lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:opnsense/core

Browse Source
This commit is contained in:
Ad Schellevis 2015-04-27 17:52:35 +00:00
commit e5d1a1cbfc
62 changed files with 1166 additions and 2513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bin/captiveportal_gather_stats.php
View File

@ -49,7 +49,7 @@ $concurrent_users = $no_users;
$current_user_count = 0;
/* tmp file to use to store old data (per interface)*/
$tmpfile = "{$g['vardb_path']}/captiveportal_online_users";
$tmpfile = '/var/db/captiveportal_online_users';
if(empty($type))
exit;

5
src/captiveportal/index.php
View File

@ -121,10 +121,11 @@ if ($macfilter || $passthrumac) {
}
/* find out if we need RADIUS + RADIUSMAC or not */
if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) {
$radius_enable = TRUE;
if (isset($cpcfg['radmac_enable']))
if (isset($cpcfg['radmac_enable'])) {
$radmac_enable = TRUE;
}
}
/* find radius context */

113
src/etc/inc/auth.inc
View File

@ -203,7 +203,7 @@ function index_groups()
$groupindex = array();
if (is_array($config['system']['group'])) {
if (isset($config['system']['group'])) {
$i = 0;
foreach($config['system']['group'] as $groupent) {
$groupindex[$groupent['name']] = $i;
@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid)
{
global $config;
if (is_array($config['system']['group'])) {
if (isset($config['system']['group'])) {
foreach ($config['system']['group'] as & $group) {
if ($group['gid'] == $gid) {
return $group;
@ -342,9 +342,8 @@ function local_sync_accounts()
* If a crontab was created to user, pw userdel will be interactive and
* can cause issues. Just remove crontab before run it when necessary
*/
unlink_if_exists("/var/cron/tabs/{$line[0]}");
$cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
mwexec($cmd);
@unlink("/var/cron/tabs/{$line[0]}");
mwexecf('/usr/sbin/pw userdel -n %s', $line[0]);
}
pclose($fd);
}
@ -364,8 +363,7 @@ function local_sync_accounts()
if ($line[2] > 65000) {
continue;
}
$cmd = "/usr/sbin/pw groupdel {$line[2]}";
mwexec($cmd);
mwexecf('/usr/sbin/pw groupdel %s', $line[2]);
}
pclose($fd);
}
@ -477,12 +475,11 @@ function local_user_set(&$user)
$keys = base64_decode($user['authorizedkeys']);
@file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
@chown("{$user_home}/.ssh/authorized_keys", $user_name);
} else
unlink_if_exists("{$user_home}/.ssh/authorized_keys");
$un = $lock_account ? "" : "un";
exec("/usr/sbin/pw {$un}lock {$user_name} -q");
} else {
@unlink("{$user_home}/.ssh/authorized_keys");
}
mwexecf('/usr/sbin/pw %s %s', array($lock_account ? 'lock' : 'unlock', $user_name), true);
}
function local_user_del($user)
@ -518,7 +515,8 @@ function local_user_get_groups($user, $all = false)
global $config;
$groups = array();
if (!is_array($config['system']['group'])) {
if (!isset($config['system']['group'])) {
return $groups;
}
@ -540,8 +538,9 @@ function local_user_set_groups($user, $new_groups = null)
{
global $config, $groupindex;
if (!is_array($config['system']['group']))
if (!isset($config['system']['group'])) {
return;
}
$cur_groups = local_user_get_groups($user, true);
$mod_groups = array();
@ -610,33 +609,26 @@ function local_group_set($group, $reset = false)
{
$group_name = $group['name'];
$group_gid = $group['gid'];
$group_members = "''";
if (!$reset && !empty($group['member']) && count($group['member']) > 0)
$group_members = implode(",",$group['member']);
$group_members = '';
/* read from group db */
$fd = popen("/usr/sbin/pw groupshow {$group_name} 2>&1", "r");
$pwread = fgets($fd);
pclose($fd);
if (!$reset && !empty($group['member']) && count($group['member']) > 0) {
$group_members = implode(',', $group['member']);
}
/* determine add or mod */
if (!strncmp($pwread, "pw:", 3))
$group_op = "groupadd";
else
$group_op = "groupmod";
/* add or mod group db */
$cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M {$group_members} 2>&1";
mwexec($cmd);
$ret = mwexecf('/usr/sbin/pw groupshow %s', $group_name, true);
if ($ret) {
$group_op = 'groupadd';
} else {
$group_op = 'groupmod';
}
mwexecf('/usr/sbin/pw %s %s -g %s -M %s', array($group_op, $group_name, $group_gid, $group_members));
}
function local_group_del($group)
{
/* delete from group db */
$cmd = "/usr/sbin/pw groupdel {$group['name']}";
mwexec($cmd);
mwexecf('/usr/sbin/pw groupdel %s', $group['name']);
}
function ldap_test_connection($authcfg)
@ -680,33 +672,31 @@ function ldap_test_connection($authcfg)
function ldap_setup_caenv($authcfg)
{
global $g;
require_once("certs.inc");
unset($caref);
if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
putenv('LDAPTLS_REQCERT=never');
return;
} else {
$caref = lookup_ca($authcfg['ldap_caref']);
if (!$caref) {
log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref']));
/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
putenv('LDAPTLS_REQCERT=hard');
return;
}
if (!is_dir("{$g['varrun_path']}/certs"))
@mkdir("{$g['varrun_path']}/certs");
if (file_exists("{$g['varrun_path']}/certs/{$caref['refid']}.ca"))
@unlink("{$g['varrun_path']}/certs/{$caref['refid']}.ca");
file_put_contents("{$g['varrun_path']}/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
@chmod("{$g['varrun_path']}/certs/{$caref['refid']}.ca", 0600);
putenv('LDAPTLS_REQCERT=hard');
/* XXX: Probably even the hashed link should be created for this? */
putenv("LDAPTLS_CACERTDIR={$g['varrun_path']}/certs");
putenv("LDAPTLS_CACERT={$g['varrun_path']}/certs/{$caref['refid']}.ca");
}
$caref = lookup_ca($authcfg['ldap_caref']);
if (!$caref) {
log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref']));
/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
putenv('LDAPTLS_REQCERT=hard');
return;
}
@mkdir("/var/run/certs");
@unlink("/var/run/certs/{$caref['refid']}.ca");
file_put_contents("/var/run/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
@chmod("/var/run/certs/{$caref['refid']}.ca", 0600);
putenv('LDAPTLS_REQCERT=hard');
/* XXX: Probably even the hashed link should be created for this? */
putenv("LDAPTLS_CACERTDIR=/var/run/certs");
putenv("LDAPTLS_CACERT=/var/run/certs/{$caref['refid']}.ca");
}
function ldap_test_bind($authcfg)
@ -1261,12 +1251,14 @@ function auth_get_authserver_list() {
return $list;
}
function getUserGroups($username, $authcfg) {
function getUserGroups($username, $authcfg)
{
global $config;
$allowed_groups = array();
$member_groups = array();
switch($authcfg['type']) {
switch ($authcfg['type']) {
case 'ldap':
$allowed_groups = @ldap_get_groups($username, $authcfg);
break;
@ -1278,11 +1270,12 @@ function getUserGroups($username, $authcfg) {
break;
}
$member_groups = array();
if (is_array($config['system']['group'])) {
foreach ($config['system']['group'] as $group)
if (in_array($group['name'], $allowed_groups))
if (isset($config['system']['group'])) {
foreach ($config['system']['group'] as $group) {
if (in_array($group['name'], $allowed_groups)) {
$member_groups[] = $group['name'];
}
}
}
return $member_groups;
@ -1459,5 +1452,3 @@ function http_basic_auth($http_auth_header)
// not authenticated
return false;
}
?>

91
src/etc/inc/captiveportal.inc
View File

@ -212,7 +212,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
else
$message = 0;
include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
include("/var/etc/captiveportal-{$cpzone}-logout.html");
} else {
// TODO: remove? should be handled by login page
@ -401,11 +401,11 @@ function captiveportal_configure_zone($cpcfg) {
echo "Starting captive portal({$cpcfg['zone']})... ";
/* remove old information */
unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
@unlink("/var/db/captiveportal{$cpzone}.db");
} else
captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']}).");
/* kill any running minicron */
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
/* initialize minicron interval value */
$croninterval = $cpcfg['croninterval'] ? $cpcfg['croninterval'] : 60;
@ -422,7 +422,7 @@ function captiveportal_configure_zone($cpcfg) {
$htmltext = get_default_captive_portal_html();
}
$fd = @fopen("{$g['varetc_path']}/captiveportal_{$cpzone}.html", "w");
$fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w");
if ($fd) {
// Special case handling. Convert so that we can pass this page
// through the PHP interpreter later without clobbering the vars.
@ -450,7 +450,7 @@ function captiveportal_configure_zone($cpcfg) {
$errtext = get_default_captive_portal_html();
}
$fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html", "w");
$fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w");
if ($fd) {
// Special case handling. Convert so that we can pass this page
// through the PHP interpreter later without clobbering the vars.
@ -510,7 +510,7 @@ document.location.href="<?=\$my_redirurl;?>";
EOD;
}
$fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html", "w");
$fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w");
if ($fd) {
fwrite($fd, $logouttext);
fclose($fd);
@ -521,22 +521,26 @@ EOD;
captiveportal_write_elements();
/* kill any running mini_httpd */
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
/* start up the webserving daemon */
captiveportal_init_webgui_zone($cpcfg);
/* Kill any existing prunecaptiveportal processes */
if (file_exists("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid"))
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
/* start pruning process (interval defaults to 60 seconds) */
mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/cp_prunedb_{$cpzone}.pid " .
"/usr/local/etc/rc.prunecaptiveportal {$cpzone}");
mwexecf(
'/usr/local/bin/minicron %s %s %s %s',
$croninterval,
"/var/run/cp_prunedb_{$cpzone}.pid",
'/usr/local/etc/rc.prunecaptiveportal',
$cpzone
);
/* generate radius server database */
unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
@unlink("/var/db/captiveportal_radius_{$cpzone}.db");
captiveportal_init_radius_servers();
if (file_exists("/var/run/booting")) {
@ -546,12 +550,12 @@ EOD;
}
} else {
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
@unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
@unlink("/var/etc/captiveportal_{$cpzone}.html");
@unlink("/var/etc/captiveportal-{$cpzone}-error.html");
@unlink("/var/etc/captiveportal-{$cpzone}-logout.html");
captiveportal_radius_stop_all();
@ -561,13 +565,12 @@ EOD;
}
/* remove old information */
unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
unlink_if_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules");
@unlink("/var/db/captiveportal{$cpzone}.db");
@unlink("/var/db/captiveportal_radius_{$cpzone}.db");
@unlink("/var/db/captiveportal_{$cpzone}.rules");
/* Release allocated pipes for this zone */
captiveportal_free_dnrules();
if (empty($config['captiveportal']))
set_single_sysctl("net.link.ether.ipfw", "0");
else {
@ -634,7 +637,7 @@ function captiveportal_init_webgui_zone($cpcfg)
}
system_generate_lighty_config(
"{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf",
"/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf",
$crt,
$key,
$ca,
@ -655,7 +658,7 @@ function captiveportal_init_webgui_zone($cpcfg)
}
system_generate_lighty_config(
"{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf",
"/var/etc/lighty-{$cpzone}-CaptivePortal.conf",
"",
"",
"",
@ -669,12 +672,12 @@ function captiveportal_init_webgui_zone($cpcfg)
@unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid");
/* attempt to start lighttpd */
$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf");
$res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf");
/* fire up https instance */
if (isset($cpcfg['httpslogin'])) {
@unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf");
$res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf");
}
}
@ -950,7 +953,7 @@ function captiveportal_init_radius_servers() {
$radiuskey4 = $config['captiveportal'][$cpzone]['radiuskey4'];
$cprdsrvlck = lock("captiveportalradius{$cpzone}", LOCK_EX);
$fd = @fopen("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db", "w");
$fd = @fopen("/var/db/captiveportal_radius_{$cpzone}.db", "w");
if (!$fd) {
captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n");
unlock($cprdsrvlck);
@ -976,9 +979,9 @@ function captiveportal_get_radius_servers() {
global $g, $cpzone;
$cprdsrvlck = lock("captiveportalradius{$cpzone}");
if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) {
$radiusservers = array();
$cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db",
$cpradiusdb = file("/var/db/captiveportal_radius_{$cpzone}.db",
FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if ($cpradiusdb) {
foreach($cpradiusdb as $cpradiusentry) {
@ -1100,8 +1103,8 @@ function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max =
global $cpzone;
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
if (file_exists("/var/db/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
$ridx = $rulenos_start;
while ($ridx < $rulenos_range_max) {
if ($rules[$ridx] == $cpzone) {
@ -1112,7 +1115,7 @@ function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max =
} else
$ridx += 2;
}
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
unset($rules);
}
unlock($cpruleslck);
@ -1123,8 +1126,8 @@ function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
$ruleno = 0;
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
if (file_exists("/var/db/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
$ridx = $rulenos_start;
while ($ridx < $rulenos_range_max) {
if (empty($rules[$ridx])) {
@ -1144,7 +1147,7 @@ function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_
$rulenos_start++;
$rules[$rulenos_start] = $cpzone;
}
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
unlock($cpruleslck);
unset($rules);
@ -1155,12 +1158,12 @@ function captiveportal_free_dn_ruleno($ruleno) {
global $config, $g;
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
if (file_exists("/var/db/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
$rules[$ruleno] = false;
$ruleno++;
$rules[$ruleno] = false;
file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
unset($rules);
}
unlock($cpruleslck);
@ -1315,9 +1318,9 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
header("Location: {$redirurl}");
return;
} else if ($type == "login")
$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
$htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html");
else
$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
$htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html");
$cpcfg = $config['captiveportal'][$cpzone];
@ -1445,8 +1448,8 @@ function captiveportal_read_usedmacs_db() {
global $g, $cpzone;
$cpumaclck = lock("captiveusedmacs{$cpzone}");
if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db")) {
$usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if (file_exists("/var/db/captiveportal_usedmacs_{$cpzone}.db")) {
$usedmacs = file("/var/db/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if (!$usedmacs)
$usedmacs = array();
} else
@ -1460,7 +1463,7 @@ function captiveportal_write_usedmacs_db($usedmacs) {
global $g, $cpzone;
$cpumaclck = lock("captiveusedmacs{$cpzone}", LOCK_EX);
@file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs));
@file_put_contents("/var/db/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs));
unlock($cpumaclck);
}

25
src/etc/inc/config.console.inc
View File

@ -333,26 +333,34 @@ EODD;
if(isset($config['nat']))
unset($config['nat']);
}
if (preg_match($g['wireless_regex'], $lanif)) {
if (match_wireless_interface($lanif)) {
if (is_array($config['interfaces']['lan']) &&
(!is_array($config['interfaces']['lan']['wireless'])))
(!is_array($config['interfaces']['lan']['wireless']))) {
$config['interfaces']['lan']['wireless'] = array();
}
} else {
if (isset($config['interfaces']['lan']))
if (isset($config['interfaces']['lan'])) {
unset($config['interfaces']['lan']['wireless']);
}
}
if (!is_array($config['interfaces']['wan']))
if (!is_array($config['interfaces']['wan'])) {
$config['interfaces']['wan'] = array();
}
$config['interfaces']['wan']['if'] = $wanif;
$config['interfaces']['wan']['enable'] = true;
if (preg_match($g['wireless_regex'], $wanif)) {
if (match_wireless_interface($wanif)) {
if (is_array($config['interfaces']['wan']) &&
(!is_array($config['interfaces']['wan']['wireless'])))
(!is_array($config['interfaces']['wan']['wireless']))) {
$config['interfaces']['wan']['wireless'] = array();
}
} else {
if (isset($config['interfaces']['wan']))
if (isset($config['interfaces']['wan'])) {
unset($config['interfaces']['wan']['wireless']);
}
}
for ($i = 0; $i < count($optif); $i++) {
@ -361,8 +369,7 @@ EODD;
$config['interfaces']['opt' . ($i+1)]['if'] = $optif[$i];
/* wireless interface? */
if (preg_match($g['wireless_regex'], $optif[$i])) {
if (match_wireless_interface($optif[$i])) {
if (!is_array($config['interfaces']['opt' . ($i+1)]['wireless']))
$config['interfaces']['opt' . ($i+1)]['wireless'] = array();
} else {

7
src/etc/inc/config.lib.inc
View File

@ -177,7 +177,7 @@ function write_config($desc = 'Unknown', $backup = true)
$cnf->save($revision_info, $backup);
} catch (OPNsense\Core\ConfigException $e) {
// write failure
log_error(gettext("WARNING: Config contents could not be save. Could not open file!"));
log_error(gettext("WARNING: Config contents could not be saved. Could not open file!"));
file_notice('config.xml', sprintf("%s\n", gettext('Unable to open /conf/config.xml for writing in write_config()')));
return -1;
}
@ -204,7 +204,7 @@ function write_config($desc = 'Unknown', $backup = true)
******/
function reset_factory_defaults($sync = true)
{
unlink_if_exists('/conf/*' . $filename);
mwexec('/bin/rm -r /conf/*');
disable_security_checks();
setup_serial_port();
@ -217,7 +217,8 @@ function reset_factory_defaults($sync = true)
}
}
function config_restore($conffile) {
function config_restore($conffile)
{
global $config, $g;
if (!file_exists($conffile))

2
src/etc/inc/dyndns.class
View File

@ -139,7 +139,7 @@
$this->_cacheFile = "/conf/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.cache";
$this->_cacheFile_v6 = "/conf/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}_v6.cache";
$this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug";
$this->_debugFile = "/var/etc/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug";
$this->_curlIpresolveV4 = $curlIpresolveV4;
$this->_curlSslVerifypeer = $curlSslVerifypeer;

34
src/etc/inc/filter.inc
View File

@ -100,14 +100,13 @@ function flowtable_configure() {
}
}
function filter_pflog_start($kill_first = false)
function filter_pflog_start()
{
global $config, $g;
if (!file_exists("{$g['varrun_path']}/filterlog.pid") ||
!isvalidpid("{$g['varrun_path']}/filterlog.pid")) {
mwexec("/usr/local/sbin/filterlog -i pflog0 -p {$g['varrun_path']}/filterlog.pid");
if (isvalidpid('/var/run/filterlog.pid')) {
return;
}
mwexec('/usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid');
}
/* reload filter async */
@ -319,31 +318,32 @@ function filter_configure_sync($delete_states_if_needed = true)
}
# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).
if (!is_bogonsv6_used())
$_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null");
if (!is_bogonsv6_used()) {
$_grbg = exec('/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null');
}
update_filter_reload_status(gettext("Starting up layer7 daemon"));
layer7_start_l7daemon();
if(!empty($filterdns)) {
@file_put_contents("{$g['varetc_path']}/filterdns.conf", implode("", $filterdns));
if (!empty($filterdns)) {
@file_put_contents('/var/etc/filterdns.conf', implode('', $filterdns));
unset($filterdns);
if (isvalidpid("{$g['varrun_path']}/filterdns.pid")) {
killbypid("{$g['varrun_path']}/filterdns.pid", 'HUP');
if (isvalidpid('/var/run/filterdns.pid')) {
killbypid('/var/run/filterdns.pid', 'HUP');
} else {
/*
* FilterDNS has three debugging levels. The default choosen is 1.
* Availabe are level 2 and greater then 2.
*/
if (isset($config['system']['aliasesresolveinterval']) && is_numeric($config['system']['aliasesresolveinterval']))
if (isset($config['system']['aliasesresolveinterval']) && is_numeric($config['system']['aliasesresolveinterval'])) {
$resolve_interval = $config['system']['aliasesresolveinterval'];
else
} else {
$resolve_interval = 300;
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns.pid -i {$resolve_interval} -c {$g['varetc_path']}/filterdns.conf -d 1");
}
mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i {$resolve_interval} -c /var/etc/filterdns.conf -d 1");
}
} else {
killbypid("{$g['varrun_path']}/filterdns.pid");
@unlink("{$g['varrun_path']}/filterdns.pid");
killbypid('/var/run/filterdns.pid');
}
/* run items scheduled for after filter configure run */

