diff options
| author | Ermal Luçi <eri@pfsense.org> | 2009-05-08 18:42:37 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2009-05-08 18:42:37 +0000 |
| commit | 0027de0a544438f146cfc94f005fd6f4ba9f94d7 (patch) | |
| tree | 3f97d22951284c2a7b02563ecdbb0fd126b46f15 | |
| parent | 89e6e210158ca4ca24d2ddbc02ccab72175875a5 (diff) | |
| download | pfsense-0027de0a544438f146cfc94f005fd6f4ba9f94d7.zip pfsense-0027de0a544438f146cfc94f005fd6f4ba9f94d7.tar.gz | |
* Create two new functions lock($subsystem)/unlock() to have more reliable locking using semaphores.
This function can sleep till the resource is free and can help find not well behaving code.
* Remove most of the config_lock/config_unlock logics on the whole scripts/pages it is an abuse of this.
If any sybsytem wants to lock can do so with its own lock.
* Lock the config when doing a filter reload to avoid parallell recursion on this function, since it is not reentrant.
This compenstates for the removal of lock aquiring from the scripts/pages.
* config_lock/config_unlock are now compate shims that do nothing. They are preserved since packages 'abuse' them too.
58 files changed, 157 insertions, 324 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 8e5f73b..f19847a 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -89,7 +89,6 @@ if(file_exists("/cf/conf/config.xml")) { $fd = fopen("/cf/conf/config.xml", "w"); fwrite($fd, $config_contents); fclose($fd); - mwexec("sync"); conf_mount_ro(); } } @@ -237,29 +236,30 @@ function encrypted_configxml() { ******/ function parse_config($parse = false) { global $g; - if(filesize("{$g['conf_path']}/config.xml") == 0) { + + $lockkey = lock('config'); + if (filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); restore_backup("{$g['conf_path']}/backup/{$last_backup}"); } else { + unlock($lockkey); die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); } } if($g['booting']) echo "."; - config_lock(); // Check for encrypted config.xml encrypted_configxml(); if(!$parse) { if(file_exists($g['tmp_path'] . '/config.cache')) { $config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache')); if(is_null($config)) { - config_unlock(); + unlock($lockkey); parse_config(true); } } else { - config_unlock(); if(!file_exists($g['conf_path'] . "/config.xml")) { log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); @@ -269,7 +269,9 @@ function parse_config($parse = false) { else log_error("Could not restore config.xml."); } + unlock($lockkey); $config = parse_config(true); + $lockkey = lock('config'); } } else { if(!file_exists($g['conf_path'] . "/config.xml")) { @@ -294,7 +296,7 @@ function parse_config($parse = false) { } if($g['booting']) echo "."; alias_make_table($config); - config_unlock(); + unlock($lockkey); /* process packager manager custom rules */ if(is_dir("/usr/local/pkg/config_parse/")) { @@ -316,38 +318,33 @@ function parse_config($parse = false) { ******/ function generate_config_cache($config) { global $g; - config_lock(); + conf_mount_rw(); $configcache = fopen($g['tmp_path'] . '/config.cache', "w"); fwrite($configcache, serialize($config)); fclose($configcache); - mwexec("sync"); conf_mount_ro(); - config_unlock(); - return true; } function discover_last_backup() { $backups = split("\n", `cd /cf/conf/backup && ls -ltr *.xml | awk '{print \$9}'`); - $last_backup = ""; + $last_backup = ""; foreach($backups as $backup) if($backup) $last_backup = $backup; + return $last_backup; } function restore_backup($file) { - config_lock(); - if(file_exists($file)) { + if (file_exists($file)) { conf_mount_rw(); copy("$file","/cf/conf/config.xml"); unlink_if_exists("/tmp/config.cache"); log_error("{$g['product_name']} is restoring the configuration $file"); file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "pfSenseConfigurator", ""); - mwexec("sync"); conf_mount_ro(); } - config_unlock(); } /****f* config/parse_config_bootup @@ -358,15 +355,17 @@ function restore_backup($file) { ******/ function parse_config_bootup() { global $config, $g, $noparseconfig; + if($g['booting']) echo "."; + + $lockkey = lock('config'); if (!$noparseconfig) { if (!file_exists("{$g['conf_path']}/config.xml")) { - config_lock(); if ($g['booting']) { if (strstr($g['platform'], "cdrom")) { /* try copying the default config. to the floppy */ echo "Resetting factory defaults...