mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 11:26:13 +00:00
572 lines
19 KiB
PHP
Executable File
572 lines
19 KiB
PHP
Executable File
#!/usr/local/bin/php
|
|
<?php
|
|
|
|
/*
|
|
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are met:
|
|
|
|
1. Redistributions of source code must retain the above copyright notice,
|
|
this list of conditions and the following disclaimer.
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/* parse the configuration and include all functions used below */
|
|
require_once("config.inc");
|
|
require_once("interfaces.inc");
|
|
require_once("openvpn.inc");
|
|
require_once("util.inc");
|
|
require_once("ipsec.inc");
|
|
require_once("filter.inc");
|
|
require_once("rrd.inc");
|
|
require_once("util.inc");
|
|
require_once("services.inc");
|
|
require_once("system.inc");
|
|
|
|
$options = getopt("hn", array("dry-run", "help"));
|
|
|
|
if (isset($options["h"]) || isset($options["help"])) {
|
|
echo "usage: rc.initial.setlanip [option ...]\n";
|
|
echo " -h, --help show this message\n";
|
|
echo " -n, --dry-run do not make any configuration changes\n";
|
|
exit(0);
|
|
}
|
|
|
|
$dry_run = isset($options["n"]) || isset($options["dry-run"]);
|
|
if ($dry_run) {
|
|
echo "DRY RUN MODE IS ON\n";
|
|
}
|
|
|
|
|
|
function console_prompt_for_yn($prompt_text)
|
|
{
|
|
global $fp;
|
|
|
|
$good_answer = false;
|
|
|
|
do {
|
|
echo "\n" . $prompt_text . " (y/n) ";
|
|
$yn = strtolower(chop(fgets($fp)));
|
|
if (($yn == "y") || ($yn == "yes")) {
|
|
$boolean_answer = true;
|
|
$good_answer = true;
|
|
}
|
|
if (($yn == "n") || ($yn == "no")) {
|
|
$boolean_answer = false;
|
|
$good_answer = true;
|
|
}
|
|
} while (!$good_answer);
|
|
|
|
return $boolean_answer;
|
|
}
|
|
|
|
function console_get_interface_from_ppp($realif)
|
|
{
|
|
global $config;
|
|
|
|
if (isset($config['ppps']['ppp'])) {
|
|
foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
|
|
if ($realif == $ppp['if']) {
|
|
$ifaces = explode(',', $ppp['ports']);
|
|
return $ifaces[0];
|
|
}
|
|
}
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
function prompt_for_enable_dhcp_server($version = 4)
|
|
{
|
|
global $config, $fp, $interface;
|
|
if ($interface == "wan") {
|
|
if ($config['interfaces']['lan']) {
|
|
return false;
|
|
}
|
|
}
|
|
/* only allow DHCP server to be enabled when static IP is
|
|
configured on this interface */
|
|
if ($version === 6) {
|
|
$is_ipaddr = is_ipaddrv6($config['interfaces'][$interface]['ipaddrv6']);
|
|
} else {
|
|
$is_ipaddr = is_ipaddrv4($config['interfaces'][$interface]['ipaddr']);
|
|
}
|
|
if (!($is_ipaddr)) {
|
|
return false;
|
|
}
|
|
|
|
$label_DHCP = ($version === 6) ? "DHCP6" : "DHCP";
|
|
$upperifname = strtoupper($interface);
|
|
return console_prompt_for_yn(sprintf('Do you want to enable the %s server on %s?', $label_DHCP, $upperifname));
|
|
}
|
|
|
|
function get_interface_config_description($iface)
|
|
{
|
|
global $config;
|
|
$c = $config['interfaces'][$iface];
|
|
if (!$c) {
|
|
return null;
|
|
}
|
|
$if = $c['if'];
|
|
