/src/etc/inc/config.lib.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/config.lib.inc @ fd2e503a

1	12df7edc	Erik	<?php
2	09221bc3	Renato Botelho	/*
3	ac24dc24	Renato Botelho	* config.lib.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	81299b5c	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	ac24dc24	Renato Botelho	* Copyright (c) 2009 Erik Kristensen
8			* All rights reserved.
9			*
10			* originally part of m0n0wall (http://m0n0.ch/wall)
11	c5d81585	Renato Botelho	* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
12	ac24dc24	Renato Botelho	* All rights reserved.
13			*
14	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
15			* you may not use this file except in compliance with the License.
16			* You may obtain a copy of the License at
17	ac24dc24	Renato Botelho	*
18	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
19	ac24dc24	Renato Botelho	*
20	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
21			* distributed under the License is distributed on an "AS IS" BASIS,
22			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23			* See the License for the specific language governing permissions and
24			* limitations under the License.
25	ac24dc24	Renato Botelho	*/
26	12df7edc	Erik
27			/***f config/encrypted_configxml
28			* NAME
29			* encrypted_configxml - Checks to see if config.xml is encrypted and if so, prompts to unlock.
30			* INPUTS
31			* None
32			* RESULT
33			* $config - rewrites config.xml without encryption
34			******/
35			function encrypted_configxml() {
36			global $g, $config;
37	02e9880e	Ermal
38	1e0b1727	Phil Davis	if (!file_exists($g['conf_path'] . "/config.xml")) {
39	02e9880e	Ermal	return;
40	1e0b1727	Phil Davis	}
41	02e9880e	Ermal
42	1e0b1727	Phil Davis	if (!platform_booting()) {
43	02e9880e	Ermal	return;
44	1e0b1727	Phil Davis	}
45	02e9880e	Ermal
46	1e0b1727	Phil Davis	$configtxt = file_get_contents($g['conf_path'] . "/config.xml");
47			if (tagfile_deformat($configtxt, $configtxt, "config.xml")) {
48	02e9880e	Ermal	$fp = fopen('php://stdin', 'r');
49			$data = "";
50			echo "\n\n* Encrypted config.xml detected *\n";
51	1e0b1727	Phil Davis	while ($data == "") {
52	02e9880e	Ermal	echo "\nEnter the password to decrypt config.xml: ";
53			$decrypt_password = chop(fgets($fp));
54			$data = decrypt_data($configtxt, $decrypt_password);
55	1e0b1727	Phil Davis	if (!strstr($data, "<pfsense>")) {
56	12df7edc	Erik	$data = "";
57	1e0b1727	Phil Davis	}
58			if ($data) {
59	02e9880e	Ermal	$fd = fopen($g['conf_path'] . "/config.xml.tmp", "w");
60			fwrite($fd, $data);
61			fclose($fd);
62			exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml");
63	9d3d8d00	Vinicius Coque	echo "\n" . gettext("Config.xml unlocked.") . "\n";
64	02e9880e	Ermal	fclose($fp);
65	8a811010	Chris Buechler	pfSense_fsync("{$g['conf_path']}/config.xml");
66	02e9880e	Ermal	} else {
67	9d3d8d00	Vinicius Coque	echo "\n" . gettext("Invalid password entered. Please try again.") . "\n";
68	12df7edc	Erik	}
69			}
70			}
71			}
72
73			/***f config/parse_config
74			* NAME
75			* parse_config - Read in config.cache or config.xml if needed and return $config array
76			* INPUTS
77			* $parse - boolean to force parse_config() to read config.xml and generate config.cache
78			* RESULT
79			* $config - array containing all configuration variables
80			******/
81	1295e769	Scott Ullrich	function parse_config($parse = false) {
82	4e9a3392	Scott Ullrich	global $g, $config_parsed, $config_extra;
83	02e9880e	Ermal
84	12df7edc	Erik	$lockkey = lock('config');
85	0af381c2	Scott Ullrich	$config_parsed = false;
86	02e9880e	Ermal
87	12df7edc	Erik	if (!file_exists("{$g['conf_path']}/config.xml") \|\| filesize("{$g['conf_path']}/config.xml") == 0) {
88			$last_backup = discover_last_backup();
89	1e0b1727	Phil Davis	if ($last_backup) {
90	4e038d31	Carlos Eduardo Ramos	log_error(gettext("No config.xml found, attempting last known config restore."));
91			file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
92	12df7edc	Erik	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
93			} else {
94			unlock($lockkey);
95	4e038d31	Carlos Eduardo Ramos	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
96	12df7edc	Erik	}
97			}
98	02e9880e	Ermal
99	086cf944	Phil Davis	if (platform_booting(true)) {
100	02e9880e	Ermal	echo ".";
101	086cf944	Phil Davis	}
102	02e9880e	Ermal
103	12df7edc	Erik	// Check for encrypted config.xml
104			encrypted_configxml();
105	02e9880e	Ermal
106	1e0b1727	Phil Davis	if (!$parse) {
