/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ d1d0a1ad

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32	523855b0	Scott Ullrich	/*
33			pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route
34			pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/bin/netstat /usr/sbin/syslogd
35			pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir
36	5ba5a8de	Scott Ullrich	pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/sbin/ntpd /usr/sbin/ntpdate
37	c3b13d60	jim-p	pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload
38	523855b0	Scott Ullrich	pfSense_MODULE: utils
39			*/
40	0f282d7a	Scott Ullrich
41	8e9fa41d	Scott Ullrich	function activate_powerd() {
42			global $config, $g;
43			if(isset($config['system']['powerd_enable'])) {
44	c3b13d60	jim-p	if ($g["platform"] == "nanobsd")
45			exec("/sbin/kldload cpufreq");
46	8e9fa41d	Scott Ullrich	exec("/usr/sbin/powerd -b adp -a adp");
47			} else {
48	1e5c49aa	sullrich	if(is_process_running("powerd"))
49			exec("/usr/bin/killall powerd");
50	8e9fa41d	Scott Ullrich	}
51			}
52
53	3a35f55f	Scott Ullrich	function get_default_sysctl_value($id) {
54			global $sysctls;
55	f3c91cb5	Erik Fonnesbeck
56			if (isset($sysctls[$id]))
57			return $sysctls[$id];
58	3a35f55f	Scott Ullrich	}
59
60	6df9d7e3	Scott Ullrich	function activate_sysctls() {
61			global $config, $g;
62	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
63	ddcb7b8c	Bill Marquette	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
64	08c7e2e3	Chris Buechler	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
65	c0192947	Scott Ullrich	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
66	99e88aa0	Ermal Luçi
67	3a35f55f	Scott Ullrich	if(is_array($config['sysctl'])) {
68	cac19f50	Scott Ullrich	foreach($config['sysctl']['item'] as $tunable) {
69	b2d0140c	Scott Ullrich	if($tunable['value'] == "default") {
70			$value = get_default_sysctl_value($tunable['tunable']);
71			mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $value . "\"");
72			} else {
73	09f82b11	Administrator	mwexec("/sbin/sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\"");
74	b2d0140c	Scott Ullrich	}
75	d0b461f5	sullrich	}
76			}
77	6df9d7e3	Scott Ullrich	}
78
79	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
80	c3f535c0	Seth Mos	global $config, $g;
81
82			if(isset($config['system']['developerspew'])) {
83			$mt = microtime();
84			echo "system_resolvconf_generate() being called $mt\n";
85			}
86	ef217c69	Scott Ullrich
87	30cee7b2	Scott Ullrich	$syscfg = $config['system'];
88	ef217c69	Scott Ullrich
89	53bbbf04	Scott Ullrich	// Do not create blank domain lines, it breaks tools like dig.
90			if($syscfg['domain'])
91			$resolvconf = "domain {$syscfg['domain']}\n";
92	ef217c69	Scott Ullrich
93	30cee7b2	Scott Ullrich	$havedns = false;
94	ef217c69	Scott Ullrich
95	30cee7b2	Scott Ullrich	if (isset($syscfg['dnsallowoverride'])) {
96	c3f535c0	Seth Mos	/* get dynamically assigned DNS servers (if any) */
97	86dcdfc9	Ermal	$ns = array_unique(get_searchdomains());
98			foreach($ns as $searchserver) {
99			if($searchserver) {
100			$resolvconf .= "search {$searchserver}\n";
101			$havedns = true;
102			}
103			}
104	c3f535c0	Seth Mos	$ns = array_unique(get_nameservers());
105			foreach($ns as $nameserver) {
106			if($nameserver) {
107			$resolvconf .= "nameserver $nameserver\n";
108			$havedns = true;
109	e428c94d	Scott Ullrich	}
110	c3f535c0	Seth Mos	}
111	30cee7b2	Scott Ullrich	}
112			if (!$havedns && is_array($syscfg['dnsserver'])) {
113	c3f535c0	Seth Mos	foreach ($syscfg['dnsserver'] as $ns) {
114			if ($ns) {
115			$resolvconf .= "nameserver $ns\n";
116			$havedns = true;
117	e428c94d	Scott Ullrich	}
118	e180a6e3	Scott Ullrich	}
119	c3f535c0	Seth Mos	}
120	0f282d7a	Scott Ullrich
121	d97ff036	Ermal	$dnslock = lock('resolvconf', LOCK_EX);
122
123	e1daff07	Ermal	$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
124			if (!$fd) {
125			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
126	d97ff036	Ermal	unlock($dnslock);
127	e1daff07	Ermal	return 1;
128			}
129
130	30cee7b2	Scott Ullrich	fwrite($fd, $resolvconf);
131			fclose($fd);
132	0f282d7a	Scott Ullrich
133	30cee7b2	Scott Ullrich	if (!$g['booting']) {
134	c3f535c0	Seth Mos	/* restart dhcpd (nameservers may have changed) */
135			if (!$dynupdate)
136			services_dhcpd_configure();
137	30cee7b2	Scott Ullrich	}
138	ef217c69	Scott Ullrich
139	c3f535c0	Seth Mos	/* setup static routes for DNS servers. */
140			for ($dnscounter=1; $dnscounter<5; $dnscounter++) {
141			/* setup static routes for dns servers */
142			$dnsgw = "dns{$dnscounter}gwint";
143			if (isset($config['system'][$dnsgw])) {
144			$interface = $config['system'][$dnsgw];
145			if (($interface <> "") && ($interface <> "none")) {
146			$gatewayip = get_interface_gateway($interface);
147			if(is_ipaddr($gatewayip)) {
148			/* dns server array starts at 0 */
149	b875f306	Scott Ullrich	$dnscountermo = $dnscounter - 1;
150	84d07e67	Seth Mos	mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}", true);
151	c3f535c0	Seth Mos	mwexec("route add -host {$syscfg['dnsserver'][$dnscountermo]} {$gatewayip}");
152	b875f306	Scott Ullrich	}
153			}
154	e180a6e3	Scott Ullrich	}
155	c3f535c0	Seth Mos	}
156	d97ff036	Ermal
157			unlock($dnslock);
158
159	c3f535c0	Seth Mos	return 0;
160	5b237745	Scott Ullrich	}
161
162	86dcdfc9	Ermal	function get_searchdomains() {
163			global $config, $g;
164
165			$master_list = array();
166
167			// Read in dhclient nameservers
168	e1daff07	Ermal	$search_list = glob("/var/etc/searchdomain_*");
169	86dcdfc9	Ermal	if (is_array($search_lists)) {
170	807fd6cd	Ermal	foreach($search_lists as $fdns) {
171			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
172			if (!is_array($contents))
173			continue;
174			foreach ($contents as $dns) {
175			if(is_hostname($dns))
176			$master_list[] = $dns;
177			}
178	86dcdfc9	Ermal	}
179			}
180
181			return $master_list;
182			}
183
184	3d00ccaa	Scott Ullrich	function get_nameservers() {
185			global $config, $g;
186			$master_list = array();
187	30cee7b2	Scott Ullrich
188	2a1226ad	Scott Ullrich	// Read in dhclient nameservers
189	e1daff07	Ermal	$dns_lists = glob("/var/etc/nameserver_*");
190	1033de74	Ermal	if (is_array($dns_lists)) {
191	807fd6cd	Ermal	foreach($dns_lists as $fdns) {
192			$contents = file($fdns, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
193			if (!is_array($contents))
194			continue;
195			foreach ($contents as $dns) {
196			if(is_ipaddr($dns))
197			$master_list[] = $dns;
198			}
199	60951398	Scott Ullrich	}
200	3d00ccaa	Scott Ullrich	}
201	2a1226ad	Scott Ullrich
202			// Read in any extra nameservers
203			if(file_exists("/var/etc/nameservers.conf")) {
204	33818198	Ermal	$dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES);
205	e1daff07	Ermal	if(is_array($dns_s)) {
206	2a1226ad	Scott Ullrich	foreach($dns_s as $dns)
207	1033de74	Ermal	if (is_ipaddr($dns))
208			$master_list[] = $dns;
209	e1daff07	Ermal	}
210	2a1226ad	Scott Ullrich	}
211
212	3d00ccaa	Scott Ullrich	return $master_list;
213			}
214
215	5b237745	Scott Ullrich	function system_hosts_generate() {
216	f19d3b7a	Scott Ullrich	global $config, $g;
217	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
218			$mt = microtime();
219	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
220	f19d3b7a	Scott Ullrich	}
221	0f282d7a	Scott Ullrich
222	5b237745	Scott Ullrich	$syscfg = $config['system'];
223			$dnsmasqcfg = $config['dnsmasq'];
224
225			if (!is_array($dnsmasqcfg['hosts'])) {
226			$dnsmasqcfg['hosts'] = array();
227			}
228			$hostscfg = $dnsmasqcfg['hosts'];
229	0f282d7a	Scott Ullrich
230	58db1fc4	Ermal	$hosts = "127.0.0.1 localhost localhost.{$syscfg['domain']}\n";
231	aa994814	Andrew Thompson	$lhosts = "";
232			$dhosts = "";
233	a55e9c70	Ermal Lu?i
234	e5995f9d	Ermal	if ($config['interfaces']['lan']) {
235			$cfgip = get_interface_ip("lan");
236	f38f8062	Ermal	if (is_ipaddr($cfgip))
237			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
238	e5995f9d	Ermal	} else {
239			$sysiflist = get_configured_interface_list();
240			foreach ($sysiflist as $sysif) {
241			if (!interface_has_gateway($sysif)) {
242			$cfgip = get_interface_ip($sysif);
243			if (is_ipaddr($cfgip)) {
244			$hosts .= "{$cfgip} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}\n";
245			break;
246			}
247			}
248			}
249	f38f8062	Ermal	}
250	0f282d7a	Scott Ullrich
251	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
252			if ($host['host'])
253	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
254	5b237745	Scott Ullrich	else
255	aa994814	Andrew Thompson	$lhosts .= "{$host['ip']} {$host['domain']}\n";
256	5b237745	Scott Ullrich	}
257	da6155e0	Erik Fonnesbeck	if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) {
258	6a01ea44	Bill Marquette	foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
259			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
260	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
261	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
262	aa994814	Andrew Thompson	$dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
263	a56e787d	Scott Ullrich	}
264	58db1fc4	Ermal
265	aa994814	Andrew Thompson	if (isset($dnsmasqcfg['dhcpfirst']))
266			$hosts .= $dhosts . $lhosts;
267			else
268			$hosts .= $lhosts . $dhosts;
269
270	58db1fc4	Ermal	/*
271			* Do not remove this because dhcpleases monitors with kqueue it needs to be
272			* killed before writing to hosts files.
