/src/etc/inc/upgrade_config.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/upgrade_config.inc @ e5ef7ae2

1	791bcfd4	Bill Marquette	<?php
2			/*
3	ce77a9c4	Phil Davis	upgrade_config.inc
4			*/
5	995df6c3	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without modification,
9			* are permitted provided that the following conditions are met:
10			*
11			* 1. Redistributions of source code must retain the above copyright notice,
12			* this list of conditions and the following disclaimer.
13			*
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in
16			* the documentation and/or other materials provided with the
17			* distribution.
18			*
19			* 3. All advertising materials mentioning features or use of this software
20			* must display the following acknowledgment:
21			* "This product includes software developed by the pfSense Project
22			* for use in the pfSense software distribution. (http://www.pfsense.org/).
23			*
24			* 4. The names "pfSense" and "pfSense Project" must not be used to
25			* endorse or promote products derived from this software without
26			* prior written permission. For written permission, please contact
27			* coreteam@pfsense.org.
28			*
29			* 5. Products derived from this software may not be called "pfSense"
30			* nor may "pfSense" appear in their names without prior written
31			* permission of the Electric Sheep Fencing, LLC.
32			*
33			* 6. Redistributions of any form whatsoever must retain the following
34			* acknowledgment:
35			*
36			* "This product includes software developed by the pfSense Project
37			* for use in the pfSense software distribution (http://www.pfsense.org/).
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			*
52			* ====================================================================
53			*
54			*/
55	791bcfd4	Bill Marquette
56	751533a2	Phil Davis	if (!function_exists("dump_rrd_to_xml")) {
57	901aa044	Scott Ullrich	require("rrd.inc");
58	751533a2	Phil Davis	}
59	0b3613ef	Denny Page	if (!function_exists("read_altq_config")) {
60			require("shaper.inc");
61			}
62	901aa044	Scott Ullrich
63	791bcfd4	Bill Marquette	/* Upgrade functions must be named:
64			* upgrade_XXX_to_YYY
65			* where XXX == previous version, zero padded, and YYY == next version, zero padded
66			*/
67			function upgrade_010_to_011() {
68			global $config;
69			$opti = 1;
70			$ifmap = array('lan' => 'lan', 'wan' => 'wan', 'pptp' => 'pptp');
71
72			/* convert DMZ to optional, if necessary */
73			if (isset($config['interfaces']['dmz'])) {
74
75			$dmzcfg = &$config['interfaces']['dmz'];
76
77			if ($dmzcfg['if']) {
78			$config['interfaces']['opt' . $opti] = array();
79			$optcfg = &$config['interfaces']['opt' . $opti];
80
81			$optcfg['enable'] = $dmzcfg['enable'];
82			$optcfg['descr'] = "DMZ";
83			$optcfg['if'] = $dmzcfg['if'];
84			$optcfg['ipaddr'] = $dmzcfg['ipaddr'];
85			$optcfg['subnet'] = $dmzcfg['subnet'];
86
87			$ifmap['dmz'] = "opt" . $opti;
88			$opti++;
89			}
90
91			unset($config['interfaces']['dmz']);
92			}
93
94			/* convert WLAN1/2 to optional, if necessary */
95			for ($i = 1; isset($config['interfaces']['wlan' . $i]); $i++) {
96
97			if (!$config['interfaces']['wlan' . $i]['if']) {
98			unset($config['interfaces']['wlan' . $i]);
99			continue;
100			}
101
102			$wlancfg = &$config['interfaces']['wlan' . $i];
103			$config['interfaces']['opt' . $opti] = array();
104			$optcfg = &$config['interfaces']['opt' . $opti];
105
106			$optcfg['enable'] = $wlancfg['enable'];
107			$optcfg['descr'] = "WLAN" . $i;
108			$optcfg['if'] = $wlancfg['if'];
109			$optcfg['ipaddr'] = $wlancfg['ipaddr'];
110			$optcfg['subnet'] = $wlancfg['subnet'];
111			$optcfg['bridge'] = $wlancfg['bridge'];
112
113			$optcfg['wireless'] = array();
114			$optcfg['wireless']['mode'] = $wlancfg['mode'];
115			$optcfg['wireless']['ssid'] = $wlancfg['ssid'];
116			$optcfg['wireless']['channel'] = $wlancfg['channel'];
117			$optcfg['wireless']['wep'] = $wlancfg['wep'];
118
119			$ifmap['wlan' . $i] = "opt" . $opti;
120
121			unset($config['interfaces']['wlan' . $i]);
122			$opti++;
123			}
124
125			/* convert filter rules */
126			$n = count($config['filter']['rule']);
127			for ($i = 0; $i < $n; $i++) {
128
129			$fr = &$config['filter']['rule'][$i];
130
131			/* remap interface */
132	751533a2	Phil Davis	if (array_key_exists($fr['interface'], $ifmap)) {
133	791bcfd4	Bill Marquette	$fr['interface'] = $ifmap[$fr['interface']];
134	751533a2	Phil Davis	} else {
135	791bcfd4	Bill Marquette	/* remove the rule */
136	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
137			"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
138	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
139			continue;
140			}
141
142			/* remap source network */
143			if (isset($fr['source']['network'])) {
144	751533a2	Phil Davis	if (array_key_exists($fr['source']['network'], $ifmap)) {
145	791bcfd4	Bill Marquette	$fr['source']['network'] = $ifmap[$fr['source']['network']];
146	751533a2	Phil Davis	} else {
147	791bcfd4	Bill Marquette	/* remove the rule */
148	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
149			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
150	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
151			continue;
152			}
153			}
154
155			/* remap destination network */
156			if (isset($fr['destination']['network'])) {
157	751533a2	Phil Davis	if (array_key_exists($fr['destination']['network'], $ifmap)) {
158	791bcfd4	Bill Marquette	$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
159	751533a2	Phil Davis	} else {
160	791bcfd4	Bill Marquette	/* remove the rule */
161	4b48d1b9	Carlos Eduardo Ramos	printf(gettext("%sWarning: filter rule removed " .
162			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
163	791bcfd4	Bill Marquette	unset($config['filter']['rule'][$i]);
164			continue;
165			}
166			}
167			}
168
169			/* convert shaper rules */
170			$n = count($config['pfqueueing']['rule']);
171	751533a2	Phil Davis	if (is_array($config['pfqueueing']['rule'])) {
172			for ($i = 0; $i < $n; $i++) {
173	791bcfd4	Bill Marquette
174	751533a2	Phil Davis	$fr = &$config['pfqueueing']['rule'][$i];
175	791bcfd4	Bill Marquette
176	751533a2	Phil Davis	/* remap interface */
177			if (array_key_exists($fr['interface'], $ifmap)) {
178			$fr['interface'] = $ifmap[$fr['interface']];
179			} else {
180	791bcfd4	Bill Marquette	/* remove the rule */
181	4d511e5b	Renato Botelho	printf(gettext("%sWarning: traffic shaper rule removed " .
182	751533a2	Phil Davis	"(interface '%s' does not exist anymore)."), "\n", $fr['interface']);
183	791bcfd4	Bill Marquette	unset($config['pfqueueing']['rule'][$i]);
184			continue;
185			}
186
187	751533a2	Phil Davis	/* remap source network */
188			if (isset($fr['source']['network'])) {
189			if (array_key_exists($fr['source']['network'], $ifmap)) {
190			$fr['source']['network'] = $ifmap[$fr['source']['network']];
191			} else {
192			/* remove the rule */
193			printf(gettext("%sWarning: traffic shaper rule removed " .
194			"(source network '%s' does not exist anymore)."), "\n", $fr['source']['network']);
195			unset($config['pfqueueing']['rule'][$i]);
196			continue;
197			}
198			}
199
200			/* remap destination network */
201			if (isset($fr['destination']['network'])) {
202			if (array_key_exists($fr['destination']['network'], $ifmap)) {
203			$fr['destination']['network'] = $ifmap[$fr['destination']['network']];
204			} else {
205			/* remove the rule */
206			printf(gettext("%sWarning: traffic shaper rule removed " .
207			"(destination network '%s' does not exist anymore)."), "\n", $fr['destination']['network']);
208			unset($config['pfqueueing']['rule'][$i]);
209			continue;
210			}
211	791bcfd4	Bill Marquette	}
212			}
213			}
214			}
215
216
217			function upgrade_011_to_012() {
218			global $config;
219			/* move LAN DHCP server config */
220			$tmp = $config['dhcpd'];
221			$config['dhcpd'] = array();
222			$config['dhcpd']['lan'] = $tmp;
223
224			/* encrypt password */
225			$config['system']['password'] = crypt($config['system']['password']);
226			}
227
228
229			function upgrade_012_to_013() {
230			global $config;
231			/* convert advanced outbound NAT config */
232			for ($i = 0; isset($config['nat']['advancedoutbound']['rule'][$i]); $i++) {
233			$curent = &$config['nat']['advancedoutbound']['rule'][$i];
234			$src = $curent['source'];
235			$curent['source'] = array();
236			$curent['source']['network'] = $src;
237			$curent['destination'] = array();
238			$curent['destination']['any'] = true;
239			}
240
241			/* add an explicit type="pass" to all filter rules to make things consistent */
242			for ($i = 0; isset($config['filter']['rule'][$i]); $i++) {
243			$config['filter']['rule'][$i]['type'] = "pass";
244			}
245			}
246
247
248			function upgrade_013_to_014() {
249			global $config;
250			/* convert shaper rules (make pipes) */
251			if (is_array($config['pfqueueing']['rule'])) {
252			$config['pfqueueing']['pipe'] = array();
253
254			for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) {
255			$curent = &$config['pfqueueing']['rule'][$i];
256
257			/* make new pipe and associate with this rule */
258			$newpipe = array();
259			$newpipe['descr'] = $curent['descr'];
260			$newpipe['bandwidth'] = $curent['bandwidth'];
261			$newpipe['delay'] = $curent['delay'];
262			$newpipe['mask'] = $curent['mask'];
263			$config['pfqueueing']['pipe'][$i] = $newpipe;
264
265			$curent['targetpipe'] = $i;
266
267			unset($curent['bandwidth']);
268			unset($curent['delay']);
269			unset($curent['mask']);
270			}
271			}
272			}
273
274
275			function upgrade_014_to_015() {
276			global $config;
277			/* Default route moved */
278	751533a2	Phil Davis	if (isset($config['interfaces']['wan']['gateway'])) {
279			if ($config['interfaces']['wan']['gateway'] <> "") {
280	839966e3	Phil Davis	$config['system']['gateway'] = $config['interfaces']['wan']['gateway'];
281	751533a2	Phil Davis	}
282	fa6e5ba5	Phil Davis	unset($config['interfaces']['wan']['gateway']);
283	751533a2	Phil Davis	}
284	791bcfd4	Bill Marquette
285			/* Queues are no longer interface specific */
286	751533a2	Phil Davis	if (isset($config['interfaces']['lan']['schedulertype'])) {
287	791bcfd4	Bill Marquette	unset($config['interfaces']['lan']['schedulertype']);
288	751533a2	Phil Davis	}
289			if (isset($config['interfaces']['wan']['schedulertype'])) {
290	791bcfd4	Bill Marquette	unset($config['interfaces']['wan']['schedulertype']);
291	751533a2	Phil Davis	}
292	791bcfd4	Bill Marquette
293			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
294	751533a2	Phil Davis	if (isset($config['interfaces']['opt' . $i]['schedulertype'])) {
295	791bcfd4	Bill Marquette	unset($config['interfaces']['opt' . $i]['schedulertype']);
296	751533a2	Phil Davis	}
297	791bcfd4	Bill Marquette	}
298			}
299
300
301			function upgrade_015_to_016() {
302			global $config;
303			/* Alternate firmware URL moved */
304			if (isset($config['system']['firmwareurl']) && isset($config['system']['firmwarename'])) { // Only convert if both are defined.
305			$config['system']['alt_firmware_url'] = array();
306			$config['system']['alt_firmware_url']['enabled'] = "";
307			$config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl'];
308			$config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename'];
309	fa6e5ba5	Phil Davis	}
310			if (isset($config['system']['firmwareurl'])) {
311			unset($config['system']['firmwareurl']);
312			}
313			if (isset($config['system']['firmwarename'])) {
314			unset($config['system']['firmwarename']);
315	791bcfd4	Bill Marquette	}
316			}
317
318
319			function upgrade_016_to_017() {
320			global $config;
321			/* wipe previous shaper configuration */
322	fa6e5ba5	Phil Davis	if (isset($config['shaper']['queue'])) {
323			unset($config['shaper']['queue']);
324			}
325			if (isset($config['shaper']['rule'])) {
326			unset($config['shaper']['rule']);
327			}
328			if (isset($config['interfaces']['wan']['bandwidth'])) {
329			unset($config['interfaces']['wan']['bandwidth']);
330			}
331			if (isset($config['interfaces']['wan']['bandwidthtype'])) {
332			unset($config['interfaces']['wan']['bandwidthtype']);
333			}
334			if (isset($config['interfaces']['lan']['bandwidth'])) {
335			unset($config['interfaces']['lan']['bandwidth']);
336			}
337			if (isset($config['interfaces']['lan']['bandwidthtype'])) {
338			unset($config['interfaces']['lan']['bandwidthtype']);
339			}
340	791bcfd4	Bill Marquette	$config['shaper']['enable'] = FALSE;
341			}
342
343
344			function upgrade_017_to_018() {
345			global $config;
346	751533a2	Phil Davis	if (isset($config['proxyarp']) && is_array($config['proxyarp']['proxyarpnet'])) {
347	791bcfd4	Bill Marquette	$proxyarp = &$config['proxyarp']['proxyarpnet'];
348	751533a2	Phil Davis	foreach ($proxyarp as $arpent) {
349	791bcfd4	Bill Marquette	$vip = array();
350			$vip['mode'] = "proxyarp";
351			$vip['interface'] = $arpent['interface'];
352			$vip['descr'] = $arpent['descr'];
353			if (isset($arpent['range'])) {
354			$vip['range'] = $arpent['range'];
355			$vip['type'] = "range";
356			} else {
357			$subnet = explode('/', $arpent['network']);
358			$vip['subnet'] = $subnet[0];
359			if (isset($subnet[1])) {
360			$vip['subnet_bits'] = $subnet[1];
361			$vip['type'] = "network";
362			} else {
363			$vip['subnet_bits'] = "32";
364			$vip['type'] = "single";
365			}
366			}
367			$config['virtualip']['vip'][] = $vip;
368			}
369			unset($config['proxyarp']);
370			}
371	751533a2	Phil Davis	if (isset($config['installedpackages']) && isset($config['installedpackages']['carp']) && is_array($config['installedpackages']['carp']['config'])) {
372	791bcfd4	Bill Marquette	$carp = &$config['installedpackages']['carp']['config'];
373	751533a2	Phil Davis	foreach ($carp as $carpent) {
374	791bcfd4	Bill Marquette	$vip = array();
375			$vip['mode'] = "carp";
376			$vip['interface'] = "AUTO";
377	4d511e5b	Renato Botelho	$vip['descr'] = sprintf(gettext("CARP vhid %s"), $carpent['vhid']);
378	791bcfd4	Bill Marquette	$vip['type'] = "single";
379			$vip['vhid'] = $carpent['vhid'];
380			$vip['advskew'] = $carpent['advskew'];
381			$vip['password'] = $carpent['password'];
382			$vip['subnet'] = $carpent['ipaddress'];
383			$vip['subnet_bits'] = $carpent['netmask'];
384			$config['virtualip']['vip'][] = $vip;
385			}
386			unset($config['installedpackages']['carp']);
387			}
388			/* Server NAT is no longer needed */
389	fa6e5ba5	Phil Davis	if (isset($config['nat']['servernat'])) {
390			unset($config['nat']['servernat']);
391			}
392	791bcfd4	Bill Marquette
393			/* enable SSH */
394			if ($config['version'] == "1.8") {
395			$config['system']['sshenabled'] = true;
396			}
397			}
398
399
400			function upgrade_018_to_019() {
401			global $config;
402			}
403
404
405			function upgrade_019_to_020() {
406			global $config;
407	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
408	791bcfd4	Bill Marquette	reset($config['ipsec']['tunnel']);
409			while (list($index, $tunnel) = each($config['ipsec']['tunnel'])) {
410			/* Sanity check on required variables */
411			/* This fixes bogus <tunnel> entries - remnant of bug #393 */
412			if (!isset($tunnel['local-subnet']) && !isset($tunnel['remote-subnet'])) {
413			unset($config['ipsec']['tunnel'][$tunnel]);
414			}
415			}
416			}
417			}
418
419			function upgrade_020_to_021() {
420			global $config;
421			/* shaper scheduler moved */
422	751533a2	Phil Davis	if (isset($config['system']['schedulertype'])) {
423	791bcfd4	Bill Marquette	$config['shaper']['schedulertype'] = $config['system']['schedulertype'];
424			unset($config['system']['schedulertype']);
425			}
426			}
427
428
429			function upgrade_021_to_022() {
430			global $config;
431			/* move gateway to wan interface */
432			$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
433			}
434
435			function upgrade_022_to_023() {
436			global $config;
437	751533a2	Phil Davis	if (isset($config['shaper'])) {
438	791bcfd4	Bill Marquette	/* wipe previous shaper configuration */
439			unset($config['shaper']);
440			}
441			}
442
443
444			function upgrade_023_to_024() {
445			global $config;
446			}
447
448
449			function upgrade_024_to_025() {
450			global $config;
451			$config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway'];
452	fa6e5ba5	Phil Davis	if (isset($config['system']['use_rrd_gateway'])) {
453			unset($config['system']['use_rrd_gateway']);
454			}
455	791bcfd4	Bill Marquette	}
456
457
458			function upgrade_025_to_026() {
459			global $config;
460			$cron_item = array();
461			$cron_item['minute'] = "0";
462			$cron_item['hour'] = "*";
463			$cron_item['mday'] = "*";
464			$cron_item['month'] = "*";
465			$cron_item['wday'] = "*";
466			$cron_item['who'] = "root";
467			$cron_item['command'] = "/usr/bin/nice -n20 newsyslog";
468
469			$config['cron']['item'][] = $cron_item;
470
471			$cron_item = array();
472			$cron_item['minute'] = "1,31";
473			$cron_item['hour'] = "0-5";
474			$cron_item['mday'] = "*";
475			$cron_item['month'] = "*";
476			$cron_item['wday'] = "*";
477			$cron_item['who'] = "root";
478			$cron_item['command'] = "/usr/bin/nice -n20 adjkerntz -a";
479
480			$config['cron']['item'][] = $cron_item;
481
482			$cron_item = array();
483			$cron_item['minute'] = "1";
484			$cron_item['hour'] = "*";
485			$cron_item['mday'] = "1";
486			$cron_item['month'] = "*";
487			$cron_item['wday'] = "*";
488			$cron_item['who'] = "root";
489			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_bogons.sh";
490
491			$config['cron']['item'][] = $cron_item;
492
493			$cron_item = array();
494			$cron_item['minute'] = "*/60";
495			$cron_item['hour'] = "*";
496			$cron_item['mday'] = "*";
497			$cron_item['month'] = "*";
498			$cron_item['wday'] = "*";
499			$cron_item['who'] = "root";
500			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout";
501
502			$config['cron']['item'][] = $cron_item;
503
504			$cron_item = array();
505			$cron_item['minute'] = "1";
506			$cron_item['hour'] = "1";
507			$cron_item['mday'] = "*";
508			$cron_item['month'] = "*";
509			$cron_item['wday'] = "*";
510			$cron_item['who'] = "root";
511			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.dyndns.update";
512
513			$config['cron']['item'][] = $cron_item;
514
515			$cron_item = array();
516			$cron_item['minute'] = "*/60";
517			$cron_item['hour'] = "*";
518			$cron_item['mday'] = "*";
519			$cron_item['month'] = "*";
520			$cron_item['wday'] = "*";
521			$cron_item['who'] = "root";
522			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot";
523
524			$config['cron']['item'][] = $cron_item;
525
526			$cron_item = array();
527			$cron_item['minute'] = "*/60";
528			$cron_item['hour'] = "*";
529			$cron_item['mday'] = "*";
530			$cron_item['month'] = "*";
531			$cron_item['wday'] = "*";
532			$cron_item['who'] = "root";
533			$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c";
534
535			$config['cron']['item'][] = $cron_item;
536			}
537
538
539			function upgrade_026_to_027() {
540			global $config;
541			}
542
543
544			function upgrade_027_to_028() {
545			global $config;
546			}
547
548
549			function upgrade_028_to_029() {
550			global $config;
551			$rule_item = array();
552			$a_filter = &$config['filter']['rule'];
553			$rule_item['interface'] = "enc0";
554			$rule_item['type'] = "pass";
555			$rule_item['source']['any'] = true;
556			$rule_item['destination']['any'] = true;
557	4d511e5b	Renato Botelho	$rule_item['descr'] = gettext("Permit IPsec traffic.");
558	791bcfd4	Bill Marquette	$rule_item['statetype'] = "keep state";
559			$a_filter[] = $rule_item;
560			}
561
562
563			function upgrade_029_to_030() {
564			global $config;
565			/* enable the rrd config setting by default */
566			$config['rrd']['enable'] = true;
567			}
568
569
570			function upgrade_030_to_031() {
571			global $config;
572			/* Insert upgrade code here */
573			}
574
575
576			function upgrade_031_to_032() {
577			global $config;
578			/* Insert upgrade code here */
579			}
580
581
582			function upgrade_032_to_033() {
583			global $config;
584			/* Insert upgrade code here */
585			}
586
587
588			function upgrade_033_to_034() {
589			global $config;
590			/* Insert upgrade code here */
591			}
592
593
594			function upgrade_034_to_035() {
595			global $config;
596			/* Insert upgrade code here */
597			}
598
599
600			function upgrade_035_to_036() {
601			global $config;
602			/* Insert upgrade code here */
603			}
604
605
606			function upgrade_036_to_037() {
607			global $config;
608			/* Insert upgrade code here */
609			}
610
611
612			function upgrade_037_to_038() {
613			global $config;
614	db7f618b	Seth Mos	/* Insert upgrade code here */
615	791bcfd4	Bill Marquette	}
616
617
618			function upgrade_038_to_039() {
619			global $config;
620	ef026950	Ermal Lu?i	/* Insert upgrade code here */
621	791bcfd4	Bill Marquette	}
622
623
624			function upgrade_039_to_040() {
625	879f7db7	Erik Fonnesbeck	global $config, $g;
626	791bcfd4	Bill Marquette	$config['system']['webgui']['auth_method'] = "session";
627			$config['system']['webgui']['backing_method'] = "htpasswd";
628
629	fa6e5ba5	Phil Davis	if (isset($config['system']['username'])) {
630	791bcfd4	Bill Marquette	$config['system']['group'] = array();
631			$config['system']['group'][0]['name'] = "admins";
632	4d511e5b	Renato Botelho	$config['system']['group'][0]['description'] = gettext("System Administrators");
633	791bcfd4	Bill Marquette	$config['system']['group'][0]['scope'] = "system";
634	ebcdcaaa	jim-p	$config['system']['group'][0]['priv'] = "page-all";
635	791bcfd4	Bill Marquette	$config['system']['group'][0]['home'] = "index.php";
636			$config['system']['group'][0]['gid'] = "110";
637
638			$config['system']['user'] = array();
639			$config['system']['user'][0]['name'] = "{$config['system']['username']}";
640	9ff73b79	jim-p	$config['system']['user'][0]['descr'] = "System Administrator";
641	791bcfd4	Bill Marquette	$config['system']['user'][0]['scope'] = "system";
642			$config['system']['user'][0]['groupname'] = "admins";
643			$config['system']['user'][0]['password'] = "{$config['system']['password']}";
644			$config['system']['user'][0]['uid'] = "0";
645	6d8e6b22	jim-p	/* Ensure that we follow what this new "admin" username should be in the session. */
646			$_SESSION["Username"] = "{$config['system']['username']}";
647	791bcfd4	Bill Marquette
648			$config['system']['user'][0]['priv'] = array();
649			$config['system']['user'][0]['priv'][0]['id'] = "lockwc";
650			$config['system']['user'][0]['priv'][0]['name'] = "Lock webConfigurator";
651	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][0]['descr'] = gettext("Indicates whether this user will lock access to the webConfigurator for other users.");
652	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][1]['id'] = "lock-ipages";
653			$config['system']['user'][0]['priv'][1]['name'] = "Lock individual pages";
654	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][1]['descr'] = gettext("Indicates whether this user will lock individual HTML pages after having accessed a particular page (the lock will be freed if the user leaves or saves the page form).");
655	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][2]['id'] = "hasshell";
656			$config['system']['user'][0]['priv'][2]['name'] = "Has shell access";
657	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][2]['descr'] = gettext("Indicates whether this user is able to login for example via SSH.");
658	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][3]['id'] = "copyfiles";
659			$config['system']['user'][0]['priv'][3]['name'] = "Is allowed to copy files";
660	99a3ce08	Renato Botelho	$config['system']['user'][0]['priv'][3]['descr'] = sprintf(gettext("Indicates whether this user is allowed to copy files onto the %s appliance via SCP/SFTP."), $g['product_name']);
661	791bcfd4	Bill Marquette	$config['system']['user'][0]['priv'][4]['id'] = "isroot";
662			$config['system']['user'][0]['priv'][4]['name'] = "Is root user";
663	4d511e5b	Renato Botelho	$config['system']['user'][0]['priv'][4]['descr'] = gettext("This user is associated with the UNIX root user (you should associate this privilege only with one single user).");
664	791bcfd4	Bill Marquette
665			$config['system']['nextuid'] = "111";
666			$config['system']['nextgid'] = "111";
667
668			/* wipe previous auth configuration */
669	fa6e5ba5	Phil Davis	unset($config['system']['username']);
670			if (isset($config['system']['password'])) {
671			unset($config['system']['password']);
672			}
673	791bcfd4	Bill Marquette	}
674			}
675
676			function upgrade_040_to_041() {
677			global $config;
678	751533a2	Phil Davis	if (!$config['sysctl']) {
679	791bcfd4	Bill Marquette	$config['sysctl']['item'] = array();
680
681			$config['sysctl']['item'][0]['tunable'] = "net.inet.tcp.blackhole";
682	4816e5ca	Renato Botelho	$config['sysctl']['item'][0]['descr'] = gettext("Drop packets to closed TCP ports without returning a RST");
683	908c4eea	sullrich	$config['sysctl']['item'][0]['value'] = "default";
684	791bcfd4	Bill Marquette
685			$config['sysctl']['item'][1]['tunable'] = "net.inet.udp.blackhole";
686	4816e5ca	Renato Botelho	$config['sysctl']['item'][1]['descr'] = gettext("Do not send ICMP port unreachable messages for closed UDP ports");
687	908c4eea	sullrich	$config['sysctl']['item'][1]['value'] = "default";
688	791bcfd4	Bill Marquette
689			$config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id";
690	4816e5ca	Renato Botelho	$config['sysctl']['item'][2]['descr'] = gettext("Randomize the ID field in IP packets (default is 0: sequential IP IDs)");
691	908c4eea	sullrich	$config['sysctl']['item'][2]['value'] = "default";
692	791bcfd4	Bill Marquette
693			$config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin";
694	4816e5ca	Renato Botelho	$config['sysctl']['item'][3]['descr'] = gettext("Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)");
695	908c4eea	sullrich	$config['sysctl']['item'][3]['value'] = "default";
696	791bcfd4	Bill Marquette