107	02e9880e	Ermal	if (file_exists($g['tmp_path'] . '/config.cache')) {
108	12df7edc	Erik	$config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache'));
109	adb6925e	Chris Buechler	if (!is_array($config)) {
110	02e9880e	Ermal	$parse = true;
111	1e0b1727	Phil Davis	}
112			} else {
113	02e9880e	Ermal	$parse = true;
114	1e0b1727	Phil Davis	}
115	02e9880e	Ermal	}
116			if ($parse == true) {
117	1e0b1727	Phil Davis	if (!file_exists($g['conf_path'] . "/config.xml")) {
118			if (platform_booting(true)) {
119	02e9880e	Ermal	echo ".";
120	1e0b1727	Phil Davis	}
121	12df7edc	Erik	log_error("No config.xml found, attempting last known config restore.");
122			file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
123			$last_backup = discover_last_backup();
124	1e0b1727	Phil Davis	if ($last_backup) {
125	12df7edc	Erik	restore_backup("/cf/conf/backup/{$last_backup}");
126	1e0b1727	Phil Davis	} else {
127	4e038d31	Carlos Eduardo Ramos	log_error(gettext("Could not restore config.xml."));
128	50cafcf3	Ermal	unlock($lockkey);
129	4816e5ca	Renato Botelho	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
130	50cafcf3	Ermal	}
131	12df7edc	Erik	}
132	990d7c03	Erik Fonnesbeck	$config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense'));
133	1e0b1727	Phil Davis	if ($config == -1) {
134	12df7edc	Erik	$last_backup = discover_last_backup();
135	1e0b1727	Phil Davis	if ($last_backup) {
136	12df7edc	Erik	restore_backup("/cf/conf/backup/{$last_backup}");
137	1e0b1727	Phil Davis	} else {
138	12df7edc	Erik	log_error(gettext("Could not restore config.xml."));
139	50cafcf3	Ermal	unlock($lockkey);
140			die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.");
141			}
142	12df7edc	Erik	}
143			generate_config_cache($config);
144			}
145	02e9880e	Ermal
146	1e0b1727	Phil Davis	if (platform_booting(true)) {
147	02e9880e	Ermal	echo ".";
148	1e0b1727	Phil Davis	}
149	02e9880e	Ermal
150	12df7edc	Erik	$config_parsed = true;
151			unlock($lockkey);
152
153	02e9880e	Ermal	alias_make_table($config);
154
155	12df7edc	Erik	return $config;
156			}
157
158			/***f config/generate_config_cache
159			* NAME
160			* generate_config_cache - Write serialized configuration to cache.
161			* INPUTS
162			* $config - array containing current firewall configuration
163			* RESULT
164			* boolean - true on completion
165			******/
166			function generate_config_cache($config) {
167	4e9a3392	Scott Ullrich	global $g, $config_extra;
168	12df7edc	Erik
169			$configcache = fopen($g['tmp_path'] . '/config.cache', "w");
170			fwrite($configcache, serialize($config));
171			fclose($configcache);
172	88f2c335	Chris Buechler	pfSense_fsync("{$g['tmp_path']}/config.cache");
173	6990ad35	Phil Davis
174	4e9a3392	Scott Ullrich	unset($configcache);
175			/* Used for config.extra.xml */
176	1e0b1727	Phil Davis	if (file_exists($g['tmp_path'] . '/config.extra.cache') && $config_extra) {
177	4e9a3392	Scott Ullrich	$configcacheextra = fopen($g['tmp_path'] . '/config.extra.cache', "w");
178			fwrite($configcacheextra, serialize($config_extra));
179	1e0b1727	Phil Davis	fclose($configcacheextra);
180	fd29caa1	Chris Buechler	pfSense_fsync("{$g['tmp_path']}/config.extra.cache");
181	4e9a3392	Scott Ullrich	unset($configcacheextra);
182			}
183	12df7edc	Erik	}
184
185			function discover_last_backup() {
186	692c21fd	Renato Botelho	$backups = glob('/cf/conf/backup/*.xml');
187	12df7edc	Erik	$last_backup = "";
188	692c21fd	Renato Botelho	$last_mtime = 0;
189	1e0b1727	Phil Davis	foreach ($backups as $backup) {
190			if (filemtime($backup) > $last_mtime) {
191	692c21fd	Renato Botelho	$last_mtime = filemtime($backup);
192			$last_backup = $backup;
193			}
194			}
195	12df7edc	Erik
196	692c21fd	Renato Botelho	return basename($last_backup);
197	12df7edc	Erik	}
198
199			function restore_backup($file) {
200			global $g;
201
202			if (file_exists($file)) {
203			unlink_if_exists("{$g['tmp_path']}/config.cache");
204	086cf944	Phil Davis	copy("$file", "/cf/conf/config.xml");
205	38b35612	Renato Botelho	pfSense_fsync("/cf/conf/config.xml");
206	d7b97ca3	Chris Buechler	pfSense_fsync($g['conf_path']);
207	0f806eca	Erik Fonnesbeck	disable_security_checks();
208	addc0439	Renato Botelho	log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file));
209			file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", "");
210	12df7edc	Erik	}
211			}
212
213			/***f config/parse_config_bootup
214			* NAME
215			* parse_config_bootup - Bootup-specific configuration checks.