$result = $if;
|
|
$result2 = array();
|
|
$ipaddr = $c['ipaddr'];
|
|
$ipaddrv6 = $c['ipaddrv6'];
|
|
if (is_ipaddr($ipaddr)) {
|
|
$result2[] = "static";
|
|
} elseif ($ipaddr == "dhcp") {
|
|
$result2[] = "dhcp";
|
|
}
|
|
if (is_ipaddr($ipaddrv6)) {
|
|
$result2[] = "staticv6";
|
|
} elseif ($ipaddrv6 == "dhcp6") {
|
|
$result2[] = "dhcp6";
|
|
}
|
|
if (count($result2)) {
|
|
$result .= " - " . implode(", ", $result2);
|
|
}
|
|
return $result;
|
|
}
|
|
|
|
$fp = fopen('php://stdin', 'r');
|
|
|
|
/* build an interface collection */
|
|
$ifdescrs = get_configured_interface_with_descr(false, true);
|
|
$count = count($ifdescrs);
|
|
|
|
/* grab interface that we will operate on, unless there is only one
|
|
interface */
|
|
if ($count > 1) {
|
|
echo "Available interfaces:\n\n";
|
|
$x=1;
|
|
foreach ($ifdescrs as $iface => $ifdescr) {
|
|
$config_descr = get_interface_config_description($iface);
|
|
echo "{$x} - {$ifdescr} ({$config_descr})\n";
|
|
$x++;
|
|
}
|
|
echo "\nEnter the number of the interface you wish to configure: ";
|
|
$intnum = chop(fgets($fp));
|
|
} else {
|
|
$intnum = $count;
|
|
}
|
|
|
|
if ($intnum < 1) {
|
|
exit;
|
|
}
|
|
if ($intnum > $count) {
|
|
exit;
|
|
}
|
|
|
|
$index = 1;
|
|
foreach ($ifdescrs as $ifname => $ifdesc) {
|
|
if ($intnum == $index) {
|
|
$interface = $ifname;
|
|
break;
|
|
} else {
|
|
$index++;
|
|
}
|
|
}
|
|
if (!$interface) {
|
|
echo "Invalid interface!\n";
|
|
exit;
|
|
}
|
|
|
|
$ifaceassigned = "";
|
|
|
|
function next_unused_gateway_name($interface)
|
|
{
|
|
global $config;
|
|
|
|
$new_name = "GW_" . strtoupper($interface);
|
|
|
|
if (!isset($config['gateways']['gateway_item'])) {
|
|
return $new_name;
|
|
}
|
|
$count = 1;
|
|
do {
|
|
$existing = false;
|
|
foreach ($config['gateways']['gateway_item'] as $item) {
|
|
if ($item['name'] === $new_name) {
|
|
$existing = true;
|
|
break;
|
|
}
|
|
}
|
|
if ($existing) {
|
|
$count += 1;
|
|
$new_name = "GW_" . strtoupper($interface) . "_" . $count;
|
|
}
|
|
} while ($existing);
|
|
return $new_name;
|
|
}
|
|
|
|
function add_gateway_to_config($interface, $gatewayip, $inet_type)
|
|
{
|
|
global $config, $dry_run;
|
|
|
|
if (!isset($config['gateways']['gateway_item'])) {
|
|
$config['gateways']['gateway_item'] = array();
|
|
}
|
|
$a_gateways = &$config['gateways']['gateway_item'];
|
|
if ($dry_run) {
|
|
print_r($a_gateways);
|
|
}
|
|
$new_name = '';
|
|
$is_default = true;
|
|
foreach ($a_gateways as $item) {
|
|
if ($item['ipprotocol'] === $inet_type) {
|
|
if (isset($item['defaultgw'])) {
|
|
$is_default = false;
|
|
}
|
|
if (($item['interface'] === $interface) && ($item['gateway'] === $gatewayip)) {
|
|
$new_name = $item['name'];
|
|
}
|
|
}
|
|
}
|
|
if ($new_name == '') {
|
|
$new_name = next_unused_gateway_name($interface);
|
|
$item = array(
|
|
"interface" => $interface,
|
|
"gateway" => $gatewayip,
|
|
"name" => $new_name,
|
|
"weight" => 1,
|
|
"ipprotocol" => $inet_type,
|
|
"interval" => true,
|
|
"descr" => "Interface $interface Gateway",
|
|
"defaultgw" => $is_default
