/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ bad29bc6

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			/* include all configuration functions */
33			require_once("functions.inc");
34	0f282d7a	Scott Ullrich
35	6df9d7e3	Scott Ullrich	function activate_sysctls() {
36			global $config, $g;
37	d36e6e3b	Ermal Luçi
38	f7522c2b	Scott Ullrich	if (is_array($config['sysctl']))
39	d36e6e3b	Ermal Luçi	foreach ($config['sysctl']['item'] as $tunable)
40			mwexec("sysctl " . $tunable['tunable'] . "=\""
41			. $tunable['value'] . "\"");
42
43	6df9d7e3	Scott Ullrich	}
44
45	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
46	e180a6e3	Scott Ullrich	global $config, $g;
47			if(isset($config['system']['developerspew'])) {
48			$mt = microtime();
49			echo "system_resolvconf_generate() being called $mt\n";
50			}
51	ef217c69	Scott Ullrich
52			$syscfg = $config['system'];
53
54			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
55			if (!$fd) {
56			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
57			return 1;
58			}
59
60			$resolvconf = "domain {$syscfg['domain']}\n";
61
62			$havedns = false;
63
64			if (isset($syscfg['dnsallowoverride'])) {
65	e180a6e3	Scott Ullrich	/* get dynamically assigned DNS servers (if any) */
66			$ns = array_unique(get_nameservers());
67			foreach($ns as $nameserver) {
68			if($nameserver) {
69			$resolvconf .= "nameserver $nameserver\n";
70			$havedns = true;
71			}
72	e428c94d	Scott Ullrich	}
73	ef217c69	Scott Ullrich	}
74			if (!$havedns && is_array($syscfg['dnsserver'])) {
75	e180a6e3	Scott Ullrich	foreach ($syscfg['dnsserver'] as $ns) {
76			if ($ns) {
77			$resolvconf .= "nameserver $ns\n";
78			$havedns = true;
79			}
80	e428c94d	Scott Ullrich	}
81	e180a6e3	Scott Ullrich	}
82	0f282d7a	Scott Ullrich
83	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
84			fclose($fd);
85	0f282d7a	Scott Ullrich
86	ef217c69	Scott Ullrich	if (!$g['booting']) {
87	e180a6e3	Scott Ullrich	/* restart dhcpd (nameservers may have changed) */
88			if (!$dynupdate)
89			services_dhcpd_configure();
90	ef217c69	Scott Ullrich	}
91
92	b875f306	Scott Ullrich	for($dnscounter=1; $dnscounter<5; $dnscounter++) {
93			/* setup static routes for dns servers */
94			if($config['system']['dns{$dnscounter}gwint']) {
95			$if = $config['system']['dns{$dnscounter}gwint'];
96			if($if) {
97			$gw = $config['interfaces'][$if]['if'];
98			$dnscountermo = $dnscounter - 1;
99			exec("route delete {$syscfg['dnsserver'][$dnscountermo]}");
100			exec("route add {$syscfg['dnsserver'][$dnscountermo]} -gw {$gw}");
101			}
102			}
103	e180a6e3	Scott Ullrich	}
104
105	ef217c69	Scott Ullrich	return 0;
106	5b237745	Scott Ullrich	}
107
108	3d00ccaa	Scott Ullrich	function get_nameservers() {
109			global $config, $g;
110			$master_list = array();
111	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
112	3d00ccaa	Scott Ullrich	foreach($dns_lists as $dns) {
113			$items = split("\n", file_get_contents($dns));
114			foreach($items as $item)
115			if($item <> "")
116			$master_list[] = $item;
117			}
118	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
119			return $master_list;
120			$dns = `cat /var/etc/nameservers.conf`;
121			$dns_s = split("\n", $dns);
122	0dbac999	Scott Ullrich	if(is_array($dns_s))
123			foreach($dns_s as $dns)
124			$master_list[] = $dns;
125	3d00ccaa	Scott Ullrich	return $master_list;
126			}
127
128	5b237745	Scott Ullrich	function system_hosts_generate() {
129	f19d3b7a	Scott Ullrich	global $config, $g;
130	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
131			$mt = microtime();
132	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
133	f19d3b7a	Scott Ullrich	}
134	0f282d7a	Scott Ullrich
135	5b237745	Scott Ullrich	$syscfg = $config['system'];
136			$lancfg = $config['interfaces']['lan'];
137			$dnsmasqcfg = $config['dnsmasq'];
138
139			if (!is_array($dnsmasqcfg['hosts'])) {
140			$dnsmasqcfg['hosts'] = array();
141			}
142			$hostscfg = $dnsmasqcfg['hosts'];
143	0f282d7a	Scott Ullrich
144	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
145			if (!$fd) {
146	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
147	5b237745	Scott Ullrich	return 1;
148			}
149	0f282d7a	Scott Ullrich
150	5b237745	Scott Ullrich	$hosts = <<<EOD
151			127.0.0.1 localhost localhost.{$syscfg['domain']}
152			{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
153
154			EOD;
155	0f282d7a	Scott Ullrich
156	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
157			if ($host['host'])
158			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
159			else
160			$hosts .= "{$host['ip']} {$host['domain']}\n";
161			}
162	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
163			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
164			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
165	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
166	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
167			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
168	a56e787d	Scott Ullrich	}
169	5b237745	Scott Ullrich	fwrite($fd, $hosts);
170			fclose($fd);
171	0f282d7a	Scott Ullrich
172	5b237745	Scott Ullrich	return 0;
173			}
174
175			function system_hostname_configure() {
176	f19d3b7a	Scott Ullrich	global $config, $g;
177	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
178			$mt = microtime();
179	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
180	333f8ef0	Scott Ullrich	}
181	0f282d7a	Scott Ullrich
182	5b237745	Scott Ullrich	$syscfg = $config['system'];
183	0f282d7a	Scott Ullrich
184	5b237745	Scott Ullrich	/* set hostname */
185			return mwexec("/bin/hostname " .