216			* RESULT
217			* null
218			******/
219			function parse_config_bootup() {
220	50cafcf3	Ermal	global $config, $g;
221	12df7edc	Erik
222	1e0b1727	Phil Davis	if (platform_booting()) {
223	02e9880e	Ermal	echo ".";
224	1e0b1727	Phil Davis	}
225	12df7edc	Erik
226			$lockkey = lock('config');
227	50cafcf3	Ermal	if (!file_exists("{$g['conf_path']}/config.xml")) {
228	285ef132	Ermal LUÇI	if (platform_booting()) {
229	60f164f3	Renato Botelho	$last_backup = discover_last_backup();
230			if ($last_backup) {
231			log_error("No config.xml found, attempting last known config restore.");
232			file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
233			restore_backup("/cf/conf/backup/{$last_backup}");
234			}
235			if (!file_exists("{$g['conf_path']}/config.xml")) {
236			echo sprintf(gettext("XML configuration file not found. %s cannot continue booting."), $g['product_name']) . "\n";
237			unlock($lockkey);
238			mwexec("/sbin/halt");
239			exit;
240	12df7edc	Erik	}
241	60f164f3	Renato Botelho	log_error("Last known config found and restored. Please double check the configuration file for accuracy.");
242			file_notice("config.xml", gettext("Last known config found and restored. Please double check the configuration file for accuracy."), "pfSenseConfigurator", "");
243	50cafcf3	Ermal	} else {
244			unlock($lockkey);
245	b5e8282d	Ermal	log_error(gettext("Could not find a usable configuration file! Exiting...."));
246	50cafcf3	Ermal	exit(0);
247	12df7edc	Erik	}
248			}
249	50cafcf3	Ermal
250	12df7edc	Erik	if (filesize("{$g['conf_path']}/config.xml") == 0) {
251			$last_backup = discover_last_backup();
252	1e0b1727	Phil Davis	if ($last_backup) {
253	4e038d31	Carlos Eduardo Ramos	log_error(gettext("No config.xml found, attempting last known config restore."));
254			file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", "");
255	12df7edc	Erik	restore_backup("{$g['conf_path']}/backup/{$last_backup}");
256			} else {
257			unlock($lockkey);
258	4e038d31	Carlos Eduardo Ramos	die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
259	12df7edc	Erik	}
260			}
261			unlock($lockkey);
262
263	89adb2f3	Ermal	$config = parse_config(true);
264
265	12df7edc	Erik	if ((float)$config['version'] > (float)$g['latest_config']) {
266			echo <<<EOD
267
268
269			*******************************************************************************
270			* WARNING! *
271			* The current configuration has been created with a newer version of {$g['product_name']} *
272			* than this one! This can lead to serious misbehavior and even security *
273			* holes! You are urged to either upgrade to a newer version of {$g['product_name']} or *
274			* revert to the default configuration immediately! *
275			*******************************************************************************
276
277
278			EOD;
279			}
280
281			/* make alias table (for faster lookups) */
282			alias_make_table($config);
283			}
284
285			/***f config/conf_mount_rw
286			* NAME
287			* conf_mount_rw - Mount filesystems read/write.
288			* RESULT
289			* null
290			******/
291			/* mount flash card read/write */
292	63e18082	jim-p	function conf_mount_rw() {
293	ffab5cb4	Renato Botelho	/* Obsoleted. Keep it here untill all calls are removed */
294			return;
295	12df7edc	Erik	}
296
297			/***f config/conf_mount_ro
298			* NAME
299			* conf_mount_ro - Mount filesystems readonly.
300			* RESULT
301			* null
302			******/
303	63e18082	jim-p	function conf_mount_ro() {
304	ffab5cb4	Renato Botelho	/* Obsoleted. Keep it here untill all calls are removed */
305	3cc5a386	Chris Buechler	return;
306	12df7edc	Erik	}
307
308			/***f config/convert_config
309			* NAME
310			* convert_config - Attempt to update config.xml.
311			* DESCRIPTION
312			* convert_config() reads the current global configuration
313			* and attempts to convert it to conform to the latest
314			* config.xml version. This allows major formatting changes
315			* to be made with a minimum of breakage.
316			* RESULT
317			* null
318			******/
319			/* convert configuration, if necessary */
320			function convert_config() {
321			global $config, $g;
322			$now = date("H:i:s");
323	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("Start Configuration upgrade at %s, set execution timeout to 15 minutes"), $now));
324	59cfe65d	Ermal	//ini_set("max_execution_time", "900");
325	12df7edc	Erik
326			/* special case upgrades */
327			/* fix every minute crontab bogons entry */
328	32a9eb18	Ermal	if (is_array($config['cron'])) {
329			$cron_item_count = count($config['cron']['item']);
330	086cf944	Phil Davis	for ($x = 0; $x < $cron_item_count; $x++) {
331	1e0b1727	Phil Davis	if (stristr($config['cron']['item'][$x]['command'], "rc.update_bogons.sh")) {
332	086cf944	Phil Davis	if ($config['cron']['item'][$x]['hour'] == "*") {
333	1e0b1727	Phil Davis	$config['cron']['item'][$x]['hour'] = "3";
334	32a9eb18	Ermal	write_config(gettext("Updated bogon update frequency to 3am"));
335			log_error(gettext("Updated bogon update frequency to 3am"));
336	1e0b1727	Phil Davis	}
337	32a9eb18	Ermal	}
338	12df7edc	Erik	}
339			}
340	1e0b1727	Phil Davis	if ($config['version'] == $g['latest_config']) {
341	12df7edc	Erik	return; /* already at latest version */
342	1e0b1727	Phil Davis	}
343	12df7edc	Erik
344			// Save off config version
345			$prev_version = $config['version'];
346	1e0b1727	Phil Davis
347	b96cad97	Seth Mos	include_once('auth.inc');
348	12df7edc	Erik	include_once('upgrade_config.inc');
349	1e0b1727	Phil Davis	if (file_exists("/etc/inc/upgrade_config_custom.inc")) {
350	e58da189	Ermal	include_once("upgrade_config_custom.inc");
351	1e0b1727	Phil Davis	}
352	12df7edc	Erik	/* Loop and run upgrade_VER_to_VER() until we're at current version */
353			while ($config['version'] < $g['latest_config']) {
354			$cur = $config['version'] * 10;
355			$next = $cur + 1;
356			$migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next);
357	1e0b1727	Phil Davis	if (function_exists($migration_function)) {
358	cb0e3f8e	Ermal	$migration_function();
359	1e0b1727	Phil Davis	}
360	e58da189	Ermal	$migration_function = "{$migration_function}_custom";
361	1e0b1727	Phil Davis	if (function_exists($migration_function)) {
362	e58da189	Ermal	$migration_function();
363	1e0b1727	Phil Davis	}
364	12df7edc	Erik	$config['version'] = sprintf('%.1f', $next / 10);
365	1e0b1727	Phil Davis	if (platform_booting()) {
366	92cf9fcd	sullrich	echo ".";
367	1e0b1727	Phil Davis	}
368	12df7edc	Erik	}
369
370			$now = date("H:i:s");
371	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("Ended Configuration upgrade at %s"), $now));
372	12df7edc	Erik
373	1e0b1727	Phil Davis	if ($prev_version != $config['version']) {
374	addc0439	Renato Botelho	write_config(sprintf(gettext('Upgraded config version level from %1$s to %2$s'), $prev_version, $config['version']));
375	1e0b1727	Phil Davis	}
376	12df7edc	Erik	}
377
378	ddd42db3	Ermal Lu?i	/***f config/safe_write_file
379			* NAME
380			* safe_write_file - Write a file out atomically
381			* DESCRIPTION
382			* safe_write_file() Writes a file out atomically by first writing to a
383			* temporary file of the same name but ending with the pid of the current
384			* process, them renaming the temporary file over the original.