273			*/
274			if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) {
275			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
276			@unlink("{$g['varrun_path']}/dhcpleases.pid");
277			}
278			$fd = fopen("{$g['varetc_path']}/hosts", "w");
279			if (!$fd) {
280			log_error("Error: cannot open hosts file in system_hosts_generate().\n");
281			return 1;
282			}
283	5b237745	Scott Ullrich	fwrite($fd, $hosts);
284			fclose($fd);
285	0f282d7a	Scott Ullrich
286	24d619f5	Ermal	system_dhcpleases_configure();
287
288			return 0;
289			}
290
291			function system_dhcpleases_configure() {
292	15d456b9	gnhb	global $config, $g;
293
294	956950de	Ermal	/* Start the monitoring process for dynamic dhcpclients. */
295			if (isset($config['dnsmasq']['regdhcp'])) {
296			/* Make sure we do not error out */
297			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
298	15d456b9	gnhb	if (file_exists("{$g['varrun_path']}/dhcpleases.pid"))
299			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP");
300			else
301			mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts");
302			} else {
303			sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM");
304			@unlink("{$g['varrun_path']}/dhcpleases.pid");
305			}
306	5b237745	Scott Ullrich	}
307
308			function system_hostname_configure() {
309	f19d3b7a	Scott Ullrich	global $config, $g;
310	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
311			$mt = microtime();
312	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
313	333f8ef0	Scott Ullrich	}
314	0f282d7a	Scott Ullrich
315	5b237745	Scott Ullrich	$syscfg = $config['system'];
316	0f282d7a	Scott Ullrich
317	5b237745	Scott Ullrich	/* set hostname */
318	6bfccde7	Scott Ullrich	$status = mwexec("/bin/hostname " .
319	5b237745	Scott Ullrich	escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
320	6bfccde7	Scott Ullrich
321			/* Setup host GUID ID. This is used by ZFS. */
322			mwexec("/etc/rc.d/hostid start");
323
324			return $status;
325	5b237745	Scott Ullrich	}
326
327	1ea67f2e	Ermal	function system_routing_configure($interface = "") {
328	962625aa	Ermal	global $config, $g;
329	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
330			$mt = microtime();
331	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
332	58c7450e	Scott Ullrich	}
333	333f8ef0	Scott Ullrich
334	196b6749	Seth Mos	/* configure gif interfaces for ipv6 tunnels */
335	69bd3cc0	Seth Mos	// interfaces_gif_configure();
336	196b6749	Seth Mos
337	a529aced	Ermal	$gatewayip = "";
338			$interfacegw = "";
339	3cc07282	Ermal	$foundgw = false;
340	5a5413bb	Seth Mos	$gatewayipv6 = "";
341			$interfacegwv6 = "";
342			$foundgwv6 = false;
343	a529aced	Ermal	/* tack on all the hard defined gateways as well */
344			if (is_array($config['gateways']['gateway_item'])) {
345	d499c12b	Ermal	mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true);
346	a529aced	Ermal	foreach ($config['gateways']['gateway_item'] as $gateway) {
347	5a5413bb	Seth Mos	if (isset($gateway['defaultgw']) && (is_ipaddrv4($gateway['gateway']))) {
348	911a262f	smos	if(strstr($gateway['gateway'], ":"))
349			break;
350	a529aced	Ermal	if ($gateway['gateway'] == "dynamic")
351			$gateway['gateway'] = get_interface_gateway($gateway['interface']);
352			$gatewayip = $gateway['gateway'];
353			$interfacegw = $gateway['interface'];
354	924f202e	Ermal	if (!empty($interfacegw)) {
355			$defaultif = get_real_interface($gateway['interface']);
356			if ($defaultif)
357			@file_put_contents("{$g['tmp_path']}/{$defaultif}_defaultgw", $gatewayip);
358			}
359			$foundgw = true;
360	a529aced	Ermal	break;
361			}
362	6e17413e	Ermal Lu?i	}
363	5a5413bb	Seth Mos	foreach ($config['gateways']['gateway_item'] as $gateway) {
364			if (isset($gateway['defaultgw']) && (is_ipaddrv6($gateway['gateway']))) {
365			if ($gateway['gateway'] == "dynamic")
366			$gateway['gateway'] = get_interface_gateway_v6($gateway['interface']);
367			$gatewayipv6 = $gateway['gateway'];
368			$interfacegwv6 = $gateway['interface'];
369			if (!empty($interfacegwv6)) {
370	4f332466	Seth Mos	$defaultifv6 = get_real_interface($gateway['interface']);
371			if ($defaultifv6)
372	17a5b095	Seth Mos	@file_put_contents("{$g['tmp_path']}/{$defaultifv6}_defaultgwv6", $gatewayipv6);
373	5a5413bb	Seth Mos	}
374			$foundgwv6 = true;
375			break;
376			}
377			}
378	b24bda08	Scott Ullrich	}
379	3cc07282	Ermal	if ($foundgw == false) {
380			$defaultif = get_real_interface("wan");
381			$interfacegw = "wan";
382			$gatewayip = get_interface_gateway("wan");
383			@touch("{$g['tmp_path']}/{$defaultif}_defaultgw");
384			}
385	5a5413bb	Seth Mos	if ($foundgwv6 == false) {
386	4f332466	Seth Mos	$defaultifv6 = get_real_interface("wan");
387			$interfacegwv6 = "wan";
388			$gatewayipv6 = get_interface_gateway_v6("wan");
389	5a5413bb	Seth Mos	@touch("{$g['tmp_path']}/{$defaultif}_defaultgwv6");
390	17a5b095	Seth Mos	}
391	d173230c	Seth Mos	$dont_add_route = false;
392			/* if OLSRD is enabled, allow WAN to house DHCP. */
393			if($config['installedpackages']['olsrd']) {
394			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
395			if($olsrd['enabledyngw'] == "on") {
396			$dont_add_route = true;
397	6e17413e	Ermal Lu?i	break;
398	d173230c	Seth Mos	}
399			}
400			}
401	5a5413bb	Seth Mos	/* Create a array from the existing inet route table */
402	07b54e8c	smos	exec("/usr/bin/netstat -rnf inet", $route_str);
403			array_shift($route_str);
404			array_shift($route_str);
405			array_shift($route_str);
406			array_shift($route_str);
407			$route_arr = array();
408			foreach($route_str as $routeline) {
409			$items = preg_split("/[ ]+/i", $routeline);
410	aceedad4	Ermal	$route_arr[$items[0]] = array($items[0], $items[1], $items[5]);
411	07b54e8c	smos	}
412
413	1ea67f2e	Ermal	if ($dont_add_route == false ) {
414	8d29cef4	Ermal	if (!empty($interface) && $interface != $interfacegw)
415	1ea67f2e	Ermal	;
416	5a5413bb	Seth Mos	else if (($interfacegw <> "bgpd") && (is_ipaddrv4($gatewayip))) {
417	b61154fb	smos	$action = "add";
418			if(isset($route_arr['default'])) {
419	07b54e8c	smos	$action = "change";
420			}
421	b61154fb	smos	log_error("ROUTING: $action default route to $gatewayip");
422	96e889fc	smos	mwexec("/sbin/route {$action} -inet default " . escapeshellarg($gatewayip));
423	d173230c	Seth Mos	}
424			}
425
426	5a5413bb	Seth Mos	/* Create a array from the existing inet6 route table */
427			exec("/usr/bin/netstat -rnf inet6", $routev6_str);
428			array_shift($routev6_str);
429			array_shift($routev6_str);
430			array_shift($routev6_str);
431			array_shift($routev6_str);
432			$routev6_arr = array();
433			foreach($routev6_str as $routeline) {
434			$items = preg_split("/[ ]+/i", $routeline);
435	fe73e93f	Seth Mos	$routev6_arr[$items[0]] = array($items[0], $items[1], $items[5]);
436	5a5413bb	Seth Mos	}
437
438			if ($dont_add_route == false ) {
439	17a5b095	Seth Mos	if (!empty($interface) && $interface != $interfacegwv6)
440	5a5413bb	Seth Mos	;
441			else if (($interfacegwv6 <> "bgpd") && (is_ipaddrv6($gatewayipv6))) {
442			$action = "add";
443			if(isset($routev6_arr['default'])) {
444			$action = "change";
445			}
446			log_error("ROUTING: $action IPv6 default route to $gatewayipv6");
447			mwexec("/sbin/route {$action} -inet6 default " . escapeshellarg($gatewayipv6));
448			}
449			}
450
451	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
452	a529aced	Ermal	$gateways_arr = return_gateways_array();
453	0f282d7a	Scott Ullrich
