/usr/local/www/system_firmware.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_firmware.php @ e11202d5

1	4668f9f7	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	580182e2	Colin Smith	system_firmware.php
5	1cecfbf7	Scott Ullrich	Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
6			All rights reserved.
7	580182e2	Colin Smith
8	1cecfbf7	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	580182e2	Colin Smith	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11
12			Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14
15			1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17
18			2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21
22			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33
34	3958d63b	Colin Smith	$d_isfwfile = 1;
35	6605faea	Scott Ullrich	require_once("guiconfig.inc");
36	da55e467	Scott Ullrich
37			$curcfg = $config['system']['firmware'];
38
39
40	6605faea	Scott Ullrich	require_once("xmlrpc_client.inc");
41	aa08f46b	Bill Marquette
42	47d11b79	Mark Crane	/* Allow additional execution time 0 = no limit. */
43			ini_set('max_execution_time', '3600');
44			ini_set('max_input_time', '3600');
45
46	8b7c81d7	Scott Ullrich	/* if upgrade in progress, alert user */
47			if(file_exists($d_firmwarelock_path)) {
48	d88c6a9f	Scott Ullrich	$pgtitle = array("System","Firmware","Manual Update");
49	8b7c81d7	Scott Ullrich	include("head.inc");
50			echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n";
51			include("fbegin.inc");
52			echo "<div>\n";
53	11d46d11	Scott Ullrich	print_info_box("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.<p><center><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif'>");
54	8b7c81d7	Scott Ullrich	echo "</div>\n";
55			include("fend.inc");
56			echo "</body>";
57			echo "</html>";
58			exit;
59			}
60
61	afa829bb	Scott Ullrich	if($_POST['kerneltype']) {
62			if($_POST['kerneltype'] == "single")
63			system("touch /boot/kernel/pfsense_kernel.txt");
64			else
65			system("echo {$_POST['kerneltype']} > /boot/kernel/pfsense_kernel.txt");
66			}
67
68	aa08f46b	Bill Marquette	/* Handle manual upgrade */
69	5b237745	Scott Ullrich	if ($_POST && !file_exists($d_firmwarelock_path)) {
70
71	580182e2	Colin Smith	unset($input_errors);
72			unset($sig_warning);
73
74			if (stristr($_POST['Submit'], "Enable"))
75			$mode = "enable";
76			else if (stristr($_POST['Submit'], "Disable"))
77			$mode = "disable";
78			else if (stristr($_POST['Submit'], "Upgrade") \|\| $_POST['sig_override'])
79			$mode = "upgrade";
80			else if ($_POST['sig_no']) {
81	709f48f0	Scott Ullrich	if(file_exists("{$g['upload_path']}/firmware.tgz"))
82			unlink("{$g['upload_path']}/firmware.tgz");
83	580182e2	Colin Smith	}
84			if ($mode) {
85			if ($mode == "enable") {
86			exec_rc_script("/etc/rc.firmware enable");
87	b6f67235	Scott Ullrich	conf_mount_rw();
88	580182e2	Colin Smith	touch($d_fwupenabled_path);
89			} else if ($mode == "disable") {
90			exec_rc_script("/etc/rc.firmware disable");
91	b6f67235	Scott Ullrich	conf_mount_ro();
92	580182e2	Colin Smith	if (file_exists($d_fwupenabled_path))
93			unlink($d_fwupenabled_path);
94			} else if ($mode == "upgrade") {
95			if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
96			/* verify firmware image(s) */
97			if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override'])
98	f44a6ab5	Bill Marquette	$input_errors[] = "The uploaded image file is not for this platform ({$g['platform']}).";
99	580182e2	Colin Smith	else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
100			/* probably out of memory for the MFS */
101			$input_errors[] = "Image upload failed (out of memory?)";
