279			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
280			foreach ($dhcpifconf['staticmap'] as $host)
281			if ($host['ipaddrv6'] && $host['hostname'])
282			$dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
283	a56e787d	Scott Ullrich	}
284	58db1fc4	Ermal
285	aa994814	Andrew Thompson	if (isset($dnsmasqcfg['dhcpfirst']))
286			$hosts .= $dhosts . $lhosts;
287			else
288			$hosts .= $lhosts . $dhosts;
289
290	58db1fc4	Ermal	/*
291			* Do not remove this because dhcpleases monitors with kqueue it needs to be
292			* killed before writing to hosts files.
293			*/
294			if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
295			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
296			@unlink("{$g['varrun_path']}/dhcpleases.pid");
297			}
298			$fd = fopen("{$g['varetc_path']}/hosts", "w");
299			if (!$fd) {
300			log_error("Error: cannot open hosts file in system_hosts_generate().\n");
301			return 1;
302			}
303	5b237745	Scott Ullrich	fwrite($fd, $hosts);
304			fclose($fd);
305	0f282d7a	Scott Ullrich
306	24d619f5	Ermal	system_dhcpleases_configure();
307
308			return 0;
309			}
310
311			function system_dhcpleases_configure() {
312	15d456b9	gnhb	global $config, $g;
313
314	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
315			return;
316	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
317			if (isset($config['dnsmasq']['regdhcp'])) {
318			/* Make sure we do not error out */
319			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
320	15d456b9	gnhb	if (file_exists("{$g['varrun_path']}/dhcpleases.pid"))
321			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
322			else
323			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
324			} else {
325			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
326			@unlink("{$g['varrun_path']}/dhcpleases.pid");
327			}
328	5b237745	Scott Ullrich	}
329
330			function system_hostname_configure() {
331	f19d3b7a	Scott Ullrich	global $config, $g;
332	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
333			$mt = microtime();
334	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
335	333f8ef0	Scott Ullrich	}
336	0f282d7a	Scott Ullrich
337	5b237745	Scott Ullrich	$syscfg = $config['system'];
338	0f282d7a	Scott Ullrich
339	5b237745	Scott Ullrich	/* set hostname */
340	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
341	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
342	6bfccde7	Scott Ullrich
343			/* Setup host GUID ID. This is used by ZFS. */
344			mwexec("/etc/rc.d/hostid start");
345
346			return $status;
347	5b237745	Scott Ullrich	}
348
349	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
350	962625aa	Ermal	global $config, $g;
351	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
352			return;
353	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
354			$mt = microtime();
355	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
356	58c7450e	Scott Ullrich	}
357	333f8ef0	Scott Ullrich
358	a529aced	Ermal	$gatewayip = "";
359			$interfacegw = "";
360	3cc07282	Ermal	$foundgw = false;
361	5a5413bb	Seth Mos	$gatewayipv6 = "";
362			$interfacegwv6 = "";
363			$foundgwv6 = false;
364	a529aced	Ermal	/* tack on all the hard defined gateways as well */
365			if (is_array($config['gateways']['gateway_item'])) {
366	d499c12b	Ermal	mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true);
367	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
368	08ab5cd2	jim-p	if (isset($gateway['defaultgw']) && ((is_ipaddrv4($gateway['gateway'])) \|\| ($gateway['gateway'] == "dynamic"))) {
369	911a262f	smos	if(strstr($gateway['gateway'], ":"))
370			break;
371	a529aced	Ermal	if ($gateway['gateway'] == "dynamic")
372			$gateway['gateway'] = get_interface_gateway($gateway['interface']);
373			$gatewayip = $gateway['gateway'];
374			$interfacegw = $gateway['interface'];
375	924f202e	Ermal	if (!empty($interfacegw)) {
376			$defaultif = get_real_interface($gateway['interface']);
377			if ($defaultif)
378			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
379			}
380			$foundgw = true;
381	a529aced	Ermal	break;
382			}
383	6e17413e	Ermal Lu?i	}
384	5a5413bb	Seth Mos	foreach ($config['gateways']['gateway_item'] as $gateway) {
385	08ab5cd2	jim-p	if (isset($gateway['defaultgw']) && ((is_ipaddrv6($gateway['gateway'])) \|\| ($gateway['gateway'] == "dynamic6"))) {
386	1a40ed8a	smos	if ($gateway['gateway'] == "dynamic6")
387	5a5413bb	Seth Mos	$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
388			$gatewayipv6 = $gateway['gateway'];
389			$interfacegwv6 = $gateway['interface'];
390			if (!empty($interfacegwv6)) {
391	4f332466	Seth Mos	$defaultifv6 = get_real_interface($gateway['interface']);
392			if ($defaultifv6)
393	17a5b095	Seth Mos	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
394	5a5413bb	Seth Mos	}
395			$foundgwv6 = true;
396			break;
397			}
398			}
399	b24bda08	Scott Ullrich	}
400	3cc07282	Ermal	if ($foundgw == false) {
401			$defaultif = get_real_interface("wan");
402			$interfacegw = "wan";
403			$gatewayip = get_interface_gateway("wan");
404			@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
405			}
406	5a5413bb	Seth Mos	if ($foundgwv6 == false) {
407	4f332466	Seth Mos	$defaultifv6 = get_real_interface("wan");
408			$interfacegwv6 = "wan";
409			$gatewayipv6 = get_interface_gateway_v6("wan");
410	5a5413bb	Seth Mos	@touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6");
411	17a5b095	Seth Mos	}
412	d173230c	Seth Mos	$dont_add_route = false;
413			/* if OLSRD is enabled, allow WAN to house DHCP. */
414			if($config['installedpackages']['olsrd']) {
415			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
416	f581cb10	Chris Buechler	if(($olsrd['enabledyngw'] == "on") && ($olsrd['enable'] == "on")) {
417	d173230c	Seth Mos	$dont_add_route = true;