454	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
455	a529aced	Ermal	$gatewayip = "";
456	a02708b1	Ermal	if (empty($gateways_arr[$rtent['gateway']])) {
457	4a896b86	Carlos Eduardo Ramos	log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
458	a529aced	Ermal	continue;
459			}
460	a02708b1	Ermal	$gateway = $gateways_arr[$rtent['gateway']];
461	1801c223	Ermal	if (!empty($interface) && $interface != $gateway['friendlyiface'])
462	a02708b1	Ermal	continue;
463	9740fad8	Seth Mos
464	a02708b1	Ermal	$gatewayip = $gateway['gateway'];
465			$interfacegw = $gateway['interface'];
466	a529aced	Ermal	$action = "add";
467	b61154fb	smos	if (isset($route_arr[$rtent['network']]))
468	a529aced	Ermal	$action = "change";
469
470	5a5413bb	Seth Mos	if(is_ipaddrv6($gatewayip)) {
471	2db19fec	Seth Mos	$inetfamily = "-inet6";
472	5a5413bb	Seth Mos	} else {
473	2db19fec	Seth Mos	$inetfamily = "-inet";
474	5a5413bb	Seth Mos	}
475	a529aced	Ermal	if (is_ipaddr($gatewayip)) {
476	2db19fec	Seth Mos	mwexec("/sbin/route {$action} {$inetfamily} " . escapeshellarg($rtent['network']) .
477	b24bda08	Scott Ullrich	" " . escapeshellarg($gatewayip));
478	a529aced	Ermal	} else if (!empty($interfacegw)) {
479	2db19fec	Seth Mos	mwexec("/sbin/route {$action} {$inetfamily} " . escapeshellarg($rtent['network']) .
480	a529aced	Ermal	" -iface " . escapeshellarg($interfacegw));
481	7a98edde	Seth Mos	}
482	5b237745	Scott Ullrich	}
483			}
484	67ee1ec5	Ermal Luçi
485	b9c501ea	Seth Mos	return 0;
486	5b237745	Scott Ullrich	}
487
488			function system_routing_enable() {
489	f19d3b7a	Scott Ullrich	global $config, $g;
490	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
491			$mt = microtime();
492	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
493	58c7450e	Scott Ullrich	}
494	0f282d7a	Scott Ullrich
495	6da3df4e	Seth Mos	mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
496			mwexec("/sbin/sysctl net.inet6.ip6.forwarding=1");
497			return;
498	5b237745	Scott Ullrich	}
499
500			function system_syslogd_start() {
501	f19d3b7a	Scott Ullrich	global $config, $g;
502	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
503			$mt = microtime();
504	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
505	58c7450e	Scott Ullrich	}
506	0f282d7a	Scott Ullrich
507	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
508
509	0f282d7a	Scott Ullrich	if ($g['booting'])
510	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting syslog...");
511	5b237745	Scott Ullrich	else
512			killbypid("{$g['varrun_path']}/syslog.pid");
513	0f282d7a	Scott Ullrich
514	99f98b80	sullrich	if(is_process_running("syslogd"))
515			mwexec("/usr/bin/killall -9 syslogd");
516			if(is_process_running("fifolog_writer"))
517			mwexec("/usr/bin/killall -9 fifolog_writer");
518	7ee97cb3	Scott Ullrich
519			// Define carious commands for logging
520			$fifolog_create = "/usr/sbin/fifolog_create -s ";
521			$fifolog_log = "\|/usr/sbin/fifolog_writer ";
522			$clog_create = "/usr/sbin/clog -i -s ";
523			$clog_log = "%";
524
525			// Which logging type are we using this week??
526			if(isset($config['system']['usefifolog'])) {
527			$log_directive = $fifolog_log;
528			$log_create_directive = $fifolog_create;
529			} else { // Defaults to CLOG
530			$log_directive = $clog_log;
531			$log_create_directive = $clog_create;
532			}
533
534	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
535	a6607b5f	jim-p	$separatelogfacilities = array('ntpd','racoon','openvpn','pptps','poes','l2tps');
536	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
537	0d9d2a1b	Scott Ullrich	foreach($config['installedpackages']['package'] as $package) {
538			if($package['logging']) {
539	d589cccf	Warren Baker	array_push($separatelogfacilities, $package['logging']['facilityname']);
540	7ee97cb3	Scott Ullrich	mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}");
541	eeb52fea	Warren Baker	$syslogconf .= "!{$package['logging']['facilityname']}\n.\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
542	a728d2ea	Colin Smith	}
543	0d9d2a1b	Scott Ullrich	}
544			}
545	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
546	0d9d2a1b	Scott Ullrich	/* write syslog.conf */
547	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
548			if (!$fd) {
549	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
550	5b237745	Scott Ullrich	return 1;
551			}
552	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
553	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
554	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ntpd.log\n";
555	295e19dd	Scott Ullrich	$syslogconf .= "!ppp\n";
556			if (!isset($syslogcfg['disablelocallogging']))
557			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ppp.log\n";
558	a6607b5f	jim-p	$syslogconf .= "!pptps\n";
559	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
560	a6607b5f	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/pptps.log\n";
561			$syslogconf .= "!poes\n";
562	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
563	a6607b5f	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/poes.log\n";
564			$syslogconf .= "!l2tps\n";
565	328efaba	Ermal	if (!isset($syslogcfg['disablelocallogging']))
566	a6607b5f	jim-p	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/l2tps.log\n";
567	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
568	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
569	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/ipsec.log\n";
570	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
571			if($syslogcfg['remoteserver'])
572			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
573			if($syslogcfg['remoteserver2'])
574			$syslogconf .= ". @{$syslogcfg['remoteserver2']}\n";
575			if($syslogcfg['remoteserver3'])
576			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
577			}
578	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
579	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
580	fe5f3b38	Scott Ullrich	$syslogconf .= ". {$log_directive}{$g['varlog_path']}/openvpn.log\n";
581	be5d59d7	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
582			if($syslogcfg['remoteserver'])
583			$syslogconf .= ". @{$syslogcfg['remoteserver']}\n";
584			if($syslogcfg['remoteserver2'])
585			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
586			if($syslogcfg['remoteserver3'])
587			$syslogconf .= ". @{$syslogcfg['remoteserver3']}\n";
588			}
589	7bc41b19	jim-p	$syslogconf .= "!apinger\n";
590			if (!isset($syslogcfg['disablelocallogging']))
591			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/apinger.log\n";
592	087a89f8	Chris Buechler	$syslogconf .= "!relayd\n";
593			$syslogconf .= ". {$log_directive}{$g['varlog_path']}/relayd.log\n";
594	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
595	0d9d2a1b	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging']))
596	5b237745	Scott Ullrich	$syslogconf .= <<<EOD
597	fe5f3b38	Scott Ullrich	local0.* {$log_directive}{$g['varlog_path']}/filter.log
598	4f7ead45	Scott Ullrich	local3.* {$log_directive}{$g['varlog_path']}/vpn.log
599	fe5f3b38	Scott Ullrich	local4.* {$log_directive}{$g['varlog_path']}/portalauth.log
600			local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log
601			*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log
602			news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log
603			local7.none {$log_directive}{$g['varlog_path']}/system.log
604			security.* {$log_directive}{$g['varlog_path']}/system.log