10
src/etc/inc/globals.inc
View File

@ -37,9 +37,6 @@ $g = array(
"factory_shipped_password" => "opnsense",
"dhcpd_chroot_path" => "/var/dhcpd",
"unbound_chroot_path" => "/var/unbound",
"varrun_path" => "/var/run",
"varetc_path" => "/var/etc",
"vardb_path" => "/var/db",
"admin_group" => "admins",
"product_name" => "OPNsense",
"product_website" => "https://opnsense.org",
@ -48,7 +45,6 @@ $g = array(
"product_copyright_years" => "2014 - 2015",
"product_copyright_url" => "https://www.deciso.com/",
"latest_config" => "11.2",
"wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/",
);
/* IP TOS flags */
@ -114,3 +110,9 @@ function is_install_media()
return true;
}
function match_wireless_interface($int)
{
$wireless_regex = '/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/';
return preg_match($wireless_regex, $int);
}

53
src/etc/inc/gwlb.inc
View File

@ -48,20 +48,22 @@ function return_apinger_defaults() {
* Creates monitoring configuration file and
* adds appropriate static routes.
*/
function setup_gateways_monitor() {
function setup_gateways_monitor()
{
global $config, $g;
$gateways_arr = return_gateways_array();
if (!is_array($gateways_arr)) {
log_error("No gateways to monitor. Apinger will not be run.");
killbypid("{$g['varrun_path']}/apinger.pid");
@unlink("{$g['varrun_path']}/apinger.status");
killbypid('/var/run/apinger.pid');
@unlink('/var/run/apinger.status');
return;
}
$apinger_debug = "";
if (isset($config['system']['apinger_debug']))
if (isset($config['system']['apinger_debug'])) {
$apinger_debug = "debug on";
}
$apinger_default = return_apinger_defaults();
$apingerconfig = <<<EOD
@ -78,14 +80,14 @@ group "wheel"
#mailer "/var/qmail/bin/qmail-inject"
## Location of the pid-file (default: "/var/run/apinger.pid")
pid_file "{$g['varrun_path']}/apinger.pid"
pid_file "/var/run/apinger.pid"
## Format of timestamp (%s macro) (default: "%b %d %H:%M:%S")
#timestamp_format "%Y%m%d%H%M%S"
status {
## File where the status information should be written to
file "{$g['varrun_path']}/apinger.status"
file "/var/run/apinger.status"
## Interval between file updates
## when 0 or not set, file is written only when SIGUSR1 is received
interval 5s
@ -144,7 +146,7 @@ target default {
alarms "down","delay","loss"
## Location of the RRD
#rrd file "{$g['vardb_path']}/rrd/apinger-%t.rrd"
#rrd file "/var/db/rrd/apinger-%t.rrd"
}
EOD;
@ -322,7 +324,7 @@ EOD;
if (isset($gateway['force_down']))
$apingercfg .= "\tforce_down on\n";
$apingercfg .= " rrd file \"{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd\"\n";
$apingercfg .= " rrd file \"/var/db/rrd/{$gateway['name']}-quality.rrd\"\n";
$apingercfg .= "}\n";
$apingercfg .= "\n";
@ -332,25 +334,25 @@ EOD;
# Create gateway quality RRD with settings more suitable for OPNsense graph set,
# since apinger uses default step (300; 5 minutes) and other settings that don't
# match the OPNsense gateway quality graph set.
create_gateway_quality_rrd("{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd");
create_gateway_quality_rrd("/var/db/rrd/{$gateway['name']}-quality.rrd");
}
@file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig);
@file_put_contents('/var/etc/apinger.conf', $apingerconfig);
unset($apingerconfig);
@chmod('/tmp', 01777);
@mkdir("{$g['vardb_path']}/rrd", 0775);
@chown("{$g['vardb_path']}/rrd", "nobody");
@mkdir('/var/db/rrd', 0775);
@chown('/var/db/rrd', 'nobody');
/* Restart apinger process */
if (isvalidpid("{$g['varrun_path']}/apinger.pid")) {
killbypid("{$g['varrun_path']}/apinger.pid", 'HUP');
if (isvalidpid('/var/run/apinger.pid')) {
killbypid('/var/run/apinger.pid', 'HUP');
} else {
/* start a new apinger process */
@unlink("{$g['varrun_path']}/apinger.status");
@unlink('/var/run/apinger.status');
sleep(1);
mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf");
mwexec_bg('/usr/local/sbin/apinger -c /var/etc/apinger.conf');
sleep(1);
killbypid("{$g['varrun_path']}/apinger.pid", 'USR1');
killbypid('/var/run/apinger.pid', 'USR1');
}
return 0;
@ -359,23 +361,24 @@ EOD;
/* return the status of the apinger targets as a array */
function return_gateways_status($byname = false)
{
global $config, $g;
global $config;
$apingerstatus = array();
/* Always get the latest status from apinger */
killbypid("{$g['varrun_path']}/apinger.pid", 'USR1');
if (file_exists("{$g['varrun_path']}/apinger.status")) {
$apingerstatus = file("{$g['varrun_path']}/apinger.status");
killbypid('/var/run/apinger.pid', 'USR1');
if (file_exists('/var/run/apinger.status')) {
$apingerstatus = file('/var/run/apinger.status');
}
$status = array();
foreach($apingerstatus as $line) {
$info = explode("|", $line);
if ($byname == false)
foreach ($apingerstatus as $line) {
$info = explode('|', $line);
if ($byname == false) {
$target = $info[0];
else
} else {
$target = $info[2];
}
$status[$target] = array();
$status[$target]['monitorip'] = $info[0];