418	f581cb10	Chris Buechler	log_error(sprintf(gettext("Not adding default route because OLSR dynamic gateway is enabled.")));
419	6e17413e	Ermal Lu?i	break;
420	d173230c	Seth Mos	}
421			}
422			}
423	07b54e8c	smos
424	1ea67f2e	Ermal	if ($dont_add_route == false ) {
425	8d29cef4	Ermal	if (!empty($interface) && $interface != $interfacegw)
426	1ea67f2e	Ermal	;
427	5a5413bb	Seth Mos	else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) {
428	b368b35a	Ermal	log_error("ROUTING: setting default route to $gatewayip");
429			mwexec("/sbin/route change -inet default " . escapeshellarg($gatewayip));
430	d173230c	Seth Mos	}
431
432	17a5b095	Seth Mos	if (!empty($interface) && $interface != $interfacegwv6)
433	5a5413bb	Seth Mos	;
434			else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) {
435	26ecc19c	smos	if(preg_match("/fe80::/i", $gatewayipv6))
436			$ifscope = "%{$defaultifv6}";
437	ea91a8c0	smos	log_error("ROUTING: setting IPv6 default route to {$gatewayipv6}{$ifscope}");
438	02091d23	smos	mwexec("/sbin/route change -inet6 default " . escapeshellarg($gatewayipv6) ."{$ifscope}");
439	5a5413bb	Seth Mos	}
440			}
441
442	f898c1a9	jim-p	$static_routes = get_staticroutes();
443			if (count($static_routes)) {
444	6fdea6a2	smos	$gateways_arr = return_gateways_array(false, true);
445	0f282d7a	Scott Ullrich
446	f898c1a9	jim-p	foreach ($static_routes as $rtent) {
447	a529aced	Ermal	$gatewayip = "";
448	a02708b1	Ermal	if (empty($gateways_arr[$rtent['gateway']])) {
449	4a896b86	Carlos Eduardo Ramos	log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
450	a529aced	Ermal	continue;
451			}
452	a02708b1	Ermal	$gateway = $gateways_arr[$rtent['gateway']];
453	1801c223	Ermal	if (!empty($interface) && $interface != $gateway['friendlyiface'])
454	a02708b1	Ermal	continue;
455	9740fad8	Seth Mos
456	bfe407e5	Warren Baker	if(isset($rtent['disabled'])) {
457			mwexec("/sbin/route delete " . escapeshellarg($rtent['network']), true);
458			continue;
459			}
460
461	a02708b1	Ermal	$gatewayip = $gateway['gateway'];
462			$interfacegw = $gateway['interface'];
463	a529aced	Ermal
464	5a5413bb	Seth Mos	if(is_ipaddrv6($gatewayip)) {
465	2db19fec	Seth Mos	$inetfamily = "-inet6";
466	5a5413bb	Seth Mos	} else {
467	2db19fec	Seth Mos	$inetfamily = "-inet";
468	5a5413bb	Seth Mos	}
469	1e5f47bb	smos	$blackhole = "";
470			if(preg_match("/^Null/i", $rtent['gateway']))
471			$blackhole = "-blackhole";
472
473	86ed4ec3	maho	if (is_ipaddr($gatewayip) && ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) \|\| (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
474	1e5f47bb	smos	mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
475	b24bda08	Scott Ullrich	" " . escapeshellarg($gatewayip));
476	86ed4ec3	maho	} else if (!empty($interfacegw) && ((is_ipaddrv6($gatewayip) && is_subnetv6($rtent['network'])) \|\| (is_ipaddrv4($gatewayip) && is_subnetv4($rtent['network'])))) {
477	1e5f47bb	smos	mwexec("/sbin/route change {$inetfamily} {$blackhole} " . escapeshellarg($rtent['network']) .
478	a529aced	Ermal	" -iface " . escapeshellarg($interfacegw));
479	7a98edde	Seth Mos	}
480	5b237745	Scott Ullrich	}
481			}
482	67ee1ec5	Ermal Luçi
483	b9c501ea	Seth Mos	return 0;
484	5b237745	Scott Ullrich	}
485
486			function system_routing_enable() {
487	f19d3b7a	Scott Ullrich	global $config, $g;
488	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
489			$mt = microtime();
490	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
491	58c7450e	Scott Ullrich	}
492	0f282d7a	Scott Ullrich
493	6da3df4e	Seth Mos	mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
494			mwexec("/sbin/sysctl net.inet6.ip6.forwarding=1");
495			return;
496	5b237745	Scott Ullrich	}
497
498	bd29bb7b	jim-p	function system_syslogd_fixup_server($server) {
499			/* If it's an IPv6 IP alone, encase it in brackets */
500			if (is_ipaddrv6($server))
501			return "[$server]";
502			else
503			return $server;
504			}
505
506	236524c2	jim-p	function system_syslogd_get_remote_servers($syslogcfg, $facility = ".") {
507			// Rather than repeatedly use the same code, use this function to build a list of remote servers.
508			$facility .= " ".
509			$remote_servers = "";
510			$pad_to = 56;
511			$padding = ceil(($pad_to - strlen($facility))/8)+1;
512			if($syslogcfg['remoteserver'])
513	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
514	236524c2	jim-p	if($syslogcfg['remoteserver2'])
515	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
516	236524c2	jim-p	if($syslogcfg['remoteserver3'])
517	bd29bb7b	jim-p	$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
518	236524c2	jim-p	return $remote_servers;
519			}
520
521	5b237745	Scott Ullrich	function system_syslogd_start() {
522	f19d3b7a	Scott Ullrich	global $config, $g;
523	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
524			$mt = microtime();
525	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
526	58c7450e	Scott Ullrich	}
527	0f282d7a	Scott Ullrich
528	1fd3fe31	Scott Ullrich	mwexec("/etc/rc.d/hostid start");
529
530	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
531
532	0f282d7a	Scott Ullrich	if ($g['booting'])
533	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting syslog...");
534	5b237745	Scott Ullrich	else
535			killbypid("{$g['varrun_path']}/syslog.pid");
536	0f282d7a	Scott Ullrich
537	99f98b80	sullrich	if(is_process_running("syslogd"))
538	236524c2	jim-p	mwexec('/bin/pkill syslogd');
539	99f98b80	sullrich	if(is_process_running("fifolog_writer"))
540	236524c2	jim-p	mwexec('/bin/pkill fifolog_writer');
541	7ee97cb3	Scott Ullrich
542			// Define carious commands for logging
543			$fifolog_create = "/usr/sbin/fifolog_create -s ";
544			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
545			$clog_create = "/usr/sbin/clog -i -s ";
546			$clog_log = "%";
547
548			// Which logging type are we using this week??
