/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ c2056357

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33			pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
34			pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/bin/netstat /usr/sbin/syslogd
35			pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36			pfSense_BUILDER_BINARIES: /usr/bin/tar /bin/sync /usr/local/sbin/ntpd /usr/sbin/ntpdate
37	c3b13d60	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
38	523855b0	Scott Ullrich	pfSense_MODULE: utils
39			*/
40	0f282d7a	Scott Ullrich
41	8e9fa41d	Scott Ullrich	function activate_powerd() {
42			global $config, $g;
43			if(isset($config['system']['powerd_enable'])) {
44	c3b13d60	jim-p	if ($g["platform"] == "nanobsd")
45			exec("/sbin/kldload cpufreq");
46	8e9fa41d	Scott Ullrich	exec("/usr/sbin/powerd -b adp -a adp");
47			} else {
48	1e5c49aa	sullrich	if(is_process_running("powerd"))
49			exec("/usr/bin/killall powerd");
50	8e9fa41d	Scott Ullrich	}
51			}
52
53	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
54			global $sysctls;
55			foreach($sysctls as $sysctl => $value) {
56			if($sysctl == $id)
57			return $value;
58			}
59			}
60
61	6df9d7e3	Scott Ullrich	function activate_sysctls() {
62			global $config, $g;
63	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
64	ddcb7b8c	Bill Marquette	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
65	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
66	c0192947	Scott Ullrich	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
67	99e88aa0	Ermal Luçi
68	3a35f55f	Scott Ullrich	if(is_array($config['sysctl'])) {
69	cac19f50	Scott Ullrich	foreach($config['sysctl']['item'] as $tunable) {
70	b2d0140c	Scott Ullrich	if($tunable['value'] == "default") {
71			$value = get_default_sysctl_value($tunable['tunable']);
72			mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $value . "\"");
73			} else {
74	09f82b11	Administrator	mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\"");
75	b2d0140c	Scott Ullrich	}
76	d0b461f5	sullrich	}
77			}
78	6df9d7e3	Scott Ullrich	}
79
80	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
81	c3f535c0	Seth Mos	global $config, $g;
82
83			if(isset($config['system']['developerspew'])) {
84			$mt = microtime();
85			echo "system_resolvconf_generate() being called $mt\n";
86			}
87	ef217c69	Scott Ullrich
88	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
89	ef217c69	Scott Ullrich
90	30cee7b2	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
91			if (!$fd) {
92			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
93			return 1;
94			}
95	ef217c69	Scott Ullrich
96	30cee7b2	Scott Ullrich	$resolvconf = "domain {$syscfg['domain']}\n";
97	ef217c69	Scott Ullrich
98	30cee7b2	Scott Ullrich	$havedns = false;
99	ef217c69	Scott Ullrich
100	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
101	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
102			$ns = array_unique(get_nameservers());
103			foreach($ns as $nameserver) {
104			if($nameserver) {
105			$resolvconf .= "nameserver $nameserver\n";
106			$havedns = true;
107	e428c94d	Scott Ullrich	}
108	c3f535c0	Seth Mos	}
109	30cee7b2	Scott Ullrich	}
110			if (!$havedns && is_array($syscfg['dnsserver'])) {
111	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
112			if ($ns) {
113			$resolvconf .= "nameserver $ns\n";
114			$havedns = true;
115	e428c94d	Scott Ullrich	}
116	e180a6e3	Scott Ullrich	}
117	c3f535c0	Seth Mos	}
118	0f282d7a	Scott Ullrich
119	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
120			fclose($fd);
121	0f282d7a	Scott Ullrich
122	30cee7b2	Scott Ullrich	if (!$g['booting']) {
123	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
124			if (!$dynupdate)
125			services_dhcpd_configure();
126	30cee7b2	Scott Ullrich	}
127	ef217c69	Scott Ullrich
128	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
129			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
130			/* setup static routes for dns servers */
131			$dnsgw = "dns{$dnscounter}gwint";
132			if (isset($config['system'][$dnsgw])) {
133			$interface = $config['system'][$dnsgw];
134			if (($interface <> "") && ($interface <> "none")) {
135			$gatewayip = get_interface_gateway($interface);
136			if(is_ipaddr($gatewayip)) {
137			/* dns server array starts at 0 */
138	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
139	84d07e67	Seth Mos	mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}", true);
140	c3f535c0	Seth Mos	mwexec("route add -host {$syscfg['dnsserver'][$dnscountermo]} {$gatewayip}");
141	b875f306	Scott Ullrich	}
142			}
143	e180a6e3	Scott Ullrich	}
144	c3f535c0	Seth Mos	}
145
146			return 0;
147	5b237745	Scott Ullrich	}
148
149	3d00ccaa	Scott Ullrich	function get_nameservers() {
150			global $config, $g;
151			$master_list = array();
152	30cee7b2	Scott Ullrich
153	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
154	1033de74	Ermal	$dns_lists = split("\n", `/bin/cat /var/etc/nameserver_* 2>/dev/null`);
155			if (is_array($dns_lists)) {
156	60951398	Scott Ullrich	foreach($dns_lists as $dns) {
157	1033de74	Ermal	if(is_ipaddr($dns))
158	ae9617ae	Ermal	$master_list[] = $dns;
159	60951398	Scott Ullrich	}
160	3d00ccaa	Scott Ullrich	}
161	2a1226ad	Scott Ullrich
162			// Read in any extra nameservers
163			if(file_exists("/var/etc/nameservers.conf")) {
164	1033de74	Ermal	$dns_lists = split("\n", `/bin/cat /var/etc/nameservers.conf`);
165	2a1226ad	Scott Ullrich	if(is_array($dns_s))
166			foreach($dns_s as $dns)
167	1033de74	Ermal	if (is_ipaddr($dns))
168			$master_list[] = $dns;
169	2a1226ad	Scott Ullrich	}
170
171	3d00ccaa	Scott Ullrich	return $master_list;
172			}
173
174	5b237745	Scott Ullrich	function system_hosts_generate() {
175	f19d3b7a	Scott Ullrich	global $config, $g;
176	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
177			$mt = microtime();
178	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
179	f19d3b7a	Scott Ullrich	}
180	0f282d7a	Scott Ullrich
181	5b237745	Scott Ullrich	$syscfg = $config['system'];
182			$dnsmasqcfg = $config['dnsmasq'];
183
184			if (!is_array($dnsmasqcfg['hosts'])) {
185			$dnsmasqcfg['hosts'] = array();
186			}
187			$hostscfg = $dnsmasqcfg['hosts'];
188	0f282d7a	Scott Ullrich
189	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
190			if (!$fd) {
191	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
192	5b237745	Scott Ullrich	return 1;
193			}
194	0f282d7a	Scott Ullrich
195	f38f8062	Ermal	$hosts .= "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
196	a55e9c70	Ermal Lu?i
197	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
198			$cfgip = get_interface_ip("lan");
199	f38f8062	Ermal	if (is_ipaddr($cfgip))
200			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
201	e5995f9d	Ermal	} else {
202			$sysiflist = get_configured_interface_list();
203			foreach ($sysiflist as $sysif) {
204			if (!interface_has_gateway($sysif)) {
205			$cfgip = get_interface_ip($sysif);
206			if (is_ipaddr($cfgip)) {
