diff options
author | Renato Botelho <renato.botelho@bluepex.com> | 2010-09-28 10:19:40 -0300 |
---|---|---|
committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-09-28 10:19:40 -0300 |
commit | 43652f2fecfeb7ed4de28d697d515197ff1e3100 (patch) | |
tree | 962805777516af930939b2a9194927108d8a8319 /etc | |
parent | ad9db2a956814c4e04188b177e37061e7b310472 (diff) | |
parent | 7eab33095e8f2293a43ec03c7c6bf002c084bdb2 (diff) | |
download | pfsense-43652f2fecfeb7ed4de28d697d515197ff1e3100.zip pfsense-43652f2fecfeb7ed4de28d697d515197ff1e3100.tar.gz |
Merge remote branch 'mainline/master' into inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 8 | ||||
-rw-r--r-- | etc/inc/certs.inc | 170 | ||||
-rw-r--r-- | etc/inc/filter.inc | 1 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 40 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 8 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 6 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 6 | ||||
-rw-r--r-- | etc/inc/service-utils.inc | 7 | ||||
-rw-r--r-- | etc/inc/services.inc | 5 | ||||
-rw-r--r-- | etc/inc/system.inc | 26 | ||||
-rw-r--r-- | etc/inc/util.inc | 22 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 14 | ||||
-rw-r--r-- | etc/phpshellsessions/gitsync | 6 | ||||
-rwxr-xr-x | etc/rc | 11 | ||||
-rwxr-xr-x | etc/rc.bootup | 2 | ||||
-rwxr-xr-x | etc/rc.filter_synchronize | 6 | ||||
-rwxr-xr-x | etc/rc.newwanip | 5 |
17 files changed, 286 insertions, 57 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index c27eac0..874c99c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -369,7 +369,7 @@ EOD; <HEAD><TITLE>Redirecting...</TITLE></HEAD> <BODY> <SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;"> -<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B> +<B>Redirecting to <A HREF="<?=\$my_redirurl;?>"><?=\$my_redirurl;?></A>...</B> </SPAN> <SCRIPT LANGUAGE="JavaScript"> <!-- @@ -380,8 +380,8 @@ if (LogoutWin) { LogoutWin.document.write('<BODY BGCOLOR="#435370">'); LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ; LogoutWin.document.write('<B>Click the button below to disconnect</B><P>'); - LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">'); - LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">'); + LogoutWin.document.write('<FORM METHOD="POST" ACTION="<?=\$logouturl;?>">'); + LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="<?=\$sessionid;?>">'); LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">'); LogoutWin.document.write('</FORM>'); LogoutWin.document.write('</DIV></BODY>'); @@ -389,7 +389,7 @@ if (LogoutWin) { LogoutWin.document.close(); } -document.location.href="{$my_redirurl}"; +document.location.href="<?=\$my_redirurl;?>"; --> </SCRIPT> </BODY> diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 9ac7120..0a9e342 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -1,8 +1,9 @@ <?php /* $Id$ */ /* - Copyright (C) 2008 Shrew Soft Inc - All rights reserved. + Copyright (C) 2008 Shrew Soft Inc + Copyright (C) 2010 Jim Pingle <jimp@pfsense.org> + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -67,6 +68,25 @@ function & lookup_cert($refid) { return false; } +function & lookup_cert_by_name($name) { + global $config; + if (is_array($config['cert'])) + foreach ($config['cert'] as & $cert) + if ($cert['name'] == $name) + return $cert; +} + +function & lookup_crl($refid) { + global $config; + + if (is_array($config['crl'])) + foreach ($config['crl'] as & $crl) + if ($crl['refid'] == $refid) + return $crl; + + return false; +} + function ca_chain_array(& $cert) { if($cert['caref']) { $chain = array(); @@ -145,7 +165,7 @@ function ca_create(& $ca, $keylen, $lifetime, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -201,7 +221,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -231,7 +251,7 @@ function csr_generate(& $cert, $keylen, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -301,6 +321,10 @@ function cert_get_subject_array($crt) { $str_crt = base64_decode($crt); $inf_crt = openssl_x509_parse($str_crt); $components = $inf_crt['subject']; + + if (!is_array($components)) + return; + $subject_array = array(); foreach($components as $a => $v) @@ -397,4 +421,140 @@ function cert_in_use($certref) { is_ipsec_cert($certref)); } +/* +CRL