\n"; - reset_factory_defaults(); + reset_factory_defaults(true); if (file_exists("{$g['conf_path']}/config.xml")) { /* do nothing, we have a file. */ } else { @@ -391,21 +390,23 @@ function parse_config_bootup() { file_notice("config.xml", "Last known config found and restored. Please double check your configuration file for accuracy.", "pfSenseConfigurator", ""); } } else { - config_unlock(); + unlock($lockkey); exit(0); } } } - if(filesize("{$g['conf_path']}/config.xml") == 0) { + if (filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); restore_backup("{$g['conf_path']}/backup/{$last_backup}"); } else { + unlock($lockkey); die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); } } + unlock($lockkey); parse_config(true); if ((float)$config['version'] > (float)$g['latest_config']) { @@ -426,7 +427,6 @@ EOD; /* make alias table (for faster lookups) */ alias_make_table($config); - config_unlock(); } /****f* config/conf_mount_rw @@ -492,6 +492,7 @@ function conf_mount_ro() { /* sync data, then force a remount of /cf */ mwexec("/bin/sync"); + mwexec("/bin/sync"); mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); mwexec("/sbin/mount -u -r -f /"); } @@ -582,7 +583,7 @@ function write_config($desc="Unknown", $backup = true) { $config['revision']['description'] = $desc; $config['revision']['time'] = $changetime; - config_lock(); + $lockkey = lock('config'); /* generate configuration XML */ $xmlconfig = dump_xml_config($config, $g['xml_rootobj']); @@ -590,31 +591,42 @@ function write_config($desc="Unknown", $backup = true) { conf_mount_rw(); /* write new configuration */ - if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) { - die("Unable to open {$g['cf_conf_path']}/config.xml for writing in write_config()\n"); - } + $fd = fopen("{$g['cf_conf_path']}/config.xml", "w"); + if (!$fd) { + // Unable to open temporary file for writing + log_error("WARNING: Config contents could not be save. Could not open file!"); + unlock($lockkey); + return false; + } + if (!fwrite($fd, $xmlconfig)) { + // Unable to write to temporary file + log_error("WARNING: Config contents could not be written on file."); + fclose($fd); + unlock($lockkey); + return false; + } + fclose($fd); if($g['platform'] == "embedded") { - cleanup_backupcache(5); + cleanup_backupcache(5, false); } else { - cleanup_backupcache(30); - } - - if($g['booting'] <> true) { - mwexec("sync"); - conf_mount_ro(); + cleanup_backupcache(30, false); } /* re-read configuration */ $config = parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); /* write config cache */ - safe_write_file("{$g['tmp_path']}/config.cache", serialize($config), true); + $fd = @fopen("{$g['tmp_path']}/config.cache", "wb"); + if ($fd) { + fwrite($fd, serialize($config)); + fclose($fd); + } /* tell kernel to sync fs data */ - mwexec("/bin/sync"); - - config_unlock(); + if (!$g['booting']) + conf_mount_ro(); + unlock($lockkey); if(is_dir("/usr/local/pkg/write_config/")) { /* process packager manager custom rules */ @@ -632,10 +644,11 @@ function write_config($desc="Unknown", $backup = true) { * RESULT * integer - indicates completion ******/ -function reset_factory_defaults() { +function reset_factory_defaults($lock = false) { global $g; - config_lock(); + if ($lock) + $lockkey = lock('config'); conf_mount_rw(); /* create conf directory, if necessary */ @@ -655,10 +668,9 @@ function reset_factory_defaults() { /* call the wizard */ touch("/conf/trigger_initial_wizard"); - - mwexec("sync"); conf_mount_ro(); - config_unlock(); + if ($lock) + unlock($lockkey); return 0; } @@ -669,19 +681,18 @@ function config_restore($conffile) { if (!file_exists($conffile)) return 1; - config_lock(); - conf_mount_rw(); + $lockkey = lock('config'); + conf_mount_rw(); - backup_config(); - copy($conffile, "{$g['cf_conf_path']}/config.xml"); + backup_config(); + copy($conffile, "{$g['cf_conf_path']}/config.xml"); $config = parse_config(true); - write_config("Reverted to " . array_pop(explode("/", $conffile)) . ".", false); + write_config("Reverted to " . array_pop(explode("/", $conffile)) . ".", false); - mwexec("sync"); - conf_mount_ro(); - config_unlock(); + conf_mount_ro(); + unlock($lockkey); - return 0; + return 0; } function config_install($conffile) { @@ -696,18 +707,17 @@ function config_install($conffile) { if($g['booting'] == true) echo "Installing configuration...