/etc/inc/config.lib.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/config.lib.inc @ c014babd

1	12df7edc	Erik	<?php
2			/***h pfSense/config
3			* NAME
4	032c40c7	Scott Ullrich	* config.lib.inc - Functions to manipulate config.xml
5	12df7edc	Erik	* DESCRIPTION
6			* This include contains various config.xml specific functions.
7			* HISTORY
8			* $Id$
9			******
10
11			config.lib.inc
12			Ported from config.inc by Erik Kristensen
13	032c40c7	Scott Ullrich	Copyright (C) 2004-2010 Scott Ullrich
14	12df7edc	Erik	All rights reserved.
15
16			originally part of m0n0wall (http://m0n0.ch/wall)
17			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
18			All rights reserved.
19
20			Redistribution and use in source and binary forms, with or without
21			modification, are permitted provided that the following conditions are met:
22
23			1. Redistributions of source code must retain the above copyright notice,
24			this list of conditions and the following disclaimer.
25
26			2. Redistributions in binary form must reproduce the above copyright
27			notice, this list of conditions and the following disclaimer in the
28			documentation and/or other materials provided with the distribution.
29
30			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
31			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
32			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
33			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
34			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
35			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
36			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
37			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
38			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
39			POSSIBILITY OF SUCH DAMAGE.
40
41
42	971de1f9	Renato Botelho	pfSense_BUILDER_BINARIES: /sbin/mount /sbin/umount /sbin/halt /sbin/fsck
43	12df7edc	Erik	pfSense_MODULE: config
44			*/
45
46			/***f config/encrypted_configxml
47			* NAME
48			* encrypted_configxml - Checks to see if config.xml is encrypted and if so, prompts to unlock.
49			* INPUTS
50			* None
51			* RESULT
52			* $config - rewrites config.xml without encryption
53			******/
54			function encrypted_configxml() {
55			global $g, $config;
56	02e9880e	Ermal
57	1e0b1727	Phil Davis	if (!file_exists($g['conf_path'] . "/config.xml")) {
58	02e9880e	Ermal	return;
59	1e0b1727	Phil Davis	}
60	02e9880e	Ermal
61	1e0b1727	Phil Davis	if (!platform_booting()) {
62	02e9880e	Ermal	return;
63	1e0b1727	Phil Davis	}
64	02e9880e	Ermal
65	1e0b1727	Phil Davis	$configtxt = file_get_contents($g['conf_path'] . "/config.xml");
66			if (tagfile_deformat($configtxt, $configtxt, "config.xml")) {
67	02e9880e	Ermal	$fp = fopen('php://stdin', 'r');
68			$data = "";
69			echo "\n\n* Encrypted config.xml detected *\n";
70	1e0b1727	Phil Davis	while ($data == "") {
71	02e9880e	Ermal	echo "\nEnter the password to decrypt config.xml: ";
72			$decrypt_password = chop(fgets($fp));
73			$data = decrypt_data($configtxt, $decrypt_password);
74	1e0b1727	Phil Davis	if (!strstr($data, "<pfsense>")) {
75	12df7edc	Erik	$data = "";
76	1e0b1727	Phil Davis	}
77			if ($data) {
78	02e9880e	Ermal	$fd = fopen($g['conf_path'] . "/config.xml.tmp", "w");
79			fwrite($fd, $data);
80			fclose($fd);
81			exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml");
82	9d3d8d00	Vinicius Coque	echo "\n" . gettext("Config.xml unlocked.") . "\n";
83	02e9880e	Ermal	fclose($fp);
84			} else {
85	9d3d8d00	Vinicius Coque	echo "\n" . gettext("Invalid password entered. Please try again.") . "\n";
86	12df7edc	Erik	}
87			}
88			}
89			}
90
91			/***f config/parse_config
92			* NAME
93			* parse_config - Read in config.cache or config.xml if needed and return $config array
94			* INPUTS
95			* $parse - boolean to force parse_config() to read config.xml and generate config.cache
96			* RESULT
97			* $config - array containing all configuration variables
98			******/
99	1295e769	Scott Ullrich	function parse_config($parse = false) {
100	4e9a3392	Scott Ullrich	global $g, $config_parsed, $config_extra;
101	02e9880e	Ermal
102	12df7edc	Erik	$lockkey = lock('config');
103	0af381c2	Scott Ullrich	$config_parsed = false;
104	02e9880e	Ermal
105	12df7edc	Erik	if (!file_exists("{$g['conf_path']}/config.xml") \|\| filesize("{$g['conf_path']}/config.xml") == 0) {
106			$last_backup = discover_last_backup();
107	1e0b1727	Phil Davis	if ($last_backup) {
108	4e038d31	Carlos Eduardo Ramos	log_error(gettext("No config.xml found, attempting last known config restore."));
109			file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
110	12df7edc	Erik	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
111			} else {
112			unlock($lockkey);
113	4e038d31	Carlos Eduardo Ramos	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
114	12df7edc	Erik	}
115			}
116	02e9880e	Ermal
117	16d6c1df	Renato Botelho	if (platform_booting(true))
118	02e9880e	Ermal	echo ".";
119
120	12df7edc	Erik	// Check for encrypted config.xml
121			encrypted_configxml();
122	02e9880e	Ermal
123	1e0b1727	Phil Davis	if (!$parse) {
124	02e9880e	Ermal	if (file_exists($g['tmp_path'] . '/config.cache')) {