393
src/etc/inc/interfaces.inc
View File

@ -230,24 +230,24 @@ This block of code is only entered for OPTx interfaces that are configured for P
function interfaces_loopback_configure()
{
global $g;
if(file_exists("/var/run/booting")) {
if (file_exists("/var/run/booting")) {
echo gettext("Configuring loopback interface...");
}
pfSense_interface_setaddress("lo0", "127.0.0.1");
interfaces_bring_up("lo0");
if(file_exists("/var/run/booting")) {
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n";
}
return 0;
}
function interfaces_vlan_configure($realif = "") {
global $config, $g;
function interfaces_vlan_configure($realif = '')
{
global $config;
if(file_exists("/var/run/booting"))
echo gettext("Configuring VLAN interfaces...");
if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
@ -266,7 +266,7 @@ function interfaces_vlan_configure($realif = "") {
}
function interface_vlan_configure(&$vlan) {
global $config, $g;
global $config;
if (!is_array($vlan)) {
log_error(gettext("VLAN: called with wrong options. Problems with config!"));
@ -308,7 +308,7 @@ function interface_vlan_configure(&$vlan) {
}
function interface_qinq_configure(&$vlan, $fd = NULL) {
global $config, $g;
global $config;
if (!is_array($vlan)) {
log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n"));
@ -386,7 +386,7 @@ function interface_qinq_configure(&$vlan, $fd = NULL) {
}
function interfaces_qinq_configure() {
global $config, $g;
global $config;
if(file_exists("/var/run/booting"))
echo gettext("Configuring QinQ interfaces...");
if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) {
@ -400,7 +400,7 @@ function interfaces_qinq_configure() {
}
function interface_qinq2_configure(&$qinq, $fd, $macaddr) {
global $config, $g;
global $config;
if (!is_array($qinq)) {
log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n"));
@ -429,7 +429,7 @@ function interface_qinq2_configure(&$qinq, $fd, $macaddr) {
}
function interfaces_create_wireless_clones() {
global $config, $g;
global $config;
if(file_exists("/var/run/booting"))
echo gettext("Creating wireless clone interfaces...");
@ -495,7 +495,7 @@ function interfaces_bridge_configure($checkmember = 0, $realif = '')
}
function interface_bridge_configure(&$bridge, $checkmember = 0) {
global $config, $g;
global $config;
if (!is_array($bridge))
return;
@ -747,7 +747,7 @@ function interface_bridge_add_member($bridgeif, $interface) {
}
function interfaces_lagg_configure($realif = "") {
global $config, $g;
global $config;
if(file_exists("/var/run/booting"))
echo gettext("Configuring LAGG interfaces...");
$i = 0;
@ -767,7 +767,7 @@ function interfaces_lagg_configure($realif = "") {
}
function interface_lagg_configure(&$lagg) {
global $config, $g;
global $config;
if (!is_array($lagg))
return -1;
@ -881,7 +881,7 @@ function interfaces_gre_configure($checkparent = 0, $realif = "") {
/* NOTE: $grekey is not used but useful for passing this function to array_walk. */
function interface_gre_configure(&$gre, $grekey = "") {
global $config, $g;
global $config;
if (!is_array($gre))
return -1;
@ -964,7 +964,7 @@ function interfaces_gif_configure($checkparent = 0, $realif = "") {
/* NOTE: $gifkey is not used but useful for passing this function to array_walk. */
function interface_gif_configure(&$gif, $gifkey = "") {
global $config, $g;
global $config;
if (!is_array($gif))
return -1;
@ -1054,7 +1054,7 @@ function interface_gif_configure(&$gif, $gifkey = "") {
function interfaces_configure()
{
global $config, $g;
global $config;
/* Set up our loopback interface */
interfaces_loopback_configure();
@ -1183,38 +1183,39 @@ function interfaces_configure()
return 0;
}
function interface_reconfigure($interface = "wan", $reloadall = false) {
function interface_reconfigure($interface = 'wan', $reloadall = false)
{
interface_bring_down($interface);
interface_configure($interface, $reloadall);
}
function interface_vip_bring_down($vip) {
global $g;
function interface_vip_bring_down($vip)
{
$vipif = get_real_interface($vip['interface']);
switch ($vip['mode']) {
case "proxyarp":
if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid"))
killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid");
case 'proxyarp':
killbypid("/var/run/choparp_{$vipif}.pid");
break;
case "ipalias":
case 'ipalias':
if (does_interface_exist($vipif)) {
if (is_ipaddrv6($vip['subnet']))
if (is_ipaddrv6($vip['subnet'])) {
mwexec("/sbin/ifconfig {$vipif} inet6 " . escapeshellarg($vip['subnet']) . " -alias");
else
} else {
pfSense_interface_deladdress($vipif, $vip['subnet']);
}
}
break;
case "carp":
/* XXX: Is enough to delete ip address? */
if (does_interface_exist($vipif))
if (does_interface_exist($vipif)) {
pfSense_interface_deladdress($vipif, $vip['subnet']);
}
break;
}
}
function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = false) {
global $config, $g;
global $config;
if (!isset($config['interfaces'][$interface]))
return;
@ -1266,11 +1267,11 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
configd_run("interface reconfigure {$interface}");
break;
}
if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) {
killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid");
if (isvalidpid("/var/run/{$ppp['type']}_{$interface}.pid")) {
killbypid("/var/run/{$ppp['type']}_{$interface}.pid");
sleep(2);
}
unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf");
@unlink("/var/etc/mpd_{$interface}.conf");
break;
}
}
@ -1278,7 +1279,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
break;
case "dhcp":
kill_dhclient_process($realif);
unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf");
@unlink("/var/etc/dhclient_{$interface}.conf");
if(does_interface_exist("$realif")) {
mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true);
interface_ipalias_cleanup($interface);
@ -1307,7 +1308,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
exec('/bin/kill ' . $pidv6);
}
sleep(3);
unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf");
@unlink("/var/etc/dhcp6c_{$interface}.conf");
if (does_interface_exist($realifv6)) {
$ip6 = find_interface_ipv6($realifv6);
if (is_ipaddrv6($ip6) && $ip6 != "::")
@ -1365,14 +1366,13 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
mwexec("/sbin/pfctl -i " . escapeshellarg($realif) . " -Fs");
}
/* remove interface up file if it exists */
unlink_if_exists("/tmp/{$realif}up");
unlink_if_exists("{$g['vardb_path']}/{$interface}ip");
unlink_if_exists("{$g['vardb_path']}/{$interface}ipv6");
unlink_if_exists("/tmp/{$realif}_router");
unlink_if_exists("/tmp/{$realif}_routerv6");
unlink_if_exists("{$g['varetc_path']}/nameserver_{$realif}");
unlink_if_exists("{$g['varetc_path']}/searchdomain_{$realif}");
@unlink("/var/db/{$interface}ip");
@unlink("/var/db/{$interface}ipv6");
@unlink("/var/etc/nameserver_{$realif}");
@unlink("/var/etc/searchdomain_{$realif}");
@unlink("/tmp/{$realif}up");
@unlink("/tmp/{$realif}_router");
@unlink("/tmp/{$realif}_routerv6");
/* hostapd and wpa_supplicant do not need to be running when the interface is down.
* They will also use 100% CPU if running after the wireless clone gets deleted. */
@ -1428,10 +1428,11 @@ function interfaces_ptpid_next() {
return $ptpid;
}
function getMPDCRONSettings($pppif) {
function getMPDCRONSettings($pppif)
{
global $config;
$cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
$cron_cmd_file = "/var/etc/pppoe_restart_{$pppif}";
if (is_array($config['cron']['item'])) {
foreach ($config['cron']['item'] as $i => $item) {
if (stripos($item['command'], $cron_cmd_file) !== false)
@ -1443,10 +1444,10 @@ function getMPDCRONSettings($pppif) {
}
function handle_pppoe_reset($post_array) {
global $config, $g;
global $config;
$pppif = "{$post_array['type']}{$post_array['ptpid']}";
$cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
$cron_cmd_file = "/var/etc/pppoe_restart_{$pppif}";
if (!is_array($config['cron']['item']))
$config['cron']['item'] = array();
@ -1455,14 +1456,17 @@ function handle_pppoe_reset($post_array) {
// reset cron items if necessary and return
if (empty($post_array['pppoe-reset-type'])) {
if (isset($itemhash))
if (isset($itemhash)) {
unset($config['cron']['item'][$itemhash['ID']]);
killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
}
killbypid('/var/run/cron.pid', 'HUP');
return;
}
if (empty($itemhash))
if (empty($itemhash)) {
$itemhash = array();
}
$item = array();
if (isset($post_array['pppoe-reset-type']) && $post_array['pppoe-reset-type'] == "custom") {
$item['minute'] = $post_array['pppoe_resetminute'];
@ -1524,8 +1528,9 @@ function handle_pppoe_reset($post_array) {
* This function can configure PPPoE, MLPPP (PPPoE), PPTP.
* It writes the mpd config file to /var/etc every time the link is opened.
*/
function interface_ppps_configure($interface) {
global $config, $g;
function interface_ppps_configure($interface)
{
global $config;
/* Return for unassigned interfaces. This is a minimum requirement. */
if (empty($config['interfaces'][$interface]))
@ -1535,12 +1540,12 @@ function interface_ppps_configure($interface) {
return 0;
// mpd5 requires a /var/spool/lock directory for PPP modem links.
if(!is_dir("/var/spool/lock")) {
mkdir("/var/spool/lock", 0777, true);
}
@mkdir("/var/spool/lock", 0777, true);
// mpd5 modem chat script expected in the same directory as the mpd_xxx.conf files
if (!file_exists("{$g['varetc_path']}/mpd.script"))
@symlink("/usr/local/sbin/mpd.script", "{$g['varetc_path']}/mpd.script");
if (!file_exists('/var/etc/mpd.script')) {
symlink('/usr/local/sbin/mpd.script', '/var/etc/mpd.script');
}
if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
@ -1563,8 +1568,9 @@ function interface_ppps_configure($interface) {
$descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface);
echo "starting {$pppif} link...";
// Do not re-configure the interface if we are booting and it's already been started
if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"))
if (isvalidproc("/var/run/{$ppp['type']}_{$interface}.pid")) {
return 0;
}
}
$ports = explode(',',$ppp['ports']);
@ -1886,9 +1892,9 @@ EOD;
/* Generate mpd.conf. If mpd_[interface].conf exists in the conf path, then link to it instead of generating a fresh conf file. */
if (file_exists("/conf/mpd_{$interface}.conf"))
@symlink("/conf/mpd_{$interface}.conf", "{$g['varetc_path']}/mpd_{$interface}.conf");
@symlink("/conf/mpd_{$interface}.conf", "/var/etc/mpd_{$interface}.conf");
else {
$fd = fopen("{$g['varetc_path']}/mpd_{$interface}.conf", "w");
$fd = fopen("/var/etc/mpd_{$interface}.conf", "w");
if (!$fd) {
log_error(sprintf(gettext("Error: cannot open mpd_%s.conf in interface_ppps_configure().%s"), $interface, "\n"));
return 0;
@ -1911,13 +1917,12 @@ EOD;
}
/* clean up old lock files */
foreach($ports as $port) {
if(file_exists("{$g['var_path']}/spool/lock/LCK..{$port}"))
unlink("{$g['var_path']}/spool/lock/LCK..{$port}");
foreach ($ports as $port) {
@unlink("/var/spool/lock/LCK..{$port}");
}
/* fire up mpd */
mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/" .
mwexec("/usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_{$interface}.conf -p /var/run/" .
escapeshellarg($ppp['type']) . "_{$interface}.pid -s ppp " . escapeshellarg($ppp['type']) . "client");
// Check for PPPoE periodic reset request
@ -1960,7 +1965,7 @@ EOD;
function interfaces_carp_setup()
{
global $g, $config;
global $config;
if (file_exists("/var/run/booting")) {
echo gettext("Configuring CARP settings...");
@ -2026,15 +2031,14 @@ function interfaces_carp_setup()
function interface_proxyarp_configure($interface = '')
{
global $config, $g;
global $config;
/* kill any running choparp */
if (empty($interface))
killbyname("choparp");
killbyname('choparp');
else {
$vipif = get_real_interface($interface);
if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid"))
killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid");
killbypid("/var/run/choparp_{$vipif}.pid");
}
$paa = array();
@ -2090,16 +2094,18 @@ function interface_proxyarp_configure($interface = '')
}
}
function interface_ipalias_cleanup($interface, $inet = "inet4") {
global $g, $config;
function interface_ipalias_cleanup($interface, $inet = 'inet4')
{
global $config;
if (is_array($config['virtualip']['vip'])) {
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "ipalias" && $vip['interface'] == $interface) {
if ($inet == "inet6" && is_ipaddrv6($vip['subnet']))
if ($vip['mode'] == 'ipalias' && $vip['interface'] == $interface) {
if ($inet == 'inet6' && is_ipaddrv6($vip['subnet'])) {
interface_vip_bring_down($vip);
else if ($inet == "inet4" && is_ipaddrv4($vip['subnet']))
} elseif ($inet == 'inet4' && is_ipaddrv4($vip['subnet'])) {
interface_vip_bring_down($vip);
}
}
}
}
@ -2107,10 +2113,11 @@ function interface_ipalias_cleanup($interface, $inet = "inet4") {
function interfaces_vips_configure($interface = '')
{
global $g, $config;
global $config;
$paa = array();
if(is_array($config['virtualip']['vip'])) {
if (isset($config['virtualip']['vip'])) {
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
@ -2163,7 +2170,7 @@ function interface_ipalias_configure(&$vip) {
function interface_carp_configure(&$vip)
{
global $config, $g;
global $config;
if ($vip['mode'] != 'carp') {
return;
@ -2217,8 +2224,10 @@ function interface_carp_configure(&$vip)
return $realif;
}
function interface_wireless_clone($realif, $wlcfg) {
global $config, $g;
function interface_wireless_clone($realif, $wlcfg)
{
global $config;
/* Check to see if interface has been cloned as of yet.
* If it has not been cloned then go ahead and clone it.
*/
@ -2281,8 +2290,9 @@ function interface_wireless_clone($realif, $wlcfg) {
return true;
}
function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) {
global $config, $g;
function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false)
{
global $config;
$shared_settings = array('standard', 'turbo', 'protmode', 'txpower', 'channel',
'diversity', 'txantenna', 'rxantenna', 'distance',
@ -2361,7 +2371,7 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) {
*/
// Remove script file
unlink_if_exists("/tmp/{$if}_setup.sh");
@unlink("/tmp/{$if}_setup.sh");
// Clone wireless nic if needed.
interface_wireless_clone($if, $wl);
@ -2523,7 +2533,7 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) {
case 'bss':
if (isset($wlcfg['wpa']['enable'])) {
$wpa .= <<<EOD
ctrl_interface={$g['varrun_path']}/wpa_supplicant
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1
#fast_reauth=1
@ -2538,7 +2548,7 @@ group={$wlcfg['wpa']['wpa_pairwise']}
}
EOD;
@file_put_contents("{$g['varetc_path']}/wpa_supplicant_{$if}.conf", $wpa);
@file_put_contents("/var/etc/wpa_supplicant_{$if}.conf", $wpa);
unset($wpa);
}
break;
@ -2556,7 +2566,7 @@ logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd_{$if}.dump
ctrl_interface={$g['varrun_path']}/hostapd
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
#accept_mac_file=/tmp/hostapd_{$if}.accept
#deny_mac_file=/tmp/hostapd_{$if}.deny
@ -2611,7 +2621,7 @@ EOD;
}
}
@file_put_contents("{$g['varetc_path']}/hostapd_{$if}.conf", $wpa);
@file_put_contents("/var/etc/hostapd_{$if}.conf", $wpa);
unset($wpa);
}
break;
@ -2641,7 +2651,7 @@ EOD;
if (isset($wlcfg['wpa']['enable'])) {
if ($wlcfg['mode'] == "bss") {
fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c {$g['varetc_path']}/wpa_supplicant_{$if}.conf\n");
fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c /var/etc/wpa_supplicant_{$if}.conf\n");
}
if ($wlcfg['mode'] == "hostap") {
/* add line to script to restore old mac to make hostapd happy */
@ -2652,7 +2662,7 @@ EOD;
" link " . escapeshellarg($if_oldmac) . "\n");
}
fwrite($fd_set, "{$hostapd} -B -P {$g['varrun_path']}/hostapd_{$if}.pid {$g['varetc_path']}/hostapd_{$if}.conf\n");
fwrite($fd_set, "{$hostapd} -B -P /var/run/hostapd_{$if}.pid /var/etc/hostapd_{$if}.conf\n");
/* add line to script to restore spoofed mac after running hostapd */
if (file_exists("/tmp/{$if}_oldmac")) {
@ -2765,11 +2775,9 @@ EOD;
return 0;
}
function kill_hostapd($interface) {
global $g;
if (isvalidpid("{$g['varrun_path']}/hostapd_{$interface}.pid"))
return killbypid("{$g['varrun_path']}/hostapd_{$interface}.pid");
function kill_hostapd($interface)
{
return killbypid("/var/run/hostapd_{$interface}.pid");
}
function kill_wpasupplicant($interface) {
@ -2802,15 +2810,14 @@ function kill_dhclient_process($interface)
unset($i);
}
function find_dhcp6c_process($interface) {
global $g;
function find_dhcp6c_process($interface)
{
if ($interface && isvalidpid("/var/run/dhcp6c_{$interface}.pid")) {
$pid = trim(file_get_contents("/var/run/dhcp6c_{$interface}.pid"), " \n");
return intval($pid);
}
if ($interface && isvalidpid("{$g['varrun_path']}/dhcp6c_{$interface}.pid"))
$pid = trim(file_get_contents("{$g['varrun_path']}/dhcp6c_{$interface}.pid"), " \n");
else
return(false);
return intval($pid);
return false;
}
function interface_vlan_mtu_configured($realhwif, $mtu) {
@ -2898,8 +2905,9 @@ function interface_vlan_adapt_mtu($vlanifs, $mtu) {
}
}
function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) {
global $config, $g;
function interface_configure($interface = 'wan', $reloadall = false, $linkupevent = false)
{
global $config;
global $interface_sn_arr_cache, $interface_ip_arr_cache;
global $interface_snv6_arr_cache, $interface_ipv6_arr_cache;
@ -3182,8 +3190,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven
return 0;
}
function interface_track6_configure($interface = "lan", $wancfg, $linkupevent = false) {
global $config, $g;
function interface_track6_configure($interface = 'lan', $wancfg, $linkupevent = false)
{
global $config;
if (!is_array($wancfg))
return;
@ -3244,8 +3253,9 @@ function interface_track6_configure($interface = "lan", $wancfg, $linkupevent =
return 0;
}
function interface_track6_6rd_configure($interface = "lan", $lancfg) {
global $config, $g;
function interface_track6_6rd_configure($interface = 'lan', $lancfg)
{
global $config;
global $interface_ipv6_arr_cache;
global $interface_snv6_arr_cache;
@ -3305,8 +3315,9 @@ function interface_track6_6rd_configure($interface = "lan", $lancfg) {
return 0;
}
function interface_track6_6to4_configure($interface = "lan", $lancfg) {
global $config, $g;
function interface_track6_6to4_configure($interface = 'lan', $lancfg)
{
global $config;
global $interface_ipv6_arr_cache;
global $interface_snv6_arr_cache;
@ -3362,8 +3373,9 @@ function interface_track6_6to4_configure($interface = "lan", $lancfg) {
return 0;
}
function interface_6rd_configure($interface = "wan", $wancfg) {
global $config, $g;
function interface_6rd_configure($interface = "wan", $wancfg)
{
global $config;
/* because this is a tunnel interface we can only function
* with a public IPv4 address on the interface */
@ -3439,8 +3451,9 @@ function interface_6rd_configure($interface = "wan", $wancfg) {
return 0;
}
function interface_6to4_configure($interface = "wan", $wancfg){
global $config, $g;
function interface_6to4_configure($interface = 'wan', $wancfg)
{
global $config;
/* because this is a tunnel interface we can only function
* with a public IPv4 address on the interface */
@ -3534,8 +3547,9 @@ function interface_6to4_configure($interface = "wan", $wancfg){
return 0;
}
function interface_dhcpv6_configure($interface = "wan", $wancfg) {
global $config, $g;
function interface_dhcpv6_configure($interface = 'wan', $wancfg)
{
global $config;
if (!is_array($wancfg))
return;
@ -3549,7 +3563,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
$dhcp6cconf .= " information-only;\n";
$dhcp6cconf .= " request domain-name-servers;\n";
$dhcp6cconf .= " request domain-name;\n";
$dhcp6cconf .= " script \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
$dhcp6cconf .= " script \"/var/etc/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
$dhcp6cconf .= "};\n";
} else {
/* skip address request if this is set */
@ -3560,7 +3574,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
$dhcp6cconf .= "\trequest domain-name-servers;\n";
$dhcp6cconf .= "\trequest domain-name;\n";
$dhcp6cconf .= "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
$dhcp6cconf .= "\tscript \"/var/etc/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
$dhcp6cconf .= "};\n";
@ -3595,7 +3609,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
if ($wancfg['adv_dhcp6_config_file_override']) { $dhcp6cconf = DHCP6_Config_File_Override($wancfg, $wanif); }
/* wide-dhcp6c works for now. */
if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}.conf", $dhcp6cconf)) {
if (!@file_put_contents("/var/etc/dhcp6c_{$interface}.conf", $dhcp6cconf)) {
printf("Error: cannot open dhcp6c_{$interface}.conf in interface_dhcpv6_configure() for writing.\n");
unset($dhcp6cconf);
return 1;
@ -3606,32 +3620,32 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
$dhcp6cscript .= "# This shell script launches /usr/local/etc/rc.newwanipv6 with a interface argument.\n";
$dhcp6cscript .= "/usr/local/etc/rc.newwanipv6 {$wanif} \n";
/* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */
if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) {
if (!@file_put_contents("/var/etc/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) {
printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n");
unset($dhcp6cscript);
return 1;
}
unset($dhcp6cscript);
@chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755);
chmod("/var/etc/dhcp6c_{$interface}_script.sh", 0755);
$rtsoldscript = "#!/bin/sh\n";
$rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n";
$rtsoldscript .= "echo $2 > /tmp/{$wanif}_routerv6\n";
$rtsoldscript .= "echo $2 > /tmp/{$wanif}_defaultgwv6\n";
$rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n";
$rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n";
$rtsoldscript .= "if [ -f /var/run/dhcp6c_{$wanif}.pid ]; then\n";
$rtsoldscript .= "\t/bin/pkill -F /var/run/dhcp6c_{$wanif}.pid\n";
$rtsoldscript .= "\t/bin/sleep 1\n";
$rtsoldscript .= "fi\n";
$rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n";
$rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_{$interface}.conf -p /var/run/dhcp6c_{$wanif}.pid {$wanif}\n";
$rtsoldscript .= "/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n";
/* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */
if (!@file_put_contents("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", $rtsoldscript)) {
if (!@file_put_contents("/var/etc/rtsold_{$wanif}_script.sh", $rtsoldscript)) {
printf("Error: cannot open rtsold_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n");
unset($rtsoldscript);
return 1;
}
unset($rtsoldscript);
@chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755);
chmod("/var/etc/rtsold_{$wanif}_script.sh", 0755);
/* accept router advertisements for this interface */
set_single_sysctl("net.inet6.ip6.accept_rtadv", "1");
@ -3642,16 +3656,16 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
set_single_sysctl("net.inet6.ip6.rfc6204w3", "1");
/* fire up rtsold for IPv6 RAs first, this backgrounds immediately. It will call dhcp6c */
if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) {
killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid");
if (isvalidpid("/var/run/rtsold_{$wanif}.pid")) {
killbypid("/var/run/rtsold_{$wanif}.pid");
sleep(2);
}
mwexecf(
'/usr/sbin/rtsold -p %s -O %s -R %s %s',
array(
"{$g['varrun_path']}/rtsold_{$wanif}.pid",
"{$g['varetc_path']}/rtsold_{$wanif}_script.sh",
"/var/run/rtsold_{$wanif}.pid",
"/var/etc/rtsold_{$wanif}_script.sh",
'/usr/bin/true', /* XXX missing proper script to refresh resolv.conf */
$wanif
)
@ -3664,9 +3678,8 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
return 0;
}
function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
global $g;
function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif)
{
$send_options = "";
if ($wancfg['adv_dhcp6_interface_statement_send_options'] != '') {
$options = split(",", $wancfg['adv_dhcp6_interface_statement_send_options']);
@ -3687,7 +3700,7 @@ function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
if ($wancfg['adv_dhcp6_interface_statement_information_only_enable'] != '')
$information_only = "\tinformation-only;\n";
$script = "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\";\n";
$script = "\tscript \"/var/etc/dhcp6c_{$interface}_script.sh\";\n";
if ($wancfg['adv_dhcp6_interface_statement_script'] != '')
$script = "\tscript \"{$wancfg['adv_dhcp6_interface_statement_script']}\";\n";
@ -3804,8 +3817,8 @@ function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
}
function DHCP6_Config_File_Override($wancfg, $wanif) {
function DHCP6_Config_File_Override($wancfg, $wanif)
{
$dhcp6cconf = file_get_contents($wancfg['adv_dhcp6_config_file_override_path']);
$dhcp6cconf = DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf);
@ -3813,16 +3826,17 @@ function DHCP6_Config_File_Override($wancfg, $wanif) {
}
function DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf) {
function DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf)
{
$dhcp6cconf = DHCP_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf);
return $dhcp6cconf;
}
function interface_dhcp_configure($interface = "wan") {
global $config, $g;
function interface_dhcp_configure($interface = 'wan')
{
global $config;
$wancfg = $config['interfaces'][$interface];
$wanif = $wancfg['if'];
@ -3830,7 +3844,7 @@ function interface_dhcp_configure($interface = "wan") {
$wancfg = array();
/* generate dhclient_wan.conf */
$fd = fopen("{$g['varetc_path']}/dhclient_{$interface}.conf", "w");
$fd = fopen("/var/etc/dhclient_{$interface}.conf", "w");
if (!$fd) {
printf(printf(gettext("Error: cannot open dhclient_%s.conf in interface_dhcp_configure() for writing.%s"), $interface, "\n"));
return 1;
@ -3904,7 +3918,7 @@ EOD;
kill_dhclient_process($wanif);
/* fire up dhclient */
mwexec("/sbin/dhclient -c {$g['varetc_path']}/dhclient_{$interface}.conf {$wanif} > /tmp/{$wanif}_output 2> /tmp/{$wanif}_error_output");
mwexec("/sbin/dhclient -c /var/etc/dhclient_{$interface}.conf {$wanif} > /tmp/{$wanif}_output 2> /tmp/{$wanif}_error_output");
return 0;
}
@ -4038,41 +4052,47 @@ function DHCP_Config_File_Substitutions($wancfg, $wanif, $dhclientconf) {
return $dhclientconf;
}
function interfaces_group_setup() {
function interfaces_group_setup()
{
global $config;
if (!is_array($config['ifgroups']['ifgroupentry']))
if (!isset($config['ifgroups']['ifgroupentry'])) {
return;
foreach ($config['ifgroups']['ifgroupentry'] as $groupar)
interface_group_setup($groupar);
return;
}
function interface_group_setup(&$groupname /* The parameter is an array */) {
global $config;
if (!is_array($groupname))
return;
$members = explode(" ", $groupname['members']);
foreach($members as $ifs) {
$realif = get_real_interface($ifs);
if ($realif)
mwexec("/sbin/ifconfig {$realif} group {$groupname['ifname']}");
}
return;
foreach ($config['ifgroups']['ifgroupentry'] as $groupar) {
interface_group_setup($groupar);
}
}
function is_interface_group($if) {
function interface_group_setup(&$groupname)
{
global $config;
if (is_array($config['ifgroups']['ifgroupentry']))
foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) {
if ($groupentry['ifname'] === $if)
return true;
if (!is_array($groupname)) {
return;
}
$members = explode(" ", $groupname['members']);
foreach ($members as $ifs) {
$realif = get_real_interface($ifs);
if ($realif) {
mwexec("/sbin/ifconfig {$realif} group {$groupname['ifname']}");
}
}
}
function is_interface_group($if)
{
global $config;
if (isset($config['ifgroups']['ifgroupentry'])) {
foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) {
if ($groupentry['ifname'] === $if) {
return true;
}
}
}
return false;
}
@ -4316,10 +4336,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
case 'ppp':
case 'l2tp':
case 'pptp':
if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if']))
if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
$wanif = interface_get_wireless_clone($cfg['if']);
else
} else {
$wanif = $cfg['if'];
}
break;
default:
switch ($cfg['ipaddr']) {
@ -4338,10 +4359,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
}
break;
default:
if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if']))
if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
$wanif = interface_get_wireless_clone($cfg['if']);
else
} else {
$wanif = $cfg['if'];
}
break;
}
break;
@ -4350,10 +4372,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
// Wireless cloned NIC support (FreeBSD 8+)
// interface name format: $parentnic_wlanparentnic#
// example: ath0_wlan0
if( (isset($cfg['wireless']) && is_array($cfg['wireless'])) || preg_match($g['wireless_regex'], $cfg['if']))
if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
$wanif = interface_get_wireless_clone($cfg['if']);
else
} else {
$wanif = $cfg['if'];
}
}
break;
}
@ -5030,19 +5053,22 @@ function is_altq_capable($int)
* RESULT
* $tmp - Returns if an interface is wireless
******/
function is_interface_wireless($interface) {
function is_interface_wireless($interface)
{
global $config, $g;
$friendly = convert_real_interface_to_friendly_interface_name($interface);
if(!isset($config['interfaces'][$friendly]['wireless'])) {
if (preg_match($g['wireless_regex'], $interface)) {
if (isset($config['interfaces'][$friendly]))
if (!isset($config['interfaces'][$friendly]['wireless'])) {
if (match_wireless_interface($interface)) {
if (isset($config['interfaces'][$friendly])) {
$config['interfaces'][$friendly]['wireless'] = array();
}
return true;
}
return false;
} else
return true;
}
return true;
}
function get_wireless_modes($interface) {
@ -5162,10 +5188,9 @@ function is_jumbo_capable($iface) {
return false;
}
function interface_setup_pppoe_reset_file($pppif, $iface="") {
global $g;
$cron_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
function interface_setup_pppoe_reset_file($pppif, $iface = '')
{
$cron_file = "/var/etc/pppoe_restart_{$pppif}";
if(!empty($iface) && !empty($pppif)){
$cron_cmd = <<<EOD
@ -5177,9 +5202,9 @@ EOD;
@file_put_contents($cron_file, $cron_cmd);
chmod($cron_file, 0755);
killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
killbypid('/var/run/cron.pid', 'HUP');
} else {
unlink_if_exists($cron_file);
@unlink($cron_file);
}
}

9
src/etc/inc/notices.inc
View File

@ -128,7 +128,7 @@ function close_notice($id)
$ids = array();
if(!$notices = get_notices()) return;
if($id == "all") {
unlink_if_exists('/tmp/notices');
@unlink('/tmp/notices');
return;
}
foreach(array_keys($notices) as $time) {
@ -151,13 +151,10 @@ function close_notice($id)
fwrite($queueout, serialize($notices));
fclose($queueout);
} else {
unlink_if_exists('/tmp/notices');
@unlink('/tmp/notices');
}
return;
}
/****f* notices/print_notices
* NAME
* print_notices
@ -360,5 +357,3 @@ function notify_all_remote($msg) {
notify_via_smtp($msg);
notify_via_growl($msg);
}
?>

4
src/etc/inc/openvpn.auth-user.php
View File

@ -98,8 +98,8 @@ if (!$username || !$password) {
/* Replaced by a sed with propper variables used below(ldap parameters). */
//<template>
if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) {
putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca");
if (file_exists("/var/etc/openvpn/{$modeid}.ca")) {
putenv("LDAPTLS_CACERT=/var/etc/openvpn/{$modeid}.ca");
putenv("LDAPTLS_REQCERT=never");
}