\n"; - config_lock(); - conf_mount_rw(); + $lockkey = lock('config'); + conf_mount_rw(); - copy($conffile, "{$g['conf_path']}/config.xml"); + copy($conffile, "{$g['conf_path']}/config.xml"); /* unlink cache file if it exists */ if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); - mwexec("sync"); - conf_mount_ro(); - config_unlock(); + conf_mount_ro(); + unlock($lockkey); return 0; } @@ -738,46 +748,6 @@ function config_validate($conffile) { return true; } -/* lock configuration file, decide that the lock file - * is stale after 10 seconds - */ -function config_lock($reason = "") { - global $g, $process_lock; - - /* No need to continue if we're the ones holding the lock */ - if ($process_lock) - return; - - $lockfile = "{$g['varrun_path']}/config.lock"; - - $n = 0; - while ($n < 10) { - /* open the lock file in append mode to avoid race condition */ - if ($fd = @fopen($lockfile, "x")) { - /* succeeded */ - fwrite($fd, $reason); - $process_lock = true; - fclose($fd); - return; - } else { - /* file locked, wait and try again */ - $process_lock = false; - sleep(1); - $n++; - } - } -} - -/* unlock configuration file */ -function config_unlock() { - global $g, $process_lock; - - $lockfile = "{$g['varrun_path']}/config.lock"; - $process_lock = false; - - unlink_if_exists($lockfile); -} - function set_networking_interfaces_ports() { global $noreboot; global $config; @@ -1180,10 +1150,12 @@ EOD; } } -function cleanup_backupcache($revisions = 30) { +function cleanup_backupcache($revisions = 30, $lock = true) { global $g; $i = false; - config_lock(); + + if ($lock) + $lockkey = lock('config'); if(file_exists($g['cf_conf_path'] . '/backup/backup.cache')) { conf_mount_rw(); $backups = get_backups(); @@ -1239,15 +1211,12 @@ function cleanup_backupcache($revisions = 30) { $bakout = fopen($g['cf_conf_path'] . '/backup/backup.cache', "w"); fwrite($bakout, serialize($tocache)); fclose($bakout); - mwexec("sync"); conf_mount_ro(); } - if($g['booting']) { - if($i) { - print "done.\n"; - } - } - config_unlock(); + if($g['booting'] && $i) + print "done.\n"; + if ($lock) + unlock($lockkey); } function get_backups() { @@ -1299,7 +1268,6 @@ function backup_config() { fwrite($bakout, serialize($backupcache)); fclose($bakout); - mwexec("sync"); conf_mount_ro(); return true; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f0b6bc8..7f2ee20 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -111,6 +111,9 @@ function filter_configure_sync() { global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList, $GatewayGroupsList; global $time_based_rules; + /* Use config lock to not allow recursion and config changes during this run. */ + $filterlck = lock('config'); + filter_pflog_start(); update_filter_reload_status("Initializing"); @@ -165,7 +168,8 @@ function filter_configure_sync() { unlink_if_exists("{$g['tmp_path']}/filter_loading"); update_filter_reload_status("Filter is disabled. Not loading rules."); if ($g['booting'] == true) - echo "done.\n"; + echo "done.\n"; + unlock($filterlck); return; } @@ -241,6 +245,7 @@ function filter_configure_sync() { file_notice("filter_load", "There were error(s) loading the rules: {$rules_error} {$line_error}", "Filter Reload", ""); log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}"); update_filter_reload_status("There were error(s) loading the rules: {$rules_error} - {$line_error}"); + unlock($filterlck); return; } } @@ -278,6 +283,8 @@ function filter_configure_sync() { if($config['system']['afterfilterchangeshellcmd'] <> "") mwexec($config['system']['afterfilterchangeshellcmd']); + unlock($filterlck); + /* sync carp entries to other firewalls */ update_filter_reload_status("Syncing CARP data"); carp_sync_client(); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index a36eef3..3ec42a3 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -944,14 +944,12 @@ function interface_ppp_configure($ifcfg) { $chatfile .= "CONNECT \"\" \\\n"; $chatfile .= "SAY \"\\nConnected.\"\n"; - config_lock(); conf_mount_rw(); safe_mkdir("/etc/ppp/peers", "0755"); file_put_contents("/etc/ppp/peers/ppp_{$dev}", $peerfile); file_put_contents("/etc/ppp/peers/ppp{$dev}-connect-chat", $chatfile); chmod("/etc/ppp/peers/ppp{$dev}-connect-chat", 0755); conf_mount_ro(); - config_unlock(); sleep(1); mwexec("/usr/sbin/pppd call ppp_{$dev}"); diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index c369ab6..9025fd7 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1912,45 +1912,6 @@ function pfsense_default_state_size() { return $max_states; } -/****f* pfsense-utils/safe_write_file - * NAME - * safe_write_file - Write a file out atomically - * DESCRIPTION - * safe_write_file() Writes a file out atomically by first writing to a - * temporary file of the same name but ending with the pid of the current - * process, them renaming the temporary file over the original. - * INPUTS - * $filename - string containing the filename of the file to write - * $content - string containing the file content to write to file - * $force_binary - boolean denoting whether we should force binary - * mode writing. - * RESULT - * boolean - true if successful, false if not - ******/ -function safe_write_file($file, $content, $force_binary) { - $tmp_file = $file . "." . getmypid(); - $write_mode = $force_binary ? "wb" : "w"; - - $fd = fopen($tmp_file, $write_mode); - if (!