385			* INPUTS
386			* $filename - string containing the filename of the file to write
387	406ced77	Renato Botelho	* $content - string or array containing the file content to write to file
388	ddd42db3	Ermal Lu?i	* $force_binary - boolean denoting whether we should force binary
389			* mode writing.
390			* RESULT
391			* boolean - true if successful, false if not
392			******/
393	e717f161	Renato Botelho	function safe_write_file($file, $content, $force_binary = false) {
394	628d1548	Ermal	$tmp_file = $file . "." . getmypid();
395			$write_mode = $force_binary ? "wb" : "w";
396	ddd42db3	Ermal Lu?i
397	628d1548	Ermal	$fd = fopen($tmp_file, $write_mode);
398			if (!$fd) {
399			// Unable to open temporary file for writing
400			return false;
401	1e0b1727	Phil Davis	}
402	406ced77	Renato Botelho	if (is_array($content)) {
403			foreach ($content as $line) {
404			if (!fwrite($fd, $line . "\n")) {
405			// Unable to write to temporary file
406			fclose($fd);
407			return false;
408			}
409			}
410			} elseif (!fwrite($fd, $content)) {
411	628d1548	Ermal	// Unable to write to temporary file
412	00bc5bcc	Scott Ullrich	fclose($fd);
413	628d1548	Ermal	return false;
414			}
415			fflush($fd);
416			fclose($fd);
417	ddd42db3	Ermal Lu?i
418	a83602e8	Renato Botelho	if (!pfSense_fsync($tmp_file) \|\| !rename($tmp_file, $file)) {
419	628d1548	Ermal	// Unable to move temporary file to original
420			@unlink($tmp_file);
421			return false;
422			}
423	00bc5bcc	Scott Ullrich
424	628d1548	Ermal	// Sync file before returning
425	8a811010	Chris Buechler	return pfSense_fsync($file);
426	ddd42db3	Ermal Lu?i	}
427
428	12df7edc	Erik	/***f config/write_config
429			* NAME
430			* write_config - Backup and write the firewall configuration.
431			* DESCRIPTION
432			* write_config() handles backing up the current configuration,
433			* applying changes, and regenerating the configuration cache.
434			* INPUTS
435			* $desc - string containing the a description of configuration changes
436			* $backup - boolean: do not back up current configuration if false.
437	f5315ac1	NOYB	* $write_config_only - boolean: do not sync or reload anything; just save the configuration if true.