78
src/etc/inc/openvpn.inc
View File

@ -367,10 +367,9 @@ function openvpn_add_custom(& $settings, & $conf) {
}
}
function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") {
global $g;
$fpath = $g['varetc_path']."/openvpn/{$mode_id}.{$directive}";
function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
{
$fpath = "/var/etc/openvpn/{$mode_id}.{$directive}";
openvpn_create_dirs();
file_put_contents($fpath, base64_decode($data));
//chown($fpath, 'nobody');
@ -530,7 +529,7 @@ function openvpn_reconfigure($mode, $settings)
// See ticket #1417
if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
$conf .= "server {$ip} {$mask}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
if(is_ipaddr($ipv6))
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
@ -557,7 +556,7 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "server {$ip} {$mask}\n";
if(is_ipaddr($ipv6))
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else {
if ($settings['serverbridge_dhcp']) {
if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) {
@ -565,7 +564,7 @@ function openvpn_reconfigure($mode, $settings)
$biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface']));
if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) {
$conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else {
$conf .= "mode server\n";
}
@ -611,7 +610,7 @@ function openvpn_reconfigure($mode, $settings)
// The management port to listen on
// Use unix socket to overcome the problem on any type of server
$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
if ($settings['maxclients'])
@ -663,7 +662,7 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "lport 0\n";
// Use unix socket to overcome the problem on any type of server
$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
// The remote server
$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
@ -691,7 +690,7 @@ function openvpn_reconfigure($mode, $settings)
}
if ($settings['auth_user'] && $settings['auth_pass']) {
$up_file = "{$g['varetc_path']}/openvpn/{$mode_id}.up";
$up_file = "/var/etc/openvpn/{$mode_id}.up";
$conf .= "auth-user-pass {$up_file}\n";
$userpass = "{$settings['auth_user']}\n";
$userpass .= "{$settings['auth_pass']}\n";
@ -701,10 +700,10 @@ function openvpn_reconfigure($mode, $settings)
if ($settings['proxy_addr']) {
$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
if ($settings['proxy_authtype'] != "none") {
$conf .= " {$g['varetc_path']}/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
$conf .= " /var/etc/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
$proxypas = "{$settings['proxy_user']}\n";
$proxypas .= "{$settings['proxy_passwd']}\n";
file_put_contents("{$g['varetc_path']}/openvpn/{$mode_id}.pas", $proxypas);
file_put_contents("/var/etc/openvpn/{$mode_id}.pas", $proxypas);
}
$conf .= " \n";
}
@ -787,18 +786,18 @@ function openvpn_reconfigure($mode, $settings)
openvpn_add_custom($settings, $conf);
openvpn_create_dirs();
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.conf";
$fpath = "/var/etc/openvpn/{$mode_id}.conf";
file_put_contents($fpath, $conf);
unset($conf);
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
$fpath = "/var/etc/openvpn/{$mode_id}.interface";
file_put_contents($fpath, $interface);
//chown($fpath, 'nobody');
//chgrp($fpath, 'nobody');
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.interface", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.key", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.tls-auth", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.interface", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.key", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.tls-auth", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
}
function openvpn_restart($mode, $settings)
@ -833,7 +832,7 @@ function openvpn_restart($mode, $settings)
}
/* start the new process */
$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
$fpath = "/var/etc/openvpn/{$mode_id}.conf";
openvpn_clear_route($mode, $settings);
mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
@ -870,26 +869,22 @@ function openvpn_delete($mode, & $settings)
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
/* remove the configuration files */
@array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
}
function openvpn_cleanup_csc($common_name) {
global $g, $config;
if (empty($common_name))
return;
$fpath = "{$g['varetc_path']}/openvpn-csc/" . basename($common_name);
if (is_file($fpath))
unlink_if_exists($fpath);
return;
function openvpn_cleanup_csc($common_name)
{
@unlink('/var/etc/openvpn-csc/' . basename($common_name));
}
function openvpn_resync_csc(& $settings) {
function openvpn_resync_csc(&$settings)
{
global $g, $config;
$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
$fpath = "/var/etc/openvpn-csc/{$settings['common_name']}";
if (isset($settings['disable'])) {
unlink_if_exists($fpath);
@unlink($fpath);
return;
}
openvpn_create_dirs();
@ -941,20 +936,17 @@ function openvpn_resync_csc(& $settings) {
chgrp($fpath, 'nobody');
}
function openvpn_delete_csc(& $settings) {
global $g, $config;
$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
unlink_if_exists($fpath);
function openvpn_delete_csc(&$settings)
{
@unlink("/var/etc/openvpn-csc/{$settings['common_name']}");
}
// Resync the configuration and restart the VPN
function openvpn_resync($mode, $settings) {
function openvpn_resync($mode, $settings)
{
openvpn_reconfigure($mode, $settings);
openvpn_restart($mode, $settings);
}
// Resync and restart all VPNs
function openvpn_resync_all($interface = '')
{
global $g, $config;
@ -1042,7 +1034,7 @@ function openvpn_get_active_servers($type="multipoint") {
$server['conns'] = array();
$server['vpnid'] = $settings['vpnid'];
$server['mgmt'] = "server{$server['vpnid']}";
$socket = "unix://{$g['varetc_path']}/openvpn/{$server['mgmt']}.sock";
$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
list($tn, $sm) = explode('/', $settings['tunnel_network']);
if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p"))
@ -1144,7 +1136,7 @@ function openvpn_get_active_clients() {
$client['vpnid'] = $settings['vpnid'];
$client['mgmt'] = "client{$client['vpnid']}";
$socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock";
$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
$client['status']="down";
$clients[] = openvpn_get_client_status($client, $socket);
@ -1263,7 +1255,7 @@ function openvpn_refresh_crls() {
if (!empty($settings['crlref'])) {
$crl = lookup_crl($settings['crlref']);
crl_update($crl);
$fpath = $g['varetc_path']."/openvpn/server{$settings['vpnid']}.crl-verify";
$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
file_put_contents($fpath, base64_decode($crl['text']));
@chmod($fpath, 0644);
}

143
src/etc/inc/pfsense-utils.inc
View File

@ -110,27 +110,28 @@ function get_dns_servers() {
* NOTES
* This function only supports the fxp driver's loadable microcode.
******/
function enable_hardware_offloading($interface) {
global $g, $config;
function enable_hardware_offloading($interface)
{
global $config;
if(isset($config['system']['do_not_use_nic_microcode']))
if (isset($config['system']['do_not_use_nic_microcode'])) {
return;
}
/* translate wan, lan, opt -> real interface if needed */
$int = get_real_interface($interface);
if(empty($int))
if (empty($int)) {
return;
$int_family = preg_split("/[0-9]+/", $int);
}
$int_family = preg_split('/[0-9]+/', $int);
$supported_ints = array('fxp');
if (in_array($int_family, $supported_ints)) {
if(does_interface_exist($int))
if (does_interface_exist($int)) {
pfSense_interface_flags($int, IFF_LINK0);
}
}
return;
}
/****f* legacy/is_schedule_inuse
* NAME
* checks to see if a schedule is currently in use by a rule
@ -141,16 +142,23 @@ function enable_hardware_offloading($interface) {
* NOTES
*
******/
function is_schedule_inuse($schedule) {
global $g, $config;
function is_schedule_inuse($schedule)
{
global $config;
if ($schedule == '') {
return false;
}
if($schedule == "") return false;
/* loop through firewall rules looking for schedule in use */
if(is_array($config['filter']['rule']))
foreach($config['filter']['rule'] as $rule) {
if($rule['sched'] == $schedule)
if (isset($config['filter']['rule'])) {
foreach ($config['filter']['rule'] as $rule) {
if ($rule['sched'] == $schedule) {
return true;
}
}
}
return false;
}
@ -164,20 +172,27 @@ function is_schedule_inuse($schedule) {
* NOTES
*
******/
function setup_polling() {
global $g, $config;
function setup_polling()
{
global $config;
if (isset($config['system']['polling']))
if (isset($config['system']['polling'])) {
set_single_sysctl("kern.polling.idle_poll", "1");
else
} else {
set_single_sysctl("kern.polling.idle_poll", "0");
}
if($config['system']['polling_each_burst'])
if ($config['system']['polling_each_burst']) {
set_single_sysctl("kern.polling.each_burst", $config['system']['polling_each_burst']);
if($config['system']['polling_burst_max'])
}
if ($config['system']['polling_burst_max']) {
set_single_sysctl("kern.polling.burst_max", $config['system']['polling_burst_max']);
if($config['system']['polling_user_frac'])
}
if ($config['system']['polling_user_frac']) {
set_single_sysctl("kern.polling.user_frac", $config['system']['polling_user_frac']);
}
}
function set_language($lang)
@ -296,8 +311,10 @@ function add_text_to_file($file, $text, $replace = false) {
/*
* after_sync_bump_adv_skew(): create skew values by 1S
*/
function after_sync_bump_adv_skew() {
global $config, $g;
function after_sync_bump_adv_skew()
{
global $config;
$processed_skew = 1;
$a_vip = &$config['virtualip']['vip'];
foreach ($a_vip as $vipent) {
@ -306,8 +323,10 @@ function after_sync_bump_adv_skew() {
$vipent['advskew'] = $vipent['advskew']+1;
}
}
if($processed_skew == 1)
if ($processed_skew == 1) {
write_config(gettext("After synch increase advertising skew"));
}
}
/*
@ -513,8 +532,9 @@ function rmdir_recursive($path,$follow_links=false) {
/*
* check_firmware_version(): Check whether the current firmware installed is the most recently released.
*/
function check_firmware_version($tocheck = "all", $return_php = true) {
global $g, $config;
function check_firmware_version($tocheck = "all", $return_php = true)
{
global $config;
$xmlrpcfqdn = preg_replace('(https?://)', '', '/xmlrpc.php');
$ip = gethostbyname($xmlrpcfqdn);
@ -547,8 +567,9 @@ function check_firmware_version($tocheck = "all", $return_php = true) {
/*
* host_firmware_version(): Return the versions used in this install
*/
function host_firmware_version($tocheck = "") {
global $g, $config;
function host_firmware_version($tocheck = "")
{
global $config;
$os_version = trim(substr(php_uname("r"), 0, strpos(php_uname("r"), '-')));
@ -585,8 +606,9 @@ function strncpy(&$dst, $src, $length) {
* RESULT
* none
******/
function reload_interfaces_sync() {
global $config, $g;
function reload_interfaces_sync()
{
global $config;
/* parse config.xml again */
$config = parse_config();
@ -631,7 +653,7 @@ function reload_interfaces() {
* none
******/
function reload_all_sync() {
global $config, $g;
global $config;
/* parse config.xml again */
$config = parse_config();
@ -664,8 +686,8 @@ function reload_all_sync() {
system_ntp_configure();
/* sync pw database */
unlink_if_exists("/etc/spwd.db.tmp");
mwexec("/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd");
@unlink('/etc/spwd.db.tmp');
mwexec('/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd');
/* restart sshd */
mwexec_bg('/usr/local/etc/rc.sshd');
@ -676,7 +698,7 @@ function reload_all_sync() {
function setup_serial_port($when = 'save', $path = '')
{
global $g, $config;
global $config;
$prefix = "";
if (($when == "upgrade") && (!empty($path)) && is_dir($path.'/boot/'))
$prefix = "/tmp/{$path}";
@ -926,8 +948,9 @@ function get_ppp_uptime($port){
}
//returns interface information
function get_interface_info($ifdescr) {
global $config, $g;
function get_interface_info($ifdescr)
{
global $config;
$ifinfo = array();
if (empty($config['interfaces'][$ifdescr]))
@ -1079,7 +1102,7 @@ function get_interface_info($ifdescr) {
break;
}
if (file_exists("{$g['varrun_path']}/{$link_type}_{$ifdescr}.pid")) {
if (file_exists("/var/run/{$link_type}_{$ifdescr}.pid")) {
$sec = trim(`/usr/local/sbin/ppp-uptime.sh {$ifinfo['if']}`);
$ifinfo['ppp_uptime'] = convert_seconds_to_hms($sec);
}
@ -1296,12 +1319,15 @@ function compare_hostname_to_dnscache($hostname) {
/*
* load_crypto() - Load crypto modules if enabled in config.
*/
function load_crypto() {
global $config, $g;
function load_crypto()
{
global $config;
$crypto_modules = array('glxsb', 'aesni');
if (!in_array($config['system']['crypto_hardware'], $crypto_modules))
if (!in_array($config['system']['crypto_hardware'], $crypto_modules)) {
return false;
}
if (!empty($config['system']['crypto_hardware']) && !is_module_loaded($config['system']['crypto_hardware'])) {
log_error("Loading {$config['system']['crypto_hardware']} cryptographic accelerator module.");
@ -1312,12 +1338,15 @@ function load_crypto() {
/*
* load_thermal_hardware() - Load temperature monitor kernel module
*/
function load_thermal_hardware() {
global $config, $g;
function load_thermal_hardware()
{
global $config;
$thermal_hardware_modules = array('coretemp', 'amdtemp');
if (!in_array($config['system']['thermal_hardware'], $thermal_hardware_modules))
if (!in_array($config['system']['thermal_hardware'], $thermal_hardware_modules)) {
return false;
}
if (!empty($config['system']['thermal_hardware']) && !is_module_loaded($config['system']['thermal_hardware'])) {
log_error("Loading {$config['system']['thermal_hardware']} thermal monitor module.");
@ -1326,12 +1355,14 @@ function load_thermal_hardware() {
}
function get_freebsd_version() {
function get_freebsd_version()
{
$version = explode(".", php_uname("r"));
return $version[0];
}
function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) {
function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0)
{
global $config, $g;
$fp = fopen($destination, "wb");
@ -1443,9 +1474,11 @@ if(!function_exists("split")) {
function update_alias_names_upon_change($section, $field, $new_alias_name, $origname)
{
global $g, $config, $pconfig;
if(!$origname)
global $config, $pconfig;
if (!$origname) {
return;
}
$sectionref = &$config;
foreach($section as $sectionname) {
@ -1474,8 +1507,9 @@ function update_alias_names_upon_change($section, $field, $new_alias_name, $orig
}
}
function update_alias_url_data() {
global $config, $g;
function update_alias_url_data()
{
global $config;
$updated = false;
@ -1623,18 +1657,19 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
|| $forceupdate) {
// Try to fetch the URL supplied
unlink_if_exists($urltable_filename . ".tmp");
@unlink("{$urltable_filename}.tmp");
$verify_ssl = isset($config['system']['checkaliasesurlcert']);
if (download_file($url, $urltable_filename . ".tmp", $verify_ssl)) {
if (download_file($url, "{$urltable_filename}.tmp", $verify_ssl)) {
mwexec("/usr/bin/sed -E 's/\;.*//g; /^[[:space:]]*($|#)/d' ". escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename));
if (alias_get_type($name) == "urltable_ports") {
$ports = explode("\n", file_get_contents($urltable_filename));
$ports = group_ports($ports);
file_put_contents($urltable_filename, implode("\n", $ports));
}
unlink_if_exists($urltable_filename . ".tmp");
} else
@unlink("{$urltable_filename}.tmp");
} else {
touch($urltable_filename);
}
return true;
} else {
// File exists, and it doesn't need updated.

4
src/etc/inc/priv.defs.inc
View File

@ -461,8 +461,8 @@ $priv_list['page-xmlrpcinterfacestats']['match'] = array();
$priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*";
$priv_list['page-system-login/logout'] = array();
$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - System: Login / Logout page / Dashboard");
$priv_list['page-system-login/logout']['descr'] = gettext("Allow access to the 'System: Login / Logout' page and Dashboard.");
$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - Lobby: Login / Logout / Dashboard page");
$priv_list['page-system-login/logout']['descr'] = gettext("Allow access to the 'Lobby: Login / Logout/ Dashboard' page.");
$priv_list['page-system-login/logout']['match'] = array();
$priv_list['page-system-login/logout']['match'][] = "index.php*";

19
src/etc/inc/rrd.inc
View File

@ -30,7 +30,7 @@ function dump_rrd_to_xml($rrddatabase, $xmldumpfile)
{
$rrdtool = '/usr/local/bin/rrdtool';
unlink_if_exists($xmldumpfile);
@unlink($xmldumpfile);
exec("$rrdtool dump " . escapeshellarg($rrddatabase) . " {$xmldumpfile} 2>&1", $dumpout, $dumpret);
if ($dumpret <> 0) {
@ -77,7 +77,7 @@ function restore_rrd()
}
/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
if (!isset($config['system']['use_mfs_tmpvar'])) {
unlink_if_exists('/conf/rrd.tgz');
@unlink('/conf/rrd.tgz');
}
return true;
}
@ -287,7 +287,7 @@ function enable_rrd_graphing() {
$rrdupdatesh .= "\n";
$rrdupdatesh .= "export TERM=dumb\n";
$rrdupdatesh .= "\n";
$rrdupdatesh .= 'echo $$ > ' . $g['varrun_path'] . '/updaterrd.sh.pid';
$rrdupdatesh .= 'echo $$ > /var/run/updaterrd.sh.pid';
$rrdupdatesh .= "\n";
$rrdupdatesh .= "counter=1\n";
$rrdupdatesh .= "while [ \"\$counter\" -ne 0 ]\n";
@ -441,7 +441,7 @@ function enable_rrd_graphing() {
$rrdupdatesh .= " sleep 0.2\n";
$rrdupdatesh .= " echo \"quit\"\n";
$rrdupdatesh .= "}\n";
$rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n";
$rrdupdatesh .= "OVPN=`list_current_users | nc -U /var/etc/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n";
$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n";
}
@ -864,7 +864,7 @@ function enable_rrd_graphing() {
$rrdupdatesh .= "done\n";
log_error(gettext("Creating rrd update script"));
/* write the rrd update script */
$updaterrdscript = "{$g['vardb_path']}/rrd/updaterrd.sh";
$updaterrdscript = '/var/db/rrd/updaterrd.sh';
$fd = fopen("$updaterrdscript", "w");
fwrite($fd, "$rrdupdatesh");
fclose($fd);
@ -920,10 +920,7 @@ function create_gateway_quality_rrd($rrd_file) {
unset($rrdtool, $rrdinterval, $valid, $rrd_file);
}
function kill_traffic_collector() {
global $g;
killbypid("{$g['varrun_path']}/updaterrd.sh.pid");
function kill_traffic_collector()
{
killbypid('/var/run/updaterrd.sh.pid');
}
?>

5
src/etc/inc/service-utils.inc
View File

@ -34,7 +34,6 @@ require_once("vpn.inc");
require_once("vslb.inc");
require_once("gwlb.inc");
if (!function_exists('get_services')) {
function get_services() {
@ -386,7 +385,7 @@ if (!function_exists('service_control_start')) {
$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
if (($vpnmode == "server") || ($vpnmode == "client")) {
$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
if (file_exists($configfile))
openvpn_restart_by_vpnid($vpnmode, $id);
}
@ -530,7 +529,7 @@ if (!function_exists('service_control_restart')) {
$vpnmode = htmlspecialchars($extras['vpnmode']);
if ($vpnmode == "server" || $vpnmode == "client") {
$id = htmlspecialchars($extras['id']);
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
if (file_exists($configfile))
openvpn_restart_by_vpnid($vpnmode, $id);
}