125	12df7edc	Erik	$config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache'));
126	1e0b1727	Phil Davis	if (is_null($config)) {
127	02e9880e	Ermal	$parse = true;
128	1e0b1727	Phil Davis	}
129			} else {
130	02e9880e	Ermal	$parse = true;
131	1e0b1727	Phil Davis	}
132	02e9880e	Ermal	}
133			if ($parse == true) {
134	1e0b1727	Phil Davis	if (!file_exists($g['conf_path'] . "/config.xml")) {
135			if (platform_booting(true)) {
136	02e9880e	Ermal	echo ".";
137	1e0b1727	Phil Davis	}
138	12df7edc	Erik	log_error("No config.xml found, attempting last known config restore.");
139			file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
140			$last_backup = discover_last_backup();
141	1e0b1727	Phil Davis	if ($last_backup) {
142	12df7edc	Erik	restore_backup("/cf/conf/backup/{$last_backup}");
143	1e0b1727	Phil Davis	} else {
144	4e038d31	Carlos Eduardo Ramos	log_error(gettext("Could not restore config.xml."));
145	50cafcf3	Ermal	unlock($lockkey);
146	4816e5ca	Renato Botelho	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
147	50cafcf3	Ermal	}
148	12df7edc	Erik	}
149	990d7c03	Erik Fonnesbeck	$config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense'));
150	1e0b1727	Phil Davis	if ($config == -1) {
151	12df7edc	Erik	$last_backup = discover_last_backup();
152	1e0b1727	Phil Davis	if ($last_backup) {
153	12df7edc	Erik	restore_backup("/cf/conf/backup/{$last_backup}");
154	1e0b1727	Phil Davis	} else {
155	12df7edc	Erik	log_error(gettext("Could not restore config.xml."));
156	50cafcf3	Ermal	unlock($lockkey);
157			die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.");
158			}
159	12df7edc	Erik	}
160			generate_config_cache($config);
161			}
162	02e9880e	Ermal
163	1e0b1727	Phil Davis	if (platform_booting(true)) {
164	02e9880e	Ermal	echo ".";
165	1e0b1727	Phil Davis	}
166	02e9880e	Ermal
167	12df7edc	Erik	$config_parsed = true;
168			unlock($lockkey);
169
170	02e9880e	Ermal	alias_make_table($config);
171
172	12df7edc	Erik	return $config;
173			}
174
175			/***f config/generate_config_cache
176			* NAME
177			* generate_config_cache - Write serialized configuration to cache.
178			* INPUTS
179			* $config - array containing current firewall configuration
180			* RESULT
181			* boolean - true on completion
182			******/
183			function generate_config_cache($config) {
184	4e9a3392	Scott Ullrich	global $g, $config_extra;
185	12df7edc	Erik
186			$configcache = fopen($g['tmp_path'] . '/config.cache', "w");
187			fwrite($configcache, serialize($config));
188			fclose($configcache);
189	4e9a3392	Scott Ullrich	unset($configcache);
190			/* Used for config.extra.xml */
191	1e0b1727	Phil Davis	if (file_exists($g['tmp_path'] . '/config.extra.cache') && $config_extra) {
192	4e9a3392	Scott Ullrich	$configcacheextra = fopen($g['tmp_path'] . '/config.extra.cache', "w");
193			fwrite($configcacheextra, serialize($config_extra));
194	1e0b1727	Phil Davis	fclose($configcacheextra);
195	4e9a3392	Scott Ullrich	unset($configcacheextra);
196			}
197	12df7edc	Erik	}
198
199			function discover_last_backup() {
200	692c21fd	Renato Botelho	$backups = glob('/cf/conf/backup/*.xml');
201	12df7edc	Erik	$last_backup = "";
202	692c21fd	Renato Botelho	$last_mtime = 0;
203	1e0b1727	Phil Davis	foreach ($backups as $backup) {
204			if (filemtime($backup) > $last_mtime) {
205	692c21fd	Renato Botelho	$last_mtime = filemtime($backup);
206			$last_backup = $backup;
207			}
208			}
209	12df7edc	Erik
210	692c21fd	Renato Botelho	return basename($last_backup);
211	12df7edc	Erik	}
212
213			function restore_backup($file) {
214			global $g;
215
216			if (file_exists($file)) {
217			conf_mount_rw();
218			unlink_if_exists("{$g['tmp_path']}/config.cache");
219	e490f995	Ermal	copy("$file","/cf/conf/config.xml");
220	0f806eca	Erik Fonnesbeck	disable_security_checks();
221	addc0439	Renato Botelho	log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file));
222			file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", "");
223	12df7edc	Erik	conf_mount_ro();
224			}
225			}
226
227			/***f config/parse_config_bootup
228			* NAME
229			* parse_config_bootup - Bootup-specific configuration checks.
230			* RESULT
231			* null
232			******/
233			function parse_config_bootup() {
234	50cafcf3	Ermal	global $config, $g;
235	12df7edc	Erik
236	1e0b1727	Phil Davis	if (platform_booting()) {
237	02e9880e	Ermal	echo ".";
238	1e0b1727	Phil Davis	}
239	12df7edc	Erik
240			$lockkey = lock('config');
241	50cafcf3	Ermal	if (!file_exists("{$g['conf_path']}/config.xml")) {
242	285ef132	Ermal LUÇI	if (platform_booting()) {
243	50cafcf3	Ermal	if (strstr($g['platform'], "cdrom")) {
244			/* try copying the default config. to the floppy */
245	4816e5ca	Renato Botelho	echo gettext("Resetting factory defaults...") . "\n";
246	50cafcf3	Ermal	reset_factory_defaults(true);
247			if (!file_exists("{$g['conf_path']}/config.xml")) {
248	4816e5ca	Renato Botelho	echo gettext("No XML configuration file found - using factory defaults.\n" .
249			"Make sure that the configuration floppy disk with the conf/config.xml\n" .
250			"file is inserted. If it isn't, your configuration changes will be lost\n" .