207			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
208			break;
209			}
210			}
211			}
212	f38f8062	Ermal	}
213	0f282d7a	Scott Ullrich
214	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
215			if ($host['host'])
216			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
217			else
218			$hosts .= "{$host['ip']} {$host['domain']}\n";
219			}
220	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
221			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
222			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
223	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
224	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
225			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
226	a56e787d	Scott Ullrich	}
227	5b237745	Scott Ullrich	fwrite($fd, $hosts);
228			fclose($fd);
229	0f282d7a	Scott Ullrich
230	24d619f5	Ermal	system_dhcpleases_configure();
231
232			return 0;
233			}
234
235			function system_dhcpleases_configure() {
236	15d456b9	gnhb	global $config, $g;
237
238	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
239			if (isset($config['dnsmasq']['regdhcp'])) {
240			/* Make sure we do not error out */
241			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
242	15d456b9	gnhb	if (file_exists("{$g['varrun_path']}/dhcpleases.pid"))
243			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
244			else
245			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
246			} else {
247			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
248			@unlink("{$g['varrun_path']}/dhcpleases.pid");
249			}
250	5b237745	Scott Ullrich	}
251
252			function system_hostname_configure() {
253	f19d3b7a	Scott Ullrich	global $config, $g;
254	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
255			$mt = microtime();
256	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
257	333f8ef0	Scott Ullrich	}
258	0f282d7a	Scott Ullrich
259	5b237745	Scott Ullrich	$syscfg = $config['system'];
260	0f282d7a	Scott Ullrich
261	5b237745	Scott Ullrich	/* set hostname */
262	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
263	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
264	6bfccde7	Scott Ullrich
265			/* Setup host GUID ID. This is used by ZFS. */
266			mwexec("/etc/rc.d/hostid start");
267
268			return $status;
269	5b237745	Scott Ullrich	}
270
271	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
272	962625aa	Ermal	global $config, $g;
273	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
274			$mt = microtime();
275	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
276	58c7450e	Scott Ullrich	}
277	333f8ef0	Scott Ullrich
278	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
279	a529aced	Ermal	/* XXX: More checks need to be done for subsystems that are not compatibel with fast routing. */
280	c64d5028	Ermal	if(isset($config['staticroutes']['enablefastrouting']) && !isset($config['ipsec']['enable']))
281	0f282d7a	Scott Ullrich	mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
282
283	a529aced	Ermal	$gatewayip = "";
284			$interfacegw = "";
285	3cc07282	Ermal	$foundgw = false;
286	a529aced	Ermal	/* tack on all the hard defined gateways as well */
287			if (is_array($config['gateways']['gateway_item'])) {
288	d499c12b	Ermal	mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true);
289	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
290			if (isset($gateway['defaultgw'])) {
291			if ($gateway['gateway'] == "dynamic")
292			$gateway['gateway'] = get_interface_gateway($gateway['interface']);
293			$gatewayip = $gateway['gateway'];
294			$interfacegw = $gateway['interface'];
295	924f202e	Ermal	if (!empty($interfacegw)) {
296			$defaultif = get_real_interface($gateway['interface']);
297			if ($defaultif)
298			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
299			}
300			$foundgw = true;
301	a529aced	Ermal	break;
302			}
303	6e17413e	Ermal Lu?i	}
304	b24bda08	Scott Ullrich	}
305	3cc07282	Ermal	if ($foundgw == false) {
306			$defaultif = get_real_interface("wan");
307			$interfacegw = "wan";
308			$gatewayip = get_interface_gateway("wan");
309			@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
310			}
311	d173230c	Seth Mos	$dont_add_route = false;
312			/* if OLSRD is enabled, allow WAN to house DHCP. */
313			if($config['installedpackages']['olsrd']) {
314			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
315			if($olsrd['enabledyngw'] == "on") {
316			$dont_add_route = true;
317	6e17413e	Ermal Lu?i	break;
318	d173230c	Seth Mos	}
319			}
320			}
321	07b54e8c	smos	/* Create a array from the existing route table */
322			exec("/usr/bin/netstat -rnf inet", $route_str);
323			array_shift($route_str);
324			array_shift($route_str);
325			array_shift($route_str);
326			array_shift($route_str);
327			$route_arr = array();
328			foreach($route_str as $routeline) {
329			$items = preg_split("/[ ]+/i", $routeline);
330	aceedad4	Ermal	$route_arr[$items[0]] = array($items[0], $items[1], $items[5]);
331	07b54e8c	smos	}
332
333	1ea67f2e	Ermal	if ($dont_add_route == false ) {
334			if (!empty($interface) && $inteface != $interafegw)
335			;
336			else if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) {
337	b61154fb	smos	$action = "add";
338			if(isset($route_arr['default'])) {
339	07b54e8c	smos	$action = "change";
340			}
341	b61154fb	smos	log_error("ROUTING: $action default route to $gatewayip");
342	07b54e8c	smos	mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip));
343	79f30c1c	Ermal	} else if (is_ipaddr($config['interfaces']['wan']['gateway'])) {
344	a529aced	Ermal	/* Adding gateway for 1.2-style configs without the new
345			* gateway setup configured.
346			* Force WAN to be default gateway because that is the 1.2 behavior.
347			*/
348	24fb2263	Chris Buechler	log_error("WARNING: There is no default gateway in the configuration.");
349	79f30c1c	Ermal	$gatewayip = $config['interfaces']['wan']['gateway'];
350			mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
351	d173230c	Seth Mos	}
352			}
353
354	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
355	a529aced	Ermal	$gateways_arr = return_gateways_array();
356	0f282d7a	Scott Ullrich
357	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
358	1ea67f2e	Ermal	if (!empty($interface) && $interface != $rtent['interface'])
359			continue;
360	a529aced	Ermal	$gatewayip = "";
361			if (isset($gateways_arr[$rtent['gateway']])) {
362			$gatewayip = $gateways_arr[$rtent['gateway']]['gateway'];
363			$interfacegw = get_real_interface($rtent['interface']);
364			} else if (is_ipaddr($rtent['gateway'])) {
365	b24bda08	Scott Ullrich	$gatewayip = $rtent['gateway'];
366			} else {
367	24fb2263	Chris Buechler	log_error("Static Routes: Gateway IP could not be found for {$rtent['network']}");
368	a529aced	Ermal	continue;
369			}
370
371			$action = "add";
372	b61154fb	smos	if (isset($route_arr[$rtent['network']]))
373	a529aced	Ermal	$action = "change";
374
375			if (is_ipaddr($gatewayip)) {
376			mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) .