549			if(isset($config['system']['usefifolog'])) {
550			$log_directive = $fifolog_log;
551	236524c2	jim-p	$log_create_directive = $fifolog_create;
552	7ee97cb3	Scott Ullrich	} else { // Defaults to CLOG
553			$log_directive = $clog_log;
554			$log_create_directive = $clog_create;
555			}
556
557	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
558	e0c45357	jim-p	$separatelogfacilities = array('ntp','ntpd','ntpdate','racoon','openvpn','pptps','poes','l2tps','relayd','hostapd','dnsmasq','unbound','dhcpd','dhcrelay','apinger','radvd','routed','olsrd','zebra','ospfd','bgpd');
559	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
560	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
561			if($package['logging']) {
562	d589cccf	Warren Baker	array_push($separatelogfacilities, $package['logging']['facilityname']);
563	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
564	eeb52fea	Warren Baker	$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
565	a728d2ea	Colin Smith	}
566	0d9d2a1b	Scott Ullrich	}
567			}
568	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
569	0d9d2a1b	Scott Ullrich	/* write syslog.conf */
570	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
571			if (!$fd) {
572	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
573	5b237745	Scott Ullrich	return 1;
574			}
575	e0c45357	jim-p	$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd\n";
576			if (!isset($syslogcfg['disablelocallogging']))
577			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/routing.log\n";
578
579			$syslogconf .= "!ntp,ntpd,ntpdate\n";
580	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
581	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
582
583	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
584			if (!isset($syslogcfg['disablelocallogging']))
585	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
586
587	a6607b5f	jim-p	$syslogconf .= "!pptps\n";
588	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
589	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptps.log\n";
590
591	a6607b5f	jim-p	$syslogconf .= "!poes\n";
592	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
593	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/poes.log\n";
594
595	a6607b5f	jim-p	$syslogconf .= "!l2tps\n";
596	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
597	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tps.log\n";
598
599	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
600	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
601	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
602			if (isset($syslogcfg['vpn']))
603			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
604
605	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
606	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
607	236524c2	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
608			if (isset($syslogcfg['vpn']))
609			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
610
611	7bc41b19	jim-p	$syslogconf .= "!apinger\n";
612			if (!isset($syslogcfg['disablelocallogging']))
613	e0977fed	smos	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/gateways.log\n";
614			if (isset($syslogcfg['apinger']))
615			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
616
617			$syslogconf .= "!dnsmasq,unbound\n";
618			if (!isset($syslogcfg['disablelocallogging']))
619			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/resolver.log\n";
620			if (isset($syslogcfg['apinger']))
621			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
622
623			$syslogconf .= "!dhcpd,dhcrelay\n";
624			if (!isset($syslogcfg['disablelocallogging']))
625			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/dhcpd.log\n";
626	236524c2	jim-p	if (isset($syslogcfg['apinger']))
627			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
628
629	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
630	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
631			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
632			if (isset($syslogcfg['relayd']))
633			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
634
635	689eaa4d	jim-p	$syslogconf .= "!hostapd\n";
636	236524c2	jim-p	if (!isset($syslogcfg['disablelocallogging']))
637			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/wireless.log\n";
638			if (isset($syslogcfg['hostapd']))
639			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
640
641	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
642	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
643	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
644	236524c2	jim-p	local0.* {$log_directive}{$g['varlog_path']}/filter.log
645			local3.* {$log_directive}{$g['varlog_path']}/vpn.log
646			local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
647			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
648			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
649			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
650			local7.none {$log_directive}{$g['varlog_path']}/system.log
651			security.* {$log_directive}{$g['varlog_path']}/system.log
652			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
653			auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf 15
654			.emerg
655	be5d59d7	Scott Ullrich
656			EOD;
657	236524c2	jim-p	if (isset($syslogcfg['filter']))
658			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local0.*");
659			if (isset($syslogcfg['vpn']))
660			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
661			if (isset($syslogcfg['portalauth']))
662			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
663			if (isset($syslogcfg['dhcp']))
664			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
665	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
666	236524c2	jim-p	$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
667			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
668			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
669			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
670			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
671			}
672	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
673	236524c2	jim-p	// Make everything mean everything, including facilities excluded above.
674			$syslogconf .= "!*\n";
675			$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, ".");
676			}
677	be5d59d7	Scott Ullrich
678	a213ad18	Andrew Thompson	if (isset($syslogcfg['zmqserver'])) {
679			$syslogconf .= <<<EOD
680			. ^{$syslogcfg['zmqserver']}
681
682			EOD;
683			}
684	5b237745	Scott Ullrich	fwrite($fd, $syslogconf);
685			fclose($fd);
686	42ee8bde	Scott Ullrich
687			// Ensure that the log directory exists
688	81868072	Scott Ullrich	if(!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
689	42ee8bde	Scott Ullrich	exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
690
691	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
692			if(strpos($syslogconf, "@") != false)
693	1e656ec4	jim-p	$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf");
694			else {
695			$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf");
696			}
697	5b237745	Scott Ullrich
698			} else {
699	1e656ec4	jim-p	$retval = mwexec_bg("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log");
700	5b237745	Scott Ullrich	}
701	0f282d7a	Scott Ullrich
702	5b237745	Scott Ullrich	if ($g['booting'])
703	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
704	0f282d7a	Scott Ullrich
705	5b237745	Scott Ullrich	return $retval;
706			}
707
708			function system_pccard_start() {
709	f19d3b7a	Scott Ullrich	global $config, $g;
710	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
711			$mt = microtime();
712	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
713	58c7450e	Scott Ullrich	}
714	0f282d7a	Scott Ullrich
715	5b237745	Scott Ullrich	if ($g['booting'])
716	4a896b86	Carlos Eduardo Ramos	echo gettext("Initializing PCMCIA...");
717	0f282d7a	Scott Ullrich
718	5b237745	Scott Ullrich	/* kill any running pccardd */
719			killbypid("{$g['varrun_path']}/pccardd.pid");
720	0f282d7a	Scott Ullrich
721	5b237745	Scott Ullrich	/* fire up pccardd */
722			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
723	0f282d7a	Scott Ullrich
724	5b237745	Scott Ullrich	if ($g['booting']) {
725			if ($res == 0)
726	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
727	5b237745	Scott Ullrich	else
728	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
729	5b237745	Scott Ullrich	}
730	0f282d7a	Scott Ullrich
731	5b237745	Scott Ullrich	return $res;
732			}
733
734	819197a8	Scott Ullrich
735	5b237745	Scott Ullrich	function system_webgui_start() {
736	f19d3b7a	Scott Ullrich	global $config, $g;
737	877ac35d	Scott Ullrich
738			if ($g['booting'])
739	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting webConfigurator...");
740	877ac35d	Scott Ullrich
741	383a4439	Scott Ullrich	/* kill any running lighttpd */
742	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
743
744	e9d0bf64	Scott Ullrich	sleep(1);
745
746	877ac35d	Scott Ullrich	chdir($g['www_path']);
747
748	fb1266d3	Matthew Grooms	/* defaults */
749			$portarg = "80";
750			$crt = "";
751			$key = "";
