/etc/inc/system.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/system.inc @ eaa37259

1	5b237745	Scott Ullrich	<?php
2	307cd525	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system.inc
5			part of m0n0wall (http://m0n0.ch/wall)
6	0f282d7a	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	0f282d7a	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	0f282d7a	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	0f282d7a	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	0f282d7a	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			/* include all configuration functions */
33			require_once("functions.inc");
34	0f282d7a	Scott Ullrich
35	6df9d7e3	Scott Ullrich	function activate_sysctls() {
36			global $config, $g;
37			foreach ($config['sysctl']['item'] as $tunable) {
38			mwexec("sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\"");
39			}
40			}
41
42	adf4b768	Scott Ullrich	function opcode_cache_configuration() {
43	4184c024	Scott Ullrich	global $g;
44			if($g['platform'] == "cdrom")
45			return;
46	adf4b768	Scott Ullrich	/* get system memory amount */
47			$memory = get_memory();
48			$avail = $memory[0];
49
50			/* disable apc for platforms less than 90 megs of ram */
51			if($memory > 90) {
52			$opcode_cacher = "extension=apc.so\n";
53			$opcode_cacher .= "apc.enabled=\"1\"\n";
54			$opcode_cacher .= "apc.enable_cli=\"1\"\n";
55	5b4a9528	Scott Ullrich	$opcode_cacher .= "apc.shm_size=\"8\"\n";
56	adf4b768	Scott Ullrich	} else {
57			$opcode_cacher = "";
58			}
59
60			/* create a php.ini variable */
61			$php_conf = file_get_contents("/usr/local/lib/php.ini");
62
63			$php_ini = <<<EOFF
64			output_buffering = "0"
65			implicit_flush = true
66			magic_quotes_gpc = Off
67			max_execution_time = 99999999
68			max_input_time = 99999999
69			register_argc_argv = On
70			file_uploads = On
71	afd5cfd7	Scott Ullrich	extension_dir=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/
72	adf4b768	Scott Ullrich	upload_tmp_dir = /tmp
73			upload_max_filesize = 100M
74			post_max_size = 100M
75			html_errors = Off
76			include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg"
77			extension=radius.so
78	48e23043	Scott Ullrich	extension=ldap.so
79	adf4b768	Scott Ullrich	{$opcode_cacher}
80
81			EOFF;
82
83	418a8484	Scott Ullrich	config_lock();
84	adf4b768	Scott Ullrich	conf_mount_rw();
85
86			/* open up php.ini and write back out contents */
87			$fd = fopen("/usr/local/lib/php.ini","w");
88			fwrite($fd, $php_ini);
89			fclose($fd);
90
91			conf_mount_ro();
92	418a8484	Scott Ullrich	exec("sync");
93			config_unlock();
94
95	adf4b768	Scott Ullrich	}
96
97	5b237745	Scott Ullrich	function system_resolvconf_generate($dynupdate = false) {
98	e180a6e3	Scott Ullrich	global $config, $g;
99			if(isset($config['system']['developerspew'])) {
100			$mt = microtime();
101			echo "system_resolvconf_generate() being called $mt\n";
102			}
103	ef217c69	Scott Ullrich
104			$syscfg = $config['system'];
105
106			$fd = fopen("{$g['varetc_path']}/resolv.conf", "w");
107			if (!$fd) {
108			printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n");
109			return 1;
110			}
111
112			$resolvconf = "domain {$syscfg['domain']}\n";
113
114			$havedns = false;
115
116			if (isset($syscfg['dnsallowoverride'])) {
117	e180a6e3	Scott Ullrich	/* get dynamically assigned DNS servers (if any) */
118			$ns = array_unique(get_nameservers());
119			foreach($ns as $nameserver) {
120			if($nameserver) {
121			$resolvconf .= "nameserver $nameserver\n";
122			$havedns = true;
123			}
124	e428c94d	Scott Ullrich	}
125	ef217c69	Scott Ullrich	}
126			if (!$havedns && is_array($syscfg['dnsserver'])) {
127	e180a6e3	Scott Ullrich	foreach ($syscfg['dnsserver'] as $ns) {
128			if ($ns) {
129			$resolvconf .= "nameserver $ns\n";
130			$havedns = true;
131			}
132	e428c94d	Scott Ullrich	}
133	e180a6e3	Scott Ullrich	}
134	0f282d7a	Scott Ullrich
135	ef217c69	Scott Ullrich	fwrite($fd, $resolvconf);
136			fclose($fd);
137	0f282d7a	Scott Ullrich
138	ef217c69	Scott Ullrich	if (!$g['booting']) {
139	e180a6e3	Scott Ullrich	/* restart dhcpd (nameservers may have changed) */
140			if (!$dynupdate)
141			services_dhcpd_configure();
142	ef217c69	Scott Ullrich	}
143
144	b875f306	Scott Ullrich	for($dnscounter=1; $dnscounter<5; $dnscounter++) {
145			/* setup static routes for dns servers */
146			if($config['system']['dns{$dnscounter}gwint']) {
147			$if = $config['system']['dns{$dnscounter}gwint'];
148			if($if) {
149			$gw = $config['interfaces'][$if]['if'];
150			$dnscountermo = $dnscounter - 1;
151			exec("route delete {$syscfg['dnsserver'][$dnscountermo]}");
152			exec("route add {$syscfg['dnsserver'][$dnscountermo]} -gw {$gw}");
153			}
154			}
155	e180a6e3	Scott Ullrich	}
156
157	ef217c69	Scott Ullrich	return 0;
158	5b237745	Scott Ullrich	}
159
160	3d00ccaa	Scott Ullrich	function get_nameservers() {
161			global $config, $g;
162			$master_list = array();
163	cdd88d2f	Scott Ullrich	$dns_lists = split("\n", `ls /var/etc/nameserver_* 2>/dev/null`);
164	3d00ccaa	Scott Ullrich	foreach($dns_lists as $dns) {
165			$items = split("\n", file_get_contents($dns));
166			foreach($items as $item)
167			if($item <> "")
168			$master_list[] = $item;
169			}
170	9ee93e3d	Scott Ullrich	if(!file_exists("/var/etc/nameservers.conf"))
171			return $master_list;
172			$dns = `cat /var/etc/nameservers.conf`;
173			$dns_s = split("\n", $dns);
174	0dbac999	Scott Ullrich	if(is_array($dns_s))
175			foreach($dns_s as $dns)
176			$master_list[] = $dns;
177	3d00ccaa	Scott Ullrich	return $master_list;
178			}
179
180	5b237745	Scott Ullrich	function system_hosts_generate() {
181	f19d3b7a	Scott Ullrich	global $config, $g;
182	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
183			$mt = microtime();
184	dcf0598e	Scott Ullrich	echo "system_hosts_generate() being called $mt\n";
185	f19d3b7a	Scott Ullrich	}
186	0f282d7a	Scott Ullrich
187	5b237745	Scott Ullrich	$syscfg = $config['system'];
188			$lancfg = $config['interfaces']['lan'];
189			$dnsmasqcfg = $config['dnsmasq'];
190
191			if (!is_array($dnsmasqcfg['hosts'])) {
192			$dnsmasqcfg['hosts'] = array();
193			}
194			$hostscfg = $dnsmasqcfg['hosts'];
195	0f282d7a	Scott Ullrich
196	5b237745	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/hosts", "w");
197			if (!$fd) {
198	8f525719	Scott Ullrich	log_error("Error: cannot open hosts file in system_hosts_generate().\n");
199	5b237745	Scott Ullrich	return 1;
200			}
201	0f282d7a	Scott Ullrich
202	5b237745	Scott Ullrich	$hosts = <<<EOD
203			127.0.0.1 localhost localhost.{$syscfg['domain']}
204			{$lancfg['ipaddr']} {$syscfg['hostname']}.{$syscfg['domain']} {$syscfg['hostname']}
205
206			EOD;
207	0f282d7a	Scott Ullrich
208	5b237745	Scott Ullrich	foreach ($hostscfg as $host) {
209			if ($host['host'])
210			$hosts .= "{$host['ip']} {$host['host']}.{$host['domain']} {$host['host']}\n";
211			else
212			$hosts .= "{$host['ip']} {$host['domain']}\n";
213			}
214	6a01ea44	Bill Marquette	if (isset($dnsmasqcfg['regdhcpstatic'])) {
215			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
216			if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
217	a56e787d	Scott Ullrich	foreach ($dhcpifconf['staticmap'] as $host)
218	6a01ea44	Bill Marquette	if ($host['ipaddr'] && $host['hostname'])
219			$hosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";
220	a56e787d	Scott Ullrich	}
221	5b237745	Scott Ullrich	fwrite($fd, $hosts);
222			fclose($fd);
223	0f282d7a	Scott Ullrich
224	5b237745	Scott Ullrich	return 0;
225			}
226
227			function system_hostname_configure() {
228	f19d3b7a	Scott Ullrich	global $config, $g;
229	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
230			$mt = microtime();
231	dcf0598e	Scott Ullrich	echo "system_hostname_configure() being called $mt\n";
232	333f8ef0	Scott Ullrich	}
233	0f282d7a	Scott Ullrich
234	5b237745	Scott Ullrich	$syscfg = $config['system'];
235	0f282d7a	Scott Ullrich
236	5b237745	Scott Ullrich	/* set hostname */
237			return mwexec("/bin/hostname " .
