diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 178b7d1d9..378f96082 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -1,32 +1,32 @@ - Ported from config.inc by Erik Kristensen - Copyright (C) 2004-2010 Scott Ullrich - Copyright (C) 2003-2004 Manuel Kasper . - All rights reserved. + Copyright (C) 2015-2016 Franco Fichtner + Ported from config.inc by Erik Kristensen + Copyright (C) 2004-2010 Scott Ullrich + Copyright (C) 2003-2004 Manuel Kasper . + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ openlog('opnsense', LOG_ODELAY, LOG_USER); @@ -43,18 +43,18 @@ require_once("certs.inc"); /* make a global alias table (for faster lookups) */ function alias_make_table($config) { - global $aliastable; + global $aliastable; - $aliastable = array(); + $aliastable = array(); - if (isset($config['aliases']['alias'])) { - foreach ($config['aliases']['alias'] as $alias) { - if ($alias['name']) { - $aliastable[$alias['name']] = isset($alias['address']) ? $alias['address'] : null; - } - } - } -} + if (isset($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $alias) { + if ($alias['name']) { + $aliastable[$alias['name']] = isset($alias['address']) ? $alias['address'] : null; + } + } + } + } /****f* config/parse_config * NAME @@ -64,15 +64,15 @@ function alias_make_table($config) ******/ function parse_config() { - $cnf = OPNsense\Core\Config::getInstance(); + $cnf = OPNsense\Core\Config::getInstance(); - // return config data as array, use old "listags" construction to mark certain elements as array (even if they're not recurring) - $config=$cnf->toArray(listtags()); + // return config data as array, use old "listags" construction to mark certain elements as array (even if they're not recurring) + $config=$cnf->toArray(listtags()); - /* make alias table (for faster lookups) */ - alias_make_table($config); + /* make alias table (for faster lookups) */ + alias_make_table($config); - return $config; + return $config; } /****f* config/convert_config @@ -89,49 +89,49 @@ function parse_config() /* convert configuration, if necessary */ function convert_config() { - global $config, $g; + global $config, $g; - if (!isset($config['revision'])) { - /* force a revision tag for proper handling in config history */ - write_config('Factory configuration', false); - } + if (!isset($config['revision'])) { + /* force a revision tag for proper handling in config history */ + write_config('Factory configuration', false); + } - if ($config['version'] == $g['latest_config']) { - /* already at latest version */ - return; - } + if ($config['version'] == $g['latest_config']) { + /* already at latest version */ + return; + } - /* special case upgrades */ - /* fix every minute crontab bogons entry */ - if (is_array($config['cron'])) { - $cron_item_count = count($config['cron']['item']); - for($x=0; $x<$cron_item_count; $x++) { - if(stristr($config['cron']['item'][$x]['command'], 'rc.update_bogons')) { - if($config['cron']['item'][$x]['hour'] == "*" ) { - $config['cron']['item'][$x]['hour'] = "3"; - write_config(gettext("Updated bogon update frequency to 3am")); - log_error(gettext("Updated bogon update frequency to 3am")); - } - } - } - } + /* special case upgrades */ + /* fix every minute crontab bogons entry */ + if (is_array($config['cron'])) { + $cron_item_count = count($config['cron']['item']); + for($x=0; $x<$cron_item_count; $x++) { + if(stristr($config['cron']['item'][$x]['command'], 'rc.update_bogons')) { + if($config['cron']['item'][$x]['hour'] == "*" ) { + $config['cron']['item'][$x]['hour'] = "3"; + write_config(gettext("Updated bogon update frequency to 3am")); + log_error(gettext("Updated bogon update frequency to 3am")); + } + } + } + } - // Save off config version - $prev_version = $config['version']; - /* Loop and run upgrade_VER_to_VER() until we're at current version */ - while ($config['version'] < $g['latest_config']) { - $cur = $config['version'] * 10; - $next = $cur + 1; - $migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next); - if (function_exists($migration_function)) { - $migration_function(); - } - $config['version'] = sprintf('%.1f', $next / 10); - } + // Save off config version + $prev_version = $config['version']; + /* Loop and run upgrade_VER_to_VER() until we're at current version */ + while ($config['version'] < $g['latest_config']) { + $cur = $config['version'] * 10; + $next = $cur + 1; + $migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next); + if (function_exists($migration_function)) { + $migration_function(); + } + $config['version'] = sprintf('%.1f', $next / 10); + } - if ($prev_version != $config['version']) { - write_config(sprintf(gettext('Upgraded config version level from %s to %s'), $prev_version, $config['version'])); - } + if ($prev_version != $config['version']) { + write_config(sprintf(gettext('Upgraded config version level from %s to %s'), $prev_version, $config['version'])); + } } @@ -142,61 +142,60 @@ function convert_config() * write_config() handles backing up the current configuration, * applying changes, and regenerating the configuration cache. * INPUTS - * $desc - string containing the a description of configuration changes - * $backup - boolean: do not back up current configuration if false. + * $desc - string containing the a description of configuration changes + * $backup - boolean: do not back up current configuration if false. * RESULT * null ******/ /* save the system configuration */ function write_config($desc = 'Unknown', $backup = true) { - global $config; + global $config; - if (!empty($_SERVER['REMOTE_ADDR'])) { - if (session_status() == PHP_SESSION_NONE) { - session_start(); - } - if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != 'root')) { - $user = getUserEntry($_SESSION['Username']); - if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { - session_write_close(); - // okay, it's not very nice to check permissions here, but let's make it explicit while we do... - log_error(gettext("WARNING: User")." ".$_SESSION['Username']." ".gettext("may not write config (user-config-readonly set)")); - return false; - } - } - session_write_close(); - } + if (!empty($_SERVER['REMOTE_ADDR'])) { + if (session_status() == PHP_SESSION_NONE) { + session_start(); + } + if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != 'root')) { + $user = getUserEntry($_SESSION['Username']); + if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { + session_write_close(); + // okay, it's not very nice to check permissions here, but let's make it explicit while we do... + log_error(gettext("WARNING: User")." ".$_SESSION['Username']." ".gettext("may not write config (user-config-readonly set)")); + return false; + } + } + session_write_close(); + } - if (!isset($config['version'])) { - // Examine config.xml, if for some strange reason the content is unexpected : exit directly. - log_error(gettext("WARNING: Corrupt config!")); - return -1; - } + if (!isset($config['version'])) { + // Examine config.xml, if for some strange reason the content is unexpected : exit directly. + log_error(gettext("WARNING: Corrupt config!")); + return -1; + } - $cnf = OPNsense\Core\Config::getInstance(); - $cnf->fromArray($config); - $revision_info = make_config_revision_entry($desc); - try { - $cnf->save($revision_info, $backup); - } catch (OPNsense\Core\ConfigException $e) { - // write failure - syslog(LOG_ERR, gettext('WARNING: Config contents could not be saved. Could not open file!')); - return -1; - } + $cnf = OPNsense\Core\Config::getInstance(); + $cnf->fromArray($config); + $revision_info = make_config_revision_entry($desc); + try { + $cnf->save($revision_info, $backup); + } catch (OPNsense\Core\ConfigException $e) { + // write failure + syslog(LOG_ERR, gettext('WARNING: Config contents could not be saved. Could not open file!')); + return -1; + } - /* sync carp entries to other firewalls */ - if ( isset($config['hasync']['synchronizetoip']) && trim($config['hasync']['synchronizetoip']) != "") { - configd_run('filter sync load'); - } + /* sync carp entries to other firewalls */ + if ( isset($config['hasync']['synchronizetoip']) && trim($config['hasync']['synchronizetoip']) != "") { + configd_run('filter sync load'); + } - /* cleanup backups */ - cleanup_backups(); - - // on succesfull save, serialize config back to global. - $config = $cnf->toArray(listtags()); - return $config; + /* cleanup backups */ + cleanup_backups(); + // on succesfull save, serialize config back to global. + $config = $cnf->toArray(listtags()); + return $config; } /****f* config/reset_factory_defaults @@ -205,37 +204,37 @@ function write_config($desc = 'Unknown', $backup = true) ******/ function reset_factory_defaults($sync = true) { - mwexec('/bin/rm -r /conf/*'); - disable_security_checks(); - setup_serial_port(false); + mwexec('/bin/rm -r /conf/*'); + disable_security_checks(); + setup_serial_port(false); - /* as we go through a special case directly reboot */ - $shutdown_cmd = '/sbin/shutdown -or now'; - if ($sync) { - mwexec($shutdown_cmd); - } else { - mwexec_bg($shutdown_cmd); - } + /* as we go through a special case directly reboot */ + $shutdown_cmd = '/sbin/shutdown -or now'; + if ($sync) { + mwexec($shutdown_cmd); + } else { + mwexec_bg($shutdown_cmd); + } } function config_restore($conffile) { - global $config; + global $config; - if (!file_exists($conffile)) - return 1; + if (!file_exists($conffile)) + return 1; - $cnf = OPNsense\Core\Config::getInstance(); - $cnf->backup(); - $cnf->restoreBackup($conffile); + $cnf = OPNsense\Core\Config::getInstance(); + $cnf->backup(); + $cnf->restoreBackup($conffile); - disable_security_checks(); + disable_security_checks(); - $config = parse_config(); + $config = parse_config(); - write_config(gettext("Reverted to") . " " . array_pop(explode("/", $conffile)) . ".", false); + write_config(gettext("Reverted to") . " " . array_pop(explode("/", $conffile)) . ".", false); - return 0; + return 0; } /* @@ -248,19 +247,19 @@ function config_restore($conffile) */ function disable_security_checks() { - touch('/tmp/disable_security_checks'); + touch('/tmp/disable_security_checks'); } /* Restores security checks. Should be called after all succeed. */ function restore_security_checks() { - @unlink('/tmp/disable_security_checks'); + @unlink('/tmp/disable_security_checks'); } /* Returns status of security check temporary disable. */ function security_checks_disabled() { - return file_exists('/tmp/disable_security_checks'); + return file_exists('/tmp/disable_security_checks'); } /** @@ -268,74 +267,75 @@ function security_checks_disabled() */ function cleanup_backups() { - global $config; - $i = false; + global $config; + $i = false; - if (isset($config['system']['backupcount']) && is_numeric($config['system']['backupcount']) && ($config['system']['backupcount'] >= 0)) { - $revisions = intval($config['system']['backupcount']); - } else { - $revisions = 30; - } + if (isset($config['system']['backupcount']) && is_numeric($config['system']['backupcount']) && ($config['system']['backupcount'] >= 0)) { + $revisions = intval($config['system']['backupcount']); + } else { + $revisions = 30; + } - $cnf = OPNsense\Core\Config::getInstance(); + $cnf = OPNsense\Core\Config::getInstance(); - $cnt=1; - foreach ($cnf->getBackups() as $filename) { - if ($cnt > $revisions ) { - unlink($filename); - } - ++$cnt ; - } + $cnt=1; + foreach ($cnf->getBackups() as $filename) { + if ($cnt > $revisions ) { + unlink($filename); + } + ++$cnt ; + } } function set_device_perms() { - $devices = array( - 'pf' => array( 'user' => 'root', - 'group' => 'proxy', - 'mode' => 0660), - ); + $devices = array( + 'pf' => array( 'user' => 'root', + 'group' => 'proxy', + 'mode' => 0660), + ); - foreach ($devices as $name => $attr) { - $path = "/dev/$name"; - if (file_exists($path)) { - chown($path, $attr['user']); - chgrp($path, $attr['group']); - chmod($path, $attr['mode']); - } - } + foreach ($devices as $name => $attr) { + $path = "/dev/$name"; + if (file_exists($path)) { + chown($path, $attr['user']); + chgrp($path, $attr['group']); + chmod($path, $attr['mode']); + } + } } function make_config_revision_entry($desc = null, $override_user = null) { - global $config; + global $config; - if (empty($override_user)) { - if (empty($_SESSION["Username"])) { - $username = getenv("USER"); - if (empty($conuser) || $conuser == "root") - $username = "(system)"; - } else { - $username = $_SESSION["Username"]; - } - if (!empty($_SERVER['REMOTE_ADDR'])) { - $username .= '@' . $_SERVER['REMOTE_ADDR']; - } - } else { - $username = $override_user; - } + if (empty($override_user)) { + if (empty($_SESSION["Username"])) { + $username = getenv("USER"); + if (empty($username) || $username == "root") { + $username = "(system)"; + } + } else { + $username = $_SESSION["Username"]; + } + if (!empty($_SERVER['REMOTE_ADDR'])) { + $username .= '@' . $_SERVER['REMOTE_ADDR']; + } + } else { + $username = $override_user; + } - $revision = array(); - $revision['username'] = $username; - $revision['time'] = microtime(true); - if ($desc == null || $desc == 'Unknown') { - $revision['description'] = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); - } else { - $revision['description'] = $desc; - } + $revision = array(); + $revision['username'] = $username; + $revision['time'] = microtime(true); + if ($desc == null || $desc == 'Unknown') { + $revision['description'] = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); + } else { + $revision['description'] = $desc; + } - return $revision; + return $revision; } /** @@ -344,82 +344,82 @@ function make_config_revision_entry($desc = null, $override_user = null) */ function backup_to_google_drive() { - $cnf = OPNsense\Core\Config::getInstance(); - if ($cnf->isValid()) { - $config = $cnf->object(); - if (isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled) && $config->system->remotebackup->GDriveEnabled == "on") { - try { - $client = new Google\API\Drive(); - $client->login($config->system->remotebackup->GDriveEmail->__toString(), - $config->system->remotebackup->GDriveP12key->__toString()); - } catch (Exception $e) { - log_error("error connecting to Google Drive"); - return array(); - } + $cnf = OPNsense\Core\Config::getInstance(); + if ($cnf->isValid()) { + $config = $cnf->object(); + if (isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled) && $config->system->remotebackup->GDriveEnabled == "on") { + try { + $client = new Google\API\Drive(); + $client->login($config->system->remotebackup->GDriveEmail->__toString(), + $config->system->remotebackup->GDriveP12key->__toString()); + } catch (Exception $e) { + log_error("error connecting to Google Drive"); + return array(); + } - // backup source data to local strings (plain/encrypted) - $confdata = file_get_contents('/conf/config.xml'); - $confdata_enc = encrypt_data($confdata, $config->system->remotebackup->GDrivePassword->__toString()); - tagfile_reformat($confdata_enc, $confdata_enc, "config.xml"); + // backup source data to local strings (plain/encrypted) + $confdata = file_get_contents('/conf/config.xml'); + $confdata_enc = encrypt_data($confdata, $config->system->remotebackup->GDrivePassword->__toString()); + tagfile_reformat($confdata_enc, $confdata_enc, "config.xml"); - // read filelist (config-*.xml) - try { - $files = $client->listFiles($config->system->remotebackup->GDriveFolderID->__toString()); - } catch (Exception $e) { - log_error("error while fetching filelist from Google Drive"); - return array(); - } + // read filelist (config-*.xml) + try { + $files = $client->listFiles($config->system->remotebackup->GDriveFolderID->__toString()); + } catch (Exception $e) { + log_error("error while fetching filelist from Google Drive"); + return array(); + } - $configfiles = array(); - foreach ($files as $file) { - if (fnmatch("config-*.xml", $file['title'])) { - $configfiles[$file['title']] = $file; - } - } - krsort($configfiles); + $configfiles = array(); + foreach ($files as $file) { + if (fnmatch("config-*.xml", $file['title'])) { + $configfiles[$file['title']] = $file; + } + } + krsort($configfiles); - // backup new file if changed (or if first in backup) - $target_filename = "config-" . time() . ".xml"; - if (count($configfiles) > 1) { - // compare last backup with current, only save new - $bck_data_enc_in = $client->download($configfiles[array_keys($configfiles)[0]]); - $bck_data_enc = ""; - tagfile_deformat($bck_data_enc_in, $bck_data_enc, "config.xml"); - $bck_data = decrypt_data($bck_data_enc, $config->system->remotebackup->GDrivePassword->__toString()); - if ($bck_data == $confdata) { - $target_filename = null; - } - } - if (!is_null($target_filename)) { - log_error("backup configuration as " . $target_filename); - $configfiles[$target_filename] = $client->upload($config->system->remotebackup->GDriveFolderID->__toString(), - $target_filename, $confdata_enc); - krsort($configfiles); - } + // backup new file if changed (or if first in backup) + $target_filename = "config-" . time() . ".xml"; + if (count($configfiles) > 1) { + // compare last backup with current, only save new + $bck_data_enc_in = $client->download($configfiles[array_keys($configfiles)[0]]); + $bck_data_enc = ""; + tagfile_deformat($bck_data_enc_in, $bck_data_enc, "config.xml"); + $bck_data = decrypt_data($bck_data_enc, $config->system->remotebackup->GDrivePassword->__toString()); + if ($bck_data == $confdata) { + $target_filename = null; + } + } + if (!is_null($target_filename)) { + log_error("backup configuration as " . $target_filename); + $configfiles[$target_filename] = $client->upload($config->system->remotebackup->GDriveFolderID->__toString(), + $target_filename, $confdata_enc); + krsort($configfiles); + } - // cleanup old files - if (isset($config->system->remotebackup->GDriveBackupCount) && is_numeric($config->system->remotebackup->GDriveBackupCount->__toString())) { - $fcount = 0; - foreach ($configfiles as $filename => $file) { - if ($fcount >= $config->system->remotebackup->GDriveBackupCount->__toString()) { - log_error("remove " . $filename . " from Google Drive"); - try { - $client->delete($file); - } catch (Google_Service_Exception $e) { - log_error("unable to remove " . $filename . " from Google Drive"); - } - } - $fcount++; - } - } + // cleanup old files + if (isset($config->system->remotebackup->GDriveBackupCount) && is_numeric($config->system->remotebackup->GDriveBackupCount->__toString())) { + $fcount = 0; + foreach ($configfiles as $filename => $file) { + if ($fcount >= $config->system->remotebackup->GDriveBackupCount->__toString()) { + log_error("remove " . $filename . " from Google Drive"); + try { + $client->delete($file); + } catch (Google_Service_Exception $e) { + log_error("unable to remove " . $filename . " from Google Drive"); + } + } + $fcount++; + } + } - // return filelist - return $configfiles; - } - } + // return filelist + return $configfiles; + } + } - // not configured / issue, return empty list - return array(); + // not configured / issue, return empty list + return array(); }