752	2cf6ddcb	Nigel Graham	$ca = "";
753	fb1266d3	Matthew Grooms
754	877ac35d	Scott Ullrich	/* non-standard port? */
755	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
756	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
757	877ac35d	Scott Ullrich
758			if ($config['system']['webgui']['protocol'] == "https") {
759	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
760	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
761	02b383fe	sullrich	if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
762	1e332e98	jim-p	if (!is_array($config['ca']))
763			$config['ca'] = array();
764			$a_ca =& $config['ca'];
765			if (!is_array($config['cert']))
766			$config['cert'] = array();
767			$a_cert =& $config['cert'];
768	e9954aef	Scott Ullrich	log_error("Creating SSL Certificate for this host");
769	aab4ca82	Scott Ullrich	$cert = array();
770			$cert['refid'] = uniqid();
771	4816e5ca	Renato Botelho	$cert['descr'] = gettext("webConfigurator default");
772	6955830f	Ermal Lu?i	mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
773			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha1 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
774			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
775			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
776			unlink("{$g['tmp_path']}/ssl.key");
777			unlink("{$g['tmp_path']}/ssl.crt");
778	aab4ca82	Scott Ullrich	cert_import($cert, $crt, $key);
779			$a_cert[] = $cert;
780			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
781	4a896b86	Carlos Eduardo Ramos	write_config(gettext("Importing HTTPS certificate"));
782	aab4ca82	Scott Ullrich	if(!$config['system']['webgui']['port'])
783			$portarg = "443";
784			$ca = ca_chain($cert);
785	edc8a9f8	jim-p	} else {
786	fb1266d3	Matthew Grooms	$crt = base64_decode($cert['crt']);
787			$key = base64_decode($cert['prv']);
788			if(!$config['system']['webgui']['port'])
789			$portarg = "443";
790	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
791	edc8a9f8	jim-p	}
792	877ac35d	Scott Ullrich	}
793
794			/* generate lighttpd configuration */
795			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
796	c41602e1	jim-p	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
797	98f20e35	Irving Popovetsky	"cert.pem", "ca.pem");
798	877ac35d	Scott Ullrich
799			/* attempt to start lighthttpd */
800			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
801
802	cc093472	sullrich	/* fetch page to preload apc cache */
803	eb0f4fc6	Ermal Lu?i	$proto = "http";
804			if ($config['system']['webgui']['protocol'])
805			$proto = $config['system']['webgui']['protocol'];
806	bd96ff65	Ermal Lu?i	mwexec_bg("/usr/bin/fetch -o /dev/null -q {$proto}://localhost:{$portarg}/preload.php");
807	cc093472	sullrich
808	877ac35d	Scott Ullrich	if ($g['booting']) {
809			if ($res == 0)
810	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
811	877ac35d	Scott Ullrich	else
812	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
813	877ac35d	Scott Ullrich	}
814
815			return $res;
816			}
817
818	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
819			$cert,
820			$key,
821	2cf6ddcb	Nigel Graham	$ca,
822	eb0f441c	Scott Ullrich	$pid_file,
823			$port = 80,
824			$document_root = "/usr/local/www/",
825			$cert_location = "cert.pem",
826	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
827	280b75d9	Scott Ullrich	$max_requests = "2",
828	eb0f441c	Scott Ullrich	$fast_cgi_enable = true,
829			$captive_portal = false) {
830	58c7450e	Scott Ullrich
831	f19d3b7a	Scott Ullrich	global $config, $g;
832
833	6955830f	Ermal Lu?i	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
834			mkdir("{$g['tmp_path']}/lighttpdcompress");
835	570ef08c	sullrich
836	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
837			$mt = microtime();
838	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
839	58c7450e	Scott Ullrich	}
840
841	b4792bf8	Ermal	if($captive_portal != false) {
842	eb0f441c	Scott Ullrich	$captiveportal = ",\"mod_rewrite\"";
843	b4792bf8	Ermal	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n";
844	ec192fe5	Scott Ullrich	$captive_portal_module = "";
845	6844896c	bcyrill	$maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip'];
846	6968b356	Ermal	if($maxprocperip and $maxprocperip > 0)
847	632e8d54	Scott Ullrich	$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
848			else
849			$captive_portal_mod_evasive = "";
850	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
851			exec("mkdir -p {$g['tmp_path']}/captiveportal");
852			exec("chmod a-w {$g['tmp_path']}/captiveportal");
853	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
854	b0bdc06e	Scott Ullrich	} else {
855	3435dc35	Ermal Lu?i	$captiveportal = "";
856			$captive_portal_rewrite = "";
857	b0bdc06e	Scott Ullrich	$captive_portal_module = "";
858			$captive_portal_mod_evasive = "";
859	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
860	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
861	eb0f441c	Scott Ullrich	}
862	3306a341	Scott Ullrich
863	28cae949	Scott Ullrich	if($port <> "")
864			$lighty_port = $port;
865			else
866			$lighty_port = "80";
867	3d77d4c4	Scott Ullrich
868			$memory = get_memory();
869			$avail = $memory[0];
870
871	98f20e35	Irving Popovetsky	// Determine web GUI process settings and take into account low memory systems
872	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
873			$fast_cgi_enable = false;
874			}
875	98f20e35	Irving Popovetsky	if($avail > 64 and $avail < 256) {
876			$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 1;
877			}
878			if($avail > 255 ) {
879			$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
880			}
881	f4ebc84a	Scott Ullrich
882	98f20e35	Irving Popovetsky	// Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM
883	70cc6249	Scott Ullrich	if($captive_portal == true) {
884	98f20e35	Irving Popovetsky	if($avail > 107 and $avail < 256) {
885			$max_procs += 1; // 2 worker processes
886	70cc6249	Scott Ullrich	}
887	98f20e35	Irving Popovetsky	if($avail > 255 and $avail < 320) {
888			$max_procs += 1; // 3 worker processes
889	70cc6249	Scott Ullrich	}
890	98f20e35	Irving Popovetsky	if($avail > 319 and $avail < 384) {
891			$max_procs += 2; // 4 worker processes
892	70cc6249	Scott Ullrich	}
893	98f20e35	Irving Popovetsky	if($avail > 383 and $avail < 448) {
894			$max_procs += 3; // 5 worker processes
895	70cc6249	Scott Ullrich	}
896	98f20e35	Irving Popovetsky	if($avail > 447) {
897			$max_procs += 4; // 6 worker processes
898	70cc6249	Scott Ullrich	}
899	b0bdc06e	Scott Ullrich	}
900
901	6e337a84	Scott Ullrich	if($captive_portal == true) {
902			$bin_environment = <<<EOC
903	5d2e5116	jim-p	"bin-environment" => (
904	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
905	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "500"
906			),
907	6e337a84	Scott Ullrich	EOC;
908
909	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
910			$bin_environment = <<<EOC
911	5d2e5116	jim-p	"bin-environment" => (
912	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
913	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "2",
914			),
915	04f4a116	Ermal Luçi
916			EOC;
917			} else
918	980df75c	Scott Ullrich	$bin_environment = <<<EOC
919	5d2e5116	jim-p	"bin-environment" => (
920	f5b8bdbf	Ermal	"PHP_FCGI_CHILDREN" => "0",
921	5d2e5116	jim-p	"PHP_FCGI_MAX_REQUESTS" => "500"
922			),
923	980df75c	Scott Ullrich	EOC;
924
925	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
926	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
927	b4792bf8	Ermal	if ($captive_portal != false)
928			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi-{$captive_portal}.socket";
929			else
930			$fast_cgi_path = "{$g['tmp_path']}/php-fastcgi.socket";
931	4edb490d	Scott Ullrich	$cgi_config = "";
932			$fastcgi_config = <<<EOD
933			#### fastcgi module
934			## read fastcgi.txt for more info
935	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
936			( "localhost" =>
937			(
938	b4792bf8	Ermal	"socket" => "{$fast_cgi_path}",
939	980df75c	Scott Ullrich	"min-procs" => 0,
940	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
941	5d2e5116	jim-p	{$bin_environment}
942	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
943			)
944			)
945			)
946	4edb490d	Scott Ullrich
947	dde4f60c	Scott Ullrich	#### CGI module
948	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
949	dde4f60c	Scott Ullrich
950	4edb490d	Scott Ullrich	EOD;
951			} else {
952			$fastcgi_config = "";
953			$module = "\"mod_cgi\"";
954			$cgi_config = <<<EOD
955			#### CGI module
956			cgi.assign = ( ".php" => "/usr/local/bin/php",
957	d4302f46	Espen Johansen	".cgi" => "" )
958	333f8ef0	Scott Ullrich
959	4edb490d	Scott Ullrich	EOD;
960			}
961	333f8ef0	Scott Ullrich
962	3435dc35	Ermal Lu?i	$lighty_config = "";
963	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
964	28cae949	Scott Ullrich	#
965	a632cf43	Scott Ullrich	# lighttpd configuration file
966			#
967			# use a it as base for lighttpd 1.0.0 and above
968	28cae949	Scott Ullrich	#
969	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
970
971	770b4b9c	Scott Ullrich	## FreeBSD!