605			auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log
606	6d8ff5e9	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf 15
607	9dac9942	Scott Ullrich	.emerg
608	0a123b4c	Scott Ullrich
609	5b237745	Scott Ullrich	EOD;
610	be5d59d7	Scott Ullrich	if (isset($syslogcfg['filter'])) {
611			if($syslogcfg['remoteserver'])
612			$syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n";
613			if($syslogcfg['remoteserver2'])
614			$syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n";
615			if($syslogcfg['remoteserver3'])
616			$syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n";
617
618			}
619			if (isset($syslogcfg['vpn'])) {
620			if($syslogcfg['remoteserver'])
621			$syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n";
622			if($syslogcfg['remoteserver2'])
623			$syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n";
624			if($syslogcfg['remoteserver3'])
625			$syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n";
626			}
627			if (isset($syslogcfg['portalauth'])) {
628			if($syslogcfg['remoteserver'])
629			$syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n";
630			if($syslogcfg['remoteserver2'])
631			$syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n";
632			if($syslogcfg['remoteserver3'])
633			$syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n";
634			}
635			if (isset($syslogcfg['dhcp'])) {
636			if($syslogcfg['remoteserver'])
637			$syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n";
638			if($syslogcfg['remoteserver2'])
639			$syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n";
640			if($syslogcfg['remoteserver3'])
641			$syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n";
642			}
643			if (isset($syslogcfg['system'])) {
644			if($syslogcfg['remoteserver'])
645			$syslogconf .= <<<EOD
646	9dac9942	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
647			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
648			security.* @{$syslogcfg['remoteserver']}
649			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
650			*.emerg @{$syslogcfg['remoteserver']}
651	d2834563	Scott Ullrich
652	5b237745	Scott Ullrich	EOD;
653	be5d59d7	Scott Ullrich
654	07bdaacd	pierrepomes	}
655
656	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
657			if($syslogcfg['remoteserver2'])
658			$syslogconf .= <<<EOD
659			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']}
660			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']}
661			security.* @{$syslogcfg['remoteserver2']}
662			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']}
663			*.emerg @{$syslogcfg['remoteserver2']}
664
665			EOD;
666
667	07bdaacd	pierrepomes	}
668
669	be5d59d7	Scott Ullrich	if (isset($syslogcfg['system'])) {
670			if($syslogcfg['remoteserver3'])
671			$syslogconf .= <<<EOD
672			*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']}
673			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']}
674			security.* @{$syslogcfg['remoteserver3']}
675			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']}
676			*.emerg @{$syslogcfg['remoteserver3']}
677
678			EOD;
679
680			}
681	4ef2d703	Chris Buechler	if (isset($syslogcfg['logall'])) {
682	be5d59d7	Scott Ullrich	if($syslogcfg['remoteserver'])
683			$syslogconf .= <<<EOD
684	4ef2d703	Chris Buechler	. @{$syslogcfg['remoteserver']}
685
686			EOD;
687	be5d59d7	Scott Ullrich
688			if($syslogcfg['remoteserver2'])
689			$syslogconf .= <<<EOD
690			. @{$syslogcfg['remoteserver2']}
691
692			EOD;
693
694			if($syslogcfg['remoteserver3'])
695			$syslogconf .= <<<EOD
696			. @{$syslogcfg['remoteserver3']}
697
698			EOD;
699
700			}
701	a213ad18	Andrew Thompson	if (isset($syslogcfg['zmqserver'])) {
702			$syslogconf .= <<<EOD
703			. ^{$syslogcfg['zmqserver']}
704
705			EOD;
706			}
707	5b237745	Scott Ullrich	fwrite($fd, $syslogconf);
708			fclose($fd);
709	42ee8bde	Scott Ullrich
710			// Ensure that the log directory exists
711	81868072	Scott Ullrich	if(!is_dir("{$g['dhcpd_chroot_path']}/var/run"))
712	42ee8bde	Scott Ullrich	exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run");
713
714	6a638a89	Scott Ullrich	// Are we logging to a least one remote server ?
715			if(strpos($syslogconf, "@") != false)
716	f8895161	jim-p	$retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf");
717	6a638a89	Scott Ullrich	else
718	65f7fba8	Scott Ullrich	$retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf");
719	5b237745	Scott Ullrich
720			} else {
721	65f7fba8	Scott Ullrich	$retval = mwexec("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log");
722	5b237745	Scott Ullrich	}
723	0f282d7a	Scott Ullrich
724	5b237745	Scott Ullrich	if ($g['booting'])
725	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
726	0f282d7a	Scott Ullrich
727	5b237745	Scott Ullrich	return $retval;
728			}
729
730			function system_pccard_start() {
731	f19d3b7a	Scott Ullrich	global $config, $g;
732	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
733			$mt = microtime();
734	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
735	58c7450e	Scott Ullrich	}
736	0f282d7a	Scott Ullrich
737	5b237745	Scott Ullrich	if ($g['booting'])
738	4a896b86	Carlos Eduardo Ramos	echo gettext("Initializing PCMCIA...");
739	0f282d7a	Scott Ullrich
740	5b237745	Scott Ullrich	/* kill any running pccardd */
741			killbypid("{$g['varrun_path']}/pccardd.pid");
742	0f282d7a	Scott Ullrich
743	5b237745	Scott Ullrich	/* fire up pccardd */
744			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
745	0f282d7a	Scott Ullrich
746	5b237745	Scott Ullrich	if ($g['booting']) {
747			if ($res == 0)
748	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
749	5b237745	Scott Ullrich	else
750	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
751	5b237745	Scott Ullrich	}
752	0f282d7a	Scott Ullrich
753	5b237745	Scott Ullrich	return $res;
754			}
755
756	819197a8	Scott Ullrich
757	5b237745	Scott Ullrich	function system_webgui_start() {
758	f19d3b7a	Scott Ullrich	global $config, $g;
759	877ac35d	Scott Ullrich
760			if ($g['booting'])
761	4a896b86	Carlos Eduardo Ramos	echo gettext("Starting webConfigurator...");
762	877ac35d	Scott Ullrich
763	383a4439	Scott Ullrich	/* kill any running lighttpd */
764	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
765
766	e9d0bf64	Scott Ullrich	sleep(1);
767
768	877ac35d	Scott Ullrich	chdir($g['www_path']);
769
770	fb1266d3	Matthew Grooms	/* defaults */
771			$portarg = "80";
772			$crt = "";
773			$key = "";
774	2cf6ddcb	Nigel Graham	$ca = "";
775	fb1266d3	Matthew Grooms
776	877ac35d	Scott Ullrich	/* non-standard port? */
777	f4875d35	Ermal Lu?i	if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "")
778	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
779	877ac35d	Scott Ullrich
780			if ($config['system']['webgui']['protocol'] == "https") {
781	02b383fe	sullrich	// Ensure that we have a webConfigurator CERT
782	fb1266d3	Matthew Grooms	$cert =& lookup_cert($config['system']['webgui']['ssl-certref']);
783	02b383fe	sullrich	if(!is_array($cert) && !$cert['crt'] && !$cert['prv']) {
784	1e332e98	jim-p	if (!is_array($config['ca']))
785			$config['ca'] = array();
786			$a_ca =& $config['ca'];
787			if (!is_array($config['cert']))
788			$config['cert'] = array();
789			$a_cert =& $config['cert'];
790	e9954aef	Scott Ullrich	log_error("Creating SSL Certificate for this host");
791	aab4ca82	Scott Ullrich	$cert = array();
792			$cert['refid'] = uniqid();
793	4816e5ca	Renato Botelho	$cert['descr'] = gettext("webConfigurator default");