238			escapeshellarg("{$syscfg['hostname']}.{$syscfg['domain']}"));
239			}
240
241			function system_routing_configure() {
242	f19d3b7a	Scott Ullrich	global $config, $g;
243	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
244			$mt = microtime();
245	dcf0598e	Scott Ullrich	echo "system_routing_configure() being called $mt\n";
246	58c7450e	Scott Ullrich	}
247	333f8ef0	Scott Ullrich
248	0f282d7a	Scott Ullrich	/* Enable fast routing, if enabled */
249			if(isset($config['staticroutes']['enablefastrouting']))
250			mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1");
251
252	5b237745	Scott Ullrich	/* clear out old routes, if necessary */
253			if (file_exists("{$g['vardb_path']}/routes.db")) {
254			$fd = fopen("{$g['vardb_path']}/routes.db", "r");
255			if (!$fd) {
256			printf("Error: cannot open routes DB file in system_routing_configure().\n");
257	0f282d7a	Scott Ullrich	return 1;
258	5b237745	Scott Ullrich	}
259			while (!feof($fd)) {
260			$oldrt = fgets($fd);
261			if ($oldrt)
262			mwexec("/sbin/route delete " . escapeshellarg($oldrt));
263			}
264			fclose($fd);
265			unlink("{$g['vardb_path']}/routes.db");
266			}
267	0f282d7a	Scott Ullrich
268	d173230c	Seth Mos	/* if list */
269			$iflist = array("lan", "wan");
270			for ($i = 1; isset($config['interfaces']['opt' . $i]['enable']); $i++)
271			$iflist['opt' . $i] = "opt{$i}";
272
273			$dont_remove_route = false;
274			foreach ($iflist as $ifent => $ifname) {
275			/* do not process interfaces that will end up with gateways */
276			if($config['interfaces'][$ifname]['ipaddr'] == "dhcp" or
277			$config['interfaces'][$ifname]['ipaddr'] == "bigpond" or
278			$config['interfaces'][$ifname]['ipaddr'] == "pppoe" or
279			$config['interfaces'][$ifname]['ipaddr'] == "pptp")
280			$dont_remove_route = true;
281			}
282
283			if($dont_remove_route == false) {
284			/* remove default route */
285			mwexec("/sbin/route delete default");
286			}
287
288			$dont_add_route = false;
289			/* if OLSRD is enabled, allow WAN to house DHCP. */
290			if($config['installedpackages']['olsrd']) {
291			foreach($config['installedpackages']['olsrd']['config'] as $olsrd) {
292			if($olsrd['enabledyngw'] == "on") {
293			$dont_add_route = true;
294			}
295			}
296			}
297
298			if($dont_add_route == false) {
299	3b9758de	Seth Mos	if(is_array($config['gateways'])) {
300			foreach($config['gateways']['gateway_item'] as $gateway) {
301			if(isset($gateway['defaultgw'])) {
302			$gatewayip = $gateway['gateway'];
303			$interfacegw = $gateway['interface'];
304			}
305	d173230c	Seth Mos	}
306	a94e9f66	Seth Mos	mwexec("/sbin/route add default " . escapeshellarg($gatewayip));
307	d173230c	Seth Mos	}
308			}
309
310	5b237745	Scott Ullrich	if (is_array($config['staticroutes']['route'])) {
311	0f282d7a	Scott Ullrich
312	5b237745	Scott Ullrich	$fd = fopen("{$g['vardb_path']}/routes.db", "w");
313			if (!$fd) {
314			printf("Error: cannot open routes DB file in system_routing_configure().\n");
315	0f282d7a	Scott Ullrich	return 1;
316	5b237745	Scott Ullrich	}
317	0f282d7a	Scott Ullrich
318	5b237745	Scott Ullrich	foreach ($config['staticroutes']['route'] as $rtent) {
319	3b9758de	Seth Mos	if(is_array($config['gateways'])) {
320			foreach($config['gateways']['gateway_item'] as $gateway) {
321			if($rtent['gateway'] == $gateway['name']) {
322			$gatewayip = $gateway['gateway'];
323			$interfacegw = $gateway['interface'];
324			}
325	d173230c	Seth Mos	}
326	a94e9f66	Seth Mos	if(isset($rtent['interfacegateway'])) {
327			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
328			" -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw)));
329			} else {
330			mwexec("/sbin/route add " . escapeshellarg($rtent['network']) .
