summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorVinicius Coque <vinicius.coque@bluepex.com>2011-03-29 13:36:41 -0300
committerVinicius Coque <vinicius.coque@bluepex.com>2011-03-29 13:36:41 -0300
commitbca0472d5589beefe197858dfe10739108196c62 (patch)
tree7ae388840dbc925549dd7cef7b38bc24df225703 /etc
parent152ab4d0c036889d5d983cef0f612c2dcf211e7b (diff)
parenta5187d43751edccce1aceb7efec96aae91d616dc (diff)
downloadpfsense-bca0472d5589beefe197858dfe10739108196c62.zip
pfsense-bca0472d5589beefe197858dfe10739108196c62.tar.gz
Merge remote-tracking branch 'mainline/master' into inc
Conflicts: etc/inc/voucher.inc
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/captiveportal.inc82
-rw-r--r--etc/inc/config.lib.inc11
-rw-r--r--etc/inc/easyrule.inc2
-rw-r--r--etc/inc/filter.inc19
-rw-r--r--etc/inc/upgrade_config.inc138
-rw-r--r--etc/inc/voucher.inc45
-rwxr-xr-xetc/rc.bootup4
-rwxr-xr-xetc/sshd8
8 files changed, 191 insertions, 118 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 0962cd8..fb2384c 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -57,6 +57,7 @@ function get_default_captive_portal_html() {
<html>
<body>
<form method="post" action="\$PORTAL_ACTION\$">
+ <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$">
<center>
<table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000">
<tr height="10" bgcolor="#990000">
@@ -94,7 +95,6 @@ function get_default_captive_portal_html() {
<div id='loginbox'>
Enter Voucher Code:
<input name="auth_voucher" type="text" style="border:1px dashed;" size="22">
- <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$">
<input name="accept" type="submit" value="Continue">
</div>
</center>
@@ -273,82 +273,8 @@ function captiveportal_configure() {
if ($config['captiveportal']['page']['errtext'])
$errtext = base64_decode($config['captiveportal']['page']['errtext']);
else {
- /* example page */
- $errtext = <<<EOD
-<html>
- <body>
- <form method="post" action="\$PORTAL_ACTION\$">
- <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$">
- <center>
- <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000">
- <tr height="10" bgcolor="#990000">
- <td style="border-bottom:1px solid #000000">
- <font color='white'>
- <b>
- {$g['product_name']} captive portal
- </b>
- </font>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainlevel">
- <center>
- <table width="100%" border="0" cellpadding="5" cellspacing="0">
- <tr>
- <td>
- <center>
- <div id="mainarea">
- <center>
- <table width="100%" border="0" cellpadding="5" cellspacing="5">
- <tr>
- <td>
- <div id="maindivarea">
- <center>
- <div id='statusbox'>
- <font color='red' face='arial' size='+1'>
- <b>
- \$PORTAL_MESSAGE\$
- </b>
- </font>
- </div>
- <br/>
- <div id='loginbox'>
- <table>
- <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr>
- <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr>
- <tr><td>&nbsp;</td></tr>
- <tr>
- <td colspan="2">
- <center><input name="accept" type="submit" value="Continue"></center>
- </td>
- </tr>
- </table>
- </div>
- </center>
- </div>
- </td>
- </tr>
- </table>
- </center>
- </div>
- </center>
- </td>
- </tr>
- </table>
- </center>
- </div>
- </td>
- </tr>
- </table>
- </center>
- </form>
- </body>
-</html>
-
-EOD;
+ /* example page */
+ $errtext = get_default_captive_portal_html();
}
$fd = @fopen("{$g['varetc_path']}/captiveportal-error.html", "w");
@@ -1814,7 +1740,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
/* redirect user to desired destination */
if (!empty($attributes['url_redirection']))
$my_redirurl = $attributes['url_redirection'];
- else if ($config['captiveportal']['redirurl'])
+ else if (!empty($config['captiveportal']['redirurl']))
$my_redirurl = $config['captiveportal']['redirurl'];
else
$my_redirurl = $redirurl;
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc
index b319ef8..9a5bd12 100644
--- a/etc/inc/config.lib.inc
+++ b/etc/inc/config.lib.inc
@@ -301,16 +301,13 @@ EOD;
* null
******/
/* mount flash card read/write */
-function conf_mount_rw($nobootcheck = false) {
+function conf_mount_rw() {
global $g;
/* do not mount on cdrom platform */
if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
return;
- if($g['booting'] && !$nobootcheck)
- return;
-
if (refcount_reference(1000) > 1)
return;
@@ -324,7 +321,7 @@ function conf_mount_rw($nobootcheck = false) {
/* if the platform is soekris or wrap or pfSense, lets mount the
* compact flash cards root.