251			"on reboot.\n");
252	12df7edc	Erik	}
253			} else {
254	50cafcf3	Ermal	$last_backup = discover_last_backup();
255	1e0b1727	Phil Davis	if ($last_backup) {
256	50cafcf3	Ermal	log_error("No config.xml found, attempting last known config restore.");
257	4816e5ca	Renato Botelho	file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
258	50cafcf3	Ermal	restore_backup("/cf/conf/backup/{$last_backup}");
259			}
260	1e0b1727	Phil Davis	if (!file_exists("{$g['conf_path']}/config.xml")) {
261	4816e5ca	Renato Botelho	echo sprintf(gettext("XML configuration file not found. %s cannot continue booting."), $g['product_name']) . "\n";
262	02e9880e	Ermal	unlock($lockkey);
263	50cafcf3	Ermal	mwexec("/sbin/halt");
264			exit;
265			}
266			log_error("Last known config found and restored. Please double check your configuration file for accuracy.");
267	4816e5ca	Renato Botelho	file_notice("config.xml", gettext("Last known config found and restored. Please double check your configuration file for accuracy."), "pfSenseConfigurator", "");
268	12df7edc	Erik	}
269	50cafcf3	Ermal	} else {
270			unlock($lockkey);
271	b5e8282d	Ermal	log_error(gettext("Could not find a usable configuration file! Exiting...."));
272	50cafcf3	Ermal	exit(0);
273	12df7edc	Erik	}
274			}
275	50cafcf3	Ermal
276	12df7edc	Erik	if (filesize("{$g['conf_path']}/config.xml") == 0) {
277			$last_backup = discover_last_backup();
278	1e0b1727	Phil Davis	if ($last_backup) {
279	4e038d31	Carlos Eduardo Ramos	log_error(gettext("No config.xml found, attempting last known config restore."));
280			file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
281	12df7edc	Erik	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
282			} else {
283			unlock($lockkey);
284	4e038d31	Carlos Eduardo Ramos	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
285	12df7edc	Erik	}
286			}
287			unlock($lockkey);
288
289	89adb2f3	Ermal	$config = parse_config(true);
290
291	12df7edc	Erik	if ((float)$config['version'] > (float)$g['latest_config']) {
292			echo <<<EOD
293
294
295			*******************************************************************************
296			* WARNING! *
297			* The current configuration has been created with a newer version of {$g['product_name']} *
298			* than this one! This can lead to serious misbehavior and even security *
299			* holes! You are urged to either upgrade to a newer version of {$g['product_name']} or *
300			* revert to the default configuration immediately! *
301			*******************************************************************************
302
303
304			EOD;
305			}
306
307			/* make alias table (for faster lookups) */
308			alias_make_table($config);
309			}
310
311			/***f config/conf_mount_rw
312			* NAME
313			* conf_mount_rw - Mount filesystems read/write.
314			* RESULT
315			* null
316			******/
317			/* mount flash card read/write */
318	63e18082	jim-p	function conf_mount_rw() {
319	7b229013	jim-p	global $g, $config;
320	12df7edc	Erik
321			/* do not mount on cdrom platform */
322	1e0b1727	Phil Davis	if ($g['platform'] == "cdrom" or $g['platform'] == "pfSense") {
323	12df7edc	Erik	return;
324	1e0b1727	Phil Davis	}
325	a45e27ba	Ermal
326	1e0b1727	Phil Davis	if ((refcount_reference(1000) > 1) && is_writable("/")) {
327	12df7edc	Erik	return;
328	1e0b1727	Phil Davis	}
329	12df7edc	Erik
330	e8567e89	jim-p	$status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}");
331	1e0b1727	Phil Davis	if ($status <> 0) {
332			if (platform_booting()) {
333	4e038d31	Carlos Eduardo Ramos	echo gettext("Disk is dirty. Running fsck -y") . "\n";
334	1e0b1727	Phil Davis	}
335	12df7edc	Erik	mwexec("/sbin/fsck -y {$g['cf_path']}");
336	e8567e89	jim-p	$status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}");
337	12df7edc	Erik	}
338
339			/* if the platform is soekris or wrap or pfSense, lets mount the
340			* compact flash cards root.
341	1e0b1727	Phil Davis	*/
342	e8567e89	jim-p	$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
343	a45e27ba	Ermal	/* we could not mount this correctly. kick off fsck */
344	1e0b1727	Phil Davis	if ($status <> 0) {
345	4e038d31	Carlos Eduardo Ramos	log_error(gettext("File system is dirty. Launching FSCK for /"));
346	a45e27ba	Ermal	mwexec("/sbin/fsck -y /");
347	e8567e89	jim-p	$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
348	12df7edc	Erik	}
349	1e0b1727	Phil Davis
350	12df7edc	Erik	mark_subsystem_dirty('mount');
351			}
352
353			/***f config/conf_mount_ro
354			* NAME
355			* conf_mount_ro - Mount filesystems readonly.
356			* RESULT
357			* null
358			******/
359	63e18082	jim-p	function conf_mount_ro() {
360	7b229013	jim-p	global $g, $config;
361	12df7edc	Erik
362	2de8d745	jim-p	/* Do not trust $g['platform'] since this can be clobbered during factory reset. */
363			$platform = trim(file_get_contents("/etc/platform"));
364	23f0ca50	Ermal Lu?i	/* do not umount on cdrom or pfSense platforms */
365	1e0b1727	Phil Davis	if ($platform == "cdrom" or $platform == "pfSense") {
366	23f0ca50	Ermal Lu?i	return;
367	1e0b1727	Phil Davis	}
368	23f0ca50	Ermal Lu?i
369	1e0b1727	Phil Davis	if (refcount_unreference(1000) > 0) {
370	52f4c092	Scott Ullrich	return;
371	1e0b1727	Phil Davis	}
372	52f4c092	Scott Ullrich
373	1e0b1727	Phil Davis	if (isset($config['system']['nanobsd_force_rw'])) {
374	b8250344	Renato Botelho	return;
375	1e0b1727	Phil Davis	}
376	b8250344	Renato Botelho
377	1e0b1727	Phil Davis	if (platform_booting()) {
378	12df7edc	Erik	return;
379	1e0b1727	Phil Davis	}
380	12df7edc	Erik
381			clear_subsystem_dirty('mount');
382			/* sync data, then force a remount of /cf */
383	5ba5a8de	Scott Ullrich	pfSense_sync();
384	e8567e89	jim-p	mwexec("/sbin/mount -u -r -f -o sync,noatime {$g['cf_path']}");
385			mwexec("/sbin/mount -u -r -f -o sync,noatime /");
386	12df7edc	Erik	}
387
388			/***f config/convert_config
389			* NAME
390			* convert_config - Attempt to update config.xml.