331			" " . escapeshellarg($gatewayip));
332			}
333			/* record route so it can be easily removed later (if necessary) */
334			fwrite($fd, $rtent['network'] . "\n");
335	d173230c	Seth Mos	}
336	5b237745	Scott Ullrich	}
337	0f282d7a	Scott Ullrich
338			fclose($fd);
339	5b237745	Scott Ullrich	}
340	0f282d7a	Scott Ullrich
341	5b237745	Scott Ullrich	return 0;
342			}
343
344			function system_routing_enable() {
345	f19d3b7a	Scott Ullrich	global $config, $g;
346	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
347			$mt = microtime();
348	dcf0598e	Scott Ullrich	echo "system_routing_enable() being called $mt\n";
349	58c7450e	Scott Ullrich	}
350	0f282d7a	Scott Ullrich
351	5b237745	Scott Ullrich	return mwexec("/sbin/sysctl net.inet.ip.forwarding=1");
352			}
353
354			function system_syslogd_start() {
355	f19d3b7a	Scott Ullrich	global $config, $g;
356	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
357			$mt = microtime();
358	dcf0598e	Scott Ullrich	echo "system_syslogd_start() being called $mt\n";
359	58c7450e	Scott Ullrich	}
360	0f282d7a	Scott Ullrich
361	5b237745	Scott Ullrich	$syslogcfg = $config['syslog'];
362
363	0f282d7a	Scott Ullrich	if ($g['booting'])
364	f05740c1	Scott Ullrich	echo "Starting syslog...";
365	5b237745	Scott Ullrich	else
366			killbypid("{$g['varrun_path']}/syslog.pid");
367	0f282d7a	Scott Ullrich
368	88ebd635	Scott Ullrich	if (isset($syslogcfg)) {
369	8fbd88cd	Seth Mos	$separatelogfacilities = array('ntpd','racoon','openvpn');
370	a728d2ea	Colin Smith	if($config['installedpackages']['package']) {
371			foreach($config['installedpackages']['package'] as $package) {
372	333f8ef0	Scott Ullrich	if($package['logging']) {
373	a728d2ea	Colin Smith	$pkgfacilities[] = $package['logging']['facilityname'];
374	d2834563	Scott Ullrich	$separatelogfacilities = $separatelogfacilities + $pkgfacilities;
375	84e86846	Colin Smith	$facilitylist = implode(',', $pkgfacilities);
376			mwexec("clog -i -s 10000 {$g['varlog_path']}/{$package['logging']['logfilename']}");
377	d2834563	Scott Ullrich	$syslogconf .= "!{$facilitylist}\n.\t\t\t\t\t\t%{$g['varlog_path']}/{$package['logging']['logfilename']}\n";
378	a728d2ea	Colin Smith	}
379			}
380			}
381	d2834563	Scott Ullrich	$facilitylist = implode(',', array_unique($separatelogfacilities));
382	5b237745	Scott Ullrich	/* write syslog.conf */
383			$fd = fopen("{$g['varetc_path']}/syslog.conf", "w");
384			if (!$fd) {
385			printf("Error: cannot open syslog.conf in system_syslogd_start().\n");
386			return 1;
387			}
388	8fbd88cd	Seth Mos	$syslogconf .= "!ntpdate,!ntpd\n";
389	18330d38	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
390			$syslogconf .= <<<EOD
391			. %{$g['varlog_path']}/ntpd.log
392
393			EOD;
394			}
395	0260caec	Scott Ullrich	$syslogconf .= "!racoon\n";
396	1cdec603	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
397	0260caec	Scott Ullrich	$syslogconf .= <<<EOD
398	bc7f52e2	Colin Smith	. %{$g['varlog_path']}/ipsec.log
399	0260caec	Scott Ullrich
400			EOD;
401			}
402			if (isset($syslogcfg['vpn'])) {
403			$syslogconf .= <<<EOD
404			. @{$syslogcfg['remoteserver']}
405
406			EOD;
407			}
408	d2834563	Scott Ullrich	$syslogconf .= "!openvpn\n";
409	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
410			$syslogconf .= <<<EOD
411			. %{$g['varlog_path']}/openvpn.log
412
413			EOD;
414			}
415			if (isset($syslogcfg['vpn'])) {
416			$syslogconf .= <<<EOD
417			. @{$syslogcfg['remoteserver']}
418
419			EOD;
420			}
421	d2834563	Scott Ullrich	$syslogconf .= "!-{$facilitylist}\n";
422	0260caec	Scott Ullrich	if (!isset($syslogcfg['disablelocallogging'])) {
423			$syslogconf .= <<<EOD
424	bc328042	Bill Marquette	local0.* %{$g['varlog_path']}/filter.log
425			local3.* %{$g['varlog_path']}/vpn.log
426			local4.* %{$g['varlog_path']}/portalauth.log
427			local7.* %{$g['varlog_path']}/dhcpd.log
428	d2834563	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; %{$g['varlog_path']}/system.log
429	f3b064aa	Scott Ullrich	news.err;local0.none;local3.none;local4.none; %{$g['varlog_path']}/system.log
430	7e77107f	Scott Ullrich	local7.none %{$g['varlog_path']}/system.log
431	bc328042	Bill Marquette	security.* %{$g['varlog_path']}/system.log
432			auth.info;authpriv.info;daemon.info %{$g['varlog_path']}/system.log
433	a5dba545	Scott Ullrich	local1.* %{$g['varlog_path']}/slbd.log
434	d2834563	Scott Ullrich	auth.info;authpriv.info \|exec /usr/local/sbin/sshlockout_pf
435	5b237745	Scott Ullrich	.emerg
436
437			EOD;
438	e1c0c35a	Scott Ullrich	}
439	5b237745	Scott Ullrich
440			if (isset($syslogcfg['filter'])) {
441			$syslogconf .= <<<EOD
442			local0.* @{$syslogcfg['remoteserver']}
443
444			EOD;
445			}
446	0f282d7a	Scott Ullrich
447	5b237745	Scott Ullrich	if (isset($syslogcfg['vpn'])) {
448			$syslogconf .= <<<EOD
449			local3.* @{$syslogcfg['remoteserver']}
450	0a123b4c	Scott Ullrich
451	3f2b92d2	Scott Ullrich	EOD;
452			}
453
454	5b237745	Scott Ullrich
455	3f2b92d2	Scott Ullrich	if (isset($syslogcfg['portalauth'])) {
456			$syslogconf .= <<<EOD
457			local4.* @{$syslogcfg['remoteserver']}
458	0a123b4c	Scott Ullrich
459	5b237745	Scott Ullrich	EOD;
460			}
461
462	3f2b92d2	Scott Ullrich
463	5b237745	Scott Ullrich	if (isset($syslogcfg['dhcp'])) {
464			$syslogconf .= <<<EOD
465			local7.* @{$syslogcfg['remoteserver']}
466	0a123b4c	Scott Ullrich
467	5b237745	Scott Ullrich	EOD;
468			}
469
470			if (isset($syslogcfg['system'])) {
471			$syslogconf .= <<<EOD
472	7e77107f	Scott Ullrich	*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']}
473			news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']}
474	5b237745	Scott Ullrich	security.* @{$syslogcfg['remoteserver']}
475			auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']}
476			*.emerg @{$syslogcfg['remoteserver']}
477	d2834563	Scott Ullrich
478	5b237745	Scott Ullrich	EOD;
479			}
480			fwrite($fd, $syslogconf);
481			fclose($fd);
482	0f282d7a	Scott Ullrich
483	5b237745	Scott Ullrich	$retval = mwexec("/usr/sbin/syslogd -s -f {$g['varetc_path']}/syslog.conf");
484
485			} else {
486			$retval = mwexec("/usr/sbin/syslogd -ss");
487			}
488	0f282d7a	Scott Ullrich
489	5b237745	Scott Ullrich	if ($g['booting'])
490	5c6d0f65	Colin Smith	echo "done.\n";
491	0f282d7a	Scott Ullrich
492	5b237745	Scott Ullrich	return $retval;
493			}
494
495			function system_pccard_start() {
496	f19d3b7a	Scott Ullrich	global $config, $g;
497	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
498			$mt = microtime();
499	dcf0598e	Scott Ullrich	echo "system_pccard_start() being called $mt\n";
500	58c7450e	Scott Ullrich	}
501	0f282d7a	Scott Ullrich
502	5b237745	Scott Ullrich	if ($g['booting'])
503	f05740c1	Scott Ullrich	echo "Initializing PCMCIA...";
504	0f282d7a	Scott Ullrich
505	5b237745	Scott Ullrich	/* kill any running pccardd */
506			killbypid("{$g['varrun_path']}/pccardd.pid");
507	0f282d7a	Scott Ullrich