- */
+ */
$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
/* we could not mount this correctly. kick off fsck */
if($status <> 0) {
@@ -342,14 +339,14 @@ function conf_mount_rw($nobootcheck = false) {
* RESULT
* null
******/
-function conf_mount_ro($nobootcheck = false) {
+function conf_mount_ro() {
global $g;
/* do not umount on cdrom or pfSense platforms */
if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
return;
- if($g['booting'] && !$nobootcheck)
+ if($g['booting'])
return;
if (refcount_unreference(1000) > 0)
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc
index 0a6c703..fed7cba 100644
--- a/etc/inc/easyrule.inc
+++ b/etc/inc/easyrule.inc
@@ -53,7 +53,7 @@ function easyrule_find_rule_interface($int) {
$iflist['l2tp'] = "L2TP VPN";
/* add ipsec interfaces */
- if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])){
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])){
$iflist["enc0"] = "IPSEC";
}
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 7d558eb..08b166f 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -793,7 +793,7 @@ function filter_generate_optcfg_array() {
$FilterIflist['pppoe'] = $oic;
}
/* add ipsec interfaces */
- if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) {
+ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
$oic = array();
$oic['if'] = 'enc0';
$oic['descr'] = 'IPsec';
@@ -1071,7 +1071,12 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
$socktype = "stream";
$dash_u = "";
}
- $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n";
+ $target = explode(" ", trim($target));
+ foreach ($target as $targip) {
+ if (empty($targip))
+ continue;
+ $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n";
+ }
}
$inetdport++;
}
@@ -1621,7 +1626,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
$src = "{$lansa}/{$lansn}";
break;
case 'pptp':
- $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']);
+ $pptpsa = gen_subnet($FilterIflist['pptp']['sa'], $FilterIflist['pptp']['sn']);
$pptpsn = $FilterIflist['pptp']['sn'];
$src = "{$pptpsa}/{$pptpsn}";
break;
@@ -2154,6 +2159,7 @@ EOD;
$ipfrules .= <<<EOD
# allow PPTP client
pass in on \${$oc['descr']} proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client on {$oc['descr']}"
+pass in on \${$oc['descr']} proto gre from any to any keep state label "allow PPTP client on {$oc['descr']}"
EOD;
break;
@@ -2185,8 +2191,8 @@ EOD;
if($config['dhcpd'][$on]['failover_peerip'] <> "") {
$ipfrules .= <<<EOD
# allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']}
-pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover"
-pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover"
+pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover"
+pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover"
EOD;
}
@@ -2223,7 +2229,7 @@ EOD;
/* add ipsec interfaces */
- if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
+ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
$ipfrules .= <<<EOD
pass out on \$IPsec all keep state label "IPsec internal host to host"
@@ -2271,6 +2277,7 @@ EOD;
$ipfrules .= <<<EOD
# PPTPd rules
pass in on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}"
+pass in on \${$FilterIflist['wan']['descr']} proto gre from any to any keep state label "allow gre pptpd"
EOD;
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index f530165..8cdc97c 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -982,6 +982,7 @@ function upgrade_046_to_047() {
$ph1alg = array( 'name' => 'aes', 'keylen' => '128' );
break;
case "rijndael 256":
+ case "aes 256":
$ph1alg = array( 'name' => 'aes', 'keylen' => '256' );
break;
}
@@ -1066,6 +1067,7 @@ function upgrade_046_to_047() {
break;
case "rijndael":
case "rijndael 256":
+ case "aes 256":
$ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' );
$aes_found = true;
$aes_count++;