code is a *WORK IN PROGRESS* do not try to use these functions yet. + +OpenSSL CRL status code constants. +OCSP_REVOKED_STATUS_NOSTATUS +OCSP_REVOKED_STATUS_UNSPECIFIED +OCSP_REVOKED_STATUS_KEYCOMPROMISE +OCSP_REVOKED_STATUS_CACOMPROMISE +OCSP_REVOKED_STATUS_AFFILIATIONCHANGED +OCSP_REVOKED_STATUS_SUPERSEDED +OCSP_REVOKED_STATUS_CESSATIONOFOPERATION +OCSP_REVOKED_STATUS_CERTIFICATEHOLD +OCSP_REVOKED_STATUS_REMOVEFROMCRL +*/ + +$openssl_crl_status = array( + OCSP_REVOKED_STATUS_NOSTATUS => "No Status (default)", + OCSP_REVOKED_STATUS_UNSPECIFIED => "Unspecified", + OCSP_REVOKED_STATUS_KEYCOMPROMISE => "Key Compromise", + OCSP_REVOKED_STATUS_CACOMPROMISE => "CA Compromise", + OCSP_REVOKED_STATUS_AFFILIATIONCHANGED => "Affiliation Changed", + OCSP_REVOKED_STATUS_SUPERSEDED => "Superseded", + OCSP_REVOKED_STATUS_CESSATIONOFOPERATION => "Cessation of Operation", + OCSP_REVOKED_STATUS_CERTIFICATEHOLD => "Certificate Hold", + OCSP_REVOKED_STATUS_REMOVEFROMCRL => "Remove from CRL" +); + +function crl_create(& $crl, $caref, $name, $serial=0, $lifetime=9999) { + global $config; + $ca =& lookup_ca($caref); + if (!$ca) + return false; + $crl['name'] = $name; + $crl['caref'] = $caref; + $crl['serial'] = $serial; + $crl['lifetime'] = $lifetime; + $crl['cert'] = array(); + $crl_res = crl_update($crl); + $config['crl'][] = $crl; + return $crl_res; +} + +function crl_update(& $crl) { + global $config; + $ca =& lookup_ca($crl['caref']); + if (!$ca) + return false; + // If we have text but no certs, it was imported and cannot be updated. + if (!empty($crl['text']) && empty($crl['cert'])) + return false; + $crl['serial']++; + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $crl_res = openssl_crl_new($ca_str_crt, $crl['serial'], $crl['lifetime']); + foreach ($crl['cert'] as $cert) { + openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + } + openssl_crl_export($crl_res, $crl_text, $ca_str_key); + $crl['text'] = base64_encode($crl_text); + return $crl_res; +} + +function cert_revoke($cert, & $crl, $reason=OCSP_REVOKED_STATUS_UNSPECIFIED) { + global $config; + if (is_cert_revoked($cert, $crl['refid'])) + return true; + // If we have text but no certs, it was imported and cannot be updated. + if (!is_crl_internal($crl)) + return false; + $cert["reason"] = $reason; + $cert["revoke_time"] = time(); + $crl["cert"][] = $cert; + crl_update($crl); + return true; +} + +function cert_unrevoke($cert, & $crl) { + global $config; + if (!is_crl_internal($crl)) + return false; + foreach ($crl['cert'] as $id => $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) { + unset($crl['cert'][$id]); + crl_update($crl); + return true; + } + } + return false; +} + +function is_cert_revoked($cert, $crlref = "") { + global $config; + if (!is_array($config['crl'])) + return false; + + if (!empty($crlref)) { + $crl = crl_lookup($crlref); + if (!is_array($crl['cert'])) + return false; + foreach ($crl['cert'] as $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) + return true; + } + } else { + foreach ($config['crl'] as $crl) { + if (!is_array($crl['cert'])) + continue; + foreach ($crl['cert'] as $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) + return true; + } + } + } + return false; +} + +function is_openvpn_server_crl($crlref) { + global $config; + if (!is_array($config['openvpn']['openvpn-server'])) + return; + foreach ($config['openvpn']['openvpn-server'] as $ovpns) { + if (!empty($ovpns['crlref']) && ($ovpns['crlref'] == $crlref)) + return true; + } + return false; +} + +// Keep this general to allow for future expansion. See cert_in_use() above. +function crl_in_use($crlref) { + return (is_openvpn_server_crl($crlref)); +} + +function is_crl_internal($crl) { + return !(!empty($crl['text']) && empty($crl['cert'])); +} + ?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2b1493c..c9d8b92 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1916,6 +1916,7 @@ function filter_rules_generate() { $pptpdcfg = $config['pptpd']; $pppoecfg = $config['pppoe']; + $ipfrules = ""; //$ipfrules .