697			$config['sysctl']['item'][4]['tunable'] = "net.inet.ip.redirect";
698	4816e5ca	Renato Botelho	$config['sysctl']['item'][4]['descr'] = gettext("Sending of IPv4 ICMP redirects");
699	908c4eea	sullrich	$config['sysctl']['item'][4]['value'] = "default";
700	791bcfd4	Bill Marquette
701			$config['sysctl']['item'][5]['tunable'] = "net.inet6.ip6.redirect";
702	4816e5ca	Renato Botelho	$config['sysctl']['item'][5]['descr'] = gettext("Sending of IPv6 ICMP redirects");
703	908c4eea	sullrich	$config['sysctl']['item'][5]['value'] = "default";
704	791bcfd4	Bill Marquette
705			$config['sysctl']['item'][6]['tunable'] = "net.inet.tcp.syncookies";
706	4816e5ca	Renato Botelho	$config['sysctl']['item'][6]['descr'] = gettext("Generate SYN cookies for outbound SYN-ACK packets");
707	908c4eea	sullrich	$config['sysctl']['item'][6]['value'] = "default";
708	791bcfd4	Bill Marquette
709			$config['sysctl']['item'][7]['tunable'] = "net.inet.tcp.recvspace";
710	4816e5ca	Renato Botelho	$config['sysctl']['item'][7]['descr'] = gettext("Maximum incoming TCP datagram size");
711	908c4eea	sullrich	$config['sysctl']['item'][7]['value'] = "default";
712	791bcfd4	Bill Marquette
713			$config['sysctl']['item'][8]['tunable'] = "net.inet.tcp.sendspace";
714	4816e5ca	Renato Botelho	$config['sysctl']['item'][8]['descr'] = gettext("Maximum outgoing TCP datagram size");
715	908c4eea	sullrich	$config['sysctl']['item'][8]['value'] = "default";
716	791bcfd4	Bill Marquette
717	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][9]['tunable'] = "net.inet.tcp.delayed_ack";
718			$config['sysctl']['item'][9]['descr'] = gettext("Do not delay ACK to try and piggyback it onto a data packet");
719	908c4eea	sullrich	$config['sysctl']['item'][9]['value'] = "default";
720	791bcfd4	Bill Marquette
721	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][10]['tunable'] = "net.inet.udp.maxdgram";
722			$config['sysctl']['item'][10]['descr'] = gettext("Maximum outgoing UDP datagram size");
723	908c4eea	sullrich	$config['sysctl']['item'][10]['value'] = "default";
724	791bcfd4	Bill Marquette
725	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][11]['tunable'] = "net.link.bridge.pfil_onlyip";
726			$config['sysctl']['item'][11]['descr'] = gettext("Handling of non-IP packets which are not passed to pfil (see if_bridge(4))");
727	908c4eea	sullrich	$config['sysctl']['item'][11]['value'] = "default";
728	791bcfd4	Bill Marquette
729	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][12]['tunable'] = "net.link.tap.user_open";
730			$config['sysctl']['item'][12]['descr'] = gettext("Allow unprivileged access to tap(4) device nodes");
731	908c4eea	sullrich	$config['sysctl']['item'][12]['value'] = "default";
732	791bcfd4	Bill Marquette
733	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][13]['tunable'] = "kern.randompid";
734			$config['sysctl']['item'][13]['descr'] = gettext("Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())");
735	908c4eea	sullrich	$config['sysctl']['item'][13]['value'] = "default";
736	791bcfd4	Bill Marquette
737	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][14]['tunable'] = "net.inet.tcp.inflight.enable";
738			$config['sysctl']['item'][14]['descr'] = gettext("The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. ");
739			$config['sysctl']['item'][14]['value'] = "default";
740
741			$config['sysctl']['item'][15]['tunable'] = "net.inet.icmp.icmplim";
742			$config['sysctl']['item'][15]['descr'] = gettext("Set ICMP Limits");
743	908c4eea	sullrich	$config['sysctl']['item'][15]['value'] = "default";
744	791bcfd4	Bill Marquette
745	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.tso";
746			$config['sysctl']['item'][16]['descr'] = gettext("TCP Offload engine");
747	908c4eea	sullrich	$config['sysctl']['item'][16]['value'] = "default";
748	791bcfd4	Bill Marquette
749	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][17]['tunable'] = "net.inet.ip.portrange.first";
750			$config['sysctl']['item'][17]['descr'] = "Set the ephemeral port range starting port";
751	908c4eea	sullrich	$config['sysctl']['item'][17]['value'] = "default";
752	791bcfd4	Bill Marquette
753	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][18]['tunable'] = "hw.syscons.kbd_reboot";
754			$config['sysctl']['item'][18]['descr'] = "Enables ctrl+alt+delete";
755	908c4eea	sullrich	$config['sysctl']['item'][18]['value'] = "default";
756	2d563280	Renato Botelho
757	e2ff2b3f	Chris Buechler	$config['sysctl']['item'][19]['tunable'] = "kern.ipc.maxsockbuf";
758			$config['sysctl']['item'][19]['descr'] = "Maximum socket buffer size";
759	558dda01	Scott Ullrich	$config['sysctl']['item'][19]['value'] = "default";
760	908c4eea	sullrich
761	791bcfd4	Bill Marquette	}
762			}
763
764
765			function upgrade_041_to_042() {
766			global $config;
767	751533a2	Phil Davis	if (isset($config['shaper'])) {
768	791bcfd4	Bill Marquette	unset($config['shaper']);
769	751533a2	Phil Davis	}
770			if (isset($config['ezshaper'])) {
771	791bcfd4	Bill Marquette	unset($config['ezshaper']);
772	751533a2	Phil Davis	}
773	791bcfd4	Bill Marquette	}
774
775
776			function upgrade_042_to_043() {
777			global $config;
778			/* migrate old interface gateway to the new gateways config */
779	ab0eced7	Ermal	$iflist = get_configured_interface_list(false, true);
780	791bcfd4	Bill Marquette	$gateways = array();
781			$i = 0;
782	751533a2	Phil Davis	foreach ($iflist as $ifname => $interface) {
783	4de8f7ba	Phil Davis	if (!interface_has_gateway($ifname)) {
784	fc85edaf	Seth Mos	continue;
785			}
786	b314ab72	Ermal	$config['gateways']['gateway_item'][$i] = array();
787	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['gateway'])) {
788	3240836a	Seth Mos	$config['gateways']['gateway_item'][$i]['gateway'] = $config['interfaces'][$ifname]['gateway'];
789	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Static Gateway"), $ifname);
790	2328dcc5	Seth Mos	} else {
791			$config['gateways']['gateway_item'][$i]['gateway'] = "dynamic";
792	4d511e5b	Renato Botelho	$config['gateways']['gateway_item'][$i]['descr'] = sprintf(gettext("Interface %s Dynamic Gateway"), $ifname);
793	2328dcc5	Seth Mos	}
794			$config['gateways']['gateway_item'][$i]['interface'] = $ifname;
795			$config['gateways']['gateway_item'][$i]['name'] = "GW_" . strtoupper($ifname);
796			/* add default gateway bit for wan on upgrade */
797	751533a2	Phil Davis	if ($ifname == "wan") {
798	2d563280	Renato Botelho	$config['gateways']['gateway_item'][$i]['defaultgw'] = true;
799	2328dcc5	Seth Mos	}
800	751533a2	Phil Davis	if (is_ipaddr($config['interfaces'][$ifname]['use_rrd_gateway'])) {
801	2328dcc5	Seth Mos	$config['gateways']['gateway_item'][$i]['monitor'] = $config['interfaces'][$ifname]['use_rrd_gateway'];
802			unset($config['interfaces'][$ifname]['use_rrd_gateway']);
803			}
804			$config['interfaces'][$ifname]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
805	3240836a	Seth Mos
806	2328dcc5	Seth Mos	/* Update all filter rules which might reference this gateway */
807			$j = 0;
808	751533a2	Phil Davis	foreach ($config['filter']['rule'] as $rule) {
809			if (is_ipaddr($rule['gateway'])) {
810			if ($rule['gateway'] == $config['gateways']['gateway_item'][$i]['gateway']) {
811	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
812	751533a2	Phil Davis	} else if ($rule['gateway'] == $ifname) {
813	6364b88b	Ermal	$config['filter']['rule'][$j]['gateway'] = $config['gateways']['gateway_item'][$i]['name'];
814	751533a2	Phil Davis	}
815	3240836a	Seth Mos	}
816	2328dcc5	Seth Mos	$j++;
817	791bcfd4	Bill Marquette	}
818	c9ba2835	smos
819			/* rename old Quality RRD files in the process */
820			$rrddbpath = "/var/db/rrd";
821			$gwname = "GW_" . strtoupper($ifname);
822	751533a2	Phil Davis	if (is_readable("{$rrddbpath}/{$ifname}-quality.rrd")) {
823	c9ba2835	smos	rename("{$rrddbpath}/{$ifname}-quality.rrd", "{$rrddbpath}/{$gwname}-quality.rrd");
824			}
825	2328dcc5	Seth Mos	$i++;
826	791bcfd4	Bill Marquette	}
827			}
828
829
830			function upgrade_043_to_044() {
831			global $config;
832	a842e988	Ermal
833			/* migrate static routes to the new gateways config */
834			$gateways = return_gateways_array(true);
835	6cae2c44	Ermal	$i = 0;
836	a842e988	Ermal	if (is_array($config['staticroutes']['route'])) {
837	323f3f9c	smos	$gwmap = array();
838	a842e988	Ermal	foreach ($config['staticroutes']['route'] as $idx => $sroute) {
839			$found = false;
840			foreach ($gateways as $gwname => $gw) {
841			if ($gw['gateway'] == $sroute['gateway']) {
842			$config['staticroutes']['route'][$idx]['gateway'] = $gwname;
843			$found = true;
844			break;
845			}
846			}
847	751533a2	Phil Davis	if ($gwmap[$sroute['gateway']]) {
848	323f3f9c	smos	/* We already added a gateway name for this IP */
849			$config['staticroutes']['route'][$idx]['gateway'] = "{$gwmap[$sroute['gateway']]}";
850			$found = true;
851	2d563280	Renato Botelho	}
852
853	a842e988	Ermal	if ($found == false) {
854			$gateway = array();
855	323f3f9c	smos	$gateway['name'] = "SROUTE{$i}";
856			$gwmap[$sroute['gateway']] = $gateway['name'];
857	a842e988	Ermal	$gateway['gateway'] = $sroute['gateway'];
858			$gateway['interface'] = $sroute['interface'];
859	4d511e5b	Renato Botelho	$gateway['descr'] = sprintf(gettext("Upgraded static route for %s"), $sroute['network']);
860	751533a2	Phil Davis	if (!is_array($config['gateways']['gateway_item'])) {
861	a842e988	Ermal	$config['gateways']['gateway_item'] = array();
862	751533a2	Phil Davis	}
863	a842e988	Ermal	$config['gateways']['gateway_item'][] = $gateway;
864			$config['staticroutes']['route'][$idx]['gateway'] = $gateway['name'];
865	6cae2c44	Ermal	$i++;
866	a842e988	Ermal	}
867			}
868			}
869	791bcfd4	Bill Marquette	}
870
871
872			function upgrade_044_to_045() {
873			global $config;
874	da74e673	Seth Mos	$iflist = get_configured_interface_list(false, true);
875	791bcfd4	Bill Marquette	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
876	3d039701	smos	$i = 0;
877	da74e673	Seth Mos	foreach ($config['vlans']['vlan'] as $id => $vlan) {
878			/* Make sure to update the interfaces section with the right name */
879	62958eae	smos	$vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}";
880	751533a2	Phil Davis	foreach ($iflist as $ifname) {
881			if ($config['interfaces'][$ifname]['if'] == "vlan{$i}") {
882	62958eae	smos	$config['interfaces'][$ifname]['if'] = $vlan_name;
883			continue;
884	da74e673	Seth Mos	}
885			}
886	62958eae	smos	$config['vlans']['vlan'][$i]['vlanif'] = "{$vlan_name}";
887	2d563280	Renato Botelho	$i++;
888	da74e673	Seth Mos	}
889	791bcfd4	Bill Marquette	}
890			}
891
892
893			function upgrade_045_to_046() {
894			global $config;
895	2d563280	Renato Botelho	/* Load up monitors that are in the default config for 2.0 but not in 1.2.3
896	506514e7	jim-p	thus wouldn't be in an upgraded config. */
897			$config['load_balancer']['monitor_type'] = array (
898	751533a2	Phil Davis	array ('name' => 'ICMP',
899	506514e7	jim-p	'type' => 'icmp',
900			'descr' => 'ICMP',
901			'options' => '',
902			),
903	751533a2	Phil Davis	array ('name' => 'TCP',
904	506514e7	jim-p	'type' => 'tcp',
905			'descr' => 'Generic TCP',
906			'options' => '',
907			),
908	751533a2	Phil Davis	array ('name' => 'HTTP',
909	506514e7	jim-p	'type' => 'http',
910			'descr' => 'Generic HTTP',
911			'options' =>
912	751533a2	Phil Davis	array ('path' => '/',
913	506514e7	jim-p	'host' => '',
914			'code' => '200',
915			),
916			),
917	751533a2	Phil Davis	array ('name' => 'HTTPS',
918	506514e7	jim-p	'type' => 'https',
919			'descr' => 'Generic HTTPS',
920			'options' =>
921	751533a2	Phil Davis	array ('path' => '/',
922	506514e7	jim-p	'host' => '',
923			'code' => '200',
924			),
925			),
926	751533a2	Phil Davis	array ('name' => 'SMTP',
927	506514e7	jim-p	'type' => 'send',
928			'descr' => 'Generic SMTP',
929			'options' =>
930	751533a2	Phil Davis	array ('send' => '',
931	520d4137	jim-p	'expect' => '220 *',
932	506514e7	jim-p	),
933			),
934			);
935	791bcfd4	Bill Marquette	/* Upgrade load balancer from slb to relayd */
936			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
937			$vs_a = &$config['load_balancer']['virtual_server'];
938			$pool_a = &$config['load_balancer']['lbpool'];
939			$pools = array();
940	25753b5b	sullrich	/* Index pools by name */
941	751533a2	Phil Davis	if (is_array($pool_a)) {
942	791bcfd4	Bill Marquette	for ($i = 0; isset($pool_a[$i]); $i++) {
943	751533a2	Phil Davis	if ($pool_a[$i]['type'] == "server") {
944	791bcfd4	Bill Marquette	$pools[$pool_a[$i]['name']] = $pool_a[$i];
945			}
946			}
947			}
948			/* Convert sitedown entries to pools and re-attach */
949			for ($i = 0; isset($vs_a[$i]); $i++) {
950	d30afa60	jim-p	/* Set mode while we're here. */
951			$vs_a[$i]['mode'] = "redirect_mode";
952	791bcfd4	Bill Marquette	if (isset($vs_a[$i]['sitedown'])) {
953			$pool = array();
954			$pool['type'] = 'server';
955			$pool['behaviour'] = 'balance';
956			$pool['name'] = "{$vs_a[$i]['name']}-sitedown";
957	4816e5ca	Renato Botelho	$pool['descr'] = sprintf(gettext("Sitedown pool for VS: %s"), $vs_a[$i]['name']);
958	751533a2	Phil Davis	if (is_array($vs_a[$i]['pool'])) {
959	6e9b046e	jim-p	$vs_a[$i]['pool'] = $vs_a[$i]['pool'][0];
960	751533a2	Phil Davis	}
961	791bcfd4	Bill Marquette	$pool['port'] = $pools[$vs_a[$i]['pool']]['port'];
962			$pool['servers'] = array();
963			$pool['servers'][] = $vs_a[$i]['sitedown'];
964			$pool['monitor'] = $pools[$vs_a[$i]['pool']]['monitor'];
965			$pool_a[] = $pool;
966			$vs_a[$i]['sitedown'] = $pool['name'];
967			}
968			}
969			}
970	751533a2	Phil Davis	if (count($config['load_balancer']) == 0) {
971	0b5b4f32	Seth Mos	unset($config['load_balancer']);
972			}
973	a09d8bfc	jim-p	mwexec('/usr/sbin/pw groupadd -n _relayd -g 913');
974			mwexec('/usr/sbin/pw useradd -n _relayd -c "Relay Daemon" -d /var/empty -s /usr/sbin/nologin -u 913 -g 913');
975	791bcfd4	Bill Marquette	}
976
977
978			function upgrade_046_to_047() {
979			global $config;
980			/* Upgrade IPsec from tunnel to phase1/phase2 */
981
982	751533a2	Phil Davis	if (is_array($config['ipsec']['tunnel'])) {
983	791bcfd4	Bill Marquette
984			$a_phase1 = array();
985			$a_phase2 = array();
986			$ikeid = 0;
987
988			foreach ($config['ipsec']['tunnel'] as $tunnel) {
989
990			unset($ph1ent);
991			unset($ph2ent);
992
993			/*
994			* attempt to locate an enabled phase1
995			* entry that matches the peer gateway
996			*/
997
998			if (!isset($tunnel['disabled'])) {
999
1000			$remote_gateway = $tunnel['remote-gateway'];
1001
1002			foreach ($a_phase1 as $ph1tmp) {
1003			if ($ph1tmp['remote-gateway'] == $remote_gateway) {
1004			$ph1ent = $ph1tmp;
1005			break;
1006			}
1007			}
1008			}
1009
1010			/* none found, create a new one */
1011
1012	751533a2	Phil Davis	if (!isset($ph1ent)) {
1013	791bcfd4	Bill Marquette
1014			/* build new phase1 entry */
1015
1016			$ph1ent = array();
1017
1018			$ph1ent['ikeid'] = ++$ikeid;
1019
1020	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
1021	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
1022	751533a2	Phil Davis	}
1023	791bcfd4	Bill Marquette
1024	443f2e6e	smos	/* convert to the new vip[$vhid] name */
1025	751533a2	Phil Davis	if (preg_match("/^carp/", $tunnel['interface'])) {
1026	bc75a430	smos	$carpid = str_replace("carp", "", $tunnel['interface']);
1027	4aa58d46	smos	$tunnel['interface'] = "vip" . $config['virtualip']['vip'][$carpid]['vhid'];
1028	443f2e6e	smos	}
1029	791bcfd4	Bill Marquette	$ph1ent['interface'] = $tunnel['interface'];
1030			$ph1ent['remote-gateway'] = $tunnel['remote-gateway'];
1031			$ph1ent['descr'] = $tunnel['descr'];
1032
1033			$ph1ent['mode'] = $tunnel['p1']['mode'];
1034
1035	751533a2	Phil Davis	if (isset($tunnel['p1']['myident']['myaddress'])) {
1036	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "myaddress";
1037	751533a2	Phil Davis	}
1038	791bcfd4	Bill Marquette	if (isset($tunnel['p1']['myident']['address'])) {
1039			$ph1ent['myid_type'] = "address";
1040			$ph1ent['myid_data'] = $tunnel['p1']['myident']['address'];
1041			}
1042			if (isset($tunnel['p1']['myident']['fqdn'])) {
1043			$ph1ent['myid_type'] = "fqdn";
1044			$ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn'];
1045			}
1046	dfa11031	jim-p	if (isset($tunnel['p1']['myident']['ufqdn'])) {
1047	791bcfd4	Bill Marquette	$ph1ent['myid_type'] = "user_fqdn";
1048	dfa11031	jim-p	$ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn'];
1049	791bcfd4	Bill Marquette	}
1050			if (isset($tunnel['p1']['myident']['asn1dn'])) {
1051			$ph1ent['myid_type'] = "asn1dn";
1052			$ph1ent['myid_data'] = $tunnel['p1']['myident']['asn1dn'];
1053			}
1054			if (isset($tunnel['p1']['myident']['dyn_dns'])) {
1055			$ph1ent['myid_type'] = "dyn_dns";
1056			$ph1ent['myid_data'] = $tunnel['p1']['myident']['dyn_dns'];
1057			}
1058
1059			$ph1ent['peerid_type'] = "peeraddress";
1060
1061			switch ($tunnel['p1']['encryption-algorithm']) {
1062			case "des":
1063	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1064			break;
1065	791bcfd4	Bill Marquette	case "3des":
1066	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1067			break;
1068	791bcfd4	Bill Marquette	case "blowfish":
1069	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1070			break;
1071	791bcfd4	Bill Marquette	case "cast128":
1072	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1073			break;
1074	791bcfd4	Bill Marquette	case "rijndael":
1075	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1076			break;
1077	791bcfd4	Bill Marquette	case "rijndael 256":
1078	a5187d43	jim-p	case "aes 256":
1079	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1080			break;
1081	791bcfd4	Bill Marquette	}
1082
1083			$ph1ent['encryption-algorithm'] = $ph1alg;
1084			$ph1ent['hash-algorithm'] = $tunnel['p1']['hash-algorithm'];
1085			$ph1ent['dhgroup'] = $tunnel['p1']['dhgroup'];
1086			$ph1ent['lifetime'] = $tunnel['p1']['lifetime'];
1087			$ph1ent['authentication_method'] = $tunnel['p1']['authentication_method'];
1088
1089	751533a2	Phil Davis	if (isset($tunnel['p1']['pre-shared-key'])) {
1090	791bcfd4	Bill Marquette	$ph1ent['pre-shared-key'] = $tunnel['p1']['pre-shared-key'];
1091	751533a2	Phil Davis	}
1092			if (isset($tunnel['p1']['cert'])) {
1093	791bcfd4	Bill Marquette	$ph1ent['cert'] = $tunnel['p1']['cert'];
1094	751533a2	Phil Davis	}
1095			if (isset($tunnel['p1']['peercert'])) {
1096	791bcfd4	Bill Marquette	$ph1ent['peercert'] = $tunnel['p1']['peercert'];
1097	751533a2	Phil Davis	}
1098			if (isset($tunnel['p1']['private-key'])) {
1099	791bcfd4	Bill Marquette	$ph1ent['private-key'] = $tunnel['p1']['private-key'];
1100	751533a2	Phil Davis	}
1101	791bcfd4	Bill Marquette
1102			$ph1ent['nat_traversal'] = "on";
1103			$ph1ent['dpd_enable'] = 1;
1104			$ph1ent['dpd_delay'] = 10;
1105			$ph1ent['dpd_maxfail'] = 5;
1106
1107			$a_phase1[] = $ph1ent;
1108			}
1109
1110			/* build new phase2 entry */
1111
1112			$ph2ent = array();
1113
1114			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1115
1116	751533a2	Phil Davis	if (isset($tunnel['disabled'])) {
1117	791bcfd4	Bill Marquette	$ph1ent['disabled'] = $tunnel['disabled'];
1118	751533a2	Phil Davis	}
1119	791bcfd4	Bill Marquette
1120	4d511e5b	Renato Botelho	$ph2ent['descr'] = sprintf(gettext("phase2 for %s"), $tunnel['descr']);
1121	791bcfd4	Bill Marquette
1122			$type = "lan";
1123	751533a2	Phil Davis	if ($tunnel['local-subnet']['network']) {
1124	791bcfd4	Bill Marquette	$type = $tunnel['local-subnet']['network'];
1125	751533a2	Phil Davis	}
1126	791bcfd4	Bill Marquette	if ($tunnel['local-subnet']['address']) {
1127	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['local-subnet']['address']);
1128	751533a2	Phil Davis	if (is_null($netbits)) {
1129	791bcfd4	Bill Marquette	$type = "address";
1130	751533a2	Phil Davis	} else {
1131	791bcfd4	Bill Marquette	$type = "network";
1132	751533a2	Phil Davis	}
1133	791bcfd4	Bill Marquette	}
1134
1135			switch ($type) {
1136			case "address":
1137	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address);
1138	751533a2	Phil Davis	break;
1139	791bcfd4	Bill Marquette	case "network":
1140	4de8f7ba	Phil Davis	$ph2ent['localid'] = array('type' => $type, 'address' => $address, 'netbits' => $netbits);
1141	751533a2	Phil Davis	break;
1142	791bcfd4	Bill Marquette	default:
1143	751533a2	Phil Davis	$ph2ent['localid'] = array('type' => $type);
1144			break;
1145	791bcfd4	Bill Marquette	}
1146
1147	4de8f7ba	Phil Davis	list($address, $netbits) = explode("/", $tunnel['remote-subnet']);
1148			$ph2ent['remoteid'] = array('type' => 'network', 'address' => $address, 'netbits' => $netbits);
1149	791bcfd4	Bill Marquette
1150			$ph2ent['protocol'] = $tunnel['p2']['protocol'];
1151
1152			$aes_count = 0;
1153	751533a2	Phil Davis	foreach ($tunnel['p2']['encryption-algorithm-option'] as $tunalg) {
1154	791bcfd4	Bill Marquette	$aes_found = false;
1155			switch ($tunalg) {
1156			case "des":
1157	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1158			break;
1159	791bcfd4	Bill Marquette	case "3des":
1160	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1161			break;
1162	791bcfd4	Bill Marquette	case "blowfish":
1163	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1164			break;
1165	791bcfd4	Bill Marquette	case "cast128":
1166	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1167			break;
1168	791bcfd4	Bill Marquette	case "rijndael":
1169			case "rijndael 256":
1170	a5187d43	jim-p	case "aes 256":
1171	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1172			$aes_found = true;
1173			$aes_count++;
1174			break;
1175	791bcfd4	Bill Marquette	}
1176
1177	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1178	791bcfd4	Bill Marquette	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1179	751533a2	Phil Davis	}
1180	791bcfd4	Bill Marquette	}
1181
1182			$ph2ent['hash-algorithm-option'] = $tunnel['p2']['hash-algorithm-option'];
1183			$ph2ent['pfsgroup'] = $tunnel['p2']['pfsgroup'];
1184			$ph2ent['lifetime'] = $tunnel['p2']['lifetime'];
1185
1186	751533a2	Phil Davis	if (isset($tunnel['pinghost']['pinghost'])) {
1187	87e07f52	mgrooms	$ph2ent['pinghost'] = $tunnel['pinghost'];
1188	751533a2	Phil Davis	}
1189	87e07f52	mgrooms
1190	791bcfd4	Bill Marquette	$a_phase2[] = $ph2ent;
1191			}
1192
1193			unset($config['ipsec']['tunnel']);
1194			$config['ipsec']['phase1'] = $a_phase1;
1195			$config['ipsec']['phase2'] = $a_phase2;
1196			}
1197	49bb5c07	jim-p
1198			/* Upgrade Mobile IPsec */
1199	751533a2	Phil Davis	if (isset($config['ipsec']['mobileclients']) &&
1200			is_array($config['ipsec']['mobileclients']) &&
1201			is_array($config['ipsec']['mobileclients']['p1']) &&
1202			is_array($config['ipsec']['mobileclients']['p2'])) {
1203	49bb5c07	jim-p
1204			if (isset($config['ipsec']['mobileclients']['enable'])) {
1205			$config['ipsec']['client']['enable'] = true;
1206			$config['ipsec']['client']['user_source'] = 'system';
1207			$config['ipsec']['client']['group_source'] = 'system';
1208			}
1209
1210			$mobilecfg = $config['ipsec']['mobileclients'];
1211
1212			$ph1ent = array();
1213			$ph1ent['ikeid'] = ++$ikeid;
1214
1215	751533a2	Phil Davis	if (!isset($mobilecfg['enable'])) {
1216	49bb5c07	jim-p	$ph1ent['disabled'] = true;
1217	751533a2	Phil Davis	}
1218	49bb5c07	jim-p
1219			/* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */
1220			$ph1ent['interface'] = 'wan';
1221			$ph1ent['descr'] = "Mobile Clients (upgraded)";
1222			$ph1ent['mode'] = $mobilecfg['p1']['mode'];
1223
1224	751533a2	Phil Davis	if (isset($mobilecfg['p1']['myident']['myaddress'])) {
1225	49bb5c07	jim-p	$ph1ent['myid_type'] = "myaddress";
1226	751533a2	Phil Davis	}
1227	49bb5c07	jim-p	if (isset($mobilecfg['p1']['myident']['address'])) {
1228			$ph1ent['myid_type'] = "address";
1229			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address'];
1230			}
1231			if (isset($mobilecfg['p1']['myident']['fqdn'])) {
1232			$ph1ent['myid_type'] = "fqdn";
1233			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn'];
1234			}
1235			if (isset($mobilecfg['p1']['myident']['ufqdn'])) {
1236			$ph1ent['myid_type'] = "user_fqdn";
1237			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn'];
1238			}
1239			if (isset($mobilecfg['p1']['myident']['asn1dn'])) {
1240			$ph1ent['myid_type'] = "asn1dn";
1241			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn'];
1242			}
1243			if (isset($mobilecfg['p1']['myident']['dyn_dns'])) {
1244			$ph1ent['myid_type'] = "dyn_dns";
1245			$ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns'];
1246			}
1247			$ph1ent['peerid_type'] = "fqdn";
1248			$ph1ent['peerid_data'] = "";
1249
1250			switch ($mobilecfg['p1']['encryption-algorithm']) {
1251			case "des":
1252	751533a2	Phil Davis	$ph1alg = array('name' => 'des');
1253			break;
1254	49bb5c07	jim-p	case "3des":
1255	751533a2	Phil Davis	$ph1alg = array('name' => '3des');
1256			break;
1257	49bb5c07	jim-p	case "blowfish":
1258	751533a2	Phil Davis	$ph1alg = array('name' => 'blowfish', 'keylen' => '128');
1259			break;
1260	49bb5c07	jim-p	case "cast128":
1261	751533a2	Phil Davis	$ph1alg = array('name' => 'cast128');
1262			break;
1263	49bb5c07	jim-p	case "rijndael":
1264	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '128');
1265			break;
1266	49bb5c07	jim-p	case "rijndael 256":
1267	a5187d43	jim-p	case "aes 256":
1268	751533a2	Phil Davis	$ph1alg = array('name' => 'aes', 'keylen' => '256');
1269			break;
1270	49bb5c07	jim-p	}
1271
1272			$ph1ent['encryption-algorithm'] = $ph1alg;
1273			$ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm'];
1274			$ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup'];
1275			$ph1ent['lifetime'] = $mobilecfg['p1']['lifetime'];
1276			$ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method'];
1277
1278	751533a2	Phil Davis	if (isset($mobilecfg['p1']['cert'])) {
1279	49bb5c07	jim-p	$ph1ent['cert'] = $mobilecfg['p1']['cert'];
1280	751533a2	Phil Davis	}
1281			if (isset($mobilecfg['p1']['peercert'])) {
1282	49bb5c07	jim-p	$ph1ent['peercert'] = $mobilecfg['p1']['peercert'];
1283	751533a2	Phil Davis	}
1284			if (isset($mobilecfg['p1']['private-key'])) {
