/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ d87fc50b

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			/* include all configuration functions */
33			require_once("functions.inc");
34	0f282d7a	Scott Ullrich
35	adf4b768	Scott Ullrich	function opcode_cache_configuration() {
36	4184c024	Scott Ullrich	global $g;
37			if($g['platform'] == "cdrom")
38			return;
39	adf4b768	Scott Ullrich	/* get system memory amount */
40			$memory = get_memory();
41			$avail = $memory[0];
42
43			/* disable apc for platforms less than 90 megs of ram */
44			if($memory > 90) {
45			$opcode_cacher = "extension=apc.so\n";
46			$opcode_cacher .= "apc.enabled=\"1\"\n";
47			$opcode_cacher .= "apc.enable_cli=\"1\"\n";
48	5b4a9528	Scott Ullrich	$opcode_cacher .= "apc.shm_size=\"8\"\n";
49	adf4b768	Scott Ullrich	} else {
50			$opcode_cacher = "";
51			}
52
53			/* create a php.ini variable */
54			$php_conf = file_get_contents("/usr/local/lib/php.ini");
55
56			$php_ini = <<<EOFF
57			output_buffering = "0"
58			implicit_flush = true
59			magic_quotes_gpc = Off
60			max_execution_time = 99999999
61			max_input_time = 99999999
62			register_argc_argv = On
63			file_uploads = On
64	afd5cfd7	Scott Ullrich	extension_dir=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/
65	adf4b768	Scott Ullrich	upload_tmp_dir = /tmp
66			upload_max_filesize = 100M
67			post_max_size = 100M
68			html_errors = Off
69			include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg"
70			extension=radius.so
71			{$opcode_cacher}
72
73			EOFF;
74
75	418a8484	Scott Ullrich	config_lock();
76	adf4b768	Scott Ullrich	conf_mount_rw();
77
78			/* open up php.ini and write back out contents */
79			$fd = fopen("/usr/local/lib/php.ini","w");
80			fwrite($fd, $php_ini);
81			fclose($fd);
82
83			conf_mount_ro();
84	418a8484	Scott Ullrich	exec("sync");
85			config_unlock();
86
87	adf4b768	Scott Ullrich	}
88
89	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
90	f19d3b7a	Scott Ullrich	global $config, $g;
91	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
92			$mt = microtime();
93	dcf0598e	Scott Ullrich	echo "system_resolvconf_generate() being called $mt\n";
94	333f8ef0	Scott Ullrich	}
95	ef217c69	Scott Ullrich
96			$syscfg = $config['system'];
97
98			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
99			if (!$fd) {
100			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
101			return 1;
102			}
103
104			$resolvconf = "domain {$syscfg['domain']}\n";
105
106			$havedns = false;
107
108			if (isset($syscfg['dnsallowoverride'])) {
109			/* get dynamically assigned DNS servers (if any) */
110	5c83df30	Scott Ullrich	$ns = array_unique(get_nameservers());
111	3d00ccaa	Scott Ullrich	foreach($ns as $nameserver) {
112	e428c94d	Scott Ullrich	if($nameserver) {
113			$resolvconf .= "nameserver $nameserver\n";
114			$havedns = true;
115			}
116	3d00ccaa	Scott Ullrich	}
117	ef217c69	Scott Ullrich	}
118			if (!$havedns && is_array($syscfg['dnsserver'])) {
119			foreach ($syscfg['dnsserver'] as $ns) {
120	e428c94d	Scott Ullrich	if ($ns) {
121	ef217c69	Scott Ullrich	$resolvconf .= "nameserver $ns\n";
122	e428c94d	Scott Ullrich	$havedns = true;
123			}
124	ef217c69	Scott Ullrich	}
125			}
126	0f282d7a	Scott Ullrich
127	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
128			fclose($fd);
129	0f282d7a	Scott Ullrich
130	ef217c69	Scott Ullrich	if (!$g['booting']) {
131			/* restart dhcpd (nameservers may have changed) */
132			if (!$dynupdate)
133			services_dhcpd_configure();
134			}
135
136			return 0;
137	5b237745	Scott Ullrich	}
138
139	3d00ccaa	Scott Ullrich	function get_nameservers() {
140			global $config, $g;
141			$master_list = array();
142	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
143	3d00ccaa	Scott Ullrich	foreach($dns_lists as $dns) {
144			$items = split("\n", file_get_contents($dns));
145			foreach($items as $item)
146			if($item <> "")
147			$master_list[] = $item;
148			}
149	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
150			return $master_list;
151			$dns = `cat /var/etc/nameservers.conf`;
152			$dns_s = split("\n", $dns);
153	0dbac999	Scott Ullrich	if(is_array($dns_s))
154			foreach($dns_s as $dns)
155			$master_list[] = $dns;
156	3d00ccaa	Scott Ullrich	return $master_list;
157			}
158
159	5b237745	Scott Ullrich	function system_hosts_generate() {
160	f19d3b7a	Scott Ullrich	global $config, $g;
161	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
162			$mt = microtime();
163	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
164	f19d3b7a	Scott Ullrich	}
165	0f282d7a	Scott Ullrich
166	5b237745	Scott Ullrich	$syscfg = $config['system'];
167			$lancfg = $config['interfaces']['lan'];
168			$dnsmasqcfg = $config['dnsmasq'];
169
170			if (!is_array($dnsmasqcfg['hosts'])) {
171			$dnsmasqcfg['hosts'] = array();
172			}
173			$hostscfg = $dnsmasqcfg['hosts'];
174	0f282d7a	Scott Ullrich
175	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
176			if (!$fd) {
177	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
178	5b237745	Scott Ullrich	return 1;
179			}
180	0f282d7a	Scott Ullrich
181	5b237745	Scott Ullrich	$hosts = <<<EOD
182			127.0.0.1 localhost localhost.{$syscfg['domain']}
183			{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
184
185			EOD;
186	0f282d7a	Scott Ullrich
187	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
188			if ($host['host'])
189			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
190			else
191			$hosts .= "{$host['ip']} {$host['domain']}\n";
192			}
193	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
194			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
195			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
196	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
197	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
198			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
199	a56e787d	Scott Ullrich	}
200	5b237745	Scott Ullrich	fwrite($fd, $hosts);
201			fclose($fd);
202	0f282d7a	Scott Ullrich
203	5b237745	Scott Ullrich	return 0;
204			}
205
206			function system_hostname_configure() {
207	f19d3b7a	Scott Ullrich	global $config, $g;
208	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
209			$mt = microtime();
210	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
211	333f8ef0	Scott Ullrich	}
212	0f282d7a	Scott Ullrich
213	5b237745	Scott Ullrich	$syscfg = $config['system'];
214	0f282d7a	Scott Ullrich
215	5b237745	Scott Ullrich	/* set hostname */
216			return mwexec("/bin/hostname " .