186			escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
187			}
188
189			function system_routing_configure() {
190	f19d3b7a	Scott Ullrich	global $config, $g;
191	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
192			$mt = microtime();
193	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
194	58c7450e	Scott Ullrich	}
195	333f8ef0	Scott Ullrich
196	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
197			if(isset($config['staticroutes']['enablefastrouting']))
198			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
199
200	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
201			if (file_exists("{$g['vardb_path']}/routes.db")) {
202			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
203			if (!$fd) {
204			printf("Error: cannot open routes DB file in system_routing_configure().\n");
205	0f282d7a	Scott Ullrich	return 1;
206	5b237745	Scott Ullrich	}
207			while (!feof($fd)) {
208			$oldrt = fgets($fd);
209			if ($oldrt)
210			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
211			}
212			fclose($fd);
213			unlink("{$g['vardb_path']}/routes.db");
214			}
215	0f282d7a	Scott Ullrich
216	d173230c	Seth Mos	/* if list */
217	b6db9217	Ermal Luçi	$iflist = get_configured_interface_list();
218	d173230c	Seth Mos
219			$dont_remove_route = false;
220			foreach ($iflist as $ifent => $ifname) {
221			/* do not process interfaces that will end up with gateways */
222	67ee1ec5	Ermal Luçi	if (interface_has_gateway($ifent))
223	d173230c	Seth Mos	$dont_remove_route = true;
224			}
225
226	3fceab6c	Scott Ullrich	if($config['interfaces']['wan']['ipaddr'] == "carpdev-dhcp")
227			$dont_remove_route = true;
228
229	d173230c	Seth Mos	if($dont_remove_route == false) {
230			/* remove default route */
231			mwexec("/sbin/route delete default");
232			}
233
234			$dont_add_route = false;
235			/* if OLSRD is enabled, allow WAN to house DHCP. */
236			if($config['installedpackages']['olsrd']) {
237			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
238			if($olsrd['enabledyngw'] == "on") {
239			$dont_add_route = true;
240			}
241			}
242			}
243
244			if($dont_add_route == false) {
245	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
246	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
247			if(isset($gateway['defaultgw'])) {
248			$gatewayip = $gateway['gateway'];
249			$interfacegw = $gateway['interface'];
250			}
251	d173230c	Seth Mos	}
252	8e21cbb8	Scott Ullrich	if($interfacegw <> "bgpd")
253			mwexec("/sbin/route add default " . escapeshellarg($gatewayip));
254	ef9ed4cd	Chris Buechler	} else {
255			/* adding gateway for 1.2-style configs without the new
256			gateway setup configured.
257			Force WAN to be default gateway because that is the
258			1.2 behavior.
259			*/
260			if (is_ipaddr($config['interfaces']['wan']['gateway'])) {
261			$gatewayip = $config['interfaces']['wan']['gateway'];
262			mwexec("/sbin/route add default " . escapeshellarg($gatewayip));
263			}
264	d173230c	Seth Mos	}
265			}
266
267	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
268	0f282d7a	Scott Ullrich
269	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
270			if (!$fd) {
271			printf("Error: cannot open routes DB file in system_routing_configure().\n");
272	0f282d7a	Scott Ullrich	return 1;
273	5b237745	Scott Ullrich	}
274	0f282d7a	Scott Ullrich
275	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
276	0721c4f8	Chris Buechler	if(is_array($config['gateways']['gateway_item'])) {
277	3b9758de	Seth Mos	foreach($config['gateways']['gateway_item'] as $gateway) {
278			if($rtent['gateway'] == $gateway['name']) {
279			$gatewayip = $gateway['gateway'];
280			$interfacegw = $gateway['interface'];
281			}
282	d173230c	Seth Mos	}
283			}
284	224d8bc3	Seth Mos	if((is_ipaddr($rtent['gateway'])) && ($gatewayip == "")) {
285	7a98edde	Seth Mos	$gatewayip = $rtent['gateway'];
286			$interfacegw = $rtent['interface'];
287			}
288			if(isset($rtent['interfacegateway'])) {
289			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
290			" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw)));
291			} else {
292			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
293			" " . escapeshellarg($gatewayip));
294			}
295			/* record route so it can be easily removed later (if necessary) */
296			fwrite($fd, $rtent['network'] . "\n");
297	5b237745	Scott Ullrich	}
298	0f282d7a	Scott Ullrich	fclose($fd);
299	5b237745	Scott Ullrich	}
300	67ee1ec5	Ermal Luçi
301	b9c501ea	Seth Mos	return 0;
302	5b237745	Scott Ullrich	}
303
304			function system_routing_enable() {
305	f19d3b7a	Scott Ullrich	global $config, $g;
306	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
307			$mt = microtime();
308	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
309	58c7450e	Scott Ullrich	}
310	0f282d7a	Scott Ullrich
311	5b237745	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
312			}
313
314			function system_syslogd_start() {
315	f19d3b7a	Scott Ullrich	global $config, $g;
316	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
317			$mt = microtime();
318	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
319	58c7450e	Scott Ullrich	}
320	0f282d7a	Scott Ullrich
321	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
322
323	0f282d7a	Scott Ullrich	if ($g['booting'])
324	f05740c1	Scott Ullrich	echo "Starting syslog...";
325	5b237745	Scott Ullrich	else
326			killbypid("{$g['varrun_path']}/syslog.pid");
327	0f282d7a	Scott Ullrich
328	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
329	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
330	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
331			foreach($config['installedpackages']['package'] as $package) {
332	333f8ef0	Scott Ullrich	if($package['logging']) {