1285	49bb5c07	jim-p	$ph1ent['private-key'] = $mobilecfg['p1']['private-key'];
1286	751533a2	Phil Davis	}
1287	49bb5c07	jim-p
1288			$ph1ent['nat_traversal'] = "on";
1289			$ph1ent['dpd_enable'] = 1;
1290			$ph1ent['dpd_delay'] = 10;
1291			$ph1ent['dpd_maxfail'] = 5;
1292			$ph1ent['mobile'] = true;
1293
1294			$ph2ent = array();
1295			$ph2ent['ikeid'] = $ph1ent['ikeid'];
1296			$ph2ent['descr'] = "phase2 for ".$mobilecfg['descr'];
1297			$ph2ent['localid'] = array('type' => 'none');
1298			$ph2ent['remoteid'] = array('type' => 'mobile');
1299			$ph2ent['protocol'] = $mobilecfg['p2']['protocol'];
1300
1301			$aes_count = 0;
1302	751533a2	Phil Davis	foreach ($mobilecfg['p2']['encryption-algorithm-option'] as $tunalg) {
1303	49bb5c07	jim-p	$aes_found = false;
1304			switch ($tunalg) {
1305			case "des":
1306	751533a2	Phil Davis	$ph2alg = array('name' => 'des');
1307			break;
1308	49bb5c07	jim-p	case "3des":
1309	751533a2	Phil Davis	$ph2alg = array('name' => '3des');
1310			break;
1311	49bb5c07	jim-p	case "blowfish":
1312	751533a2	Phil Davis	$ph2alg = array('name' => 'blowfish', 'keylen' => 'auto');
1313			break;
1314	49bb5c07	jim-p	case "cast128":
1315	751533a2	Phil Davis	$ph2alg = array('name' => 'cast128');
1316			break;
1317	49bb5c07	jim-p	case "rijndael":
1318			case "rijndael 256":
1319	a5187d43	jim-p	case "aes 256":
1320	751533a2	Phil Davis	$ph2alg = array('name' => 'aes', 'keylen' => 'auto');
1321			$aes_found = true;
1322			$aes_count++;
1323			break;
1324	49bb5c07	jim-p	}
1325
1326	751533a2	Phil Davis	if (!$aes_found \|\| ($aes_count < 2)) {
1327	49bb5c07	jim-p	$ph2ent['encryption-algorithm-option'][] = $ph2alg;
1328	751533a2	Phil Davis	}
1329	49bb5c07	jim-p	}
1330			$ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option'];
1331			$ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup'];
1332			$ph2ent['lifetime'] = $mobilecfg['p2']['lifetime'];
1333			$ph2ent['mobile'] = true;
1334
1335			$config['ipsec']['phase1'][] = $ph1ent;
1336			$config['ipsec']['phase2'][] = $ph2ent;
1337			unset($config['ipsec']['mobileclients']);
1338			}
1339	791bcfd4	Bill Marquette	}
1340
1341
1342			function upgrade_047_to_048() {
1343			global $config;
1344	e31c90fc	Ermal	if (!empty($config['dyndns'])) {
1345			$config['dyndnses'] = array();
1346			$config['dyndnses']['dyndns'] = array();
1347	751533a2	Phil Davis	if (isset($config['dyndns'][0]['host'])) {
1348	246aceaa	smos	$tempdyn = array();
1349			$tempdyn['enable'] = isset($config['dyndns'][0]['enable']);
1350			$tempdyn['type'] = $config['dyndns'][0]['type'];
1351			$tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']);
1352	7d62c4c8	Ermal	$tempdyn['username'] = $config['dyndns'][0]['username'];
1353			$tempdyn['password'] = $config['dyndns'][0]['password'];
1354	246aceaa	smos	$tempdyn['host'] = $config['dyndns'][0]['host'];
1355	2d563280	Renato Botelho	$tempdyn['mx'] = $config['dyndns'][0]['mx'];
1356	246aceaa	smos	$tempdyn['interface'] = "wan";
1357	4d511e5b	Renato Botelho	$tempdyn['descr'] = sprintf(gettext("Upgraded Dyndns %s"), $tempdyn['type']);
1358	246aceaa	smos	$config['dyndnses']['dyndns'][] = $tempdyn;
1359			}
1360	791bcfd4	Bill Marquette	unset($config['dyndns']);
1361	2d563280	Renato Botelho	}
1362	e31c90fc	Ermal	if (!empty($config['dnsupdate'])) {
1363	2b1b78e6	jim-p	$pconfig = $config['dnsupdate'][0];
1364	751533a2	Phil Davis	if (!$pconfig['ttl']) {
1365	2b1b78e6	jim-p	$pconfig['ttl'] = 60;
1366	751533a2	Phil Davis	}
1367			if (!$pconfig['keytype']) {
1368	2b1b78e6	jim-p	$pconfig['keytype'] = "zone";
1369	751533a2	Phil Davis	}
1370	e31c90fc	Ermal	$pconfig['interface'] = "wan";
1371	791bcfd4	Bill Marquette	$config['dnsupdates']['dnsupdate'][] = $pconfig;
1372			unset($config['dnsupdate']);
1373			}
1374
1375	1f0c76cf	jim-p	if (is_array($config['pppoe']) && is_array($config['pppoe'][0])) {
1376	791bcfd4	Bill Marquette	$pconfig = array();
1377	1f0c76cf	jim-p	$pconfig['username'] = $config['pppoe'][0]['username'];
1378			$pconfig['password'] = $config['pppoe'][0]['password'];
1379			$pconfig['provider'] = $config['pppoe'][0]['provider'];
1380			$pconfig['ondemand'] = isset($config['pppoe'][0]['ondemand']);
1381			$pconfig['timeout'] = $config['pppoe'][0]['timeout'];
1382	791bcfd4	Bill Marquette	unset($config['pppoe']);
1383			$config['interfaces']['wan']['pppoe_username'] = $pconfig['username'];
1384			$config['interfaces']['wan']['pppoe_password'] = $pconfig['password'];
1385			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1386			$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1387			$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1388			}
1389			if (is_array($config['pptp'])) {
1390			$pconfig = array();
1391			$pconfig['username'] = $config['pptp']['username'];
1392			$pconfig['password'] = $config['pptp']['password'];
1393			$pconfig['provider'] = $config['pptp']['provider'];
1394			$pconfig['ondemand'] = isset($config['pptp']['ondemand']);
1395			$pconfig['timeout'] = $config['pptp']['timeout'];
1396			unset($config['pptp']);
1397			$config['interfaces']['wan']['pptp_username'] = $pconfig['username'];
1398			$config['interfaces']['wan']['pptp_password'] = $pconfig['password'];
1399			$config['interfaces']['wan']['provider'] = $pconfig['provider'];
1400	751533a2	Phil Davis	$config['interfaces']['wan']['ondemand'] = isset($pconfig['ondemand']);
1401	791bcfd4	Bill Marquette	$config['interfaces']['wan']['timeout'] = $pconfig['timeout'];
1402			}
1403			}
1404
1405
1406			function upgrade_048_to_049() {
1407			global $config;
1408			/* setup new all users group */
1409			$all = array();
1410			$all['name'] = "all";
1411	4d511e5b	Renato Botelho	$all['description'] = gettext("All Users");
1412	791bcfd4	Bill Marquette	$all['scope'] = "system";
1413			$all['gid'] = 1998;
1414			$all['member'] = array();
1415
1416	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1417	84924e76	Ermal	$config['system']['user'] = array();
1418	751533a2	Phil Davis	}
1419			if (!is_array($config['system']['group'])) {
1420	791bcfd4	Bill Marquette	$config['system']['group'] = array();
1421	751533a2	Phil Davis	}
1422	791bcfd4	Bill Marquette
1423			/* work around broken uid assignments */
1424			$config['system']['nextuid'] = 2000;
1425			foreach ($config['system']['user'] as & $user) {
1426	751533a2	Phil Davis	if (isset($user['uid']) && !$user['uid']) {
1427	791bcfd4	Bill Marquette	continue;
1428	751533a2	Phil Davis	}
1429	791bcfd4	Bill Marquette	$user['uid'] = $config['system']['nextuid']++;
1430			}
1431
1432			/* work around broken gid assignments */
1433			$config['system']['nextgid'] = 2000;
1434			foreach ($config['system']['group'] as & $group) {
1435	751533a2	Phil Davis	if ($group['name'] == $g['admin_group']) {
1436	791bcfd4	Bill Marquette	$group['gid'] = 1999;
1437	751533a2	Phil Davis	} else {
1438	791bcfd4	Bill Marquette	$group['gid'] = $config['system']['nextgid']++;
1439	751533a2	Phil Davis	}
1440	791bcfd4	Bill Marquette	}
1441
1442			/* build group membership information */
1443			foreach ($config['system']['group'] as & $group) {
1444			$group['member'] = array();
1445			foreach ($config['system']['user'] as & $user) {
1446			$groupnames = explode(",", $user['groupname']);
1447	4de8f7ba	Phil Davis	if (in_array($group['name'], $groupnames)) {
1448	791bcfd4	Bill Marquette	$group['member'][] = $user['uid'];
1449	751533a2	Phil Davis	}
1450	791bcfd4	Bill Marquette	}
1451			}
1452
1453			/* reset user group information */
1454			foreach ($config['system']['user'] as & $user) {
1455			unset($user['groupname']);
1456			$all['member'][] = $user['uid'];
1457			}
1458
1459			/* reset group scope information */
1460	751533a2	Phil Davis	foreach ($config['system']['group'] as & $group) {
1461			if ($group['name'] != $g['admin_group']) {
1462			$group['scope'] = "user";
1463			}
1464			}
1465	791bcfd4	Bill Marquette
1466			/* insert new all group */
1467			$groups = Array();
1468			$groups[] = $all;
1469	4de8f7ba	Phil Davis	$groups = array_merge($config['system']['group'], $groups);
1470	791bcfd4	Bill Marquette	$config['system']['group'] = $groups;
1471			}
1472
1473
1474			function upgrade_049_to_050() {
1475			global $config;
1476	84924e76	Ermal
1477	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
1478	84924e76	Ermal	$config['system']['user'] = array();
1479	751533a2	Phil Davis	}
1480	791bcfd4	Bill Marquette	/* update user privileges */
1481			foreach ($config['system']['user'] as & $user) {
1482			$privs = array();
1483			if (!is_array($user['priv'])) {
1484			unset($user['priv']);
1485			continue;
1486			}
1487			foreach ($user['priv'] as $priv) {
1488	751533a2	Phil Davis	switch ($priv['id']) {
1489	791bcfd4	Bill Marquette	case "hasshell":
1490	751533a2	Phil Davis	$privs[] = "user-shell-access";
1491			break;
1492	791bcfd4	Bill Marquette	case "copyfiles":
1493	751533a2	Phil Davis	$privs[] = "user-copy-files";
1494			break;
1495	791bcfd4	Bill Marquette	}
1496			}
1497			$user['priv'] = $privs;
1498			}
1499
1500			/* update group privileges */
1501			foreach ($config['system']['group'] as & $group) {
1502			$privs = array();
1503			if (!is_array($group['pages'])) {
1504			unset($group['pages']);
1505			continue;
1506			}
1507			foreach ($group['pages'] as $page) {
1508			$priv = map_page_privname($page);
1509	751533a2	Phil Davis	if ($priv) {
1510	791bcfd4	Bill Marquette	$privs[] = $priv;
1511	751533a2	Phil Davis	}
1512	791bcfd4	Bill Marquette	}
1513			unset($group['pages']);
1514			$group['priv'] = $privs;
1515			}
1516
1517			/* sync all local account information */
1518			local_sync_accounts();
1519			}
1520
1521
1522			function upgrade_050_to_051() {
1523			global $config;
1524			$pconfig = array();
1525	15864861	jim-p	$pconfig['descr'] = "Set to 0 to disable filtering on the incoming and outgoing member interfaces.";
1526	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_member";
1527			$pconfig['value'] = "1";
1528			$config['sysctl']['item'][] = $pconfig;
1529			$pconfig = array();
1530	15864861	jim-p	$pconfig['descr'] = "Set to 1 to enable filtering on the bridge interface";
1531	791bcfd4	Bill Marquette	$pconfig['tunable'] = "net.link.bridge.pfil_bridge";
1532			$pconfig['value'] = "0";
1533			$config['sysctl']['item'][] = $pconfig;
1534
1535	fa6e5ba5	Phil Davis	if (isset($config['bridge'])) {
1536			unset($config['bridge']);
1537			}
1538	791bcfd4	Bill Marquette
1539			$convert_bridges = false;
1540	751533a2	Phil Davis	foreach ($config['interfaces'] as $intf) {
1541	791bcfd4	Bill Marquette	if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1542			$config['bridges'] = array();
1543			$config['bridges']['bridged'] = array();
1544			$convert_bridges = true;
1545			break;
1546			}
1547			}
1548			if ($convert_bridges == true) {
1549			$i = 0;
1550			foreach ($config['interfaces'] as $ifr => &$intf) {
1551			if (isset($intf['bridge']) && $intf['bridge'] <> "") {
1552			$nbridge = array();
1553			$nbridge['members'] = "{$ifr},{$intf['bridge']}";
1554	4d511e5b	Renato Botelho	$nbridge['descr'] = sprintf(gettext("Converted bridged %s"), $ifr);
1555	791bcfd4	Bill Marquette	$nbridge['bridgeif'] = "bridge{$i}";
1556			$config['bridges']['bridged'][] = $nbridge;
1557			unset($intf['bridge']);
1558			$i++;
1559			}
1560			}
1561			}
1562			}
1563
1564
1565			function upgrade_051_to_052() {
1566			global $config;
1567			$config['openvpn'] = array();
1568	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1569	9ad72e5e	jim-p	$config['ca'] = array();
1570	751533a2	Phil Davis	}
1571			if (!is_array($config['cert'])) {
1572	9ad72e5e	jim-p	$config['cert'] = array();
1573	751533a2	Phil Davis	}
1574	791bcfd4	Bill Marquette
1575			$vpnid = 1;
1576
1577			/* openvpn server configurations */
1578			if (is_array($config['installedpackages']['openvpnserver'])) {
1579			$config['openvpn']['openvpn-server'] = array();
1580
1581			$index = 1;
1582	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnserver']['config'] as $server) {
1583	791bcfd4	Bill Marquette
1584	751533a2	Phil Davis	if (!is_array($server)) {
1585	791bcfd4	Bill Marquette	continue;
1586	751533a2	Phil Davis	}
1587	791bcfd4	Bill Marquette
1588			if ($server['auth_method'] == "pki") {
1589
1590			/* create ca entry */
1591			$ca = array();
1592			$ca['refid'] = uniqid();
1593	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Server CA #{$index}";
1594	791bcfd4	Bill Marquette	$ca['crt'] = $server['ca_cert'];
1595	9ad72e5e	jim-p	$config['ca'][] = $ca;
1596	791bcfd4	Bill Marquette
1597			/* create ca reference */
1598			unset($server['ca_cert']);
1599			$server['caref'] = $ca['refid'];
1600
1601	47319bfb	jim-p	/* create a crl entry if needed */
1602	ab75b4ee	jim-p	if (!empty($server['crl'][0])) {
1603	47319bfb	jim-p	$crl = array();
1604			$crl['refid'] = uniqid();
1605			$crl['descr'] = "Imported OpenVPN CRL #{$index}";
1606			$crl['caref'] = $ca['refid'];
1607	ab75b4ee	jim-p	$crl['text'] = $server['crl'][0];
1608	751533a2	Phil Davis	if (!is_array($config['crl'])) {
1609	90e64fad	Warren Baker	$config['crl'] = array();
1610	751533a2	Phil Davis	}
1611	fc3e88f1	jim-p	$config['crl'][] = $crl;
1612	47319bfb	jim-p	$server['crlref'] = $crl['refid'];
1613			}
1614			unset($server['crl']);
1615
1616	791bcfd4	Bill Marquette	/* create cert entry */
1617			$cert = array();
1618			$cert['refid'] = uniqid();
1619	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Server Certificate #{$index}";
1620	791bcfd4	Bill Marquette	$cert['crt'] = $server['server_cert'];
1621			$cert['prv'] = $server['server_key'];
1622	9ad72e5e	jim-p	$config['cert'][] = $cert;
1623	791bcfd4	Bill Marquette
1624			/* create cert reference */
1625			unset($server['server_cert']);
1626			unset($server['server_key']);
1627			$server['certref'] = $cert['refid'];
1628
1629			$index++;
1630			}
1631
1632			/* determine operational mode */
1633			if ($server['auth_method'] == 'pki') {
1634	751533a2	Phil Davis	if ($server['nopool']) {
1635	791bcfd4	Bill Marquette	$server['mode'] = "p2p_tls";
1636			} else {
1637			$server['mode'] = "server_tls";
1638			}
1639			} else {
1640			$server['mode'] = "p2p_shared_key";
1641			}
1642			unset($server['auth_method']);
1643
1644			/* modify configuration values */
1645			$server['dh_length'] = 1024;
1646			unset($server['dh_params']);
1647	751533a2	Phil Davis	if (!$server['interface']) {
1648	a15a7738	jim-p	$server['interface'] = 'any';
1649	751533a2	Phil Davis	}
1650	791bcfd4	Bill Marquette	$server['tunnel_network'] = $server['addresspool'];
1651			unset($server['addresspool']);
1652	a843870d	jim-p	if (isset($server['use_lzo']) && ($server['use_lzo'] == "on")) {
1653	8b666514	jim-p	$server['compression'] = "on";
1654	da831323	Ermal Lu?i	unset($server['use_lzo']);
1655			}
1656	751533a2	Phil Davis	if ($server['nopool']) {
1657	791bcfd4	Bill Marquette	$server['pool_enable'] = false;
1658	751533a2	Phil Davis	} else {
1659	791bcfd4	Bill Marquette	$server['pool_enable'] = "yes";
1660	751533a2	Phil Davis	}
1661	791bcfd4	Bill Marquette	unset($server['nopool']);
1662			$server['dns_domain'] = $server['dhcp_domainname'];
1663			unset($server['dhcp_domainname']);
1664	c3ae41e6	jim-p
1665			$tmparr = explode(";", $server['dhcp_dns'], 4);
1666			$d=1;
1667			foreach ($tmparr as $tmpa) {
1668			$server["dns_server{$d}"] = $tmpa;
1669			$d++;
1670			}
1671	791bcfd4	Bill Marquette	unset($server['dhcp_dns']);
1672	c3ae41e6	jim-p
1673			$tmparr = explode(";", $server['dhcp_ntp'], 2);
1674			$d=1;
1675			foreach ($tmparr as $tmpa) {
1676			$server["ntp_server{$d}"] = $tmpa;
1677			$d++;
1678			}
1679	791bcfd4	Bill Marquette	unset($server['dhcp_ntp']);
1680	c3ae41e6	jim-p
1681	751533a2	Phil Davis	if ($server['dhcp_nbtdisable']) {
1682	791bcfd4	Bill Marquette	$server['netbios_enable'] = false;
1683	751533a2	Phil Davis	} else {
1684	791bcfd4	Bill Marquette	$server['netbios_enable'] = "yes";
1685	751533a2	Phil Davis	}
1686	791bcfd4	Bill Marquette	unset($server['dhcp_nbtdisable']);
1687			$server['netbios_ntype'] = $server['dhcp_nbttype'];
1688			unset($server['dhcp_nbttype']);
1689			$server['netbios_scope'] = $server['dhcp_nbtscope'];
1690			unset($server['dhcp_nbtscope']);
1691	c3ae41e6	jim-p
1692			$tmparr = explode(";", $server['dhcp_nbdd'], 2);
1693			$d=1;
1694			foreach ($tmparr as $tmpa) {
1695			$server["nbdd_server{$d}"] = $tmpa;
1696			$d++;
1697			}
1698	791bcfd4	Bill Marquette	unset($server['dhcp_nbdd']);
1699	c3ae41e6	jim-p
1700			$tmparr = explode(";", $server['dhcp_wins'], 2);
1701			$d=1;
1702			foreach ($tmparr as $tmpa) {
1703			$server["wins_server{$d}"] = $tmpa;
1704			$d++;
1705			}
1706	791bcfd4	Bill Marquette	unset($server['dhcp_wins']);
1707
1708	751533a2	Phil Davis	if (!empty($server['disable'])) {
1709	763a1b52	jim-p	$server['disable'] = true;
1710	751533a2	Phil Davis	} else {
1711	763a1b52	jim-p	unset($server['disable']);
1712	751533a2	Phil Davis	}
1713	763a1b52	jim-p
1714	791bcfd4	Bill Marquette	/* allocate vpnid */
1715			$server['vpnid'] = $vpnid++;
1716
1717	4f1ebacb	Ermal	if (!empty($server['custom_options'])) {
1718			$cstmopts = array();
1719			$tmpcstmopts = explode(";", $server['custom_options']);
1720	48e24ada	jim-p	$assigned_if = "";
1721	4f1ebacb	Ermal	$tmpstr = "";
1722			foreach ($tmpcstmopts as $tmpcstmopt) {
1723			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1724	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1725	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1726	4f1ebacb	Ermal	continue;
1727	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1728	9bc27ae5	jim-p	$localip = substr($tmpstr, 5);
1729	8fd0badd	Ermal	$server['ipaddr'] = str_replace("\n", "", $localip);
1730	751533a2	Phil Davis	} else {
1731	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1732	751533a2	Phil Davis	}
1733	4f1ebacb	Ermal	}
1734			$server['custom_options'] = implode(";", $cstmopts);
1735	48e24ada	jim-p	if (!empty($assigned_if)) {
1736	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1737	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1738	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}";
1739			break;
1740			}
1741			}
1742			}
1743			}
1744
1745	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-server'][] = $server;
1746			}
1747			unset($config['installedpackages']['openvpnserver']);
1748			}
1749
1750			/* openvpn client configurations */
1751			if (is_array($config['installedpackages']['openvpnclient'])) {
1752			$config['openvpn']['openvpn-client'] = array();
1753
1754			$index = 1;
1755	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpnclient']['config'] as $client) {
1756	791bcfd4	Bill Marquette
1757	751533a2	Phil Davis	if (!is_array($client)) {
1758	791bcfd4	Bill Marquette	continue;
1759	751533a2	Phil Davis	}
1760	791bcfd4	Bill Marquette
1761			if ($client['auth_method'] == "pki") {
1762
1763			/* create ca entry */
1764			$ca = array();
1765			$ca['refid'] = uniqid();
1766	f2a86ca9	jim-p	$ca['descr'] = "OpenVPN Client CA #{$index}";
1767	791bcfd4	Bill Marquette	$ca['crt'] = $client['ca_cert'];
1768			$ca['crl'] = $client['crl'];
1769	9ad72e5e	jim-p	$config['ca'][] = $ca;
1770	791bcfd4	Bill Marquette
1771			/* create ca reference */
1772			unset($client['ca_cert']);
1773			unset($client['crl']);
1774			$client['caref'] = $ca['refid'];
1775
1776			/* create cert entry */
1777			$cert = array();
1778			$cert['refid'] = uniqid();
1779	f2a86ca9	jim-p	$cert['descr'] = "OpenVPN Client Certificate #{$index}";
1780	791bcfd4	Bill Marquette	$cert['crt'] = $client['client_cert'];
1781			$cert['prv'] = $client['client_key'];
1782	9ad72e5e	jim-p	$config['cert'][] = $cert;
1783	791bcfd4	Bill Marquette
1784			/* create cert reference */
1785			unset($client['client_cert']);
1786			unset($client['client_key']);
1787			$client['certref'] = $cert['refid'];
1788
1789			$index++;
1790			}
1791
1792			/* determine operational mode */
1793	751533a2	Phil Davis	if ($client['auth_method'] == 'pki') {
1794	791bcfd4	Bill Marquette	$client['mode'] = "p2p_tls";
1795	751533a2	Phil Davis	} else {
1796	791bcfd4	Bill Marquette	$client['mode'] = "p2p_shared_key";
1797	751533a2	Phil Davis	}
1798	791bcfd4	Bill Marquette	unset($client['auth_method']);
1799
1800			/* modify configuration values */
1801	751533a2	Phil Davis	if (!$client['interface']) {
1802	791bcfd4	Bill Marquette	$client['interface'] = 'wan';
1803	751533a2	Phil Davis	}
1804	791bcfd4	Bill Marquette	$client['tunnel_network'] = $client['interface_ip'];
1805			unset($client['interface_ip']);
1806			$client['server_addr'] = $client['serveraddr'];
1807			unset($client['serveraddr']);
1808			$client['server_port'] = $client['serverport'];
1809			unset($client['serverport']);
1810			$client['proxy_addr'] = $client['poxy_hostname'];
1811			unset($client['proxy_addr']);
1812	a843870d	jim-p	if (isset($client['use_lzo']) && ($client['use_lzo'] == "on")) {
1813	8b666514	jim-p	$client['compression'] = "on";
1814	da831323	Ermal Lu?i	unset($client['use_lzo']);
1815			}
1816	791bcfd4	Bill Marquette	$client['resolve_retry'] = $client['infiniteresolvretry'];
1817			unset($client['infiniteresolvretry']);
1818
1819			/* allocate vpnid */
1820			$client['vpnid'] = $vpnid++;
1821
1822	4f1ebacb	Ermal	if (!empty($client['custom_options'])) {
1823			$cstmopts = array();
1824			$tmpcstmopts = explode(";", $client['custom_options']);
1825	48e24ada	jim-p	$assigned_if = "";
1826	4f1ebacb	Ermal	$tmpstr = "";
1827			foreach ($tmpcstmopts as $tmpcstmopt) {
1828			$tmpstr = str_replace(" ", "", $tmpcstmopt);
1829	4de8f7ba	Phil Davis	if (substr($tmpstr, 0, 6) == "devtun") {
1830	48e24ada	jim-p	$assigned_if = substr($tmpstr, 3);
1831	4f1ebacb	Ermal	continue;
1832	8fd0badd	Ermal	} else if (substr($tmpstr, 0, 5) == "local") {
1833	2d563280	Renato Botelho	$localip = substr($tmpstr, 5);
1834			$client['ipaddr'] = str_replace("\n", "", $localip);
1835	751533a2	Phil Davis	} else {
1836	4f1ebacb	Ermal	$cstmopts[] = $tmpcstmopt;
1837	751533a2	Phil Davis	}
1838	4f1ebacb	Ermal	}
1839			$client['custom_options'] = implode(";", $cstmopts);
1840	48e24ada	jim-p	if (!empty($assigned_if)) {
1841	4f1ebacb	Ermal	foreach ($config['interfaces'] as $iface => $cfgif) {
1842	48e24ada	jim-p	if ($cfgif['if'] == $assigned_if) {
1843	4f1ebacb	Ermal	$config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}";
1844			break;
1845			}
1846			}
1847			}
1848			}
1849
1850	751533a2	Phil Davis	if (!empty($client['disable'])) {
1851	763a1b52	jim-p	$client['disable'] = true;
1852	751533a2	Phil Davis	} else {
1853	763a1b52	jim-p	unset($client['disable']);
1854	751533a2	Phil Davis	}
1855	763a1b52	jim-p
1856	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-client'][] = $client;
1857			}
1858
1859			unset($config['installedpackages']['openvpnclient']);
1860			}
1861
1862			/* openvpn client specific configurations */
1863			if (is_array($config['installedpackages']['openvpncsc'])) {
1864			$config['openvpn']['openvpn-csc'] = array();
1865
1866	751533a2	Phil Davis	foreach ($config['installedpackages']['openvpncsc']['config'] as $csc) {
1867	791bcfd4	Bill Marquette
1868	751533a2	Phil Davis	if (!is_array($csc)) {
1869	791bcfd4	Bill Marquette	continue;
1870	751533a2	Phil Davis	}
1871	791bcfd4	Bill Marquette
1872			/* modify configuration values */
1873			$csc['common_name'] = $csc['commonname'];
1874			unset($csc['commonname']);
1875			$csc['tunnel_network'] = $csc['ifconfig_push'];
1876			unset($csc['ifconfig_push']);
1877			$csc['dns_domain'] = $csc['dhcp_domainname'];
1878			unset($csc['dhcp_domainname']);
1879	c3ae41e6	jim-p
1880			$tmparr = explode(";", $csc['dhcp_dns'], 4);
1881			$d=1;
1882			foreach ($tmparr as $tmpa) {
1883			$csc["dns_server{$d}"] = $tmpa;
1884			$d++;
1885			}
1886	791bcfd4	Bill Marquette	unset($csc['dhcp_dns']);
1887	c3ae41e6	jim-p
1888			$tmparr = explode(";", $csc['dhcp_ntp'], 2);
1889			$d=1;
1890			foreach ($tmparr as $tmpa) {
1891			$csc["ntp_server{$d}"] = $tmpa;
1892			$d++;
1893			}
1894	791bcfd4	Bill Marquette	unset($csc['dhcp_ntp']);
1895	c3ae41e6	jim-p
1896	751533a2	Phil Davis	if ($csc['dhcp_nbtdisable']) {
1897	791bcfd4	Bill Marquette	$csc['netbios_enable'] = false;
1898	751533a2	Phil Davis	} else {
1899	791bcfd4	Bill Marquette	$csc['netbios_enable'] = "yes";
1900	751533a2	Phil Davis	}
1901	791bcfd4	Bill Marquette	unset($csc['dhcp_nbtdisable']);
1902			$csc['netbios_ntype'] = $csc['dhcp_nbttype'];
1903			unset($csc['dhcp_nbttype']);
1904			$csc['netbios_scope'] = $csc['dhcp_nbtscope'];
1905			unset($csc['dhcp_nbtscope']);
1906	c3ae41e6	jim-p
1907			$tmparr = explode(";", $csc['dhcp_nbdd'], 2);
1908			$d=1;
1909			foreach ($tmparr as $tmpa) {
1910			$csc["nbdd_server{$d}"] = $tmpa;
1911			$d++;
1912			}
1913	791bcfd4	Bill Marquette	unset($csc['dhcp_nbdd']);
1914	c3ae41e6	jim-p
1915			$tmparr = explode(";", $csc['dhcp_wins'], 2);
1916			$d=1;
1917			foreach ($tmparr as $tmpa) {
1918			$csc["wins_server{$d}"] = $tmpa;
1919			$d++;
1920			}
1921	791bcfd4	Bill Marquette	unset($csc['dhcp_wins']);
1922
1923	751533a2	Phil Davis	if (!empty($csc['disable'])) {
1924	1e68a58b	jim-p	$csc['disable'] = true;
1925	751533a2	Phil Davis	} else {
1926	1e68a58b	jim-p	unset($csc['disable']);
1927	751533a2	Phil Davis	}
1928	1e68a58b	jim-p
1929	791bcfd4	Bill Marquette	$config['openvpn']['openvpn-csc'][] = $csc;
1930			}
1931
1932			unset($config['installedpackages']['openvpncsc']);
1933			}
1934
1935	c73bd8f0	Ermal Lu?i	if (count($config['openvpn']['openvpn-server']) > 0 \|\|
1936	751533a2	Phil Davis	count($config['openvpn']['openvpn-client']) > 0) {
1937	c73bd8f0	Ermal Lu?i	$ovpnrule = array();
1938	2d563280	Renato Botelho	$ovpnrule['type'] = "pass";
1939			$ovpnrule['interface'] = "openvpn";
1940			$ovpnrule['statetype'] = "keep state";
1941			$ovpnrule['source'] = array();
1942			$ovpnrule['destination'] = array();
1943			$ovpnrule['source']['any'] = true;
1944			$ovpnrule['destination']['any'] = true;
1945			$ovpnrule['descr'] = gettext("Auto added OpenVPN rule from config upgrade.");
1946	c73bd8f0	Ermal Lu?i	$config['filter']['rule'][] = $ovpnrule;
1947			}
1948
1949	791bcfd4	Bill Marquette	/*
1950			* FIXME: hack to keep things working with no installedpackages
1951			* or carp array in the configuration data.