438	12df7edc	Erik	* RESULT
439			* null
440			******/
441			/* save the system configuration */
442	429e0911	NOYB	function write_config($desc="Unknown", $backup = true, $write_config_only = false) {
443	12df7edc	Erik	global $config, $g;
444
445	a74260cb	jim-p	if (!empty($_SERVER['REMOTE_ADDR'])) {
446	1e0b1727	Phil Davis	if (!session_id()) {
447	a74260cb	jim-p	@session_start();
448	1e0b1727	Phil Davis	}
449	cf0dae69	Ermal	if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) {
450			$user = getUserEntry($_SESSION['Username']);
451			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
452			session_commit();
453			return false;
454			}
455	4111fcf5	Ermal	}
456	170cb2bc	jim-p	}
457	4111fcf5	Ermal
458	1e0b1727	Phil Davis	if (!isset($argc)) {
459	9d584d5d	Ermal	session_commit();
460	1e0b1727	Phil Davis	}
461	4111fcf5	Ermal
462	1e0b1727	Phil Davis	if ($backup) {
463	12df7edc	Erik	backup_config();
464	1e0b1727	Phil Davis	}
465	12df7edc	Erik
466	ba1d9714	jim-p	$config['revision'] = make_config_revision_entry($desc);
467	12df7edc	Erik
468	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
469	12df7edc	Erik
470			/* generate configuration XML */
471			$xmlconfig = dump_xml_config($config, $g['xml_rootobj']);
472
473	41bf8e8e	Scott Ullrich	/* write new configuration */
474	e717f161	Renato Botelho	if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig)) {
475	89a8d28e	Chris Buechler	log_error(gettext("WARNING: Config contents could not be saved. Could not open file!"));
476	12df7edc	Erik	unlock($lockkey);
477	4e038d31	Carlos Eduardo Ramos	file_notice("config.xml", sprintf(gettext("Unable to open %s/config.xml for writing in write_config()%s"), $g['cf_conf_path'], "\n"));
478	541989d5	Ermal	return -1;
479	e5977136	Scott Ullrich	}
480	1e0b1727	Phil Davis
481	e1ebe9e2	jim-p	cleanup_backupcache(true);
482	12df7edc	Erik
483			/* re-read configuration */
484	541989d5	Ermal	/* NOTE: We assume that the file can be parsed since we wrote it. */
485	12df7edc	Erik	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
486	e490f995	Ermal	if ($config == -1) {
487	557300a7	jim-p	copy("{$g['conf_path']}/config.xml", "{$g['conf_path']}/config.xml.bad");
488	e490f995	Ermal	$last_backup = discover_last_backup();
489	557300a7	jim-p	if ($last_backup) {
490	e490f995	Ermal	restore_backup("/cf/conf/backup/{$last_backup}");
491	557300a7	jim-p	$config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']);
492	285ef132	Ermal LUÇI	if (platform_booting()) {
493	557300a7	jim-p	echo "\n\n ************ WARNING ************";
494	6177fd92	jim-p	echo "\n\n Configuration could not be validated. A previous configuration was restored. \n";
495	05d5503b	Ermal	echo "\n The failed configuration file has been saved as {$g['conf_path']}/config.xml.bad \n\n";
496	557300a7	jim-p	}
497	1e0b1727	Phil Davis	} else {
498	e490f995	Ermal	log_error(gettext("Could not restore config.xml."));
499	1e0b1727	Phil Davis	}
500			} else {
501	e490f995	Ermal	generate_config_cache($config);
502	1e0b1727	Phil Davis	}
503	12df7edc	Erik
504			unlock($lockkey);
505
506	429e0911	NOYB	if ($write_config_only) {
507			return $config;
508			}
509
510	12df7edc	Erik	unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
511	16b96ea6	Scott Ullrich
512	12df7edc	Erik	/* sync carp entries to other firewalls */
513	16b96ea6	Scott Ullrich	carp_sync_client();
514	12df7edc	Erik
515	1e0b1727	Phil Davis	if (is_dir("/usr/local/pkg/write_config")) {
516	12df7edc	Erik	/* process packager manager custom rules */
517			run_plugins("/usr/local/pkg/write_config/");
518			}
519
520			return $config;
521			}
522
523			/***f config/reset_factory_defaults
524			* NAME
525			* reset_factory_defaults - Reset the system to its default configuration.
526			* RESULT
527			* integer - indicates completion
528			******/
529	7d7da5e5	Phil Davis	function reset_factory_defaults($lock = false, $reboot_required = true) {
530	12df7edc	Erik	global $g;
531
532	7222324e	Renato Botelho
533	961884ae	Renato Botelho	/* Remove all additional packages */
534	5e8c3fa0	Renato Botelho	mwexec("/bin/sh /usr/local/sbin/{$g['product_name']}-upgrade " .
535			"-r ALL_PACKAGES");
536	7222324e	Renato Botelho
537	1e0b1727	Phil Davis	if (!$lock) {
538	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
539	1e0b1727	Phil Davis	}
540	12df7edc	Erik
541			/* create conf directory, if necessary */
542	5e8c3fa0	Renato Botelho	safe_mkdir($g['cf_conf_path']);
543	12df7edc	Erik
544			/* clear out /conf */
545			$dh = opendir($g['conf_path']);
546			while ($filename = readdir($dh)) {
547	5e8c3fa0	Renato Botelho	if (($filename != ".") && ($filename != "..") &&
548			(!is_dir($g['conf_path'] . "/" . $filename))) {
549	12df7edc	Erik	unlink_if_exists($g['conf_path'] . "/" . $filename);
550			}
551			}
552			closedir($dh);
553	63dd9f08	Ermal	unlink_if_exists($g['tmp_path'] . "/config.cache");
554	12df7edc	Erik
555			/* copy default configuration */
556	5e8c3fa0	Renato Botelho	copy("{$g['conf_default_path']}/config.xml",
557			"{$g['cf_conf_path']}/config.xml");
558	12df7edc	Erik
559	0f806eca	Erik Fonnesbeck	disable_security_checks();
560
561	12df7edc	Erik	/* call the wizard */
562	7d7da5e5	Phil Davis	if ($reboot_required) {
563			// If we need a reboot first then touch a different trigger file.