333	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
334	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
335	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
336			mwexec("clog -i -s 10000 {$g['varlog_path']}/{$package['logging']['logfilename']}");
337	d2834563	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t%{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
338	a728d2ea	Colin Smith	}
339			}
340			}
341	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
342	5b237745	Scott Ullrich	/* write syslog.conf */
343			$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
344			if (!$fd) {
345			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
346			return 1;
347			}
348	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
349	18330d38	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
350			$syslogconf .= <<<EOD
351			. %{$g['varlog_path']}/ntpd.log
352
353			EOD;
354			}
355	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
356	1cdec603	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
357	0260caec	Scott Ullrich	$syslogconf .= <<<EOD
358	bc7f52e2	Colin Smith	. %{$g['varlog_path']}/ipsec.log
359	0260caec	Scott Ullrich
360			EOD;
361			}
362			if (isset($syslogcfg['vpn'])) {
363			$syslogconf .= <<<EOD
364			. @{$syslogcfg['remoteserver']}
365
366			EOD;
367			}
368	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
369	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
370			$syslogconf .= <<<EOD
371			. %{$g['varlog_path']}/openvpn.log
372
373			EOD;
374			}
375			if (isset($syslogcfg['vpn'])) {
376			$syslogconf .= <<<EOD
377			. @{$syslogcfg['remoteserver']}
378
379			EOD;
380			}
381	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
382	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
383			$syslogconf .= <<<EOD
384	bc328042	Bill Marquette	local0.* %{$g['varlog_path']}/filter.log
385			local3.* %{$g['varlog_path']}/vpn.log
386			local4.* %{$g['varlog_path']}/portalauth.log
387			local7.* %{$g['varlog_path']}/dhcpd.log
388	d2834563	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; %{$g['varlog_path']}/system.log
389	f3b064aa	Scott Ullrich	news.err;local0.none;local3.none;local4.none; %{$g['varlog_path']}/system.log
390	7e77107f	Scott Ullrich	local7.none %{$g['varlog_path']}/system.log
391	bc328042	Bill Marquette	security.* %{$g['varlog_path']}/system.log
392			auth.info;authpriv.info;daemon.info %{$g['varlog_path']}/system.log
393	0d47aeff	Seth Mos	local1.* %{$g['varlog_path']}/relayd.log
394	d2834563	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
395	5b237745	Scott Ullrich	.emerg
396
397			EOD;
398	e1c0c35a	Scott Ullrich	}
399	5b237745	Scott Ullrich
400			if (isset($syslogcfg['filter'])) {
401			$syslogconf .= <<<EOD
402			local0.* @{$syslogcfg['remoteserver']}
403
404			EOD;
405			}
406	0f282d7a	Scott Ullrich
407	5b237745	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
408			$syslogconf .= <<<EOD
409			local3.* @{$syslogcfg['remoteserver']}
410	0a123b4c	Scott Ullrich
411	3f2b92d2	Scott Ullrich	EOD;
412			}
413
414	5b237745	Scott Ullrich
415	3f2b92d2	Scott Ullrich	if (isset($syslogcfg['portalauth'])) {
416			$syslogconf .= <<<EOD
417			local4.* @{$syslogcfg['remoteserver']}
418	0a123b4c	Scott Ullrich
419	5b237745	Scott Ullrich	EOD;
420			}
421
422	3f2b92d2	Scott Ullrich
423	5b237745	Scott Ullrich	if (isset($syslogcfg['dhcp'])) {
424			$syslogconf .= <<<EOD
425			local7.* @{$syslogcfg['remoteserver']}
426	0a123b4c	Scott Ullrich
427	5b237745	Scott Ullrich	EOD;
428			}
429
430			if (isset($syslogcfg['system'])) {
431			$syslogconf .= <<<EOD
432	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
433			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
434	5b237745	Scott Ullrich	security.* @{$syslogcfg['remoteserver']}
435			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
436			*.emerg @{$syslogcfg['remoteserver']}
437	d2834563	Scott Ullrich
438	5b237745	Scott Ullrich	EOD;
439			}
440			fwrite($fd, $syslogconf);
441			fclose($fd);
442	0f282d7a	Scott Ullrich
443	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
444			if(strpos($syslogconf, "@") != false)
445			$retval = mwexec("/usr/sbin/syslogd -s -f {$g['varetc_path']}/syslog.conf");
446			else
447			$retval = mwexec("/usr/sbin/syslogd -ss -f {$g['varetc_path']}/syslog.conf");
448	5b237745	Scott Ullrich
449			} else {
450			$retval = mwexec("/usr/sbin/syslogd -ss");
451			}
452	0f282d7a	Scott Ullrich
453	5b237745	Scott Ullrich	if ($g['booting'])
454	5c6d0f65	Colin Smith	echo "done.\n";
455	0f282d7a	Scott Ullrich
456	5b237745	Scott Ullrich	return $retval;
457			}
458
459			function system_pccard_start() {
460	f19d3b7a	Scott Ullrich	global $config, $g;
461	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
462			$mt = microtime();
463	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
464	58c7450e	Scott Ullrich	}
465	0f282d7a	Scott Ullrich
466	5b237745	Scott Ullrich	if ($g['booting'])
467	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
468	0f282d7a	Scott Ullrich
469	5b237745	Scott Ullrich	/* kill any running pccardd */
470			killbypid("{$g['varrun_path']}/pccardd.pid");
471	0f282d7a	Scott Ullrich
472	5b237745	Scott Ullrich	/* fire up pccardd */
473			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
474	0f282d7a	Scott Ullrich
475	5b237745	Scott Ullrich	if ($g['booting']) {
476			if ($res == 0)
477	5c6d0f65	Colin Smith	echo "done.\n";
478	5b237745	Scott Ullrich	else
479	5c6d0f65	Colin Smith	echo "failed!\n";
480	5b237745	Scott Ullrich	}
481	0f282d7a	Scott Ullrich
482	5b237745	Scott Ullrich	return $res;
483			}
484
485	819197a8	Scott Ullrich
486	5b237745	Scott Ullrich	function system_webgui_start() {
487	f19d3b7a	Scott Ullrich	global $config, $g;
488	877ac35d	Scott Ullrich