102			exec_rc_script("/etc/rc.firmware disable");
103			if (file_exists($d_fwupenabled_path))
104			unlink($d_fwupenabled_path);
105			} else {
106			/* move the image so PHP won't delete it */
107	1ef7b568	Scott Ullrich	rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
108	580182e2	Colin Smith
109			/* check digital signature */
110	1ef7b568	Scott Ullrich	$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
111	580182e2	Colin Smith
112			if ($sigchk == 1)
113			$sig_warning = "The digital signature on this image is invalid.";
114			else if ($sigchk == 2)
115			$sig_warning = "This image is not digitally signed.";
116			else if (($sigchk == 3) \|\| ($sigchk == 4))
117			$sig_warning = "There has been an error verifying the signature on this image.";
118
119	709f48f0	Scott Ullrich	if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
120	580182e2	Colin Smith	$input_errors[] = "The image file is corrupt.";
121	1ef7b568	Scott Ullrich	unlink("{$g['upload_path']}/firmware.tgz");
122	580182e2	Colin Smith	}
123			}
124			}
125
126	1ef7b568	Scott Ullrich	/* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */
127			if (!$input_errors && !file_exists($d_firmwarelock_path) && (!$sig_warning \|\| $_POST['sig_override'])) {
128			if (file_exists("{$g['upload_path']}/firmware.tgz")) {
129			/* fire up the update script in the background */
130			touch($d_firmwarelock_path);
131			$savemsg = "The firmware is now being updated. The firewall will reboot automatically.";
132	e1aea2cd	Scott Ullrich	if(stristr($_FILES['ulfile']['tmp_name'],"bdiff"))
133			mwexec_bg("/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz");
134			else
135			mwexec_bg("/etc/rc.firmware pfSenseupgrade {$g['upload_path']}/firmware.tgz");
136	1ef7b568	Scott Ullrich	} else {
137			$savemsg = "Firmware image missing or other error, please try again.";
138			}
139			}
140	580182e2	Colin Smith	}
141			}
142	5b237745	Scott Ullrich	}
143	e2fa4962	Scott Ullrich
144	da55e467	Scott Ullrich	$pgtitle = array("Diagnostics","Firmware");
145	52380979	Scott Ullrich	include("head.inc");
146
147	5b237745	Scott Ullrich	?>
148	580182e2	Colin Smith	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
149			<?php include("fbegin.inc"); ?>
150			<?php if ($input_errors) print_input_errors($input_errors); ?>
151	1ef7b568	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
152	580182e2	Colin Smith	<?php if ($fwinfo <> "") print_info_box($fwinfo); ?>
153	77720bd3	Colin Smith	<?php if ($sig_warning && !$input_errors): ?>
154	5b237745	Scott Ullrich	<form action="system_firmware.php" method="post">
155	4668f9f7	Scott Ullrich	<?php
156	5b237745	Scott Ullrich	$sig_warning = "<strong>" . $sig_warning . "</strong><br>This means that the image you uploaded " .
157	580182e2	Colin Smith	"is not an official/supported image and may lead to unexpected behavior or security " .
158			"compromises. Only install images that come from sources that you trust, and make sure ".
159			"that the image has not been tampered with.<br><br>".
160			"Do you want to install this image anyway (on your own risk)?";
161	5b237745	Scott Ullrich	print_info_box($sig_warning);
162			?>
163			<input name="sig_override" type="submit" class="formbtn" id="sig_override" value=" Yes ">
164			<input name="sig_no" type="submit" class="formbtn" id="sig_no" value=" No ">
165	819197a8	Scott Ullrich	</form>
166	5b237745	Scott Ullrich	<?php else: ?>
167			<?php if (!file_exists($d_firmwarelock_path)): ?>
168	819197a8	Scott Ullrich	<form action="system_firmware.php" method="post" enctype="multipart/form-data">
169	580182e2	Colin Smith	<table width="100%" border="0" cellpadding="0" cellspacing="0">