217			escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
218			}
219
220			function system_routing_configure() {
221	f19d3b7a	Scott Ullrich	global $config, $g;
222	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
223			$mt = microtime();
224	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
225	58c7450e	Scott Ullrich	}
226	333f8ef0	Scott Ullrich
227	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
228			if(isset($config['staticroutes']['enablefastrouting']))
229			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
230
231	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
232			if (file_exists("{$g['vardb_path']}/routes.db")) {
233			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
234			if (!$fd) {
235			printf("Error: cannot open routes DB file in system_routing_configure().\n");
236	0f282d7a	Scott Ullrich	return 1;
237	5b237745	Scott Ullrich	}
238			while (!feof($fd)) {
239			$oldrt = fgets($fd);
240			if ($oldrt)
241			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
242			}
243			fclose($fd);
244			unlink("{$g['vardb_path']}/routes.db");
245			}
246	0f282d7a	Scott Ullrich
247	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
248	0f282d7a	Scott Ullrich
249	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
250			if (!$fd) {
251			printf("Error: cannot open routes DB file in system_routing_configure().\n");
252	0f282d7a	Scott Ullrich	return 1;
253	5b237745	Scott Ullrich	}
254	0f282d7a	Scott Ullrich
255	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
256	fef3a8ef	Scott Ullrich	if(isset($rtent['interfacegateway'])) {
257			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
258	333f8ef0	Scott Ullrich	" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($rtent['interface'])));
259	fef3a8ef	Scott Ullrich	} else {
260			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
261			" " . escapeshellarg($rtent['gateway']));
262			}
263	5b237745	Scott Ullrich	/* record route so it can be easily removed later (if necessary) */
264			fwrite($fd, $rtent['network'] . "\n");
265			}
266	0f282d7a	Scott Ullrich
267			fclose($fd);
268	5b237745	Scott Ullrich	}
269	0f282d7a	Scott Ullrich
270	5b237745	Scott Ullrich	return 0;
271			}
272
273			function system_routing_enable() {
274	f19d3b7a	Scott Ullrich	global $config, $g;
275	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
276			$mt = microtime();
277	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
278	58c7450e	Scott Ullrich	}
279	0f282d7a	Scott Ullrich
280	5b237745	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
281			}
282
283			function system_syslogd_start() {
284	f19d3b7a	Scott Ullrich	global $config, $g;
285	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
286			$mt = microtime();
287	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
288	58c7450e	Scott Ullrich	}
289	0f282d7a	Scott Ullrich
290	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
291
292	0f282d7a	Scott Ullrich	if ($g['booting'])
293	f05740c1	Scott Ullrich	echo "Starting syslog...";
294	5b237745	Scott Ullrich	else
295			killbypid("{$g['varrun_path']}/syslog.pid");
296	0f282d7a	Scott Ullrich
297	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
298	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
299	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
300			foreach($config['installedpackages']['package'] as $package) {
301	333f8ef0	Scott Ullrich	if($package['logging']) {
302	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
303	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
304	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
305			mwexec("clog -i -s 10000 {$g['varlog_path']}/{$package['logging']['logfilename']}");
306	d2834563	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t%{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
307	a728d2ea	Colin Smith	}
308			}
309			}
310	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
311	5b237745	Scott Ullrich	/* write syslog.conf */
312			$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
313			if (!$fd) {
314			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
315			return 1;
316			}
317	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
318	18330d38	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
319			$syslogconf .= <<<EOD
320			. %{$g['varlog_path']}/ntpd.log
321
322			EOD;
323			}
324	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
325	1cdec603	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
326	0260caec	Scott Ullrich	$syslogconf .= <<<EOD
327	bc7f52e2	Colin Smith	. %{$g['varlog_path']}/ipsec.log
328	0260caec	Scott Ullrich
329			EOD;
330			}
331			if (isset($syslogcfg['vpn'])) {
332			$syslogconf .= <<<EOD
333			. @{$syslogcfg['remoteserver']}
334
335			EOD;
336			}
337	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
338	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
339			$syslogconf .= <<<EOD
340			. %{$g['varlog_path']}/openvpn.log
341
342			EOD;
343			}
344			if (isset($syslogcfg['vpn'])) {
345			$syslogconf .= <<<EOD
346			. @{$syslogcfg['remoteserver']}
347
348			EOD;
349			}
350	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
351	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
352			$syslogconf .= <<<EOD
353	bc328042	Bill Marquette	local0.* %{$g['varlog_path']}/filter.log
354			local3.* %{$g['varlog_path']}/vpn.log
355			local4.* %{$g['varlog_path']}/portalauth.log