489			if ($g['booting'])
490	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
491	877ac35d	Scott Ullrich
492	383a4439	Scott Ullrich	/* kill any running lighttpd */
493	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
494
495	e9d0bf64	Scott Ullrich	sleep(1);
496
497	877ac35d	Scott Ullrich	/* generate password file */
498			system_password_configure();
499
500			chdir($g['www_path']);
501
502			/* non-standard port? */
503			if ($config['system']['webgui']['port'])
504	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
505	877ac35d	Scott Ullrich	else
506			$portarg = "";
507
508			if ($config['system']['webgui']['protocol'] == "https") {
509
510	1b2db323	Scott Ullrich	if(!$config['system']['webgui']['port'])
511			$portarg = "443";
512
513	877ac35d	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
514			$cert = base64_decode($config['system']['webgui']['certificate']);
515			$key = base64_decode($config['system']['webgui']['private-key']);
516			} else {
517			/* default certificate/key */
518			$cert = <<<EOD
519			-----BEGIN CERTIFICATE-----
520	6e0f3899	Scott Ullrich	MIIDEzCCAnygAwIBAgIJAJM91W+s6qptMA0GCSqGSIb3DQEBBAUAMGUxCzAJBgNV
521			BAYTAlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UE
522			ChMHcGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTAe
523			Fw0wNjAzMTAyMzQ1MTlaFw0xNjAzMDcyMzQ1MTlaMGUxCzAJBgNVBAYTAlVTMQsw
524			CQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMHcGZTZW5z
525			ZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTCBnzANBgkqhkiG
526			9w0BAQEFAAOBjQAwgYkCgYEA3lPNTFH6qge/ygaqe/BS4oH59O6KvAesWcRzSu5N
527			21lyVE5tBbL0zqOSXmlLyReMSbtAMZqt1P8EPYFoOcaEQHIWm2VQF80Z18+8Gh4O
528			UQGjHq88OeaLqyk3OLpSKzSpXuCFrSN7q9Kez8zp5dQEu7sIW30da3pAbdqYOimA
529			1VsCAwEAAaOByjCBxzAdBgNVHQ4EFgQUAnx+ggC4SzJ0CK+rhPhJ2ZpyunEwgZcG
530			A1UdIwSBjzCBjIAUAnx+ggC4SzJ0CK+rhPhJ2ZpyunGhaaRnMGUxCzAJBgNVBAYT
531			AlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMH
532			cGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZYIJAJM9
533			1W+s6qptMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAAviQpdoeabL8
534			1HSZiD7Yjx82pdLpyQOdXvAu3jEAYz53ckx0zSMrzsQ5r7Vae6AE7Xd7Pj+1Yihs
535			AJZzOQujnmsuim7qu6YSxzP34xonKwd1C9tZUlyNRNnEmtXOEDupn05bih1ugtLG
536			kqfPIgDbDLXuPtEAA6QDUypaunI6+1E=
537	877ac35d	Scott Ullrich	-----END CERTIFICATE-----
538	6e0f3899	Scott Ullrich
539	877ac35d	Scott Ullrich	EOD;
540
541			$key = <<<EOD
542			-----BEGIN RSA PRIVATE KEY-----
543	6e0f3899	Scott Ullrich	MIICXgIBAAKBgQDeU81MUfqqB7/KBqp78FLigfn07oq8B6xZxHNK7k3bWXJUTm0F
544			svTOo5JeaUvJF4xJu0Axmq3U/wQ9gWg5xoRAchabZVAXzRnXz7waHg5RAaMerzw5
545			5ourKTc4ulIrNKle4IWtI3ur0p7PzOnl1AS7uwhbfR1rekBt2pg6KYDVWwIDAQAB
546			AoGAP7E0VFP8Aq/7os3sE1uS8y8XQ7L+7cUo/AKKoQHKLjfeyAY7t3FALt6vdPqn
547			anGjkA/j4RIWELoKJfCnwj17703NDCPwB7klcmZvmTx5Om1ZrRyZdQ6RJs0pOOO1
548			r2wOnZNaNWStXE9Afpw3dj20Gh0V/Ioo5HXn3sHfxZm8dnkCQQDwv8OaUdp2Hl8t
549			FDfXB1CMvUG1hEAvbQvZK1ODkE7na2/ChKjVPddEI3DvfzG+nLrNuTrAyVWgRLte
550			r8qX5PQHAkEA7GlKx0S18LdiKo6wy2QeGu6HYkPncaHNFOWX8cTpvGGtQoWYSh0J
551			tjCt1/mz4/XkvZWuZyTNx2FdkVlNF5nHDQJBAIRWVTZqEjVlwpmsCHnp6mxCyHD4
552			DrRDNAUfnNuwIr9xPlDlzUzSnpc1CCqOd5C45LKbRGGfCrN7tKd66FmQoFcCQQCy
553			Kvw3R1pTCvHJnvYwoshphaC0dvaDVeyINiwYAk4hMf/wpVxLZqz+CJvLrB1dzOBR
554			3O+uPjdzbrakpweJpNQ1AkEA3ZtlgEj9eWsLAJP8aKlwB8VqD+EtG9OJSUMnCDiQ
555			WFFNj/t3Ze3IVuAyL/yMpiv3JNEnZhIxCta42eDFpIZAKw==
556	877ac35d	Scott Ullrich	-----END RSA PRIVATE KEY-----
557	6e0f3899	Scott Ullrich
558	877ac35d	Scott Ullrich	EOD;
559			}
560			} else {
561			$cert = "";
562			$key = "";
563			}
564
565			/* generate lighttpd configuration */
566			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
567	1b2db323	Scott Ullrich	$cert, $key, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
568	877ac35d	Scott Ullrich
569			/* attempt to start lighthttpd */
570			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
571
572			if ($g['booting']) {
573			if ($res == 0)
574			echo "done.\n";
575			else
576			echo "failed!\n";
577			}
578
579			return $res;
580			}
581
582			function system_webgui_start_old() {
583			global $config, $g;
584	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
585			$mt = microtime();
586	dcf0598e	Scott Ullrich	echo "system_webgui_start() being called $mt\n";
587	58c7450e	Scott Ullrich	}
588	0f282d7a	Scott Ullrich
589	819197a8	Scott Ullrich	if ($g['booting'])
590	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
591	0f282d7a	Scott Ullrich
592	819197a8	Scott Ullrich	/* kill any running mini_httpd */
593			killbypid("{$g['varrun_path']}/mini_httpd.pid");
594	0f282d7a	Scott Ullrich
595	819197a8	Scott Ullrich	/* generate password file */
596			system_password_configure();
597	0f282d7a	Scott Ullrich
598	819197a8	Scott Ullrich	chdir($g['www_path']);
599	0f282d7a	Scott Ullrich
600	819197a8	Scott Ullrich	/* non-standard port? */
601			if ($config['system']['webgui']['port'])
602			$portarg = "-p {$config['system']['webgui']['port']}";
603			else
604			$portarg = "";
605	0f282d7a	Scott Ullrich
606	819197a8	Scott Ullrich	if ($config['system']['webgui']['protocol'] == "https") {
607	0f282d7a	Scott Ullrich
608	819197a8	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
609			$cert = base64_decode($config['system']['webgui']['certificate']);
610	7aae518a	Scott Ullrich	$key = base64_decode($config['system']['webgui']['private-key']);
611	819197a8	Scott Ullrich	} else {
612			/* default certificate/key */
613			$cert = <<<EOD
614	5b237745	Scott Ullrich	-----BEGIN CERTIFICATE-----
615	819197a8	Scott Ullrich	MIIBlDCB/gIBADANBgkqhkiG9w0BAQQFADATMREwDwYDVQQKEwhtMG4wd2FsbDAe
616			Fw0wNTA1MTAxMjI0NDRaFw0wNzA1MTAxMjI0NDRaMBMxETAPBgNVBAoTCG0wbjB3
617			YWxsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAShszhFz+o8lsMWTGgTxs