564			touch("/conf/trigger_initial_wizard_after_reboot");
565			} else {
566			touch("/conf/trigger_initial_wizard");
567			}
568	1e0b1727	Phil Davis	if (!$lock) {
569	12df7edc	Erik	unlock($lockkey);
570	1e0b1727	Phil Davis	}
571	673966e4	jim-p	setup_serial_port();
572	12df7edc	Erik	return 0;
573			}
574
575			function config_restore($conffile) {
576			global $config, $g;
577
578	1e0b1727	Phil Davis	if (!file_exists($conffile)) {
579	12df7edc	Erik	return 1;
580	1e0b1727	Phil Davis	}
581	12df7edc	Erik
582			backup_config();
583
584	1e0b1727	Phil Davis
585	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
586	12df7edc	Erik
587			unlink_if_exists("{$g['tmp_path']}/config.cache");
588	e490f995	Ermal	copy($conffile, "{$g['cf_conf_path']}/config.xml");
589	12df7edc	Erik
590	0f806eca	Erik Fonnesbeck	disable_security_checks();
591
592	12df7edc	Erik	unlock($lockkey);
593
594			$config = parse_config(true);
595
596
597	d18f3f6e	Phil Davis	write_config(sprintf(gettext("Reverted to %s."), array_pop(explode("/", $conffile))), false);
598	e296b183	Ermal Lu?i
599	12df7edc	Erik	return 0;
600			}
601
602			function config_install($conffile) {
603			global $config, $g;
604
605	1e0b1727	Phil Davis	if (!file_exists($conffile)) {
606	12df7edc	Erik	return 1;
607	1e0b1727	Phil Davis	}
608	12df7edc	Erik
609	1e0b1727	Phil Davis	if (!config_validate("{$conffile}")) {
610	12df7edc	Erik	return 1;
611	1e0b1727	Phil Davis	}
612	12df7edc	Erik
613	1e0b1727	Phil Davis	if (platform_booting()) {
614	4e038d31	Carlos Eduardo Ramos	echo gettext("Installing configuration...") . "\n";
615	1e0b1727	Phil Davis	} else {
616	4e038d31	Carlos Eduardo Ramos	log_error(gettext("Installing configuration ...."));
617	1e0b1727	Phil Davis	}
618	12df7edc	Erik
619	b6c34bfc	Ermal	$lockkey = lock('config', LOCK_EX);
620	12df7edc	Erik
621			copy($conffile, "{$g['conf_path']}/config.xml");
622
623	0f806eca	Erik Fonnesbeck	disable_security_checks();
624
625	12df7edc	Erik	/* unlink cache file if it exists */
626	1e0b1727	Phil Davis	if (file_exists("{$g['tmp_path']}/config.cache")) {
627	12df7edc	Erik	unlink("{$g['tmp_path']}/config.cache");
628	1e0b1727	Phil Davis	}
629	12df7edc	Erik
630			unlock($lockkey);
631
632	1e0b1727	Phil Davis	return 0;
633	12df7edc	Erik	}
634
635	0f806eca	Erik Fonnesbeck	/*
636			* Disable security checks for DNS rebind and HTTP referrer until next time
637			* they pass (or reboot), to aid in preventing accidental lockout when
638			* restoring settings like hostname, domain, IP addresses, and settings
639			* related to the DNS rebind and HTTP referrer checks.
640			* Intended for use when restoring a configuration or directly
641			* modifying config.xml without an unconditional reboot.
642			*/
643			function disable_security_checks() {
644			global $g;
645			touch("{$g['tmp_path']}/disable_security_checks");
646			}
647
648			/* Restores security checks. Should be called after all succeed. */
649			function restore_security_checks() {
650			global $g;
651			unlink_if_exists("{$g['tmp_path']}/disable_security_checks");
652			}
653
654			/* Returns status of security check temporary disable. */
655			function security_checks_disabled() {
656			global $g;
657			return file_exists("{$g['tmp_path']}/disable_security_checks");
658			}
659
660	12df7edc	Erik	function config_validate($conffile) {
661
662			global $g, $xmlerr;
663
664			$xml_parser = xml_parser_create();
665
666			if (!($fp = fopen($conffile, "r"))) {
667	4e038d31	Carlos Eduardo Ramos	$xmlerr = gettext("XML error: unable to open file");
668	12df7edc	Erik	return false;
669			}
670
671			while ($data = fread($fp, 4096)) {
672			if (!xml_parse($xml_parser, $data, feof($fp))) {
673	addc0439	Renato Botelho	$xmlerr = sprintf(gettext('%1$s at line %2$d'),
674	12df7edc	Erik	xml_error_string(xml_get_error_code($xml_parser)),
675			xml_get_current_line_number($xml_parser));
676			return false;
677			}
678			}
679			xml_parser_free($xml_parser);
680
681			fclose($fp);
682
683			return true;
684			}
685
686	e1ebe9e2	jim-p	function cleanup_backupcache($lock = false) {
687	caec0e97	jim-p	global $config, $g;
688	12df7edc	Erik	$i = false;
689	e1ebe9e2	jim-p
690	01b5410a	stilez	$revisions = intval(is_numericint($config['system']['backupcount']) ? $config['system']['backupcount'] : $g['default_config_backup_count']);
691	e1ebe9e2	jim-p
692	1e0b1727	Phil Davis	if (!$lock) {
693	12df7edc	Erik	$lockkey = lock('config');
694	1e0b1727	Phil Davis	}
695	cd25a2b2	jim-p
696
697			$backups = get_backups();
698			if ($backups) {
699	12df7edc	Erik	$baktimes = $backups['versions'];
700			unset($backups['versions']);
701	cd25a2b2	jim-p	} else {
702			$backups = array();
703			$baktimes = array();
704			}
705			$newbaks = array();
706			$bakfiles = glob($g['cf_conf_path'] . "/backup/config-*");
707			$tocache = array();
708	12df7edc	Erik
709	1e0b1727	Phil Davis	foreach ($bakfiles as $backup) { // Check for backups in the directory not represented in the cache.