377	b24bda08	Scott Ullrich	" " . escapeshellarg($gatewayip));
378	a529aced	Ermal	} else if (!empty($interfacegw)) {
379			mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) .
380			" -iface " . escapeshellarg($interfacegw));
381	7a98edde	Seth Mos	}
382	5b237745	Scott Ullrich	}
383			}
384	67ee1ec5	Ermal Luçi
385	b9c501ea	Seth Mos	return 0;
386	5b237745	Scott Ullrich	}
387
388			function system_routing_enable() {
389	f19d3b7a	Scott Ullrich	global $config, $g;
390	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
391			$mt = microtime();
392	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
393	58c7450e	Scott Ullrich	}
394	0f282d7a	Scott Ullrich
395	5e041d5f	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
396	5b237745	Scott Ullrich	}
397
398			function system_syslogd_start() {
399	f19d3b7a	Scott Ullrich	global $config, $g;
400	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
401			$mt = microtime();
402	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
403	58c7450e	Scott Ullrich	}
404	0f282d7a	Scott Ullrich
405	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
406
407	0f282d7a	Scott Ullrich	if ($g['booting'])
408	f05740c1	Scott Ullrich	echo "Starting syslog...";
409	5b237745	Scott Ullrich	else
410			killbypid("{$g['varrun_path']}/syslog.pid");
411	0f282d7a	Scott Ullrich
412	99f98b80	sullrich	if(is_process_running("syslogd"))
413			mwexec("/usr/bin/killall -9 syslogd");
414			if(is_process_running("fifolog_writer"))
415			mwexec("/usr/bin/killall -9 fifolog_writer");
416	7ee97cb3	Scott Ullrich
417			// Define carious commands for logging
418			$fifolog_create = "/usr/sbin/fifolog_create -s ";
419			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
420			$clog_create = "/usr/sbin/clog -i -s ";
421			$clog_log = "%";
422
423			// Which logging type are we using this week??
424			if(isset($config['system']['usefifolog'])) {
425			$log_directive = $fifolog_log;
426			$log_create_directive = $fifolog_create;
427			} else { // Defaults to CLOG
428			$log_directive = $clog_log;
429			$log_create_directive = $clog_create;
430			}
431
432	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
433	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
434	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
435	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
436			if($package['logging']) {
437	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
438	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
439	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
440	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
441	fe5f3b38	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
442	a728d2ea	Colin Smith	}
443	0d9d2a1b	Scott Ullrich	}
444			}
445	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
446	0d9d2a1b	Scott Ullrich	/* write syslog.conf */
447	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
448			if (!$fd) {
449			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
450			return 1;
451			}
452	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
453	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
454	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
455	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
456			if (!isset($syslogcfg['disablelocallogging']))
457			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
458	328efaba	Ermal	$syslogconf .= "!pptp\n";
459			if (!isset($syslogcfg['disablelocallogging']))
460			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptp.log\n";
461			$syslogconf .= "!pppoe\n";
462			if (!isset($syslogcfg['disablelocallogging']))
463			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pppoe.log\n";
464			$syslogconf .= "!l2tp\n";
465			if (!isset($syslogcfg['disablelocallogging']))
466	bedd946f	Ermal	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tp.log\n";
467	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
468	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
469	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
470	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
471			if($syslogcfg['remoteserver'])
472			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
473			if($syslogcfg['remoteserver2'])
474			$syslogconf .= ". @{$syslogcfg['remoteserver2']}\n";
475			if($syslogcfg['remoteserver3'])
476			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
477			}
478	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
479	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
480	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
481	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
482			if($syslogcfg['remoteserver'])
483			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
484			if($syslogcfg['remoteserver2'])
485			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
486			if($syslogcfg['remoteserver3'])
487			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
488			}
489	7bc41b19	jim-p	$syslogconf .= "!apinger\n";
490			if (!isset($syslogcfg['disablelocallogging']))
491			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/apinger.log\n";
492	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
493			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
494	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
495	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
496	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
497	fe5f3b38	Scott Ullrich	local0.* {$log_directive}{$g['varlog_path']}/filter.log
498	4f7ead45	Scott Ullrich	local3.* {$log_directive}{$g['varlog_path']}/vpn.log
499	fe5f3b38	Scott Ullrich	local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
500			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
501			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
502			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
503			local7.none {$log_directive}{$g['varlog_path']}/system.log
504			security.* {$log_directive}{$g['varlog_path']}/system.log
505			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
506	9dac9942	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
507			.emerg
508	0a123b4c	Scott Ullrich
509	5b237745	Scott Ullrich	EOD;
510	be5d59d7	Scott Ullrich	if (isset($syslogcfg['filter'])) {
511			if($syslogcfg['remoteserver'])
512			$syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n";
513			if($syslogcfg['remoteserver2'])
514			$syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n";
515			if($syslogcfg['remoteserver3'])
516			$syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n";
517
518			}