508	5b237745	Scott Ullrich	/* fire up pccardd */
509			$res = mwexec("/usr/sbin/pccardd -z -f {$g['etc_path']}/pccard.conf");
510	0f282d7a	Scott Ullrich
511	5b237745	Scott Ullrich	if ($g['booting']) {
512			if ($res == 0)
513	5c6d0f65	Colin Smith	echo "done.\n";
514	5b237745	Scott Ullrich	else
515	5c6d0f65	Colin Smith	echo "failed!\n";
516	5b237745	Scott Ullrich	}
517	0f282d7a	Scott Ullrich
518	5b237745	Scott Ullrich	return $res;
519			}
520
521	819197a8	Scott Ullrich
522	5b237745	Scott Ullrich	function system_webgui_start() {
523	f19d3b7a	Scott Ullrich	global $config, $g;
524	877ac35d	Scott Ullrich
525			if ($g['booting'])
526	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
527	877ac35d	Scott Ullrich
528	383a4439	Scott Ullrich	/* kill any running lighttpd */
529	877ac35d	Scott Ullrich	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
530
531	e9d0bf64	Scott Ullrich	sleep(1);
532
533	877ac35d	Scott Ullrich	/* generate password file */
534			system_password_configure();
535
536			chdir($g['www_path']);
537
538			/* non-standard port? */
539			if ($config['system']['webgui']['port'])
540	528df9a7	Scott Ullrich	$portarg = "{$config['system']['webgui']['port']}";
541	877ac35d	Scott Ullrich	else
542			$portarg = "";
543
544			if ($config['system']['webgui']['protocol'] == "https") {
545
546	1b2db323	Scott Ullrich	if(!$config['system']['webgui']['port'])
547			$portarg = "443";
548
549	877ac35d	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
550			$cert = base64_decode($config['system']['webgui']['certificate']);
551			$key = base64_decode($config['system']['webgui']['private-key']);
552			} else {
553			/* default certificate/key */
554			$cert = <<<EOD
555			-----BEGIN CERTIFICATE-----
556	6e0f3899	Scott Ullrich	MIIDEzCCAnygAwIBAgIJAJM91W+s6qptMA0GCSqGSIb3DQEBBAUAMGUxCzAJBgNV
557			BAYTAlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UE
558			ChMHcGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTAe
559			Fw0wNjAzMTAyMzQ1MTlaFw0xNjAzMDcyMzQ1MTlaMGUxCzAJBgNVBAYTAlVTMQsw
560			CQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMHcGZTZW5z
561			ZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZTCBnzANBgkqhkiG
562			9w0BAQEFAAOBjQAwgYkCgYEA3lPNTFH6qge/ygaqe/BS4oH59O6KvAesWcRzSu5N
563			21lyVE5tBbL0zqOSXmlLyReMSbtAMZqt1P8EPYFoOcaEQHIWm2VQF80Z18+8Gh4O
564			UQGjHq88OeaLqyk3OLpSKzSpXuCFrSN7q9Kez8zp5dQEu7sIW30da3pAbdqYOimA
565			1VsCAwEAAaOByjCBxzAdBgNVHQ4EFgQUAnx+ggC4SzJ0CK+rhPhJ2ZpyunEwgZcG
566			A1UdIwSBjzCBjIAUAnx+ggC4SzJ0CK+rhPhJ2ZpyunGhaaRnMGUxCzAJBgNVBAYT
567			AlVTMQswCQYDVQQIEwJLWTETMBEGA1UEBxMKTG91aXN2aWxsZTEQMA4GA1UEChMH
568			cGZTZW5zZTEQMA4GA1UECxMHcGZTZW5zZTEQMA4GA1UEAxMHcGZTZW5zZYIJAJM9
569			1W+s6qptMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAAviQpdoeabL8
570			1HSZiD7Yjx82pdLpyQOdXvAu3jEAYz53ckx0zSMrzsQ5r7Vae6AE7Xd7Pj+1Yihs
571			AJZzOQujnmsuim7qu6YSxzP34xonKwd1C9tZUlyNRNnEmtXOEDupn05bih1ugtLG
572			kqfPIgDbDLXuPtEAA6QDUypaunI6+1E=
573	877ac35d	Scott Ullrich	-----END CERTIFICATE-----
574	6e0f3899	Scott Ullrich
575	877ac35d	Scott Ullrich	EOD;
576
577			$key = <<<EOD
578			-----BEGIN RSA PRIVATE KEY-----
579	6e0f3899	Scott Ullrich	MIICXgIBAAKBgQDeU81MUfqqB7/KBqp78FLigfn07oq8B6xZxHNK7k3bWXJUTm0F
580			svTOo5JeaUvJF4xJu0Axmq3U/wQ9gWg5xoRAchabZVAXzRnXz7waHg5RAaMerzw5
581			5ourKTc4ulIrNKle4IWtI3ur0p7PzOnl1AS7uwhbfR1rekBt2pg6KYDVWwIDAQAB
582			AoGAP7E0VFP8Aq/7os3sE1uS8y8XQ7L+7cUo/AKKoQHKLjfeyAY7t3FALt6vdPqn
583			anGjkA/j4RIWELoKJfCnwj17703NDCPwB7klcmZvmTx5Om1ZrRyZdQ6RJs0pOOO1
584			r2wOnZNaNWStXE9Afpw3dj20Gh0V/Ioo5HXn3sHfxZm8dnkCQQDwv8OaUdp2Hl8t
585			FDfXB1CMvUG1hEAvbQvZK1ODkE7na2/ChKjVPddEI3DvfzG+nLrNuTrAyVWgRLte
586			r8qX5PQHAkEA7GlKx0S18LdiKo6wy2QeGu6HYkPncaHNFOWX8cTpvGGtQoWYSh0J
587			tjCt1/mz4/XkvZWuZyTNx2FdkVlNF5nHDQJBAIRWVTZqEjVlwpmsCHnp6mxCyHD4
588			DrRDNAUfnNuwIr9xPlDlzUzSnpc1CCqOd5C45LKbRGGfCrN7tKd66FmQoFcCQQCy
589			Kvw3R1pTCvHJnvYwoshphaC0dvaDVeyINiwYAk4hMf/wpVxLZqz+CJvLrB1dzOBR
590			3O+uPjdzbrakpweJpNQ1AkEA3ZtlgEj9eWsLAJP8aKlwB8VqD+EtG9OJSUMnCDiQ
591			WFFNj/t3Ze3IVuAyL/yMpiv3JNEnZhIxCta42eDFpIZAKw==
592	877ac35d	Scott Ullrich	-----END RSA PRIVATE KEY-----
593	6e0f3899	Scott Ullrich
594	877ac35d	Scott Ullrich	EOD;
595			}
596			} else {
597			$cert = "";
598			$key = "";
599			}
600
601			/* generate lighttpd configuration */
602			system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
603	1b2db323	Scott Ullrich	$cert, $key, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/");
604	877ac35d	Scott Ullrich
605			/* attempt to start lighthttpd */
606			$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
607
608			if ($g['booting']) {
609			if ($res == 0)
610			echo "done.\n";
611			else
612			echo "failed!\n";
613			}
614
615			return $res;
616			}
617
618			function system_webgui_start_old() {
619			global $config, $g;
620	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
621			$mt = microtime();
622	dcf0598e	Scott Ullrich	echo "system_webgui_start() being called $mt\n";
623	58c7450e	Scott Ullrich	}
624	0f282d7a	Scott Ullrich
625	819197a8	Scott Ullrich	if ($g['booting'])
626	f05740c1	Scott Ullrich	echo "Starting webConfigurator...";
627	0f282d7a	Scott Ullrich
628	819197a8	Scott Ullrich	/* kill any running mini_httpd */
629			killbypid("{$g['varrun_path']}/mini_httpd.pid");
630	0f282d7a	Scott Ullrich
631	819197a8	Scott Ullrich	/* generate password file */
632			system_password_configure();
633	0f282d7a	Scott Ullrich
634	819197a8	Scott Ullrich	chdir($g['www_path']);
635	0f282d7a	Scott Ullrich
636	819197a8	Scott Ullrich	/* non-standard port? */
637			if ($config['system']['webgui']['port'])
638			$portarg = "-p {$config['system']['webgui']['port']}";
639			else
640			$portarg = "";
641	0f282d7a	Scott Ullrich
642	819197a8	Scott Ullrich	if ($config['system']['webgui']['protocol'] == "https") {
643	0f282d7a	Scott Ullrich
644	819197a8	Scott Ullrich	if ($config['system']['webgui']['certificate'] && $config['system']['webgui']['private-key']) {
645			$cert = base64_decode($config['system']['webgui']['certificate']);
646	7aae518a	Scott Ullrich	$key = base64_decode($config['system']['webgui']['private-key']);
647	819197a8	Scott Ullrich	} else {
648			/* default certificate/key */
649			$cert = <<<EOD
650	5b237745	Scott Ullrich	-----BEGIN CERTIFICATE-----
651	819197a8	Scott Ullrich	MIIBlDCB/gIBADANBgkqhkiG9w0BAQQFADATMREwDwYDVQQKEwhtMG4wd2FsbDAe
652			Fw0wNTA1MTAxMjI0NDRaFw0wNzA1MTAxMjI0NDRaMBMxETAPBgNVBAoTCG0wbjB3
653			YWxsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAShszhFz+o8lsMWTGgTxs
654			TMPR+v4+qL5jXDyY97MLTGFK7aqQOtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+
655			83LPQmQoSPC0VqhfU3uYf3NzxiK8r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFP
656			C4jE2fvjkbzyVolPywBuewIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAFR962c4R5tV
657			cTn0OQcszYoW6WC+ini9tQQh5ku5jYDAiC+00atawJEVLnL3lwAcpSKTIWlTkD20
658			tl3lz5br1qFgYky+Rd0kwS2nk9jRbkxSXxd6KJVnNRCKre28aw3ENzZfCSurPQsX
