#!/usr/local/bin/php
<?php

/*
    Copyright (C) 2004-2009 Scott Ullrich <sullrich@pfsense.org>.
    Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
    Copyright (C) 2009 Erik Kristensen
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

/* looks weird, but means we started PHP successfully */
echo " done.\n";

echo "Initializing...";
require_once("config.inc");
echo ".";
require_once("config.console.inc");
echo ".";
require_once("auth.inc");
echo ".";
require_once("util.inc");
echo ".";
require_once("interfaces.inc");
echo ".";
require_once("services.inc");
echo ".";
require_once("system.inc");
echo ".";
require_once("filter.inc");
echo ".";
require_once("ipsec.inc");
echo ".";
require_once("openvpn.inc");
echo ".";
require_once("rrd.inc");
echo " done.\n";

/* start devd (dhclient now uses it) */
echo "Starting device manager (devd)...";
mute_kernel_msgs();
exec('/sbin/devd');
sleep(1);
set_device_perms();
unmute_kernel_msgs();
echo "done.\n";

/* configure login behaviour */
system_login_configure();

$setup_installer = is_install_media();
if ($setup_installer) {
    echo 'Press any key to start the early installer:  ';

    $key = timeout();
    if ($key != "\n") {
        echo "\n";
    }

    if (isset($key)) {
        passthru('/usr/local/etc/rc.installer');
        if (file_exists('/tmp/install_complete')) {
            passthru('/usr/local/etc/rc.reboot');
            exit;
        }
    }

    /* config may have changed via installer import */
    OPNsense\Core\Config::getInstance()->forceReload();
}

echo "Loading configuration...";
global $config;
$config = parse_config();
convert_config();
echo "done.\n";

/*
 *  Determine if we need to throw a interface exception
 *  and ask the user to reassign interfaces.  This will
 *  avoid a reboot and thats a good thing.
 */
if (is_interface_mismatch()) {
    echo "\nDefault interfaces not found -- Running interface assignment option.\n";
    while (!set_networking_interfaces_ports(true));
}

/* enable optional crypto modules */
load_crypto_module();

/* enable optional thermal sensor modules */
load_thermal_module();

/* read in /etc/sysctl.conf and set values if needed */
echo "Setting up extended sysctls...";
system_setup_sysctl();
echo "done.\n";

/* set up our timezone */
system_timezone_configure(true);

/* set up firmware configuration */
system_firmware_configure();

/* set up our hostname */
system_hostname_configure();

/* make hosts file */
system_hosts_generate();

/* configure loopback interface */
interfaces_loopback_configure();

/* start syslogd */
system_syslogd_start(true);

/* set up interfaces */
mute_kernel_msgs();
openvpn_prepare_all();
interfaces_configure();
unmute_kernel_msgs();

/* re-make hosts file after configuring interfaces */
system_hosts_generate();

/* start OpenVPN server & clients */
echo "Syncing OpenVPN settings...";
openvpn_resync_all();
echo "done.\n";

/* generate resolv.conf */
system_resolvconf_generate();

/* setup pf */
filter_configure_sync(true);

/* start pflog */
echo "Starting PFLOG...";
filter_pflog_start();
echo "done.\n";

/* reconfigure our gateway monitor */
echo "Setting up gateway monitors...";
setup_gateways_monitor();
echo "done.\n";

echo "Synchronizing user settings...";
local_sync_accounts();
echo "done.\n";

/* start ssh daemon */
mwexec("/usr/local/etc/rc.sshd");

/* start web server */
echo 'Starting webConfigurator...'. (system_webgui_configure() ? "done.\n" : "failed.\n");

system_cron_configure(true);
system_routing_configure();
system_routing_enable();
dnsmasq_configure_do(true);
unbound_configure_do(true);
system_ntp_configure(false, true);
services_dhcpd_configure('all', array(), true);
services_dhcpleases_configure();
services_dhcrelay_configure(true);
services_dhcrelay6_configure(true);

/* dyndns service updates */
mwexec("/usr/local/etc/rc.dyndns.update");

/* Run a filter configure now that most all services have started */
filter_configure_sync(true);

/* Run all registered plugins */
if (function_exists('plugins_configure')) {
    plugins_configure(true);
}

/* start IPsec tunnels */
$ipsec_dynamic_hosts = ipsec_configure();

/* load graphing functions */
enable_rrd_graphing(true);

/* if we are operating at 1000 then increase timeouts.
   this was never accounted for after moving to 1000 hz */
$kern_hz = get_single_sysctl('kern.clockrate');
$kern_hz = substr($kern_hz, strpos($kern_hz, 'hz = ') + 5);
$kern_hz = substr($kern_hz, 0, strpos($kern_hz, ','));
if ($kern_hz == '1000') {
    set_single_sysctl('net.inet.tcp.rexmit_min' , '30');
}

/* start the igmpproxy daemon */
services_igmpproxy_configure(true);

/* If powerd is enabled, lets launch it */
activate_powerd();

/* Set preferred protocol */
prefer_ipv4_or_ipv6();

/*
 * Give syslogd a kick after everything else has been
 * initialized, otherwise it can occasionally fail to
 * route syslog messages properly on both IPv4 and IPv6.
 */
system_syslogd_start(true);

/* If there are ipsec dynamic hosts try again to reload the tunnels as rc.newipsecdns does */
if ($ipsec_dynamic_hosts) {
    ipsec_configure();
    filter_configure();
}

// generate configuration data for all installed templates
configd_run('template reload *');

if ($setup_installer) {
    /*
     * Installer mode requires setting up an extra user and
     * we will protect it with root's password.  We can only
     * do this if user does not exist, though.
     */

    $root = null;

    if (isset($config['system']['user'])) {
        foreach ($config['system']['user'] as $user) {
            if ($user['name'] == 'installer') {
                $root = null;
                break;
            }
            if ($user['uid'] == 0) {
                $root = $user;
            }
        }
    }

    if ($root) {
        $root['shell'] = '/usr/local/etc/rc.installer';
        $root['name'] = 'installer';
        local_user_set($root);

        mwexec("/usr/local/etc/rc.sshd installer");

        echo "\n";
        echo "Welcome!  Both `root' and `installer' users are availabe for system\n";
        echo "setup or invoking the installer, respectively.  The predefined root\n";
        echo "password works for both accounts.  Remote login via SSH is possible.\n\n";
    }
}

exit(0);