|
|
);
|
|
if ($dry_run) {
|
|
print_r($item);
|
|
}
|
|
$a_gateways[] = $item;
|
|
}
|
|
|
|
return $new_name;
|
|
}
|
|
|
|
function console_configure_ip_address($version)
|
|
{
|
|
global $g, $config, $interface, $restart_dhcpd, $ifaceassigned, $fp;
|
|
|
|
$label_IPvX = ($version === 6) ? "IPv6" : "IPv4";
|
|
$maxbits = ($version === 6) ? 127 : 31;
|
|
$label_DHCP = ($version === 6) ? "DHCP6" : "DHCP";
|
|
|
|
$upperifname = strtoupper($interface);
|
|
|
|
if ($interface == "wan") {
|
|
if (console_prompt_for_yn(sprintf('Configure %s address %s interface via %s?', $label_IPvX, $upperifname, $label_DHCP))) {
|
|
$ifppp = console_get_interface_from_ppp(get_real_interface("wan"));
|
|
if (!empty($ifppp)) {
|
|
$ifaceassigned = $ifppp;
|
|
}
|
|
$intip = ($version === 6) ? "dhcp6" : "dhcp";
|
|
$intbits = "";
|
|
$isintdhcp = true;
|
|
$restart_dhcpd = true;
|
|
}
|
|
}
|
|
|
|
if ($isintdhcp == false or $interface <> "wan") {
|
|
while (true) {
|
|
do {
|
|
echo "\n" . sprintf(
|
|
'Enter the new %s %s address. Press <ENTER> for none:',
|
|
$upperifname,
|
|
$label_IPvX
|
|
) . "\n> ";
|
|
$intip = chop(fgets($fp));
|
|
$is_ipaddr = ($version === 6) ? is_ipaddrv6($intip) : is_ipaddrv4($intip);
|
|
if ($is_ipaddr && is_ipaddr_configured($intip, $interface)) {
|
|
$ip_conflict = true;
|
|
echo "This IP address conflicts with another interface or a VIP\n";
|
|
} else {
|
|
$ip_conflict = false;
|
|
}
|
|
} while (($ip_conflict === true) || !($is_ipaddr || $intip == ''));
|
|
if ($intip != '') {
|
|
echo "\nSubnet masks are entered as bit counts (like CIDR notation).\n";
|
|
if ($version === 6) {
|
|
echo "e.g. ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 = 120\n";
|
|
echo " ffff:ffff:ffff:ffff:ffff:ffff:ffff:0 = 112\n";
|
|
echo " ffff:ffff:ffff:ffff:ffff:ffff:0:0 = 96\n";
|
|
echo " ffff:ffff:ffff:ffff:ffff:0:0:0 = 80\n";
|
|
echo " ffff:ffff:ffff:ffff:0:0:0:0 = 64\n";
|
|
} else {
|
|
echo "e.g. 255.255.255.0 = 24\n";
|
|
echo " 255.255.0.0 = 16\n";
|
|
echo " 255.0.0.0 = 8\n";
|
|
}
|
|
do {
|
|
$upperifname = strtoupper($interface);
|
|
echo "\n" . sprintf(
|
|
'Enter the new %s %s subnet bit count (1 to %s):',
|
|
$upperifname,
|
|
$label_IPvX,
|
|
$maxbits
|
|
) . "\n> ";
|
|
$intbits = chop(fgets($fp));
|
|
$intbits_ok = is_numeric($intbits) && (($intbits >= 1) && ($intbits <= $maxbits));
|
|
$restart_dhcpd = true;
|
|
|
|
if ($version === 4 && $intbits < $maxbits) {
|
|
if ($intip == gen_subnet($intip, $intbits)) {
|
|
echo 'You cannot set network address to an interface';
|
|
continue 2;
|
|
$intbits_ok = false;
|
|
} elseif ($intip == gen_subnet_max($intip, $intbits)) {
|
|
echo 'You cannot set broadcast address to an interface';
|
|
continue 2;
|
|
$intbits_ok = false;
|
|
}
|
|
}
|
|
} while (!$intbits_ok);
|
|
|
|
if ($version === 6) {
|
|
$subnet = gen_subnetv6($intip, $intbits);
|
|
} else {
|
|
$subnet = gen_subnet($intip, $intbits);
|
|
}
|
|
do {
|
|
echo "\n" . sprintf('For a WAN, enter the new %s %s upstream gateway address.', $upperifname, $label_IPvX) . "\n" .