356			local7.* %{$g['varlog_path']}/dhcpd.log
357	d2834563	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; %{$g['varlog_path']}/system.log
358	f3b064aa	Scott Ullrich	news.err;local0.none;local3.none;local4.none; %{$g['varlog_path']}/system.log
359	7e77107f	Scott Ullrich	local7.none %{$g['varlog_path']}/system.log
360	bc328042	Bill Marquette	security.* %{$g['varlog_path']}/system.log
361			auth.info;authpriv.info;daemon.info %{$g['varlog_path']}/system.log
362	a5dba545	Scott Ullrich	local1.* %{$g['varlog_path']}/slbd.log
363	d2834563	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
364	5b237745	Scott Ullrich	.emerg
365
366			EOD;
367	e1c0c35a	Scott Ullrich	}
368	5b237745	Scott Ullrich
369			if (isset($syslogcfg['filter'])) {
370			$syslogconf .= <<<EOD
371			local0.* @{$syslogcfg['remoteserver']}
372
373			EOD;
374			}
375	0f282d7a	Scott Ullrich
376	5b237745	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
377			$syslogconf .= <<<EOD
378			local3.* @{$syslogcfg['remoteserver']}
379	0a123b4c	Scott Ullrich
380	3f2b92d2	Scott Ullrich	EOD;
381			}
382
383	5b237745	Scott Ullrich
384	3f2b92d2	Scott Ullrich	if (isset($syslogcfg['portalauth'])) {
385			$syslogconf .= <<<EOD
386			local4.* @{$syslogcfg['remoteserver']}
387	0a123b4c	Scott Ullrich
388	5b237745	Scott Ullrich	EOD;
389			}
390
391	3f2b92d2	Scott Ullrich
392	5b237745	Scott Ullrich	if (isset($syslogcfg['dhcp'])) {
393			$syslogconf .= <<<EOD
394			local7.* @{$syslogcfg['remoteserver']}
395	0a123b4c	Scott Ullrich
396	5b237745	Scott Ullrich	EOD;
397			}
398
399			if (isset($syslogcfg['system'])) {
400			$syslogconf .= <<<EOD
401	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
402			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
403	5b237745	Scott Ullrich	security.* @{$syslogcfg['remoteserver']}
404			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
405			*.emerg @{$syslogcfg['remoteserver']}
406	d2834563	Scott Ullrich
407	5b237745	Scott Ullrich	EOD;
408			}
409			fwrite($fd, $syslogconf);
410			fclose($fd);
411	0f282d7a	Scott Ullrich
412	5b237745	Scott Ullrich	$retval = mwexec("/usr/sbin/syslogd -s -f {$g['varetc_path']}/syslog.conf");
413
414			} else {
415			$retval = mwexec("/usr/sbin/syslogd -ss");
416			}
417	0f282d7a	Scott Ullrich
418	5b237745	Scott Ullrich	if ($g['booting'])
419	5c6d0f65	Colin Smith	echo "done.\n";
420	0f282d7a	Scott Ullrich
421	5b237745	Scott Ullrich	return $retval;
422			}
423
424			function system_pccard_start() {
425	f19d3b7a	Scott Ullrich	global $config, $g;
426	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
427			$mt = microtime();
428	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
429	58c7450e	Scott Ullrich	}
430	0f282d7a	Scott Ullrich
431	5b237745	Scott Ullrich	if ($g['booting'])
432	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
433	0f282d7a	Scott Ullrich
434	5b237745	Scott Ullrich	/* kill any running pccardd */
435			killbypid("{$g['varrun_path']}/pccardd.pid");
436	0f282d7a	Scott Ullrich
437	5b237745	Scott Ullrich	/* fire up pccardd */
438			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
439	0f282d7a	Scott Ullrich
440	5b237745	Scott Ullrich	if ($g['booting']) {
441			if ($res == 0)
442	5c6d0f65	Colin Smith	echo "done.\n";
443	5b237745	Scott Ullrich	else
444	5c6d0f65	Colin Smith	echo "failed!\n";
445	5b237745	Scott Ullrich	}
446	0f282d7a	Scott Ullrich
447	5b237745	Scott Ullrich	return $res;
448			}
449
450	819197a8	Scott Ullrich
451	5b237745	Scott Ullrich	function system_webgui_start() {
452	f19d3b7a	Scott Ullrich	global $config, $g;
453	877ac35d	Scott Ullrich
454			if ($g['booting'])
455	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
456	877ac35d	Scott Ullrich
457	383a4439	Scott Ullrich	/* kill any running lighttpd */
458	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
459
460	e9d0bf64	Scott Ullrich	sleep(1);
461
462	877ac35d	Scott Ullrich	/* generate password file */
463			system_password_configure();
464
465			chdir($g['www_path']);
466
467			/* non-standard port? */
468			if ($config['system']['webgui']['port'])
469	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
470	877ac35d	Scott Ullrich	else
471			$portarg = "";
472
473			if ($config['system']['webgui']['protocol'] == "https") {
474
475	1b2db323	Scott Ullrich	if(!$config['system']['webgui']['port'])
476			$portarg = "443";
477
478	877ac35d	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
479			$cert = base64_decode($config['system']['webgui']['certificate']);
480			$key = base64_decode($config['system']['webgui']['private-key']);
481			} else {
482			/* default certificate/key */
483			$cert = <<<EOD
484			-----BEGIN CERTIFICATE-----
485	6e0f3899	Scott Ullrich	MIIDEzCCAnygAwIBAgIJAJM91W+s6qptMA0GCSqGSIb3DQEBBAUAMGUxCzAJBgNV
486			BAYTAlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UE
487			ChMHcGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTAe
488			Fw0wNjAzMTAyMzQ1MTlaFw0xNjAzMDcyMzQ1MTlaMGUxCzAJBgNVBAYTAlVTMQsw
489			CQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMHcGZTZW5z
490			ZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTCBnzANBgkqhkiG
491			9w0BAQEFAAOBjQAwgYkCgYEA3lPNTFH6qge/ygaqe/BS4oH59O6KvAesWcRzSu5N
492			21lyVE5tBbL0zqOSXmlLyReMSbtAMZqt1P8EPYFoOcaEQHIWm2VQF80Z18+8Gh4O
493			UQGjHq88OeaLqyk3OLpSKzSpXuCFrSN7q9Kez8zp5dQEu7sIW30da3pAbdqYOimA
494			1VsCAwEAAaOByjCBxzAdBgNVHQ4EFgQUAnx+ggC4SzJ0CK+rhPhJ2ZpyunEwgZcG