659			UPp5er+NtwMT1g7s/JDmKTC4w1rGr5/c
660	5b237745	Scott Ullrich	-----END CERTIFICATE-----
661	819197a8	Scott Ullrich
662	5b237745	Scott Ullrich	EOD;
663
664	819197a8	Scott Ullrich	$key = <<<EOD
665	5b237745	Scott Ullrich	-----BEGIN RSA PRIVATE KEY-----
666	819197a8	Scott Ullrich	MIICXQIBAAKBgQDAShszhFz+o8lsMWTGgTxsTMPR+v4+qL5jXDyY97MLTGFK7aqQ
667			OtpIQc+TcTc4jklgOVlHoR7oBXrsi8YrbCd+83LPQmQoSPC0VqhfU3uYf3NzxiK8
668			r97aPCsmWgwT2pQ6TcESTm6sF7nLprOf/zFPC4jE2fvjkbzyVolPywBuewIDAQAB
669			AoGAbJJrQW9fQrggJuLMz/hwsYW2m31oyOBmf5u463YQtjRuSuxe/gj87weZuNqY
670			H2rXq2k2K+ehl8hgW+egASyUL3L7kCkEAsVREujKTEyhSqqIRDPWTxo9S/YA9Gvn
671			2ZnJvkrcKjqCO9aHX3rvJOK/ErYI6akctgI3KmgkYw5XNmECQQDuZU97RTWH9rmP
672			aQr57ysNXxgFsyhetOOqeYkPtIVwpOiNbfwE1zi5RGdtO4Ku3fG1lV4J2UoWJ9yD
673			awdoyYIHAkEAzn0xJ90IjPsHk+8SODEj5JGdHSZPNu1tgtrbjEi9sfGWg4K7XTxr
674			QW90pWb1bKKU1uh5FzW6OhnFfuQXt1kC7QJAPSthqY+onKqCEnoxhtAHi/bKgyvl
675			P+fKQwPMV2tKkgy+XwvJjrRqqZ8TqsOKVLQ+QQmCh6RpjiXMPyxHSmvqIQJBAKLR
676			HF1ucDuaBROkwx0DwmWMW/KMLpIFDQDNSaiIAuu4rxHrl4mhBoGGPNffI04RtILw
677			s+qVNs5xW8T+XaT4ztECQQDFHPnZeoPWE5z+AX/UUQIUWaDExz3XRzmIxRbOrlFi
678			CsF1s0TdJLi/wzNQRAL37A8vqCeVFR/ng3Xpg96Yg+8Z
679	5b237745	Scott Ullrich	-----END RSA PRIVATE KEY-----
680	208e9a9c	Scott Ullrich
681	819197a8	Scott Ullrich	EOD;
682			}
683	333f8ef0	Scott Ullrich
684	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
685			$key = str_replace("\r", "", $key);
686	333f8ef0	Scott Ullrich
687	819197a8	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/cert.pem", "w");
688			if (!$fd) {
689			printf("Error: cannot open cert.pem in system_webgui_start().\n");
690			return 1;
691			}
692			chmod("{$g['varetc_path']}/cert.pem", 0600);
693			fwrite($fd, $cert);
694			fwrite($fd, "\n");
695			fwrite($fd, $key);
696			fclose($fd);
697
698			$res = mwexec("/usr/local/sbin/mini_httpd -S -E {$g['varetc_path']}/cert.pem" .
699			" -c \".php\|.cgi\" -u root -maxproc 16 $portarg" .
700			" -i {$g['varrun_path']}/mini_httpd.pid");
701			} else {
702			$res = mwexec("/usr/local/sbin/mini_httpd -c \".php\|.cgi\" -u root" .
703			" -maxproc 16 $portarg -i {$g['varrun_path']}/mini_httpd.pid");
704			}
705	0f282d7a	Scott Ullrich
706	819197a8	Scott Ullrich	if ($g['booting']) {
707			if ($res == 0)
708			echo "done\n";
709			else
710			echo "failed\n";
711			}
712	a632cf43	Scott Ullrich
713	819197a8	Scott Ullrich	return $res;
714	a632cf43	Scott Ullrich	}
715
716	eb0f441c	Scott Ullrich	function system_generate_lighty_config($filename,
717			$cert,
718			$key,
719			$pid_file,
720			$port = 80,
721			$document_root = "/usr/local/www/",
722			$cert_location = "cert.pem",
723	b5317d07	Scott Ullrich	$max_procs = 2,
724	eb0f441c	Scott Ullrich	$max_requests = "1",
725			$fast_cgi_enable = true,
726			$captive_portal = false) {
727	58c7450e	Scott Ullrich
728	f19d3b7a	Scott Ullrich	global $config, $g;
729
730	d25b4a55	Scott Ullrich	/* only use freebsd-sendfile network handler on full installations
731			* tests have shown that it is actually slower on embedded.
732			*/
733			if(stristr("pfSense", $g['platform']))
734			$network_handler = "server.network-backend = \"freebsd-sendfile\"\n";
735	a19daac5	Scott Ullrich	else
736			$network_handler = "";
737	d25b4a55	Scott Ullrich
738	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
739			$mt = microtime();
740	dcf0598e	Scott Ullrich	echo "system_generate_lighty_config() being called $mt\n";
741	58c7450e	Scott Ullrich	}
742
743	eb0f441c	Scott Ullrich	if($captive_portal == true) {
744			$captiveportal = ",\"mod_rewrite\"";
745	6bef50b3	Scott Ullrich	$captive_portal_rewrite = "url.rewrite-once = ( \"(.captiveportal.)\" => \"$1\", \"(.*)\" => \"/index.php?redirurl=$1\" )\n";
746	b0bdc06e	Scott Ullrich	$captive_portal_module = "\"mod_accesslog\", ";
747			$maxprocperip = $config['captiveportal']['maxprocperip'];
748	632e8d54	Scott Ullrich	if(!$maxprocperip and $maxprocperip > 0)
749			$captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}";
750			else
751			$captive_portal_mod_evasive = "";
752	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n";
753			exec("mkdir -p /tmp/captiveportal");
754			exec("chmod a-w /tmp/captiveportal");
755	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 384";
756	b0bdc06e	Scott Ullrich	} else {
757			$captive_portal_module = "";
758			$captive_portal_mod_evasive = "";
759	3306a341	Scott Ullrich	$server_upload_dirs = "server.upload-dirs = ( \"{$g['upload_path']}/\", \"/tmp/\", \"/var/\" )\n";
760	775556ab	Scott Ullrich	$server_max_request_size = "server.max-request-size = 2097152";
761	eb0f441c	Scott Ullrich	}
762	3306a341	Scott Ullrich
763	28cae949	Scott Ullrich	if($port <> "")
764			$lighty_port = $port;
765			else
766			$lighty_port = "80";
767	3d77d4c4	Scott Ullrich
768			$memory = get_memory();
769			$avail = $memory[0];
770
771	b0bdc06e	Scott Ullrich	if($avail > 0 and $avail < 98) {
772	f994f4d6	Scott Ullrich	$max_procs = 1;
773			$max_requests = 1;
774	52624d2c	Scott Ullrich	}
775	1a043fa7	Scott Ullrich
776	b0bdc06e	Scott Ullrich	if($avail > 97 and $avail < 128) {
777			$max_procs = 2;
778			$max_requests = 1;
779			}
780
781			if($avail > 127 and $avail < 256) {
782			$max_procs = 2;
783			$max_requests = 1;
784			}
785
786			if($avail > 255 and $avail < 384) {
787			$max_procs = 3;
788			$max_requests = 1;
789			}
790
791			if($avail > 383 and $avail < 512) {
792			$max_procs = 4;
793			$max_requests = 1;
794			}
795
796	4edb490d	Scott Ullrich	if($fast_cgi_enable == true) {
797	dde4f60c	Scott Ullrich	$module = "\"mod_fastcgi\", \"mod_cgi\"";
798	4edb490d	Scott Ullrich	$cgi_config = "";
799			$fastcgi_config = <<<EOD
800			#### fastcgi module
801			## read fastcgi.txt for more info
802	b0bdc06e	Scott Ullrich	fastcgi.server = ( ".php" =>
803			( "localhost" =>
804			(
805			"socket" => "/tmp/php-fastcgi.socket",
806			"min-procs" => 1,
807			"max-procs" => {$max_procs},
808			"bin-path" => "/usr/local/bin/php"
809			)
810			)
811			)
812	4edb490d	Scott Ullrich
813	dde4f60c	Scott Ullrich	#### CGI module
814	5999dd9c	Scott Ullrich	cgi.assign = ( ".cgi" => "" )
815	dde4f60c	Scott Ullrich
816	4edb490d	Scott Ullrich	EOD;
817			} else {
818			$fastcgi_config = "";
819			$module = "\"mod_cgi\"";
820			$cgi_config = <<<EOD
821			#### CGI module
822			cgi.assign = ( ".php" => "/usr/local/bin/php",
823	d4302f46	Espen Johansen	".cgi" => "" )
824	333f8ef0	Scott Ullrich
825	4edb490d	Scott Ullrich	EOD;
826			}
827	333f8ef0	Scott Ullrich
828	a84b65dc	Scott Ullrich	$lighty_config .= <<<EOD
829	28cae949	Scott Ullrich	#
830	a632cf43	Scott Ullrich	# lighttpd configuration file
831			#
832			# use a it as base for lighttpd 1.0.0 and above
833	28cae949	Scott Ullrich	#
834	a632cf43	Scott Ullrich	############ Options you really have to take care of ####################
835
836	770b4b9c	Scott Ullrich	## FreeBSD!