519			if (isset($syslogcfg['vpn'])) {
520			if($syslogcfg['remoteserver'])
521			$syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n";
522			if($syslogcfg['remoteserver2'])
523			$syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n";
524			if($syslogcfg['remoteserver3'])
525			$syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n";
526			}
527			if (isset($syslogcfg['portalauth'])) {
528			if($syslogcfg['remoteserver'])
529			$syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n";
530			if($syslogcfg['remoteserver2'])
531			$syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n";
532			if($syslogcfg['remoteserver3'])
533			$syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n";
534			}
535			if (isset($syslogcfg['dhcp'])) {
536			if($syslogcfg['remoteserver'])
537			$syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n";
538			if($syslogcfg['remoteserver2'])
539			$syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n";
540			if($syslogcfg['remoteserver3'])
541			$syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n";
542			}
543			if (isset($syslogcfg['system'])) {
544			if($syslogcfg['remoteserver'])
545			$syslogconf .= <<<EOD
546	9dac9942	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
547			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
548			security.* @{$syslogcfg['remoteserver']}
549			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
550			*.emerg @{$syslogcfg['remoteserver']}
551	d2834563	Scott Ullrich
552	5b237745	Scott Ullrich	EOD;
553	be5d59d7	Scott Ullrich
554			if (isset($syslogcfg['system'])) {
555			if($syslogcfg['remoteserver2'])
556			$syslogconf .= <<<EOD
557			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']}
558			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']}
559			security.* @{$syslogcfg['remoteserver2']}
560			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']}
561			*.emerg @{$syslogcfg['remoteserver2']}
562
563			EOD;
564
565			if (isset($syslogcfg['system'])) {
566			if($syslogcfg['remoteserver3'])
567			$syslogconf .= <<<EOD
568			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']}
569			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']}
570			security.* @{$syslogcfg['remoteserver3']}
571			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']}
572			*.emerg @{$syslogcfg['remoteserver3']}
573
574			EOD;
575
576			}
577	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
578	be5d59d7	Scott Ullrich	if($syslogcfg['remoteserver'])
579			$syslogconf .= <<<EOD
580	4ef2d703	Chris Buechler	. @{$syslogcfg['remoteserver']}
581
582			EOD;
583	be5d59d7	Scott Ullrich
584			}
585			if($syslogcfg['remoteserver2'])
586			$syslogconf .= <<<EOD
587			. @{$syslogcfg['remoteserver2']}
588
589			EOD;
590
591			}
592			if($syslogcfg['remoteserver3'])
593			$syslogconf .= <<<EOD
594			. @{$syslogcfg['remoteserver3']}
595
596			EOD;
597
598			}
599	5b237745	Scott Ullrich	fwrite($fd, $syslogconf);
600			fclose($fd);
601	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
602			if(strpos($syslogconf, "@") != false)
603	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
604	6a638a89	Scott Ullrich	else
605	c9f8d4f5	Ermal Lu?i	$retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf");
606	5b237745	Scott Ullrich
607			} else {
608	c9f8d4f5	Ermal Lu?i	$retval = mwexec("/usr/sbin/syslogd -c");
609	5b237745	Scott Ullrich	}
610	0f282d7a	Scott Ullrich
611	5b237745	Scott Ullrich	if ($g['booting'])
612	5c6d0f65	Colin Smith	echo "done.\n";
613	0f282d7a	Scott Ullrich
614	5b237745	Scott Ullrich	return $retval;
615			}
616
617			function system_pccard_start() {
618	f19d3b7a	Scott Ullrich	global $config, $g;
619	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
620			$mt = microtime();
621	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
622	58c7450e	Scott Ullrich	}
623	0f282d7a	Scott Ullrich
624	5b237745	Scott Ullrich	if ($g['booting'])
625	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
626	0f282d7a	Scott Ullrich
627	5b237745	Scott Ullrich	/* kill any running pccardd */
628			killbypid("{$g['varrun_path']}/pccardd.pid");
629	0f282d7a	Scott Ullrich
630	5b237745	Scott Ullrich	/* fire up pccardd */
631			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
632	0f282d7a	Scott Ullrich
633	5b237745	Scott Ullrich	if ($g['booting']) {
634			if ($res == 0)
635	5c6d0f65	Colin Smith	echo "done.\n";
636	5b237745	Scott Ullrich	else
637	5c6d0f65	Colin Smith	echo "failed!\n";
638	5b237745	Scott Ullrich	}
639	0f282d7a	Scott Ullrich
640	5b237745	Scott Ullrich	return $res;
641			}
642
643	819197a8	Scott Ullrich
644	5b237745	Scott Ullrich	function system_webgui_start() {
645	f19d3b7a	Scott Ullrich	global $config, $g;
646	877ac35d	Scott Ullrich
647			if ($g['booting'])
648	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
649	877ac35d	Scott Ullrich
650	383a4439	Scott Ullrich	/* kill any running lighttpd */
651	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
652
653	e9d0bf64	Scott Ullrich	sleep(1);
654
655	877ac35d	Scott Ullrich	chdir($g['www_path']);
656
657	fb1266d3	Matthew Grooms	/* defaults */
658			$portarg = "80";
659			$crt = "";
660			$key = "";
661	2cf6ddcb	Nigel Graham	$ca = "";
662	fb1266d3	Matthew Grooms
663	877ac35d	Scott Ullrich	/* non-standard port? */
664	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
665	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
666	877ac35d	Scott Ullrich
667			if ($config['system']['webgui']['protocol'] == "https") {
668	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
669	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
670	02b383fe	sullrich	if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
671	f8a36d95	sullrich	if (!is_array($config['system']['ca']))
672			$config['system']['ca'] = array();
673			$a_ca =& $config['system']['ca'];
674			if (!is_array($config['system']['cert']))
675			$config['system']['cert'] = array();
676			$a_cert =& $config['system']['cert'];
677	0cdaaa8e	Chris Buechler	echo "Creating SSL Certificate... ";
678	aab4ca82	Scott Ullrich	$cert = array();
679			$cert['refid'] = uniqid();
680			$cert['name'] = "webConfigurator default";
681	6955830f	Ermal Lu?i	mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
682			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha1 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
683			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
684			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
685			unlink("{$g['tmp_path']}/ssl.key");