495			A1UdIwSBjzCBjIAUAnx+ggC4SzJ0CK+rhPhJ2ZpyunGhaaRnMGUxCzAJBgNVBAYT
496			AlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMH
497			cGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZYIJAJM9
498			1W+s6qptMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAAviQpdoeabL8
499			1HSZiD7Yjx82pdLpyQOdXvAu3jEAYz53ckx0zSMrzsQ5r7Vae6AE7Xd7Pj+1Yihs
500			AJZzOQujnmsuim7qu6YSxzP34xonKwd1C9tZUlyNRNnEmtXOEDupn05bih1ugtLG
501			kqfPIgDbDLXuPtEAA6QDUypaunI6+1E=
502	877ac35d	Scott Ullrich	-----END CERTIFICATE-----
503	6e0f3899	Scott Ullrich
504	877ac35d	Scott Ullrich	EOD;
505
506			$key = <<<EOD
507			-----BEGIN RSA PRIVATE KEY-----
508	6e0f3899	Scott Ullrich	MIICXgIBAAKBgQDeU81MUfqqB7/KBqp78FLigfn07oq8B6xZxHNK7k3bWXJUTm0F
509			svTOo5JeaUvJF4xJu0Axmq3U/wQ9gWg5xoRAchabZVAXzRnXz7waHg5RAaMerzw5
510			5ourKTc4ulIrNKle4IWtI3ur0p7PzOnl1AS7uwhbfR1rekBt2pg6KYDVWwIDAQAB
511			AoGAP7E0VFP8Aq/7os3sE1uS8y8XQ7L+7cUo/AKKoQHKLjfeyAY7t3FALt6vdPqn
512			anGjkA/j4RIWELoKJfCnwj17703NDCPwB7klcmZvmTx5Om1ZrRyZdQ6RJs0pOOO1
513			r2wOnZNaNWStXE9Afpw3dj20Gh0V/Ioo5HXn3sHfxZm8dnkCQQDwv8OaUdp2Hl8t
514			FDfXB1CMvUG1hEAvbQvZK1ODkE7na2/ChKjVPddEI3DvfzG+nLrNuTrAyVWgRLte
515			r8qX5PQHAkEA7GlKx0S18LdiKo6wy2QeGu6HYkPncaHNFOWX8cTpvGGtQoWYSh0J
516			tjCt1/mz4/XkvZWuZyTNx2FdkVlNF5nHDQJBAIRWVTZqEjVlwpmsCHnp6mxCyHD4
517			DrRDNAUfnNuwIr9xPlDlzUzSnpc1CCqOd5C45LKbRGGfCrN7tKd66FmQoFcCQQCy
518			Kvw3R1pTCvHJnvYwoshphaC0dvaDVeyINiwYAk4hMf/wpVxLZqz+CJvLrB1dzOBR
519			3O+uPjdzbrakpweJpNQ1AkEA3ZtlgEj9eWsLAJP8aKlwB8VqD+EtG9OJSUMnCDiQ
520			WFFNj/t3Ze3IVuAyL/yMpiv3JNEnZhIxCta42eDFpIZAKw==
521	877ac35d	Scott Ullrich	-----END RSA PRIVATE KEY-----
522	6e0f3899	Scott Ullrich
523	877ac35d	Scott Ullrich	EOD;
524			}
525			} else {
526			$cert = "";
527			$key = "";
528			}
529
530			/* generate lighttpd configuration */
531			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
532	1b2db323	Scott Ullrich	$cert, $key, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
533	877ac35d	Scott Ullrich
534			/* attempt to start lighthttpd */
535			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
536
537			if ($g['booting']) {
538			if ($res == 0)
539			echo "done.\n";
540			else
541			echo "failed!\n";
542			}
543
544			return $res;
545			}
546
547			function system_webgui_start_old() {
548			global $config, $g;
549	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
550			$mt = microtime();
551	dcf0598e	Scott Ullrich	echo "system_webgui_start() being called $mt\n";
552	58c7450e	Scott Ullrich	}
553	0f282d7a	Scott Ullrich
554	819197a8	Scott Ullrich	if ($g['booting'])
555	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
556	0f282d7a	Scott Ullrich
557	819197a8	Scott Ullrich	/* kill any running mini_httpd */
558			killbypid("{$g['varrun_path']}/mini_httpd.pid");
559	0f282d7a	Scott Ullrich
560	819197a8	Scott Ullrich	/* generate password file */
561			system_password_configure();
562	0f282d7a	Scott Ullrich
563	819197a8	Scott Ullrich	chdir($g['www_path']);
564	0f282d7a	Scott Ullrich
565	819197a8	Scott Ullrich	/* non-standard port? */
566			if ($config['system']['webgui']['port'])
567			$portarg = "-p {$config['system']['webgui']['port']}";
568			else
569			$portarg = "";
570	0f282d7a	Scott Ullrich
571	819197a8	Scott Ullrich	if ($config['system']['webgui']['protocol'] == "https") {
572	0f282d7a	Scott Ullrich
573	819197a8	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
574			$cert = base64_decode($config['system']['webgui']['certificate']);
575	7aae518a	Scott Ullrich	$key = base64_decode($config['system']['webgui']['private-key']);
576	819197a8	Scott Ullrich	} else {
577			/* default certificate/key */
578			$cert = <<<EOD
579	5b237745	Scott Ullrich	-----BEGIN CERTIFICATE-----
580	819197a8	Scott Ullrich	MIIBlDCB/gIBADANBgkqhkiG9w0BAQQFADATMREwDwYDVQQKEwhtMG4wd2FsbDAe
581			Fw0wNTA1MTAxMjI0NDRaFw0wNzA1MTAxMjI0NDRaMBMxETAPBgNVBAoTCG0wbjB3
582			YWxsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAShszhFz+o8lsMWTGgTxs
583			TMPR+v4+qL5jXDyY97MLTGFK7aqQOtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+
584			83LPQmQoSPC0VqhfU3uYf3NzxiK8r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFP
585			C4jE2fvjkbzyVolPywBuewIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAFR962c4R5tV
586			cTn0OQcszYoW6WC+ini9tQQh5ku5jYDAiC+00atawJEVLnL3lwAcpSKTIWlTkD20
587			tl3lz5br1qFgYky+Rd0kwS2nk9jRbkxSXxd6KJVnNRCKre28aw3ENzZfCSurPQsX
588			UPp5er+NtwMT1g7s/JDmKTC4w1rGr5/c
589	5b237745	Scott Ullrich	-----END CERTIFICATE-----
590	819197a8	Scott Ullrich
591	5b237745	Scott Ullrich	EOD;
592
593	819197a8	Scott Ullrich	$key = <<<EOD
594	5b237745	Scott Ullrich	-----BEGIN RSA PRIVATE KEY-----
595	819197a8	Scott Ullrich	MIICXQIBAAKBgQDAShszhFz+o8lsMWTGgTxsTMPR+v4+qL5jXDyY97MLTGFK7aqQ
596			OtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+83LPQmQoSPC0VqhfU3uYf3NzxiK8
597			r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFPC4jE2fvjkbzyVolPywBuewIDAQAB
598			AoGAbJJrQW9fQrggJuLMz/hwsYW2m31oyOBmf5u463YQtjRuSuxe/gj87weZuNqY
599			H2rXq2k2K+ehl8hgW+egASyUL3L7kCkEAsVREujKTEyhSqqIRDPWTxo9S/YA9Gvn
600			2ZnJvkrcKjqCO9aHX3rvJOK/ErYI6akctgI3KmgkYw5XNmECQQDuZU97RTWH9rmP
601			aQr57ysNXxgFsyhetOOqeYkPtIVwpOiNbfwE1zi5RGdtO4Ku3fG1lV4J2UoWJ9yD
602			awdoyYIHAkEAzn0xJ90IjPsHk+8SODEj5JGdHSZPNu1tgtrbjEi9sfGWg4K7XTxr
603			QW90pWb1bKKU1uh5FzW6OhnFfuQXt1kC7QJAPSthqY+onKqCEnoxhtAHi/bKgyvl
604			P+fKQwPMV2tKkgy+XwvJjrRqqZ8TqsOKVLQ+QQmCh6RpjiXMPyxHSmvqIQJBAKLR