794	6955830f	Ermal Lu?i	mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
795			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha1 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
796			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
797			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
798			unlink("{$g['tmp_path']}/ssl.key");
799			unlink("{$g['tmp_path']}/ssl.crt");
800	aab4ca82	Scott Ullrich	cert_import($cert, $crt, $key);
801			$a_cert[] = $cert;
802			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
803	4a896b86	Carlos Eduardo Ramos	write_config(gettext("Importing HTTPS certificate"));
804	aab4ca82	Scott Ullrich	if(!$config['system']['webgui']['port'])
805			$portarg = "443";
806			$ca = ca_chain($cert);
807	edc8a9f8	jim-p	} else {
808	fb1266d3	Matthew Grooms	$crt = base64_decode($cert['crt']);
809			$key = base64_decode($cert['prv']);
810			if(!$config['system']['webgui']['port'])
811			$portarg = "443";
812	2cf6ddcb	Nigel Graham	$ca = ca_chain($cert);
813	edc8a9f8	jim-p	}
814	877ac35d	Scott Ullrich	}
815
816			/* generate lighttpd configuration */
817	c41602e1	jim-p	$max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
818	877ac35d	Scott Ullrich	system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
819	c41602e1	jim-p	$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
820			"cert.pem", "ca.pem", $max_procs);
821	877ac35d	Scott Ullrich
822			/* attempt to start lighthttpd */
823			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
824
825	cc093472	sullrich	/* fetch page to preload apc cache */
826	eb0f4fc6	Ermal Lu?i	$proto = "http";
827			if ($config['system']['webgui']['protocol'])
828			$proto = $config['system']['webgui']['protocol'];
829	bd96ff65	Ermal Lu?i	mwexec_bg("/usr/bin/fetch -o /dev/null -q {$proto}://localhost:{$portarg}/preload.php");
830	cc093472	sullrich
831	877ac35d	Scott Ullrich	if ($g['booting']) {
832			if ($res == 0)
833	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
834	877ac35d	Scott Ullrich	else
835	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
836	877ac35d	Scott Ullrich	}
837
838			return $res;
839			}
840
841	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
842			$cert,
843			$key,
844	2cf6ddcb	Nigel Graham	$ca,
845	eb0f441c	Scott Ullrich	$pid_file,
846			$port = 80,
847			$document_root = "/usr/local/www/",
848			$cert_location = "cert.pem",
849	2cf6ddcb	Nigel Graham	$ca_location = "ca.pem",
850	1b666ae2	Scott Ullrich	$max_procs = 2,
851	280b75d9	Scott Ullrich	$max_requests = "2",
852	eb0f441c	Scott Ullrich	$fast_cgi_enable = true,
853			$captive_portal = false) {
854	58c7450e	Scott Ullrich
855	f19d3b7a	Scott Ullrich	global $config, $g;
856
857	6955830f	Ermal Lu?i	if(!is_dir("{$g['tmp_path']}/lighttpdcompress"))
858			mkdir("{$g['tmp_path']}/lighttpdcompress");
859	570ef08c	sullrich
860	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
861			$mt = microtime();
862	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
863	58c7450e	Scott Ullrich	}
864
865	eb0f441c	Scott Ullrich	if($captive_portal == true) {
866			$captiveportal = ",\"mod_rewrite\"";
867	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
868	ec192fe5	Scott Ullrich	$captive_portal_module = "";
869	b0bdc06e	Scott Ullrich	$maxprocperip = $config['captiveportal']['maxprocperip'];
870	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
871			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
872			else
873			$captive_portal_mod_evasive = "";
874	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['tmp_path']}/captiveportal/\" )\n";
875			exec("mkdir -p {$g['tmp_path']}/captiveportal");
876			exec("chmod a-w {$g['tmp_path']}/captiveportal");
877	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
878	b0bdc06e	Scott Ullrich	} else {
879	3435dc35	Ermal Lu?i	$captiveportal = "";
880			$captive_portal_rewrite = "";
881	b0bdc06e	Scott Ullrich	$captive_portal_module = "";
882			$captive_portal_mod_evasive = "";
883	6955830f	Ermal Lu?i	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"{$g['tmp_path']}/\", \"/var/\" )\n";
884	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
885	eb0f441c	Scott Ullrich	}
886	3306a341	Scott Ullrich
887	28cae949	Scott Ullrich	if($port <> "")
888			$lighty_port = $port;
889			else
890			$lighty_port = "80";
891	3d77d4c4	Scott Ullrich
892			$memory = get_memory();
893			$avail = $memory[0];
894
895	f4ebc84a	Scott Ullrich	if($avail > 0 and $avail < 65) {
896			$fast_cgi_enable = false;
897			}
898
899	70cc6249	Scott Ullrich	// Ramp up captive portal max procs
900	c41602e1	jim-p	// Work relative to the default of 2, for values that would be >2.
901	70cc6249	Scott Ullrich	if($captive_portal == true) {
902			if($avail > 65 and $avail < 98) {
903			$max_procs = 1;
904			}
905			if($avail > 97 and $avail < 128) {
906			$max_procs = 2;
907			}
908			if($avail > 127 and $avail < 256) {
909	c41602e1	jim-p	$max_procs += 1;
910	70cc6249	Scott Ullrich	}
911			if($avail > 255 and $avail < 384) {
912	c41602e1	jim-p	$max_procs += 2;
913	70cc6249	Scott Ullrich	}
914			if($avail > 383) {
915	c41602e1	jim-p	$max_procs += 3;
916	70cc6249	Scott Ullrich	}
917	b0bdc06e	Scott Ullrich	}
918
919	6e337a84	Scott Ullrich	if($captive_portal == true) {
920			$bin_environment = <<<EOC
921	5d2e5116	jim-p	"bin-environment" => (
922			"PHP_FCGI_CHILDREN" => "$max_procs",
923			"PHP_FCGI_MAX_REQUESTS" => "500"
924			),
925	6e337a84	Scott Ullrich	EOC;
926
927	04f4a116	Ermal Luçi	} else if ($avail > 0 and $avail < 128) {
928			$bin_environment = <<<EOC
929	5d2e5116	jim-p	"bin-environment" => (
930			"PHP_FCGI_CHILDREN" => "$max_procs",
931			"PHP_FCGI_MAX_REQUESTS" => "2",
932			),
933	04f4a116	Ermal Luçi
934			EOC;
935			} else
936	980df75c	Scott Ullrich	$bin_environment = <<<EOC
937	5d2e5116	jim-p	"bin-environment" => (
938			"PHP_FCGI_CHILDREN" => "$max_procs",
939			"PHP_FCGI_MAX_REQUESTS" => "500"
940			),
941	980df75c	Scott Ullrich	EOC;
942
943	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
944	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
945	4edb490d	Scott Ullrich	$cgi_config = "";
946			$fastcgi_config = <<<EOD
947			#### fastcgi module
948			## read fastcgi.txt for more info
949	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
950			( "localhost" =>
951			(
952	6955830f	Ermal Lu?i	"socket" => "{$g['tmp_path']}/php-fastcgi.socket",
953	980df75c	Scott Ullrich	"min-procs" => 0,
954	b0bdc06e	Scott Ullrich	"max-procs" => {$max_procs},
955	5d2e5116	jim-p	{$bin_environment}
956	b0bdc06e	Scott Ullrich	"bin-path" => "/usr/local/bin/php"
957			)
958			)
959			)
960	4edb490d	Scott Ullrich
961	dde4f60c	Scott Ullrich	#### CGI module
962	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
963	dde4f60c	Scott Ullrich
964	4edb490d	Scott Ullrich	EOD;
965			} else {
966			$fastcgi_config = "";
967			$module = "\"mod_cgi\"";
968			$cgi_config = <<<EOD
969			#### CGI module
970			cgi.assign = ( ".php" => "/usr/local/bin/php",
971	d4302f46	Espen Johansen	".cgi" => "" )
972	333f8ef0	Scott Ullrich
973	4edb490d	Scott Ullrich	EOD;
974			}
975	333f8ef0	Scott Ullrich
976	3435dc35	Ermal Lu?i	$lighty_config = "";
977	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
978	28cae949	Scott Ullrich	#
979	a632cf43	Scott Ullrich	# lighttpd configuration file
980			#
981			# use a it as base for lighttpd 1.0.0 and above
982	28cae949	Scott Ullrich	#
983	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
984
985	770b4b9c	Scott Ullrich	## FreeBSD!