837			server.event-handler = "freebsd-kqueue"
838
839	d25b4a55	Scott Ullrich	{$network_handler}
840	096261af	Scott Ullrich
841	a632cf43	Scott Ullrich	## modules to load
842	4edb490d	Scott Ullrich	server.modules = (
843	b0bdc06e	Scott Ullrich	{$captive_portal_module}
844	ee959dc4	Scott Ullrich	"mod_access", "mod_accesslog",
845	eb0f441c	Scott Ullrich	{$module}{$captiveportal}
846	4edb490d	Scott Ullrich	)
847	28cae949	Scott Ullrich
848			## Unused modules
849	6a019c11	Scott Ullrich	# "mod_setenv",
850			# "mod_compress"
851			# "mod_redirect",
852			# "mod_rewrite",
853	28cae949	Scott Ullrich	# "mod_ssi",
854			# "mod_usertrack",
855			# "mod_expire",
856			# "mod_secdownload",
857			# "mod_rrdtool",
858	a632cf43	Scott Ullrich	# "mod_auth",
859			# "mod_status",
860	28cae949	Scott Ullrich	# "mod_alias",
861	a632cf43	Scott Ullrich	# "mod_proxy",
862			# "mod_simple_vhost",
863			# "mod_evhost",
864			# "mod_userdir",
865	28cae949	Scott Ullrich	# "mod_cgi",
866			# "mod_accesslog"
867	a632cf43	Scott Ullrich
868			## a static document-root, for virtual-hosting take look at the
869			## server.virtual-* options
870	332b4ac0	Scott Ullrich	server.document-root = "{$document_root}"
871	eb0f441c	Scott Ullrich	{$captive_portal_rewrite}
872	a632cf43	Scott Ullrich
873			## where to send error-messages to
874	ee959dc4	Scott Ullrich	server.errorlog = "/var/log/lighttpd.error.log"
875	a632cf43	Scott Ullrich
876			# files to check for if .../ is requested
877			server.indexfiles = ( "index.php", "index.html",
878			"index.htm", "default.htm" )
879
880			# mimetype mapping
881			mimetype.assign = (
882			".pdf" => "application/pdf",
883			".sig" => "application/pgp-signature",
884			".spl" => "application/futuresplash",
885			".class" => "application/octet-stream",
886			".ps" => "application/postscript",
887			".torrent" => "application/x-bittorrent",
888			".dvi" => "application/x-dvi",
889			".gz" => "application/x-gzip",
890			".pac" => "application/x-ns-proxy-autoconfig",
891			".swf" => "application/x-shockwave-flash",
892			".tar.gz" => "application/x-tgz",
893			".tgz" => "application/x-tgz",
894			".tar" => "application/x-tar",
895			".zip" => "application/zip",
896			".mp3" => "audio/mpeg",
897			".m3u" => "audio/x-mpegurl",
898			".wma" => "audio/x-ms-wma",
899			".wax" => "audio/x-ms-wax",
900			".ogg" => "audio/x-wav",
901			".wav" => "audio/x-wav",
902			".gif" => "image/gif",
903			".jpg" => "image/jpeg",
904			".jpeg" => "image/jpeg",
905			".png" => "image/png",
906			".xbm" => "image/x-xbitmap",
907			".xpm" => "image/x-xpixmap",
908			".xwd" => "image/x-xwindowdump",
909			".css" => "text/css",
910			".html" => "text/html",
911			".htm" => "text/html",
912			".js" => "text/javascript",
913			".asc" => "text/plain",
914			".c" => "text/plain",
915			".conf" => "text/plain",
916			".text" => "text/plain",
917			".txt" => "text/plain",
918			".dtd" => "text/xml",
919			".xml" => "text/xml",
920			".mpeg" => "video/mpeg",
921			".mpg" => "video/mpeg",
922			".mov" => "video/quicktime",
923			".qt" => "video/quicktime",
924			".avi" => "video/x-msvideo",
925			".asf" => "video/x-ms-asf",
926			".asx" => "video/x-ms-asf",
927			".wmv" => "video/x-ms-wmv",
928			".bz2" => "application/x-bzip",
929			".tbz" => "application/x-bzip-compressed-tar",
930			".tar.bz2" => "application/x-bzip-compressed-tar"
931			)
932
933			# Use the "Content-Type" extended attribute to obtain mime type if possible
934			#mimetypes.use-xattr = "enable"
935
936			#### accesslog module
937	6a019c11	Scott Ullrich	#accesslog.filename = "/dev/null"
938	a632cf43	Scott Ullrich
939			## deny access the file-extensions
940			#
941			# ~ is for backupfiles from vi, emacs, joe, ...