618			TMPR+v4+qL5jXDyY97MLTGFK7aqQOtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+
619			83LPQmQoSPC0VqhfU3uYf3NzxiK8r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFP
620			C4jE2fvjkbzyVolPywBuewIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAFR962c4R5tV
621			cTn0OQcszYoW6WC+ini9tQQh5ku5jYDAiC+00atawJEVLnL3lwAcpSKTIWlTkD20
622			tl3lz5br1qFgYky+Rd0kwS2nk9jRbkxSXxd6KJVnNRCKre28aw3ENzZfCSurPQsX
623			UPp5er+NtwMT1g7s/JDmKTC4w1rGr5/c
624	5b237745	Scott Ullrich	-----END CERTIFICATE-----
625	819197a8	Scott Ullrich
626	5b237745	Scott Ullrich	EOD;
627
628	819197a8	Scott Ullrich	$key = <<<EOD
629	5b237745	Scott Ullrich	-----BEGIN RSA PRIVATE KEY-----
630	819197a8	Scott Ullrich	MIICXQIBAAKBgQDAShszhFz+o8lsMWTGgTxsTMPR+v4+qL5jXDyY97MLTGFK7aqQ
631			OtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+83LPQmQoSPC0VqhfU3uYf3NzxiK8
632			r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFPC4jE2fvjkbzyVolPywBuewIDAQAB
633			AoGAbJJrQW9fQrggJuLMz/hwsYW2m31oyOBmf5u463YQtjRuSuxe/gj87weZuNqY
634			H2rXq2k2K+ehl8hgW+egASyUL3L7kCkEAsVREujKTEyhSqqIRDPWTxo9S/YA9Gvn
635			2ZnJvkrcKjqCO9aHX3rvJOK/ErYI6akctgI3KmgkYw5XNmECQQDuZU97RTWH9rmP
636			aQr57ysNXxgFsyhetOOqeYkPtIVwpOiNbfwE1zi5RGdtO4Ku3fG1lV4J2UoWJ9yD
637			awdoyYIHAkEAzn0xJ90IjPsHk+8SODEj5JGdHSZPNu1tgtrbjEi9sfGWg4K7XTxr
638			QW90pWb1bKKU1uh5FzW6OhnFfuQXt1kC7QJAPSthqY+onKqCEnoxhtAHi/bKgyvl
639			P+fKQwPMV2tKkgy+XwvJjrRqqZ8TqsOKVLQ+QQmCh6RpjiXMPyxHSmvqIQJBAKLR
640			HF1ucDuaBROkwx0DwmWMW/KMLpIFDQDNSaiIAuu4rxHrl4mhBoGGPNffI04RtILw
641			s+qVNs5xW8T+XaT4ztECQQDFHPnZeoPWE5z+AX/UUQIUWaDExz3XRzmIxRbOrlFi
642			CsF1s0TdJLi/wzNQRAL37A8vqCeVFR/ng3Xpg96Yg+8Z
643	5b237745	Scott Ullrich	-----END RSA PRIVATE KEY-----
644	208e9a9c	Scott Ullrich
645	819197a8	Scott Ullrich	EOD;
646			}
647	333f8ef0	Scott Ullrich
648	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
649			$key = str_replace("\r", "", $key);
650	333f8ef0	Scott Ullrich
651	819197a8	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/cert.pem", "w");
652			if (!$fd) {
653			printf("Error: cannot open cert.pem in system_webgui_start().\n");
654			return 1;
655			}
656			chmod("{$g['varetc_path']}/cert.pem", 0600);
657			fwrite($fd, $cert);
658			fwrite($fd, "\n");
659			fwrite($fd, $key);
660			fclose($fd);
661
662			$res = mwexec("/usr/local/sbin/mini_httpd -S -E {$g['varetc_path']}/cert.pem" .
663			" -c \".php\|.cgi\" -u root -maxproc 16 $portarg" .
664			" -i {$g['varrun_path']}/mini_httpd.pid");
665			} else {
666			$res = mwexec("/usr/local/sbin/mini_httpd -c \".php\|.cgi\" -u root" .
667			" -maxproc 16 $portarg -i {$g['varrun_path']}/mini_httpd.pid");
668			}
669	0f282d7a	Scott Ullrich
670	819197a8	Scott Ullrich	if ($g['booting']) {
671			if ($res == 0)
672			echo "done\n";
673			else
674			echo "failed\n";
675			}
676	a632cf43	Scott Ullrich
677	819197a8	Scott Ullrich	return $res;
678	a632cf43	Scott Ullrich	}
679
680	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
681			$cert,
682			$key,
683			$pid_file,
684			$port = 80,
685			$document_root = "/usr/local/www/",
686			$cert_location = "cert.pem",
687	b5317d07	Scott Ullrich	$max_procs = 2,
688	eb0f441c	Scott Ullrich	$max_requests = "1",
689			$fast_cgi_enable = true,
690			$captive_portal = false) {
691	58c7450e	Scott Ullrich
692	f19d3b7a	Scott Ullrich	global $config, $g;
693
694	d25b4a55	Scott Ullrich	/* only use freebsd-sendfile network handler on full installations
695			* tests have shown that it is actually slower on embedded.
696			*/
697			if(stristr("pfSense", $g['platform']))
698			$network_handler = "server.network-backend = \"freebsd-sendfile\"\n";
699	a19daac5	Scott Ullrich	else
700			$network_handler = "";
701	d25b4a55	Scott Ullrich
702	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
703			$mt = microtime();
704	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
705	58c7450e	Scott Ullrich	}
706
707	eb0f441c	Scott Ullrich	if($captive_portal == true) {
708			$captiveportal = ",\"mod_rewrite\"";
709	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
710	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
711			$maxprocperip = $config['captiveportal']['maxprocperip'];
712	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
713			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
714			else
715			$captive_portal_mod_evasive = "";
716	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
717			exec("mkdir -p /tmp/captiveportal");
718			exec("chmod a-w /tmp/captiveportal");
719	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
720	b0bdc06e	Scott Ullrich	} else {
721			$captive_portal_module = "";
722			$captive_portal_mod_evasive = "";
723	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
724	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
725	eb0f441c	Scott Ullrich	}
726	3306a341	Scott Ullrich
727	28cae949	Scott Ullrich	if($port <> "")
728			$lighty_port = $port;
729			else
730			$lighty_port = "80";
731	3d77d4c4	Scott Ullrich
732			$memory = get_memory();
733			$avail = $memory[0];
734
735	b0bdc06e	Scott Ullrich	if($avail > 0 and $avail < 98) {
736	f994f4d6	Scott Ullrich	$max_procs = 1;
737			$max_requests = 1;
738	52624d2c	Scott Ullrich	}
739	1a043fa7	Scott Ullrich
740	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
741	04f4a116	Ermal Luçi	$max_procs = 1;
742			$max_requests = 3;
743	b0bdc06e	Scott Ullrich	}
744
745			if($avail > 127 and $avail < 256) {
746	04f4a116	Ermal Luçi	$max_procs = 1;
747	6e337a84	Scott Ullrich	$max_requests = 5;
748	b0bdc06e	Scott Ullrich	}
749
750			if($avail > 255 and $avail < 384) {
751			$max_procs = 3;
752	6e337a84	Scott Ullrich	$max_requests = 10;
753	b0bdc06e	Scott Ullrich	}
754
755			if($avail > 383 and $avail < 512) {