686			unlink("{$g['tmp_path']}/ssl.crt");
687	aab4ca82	Scott Ullrich	cert_import($cert, $crt, $key);
688			$a_cert[] = $cert;
689			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
690			write_config("Importing HTTPS certificate");
691			if(!$config['system']['webgui']['port'])
692			$portarg = "443";
693			$ca = ca_chain($cert);
694	edc8a9f8	jim-p	} else {
695	fb1266d3	Matthew Grooms	$crt = base64_decode($cert['crt']);
696			$key = base64_decode($cert['prv']);
697			if(!$config['system']['webgui']['port'])
698			$portarg = "443";
699	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
700	edc8a9f8	jim-p	}
701	877ac35d	Scott Ullrich	}
702
703			/* generate lighttpd configuration */
704			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
705	2cf6ddcb	Nigel Graham	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
706	877ac35d	Scott Ullrich
707			/* attempt to start lighthttpd */
708			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
709
710	cc093472	sullrich	/* fetch page to preload apc cache */
711	eb0f4fc6	Ermal Lu?i	$proto = "http";
712			if ($config['system']['webgui']['protocol'])
713			$proto = $config['system']['webgui']['protocol'];
714	bd96ff65	Ermal Lu?i	mwexec_bg("/usr/bin/fetch -o /dev/null -q {$proto}://localhost:{$portarg}/preload.php");
715	cc093472	sullrich
716	877ac35d	Scott Ullrich	if ($g['booting']) {
717			if ($res == 0)
718			echo "done.\n";
719			else
720			echo "failed!\n";
721			}
722
723			return $res;
724			}
725
726	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
727			$cert,
728			$key,
729	2cf6ddcb	Nigel Graham	$ca,
730	eb0f441c	Scott Ullrich	$pid_file,
731			$port = 80,
732			$document_root = "/usr/local/www/",
733			$cert_location = "cert.pem",
734	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
735	1b666ae2	Scott Ullrich	$max_procs = 2,
736	280b75d9	Scott Ullrich	$max_requests = "2",
737	eb0f441c	Scott Ullrich	$fast_cgi_enable = true,
738			$captive_portal = false) {
739	58c7450e	Scott Ullrich
740	f19d3b7a	Scott Ullrich	global $config, $g;
741
742	6955830f	Ermal Lu?i	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
743			mkdir("{$g['tmp_path']}/lighttpdcompress");
744	570ef08c	sullrich
745	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
746			$mt = microtime();
747	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
748	58c7450e	Scott Ullrich	}
749
750	eb0f441c	Scott Ullrich	if($captive_portal == true) {
751			$captiveportal = ",\"mod_rewrite\"";
752	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
753	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
754			$maxprocperip = $config['captiveportal']['maxprocperip'];
755	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
756			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
757			else
758			$captive_portal_mod_evasive = "";
759	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
760			exec("mkdir -p {$g['tmp_path']}/captiveportal");
761			exec("chmod a-w {$g['tmp_path']}/captiveportal");
762	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
763	b0bdc06e	Scott Ullrich	} else {
764	3435dc35	Ermal Lu?i	$captiveportal = "";
765			$captive_portal_rewrite = "";
766	b0bdc06e	Scott Ullrich	$captive_portal_module = "";
767			$captive_portal_mod_evasive = "";
768	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
769	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
770	eb0f441c	Scott Ullrich	}
771	3306a341	Scott Ullrich
772	28cae949	Scott Ullrich	if($port <> "")
773			$lighty_port = $port;
774			else
775			$lighty_port = "80";
776	3d77d4c4	Scott Ullrich
777			$memory = get_memory();
778			$avail = $memory[0];
779
780	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
781			$fast_cgi_enable = false;
782			}
783
784	70cc6249	Scott Ullrich	// Ramp up captive portal max procs
785			if($captive_portal == true) {
786			if($avail > 65 and $avail < 98) {
787			$max_procs = 1;
788			}
789			if($avail > 97 and $avail < 128) {
790			$max_procs = 2;
791			}
792			if($avail > 127 and $avail < 256) {
793			$max_procs = 3;
794			}
795			if($avail > 255 and $avail < 384) {
796			$max_procs = 4;
797			}
798			if($avail > 383) {
799			$max_procs = 5;
800			}
801	b0bdc06e	Scott Ullrich	}
802
803	6e337a84	Scott Ullrich	if($captive_portal == true) {
804			$bin_environment = <<<EOC
805	5e041d5f	Scott Ullrich	"bin-environment" => (
806	e59dd448	Scott Ullrich	"PHP_FCGI_CHILDREN" => "$max_procs",
807			"PHP_FCGI_MAX_REQUESTS" => "500"
808	6e337a84	Scott Ullrich	),
809			EOC;
810
811	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
812			$bin_environment = <<<EOC
813	980df75c	Scott Ullrich	"bin-environment" => (
814	effecc51	Scott Ullrich	"PHP_FCGI_CHILDREN" => "$max_procs",
815	980df75c	Scott Ullrich	"PHP_FCGI_MAX_REQUESTS" => "2",
816	04f4a116	Ermal Luçi	),
817
818			EOC;
819			} else
820	980df75c	Scott Ullrich	$bin_environment = <<<EOC
821			"bin-environment" => (
822			"PHP_FCGI_CHILDREN" => "$max_procs",
823			"PHP_FCGI_MAX_REQUESTS" => "500"
824			),
825			EOC;
826
827	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
828	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
829	4edb490d	Scott Ullrich	$cgi_config = "";
830			$fastcgi_config = <<<EOD
831			#### fastcgi module
832			## read fastcgi.txt for more info
833	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
834			( "localhost" =>
835			(
836	6955830f	Ermal Lu?i	"socket" => "{$g['tmp_path']}/php-fastcgi.socket",
837	980df75c	Scott Ullrich	"min-procs" => 0,
838	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
839	6e337a84	Scott Ullrich	{$bin_environment}
840	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
841			)
842			)
843			)
844	4edb490d	Scott Ullrich
845	dde4f60c	Scott Ullrich	#### CGI module
846	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
847	dde4f60c	Scott Ullrich
848	4edb490d	Scott Ullrich	EOD;
849			} else {
850			$fastcgi_config = "";
851			$module = "\"mod_cgi\"";
852			$cgi_config = <<<EOD
853			#### CGI module
854			cgi.assign = ( ".php" => "/usr/local/bin/php",
855	d4302f46	Espen Johansen	".cgi" => "" )
856	333f8ef0	Scott Ullrich
857	4edb490d	Scott Ullrich	EOD;
858			}
859	333f8ef0	Scott Ullrich
860	3435dc35	Ermal Lu?i	$lighty_config = "";
861	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
862	28cae949	Scott Ullrich	#
863	a632cf43	Scott Ullrich	# lighttpd configuration file
864			#
865			# use a it as base for lighttpd 1.0.0 and above
866	28cae949	Scott Ullrich	#
867	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
868
869	770b4b9c	Scott Ullrich	## FreeBSD!