391			* DESCRIPTION
392			* convert_config() reads the current global configuration
393			* and attempts to convert it to conform to the latest
394			* config.xml version. This allows major formatting changes
395			* to be made with a minimum of breakage.
396			* RESULT
397			* null
398			******/
399			/* convert configuration, if necessary */
400			function convert_config() {
401			global $config, $g;
402			$now = date("H:i:s");
403	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("Start Configuration upgrade at %s, set execution timeout to 15 minutes"), $now));
404	59cfe65d	Ermal	//ini_set("max_execution_time", "900");
405	12df7edc	Erik
406			/* special case upgrades */
407			/* fix every minute crontab bogons entry */
408	32a9eb18	Ermal	if (is_array($config['cron'])) {
409			$cron_item_count = count($config['cron']['item']);
410			for($x=0; $x<$cron_item_count; $x++) {
411	1e0b1727	Phil Davis	if (stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
412			if ($config['cron']['item'][$x]['hour'] == "*" ) {
413			$config['cron']['item'][$x]['hour'] = "3";
414	32a9eb18	Ermal	write_config(gettext("Updated bogon update frequency to 3am"));
415			log_error(gettext("Updated bogon update frequency to 3am"));
416	1e0b1727	Phil Davis	}
417	32a9eb18	Ermal	}
418	12df7edc	Erik	}
419			}
420	1e0b1727	Phil Davis	if ($config['version'] == $g['latest_config']) {
421	12df7edc	Erik	return; /* already at latest version */
422	1e0b1727	Phil Davis	}
423	12df7edc	Erik
424			// Save off config version
425			$prev_version = $config['version'];
426	1e0b1727	Phil Davis
427	b96cad97	Seth Mos	include_once('auth.inc');
428	12df7edc	Erik	include_once('upgrade_config.inc');
429	1e0b1727	Phil Davis	if (file_exists("/etc/inc/upgrade_config_custom.inc")) {
430	e58da189	Ermal	include_once("upgrade_config_custom.inc");
431	1e0b1727	Phil Davis	}
432	12df7edc	Erik	/* Loop and run upgrade_VER_to_VER() until we're at current version */
433			while ($config['version'] < $g['latest_config']) {
434			$cur = $config['version'] * 10;
435			$next = $cur + 1;
436			$migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next);
437	1e0b1727	Phil Davis	if (function_exists($migration_function)) {
438	cb0e3f8e	Ermal	$migration_function();
439	1e0b1727	Phil Davis	}
440	e58da189	Ermal	$migration_function = "{$migration_function}_custom";
441	1e0b1727	Phil Davis	if (function_exists($migration_function)) {
442	e58da189	Ermal	$migration_function();
443	1e0b1727	Phil Davis	}
444	12df7edc	Erik	$config['version'] = sprintf('%.1f', $next / 10);
445	1e0b1727	Phil Davis	if (platform_booting()) {
446	92cf9fcd	sullrich	echo ".";
447	1e0b1727	Phil Davis	}
448	12df7edc	Erik	}
449
450			$now = date("H:i:s");
451	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("Ended Configuration upgrade at %s"), $now));
452	12df7edc	Erik
453	1e0b1727	Phil Davis	if ($prev_version != $config['version']) {
454	addc0439	Renato Botelho	write_config(sprintf(gettext('Upgraded config version level from %1$s to %2$s'), $prev_version, $config['version']));
455	1e0b1727	Phil Davis	}
456	12df7edc	Erik	}
457
458	ddd42db3	Ermal Lu?i	/***f config/safe_write_file
459			* NAME
460			* safe_write_file - Write a file out atomically
461			* DESCRIPTION
462			* safe_write_file() Writes a file out atomically by first writing to a
463			* temporary file of the same name but ending with the pid of the current
464			* process, them renaming the temporary file over the original.
465			* INPUTS
466			* $filename - string containing the filename of the file to write
467			* $content - string containing the file content to write to file
468			* $force_binary - boolean denoting whether we should force binary
469			* mode writing.
470			* RESULT
471			* boolean - true if successful, false if not
472			******/
473			function safe_write_file($file, $content, $force_binary) {
474	628d1548	Ermal	$tmp_file = $file . "." . getmypid();
475			$write_mode = $force_binary ? "wb" : "w";
476	ddd42db3	Ermal Lu?i
477	628d1548	Ermal	$fd = fopen($tmp_file, $write_mode);
478			if (!$fd) {
479			// Unable to open temporary file for writing
480			return false;
481	1e0b1727	Phil Davis	}
482	628d1548	Ermal	if (!fwrite($fd, $content)) {
483			// Unable to write to temporary file
484	00bc5bcc	Scott Ullrich	fclose($fd);
485	628d1548	Ermal	return false;
486			}
487			fflush($fd);
488			fclose($fd);
489	ddd42db3	Ermal Lu?i
490	628d1548	Ermal	if (!rename($tmp_file, $file)) {
491			// Unable to move temporary file to original
492			@unlink($tmp_file);
493			return false;
494			}
495	00bc5bcc	Scott Ullrich
496	628d1548	Ermal	// Sync file before returning
497			pfSense_sync();
498	00bc5bcc	Scott Ullrich
499	628d1548	Ermal	return true;
500	ddd42db3	Ermal Lu?i	}
501
502	12df7edc	Erik	/***f config/write_config
503			* NAME
504			* write_config - Backup and write the firewall configuration.