1952			*/
1953	751533a2	Phil Davis	if (!is_array($config['installedpackages'])) {
1954	791bcfd4	Bill Marquette	$config['installedpackages'] = array();
1955	751533a2	Phil Davis	}
1956			if (!is_array($config['installedpackages']['carp'])) {
1957	791bcfd4	Bill Marquette	$config['installedpackages']['carp'] = array();
1958	751533a2	Phil Davis	}
1959	791bcfd4	Bill Marquette
1960			}
1961
1962
1963			function upgrade_052_to_053() {
1964			global $config;
1965	751533a2	Phil Davis	if (!is_array($config['ca'])) {
1966	9ad72e5e	jim-p	$config['ca'] = array();
1967	751533a2	Phil Davis	}
1968			if (!is_array($config['cert'])) {
1969	9ad72e5e	jim-p	$config['cert'] = array();
1970	751533a2	Phil Davis	}
1971	791bcfd4	Bill Marquette
1972	f416763b	Phil Davis	/* migrate advanced admin page webui ssl to certificate manager */
1973	791bcfd4	Bill Marquette	if ($config['system']['webgui']['certificate'] &&
1974	751533a2	Phil Davis	$config['system']['webgui']['private-key']) {
1975	791bcfd4	Bill Marquette
1976			/* create cert entry */
1977			$cert = array();
1978			$cert['refid'] = uniqid();
1979	f2a86ca9	jim-p	$cert['descr'] = "webConfigurator SSL Certificate";
1980	791bcfd4	Bill Marquette	$cert['crt'] = $config['system']['webgui']['certificate'];
1981			$cert['prv'] = $config['system']['webgui']['private-key'];
1982	9ad72e5e	jim-p	$config['cert'][] = $cert;
1983	791bcfd4	Bill Marquette
1984			/* create cert reference */
1985			unset($config['system']['webgui']['certificate']);
1986			unset($config['system']['webgui']['private-key']);
1987			$config['system']['webgui']['ssl-certref'] = $cert['refid'];
1988			}
1989
1990			/* migrate advanced admin page ssh keys to user manager */
1991			if ($config['system']['ssh']['authorizedkeys']) {
1992			$admin_user =& getUserEntryByUID(0);
1993			$admin_user['authorizedkeys'] = $config['system']['ssh']['authorizedkeys'];
1994			unset($config['system']['ssh']['authorizedkeys']);
1995			}
1996			}
1997
1998
1999			function upgrade_053_to_054() {
2000			global $config;
2001	751533a2	Phil Davis	if (is_array($config['load_balancer']['lbpool'])) {
2002	38b5beaf	sullrich	$lbpool_arr = $config['load_balancer']['lbpool'];
2003	791bcfd4	Bill Marquette	$lbpool_srv_arr = array();
2004			$gateway_group_arr = array();
2005	816a5aff	Seth Mos	$gateways = return_gateways_array();
2006	ce107ca5	jim-p	$group_name_changes = array();
2007	4de8f7ba	Phil Davis	if (!is_array($config['gateways']['gateway_item'])) {
2008	bf02c784	Ermal	$config['gateways']['gateway_item'] = array();
2009	751533a2	Phil Davis	}
2010	d827f9cc	smos
2011	bf02c784	Ermal	$a_gateways =& $config['gateways']['gateway_item'];
2012	751533a2	Phil Davis	foreach ($lbpool_arr as $lbpool) {
2013			if ($lbpool['type'] == "gateway") {
2014	ce107ca5	jim-p	// Gateway Groups have to have valid names in pf, old lb pools did not. Clean them up.
2015	751533a2	Phil Davis	$group_name = preg_replace("/[^A-Za-z0-9]/", "", $lbpool['name']);
2016	ce107ca5	jim-p	// If we made and changes, check for collisions and note the change.
2017			if ($group_name != $lbpool['name']) {
2018			// Make sure the name isn't already in use.
2019			foreach ($gateway_group_arr as $gwg) {
2020			// If the name is in use, add some random bits to avoid collision.
2021	751533a2	Phil Davis	if ($gwg['name'] == $group_name) {
2022	ce107ca5	jim-p	$group_name .= uniqid();
2023	751533a2	Phil Davis	}
2024	ce107ca5	jim-p	}
2025			$group_name_changes[$lbpool['name']] = $group_name;
2026			}
2027			$gateway_group['name'] = $group_name;
2028	e988813d	jim-p	$gateway_group['descr'] = $lbpool['descr'];
2029	791bcfd4	Bill Marquette	$gateway_group['trigger'] = "down";
2030			$gateway_group['item'] = array();
2031	cb945ced	sullrich	$i = 0;
2032	751533a2	Phil Davis	foreach ($lbpool['servers'] as $member) {
2033	2ce660ad	smos	$split = explode("\|", $member);
2034	791bcfd4	Bill Marquette	$interface = $split[0];
2035	d9d4c637	Seth Mos	$monitor = $split[1];
2036	2328dcc5	Seth Mos	/* on static upgraded configuration we automatically prepend GW_ */
2037			$static_name = "GW_" . strtoupper($interface);
2038	751533a2	Phil Davis	if (is_ipaddr($monitor)) {
2039			foreach ($a_gateways as & $gw) {
2040			if ($gw['name'] == $static_name) {
2041	d2b20ab6	jim-p	$gw['monitor'] = $monitor;
2042	751533a2	Phil Davis	}
2043			}
2044			}
2045	d2b20ab6	jim-p
2046	6ee1b7eb	Seth Mos	/* on failover increment tier. Else always assign 1 */
2047	751533a2	Phil Davis	if ($lbpool['behaviour'] == "failover") {
2048	6ee1b7eb	Seth Mos	$i++;
2049			} else {
2050			$i = 1;
2051			}
2052	685a26fc	smos	$gateway_group['item'][] = "$static_name\|$i";
2053	791bcfd4	Bill Marquette	}
2054			$gateway_group_arr[] = $gateway_group;
2055			} else {
2056			$lbpool_srv_arr[] = $lbpool;
2057			}
2058			}
2059	38b5beaf	sullrich	$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2060	791bcfd4	Bill Marquette	$config['gateways']['gateway_group'] = $gateway_group_arr;
2061			}
2062			// Unset lbpool if we no longer have any server pools
2063			if (count($lbpool_srv_arr) == 0) {
2064	751533a2	Phil Davis	if (empty($config['load_balancer'])) {
2065	0b5b4f32	Seth Mos	unset($config['load_balancer']);
2066	92a2ceae	Seth Mos	} else {
2067	fa6e5ba5	Phil Davis	if (isset($config['load_balancer']['lbpool'])) {
2068			unset($config['load_balancer']['lbpool']);
2069			}
2070	0b5b4f32	Seth Mos	}
2071	791bcfd4	Bill Marquette	} else {
2072			$config['load_balancer']['lbpool'] = $lbpool_srv_arr;
2073			}
2074			// Only set the gateway group array if we converted any
2075			if (count($gateway_group_arr) != 0) {
2076			$config['gateways']['gateway_group'] = $gateway_group_arr;
2077	ce107ca5	jim-p	// Update any rules that had a gateway change, if any.
2078	751533a2	Phil Davis	if (count($group_name_changes) > 0) {
2079			foreach ($config['filter']['rule'] as & $rule) {
2080			if (!empty($rule["gateway"]) && array_key_exists($rule["gateway"], $group_name_changes)) {
2081	ce107ca5	jim-p	$rule["gateway"] = $group_name_changes[$rule["gateway"]];
2082	751533a2	Phil Davis	}
2083			}
2084			}
2085	791bcfd4	Bill Marquette	}
2086			}
2087
2088
2089			function upgrade_054_to_055() {
2090			global $config;
2091	54f8bad0	Seth Mos	global $g;
2092
2093	791bcfd4	Bill Marquette	/* RRD files changed for quality, traffic and packets graphs */
2094	59cfe65d	Ermal	//ini_set("max_execution_time", "1800");
2095	791bcfd4	Bill Marquette	/* convert traffic RRD file */
2096			global $parsedcfg, $listtags;
2097			$listtags = array("ds", "v", "rra", "row");
2098
2099			$rrddbpath = "/var/db/rrd/";
2100			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2101	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
2102	e34cf1f6	smos	/* restore the databases, if we have one */
2103	8bdb6879	Darren Embry	if (restore_rrd()) {
2104	e34cf1f6	smos	/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
2105	8560c756	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
2106	e34cf1f6	smos	}
2107			}
2108	791bcfd4	Bill Marquette
2109			$rrdinterval = 60;
2110			$valid = $rrdinterval * 2;
2111
2112			/* Asume GigE for now */
2113			$downstream = 125000000;
2114			$upstream = 125000000;
2115
2116			/* build a list of quality databases */
2117			/* roundtrip has become delay */
2118			function divide_delay($delayval) {
2119			$delayval = floatval($delayval);
2120			$delayval = ($delayval / 1000);
2121			$delayval = " ". sprintf("%1.10e", $delayval) ." ";
2122			return $delayval;
2123			}
2124			/* the roundtrip times need to be divided by 1000 to get seconds, really */
2125			$databases = array();
2126	751533a2	Phil Davis	if (!file_exists($rrddbpath)) {
2127	af0b07d3	jim-p	@mkdir($rrddbpath);
2128	751533a2	Phil Davis	}
2129	4cb9abc3	jim-p	chdir($rrddbpath);
2130			$databases = glob("*-quality.rrd");
2131	791bcfd4	Bill Marquette	rsort($databases);
2132	751533a2	Phil Davis	foreach ($databases as $database) {
2133	791bcfd4	Bill Marquette	$xmldump = "{$database}.old.xml";
2134			$xmldumpnew = "{$database}.new.xml";
2135
2136	751533a2	Phil Davis	if (platform_booting()) {
2137	9bc8b6b6	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6 \n";
2138	751533a2	Phil Davis	}
2139	791bcfd4	Bill Marquette	mwexec("$rrdtool tune {$rrddbpath}{$database} -r roundtrip:delay 2>&1");
2140
2141			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2142	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2143	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2144
2145			$i = 0;
2146	751533a2	Phil Davis	foreach ($rrdold['rra'] as $rra) {
2147	791bcfd4	Bill Marquette	$l = 0;
2148	751533a2	Phil Davis	foreach ($rra['database']['row'] as $row) {
2149	791bcfd4	Bill Marquette	$vnew = divide_delay($row['v'][1]);
2150			$rrdold['rra'][$i]['database']['row'][$l]['v'][1] = $vnew;
2151			$l++;
2152			}
2153			$i++;
2154			}
2155
2156	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw($rrdold, "rrd"));
2157	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2158
2159	1005d4bf	Seth Mos	unset($rrdold);
2160	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2161			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2162	791bcfd4	Bill Marquette	}
2163
2164			/* build a list of traffic and packets databases */
2165	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2166	791bcfd4	Bill Marquette	rsort($databases);
2167	751533a2	Phil Davis	foreach ($databases as $database) {
2168	791bcfd4	Bill Marquette	$databasetmp = "{$database}.tmp";
2169			$xmldump = "{$database}.old.xml";
2170			$xmldumptmp = "{$database}.tmp.xml";
2171			$xmldumpnew = "{$database}.new.xml";
2172
2173	751533a2	Phil Davis	if (platform_booting()) {
2174	34834e7e	jim-p	echo "Migrate RRD database {$database} to new format \n";
2175	751533a2	Phil Davis	}
2176	791bcfd4	Bill Marquette	/* rename DS source */
2177			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r in:inpass 2>&1");
2178			mwexec("$rrdtool tune {$rrddbpath}/{$database} -r out:outpass 2>71");
2179
2180			/* dump contents to xml and move database out of the way */
2181			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2182
2183			/* create new rrd database file */
2184			$rrdcreate = "$rrdtool create {$g['tmp_path']}/{$databasetmp} --step $rrdinterval ";
2185			$rrdcreate .= "DS:inpass:COUNTER:$valid:0:$downstream ";
2186			$rrdcreate .= "DS:outpass:COUNTER:$valid:0:$upstream ";
2187			$rrdcreate .= "DS:inblock:COUNTER:$valid:0:$downstream ";
2188			$rrdcreate .= "DS:outblock:COUNTER:$valid:0:$upstream ";
2189			$rrdcreate .= "RRA:AVERAGE:0.5:1:1000 ";
2190			$rrdcreate .= "RRA:AVERAGE:0.5:5:1000 ";
2191			$rrdcreate .= "RRA:AVERAGE:0.5:60:1000 ";
2192	eb346e0b	Seth Mos	$rrdcreate .= "RRA:AVERAGE:0.5:720:1000 ";
2193	791bcfd4	Bill Marquette
2194			create_new_rrd("$rrdcreate");
2195			/* create temporary xml from new RRD */
2196			dump_rrd_to_xml("{$g['tmp_path']}/{$databasetmp}", "{$g['tmp_path']}/{$xmldumptmp}");
2197
2198	1005d4bf	Seth Mos	$rrdold = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldump}"), 1, "tag");
2199	791bcfd4	Bill Marquette	$rrdold = $rrdold['rrd'];
2200
2201	1005d4bf	Seth Mos	$rrdnew = xml2array(file_get_contents("{$g['tmp_path']}/{$xmldumptmp}"), 1, "tag");
2202	791bcfd4	Bill Marquette	$rrdnew = $rrdnew['rrd'];
2203
2204			/* remove any MAX RRA's. Not needed for traffic. */
2205			$i = 0;
2206			foreach ($rrdold['rra'] as $rra) {
2207	751533a2	Phil Davis	if (trim($rra['cf']) == "MAX") {
2208	791bcfd4	Bill Marquette	unset($rrdold['rra'][$i]);
2209			}
2210			$i++;
2211			}
2212
2213	56ee96ed	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", dump_xml_config_raw(migrate_rrd_format($rrdold, $rrdnew), "rrd"));
2214	791bcfd4	Bill Marquette	mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2215	eb346e0b	Seth Mos	/* we now have the rrd with the new fields, adjust the size now. */
2216			/* RRA 2 is 60 minutes, RRA 3 is 720 minutes */
2217			mwexec("/bin/sync");
2218	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 2 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2219	eb346e0b	Seth Mos	mwexec("/bin/sync");
2220	12a2f395	Seth Mos	mwexec("$rrdtool resize {$rrddbpath}/{$database} 3 GROW 2000;/bin/mv resize.rrd {$rrddbpath}/{$database} 2>&1");
2221	1005d4bf	Seth Mos	unset($rrdxmlarray);
2222	7ceff68a	Ermal LUÇI	@unlink("{$g['tmp_path']}/{$xmldump}");
2223			@unlink("{$g['tmp_path']}/{$xmldumpnew}");
2224	791bcfd4	Bill Marquette	}
2225	751533a2	Phil Davis	if (!platform_booting()) {
2226	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2227	751533a2	Phil Davis	}
2228	e34cf1f6	smos	/* Let's save the RRD graphs after we run enable RRD graphing */
2229			/* The function will restore the rrd.tgz so we will save it after */
2230	8bdb6879	Darren Embry	exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2231	e7f65689	Renato Botelho	unlink_if_exists("{$g['vardb_path']}/rrd/*.xml");
2232	751533a2	Phil Davis	if (platform_booting()) {
2233	34834e7e	jim-p	echo "Updating configuration...";
2234	751533a2	Phil Davis	}
2235	791bcfd4	Bill Marquette	}
2236
2237
2238			function upgrade_055_to_056() {
2239			global $config;
2240
2241	751533a2	Phil Davis	if (!is_array($config['ca'])) {
2242	9ad72e5e	jim-p	$config['ca'] = array();
2243	751533a2	Phil Davis	}
2244			if (!is_array($config['cert'])) {
2245	9ad72e5e	jim-p	$config['cert'] = array();
2246	751533a2	Phil Davis	}
2247	791bcfd4	Bill Marquette
2248			/* migrate ipsec ca's to cert manager */
2249			if (is_array($config['ipsec']['cacert'])) {
2250	751533a2	Phil Davis	foreach ($config['ipsec']['cacert'] as & $cacert) {
2251	791bcfd4	Bill Marquette	$ca = array();
2252			$ca['refid'] = uniqid();
2253	751533a2	Phil Davis	if (is_array($cacert['cert'])) {
2254	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'][0];
2255	751533a2	Phil Davis	} else {
2256	791bcfd4	Bill Marquette	$ca['crt'] = $cacert['cert'];
2257	751533a2	Phil Davis	}
2258	f2a86ca9	jim-p	$ca['descr'] = $cacert['ident'];
2259	9ad72e5e	jim-p	$config['ca'][] = $ca;
2260	791bcfd4	Bill Marquette	}
2261			unset($config['ipsec']['cacert']);
2262			}
2263
2264			/* migrate phase1 certificates to cert manager */
2265			if (is_array($config['ipsec']['phase1'])) {
2266	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as & $ph1ent) {
2267	791bcfd4	Bill Marquette	$cert = array();
2268			$cert['refid'] = uniqid();
2269	f2a86ca9	jim-p	$cert['descr'] = "IPsec Peer {$ph1ent['remote-gateway']} Certificate";
2270	751533a2	Phil Davis	if (is_array($ph1ent['cert'])) {
2271	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'][0];
2272	751533a2	Phil Davis	} else {
2273	791bcfd4	Bill Marquette	$cert['crt'] = $ph1ent['cert'];
2274	751533a2	Phil Davis	}
2275	791bcfd4	Bill Marquette	$cert['prv'] = $ph1ent['private-key'];
2276	9ad72e5e	jim-p	$config['cert'][] = $cert;
2277	791bcfd4	Bill Marquette	$ph1ent['certref'] = $cert['refid'];
2278	751533a2	Phil Davis	if ($ph1ent['cert']) {
2279	791bcfd4	Bill Marquette	unset($ph1ent['cert']);
2280	751533a2	Phil Davis	}
2281			if ($ph1ent['private-key']) {
2282	791bcfd4	Bill Marquette	unset($ph1ent['private-key']);
2283	751533a2	Phil Davis	}
2284			if ($ph1ent['peercert']) {
2285	791bcfd4	Bill Marquette	unset($ph1ent['peercert']);
2286	751533a2	Phil Davis	}
2287	791bcfd4	Bill Marquette	}
2288			}
2289			}
2290
2291
2292			function upgrade_056_to_057() {
2293			global $config;
2294	84924e76	Ermal
2295	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2296	4830e56a	Erik Fonnesbeck	$config['system']['user'] = array();
2297	751533a2	Phil Davis	}
2298	791bcfd4	Bill Marquette	/* migrate captivate portal to user manager */
2299			if (is_array($config['captiveportal']['user'])) {
2300	751533a2	Phil Davis	foreach ($config['captiveportal']['user'] as $user) {
2301	791bcfd4	Bill Marquette	// avoid user conflicts
2302	4830e56a	Erik Fonnesbeck	$found = false;
2303			foreach ($config['system']['user'] as $userent) {
2304			if ($userent['name'] == $user['name']) {
2305			$found = true;
2306			break;
2307			}
2308			}
2309	751533a2	Phil Davis	if ($found) {
2310	791bcfd4	Bill Marquette	continue;
2311	751533a2	Phil Davis	}
2312	791bcfd4	Bill Marquette	$user['scope'] = "user";
2313			if (isset($user['expirationdate'])) {
2314			$user['expires'] = $user['expirationdate'];
2315			unset($user['expirationdate']);
2316			}
2317			if (isset($user['password'])) {
2318			$user['md5-hash'] = $user['password'];
2319			unset($user['password']);
2320			}
2321	4830e56a	Erik Fonnesbeck	$user['uid'] = $config['system']['nextuid']++;
2322	791bcfd4	Bill Marquette	$config['system']['user'][] = $user;
2323			}
2324			unset($config['captiveportal']['user']);
2325			}
2326			}
2327	4b96b367	mgrooms
2328			function upgrade_057_to_058() {
2329			global $config;
2330			/* set all phase2 entries to tunnel mode */
2331	751533a2	Phil Davis	if (is_array($config['ipsec']['phase2'])) {
2332			foreach ($config['ipsec']['phase2'] as & $ph2ent) {
2333	4b96b367	mgrooms	$ph2ent['mode'] = 'tunnel';
2334	751533a2	Phil Davis	}
2335			}
2336	4b96b367	mgrooms	}
2337	60120e37	Ermal Lu?i
2338			function upgrade_058_to_059() {
2339			global $config;
2340
2341			if (is_array($config['schedules']['schedule'])) {
2342	751533a2	Phil Davis	foreach ($config['schedules']['schedule'] as & $schedl) {
2343	60120e37	Ermal Lu?i	$schedl['schedlabel'] = uniqid();
2344	751533a2	Phil Davis	}
2345	60120e37	Ermal Lu?i	}
2346			}
2347	2523c923	Seth Mos
2348			function upgrade_059_to_060() {
2349	fcf5afa0	Seth Mos	global $config;
2350	a0588fad	Scott Ullrich	require_once("/etc/inc/certs.inc");
2351	9ad72e5e	jim-p	if (is_array($config['ca'])) {
2352	2cf6ddcb	Nigel Graham	/* Locate issuer for all CAs */
2353	9ad72e5e	jim-p	foreach ($config['ca'] as & $ca) {
2354	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($ca['crt']);
2355			$issuer = cert_get_issuer($ca['crt']);
2356	751533a2	Phil Davis	if ($issuer <> $subject) {
2357	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2358	751533a2	Phil Davis	if ($issuer_crt) {
2359	2cf6ddcb	Nigel Graham	$ca['caref'] = $issuer_crt['refid'];
2360	751533a2	Phil Davis	}
2361	2cf6ddcb	Nigel Graham	}
2362			}
2363	2d563280	Renato Botelho
2364	2cf6ddcb	Nigel Graham	/* Locate issuer for all certificates */
2365	9ad72e5e	jim-p	if (is_array($config['cert'])) {
2366			foreach ($config['cert'] as & $cert) {
2367	2cf6ddcb	Nigel Graham	$subject = cert_get_subject($cert['crt']);
2368			$issuer = cert_get_issuer($cert['crt']);
2369	751533a2	Phil Davis	if ($issuer <> $subject) {
2370	2cf6ddcb	Nigel Graham	$issuer_crt =& lookup_ca_by_subject($issuer);
2371	751533a2	Phil Davis	if ($issuer_crt) {
2372	2cf6ddcb	Nigel Graham	$cert['caref'] = $issuer_crt['refid'];
2373	751533a2	Phil Davis	}
2374	2cf6ddcb	Nigel Graham	}
2375			}
2376	9d3dab70	Scott Ullrich	}
2377	2cf6ddcb	Nigel Graham	}
2378			}
2379	d43ad788	Scott Ullrich
2380	6a688547	Ermal	function upgrade_060_to_061() {
2381			global $config;
2382	3cfa11c2	Scott Ullrich
2383	751533a2	Phil Davis	if (is_array($config['interfaces']['wan'])) {
2384	6a688547	Ermal	$config['interfaces']['wan']['enable'] = true;
2385	751533a2	Phil Davis	}
2386			if (is_array($config['interfaces']['lan'])) {
2387	6a688547	Ermal	$config['interfaces']['lan']['enable'] = true;
2388	751533a2	Phil Davis	}
2389	1cad6f6c	jim-p
2390			/* On 1.2.3 the "mtu" field adjusted MSS.