942			# .inc is often used for code includes which should in general not be part
943			# of the document-root
944			url.access-deny = ( "~", ".inc" )
945
946
947			######### Options that are good to be but not neccesary to be changed #######
948
949			## bind to port (default: 80)
950	28cae949	Scott Ullrich	server.port = {$lighty_port}
951	a632cf43	Scott Ullrich
952			## error-handler for status 404
953			#server.error-handler-404 = "/error-handler.html"
954			#server.error-handler-404 = "/error-handler.php"
955
956			## to help the rc.scripts
957			server.pid-file = "/var/run/{$pid_file}"
958
959			## virtual directory listings
960	28cae949	Scott Ullrich	server.dir-listing = "disable"
961	a632cf43	Scott Ullrich
962			## enable debugging
963	28cae949	Scott Ullrich	debug.log-request-header = "disable"
964			debug.log-response-header = "disable"
965			debug.log-request-handling = "disable"
966			debug.log-file-not-found = "disable"
967	a632cf43	Scott Ullrich
968			#### compress module
969			#compress.cache-dir = "/tmp/lighttpd/cache/compress/"
970			#compress.filetype = ("text/plain", "text/html")
971
972	ee959dc4	Scott Ullrich	#server.network-backend = "writev"
973
974	3306a341	Scott Ullrich	{$server_upload_dirs}
975	1ef7b568	Scott Ullrich
976	a6e8af9c	Scott Ullrich	{$server_max_request_size}
977	ee959dc4	Scott Ullrich
978	4edb490d	Scott Ullrich	{$fastcgi_config}
979
980			{$cgi_config}
981	a632cf43	Scott Ullrich
982	b0bdc06e	Scott Ullrich	{$captive_portal_mod_evasive}
983
984	a632cf43	Scott Ullrich	EOD;
985
986	7aae518a	Scott Ullrich	$cert = str_replace("\r", "", $cert);
987	333f8ef0	Scott Ullrich	$key = str_replace("\r", "", $key);
988	7aae518a	Scott Ullrich
989			$cert = str_replace("\n\n", "\n", $cert);
990	333f8ef0	Scott Ullrich	$key = str_replace("\n\n", "\n", $key);
991	7aae518a	Scott Ullrich
992	a632cf43	Scott Ullrich	if($cert <> "" and $key <> "") {
993	3a66b621	Scott Ullrich	$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
994	5b237745	Scott Ullrich	if (!$fd) {
995			printf("Error: cannot open cert.pem in system_webgui_start().\n");
996			return 1;
997			}
998	3a66b621	Scott Ullrich	chmod("{$g['varetc_path']}/{$cert_location}", 0600);
999	5b237745	Scott Ullrich	fwrite($fd, $cert);
1000			fwrite($fd, "\n");
1001			fwrite($fd, $key);
1002			fclose($fd);
1003	a632cf43	Scott Ullrich	$lighty_config .= "\n";
1004	9f0cbb16	Scott Ullrich	$lighty_config .= "## ssl configuration\n";
1005	a632cf43	Scott Ullrich	$lighty_config .= "ssl.engine = \"enable\"\n";
1006	333f8ef0	Scott Ullrich	$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
1007	5b237745	Scott Ullrich	}
1008	0f282d7a	Scott Ullrich
1009	4f3756f3	Scott Ullrich	$fd = fopen("{$filename}", "w");
1010	a632cf43	Scott Ullrich	if (!$fd) {
1011	4f3756f3	Scott Ullrich	printf("Error: cannot open {$filename} in system_generate_lighty_config().\n");
1012	a632cf43	Scott Ullrich	return 1;
1013	5b237745	Scott Ullrich	}
1014	a632cf43	Scott Ullrich	fwrite($fd, $lighty_config);
1015			fclose($fd);
1016
1017			return 0;
1018	0f282d7a	Scott Ullrich
1019	5b237745	Scott Ullrich	}
1020
1021			function system_password_configure() {
1022	f19d3b7a	Scott Ullrich	global $config, $g;
1023	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1024			$mt = microtime();
1025	dcf0598e	Scott Ullrich	echo "system_password_configure() being called $mt\n";
1026	f19d3b7a	Scott Ullrich	}
1027
1028	0d174c5f	Scott Ullrich	/* sync passwords */
1029			sync_webgui_passwords();
1030
1031			/* !NOTE! conf_mount_ro is done by sync_webgui_passwords() */
1032	0f282d7a	Scott Ullrich
1033	5b237745	Scott Ullrich	return 0;
1034			}
1035
1036			function system_timezone_configure() {
1037	f19d3b7a	Scott Ullrich	global $config, $g;
1038	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1039			$mt = microtime();
1040	dcf0598e	Scott Ullrich	echo "system_timezone_configure() being called $mt\n";
1041	333f8ef0	Scott Ullrich	}
1042	5b237745	Scott Ullrich
1043			$syscfg = $config['system'];
1044
1045			if ($g['booting'])
1046	f05740c1	Scott Ullrich	echo "Setting timezone...";
1047	5b237745	Scott Ullrich
1048			/* extract appropriate timezone file */
1049			$timezone = $syscfg['timezone'];
1050			if (!$timezone)
1051			$timezone = "Etc/UTC";
1052	0f282d7a	Scott Ullrich
1053	34febcde	Scott Ullrich	conf_mount_rw();
1054
1055	029d1a71	Scott Ullrich	exec("LANG=C /usr/bin/tar xzfO /usr/share/zoneinfo.tgz " .
1056	5b237745	Scott Ullrich	escapeshellarg($timezone) . " > /etc/localtime");
1057
1058	27150275	Scott Ullrich	conf_mount_ro();
1059	34febcde	Scott Ullrich
1060	5b237745	Scott Ullrich	if ($g['booting'])
1061	5c6d0f65	Colin Smith	echo "done.\n";
1062	5b237745	Scott Ullrich	}
1063
1064			function system_ntp_configure() {
1065	f19d3b7a	Scott Ullrich	global $config, $g;
1066	5b237745	Scott Ullrich
1067			$syscfg = $config['system'];
1068
1069	20b90e0a	Scott Ullrich	/* open configuration for wrting or bail */
1070			$fd = fopen("{$g['varetc_path']}/ntpd.conf","w");
1071			if(!$fd) {
1072	5f3e1f12	Scott Ullrich	log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
1073	20b90e0a	Scott Ullrich	return;
1074	5b237745	Scott Ullrich	}
1075
1076	20b90e0a	Scott Ullrich	fwrite($fd, "# \n");
1077			fwrite($fd, "# pfSense OpenNTPD configuration file \n");
1078			fwrite($fd, "# \n\n");
1079	0f282d7a	Scott Ullrich
1080	20b90e0a	Scott Ullrich	/* foreach through servers and write out to ntpd.conf */
1081			foreach (explode(' ', $syscfg['timeservers']) as $ts)
1082			fwrite($fd, "servers {$ts}\n");
1083	0f282d7a	Scott Ullrich
1084	95594e5a	Scott Ullrich	/* server config is in coregui1 */
1085			$xmlsettings = $config['installedpackages']['openntpd']['config'][0];
1086			if ($xmlsettings['enable'] == 'on') {
1087			$ifaces = explode(',', $xmlsettings['interface']);
1088			$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
1089			$ifaces = array_filter($ifaces, 'does_interface_exist');
1090			$ips = array_map('find_interface_ip', $ifaces);
1091			foreach ($ips as $ip) {
1092			if (is_ipaddr($ip))
1093			fwrite($fd, "listen on $ip\n");
1094			}
1095			}
1096
1097	20b90e0a	Scott Ullrich	fwrite($fd, "\n");
1098	0f282d7a	Scott Ullrich
1099	20b90e0a	Scott Ullrich	/* slurp! */
1100			fclose($fd);
1101
1102			/* if openntpd is running, kill it */
1103	5f3e1f12	Scott Ullrich	while(is_process_running("ntpd")) {
1104	20b90e0a	Scott Ullrich	exec("/usr/bin/killall ntpd");
1105	5f3e1f12	Scott Ullrich	sleep(3);
1106			}
1107
1108			/* if /var/empty does not exist, create it */
1109			if(!is_dir("/var/empty"))
1110			exec("/bin/mkdir -p /var/empty && chmod ug+rw /var/empty/.");
1111
1112			sleep(1);
1113	20b90e0a	Scott Ullrich
1114			/* start opentpd, set time now and use /var/etc/ntpd.conf */
1115			exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
1116	0f282d7a	Scott Ullrich
1117	5b237745	Scott Ullrich	}
1118
1119	652cf082	Seth Mos	function sync_system_time() {
1120			global $config, $g;
1121
1122			$syscfg = $config['system'];
1123
1124			if ($g['booting'])
1125	4582b281	Scott Ullrich	echo "Syncing system time before startup...";
1126	652cf082	Seth Mos
1127			/* foreach through servers and write out to ntpd.conf */
1128			foreach (explode(' ', $syscfg['timeservers']) as $ts) {