505			* DESCRIPTION
506			* write_config() handles backing up the current configuration,
507			* applying changes, and regenerating the configuration cache.
508			* INPUTS
509			* $desc - string containing the a description of configuration changes
510			* $backup - boolean: do not back up current configuration if false.
511			* RESULT
512			* null
513			******/
514			/* save the system configuration */
515			function write_config($desc="Unknown", $backup = true) {
516			global $config, $g;
517
518	a74260cb	jim-p	if (!empty($_SERVER['REMOTE_ADDR'])) {
519	1e0b1727	Phil Davis	if (!session_id()) {
520	a74260cb	jim-p	@session_start();
521	1e0b1727	Phil Davis	}
522	cf0dae69	Ermal	if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) {
523			$user = getUserEntry($_SESSION['Username']);
524			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
525			session_commit();
526			return false;
527			}
528	4111fcf5	Ermal	}
529	170cb2bc	jim-p	}
530	4111fcf5	Ermal
531	1e0b1727	Phil Davis	if (!isset($argc)) {
532	9d584d5d	Ermal	session_commit();
533	1e0b1727	Phil Davis	}
534	4111fcf5	Ermal
535	1e0b1727	Phil Davis	if ($backup) {
536	12df7edc	Erik	backup_config();
537	1e0b1727	Phil Davis	}
538	12df7edc	Erik
539	ba1d9714	jim-p	$config['revision'] = make_config_revision_entry($desc);
540	12df7edc	Erik
541	b6c34bfc	Ermal	conf_mount_rw();
542			$lockkey = lock('config', LOCK_EX);
543	12df7edc	Erik
544			/* generate configuration XML */
545			$xmlconfig = dump_xml_config($config, $g['xml_rootobj']);
546
547	41bf8e8e	Scott Ullrich	/* write new configuration */
548			if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) {
549	4e038d31	Carlos Eduardo Ramos	log_error(gettext("WARNING: Config contents could not be save. Could not open file!"));
550	12df7edc	Erik	unlock($lockkey);
551	4e038d31	Carlos Eduardo Ramos	file_notice("config.xml", sprintf(gettext("Unable to open %s/config.xml for writing in write_config()%s"), $g['cf_conf_path'], "\n"));
552	541989d5	Ermal	return -1;
553	e5977136	Scott Ullrich	}
554	1e0b1727	Phil Davis
555	e1ebe9e2	jim-p	cleanup_backupcache(true);
556	12df7edc	Erik
557			/* re-read configuration */
558	541989d5	Ermal	/* NOTE: We assume that the file can be parsed since we wrote it. */
559	12df7edc	Erik	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
560	e490f995	Ermal	if ($config == -1) {
561	557300a7	jim-p	copy("{$g['conf_path']}/config.xml", "{$g['conf_path']}/config.xml.bad");
562	e490f995	Ermal	$last_backup = discover_last_backup();
563	557300a7	jim-p	if ($last_backup) {
564	e490f995	Ermal	restore_backup("/cf/conf/backup/{$last_backup}");
565	557300a7	jim-p	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
566	285ef132	Ermal LUÇI	if (platform_booting()) {
567	557300a7	jim-p	echo "\n\n ************ WARNING ************";
568	6177fd92	jim-p	echo "\n\n Configuration could not be validated. A previous configuration was restored. \n";
569	05d5503b	Ermal	echo "\n The failed configuration file has been saved as {$g['conf_path']}/config.xml.bad \n\n";
570	557300a7	jim-p	}
571	1e0b1727	Phil Davis	} else {
572	e490f995	Ermal	log_error(gettext("Could not restore config.xml."));
573	1e0b1727	Phil Davis	}
574			} else {
575	e490f995	Ermal	generate_config_cache($config);
576	1e0b1727	Phil Davis	}
577	12df7edc	Erik
578			unlock($lockkey);
579
580			unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
581	16b96ea6	Scott Ullrich
582	b6c34bfc	Ermal	/* tell kernel to sync fs data */
583			conf_mount_ro();
584
585	12df7edc	Erik	/* sync carp entries to other firewalls */
586	16b96ea6	Scott Ullrich	carp_sync_client();
587	12df7edc	Erik
588	1e0b1727	Phil Davis	if (is_dir("/usr/local/pkg/write_config")) {
589	12df7edc	Erik	/* process packager manager custom rules */
590			run_plugins("/usr/local/pkg/write_config/");
591			}
592
593			return $config;
594			}
595
596			/***f config/reset_factory_defaults
597			* NAME
598			* reset_factory_defaults - Reset the system to its default configuration.