86
src/etc/inc/services.inc
View File

@ -304,7 +304,7 @@ function services_radvd_configure($blacklist = array())
}
/* write radvd.conf */
if (!@file_put_contents("{$g['varetc_path']}/radvd.conf", $radvdconf)) {
if (!@file_put_contents("/var/etc/radvd.conf", $radvdconf)) {
log_error("Error: cannot open radvd.conf in services_radvd_configure().\n");
if (file_exists("/var/run/booting"))
printf("Error: cannot open radvd.conf in services_radvd_configure().\n");
@ -312,18 +312,17 @@ function services_radvd_configure($blacklist = array())
unset($radvdconf);
if (count($radvdifs) > 0) {
if (isvalidpid("{$g['varrun_path']}/radvd.pid")) {
killbypid("{$g['varrun_path']}/radvd.pid", 'HUP');
if (isvalidpid('/var/run/radvd.pid')) {
killbypid('/var/run/radvd.pid', 'HUP');
} else {
mwexec("/usr/local/sbin/radvd -p {$g['varrun_path']}/radvd.pid -C {$g['varetc_path']}/radvd.conf -m syslog");
mwexec('/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog');
}
} else {
/* we need to shut down the radvd cleanly, it will send out the prefix
* information with a lifetime of 0 to notify clients of a (possible) new prefix */
if (isvalidpid("{$g['varrun_path']}/radvd.pid")) {
if (isvalidpid('/var/run/radvd.pid')) {
log_error("Shutting down Router Advertisment daemon cleanly");
killbypid("{$g['varrun_path']}/radvd.pid");
@unlink("{$g['varrun_path']}/radvd.pid");
killbypid('/var/run/radvd.pid');
}
}
return 0;
@ -370,8 +369,7 @@ function services_dhcpdv4_configure()
$ddns_zones = array();
/* kill any running dhcpd */
if (isvalidpid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid"))
killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpd.pid");
/* DHCP enabled on any interfaces? */
if (!is_dhcp_server_enabled())
@ -390,7 +388,7 @@ function services_dhcpdv4_configure()
}
/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
if (!isset($config['system']['use_mfs_tmpvar'])) {
unlink_if_exists('/conf/dhcpleases.tgz');
@unlink('/conf/dhcpleases.tgz');
}
}
@ -900,16 +898,15 @@ EOD;
unset($dhcpdconf);
/* create an empty leases database */
if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"))
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
/* make sure there isn't a stale dhcpd.pid file, which can make dhcpd fail to start. */
/* if we get here, dhcpd has been killed and is not started yet */
unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
@unlink("{$g['dhcpd_chroot_path']}/var/run/dhcpd.pid");
/* fire up dhcpd in a chroot */
if (count($dhcpdifs) > 0) {
mwexec("/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf {$g['varrun_path']}/dhcpd.pid " .
mwexec("/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid " .
join(" ", $dhcpdifs));
}
@ -987,14 +984,13 @@ function services_dhcpdv6_configure($blacklist = array())
global $config, $g;
/* kill any running dhcpd */
if (isvalidpid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid"))
killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
if (isvalidpid("{$g['varrun_path']}/dhcpleases6.pid"))
killbypid("{$g['varrun_path']}/dhcpleases6.pid");
killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
killbypid('/var/run/dhcpleases6.pid');
/* DHCP enabled on any interfaces? */
if (!is_dhcpv6_server_enabled())
if (!is_dhcpv6_server_enabled()) {
return 0;
}
if (file_exists("/var/run/booting")) {
if (is_install_media()) {
@ -1012,7 +1008,7 @@ function services_dhcpdv6_configure($blacklist = array())
}
/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
if (isset($config['system']['use_mfs_tmpvar'])) {
unlink_if_exists('/conf/dhcp6leases.tgz');
@unlink('/conf/dhcp6leases.tgz');
}
}
@ -1310,11 +1306,11 @@ EOD;
/* make sure there isn't a stale dhcpdv6.pid file, which may make dhcpdv6 fail to start. */
/* if we get here, dhcpdv6 has been killed and is not started yet */
unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
@unlink("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
/* fire up dhcpd in a chroot */
if (count($dhcpdv6ifs) > 0) {
mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf {$g['varrun_path']}/dhcpdv6.pid " .
mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid " .
join(" ", $dhcpdv6ifs));
mwexec("/usr/local/sbin/dhcpleases6 -c \"/usr/local/bin/php -f /usr/local/sbin/prefixes.php|/bin/sh\" -l {$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases");
}
@ -1386,7 +1382,7 @@ function services_dhcrelay_configure()
global $config, $g;
/* kill any running dhcrelay */
killbypid("{$g['varrun_path']}/dhcrelay.pid");
killbypid('/var/run/dhcrelay.pid');
$dhcrelaycfg =& $config['dhcrelay'];
@ -1503,7 +1499,7 @@ function services_dhcrelay6_configure()
global $config, $g;
/* kill any running dhcrelay */
killbypid("{$g['varrun_path']}/dhcrelay6.pid");
killbypid('/var/run/dhcrelay6.pid');
$dhcrelaycfg =& $config['dhcrelay6'];
@ -1599,7 +1595,7 @@ function services_dhcrelay6_configure()
return; /* XXX */
}
$cmd = "/usr/local/sbin/dhcrelay -6 -pf \"{$g['varrun_path']}/dhcrelay6.pid\"";
$cmd = '/usr/local/sbin/dhcrelay -6 -pf /var/run/dhcrelay6.pid';
foreach ($dhcrelayifs as $dhcrelayif) {
$cmd .= " -l {$dhcrelayif}";
}
@ -1743,7 +1739,7 @@ function services_dnsmasq_configure()
);
/* kill any running dnsmasq */
killbypid("{$g['varrun_path']}/dnsmasq.pid");
killbypid('/var/run/dnsmasq.pid');
if (isset($config['dnsmasq']['enable'])) {
@ -1883,7 +1879,7 @@ function services_unbound_configure()
$return = 0;
// kill any running Unbound instance
killbypid("{$g['varrun_path']}/unbound.pid");
killbypid('/var/run/unbound.pid');
if (isset($config['unbound']['enable'])) {
if (file_exists("/var/run/booting"))
@ -1910,10 +1906,12 @@ function services_snmpd_configure()
global $config, $g;
/* kill any running snmpd */
killbypid("{$g['varrun_path']}/snmpd.pid");
killbypid('/var/run/snmpd.pid');
sleep(2);
if(is_process_running("bsnmpd"))
mwexec("/usr/bin/killall bsnmpd", true);
if (is_process_running('bsnmpd')) {
mwexec('/usr/bin/killall bsnmpd', true);
}
if (isset($config['snmpd']['enable'])) {
@ -1921,7 +1919,7 @@ function services_snmpd_configure()
echo gettext("Starting SNMP daemon... ");
/* generate snmpd.conf */
$fd = fopen("{$g['varetc_path']}/snmpd.conf", "w");
$fd = fopen("/var/etc/snmpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open snmpd.conf in services_snmpd_configure().%s"),"\n");
return 1;
@ -2094,8 +2092,8 @@ EOD;
}
/* run bsnmpd */
mwexec("/usr/sbin/bsnmpd -c {$g['varetc_path']}/snmpd.conf" .
"{$bindlan} -p {$g['varrun_path']}/snmpd.pid");
mwexec("/usr/sbin/bsnmpd -c /var/etc/snmpd.conf" .
"{$bindlan} -p /var/run/snmpd.pid");
if (file_exists("/var/run/booting"))
echo gettext("done.") . "\n";
@ -2145,7 +2143,7 @@ function services_dnsupdate_process($int = '', $updatehost = '', $forced = false
/* write private key file
this is dumb - public and private keys are the same for HMAC-MD5,
but nsupdate insists on having both */
$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.private", "w");
$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.private", "w");
$privkey = <<<EOD
Private-key-format: v1.2
Algorithm: 157 (HMAC)
@ -2167,7 +2165,7 @@ EOD;
$proto = 2;
}
$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.key", "w");
$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.key", "w");
fwrite($fd, "{$keyname} IN KEY {$flags} {$proto} 157 {$dnsupdate['keydata']}\n");
fclose($fd);
@ -2220,13 +2218,13 @@ EOD;
$upinst .= "\n"; /* mind that trailing newline! */
if ($need_update) {
@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
@file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
unset($upinst);
/* invoke nsupdate */
$cmd = "/usr/local/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
$cmd = "/usr/local/bin/nsupdate -k /var/etc/K{$i}{$keyname}+157+00000.key";
if (isset($dnsupdate['usetcp']))
$cmd .= " -v";
$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
$cmd .= " /var/etc/nsupdatecmds{$i}";
mwexec_bg($cmd);
unset($cmd);
}
@ -2280,11 +2278,11 @@ function configure_cron() {
}
/* please maintain the newline at the end of file */
file_put_contents("/etc/crontab", $crontab_contents);
file_put_contents('/etc/crontab', $crontab_contents);
unset($crontab_contents);
/* do a HUP kill to force sync changes */
killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
killbypid('/var/run/cron.pid', 'HUP');
}
@ -2293,12 +2291,12 @@ function upnp_action ($action) {
switch($action) {
case "start":
if (file_exists('/var/etc/miniupnpd.conf')) {
@unlink("{$g['varrun_path']}/miniupnpd.pid");
mwexec_bg("/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P {$g['varrun_path']}/miniupnpd.pid");
@unlink('/var/run/miniupnpd.pid');
mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid');
}
break;
case "stop":
killbypid("{$g['varrun_path']}/miniupnpd.pid");
killbypid('/var/run/miniupnpd.pid');
while((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0)
mwexec('killall miniupnpd 2>/dev/null', true);
mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null');
@ -2382,5 +2380,3 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont
}
configure_cron();
}
?>

91
src/etc/inc/system.inc
View File

@ -302,7 +302,7 @@ function system_hosts_generate()
* Do not remove this because dhcpleases monitors with kqueue
* it needs to be * killed before writing to hosts files.
*/
killbypid("{$g['varrun_path']}/dhcpleases.pid");
killbypid('/var/run/dhcpleases.pid');
$fd = fopen('/etc/hosts', 'w');
if (!$fd) {
@ -334,8 +334,8 @@ function system_dhcpleases_configure()
if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases")) {
@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
}
if (isvalidpid("{$g['varrun_path']}/dhcpleases.pid")) {
killbypid("{$g['varrun_path']}/dhcpleases.pid", 'HUP');
if (isvalidpid('/var/run/dhcpleases.pid')) {
killbypid('/var/run/dhcpleases.pid', 'HUP');
} else {
/* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */
killbyname('dhcpleases');
@ -356,7 +356,7 @@ function system_dhcpleases_configure()
);
}
} else {
killbypid("{$g['varrun_path']}/dhcpleases.pid");
killbypid('/var/run/dhcpleases.pid');
}
}
@ -549,17 +549,16 @@ function system_staticroutes_configure($interface = "", $update_dns = false) {
array_unique($filterdns_list);
foreach ($filterdns_list as $hostname)
$hostnames .= "cmd {$hostname} '/usr/local/opnsense/service/configd_ctl.py \"routedns reload\"'\n";
file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
file_put_contents("/var/etc/filterdns-route.hosts", $hostnames);
unset($hostnames);
if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid")) {
killbypid("{$g['varrun_path']}/filterdns-route.pid", 'HUP');
if (isvalidpid('/var/run/filterdns-route.pid')) {
killbypid('/var/run/filterdns-route.pid', 'HUP');
} else {
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c /var/etc/filterdns-route.hosts -d 1");
}
} else {
killbypid("{$g['varrun_path']}/filterdns-route.pid");
@unlink("{$g['varrun_path']}/filterdns-route.pid");
killbypid('/var/run/filterdns-route.pid');
}
}
unset($filterdns_list);
@ -745,7 +744,7 @@ EOD;
EOD;
}
/* write syslog.conf */
if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
if (!@file_put_contents("/var/etc/syslog.conf", $syslogconf)) {
printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
unset($syslogconf);
return 1;
@ -772,17 +771,18 @@ EOD;
}
}
$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
$syslogd_extra = "-f /var/etc/syslog.conf {$sourceip}";
}
if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
killbypid("{$g['varrun_path']}/syslog.pid", 'HUP');
if (isvalidpid('/var/run/syslog.pid')) {
killbypid('/var/run/syslog.pid', 'HUP');
} else {
$retval = mwexec_bg("/usr/local/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}");
$retval = mwexec_bg("/usr/local/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P /var/run/syslog.pid {$syslogd_extra}");
}
if (file_exists("/var/run/booting"))
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n";
}
return $retval;
}
@ -845,22 +845,20 @@ function system_webgui_start()
}
/* generate lighttpd configuration */
system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
system_generate_lighty_config("/var/etc/lighty-webConfigurator.conf",
$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
"cert.pem", "ca.pem");
/* kill any running lighttpd */
killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
killbypid('/var/run/lighty-webConfigurator.pid');
sleep(1);
@unlink("{$g['varrun_path']}/lighty-webConfigurator.pid");
/* regenerate the php.ini files in case the setup has changed */
mwexec('/usr/local/etc/rc.php_ini_setup');
/* attempt to start lighthttpd and return true if ok */
return !mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
return !mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf");
}
function system_generate_lighty_config(
@ -1090,9 +1088,9 @@ EOD;
$lighty_config .= "\n";
$lighty_config .= "## ssl configuration\n";
$lighty_config .= "ssl.engine = \"enable\"\n";
$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
if($ca <> "")
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
}
$lighty_config .= " }\n";
@ -1104,7 +1102,7 @@ EOD;
#server.error-handler-404 = "/error-handler.php"
## to help the rc.scripts
server.pid-file = "{$g['varrun_path']}/{$pid_file}"
server.pid-file = "/var/run/{$pid_file}"
## virtual directory listings
server.dir-listing = "disable"
@ -1144,30 +1142,30 @@ EOD;
$ca = str_replace("\n\n", "\n", $ca);
if($cert <> "" and $key <> "") {
$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
$fd = fopen("/var/etc/{$cert_location}", "w");
if (!$fd) {
printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
return 1;
}
chmod("{$g['varetc_path']}/{$cert_location}", 0600);
chmod("/var/etc/{$cert_location}", 0600);
fwrite($fd, $cert);
fwrite($fd, "\n");
fwrite($fd, $key);
fclose($fd);
if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
$fd = fopen("/var/etc/{$ca_location}", "w");
if (!$fd) {
printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
return 1;
}
chmod("{$g['varetc_path']}/{$ca_location}", 0600);
chmod("/var/etc/{$ca_location}", 0600);
fwrite($fd, $ca);
fclose($fd);
}
$lighty_config .= "\n";
$lighty_config .= "## " . gettext("ssl configuration") . "\n";
$lighty_config .= "ssl.engine = \"enable\"\n";
$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
// Harden SSL a bit for PCI conformance testing
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
@ -1194,7 +1192,7 @@ EOD;
}
if(!(empty($ca) || (strlen(trim($ca)) == 0)))
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
}
// Add HTTP to HTTPS redirect
@ -1266,7 +1264,7 @@ function system_ntp_setup_gps($serialport) {
return false;
// Create symlink that ntpd requires
unlink_if_exists($gps_device);
@unlink($gps_device);
symlink($serialport, $gps_device);
/* Send the following to the GPS port to initialize the GPS */
@ -1308,23 +1306,22 @@ function system_ntp_setup_gps($serialport) {
return true;
}
function system_ntp_setup_pps($serialport) {
global $config, $g;
function system_ntp_setup_pps($serialport)
{
$pps_device = '/dev/pps0';
$serialport = '/dev/'.$serialport;
$serialport = "/dev/{$serialport}";
if (!file_exists($serialport))
if (!file_exists($serialport)) {
return false;
}
// Create symlink that ntpd requires
unlink_if_exists($pps_device);
@unlink($pps_device);
@symlink($serialport, $pps_device);
return true;
}
function system_ntp_configure($start_ntpd = true)
{
global $config, $g;
@ -1568,8 +1565,8 @@ function system_ntp_configure($start_ntpd = true)
}
/* open configuration for wrting or bail */
if (!@file_put_contents("{$g['varetc_path']}/ntpd.conf", $ntpcfg)) {
log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
if (!@file_put_contents('/var/etc/ntpd.conf', $ntpcfg)) {
log_error("Could not open /var/etc/ntpd.conf for writing");
return;
}
@ -1578,21 +1575,19 @@ function system_ntp_configure($start_ntpd = true)
return;
/* if ntpd is running, kill it */
while (isvalidpid("{$g['varrun_path']}/ntpd.pid")) {
killbypid("{$g['varrun_path']}/ntpd.pid");
while (isvalidpid('/var/run/ntpd.pid')) {
killbypid('/var/run/ntpd.pid');
usleep(200 * 1000);
}
@unlink("{$g['varrun_path']}/ntpd.pid");
/* if /var/empty does not exist, create it */
if(!is_dir("/var/empty"))
mkdir("/var/empty", 0775, true);
@mkdir('/var/empty', 0775, true);
/* start opentpd, set time now and use /var/etc/ntpd.conf */
mwexec("/usr/local/sbin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
/* start opentpd, set time now and use new config */
mwexec('/usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid', false, true);
// Note that we are starting up
log_error("NTPD is starting up.");
return;
}
function system_halt($sync = false)

36
src/etc/inc/upgrade_config.inc
View File

@ -2025,12 +2025,12 @@ function upgrade_054_to_055() {
/* Let's save the RRD graphs after we run enable RRD graphing */
/* The function will restore the rrd.tgz so we will save it after */
exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='/conf' /usr/local/etc/rc.backup_rrd");
unlink_if_exists("{$g['vardb_path']}/rrd/*.xml");
if (file_exists("/var/run/booting"))
mwexec('/bin/rm /var/db/rrd/*.xml');
if (file_exists("/var/run/booting")) {
echo "Updating configuration...";
}
}
function upgrade_055_to_056() {
global $config;
@ -2526,10 +2526,10 @@ function upgrade_077_to_078() {
$config['pptpd']['n_pptp_units'] = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units'];
}
}
function upgrade_078_to_079() {
global $g;
function upgrade_078_to_079()
{
/* Delete old and unused RRD file */
unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
@unlink('/var/db/rrd/captiveportal-totalusers.rrd');
}
function upgrade_079_to_080() {
@ -2692,8 +2692,8 @@ function upgrade_080_to_081() {
mwexec("$rrdtool restore -f /tmp/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
unset($xml);
# Default /tmp tmpfs is ~40mb, do not leave temp files around
unlink_if_exists("/tmp/{$xmldump}");
unlink_if_exists("/tmp/{$xmldumpnew}");
@unlink("/tmp/{$xmldump}");
@unlink("/tmp/{$xmldumpnew}");
}
enable_rrd_graphing();
/* Let's save the RRD graphs after we run enable RRD graphing */
@ -2943,9 +2943,9 @@ function upgrade_092_to_093() {
$suffixes = array("concurrent", "loggedin");
foreach ($suffixes as $suffix)
if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd"))
rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
"{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
if (file_exists("/var/db/rrd/captiveportal-{$suffix}.rrd"))
rename("/var/db/rrd/captiveportal-{$suffix}.rrd",
"/var/db/rrd/captiveportal-cpZone-{$suffix}.rrd");
enable_rrd_graphing();
}
@ -3230,13 +3230,13 @@ function upgrade_110_to_111()
mwexec('/usr/sbin/pw useradd -n unbound -c "Unbound DNS Resolver" -d /var/unbound -s /usr/sbin/nologin -u 59 -g 59', true);
/* cleanup old unbound package stuffs */
unlink_if_exists("/usr/local/pkg/unbound.xml");
unlink_if_exists("/usr/local/pkg/unbound.inc");
unlink_if_exists("/usr/local/pkg/unbound_advanced.xml");
unlink_if_exists("/usr/local/www/unbound_status.php");
unlink_if_exists("/usr/local/www/unbound_acls.php");
unlink_if_exists("/usr/local/bin/unbound_monitor.sh");
unlink_if_exists("/usr/local/etc/rc.d/unbound.sh");
@unlink('/usr/local/pkg/unbound.xml');
@unlink('/usr/local/pkg/unbound.inc');
@unlink('/usr/local/pkg/unbound_advanced.xml');
@unlink('/usr/local/www/unbound_status.php');
@unlink('/usr/local/www/unbound_acls.php');
@unlink('/usr/local/bin/unbound_monitor.sh');
@unlink('/usr/local/etc/rc.d/unbound.sh');
/* Remove old menu and service entries */
if (isset($config['installedpackages']['menu']) && is_array($config['installedpackages']['menu'])) {