986	60ff6204	Scott Ullrich	server.event-handler = "freebsd-kqueue"
987			server.network-backend = "writev"
988	543ecd59	Seth Mos	#server.use-ipv6 = "enable"
989	096261af	Scott Ullrich
990	a632cf43	Scott Ullrich	## modules to load
991	4edb490d	Scott Ullrich	server.modules = (
992	a41c5253	Seth Mos	{$captive_portal_module}
993			"mod_access", "mod_accesslog", "mod_expire", "mod_compress", "mod_redirect",
994			{$module}{$captiveportal}
995			)
996	28cae949	Scott Ullrich
997			## Unused modules
998	6a019c11	Scott Ullrich	# "mod_setenv",
999			# "mod_rewrite",
1000	28cae949	Scott Ullrich	# "mod_ssi",
1001			# "mod_usertrack",
1002			# "mod_expire",
1003			# "mod_secdownload",
1004			# "mod_rrdtool",
1005	a632cf43	Scott Ullrich	# "mod_auth",
1006			# "mod_status",
1007	28cae949	Scott Ullrich	# "mod_alias",
1008	a632cf43	Scott Ullrich	# "mod_proxy",
1009			# "mod_simple_vhost",
1010			# "mod_evhost",
1011			# "mod_userdir",
1012	28cae949	Scott Ullrich	# "mod_cgi",
1013	a632cf43	Scott Ullrich
1014	d9acea75	Scott Ullrich	server.max-keep-alive-requests = 15
1015			server.max-keep-alive-idle = 30
1016
1017	a632cf43	Scott Ullrich	## a static document-root, for virtual-hosting take look at the
1018			## server.virtual-* options
1019	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
1020	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
1021	a632cf43	Scott Ullrich
1022	38a9a1ab	Scott Ullrich	# Maximum idle time with nothing being written (php downloading)
1023			server.max-write-idle = 999
1024
1025	a632cf43	Scott Ullrich	## where to send error-messages to
1026	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
1027	a632cf43	Scott Ullrich
1028			# files to check for if .../ is requested
1029			server.indexfiles = ( "index.php", "index.html",
1030			"index.htm", "default.htm" )
1031
1032			# mimetype mapping
1033			mimetype.assign = (
1034			".pdf" => "application/pdf",
1035			".sig" => "application/pgp-signature",
1036			".spl" => "application/futuresplash",
1037			".class" => "application/octet-stream",
1038			".ps" => "application/postscript",
1039			".torrent" => "application/x-bittorrent",
1040			".dvi" => "application/x-dvi",
1041			".gz" => "application/x-gzip",
1042			".pac" => "application/x-ns-proxy-autoconfig",
1043			".swf" => "application/x-shockwave-flash",
1044			".tar.gz" => "application/x-tgz",
1045			".tgz" => "application/x-tgz",
1046			".tar" => "application/x-tar",
1047			".zip" => "application/zip",
1048			".mp3" => "audio/mpeg",
1049			".m3u" => "audio/x-mpegurl",
1050			".wma" => "audio/x-ms-wma",
1051			".wax" => "audio/x-ms-wax",
1052			".ogg" => "audio/x-wav",
1053			".wav" => "audio/x-wav",
1054			".gif" => "image/gif",
1055			".jpg" => "image/jpeg",
1056			".jpeg" => "image/jpeg",
1057			".png" => "image/png",
1058			".xbm" => "image/x-xbitmap",
1059			".xpm" => "image/x-xpixmap",
1060			".xwd" => "image/x-xwindowdump",
1061			".css" => "text/css",
1062			".html" => "text/html",
1063			".htm" => "text/html",
1064			".js" => "text/javascript",
1065			".asc" => "text/plain",
1066			".c" => "text/plain",
1067			".conf" => "text/plain",
1068			".text" => "text/plain",
1069			".txt" => "text/plain",
1070			".dtd" => "text/xml",
1071			".xml" => "text/xml",
1072			".mpeg" => "video/mpeg",
1073			".mpg" => "video/mpeg",
1074			".mov" => "video/quicktime",
1075			".qt" => "video/quicktime",
1076			".avi" => "video/x-msvideo",
1077			".asf" => "video/x-ms-asf",
1078			".asx" => "video/x-ms-asf",
1079			".wmv" => "video/x-ms-wmv",
1080			".bz2" => "application/x-bzip",
1081			".tbz" => "application/x-bzip-compressed-tar",
1082			".tar.bz2" => "application/x-bzip-compressed-tar"
1083			)
1084
1085			# Use the "Content-Type" extended attribute to obtain mime type if possible
1086			#mimetypes.use-xattr = "enable"
1087
1088			#### accesslog module
1089	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
1090	a632cf43	Scott Ullrich
1091			## deny access the file-extensions
1092			#
1093			# ~ is for backupfiles from vi, emacs, joe, ...
1094			# .inc is often used for code includes which should in general not be part
1095			# of the document-root
1096			url.access-deny = ( "~", ".inc" )
1097
1098
1099			######### Options that are good to be but not neccesary to be changed #######
1100
1101			## bind to port (default: 80)
1102	9cb94dd4	Ermal
1103			EOD;
1104
1105	543ecd59	Seth Mos	if($captive_portal == true) {
1106	9cb94dd4	Ermal	$lighty_config .= "server.bind = \"127.0.0.1\"\n";
1107	543ecd59	Seth Mos	$lighty_config .= "server.port = {$lighty_port}\n";
1108	a41c5253	Seth Mos	$lighty_config .= "\$SERVER[\"socket\"] == \"127.0.0.1:{$lighty_port}\" { }\n";
1109			$lighty_config .= "\$SERVER[\"socket\"] == \"[::1]:{$lighty_port}\" { \n";
1110	293079d1	Seth Mos	if($cert <> "" and $key <> "") {
1111			$lighty_config .= "\n";
1112			$lighty_config .= "## ssl configuration\n";
1113			$lighty_config .= "ssl.engine = \"enable\"\n";
1114			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1115			if($ca <> "")
1116			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1117			}
1118			$lighty_config .= " }\n";
1119	543ecd59	Seth Mos	} else {
1120	5b6661d8	Seth Mos	$lighty_config .= "server.bind = \"0.0.0.0\"\n";
1121	543ecd59	Seth Mos	$lighty_config .= "server.port = {$lighty_port}\n";
1122	a41c5253	Seth Mos	$lighty_config .= "\$SERVER[\"socket\"] == \"0.0.0.0:{$lighty_port}\" { }\n";
1123			$lighty_config .= "\$SERVER[\"socket\"] == \"[::]:{$lighty_port}\" { \n";
1124	293079d1	Seth Mos	if($cert <> "" and $key <> "") {
1125			$lighty_config .= "\n";
1126			$lighty_config .= "## ssl configuration\n";
1127			$lighty_config .= "ssl.engine = \"enable\"\n";
1128			$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1129			if($ca <> "")
1130			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1131			}
1132			$lighty_config .= " }\n";
1133	543ecd59	Seth Mos	}
1134
1135	9cb94dd4	Ermal
1136			$lighty_config .= <<<EOD
1137	a632cf43	Scott Ullrich
1138			## error-handler for status 404
1139			#server.error-handler-404 = "/error-handler.html"
1140			#server.error-handler-404 = "/error-handler.php"
1141
1142			## to help the rc.scripts
1143			server.pid-file = "/var/run/{$pid_file}"
1144
1145			## virtual directory listings
1146	28cae949	Scott Ullrich	server.dir-listing = "disable"
1147	a632cf43	Scott Ullrich
1148			## enable debugging
1149	28cae949	Scott Ullrich	debug.log-request-header = "disable"
1150			debug.log-response-header = "disable"
1151			debug.log-request-handling = "disable"
1152			debug.log-file-not-found = "disable"
1153	a632cf43	Scott Ullrich
1154	570ef08c	sullrich	# gzip compression
1155	6955830f	Ermal Lu?i	compress.cache-dir = "{$g['tmp_path']}/lighttpdcompress/"
1156	570ef08c	sullrich	compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" )
1157
1158	3306a341	Scott Ullrich	{$server_upload_dirs}
1159	1ef7b568	Scott Ullrich
1160	a6e8af9c	Scott Ullrich	{$server_max_request_size}
1161	ee959dc4	Scott Ullrich
1162	4edb490d	Scott Ullrich	{$fastcgi_config}
1163
1164			{$cgi_config}
1165	a632cf43	Scott Ullrich
1166	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
1167
1168	569f47e9	Scott Ullrich	expire.url = (
1169	05a5e5c5	Scott Ullrich	"" => "access 50 hours",
1170	569f47e9	Scott Ullrich	)
1171
1172	a632cf43	Scott Ullrich	EOD;
1173
1174	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
1175	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
1176	2cf6ddcb	Nigel Graham	$ca = str_replace("\r", "", $ca);
1177	7aae518a	Scott Ullrich
1178			$cert = str_replace("\n\n", "\n", $cert);
1179	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
1180	2cf6ddcb	Nigel Graham	$ca = str_replace("\n\n", "\n", $ca);
1181	7aae518a	Scott Ullrich
1182	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
1183	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
1184	5b237745	Scott Ullrich	if (!$fd) {
1185	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
1186	5b237745	Scott Ullrich	return 1;
1187			}
1188	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
1189	5b237745	Scott Ullrich	fwrite($fd, $cert);
1190			fwrite($fd, "\n");
1191			fwrite($fd, $key);
1192			fclose($fd);
1193	546f30ca	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0))) {
1194	2cf6ddcb	Nigel Graham	$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
1195			if (!$fd) {
1196	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
1197	2cf6ddcb	Nigel Graham	return 1;
1198			}
1199			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