2391			On 2.x the "mtu" field is actually the MTU. Rename accordingly.
2392			See redmine ticket #1886
2393			*/
2394			foreach ($config['interfaces'] as $ifr => &$intf) {
2395			if (isset($intf['mtu']) && is_numeric($intf['mtu'])) {
2396			$intf['mss'] = $intf['mtu'];
2397			unset($intf['mtu']);
2398			}
2399			}
2400	6a688547	Ermal	}
2401	3cfa11c2	Scott Ullrich
2402	59ecde49	Renato Botelho	function upgrade_061_to_062() {
2403			global $config;
2404
2405			/* Convert NAT port forwarding rules */
2406			if (is_array($config['nat']['rule'])) {
2407			$a_nat = &$config['nat']['rule'];
2408
2409			foreach ($a_nat as &$natent) {
2410			$natent['disabled'] = false;
2411			$natent['nordr'] = false;
2412
2413			$natent['source'] = array(
2414			"not" => false,
2415			"any" => true,
2416			"port" => ""
2417			);
2418
2419			$natent['destination'] = array(
2420			"not" => false,
2421			"address" => $natent['external-address'],
2422			"port" => $natent['external-port']
2423			);
2424
2425	743ce9f8	Erik Fonnesbeck	if (empty($natent['destination']['address'])) {
2426	fcf4e8cd	Erik Fonnesbeck	unset($natent['destination']['address']);
2427			$natent['destination']['network'] = $natent['interface'] . 'ip';
2428	743ce9f8	Erik Fonnesbeck	} else if ($natent['destination']['address'] == 'any') {
2429			unset($natent['destination']['address']);
2430			$natent['destination']['any'] = true;
2431			}
2432
2433	59ecde49	Renato Botelho	unset($natent['external-address']);
2434			unset($natent['external-port']);
2435			}
2436
2437			unset($natent);
2438			}
2439			}
2440
2441	0f8266ed	smos	function upgrade_062_to_063() {
2442	168a1e48	smos	/* Upgrade legacy Themes to the new pfsense_ng */
2443	995df6c3	Stephen Beaver	// Not supported in 2.3+
2444	2d563280	Renato Botelho
2445	168a1e48	smos	}
2446	c2b2b571	gnhb
2447			function upgrade_063_to_064() {
2448			global $config;
2449	4de8f7ba	Phil Davis	$j = 0;
2450	d09ca87e	gnhb	$ifcfg = &$config['interfaces'];
2451	2d563280	Renato Botelho
2452			if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
2453	c2b2b571	gnhb	foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
2454	d09ca87e	gnhb	$config['ppps']['ppp'][$pppid]['if'] = "ppp".$j;
2455			$config['ppps']['ppp'][$pppid]['ptpid'] = $j;
2456			$j++;
2457	751533a2	Phil Davis	if (isset($ppp['port'])) {
2458	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['ports'] = $ppp['port'];
2459			unset($config['ppps']['ppp'][$pppid]['port']);
2460			}
2461	751533a2	Phil Davis	if (!isset($ppp['type'])) {
2462	c2b2b571	gnhb	$config['ppps']['ppp'][$pppid]['type'] = "ppp";
2463			}
2464	751533a2	Phil Davis	if (isset($ppp['defaultgw'])) {
2465	6fdfa8fb	gnhb	unset($config['ppps']['ppp'][$pppid]['defaultgw']);
2466	751533a2	Phil Davis	}
2467	c2b2b571	gnhb	}
2468			}
2469	2d563280	Renato Botelho
2470	751533a2	Phil Davis	if (!is_array($config['ppps']['ppp'])) {
2471	c2b2b571	gnhb	$config['ppps']['ppp'] = array();
2472	751533a2	Phil Davis	}
2473	c2b2b571	gnhb	$a_ppps = &$config['ppps']['ppp'];
2474
2475			foreach ($ifcfg as $ifname => $ifinfo) {
2476			$ppp = array();
2477			// For pppoe conversion
2478	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe" \|\| $ifinfo['ipaddr'] == "pptp") {
2479			if (isset($ifinfo['ptpid'])) {
2480	c2b2b571	gnhb	continue;
2481	751533a2	Phil Davis	}
2482	4de8f7ba	Phil Davis	$ppp['ptpid'] = $j;
2483	c2b2b571	gnhb	$ppp['type'] = $ifinfo['ipaddr'];
2484	d09ca87e	gnhb	$ppp['if'] = $ifinfo['ipaddr'].$j;
2485	c2b2b571	gnhb	$ppp['ports'] = $ifinfo['if'];
2486	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pppoe") {
2487	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pppoe_username'];
2488			$ppp['password'] = base64_encode($ifinfo['pppoe_password']);
2489			}
2490	751533a2	Phil Davis	if ($ifinfo['ipaddr'] == "pptp") {
2491	c2b2b571	gnhb	$ppp['username'] = $ifinfo['pptp_username'];
2492			$ppp['password'] = base64_encode($ifinfo['pptp_password']);
2493			}
2494	2d563280	Renato Botelho
2495	751533a2	Phil Davis	if (isset($ifinfo['provider'])) {
2496	c2b2b571	gnhb	$ppp['provider'] = $ifinfo['provider'];
2497	751533a2	Phil Davis	}
2498			if (isset($ifinfo['ondemand'])) {
2499	c2b2b571	gnhb	$ppp['ondemand'] = true;
2500	751533a2	Phil Davis	}
2501			if (isset($ifinfo['timeout'])) {
2502	c2b2b571	gnhb	$ppp['idletimeout'] = $ifinfo['timeout'];
2503	751533a2	Phil Davis	}
2504			if (isset($ifinfo['pppoe']['pppoe-reset-type'])) {
2505	c2b2b571	gnhb	$ppp['pppoe-reset-type'] = $ifinfo['pppoe']['pppoe-reset-type'];
2506			if (is_array($config['cron']['item'])) {
2507			for ($i = 0; $i < count($config['cron']['item']); $i++) {
2508			$item = $config['cron']['item'][$i];
2509	751533a2	Phil Davis	if (strpos($item['command'], "/conf/pppoe{$ifname}restart") !== false) {
2510	f7480829	gnhb	$config['cron']['item'][$i]['command'] = "/var/etc/pppoe_restart_" . $ppp['if'];
2511	751533a2	Phil Davis	}
2512	c2b2b571	gnhb	}
2513			}
2514			}
2515	751533a2	Phil Davis	if (isset($ifinfo['local'])) {
2516	c2b2b571	gnhb	$ppp['localip'] = $ifinfo['local'];
2517	751533a2	Phil Davis	}
2518			if (isset($ifinfo['subnet'])) {
2519	c2b2b571	gnhb	$ppp['subnet'] = $ifinfo['subnet'];
2520	751533a2	Phil Davis	}
2521			if (isset($ifinfo['remote'])) {
2522	c2b2b571	gnhb	$ppp['gateway'] = $ifinfo['remote'];
2523	751533a2	Phil Davis	}
2524	f7480829	gnhb
2525	d09ca87e	gnhb	$ifcfg[$ifname]['if'] = $ifinfo['ipaddr'].$j;
2526			$j++;
2527	2d563280	Renato Botelho
2528	c2b2b571	gnhb	unset($ifcfg[$ifname]['pppoe_username']);
2529			unset($ifcfg[$ifname]['pppoe_password']);
2530			unset($ifcfg[$ifname]['provider']);
2531			unset($ifcfg[$ifname]['ondemand']);
2532			unset($ifcfg[$ifname]['timeout']);
2533			unset($ifcfg[$ifname]['pppoe_reset']);
2534			unset($ifcfg[$ifname]['pppoe_preset']);
2535			unset($ifcfg[$ifname]['pppoe']);
2536			unset($ifcfg[$ifname]['pptp_username']);
2537			unset($ifcfg[$ifname]['pptp_password']);
2538			unset($ifcfg[$ifname]['local']);
2539			unset($ifcfg[$ifname]['subnet']);
2540			unset($ifcfg[$ifname]['remote']);
2541	2d563280	Renato Botelho
2542	c2b2b571	gnhb	$a_ppps[] = $ppp;
2543	2d563280	Renato Botelho
2544	c2b2b571	gnhb	}
2545			}
2546			}
2547
2548	56a5a0ab	jim-p	function upgrade_064_to_065() {
2549			/* Disable TSO and LRO in upgraded configs */
2550			global $config;
2551			$config['system']['disablesegmentationoffloading'] = true;
2552			$config['system']['disablelargereceiveoffloading'] = true;
2553			}
2554
2555	2f06cc3f	Ermal	function upgrade_065_to_066() {
2556			global $config;
2557
2558			$dhcrelaycfg =& $config['dhcrelay'];
2559
2560	2d563280	Renato Botelho	if (is_array($dhcrelaycfg)) {
2561			$dhcrelayifs = array();
2562	2f06cc3f	Ermal	$foundifs = false;
2563	2d563280	Renato Botelho	/* DHCPRelay enabled on any interfaces? */
2564			foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
2565			if (isset($dhcrelayifconf['enable'])) {
2566	2f06cc3f	Ermal	$dhcrelayifs[] = $dhcrelayif;
2567			unset($dhcrelaycfg['dhcrelayif']);
2568			$foundifs = true;
2569			}
2570	2d563280	Renato Botelho	}
2571	751533a2	Phil Davis	if ($foundifs == true) {
2572	2f06cc3f	Ermal	$dhcrelaycfg['interface'] = implode(",", $dhcrelayifs);
2573	751533a2	Phil Davis	}
2574	2d563280	Renato Botelho	}
2575	2f06cc3f	Ermal	}
2576
2577	9ad72e5e	jim-p	function upgrade_066_to_067() {
2578			global $config;
2579			if (isset($config['system']['ca'])) {
2580			$config['ca'] = $config['system']['ca'];
2581	661de3e7	Phil Davis	unset($config['system']['ca']);
2582	9ad72e5e	jim-p	}
2583			if (isset($config['system']['cert'])) {
2584			$config['cert'] = $config['system']['cert'];
2585	661de3e7	Phil Davis	unset($config['system']['cert']);
2586	9ad72e5e	jim-p	}
2587			}
2588
2589	6ae9f9b7	Ermal	function upgrade_067_to_068() {
2590			global $config;
2591
2592			if (!empty($config['pppoe'])) {
2593			$config['pppoes'] = array();
2594			$config['pppoes']['pppoe'] = array();
2595			$config['pppoes']['pppoe'][] = $config['pppoe'][0];
2596	ce968051	Ermal
2597			if (is_array($config['pppoe']['user'])) {
2598	2d563280	Renato Botelho	$username = array();
2599	ce968051	Ermal	foreach ($config['pppoe']['user'] as $user) {
2600	2fc29020	Ermal	$usr = $user['name'] . ":" . base64_encode($user['password']);
2601	751533a2	Phil Davis	if ($user['ip']) {
2602	ce968051	Ermal	$usr .= ":{$user['ip']}";
2603	751533a2	Phil Davis	}
2604	ce968051	Ermal	$username[] = $usr;
2605			}
2606			$config['pppoes']['pppoe'][0]['username'] = implode(" ", $username);
2607			}
2608	6ae9f9b7	Ermal	unset($config['pppoe']);
2609			}
2610			}
2611
2612	18de0728	Ermal	function upgrade_068_to_069() {
2613	8fefb9dd	jim-p	global $config;
2614	751533a2	Phil Davis	if (!is_array($config['system']['user'])) {
2615	8fefb9dd	jim-p	return;
2616	751533a2	Phil Davis	}
2617	8fefb9dd	jim-p	foreach ($config['system']['user'] as & $user) {
2618	751533a2	Phil Davis	if (!is_array($user['cert'])) {
2619	8fefb9dd	jim-p	continue;
2620	751533a2	Phil Davis	}
2621	8fefb9dd	jim-p	$rids = array();
2622			foreach ($user['cert'] as $id => $cert) {
2623	751533a2	Phil Davis	if (!isset($cert['descr'])) {
2624	8fefb9dd	jim-p	continue;
2625	751533a2	Phil Davis	}
2626	8fefb9dd	jim-p	$tcert = $cert;
2627			// Make sure each cert gets a refid
2628	751533a2	Phil Davis	if (!isset($tcert['refid'])) {
2629	8fefb9dd	jim-p	$tcert['refid'] = uniqid();
2630	751533a2	Phil Davis	}
2631	8fefb9dd	jim-p	// Keep the cert references for this user
2632			$rids[] = $tcert['refid'];
2633			$config['cert'][] = $tcert;
2634			}
2635			// Replace user certs with cert references instead.
2636	751533a2	Phil Davis	if (count($rids) > 0) {
2637	8fefb9dd	jim-p	$user['cert'] = $rids;
2638	751533a2	Phil Davis	}
2639	8fefb9dd	jim-p	}
2640			}
2641
2642	4c5b8653	Erik Fonnesbeck	function upgrade_069_to_070() {
2643			global $config;
2644
2645			/* Convert NAT 1:1 rules */
2646			if (is_array($config['nat']['onetoone'])) {
2647	a3bac4ce	Ermal	foreach ($config['nat']['onetoone'] as $nidx => $natent) {
2648	751533a2	Phil Davis	if ($natent['subnet'] == 32) {
2649	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal']);
2650	751533a2	Phil Davis	} else {
2651	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']);
2652	751533a2	Phil Davis	}
2653	4c5b8653	Erik Fonnesbeck
2654	a3bac4ce	Ermal	$config['nat']['onetoone'][$nidx]['destination'] = array("any" => true);
2655	4c5b8653	Erik Fonnesbeck
2656	a3bac4ce	Ermal	unset($config['nat']['onetoone'][$nidx]['internal']);
2657			unset($config['nat']['onetoone'][$nidx]['subnet']);
2658	4c5b8653	Erik Fonnesbeck	}
2659
2660			unset($natent);
2661			}
2662			}
2663
2664	65167fcc	Ermal	function upgrade_070_to_071() {
2665			global $config;
2666
2667			if (is_array($config['cron']['item'])) {
2668	751533a2	Phil Davis	foreach ($config['cron']['item'] as $idx => $cronitem) {
2669			if (stristr($cronitem['command'], "checkreload.sh")) {
2670	65167fcc	Ermal	unset($config['cron']['item'][$idx]);
2671			break;
2672			}
2673			}
2674			}
2675			}
2676	15864861	jim-p
2677	6751b3e7	jim-p	function rename_field(& $section, $oldname, $newname) {
2678	e988813d	jim-p	if (is_array($section)) {
2679	751533a2	Phil Davis	foreach ($section as & $item) {
2680			if (is_array($item) && !empty($item[$oldname])) {
2681	6751b3e7	jim-p	$item[$newname] = $item[$oldname];
2682	751533a2	Phil Davis	}
2683			if (is_array($item) && isset($item[$oldname])) {
2684	6751b3e7	jim-p	unset($item[$oldname]);
2685	751533a2	Phil Davis	}
2686	e988813d	jim-p	}
2687			}
2688			}
2689
2690	6751b3e7	jim-p	function upgrade_071_to_072() {
2691			global $config;
2692	751533a2	Phil Davis	if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
2693	6bef0554	jim-p	rename_field($config['sysctl']['item'], 'desc', 'descr');
2694	751533a2	Phil Davis	}
2695	6751b3e7	jim-p	}
2696
2697	e988813d	jim-p	function upgrade_072_to_073() {
2698			global $config;
2699	751533a2	Phil Davis	if (!is_array($config['load_balancer'])) {
2700	6bef0554	jim-p	return;
2701	751533a2	Phil Davis	}
2702			if (is_array($config['load_balancer']['monitor_type'])) {
2703	6bef0554	jim-p	rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr');
2704	751533a2	Phil Davis	}
2705			if (is_array($config['load_balancer']['lbpool'])) {
2706	6bef0554	jim-p	rename_field($config['load_balancer']['lbpool'], 'desc', 'descr');
2707	751533a2	Phil Davis	}
2708			if (is_array($config['load_balancer']['lbaction'])) {
2709	6bef0554	jim-p	rename_field($config['load_balancer']['lbaction'], 'desc', 'descr');
2710	751533a2	Phil Davis	}
2711			if (is_array($config['load_balancer']['lbprotocol'])) {
2712	6bef0554	jim-p	rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr');
2713	751533a2	Phil Davis	}
2714			if (is_array($config['load_balancer']['virtual_server'])) {
2715	6bef0554	jim-p	rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr');
2716	751533a2	Phil Davis	}
2717	e988813d	jim-p	}
2718	9ff73b79	jim-p
2719			function upgrade_073_to_074() {
2720			global $config;
2721	6751b3e7	jim-p	rename_field($config['system']['user'], 'fullname', 'descr');
2722	9ff73b79	jim-p	}
2723	f2a86ca9	jim-p
2724			function upgrade_074_to_075() {
2725			global $config;
2726	751533a2	Phil Davis	if (is_array($config['ca'])) {
2727	6bef0554	jim-p	rename_field($config['ca'], 'name', 'descr');
2728	751533a2	Phil Davis	}
2729			if (is_array($config['cert'])) {
2730	6bef0554	jim-p	rename_field($config['cert'], 'name', 'descr');
2731	751533a2	Phil Davis	}
2732			if (is_array($config['crl'])) {
2733	6bef0554	jim-p	rename_field($config['crl'], 'name', 'descr');
2734	751533a2	Phil Davis	}
2735	f2a86ca9	jim-p	}
2736	9734b054	Scott Ullrich
2737	d0dc2fd1	jim-p	function upgrade_075_to_076() {
2738	7d9b3d5e	jim-p	global $config;
2739			$cron_item = array();
2740			$cron_item['minute'] = "30";
2741			$cron_item['hour'] = "12";
2742			$cron_item['mday'] = "*";
2743			$cron_item['month'] = "*";
2744			$cron_item['wday'] = "*";
2745			$cron_item['who'] = "root";
2746			$cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_urltables";
2747			$config['cron']['item'][] = $cron_item;
2748	d0dc2fd1	jim-p	}
2749
2750	9bc8b6b6	Seth Mos	function upgrade_076_to_077() {
2751	9956b38a	Seth Mos	global $config;
2752	751533a2	Phil Davis	foreach ($config['filter']['rule'] as & $rule) {
2753			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2754			$rule['protocol'] = strtolower($rule['protocol']);
2755			}
2756	9956b38a	Seth Mos	}
2757			}
2758
2759			function upgrade_077_to_078() {
2760	f33030aa	jim-p	global $config;
2761	751533a2	Phil Davis	if (is_array($config['pptpd']) && is_array($config['pptpd']['radius']) &&
2762			!is_array($config['pptpd']['radius']['server'])) {
2763	7171b7b6	jim-p	$radarr = array();
2764			$radsvr = array();
2765			$radsvr['ip'] = $config['pptpd']['radius']['server'];
2766			$radsvr['secret'] = $config['pptpd']['radius']['secret'];
2767			$radsvr['port'] = 1812;
2768			$radsvr['acctport'] = 1813;
2769			$radsvr['enable'] = isset($config['pptpd']['radius']['enable']);
2770			$radarr['accounting'] = isset($config['pptpd']['radius']['accounting']);
2771	751533a2	Phil Davis	if ($radarr['accounting']) {
2772	7171b7b6	jim-p	$radarr['acct_update'] = $radsvr['ip'];
2773	751533a2	Phil Davis	}
2774	7171b7b6	jim-p	$radarr['server'] = $radsvr;
2775			$config['pptpd']['radius'] = $radarr;
2776			}
2777	f7c8f633	jim-p	if (is_array($config['pptpd'])) {
2778			$config['pptpd']['n_pptp_units'] = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units'];
2779			}
2780	7171b7b6	jim-p	}
2781	27d0722d	jim-p	function upgrade_078_to_079() {
2782	838e4eb8	Warren Baker	global $g;
2783	5c723d9f	Warren Baker	/* Delete old and unused RRD file */
2784	838e4eb8	Warren Baker	unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
2785	5c723d9f	Warren Baker	}
2786
2787	58005e52	jim-p	function upgrade_079_to_080() {
2788	9bc8b6b6	Seth Mos	global $config;
2789	e6ee8fc6	Ermal
2790	f416763b	Phil Davis	/* Upgrade config in 1.2.3 specifying a username other than admin for syncing. */
2791	e6ee8fc6	Ermal	if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) &&
2792	751533a2	Phil Davis	is_array($config['installedpackages']['carpsettings']['config'])) {
2793	e6ee8fc6	Ermal	$config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username'];
2794			unset($config['system']['username']);
2795			}
2796			}
2797
2798	e49d4564	jim-p	function upgrade_080_to_081() {
2799			global $config;
2800	9bc8b6b6	Seth Mos	global $g;
2801	ff6677cf	smos	/* Welcome to the 2.1 migration path */
2802
2803			/* tag all the existing gateways as being IPv4 */
2804			$i = 0;
2805	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_item'])) {
2806			foreach ($config['gateways']['gateway_item'] as $gw) {
2807	ff6677cf	smos	$config['gateways']['gateway_item'][$i]['ipprotocol'] = "inet";
2808			$i++;
2809			}
2810			}
2811	9bc8b6b6	Seth Mos
2812			/* RRD files changed for quality, traffic and packets graphs */
2813			/* convert traffic RRD file */
2814			global $parsedcfg, $listtags;
2815			$listtags = array("ds", "v", "rra", "row");
2816
2817			$rrddbpath = "/var/db/rrd/";
2818			$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
2819
2820	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
2821	42ec9337	Renato Botelho	/* restore the databases, if we have one */
2822			if (restore_rrd()) {
2823			/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
2824	e1854cad	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
2825	42ec9337	Renato Botelho	}
2826			}
2827
2828	9bc8b6b6	Seth Mos	$rrdinterval = 60;
2829			$valid = $rrdinterval * 2;
2830
2831			/* Asume GigE for now */
2832			$downstream = 125000000;
2833			$upstream = 125000000;
2834
2835			/* build a list of traffic and packets databases */
2836	84683e42	Renato Botelho	$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
2837	9bc8b6b6	Seth Mos	rsort($databases);
2838	751533a2	Phil Davis	foreach ($databases as $database) {
2839	9bc8b6b6	Seth Mos	$xmldump = "{$database}.old.xml";
2840			$xmldumpnew = "{$database}.new.xml";
2841
2842	751533a2	Phil Davis	if (platform_booting()) {
2843	d55ea970	Seth Mos	echo "Migrate RRD database {$database} to new format for IPv6.\n";
2844	751533a2	Phil Davis	}
2845	9bc8b6b6	Seth Mos
2846			/* dump contents to xml and move database out of the way */
2847			dump_rrd_to_xml("{$rrddbpath}/{$database}", "{$g['tmp_path']}/{$xmldump}");
2848
2849	fcaa56b1	smos	/* search and replace tags to add data sources */
2850			$ds_search = "<!-- Round Robin Archives -->";
2851			$ds_arr = array();
2852			$ds_arr[] = " <ds>
2853			<name> inpass6 </name>
2854			<type> COUNTER </type>
2855			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2856			<min> 0.0000000000e+00 </min>
2857			<max> 1.2500000000e+08 </max>
2858
2859			<!-- PDP Status -->
2860			<last_ds> 0 </last_ds>
2861			<value> NaN </value>
2862			<unknown_sec> 3 </unknown_sec>
2863			</ds>
2864			";
2865			$ds_arr[] = " <ds>
2866			<name> outpass6 </name>
2867			<type> COUNTER </type>
2868			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2869			<min> 0.0000000000e+00 </min>
2870			<max> 1.2500000000e+08 </max>
2871
2872			<!-- PDP Status -->
2873			<last_ds> 0 </last_ds>
2874			<value> NaN </value>
2875			<unknown_sec> 3 </unknown_sec>
2876			</ds>
2877			";
2878			$ds_arr[] = " <ds>
2879			<name> inblock6 </name>
2880			<type> COUNTER </type>
2881			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2882			<min> 0.0000000000e+00 </min>
2883			<max> 1.2500000000e+08 </max>
2884
2885			<!-- PDP Status -->
2886			<last_ds> 0 </last_ds>
2887			<value> NaN </value>
2888			<unknown_sec> 3 </unknown_sec>
2889			</ds>
2890			";
2891			$ds_arr[] = " <ds>
2892			<name> outblock6 </name>
2893			<type> COUNTER </type>
2894			<minimal_heartbeat> {$valid} </minimal_heartbeat>
2895			<min> 0.0000000000e+00 </min>
2896			<max> 1.2500000000e+08 </max>
2897
2898			<!-- PDP Status -->
2899			<last_ds> 0 </last_ds>
2900			<value> NaN </value>
2901			<unknown_sec> 3 </unknown_sec>
2902			</ds>
2903			";
2904
2905			$cdp_search = "<\/cdp_prep>";
2906			$cdp_replace = "</cdp_prep>";
2907			$cdp_arr = array();
2908			$cdp_arr[] = " <ds>
2909			<primary_value> NaN </primary_value>
2910			<secondary_value> 0.0000000000e+00 </secondary_value>
2911			<value> NaN </value>
2912			<unknown_datapoints> 0 </unknown_datapoints>
2913			</ds>
2914			";
2915			$cdp_arr[] = " <ds>
2916			<primary_value> NaN </primary_value>
2917			<secondary_value> 0.0000000000e+00 </secondary_value>
2918			<value> NaN </value>
2919			<unknown_datapoints> 0 </unknown_datapoints>
2920			</ds>
2921			";
2922			$cdp_arr[] = " <ds>
2923			<primary_value> NaN </primary_value>
2924			<secondary_value> 0.0000000000e+00 </secondary_value>
2925			<value> NaN </value>
2926			<unknown_datapoints> 0 </unknown_datapoints>
2927			</ds>
2928			";
2929			$cdp_arr[] = " <ds>
2930			<primary_value> NaN </primary_value>
2931			<secondary_value> 0.0000000000e+00 </secondary_value>
2932			<value> NaN </value>
2933			<unknown_datapoints> 0 </unknown_datapoints>
2934			</ds>
2935			";
2936
2937			$value_search = "<\/row>";
2938			$value_replace = "</row>";
2939			$value = "<v> NaN </v>";
2940
2941			$xml = file_get_contents("{$g['tmp_path']}/{$xmldump}");
2942	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2943	fcaa56b1	smos	$xml = preg_replace("/$ds_search/s", "$ds{$ds_search}", $xml);
2944			}
2945	751533a2	Phil Davis	foreach ($cdp_arr as $cdp) {
2946	fcaa56b1	smos	$xml = preg_replace("/$cdp_search/s", "$cdp{$cdp_replace}", $xml);
2947			}
2948	751533a2	Phil Davis	foreach ($ds_arr as $ds) {
2949	fcaa56b1	smos	$xml = preg_replace("/$value_search/s", "$value{$value_replace}", $xml);
2950			}