170			<tr>
171			<td>
172	4820d297	Scott Ullrich	<?php
173			$tab_array = array();
174			$tab_array[0] = array("Manual Update", true, "system_firmware.php");
175	da55e467	Scott Ullrich	$tab_array[1] = array("Auto Update", false, "system_firmware_check.php");
176			$tab_array[2] = array("Updater Settings", false, "system_firmware_settings.php");
177	4820d297	Scott Ullrich	display_top_tabs($tab_array);
178			?>
179	580182e2	Colin Smith	</td>
180			</tr>
181	222494af	Colin Smith	<tr>
182	e12d98ea	Bill Marquette	<td>
183			<div id="mainarea">
184			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
185	3958d63b	Colin Smith	<tr>
186	59605ba4	Scott Ullrich	<td colspan="2" class="listtopic">Invoke <?=$g['product_name']?> Manual Upgrade</td>
187	580182e2	Colin Smith	</tr>
188			<td width="22%" valign="baseline" class="vncell"> </td>
189	db7f4f2b	Scott Ullrich	<td width="78%" class="vtable">
190	aa08f46b	Bill Marquette	<p>Click "Enable firmware
191	3aed9904	Scott Ullrich	upload" below, then choose the image file (<?=$g['platform'];?>-*.tgz)
192	580182e2	Colin Smith	to be uploaded.<br>Click "Upgrade firmware"
193	aa08f46b	Bill Marquette	to start the upgrade process.</p>
194	03c64985	Scott Ullrich	<?php if (!file_exists($d_sysrebootreqd_path)): ?>
195	5b237745	Scott Ullrich	<?php if (!file_exists($d_fwupenabled_path)): ?>
196			<input name="Submit" type="submit" class="formbtn" value="Enable firmware upload">
197	580182e2	Colin Smith	<?php else: ?>
198			<input name="Submit" type="submit" class="formbtn" value="Disable firmware upload">
199	5b237745	Scott Ullrich	<br><br>
200	580182e2	Colin Smith	<strong>Firmware image file: </strong>
201			<input name="ulfile" type="file" class="formfld">
202	5b237745	Scott Ullrich	<br><br>
203	53549699	Scott Ullrich	<?php
204			if(!file_exists("/boot/kernel/pfsense_kernel.txt")) {
205			if($g['platform'] == "pfSense") {
206	afa829bb	Scott Ullrich	echo "Please select kernel type: ";
207			echo "<select name='kerneltype'>";
208	53549699	Scott Ullrich	echo "<option value='SMP'>Multiprocessor kernel</option>";
209	2980b387	Chris Buechler	echo "<option value='single'>Uniprocessor kernel</option>";
210	53549699	Scott Ullrich	echo "<option value='wrap'>Embedded kernel</option>";
211	a04eb873	Scott Ullrich	echo "<option value='Developers'>Developers kernel</option>";
212	53549699	Scott Ullrich	echo "</select>";
213	72ca7c77	Scott Ullrich	echo "<br><br>";
214	53549699	Scott Ullrich	}
215			}
216			?>
217	427a8ac9	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Upgrade firmware">
218	580182e2	Colin Smith	<?php endif; else: ?>
219	03c64985	Scott Ullrich	<strong>You must reboot the system before you can upgrade the firmware.</strong>
220	580182e2	Colin Smith	<?php endif; ?>
221	5b237745	Scott Ullrich	</td>
222	580182e2	Colin Smith	</td>
223	5b237745	Scott Ullrich	</tr>
224	4668f9f7	Scott Ullrich	<tr>
225	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
226			<td width="78%"><span class="vexpl"><span class="red"><strong>Warning:<br>
227	4668f9f7	Scott Ullrich	</strong></span>DO NOT abort the firmware upgrade once it
228			has started. The firewall will reboot automatically after
229	5b237745	Scott Ullrich	storing the new firmware. The configuration will be maintained.</span></td>
230			</table>
231	e12d98ea	Bill Marquette	</div>
232	580182e2	Colin Smith	</tr>
233			</td>
234	222494af	Colin Smith	</table>
235	580182e2	Colin Smith
236	5b237745	Scott Ullrich	</form>
237	03c64985	Scott Ullrich	<?php endif; endif; ?>
238	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
239			</body>
240			</html>

Project

General

Profile

pfSense