15
src/etc/inc/util.inc
View File

@ -1034,21 +1034,6 @@ function mwexec_bg($command, $mute = false, $clearsigmask = false)
mwexec("/usr/sbin/daemon -f {$command}", $mute, $clearsigmask);
}
/* unlink a file or directory, if it exists */
function unlink_if_exists($fn)
{
$to_do = glob($fn);
foreach($to_do as $filename) {
if (is_dir($filename)) {
/* rmdir() is not recursive... */
mwexecf('/bin/rm -r %s', $filename);
} else {
unlink($filename);
}
}
}
/* make a global alias table (for faster lookups) */
function alias_make_table($config)
{

71
src/etc/inc/voucher.inc
View File

@ -60,7 +60,7 @@ function voucher_expire($voucher_received) {
continue; // seems too short to be a voucher!
unset($output);
$_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output);
$_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output);
list($status, $roll, $nr) = explode(" ", $output[0]);
if ($status == "OK") {
// check if we have this ticket on a registered roll for this ticket
@ -165,7 +165,7 @@ function voucher_auth($voucher_received, $test = 0) {
if (strlen($voucher) < 3)
continue; // seems too short to be a voucher!
$result = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v");
$result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v");
list($status, $roll, $nr) = explode(" ", $result);
if ($status == "OK") {
if (!$first_voucher) {
@ -303,7 +303,7 @@ function voucher_configure_zone($sync = false)
/* write public key used to verify vouchers */
$pubkey = base64_decode($config['voucher'][$cpzone]['publickey']);
$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.public", "w");
$fd = fopen("/var/etc/voucher_{$cpzone}.public", "w");
if (!$fd) {
captiveportal_syslog("Voucher error: cannot write voucher.public\n");
unlock($voucherlck);
@ -311,10 +311,10 @@ function voucher_configure_zone($sync = false)
}
fwrite($fd, $pubkey);
fclose($fd);
@chmod("{$g['varetc_path']}/voucher_{$cpzone}.public", 0600);
@chmod("/var/etc/voucher_{$cpzone}.public", 0600);
/* write config file used by voucher binary to decode vouchers */
$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.cfg", "w");
$fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w");
if (!$fd) {
captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n");
unlock($voucherlck);
@ -322,7 +322,7 @@ function voucher_configure_zone($sync = false)
}
fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n");
fclose($fd);
@chmod("{$g['varetc_path']}/voucher_{$cpzone}.cfg", 0600);
@chmod("/var/etc/voucher_{$cpzone}.cfg", 0600);
unlock($voucherlck);
if (!$sync) {
@ -364,15 +364,19 @@ function voucher_configure_zone($sync = false)
/* write bitstring of used vouchers to ramdisk.
* Bitstring must already be base64_encoded!
*/
function voucher_write_used_db($roll, $vdb) {
global $g, $cpzone;
function voucher_write_used_db($roll, $vdb)
{
global $cpzone;
$fd = fopen("{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db", "w");
$fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db";
$fd = fopen($fn, 'w');
if ($fd) {
fwrite($fd, $vdb . "\n");
fclose($fd);
} else
voucher_log(LOG_ERR, sprintf(gettext('cant write %1$s/voucher_%s_used_%2$s.db'), $g['vardb_path'], $cpzone, $roll));
} else {
voucher_log(LOG_ERR, sprintf(gettext('Can\'t write %s'), $fn));
}
}
/* return assoc array of active vouchers with activation timestamp
@ -383,7 +387,7 @@ function voucher_read_active_db($roll) {
$active = array();
$dirty = 0;
$file = "{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db";
$file = "/var/db/voucher_{$cpzone}_active_{$roll}.db";
if (file_exists($file)) {
$fd = fopen($file, "r");
if ($fd) {
@ -415,7 +419,7 @@ function voucher_write_active_db($roll, $active) {
if (!is_array($active))
return;
$fd = fopen("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db", "w");
$fd = fopen("/var/db/voucher_{$cpzone}_active_{$roll}.db", "w");
if ($fd) {
foreach($active as $voucher => $value)
fwrite($fd, "$voucher,$value\n");
@ -442,32 +446,35 @@ function voucher_used_count($roll) {
return $used;
}
function voucher_read_used_db($roll) {
global $g, $cpzone;
function voucher_read_used_db($roll)
{
global $cpzone;
$vdb = "";
$file = "{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db";
if (file_exists($file)) {
$fd = fopen($file, "r");
$fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db";
$vdb = '';
$fd = fopen($fn, 'r');
if ($fd) {
$vdb = trim(fgets($fd));
fclose($fd);
} else {
voucher_log(LOG_ERR, sprintf(gettext('cant read %1$s/voucher_%s_used_%2$s.db'), $g['vardb_path'], $cpzone, $roll));
}
}
return base64_decode($vdb);
$vdb = trim(fgets($fd));
fclose($fd);
} else {
voucher_log(LOG_ERR, sprintf(gettext('Can\'t read %s'), $fn));
}
return base64_decode($vdb);
}
function voucher_unlink_db($roll) {
global $g, $cpzone;
@unlink("{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db");
@unlink("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db");
function voucher_unlink_db($roll)
{
global $cpzone;
@unlink("/var/db/voucher_{$cpzone}_used_{$roll}.db");
@unlink("/var/db/voucher_{$cpzone}_active_{$roll}.db");
}
/* we share the log with captiveportal for now */
function voucher_log($priority, $message) {
function voucher_log($priority, $message)
{
$message = trim($message);
openlog("logportalauth", LOG_PID, LOG_LOCAL4);
syslog($priority, sprintf(gettext("Voucher: %s"),$message));

141
src/etc/inc/vpn.inc
View File

@ -88,8 +88,8 @@ function vpn_ipsec_configure($ipchg = false)
global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos;
/* get the automatic ping_hosts.sh ready */
unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
touch("{$g['vardb_path']}/ipsecpinghosts");
@unlink('/var/db/ipsecpinghosts');
touch('/var/db/ipsecpinghosts');
vpn_ipsec_configure_preferoldsa();
@ -101,9 +101,9 @@ function vpn_ipsec_configure($ipchg = false)
if (!isset($ipseccfg['enable'])) {
/* try to stop charon */
mwexec("/usr/local/sbin/ipsec stop");
mwexec('/usr/local/sbin/ipsec stop');
/* Stop dynamic monitoring */
killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
killbypid('/var/run/filterdns-ipsec.pid');
/* wait for process to die */
sleep(2);
@ -120,26 +120,17 @@ function vpn_ipsec_configure($ipchg = false)
mwexec("/sbin/ifconfig enc0 up");
set_single_sysctl("net.inet.ip.ipsec_in_use", "1");
/* needed for config files */
if (!is_dir("/usr/local/etc/ipsec.d"))
mkdir("/usr/local/etc/ipsec.d");
if (!is_dir($capath))
mkdir($capath);
if (!is_dir($keypath))
mkdir($keypath);
if (!is_dir("/usr/local/etc/ipsec.d/crls"))
mkdir("/usr/local/etc/ipsec.d/crls");
if (!is_dir($certpath))
mkdir($certpath);
if (!is_dir("/usr/local/etc/ipsec.d/aacerts"))
mkdir("/usr/local/etc/ipsec.d/aacerts");
if (!is_dir("/usr/local/etc/ipsec.d/acerts"))
mkdir("/usr/local/etc/ipsec.d/acerts");
if (!is_dir("/usr/local/etc/ipsec.d/ocspcerts"))
mkdir("/usr/local/etc/ipsec.d/ocspcerts");
if (!is_dir("/usr/local/etc/ipsec.d/reqs"))
mkdir("/usr/local/etc/ipsec.d/reqs");
/* needed directories for config files */
@mkdir($capath);
@mkdir($keypath);
@mkdir($certpath);
@mkdir('/usr/local/etc/ipsec.d');
@mkdir('/usr/local/etc/ipsec.d/crls');
@mkdir('/usr/local/etc/ipsec.d/aacerts');
@mkdir('/usr/local/etc/ipsec.d/acerts');
@mkdir('/usr/local/etc/ipsec.d/ocspcerts');
@mkdir('/usr/local/etc/ipsec.d/reqs');
if (file_exists("/var/run/booting"))
echo gettext("Configuring IPsec VPN... ");
@ -256,7 +247,7 @@ function vpn_ipsec_configure($ipchg = false)
}
}
}
@file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts);
@file_put_contents('/var/db/ipsecpinghosts', $ipsecpinghosts);
unset($ipsecpinghosts);
}
unset($iflist);
@ -816,11 +807,11 @@ EOD;
/* end ipsec.conf */
/* mange process */
if (isvalidpid("{$g['varrun_path']}/charon.pid")) {
if (isvalidpid('/var/run/charon.pid')) {
/* Read secrets */
mwexec("/usr/local/sbin/ipsec rereadall", false);
mwexec('/usr/local/sbin/ipsec rereadall', false);
/* Update configuration changes */
mwexec("/usr/local/sbin/ipsec reload", false);
mwexec('/usr/local/sbin/ipsec reload', false);
} else {
mwexec("/usr/local/sbin/ipsec start", false);
}
@ -840,14 +831,13 @@ EOD;
file_put_contents("/usr/local/etc/filterdns-ipsec.hosts", $hostnames);
unset($hostnames);
if (isvalidpid("{$g['varrun_path']}/filterdns-ipsec.pid")) {
killbypid("{$g['varrun_path']}/filterdns-ipsec.pid", 'HUP');
if (isvalidpid('/var/run/filterdns-ipsec.pid')) {
killbypid('/var/run/filterdns-ipsec.pid', 'HUP');
} else {
mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
}
} else {
killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
@unlink("{$g['varrun_path']}/filterdns-ipsec.pid");
killbypid('/var/run/filterdns-ipsec.pid');
}
if (file_exists("/var/run/booting"))
@ -927,20 +917,20 @@ function vpn_pptpd_configure() {
echo gettext("Configuring PPTP VPN service... ");
} else {
/* kill mpd */
killbypid("{$g['varrun_path']}/pptp-vpn.pid");
killbypid('/var/run/pptp-vpn.pid');
/* wait for process to die */
sleep(3);
if (is_process_running("mpd -b")) {
killbypid("{$g['varrun_path']}/pptp-vpn.pid");
killbypid('/var/run/pptp-vpn.pid');
log_error(gettext("Could not kill mpd within 3 seconds. Trying again."));
}
/* remove mpd.conf, if it exists */
unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.conf");
unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.links");
unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.secret");
@unlink('/var/etc/pptp-vpn/mpd.conf');
@unlink('/var/etc/pptp-vpn/mpd.links');
@unlink('/var/etc/pptp-vpn/mpd.secret');
}
if (empty($pptpdcfg['n_pptp_units'])) {
@ -949,13 +939,12 @@ function vpn_pptpd_configure() {
}
/* make sure pptp-vpn directory exists */
if (!file_exists("{$g['varetc_path']}/pptp-vpn"))
mkdir("{$g['varetc_path']}/pptp-vpn");
@mkdir('/var/etc/pptp-vpn');
switch ($pptpdcfg['mode']) {
case 'server' :
/* write mpd.conf */
$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.conf", "w");
$fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
return 1;
@ -1074,7 +1063,7 @@ EOD;
unset($mpdconf);
/* write mpd.links */
$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.links", "w");
$fd = fopen('/var/etc/pptp-vpn/mpd.links', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_pptpd_configure().") . "\n");
return 1;
@ -1099,7 +1088,7 @@ EOD;
unset($mpdlinks);
/* write mpd.secret */
$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.secret", "w");
$fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
return 1;
@ -1118,12 +1107,12 @@ EOD;
fwrite($fd, $mpdsecret);
fclose($fd);
unset($mpdsecret);
chmod("{$g['varetc_path']}/pptp-vpn/mpd.secret", 0600);
chmod('/var/etc/pptp-vpn/mpd.secret', 0600);
vpn_netgraph_support();
/* fire up mpd */
mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pptp-vpn -p {$g['varrun_path']}/pptp-vpn.pid -s pptps pptps");
mwexec('/usr/local/sbin/mpd4 -b -d /var/etc/pptp-vpn -p /var/run/pptp-vpn.pid -s pptps pptps');
break;
@ -1152,8 +1141,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
$syscfg = $config['system'];
/* create directory if it does not exist */
if (!is_dir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn"))
mkdir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn");
@mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
if (file_exists("/var/run/booting")) {
if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off"))
@ -1162,7 +1150,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
echo gettext("Configuring PPPoE VPN service... ");
} else {
/* kill mpd */
killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
/* wait for process to die */
sleep(2);
@ -1181,7 +1169,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
$paporchap = "set link enable pap";
/* write mpd.conf */
$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
return 1;
@ -1290,7 +1278,7 @@ EOD;
unset($mpdconf);
/* write mpd.links */
$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n");
return 1;
@ -1317,7 +1305,7 @@ EOD;
if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
return 1;
@ -1336,17 +1324,16 @@ EOD;
fwrite($fd, $mpdsecret);
fclose($fd);
unset($mpdsecret);
chmod("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
chmod("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
}
/* Check if previous instance is still up */
while (file_exists("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid") && isvalidpid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid"))
killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
/* Get support for netgraph(4) from the nic */
pfSense_ngctl_attach(".", $pppoe_interface);
/* fire up mpd */
mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
mwexec("/usr/local/sbin/mpd4 -b -d /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn -p /var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
break;
}
@ -1357,33 +1344,26 @@ EOD;
return 0;
}
function vpn_l2tp_configure() {
function vpn_l2tp_configure()
{
global $config, $g;
$syscfg = $config['system'];
$l2tpcfg = $config['l2tp'];
/* create directory if it does not exist */
if (!is_dir("{$g['varetc_path']}/l2tp-vpn"))
mkdir("{$g['varetc_path']}/l2tp-vpn");
if (file_exists("/var/run/booting")) {
if (!$l2tpcfg['mode'] || ($l2tpcfg['mode'] == "off"))
return 0;
echo gettext("Configuring l2tp VPN service... ");
} else {
/* kill mpd */
killbypid("{$g['varrun_path']}/l2tp-vpn.pid");
/* wait for process to die */
sleep(8);
while (isvalidpid('/var/run/l2tp-vpn.pid')) {
killbypid('/var/run/l2tp-vpn.pid');
usleep(250 * 1000);
}
}
/* make sure l2tp-vpn directory exists */
if (!file_exists("{$g['varetc_path']}/l2tp-vpn"))
mkdir("{$g['varetc_path']}/l2tp-vpn");
@mkdir('/var/etc/l2tp-vpn');
switch ($l2tpcfg['mode']) {
@ -1394,7 +1374,7 @@ function vpn_l2tp_configure() {
$paporchap = "set link enable pap";
/* write mpd.conf */
$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.conf", "w");
$fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
return 1;
@ -1493,7 +1473,7 @@ EOD;
unset($mpdconf);
/* write mpd.links */
$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.links", "w");
$fd = fopen("/var/etc/l2tp-vpn/mpd.links", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_l2tp_configure().") . "\n");
return 1;
@ -1519,7 +1499,7 @@ EOD;
unset($mpdlinks);
/* write mpd.secret */
$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.secret", "w");
$fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
return 1;
@ -1535,12 +1515,12 @@ EOD;
fwrite($fd, $mpdsecret);
fclose($fd);
unset($mpdsecret);
chmod("{$g['varetc_path']}/l2tp-vpn/mpd.secret", 0600);
chmod('/var/etc/l2tp-vpn/mpd.secret', 0600);
vpn_netgraph_support();
/* fire up mpd */
mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps");
mwexec('/usr/local/sbin/mpd4 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps');
break;
@ -1554,12 +1534,13 @@ EOD;
return 0;
}
function vpn_ipsec_configure_preferoldsa() {
function vpn_ipsec_configure_preferoldsa()
{
global $config;
if(isset($config['ipsec']['preferoldsa']))
set_single_sysctl("net.key.preferred_oldsa", "-30");
else
set_single_sysctl("net.key.preferred_oldsa", "0");
}
?>
if (isset($config['ipsec']['preferoldsa'])) {
set_single_sysctl("net.key.preferred_oldsa", "-30");
} else {
set_single_sysctl("net.key.preferred_oldsa", "0");
}
}

19
src/etc/inc/vslb.inc
View File

@ -183,8 +183,7 @@ function relayd_configure($kill_first=false) {
}
}
$fd = fopen("{$g['varetc_path']}/relayd.conf", "w");
$fd = fopen('/var/etc/relayd.conf', 'w');
$conf .= "log updates \n";
/* Global timeout, interval and prefork settings
@ -355,13 +354,13 @@ function relayd_configure($kill_first=false) {
if (is_process_running('relayd')) {
if (! empty($vs_a)) {
if ($kill_first) {
mwexec('pkill relayd');
killbyname('relayd');
/* Remove all active relayd anchors now that relayd is no longer running. */
cleanup_lb_anchor("*");
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
cleanup_lb_anchor('*');
mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
} else {
// it's running and there is a config, just reload
mwexec("/usr/local/sbin/relayctl reload");
mwexec('/usr/local/sbin/relayctl reload');
}
} else {
/*
@ -371,7 +370,7 @@ function relayd_configure($kill_first=false) {
* mwexec('/usr/local/sbin/relayctl stop');
* returns "command failed"
*/
mwexec('pkill relayd');
killbyname('relayd');
/* Remove all active relayd anchors now that relayd is no longer running. */
cleanup_lb_anchor("*");
}
@ -379,8 +378,8 @@ function relayd_configure($kill_first=false) {
if (! empty($vs_a)) {
// not running and there is a config, start it
/* Remove all active relayd anchors so it can start fresh. */
cleanup_lb_anchor("*");
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
cleanup_lb_anchor('*');
mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
}
}
}
@ -557,5 +556,5 @@ function cleanup_lb_marked()
}
}
unlink_if_exists($filename);
@unlink($filename);
}