2951	751533a2	Phil Davis
2952	fcaa56b1	smos	file_put_contents("{$g['tmp_path']}/{$xmldumpnew}", $xml);
2953			mwexec("$rrdtool restore -f {$g['tmp_path']}/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
2954			unset($xml);
2955	73c569ea	Xon	# Default /tmp tmpfs is ~40mb, do not leave temp files around
2956	48047e3f	Renato Botelho	unlink_if_exists("{$g['tmp_path']}/{$xmldump}");
2957			unlink_if_exists("{$g['tmp_path']}/{$xmldumpnew}");
2958	9bc8b6b6	Seth Mos	}
2959	751533a2	Phil Davis	if (!platform_booting()) {
2960	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
2961	751533a2	Phil Davis	}
2962	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
2963			/* The function will restore the rrd.tgz so we will save it after */
2964			exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
2965	751533a2	Phil Davis	if (platform_booting()) {
2966	9bc8b6b6	Seth Mos	echo "Updating configuration...";
2967	751533a2	Phil Davis	}
2968			foreach ($config['filter']['rule'] as & $rule) {
2969			if (isset($rule['protocol']) && !empty($rule['protocol'])) {
2970	1c1a74fa	jim-p	$rule['protocol'] = strtolower($rule['protocol']);
2971	751533a2	Phil Davis	}
2972	7ec0e6e2	jim-p	}
2973	17640b28	Ermal	unset($rule);
2974	9bc8b6b6	Seth Mos	}
2975
2976	e49d4564	jim-p	function upgrade_081_to_082() {
2977	4cdf35a4	Chris Buechler	/* don't enable the allow IPv6 toggle */
2978	1f116988	Seth Mos	}
2979	b4792bf8	Ermal
2980			function upgrade_082_to_083() {
2981			global $config;
2982	7b47bd4c	Ermal
2983	b4792bf8	Ermal	/* Upgrade captiveportal config */
2984			if (!empty($config['captiveportal'])) {
2985			$tmpcp = $config['captiveportal'];
2986			$config['captiveportal'] = array();
2987	17640b28	Ermal	$config['captiveportal']['cpzone'] = array();
2988			$config['captiveportal']['cpzone'] = $tmpcp;
2989			$config['captiveportal']['cpzone']['zoneid'] = 8000;
2990	26b6e758	jim-p	$config['captiveportal']['cpzone']['zone'] = "cpzone";
2991	751533a2	Phil Davis	if ($config['captiveportal']['cpzone']['auth_method'] == "radius") {
2992	2d72659a	Renato Botelho	$config['captiveportal']['cpzone']['radius_protocol'] = "PAP";
2993	751533a2	Phil Davis	}
2994	b4792bf8	Ermal	}
2995	67e73dcd	Ermal	if (!empty($config['voucher'])) {
2996			$tmpcp = $config['voucher'];
2997			$config['voucher'] = array();
2998	17640b28	Ermal	$config['voucher']['cpzone'] = array();
2999			$config['voucher']['cpzone'] = $tmpcp;
3000	67e73dcd	Ermal	}
3001	b4792bf8	Ermal	}
3002	67e73dcd	Ermal
3003	f97a5b04	Darren Embry	function upgrade_083_to_084() {
3004			global $config;
3005			if (!isset($config['hasync'])) {
3006			if (!empty($config['installedpackages']) &&
3007			!empty($config['installedpackages']['carpsettings']) &&
3008			!empty($config['installedpackages']['carpsettings']['config'])) {
3009			$config['hasync'] = $config['installedpackages']['carpsettings']['config'][0];
3010			unset($config['installedpackages']['carpsettings']);
3011			}
3012	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']['carpsettings']) && isset($config['installedpackages']['carpsettings'])) {
3013	f97a5b04	Darren Embry	unset($config['installedpackages']['carpsettings']);
3014			}
3015	fa6e5ba5	Phil Davis	if (empty($config['installedpackages']) && isset($config['installedpackages'])) {
3016	f97a5b04	Darren Embry	unset($config['installedpackages']);
3017			}
3018			}
3019			}
3020
3021	c3ce2ece	smos	function upgrade_084_to_085() {
3022			global $config;
3023
3024			$gateway_group_arr = array();
3025			$gateways = return_gateways_array();
3026			$oldnames = array();
3027			/* setup translation array */
3028	751533a2	Phil Davis	foreach ($gateways as $name => $gw) {
3029			if (isset($gw['dynamic'])) {
3030	c3ce2ece	smos	$oldname = strtoupper($config['interfaces'][$gw['friendlyiface']]['descr']);
3031	2d563280	Renato Botelho	$oldnames[$oldname] = $name;
3032	c3ce2ece	smos	} else {
3033			$oldnames[$name] = $name;
3034			}
3035			}
3036
3037			/* process the old array */
3038	751533a2	Phil Davis	if (is_array($config['gateways']['gateway_group'])) {
3039	c3ce2ece	smos	$group_array_new = array();
3040	751533a2	Phil Davis	foreach ($config['gateways']['gateway_group'] as $name => $group) {
3041			if (is_array($group['item'])) {
3042	c3ce2ece	smos	$newlist = array();
3043	751533a2	Phil Davis	foreach ($group['item'] as $entry) {
3044	c3ce2ece	smos	$elements = explode("\|", $entry);
3045	751533a2	Phil Davis	if ($oldnames[$elements[0]] <> "") {
3046	c3ce2ece	smos	$newlist[] = "{$oldnames[$elements[0]]}\|{$elements[1]}";
3047	da12a8a4	smos	} else {
3048			$newlist[] = "{$elements[0]}\|{$elements[1]}";
3049	c3ce2ece	smos	}
3050			}
3051			$group['item'] = $newlist;
3052			$group_array_new[$name] = $group;
3053			}
3054			}
3055			$config['gateways']['gateway_group'] = $group_array_new;
3056			}
3057	d4d5f7b4	smos	/* rename old Quality RRD files in the process */
3058			$rrddbpath = "/var/db/rrd";
3059	751533a2	Phil Davis	foreach ($oldnames as $old => $new) {
3060			if (is_readable("{$rrddbpath}/{$old}-quality.rrd")) {
3061	17640b28	Ermal	@rename("{$rrddbpath}/{$old}-quality.rrd", "{$rrddbpath}/{$new}-quality.rrd");
3062	d4d5f7b4	smos	}
3063			}
3064	17640b28	Ermal	unset($gateways, $oldnames, $gateway_group_arr);
3065	c3ce2ece	smos	}
3066
3067	b22fc825	jim-p	function upgrade_085_to_086() {
3068	879f7db7	Erik Fonnesbeck	global $config, $g;
3069	b22fc825	jim-p
3070			/* XXX: Gross hacks in sight */
3071	12766374	Erik Fonnesbeck	if (is_array($config['virtualip']['vip'])) {
3072	b22fc825	jim-p	$vipchg = array();
3073	12766374	Erik Fonnesbeck	foreach ($config['virtualip']['vip'] as $vip) {
3074	751533a2	Phil Davis	if ($vip['mode'] != "carp") {
3075	fbda07b9	Ermal	continue;
3076	751533a2	Phil Davis	}
3077	f2cc3344	Renato Botelho	$config = array_replace_values_recursive(
3078			$config,
3079			'^vip' . $vip['vhid'] . '$',
3080			"{$vip['interface']}_vip{$vip['vhid']}"
3081			);
3082	fe47f1f2	Erik Fonnesbeck	}
3083	b22fc825	jim-p	}
3084			}
3085
3086	85a236e9	Ermal	function upgrade_086_to_087() {
3087			global $config, $dummynet_pipe_list;
3088
3089	751533a2	Phil Davis	if (!is_array($config['dnshaper']) \|\| !is_array($config['dnshaper']['queue'])) {
3090	85a236e9	Ermal	return;
3091	751533a2	Phil Davis	}
3092	85a236e9	Ermal
3093			$dnqueue_number = 1;
3094			$dnpipe_number = 1;
3095
3096			foreach ($config['dnshaper']['queue'] as $idx => $dnpipe) {
3097			$config['dnshaper']['queue'][$idx]['number'] = $dnpipe_number;
3098			$dnpipe_number++;
3099			if (is_array($dnpipe['queue'])) {
3100			foreach ($dnpipe['queue'] as $qidx => $dnqueue) {
3101			$config['dnshaper']['queue'][$idx]['queue'][$qidx]['number'] = $dnqueue_number;
3102			$dnqueue_number++;
3103			}
3104			}
3105			}
3106
3107			unset($dnqueue_number, $dnpipe_number, $qidx, $idx, $dnpipe, $dnqueue);
3108
3109	34823356	Phil Davis	if (!is_array($config['filter']) \|\| !is_array($config['filter']['rule'])) {
3110			return;
3111			}
3112
3113	85a236e9	Ermal	require_once("shaper.inc");
3114			read_dummynet_config();
3115
3116	628306af	Ermal	$dn_list = array();
3117	2d563280	Renato Botelho	if (is_array($dummynet_pipe_list)) {
3118			foreach ($dummynet_pipe_list as $dn) {
3119			$tmplist =& $dn->get_queue_list();
3120			foreach ($tmplist as $qname => $link) {
3121			$dn_list[$link] = $qname;
3122			}
3123			}
3124	17640b28	Ermal	unset($dummynet_pipe_list);
3125	2d563280	Renato Botelho	}
3126	628306af	Ermal
3127	85a236e9	Ermal	foreach ($config['filter']['rule'] as $idx => $rule) {
3128			if (!empty($rule['dnpipe'])) {
3129	751533a2	Phil Davis	if (!empty($dn_list[$rule['dnpipe']])) {
3130	628306af	Ermal	$config['filter']['rule'][$idx]['dnpipe'] = $dn_list[$rule['dnpipe']];
3131	751533a2	Phil Davis	}
3132	85a236e9	Ermal	}
3133			if (!empty($rule['pdnpipe'])) {
3134	751533a2	Phil Davis	if (!empty($dn_list[$rule['pdnpipe']])) {
3135	628306af	Ermal	$config['filter']['rule'][$idx]['pdnpipe'] = $dn_list[$rule['pdnpipe']];
3136	751533a2	Phil Davis	}
3137	85a236e9	Ermal	}
3138			}
3139			}
3140	7530177c	jim-p	function upgrade_087_to_088() {
3141			global $config;
3142			if (isset($config['system']['glxsb_enable'])) {
3143			unset($config['system']['glxsb_enable']);
3144			$config['system']['crypto_hardware'] = "glxsb";
3145			}
3146			}
3147	36f6ed35	bcyrill
3148			function upgrade_088_to_089() {
3149	2d563280	Renato Botelho	global $config;
3150	751533a2	Phil Davis	if (!is_array($config['ca'])) {
3151	2d563280	Renato Botelho	$config['ca'] = array();
3152	751533a2	Phil Davis	}
3153			if (!is_array($config['cert'])) {
3154	2d563280	Renato Botelho	$config['cert'] = array();
3155	751533a2	Phil Davis	}
3156	2d563280	Renato Botelho
3157	f416763b	Phil Davis	/* migrate captive portal ssl to certificate manager */
3158	2d563280	Renato Botelho	if (is_array($config['captiveportal'])) {
3159			foreach ($config['captiveportal'] as $id => &$setting) {
3160			if (isset($setting['httpslogin'])) {
3161			/* create cert entry */
3162			$cert = array();
3163			$cert['refid'] = uniqid();
3164			$cert['descr'] = "Captive Portal Cert - {$setting['zone']}";
3165			$cert['crt'] = $setting['certificate'];
3166			$cert['prv'] = $setting['private-key'];
3167
3168			if (!empty($setting['cacertificate'])) {
3169			/* create ca entry */
3170			$ca = array();
3171			$ca['refid'] = uniqid();
3172			$ca['descr'] = "Captive Portal CA - {$setting['zone']}";
3173			$ca['crt'] = $setting['cacertificate'];
3174			$config['ca'][] = $ca;
3175
3176			/* add ca reference to certificate */
3177			$cert['caref'] = $ca['refid'];
3178			}
3179
3180			$config['cert'][] = $cert;
3181
3182			/* create cert reference */
3183			$setting['certref'] = $cert['refid'];
3184
3185			unset($setting['certificate']);
3186			unset($setting['private-key']);
3187			unset($setting['cacertificate']);
3188
3189			}
3190			}
3191			}
3192	36f6ed35	bcyrill	}
3193	2d563280	Renato Botelho
3194	6e9b046e	jim-p	function upgrade_089_to_090() {
3195			global $config;
3196			if (is_array($config['load_balancer']['virtual_server']) && count($config['load_balancer']['virtual_server'])) {
3197			$vs_a = &$config['load_balancer']['virtual_server'];
3198			for ($i = 0; isset($vs_a[$i]); $i++) {
3199			if (is_array($vs_a[$i]['pool'])) {
3200			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'][0];
3201			unset($vs_a[$i]['pool']);
3202			} elseif (!empty($vs_a[$i]['pool'])) {
3203			$vs_a[$i]['poolname'] = $vs_a[$i]['pool'];
3204			unset($vs_a[$i]['pool']);
3205			}
3206			}
3207			}
3208			}
3209	c9ba2f8a	Ermal
3210			function upgrade_090_to_091() {
3211			global $config;
3212
3213			if (is_array($config['dnshaper']) && is_array($config['dnshaper']['queue'])) {
3214			foreach ($config['dnshaper']['queue'] as $idx => $dnqueue) {
3215			if (!empty($dnqueue['bandwidth'])) {
3216			$bw = array();
3217			$bw['bw'] = $dnqueue['bandwidth'];
3218			$bw['bwscale'] = $dnqueue['bandwidthtype'];
3219			$bw['bwsched'] = "none";
3220			$config['dnshaper']['queue'][$idx]['bandwidth'] = array();
3221			$config['dnshaper']['queue'][$idx]['bandwidth']['item'] = array();
3222			$config['dnshaper']['queue'][$idx]['bandwidth']['item'][] = $bw;
3223			}
3224			}
3225			}
3226			}
3227	e99ba2d6	Renato Botelho
3228			function upgrade_091_to_092() {
3229			global $config;
3230
3231			if (is_array($config['nat']['advancedoutbound']) && is_array($config['nat']['advancedoutbound']['rule'])) {
3232			$nat_rules = &$config['nat']['advancedoutbound']['rule'];
3233			for ($i = 0; isset($nat_rules[$i]); $i++) {
3234			if (empty($nat_rules[$i]['interface'])) {
3235			$nat_rules[$i]['interface'] = 'wan';
3236			}
3237			}
3238			}
3239			}
3240	2d563280	Renato Botelho
3241	cba9d7d9	Renato Botelho	function upgrade_092_to_093() {
3242			global $g;
3243
3244			$suffixes = array("concurrent", "loggedin");
3245
3246	751533a2	Phil Davis	foreach ($suffixes as $suffix) {
3247			if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd")) {
3248	cba9d7d9	Renato Botelho	rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
3249			"{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
3250	751533a2	Phil Davis	}
3251			}
3252	cba9d7d9	Renato Botelho
3253	751533a2	Phil Davis	if (!platform_booting()) {
3254	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3255	751533a2	Phil Davis	}
3256	cba9d7d9	Renato Botelho	}
3257
3258	6015f75b	N0YB	function upgrade_093_to_094() {
3259			global $config;
3260
3261			if (isset($config['system']['powerd_mode'])) {
3262			$config['system']['powerd_ac_mode'] = $config['system']['powerd_mode'];
3263			$config['system']['powerd_battery_mode'] = $config['system']['powerd_mode'];
3264			unset($config['system']['powerd_mode']);
3265			}
3266			}
3267
3268	02203e6d	Renato Botelho	function upgrade_094_to_095() {
3269			global $config;
3270
3271	751533a2	Phil Davis	if (!isset($config['interfaces']) \|\| !is_array($config['interfaces'])) {
3272	02203e6d	Renato Botelho	return;
3273	751533a2	Phil Davis	}
3274	02203e6d	Renato Botelho
3275	751533a2	Phil Davis	foreach ($config['interfaces'] as $iface => $cfg) {
3276			if (isset($cfg['ipaddrv6']) && ($cfg['ipaddrv6'] == "track6")) {
3277			if (!isset($cfg['track6-prefix-id']) \|\| ($cfg['track6-prefix-id'] == "")) {
3278	02203e6d	Renato Botelho	$config['interfaces'][$iface]['track6-prefix-id'] = 0;
3279	751533a2	Phil Davis	}
3280			}
3281			}
3282	02203e6d	Renato Botelho	}
3283
3284	fa3b33a5	Renato Botelho	function upgrade_095_to_096() {
3285			global $config, $g;
3286
3287			$names = array("inpass", "outpass", "inblock", "outblock",
3288			"inpass6", "outpass6", "inblock6", "outblock6");
3289			$rrddbpath = "/var/db/rrd";
3290			$rrdtool = "/usr/local/bin/rrdtool";
3291
3292	2344bed4	Renato Botelho	if ($g['platform'] != $g['product_name']) {
3293	42ec9337	Renato Botelho	/* restore the databases, if we have one */
3294			if (restore_rrd()) {
3295			/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
3296	8560c756	jim-p	@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
3297	42ec9337	Renato Botelho	}
3298			}
3299
3300	fa3b33a5	Renato Botelho	/* Assume 210GigE for now /
3301			$stream = 2500000000;
3302
3303			/* build a list of traffic and packets databases */
3304			$databases = return_dir_as_array($rrddbpath, '/-(traffic\|packets)\.rrd$/');
3305			rsort($databases);
3306	751533a2	Phil Davis	foreach ($databases as $database) {
3307			if (platform_booting()) {
3308	fa3b33a5	Renato Botelho	echo "Update RRD database {$database}.\n";
3309	751533a2	Phil Davis	}
3310	fa3b33a5	Renato Botelho
3311			$cmd = "{$rrdtool} tune {$rrddbpath}/{$database}";
3312	751533a2	Phil Davis	foreach ($names as $name) {
3313	fa3b33a5	Renato Botelho	$cmd .= " -a {$name}:{$stream}";
3314	751533a2	Phil Davis	}
3315	fa3b33a5	Renato Botelho	mwexec("{$cmd} 2>&1");
3316
3317			}
3318	751533a2	Phil Davis	if (!platform_booting()) {
3319	e546d2d1	Ermal LUÇI	enable_rrd_graphing();
3320	751533a2	Phil Davis	}
3321	42ec9337	Renato Botelho	/* Let's save the RRD graphs after we run enable RRD graphing */
3322			/* The function will restore the rrd.tgz so we will save it after */
3323			exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
3324	fa3b33a5	Renato Botelho	}
3325
3326	1cf24f0a	jim-p	function upgrade_096_to_097() {
3327			global $config, $g;
3328			/* If the user had disabled default block rule logging before, then bogon/private network logging was already off, so respect their choice. */
3329			if (isset($config['syslog']['nologdefaultblock'])) {
3330			$config['syslog']['nologbogons'] = true;
3331			$config['syslog']['nologprivatenets'] = true;
3332			}
3333			}
3334	af0a477a	Renato Botelho
3335			function upgrade_097_to_098() {
3336	3756fd86	Chris Buechler	// no longer used (used to set kill_states)
3337			return;
3338	af0a477a	Renato Botelho	}
3339	67e5e3c6	Renato Botelho
3340			function upgrade_098_to_099() {
3341	a3cc1409	jim-p	global $config;
3342	759a6fcf	Ermal
3343	751533a2	Phil Davis	if (empty($config['dhcpd']) \|\| !is_array($config['dhcpd'])) {
3344	759a6fcf	Ermal	return;
3345	751533a2	Phil Davis	}
3346	759a6fcf	Ermal
3347	a3cc1409	jim-p	foreach ($config['dhcpd'] as & $dhcpifconf) {
3348			if (isset($dhcpifconf['next-server'])) {
3349			$dhcpifconf['nextserver'] = $dhcpifconf['next-server'];
3350	aa0753e3	jim-p	unset($dhcpifconf['next-server']);
3351	a3cc1409	jim-p	}
3352			}
3353			}
3354
3355			function upgrade_099_to_100() {
3356			require_once("/etc/inc/services.inc");
3357			install_cron_job("/usr/bin/nice -n20 newsyslog", false);
3358			}
3359
3360	20dad315	Ermal	function upgrade_100_to_101() {
3361			global $config, $g;
3362
3363	751533a2	Phil Davis	if (!is_array($config['voucher'])) {
3364	20dad315	Ermal	return;
3365	751533a2	Phil Davis	}
3366	20dad315	Ermal
3367			foreach ($config['voucher'] as $cpzone => $cp) {
3368	751533a2	Phil Davis	if (!is_array($cp['roll'])) {
3369	20dad315	Ermal	continue;
3370	751533a2	Phil Davis	}
3371	20dad315	Ermal	foreach ($cp['roll'] as $ridx => $rcfg) {
3372	751533a2	Phil Davis	if (!empty($rcfg['comment'])) {
3373	20dad315	Ermal	$config['voucher'][$cpzone]['roll'][$ridx]['descr'] = $rcfg['comment'];
3374	751533a2	Phil Davis	}
3375	20dad315	Ermal	}
3376			}
3377			}
3378
3379	eae91304	Ermal	function upgrade_101_to_102() {
3380	67e5e3c6	Renato Botelho	global $config, $g;
3381
3382	ee34e137	Phil Davis	if (is_array($config['captiveportal'])) {
3383			foreach ($config['captiveportal'] as $cpzone => $cp) {
3384	751533a2	Phil Davis	if (!is_array($cp['passthrumac'])) {
3385	ee34e137	Phil Davis	continue;
3386	751533a2	Phil Davis	}
3387	67e5e3c6	Renato Botelho
3388	751533a2	Phil Davis	foreach ($cp['passthrumac'] as $idx => $passthrumac) {
3389	ee34e137	Phil Davis	$config['captiveportal'][$cpzone]['passthrumac'][$idx]['action'] = 'pass';
3390	751533a2	Phil Davis	}
3391	ee34e137	Phil Davis	}
3392	67e5e3c6	Renato Botelho	}
3393	edba1982	jim-p
3394	eae91304	Ermal	/* Convert OpenVPN Compression option to the new style */
3395	edba1982	jim-p	// Nothing to do if there is no OpenVPN tag
3396	ee34e137	Phil Davis	if (isset($config['openvpn']) && is_array($config['openvpn'])) {
3397			if (is_array($config['openvpn']['openvpn-server'])) {
3398			foreach ($config['openvpn']['openvpn-server'] as &$vpn) {
3399	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3400	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3401	751533a2	Phil Davis	}
3402	ee34e137	Phil Davis	}
3403	edba1982	jim-p	}
3404	ee34e137	Phil Davis	if (is_array($config['openvpn']['openvpn-client'])) {
3405			foreach ($config['openvpn']['openvpn-client'] as &$vpn) {
3406	751533a2	Phil Davis	if (!empty($vpn['compression'])) {
3407	ee34e137	Phil Davis	$vpn['compression'] = "adaptive";
3408	751533a2	Phil Davis	}
3409	ee34e137	Phil Davis	}
3410	edba1982	jim-p	}
3411			}
3412			}
3413	eef01b14	Renato Botelho
3414			function upgrade_102_to_103() {
3415			global $config;
3416
3417			if (isset($config['nat']['advancedoutbound']['enable'])) {
3418			$config['nat']['advancedoutbound']['mode'] = "advanced";
3419			unset($config['nat']['advancedoutbound']['enable']);
3420	751533a2	Phil Davis	} else {
3421	eef01b14	Renato Botelho	$config['nat']['advancedoutbound']['mode'] = "automatic";
3422	751533a2	Phil Davis	}
3423	eef01b14	Renato Botelho
3424			$config['nat']['outbound'] = $config['nat']['advancedoutbound'];
3425
3426	fa6e5ba5	Phil Davis	if (isset($config['nat']['ipsecpassthru'])) {
3427			unset($config['nat']['ipsecpassthru']);
3428			}
3429			if (isset($config['nat']['advancedoutbound'])) {
3430			unset($config['nat']['advancedoutbound']);
3431			}
3432	eef01b14	Renato Botelho	}
3433
3434	7997ed44	Renato Botelho	function upgrade_103_to_104() {
3435			global $config;
3436
3437			$changed_privs = array(
3438			"page-diag-system-activity" => "page-diagnostics-system-activity",
3439			"page-interfacess-groups" => "page-interfaces-groups",
3440			"page-interfacess-lagg" => "page-interfaces-lagg",
3441			"page-interfacess-qinq" => "page-interfaces-qinq"
3442			);
3443
3444			/* update user privileges */
3445			foreach ($config['system']['user'] as & $user) {
3446	751533a2	Phil Davis	if (!is_array($user['priv'])) {
3447	7997ed44	Renato Botelho	continue;
3448	751533a2	Phil Davis	}
3449	7997ed44	Renato Botelho	foreach ($user['priv'] as & $priv) {
3450	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3451	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3452	751533a2	Phil Davis	}
3453	7997ed44	Renato Botelho	}
3454			}
3455
3456			/* update group privileges */
3457			foreach ($config['system']['group'] as & $group) {
3458	751533a2	Phil Davis	if (!is_array($group['priv'])) {
3459	7997ed44	Renato Botelho	continue;
3460	751533a2	Phil Davis	}
3461	7997ed44	Renato Botelho	foreach ($group['priv'] as & $priv) {
3462	751533a2	Phil Davis	if (array_key_exists($priv, $changed_privs)) {
3463	7997ed44	Renato Botelho	$priv = $changed_privs[$priv];
3464	751533a2	Phil Davis	}
3465	7997ed44	Renato Botelho	}
3466			}
3467
3468			/* sync all local account information */
3469			local_sync_accounts();
3470			}
3471
3472	0a806969	Ermal	function upgrade_104_to_105() {
3473			global $config;
3474
3475			if (is_array($config['captiveportal'])) {
3476			$zoneid = 2;
3477			foreach ($config['captiveportal'] as $cpzone => $cpcfg) {
3478	55fae310	Phil Davis	if (empty($cpcfg['zoneid'])) {
3479	0a806969	Ermal	$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3480			$zoneid += 2;
3481			} else if ($cpcfg['zoneid'] > 4000) {
3482			$config['captiveportal'][$cpzone]['zoneid'] = $zoneid;
3483			$zoneid += 2;
3484			}
3485			}
3486			}
3487			}
3488
3489	e7d35d84	Ermal	function upgrade_105_to_106() {
3490