|
|
'For a LAN, press <ENTER> for none:' . "\n> ";
|
|
$gwip = chop(fgets($fp));
|
|
$is_ipaddr = ($version === 6) ? is_ipaddrv6($gwip) : is_ipaddrv4($gwip);
|
|
$is_in_subnet = $is_ipaddr && ip_in_subnet($gwip, $subnet . "/" . $intbits);
|
|
if ($gwip != '') {
|
|
if (!$is_ipaddr) {
|
|
echo sprintf('not an %s IP address!', $label_IPvX) . "\n";
|
|
} elseif (!$is_in_subnet) {
|
|
echo "not in subnet\n";
|
|
}
|
|
}
|
|
} while (!($gwip == '' || ($is_ipaddr && $is_in_subnet)));
|
|
|
|
if ($gwip != '') {
|
|
$inet_type = ($version === 6) ? "inet6" : "inet";
|
|
$gwname = add_gateway_to_config($interface, $gwip, $inet_type);
|
|
}
|
|
}
|
|
$ifppp = console_get_interface_from_ppp(get_real_interface($interface));
|
|
if (!empty($ifppp)) {
|
|
$ifaceassigned = $ifppp;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
return array($intip, $intbits, $gwname);
|
|
}
|
|
|
|
list($intip, $intbits, $gwname) = console_configure_ip_address(4);
|
|
list($intip6, $intbits6, $gwname6) = console_configure_ip_address(6);
|
|
|
|
if (!empty($ifaceassigned)) {
|
|
$config['interfaces'][$interface]['if'] = $ifaceassigned;
|
|
}
|
|
$config['interfaces'][$interface]['ipaddr'] = $intip;
|
|
$config['interfaces'][$interface]['subnet'] = $intbits;
|
|
$config['interfaces'][$interface]['gateway'] = $gwname;
|
|
$config['interfaces'][$interface]['ipaddrv6'] = $intip6;
|
|
$config['interfaces'][$interface]['subnetv6'] = $intbits6;
|
|
$config['interfaces'][$interface]['gatewayv6'] = $gwname6;
|
|
$config['interfaces'][$interface]['enable'] = true;
|
|
|
|
function console_configure_dhcpd($version = 4)
|
|
{
|
|
global $config, $restart_dhcpd, $fp, $interface, $dry_run, $intip, $intbits, $intip6, $intbits6;
|
|
|
|
$label_IPvX = ($version === 6) ? "IPv6" : "IPv4";
|
|
$dhcpd = ($version === 6) ? "dhcpdv6" : "dhcpd";
|
|
|
|
if (prompt_for_enable_dhcp_server($version)) {
|
|
$subnet_start = ($version === 6) ? gen_subnetv6($intip6, $intbits6) : gen_subnet($intip, $intbits);
|
|
$subnet_end = ($version === 6) ? gen_subnetv6_max($intip6, $intbits6) : gen_subnet_max($intip, $intbits);
|
|
do {
|
|
do {
|
|
echo sprintf('Enter the start address of the %s client address range:', $label_IPvX) . " ";
|
|
$dhcpstartip = chop(fgets($fp));
|
|
if ($dhcpstartip === "") {
|
|
fclose($fp);
|
|
exit(0);
|
|
}
|
|
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpstartip) : is_ipaddrv4($dhcpstartip);
|
|
$is_inrange = is_inrange($dhcpstartip, $subnet_start, $subnet_end);
|
|
if (!$is_inrange) {
|
|
echo "This IP address must be in the interface's subnet\n";
|
|
}
|
|
} while (!$is_ipaddr || !$is_inrange);
|
|
|
|
do {
|
|
echo sprintf('Enter the end address of the %s client address range:', $label_IPvX) . " ";
|
|
$dhcpendip = chop(fgets($fp));
|
|
if ($dhcpendip === "") {
|
|
fclose($fp);
|
|
exit(0);
|
|
}
|
|
$is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpendip) : is_ipaddrv4($dhcpendip);
|
|
$is_inrange = is_inrange($dhcpendip, $subnet_start, $subnet_end);
|
|
if (!$is_inrange) {
|
|
echo "This IP address must be in the interface's subnet\n";
|
|
}
|
|
$not_inorder = ($version === 6) ? (inet_pton($dhcpendip) < inet_pton($dhcpstartip)) : ip_less_than($dhcpendip, $dhcpstartip);
|
|
if ($not_inorder) {
|
|
echo "The end address of the DHCP range must be >= the start address\n";
|
|
}
|
|
} while (!$is_ipaddr || !$is_inrange);
|
|
} while ($not_inorder);
|
|
$restart_dhcpd = true;
|
|
$config[$dhcpd][$interface]['enable'] = true;
|
|
$config[$dhcpd][$interface]['range']['from'] = $dhcpstartip;
|
|
$config[$dhcpd][$interface]['range']['to'] = $dhcpendip;
|
|
} else {
|
|
if (isset($config[$dhcpd][$interface]['enable'])) {
|
|
unset($config[$dhcpd][$interface]['enable']);
|
|