605			HF1ucDuaBROkwx0DwmWMW/KMLpIFDQDNSaiIAuu4rxHrl4mhBoGGPNffI04RtILw
606			s+qVNs5xW8T+XaT4ztECQQDFHPnZeoPWE5z+AX/UUQIUWaDExz3XRzmIxRbOrlFi
607			CsF1s0TdJLi/wzNQRAL37A8vqCeVFR/ng3Xpg96Yg+8Z
608	5b237745	Scott Ullrich	-----END RSA PRIVATE KEY-----
609	208e9a9c	Scott Ullrich
610	819197a8	Scott Ullrich	EOD;
611			}
612	333f8ef0	Scott Ullrich
613	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
614			$key = str_replace("\r", "", $key);
615	333f8ef0	Scott Ullrich
616	819197a8	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/cert.pem", "w");
617			if (!$fd) {
618			printf("Error: cannot open cert.pem in system_webgui_start().\n");
619			return 1;
620			}
621			chmod("{$g['varetc_path']}/cert.pem", 0600);
622			fwrite($fd, $cert);
623			fwrite($fd, "\n");
624			fwrite($fd, $key);
625			fclose($fd);
626
627			$res = mwexec("/usr/local/sbin/mini_httpd -S -E {$g['varetc_path']}/cert.pem" .
628			" -c \".php\|.cgi\" -u root -maxproc 16 $portarg" .
629			" -i {$g['varrun_path']}/mini_httpd.pid");
630			} else {
631			$res = mwexec("/usr/local/sbin/mini_httpd -c \".php\|.cgi\" -u root" .
632			" -maxproc 16 $portarg -i {$g['varrun_path']}/mini_httpd.pid");
633			}
634	0f282d7a	Scott Ullrich
635	819197a8	Scott Ullrich	if ($g['booting']) {
636			if ($res == 0)
637			echo "done\n";
638			else
639			echo "failed\n";
640			}
641	a632cf43	Scott Ullrich
642	819197a8	Scott Ullrich	return $res;
643	a632cf43	Scott Ullrich	}
644
645	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
646			$cert,
647			$key,
648			$pid_file,
649			$port = 80,
650			$document_root = "/usr/local/www/",
651			$cert_location = "cert.pem",
652	b5317d07	Scott Ullrich	$max_procs = 2,
653	eb0f441c	Scott Ullrich	$max_requests = "1",
654			$fast_cgi_enable = true,
655			$captive_portal = false) {
656	58c7450e	Scott Ullrich
657	f19d3b7a	Scott Ullrich	global $config, $g;
658
659	d25b4a55	Scott Ullrich	/* only use freebsd-sendfile network handler on full installations
660			* tests have shown that it is actually slower on embedded.
661			*/
662			if(stristr("pfSense", $g['platform']))
663			$network_handler = "server.network-backend = \"freebsd-sendfile\"\n";
664	a19daac5	Scott Ullrich	else
665			$network_handler = "";
666	d25b4a55	Scott Ullrich
667	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
668			$mt = microtime();
669	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
670	58c7450e	Scott Ullrich	}
671
672	eb0f441c	Scott Ullrich	if($captive_portal == true) {
673			$captiveportal = ",\"mod_rewrite\"";
674	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
675	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
676			$maxprocperip = $config['captiveportal']['maxprocperip'];
677	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
678			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
679			else
680			$captive_portal_mod_evasive = "";
681	b0bdc06e	Scott Ullrich	} else {
682			$captive_portal_module = "";
683			$captive_portal_mod_evasive = "";
684	eb0f441c	Scott Ullrich	}
685
686	28cae949	Scott Ullrich	if($port <> "")
687			$lighty_port = $port;
688			else
689			$lighty_port = "80";
690	3d77d4c4	Scott Ullrich
691			$memory = get_memory();
692			$avail = $memory[0];
693
694	b0bdc06e	Scott Ullrich	if($avail > 0 and $avail < 98) {
695	f994f4d6	Scott Ullrich	$max_procs = 1;
696			$max_requests = 1;
697	52624d2c	Scott Ullrich	}
698	1a043fa7	Scott Ullrich
699	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
700			$max_procs = 2;
701			$max_requests = 1;
702			}
703
704			if($avail > 127 and $avail < 256) {
705			$max_procs = 2;
706			$max_requests = 1;
707			}
708
709			if($avail > 255 and $avail < 384) {
710			$max_procs = 3;
711			$max_requests = 1;
712			}
713
714			if($avail > 383 and $avail < 512) {
715			$max_procs = 4;
716			$max_requests = 1;
717			}
718
719	c9f740ab	Scott Ullrich	/* we told you that 64 megs would be slow */
720	1a043fa7	Scott Ullrich	if ($avail > 0 and $avail < 65)
721	26cea883	Scott Ullrich	$fast_cgi_enable = false;
722	333f8ef0	Scott Ullrich
723	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
724	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
725	4edb490d	Scott Ullrich	$cgi_config = "";
726			$fastcgi_config = <<<EOD
727			#### fastcgi module
728			## read fastcgi.txt for more info
729	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
730			( "localhost" =>
731			(
732			"socket" => "/tmp/php-fastcgi.socket",
733			"min-procs" => 1,
734			"max-procs" => {$max_procs},
735			"bin-path" => "/usr/local/bin/php"
736			)
737			)
738			)
739	4edb490d	Scott Ullrich
740	dde4f60c	Scott Ullrich	#### CGI module
741	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
742	dde4f60c	Scott Ullrich
743	4edb490d	Scott Ullrich	EOD;
744			} else {
745			$fastcgi_config = "";
746			$module = "\"mod_cgi\"";
747			$cgi_config = <<<EOD
748			#### CGI module
749			cgi.assign = ( ".php" => "/usr/local/bin/php",
750	d4302f46	Espen Johansen	".cgi" => "" )
751	333f8ef0	Scott Ullrich
752	4edb490d	Scott Ullrich	EOD;
753			}
754	333f8ef0	Scott Ullrich
755	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
756	28cae949	Scott Ullrich	#
757	a632cf43	Scott Ullrich	# lighttpd configuration file
758			#
759			# use a it as base for lighttpd 1.0.0 and above
760	28cae949	Scott Ullrich	#
761	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
762
763	770b4b9c	Scott Ullrich	## FreeBSD!