3491	6f55af1c	Ermal	/* NOTE: This entry can be reused for something else since the upgrade code was reverted */
3492	e7d35d84	Ermal	}
3493
3494	31dce430	Ermal	function upgrade_106_to_107() {
3495			global $config;
3496
3497			if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
3498			$tracker = (int)microtime(true);
3499			foreach ($config['filter']['rule'] as $ridx => $rule) {
3500			if (empty($rule['tracker'])) {
3501			$config['filter']['rule'][$ridx]['tracker'] = $tracker;
3502			$tracker++;
3503			}
3504			}
3505			unset($tracker, $ridx);
3506			}
3507			if (is_array($config['nat']) && is_array($config['nat']['rule'])) {
3508			$tracker = (int)microtime(true);
3509			foreach ($config['nat']['rule'] as $ridx => $rule) {
3510			if (empty($rule['tracker'])) {
3511			$config['nat']['rule'][$ridx]['tracker'] = $tracker;
3512			$tracker++;
3513			}
3514			}
3515			unset($tracker, $ridx);
3516			}
3517			}
3518
3519	08f30320	Renato Botelho	function upgrade_107_to_108() {
3520			global $config;
3521
3522	751533a2	Phil Davis	if (isset($config['system']['webgui']['noautocomplete'])) {
3523	08f30320	Renato Botelho	unset($config['system']['webgui']['noautocomplete']);
3524	751533a2	Phil Davis	} else {
3525	08f30320	Renato Botelho	$config['system']['webgui']['loginautocomplete'] = true;
3526	751533a2	Phil Davis	}
3527	08f30320	Renato Botelho	}
3528
3529	c15b5ed8	Renato Botelho	function upgrade_108_to_109() {
3530			global $config;
3531
3532	751533a2	Phil Davis	if (!isset($config['filter']['rule']) \|\| !is_array($config['filter']['rule'])) {
3533	c15b5ed8	Renato Botelho	return;
3534	751533a2	Phil Davis	}
3535	c15b5ed8	Renato Botelho
3536			foreach ($config['filter']['rule'] as &$rule) {
3537	751533a2	Phil Davis	if (!isset($rule['dscp']) \|\| empty($rule['dscp'])) {
3538	c15b5ed8	Renato Botelho	continue;
3539	751533a2	Phil Davis	}
3540	c15b5ed8	Renato Botelho
3541			$pos = strpos($rule['dscp'], ' ');
3542	751533a2	Phil Davis	if ($pos !== false) {
3543	c15b5ed8	Renato Botelho	$rule['dscp'] = substr($rule['dscp'], 0, $pos);
3544	751533a2	Phil Davis	}
3545	c15b5ed8	Renato Botelho	unset($pos);
3546			}
3547			}
3548
3549	9b915686	Ermal	function upgrade_109_to_110() {
3550			global $config;
3551
3552	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3553	9b915686	Ermal	return;
3554	751533a2	Phil Davis	}
3555	9b915686	Ermal
3556			foreach ($config['ipsec']['phase2'] as &$rule) {
3557	751533a2	Phil Davis	if (!empty($rule['uniqid'])) {
3558	9b915686	Ermal	continue;
3559	751533a2	Phil Davis	}
3560	9b915686	Ermal
3561			$rule['uniqid'] = uniqid();
3562			}
3563			}
3564
3565	3f257101	Renato Botelho	function upgrade_110_to_111() {
3566			global $config;
3567
3568	bdbb4dba	Renato Botelho	/* Make sure unbound user exist */
3569			mwexec('/usr/sbin/pw groupadd -n unbound -g 59', true);
3570			mwexec('/usr/sbin/pw useradd -n unbound -c "Unbound DNS Resolver" -d /var/unbound -s /usr/sbin/nologin -u 59 -g 59', true);
3571
3572	c11b7ffe	Renato Botelho	/* cleanup old unbound package stuffs */
3573			unlink_if_exists("/usr/local/pkg/unbound.xml");
3574			unlink_if_exists("/usr/local/pkg/unbound.inc");
3575			unlink_if_exists("/usr/local/pkg/unbound_advanced.xml");
3576			unlink_if_exists("/usr/local/www/unbound_status.php");
3577			unlink_if_exists("/usr/local/www/unbound_acls.php");
3578			unlink_if_exists("/usr/local/bin/unbound_monitor.sh");
3579	b4db2d0e	Renato Botelho	unlink_if_exists("/usr/local/etc/rc.d/unbound.sh");
3580	c11b7ffe	Renato Botelho
3581			/* Remove old menu and service entries */
3582			if (isset($config['installedpackages']['menu']) && is_array($config['installedpackages']['menu'])) {
3583			foreach ($config['installedpackages']['menu'] as $idx => $menu) {
3584	751533a2	Phil Davis	if ($menu['name'] != 'Unbound DNS') {
3585	c11b7ffe	Renato Botelho	continue;
3586	751533a2	Phil Davis	}
3587	c11b7ffe	Renato Botelho
3588			unset($config['installedpackages']['menu'][$idx]);
3589			break;
3590			}
3591			}
3592
3593			if (isset($config['installedpackages']['service']) && is_array($config['installedpackages']['service'])) {
3594			foreach ($config['installedpackages']['service'] as $idx => $service) {
3595	751533a2	Phil Davis	if ($service['name'] != 'unbound') {
3596	c11b7ffe	Renato Botelho	continue;
3597	751533a2	Phil Davis	}
3598	c11b7ffe	Renato Botelho	unset($config['installedpackages']['service'][$idx]);
3599			break;
3600			}
3601			}
3602
3603	751533a2	Phil Davis	if (!isset($config['installedpackages']['unbound']['config'][0])) {
3604	3f257101	Renato Botelho	return;
3605	751533a2	Phil Davis	}
3606	3f257101	Renato Botelho
3607			$pkg = $config['installedpackages']['unbound']['config'][0];
3608
3609	751533a2	Phil Davis	if (isset($config['installedpackages']['unboundadvanced']['config'][0])) {
3610	3f257101	Renato Botelho	$pkg = array_merge($pkg, $config['installedpackages']['unboundadvanced']['config'][0]);
3611	751533a2	Phil Davis	}
3612	3f257101	Renato Botelho
3613			$new = array();
3614
3615			/* deal first with boolean fields */
3616			$fields = array(
3617			"enable" => "enable",
3618			"dnssec_status" => "dnssec",
3619			"forwarding_mode" => "forwarding",
3620			"regdhcp" => "regdhcp",
3621			"regdhcpstatic" => "regdhcpstatic",
3622			"txtsupport" => "txtsupport",
3623			"hide_id" => "hideidentity",
3624			"hide_version" => "hideversion",
3625			"prefetch" => "prefetch",
3626			"prefetch_key" => "prefetchkey",
3627			"harden_glue" => "hardenglue",
3628			"harden_dnssec_stripped" => "dnssec_stripped");
3629
3630			foreach ($fields as $oldk => $newk) {
3631			if (isset($pkg[$oldk])) {
3632	751533a2	Phil Davis	if ($pkg[$oldk] == 'on') {
3633	3f257101	Renato Botelho	$new[$newk] = true;
3634	751533a2	Phil Davis	}
3635	3f257101	Renato Botelho	unset($pkg[$oldk]);
3636			}
3637			}
3638
3639			$fields = array(
3640			"active_interface" => "network_interface",
3641			"query_interface" => "outgoing_interface",
3642			"unbound_verbosity" => "log_verbosity",
3643			"msg_cache_size" => "msgcachesize",
3644			"outgoing_num_tcp" => "outgoing_num_tcp",
3645			"incoming_num_tcp" => "incoming_num_tcp",
3646			"edns_buffer_size" => "edns_buffer_size",
3647			"num_queries_per_thread" => "num_queries_per_thread",
3648			"jostle_timeout" => "jostle_timeout",
3649			"cache_max_ttl" => "cache_max_ttl",
3650			"cache_min_ttl" => "cache_min_ttl",
3651			"infra_host_ttl" => "infra_host_ttl",
3652			"infra_cache_numhosts" => "infra_cache_numhosts",
3653			"unwanted_reply_threshold" => "unwanted_reply_threshold",
3654			"custom_options" => "custom_options");
3655
3656			foreach ($fields as $oldk => $newk) {
3657			if (isset($pkg[$oldk])) {
3658			$new[$newk] = $pkg[$oldk];
3659			unset($pkg[$oldk]);
3660			}
3661			}
3662
3663	751533a2	Phil Davis	if (isset($new['custom_options']) && !empty($new['custom_options'])) {
3664	fbf3d06e	Renato Botelho	$new['custom_options'] = str_replace("\r\n", "\n", $new['custom_options']);
3665	751533a2	Phil Davis	}
3666	c23f4d8f	Renato Botelho
3667	3f257101	Renato Botelho	/* Following options were removed, bring them as custom_options */
3668			if (isset($pkg['stats']) && $pkg['stats'] == "on") {
3669	751533a2	Phil Davis	if (isset($pkg['stats_interval'])) {
3670	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-interval: {$pkg['stats_interval']}";
3671	751533a2	Phil Davis	}
3672			if (isset($pkg['cumulative_stats'])) {
3673	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "statistics-cumulative: {$pkg['cumulative_stats']}";
3674	751533a2	Phil Davis	}
3675			if (isset($pkg['extended_stats']) && $pkg['extended_stats'] == "on") {
3676	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: yes";
3677	751533a2	Phil Davis	} else {
3678	387ab31a	Renato Botelho	$new['custom_options'] .= (empty($new['custom_options']) ? "" : "\n") . "extended-statistics: no";
3679	751533a2	Phil Davis	}
3680	3f257101	Renato Botelho	}
3681
3682			$new['acls'] = array();
3683			if (isset($config['installedpackages']['unboundacls']['config']) &&
3684			is_array($config['installedpackages']['unboundacls']['config'])) {
3685	751533a2	Phil Davis	foreach ($config['installedpackages']['unboundacls']['config'] as $acl) {
3686	3f257101	Renato Botelho	$new['acls'][] = $acl;
3687	751533a2	Phil Davis	}
3688	3f257101	Renato Botelho	}
3689
3690			$config['unbound'] = $new;
3691
3692	751533a2	Phil Davis	if (isset($config['installedpackages']['unbound'])) {
3693	3f257101	Renato Botelho	unset($config['installedpackages']['unbound']);
3694	751533a2	Phil Davis	}
3695			if (isset($config['installedpackages']['unboundadvanced'])) {
3696	3f257101	Renato Botelho	unset($config['installedpackages']['unboundadvanced']);
3697	751533a2	Phil Davis	}
3698			if (isset($config['installedpackages']['unboundacls'])) {
3699	3f257101	Renato Botelho	unset($config['installedpackages']['unboundacls']);
3700	751533a2	Phil Davis	}
3701	3f257101	Renato Botelho
3702			unset($pkg, $new);
3703			}
3704
3705	b0885c5a	Renato Botelho	function upgrade_111_to_112() {
3706			global $config;
3707
3708			$config['cron']['item'][] = array(
3709			'minute' => '*/60',
3710			'hour' => '*',
3711			'mday' => '*',
3712			'month' => '*',
3713			'wday' => '*',
3714			'who' => 'root',
3715			'command' => '/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout'
3716			);
3717			}
3718
3719	ccf30846	Renato Botelho	function upgrade_112_to_113() {
3720			global $config;
3721
3722	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['ssl'])) {
3723			if ($config['notifications']['smtp']['ssl'] == "checked") {
3724			$config['notifications']['smtp']['ssl'] = true;
3725			} else {
3726			unset($config['notifications']['smtp']['ssl']);
3727			}
3728	751533a2	Phil Davis	}
3729	ccf30846	Renato Botelho
3730	fa6e5ba5	Phil Davis	if (isset($config['notifications']['smtp']['tls'])) {
3731			if ($config['notifications']['smtp']['tls'] == "checked") {
3732			$config['notifications']['smtp']['tls'] = true;
3733			} else {
3734			unset($config['notifications']['smtp']['tls']);
3735			}
3736	751533a2	Phil Davis	}
3737	ccf30846	Renato Botelho	}
3738
3739	368d4910	Renato Botelho	function upgrade_113_to_114() {
3740			global $config;
3741
3742			if (!isset($config['ipsec']['phase1']) \|\|
3743	751533a2	Phil Davis	!is_array($config['ipsec']['phase1'])) {
3744	368d4910	Renato Botelho	return;
3745	751533a2	Phil Davis	}
3746	368d4910	Renato Botelho
3747	751533a2	Phil Davis	foreach ($config['ipsec']['phase1'] as &$ph1ent) {
3748			if (!isset($ph1ent['iketype'])) {
3749	368d4910	Renato Botelho	$ph1ent['iketype'] = 'ikev1';
3750	751533a2	Phil Davis	}
3751			}
3752	368d4910	Renato Botelho	}
3753
3754	cfb5073f	Renato Botelho	function upgrade_114_to_115() {
3755			global $config;
3756
3757	751533a2	Phil Davis	if (isset($config['unbound']['custom_options'])) {
3758	cfb5073f	Renato Botelho	$config['unbound']['custom_options'] = base64_encode($config['unbound']['custom_options']);
3759	751533a2	Phil Davis	}
3760	cfb5073f	Renato Botelho	}
3761
3762	1fe208ec	Ermal LUÇI	function upgrade_115_to_116() {
3763			global $config;
3764
3765	751533a2	Phil Davis	if (!is_array($config['ipsec']) \|\| !is_array($config['ipsec']['phase2'])) {
3766			return;
3767			}
3768	1fe208ec	Ermal LUÇI
3769	751533a2	Phil Davis	$keyid = 1;
3770			foreach ($config['ipsec']['phase2'] as $idx => $ph2) {
3771			$config['ipsec']['phase2'][$idx]['reqid'] = $keyid;
3772	1fe208ec	Ermal LUÇI	$keyid++;
3773			}
3774			}
3775
3776	b997da8b	xbipin	function upgrade_116_to_117() {
3777	751533a2	Phil Davis	global $config;
3778	b997da8b	xbipin
3779	877740ee	Renato Botelho	if (!isset($config['ipsec']['client']) \|\|
3780			!isset($config['ipsec']['client']['dns_split']) \|\|
3781			empty($config['ipsec']['client']['dns_split'])) {
3782			return;
3783			}
3784
3785			$config['ipsec']['client']['dns_split'] =
3786			preg_replace('/\s,\s/', ' ', trim($config['ipsec']['client']['dns_split']));
3787	74eaabbb	Ermal LUÇI
3788	877740ee	Renato Botelho	}
3789
3790			function upgrade_117_to_118() {
3791			global $config;
3792
3793	564f1356	Phil Davis	// Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them.
3794			if (isset($config['system']['ca'])) {
3795			unset($config['system']['ca']);
3796			}
3797			if (isset($config['system']['cert'])) {
3798			unset($config['system']['cert']);
3799			}
3800
3801	faaab088	Renato Botelho	if (!isset($config['ipsec']['phase1'])) {
3802			return;
3803			}
3804
3805			$a_phase1 =& $config['ipsec']['phase1'];
3806
3807			foreach ($a_phase1 as &$ph1_entry) {
3808	6990ad35	Phil Davis	// update asn1dn strings from racoon's format to strongswan's
3809	faaab088	Renato Botelho	if (isset($ph1_entry['myid_type']) && $ph1_entry['myid_type'] == 'asn1dn') {
3810			$ph1_entry['myid_data'] =
3811			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['myid_data']);
3812			}
3813			if (isset($ph1_entry['peerid_type']) && $ph1_entry['peerid_type'] == 'asn1dn') {
3814			$ph1_entry['peerid_data'] =
3815			preg_replace('/\/\semailAddress\s=\s*/', ', E=', $ph1_entry['peerid_data']);
3816			}
3817			}
3818			}
3819
3820			function upgrade_118_to_119() {
3821			global $config;
3822
3823	0538cfa2	jim-p	if (!isset($config['ipsec']['phase1'])) {
3824			return;
3825			}
3826	2da055f0	Chris Buechler
3827	8691632c	Chris Buechler	// change peerid_type to 'any' for EAP types to retain previous behavior of omitting rightid
3828			$a_phase1 =& $config['ipsec']['phase1'];
3829
3830			foreach ($a_phase1 as &$ph1_entry) {
3831			if (strstr($ph1_entry['authentication_method'], 'eap')) {
3832	6990ad35	Phil Davis	$ph1_entry['peerid_type'] = "any";
3833	8691632c	Chris Buechler	}
3834			}
3835			}
3836
3837			function upgrade_119_to_120() {
3838	5d714d9c	jim-p	require_once("ipsec.inc");
3839	c53e411f	Matt Smith	global $config, $ipsec_log_cats;
3840
3841			if (!is_array($config['ipsec'])) {
3842			return;
3843			}
3844
3845			// add 1 to configured log levels as part of redmine #5340
3846			foreach ($ipsec_log_cats as $lkey => $ldescr) {
3847			if (isset($config['ipsec']["ipsec_{$lkey}"])) {
3848			$config['ipsec']["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"] + 1;
3849			}
3850			}
3851
3852			}
3853
3854
3855			function upgrade_120_to_121() {
3856	8691632c	Chris Buechler	global $config;
3857
3858	751533a2	Phil Davis	if (!isset($config['installedpackages']['miniupnpd']['config'][0])) {
3859	ee874f47	xbipin	return;
3860	751533a2	Phil Davis	}
3861	b997da8b	xbipin
3862	ee874f47	xbipin	$miniupnpd =& $config['installedpackages']['miniupnpd']['config'][0];
3863	b997da8b	xbipin
3864	ee874f47	xbipin	$miniupnpd['row'] = array();
3865	b997da8b	xbipin
3866	ee874f47	xbipin	for ($i = 1; $i <= 4; $i++) {
3867	751533a2	Phil Davis	if (isset($miniupnpd["permuser{$i}"]) && !empty($miniupnpd["permuser{$i}"])) {
3868	ee874f47	xbipin	$miniupnpd['row'][] = array('permuser' => $miniupnpd["permuser{$i}"]);
3869	751533a2	Phil Davis	}
3870	ee874f47	xbipin	unset($miniupnpd["permuser{$i}"]);
3871			}
3872	b997da8b	xbipin	}
3873	751533a2	Phil Davis
3874	c53e411f	Matt Smith	function upgrade_121_to_122() {
3875	8e717058	Jim Thompson	global $config;
3876			foreach ($config['system']['user'] as &$user) {
3877			if (isset($user['nt-hash'])) {
3878			unset($user['nt-hash']);
3879			}
3880			}
3881			}
3882
3883	c53e411f	Matt Smith	function upgrade_122_to_123() {
3884	c9d46a8e	Renato Botelho	global $config;
3885
3886			// PPTP server was removed
3887			if (isset($config['pptpd'])) {
3888			unset($config['pptpd']);
3889			}
3890
3891			// Cleanup firewall rules
3892			if (isset($config['filter']['rule']) && is_array($config['filter']['rule'])) {
3893	2975a608	Renato Botelho	$rules =& $config['filter']['rule'];
3894	c9d46a8e	Renato Botelho	$last_rule = count($rules) - 1;
3895			// Process in reverse order to be able to unset items
3896			for ($i = $last_rule; $i >= 0; $i--) {
3897	2975a608	Renato Botelho	if (isset($rules[$i]['interface']) && $rules[$i]['interface'] == 'pptp') {
3898			unset($config['filter']['rule'][$i]);
3899	c9d46a8e	Renato Botelho	continue;
3900			}
3901	2975a608	Renato Botelho	if (isset($rules[$i]['source']['network']) && $rules[$i]['source']['network'] == 'pptp') {
3902			unset($config['filter']['rule'][$i]);
3903	c9d46a8e	Renato Botelho	continue;
3904			}
3905	2975a608	Renato Botelho	if (isset($rules[$i]['destination']['network']) && $rules[$i]['destination']['network'] == 'pptp') {
3906			unset($config['filter']['rule'][$i]);
3907	c9d46a8e	Renato Botelho	continue;
3908			}
3909			}
3910			}
3911
3912			// Cleanup 1:1 NAT rules
3913			if (isset($config['nat']['onetoone']) && is_array($config['nat']['onetoone'])) {
3914			$onetoone =& $config['nat']['onetoone'];
3915	2975a608	Renato Botelho	$last_rule = count($onetoone) - 1;
3916	c9d46a8e	Renato Botelho	// Process in reverse order to be able to unset items
3917			for ($i = $last_rule; $i >= 0; $i--) {
3918	2975a608	Renato Botelho	if (isset($onetoone[$i]['interface']) && $onetoone[$i]['interface'] == 'pptp') {
3919			unset($config['nat']['onetoone'][$i]);
3920	c9d46a8e	Renato Botelho	continue;
3921			}
3922	2975a608	Renato Botelho	if (isset($onetoone[$i]['source']['network']) && $onetoone[$i]['source']['network'] == 'pptp') {
3923			unset($config['nat']['onetoone'][$i]);
3924	c9d46a8e	Renato Botelho	continue;
3925			}
3926	2975a608	Renato Botelho	if (isset($onetoone[$i]['destination']['network']) && $onetoone[$i]['destination']['network'] == 'pptp') {
3927			unset($config['nat']['onetoone'][$i]);
3928	c9d46a8e	Renato Botelho	continue;
3929			}
3930			}
3931			}
3932
3933			// Cleanup npt NAT rules
3934			if (isset($config['nat']['npt']) && is_array($config['nat']['npt'])) {
3935			$npt =& $config['nat']['npt'];
3936			$last_rule = count($npt) - 1;
3937			// Process in reverse order to be able to unset items
3938			for ($i = $last_rule; $i >= 0; $i--) {
3939	2975a608	Renato Botelho	if (isset($npt[$i]['interface']) && $npt[$i]['interface'] == 'pptp') {
3940			unset($config['nat']['npt'][$i]);
3941	c9d46a8e	Renato Botelho	continue;
3942			}
3943			}
3944			}
3945
3946			// Cleanup Port-forward NAT rules
3947			if (isset($config['nat']['rule']) && is_array($config['nat']['rule'])) {
3948	2975a608	Renato Botelho	$nat_rules =& $config['nat']['rule'];
3949	c9d46a8e	Renato Botelho	$last_rule = count($nat_rules) - 1;
3950			// Process in reverse order to be able to unset items
3951			for ($i = $last_rule; $i >= 0; $i--) {
3952	2975a608	Renato Botelho	if (isset($nat_rules[$i]['interface']) && $nat_rules[$i]['interface'] == 'pptp') {
3953			unset($config['nat']['rule'][$i]);
3954	c9d46a8e	Renato Botelho	continue;
3955			}
3956	2975a608	Renato Botelho	if (isset($nat_rules[$i]['source']['network']) && $nat_rules[$i]['source']['network'] == 'pptp') {
3957			unset($config['nat']['rule'][$i]);
3958	c9d46a8e	Renato Botelho	continue;
3959			}
3960	2975a608	Renato Botelho	if (isset($nat_rules[$i]['destination']['network']) && $nat_rules[$i]['destination']['network'] == 'pptp') {
3961			unset($config['nat']['rule'][$i]);
3962	c9d46a8e	Renato Botelho	continue;
3963			}
3964			}
3965			}
3966
3967			// Cleanup Port-forward NAT rules
3968			if (isset($config['nat']['outbound']['rule']) && is_array($config['nat']['outbound']['rule'])) {
3969	2975a608	Renato Botelho	$out_rules =& $config['nat']['outbound']['rule'];
3970	c9d46a8e	Renato Botelho	$last_rule = count($out_rules) - 1;
3971			// Process in reverse order to be able to unset items
3972			for ($i = $last_rule; $i >= 0; $i--) {
3973	2975a608	Renato Botelho	if (isset($out_rules[$i]['interface']) && $out_rules[$i]['interface'] == 'pptp') {
3974			unset($config['nat']['outbound']['rule'][$i]);
3975	c9d46a8e	Renato Botelho	continue;
3976			}
3977			}
3978			}
3979			}
3980
3981	c53e411f	Matt Smith	function upgrade_123_to_124() {
3982	0cdb94e1	Renato Botelho	if (isset($config['system']['altpkgrepo'])) {
3983			unset($config['system']['altpkgrepo']);
3984			}
3985	cf093b35	Renato Botelho
3986			if (isset($config['theme'])) {
3987			unset($config['theme']);
3988			}
3989	0cdb94e1	Renato Botelho	}
3990
3991	c53e411f	Matt Smith	function upgrade_124_to_125() {
3992	b061a3c6	Matt Smith	global $config;
3993
3994			/* Find interfaces with WEP configured. */
3995			foreach ($config['interfaces'] as $ifname => $intf) {
3996			if (!is_array($intf['wireless'])) {
3997			continue;
3998			}
3999
4000			/* Generate a notice, disable interface, remove WEP settings */
4001			if (isset($intf['wireless']['wep']['enable'])) {
4002	5679253c	Renato Botelho	if (!function_exists("file_notice")) {
4003			require_once("notices.inc");
4004			}
4005	51a14c58	Phil Davis	file_notice("WirelessSettings", sprintf(gettext("WEP is no longer supported. It will be disabled on the %s interface and the interface will be disabled. Please reconfigure the interface."), $ifname));
4006	b37b4034	Phil Davis	unset($config['interfaces'][$ifname]['wireless']['wep']);
4007	b061a3c6	Matt Smith	if (isset($intf['enable'])) {
4008			unset($config['interfaces'][$ifname]['enable']);
4009			}
4010			}
4011			}
4012			}
4013	b37b4034	Phil Davis
4014	c53e411f	Matt Smith	function upgrade_125_to_126() {
4015	4df73fa0	Matt Smith	require_once("ipsec.inc");
4016	c53e411f	Matt Smith	global $config, $ipsec_log_cats, $ipsec_log_sevs;
4017
4018			$def_loglevel = 1;
4019			if (!is_array($config['ipsec'])) {
4020			return;
4021			}
4022
4023			if (!isset($config['ipsec']['logging']) \|\| !is_array($config['ipsec']['logging'])) {
4024			$config['ipsec']['logging'] = array();
4025			}
4026
4027			/* subtract 2 from ipsec log levels. the value stored in the config.xml
4028			* will now match the strongswan level exactly.