1129			mwexec("/usr/sbin/ntpdate -s $ts");
1130			}
1131	4582b281	Scott Ullrich
1132			if ($g['booting'])
1133			echo "done.\n";
1134
1135	652cf082	Seth Mos	}
1136
1137	405e5de0	Scott Ullrich	function system_halt() {
1138			global $g;
1139
1140			system_reboot_cleanup();
1141
1142			mwexec("nohup /etc/rc.halt > /dev/null 2>&1 &");
1143			}
1144
1145	5b237745	Scott Ullrich	function system_reboot() {
1146			global $g;
1147	0f282d7a	Scott Ullrich
1148	5b237745	Scott Ullrich	system_reboot_cleanup();
1149	0f282d7a	Scott Ullrich
1150	5b237745	Scott Ullrich	mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
1151			}
1152
1153			function system_reboot_sync() {
1154			global $g;
1155	0f282d7a	Scott Ullrich
1156	5b237745	Scott Ullrich	system_reboot_cleanup();
1157	0f282d7a	Scott Ullrich
1158	5b237745	Scott Ullrich	mwexec("/etc/rc.reboot > /dev/null 2>&1");
1159			}
1160
1161			function system_reboot_cleanup() {
1162	97d4e30b	Seth Mos	mwexec("/usr/local/bin/beep.sh stop");
1163	5b237745	Scott Ullrich	captiveportal_radius_stop_all();
1164			}
1165
1166			function system_do_shell_commands($early = 0) {
1167	f19d3b7a	Scott Ullrich	global $config, $g;
1168	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1169			$mt = microtime();
1170	dcf0598e	Scott Ullrich	echo "system_do_shell_commands() being called $mt\n";
1171	58c7450e	Scott Ullrich	}
1172	0f282d7a	Scott Ullrich
1173	5b237745	Scott Ullrich	if ($early)
1174			$cmdn = "earlyshellcmd";
1175			else
1176			$cmdn = "shellcmd";
1177	0f282d7a	Scott Ullrich
1178	5b237745	Scott Ullrich	if (is_array($config['system'][$cmdn])) {
1179	333f8ef0	Scott Ullrich
1180	245388b4	Scott Ullrich	/* cmd is an array, loop through /
1181	5b237745	Scott Ullrich	foreach ($config['system'][$cmdn] as $cmd) {
1182			exec($cmd);
1183			}
1184	245388b4	Scott Ullrich
1185			} elseif($config['system'][$cmdn] <> "") {
1186	333f8ef0	Scott Ullrich
1187	245388b4	Scott Ullrich	/* execute single item */
1188			exec($config['system'][$cmdn]);
1189
1190	5b237745	Scott Ullrich	}
1191			}
1192
1193			function system_console_configure() {
1194	f19d3b7a	Scott Ullrich	global $config, $g;
1195	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1196			$mt = microtime();
1197	dcf0598e	Scott Ullrich	echo "system_console_configure() being called $mt\n";
1198	333f8ef0	Scott Ullrich	}
1199	0f282d7a	Scott Ullrich
1200	5b237745	Scott Ullrich	if (isset($config['system']['disableconsolemenu'])) {
1201			touch("{$g['varetc_path']}/disableconsole");
1202			} else {
1203			unlink_if_exists("{$g['varetc_path']}/disableconsole");
1204			}
1205			}
1206
1207			function system_dmesg_save() {
1208	f19d3b7a	Scott Ullrich	global $g;
1209	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1210			$mt = microtime();
1211	dcf0598e	Scott Ullrich	echo "system_dmesg_save() being called $mt\n";
1212	f19d3b7a	Scott Ullrich	}
1213	0f282d7a	Scott Ullrich
1214	767a716e	Scott Ullrich	$dmesg = "";
1215	5b237745	Scott Ullrich	exec("/sbin/dmesg", $dmesg);
1216	0f282d7a	Scott Ullrich
1217	5b237745	Scott Ullrich	/* find last copyright line (output from previous boots may be present) */
1218			$lastcpline = 0;
1219	0f282d7a	Scott Ullrich
1220	5b237745	Scott Ullrich	for ($i = 0; $i < count($dmesg); $i++) {
1221			if (strstr($dmesg[$i], "Copyright (c) 1992-"))
1222			$lastcpline = $i;
1223			}
1224	0f282d7a	Scott Ullrich
1225	5b237745	Scott Ullrich	$fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
1226			if (!$fd) {
1227			printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
1228			return 1;
1229			}
1230	0f282d7a	Scott Ullrich
1231	5b237745	Scott Ullrich	for ($i = $lastcpline; $i < count($dmesg); $i++)
1232			fwrite($fd, $dmesg[$i] . "\n");
1233	0f282d7a	Scott Ullrich
1234	5b237745	Scott Ullrich	fclose($fd);
1235	0f282d7a	Scott Ullrich
1236	5b237745	Scott Ullrich	return 0;
1237			}
1238
1239			function system_set_harddisk_standby() {
1240	f19d3b7a	Scott Ullrich	global $g, $config;
1241	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1242			$mt = microtime();
1243	dcf0598e	Scott Ullrich	echo "system_set_harddisk_standby() being called $mt\n";
1244	58c7450e	Scott Ullrich	}
1245	5b237745	Scott Ullrich
1246			if (isset($config['system']['harddiskstandby'])) {
1247			if ($g['booting']) {
1248	5c6d0f65	Colin Smith	echo 'Setting hard disk standby... ';
1249	5b237745	Scott Ullrich	}
1250
1251			$standby = $config['system']['harddiskstandby'];
1252			// Check for a numeric value
1253			if (is_numeric($standby)) {
1254			// Sync the disk(s)
1255			mwexec('/bin/sync');
1256			if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) {
1257			// Reinitialize ATA-drives
1258			mwexec('/usr/local/sbin/atareinit');
1259			if ($g['booting']) {
1260	5c6d0f65	Colin Smith	echo "done.\n";
1261	5b237745	Scott Ullrich	}
1262			} else if ($g['booting']) {
1263	5c6d0f65	Colin Smith	echo "failed!\n";
1264	5b237745	Scott Ullrich	}
1265			} else if ($g['booting']) {
1266	5c6d0f65	Colin Smith	echo "failed!\n";
1267	5b237745	Scott Ullrich	}
1268			}
1269			}
1270
1271	3ff9d424	Scott Ullrich	function system_setup_sysctl() {
1272	f19d3b7a	Scott Ullrich	global $config;
1273	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1274			$mt = microtime();
1275	dcf0598e	Scott Ullrich	echo "system_setup_sysctl() being called $mt\n";
1276	58c7450e	Scott Ullrich	}
1277	243aa7b9	Scott Ullrich
1278	6df9d7e3	Scott Ullrich	activate_sysctls();
1279
1280	243aa7b9	Scott Ullrich	if (isset($config['system']['sharednet'])) {
1281			system_disable_arp_wrong_if();
1282			}
1283			}
1284
1285			function system_disable_arp_wrong_if() {
1286	f19d3b7a	Scott Ullrich	global $config;
1287	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1288			$mt = microtime();
1289	dcf0598e	Scott Ullrich	echo "system_disable_arp_wrong_if() being called $mt\n";
1290	333f8ef0	Scott Ullrich	}
1291	6cb438cf	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=0");
1292	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=0");
1293	3ff9d424	Scott Ullrich	}
1294
1295	243aa7b9	Scott Ullrich	function system_enable_arp_wrong_if() {
1296	f19d3b7a	Scott Ullrich	global $config;
1297	58c7450e	Scott Ullrich	if(isset($config['system']['developerspew'])) {
1298			$mt = microtime();
1299	dcf0598e	Scott Ullrich	echo "system_enable_arp_wrong_if() being called $mt\n";
1300	58c7450e	Scott Ullrich	}
1301	243aa7b9	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_wrong_iface=1");
1302	89f4b6a3	Scott Ullrich	mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
1303	243aa7b9	Scott Ullrich	}
1304
1305	a199b93e	Scott Ullrich	function enable_watchdog() {
1306			global $config;
1307			$install_watchdog = false;
1308			$supported_watchdogs = array("Geode");
1309			$file = file_get_contents("/var/log/dmesg.boot");
1310			foreach($supported_watchdogs as $sd) {
1311			if(stristr($file, "Geode")) {
1312			$install_watchdog = true;
1313			}
1314			}
1315			if($install_watchdog == true) {
1316	2e44fb05	Scott Ullrich	if(is_process_running("watchdogd"))
1317			exec("/usr/bin/killall watchdogd");
1318	333f8ef0	Scott Ullrich	exec("/usr/sbin/watchdogd");
1319	a199b93e	Scott Ullrich	}
1320			}
1321	243aa7b9	Scott Ullrich
1322	e180a6e3	Scott Ullrich	?>

Project

General

Profile

pfSense