764			server.event-handler = "freebsd-kqueue"
765
766	d25b4a55	Scott Ullrich	{$network_handler}
767	096261af	Scott Ullrich
768	a632cf43	Scott Ullrich	## modules to load
769	4edb490d	Scott Ullrich	server.modules = (
770	b0bdc06e	Scott Ullrich	{$captive_portal_module}
771	ee959dc4	Scott Ullrich	"mod_access", "mod_accesslog",
772	eb0f441c	Scott Ullrich	{$module}{$captiveportal}
773	4edb490d	Scott Ullrich	)
774	28cae949	Scott Ullrich
775			## Unused modules
776	6a019c11	Scott Ullrich	# "mod_setenv",
777			# "mod_compress"
778			# "mod_redirect",
779			# "mod_rewrite",
780	28cae949	Scott Ullrich	# "mod_ssi",
781			# "mod_usertrack",
782			# "mod_expire",
783			# "mod_secdownload",
784			# "mod_rrdtool",
785	a632cf43	Scott Ullrich	# "mod_auth",
786			# "mod_status",
787	28cae949	Scott Ullrich	# "mod_alias",
788	a632cf43	Scott Ullrich	# "mod_proxy",
789			# "mod_simple_vhost",
790			# "mod_evhost",
791			# "mod_userdir",
792	28cae949	Scott Ullrich	# "mod_cgi",
793			# "mod_accesslog"
794	a632cf43	Scott Ullrich
795			## a static document-root, for virtual-hosting take look at the
796			## server.virtual-* options
797	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
798	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
799	a632cf43	Scott Ullrich
800			## where to send error-messages to
801	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
802	a632cf43	Scott Ullrich
803			# files to check for if .../ is requested
804			server.indexfiles = ( "index.php", "index.html",
805			"index.htm", "default.htm" )
806
807			# mimetype mapping
808			mimetype.assign = (
809			".pdf" => "application/pdf",
810			".sig" => "application/pgp-signature",
811			".spl" => "application/futuresplash",
812			".class" => "application/octet-stream",
813			".ps" => "application/postscript",
814			".torrent" => "application/x-bittorrent",
815			".dvi" => "application/x-dvi",
816			".gz" => "application/x-gzip",
817			".pac" => "application/x-ns-proxy-autoconfig",
818			".swf" => "application/x-shockwave-flash",
819			".tar.gz" => "application/x-tgz",
820			".tgz" => "application/x-tgz",
821			".tar" => "application/x-tar",
822			".zip" => "application/zip",
823			".mp3" => "audio/mpeg",
824			".m3u" => "audio/x-mpegurl",
825			".wma" => "audio/x-ms-wma",
826			".wax" => "audio/x-ms-wax",
827			".ogg" => "audio/x-wav",
828			".wav" => "audio/x-wav",
829			".gif" => "image/gif",
830			".jpg" => "image/jpeg",
831			".jpeg" => "image/jpeg",
832			".png" => "image/png",
833			".xbm" => "image/x-xbitmap",
834			".xpm" => "image/x-xpixmap",
835			".xwd" => "image/x-xwindowdump",
836			".css" => "text/css",
837			".html" => "text/html",
838			".htm" => "text/html",
839			".js" => "text/javascript",
840			".asc" => "text/plain",
841			".c" => "text/plain",
842			".conf" => "text/plain",
843			".text" => "text/plain",
844			".txt" => "text/plain",
845			".dtd" => "text/xml",
846			".xml" => "text/xml",
847			".mpeg" => "video/mpeg",
848			".mpg" => "video/mpeg",
849			".mov" => "video/quicktime",
850			".qt" => "video/quicktime",
851			".avi" => "video/x-msvideo",
852			".asf" => "video/x-ms-asf",
853			".asx" => "video/x-ms-asf",
854			".wmv" => "video/x-ms-wmv",
855			".bz2" => "application/x-bzip",
856			".tbz" => "application/x-bzip-compressed-tar",
857			".tar.bz2" => "application/x-bzip-compressed-tar"
858			)
859
860			# Use the "Content-Type" extended attribute to obtain mime type if possible
861			#mimetypes.use-xattr = "enable"
862
863			#### accesslog module
864	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
865	a632cf43	Scott Ullrich
866			## deny access the file-extensions
867			#
868			# ~ is for backupfiles from vi, emacs, joe, ...