599			* RESULT
600			* integer - indicates completion
601			******/
602			function reset_factory_defaults($lock = false) {
603			global $g;
604
605			conf_mount_rw();
606	1e0b1727	Phil Davis	if (!$lock) {
607	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
608	1e0b1727	Phil Davis	}
609	12df7edc	Erik
610			/* create conf directory, if necessary */
611			safe_mkdir("{$g['cf_conf_path']}");
612
613			/* clear out /conf */
614			$dh = opendir($g['conf_path']);
615			while ($filename = readdir($dh)) {
616			if (($filename != ".") && ($filename != "..")) {
617			unlink_if_exists($g['conf_path'] . "/" . $filename);
618			}
619			}
620			closedir($dh);
621	63dd9f08	Ermal	unlink_if_exists($g['tmp_path'] . "/config.cache");
622	12df7edc	Erik
623			/* copy default configuration */
624			copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml");
625
626	0f806eca	Erik Fonnesbeck	disable_security_checks();
627
628	12df7edc	Erik	/* call the wizard */
629			touch("/conf/trigger_initial_wizard");
630	1e0b1727	Phil Davis	if (!$lock) {
631	12df7edc	Erik	unlock($lockkey);
632	1e0b1727	Phil Davis	}
633	b6c34bfc	Ermal	conf_mount_ro();
634	673966e4	jim-p	setup_serial_port();
635	12df7edc	Erik	return 0;
636			}
637
638			function config_restore($conffile) {
639			global $config, $g;
640
641	1e0b1727	Phil Davis	if (!file_exists($conffile)) {
642	12df7edc	Erik	return 1;
643	1e0b1727	Phil Davis	}
644	12df7edc	Erik
645			backup_config();
646
647	f2087c85	Scott Ullrich	conf_mount_rw();
648	1e0b1727	Phil Davis
649	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
650	12df7edc	Erik
651			unlink_if_exists("{$g['tmp_path']}/config.cache");
652	e490f995	Ermal	copy($conffile, "{$g['cf_conf_path']}/config.xml");
653	12df7edc	Erik
654	0f806eca	Erik Fonnesbeck	disable_security_checks();
655
656	12df7edc	Erik	unlock($lockkey);
657
658			$config = parse_config(true);
659
660			conf_mount_ro();
661
662	4e038d31	Carlos Eduardo Ramos	write_config(gettext("Reverted to") . " " . array_pop(explode("/", $conffile)) . ".", false);
663	e296b183	Ermal Lu?i
664	12df7edc	Erik	return 0;
665			}
666
667			function config_install($conffile) {
668			global $config, $g;
669
670	1e0b1727	Phil Davis	if (!file_exists($conffile)) {
671	12df7edc	Erik	return 1;
672	1e0b1727	Phil Davis	}
673	12df7edc	Erik
674	1e0b1727	Phil Davis	if (!config_validate("{$conffile}")) {
675	12df7edc	Erik	return 1;
676	1e0b1727	Phil Davis	}
677	12df7edc	Erik
678	1e0b1727	Phil Davis	if (platform_booting()) {
679	4e038d31	Carlos Eduardo Ramos	echo gettext("Installing configuration...") . "\n";
680	1e0b1727	Phil Davis	} else {
681	4e038d31	Carlos Eduardo Ramos	log_error(gettext("Installing configuration ...."));
682	1e0b1727	Phil Davis	}
683	12df7edc	Erik
684			conf_mount_rw();
685	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
686	12df7edc	Erik
687			copy($conffile, "{$g['conf_path']}/config.xml");
688
689	0f806eca	Erik Fonnesbeck	disable_security_checks();
690
691	12df7edc	Erik	/* unlink cache file if it exists */
692	1e0b1727	Phil Davis	if (file_exists("{$g['tmp_path']}/config.cache")) {
693	12df7edc	Erik	unlink("{$g['tmp_path']}/config.cache");
694	1e0b1727	Phil Davis	}
695	12df7edc	Erik
696			unlock($lockkey);
697			conf_mount_ro();
698
699	1e0b1727	Phil Davis	return 0;
700	12df7edc	Erik	}
701
702	0f806eca	Erik Fonnesbeck	/*
703			* Disable security checks for DNS rebind and HTTP referrer until next time
704			* they pass (or reboot), to aid in preventing accidental lockout when
705			* restoring settings like hostname, domain, IP addresses, and settings
706			* related to the DNS rebind and HTTP referrer checks.
707			* Intended for use when restoring a configuration or directly
708			* modifying config.xml without an unconditional reboot.
709			*/
710			function disable_security_checks() {
711			global $g;
712			touch("{$g['tmp_path']}/disable_security_checks");
713			}
714
715			/* Restores security checks. Should be called after all succeed. */
716			function restore_security_checks() {
717			global $g;
718			unlink_if_exists("{$g['tmp_path']}/disable_security_checks");
719			}
720
721			/* Returns status of security check temporary disable. */
722			function security_checks_disabled() {
723			global $g;
724			return file_exists("{$g['tmp_path']}/disable_security_checks");
725			}
726
727	12df7edc	Erik	function config_validate($conffile) {
728
729			global $g, $xmlerr;
730
731			$xml_parser = xml_parser_create();
732
733			if (!($fp = fopen($conffile, "r"))) {
734	4e038d31	Carlos Eduardo Ramos	$xmlerr = gettext("XML error: unable to open file");
735	12df7edc	Erik	return false;
736			}
737
738			while ($data = fread($fp, 4096)) {
739			if (!xml_parse($xml_parser, $data, feof($fp))) {
740	addc0439	Renato Botelho	$xmlerr = sprintf(gettext('%1$s at line %2$d'),
741	12df7edc	Erik	xml_error_string(xml_get_error_code($xml_parser)),
742			xml_get_current_line_number($xml_parser));
743			return false;
744			}
745			}
746			xml_parser_free($xml_parser);
747
748			fclose($fp);
749
750			return true;
751			}
752
753	e1ebe9e2	jim-p	function cleanup_backupcache($lock = false) {
754	12df7edc	Erik	global $g;
755			$i = false;
756	e1ebe9e2	jim-p
757			$revisions = get_config_backup_count();
758
759	1e0b1727	Phil Davis	if (!$lock) {
760	12df7edc	Erik	$lockkey = lock('config');
761	1e0b1727	Phil Davis	}
762	cd25a2b2	jim-p
763			conf_mount_rw();
764
765			$backups = get_backups();
766			if ($backups) {
767	12df7edc	Erik	$baktimes = $backups['versions'];
768			unset($backups['versions']);
769	cd25a2b2	jim-p	} else {
770			$backups = array();
771			$baktimes = array();
772			}
773			$newbaks = array();
774			$bakfiles = glob($g['cf_conf_path'] . "/backup/config-*");
775			$tocache = array();
776	12df7edc	Erik
777	1e0b1727	Phil Davis	foreach ($bakfiles as $backup) { // Check for backups in the directory not represented in the cache.