972	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
973			server.network-backend = "writev"
974	543ecd59	Seth Mos	#server.use-ipv6 = "enable"
975	096261af	Scott Ullrich
976	a632cf43	Scott Ullrich	## modules to load
977	4edb490d	Scott Ullrich	server.modules = (
978	a41c5253	Seth Mos	{$captive_portal_module}
979			"mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
980			{$module}{$captiveportal}
981			)
982	28cae949	Scott Ullrich
983			## Unused modules
984	6a019c11	Scott Ullrich	# "mod_setenv",
985			# "mod_rewrite",
986	28cae949	Scott Ullrich	# "mod_ssi",
987			# "mod_usertrack",
988			# "mod_expire",
989			# "mod_secdownload",
990			# "mod_rrdtool",
991	a632cf43	Scott Ullrich	# "mod_auth",
992			# "mod_status",
993	28cae949	Scott Ullrich	# "mod_alias",
994	a632cf43	Scott Ullrich	# "mod_proxy",
995			# "mod_simple_vhost",
996			# "mod_evhost",
997			# "mod_userdir",
998	28cae949	Scott Ullrich	# "mod_cgi",
999	a632cf43	Scott Ullrich
1000	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
1001			server.max-keep-alive-idle = 30
1002
1003	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
1004			## server.virtual-* options
1005	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
1006	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
1007	a632cf43	Scott Ullrich
1008	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
1009			server.max-write-idle = 999
1010
1011	a632cf43	Scott Ullrich	## where to send error-messages to
1012	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
1013	a632cf43	Scott Ullrich
1014			# files to check for if .../ is requested
1015			server.indexfiles = ( "index.php", "index.html",
1016			"index.htm", "default.htm" )
1017
1018			# mimetype mapping
1019			mimetype.assign = (
1020			".pdf" => "application/pdf",
1021			".sig" => "application/pgp-signature",
1022			".spl" => "application/futuresplash",
1023			".class" => "application/octet-stream",
1024			".ps" => "application/postscript",
1025			".torrent" => "application/x-bittorrent",
1026			".dvi" => "application/x-dvi",
1027			".gz" => "application/x-gzip",
1028			".pac" => "application/x-ns-proxy-autoconfig",
1029			".swf" => "application/x-shockwave-flash",
1030			".tar.gz" => "application/x-tgz",
1031			".tgz" => "application/x-tgz",
1032			".tar" => "application/x-tar",
1033			".zip" => "application/zip",
1034			".mp3" => "audio/mpeg",
1035			".m3u" => "audio/x-mpegurl",
1036			".wma" => "audio/x-ms-wma",
1037			".wax" => "audio/x-ms-wax",
1038			".ogg" => "audio/x-wav",
1039			".wav" => "audio/x-wav",
1040			".gif" => "image/gif",
1041			".jpg" => "image/jpeg",
1042			".jpeg" => "image/jpeg",
1043			".png" => "image/png",
1044			".xbm" => "image/x-xbitmap",
1045			".xpm" => "image/x-xpixmap",
1046			".xwd" => "image/x-xwindowdump",
1047			".css" => "text/css",
1048			".html" => "text/html",
1049			".htm" => "text/html",
1050			".js" => "text/javascript",
1051			".asc" => "text/plain",
1052			".c" => "text/plain",
1053			".conf" => "text/plain",
1054			".text" => "text/plain",
1055			".txt" => "text/plain",
1056			".dtd" => "text/xml",
1057			".xml" => "text/xml",
1058			".mpeg" => "video/mpeg",
1059			".mpg" => "video/mpeg",
1060			".mov" => "video/quicktime",
1061			".qt" => "video/quicktime",
1062			".avi" => "video/x-msvideo",
1063			".asf" => "video/x-ms-asf",
1064			".asx" => "video/x-ms-asf",
1065			".wmv" => "video/x-ms-wmv",
1066			".bz2" => "application/x-bzip",
1067			".tbz" => "application/x-bzip-compressed-tar",
1068			".tar.bz2" => "application/x-bzip-compressed-tar"
1069			)
1070
1071			# Use the "Content-Type" extended attribute to obtain mime type if possible
1072			#mimetypes.use-xattr = "enable"
1073
1074			#### accesslog module
1075	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
1076	a632cf43	Scott Ullrich
1077			## deny access the file-extensions
1078			#
1079			# ~ is for backupfiles from vi, emacs, joe, ...