710	bfe615ee	jim-p	$backupsize = filesize($backup);
711	1e0b1727	Phil Davis	if ($backupsize == 0) {
712	cd25a2b2	jim-p	unlink($backup);
713			continue;
714			}
715	b3bbed58	Ermal LUÇI	$backupexp = explode('-', $backup);
716			$backupexp = explode('.', array_pop($backupexp));
717			$tocheck = array_shift($backupexp);
718			unset($backupexp);
719	1e0b1727	Phil Davis	if (!in_array($tocheck, $baktimes)) {
720	cd25a2b2	jim-p	$i = true;
721	1e0b1727	Phil Davis	if (platform_booting()) {
722	cd25a2b2	jim-p	echo ".";
723	1e0b1727	Phil Davis	}
724	990d7c03	Erik Fonnesbeck	$newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense'));
725	1e0b1727	Phil Davis	if ($newxml == "-1") {
726	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup));
727	cd25a2b2	jim-p	unlink($backup);
728	4e038d31	Carlos Eduardo Ramos	log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup));
729	cd25a2b2	jim-p	continue;
730	12df7edc	Erik	}
731	1e0b1727	Phil Davis	if ($newxml['revision']['description'] == "") {
732	cd25a2b2	jim-p	$newxml['revision']['description'] = "Unknown";
733	1e0b1727	Phil Davis	}
734			if ($newxml['version'] == "") {
735	92420c0a	jim-p	$newxml['version'] = "?";
736	1e0b1727	Phil Davis	}
737	bfe615ee	jim-p	$tocache[$tocheck] = array('description' => $newxml['revision']['description'], 'version' => $newxml['version'], 'filesize' => $backupsize);
738	12df7edc	Erik	}
739	cd25a2b2	jim-p	}
740	1e0b1727	Phil Davis	foreach ($backups as $checkbak) {
741			if (count(preg_grep('/' . $checkbak['time'] . '/i', $bakfiles)) != 0) {
742	cd25a2b2	jim-p	$newbaks[] = $checkbak;
743			} else {
744			$i = true;
745	285ef132	Ermal LUÇI	if (platform_booting()) print " " . $tocheck . "r";
746	cd25a2b2	jim-p	}
747			}
748	1e0b1727	Phil Davis	foreach ($newbaks as $todo) {
749			$tocache[$todo['time']] = array('description' => $todo['description'], 'version' => $todo['version'], 'filesize' => $todo['filesize']);
750			}
751			if (is_int($revisions) and (count($tocache) > $revisions)) {
752	cd25a2b2	jim-p	$toslice = array_slice(array_keys($tocache), 0, $revisions);
753	1e0b1727	Phil Davis	foreach ($toslice as $sliced) {
754	cd25a2b2	jim-p	$newcache[$sliced] = $tocache[$sliced];
755	1e0b1727	Phil Davis	}
756			foreach ($tocache as $version => $versioninfo) {
757			if (!in_array($version, array_keys($newcache))) {
758	cd25a2b2	jim-p	unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml');
759	12df7edc	Erik	}
760			}
761	cd25a2b2	jim-p	$tocache = $newcache;
762	12df7edc	Erik	}
763	cd25a2b2	jim-p	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
764			fwrite($bakout, serialize($tocache));
765			fclose($bakout);
766	8a811010	Chris Buechler	pfSense_fsync("{$g['cf_conf_path']}/backup/backup.cache");
767	cd25a2b2	jim-p
768	1e0b1727	Phil Davis	if (!$lock) {
769	12df7edc	Erik	unlock($lockkey);
770	1e0b1727	Phil Davis	}
771	12df7edc	Erik	}
772
773			function get_backups() {
774			global $g;
775	1e0b1727	Phil Davis	if (file_exists("{$g['cf_conf_path']}/backup/backup.cache")) {
776	12df7edc	Erik	$confvers = unserialize(file_get_contents("{$g['cf_conf_path']}/backup/backup.cache"));
777			$bakvers = array_keys($confvers);
778			$toreturn = array();
779			sort($bakvers);
780			// $bakvers = array_reverse($bakvers);
781	1e0b1727	Phil Davis	foreach (array_reverse($bakvers) as $bakver) {
782	bfe615ee	jim-p	$toreturn[] = array('time' => $bakver, 'description' => $confvers[$bakver]['description'], 'version' => $confvers[$bakver]['version'], 'filesize' => $confvers[$bakver]['filesize']);
783	1e0b1727	Phil Davis	}
784	12df7edc	Erik	} else {
785			return false;
786			}
787			$toreturn['versions'] = $bakvers;
788			return $toreturn;
789			}
790
791			function backup_config() {
792			global $config, $g;
793
794
795			/* Create backup directory if needed */
796			safe_mkdir("{$g['cf_conf_path']}/backup");
797	1e0b1727	Phil Davis	if ($config['revision']['time'] == "") {
798			$baktime = 0;
799			} else {
800			$baktime = $config['revision']['time'];
801			}
802	8a811010	Chris Buechler
803	1e0b1727	Phil Davis	if ($config['revision']['description'] == "") {
804			$bakdesc = "Unknown";
805			} else {
806			$bakdesc = $config['revision']['description'];
807			}
808	8059f9cb	jim-p
809			$bakver = ($config['version'] == "") ? "?" : $config['version'];
810	bfe615ee	jim-p	$bakfilename = $g['cf_conf_path'] . '/backup/config-' . $baktime . '.xml';
811			copy($g['cf_conf_path'] . '/config.xml', $bakfilename);
812	8a811010	Chris Buechler
813	1e0b1727	Phil Davis	if (file_exists($g['cf_conf_path'] . '/backup/backup.cache')) {
814			$backupcache = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache'));