printf('Disabling %s DHCPD...', $label_IPvX);
|
|
$restart_dhcpd = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
console_configure_dhcpd(4);
|
|
console_configure_dhcpd(6);
|
|
|
|
//*****************************************************************************
|
|
|
|
if ($config['system']['webgui']['protocol'] == "https") {
|
|
if (console_prompt_for_yn('Do you want to revert to HTTP as the web GUI protocol?')) {
|
|
$config['system']['webgui']['protocol'] = "http";
|
|
$restart_webgui = true;
|
|
}
|
|
}
|
|
|
|
if (isset($config['system']['webgui']['noantilockout'])) {
|
|
echo "\n" . sprintf('Note: the anti-lockout rule on %s has been re-enabled.', $interface) . "\n";
|
|
unset($config['system']['webgui']['noantilockout']);
|
|
}
|
|
|
|
if ($config['interfaces']['lan']) {
|
|
if ($config['dhcpd']) {
|
|
if ($config['dhcpd']['wan']) {
|
|
unset($config['dhcpd']['wan']);
|
|
}
|
|
}
|
|
if ($config['dhcpdv6']) {
|
|
if ($config['dhcpdv6']['wan']) {
|
|
unset($config['dhcpdv6']['wan']);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$config['interfaces']['lan']) {
|
|
unset($config['interfaces']['lan']);
|
|
if ($config['dhcpd']['lan']) {
|
|
unset($config['dhcpd']['lan']);
|
|
}
|
|
if ($config['dhcpdv6']['lan']) {
|
|
unset($config['dhcpdv6']['lan']);
|
|
}
|
|
unset($config['nat']);
|
|
if (!$dry_run) {
|
|
system("rm /var/dhcpd/var/db/* >/dev/null 2>/dev/null");
|
|
$restart_dhcpd = true;
|
|
}
|
|
}
|
|
|
|
$upperifname = strtoupper($interface);
|
|
if (!$dry_run) {
|
|
echo "\nPlease wait while the changes are saved to {$upperifname}...";
|
|
write_config(sprintf('%s IP configuration from console menu', $interface));
|
|
interface_reconfigure(strtolower($upperifname));
|
|
echo "\n Reloading filter...";
|
|
filter_configure_sync();
|
|
if ($restart_dhcpd) {
|
|
echo "\n DHCPD...";
|
|
services_dhcpd_configure();
|
|
}
|
|
if ($restart_webgui) {
|
|
mwexec('/usr/local/etc/rc.restart_webgui');
|
|
}
|
|
}
|
|
|
|
if ($intip != '') {
|
|
if (is_ipaddr($intip)) {
|
|
echo "\n\n" . sprintf(
|
|
'The IPv4 %s address has been set to %s',
|
|
$upperifname,
|
|
"{$intip}/{$intbits}"
|
|
) . "\n";
|
|
} else {
|
|
echo "\n\n" . sprintf(
|
|
'The IPv4 %s address has been set to %s',
|
|
$upperifname,
|
|
$intip
|
|
) . "\n";
|
|
}
|
|
}
|
|
if ($intip6 != '') {
|
|
if (is_ipaddr($intip6)) {
|
|
echo "\n\n" . sprintf(
|
|
'The IPv6 %s address has been set to %s',
|
|
$upperifname,
|
|
"${intip6}/${intbits6}"
|
|
) . "\n";
|
|
} else {
|
|
echo "\n\n" . sprintf(
|
|
'The IPv6 %s address has been set to %s',
|
|
$upperifname,
|
|
$intip6
|
|
) . "\n";
|
|
}
|
|
}
|
|
|
|
if ($intip != '' || $intip6 != '') {
|
|
if (count($ifdescrs) == "1" or $interface == "lan") {
|
|
echo "You can now access the web GUI by opening the following URL in your web browser:\n";
|
|
if (!empty($config['system']['webgui']['port'])) {
|
|
$webuiport = $config['system']['webgui']['port'];
|
|
if ($intip != '') {
|
|
echo " {$config['system']['webgui']['protocol']}://{$intip}:{$webuiport}/\n";
|
|
}
|
|
if ($intip6 != '') {
|
|
if (is_ipaddr($intip6)) {
|
|
echo " {$config['system']['webgui']['protocol']}://[{$intip6}]:{$webuiport}/\n";
|
|
} else {
|
|
echo " {$config['system']['webgui']['protocol']}://{$intip6}:{$webuiport}/\n";
|
|
}
|
|
}
|
|
} else {
|
|
if ($intip != '') {
|
|
echo " {$config['system']['webgui']['protocol']}://{$intip}/\n";
|
|
}
|
|
if ($intip6 != '') {
|
|
if (is_ipaddr($intip6)) {
|
|
echo " {$config['system']['webgui']['protocol']}://[{$intip6}]/\n";
|
|
} else {
|
|
echo " {$config['system']['webgui']['protocol']}://{$intip6}/\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
echo "\nPress <ENTER> to continue.";
|
|
|
|
fgets($fp);
|
|
fclose($fp);
|