870	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
871			server.network-backend = "writev"
872	096261af	Scott Ullrich
873	a632cf43	Scott Ullrich	## modules to load
874	4edb490d	Scott Ullrich	server.modules = (
875	c93ad789	Scott Ullrich	{$captive_portal_module}
876	d7e230ae	Chris Buechler	"mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
877	c93ad789	Scott Ullrich	{$module}{$captiveportal}
878			)
879	28cae949	Scott Ullrich
880			## Unused modules
881	6a019c11	Scott Ullrich	# "mod_setenv",
882			# "mod_rewrite",
883	28cae949	Scott Ullrich	# "mod_ssi",
884			# "mod_usertrack",
885			# "mod_expire",
886			# "mod_secdownload",
887			# "mod_rrdtool",
888	a632cf43	Scott Ullrich	# "mod_auth",
889			# "mod_status",
890	28cae949	Scott Ullrich	# "mod_alias",
891	a632cf43	Scott Ullrich	# "mod_proxy",
892			# "mod_simple_vhost",
893			# "mod_evhost",
894			# "mod_userdir",
895	28cae949	Scott Ullrich	# "mod_cgi",
896	a632cf43	Scott Ullrich
897	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
898			server.max-keep-alive-idle = 30
899
900	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
901			## server.virtual-* options
902	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
903	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
904	a632cf43	Scott Ullrich
905	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
906			server.max-write-idle = 999
907
908	a632cf43	Scott Ullrich	## where to send error-messages to
909	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
910	a632cf43	Scott Ullrich
911			# files to check for if .../ is requested
912			server.indexfiles = ( "index.php", "index.html",
913			"index.htm", "default.htm" )
914
915			# mimetype mapping
916			mimetype.assign = (
917			".pdf" => "application/pdf",
918			".sig" => "application/pgp-signature",
919			".spl" => "application/futuresplash",
920			".class" => "application/octet-stream",
921			".ps" => "application/postscript",
922			".torrent" => "application/x-bittorrent",
923			".dvi" => "application/x-dvi",
924			".gz" => "application/x-gzip",
925			".pac" => "application/x-ns-proxy-autoconfig",
926			".swf" => "application/x-shockwave-flash",
927			".tar.gz" => "application/x-tgz",
928			".tgz" => "application/x-tgz",
929			".tar" => "application/x-tar",
930			".zip" => "application/zip",
931			".mp3" => "audio/mpeg",
932			".m3u" => "audio/x-mpegurl",
933			".wma" => "audio/x-ms-wma",
934			".wax" => "audio/x-ms-wax",
935			".ogg" => "audio/x-wav",
936			".wav" => "audio/x-wav",
937			".gif" => "image/gif",
938			".jpg" => "image/jpeg",
939			".jpeg" => "image/jpeg",
940			".png" => "image/png",
941			".xbm" => "image/x-xbitmap",
942			".xpm" => "image/x-xpixmap",
943			".xwd" => "image/x-xwindowdump",
944			".css" => "text/css",
945			".html" => "text/html",
946			".htm" => "text/html",
947			".js" => "text/javascript",
948			".asc" => "text/plain",
949			".c" => "text/plain",
950			".conf" => "text/plain",
951			".text" => "text/plain",
952			".txt" => "text/plain",
953			".dtd" => "text/xml",
954			".xml" => "text/xml",
955			".mpeg" => "video/mpeg",
956			".mpg" => "video/mpeg",
957			".mov" => "video/quicktime",
958			".qt" => "video/quicktime",
959			".avi" => "video/x-msvideo",
960			".asf" => "video/x-ms-asf",
961			".asx" => "video/x-ms-asf",
962			".wmv" => "video/x-ms-wmv",
963			".bz2" => "application/x-bzip",
964			".tbz" => "application/x-bzip-compressed-tar",
965			".tar.bz2" => "application/x-bzip-compressed-tar"
966			)
967
968			# Use the "Content-Type" extended attribute to obtain mime type if possible
969			#mimetypes.use-xattr = "enable"
970
971			#### accesslog module
972	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
973	a632cf43	Scott Ullrich
974			## deny access the file-extensions
975			#
976			# ~ is for backupfiles from vi, emacs, joe, ...
977			# .inc is often used for code includes which should in general not be part
978			# of the document-root
979			url.access-deny = ( "~", ".inc" )
980
981
982			######### Options that are good to be but not neccesary to be changed #######
983
984			## bind to port (default: 80)
985	28cae949	Scott Ullrich	server.port = {$lighty_port}
986	a632cf43	Scott Ullrich
987			## error-handler for status 404
988			#server.error-handler-404 = "/error-handler.html"
989			#server.error-handler-404 = "/error-handler.php"
990
991			## to help the rc.scripts
992			server.pid-file = "/var/run/{$pid_file}"
993
994			## virtual directory listings
995	28cae949	Scott Ullrich	server.dir-listing = "disable"
996	a632cf43	Scott Ullrich
997			## enable debugging
998	28cae949	Scott Ullrich	debug.log-request-header = "disable"
999			debug.log-response-header = "disable"
1000			debug.log-request-handling = "disable"
1001			debug.log-file-not-found = "disable"
1002	a632cf43	Scott Ullrich
1003	570ef08c	sullrich	# gzip compression
1004	6955830f	Ermal Lu?i	compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1005	570ef08c	sullrich	compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )
1006
1007	3306a341	Scott Ullrich	{$server_upload_dirs}
1008	1ef7b568	Scott Ullrich
1009	a6e8af9c	Scott Ullrich	{$server_max_request_size}
1010	ee959dc4	Scott Ullrich
1011	4edb490d	Scott Ullrich	{$fastcgi_config}
1012
1013			{$cgi_config}
1014	a632cf43	Scott Ullrich
1015	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
1016
1017	569f47e9	Scott Ullrich	expire.url = (
1018	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
1019	569f47e9	Scott Ullrich	)
1020
1021	a632cf43	Scott Ullrich	EOD;
1022
1023	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1024	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1025	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
1026	7aae518a	Scott Ullrich
1027			$cert = str_replace("\n\n", "\n", $cert);
1028	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1029	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
1030	7aae518a	Scott Ullrich
1031	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
1032	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1033	5b237745	Scott Ullrich	if (!$fd) {
1034			printf("Error: cannot open cert.pem in system_webgui_start().\n");
1035			return 1;
1036			}
1037	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1038	5b237745	Scott Ullrich	fwrite($fd, $cert);
1039			fwrite($fd, "\n");
1040			fwrite($fd, $key);
1041			fclose($fd);
1042	2cf6ddcb	Nigel Graham	if($ca <> "") {
1043			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1044			if (!$fd) {
1045			printf("Error: cannot open ca.pem in system_webgui_start().\n");
1046			return 1;
1047			}
1048			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1049			fwrite($fd, $ca);
1050			fclose($fd);
1051			}
1052	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
1053	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
1054	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1055	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1056	2cf6ddcb	Nigel Graham	if($ca <> "")
1057			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1058	5b237745	Scott Ullrich	}
1059	a978a0ff	Chris Buechler
1060			// Add HTTP to HTTPS redirect
1061			if ($captive_portal == false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1062	7921e8e5	Chris Buechler	if($lighty_port != "443")