8
src/etc/rc.newwanip
View File

@ -95,15 +95,15 @@ if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
$oldip = "0.0.0.0";
if (file_exists("{$g['vardb_path']}/{$interface}_cacheip"))
$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
if (file_exists("/var/db/{$interface}_cacheip"))
$oldip = file_get_contents("/var/db/{$interface}_cacheip");
/* regenerate resolv.conf if DNS overrides are allowed */
system_resolvconf_generate(true);
/* write the current interface IP to file */
if (is_ipaddr($curwanip))
@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
@file_put_contents("/var/db/{$interface}_ip", $curwanip);
link_interface_to_vips($interface, "update");
@ -174,7 +174,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
setup_gateways_monitor();
if (is_ipaddr($curwanip))
@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
@file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
/* perform RFC 2136 DNS update */
services_dnsupdate_process($interface);

12
src/etc/rc.newwanipv6
View File

@ -87,21 +87,21 @@ if (!empty($new_domain_name_servers)) {
}
if (count($valid_ns > 0))
file_put_contents("{$g['varetc_path']}/nameserver_v6{$interface}", implode("\n", $valid_ns));
file_put_contents("/var/etc/nameserver_v6{$interface}", implode("\n", $valid_ns));
}
$new_domain_name = getenv("new_domain_name");
if (!empty($new_domain_name))
file_put_contents("{$g['varetc_path']}/searchdomain_v6{$interface}", $new_domain_name);
file_put_contents("/var/etc/searchdomain_v6{$interface}", $new_domain_name);
/* write current WAN IPv6 to file */
if (is_ipaddrv6($curwanipv6))
@file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6);
@file_put_contents("/var/db/{$interface}_ipv6", $curwanipv6);
log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).");
$oldipv6 = "";
if (file_exists("{$g['vardb_path']}/{$interface}_cacheipv6"))
$oldipv6 = file_get_contents("{$g['vardb_path']}/{$interface}_cacheipv6");
if (file_exists("/var/db/{$interface}_cacheipv6"))
$oldipv6 = file_get_contents("/var/db/{$interface}_cacheipv6");
$grouptmp = link_interface_to_group($interface);
if (!empty($grouptmp))
@ -136,7 +136,7 @@ if (is_ipaddrv6($oldipv6)) {
} else if (does_interface_exist($interface_real))
mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6);
file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
}
/* perform RFC 2136 DNS update */

2
src/etc/rc.openvpn
View File

@ -45,7 +45,7 @@ function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
} else {
if (!empty($interface)) {
$mode_id = $mode . $ovpn_settings['vpnid'];
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
$fpath = "/var/etc/openvpn/{$mode_id}.interface";
if (file_exists($fpath)) {
$current_device = file_get_contents($fpath);
$current_device = trim($current_device, " \t\n");

2
src/opnsense/mvc/app/config/config.php
View File

@ -20,9 +20,7 @@ return new \Phalcon\Config(array(
'globals' => array(
'config_path' => '/conf/',
'temp_path' => '/tmp/',
'vardb_path' => '/var/db/',
'debug' => false,
'simulate_mode' => false
)
));

10
src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php
View File

@ -45,7 +45,7 @@ class ServiceController extends ApiControllerBase
public function startAction()
{
$backend = new Backend();
$response = $backend->configdRun("service start proxy");
$response = $backend->configdRun("proxy start", true);
return array("response" => $response);
}
@ -56,7 +56,7 @@ class ServiceController extends ApiControllerBase
public function stopAction()
{
$backend = new Backend();
$response = $backend->configdRun("service stop proxy");
$response = $backend->configdRun("proxy stop");
return array("response" => $response);
}
@ -67,7 +67,7 @@ class ServiceController extends ApiControllerBase
public function restartAction()
{
$backend = new Backend();
$response = $backend->configdRun("service restart proxy");
$response = $backend->configdRun("proxy restart");
return array("response" => $response);
}
@ -79,7 +79,7 @@ class ServiceController extends ApiControllerBase
public function statusAction()
{
$backend = new Backend();
$response = $backend->configdRun("service status proxy");
$response = $backend->configdRun("proxy status");
if (strpos($response, "not running") > 0) {
$status = "stopped";
@ -117,7 +117,7 @@ class ServiceController extends ApiControllerBase
// (res)start daemon
if ($mdlProxy->general->enabled->__toString() == 1) {
if ($runStatus['status'] == "running") {
$backend->configdRun("service reconfigure proxy");
$backend->configdRun("proxy reconfigure");
} else {
$this->startAction();
}

3
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php
View File

@ -122,8 +122,7 @@ class DB
public function open()
{
// open database
$db_path = FactoryDefault::getDefault()->get('config')->globals->vardb_path .
"/captiveportal" . $this->zone . ".db";
$db_path = "/var/db/captiveportal{$this->zone}.db";
try {
$this->handle = new Sqlite(array("dbname" => $db_path));

77
src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
View File

@ -35,8 +35,25 @@
<Required>Y</Required>
</dnsV4First>
<forwardedForHandling type="OptionField">
<default>on</default>
<Required>N</Required>
<OptionValues>
<on>Append client's IP (on)</on>
<off>Set forward header to unknown (off)</off>
<transparent>Do not alter forward header (transparent)</transparent>
<truncate>Replace all with client's IP (truncate)</truncate>
</OptionValues>
</forwardedForHandling>
<uriWhitespaceHandling type="OptionField">
<default>strip</default>
<Required>N</Required>
<OptionValues>
<strip>Strip whitespaces</strip>
<deny>Deny request</deny>
<allow>Allow whitespaces</allow>
<encode>Encode whitespaces (RFC1738)</encode>
<chop>Chop URI at first whitespace</chop>
</OptionValues>
</uriWhitespaceHandling>
<useViaHeader type="BooleanField">
<default>1</default>
@ -46,6 +63,66 @@
<default>0</default>
<Required>N</Required>
</suppressVersion>
<cache>
<local>
<enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</enabled>
<directory type="TextField">
<default>/var/squid/cache</default>
<Required>Y</Required>
</directory>
<size type="IntegerField">
<default>100</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify a positive cache size. (number of MB's)"</ValidationMessage>
<Required>Y</Required>
</size>
<l1 type="IntegerField">
<default>16</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify a positive number of first-level subdirectories."</ValidationMessage>
<Required>Y</Required>
</l1>
<l2 type="IntegerField">
<default>256</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify a positive number of second-level subdirectories."</ValidationMessage>
<Required>Y</Required>
</l2>
</local>
</cache>
<traffic>
<enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</enabled>
<maxDownloadSize type="IntegerField">
<default>2048</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify the maximum download size. (number of KB's)"</ValidationMessage>
<Required>N</Required>
</maxDownloadSize>
<maxUploadSize type="IntegerField">
<default>1024</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify the maximum upload size. (number of KB's)"</ValidationMessage>
<Required>N</Required>
</maxUploadSize>
<OverallBandwidthTrotteling type="IntegerField">
<default>1024</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify the overall bandwidth for downloads in kilobits per second."</ValidationMessage>
<Required>N</Required>
</OverallBandwidthTrotteling>
<perHostTrotteling type="IntegerField">
<default>256</default>
<MinimumValue>1</MinimumValue>
<ValidationMessage>"Specify the per host bandwidth for downloads in kilobits per second."</ValidationMessage>
<Required>N</Required>
</perHostTrotteling>
</traffic>
</general>
<forward>
<interfaces type="CSVListField">

71
src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
View File

@ -234,19 +234,80 @@ maxheight: define max height of select box, default=170px to hold 5 items
replies as required by RFC2616.',
'advanced':'true'
],
['id':'proxy.general.forwardedForHandling',
'label':'X-Forwarded for header handling',
'type':'dropdown',
'help':'Select what to do with X-Forwarded for header.',
'advanced':'true'
],
['id': 'proxy.general.suppressVersion',
'label':'Suppress version string',
'type':'checkbox',
'help':'Suppress Squid version string info in HTTP headers and HTML error pages.',
'advanced':'true'
],
['id':'proxy.general.uriWhitespaceHandling',
'label':'Whitespace handling of URI',
'type':'dropdown',
'help':'Select what to do with URI that contain whitespaces.<br/>
<div class="text-info"><b>NOTE:</b> the current Squid implementation of encode and chop violates
RFC2616 by not using a 301 redirect after altering the URL.</div>',
'advanced':'true'
]}
],
[ 'proxy-general-cache','Local Cache Settings',
{['id': 'proxy.general.enabled',
'label':'Enable proxy',
[ 'proxy-general-cache-local','Local Cache Settings',
{['id': 'proxy.general.cache.local.enabled',
'label':'Enable local cache.',
'type':'checkbox',
'help':'Enable or disable the proxy service.'
'help':'Enable or disable the local cache.<br/>
Curently only ufs directory cache type is supported.<br/>
<b class="text-danger">Do not enable on embedded systems with SD or CF cards as this may break your drive.</b>'
],
['id': 'proxy.general.cache.local.size',
'label':'Cache size in Megabytes',
'type':'text',
'help':'Enter the storage size for the local cache (default is 100).',
'advanced':'true'
],
['id': 'proxy.general.cache.local.l1',
'label':'Number of first-level subdirectories',
'type':'text',
'help':'Enter the number of first-level subdirectories for the local cache (default is 16).',
'advanced':'true'
],
['id': 'proxy.general.cache.local.l2',
'label':'Number of second-level subdirectories',
'type':'text',
'help':'Enter the number of first-level subdirectories for the local cache (default is 256).',
'advanced':'true'
]}
],
[ 'proxy-general-traffic','Traffic Management Settings',
{['id': 'proxy.general.traffic.enabled',
'label':'Enable traffic management.',
'type':'checkbox',
'help':'Enable or disable traffic management.'
],
['id': 'proxy.general.traffic.maxDownloadSize',
'label':'Maximum download size (Kb)',
'type':'text',
'help':'Enter the maxium size for downloads in kilobytes (leave empty to disable).'
],
['id': 'proxy.general.traffic.maxUploadSize',
'label':'Maximum upload size (Kb)',
'type':'text',
'help':'Enter the maxium size for uploads in kilobytes (leave empty to disable).'
],
['id': 'proxy.general.traffic.OverallBandwidthTrotteling',
'label':'Overall bandwidth throtteling (Kbps)',
'type':'text',
'help':'Enter the allowed overall bandtwith in kilobits per second (leave empty to disable).'
],
['id': 'proxy.general.traffic.perHostTrotteling',
'label':'Per host bandwidth throtteling (Kbps)',
'type':'text',
'help':'Enter the allowed per host bandtwith in kilobits per second (leave empty to disable).'
]}
]}
],
['proxy-forward','Forward Proxy','subtabs': {
@ -266,7 +327,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
['id': 'proxy.forward.transparentMode',
'label':'Enable Transparent HTTP proxy',
'type':'checkbox',
'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
'help':'Enable transparent proxy mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
],
['id': 'proxy.forward.addACLforInterfaceSubnets',
'label':'Allow interface subnets',

12
src/opnsense/service/conf/actions.d/actions_proxy.conf
View File

@ -1,28 +1,28 @@
[start.proxy]
command:/usr/local/etc/rc.d/squid start
[start]
command:/usr/local/sbin/squid -z;/usr/local/etc/rc.d/squid start
parameters:
type:script
message:starting proxy
[stop.proxy]
[stop]
command:/usr/local/etc/rc.d/squid stop;/usr/bin/killall squid;exit 0
parameters:
type:script
message:stopping proxy
[restart.proxy]
[restart]
command:/usr/local/etc/rc.d/squid restart
parameters:
type:script
message:restarting proxy
[reconfigure.proxy]
[reconfigure]
command:/usr/local/etc/rc.d/squid reload
parameters:
type:script
message:reconfigure proxy
[status.proxy]
[status]
command:/usr/local/etc/rc.d/squid status;exit 0
parameters:
type:script_output

3
src/opnsense/service/modules/processhandler.py
View File

@ -274,7 +274,8 @@ class ActionHandler(object):
if command in self.action_map:
if action in self.action_map[command]:
if type(self.action_map[command][action]) == dict:
if len(parameters) > 0 and parameters[0] in self.action_map[command][action]:
if parameters is not None and len(parameters) > 0 \
and parameters[0] in self.action_map[command][action]:
# 3 level action ( "interface linkup start" for example )
if isinstance(self.action_map[command][action][parameters[0]], Action):
action_obj = self.action_map[command][action][parameters[0]]

128
src/opnsense/service/templates/OPNsense/Proxy/squid.conf
View File

@ -8,7 +8,6 @@
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
{% endif %}
{% endfor %}
{# virtual ip's #}
@ -25,88 +24,90 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
# Rules allowing access from your local networks.
# Generated list of (internal) IP networks from where browsing
# should be allowed. (Allow interface subnets).
{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
{% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
{% if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
acl localnet src {{intf_item.ipaddr.split(".")[0:3]|join(".")}}.0/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
# Default allow for local-link and private networks
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
# Default localhost and to_localhost acl's
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# ACL lists
{% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %}
# ACL - Allow Subnets - User defined (subnets)
{% for network in OPNsense.proxy.forward.acl.allowedSubnets.split(",") %}
acl subnets src {{network}}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}
# ACL - Unrestricted IPs - User defined (unrestricted)
{% for ip in OPNsense.proxy.forward.acl.unrestricted.split(",") %}
acl unrestricted src {{ip}}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
# ACL - Banned Hosts - User defined (bannedHosts)
{% for ip in OPNsense.proxy.forward.acl.bannedHosts.split(",") %}
acl bannedHosts src {{ip}}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
# ALC - Whitelist - User defined (whiteList)
{% for element in OPNsense.proxy.forward.acl.whiteList.split(",") %}
{% if '^' or '\\' or '$' or '[' in element %}
{% if ('^' or '\\' or '$' or '[') in element %}
acl whiteList url_regex {{element}}
{% else %}
acl dstdomain {{element}}
acl whiteList url_regex .+{{element|replace(".","\.")}}
{% endif %}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}
# ALC - Blacklist - User defined (blackList)
{% for element in OPNsense.proxy.forward.acl.blackList.split(",") %}
{% if '^' or '\\' or '$' or '[' in element %}
acl url_regex {{element}}
{% if ('^' or '\\' or '$' or '[') in element %}
acl blackList url_regex {{element}}
{% else %}
acl blackList dstdomain {{element}}
acl blackList url_regex .+{{element|replace(".","\.")}}
{% endif %}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}
# ALC - Block browser/user-agent - User defined (browser)
{% for element in OPNsense.proxy.forward.acl.browser.split(",") %}
acl blockuseragents browser {{element}}
{% endfor %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}
# ALC - Block MIME types - User defined (mimetype)
{% for element in OPNsense.proxy.forward.acl.mimeType.split(",") %}
acl blockmimetypes rep_mime_type {{element}}
acl blockmimetypes_requests req_mime_type {{element}}
{% endfor %}
{% endif %}
@ -144,20 +145,25 @@ auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
# ACL - Local Authorized Users - local_auth
acl local_auth proxy_auth REQUIRED
{% endif %}
# ALLOW UNRESTRICTED
{% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}
# ALLOW UNRESTRICTED
# ACL list (Allow) unrestricted
http_access allow unrestricted
{% endif %}
#
{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
# ACL list (Allow) whitelist
http_access allow whiteList
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}
#
# ACL list (Deny) blacklist
http_access deny blackList
{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}
# ACL list (Deny) blockuseragent
@ -167,14 +173,17 @@ http_access deny blockuseragents
{% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}
# ACL list (Deny) blockmimetypes
http_access deny blockmimetypes
http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
{% endif %}
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
{% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
http_access deny bannedHosts
@ -189,12 +198,6 @@ http_access deny manager
# one who can access services on "localhost" is a local user
http_access deny to_localhost
{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
# ACL list (Allow) whitelist
http_access allow whiteList
{% endif %}
#
# Access Permission configuration:
#
@ -218,8 +221,12 @@ http_access allow subnets
# Deny all other access to this proxy
http_access deny all
{% if helpers.exists('OPNsense.proxy.general.cache.local') %}
{% if OPNsense.proxy.general.cache.local.enabled == '1' %}
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/squid/cache 100 16 256
cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
{% endif %}
{% endif %}
# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache
@ -273,3 +280,40 @@ httpd_suppress_version_string on
icp_port {{OPNsense.proxy.general.icpPort}}
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.uriWhitespaceHandling') %}
# URI hanlding with Whitespaces (default=strip)
uri_whitespace {{OPNsense.proxy.general.uriWhitespaceHandling}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.forwardedForHandling') %}
# X-Forwarded header handling (default=on)
forwarded_for {{OPNsense.proxy.general.forwardedForHandling}}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.traffic.enabled') and OPNsense.proxy.general.traffic.enabled == '1' %}
{% if helpers.exists('OPNsense.proxy.general.traffic.maxDownloadSize') %}
# Define max download size
reply_body_max_size {{OPNsense.proxy.general.traffic.maxDownloadSize}} KB
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.traffic.maxUploadSize') %}
# Define max upload size
request_body_max_size {{OPNsense.proxy.general.traffic.maxUploadSize}} KB
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
delay_pools 1
delay_class 1 3
delay_access 1 allow all
{% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') %}
# Define PerHost and Overall Bandwith Trotteling
delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
{% else %}
# Define PerHost Trotteling
delay_parameters -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') and not helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
# Define Overall Bandwidth Trotteling
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
{% endif %}
{% endif %}

8
src/opnsense/www/js/jquery.tokenize.js
View File

@ -479,17 +479,17 @@
},
tokenRemove: function(value){
var option = $('option[value="' + value.replace('\\','\\\\') + '"]', this.select);
var new_value=value.replace(/\\/g,'\\\\').replace(/\*/g,'\\*'); // add escape character
var option = $('option[value="' + new_value + '"]', this.select);
if(option.attr('data-type') == 'custom'){
option.remove();
} else {
option.removeAttr('selected');
}
$('li.Token[data-value="' + value.replace('\\','\\\\') + '"]', this.tokensContainer).remove();
$('li.Token[data-value="' + new_value + '"]', this.tokensContainer).remove();
this.options.onRemoveToken(value.replace('\\','\\\\') );
this.options.onRemoveToken(new_value );
this.resizeSearchInput();
this.dropdownHide();