1200			fwrite($fd, $ca);
1201			fclose($fd);
1202			}
1203	5e041d5f	Scott Ullrich	$lighty_config .= "\n";
1204	4a896b86	Carlos Eduardo Ramos	$lighty_config .= "## " . gettext("ssl configuration") . "\n";
1205	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1206	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1207	673ee7b1	Scott Ullrich
1208			// Harden SSL a bit for PCI conformance testing
1209			$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
1210			$lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n";
1211
1212	75e9ed89	jim-p	if(!(empty($ca) \|\| (strlen(trim($ca)) == 0)))
1213	2cf6ddcb	Nigel Graham	$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
1214	5b237745	Scott Ullrich	}
1215	a978a0ff	Chris Buechler
1216			// Add HTTP to HTTPS redirect
1217			if ($captive_portal == false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) {
1218	7921e8e5	Chris Buechler	if($lighty_port != "443")
1219			$redirectport = ":{$lighty_port}";
1220	d7e230ae	Chris Buechler	$lighty_config .= <<<EOD
1221			\$SERVER["socket"] == ":80" {
1222			\$HTTP["host"] =~ "(.*)" {
1223	7921e8e5	Chris Buechler	url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
1224	d7e230ae	Chris Buechler	}
1225			}
1226			EOD;
1227			}
1228	0f282d7a	Scott Ullrich
1229	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1230	a632cf43	Scott Ullrich	if (!$fd) {
1231	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open %s in system_generate_lighty_config().%s"), $filename, "\n");
1232	a632cf43	Scott Ullrich	return 1;
1233	5b237745	Scott Ullrich	}
1234	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1235			fclose($fd);
1236
1237			return 0;
1238	0f282d7a	Scott Ullrich
1239	5b237745	Scott Ullrich	}
1240
1241			function system_timezone_configure() {
1242	f19d3b7a	Scott Ullrich	global $config, $g;
1243	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1244			$mt = microtime();
1245	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1246	333f8ef0	Scott Ullrich	}
1247	5b237745	Scott Ullrich
1248			$syscfg = $config['system'];
1249
1250			if ($g['booting'])
1251	4a896b86	Carlos Eduardo Ramos	echo gettext("Setting timezone...");
1252	5b237745	Scott Ullrich
1253			/* extract appropriate timezone file */
1254			$timezone = $syscfg['timezone'];
1255			if (!$timezone)
1256			$timezone = "Etc/UTC";
1257	0f282d7a	Scott Ullrich
1258	34febcde	Scott Ullrich	conf_mount_rw();
1259
1260	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1261	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1262
1263	4efd4885	Scott Ullrich	mwexec("sync");
1264	27150275	Scott Ullrich	conf_mount_ro();
1265	34febcde	Scott Ullrich
1266	5b237745	Scott Ullrich	if ($g['booting'])
1267	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1268	5b237745	Scott Ullrich	}
1269
1270			function system_ntp_configure() {
1271	f19d3b7a	Scott Ullrich	global $config, $g;
1272	5b237745	Scott Ullrich
1273	b2305621	Ermal	$ntpcfg = "# \n";
1274			$ntpcfg .= "# pfSense OpenNTPD configuration file \n";
1275			$ntpcfg .= "# \n\n";
1276	0f282d7a	Scott Ullrich
1277	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1278	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts)
1279			$ntpcfg .= "servers {$ts}\n";
1280	0f282d7a	Scott Ullrich
1281	5b6210e3	Bill Marquette	/* Setup listener(s) if the user has configured one */
1282	67ee1ec5	Ermal Luçi	if ($config['installedpackages']['openntpd']) {
1283			/* server config is in coregui1 */
1284	5b6210e3	Bill Marquette	$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1285			if ($xmlsettings['enable'] == 'on') {
1286			$ifaces = explode(',', $xmlsettings['interface']);
1287	7401c8c4	jim-p	$ips = array();
1288			foreach ($ifaces as $if) {
1289			if (is_ipaddr($if)) {
1290			$ips[] = $if;
1291			} else {
1292			$if = get_real_interface($if);
1293			if (does_interface_exist($if))
1294			$ips[] = find_interface_ip($if);
1295			}
1296			}
1297	5b6210e3	Bill Marquette	foreach ($ips as $ip) {
1298	5e041d5f	Scott Ullrich	if (is_ipaddr($ip))
1299	5b64e336	jim-p	$ntpcfg .= "listen on $ip\n";
1300	5b6210e3	Bill Marquette	}
1301	95594e5a	Scott Ullrich	}
1302			}
1303	5b64e336	jim-p	$ntpcfg .= "\n";
1304	95594e5a	Scott Ullrich
1305	b2305621	Ermal	/* open configuration for wrting or bail */
1306			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1307			if(!$fd) {
1308			log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1309			return;
1310			}
1311			fwrite($fd, $ntpcfg);
1312	0f282d7a	Scott Ullrich
1313	20b90e0a	Scott Ullrich	/* slurp! */
1314			fclose($fd);
1315
1316			/* if openntpd is running, kill it */
1317	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1318	c8960970	Ermal	killbyname("ntpd");
1319	5f3e1f12	Scott Ullrich	}
1320
1321			/* if /var/empty does not exist, create it */
1322			if(!is_dir("/var/empty"))
1323			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1324
1325	20b90e0a	Scott Ullrich	/* start opentpd, set time now and use /var/etc/ntpd.conf */
1326			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1327	83eb4567	Scott Ullrich
1328			// Note that we are starting up
1329	0b9d02f3	jim-p	log_error("OpenNTPD is starting up.");
1330	0f282d7a	Scott Ullrich
1331	5b237745	Scott Ullrich	}
1332
1333	652cf082	Seth Mos	function sync_system_time() {
1334			global $config, $g;
1335
1336			if ($g['booting'])
1337	4a896b86	Carlos Eduardo Ramos	echo gettext("Syncing system time before startup...");
1338	652cf082	Seth Mos
1339			/* foreach through servers and write out to ntpd.conf */
1340	b2305621	Ermal	foreach (explode(' ', $config['system']['timeservers']) as $ts) {
1341	652cf082	Seth Mos	mwexec("/usr/sbin/ntpdate -s $ts");
1342			}
1343	4582b281	Scott Ullrich
1344			if ($g['booting'])
1345	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1346	4582b281	Scott Ullrich
1347	652cf082	Seth Mos	}
1348
1349	405e5de0	Scott Ullrich	function system_halt() {
1350			global $g;
1351
1352			system_reboot_cleanup();
1353
1354	523855b0	Scott Ullrich	mwexec("/usr/bin/nohup /etc/rc.halt > /dev/null 2>&1 &");
1355	405e5de0	Scott Ullrich	}
1356
1357	5b237745	Scott Ullrich	function system_reboot() {
1358			global $g;
1359	0f282d7a	Scott Ullrich
1360	5b237745	Scott Ullrich	system_reboot_cleanup();
1361	0f282d7a	Scott Ullrich
1362	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1363			}
1364
1365			function system_reboot_sync() {
1366			global $g;
1367	0f282d7a	Scott Ullrich
1368	5b237745	Scott Ullrich	system_reboot_cleanup();
1369	0f282d7a	Scott Ullrich
1370	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1371			}
1372
1373			function system_reboot_cleanup() {
1374	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1375	04967d99	jim-p	require_once("captiveportal.inc");
1376	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1377	336e3c1c	Charlie	require_once("voucher.inc");
1378			voucher_save_db_to_config();
1379	2e88102d	jim-p	// mwexec("/etc/rc.stop_packages");
1380	5b237745	Scott Ullrich	}
1381
1382			function system_do_shell_commands($early = 0) {
1383	f19d3b7a	Scott Ullrich	global $config, $g;
1384	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1385			$mt = microtime();
1386	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1387	58c7450e	Scott Ullrich	}
1388	0f282d7a	Scott Ullrich
1389	5b237745	Scott Ullrich	if ($early)
1390			$cmdn = "earlyshellcmd";
1391			else
1392			$cmdn = "shellcmd";
1393	0f282d7a	Scott Ullrich
1394	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1395	333f8ef0	Scott Ullrich
1396	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1397	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1398			exec($cmd);
1399			}
1400	245388b4	Scott Ullrich
1401			} elseif($config['system'][$cmdn] <> "") {
1402	333f8ef0	Scott Ullrich
1403	245388b4	Scott Ullrich	/* execute single item */
1404			exec($config['system'][$cmdn]);
1405
1406	5b237745	Scott Ullrich	}
1407			}
1408
1409			function system_console_configure() {
1410	f19d3b7a	Scott Ullrich	global $config, $g;
1411	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1412			$mt = microtime();
1413	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1414	333f8ef0	Scott Ullrich	}
1415	0f282d7a	Scott Ullrich
1416	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1417			touch("{$g['varetc_path']}/disableconsole");
1418			} else {
1419			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1420			}
1421			}
1422
1423			function system_dmesg_save() {
1424	f19d3b7a	Scott Ullrich	global $g;
