summaryrefslogtreecommitdiffstats
path: root/etc/inc/config.lib.inc
diff options
context:
space:
mode:
authorVinicius Coque <vinicius.coque@bluepex.com>2010-12-14 09:56:34 -0200
committerVinicius Coque <vinicius.coque@bluepex.com>2010-12-14 09:56:34 -0200
commitc92ccac76ff2938c5718440efdd846317f6a2d55 (patch)
tree1dd190505af25191f0289552a155732d7432da58 /etc/inc/config.lib.inc
parent386447eaa7cfe727678455955285b1ecd4e6e9f9 (diff)
parentc9b08a50f0ba328ac0569247eb2063d34f7e6279 (diff)
downloadpfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.zip
pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.tar.gz
Merge remote branch 'mainline/master' into inc
Conflicts: etc/inc/auth.inc etc/inc/config.lib.inc etc/inc/filter.inc etc/inc/gwlb.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc etc/inc/shaper.inc etc/inc/upgrade_config.inc etc/inc/xmlparse.inc usr/local/www/fbegin.inc
Diffstat (limited to 'etc/inc/config.lib.inc')
-rw-r--r--etc/inc/config.lib.inc81
1 files changed, 59 insertions, 22 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc
index 36417cd..e985aa8 100644
--- a/etc/inc/config.lib.inc
+++ b/etc/inc/config.lib.inc
@@ -39,7 +39,7 @@
POSSIBILITY OF SUCH DAMAGE.
- pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync
+ pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck
pfSense_MODULE: config
*/
@@ -148,7 +148,7 @@ function parse_config($parse = false) {
die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."));
}
}
- $config = parse_xml_config($g['conf_path'] . '/config.xml', $g['xml_rootobj']);
+ $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense'));
if($config == "-1") {
$last_backup = discover_last_backup();
if ($last_backup)
@@ -210,6 +210,7 @@ function restore_backup($file) {
conf_mount_rw();
unlink_if_exists("{$g['tmp_path']}/config.cache");
copy("$file","/cf/conf/config.xml");
+ disable_security_checks();
log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file));
file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", "");
conf_mount_ro();
@@ -352,7 +353,7 @@ function conf_mount_ro() {
clear_subsystem_dirty('mount');
/* sync data, then force a remount of /cf */
- mwexec("/bin/sync; /bin/sync");
+ pfSense_sync();
mwexec("/sbin/mount -u -r -f {$g['cf_path']}");
mwexec("/sbin/mount -u -r -f /");
}
@@ -432,27 +433,32 @@ function convert_config() {
* boolean - true if successful, false if not
******/
function safe_write_file($file, $content, $force_binary) {
- $tmp_file = $file . "." . getmypid();
- $write_mode = $force_binary ? "wb" : "w";
+ $tmp_file = $file . "." . getmypid();
+ $write_mode = $force_binary ? "wb" : "w";
- $fd = fopen($tmp_file, $write_mode);
- if (!$fd) {
- // Unable to open temporary file for writing
- return false;
- }
- if (!fwrite($fd, $content)) {
- // Unable to write to temporary file
- fclose($fd);
- return false;
+ $fd = fopen($tmp_file, $write_mode);
+ if (!$fd) {
+ // Unable to open temporary file for writing
+ return false;
}
- fclose($fd);
+ if (!fwrite($fd, $content)) {
+ // Unable to write to temporary file
+ fclose($fd);
+ return false;
+ }
+ fflush($fd);
+ fclose($fd);
- if (!rename($tmp_file, $file)) {
- // Unable to move temporary file to original
- unlink($tmp_file);
- return false;
- }
- return true;
+ if (!rename($tmp_file, $file)) {
+ // Unable to move temporary file to original
+ @unlink($tmp_file);
+ return false;
+ }
+
+ // Sync file before returning
+ pfSense_sync();
+
+ return true;
}
/****f* config/write_config
@@ -569,6 +575,8 @@ function reset_factory_defaults($lock = false) {
/* copy default configuration */
copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml");
+ disable_security_checks();
+
/* call the wizard */
touch("/conf/trigger_initial_wizard");
if (!$lock)
@@ -593,6 +601,8 @@ function config_restore($conffile) {
unlink_if_exists("{$g['tmp_path']}/config.cache");
copy($conffile, "{$g['cf_conf_path']}/config.xml");
+ disable_security_checks();
+
unlock($lockkey);
$config = parse_config(true);
@@ -623,6 +633,8 @@ function config_install($conffile) {
copy($conffile, "{$g['conf_path']}/config.xml");
+ disable_security_checks();
+
/* unlink cache file if it exists */
if(file_exists("{$g['tmp_path']}/config.cache"))
unlink("{$g['tmp_path']}/config.cache");
@@ -633,6 +645,31 @@ function config_install($conffile) {
return 0;
}
+/*
+ * Disable security checks for DNS rebind and HTTP referrer until next time
+ * they pass (or reboot), to aid in preventing accidental lockout when
+ * restoring settings like hostname, domain, IP addresses, and settings
+ * related to the DNS rebind and HTTP referrer checks.
+ * Intended for use when restoring a configuration or directly
+ * modifying config.xml without an unconditional reboot.
+ */
+function disable_security_checks() {
+ global $g;
+ touch("{$g['tmp_path']}/disable_security_checks");
+}
+
+/* Restores security checks. Should be called after all succeed. */
+function restore_security_checks() {
+ global $g;
+ unlink_if_exists("{$g['tmp_path']}/disable_security_checks");
+}
+
+/* Returns status of security check temporary disable. */
+function security_checks_disabled() {
+ global $g;
+ return file_exists("{$g['tmp_path']}/disable_security_checks");
+}
+
function config_validate($conffile) {
global $g, $xmlerr;
@@ -690,7 +727,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) {
$i = true;
if($g['booting'])
echo ".";
- $newxml = parse_xml_config($backup, $g['xml_rootobj']);
+ $newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense'));
if($newxml == "-1") {
log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup));
unlink($backup);
OpenPOWER on IntegriCloud