$fd) { - // Unable to open temporary file for writing - return false; - } - if (!fwrite($fd, $content)) { - // Unable to write to temporary file - fclose($fd); - return false; - } - fclose($fd); - - if (!rename($tmp_file, $file)) { - // Unable to move temporary file to original - unlink($tmp_file); - return false; - } - return true; -} - function rule_popup($src,$srcport,$dst,$dstport){ global $config; $aliases_array = array(); diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 8968428..e1bc857 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -77,6 +77,53 @@ function killbyname($procname) { mwexec("/usr/bin/killall " . escapeshellarg($procname)); } +function config_lock() { + log_error("config_lock() is depricated please use lock()."); + return; +} +function config_unlock() { + log_error("config_unlock() is depricated please use unlock()."); + return; +} + +/* lock configuration file */ +function lock($file) { + global $g, $cfglckkeyconsumers; + + if (!$file) + die("WARNING: You must give a name as parameter to lock() function."); + if (!file_exists("{$g['tmp_path']}/{$lock}.lock")) + @touch("{$g['tmp_path']}/{$lock}.lock"); + $config_lock_key = ftok("{$g['tmp_path']}/{$lock}.lock", 'a'); + $cfglckkey = sem_get($config_lock_key, 1); + $cfglckkeyconsumers++; + if (!sem_acquire($cfglckkey)) { + log_error("WARNING: lock() - Could not acquire {$lock} lock!"); + sem_remove($cfglckkey); + return NULL; + } else if ($g['debug']) + log_error("lock() - Got config lock."); + + return $cfglckkey; +} + +/* unlock configuration file */ +function unlock($cfglckkey = 0) { + global $g, $cfglckkeyconsumers; + + if (!$cfglckkey) + return; + + if (!sem_release($cfglckkey)) + log_error("WARNING: unlock() - Could not unlock config lock."); + else { + if ($g['debug']) + log_error("Released config lock."); + sem_remove($cfglckkey); + } + $cfglckkeyconsumers--; +} + function is_module_loaded($module_name) { $running = `/sbin/kldstat | grep {$module_name} | /usr/bin/grep -v grep | /usr/bin/wc -l`; if (intval($running) >= 1) @@ -803,19 +850,12 @@ function run_plugins($directory) { $files = return_dir_as_array($directory); if (is_array($files)) { foreach ($files as $file) { - if($file) { - $text = file_get_contents($directory . $file); - if($text) { - if(stristr($file, ".sh") == true) { - mwexec($directory . $file . " start"); - } else { - if(!stristr($file,"CVS")) { - if($g['booting'] == true) - echo "\t{$file}... "; - require_once($directory . $file); - } - } - } + if (stristr($file, ".sh") == true) + mwexec($directory . $file . " start"); + else if (!stristr($file,"CVS")) { + if ($g['booting'] == true) + echo "\t{$file}... "; + require_once($directory . $file); } } } diff --git a/etc/rc.initial.store_config_to_removable_device b/etc/rc.initial.store_config_to_removable_device index d729f0c..438e484 100755 --- a/etc/rc.initial.store_config_to_removable_device +++ b/etc/rc.initial.store_config_to_removable_device @@ -32,7 +32,7 @@ /* parse the configuration and include all functions used below */ require_once("config.inc"); - require_once("functions.inc"); + require_once("util.inc"); $fp = fopen('php://stdin', 'r'); @@ -67,7 +67,7 @@ } echo "\n\nProcessing: "; - config_lock(); + $lockkey = lock('config'); echo "moving..."; mwexec("mkdir -p /tmp/mnt/cf/conf/"); mwexec("/bin/mv /cf/conf/config.xml /tmp/mnt/cf/conf/"); @@ -81,9 +81,9 @@ system("/sbin/mount_nullfs /tmp/mnt/cf /cf"); echo "linking..."; mwexec("/bin/rm -rf /var/db/pfi"); - config_unlock(); + unlock($lockkey); echo "done.\n"; echo "\nYour configuration has been moved to {$move_config_to_device}\n"; touch("/tmp/config_moved"); fclose($fp); -?>
\ No newline at end of file +?> diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 0f74540..57a5ec4 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -62,8 +62,6 @@ function before_form_miniupnpd($pkg) { global $config; - config_lock(); - /* if shaper connection speed defined hide fields */ if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { $i=0; @@ -73,8 +71,6 @@ $i++; } } - - config_unlock(); } function validate_form_miniupnpd($post, $input_errors) { @@ -118,8 +114,6 @@ global $config; global $input_errors; - config_lock(); - $upnp_config = $config['installedpackages']['miniupnpd']['config'][0]; $config_file = '/var/etc/miniupnpd.conf'; @@ -238,7 +232,5 @@ unlink($config_file); } } - - config_unlock(); } ?> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index ef8becd..9b6c484 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -130,7 +130,7 @@ if ($_POST) { if (!$input_errors) { - config_lock(); + $lockbckp = lock('config'); $host = "{$config['system']['hostname']}.