1063			$redirectport = ":{$lighty_port}";
1064	d7e230ae	Chris Buechler	$lighty_config .= <<<EOD
1065			\$SERVER["socket"] == ":80" {
1066			\$HTTP["host"] =~ "(.*)" {
1067	7921e8e5	Chris Buechler	url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1068	d7e230ae	Chris Buechler	}
1069			}
1070			EOD;
1071			}
1072	0f282d7a	Scott Ullrich
1073	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1074	a632cf43	Scott Ullrich	if (!$fd) {
1075	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
1076	a632cf43	Scott Ullrich	return 1;
1077	5b237745	Scott Ullrich	}
1078	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1079			fclose($fd);
1080
1081			return 0;
1082	0f282d7a	Scott Ullrich
1083	5b237745	Scott Ullrich	}
1084
1085			function system_timezone_configure() {
1086	f19d3b7a	Scott Ullrich	global $config, $g;
1087	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1088			$mt = microtime();
1089	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1090	333f8ef0	Scott Ullrich	}
1091	5b237745	Scott Ullrich
1092			$syscfg = $config['system'];
1093
1094			if ($g['booting'])
1095	f05740c1	Scott Ullrich	echo "Setting timezone...";
1096	5b237745	Scott Ullrich
1097			/* extract appropriate timezone file */
1098			$timezone = $syscfg['timezone'];
1099			if (!$timezone)
1100			$timezone = "Etc/UTC";
1101	0f282d7a	Scott Ullrich
1102	34febcde	Scott Ullrich	conf_mount_rw();
1103
1104	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1105	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1106
1107	4efd4885	Scott Ullrich	mwexec("sync");
1108	27150275	Scott Ullrich	conf_mount_ro();
1109	34febcde	Scott Ullrich
1110	5b237745	Scott Ullrich	if ($g['booting'])
1111	5c6d0f65	Colin Smith	echo "done.\n";
1112	5b237745	Scott Ullrich	}
1113
1114			function system_ntp_configure() {
1115	f19d3b7a	Scott Ullrich	global $config, $g;
1116	5b237745	Scott Ullrich
1117			$syscfg = $config['system'];
1118
1119	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
1120			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1121			if(!$fd) {
1122	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1123	20b90e0a	Scott Ullrich	return;
1124	5b237745	Scott Ullrich	}
1125
1126	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1127			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1128			fwrite($fd, "# \n\n");
1129	0f282d7a	Scott Ullrich
1130	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1131			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1132			fwrite($fd, "servers {$ts}\n");
1133	0f282d7a	Scott Ullrich
1134	5b6210e3	Bill Marquette	/* Setup listener(s) if the user has configured one */
1135	67ee1ec5	Ermal Luçi	if ($config['installedpackages']['openntpd']) {
1136			/* server config is in coregui1 */
1137	5b6210e3	Bill Marquette	$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1138			if ($xmlsettings['enable'] == 'on') {
1139			$ifaces = explode(',', $xmlsettings['interface']);
1140	435f11c8	Ermal Lu?i	$ifaces = array_map('get_real_interface', $ifaces);
1141	5b6210e3	Bill Marquette	$ifaces = array_filter($ifaces, 'does_interface_exist');
1142			$ips = array_map('find_interface_ip', $ifaces);
1143			foreach ($ips as $ip) {
1144	5e041d5f	Scott Ullrich	if (is_ipaddr($ip))
1145	5b6210e3	Bill Marquette	fwrite($fd, "listen on $ip\n");
1146			}
1147	95594e5a	Scott Ullrich	}
1148			}
1149
1150	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1151	0f282d7a	Scott Ullrich
1152	20b90e0a	Scott Ullrich	/* slurp! */
1153			fclose($fd);
1154
1155			/* if openntpd is running, kill it */
1156	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1157	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall ntpd", true);
1158	5f3e1f12	Scott Ullrich	}
1159
1160			/* if /var/empty does not exist, create it */
1161			if(!is_dir("/var/empty"))
1162			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1163
1164	4a40de3c	Scott Ullrich	if($g['booting'])
1165			return;
1166
1167	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1168			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1169	83eb4567	Scott Ullrich
1170			// Note that we are starting up
1171			exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log");
1172	0f282d7a	Scott Ullrich
1173	5b237745	Scott Ullrich	}
1174
1175	652cf082	Seth Mos	function sync_system_time() {
1176			global $config, $g;
1177
1178			$syscfg = $config['system'];
1179
1180			if ($g['booting'])
1181	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1182	652cf082	Seth Mos
1183			/* foreach through servers and write out to ntpd.conf */
1184			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1185			mwexec("/usr/sbin/ntpdate -s $ts");
1186			}
1187	4582b281	Scott Ullrich
1188			if ($g['booting'])
1189			echo "done.\n";
1190
1191	652cf082	Seth Mos	}
1192
1193	405e5de0	Scott Ullrich	function system_halt() {
1194			global $g;
1195
1196			system_reboot_cleanup();
1197
1198	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1199	405e5de0	Scott Ullrich	}
1200
1201	5b237745	Scott Ullrich	function system_reboot() {
1202			global $g;
1203	0f282d7a	Scott Ullrich
1204	5b237745	Scott Ullrich	system_reboot_cleanup();
1205	0f282d7a	Scott Ullrich
1206	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1207			}
1208
1209			function system_reboot_sync() {
1210			global $g;
1211	0f282d7a	Scott Ullrich
1212	5b237745	Scott Ullrich	system_reboot_cleanup();
1213	0f282d7a	Scott Ullrich
1214	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1215			}
1216
1217			function system_reboot_cleanup() {
1218	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1219	04967d99	jim-p	require_once("captiveportal.inc");
1220	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1221	336e3c1c	Charlie	require_once("voucher.inc");
1222			voucher_save_db_to_config();
1223	5b237745	Scott Ullrich	}
1224
1225			function system_do_shell_commands($early = 0) {
1226	f19d3b7a	Scott Ullrich	global $config, $g;
1227	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1228			$mt = microtime();
1229	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1230	58c7450e	Scott Ullrich	}
1231	0f282d7a	Scott Ullrich
1232	5b237745	Scott Ullrich	if ($early)
1233			$cmdn = "earlyshellcmd";
1234			else
1235			$cmdn = "shellcmd";
1236	0f282d7a	Scott Ullrich
1237	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1238	333f8ef0	Scott Ullrich
1239	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1240	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1241			exec($cmd);
1242			}
1243	245388b4	Scott Ullrich
1244			} elseif($config['system'][$cmdn] <> "") {
1245	333f8ef0	Scott Ullrich
1246	245388b4	Scott Ullrich	/* execute single item */
1247			exec($config['system'][$cmdn]);
1248
1249	5b237745	Scott Ullrich	}
1250			}
1251
1252			function system_console_configure() {
1253	f19d3b7a	Scott Ullrich	global $config, $g;
1254	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1255			$mt = microtime();
1256	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1257	333f8ef0	Scott Ullrich	}
1258	0f282d7a	Scott Ullrich
1259	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1260			touch("{$g['varetc_path']}/disableconsole");
1261			} else {
1262			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1263			}