1080			# .inc is often used for code includes which should in general not be part
1081			# of the document-root
1082			url.access-deny = ( "~", ".inc" )
1083
1084
1085			######### Options that are good to be but not neccesary to be changed #######
1086
1087			## bind to port (default: 80)
1088	9cb94dd4	Ermal
1089			EOD;
1090
1091	543ecd59	Seth Mos	if($captive_portal == true) {
1092	ef59af27	Darren Embry	$lighty_config .= "server.bind = \"0.0.0.0\"\n";
1093	543ecd59	Seth Mos	$lighty_config .= "server.port = {$lighty_port}\n";
1094	ef59af27	Darren Embry	$lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n";
1095	a41c5253	Seth Mos	$lighty_config .= "\$SERVER[\"socket\"] == \"[::1]:{$lighty_port}\" { \n";
1096	293079d1	Seth Mos	if($cert <> "" and $key <> "") {
1097			$lighty_config .= "\n";
1098			$lighty_config .= "## ssl configuration\n";
1099			$lighty_config .= "ssl.engine = \"enable\"\n";
1100			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1101			if($ca <> "")
1102			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1103			}
1104			$lighty_config .= " }\n";
1105	543ecd59	Seth Mos	} else {
1106	5b6661d8	Seth Mos	$lighty_config .= "server.bind = \"0.0.0.0\"\n";
1107	543ecd59	Seth Mos	$lighty_config .= "server.port = {$lighty_port}\n";
1108	a41c5253	Seth Mos	$lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n";
1109			$lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n";
1110	293079d1	Seth Mos	if($cert <> "" and $key <> "") {
1111			$lighty_config .= "\n";
1112			$lighty_config .= "## ssl configuration\n";
1113			$lighty_config .= "ssl.engine = \"enable\"\n";
1114			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1115			if($ca <> "")
1116			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1117			}
1118			$lighty_config .= " }\n";
1119	543ecd59	Seth Mos	}
1120
1121	9cb94dd4	Ermal
1122			$lighty_config .= <<<EOD
1123	a632cf43	Scott Ullrich
1124			## error-handler for status 404
1125			#server.error-handler-404 = "/error-handler.html"
1126			#server.error-handler-404 = "/error-handler.php"
1127
1128			## to help the rc.scripts
1129			server.pid-file = "/var/run/{$pid_file}"
1130
1131			## virtual directory listings
1132	28cae949	Scott Ullrich	server.dir-listing = "disable"
1133	a632cf43	Scott Ullrich
1134			## enable debugging
1135	28cae949	Scott Ullrich	debug.log-request-header = "disable"
1136			debug.log-response-header = "disable"
1137			debug.log-request-handling = "disable"
1138			debug.log-file-not-found = "disable"
1139	a632cf43	Scott Ullrich
1140	570ef08c	sullrich	# gzip compression
1141	6955830f	Ermal Lu?i	compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1142	570ef08c	sullrich	compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )
1143
1144	3306a341	Scott Ullrich	{$server_upload_dirs}
1145	1ef7b568	Scott Ullrich
1146	a6e8af9c	Scott Ullrich	{$server_max_request_size}
1147	ee959dc4	Scott Ullrich
1148	4edb490d	Scott Ullrich	{$fastcgi_config}
1149
1150			{$cgi_config}
1151	a632cf43	Scott Ullrich
1152	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
1153
1154	569f47e9	Scott Ullrich	expire.url = (
1155	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
1156	569f47e9	Scott Ullrich	)
1157
1158	a632cf43	Scott Ullrich	EOD;
1159
1160	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1161	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1162	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
1163	7aae518a	Scott Ullrich
1164			$cert = str_replace("\n\n", "\n", $cert);
1165	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1166	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
1167	7aae518a	Scott Ullrich
1168	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
1169	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1170	5b237745	Scott Ullrich	if (!$fd) {
1171	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
1172	5b237745	Scott Ullrich	return 1;
1173			}
1174	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1175	5b237745	Scott Ullrich	fwrite($fd, $cert);
1176			fwrite($fd, "\n");
1177			fwrite($fd, $key);
1178			fclose($fd);
1179	546f30ca	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0))) {
1180	2cf6ddcb	Nigel Graham	$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1181			if (!$fd) {
1182	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
1183	2cf6ddcb	Nigel Graham	return 1;
1184			}
1185			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1186			fwrite($fd, $ca);
1187			fclose($fd);
1188			}
1189	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
1190	4a896b86	Carlos Eduardo Ramos	$lighty_config .= "## " . gettext("ssl configuration") . "\n";
1191	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1192	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1193	673ee7b1	Scott Ullrich
1194			// Harden SSL a bit for PCI conformance testing
1195			$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
1196	3cd2ea2c	jim-p	$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
1197	673ee7b1	Scott Ullrich
1198	75e9ed89	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0)))
1199	2cf6ddcb	Nigel Graham	$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1200	5b237745	Scott Ullrich	}
1201	a978a0ff	Chris Buechler
1202			// Add HTTP to HTTPS redirect
1203			if ($captive_portal == false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1204	7921e8e5	Chris Buechler	if($lighty_port != "443")
1205			$redirectport = ":{$lighty_port}";
1206	d7e230ae	Chris Buechler	$lighty_config .= <<<EOD
1207			\$SERVER["socket"] == ":80" {
1208			\$HTTP["host"] =~ "(.*)" {
1209	7921e8e5	Chris Buechler	url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1210	d7e230ae	Chris Buechler	}
1211			}
1212			EOD;
1213			}
1214	0f282d7a	Scott Ullrich
1215	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1216	a632cf43	Scott Ullrich	if (!$fd) {
1217	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
1218	a632cf43	Scott Ullrich	return 1;
1219	5b237745	Scott Ullrich	}
1220	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1221			fclose($fd);
1222
1223			return 0;
1224	0f282d7a	Scott Ullrich
1225	5b237745	Scott Ullrich	}
1226
1227			function system_timezone_configure() {
1228	f19d3b7a	Scott Ullrich	global $config, $g;
1229	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1230			$mt = microtime();
1231	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1232	333f8ef0	Scott Ullrich	}
1233	5b237745	Scott Ullrich
1234			$syscfg = $config['system'];
1235
1236			if ($g['booting'])
1237	4a896b86	Carlos Eduardo Ramos	echo gettext("Setting timezone...");
1238	5b237745	Scott Ullrich
1239			/* extract appropriate timezone file */
1240			$timezone = $syscfg['timezone'];
1241			if (!$timezone)
1242			$timezone = "Etc/UTC";
1243	0f282d7a	Scott Ullrich
1244	34febcde	Scott Ullrich	conf_mount_rw();
1245
1246	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1247	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1248
1249	4efd4885	Scott Ullrich	mwexec("sync");
1250	27150275	Scott Ullrich	conf_mount_ro();
1251	34febcde	Scott Ullrich
1252	5b237745	Scott Ullrich	if ($g['booting'])