@@ -1090,6 +1092,142 @@ function upgrade_046_to_047() {
$config['ipsec']['phase1'] = $a_phase1;
$config['ipsec']['phase2'] = $a_phase2;
}
+
+ /* Upgrade Mobile IPsec */
+ if (isset($config['ipsec']['mobileclients'])
+ && is_array($config['ipsec']['mobileclients'])
+ && is_array($config['ipsec']['mobileclients']['p1'])
+ && is_array($config['ipsec']['mobileclients']['p2'])) {
+
+ if (isset($config['ipsec']['mobileclients']['enable'])) {
+ $config['ipsec']['client']['enable'] = true;
+ $config['ipsec']['client']['user_source'] = 'system';
+ $config['ipsec']['client']['group_source'] = 'system';
+ }
+
+ $mobilecfg = $config['ipsec']['mobileclients'];
+
+ $ph1ent = array();
+ $ph1ent['ikeid'] = ++$ikeid;
+
+ if (!isset($mobilecfg['enable']))
+ $ph1ent['disabled'] = true;
+
+ /* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */
+ $ph1ent['interface'] = 'wan';
+ $ph1ent['descr'] = "Mobile Clients (upgraded)";
+ $ph1ent['mode'] = $mobilecfg['p1']['mode'];
+
+ if (isset($mobilecfg['p1']['myident']['myaddress']))
+ $ph1ent['myid_type'] = "myaddress";
+ if (isset($mobilecfg['p1']['myident']['address'])) {
+ $ph1ent['myid_type'] = "address";
+ $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address'];
+ }
+ if (isset($mobilecfg['p1']['myident']['fqdn'])) {
+ $ph1ent['myid_type'] = "fqdn";
+ $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn'];
+ }
+ if (isset($mobilecfg['p1']['myident']['ufqdn'])) {
+ $ph1ent['myid_type'] = "user_fqdn";
+ $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn'];
+ }
+ if (isset($mobilecfg['p1']['myident']['asn1dn'])) {
+ $ph1ent['myid_type'] = "asn1dn";
+ $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn'];
+ }
+ if (isset($mobilecfg['p1']['myident']['dyn_dns'])) {
+ $ph1ent['myid_type'] = "dyn_dns";
+ $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns'];
+ }
+ $ph1ent['peerid_type'] = "fqdn";
+ $ph1ent['peerid_data'] = "";
+
+ switch ($mobilecfg['p1']['encryption-algorithm']) {
+ case "des":
+ $ph1alg = array( 'name' => 'des' );
+ break;
+ case "3des":
+ $ph1alg = array( 'name' => '3des' );
+ break;
+ case "blowfish":
+ $ph1alg = array( 'name' => 'blowfish', 'keylen' => '128' );
+ break;
+ case "cast128":
+ $ph1alg = array( 'name' => 'cast128' );
+ break;
+ case "rijndael":
+ $ph1alg = array( 'name' => 'aes', 'keylen' => '128' );
+ break;
+ case "rijndael 256":
+ case "aes 256":
+ $ph1alg = array( 'name' => 'aes', 'keylen' => '256' );
+ break;
+ }
+
+ $ph1ent['encryption-algorithm'] = $ph1alg;
+ $ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm'];
+ $ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup'];
+ $ph1ent['lifetime'] = $mobilecfg['p1']['lifetime'];
+ $ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method'];
+
+ if (isset($mobilecfg['p1']['cert']))
+ $ph1ent['cert'] = $mobilecfg['p1']['cert'];
+ if (isset($mobilecfg['p1']['peercert']))
+ $ph1ent['peercert'] = $mobilecfg['p1']['peercert'];
+ if (isset($mobilecfg['p1']['private-key']))
+ $ph1ent['private-key'] = $mobilecfg['p1']['private-key'];
+
+ $ph1ent['nat_traversal'] = "on";
+ $ph1ent['dpd_enable'] = 1;
+ $ph1ent['dpd_delay'] = 10;
+ $ph1ent['dpd_maxfail'] = 5;
+ $ph1ent['mobile'] = true;
+
+ $ph2ent = array();
+ $ph2ent['ikeid'] = $ph1ent['ikeid'];
+ $ph2ent['descr'] = "phase2 for ".$mobilecfg['descr'];
+ $ph2ent['localid'] = array('type' => 'none');
+ $ph2ent['remoteid'] = array('type' => 'mobile');
+ $ph2ent['protocol'] = $mobilecfg['p2']['protocol'];
+
+ $aes_count = 0;
+ foreach( $mobilecfg['p2']['encryption-algorithm-option'] as $tunalg ) {
+ $aes_found = false;
+ switch ($tunalg) {
+ case "des":
+ $ph2alg = array( 'name' => 'des' );
+ break;
+ case "3des":
+ $ph2alg = array( 'name' => '3des' );
+ break;
+ case "blowfish":
+ $ph2alg = array( 'name' => 'blowfish', 'keylen' => 'auto' );
+ break;
+ case "cast128":
+ $ph2alg = array( 'name' => 'cast128' );
+ break;
+ case "rijndael":