869			# .inc is often used for code includes which should in general not be part
870			# of the document-root
871			url.access-deny = ( "~", ".inc" )
872
873
874			######### Options that are good to be but not neccesary to be changed #######
875
876			## bind to port (default: 80)
877	28cae949	Scott Ullrich	server.port = {$lighty_port}
878	a632cf43	Scott Ullrich
879			## error-handler for status 404
880			#server.error-handler-404 = "/error-handler.html"
881			#server.error-handler-404 = "/error-handler.php"
882
883			## to help the rc.scripts
884			server.pid-file = "/var/run/{$pid_file}"
885
886			## virtual directory listings
887	28cae949	Scott Ullrich	server.dir-listing = "disable"
888	a632cf43	Scott Ullrich
889			## enable debugging
890	28cae949	Scott Ullrich	debug.log-request-header = "disable"
891			debug.log-response-header = "disable"
892			debug.log-request-handling = "disable"
893			debug.log-file-not-found = "disable"
894	a632cf43	Scott Ullrich
895			#### compress module
896			#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
897			#compress.filetype = ("text/plain", "text/html")
898
899	ee959dc4	Scott Ullrich	#server.network-backend = "writev"
900
901	67fe4c47	Scott Ullrich	server.upload-dirs = ( "{$g['upload_path']}/", "/tmp/", "/var/" )
902	1ef7b568	Scott Ullrich
903	ee959dc4	Scott Ullrich	server.max-request-size = 2097152
904
905	4edb490d	Scott Ullrich	{$fastcgi_config}
906
907			{$cgi_config}
908	a632cf43	Scott Ullrich
909	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
910
911	a632cf43	Scott Ullrich	EOD;
912
913	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
914	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
915	7aae518a	Scott Ullrich
916			$cert = str_replace("\n\n", "\n", $cert);
917	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
918	7aae518a	Scott Ullrich
919	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
920	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
921	5b237745	Scott Ullrich	if (!$fd) {
922			printf("Error: cannot open cert.pem in system_webgui_start().\n");
923			return 1;
924			}
925	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
926	5b237745	Scott Ullrich	fwrite($fd, $cert);
927			fwrite($fd, "\n");
928			fwrite($fd, $key);
929			fclose($fd);
930	a632cf43	Scott Ullrich	$lighty_config .= "\n";
931	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
932	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
933	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
934	5b237745	Scott Ullrich	}
935	0f282d7a	Scott Ullrich
936	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
937	a632cf43	Scott Ullrich	if (!$fd) {
938	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
939	a632cf43	Scott Ullrich	return 1;
940	5b237745	Scott Ullrich	}
941	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
942			fclose($fd);
943
944			return 0;
945	0f282d7a	Scott Ullrich
946	5b237745	Scott Ullrich	}
947
948			function system_password_configure() {
949	f19d3b7a	Scott Ullrich	global $config, $g;
950	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
951			$mt = microtime();
952	dcf0598e	Scott Ullrich	echo "system_password_configure() being called $mt\n";
953	f19d3b7a	Scott Ullrich	}
954
955	0d174c5f	Scott Ullrich	/* sync passwords */
956			sync_webgui_passwords();
957
958			/* !NOTE! conf_mount_ro is done by sync_webgui_passwords() */
959	0f282d7a	Scott Ullrich
960	5b237745	Scott Ullrich	return 0;
961			}
962
963			function system_timezone_configure() {
964	f19d3b7a	Scott Ullrich	global $config, $g;
965	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
966			$mt = microtime();
967	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
968	333f8ef0	Scott Ullrich	}
969	5b237745	Scott Ullrich
970			$syscfg = $config['system'];
971
972			if ($g['booting'])
973	f05740c1	Scott Ullrich	echo "Setting timezone...";
974	5b237745	Scott Ullrich
975			/* extract appropriate timezone file */
976			$timezone = $syscfg['timezone'];
977			if (!$timezone)
978			$timezone = "Etc/UTC";
979	0f282d7a	Scott Ullrich
980	34febcde	Scott Ullrich	conf_mount_rw();
981
982	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
983	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
984
985	27150275	Scott Ullrich	conf_mount_ro();
986	34febcde	Scott Ullrich
987	5b237745	Scott Ullrich	if ($g['booting'])
988	5c6d0f65	Colin Smith	echo "done.\n";
989	5b237745	Scott Ullrich	}
990
991			function system_ntp_configure() {
992	f19d3b7a	Scott Ullrich	global $config, $g;
993	5b237745	Scott Ullrich
994			$syscfg = $config['system'];
995
996	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
997			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
998			if(!$fd) {
999	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1000	20b90e0a	Scott Ullrich	return;
1001	5b237745	Scott Ullrich	}
1002
1003	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1004			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1005			fwrite($fd, "# \n\n");
1006	0f282d7a	Scott Ullrich
1007	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1008			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1009			fwrite($fd, "servers {$ts}\n");
1010	0f282d7a	Scott Ullrich
1011	95594e5a	Scott Ullrich	/* server config is in coregui1 */
1012			$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1013			if ($xmlsettings['enable'] == 'on') {
1014			$ifaces = explode(',', $xmlsettings['interface']);
1015			$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
1016			$ifaces = array_filter($ifaces, 'does_interface_exist');
1017			$ips = array_map('find_interface_ip', $ifaces);
1018			foreach ($ips as $ip) {
1019			if (is_ipaddr($ip))
1020			fwrite($fd, "listen on $ip\n");
1021			}
1022			}
1023
1024	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1025	0f282d7a	Scott Ullrich
1026	20b90e0a	Scott Ullrich	/* slurp! */
1027			fclose($fd);
1028
1029			/* if openntpd is running, kill it */
1030	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1031	20b90e0a	Scott Ullrich	exec("/usr/bin/killall ntpd");
1032	5f3e1f12	Scott Ullrich	sleep(3);
1033			}
1034
1035			/* if /var/empty does not exist, create it */
1036			if(!is_dir("/var/empty"))
1037			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1038
1039			sleep(1);
1040	20b90e0a	Scott Ullrich
1041			/* start opentpd, set time now and use /var/etc/ntpd.conf */
1042			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1043	0f282d7a	Scott Ullrich
1044	5b237745	Scott Ullrich	}
1045
1046	652cf082	Seth Mos	function sync_system_time() {
1047			global $config, $g;
1048
1049			$syscfg = $config['system'];
1050
1051			if ($g['booting'])
1052	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1053	652cf082	Seth Mos
1054			/* foreach through servers and write out to ntpd.conf */
1055			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1056			mwexec("/usr/sbin/ntpdate -s $ts");