756			$max_procs = 4;
757	6e337a84	Scott Ullrich	$max_requests = 16;
758	b0bdc06e	Scott Ullrich	}
759
760	6e337a84	Scott Ullrich	if($captive_portal == true) {
761			$bin_environment = <<<EOC
762			"bin-environment" => (
763			"PHP_FCGI_CHILDREN" => "16",
764			"PHP_FCGI_MAX_REQUESTS" => "{$max_requests}"
765			),
766			EOC;
767
768	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
769			$bin_environment = <<<EOC
770			"bin-environment" => (
771			"PHP_FCGI_CHILDREN" => "1",
772			"PHP_FCGI_MAX_REQUESTS" => "{$max_requests}"
773			),
774
775			EOC;
776			} else
777	6e337a84	Scott Ullrich	$bin_environment = "";
778
779	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
780	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
781	4edb490d	Scott Ullrich	$cgi_config = "";
782			$fastcgi_config = <<<EOD
783			#### fastcgi module
784			## read fastcgi.txt for more info
785	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
786			( "localhost" =>
787			(
788			"socket" => "/tmp/php-fastcgi.socket",
789			"min-procs" => 1,
790			"max-procs" => {$max_procs},
791	6e337a84	Scott Ullrich	{$bin_environment}
792	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
793			)
794			)
795			)
796	4edb490d	Scott Ullrich
797	dde4f60c	Scott Ullrich	#### CGI module
798	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
799	dde4f60c	Scott Ullrich
800	4edb490d	Scott Ullrich	EOD;
801			} else {
802			$fastcgi_config = "";
803			$module = "\"mod_cgi\"";
804			$cgi_config = <<<EOD
805			#### CGI module
806			cgi.assign = ( ".php" => "/usr/local/bin/php",
807	d4302f46	Espen Johansen	".cgi" => "" )
808	333f8ef0	Scott Ullrich
809	4edb490d	Scott Ullrich	EOD;
810			}
811	333f8ef0	Scott Ullrich
812	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
813	28cae949	Scott Ullrich	#
814	a632cf43	Scott Ullrich	# lighttpd configuration file
815			#
816			# use a it as base for lighttpd 1.0.0 and above
817	28cae949	Scott Ullrich	#
818	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
819
820	770b4b9c	Scott Ullrich	## FreeBSD!
821			server.event-handler = "freebsd-kqueue"
822
823	d25b4a55	Scott Ullrich	{$network_handler}
824	096261af	Scott Ullrich
825	a632cf43	Scott Ullrich	## modules to load
826	4edb490d	Scott Ullrich	server.modules = (
827	b0bdc06e	Scott Ullrich	{$captive_portal_module}
828	ee959dc4	Scott Ullrich	"mod_access", "mod_accesslog",
829	eb0f441c	Scott Ullrich	{$module}{$captiveportal}
830	4edb490d	Scott Ullrich	)
831	28cae949	Scott Ullrich
832			## Unused modules
833	6a019c11	Scott Ullrich	# "mod_setenv",
834			# "mod_compress"
835			# "mod_redirect",
836			# "mod_rewrite",
837	28cae949	Scott Ullrich	# "mod_ssi",
838			# "mod_usertrack",
839			# "mod_expire",
840			# "mod_secdownload",
841			# "mod_rrdtool",
842	a632cf43	Scott Ullrich	# "mod_auth",
843			# "mod_status",
844	28cae949	Scott Ullrich	# "mod_alias",
845	a632cf43	Scott Ullrich	# "mod_proxy",
846			# "mod_simple_vhost",
847			# "mod_evhost",
848			# "mod_userdir",
849	28cae949	Scott Ullrich	# "mod_cgi",
850			# "mod_accesslog"
851	a632cf43	Scott Ullrich
852			## a static document-root, for virtual-hosting take look at the
853			## server.virtual-* options
854	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
855	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
856	a632cf43	Scott Ullrich
857			## where to send error-messages to
858	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
859	a632cf43	Scott Ullrich
860			# files to check for if .../ is requested
861			server.indexfiles = ( "index.php", "index.html",
862			"index.htm", "default.htm" )
863
864			# mimetype mapping
865			mimetype.assign = (
866			".pdf" => "application/pdf",
867			".sig" => "application/pgp-signature",
868			".spl" => "application/futuresplash",
869			".class" => "application/octet-stream",
870			".ps" => "application/postscript",
871			".torrent" => "application/x-bittorrent",
872			".dvi" => "application/x-dvi",
873			".gz" => "application/x-gzip",
874			".pac" => "application/x-ns-proxy-autoconfig",
875			".swf" => "application/x-shockwave-flash",
876			".tar.gz" => "application/x-tgz",
877			".tgz" => "application/x-tgz",
878			".tar" => "application/x-tar",
879			".zip" => "application/zip",
880			".mp3" => "audio/mpeg",
881			".m3u" => "audio/x-mpegurl",
882			".wma" => "audio/x-ms-wma",
883			".wax" => "audio/x-ms-wax",
884			".ogg" => "audio/x-wav",
885			".wav" => "audio/x-wav",
886			".gif" => "image/gif",
887			".jpg" => "image/jpeg",
888			".jpeg" => "image/jpeg",
889			".png" => "image/png",
890			".xbm" => "image/x-xbitmap",
891			".xpm" => "image/x-xpixmap",
892			".xwd" => "image/x-xwindowdump",
893			".css" => "text/css",
894			".html" => "text/html",
895			".htm" => "text/html",
896			".js" => "text/javascript",
897			".asc" => "text/plain",
898			".c" => "text/plain",
899			".conf" => "text/plain",
900			".text" => "text/plain",
901			".txt" => "text/plain",
902			".dtd" => "text/xml",
903			".xml" => "text/xml",
904			".mpeg" => "video/mpeg",
905			".mpg" => "video/mpeg",
906			".mov" => "video/quicktime",
907			".qt" => "video/quicktime",
908			".avi" => "video/x-msvideo",
909			".asf" => "video/x-ms-asf",
910			".asx" => "video/x-ms-asf",
911			".wmv" => "video/x-ms-wmv",
912			".bz2" => "application/x-bzip",
913			".tbz" => "application/x-bzip-compressed-tar",
914			".tar.bz2" => "application/x-bzip-compressed-tar"
915			)
916
917			# Use the "Content-Type" extended attribute to obtain mime type if possible
918			#mimetypes.use-xattr = "enable"
919
920			#### accesslog module
921	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
922	a632cf43	Scott Ullrich
923			## deny access the file-extensions
924			#
925			# ~ is for backupfiles from vi, emacs, joe, ...