1264			}
1265
1266			function system_dmesg_save() {
1267	f19d3b7a	Scott Ullrich	global $g;
1268	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1269			$mt = microtime();
1270	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1271	f19d3b7a	Scott Ullrich	}
1272	0f282d7a	Scott Ullrich
1273	767a716e	Scott Ullrich	$dmesg = "";
1274	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1275	0f282d7a	Scott Ullrich
1276	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1277			$lastcpline = 0;
1278	0f282d7a	Scott Ullrich
1279	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1280			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1281			$lastcpline = $i;
1282			}
1283	0f282d7a	Scott Ullrich
1284	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1285			if (!$fd) {
1286			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1287			return 1;
1288			}
1289	0f282d7a	Scott Ullrich
1290	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1291			fwrite($fd, $dmesg[$i] . "\n");
1292	0f282d7a	Scott Ullrich
1293	5b237745	Scott Ullrich	fclose($fd);
1294	0f282d7a	Scott Ullrich
1295	5b237745	Scott Ullrich	return 0;
1296			}
1297
1298			function system_set_harddisk_standby() {
1299	f19d3b7a	Scott Ullrich	global $g, $config;
1300	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1301			$mt = microtime();
1302	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1303	58c7450e	Scott Ullrich	}
1304	5b237745	Scott Ullrich
1305			if (isset($config['system']['harddiskstandby'])) {
1306			if ($g['booting']) {
1307	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1308	5b237745	Scott Ullrich	}
1309
1310			$standby = $config['system']['harddiskstandby'];
1311			// Check for a numeric value
1312			if (is_numeric($standby)) {
1313			// Sync the disk(s)
1314			mwexec('/bin/sync');
1315			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1316			// Reinitialize ATA-drives
1317			mwexec('/usr/local/sbin/atareinit');
1318			if ($g['booting']) {
1319	5c6d0f65	Colin Smith	echo "done.\n";
1320	5b237745	Scott Ullrich	}
1321			} else if ($g['booting']) {
1322	5c6d0f65	Colin Smith	echo "failed!\n";
1323	5b237745	Scott Ullrich	}
1324			} else if ($g['booting']) {
1325	5c6d0f65	Colin Smith	echo "failed!\n";
1326	5b237745	Scott Ullrich	}
1327			}
1328			}
1329
1330	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1331	f19d3b7a	Scott Ullrich	global $config;
1332	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1333			$mt = microtime();
1334	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1335	58c7450e	Scott Ullrich	}
1336	243aa7b9	Scott Ullrich
1337	6df9d7e3	Scott Ullrich	activate_sysctls();
1338
1339	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1340			system_disable_arp_wrong_if();
1341			}
1342			}
1343
1344			function system_disable_arp_wrong_if() {
1345	f19d3b7a	Scott Ullrich	global $config;
1346	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1347			$mt = microtime();
1348	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1349	333f8ef0	Scott Ullrich	}
1350	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1351	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1352	3ff9d424	Scott Ullrich	}
1353
1354	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1355	f19d3b7a	Scott Ullrich	global $config;
1356	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1357			$mt = microtime();
1358	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1359	58c7450e	Scott Ullrich	}
1360	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1361	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1362	243aa7b9	Scott Ullrich	}
1363
1364	a199b93e	Scott Ullrich	function enable_watchdog() {
1365			global $config;
1366	1a479479	Scott Ullrich	return;
1367	a199b93e	Scott Ullrich	$install_watchdog = false;
1368			$supported_watchdogs = array("Geode");
1369			$file = file_get_contents("/var/log/dmesg.boot");
1370			foreach($supported_watchdogs as $sd) {
1371			if(stristr($file, "Geode")) {
1372			$install_watchdog = true;
1373			}
1374			}
1375			if($install_watchdog == true) {
1376	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1377	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1378	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1379	a199b93e	Scott Ullrich	}
1380			}
1381	15f14889	Scott Ullrich
1382			function system_check_reset_button() {
1383	fa83737d	Scott Ullrich	global $g;
1384	223ef06a	Scott Ullrich	if($g['platform'] != "nanobsd")
1385	fa83737d	Scott Ullrich	return 0;
1386	15f14889	Scott Ullrich
1387	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
1388
1389	15f14889	Scott Ullrich	if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix")
1390			return 0;
1391
1392			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
1393
1394			if ($retval == 99) {
1395			/* user has pressed reset button for 2 seconds -
1396			reset to factory defaults */
1397			echo <<<EOD
1398
1399			***********************************************************************
1400			* Reset button pressed - resetting configuration to factory defaults. *
1401			* The system will reboot after this completes. *
1402			***********************************************************************
1403
1404
1405			EOD;
1406
1407			reset_factory_defaults();
1408			system_reboot_sync();
1409			exit(0);
1410			}
1411
1412			return 0;
1413			}
1414
1415	31c9379c	Scott Ullrich	/* attempt to identify the specific platform (for embedded systems)
1416			Returns an array with two elements:
1417			name => platform string (e.g. 'wrap', 'alix' etc.)
1418			descr => human-readable description (e.g. "PC Engines WRAP")
1419			*/
1420			function system_identify_specific_platform() {
1421			global $g;
1422
1423			if ($g['platform'] == 'generic-pc')
1424			return array('name' => 'generic-pc', 'descr' => "Generic PC");
1425
1426			if ($g['platform'] == 'generic-pc-cdrom')
1427			return array('name' => 'generic-pc-cdrom', 'descr' => "Generic PC (CD-ROM)");
1428
1429			/* the rest of the code only deals with 'embedded' platforms */
1430	1a2911a7	Scott Ullrich	if ($g['platform'] != 'nanobsd')
1431	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
1432
1433			$dmesg = system_get_dmesg_boot();
1434
1435			if (strpos($dmesg, "PC Engines WRAP") !== false)
1436			return array('name' => 'wrap', 'descr' => 'PC Engines WRAP');
1437
1438			if (strpos($dmesg, "PC Engines ALIX") !== false)
1439			return array('name' => 'alix', 'descr' => 'PC Engines ALIX');
1440
1441			if (preg_match("/Soekris net45../", $dmesg, $matches))
1442			return array('name' => 'net45xx', 'descr' => $matches[0]);
1443
1444			if (preg_match("/Soekris net48../", $dmesg, $matches))
1445			return array('name' => 'net48xx', 'descr' => $matches[0]);
1446
1447			if (preg_match("/Soekris net55../", $dmesg, $matches))
1448			return array('name' => 'net55xx', 'descr' => $matches[0]);
1449
1450			/* unknown embedded platform */
1451			return array('name' => 'embedded', 'descr' => 'embedded (unknown)');
1452			}
1453
1454			function system_get_dmesg_boot() {
1455			global $g;
1456	d16af75d	Scott Ullrich
1457	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1458			}
1459
1460	3cc07282	Ermal	?>

Project

General

Profile

pfSense