4029			*/
4030	4e322e2c	Phil Davis	foreach (array_keys($ipsec_log_cats) as $cat) {
4031	c53e411f	Matt Smith	if (!isset($config['ipsec']["ipsec_{$cat}"])) {
4032			$new_level = $def_loglevel;
4033			} else {
4034			$new_level = intval($config['ipsec']["ipsec_{$cat}"]) - 2;
4035			}
4036
4037			if (in_array($new_level, array_keys($ipsec_log_sevs))) {
4038			$config['ipsec']['logging'][$cat] = $new_level;
4039			} else {
4040			$config['ipsec']['logging'][$cat] = $def_loglevel;
4041			}
4042			unset($config['ipsec']["ipsec_{$cat}"]);
4043			}
4044			}
4045
4046	1fd9322b	Stephen Beaver	// prior to v2.3 <widgets><sequence> contains a list of widgets with display types:
4047			// none, close, hide, & show
4048			// v2.3 & later uses:
4049			// close & open
4050			// widgets not in use are simply not in the list
4051			function upgrade_126_to_127() {
4052			global $config;
4053
4054			if (!isset($config['widgets']['sequence'])) {
4055			return;
4056			}
4057
4058			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4059			$new_widgets = array();
4060
4061			foreach ($cur_widgets as $widget) {
4062			list($file, $col, $display) = explode(':', $widget);
4063
4064			switch ($display) {
4065	153e3ac2	Stephen Beaver	case 'hide':
4066			$display = 'close';
4067			break;
4068			case 'show':
4069			$display = 'open';
4070			break;
4071	c8b0a653	Stephen Beaver	case 'open':
4072			break;
4073	153e3ac2	Stephen Beaver	default:
4074			continue 2;
4075	1fd9322b	Stephen Beaver	}
4076
4077			/* Remove '-container' from widget name */
4078			$file = preg_replace('/-container$/', '', $file);
4079
4080			$new_widgets[] = "{$file}:{$col}:{$display}";
4081			}
4082
4083			$config['widgets']['sequence'] = implode(',', $new_widgets);
4084
4085			}
4086	b061a3c6	Matt Smith
4087	2073c2d5	Phil Davis	function upgrade_127_to_128() {
4088			global $config;
4089
4090			// If bindip is not already specified then migrate the old SNMP bindlan flag to a bindip setting
4091			if (isset($config['snmpd']['bindlan'])) {
4092			if (!isset($config['snmpd']['bindip'])) {
4093			$config['snmpd']['bindip'] = 'lan';
4094			}
4095			unset($config['snmpd']['bindlan']);
4096			}
4097			}
4098
4099	da6f8482	Renato Botelho	function upgrade_128_to_129() {
4100			global $config;
4101
4102			/* net.inet.ip.fastforwarding does not exist in 2.3. */
4103	5540759e	Renato Botelho	if (!isset($config['sysctl']['item']) \|\|
4104			!is_array($config['sysctl']['item'])) {
4105			return;
4106			}
4107
4108			foreach ($config['sysctl']['item'] as $idx => $sysctl) {
4109			if ($sysctl['tunable'] == "net.inet.ip.fastforwarding") {
4110			unset($config['sysctl']['item'][$idx]);
4111	da6f8482	Renato Botelho	}
4112	c71d37a7	Chris Buechler	if ($sysctl['tunable'] == "net.inet.ipsec.debug") {
4113			$config['sysctl']['item'][$idx]['value'] = "0";
4114			}
4115	da6f8482	Renato Botelho	}
4116	efef9c1b	Renato Botelho
4117			/* IPSEC is always on in 2.3. */
4118	4e322e2c	Phil Davis	if (isset($config['ipsec']['enable'])) {
4119	efef9c1b	Renato Botelho	unset($config['ipsec']['enable']);
4120	33baf237	Renato Botelho	} else if (is_array($config['ipsec']['phase1'])) {
4121			/*
4122			* If IPsec was globally disabled, disable all
4123			* phase1 entries
4124			*/
4125			foreach ($config['ipsec']['phase1'] as $idx => $p1) {
4126			$config['ipsec']['phase1'][$idx]['disabled'] = true;
4127			}
4128	4e322e2c	Phil Davis	}
4129	da6f8482	Renato Botelho	}
4130
4131	9555dd35	jim-p	function upgrade_129_to_130() {
4132			global $config;
4133
4134			/* Change OpenVPN topology_subnet checkbox into topology multi-select #5526 */
4135			if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) {
4136			foreach ($config['openvpn']['openvpn-server'] as & $serversettings) {
4137			if (isset($serversettings['topology_subnet'])) {
4138			unset($serversettings['topology_subnet']);
4139			$serversettings['topology'] = "subnet";
4140			} else {
4141			$serversettings['topology'] = "net30";
4142			}
4143			}
4144			}
4145			}
4146
4147	b1c2bb34	Renato Botelho	function upgrade_130_to_131() {
4148			global $config;
4149
4150			if (isset($config['syslog']['apinger'])) {
4151			$config['syslog']['dpinger'] = true;
4152			unset($config['syslog']['apinger']);
4153			}
4154
4155			if (isset($config['system']['apinger_debug'])) {
4156			unset($config['system']['apinger_debug']);
4157			}
4158
4159			if (!isset($config['gateways']['gateway_item']) \|\|
4160			!is_array($config['gateways']['gateway_item'])) {
4161			return;
4162			}
4163
4164			foreach ($config['gateways']['gateway_item'] as &$gw) {
4165			// dpinger uses milliseconds
4166			if (isset($gw['interval']) &&
4167			is_numeric($gw['interval'])) {
4168			$gw['interval'] = $gw['interval'] * 1000;
4169			}
4170			if (isset($gw['down']) &&
4171			is_numeric($gw['down'])) {
4172			$gw['loss_interval'] = $gw['down'] * 1000;
4173			unset($gw['down']);
4174			}
4175
4176			if (isset($gw['avg_delay_samples'])) {
4177			unset($gw['avg_delay_samples']);
4178			}
4179			if (isset($gw['avg_delay_samples_calculated'])) {
4180			unset($gw['avg_delay_samples_calculated']);
4181			}
4182			if (isset($gw['avg_loss_samples'])) {
4183			unset($gw['avg_loss_samples']);
4184			}
4185			if (isset($gw['avg_loss_samples_calculated'])) {
4186			unset($gw['avg_loss_samples_calculated']);
4187			}
4188	20c5b5ee	Phil Davis	if (isset($gw['avg_loss_delay_samples'])) {
4189			unset($gw['avg_loss_delay_samples']);
4190	b1c2bb34	Renato Botelho	}
4191	20c5b5ee	Phil Davis	if (isset($gw['avg_loss_delay_samples_calculated'])) {
4192			unset($gw['avg_loss_delay_samples_calculated']);
4193	b1c2bb34	Renato Botelho	}
4194			}
4195			}
4196
4197	41df62c1	jim-p	function upgrade_131_to_132() {
4198			global $config;
4199			if (isset($config['system']['usefifolog'])) {
4200			unset($config['system']['usefifolog']);
4201			clear_all_log_files(false);
4202			}
4203			}
4204	f1b7a0b1	Renato Botelho
4205			function upgrade_132_to_133() {
4206			global $config;
4207
4208			if (isset($config['ipsec']['phase1']) &&
4209			is_array($config['ipsec']['phase1'])) {
4210			foreach ($config['ipsec']['phase1'] as &$p1) {
4211			if (isset($p1['encryption-algorithm']['name']) &&
4212			$p1['encryption-algorithm']['name'] == 'des') {
4213			$p1['disabled'] = true;
4214			file_notice("IPsec",
4215	51a14c58	Phil Davis	sprintf(gettext("DES is no longer supported, IPsec phase 1 item '%s' is being disabled."), $p1['descr']));
4216	f1b7a0b1	Renato Botelho	}
4217			}
4218			}
4219
4220			if (isset($config['ipsec']['phase2']) &&
4221			is_array($config['ipsec']['phase2'])) {
4222			foreach ($config['ipsec']['phase2'] as &$p2) {
4223			if (!isset($p2['encryption-algorithm-option']) \|\|
4224			!is_array($p2['encryption-algorithm-option'])) {
4225			continue;
4226			}
4227
4228			foreach ($p2['encryption-algorithm-option'] as $ealgo) {
4229			if ($ealgo['name'] == 'des') {
4230			$p2['disabled'] = true;
4231			file_notice("IPsec",
4232	51a14c58	Phil Davis	sprintf(gettext("DES is no longer supported, IPsec phase 2 item '%s' is being disabled."), $p2['descr']));
4233	f1b7a0b1	Renato Botelho	}
4234			}
4235			}
4236			}
4237			}
4238	29c0d920	Stephen Beaver
4239			// Determine the highest column number in use and set dashboardcolumns accordingly
4240			function upgrade_133_to_134() {
4241			global $config;
4242
4243			if (!isset($config['widgets']['sequence']) \|\| isset($config['system']['webgui']['dashboardcolumns'])) {
4244			return;
4245			}
4246
4247			$cur_widgets = explode(',', trim($config['widgets']['sequence']));
4248			$maxcols = 2;
4249
4250			foreach ($cur_widgets as $widget) {
4251			list($file, $col, $display) = explode(':', $widget);
4252
4253			if (($display != 'none') && ($display != 'hide')) {
4254			preg_match('#[0-9]+$#', $col, $column);
4255			if ($column[0] > $maxcols) {
4256			$maxcols = $column[0];
4257			}
4258			}
4259			}
4260
4261			$config['system']['webgui']['dashboardcolumns'] = $maxcols % 10;
4262			}
4263	c4104141	Chris Buechler
4264			function upgrade_134_to_135() {
4265			global $config;
4266
4267			if (isset($config['syslog']['nologlighttpd'])) {
4268			unset($config['syslog']['nologlighttpd']);
4269			$config['syslog']['nolognginx'] = true;
4270			}
4271			}
4272	1ac4e6ae	Chris Buechler
4273			function upgrade_135_to_136() {
4274			global $config;
4275
4276			if (isset($config['l7shaper'])) {
4277	51a14c58	Phil Davis	file_notice("L7shaper", gettext("Layer 7 shaping is no longer supported. Its configuration has been removed."));
4278	1ac4e6ae	Chris Buechler	unset($config['l7shaper']);
4279			if (is_array($config['filter']['rule'])) {
4280			foreach ($config['filter']['rule'] as $idx => $rule) {
4281			if (isset($rule['l7container'])) {
4282			unset($config['filter']['rule'][$idx]['l7container']);
4283			}
4284			}
4285			}
4286			}
4287			}
4288	65cce9d7	Renato Botelho
4289			function upgrade_136_to_137() {
4290			global $config;
4291
4292			if (is_array($config['dhcpd'])) {
4293			foreach ($config['dhcpd'] as &$dhcpd) {
4294			if (!is_array($dhcpd['numberoptions']['item'])) {
4295			continue;
4296			}
4297
4298			foreach ($dhcpd['numberoptions']['item'] as &$item) {
4299			$item['value'] = base64_encode($item['value']);
4300			}
4301			}
4302			}
4303
4304			if (is_array($config['dhcpdv6'])) {
4305			foreach ($config['dhcpdv6'] as &$dhcpdv6) {
4306			if (!is_array($dhcpdv6['numberoptions']['item'])) {
4307			continue;
4308			}
4309
4310			foreach ($dhcpdv6['numberoptions']['item'] as &$item) {
4311			$item['value'] = base64_encode($item['value']);
4312			}
4313			}
4314			}
4315			}
4316
4317	d9a17eaf	Chris Buechler	function upgrade_137_to_138() {
4318			global $config;
4319
4320			// the presence of unityplugin tag used to disable loading of unity plugin
4321	b76cc978	Stephen Beaver	// it's now disabled by default, and config tag is to enable. Unset accordingly.
4322	d9a17eaf	Chris Buechler	if (is_array($config['ipsec'])) {
4323			if (isset($config['ipsec']['unityplugin'])) {
4324			unset($config['ipsec']['unityplugin']);
4325			}
4326			}
4327			}
4328
4329	3756fd86	Chris Buechler	function upgrade_138_to_139() {
4330			global $config;
4331
4332			// clean up state killing on gateway failure. having kill_states set used to mean it was disabled
4333	b76cc978	Stephen Beaver	// now set gw_down_kill_states if enabled.
4334	3756fd86	Chris Buechler	if (!isset($config['system']['kill_states'])) {
4335			$config['system']['gw_down_kill_states'] = true;
4336			} else {
4337			unset($config['system']['kill_states']);
4338			}
4339			}
4340
4341	a34c263b	Chris Buechler	function upgrade_139_to_140() {
4342			global $config;
4343
4344			if (is_array($config['virtualip']['vip'])) {
4345			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4346			if ($vip['mode'] == "carp") {
4347			if (!isset($vip['uniqid'])) {
4348			$config['virtualip']['vip'][$idx]['uniqid'] = uniqid();
4349			}
4350			}
4351			}
4352			}
4353			}
4354
4355	1c1ca39b	Chris Buechler	function upgrade_140_to_141() {
4356	b76cc978	Stephen Beaver	global $config;
4357	1c1ca39b	Chris Buechler
4358	68e82ecb	Chris Buechler	// retain OpenVPN's net30 default topology for upgraded client configs so they still work
4359	1968fe40	Chris Buechler	if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-client'])) {
4360	1c1ca39b	Chris Buechler	foreach ($config['openvpn']['openvpn-client'] as $idx => $ovpnclient) {
4361			if (!isset($ovpnclient['topology'])) {
4362			$config['openvpn']['openvpn-client'][$idx]['topology'] = "net30";
4363			}
4364			}
4365			}
4366	1968fe40	Chris Buechler
4367			// repeat addition of filter tracker IDs from 106_to_107 where missing since associated filter rules were missing them
4368			if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
4369			$tracker = (int)microtime(true);
4370			foreach ($config['filter']['rule'] as $ridx => $rule) {
4371			if (empty($rule['tracker'])) {
4372			$config['filter']['rule'][$ridx]['tracker'] = $tracker;
4373			$tracker++;
4374			}
4375			}
4376			unset($tracker, $ridx);
4377			}
4378
4379	1c1ca39b	Chris Buechler	}
4380
4381	6635aa0f	jim-p	function upgrade_141_to_142() {
4382			global $config;
4383			/* Convert Namecheap type DynDNS entries to the new split hostname and domain format */
4384
4385			if (!is_array($config['dyndnses'])) {
4386			$config['dyndnses'] = array();
4387			}
4388			if (!is_array($config['dyndnses']['dyndns'])) {
4389			$config['dyndnses']['dyndns'] = array();
4390			}
4391			$a_dyndns = &$config['dyndnses']['dyndns'];
4392
4393			foreach ($a_dyndns as &$dyndns) {
4394			if ($dyndns['type'] == "namecheap") {
4395			/* Use the old style logic to split the host and domain one last time. */
4396			$dparts = explode(".", trim($dyndns['host']));
4397			$domain_part_count = ($dparts[count($dparts)-1] == "uk") ? 3 : 2;
4398			$domain_offset = count($dparts) - $domain_part_count;
4399			$dyndns['host'] = implode(".", array_slice($dparts, 0, $domain_offset));
4400			$dyndns['domainname'] = implode(".", array_slice($dparts, $domain_offset));
4401			}
4402			}
4403	a2b813bf	Chris Buechler
4404			/* unset old pppoerestart cron job if it exists. redmine 1905 */
4405			if (is_array($config['cron']['item'])) {
4406			foreach ($config['cron']['item'] as $idx => $cronitem) {
4407			if ($cronitem['command'] == "/etc/pppoerestart") {
4408			unset($config['cron']['item'][$idx]);
4409			}
4410			}
4411			}
4412	6635aa0f	jim-p	}
4413	a2b813bf	Chris Buechler
4414	032def61	Stephen Beaver	// Updated to check for empty separator definitions via is_array()
4415	fdb83ce0	NOYB	function upgrade_142_to_143() {
4416			global $config;
4417
4418	8f561183	NOYB	/* Re-index firewall rule separators per interface */
4419	032def61	Stephen Beaver	if (is_array($config['filter']['separator'])) {
4420	8f561183	NOYB	foreach ($config['filter']['separator'] as $interface => $separators) {
4421	fdb83ce0	NOYB
4422	032def61	Stephen Beaver	if(is_array($separators)) {
4423			foreach ($separators as $sepn => $separator) {
4424	fdb83ce0	NOYB
4425	032def61	Stephen Beaver	$seprow = substr($separator['row']['0'], 2);
4426			$sepif = $separator['if'];
4427	fdb83ce0	NOYB
4428	032def61	Stephen Beaver	// Determine position of separator within the interface rules.
4429			$i = -1; $j = 0;
4430			foreach ($config['filter']['rule'] as $rulen => $filterent) {
4431	fdb83ce0	NOYB
4432	032def61	Stephen Beaver	if ($i == $seprow) {
4433			// Set separator row to it's position within the interface rules.
4434			$config['filter']['separator'][$sepif][$sepn]['row'] = 'fr' . $j;
4435			continue 2; // Advance to next separator
4436			}
4437	fdb83ce0	NOYB
4438	032def61	Stephen Beaver	// Position within the interface rules.
4439			if (($filterent['interface'] == $sepif && !isset($filterent['floating'])) \|\| (isset($filterent['floating']) && "floatingrules" == $sepif)) {
4440			$j++;
4441			}
4442			$i++;
4443	8f561183	NOYB	}
4444	fdb83ce0	NOYB	}
4445			}
4446			}
4447			}
4448	8f561183	NOYB
4449			/* Re-index nat rule separators */
4450	032def61	Stephen Beaver	if (is_array($config['nat']['separator'])) {
4451	8f561183	NOYB	foreach ($config['nat']['separator'] as $sepn => $separator) {
4452	032def61	Stephen Beaver	if (is_array($separator)) {
4453			$seprow = substr($separator['row']['0'], 2);
4454			$config['nat']['separator'][$sepn]['row'] = 'fr' . ($seprow + 1);
4455			}
4456	8f561183	NOYB	}
4457			}
4458	fdb83ce0	NOYB	}
4459
4460	b1567b5b	Luiz Otavio O Souza	function get_vip_from_ip_alias($ipalias) {
4461			global $config;
4462
4463			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4464	d9901ff4	Chris Buechler	if ($vip['mode'] != "ipalias") {
4465	b1567b5b	Luiz Otavio O Souza	continue;
4466	d9901ff4	Chris Buechler	}
4467			if ($ipalias == $vip['subnet']) {
4468	b1567b5b	Luiz Otavio O Souza	return ("_vip{$vip['uniqid']}");
4469	d9901ff4	Chris Buechler	}
4470	b1567b5b	Luiz Otavio O Souza	}
4471
4472			return ($ipalias);
4473			}
4474
4475			function get_vip_from_oldcarp($carp) {
4476			global $config;
4477
4478			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4479	d9901ff4	Chris Buechler	if ($vip['mode'] != "carp") {
4480	b1567b5b	Luiz Otavio O Souza	continue;
4481	d9901ff4	Chris Buechler	}
4482			if ($carp == "{$vip['interface']}_vip{$vip['vhid']}") {
4483	b1567b5b	Luiz Otavio O Souza	return ("_vip{$vip['uniqid']}");
4484	d9901ff4	Chris Buechler	}
4485	b1567b5b	Luiz Otavio O Souza	}
4486
4487			return ($carp);
4488			}
4489
4490			function upgrade_143_to_144() {
4491			global $config;
4492
4493			if (is_array($config['virtualip']['vip'])) {
4494			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4495			if ($vip['mode'] == "ipalias") {
4496			if (!isset($vip['uniqid'])) {
4497			$config['virtualip']['vip'][$idx]['uniqid'] = uniqid();
4498			}
4499			}
4500			}
4501			}
4502
4503			/* Convert IPsec phase 1 entries. */
4504			if (is_array($config['ipsec']['phase1'])) {
4505			foreach ($config['ipsec']['phase1'] as $idx => $ph1ent) {
4506	d9901ff4	Chris Buechler	if (is_ipaddr($ph1ent['interface']) \|\| is_ipaddrv6($ph1ent['interface'])) {
4507	b1567b5b	Luiz Otavio O Souza	$config['ipsec']['phase1'][$idx]['interface'] = get_vip_from_ip_alias($ph1ent['interface']);
4508	d9901ff4	Chris Buechler	} else if (strpos($ph1ent['interface'], "_vip")) {
4509	b1567b5b	Luiz Otavio O Souza	$config['ipsec']['phase1'][$idx]['interface'] = get_vip_from_oldcarp($ph1ent['interface']);
4510	d9901ff4	Chris Buechler	}
4511	b1567b5b	Luiz Otavio O Souza	}
4512			}
4513
4514			/* Convert openvpn. */
4515			if (is_array($config['openvpn']['openvpn-server'])) {
4516			foreach ($config['openvpn']['openvpn-server'] as $idx => $ovpn) {
4517	d9901ff4	Chris Buechler	if (empty($ovpn['interface'])) {
4518	b1567b5b	Luiz Otavio O Souza	continue;
4519	d9901ff4	Chris Buechler	}
4520			if (is_ipaddr($ovpn['interface']) \|\| is_ipaddrv6($ovpn['interface'])) {
4521	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-server'][$idx]['interface'] = get_vip_from_ip_alias($ovpn['interface']);
4522	d9901ff4	Chris Buechler	} else if (strpos($ovpn['interface'], "_vip")) {
4523	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-server'][$idx]['interface'] = get_vip_from_oldcarp($ovpn['interface']);
4524	d9901ff4	Chris Buechler	}
4525	b1567b5b	Luiz Otavio O Souza	}
4526			}
4527			if (is_array($config['openvpn']['openvpn-client'])) {
4528			foreach ($config['openvpn']['openvpn-client'] as $idx => $ovpn) {
4529	d9901ff4	Chris Buechler	if (empty($ovpn['interface'])) {
4530	b1567b5b	Luiz Otavio O Souza	continue;
4531	d9901ff4	Chris Buechler	}
4532			if (is_ipaddr($ovpn['interface']) \|\| is_ipaddrv6($ovpn['interface'])) {
4533	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-client'][$idx]['interface'] = get_vip_from_ip_alias($ovpn['interface']);
4534	d9901ff4	Chris Buechler	} else if (strpos($ovpn['interface'], "_vip")) {
4535	b1567b5b	Luiz Otavio O Souza	$config['openvpn']['openvpn-client'][$idx]['interface'] = get_vip_from_oldcarp($ovpn['interface']);
4536	d9901ff4	Chris Buechler	}
4537	b1567b5b	Luiz Otavio O Souza	}
4538			}
4539
4540			/* Convert unbound. */
4541			if (is_array($config['unbound']) && !empty($config['unbound']['active_interface'])) {
4542			$active_ifs = explode(",", $config['unbound']['active_interface']);
4543			$ifs = array();
4544			foreach ($active_ifs as $if) {
4545	d9901ff4	Chris Buechler	if (is_ipaddr($if) \|\| is_ipaddrv6($if)) {
4546	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_ip_alias($if);
4547	d9901ff4	Chris Buechler	} else if (strpos($if, "_vip")) {
4548	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_oldcarp($if);
4549	d9901ff4	Chris Buechler	} else {
4550	b1567b5b	Luiz Otavio O Souza	$ifs[] = $if;
4551	d9901ff4	Chris Buechler	}
4552	b1567b5b	Luiz Otavio O Souza	}
4553			$config['unbound']['active_interface'] = implode(",", $ifs);
4554			}
4555
4556			/* Convert dnsmasq. */
4557			if (is_array($config['dnsmasq']) && !empty($config['dnsmasq']['interface'])) {
4558			$active_ifs = explode(",", $config['dnsmasq']['interface']);
4559			$ifs = array();
4560			foreach ($active_ifs as $if) {
4561	d9901ff4	Chris Buechler	if (is_ipaddr($if) \|\| is_ipaddrv6($if)) {
4562	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_ip_alias($if);
4563	d9901ff4	Chris Buechler	} else if (strpos($if, "_vip")) {
4564	b1567b5b	Luiz Otavio O Souza	$ifs[] = get_vip_from_oldcarp($if);
4565	d9901ff4	Chris Buechler	} else {
4566	b1567b5b	Luiz Otavio O Souza	$ifs[] = $if;
4567	d9901ff4	Chris Buechler	}
4568	b1567b5b	Luiz Otavio O Souza	}
4569			$config['dnsmasq']['interface'] = implode(",", $ifs);
4570			}
4571			}
4572
4573	7c4c43a5	Chris Buechler	function upgrade_144_to_145() {
4574			global $config;
4575
4576	b76cc978	Stephen Beaver	// Enable DHCPv6 server and radvd config for track6 interfaces,
4577			// matching what used to be automatically enabled with no user
4578			// configurability.
4579	7c4c43a5	Chris Buechler	if (is_array($config['interfaces'])) {
4580			foreach ($config['interfaces'] as $ifname => $ifcfg) {
4581			if (isset($ifcfg['enable'])) {
4582			if ($ifcfg['ipaddrv6'] == "track6") {
4583			$config['dhcpdv6'][$ifname]['enable'] = true;
4584			$config['dhcpdv6'][$ifname]['range']['from'] = "::1000";
4585			$config['dhcpdv6'][$ifname]['range']['to'] = "::2000";
4586			$config['dhcpdv6'][$ifname]['ramode'] = "assist";
4587			$config['dhcpdv6'][$ifname]['rapriority'] = "medium";
4588			}
4589			}
4590			}
4591			}
4592			}
4593
4594	2fbac0b2	Renato Botelho	function upgrade_145_to_146() {
4595	0b3613ef	Denny Page	// Add standard deviation to the quality rrds
4596			global $config, $g;
4597
4598			$rrddbpath = "/var/db/rrd";
4599			$rrdtool = "/usr/local/bin/rrdtool";
4600
4601			$awkcmd = "/usr/bin/awk '";
4602			$awkcmd .= "{\n";
4603			$awkcmd .= " if (sub(/<\\/v><\\/row>/, \"</v><v>NaN</v></row>\") == 0)\n";
4604			$awkcmd .= " {\n";
4605			$awkcmd .= " if (/<\\/cdp_prep>/)\n";
4606			$awkcmd .= " {\n";
4607			$awkcmd .= " print \" <ds>\"\n";
4608			$awkcmd .= " print \" <primary_value> 0.0000000000e+00 </primary_value>\"\n";
4609			$awkcmd .= " print \" <secondary_value> 0.0000000000e+00 </secondary_value>\"\n";
4610			$awkcmd .= " print \" <value> NaN </value>\"\n";
4611			$awkcmd .= " print \" <unknown_datapoints> 0 </unknown_datapoints>\"\n";
4612			$awkcmd .= " print \" </ds>\"\n";
4613			$awkcmd .= " }\n";
4614			$awkcmd .= " else if (/<!-- Round Robin Archives -->/)\n";
4615			$awkcmd .= " {\n";
4616			$awkcmd .= " print \" <ds>\"\n";
4617			$awkcmd .= " print \" <name> stddev </name>\"\n";
4618			$awkcmd .= " print \" <type> GAUGE </type>\"\n";
4619			$awkcmd .= " print \" <minimal_heartbeat> 120 </minimal_heartbeat>\"\n";
4620			$awkcmd .= " print \" <min> 0.0000000000e+00 </min>\"\n";
4621			$awkcmd .= " print \" <max> 1.0000000000e+05 </max>\\n\"\n";
4622			$awkcmd .= " print \" <!-- PDP Status -->\"\n";
4623			$awkcmd .= " print \" <last_ds> 0 </last_ds>\"\n";
4624			$awkcmd .= " print \" <value> 0.0000000000e+00 </value>\"\n";
4625			$awkcmd .= " print \" <unknown_sec> 0 </unknown_sec>\"\n";
4626			$awkcmd .= " print \" </ds>\\n\"\n";
4627			$awkcmd .= " }\n";
4628			$awkcmd .= " }\n";
4629			$awkcmd .= " print;\n";
4630			$awkcmd .= "}'";
4631
4632			if ($g['platform'] != $g['product_name']) {
4633			/* restore the databases, if we have one */
4634			if (restore_rrd()) {
4635			/* Make sure to move the rrd backup out of the way. We will make a new one after converting. */
4636			@rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/backup/rrd.tgz");
4637			}
4638			}
4639
4640			$databases = return_dir_as_array($rrddbpath, '/-quality\.rrd$/');
4641			foreach ($databases as $database) {
4642			$xmldump = "{$g['tmp_path']}/{$database}.xml";
4643
4644			if (platform_booting()) {
4645			echo "Update RRD database {$database}.\n";
4646			}
4647
4648			exec("$rrdtool dump {$rrddbpath}/{$database} \| {$awkcmd} > {$xmldump}");
4649			exec("$rrdtool restore -f {$xmldump} {$rrddbpath}/{$database}");
4650			@unlink("{$xmldump}");
4651			}
4652
4653			if (!platform_booting()) {
4654			enable_rrd_graphing();
4655			}
4656			/* Let's save the RRD graphs after we run enable RRD graphing */
4657			/* The function will restore the rrd.tgz so we will save it after */
4658			exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='{$g['cf_conf_path']}' /etc/rc.backup_rrd.sh");
4659			}
4660
4661	67c6bab5	Luiz Otavio O Souza	function upgrade_bgpd_146_to_147() {
4662			global $config;
4663
4664			if (!isset($config['installedpackages']['openbgpd']['config']) \|\|
4665			!is_array($config['installedpackages']['openbgpd']['config'])) {
4666			return;
4667			}
4668			$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
4669			if (!isset($openbgpd_conf['carpstatusip']) &&
4670			!is_ipaddr($openbgpd_conf['carpstatusip'])) {
4671			return;
4672			}
4673
4674			if (!is_array($config['virtualip']['vip']))
4675			return;
4676			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4677			if ($vip['subnet'] == $openbgpd_conf['carpstatusip']) {
4678			$openbgpd_conf['carpstatusvid'] = "_vip{$vip['uniqid']}";
4679			unset($openbgpd_conf['carpstatusip']);
4680			return;
4681			}
4682			}
4683			}
4684
4685			function upgrade_quagga_146_to_147() {
4686			global $config;
4687
4688			if (!isset($config['installedpackages']['quaggaospfd']['config']) \|\|
4689			!is_array($config['installedpackages']['quaggaospfd']['config'])) {
4690			return;
4691			}
4692			$ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0];
4693			if (!isset($ospfd_conf['carpstatusip']) &&
4694			!is_ipaddr($ospfd_conf['carpstatusip'])) {
4695			return;
4696			}
4697
4698			if (!is_array($config['virtualip']['vip']))
4699			return;
4700			foreach ($config['virtualip']['vip'] as $idx => $vip) {
4701			if ($vip['subnet'] == $ospfd_conf['carpstatusip']) {
4702			$ospfd_conf['carpstatusvid'] = "_vip{$vip['uniqid']}";
4703			unset($ospfd_conf['carpstatusip']);
4704			return;
4705			}
4706			}
4707			}
4708
4709			function upgrade_146_to_147() {
4710
4711			upgrade_bgpd_146_to_147();
4712			upgrade_quagga_146_to_147();
4713			}
4714
4715	b76cc978	Stephen Beaver	function upgrade_147_to_148() {
4716			global $config;
4717
4718			// Ensure there are no spaces in group names by
4719			// replacing spaces with underscores
4720			if (is_array($config['system']['group'])) {
4721	1a2d6d34	Stephen Beaver	$exgrps = array();
4722
4723			// Make a list of the existing group names so we can check for dups
4724			foreach ($config['system']['group'] as $grp) {
4725			$exgrps[] = $grp['name'];
4726			}
4727
4728	e5ef7ae2	Chris Buechler	foreach ($config['system']['group'] as $idx => $grp) {
4729			if (strstr($grp['name'], " ")) {
4730			$newgrpname = str_replace(" ", "_", $grp['name']);
4731			// In the unlikely event that there is already a group with this name
4732			// just replace the whole thing with a unique string
4733			if (in_array($newgrpname, $exgrps)) {
4734			$config['system']['group'][$idx]['name'] = uniqid();
4735			} else {
4736			$config['system']['group'][$idx]['name'] = $newgrpname;
4737			}
4738	1a2d6d34	Stephen Beaver	}
4739	b76cc978	Stephen Beaver	}
4740			}
4741			}
4742	faaab088	Renato Botelho	?>

Project

General

Profile

pfSense