40
src/pkg/openvpn-client-export.inc
View File

@ -63,9 +63,9 @@ function openvpn_client_export_deinstall()
$ovpndir = "/usr/local/share/openvpn";
$workdir = "{$ovpndir}/client-export";
unlink_if_exists("/usr/local/www/{$phpfile}");
unlink_if_exists("/usr/local/www/{$phpfile2}");
unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz");
@unlink("/usr/local/www/{$phpfile}");
@unlink("/usr/local/www/{$phpfile2}");
@unlink("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz");
exec("/bin/rm -r {$workdir}");
}
@ -363,7 +363,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
switch ($expformat) {
case "zip":
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
$tempdir = "/tmp/{$prefix}";
@mkdir($tempdir, 0700, true);
file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
@ -391,12 +391,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
}
$command = "cd " . escapeshellarg("{$tempdir}/..")
. " && /usr/local/bin/zip -r "
. escapeshellarg("{$g['tmp_path']}/{$prefix}-config.zip")
. escapeshellarg("/tmp/{$prefix}-config.zip")
. " " . escapeshellarg($prefix);
exec($command);
// Remove temporary directory
exec("rm -rf " . escapeshellarg($tempdir));
return "{$g['tmp_path']}/{$prefix}-config.zip";
return "/tmp/{$prefix}-config.zip";
break;
case "inline":
case "inlinedroid":
@ -422,7 +422,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
case "yealink_t38g":
case "yealink_t38g2":
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
$tempdir = "/tmp/{$prefix}";
$keydir = "{$tempdir}/keys";
mkdir($tempdir, 0700, true);
mkdir($keydir, 0700, true);
@ -443,14 +443,13 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
$keyfile = "{$keydir}/client1.key";
file_put_contents($keyfile, base64_decode($cert['prv']));
}
exec("tar -C {$tempdir} -cf {$g['tmp_path']}/client.tar ./keys ./vpn.cnf");
exec("tar -C {$tempdir} -cf /tmp/client.tar ./keys ./vpn.cnf");
// Remove temporary directory
exec("rm -rf {$tempdir}");
return $g['tmp_path'] . "/client.tar";
break;
return '/tmp/client.tar';
case "snom":
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
$tempdir = "/tmp/{$prefix}";
mkdir($tempdir, 0700, true);
file_put_contents("{$tempdir}/vpn.cnf", $conf);
@ -469,11 +468,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
$keyfile = "{$tempdir}/phone1.key";
file_put_contents($keyfile, base64_decode($cert['prv']));
}
exec("cd {$tempdir}/ && tar -cf {$g['tmp_path']}/vpnclient.tar *");
exec("cd {$tempdir}/ && tar -cf /tmp/vpnclient.tar *");
// Remove temporary directory
exec("rm -rf {$tempdir}");
return $g['tmp_path'] . "/vpnclient.tar";
break;
return '/tmp/vpnclient.tar';
default:
return $conf;
}
@ -513,7 +511,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
}
// create template directory
$tempdir = $g['tmp_path'] . "/openvpn-export-".uniqid();
$tempdir = "/tmp//openvpn-export-".uniqid();
mkdir($tempdir, 0700, true);
// create config directory
@ -593,7 +591,7 @@ RunProgram="openvpn-postinstall.exe"
// create the final installer
$outfile = "{$tempdir}-install.exe";
chdir($g['tmp_path']);
chdir('/tmp');
exec("/bin/cat {$tempdir}/7zS.sfx {$tempdir}/7zipConfig {$tempdir}/archive.7z > {$outfile}");
// cleanup
@ -611,8 +609,8 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
openvpn_client_export_install();
$uniq = uniqid();
$tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq;
$zipfile = $g['tmp_path'] . "/{$uniq}-Viscosity.visc.zip";
$tempdir = "/tmp/openvpn-export-{$uniq}";
$zipfile = "/tmp/{$uniq}-Viscosity.visc.zip";
$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
if ($validconfig) {
@ -821,7 +819,7 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
if ($zipconf == true) {
// create template directory
$tempdir = "{$g['tmp_path']}/{$prefix}";
$tempdir = "/tmp/{$prefix}";
mkdir($tempdir, 0700, true);
file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
@ -830,9 +828,9 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip"))
exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
else
exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
exec("cd {$tempdir}/.. && /usr/local/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
// Remove temporary directory
exec("rm -rf {$tempdir}");

2
src/sbin/gmirror_status_check.php
View File

@ -32,7 +32,7 @@ require_once("globals.inc");
require_once("gmirror.inc");
global $g;
$status_file = "{$g['varrun_path']}/gmirror.status";
$status_file = '/var/run/gmirror.status';
$mirror_status = gmirror_get_status();
$mirror_list = array_keys($mirror_status);

1728
src/share/locale/en/LC_MESSAGES/OPNsense.pot
View File

File diff suppressed because it is too large Load Diff

4
src/www/diag_backup.php
View File

@ -75,7 +75,7 @@ function restore_rrddata() {
global $config, $g, $rrdtool, $input_errors;
foreach($config['rrddata']['rrddatafile'] as $rrd) {
if ($rrd['xmldata']) {
$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
$rrd_file = "/var/db/rrd/{$rrd['filename']}";
$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
if (file_put_contents($xml_file, gzinflate(base64_decode($rrd['xmldata']))) === false) {
log_error("Cannot write $xml_file");
@ -91,7 +91,7 @@ function restore_rrddata() {
unlink($xml_file);
}
else if ($rrd['data']) {
$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
$rrd_file = "/var/db/rrd/{$rrd['filename']}";
$rrd_fd = fopen($rrd_file, "w");
if (!$rrd_fd) {
log_error("Cannot write $rrd_file");

2
src/www/diag_confbak.php
View File

@ -55,7 +55,7 @@ if (isset($_POST['backupcount'])) {
$savemsg = gettext("Unable to revert to the selected configuration.");
}
if($_POST['rmver'] != "") {
unlink_if_exists('/conf/backup/config-' . $_POST['rmver'] . '.xml');
@unlink('/conf/backup/config-' . $_POST['rmver'] . '.xml');
$savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']),$confvers[$_POST['rmver']]['description']);
}
}

2
src/www/diag_logs_settings.php
View File

@ -164,7 +164,7 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) {
$savemsg .= "<br />" . gettext("WebGUI process is restarting.");
}
filter_pflog_start(true);
filter_pflog_start();
}
}

5
src/www/fbegin.inc
View File

@ -215,8 +215,9 @@ if(count($config['interfaces']) > 1)
$ifentries = get_configured_interface_with_descr();
foreach ($ifentries as $ent => $entdesc) {
if (is_array($config['interfaces'][$ent]['wireless']) &&
preg_match($g['wireless_regex'], $config['interfaces'][$ent]['if']))
match_wireless_interface($config['interfaces'][$ent]['if'])) {
$wifdescrs[$ent] = $entdesc;
}
}
if (count($wifdescrs) > 0)
$status_menu[] = array(gettext("Wireless"), "/status_wireless.php");
@ -295,7 +296,7 @@ $pgtitle_output = true;
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="/">
<a class="navbar-brand" href="/index.php">
<img class="brand-logo" src="/themes/<?=$g['theme'];?>/assets/images/default-logo.png" height="30" width="150"/>
<img class="brand-icon" src="/themes/<?=$g['theme'];?>/assets/images/icon-logo.png" height="30" width="29"/>
</a>

2
src/www/firewall_aliases_edit.php
View File

@ -194,7 +194,7 @@ if ($_POST) {
/* fetch down and add in */
$isfirst = 0;
$temp_filename = tempnam('/tmp/', 'alias_import');
unlink_if_exists($temp_filename);
@unlink($temp_filename);
$verify_ssl = isset($config['system']['checkaliasesurlcert']);
mkdir($temp_filename);
download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl);

2
src/www/firewall_shaper.php
View File

@ -1,4 +1,5 @@
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2004, 2005 Scott Ullrich
@ -303,7 +304,6 @@ if ($_GET) {
$output_form .= $default_shaper_msg;
$dontshow = true;
}
mwexec("killall qstats");
} else {
$output_form .= $default_shaper_msg;
$dontshow = true;

4
src/www/firewall_shaper_wizards.php
View File

@ -52,8 +52,8 @@ if ($_POST['apply']) {
$savemsg = $retval;
/* reset rrd queues */
unlink_if_exists("/var/db/rrd/*queuedrops.rrd");
unlink_if_exists("/var/db/rrd/*queues.rrd");
mwexec('/bin/rm /var/db/rrd/*queuedrops.rrd');
mwexec('/bin/rm /var/db/rrd/*queues.rrd');
enable_rrd_graphing();
clear_subsystem_dirty('shaper');

7
src/www/interfaces_assign.php
View File

@ -209,7 +209,7 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
$config['interfaces'][$newifname] = array();
$config['interfaces'][$newifname]['descr'] = $descr;
$config['interfaces'][$newifname]['if'] = $_POST['if_add'];
if (preg_match($g['wireless_regex'], $_POST['if_add'])) {
if (match_wireless_interface($_POST['if_add'])) {
$config['interfaces'][$newifname]['wireless'] = array();
interface_sync_wireless_clones($config['interfaces'][$newifname], false);
}
@ -315,7 +315,7 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
}
/* check for wireless interfaces, set or clear ['wireless'] */
if (preg_match($g['wireless_regex'], $ifport)) {
if (match_wireless_interface($ifport)) {
if (!is_array($config['interfaces'][$ifname]['wireless']))
$config['interfaces'][$ifname]['wireless'] = array();
} else {
@ -327,8 +327,9 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
$config['interfaces'][$ifname]['descr'] = strtoupper($ifname);
if ($reloadif == true) {
if (preg_match($g['wireless_regex'], $ifport))
if (match_wireless_interface($ifport)) {
interface_sync_wireless_clones($config['interfaces'][$ifname], false);
}
/* Reload all for the interface. */
interface_configure($ifname, true);
}

3
src/www/interfaces_wireless_edit.php
View File

@ -1,4 +1,5 @@
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2010 Erik Fonnesbeck
@ -163,7 +164,7 @@ include("head.inc");
<select name="if" class="selectpicker">
<?php
foreach ($portlist as $ifn => $ifinfo)
if (preg_match($g['wireless_regex'], $ifn)) {
if (match_wireless_interface($ifn)) {
echo "<option value=\"{$ifn}\"";
if ($ifn == $pconfig['if'])
echo " selected=\"selected\"";

14
src/www/services_captiveportal_vouchers.php
View File

@ -156,11 +156,11 @@ if ($_GET['act'] == "del") {
else if ($_GET['act'] == "csv") {
$privkey = base64_decode($config['voucher'][$cpzone]['privatekey']);
if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) {
$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.private","w");
$fd = fopen("/var/etc/voucher_{$cpzone}.private","w");
if (!$fd) {
$input_errors[] = gettext("Cannot write private key file") . ".\n";
} else {
chmod("{$g['varetc_path']}/voucher_{$cpzone}.private", 0600);
chmod("/var/etc/voucher_{$cpzone}.private", 0600);
fwrite($fd, $privkey);
fclose($fd);
$a_voucher = &$config['voucher'][$cpzone]['roll'];
@ -170,11 +170,13 @@ else if ($_GET['act'] == "csv") {
$count = $a_voucher[$id]['count'];
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=vouchers_{$cpzone}_roll{$number}.csv");
if (file_exists("{$g['varetc_path']}/voucher_{$cpzone}.cfg"))
system("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -p {$g['varetc_path']}/voucher_{$cpzone}.private $number $count");
@unlink("{$g['varetc_path']}/voucher_{$cpzone}.private");
} else
if (file_exists("/var/etc/voucher_{$cpzone}.cfg")) {
system("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -p /var/etc/voucher_{$cpzone}.private $number $count");
}
@unlink("/var/etc/voucher_{$cpzone}.private");
} else {
header("Location: services_captiveportal_vouchers.php?zone={$cpzone}");
}
exit;
}
} else {

2
src/www/services_dhcpv6.php
View File

@ -301,7 +301,7 @@ if ($_POST) {
if (!$input_errors || $_POST['apply'] == 'Apply changes') {
/* Stop DHCPv6 so we can cleanup leases */
killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
// dhcp_clean_leases();
/* dnsmasq_configure calls dhcpd_configure */
/* no need to restart dhcpd twice */

5
src/www/status_captiveportal_vouchers.php
View File

@ -65,10 +65,11 @@ foreach($a_roll as $rollent) {
$roll = $rollent['number'];
$minutes = $rollent['minutes'];
if (!file_exists("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db"))
if (!file_exists("/var/db/voucher_{$cpzone}_active_{$roll}.db")) {
continue;
}
$active_vouchers = file("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$active_vouchers = file("/var/db/voucher_{$cpzone}_active_{$roll}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($active_vouchers as $voucher => $line) {
list($voucher,$timestamp, $minutes) = explode(",", $line);
$remaining = (($timestamp + 60*$minutes) - time());

7
src/www/status_filter_reload.php
View File

@ -1,6 +1,6 @@
<?php
/*
status_filter_reload.php
Copyright (C) 2006 Scott Ullrich
All rights reserved.
@ -33,8 +33,9 @@ require_once("functions.inc");
$pgtitle = array(gettext("Status"),gettext("Filter Reload Status"));
$shortcut_section = "firewall";
if(file_exists("{$g['varrun_path']}/filter_reload_status"))
$status = file_get_contents("{$g['varrun_path']}/filter_reload_status");
if (file_exists('/var/run/filter_reload_status')) {
$status = file_get_contents('/var/run/filter_reload_status');
}
if($_GET['getstatus']) {
echo "|{$status}|";

2
src/www/status_openvpn.php
View File

@ -57,7 +57,7 @@ function kill_client($port, $remipp) {
global $g;
//$tcpsrv = "tcp://127.0.0.1:{$port}";
$tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock";
$tcpsrv = "unix:///var/etc/openvpn/{$port}.sock";
$errval;
$errstr;

8
src/www/status_queues.php
View File

@ -45,13 +45,15 @@ class QueueStats {
public $suspends;
public $drops;
}
if (!file_exists("{$g['varrun_path']}/qstats.pid") || !isvalidpid("{$g['varrun_path']}/qstats.pid")) {
if (!isvalidpid('/var/run/qstats.pid')) {
/* Start in the background so we don't hang up the GUI */
mwexec_bg("/usr/local/sbin/qstats -p {$g['varrun_path']}/qstats.pid");
mwexec_bg('/usr/local/sbin/qstats -p /var/run/qstats.pid');
/* Give it a moment to start up */
sleep(1);
}
$fd = @fsockopen("unix://{$g['varrun_path']}/qstats");
$fd = @fsockopen('unix:///var/run/qstats');
if (!$fd) {
$error = "Something wrong happened during comunication with stat gathering";
} else {

4
src/www/status_rrd_graph_img.php
View File

@ -1236,14 +1236,14 @@ if(($graphcmdreturn <> 0) || (! $data)) {
log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'),$graphcmdreturn,$graphcmdoutput));
if(strstr($curdatabase, "queues")) {
log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase));
unlink_if_exists($rrddbpath . $curif . $queues);
@unlink($rrddbpath . $curif . $queues);
flush();
usleep(500);
enable_rrd_graphing();
}
if(strstr($curdatabase, "queuesdrop")) {
log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase));
unlink_if_exists($rrddbpath . $curdatabase);
@unlink($rrddbpath . $curdatabase);
flush();
usleep(500);
enable_rrd_graphing();

6
src/www/system_advanced_firewall.php
View File

@ -203,9 +203,9 @@ if ($_POST) {
write_config();
// Kill filterdns when value changes, filter_configure() will restart it
if (($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) &&
isvalidpid("{$g['varrun_path']}/filterdns.pid"))
killbypid("{$g['varrun_path']}/filterdns.pid");
if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) {
killbypid('/var/run/filterdns.pid');
}
$retval = 0;
$retval = filter_configure();

5
src/www/system_advanced_notifications.php
View File

@ -136,15 +136,14 @@ if ($_POST) {
// Send test message via growl
if($config['notifications']['growl']['ipaddress'] &&
$config['notifications']['growl']['password'] = $_POST['password']) {
unlink_if_exists($g['vardb_path'] . "/growlnotices_lastmsg.txt");
@unlink('/var/db/growlnotices_lastmsg.txt');
register_via_growl();
notify_via_growl(sprintf(gettext("This is a test message from %s. It is safe to ignore this message."), $g['product_name']), true);
}
}
if ($_POST['test_smtp'] == gettext("Test SMTP")) {
// Send test message via smtp
if(file_exists("/var/db/notices_lastmsg.txt"))
unlink("/var/db/notices_lastmsg.txt");
@unlink('/var/db/notices_lastmsg.txt');
$savemsg = notify_via_smtp(sprintf(gettext("This is a test message from %s. It is safe to ignore this message."), $g['product_name']), true);
}
}

4
src/www/system_general.php
View File

@ -70,8 +70,8 @@ if (!$pconfig['timeservers'])
$changedesc = gettext("System") . ": ";
$changecount = 0;
if($pconfig['timezone'] <> $_POST['timezone']) {
filter_pflog_start(true);
if ($pconfig['timezone'] <> $_POST['timezone']) {
filter_pflog_start();
}
$timezonelist = array_map(

13
src/www/vpn_openvpn_export_shared.php
View File

@ -1,7 +1,6 @@
<?php
/*
vpn_openvpn_export_shared.php
/*
Copyright (C) 2008 Shrew Soft Inc.
Copyright (C) 2010 Ermal Luçi
All rights reserved.
@ -26,13 +25,11 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
DISABLE_PHP_LINT_CHECKING
*/
require_once("globals.inc");
require_once("guiconfig.inc");
require("openvpn-client-export.inc");
require_once("openvpn-client-export.inc");
$pgtitle = array("OpenVPN", "Client Export Utility");
@ -125,7 +122,7 @@ if(($act == "skconf") || ($act == "skzipconf")) {
if (!$error) {
if ($zipconf) {
$exp_name = urlencode($exp_data);
$exp_size = filesize("{$g['tmp_path']}/{$exp_data}");
$exp_size = filesize("/tmp/{$exp_data}");
} else {
$exp_name = urlencode($exp_name."-config.ovpn");
$exp_size = strlen($exp_data);
@ -137,11 +134,11 @@ if(($act == "skconf") || ($act == "skzipconf")) {
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
if ($zipconf)
readfile("{$g['tmp_path']}/{$exp_data}");
readfile("/tmp/{$exp_data}");
else
echo $exp_data;
@unlink("{$g['tmp_path']}/{$exp_data}");
@unlink("/tmp/{$exp_data}");
exit;
}
}

13
src/www/vpn_pppoe.php
View File

@ -31,8 +31,13 @@ require_once("guiconfig.inc");
require_once("filter.inc");
require_once("vpn.inc");
if (!is_array($config['pppoes']['pppoe']))
if (!is_array($config['pppoes'])) {
$config['pppoes'] = array();
}
if (!is_array($config['pppoes']['pppoe'])) {
$config['pppoes']['pppoe'] = array();
}
$a_pppoes = &$config['pppoes']['pppoe'];
@ -65,10 +70,8 @@ if ($_POST) {
if ($_GET['act'] == "del") {
if ($a_pppoes[$_GET['id']]) {
if ("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid")
killbypid("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid");
if (is_dir("{$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']))
mwexec("/bin/rm -r {$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']);
killbypid("/var/run/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}-vpn.pid");
mwexecf('/bin/rm -r %s', "/var/etc/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}");
unset($a_pppoes[$_GET['id']]);
write_config();
header("Location: vpn_pppoe.php");

3
src/www/widgets/widgets/openvpn.widget.php
View File

@ -1,4 +1,5 @@
<?php
/*
Copyright (C) 2014 Deciso B.V.
All rights reserved.
@ -50,7 +51,7 @@ function kill_client($port, $remipp) {
global $g;
//$tcpsrv = "tcp://127.0.0.1:{$port}";
$tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock";
$tcpsrv = "unix:///var/etc/openvpn/{$port}.sock";
$errval;
$errstr;