1253	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1254	5b237745	Scott Ullrich	}
1255
1256	0b8e9d38	jim-p	function system_ntp_configure($start_ntpd=true) {
1257	f19d3b7a	Scott Ullrich	global $config, $g;
1258	42135f07	jim-p	$driftfile = "/var/db/ntpd.drift";
1259	5b237745	Scott Ullrich
1260	7734aea6	Andrew Thompson	if ($g['platform'] == 'jail')
1261			return;
1262
1263	b2305621	Ermal	$ntpcfg = "# \n";
1264	42135f07	jim-p	$ntpcfg .= "# pfSense ntp configuration file \n";
1265	b2305621	Ermal	$ntpcfg .= "# \n\n";
1266	0f282d7a	Scott Ullrich
1267	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1268	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts)
1269	42135f07	jim-p	$ntpcfg .= "server {$ts} iburst maxpoll 9\n";
1270
1271			$ntpcfg .= "driftfile {$driftfile}\n";
1272	95594e5a	Scott Ullrich
1273	cf180ccc	jim-p	if (empty($config['ntpd']['interface']))
1274	e43d53b4	Phil Davis	if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface']))
1275	cf180ccc	jim-p	$interfaces = explode(",", $config['installedpackages']['openntpd']['config'][0]['interface']);
1276			else
1277			$interfaces = array();
1278			else
1279			$interfaces = explode(",", $config['ntpd']['interface']);
1280
1281			if (is_array($interfaces) && count($interfaces)) {
1282			$ntpcfg .= "interface ignore all\n";
1283			foreach ($interfaces as $interface) {
1284			if (!is_ipaddr($interface)) {
1285			$interface = get_real_interface($interface);
1286			}
1287			$ntpcfg .= "interface listen {$interface}\n";
1288			}
1289			}
1290
1291	b2305621	Ermal	/* open configuration for wrting or bail */
1292			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1293			if(!$fd) {
1294			log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1295			return;
1296			}
1297			fwrite($fd, $ntpcfg);
1298	0f282d7a	Scott Ullrich
1299	20b90e0a	Scott Ullrich	/* slurp! */
1300			fclose($fd);
1301
1302	0b8e9d38	jim-p	/* At bootup we just want to write out the config. */
1303			if (!$start_ntpd)
1304			return;
1305
1306	42135f07	jim-p	/* if ntpd is running, kill it */
1307	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1308	c8960970	Ermal	killbyname("ntpd");
1309	5f3e1f12	Scott Ullrich	}
1310
1311			/* if /var/empty does not exist, create it */
1312			if(!is_dir("/var/empty"))
1313			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1314
1315	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1316	7dab8995	jim-p	$oldset = array();
1317			pcntl_sigprocmask(SIG_SETMASK, array(), $oldset);
1318	cf180ccc	jim-p	exec("/usr/local/bin/ntpd -g -c {$g['varetc_path']}/ntpd.conf");
1319	7dab8995	jim-p	pcntl_sigprocmask(SIG_SETMASK, $oldset);
1320	83eb4567	Scott Ullrich
1321			// Note that we are starting up
1322	42135f07	jim-p	log_error("NTPD is starting up.");
1323	0b8e9d38	jim-p	return;
1324	5b237745	Scott Ullrich	}
1325
1326	652cf082	Seth Mos	function sync_system_time() {
1327			global $config, $g;
1328
1329			if ($g['booting'])
1330	4a896b86	Carlos Eduardo Ramos	echo gettext("Syncing system time before startup...");
1331	652cf082	Seth Mos
1332			/* foreach through servers and write out to ntpd.conf */
1333	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1334	652cf082	Seth Mos	mwexec("/usr/sbin/ntpdate -s $ts");
1335			}
1336	4582b281	Scott Ullrich
1337			if ($g['booting'])
1338	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1339	4582b281	Scott Ullrich
1340	652cf082	Seth Mos	}
1341
1342	405e5de0	Scott Ullrich	function system_halt() {
1343			global $g;
1344
1345			system_reboot_cleanup();
1346
1347	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1348	405e5de0	Scott Ullrich	}
1349
1350	5b237745	Scott Ullrich	function system_reboot() {
1351			global $g;
1352	0f282d7a	Scott Ullrich
1353	5b237745	Scott Ullrich	system_reboot_cleanup();
1354	0f282d7a	Scott Ullrich
1355	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1356			}
1357
1358			function system_reboot_sync() {
1359			global $g;
1360	0f282d7a	Scott Ullrich
1361	5b237745	Scott Ullrich	system_reboot_cleanup();
1362	0f282d7a	Scott Ullrich
1363	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1364			}
1365
1366			function system_reboot_cleanup() {
1367	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1368	04967d99	jim-p	require_once("captiveportal.inc");
1369	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1370	336e3c1c	Charlie	require_once("voucher.inc");
1371			voucher_save_db_to_config();
1372	60dd7649	jim-p	require_once("pkg-utils.inc");
1373			stop_packages();
1374	5b237745	Scott Ullrich	}
1375
1376			function system_do_shell_commands($early = 0) {
1377	f19d3b7a	Scott Ullrich	global $config, $g;
1378	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1379			$mt = microtime();
1380	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1381	58c7450e	Scott Ullrich	}
1382	0f282d7a	Scott Ullrich
1383	5b237745	Scott Ullrich	if ($early)
1384			$cmdn = "earlyshellcmd";
1385			else
1386			$cmdn = "shellcmd";
1387	0f282d7a	Scott Ullrich
1388	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1389	333f8ef0	Scott Ullrich
1390	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1391	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1392			exec($cmd);
1393			}
1394	245388b4	Scott Ullrich
1395			} elseif($config['system'][$cmdn] <> "") {
1396	333f8ef0	Scott Ullrich
1397	245388b4	Scott Ullrich	/* execute single item */
1398			exec($config['system'][$cmdn]);
1399
1400	5b237745	Scott Ullrich	}
1401			}
1402
1403			function system_console_configure() {
1404	f19d3b7a	Scott Ullrich	global $config, $g;
1405	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1406			$mt = microtime();
1407	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1408	333f8ef0	Scott Ullrich	}
1409	0f282d7a	Scott Ullrich
1410	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1411			touch("{$g['varetc_path']}/disableconsole");
1412			} else {
1413			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1414			}
1415			}
1416
1417			function system_dmesg_save() {
1418	f19d3b7a	Scott Ullrich	global $g;
1419	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1420			$mt = microtime();
1421	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1422	f19d3b7a	Scott Ullrich	}
1423	0f282d7a	Scott Ullrich
1424	767a716e	Scott Ullrich	$dmesg = "";
1425	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1426	0f282d7a	Scott Ullrich
1427	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1428			$lastcpline = 0;
1429	0f282d7a	Scott Ullrich
1430	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1431			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1432			$lastcpline = $i;
1433			}
1434	0f282d7a	Scott Ullrich
1435	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1436			if (!$fd) {
1437	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1438	5b237745	Scott Ullrich	return 1;
1439			}
1440	0f282d7a	Scott Ullrich
1441	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1442			fwrite($fd, $dmesg[$i] . "\n");
1443	0f282d7a	Scott Ullrich
1444	5b237745	Scott Ullrich	fclose($fd);
1445	0f282d7a	Scott Ullrich
1446	5b237745	Scott Ullrich	return 0;
1447			}
1448