{$config['system']['domain']}"; $name = "config-{$host}-".date("YmdHis").".xml"; @@ -183,7 +183,7 @@ if ($_POST) { header("Content-Length: $size"); echo $data; - config_unlock(); + unlock($lockbckp); exit; } } diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index 83a5d80..d98bd6f 100755 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -89,11 +89,9 @@ if ($_POST) { write_config(); $retval = 0; - config_lock(); $retval = system_syslogd_start(); if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) $retval |= filter_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); } diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index a6fb78e..c0701f6 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -54,10 +54,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - config_lock(); /* reload all components that use aliases */ $retval = filter_configure(); - config_unlock(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 0b26ff1..009106a 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -51,11 +51,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 03eb8bd..1a1192c 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -51,10 +51,7 @@ if ($_POST['apply']) { write_config(); $retval = 0; - - config_lock(); $retval |= filter_configure(); - config_unlock(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/firewall_nat_server.php b/usr/local/www/firewall_nat_server.php index f0a2153..c7f07a7 100755 --- a/usr/local/www/firewall_nat_server.php +++ b/usr/local/www/firewall_nat_server.php @@ -51,10 +51,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index d5e6d6b..d4b7312 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -98,9 +98,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - config_lock(); $retval = filter_configure(); - config_unlock(); if (file_exists($d_filterconfdirty_path)) unlink($d_filterconfdirty_path); diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index ec803a1..55ec0f9 100755 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -112,12 +112,9 @@ if ($_GET) { write_config(); $retval = 0; + $retval |= filter_configure(); $savemsg = get_std_save_message($retval); - config_lock(); - $retval = filter_configure(); - config_unlock(); - if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); else @@ -266,11 +263,8 @@ if ($_GET) { write_config(); $retval = 0; - $savemsg = get_std_save_message($retval); - - config_lock(); $retval = filter_configure(); - config_unlock(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/firewall_shaper_layer7.php b/usr/local/www/firewall_shaper_layer7.php index 356e6fb..2dd5acc 100755 --- a/usr/local/www/firewall_shaper_layer7.php +++ b/usr/local/www/firewall_shaper_layer7.php @@ -166,12 +166,9 @@ else if ($_POST) { write_config();
$retval = 0;
- $savemsg = get_std_save_message($retval);
-
- config_lock();
$retval = filter_configure();
- config_unlock();
-
+ $savemsg = get_std_save_message($retval);
+ if(stristr($retval, "error") <> true)
$savemsg = get_std_save_message($retval);
else
diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php index 342083e..3495fdf 100755 --- a/usr/local/www/firewall_shaper_queues.php +++ b/usr/local/www/firewall_shaper_queues.php @@ -145,13 +145,10 @@ if ($_GET) { if ($_POST['apply']) { write_config(); - $retval = 0; - $savemsg = get_std_save_message($retval); + $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ - - config_lock(); - $retval = filter_configure(); - config_unlock(); + $retval = filter_configure(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); else diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index 75b7e6c..7415447 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -112,11 +112,8 @@ if ($_GET) { write_config(); $retval = 0; - $savemsg = get_std_save_message($retval); - - config_lock(); $retval = filter_configure(); - config_unlock(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); @@ -216,11 +213,8 @@ if ($_GET) { write_config(); $retval = 0; - $savemsg = get_std_save_message($retval); - - config_lock(); $retval = filter_configure(); - config_unlock(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/firewall_shaper_wizards.php b/usr/local/www/firewall_shaper_wizards.php index 2290a3f..fb8e9af 100755 --- a/usr/local/www/firewall_shaper_wizards.php +++ b/usr/local/www/firewall_shaper_wizards.php @@ -47,12 +47,9 @@ if ($_POST['apply']) { write_config(); $retval = 0; - $savemsg = get_std_save_message($retval); /* Setup pf rules since the user may have changed the optimization value */ - - config_lock(); $retval = filter_configure(); - config_unlock(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); else diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index d0e05eb..d24f234 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -57,15 +57,11 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval = services_proxyarp_configure(); /* Bring up any configured CARP interfaces */ reset_carp(); $retval |= filter_configure(); - config_unlock(); interfaces_ipalias_configure(); - /* reset carp states */ reset_carp(); interfaces_carp_configure(); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index bd9db27..8a8fb8f 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -241,11 +241,9 @@ if ($_POST['apply']) { if ($if == "lan") $savemsg = "The changes have been applied. You may need to correct your web browser's IP address."; /* sync filter configuration */ - config_lock(); setup_gateways_monitor(); if (file_exists($d_staticroutesdirty_path)) unlink($d_staticroutesdirty_path); - config_unlock(); filter_configure(); /* set up static routes */ system_routing_configure(); diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 62efff1..3b84802 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -124,11 +124,8 @@ if ($_POST['apply']) { write_config(); $retval = 0; - $savemsg = get_std_save_message($retval); - - config_lock(); $retval = filter_configure(); - config_unlock(); + $savemsg = get_std_save_message($retval); if (stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/load_balancer_monitor.php b/usr/local/www/load_balancer_monitor.php index ef0a1f0..96406a9 100755 --- a/usr/local/www/load_balancer_monitor.php +++ b/usr/local/www/load_balancer_monitor.php @@ -48,11 +48,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); $retval |= relayd_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_vsconfdirty_path); diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php index 50a5903..80b6941 100755 --- a/usr/local/www/load_balancer_pool.php +++ b/usr/local/www/load_balancer_pool.php @@ -50,11 +50,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); $retval |= relayd_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_vsconfdirty_path); diff --git a/usr/local/www/load_balancer_relay_action.php b/usr/local/www/load_balancer_relay_action.php index 2c95ce4..6653f93 100755 --- a/usr/local/www/load_balancer_relay_action.php +++ b/usr/local/www/load_balancer_relay_action.php @@ -50,11 +50,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); $retval |= relayd_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_vsconfdirty_path); diff --git a/usr/local/www/load_balancer_relay_protocol.php b/usr/local/www/load_balancer_relay_protocol.php index 2d982c4..e0007b5 100755 --- a/usr/local/www/load_balancer_relay_protocol.php +++ b/usr/local/www/load_balancer_relay_protocol.php @@ -48,11 +48,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval |= filter_configure(); $retval |= relayd_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_vsconfdirty_path); diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php index f7d61a9..ba62613 100755 --- a/usr/local/www/load_balancer_virtual_server.php +++ b/usr/local/www/load_balancer_virtual_server.php @@ -50,10 +50,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - config_lock(); $retval |= filter_configure(); $retval |= relayd_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); unlink_if_exists($d_vsconfdirty_path); } diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 180840d..7d5a73d 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -191,10 +191,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = captiveportal_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); } diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 19bbccd..70908c7 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -57,9 +57,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_allowedipsdirty_path)) { - config_lock(); unlink($d_allowedipsdirty_path); - config_unlock(); } } } diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 47940c4..01ef052 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -57,9 +57,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_passthrumacsdirty_path)) { - config_lock(); unlink($d_passthrumacsdirty_path); - config_unlock(); } } } diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index e7f70f6..99651cb 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -302,7 +302,6 @@ if ($_POST) { $retval = 0; $retvaldhcp = 0; $retvaldns = 0; - config_lock(); /* Stop DHCP so we can cleanup leases */ killbyname("dhcpd"); dhcp_clean_leases(); @@ -323,7 +322,6 @@ if ($_POST) { unlink($d_staticmapsdirty_path); } } - config_unlock(); if($retvaldhcp == 1 || $retvaldns == 1) $retval = 1; $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php index 1517be2..4d12ee9 100755 --- a/usr/local/www/services_dhcp_relay.php +++ b/usr/local/www/services_dhcp_relay.php @@ -141,9 +141,7 @@ if ($_POST) { write_config(); $retval = 0; - config_lock(); $retval = services_dhcrelay_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); } diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php index e416011..3f6e27b 100755 --- a/usr/local/www/services_dnsmasq.php +++ b/usr/local/www/services_dnsmasq.php @@ -65,11 +65,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = services_dnsmasq_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 8cfafc1..651bf6d 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -114,9 +114,7 @@ if ($_POST) { mwexec("rm {$g['conf_path']}/dyndns_{$dyndns['interface']}{$dyndns['type']}.cache"); conf_mount_ro(); - config_lock(); $retval = services_dyndns_configure_client($dyndns); - config_unlock(); header("Location: services_dyndns.php"); exit; diff --git a/usr/local/www/services_igmpproxy.php b/usr/local/www/services_igmpproxy.php index eb28fdd..c69e0a8 100755 --- a/usr/local/www/services_igmpproxy.php +++ b/usr/local/www/services_igmpproxy.php @@ -54,11 +54,8 @@ if ($_POST) { $pconfig = $_POST; $retval = 0; - - config_lock(); /* reload all components that use igmpproxy */ $retval = services_igmpproxy_configure(); - config_unlock(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/services_proxyarp.php b/usr/local/www/services_proxyarp.php index e358061..51a29a0 100755 --- a/usr/local/www/services_proxyarp.php +++ b/usr/local/www/services_proxyarp.php @@ -51,9 +51,7 @@ if ($_POST) { $pconfig = $_POST; $retval = 0; - config_lock(); $retval = services_proxyarp_configure(); - config_unlock(); $savemsg = get_std_save_message($retval); if ($retval == 0) { diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index e4d4e84..4c0a40b 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -96,9 +96,7 @@ if ($_POST) { write_config("New/Edited RFC2136 dnsupdate entry was posted."); - config_lock(); $retval = services_dnsupdate_process(); - config_unlock(); header("Location: services_rfc2136.php"); exit; diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php index fc948e4..1e8b4c1 100755 --- a/usr/local/www/services_snmp.php +++ b/usr/local/www/services_snmp.php @@ -142,11 +142,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = services_snmpd_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); } } diff --git a/usr/local/www/status_rrd_graph_settings.php b/usr/local/www/status_rrd_graph_settings.php index f64870b..419050c 100755 --- a/usr/local/www/status_rrd_graph_settings.php +++ b/usr/local/www/status_rrd_graph_settings.php @@ -66,10 +66,7 @@ if ($_POST) { write_config(); $retval = 0; - config_lock(); $retval = enable_rrd_graphing(); - config_unlock(); - $savemsg = get_std_save_message($retval); } } diff --git a/usr/local/www/system.php b/usr/local/www/system.php index 57d1e4d..fe983a8 100755 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -198,7 +198,6 @@ if ($_POST) { write_config($changedesc); $retval = 0; - config_lock(); $retval = system_hostname_configure(); $retval |= system_hosts_generate(); $retval |= system_resolvconf_generate(); @@ -211,10 +210,8 @@ if ($_POST) { $retval |= interface_configure(); // Reload the filter - plugins might need to be run. - filter_configure(); + $retval |= filter_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); } } diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 9f0002c..cee9221 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -147,11 +147,9 @@ if ($_POST) { write_config(); - config_lock(); $retval = filter_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); + if ($restart_webgui) $savemsg .= "<br />One moment...redirecting to {$url} in 20 seconds."; diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 57d5af4..f81a613 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -126,7 +126,6 @@ if ($_POST) { filter_load_ipfw(); $retval = 0; - config_lock(); $retval = filter_configure(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index a190777..82db06a 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -75,13 +75,11 @@ if ($_POST) { write_config(); $retval = 0; - config_lock(); $retval = filter_configure(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); else $savemsg = $retval; - config_unlock(); activate_powerd(); } diff --git a/usr/local/www/system_advanced_network.php b/usr/local/www/system_advanced_network.php index ffb003c..c5db50b 100644 --- a/usr/local/www/system_advanced_network.php +++ b/usr/local/www/system_advanced_network.php @@ -106,13 +106,11 @@ if ($_POST) { write_config(); - config_lock(); $retval = filter_configure(); if(stristr($retval, "error") <> true) $savemsg = get_std_save_message($retval); else $savemsg = $retval; - config_unlock(); } } diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index e236f28..3d794a7 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -60,9 +60,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_staticroutesdirty_path)) { - config_lock(); unlink($d_staticroutesdirty_path); - config_unlock(); } } } diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index a2aace9..6522895 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -64,9 +64,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_staticroutesdirty_path)) { - config_lock(); unlink($d_staticroutesdirty_path); - config_unlock(); } } } diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php index ecbb552..c563d5e 100755 --- a/usr/local/www/system_routes.php +++ b/usr/local/www/system_routes.php @@ -66,9 +66,7 @@ if ($_POST) { $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_staticroutesdirty_path)) { - config_lock(); unlink($d_staticroutesdirty_path); - config_unlock(); } } } else { diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 85094ec..8eb81ce 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -56,10 +56,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - config_lock(); $retval = vpn_ipsec_refresh_policies(); $retval = vpn_ipsec_configure(); - config_unlock(); /* reload the filter in the background */ filter_configure(); $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/vpn_l2tp.php b/usr/local/www/vpn_l2tp.php index 2e6829a..3c6cdea 100644 --- a/usr/local/www/vpn_l2tp.php +++ b/usr/local/www/vpn_l2tp.php @@ -138,11 +138,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = vpn_l2tp_configure(); - config_unlock(); - $savemsg = get_std_save_message($retval); /* if ajax is calling, give them an update message */ diff --git a/usr/local/www/vpn_l2tp_users.php b/usr/local/www/vpn_l2tp_users.php index 46cd2eb..b402f18 100644 --- a/usr/local/www/vpn_l2tp_users.php +++ b/usr/local/www/vpn_l2tp_users.php @@ -45,9 +45,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); $retval = vpn_l2tp_configure(); - config_unlock(); } $savemsg = get_std_save_message($retval); if ($retval == 0) { diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index ff3e5fe..98d2dc7 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -110,9 +110,7 @@ if ($_POST) { write_config(); - config_lock(); $retval = vpn_l2tp_configure(); - config_unlock(); pfSenseHeader("vpn_l2tp_users.php"); diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 192bb61..592ba07 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -172,11 +172,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = vpn_setup(); - config_unlock(); - $savemsg = get_std_save_message($retval); } } diff --git a/usr/local/www/vpn_pppoe_users.php b/usr/local/www/vpn_pppoe_users.php index 7cbf0f2..30de917 100755 --- a/usr/local/www/vpn_pppoe_users.php +++ b/usr/local/www/vpn_pppoe_users.php @@ -50,11 +50,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - - config_lock(); $retval = vpn_setup(); - config_unlock(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_pppoeuserdirty_path)) diff --git a/usr/local/www/vpn_pppoe_users_edit.php b/usr/local/www/vpn_pppoe_users_edit.php index b5f6108..816772b 100755 --- a/usr/local/www/vpn_pppoe_users_edit.php +++ b/usr/local/www/vpn_pppoe_users_edit.php @@ -110,9 +110,7 @@ if ($_POST) { write_config(); - config_lock(); $retval = vpn_setup(); - config_unlock(); header("Location: vpn_pppoe_users.php"); exit; diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 036a1c6..6f01353 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -188,11 +188,7 @@ if ($_POST) { write_config(); $retval = 0; - - config_lock(); $retval = vpn_setup(); - config_unlock(); - $savemsg = get_std_save_message($retval); filter_configure(); diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php index 62533dc..d49dd43 100755 --- a/usr/local/www/vpn_pptp_users.php +++ b/usr/local/www/vpn_pptp_users.php @@ -50,9 +50,7 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; - config_lock(); $retval = vpn_setup(); - config_unlock(); $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_pptpuserdirty_path)) diff --git a/usr/sbin/config_lock.sh b/usr/sbin/config_lock.sh index a84d855..8f541c7 100755 --- a/usr/sbin/config_lock.sh +++ b/usr/sbin/config_lock.sh @@ -3,7 +3,7 @@ <?php -require_once("config.inc"); -config_unlock(); +require_once("util.inc"); +$GLOBALS['lockscript'] = lock('config'); ?> diff --git a/usr/sbin/config_unlock.sh b/usr/sbin/config_unlock.sh index f534abc..39743c8 100755 --- a/usr/sbin/config_unlock.sh +++ b/usr/sbin/config_unlock.sh @@ -3,7 +3,7 @@ <?php -require_once("config.inc"); -config_lock(); +require_once("util.inc"); +unlock($GLOBALS['lockscript']); ?> |