+ case "rijndael 256":
+ case "aes 256":
+ $ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' );
+ $aes_found = true;
+ $aes_count++;
+ break;
+ }
+
+ if( !$aes_found || ($aes_count < 2))
+ $ph2ent['encryption-algorithm-option'][] = $ph2alg;
+ }
+ $ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option'];
+ $ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup'];
+ $ph2ent['lifetime'] = $mobilecfg['p2']['lifetime'];
+ $ph2ent['mobile'] = true;
+
+ $config['ipsec']['phase1'][] = $ph1ent;
+ $config['ipsec']['phase2'][] = $ph2ent;
+ unset($config['ipsec']['mobileclients']);
+ }
}
diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc
index 7d618ee..fee5d12 100644
--- a/etc/inc/voucher.inc
+++ b/etc/inc/voucher.inc
@@ -41,9 +41,9 @@ function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $user
global $g, $config;
require_once("xmlrpc.inc");
if($port == "443")
- $url = "https://{$syncip}:{$port}";
+ $url = "https://{$syncip}";
else
- $url = "http://{$syncip}:{$port}";
+ $url = "http://{$syncip}";
/* Construct code that is run on remote machine */
$method = 'pfsense.exec_php';
@@ -89,15 +89,15 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password,
global $g, $config;
require_once("xmlrpc.inc");
if($port == "443")
- $url = "https://{$syncip}:{$port}";
+ $url = "https://{$syncip}";
else
- $url = "http://{$syncip}:{$port}";
+ $url = "http://{$syncip}";
/* Construct code that is run on remote machine */
$method = 'pfsense.exec_php';
$execcmd = <<<EOF
require_once('/etc/inc/voucher.inc');
- \$timeleft = voucher_auth($voucher_received);
+ \$timeleft = voucher_auth({$voucher_received});
\$toreturn = array();
\$toreturn['timeleft'] = \$timeleft;
\$toreturn['voucher']['roll'] = \$config['voucher']['roll'];
@@ -119,12 +119,12 @@ EOF;
$error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", "");
- return array("timeleft" => "0");
+ return 0; // $timeleft
} elseif($resp->faultCode()) {
$error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("CaptivePortalVoucherSync", $error, "Error code received", "");
- return array("timeleft" => "0");
+ return 0; // $timeleft
} else {
log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
@@ -132,7 +132,7 @@ EOF;
if(count($toreturn['voucher']['roll']) <> count($config['voucher']['roll'])) {
$config['voucher']['roll'] = $toreturn['voucher']['roll'];
write_config("Captive Portal Voucher database synchronized with {$url}");
- voucher_configure();
+ voucher_configure(true);
}
return $toreturn['timeleft'];
@@ -230,12 +230,12 @@ function voucher_auth($voucher_received, $test = 0) {
}
} else {
$test_result[] = sprintf(gettext('%1$s (%2$s/%3$s): not found on any registererd Roll'), $voucher, $roll, $nr);
- captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll");
+ captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll");
}
} else {
// hmm, thats weird ... not what I expected
- $test_result[] = "$voucher " . gettext("invalid:") . " $result !!";
- captiveportal_syslog("$voucher " . gettext("invalid:") . " $result !!");
+ $test_result[] = sprintf(gettext('%1$s invalid: %2$s !!'),$voucher,$result);
+ captiveportal_syslog("$voucher invalid: $result !!");
$error++;
}
}
@@ -247,7 +247,7 @@ function voucher_auth($voucher_received, $test = 0) {
} else {
$test_result[] = sprintf(gettext("Access granted for %d Minutes in total."), $total_minutes);
}
- unlock($voucherlck);
+ unlock($voucherlck);
return $test_result;
}
@@ -264,8 +264,8 @@ function voucher_auth($voucher_received, $test = 0) {
// If we did a XMLRPC sync earlier check the timeleft
if(!empty($a_voucher['vouchersyncdbip']))
- if($remote_time_used['timeleft'] < $total_minutes)
- $total_minutes = $remote_time_used['timeleft'];
+ if($remote_time_used < $total_minutes)
+ $total_minutes = $remote_time_used;
// All given vouchers were valid and this isn't simply a test.