926			# .inc is often used for code includes which should in general not be part
927			# of the document-root
928			url.access-deny = ( "~", ".inc" )
929
930
931			######### Options that are good to be but not neccesary to be changed #######
932
933			## bind to port (default: 80)
934	28cae949	Scott Ullrich	server.port = {$lighty_port}
935	a632cf43	Scott Ullrich
936			## error-handler for status 404
937			#server.error-handler-404 = "/error-handler.html"
938			#server.error-handler-404 = "/error-handler.php"
939
940			## to help the rc.scripts
941			server.pid-file = "/var/run/{$pid_file}"
942
943			## virtual directory listings
944	28cae949	Scott Ullrich	server.dir-listing = "disable"
945	a632cf43	Scott Ullrich
946			## enable debugging
947	28cae949	Scott Ullrich	debug.log-request-header = "disable"
948			debug.log-response-header = "disable"
949			debug.log-request-handling = "disable"
950			debug.log-file-not-found = "disable"
951	a632cf43	Scott Ullrich
952			#### compress module
953			#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
954			#compress.filetype = ("text/plain", "text/html")
955
956	ee959dc4	Scott Ullrich	#server.network-backend = "writev"
957
958	3306a341	Scott Ullrich	{$server_upload_dirs}
959	1ef7b568	Scott Ullrich
960	a6e8af9c	Scott Ullrich	{$server_max_request_size}
961	ee959dc4	Scott Ullrich
962	4edb490d	Scott Ullrich	{$fastcgi_config}
963
964			{$cgi_config}
965	a632cf43	Scott Ullrich
966	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
967
968	a632cf43	Scott Ullrich	EOD;
969
970	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
971	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
972	7aae518a	Scott Ullrich
973			$cert = str_replace("\n\n", "\n", $cert);
974	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
975	7aae518a	Scott Ullrich
976	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
977	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
978	5b237745	Scott Ullrich	if (!$fd) {
979			printf("Error: cannot open cert.pem in system_webgui_start().\n");
980			return 1;
981			}
982	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
983	5b237745	Scott Ullrich	fwrite($fd, $cert);
984			fwrite($fd, "\n");
985			fwrite($fd, $key);
986			fclose($fd);
987	a632cf43	Scott Ullrich	$lighty_config .= "\n";
988	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
989	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
990	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
991	5b237745	Scott Ullrich	}
992	0f282d7a	Scott Ullrich
993	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
994	a632cf43	Scott Ullrich	if (!$fd) {
995	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
996	a632cf43	Scott Ullrich	return 1;
997	5b237745	Scott Ullrich	}
998	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
999			fclose($fd);
1000
1001			return 0;
1002	0f282d7a	Scott Ullrich
1003	5b237745	Scott Ullrich	}
1004
1005			function system_password_configure() {
1006	f19d3b7a	Scott Ullrich	global $config, $g;
1007	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1008			$mt = microtime();
1009	dcf0598e	Scott Ullrich	echo "system_password_configure() being called $mt\n";
1010	f19d3b7a	Scott Ullrich	}
1011
1012	0d174c5f	Scott Ullrich	/* sync passwords */
1013			sync_webgui_passwords();
1014
1015			/* !NOTE! conf_mount_ro is done by sync_webgui_passwords() */
1016	0f282d7a	Scott Ullrich
1017	5b237745	Scott Ullrich	return 0;
1018			}
1019
1020			function system_timezone_configure() {
1021	f19d3b7a	Scott Ullrich	global $config, $g;
1022	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1023			$mt = microtime();
1024	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1025	333f8ef0	Scott Ullrich	}
1026	5b237745	Scott Ullrich
1027			$syscfg = $config['system'];
1028
1029			if ($g['booting'])
1030	f05740c1	Scott Ullrich	echo "Setting timezone...";
1031	5b237745	Scott Ullrich
1032			/* extract appropriate timezone file */
1033			$timezone = $syscfg['timezone'];
1034			if (!$timezone)
1035			$timezone = "Etc/UTC";
1036	0f282d7a	Scott Ullrich
1037	34febcde	Scott Ullrich	conf_mount_rw();
1038
1039	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1040	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1041
1042	4efd4885	Scott Ullrich	mwexec("sync");
1043	27150275	Scott Ullrich	conf_mount_ro();
1044	34febcde	Scott Ullrich
1045	5b237745	Scott Ullrich	if ($g['booting'])
1046	5c6d0f65	Colin Smith	echo "done.\n";
1047	5b237745	Scott Ullrich	}
1048
1049			function system_ntp_configure() {
1050	f19d3b7a	Scott Ullrich	global $config, $g;
1051	5b237745	Scott Ullrich
1052			$syscfg = $config['system'];
1053
1054	67ee1ec5	Ermal Luçi	if (!$config['installedpackages']['openntpd'])
1055			return;
1056	ee745972	Ermal Luçi
1057	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
1058			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1059			if(!$fd) {
1060	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1061	20b90e0a	Scott Ullrich	return;
1062	5b237745	Scott Ullrich	}
1063
1064	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1065			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1066			fwrite($fd, "# \n\n");
1067	0f282d7a	Scott Ullrich
1068	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1069			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1070			fwrite($fd, "servers {$ts}\n");
1071	0f282d7a	Scott Ullrich
1072	5b6210e3	Bill Marquette	/* Setup listener(s) if the user has configured one */
1073	67ee1ec5	Ermal Luçi	if ($config['installedpackages']['openntpd']) {
1074			/* server config is in coregui1 */
1075	5b6210e3	Bill Marquette	$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1076			if ($xmlsettings['enable'] == 'on') {
1077			$ifaces = explode(',', $xmlsettings['interface']);
1078			$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
1079			$ifaces = array_filter($ifaces, 'does_interface_exist');
1080			$ips = array_map('find_interface_ip', $ifaces);
1081			foreach ($ips as $ip) {
1082			if (is_ipaddr($ip))
1083			fwrite($fd, "listen on $ip\n");
1084			}
1085	95594e5a	Scott Ullrich	}
1086			}
1087
1088	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1089	0f282d7a	Scott Ullrich
1090	20b90e0a	Scott Ullrich	/* slurp! */
1091			fclose($fd);
1092
1093			/* if openntpd is running, kill it */
1094	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1095	20b90e0a	Scott Ullrich	exec("/usr/bin/killall ntpd");
1096	5f3e1f12	Scott Ullrich	sleep(3);
1097			}
1098
1099			/* if /var/empty does not exist, create it */
1100			if(!is_dir("/var/empty"))
1101			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1102
1103			sleep(1);
1104	20b90e0a	Scott Ullrich
1105			/* start opentpd, set time now and use /var/etc/ntpd.conf */
1106			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1107	0f282d7a	Scott Ullrich
1108	5b237745	Scott Ullrich	}
1109
1110	652cf082	Seth Mos	function sync_system_time() {
1111			global $config, $g;
1112
1113			$syscfg = $config['system'];
