diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
| commit | c92ccac76ff2938c5718440efdd846317f6a2d55 (patch) | |
| tree | 1dd190505af25191f0289552a155732d7432da58 /etc/inc/config.lib.inc | |
| parent | 386447eaa7cfe727678455955285b1ecd4e6e9f9 (diff) | |
| parent | c9b08a50f0ba328ac0569247eb2063d34f7e6279 (diff) | |
| download | pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.zip pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.tar.gz | |
Merge remote branch 'mainline/master' into inc
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/gwlb.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/shaper.inc
etc/inc/upgrade_config.inc
etc/inc/xmlparse.inc
usr/local/www/fbegin.inc
Diffstat (limited to 'etc/inc/config.lib.inc')
| -rw-r--r-- | etc/inc/config.lib.inc | 81 |
1 files changed, 59 insertions, 22 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 36417cd..e985aa8 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -39,7 +39,7 @@ POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync + pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ @@ -148,7 +148,7 @@ function parse_config($parse = false) { die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.")); } } - $config = parse_xml_config($g['conf_path'] . '/config.xml', $g['xml_rootobj']); + $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense')); if($config == "-1") { $last_backup = discover_last_backup(); if ($last_backup) @@ -210,6 +210,7 @@ function restore_backup($file) { conf_mount_rw(); unlink_if_exists("{$g['tmp_path']}/config.cache"); copy("$file","/cf/conf/config.xml"); + disable_security_checks(); log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file)); file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", ""); conf_mount_ro(); @@ -352,7 +353,7 @@ function conf_mount_ro() { clear_subsystem_dirty('mount'); /* sync data, then force a remount of /cf */ - mwexec("/bin/sync; /bin/sync"); + pfSense_sync(); mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); mwexec("/sbin/mount -u -r -f /"); } @@ -432,27 +433,32 @@ function convert_config() { * boolean - true if successful, false if not ******/ function safe_write_file($file, $content, $force_binary) { - $tmp_file = $file . "." . getmypid(); - $write_mode = $force_binary ? "wb" : "w"; + $tmp_file = $file . "." . getmypid(); + $write_mode = $force_binary ? "wb" : "w"; - $fd = fopen($tmp_file, $write_mode); - if (!$fd) { - // Unable to open temporary file for writing - return false; - } - if (!fwrite($fd, $content)) { - // Unable to write to temporary file - fclose($fd); - return false; + $fd = fopen($tmp_file, $write_mode); + if (!$fd) { + // Unable to open temporary file for writing + return false; } - fclose($fd); + if (!fwrite($fd, $content)) { + // Unable to write to temporary file + fclose($fd); + return false; + } + fflush($fd); + fclose($fd); - if (!rename($tmp_file, $file)) { - // Unable to move temporary file to original - unlink($tmp_file); - return false; - } - return true; + if (!rename($tmp_file, $file)) { + // Unable to move temporary file to original + @unlink($tmp_file); + return false; + } + + // Sync file before returning + pfSense_sync(); + + return true; } /****f* config/write_config @@ -569,6 +575,8 @@ function reset_factory_defaults($lock = false) { /* copy default configuration */ copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml"); + disable_security_checks(); + /* call the wizard */ touch("/conf/trigger_initial_wizard"); if (!$lock) @@ -593,6 +601,8 @@ function config_restore($conffile) { unlink_if_exists("{$g['tmp_path']}/config.cache"); copy($conffile, "{$g['cf_conf_path']}/config.xml"); + disable_security_checks(); + unlock($lockkey); $config = parse_config(true); @@ -623,6 +633,8 @@ function config_install($conffile) { copy($conffile, "{$g['conf_path']}/config.xml"); + disable_security_checks(); + /* unlink cache file if it exists */ if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); @@ -633,6 +645,31 @@ function config_install($conffile) { return 0; } +/* + * Disable security checks for DNS rebind and HTTP referrer until next time + * they pass (or reboot), to aid in preventing accidental lockout when + * restoring settings like hostname, domain, IP addresses, and settings + * related to the DNS rebind and HTTP referrer checks. + * Intended for use when restoring a configuration or directly + * modifying config.xml without an unconditional reboot. + */ +function disable_security_checks() { + global $g; + touch("{$g['tmp_path']}/disable_security_checks"); +} + +/* Restores security checks. Should be called after all succeed. */ +function restore_security_checks() { + global $g; + unlink_if_exists("{$g['tmp_path']}/disable_security_checks"); +} + +/* Returns status of security check temporary disable. */ +function security_checks_disabled() { + global $g; + return file_exists("{$g['tmp_path']}/disable_security_checks"); +} + function config_validate($conffile) { global $g, $xmlerr; @@ -690,7 +727,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) { $i = true; if($g['booting']) echo "."; - $newxml = parse_xml_config($backup, $g['xml_rootobj']); + $newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense')); if($newxml == "-1") { log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup)); unlink($backup); |