// Write back the used DB's
@@ -301,8 +301,8 @@ function voucher_auth($voucher_received, $test = 0) {
return $total_minutes;
}
-function voucher_configure() {
- global $config, $g;
+function voucher_configure($sync = false) {
+ global $config, $g;
/* kill any running minicron */
killbypid("{$g['varrun_path']}/vouchercron.pid");
@@ -311,7 +311,9 @@ function voucher_configure() {
return 0;
if ($g['booting'])
- echo gettext("Enabling voucher support... ");
+ echo "Enabling voucher support... ";
+ if ($sync == true)
+ captiveportal_syslog("Writing voucher db from sync data...");
// start cron if we're asked to save runtime DB periodically
// to XML config if it changed
@@ -328,8 +330,8 @@ function voucher_configure() {
$pubkey = base64_decode($config['voucher']['publickey']);
$fd = fopen("{$g['varetc_path']}/voucher.public", "w");
if (!$fd) {
- captiveportal_syslog(gettext("Voucher error: cannot write voucher.public") . "\n");
- unlock($voucherlck);
+ captiveportal_syslog("Voucher error: cannot write voucher.public\n");
+ unlock($voucherlck);
return 1;
}
fwrite($fd, $pubkey);
@@ -348,7 +350,7 @@ function voucher_configure() {
@chmod("{$g['varetc_path']}/voucher.cfg", 0600);
unlock($voucherlck);
- if ($g['booting'] && is_array($config['voucher']['roll'])) {
+ if (($g['booting'] || $sync == true) && is_array($config['voucher']['roll'])) {
// create active and used DB per roll on ramdisk from config
$a_roll = &$config['voucher']['roll'];
@@ -375,7 +377,8 @@ function voucher_configure() {
}
unlock($voucherlck);
- echo gettext("done") . "\n";
+ if ($g['booting'])
+ echo "done\n";
}
return 0;
diff --git a/etc/rc.bootup b/etc/rc.bootup
index b7a632e..6cff6ac 100755
--- a/etc/rc.bootup
+++ b/etc/rc.bootup
@@ -129,7 +129,7 @@ $memory = get_memory();
$avail = $memory[0];
echo " done.\n";
-conf_mount_rw(true);
+conf_mount_rw();
/* save dmesg output to file */
system_dmesg_save();
@@ -400,6 +400,6 @@ unset($g['booting']);
led_normalize();
-conf_mount_ro(true);
+conf_mount_ro();
?>
diff --git a/etc/sshd b/etc/sshd
index 67fbe00..a488729 100755
--- a/etc/sshd
+++ b/etc/sshd
@@ -42,7 +42,10 @@
exit;
}
- conf_mount_rw(true);
+ /* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */
+ if(!is_subsystem_dirty('sshdkeys')) {
+ conf_mount_rw();
+ }
function file_size($file) {
$size = filesize($file);
@@ -138,7 +141,6 @@
/* are we already running? if so exit */
if(is_subsystem_dirty('sshdkeys')) {
- conf_mount_ro(true);
exit;
}
@@ -185,6 +187,6 @@
exec("mkdir /conf/sshd");
exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
}
- conf_mount_ro(true);
+ conf_mount_ro();
?>
OpenPOWER on IntegriCloud