778	bfe615ee	jim-p	$backupsize = filesize($backup);
779	1e0b1727	Phil Davis	if ($backupsize == 0) {
780	cd25a2b2	jim-p	unlink($backup);
781			continue;
782			}
783	b3bbed58	Ermal LUÇI	$backupexp = explode('-', $backup);
784			$backupexp = explode('.', array_pop($backupexp));
785			$tocheck = array_shift($backupexp);
786			unset($backupexp);
787	1e0b1727	Phil Davis	if (!in_array($tocheck, $baktimes)) {
788	cd25a2b2	jim-p	$i = true;
789	1e0b1727	Phil Davis	if (platform_booting()) {
790	cd25a2b2	jim-p	echo ".";
791	1e0b1727	Phil Davis	}
792	990d7c03	Erik Fonnesbeck	$newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense'));
793	1e0b1727	Phil Davis	if ($newxml == "-1") {
794	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup));
795	cd25a2b2	jim-p	unlink($backup);
796	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup));
797	cd25a2b2	jim-p	continue;
798	12df7edc	Erik	}
799	1e0b1727	Phil Davis	if ($newxml['revision']['description'] == "") {
800	cd25a2b2	jim-p	$newxml['revision']['description'] = "Unknown";
801	1e0b1727	Phil Davis	}
802			if ($newxml['version'] == "") {
803	92420c0a	jim-p	$newxml['version'] = "?";
804	1e0b1727	Phil Davis	}
805	bfe615ee	jim-p	$tocache[$tocheck] = array('description' => $newxml['revision']['description'], 'version' => $newxml['version'], 'filesize' => $backupsize);
806	12df7edc	Erik	}
807	cd25a2b2	jim-p	}
808	1e0b1727	Phil Davis	foreach ($backups as $checkbak) {
809			if (count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) {
810	cd25a2b2	jim-p	$newbaks[] = $checkbak;
811			} else {
812			$i = true;
813	285ef132	Ermal LUÇI	if (platform_booting()) print " " . $tocheck . "r";
814	cd25a2b2	jim-p	}
815			}
816	1e0b1727	Phil Davis	foreach ($newbaks as $todo) {
817			$tocache[$todo['time']] = array('description' => $todo['description'], 'version' => $todo['version'], 'filesize' => $todo['filesize']);
818			}
819			if (is_int($revisions) and (count($tocache) > $revisions)) {
820	cd25a2b2	jim-p	$toslice = array_slice(array_keys($tocache), 0, $revisions);
821	1e0b1727	Phil Davis	foreach ($toslice as $sliced) {
822	cd25a2b2	jim-p	$newcache[$sliced] = $tocache[$sliced];
823	1e0b1727	Phil Davis	}
824			foreach ($tocache as $version => $versioninfo) {
825			if (!in_array($version, array_keys($newcache))) {
826	cd25a2b2	jim-p	unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml');
827	12df7edc	Erik	}
828			}
829	cd25a2b2	jim-p	$tocache = $newcache;
830	12df7edc	Erik	}
831	cd25a2b2	jim-p	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
832			fwrite($bakout, serialize($tocache));
833			fclose($bakout);
834			conf_mount_ro();
835
836	1e0b1727	Phil Davis	if (!$lock) {
837	12df7edc	Erik	unlock($lockkey);
838	1e0b1727	Phil Davis	}
839	12df7edc	Erik	}
840
841			function get_backups() {
842			global $g;
843	1e0b1727	Phil Davis	if (file_exists("{$g['cf_conf_path']}/backup/backup.cache")) {
844	12df7edc	Erik	$confvers = unserialize(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"));
845			$bakvers = array_keys($confvers);
846			$toreturn = array();
847			sort($bakvers);
848			// $bakvers = array_reverse($bakvers);
849	1e0b1727	Phil Davis	foreach (array_reverse($bakvers) as $bakver) {
850	bfe615ee	jim-p	$toreturn[] = array('time' => $bakver, 'description' => $confvers[$bakver]['description'], 'version' => $confvers[$bakver]['version'], 'filesize' => $confvers[$bakver]['filesize']);
851	1e0b1727	Phil Davis	}
852	12df7edc	Erik	} else {
853			return false;
854			}
855			$toreturn['versions'] = $bakvers;
856			return $toreturn;
857			}
858
859			function backup_config() {
860			global $config, $g;
861
862	1e0b1727	Phil Davis	if ($g['platform'] == "cdrom") {
863	12df7edc	Erik	return;
864	1e0b1727	Phil Davis	}
865	12df7edc	Erik
866			conf_mount_rw();
867
868			/* Create backup directory if needed */
869			safe_mkdir("{$g['cf_conf_path']}/backup");
870
871	1e0b1727	Phil Davis	if ($config['revision']['time'] == "") {
872			$baktime = 0;
873			} else {
874			$baktime = $config['revision']['time'];
875			}
876			if ($config['revision']['description'] == "") {
877			$bakdesc = "Unknown";
878			} else {
879			$bakdesc = $config['revision']['description'];
880			}
881	8059f9cb	jim-p
882			$bakver = ($config['version'] == "") ? "?" : $config['version'];
883	bfe615ee	jim-p	$bakfilename = $g['cf_conf_path'] . '/backup/config-' . $baktime . '.xml';
884			copy($g['cf_conf_path'] . '/config.xml', $bakfilename);
885	1e0b1727	Phil Davis	if (file_exists($g['cf_conf_path'] . '/backup/backup.cache')) {