1449			function system_set_harddisk_standby() {
1450	f19d3b7a	Scott Ullrich	global $g, $config;
1451	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1452			$mt = microtime();
1453	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1454	58c7450e	Scott Ullrich	}
1455	5b237745	Scott Ullrich
1456			if (isset($config['system']['harddiskstandby'])) {
1457			if ($g['booting']) {
1458	4a896b86	Carlos Eduardo Ramos	echo gettext('Setting hard disk standby... ');
1459	5b237745	Scott Ullrich	}
1460
1461			$standby = $config['system']['harddiskstandby'];
1462			// Check for a numeric value
1463			if (is_numeric($standby)) {
1464			// Sync the disk(s)
1465	5ba5a8de	Scott Ullrich	pfSense_sync();
1466	5b237745	Scott Ullrich	if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1467			// Reinitialize ATA-drives
1468			mwexec('/usr/local/sbin/atareinit');
1469			if ($g['booting']) {
1470	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1471	5b237745	Scott Ullrich	}
1472			} else if ($g['booting']) {
1473	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1474	5b237745	Scott Ullrich	}
1475			} else if ($g['booting']) {
1476	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1477	5b237745	Scott Ullrich	}
1478			}
1479			}
1480
1481	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1482	f19d3b7a	Scott Ullrich	global $config;
1483	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1484			$mt = microtime();
1485	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1486	58c7450e	Scott Ullrich	}
1487	243aa7b9	Scott Ullrich
1488	6df9d7e3	Scott Ullrich	activate_sysctls();
1489
1490	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1491			system_disable_arp_wrong_if();
1492			}
1493			}
1494
1495			function system_disable_arp_wrong_if() {
1496	f19d3b7a	Scott Ullrich	global $config;
1497	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1498			$mt = microtime();
1499	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1500	333f8ef0	Scott Ullrich	}
1501	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1502	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1503	3ff9d424	Scott Ullrich	}
1504
1505	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1506	f19d3b7a	Scott Ullrich	global $config;
1507	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1508			$mt = microtime();
1509	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1510	58c7450e	Scott Ullrich	}
1511	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1512	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1513	243aa7b9	Scott Ullrich	}
1514
1515	a199b93e	Scott Ullrich	function enable_watchdog() {
1516			global $config;
1517	1a479479	Scott Ullrich	return;
1518	a199b93e	Scott Ullrich	$install_watchdog = false;
1519			$supported_watchdogs = array("Geode");
1520			$file = file_get_contents("/var/log/dmesg.boot");
1521			foreach($supported_watchdogs as $sd) {
1522			if(stristr($file, "Geode")) {
1523			$install_watchdog = true;
1524			}
1525			}
1526			if($install_watchdog == true) {
1527	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1528	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1529	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1530	a199b93e	Scott Ullrich	}
1531			}
1532	15f14889	Scott Ullrich
1533			function system_check_reset_button() {
1534	fa83737d	Scott Ullrich	global $g;
1535	223ef06a	Scott Ullrich	if($g['platform'] != "nanobsd")
1536	fa83737d	Scott Ullrich	return 0;
1537	15f14889	Scott Ullrich
1538	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
1539
1540	15f14889	Scott Ullrich	if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix")
1541			return 0;
1542
1543			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
1544
1545			if ($retval == 99) {
1546			/* user has pressed reset button for 2 seconds -
1547			reset to factory defaults */
1548			echo <<<EOD
1549
1550			***********************************************************************
1551			* Reset button pressed - resetting configuration to factory defaults. *
1552			* The system will reboot after this completes. *
1553			***********************************************************************
1554
1555
1556			EOD;
1557
1558			reset_factory_defaults();
1559			system_reboot_sync();
1560			exit(0);
1561			}
1562
1563			return 0;
1564			}
1565
1566	31c9379c	Scott Ullrich	/* attempt to identify the specific platform (for embedded systems)
1567			Returns an array with two elements:
1568			name => platform string (e.g. 'wrap', 'alix' etc.)
1569			descr => human-readable description (e.g. "PC Engines WRAP")
1570			*/
1571			function system_identify_specific_platform() {
1572			global $g;
1573
1574			if ($g['platform'] == 'generic-pc')
1575	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
1576	31c9379c	Scott Ullrich
1577			if ($g['platform'] == 'generic-pc-cdrom')
1578	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
1579	31c9379c	Scott Ullrich
1580			/* the rest of the code only deals with 'embedded' platforms */
1581	1a2911a7	Scott Ullrich	if ($g['platform'] != 'nanobsd')
1582	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
1583
1584			$dmesg = system_get_dmesg_boot();
1585
1586			if (strpos($dmesg, "PC Engines WRAP") !== false)
1587	4a896b86	Carlos Eduardo Ramos	return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
1588	31c9379c	Scott Ullrich
1589			if (strpos($dmesg, "PC Engines ALIX") !== false)
1590	4a896b86	Carlos Eduardo Ramos	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
1591	31c9379c	Scott Ullrich
1592			if (preg_match("/Soekris net45../", $dmesg, $matches))
1593			return array('name' => 'net45xx', 'descr' => $matches[0]);
1594
1595			if (preg_match("/Soekris net48../", $dmesg, $matches))
1596			return array('name' => 'net48xx', 'descr' => $matches[0]);
1597
1598			if (preg_match("/Soekris net55../", $dmesg, $matches))
1599			return array('name' => 'net55xx', 'descr' => $matches[0]);
1600
1601			/* unknown embedded platform */
1602	4a896b86	Carlos Eduardo Ramos	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
1603	31c9379c	Scott Ullrich	}
1604
1605			function system_get_dmesg_boot() {
1606			global $g;
1607	d16af75d	Scott Ullrich
1608	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1609			}
1610
1611	c82b2c3f	jim-p	function get_possible_listen_ips() {
1612	7401c8c4	jim-p	$interfaces = get_configured_interface_with_descr();
1613			$carplist = get_configured_carp_interface_list();
1614			$listenips = array();
1615			foreach ($carplist as $cif => $carpip)
1616			$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
1617			$aliaslist = get_configured_ip_aliases_list();
1618			foreach ($aliaslist as $aliasip => $aliasif)
1619			$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1620			foreach ($interfaces as $iface => $ifacename) {
1621			$tmp["name"] = $ifacename;
1622			$tmp["value"] = $iface;
1623			$listenips[] = $tmp;
1624			}
1625			$tmp["name"] = "Localhost";
1626			$tmp["value"] = "lo0";
1627			$listenips[] = $tmp;
1628			return $listenips;
1629			}
1630	943994ff	Scott Ullrich
1631	3b8a17a1	Ermal	?>

Project

General

Profile

pfSense