1425	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1426			$mt = microtime();
1427	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1428	f19d3b7a	Scott Ullrich	}
1429	0f282d7a	Scott Ullrich
1430	767a716e	Scott Ullrich	$dmesg = "";
1431	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1432	0f282d7a	Scott Ullrich
1433	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1434			$lastcpline = 0;
1435	0f282d7a	Scott Ullrich
1436	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1437			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1438			$lastcpline = $i;
1439			}
1440	0f282d7a	Scott Ullrich
1441	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1442			if (!$fd) {
1443	4a896b86	Carlos Eduardo Ramos	printf(gettext("Error: cannot open dmesg.boot in system_dmesg_save().%s"), "\n");
1444	5b237745	Scott Ullrich	return 1;
1445			}
1446	0f282d7a	Scott Ullrich
1447	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1448			fwrite($fd, $dmesg[$i] . "\n");
1449	0f282d7a	Scott Ullrich
1450	5b237745	Scott Ullrich	fclose($fd);
1451	0f282d7a	Scott Ullrich
1452	5b237745	Scott Ullrich	return 0;
1453			}
1454
1455			function system_set_harddisk_standby() {
1456	f19d3b7a	Scott Ullrich	global $g, $config;
1457	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1458			$mt = microtime();
1459	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1460	58c7450e	Scott Ullrich	}
1461	5b237745	Scott Ullrich
1462			if (isset($config['system']['harddiskstandby'])) {
1463			if ($g['booting']) {
1464	4a896b86	Carlos Eduardo Ramos	echo gettext('Setting hard disk standby... ');
1465	5b237745	Scott Ullrich	}
1466
1467			$standby = $config['system']['harddiskstandby'];
1468			// Check for a numeric value
1469			if (is_numeric($standby)) {
1470			// Sync the disk(s)
1471	5ba5a8de	Scott Ullrich	pfSense_sync();
1472	5b237745	Scott Ullrich	if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1473			// Reinitialize ATA-drives
1474			mwexec('/usr/local/sbin/atareinit');
1475			if ($g['booting']) {
1476	4a896b86	Carlos Eduardo Ramos	echo gettext("done.") . "\n";
1477	5b237745	Scott Ullrich	}
1478			} else if ($g['booting']) {
1479	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1480	5b237745	Scott Ullrich	}
1481			} else if ($g['booting']) {
1482	4a896b86	Carlos Eduardo Ramos	echo gettext("failed!") . "\n";
1483	5b237745	Scott Ullrich	}
1484			}
1485			}
1486
1487	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1488	f19d3b7a	Scott Ullrich	global $config;
1489	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1490			$mt = microtime();
1491	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1492	58c7450e	Scott Ullrich	}
1493	243aa7b9	Scott Ullrich
1494	6df9d7e3	Scott Ullrich	activate_sysctls();
1495
1496	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1497			system_disable_arp_wrong_if();
1498			}
1499			}
1500
1501			function system_disable_arp_wrong_if() {
1502	f19d3b7a	Scott Ullrich	global $config;
1503	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1504			$mt = microtime();
1505	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1506	333f8ef0	Scott Ullrich	}
1507	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1508	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1509	3ff9d424	Scott Ullrich	}
1510
1511	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1512	f19d3b7a	Scott Ullrich	global $config;
1513	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1514			$mt = microtime();
1515	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1516	58c7450e	Scott Ullrich	}
1517	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1518	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1519	243aa7b9	Scott Ullrich	}
1520
1521	a199b93e	Scott Ullrich	function enable_watchdog() {
1522			global $config;
1523	1a479479	Scott Ullrich	return;
1524	a199b93e	Scott Ullrich	$install_watchdog = false;
1525			$supported_watchdogs = array("Geode");
1526			$file = file_get_contents("/var/log/dmesg.boot");
1527			foreach($supported_watchdogs as $sd) {
1528			if(stristr($file, "Geode")) {
1529			$install_watchdog = true;
1530			}
1531			}
1532			if($install_watchdog == true) {
1533	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1534	e0b4e47f	Seth Mos	mwexec("/usr/bin/killall watchdogd", true);
1535	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1536	a199b93e	Scott Ullrich	}
1537			}
1538	15f14889	Scott Ullrich
1539			function system_check_reset_button() {
1540	fa83737d	Scott Ullrich	global $g;
1541	223ef06a	Scott Ullrich	if($g['platform'] != "nanobsd")
1542	fa83737d	Scott Ullrich	return 0;
1543	15f14889	Scott Ullrich
1544	31c9379c	Scott Ullrich	$specplatform = system_identify_specific_platform();
1545
1546	15f14889	Scott Ullrich	if ($specplatform['name'] != "wrap" && $specplatform['name'] != "alix")
1547			return 0;
1548
1549			$retval = mwexec("/usr/local/sbin/" . $specplatform['name'] . "resetbtn");
1550
1551			if ($retval == 99) {
1552			/* user has pressed reset button for 2 seconds -
1553			reset to factory defaults */
1554			echo <<<EOD
1555
1556			***********************************************************************
1557			* Reset button pressed - resetting configuration to factory defaults. *
1558			* The system will reboot after this completes. *
1559			***********************************************************************
1560
1561
1562			EOD;
1563
1564			reset_factory_defaults();
1565			system_reboot_sync();
1566			exit(0);
1567			}
1568
1569			return 0;
1570			}
1571
1572	31c9379c	Scott Ullrich	/* attempt to identify the specific platform (for embedded systems)
1573			Returns an array with two elements:
1574			name => platform string (e.g. 'wrap', 'alix' etc.)
1575			descr => human-readable description (e.g. "PC Engines WRAP")
1576			*/
1577			function system_identify_specific_platform() {
1578			global $g;
1579
1580			if ($g['platform'] == 'generic-pc')
1581	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc', 'descr' => gettext("Generic PC"));
1582	31c9379c	Scott Ullrich
1583			if ($g['platform'] == 'generic-pc-cdrom')
1584	4a896b86	Carlos Eduardo Ramos	return array('name' => 'generic-pc-cdrom', 'descr' => gettext("Generic PC (CD-ROM)"));
1585	31c9379c	Scott Ullrich
1586			/* the rest of the code only deals with 'embedded' platforms */
1587	1a2911a7	Scott Ullrich	if ($g['platform'] != 'nanobsd')
1588	31c9379c	Scott Ullrich	return array('name' => $g['platform'], 'descr' => $g['platform']);
1589
1590			$dmesg = system_get_dmesg_boot();
1591
1592			if (strpos($dmesg, "PC Engines WRAP") !== false)
1593	4a896b86	Carlos Eduardo Ramos	return array('name' => 'wrap', 'descr' => gettext('PC Engines WRAP'));
1594	31c9379c	Scott Ullrich
1595			if (strpos($dmesg, "PC Engines ALIX") !== false)
1596	4a896b86	Carlos Eduardo Ramos	return array('name' => 'alix', 'descr' => gettext('PC Engines ALIX'));
1597	31c9379c	Scott Ullrich
1598			if (preg_match("/Soekris net45../", $dmesg, $matches))
1599			return array('name' => 'net45xx', 'descr' => $matches[0]);
1600
1601			if (preg_match("/Soekris net48../", $dmesg, $matches))
1602			return array('name' => 'net48xx', 'descr' => $matches[0]);
1603
1604			if (preg_match("/Soekris net55../", $dmesg, $matches))
1605			return array('name' => 'net55xx', 'descr' => $matches[0]);
1606
1607			/* unknown embedded platform */
1608	4a896b86	Carlos Eduardo Ramos	return array('name' => 'embedded', 'descr' => gettext('embedded (unknown)'));
1609	31c9379c	Scott Ullrich	}
1610
1611			function system_get_dmesg_boot() {
1612			global $g;
1613	d16af75d	Scott Ullrich
1614	31c9379c	Scott Ullrich	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1615			}
1616
1617	7401c8c4	jim-p	function openntpd_get_listen_ips() {
1618			$interfaces = get_configured_interface_with_descr();
1619			$carplist = get_configured_carp_interface_list();
1620			$listenips = array();
1621			foreach ($carplist as $cif => $carpip)
1622			$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
1623			$aliaslist = get_configured_ip_aliases_list();
1624			foreach ($aliaslist as $aliasip => $aliasif)
1625			$interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
1626			foreach ($interfaces as $iface => $ifacename) {
1627			$tmp["name"] = $ifacename;
1628			$tmp["value"] = $iface;
1629			$listenips[] = $tmp;
1630			}
1631			$tmp["name"] = "Localhost";
1632			$tmp["value"] = "lo0";
1633			$listenips[] = $tmp;
1634			return $listenips;
1635			}
1636	3cc07282	Ermal	?>

Project

General

Profile

pfSense