1057			}
1058	4582b281	Scott Ullrich
1059			if ($g['booting'])
1060			echo "done.\n";
1061
1062	652cf082	Seth Mos	}
1063
1064	405e5de0	Scott Ullrich	function system_halt() {
1065			global $g;
1066
1067			system_reboot_cleanup();
1068
1069			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
1070			}
1071
1072	5b237745	Scott Ullrich	function system_reboot() {
1073			global $g;
1074	0f282d7a	Scott Ullrich
1075	5b237745	Scott Ullrich	system_reboot_cleanup();
1076	0f282d7a	Scott Ullrich
1077	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1078			}
1079
1080			function system_reboot_sync() {
1081			global $g;
1082	0f282d7a	Scott Ullrich
1083	5b237745	Scott Ullrich	system_reboot_cleanup();
1084	0f282d7a	Scott Ullrich
1085	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1086			}
1087
1088			function system_reboot_cleanup() {
1089	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1090	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1091			}
1092
1093			function system_do_shell_commands($early = 0) {
1094	f19d3b7a	Scott Ullrich	global $config, $g;
1095	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1096			$mt = microtime();
1097	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1098	58c7450e	Scott Ullrich	}
1099	0f282d7a	Scott Ullrich
1100	5b237745	Scott Ullrich	if ($early)
1101			$cmdn = "earlyshellcmd";
1102			else
1103			$cmdn = "shellcmd";
1104	0f282d7a	Scott Ullrich
1105	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1106	333f8ef0	Scott Ullrich
1107	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1108	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1109			exec($cmd);
1110			}
1111	245388b4	Scott Ullrich
1112			} elseif($config['system'][$cmdn] <> "") {
1113	333f8ef0	Scott Ullrich
1114	245388b4	Scott Ullrich	/* execute single item */
1115			exec($config['system'][$cmdn]);
1116
1117	5b237745	Scott Ullrich	}
1118			}
1119
1120			function system_console_configure() {
1121	f19d3b7a	Scott Ullrich	global $config, $g;
1122	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1123			$mt = microtime();
1124	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1125	333f8ef0	Scott Ullrich	}
1126	0f282d7a	Scott Ullrich
1127	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1128			touch("{$g['varetc_path']}/disableconsole");
1129			} else {
1130			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1131			}
1132			}
1133
1134			function system_dmesg_save() {
1135	f19d3b7a	Scott Ullrich	global $g;
1136	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1137			$mt = microtime();
1138	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1139	f19d3b7a	Scott Ullrich	}
1140	0f282d7a	Scott Ullrich
1141	767a716e	Scott Ullrich	$dmesg = "";
1142	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1143	0f282d7a	Scott Ullrich
1144	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1145			$lastcpline = 0;
1146	0f282d7a	Scott Ullrich
1147	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1148			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1149			$lastcpline = $i;
1150			}
1151	0f282d7a	Scott Ullrich
1152	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1153			if (!$fd) {
1154			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1155			return 1;
1156			}
1157	0f282d7a	Scott Ullrich
1158	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1159			fwrite($fd, $dmesg[$i] . "\n");
1160	0f282d7a	Scott Ullrich
1161	5b237745	Scott Ullrich	fclose($fd);
1162	0f282d7a	Scott Ullrich
1163	5b237745	Scott Ullrich	return 0;
1164			}
1165
1166			function system_set_harddisk_standby() {
1167	f19d3b7a	Scott Ullrich	global $g, $config;
1168	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1169			$mt = microtime();
1170	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1171	58c7450e	Scott Ullrich	}
1172	5b237745	Scott Ullrich
1173			if (isset($config['system']['harddiskstandby'])) {
1174			if ($g['booting']) {
1175	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1176	5b237745	Scott Ullrich	}
1177
1178			$standby = $config['system']['harddiskstandby'];
1179			// Check for a numeric value
1180			if (is_numeric($standby)) {
1181			// Sync the disk(s)
1182			mwexec('/bin/sync');
1183			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1184			// Reinitialize ATA-drives
1185			mwexec('/usr/local/sbin/atareinit');
1186			if ($g['booting']) {
1187	5c6d0f65	Colin Smith	echo "done.\n";
1188	5b237745	Scott Ullrich	}
1189			} else if ($g['booting']) {
1190	5c6d0f65	Colin Smith	echo "failed!\n";
1191	5b237745	Scott Ullrich	}
1192			} else if ($g['booting']) {
1193	5c6d0f65	Colin Smith	echo "failed!\n";
1194	5b237745	Scott Ullrich	}
1195			}
1196			}
1197
1198	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1199	f19d3b7a	Scott Ullrich	global $config;
1200	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1201			$mt = microtime();
1202	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1203	58c7450e	Scott Ullrich	}
1204	243aa7b9	Scott Ullrich
1205	3ff9d424	Scott Ullrich	$sysctl = return_filename_as_array("/etc/sysctl.conf");
1206			foreach($sysctl as $sysc) {
1207	89f7e23c	Scott Ullrich	if($sysc <> "")
1208	beae8857	Scott Ullrich	mwexec("sysctl {$sysc} 2>/dev/null");
1209	3ff9d424	Scott Ullrich	}
1210	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1211			system_disable_arp_wrong_if();
1212			}
1213			}
1214
1215			function system_disable_arp_wrong_if() {
1216	f19d3b7a	Scott Ullrich	global $config;
1217	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1218			$mt = microtime();
1219	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1220	333f8ef0	Scott Ullrich	}
1221	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1222	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1223	3ff9d424	Scott Ullrich	}
1224
1225	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1226	f19d3b7a	Scott Ullrich	global $config;
1227	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1228			$mt = microtime();
1229	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1230	58c7450e	Scott Ullrich	}
1231	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1232	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1233	243aa7b9	Scott Ullrich	}
1234
1235	a199b93e	Scott Ullrich	function enable_watchdog() {
1236			global $config;
1237			$install_watchdog = false;
1238			$supported_watchdogs = array("Geode");
1239			$file = file_get_contents("/var/log/dmesg.boot");
1240			foreach($supported_watchdogs as $sd) {
1241			if(stristr($file, "Geode")) {
1242			$install_watchdog = true;
1243			}
1244			}
1245			if($install_watchdog == true) {
1246	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1247			exec("/usr/bin/killall watchdogd");
1248	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1249	a199b93e	Scott Ullrich	}
1250			}
1251	243aa7b9	Scott Ullrich
1252	031aed01	Scott Ullrich	?>

Project

General

Profile

pfSense