1114
1115			if ($g['booting'])
1116	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1117	652cf082	Seth Mos
1118			/* foreach through servers and write out to ntpd.conf */
1119			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1120			mwexec("/usr/sbin/ntpdate -s $ts");
1121			}
1122	4582b281	Scott Ullrich
1123			if ($g['booting'])
1124			echo "done.\n";
1125
1126	652cf082	Seth Mos	}
1127
1128	405e5de0	Scott Ullrich	function system_halt() {
1129			global $g;
1130
1131			system_reboot_cleanup();
1132
1133			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
1134			}
1135
1136	5b237745	Scott Ullrich	function system_reboot() {
1137			global $g;
1138	0f282d7a	Scott Ullrich
1139	5b237745	Scott Ullrich	system_reboot_cleanup();
1140	0f282d7a	Scott Ullrich
1141	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1142			}
1143
1144			function system_reboot_sync() {
1145			global $g;
1146	0f282d7a	Scott Ullrich
1147	5b237745	Scott Ullrich	system_reboot_cleanup();
1148	0f282d7a	Scott Ullrich
1149	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1150			}
1151
1152			function system_reboot_cleanup() {
1153	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1154	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1155			}
1156
1157			function system_do_shell_commands($early = 0) {
1158	f19d3b7a	Scott Ullrich	global $config, $g;
1159	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1160			$mt = microtime();
1161	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1162	58c7450e	Scott Ullrich	}
1163	0f282d7a	Scott Ullrich
1164	5b237745	Scott Ullrich	if ($early)
1165			$cmdn = "earlyshellcmd";
1166			else
1167			$cmdn = "shellcmd";
1168	0f282d7a	Scott Ullrich
1169	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1170	333f8ef0	Scott Ullrich
1171	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1172	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1173			exec($cmd);
1174			}
1175	245388b4	Scott Ullrich
1176			} elseif($config['system'][$cmdn] <> "") {
1177	333f8ef0	Scott Ullrich
1178	245388b4	Scott Ullrich	/* execute single item */
1179			exec($config['system'][$cmdn]);
1180
1181	5b237745	Scott Ullrich	}
1182			}
1183
1184			function system_console_configure() {
1185	f19d3b7a	Scott Ullrich	global $config, $g;
1186	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1187			$mt = microtime();
1188	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1189	333f8ef0	Scott Ullrich	}
1190	0f282d7a	Scott Ullrich
1191	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1192			touch("{$g['varetc_path']}/disableconsole");
1193			} else {
1194			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1195			}
1196			}
1197
1198			function system_dmesg_save() {
1199	f19d3b7a	Scott Ullrich	global $g;
1200	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1201			$mt = microtime();
1202	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1203	f19d3b7a	Scott Ullrich	}
1204	0f282d7a	Scott Ullrich
1205	767a716e	Scott Ullrich	$dmesg = "";
1206	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1207	0f282d7a	Scott Ullrich
1208	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1209			$lastcpline = 0;
1210	0f282d7a	Scott Ullrich
1211	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1212			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1213			$lastcpline = $i;
1214			}
1215	0f282d7a	Scott Ullrich
1216	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1217			if (!$fd) {
1218			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1219			return 1;
1220			}
1221	0f282d7a	Scott Ullrich
1222	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1223			fwrite($fd, $dmesg[$i] . "\n");
1224	0f282d7a	Scott Ullrich
1225	5b237745	Scott Ullrich	fclose($fd);
1226	0f282d7a	Scott Ullrich
1227	5b237745	Scott Ullrich	return 0;
1228			}
1229
1230			function system_set_harddisk_standby() {
1231	f19d3b7a	Scott Ullrich	global $g, $config;
1232	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1233			$mt = microtime();
1234	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1235	58c7450e	Scott Ullrich	}
1236	5b237745	Scott Ullrich
1237			if (isset($config['system']['harddiskstandby'])) {
1238			if ($g['booting']) {
1239	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1240	5b237745	Scott Ullrich	}
1241
1242			$standby = $config['system']['harddiskstandby'];
1243			// Check for a numeric value
1244			if (is_numeric($standby)) {
1245			// Sync the disk(s)
1246			mwexec('/bin/sync');
1247			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1248			// Reinitialize ATA-drives
1249			mwexec('/usr/local/sbin/atareinit');
1250			if ($g['booting']) {
1251	5c6d0f65	Colin Smith	echo "done.\n";
1252	5b237745	Scott Ullrich	}
1253			} else if ($g['booting']) {
1254	5c6d0f65	Colin Smith	echo "failed!\n";
1255	5b237745	Scott Ullrich	}
1256			} else if ($g['booting']) {
1257	5c6d0f65	Colin Smith	echo "failed!\n";
1258	5b237745	Scott Ullrich	}
1259			}
1260			}
1261
1262	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1263	f19d3b7a	Scott Ullrich	global $config;
1264	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1265			$mt = microtime();
1266	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1267	58c7450e	Scott Ullrich	}
1268	243aa7b9	Scott Ullrich
1269	6df9d7e3	Scott Ullrich	activate_sysctls();
1270
1271	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1272			system_disable_arp_wrong_if();
1273			}
1274			}
1275
1276			function system_disable_arp_wrong_if() {
1277	f19d3b7a	Scott Ullrich	global $config;
1278	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1279			$mt = microtime();
1280	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1281	333f8ef0	Scott Ullrich	}
1282	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1283	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1284	3ff9d424	Scott Ullrich	}
1285
1286	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1287	f19d3b7a	Scott Ullrich	global $config;
1288	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1289			$mt = microtime();
1290	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1291	58c7450e	Scott Ullrich	}
1292	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1293	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1294	243aa7b9	Scott Ullrich	}
1295
1296	a199b93e	Scott Ullrich	function enable_watchdog() {
1297			global $config;
1298			$install_watchdog = false;
1299			$supported_watchdogs = array("Geode");
1300			$file = file_get_contents("/var/log/dmesg.boot");
1301			foreach($supported_watchdogs as $sd) {
1302			if(stristr($file, "Geode")) {
1303			$install_watchdog = true;
1304			}
1305			}
1306			if($install_watchdog == true) {
1307	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1308			exec("/usr/bin/killall watchdogd");
1309	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1310	a199b93e	Scott Ullrich	}
1311			}
1312	243aa7b9	Scott Ullrich
1313	04f4a116	Ermal Luçi	?>

Project

General

Profile

pfSense