886			$backupcache = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache'));
887			} else {
888			$backupcache = array();
889			}
890	bfe615ee	jim-p	$backupcache[$baktime] = array('description' => $bakdesc, 'version' => $bakver, 'filesize' => filesize($bakfilename));
891	1e0b1727	Phil Davis	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
892			fwrite($bakout, serialize($backupcache));
893			fclose($bakout);
894	12df7edc	Erik
895			conf_mount_ro();
896
897			return true;
898			}
899
900			function set_device_perms() {
901			$devices = array(
902	573c9548	Ermal	'pf' => array( 'user' => 'root',
903	12df7edc	Erik	'group' => 'proxy',
904			'mode' => 0660),
905			);
906
907			foreach ($devices as $name => $attr) {
908			$path = "/dev/$name";
909			if (file_exists($path)) {
910			chown($path, $attr['user']);
911			chgrp($path, $attr['group']);
912			chmod($path, $attr['mode']);
913			}
914			}
915			}
916
917	ba1d9714	jim-p	function get_config_user() {
918			if (empty($_SESSION["Username"])) {
919	362ec35d	Ermal	$username = getenv("USER");
920	1e0b1727	Phil Davis	if (empty($conuser) \|\| $conuser == "root") {
921	ba1d9714	jim-p	$username = "(system)";
922	1e0b1727	Phil Davis	}
923			} else {
924	ba1d9714	jim-p	$username = $_SESSION["Username"];
925	1e0b1727	Phil Davis	}
926	ba1d9714	jim-p
927	1e0b1727	Phil Davis	if (!empty($_SERVER['REMOTE_ADDR'])) {
928	ba1d9714	jim-p	$username .= '@' . $_SERVER['REMOTE_ADDR'];
929	1e0b1727	Phil Davis	}
930	ba1d9714	jim-p
931			return $username;
932			}
933
934			function make_config_revision_entry($desc = null, $override_user = null) {
935	1e0b1727	Phil Davis	if (empty($override_user)) {
936	ba1d9714	jim-p	$username = get_config_user();
937	1e0b1727	Phil Davis	} else {
938	ba1d9714	jim-p	$username = $override_user;
939	1e0b1727	Phil Davis	}
940	ba1d9714	jim-p
941			$revision = array();
942
943	1e0b1727	Phil Davis	if (time() > mktime(0, 0, 0, 9, 1, 2004)) { /* make sure the clock settings are plausible */
944	ba1d9714	jim-p	$revision['time'] = time();
945	1e0b1727	Phil Davis	}
946	ba1d9714	jim-p
947			/* Log the running script so it's not entirely unlogged what changed */
948	1e0b1727	Phil Davis	if ($desc == "Unknown") {
949	ba1d9714	jim-p	$desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']);
950	1e0b1727	Phil Davis	}
951			if (!empty($desc)) {
952	ba1d9714	jim-p	$revision['description'] = "{$username}: " . $desc;
953	1e0b1727	Phil Davis	}
954	ba1d9714	jim-p	$revision['username'] = $username;
955			return $revision;
956			}
957
958	e1ebe9e2	jim-p	function get_config_backup_count() {
959			global $config, $g;
960			if (isset($config['system']['backupcount']) && is_numeric($config['system']['backupcount']) && ($config['system']['backupcount'] >= 0)) {
961			return intval($config['system']['backupcount']);
962	e61f548f	Ermal	} elseif ($g['platform'] == "nanobsd") {
963	e1ebe9e2	jim-p	return 5;
964			} else {
965			return 30;
966			}
967			}
968
969	00e55088	Ermal	function pfSense_clear_globals() {
970			global $config, $FilterIfList, $GatewaysList, $filterdns, $aliases, $aliastable;
971
972	be2d7eb7	Chris Buechler	$error = error_get_last();
973	1e0b1727	Phil Davis
974			if ($error !== NULL) {
975			if ($error['type'] != E_NOTICE) {
976	be2d7eb7	Chris Buechler	$errorstr = "PHP ERROR: Type: {$error['type']}, File: {$error['file']}, Line: {$error['line']}, Message: {$error['message']}";
977	e8e494f3	Chris Buechler	// XXX: comment out for now, should re-enable post-2.2
978			//print($errorstr);
979			//log_error($errorstr);
980	be2d7eb7	Chris Buechler	}
981			}
982
983	1e0b1727	Phil Davis	if (isset($FilterIfList)) {
984	00e55088	Ermal	unset($FilterIfList);
985	1e0b1727	Phil Davis	}
986	00e55088	Ermal
987	1e0b1727	Phil Davis	if (isset($GatewaysList)) {
988	00e55088	Ermal	unset($GatewaysList);
989	1e0b1727	Phil Davis	}
990	00e55088	Ermal
991			/* Used for the hostname dns resolver */
992	1e0b1727	Phil Davis	if (isset($filterdns)) {
993	00e55088	Ermal	unset($filterdns);
994	1e0b1727	Phil Davis	}
995	00e55088	Ermal
996			/* Used for aliases and interface macros */
997	1e0b1727	Phil Davis	if (isset($aliases)) {
998	00e55088	Ermal	unset($aliases);
999	1e0b1727	Phil Davis	}
1000			if (isset($aliastable)) {
1001	00e55088	Ermal	unset($aliastable);
1002	1e0b1727	Phil Davis	}
1003	00e55088	Ermal
1004			unset($config);
1005			}
1006
1007			register_shutdown_function('pfSense_clear_globals');
1008
1009	4e038d31	Carlos Eduardo Ramos	?>

Project

General

Profile

pfSense