815			} else {
816			$backupcache = array();
817			}
818	bfe615ee	jim-p	$backupcache[$baktime] = array('description' => $bakdesc, 'version' => $bakver, 'filesize' => filesize($bakfilename));
819	1e0b1727	Phil Davis	$bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w");
820			fwrite($bakout, serialize($backupcache));
821			fclose($bakout);
822	8a811010	Chris Buechler	pfSense_fsync("{$g['cf_conf_path']}/backup/backup.cache");
823	12df7edc	Erik
824
825			return true;
826			}
827
828			function set_device_perms() {
829			$devices = array(
830	6c07db48	Phil Davis	'pf' => array(
831			'user' => 'root',
832			'group' => 'proxy',
833			'mode' => 0660),
834	12df7edc	Erik	);
835
836			foreach ($devices as $name => $attr) {
837			$path = "/dev/$name";
838			if (file_exists($path)) {
839			chown($path, $attr['user']);
840			chgrp($path, $attr['group']);
841			chmod($path, $attr['mode']);
842			}
843			}
844			}
845
846	ba1d9714	jim-p	function get_config_user() {
847			if (empty($_SESSION["Username"])) {
848	362ec35d	Ermal	$username = getenv("USER");
849	1e0b1727	Phil Davis	if (empty($conuser) \|\| $conuser == "root") {
850	ba1d9714	jim-p	$username = "(system)";
851	1e0b1727	Phil Davis	}
852			} else {
853	ba1d9714	jim-p	$username = $_SESSION["Username"];
854	1e0b1727	Phil Davis	}
855	ba1d9714	jim-p
856	1e0b1727	Phil Davis	if (!empty($_SERVER['REMOTE_ADDR'])) {
857	ba1d9714	jim-p	$username .= '@' . $_SERVER['REMOTE_ADDR'];
858	1e0b1727	Phil Davis	}
859	ba1d9714	jim-p
860			return $username;
861			}
862
863			function make_config_revision_entry($desc = null, $override_user = null) {
864	1e0b1727	Phil Davis	if (empty($override_user)) {
865	ba1d9714	jim-p	$username = get_config_user();
866	1e0b1727	Phil Davis	} else {
867	ba1d9714	jim-p	$username = $override_user;
868	1e0b1727	Phil Davis	}
869	ba1d9714	jim-p
870			$revision = array();
871
872	1e0b1727	Phil Davis	if (time() > mktime(0, 0, 0, 9, 1, 2004)) { /* make sure the clock settings are plausible */
873	ba1d9714	jim-p	$revision['time'] = time();
874	1e0b1727	Phil Davis	}
875	ba1d9714	jim-p
876			/* Log the running script so it's not entirely unlogged what changed */
877	1e0b1727	Phil Davis	if ($desc == "Unknown") {
878	ba1d9714	jim-p	$desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']);
879	1e0b1727	Phil Davis	}
880			if (!empty($desc)) {
881	ba1d9714	jim-p	$revision['description'] = "{$username}: " . $desc;
882	1e0b1727	Phil Davis	}
883	ba1d9714	jim-p	$revision['username'] = $username;
884			return $revision;
885			}
886
887	00e55088	Ermal	function pfSense_clear_globals() {
888			global $config, $FilterIfList, $GatewaysList, $filterdns, $aliases, $aliastable;
889
890	be2d7eb7	Chris Buechler	$error = error_get_last();
891	1e0b1727	Phil Davis
892			if ($error !== NULL) {
893	ae346354	PiBa-NL	if (in_array($error['type'], array(E_ERROR, E_COMPILE_ERROR, E_CORE_ERROR, E_RECOVERABLE_ERROR))) {
894	be2d7eb7	Chris Buechler	$errorstr = "PHP ERROR: Type: {$error['type']}, File: {$error['file']}, Line: {$error['line']}, Message: {$error['message']}";
895	b3f2f476	PiBa-NL	print($errorstr);
896			log_error($errorstr);
897	ae346354	PiBa-NL	file_notice("phperror", $errorstr, 'PHP errors');
898	6c07db48	Phil Davis	} else if ($error['type'] != E_NOTICE) {
899	b3f2f476	PiBa-NL	$errorstr = "PHP WARNING: Type: {$error['type']}, File: {$error['file']}, Line: {$error['line']}, Message: {$error['message']}";
900	e8e494f3	Chris Buechler	// XXX: comment out for now, should re-enable post-2.2
901			//print($errorstr);
902			//log_error($errorstr);
903	ae346354	PiBa-NL	//file_notice("phpwarning", $errorstr, 'PHP warning');
904	be2d7eb7	Chris Buechler	}
905			}
906
907	1e0b1727	Phil Davis	if (isset($FilterIfList)) {
908	00e55088	Ermal	unset($FilterIfList);
909	1e0b1727	Phil Davis	}
910	00e55088	Ermal
911	1e0b1727	Phil Davis	if (isset($GatewaysList)) {
912	00e55088	Ermal	unset($GatewaysList);
913	1e0b1727	Phil Davis	}
914	00e55088	Ermal
915			/* Used for the hostname dns resolver */
916	1e0b1727	Phil Davis	if (isset($filterdns)) {
917	00e55088	Ermal	unset($filterdns);
918	1e0b1727	Phil Davis	}
919	00e55088	Ermal
920			/* Used for aliases and interface macros */
921	1e0b1727	Phil Davis	if (isset($aliases)) {
922	00e55088	Ermal	unset($aliases);
923	1e0b1727	Phil Davis	}
924			if (isset($aliastable)) {
925	00e55088	Ermal	unset($aliastable);
926	1e0b1727	Phil Davis	}
927	00e55088	Ermal
928			unset($config);
929			}
930
931			register_shutdown_function('pfSense_clear_globals');
932
933	09221bc3	Renato Botelho	?>

Project

General

Profile

pfSense