= discover_pkg_rules("filter"); /* if captive portal is enabled, ensure that access to this port diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 326e972..02d8711 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -149,10 +149,11 @@ EOD; if (!is_ipaddr($gwifip)) continue; //Skip this target - $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; + $apingercfg = "target \"{$gateway['monitor']}\" {\n"; $apingercfg .= " description \"{$name}\"\n"; $apingercfg .= " srcip \"{$gwifip}\"\n"; $alarms = ""; + $alarmscfg = ""; $override = false; if (!empty($gateway['lowloss'])) { $alarmscfg .= "alarm loss \"{$name}loss\" {\n"; @@ -270,16 +271,9 @@ function return_gateways_array($disabled = false) { $gateways_arr = array(); - /* Loop through all interfaces with a gateway and add it to a array */ - if ($disabled == false) { - $iflist = get_configured_interface_with_descr(); - } else { - $iflist = get_configured_interface_with_descr(false, true); - } - $i = 0; /* Process/add all the configured gateways. */ - if(is_array($config['gateways']['gateway_item'])) { + if (is_array($config['gateways']['gateway_item'])) { foreach($config['gateways']['gateway_item'] as $gateway) { if($gateway['gateway'] == "dynamic") { $gateway['gateway'] = get_interface_gateway($gateway['interface']); @@ -293,6 +287,13 @@ function return_gateways_array($disabled = false) { $gateway['friendlyiface'] = $gateway['interface']; $gateway['interface'] = get_real_interface($gateway['interface']); + /* Some interface like wan might be default but have no info recorded + * the config. + */ + if ($gateway['friendlyiface'] == "wan" && !isset($gateway['defaultgw'])) { + if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) + $gateway['defaultgw'] = true; + } /* include the gateway index as the attribute */ $gateway['attribute'] = $i; @@ -301,6 +302,12 @@ function return_gateways_array($disabled = false) { } } + /* Loop through all interfaces with a gateway and add it to a array */ + if ($disabled == false) + $iflist = get_configured_interface_with_descr(); + else + $iflist = get_configured_interface_with_descr(false, true); + /* Process/add dynamic gateways. */ foreach($iflist as $ifname => $friendly ) { if(! interface_has_gateway($ifname)) @@ -311,12 +318,16 @@ function return_gateways_array($disabled = false) { $gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']); $gateway['interface'] = get_real_interface($ifname); $gateway['friendlyiface'] = $ifname; - $gateway['name'] = "{$friendly}"; + $gateway['name'] = $friendly; $gateway['attribute'] = "system"; + if ($gateway['dynamic'] == "default") { + $gateway['defaultgw'] = true; + $gateway['dynamic'] = true; + } /* Loopback dummy for dynamic interfaces without a IP */ - if(!is_ipaddr($gateway['gateway']) && $gateway['dynamic'] == true) - $gateway['gateway'] = "dynamic"; + if (!is_ipaddr($gateway['gateway']) && $gateway['dynamic'] == true) + $gateway['gateway'] = "dynamic"; /* automatically skip known static and dynamic gateways we have a array entry for */ foreach($gateways_arr as $gateway_item) { @@ -506,7 +517,10 @@ function get_interface_gateway($interface, &$dynamic = false) { $realif = get_real_interface($interface); if (file_exists("{$g['tmp_path']}/{$realif}_router")) { $gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n"); - $dynamic = true; + if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) + $dynamic = "default"; + else + $dynamic = true; } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 74efd96..f4d224e 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -886,6 +886,8 @@ function interface_bring_down($interface = "wan", $destroy = false) { unlink_if_exists("{$g['tmp_path']}/{$realif}up"); unlink_if_exists("{$g['vardb_path']}/{$interface}ip"); unlink_if_exists("{$g['tmp_path']}/{$realif}_router"); + unlink_if_exists("{$g['varetc_path']}/nameserver_{$realif}"); + unlink_if_exists("{$g['varetc_path']}/searchdomain_{$realif}"); /* hostapd and wpa_supplicant do not need to be running when the interface is down. * They will also use 100% CPU if running after the wireless clone gets deleted. */ @@ -2544,15 +2546,15 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* reload ipsec tunnels */ vpn_ipsec_configure(); + /* restart dnsmasq */ + services_dnsmasq_configure(); + /* update dyndns */ services_dyndns_configure($interface); /* force DNS update */ services_dnsupdate_process($interface); - /* restart dnsmasq */ - services_dnsmasq_configure(); - /* reload captive portal */ captiveportal_init_rules(); diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index d150dd5..1e7e9b8 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -506,8 +506,10 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); if ($mode == 'server') $conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; - if ($settings['crl']) - openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); + if (!empty($settings['crlref'])) { + $crl = lookup_crl($settings['crlref']); + openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); + } if ($settings['tls']) { if (stristr($settings['mode'], "server")) $tlsopt = 0; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 7efdd86..8e0233e 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1700,8 +1700,10 @@ function version_get_string_value($a) { 2 => "ALPHA", 3 => "BETA", 4 => "B", - 5 => "RC", - 6 => "RELEASE" + 5 => "C", + 6 => "D", + 7 => "RC", + 8 => "RELEASE" ); $major = 0; $minor = 0; diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 281da52..925ff4f 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -41,9 +41,14 @@ $rcfileprefix = "/usr/local/etc/rc.d/"; function write_rcfile($params) { global $g; + global $rcfileprefix; + + if (!file_exists("{$rcfileprefix}{$params['file']}") && !touch("{$rcfileprefix}{$params['file']}")) + return false; if (!is_writable("{$rcfileprefix}{$params['file']}") || empty($params['start'])) return false; + $towrite = "#!/bin/sh\n"; $towrite .= "# This file was automatically generated\n# by the {$g['product_website']} service handler.\n\n"; @@ -75,6 +80,7 @@ function write_rcfile($params) { function start_service($name) { global $config; + global $rcfileprefix; /* make sure service is stopped before starting */ stop_service($name); @@ -106,6 +112,7 @@ function start_service($name) { function stop_service($name) { global $config; + global $rcfileprefix; if ($config['installedpackages']['service']) { foreach($config['installedpackages']['service'] as $service) { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 879741f..b784108 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -621,9 +621,6 @@ function services_dyndns_configure($int = "") { services_dyndns_configure_client($dyndns); sleep(1); - - if (!empty($int)) - break; } if ($g['booting']) @@ -1283,7 +1280,7 @@ function configure_cron() { file_put_contents("/etc/crontab", $crontab_contents); /* do a HUP kill to force sync changes */ - exec('/usr/bin/killall -HUP cron'); + exec('/bin/pkill -HUP cron'); conf_mount_ro(); } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 0e725c9..422ae77 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -99,6 +99,13 @@ function system_resolvconf_generate($dynupdate = false) { if (isset($syscfg['dnsallowoverride'])) { /* get dynamically assigned DNS servers (if any) */ + $ns = array_unique(get_searchdomains()); + foreach($ns as $searchserver) { + if($searchserver) { + $resolvconf .= "search {$searchserver}\n"; + $havedns = true; + } + } $ns = array_unique(get_nameservers()); foreach($ns as $nameserver) { if($nameserver) { @@ -146,6 +153,23 @@ function system_resolvconf_generate($dynupdate = false) { return 0; } +function get_searchdomains() { + global $config, $g; + + $master_list = array(); + + // Read in dhclient nameservers + $search_list = split("\n", `/bin/cat /var/etc/searchdomain_* 2>/dev/null`); + if (is_array($search_lists)) { + foreach($search_lists as $dns) { + if(is_hostname($dns)) + $master_list[] = $dns; + } + } + + return $master_list; +} + function get_nameservers() { global $config, $g; $master_list = array(); @@ -359,6 +383,8 @@ function system_routing_configure($interface = "") { if (isset($gateways_arr[$rtent['gateway']])) { $gatewayip = $gateways_arr[$rtent['gateway']]['gateway']; $interfacegw = $gateways_arr[$rtent['gateway']]['interface']; + if ($interface == $gateways_arr[$rtent['gateway']]['friendlyiface']) + continue; } else if (is_ipaddr($rtent['gateway'])) { $gatewayip = $rtent['gateway']; } else { diff --git a/etc/inc/util.inc b/etc/inc/util.inc index a1a8762..a46fae3 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -140,13 +140,19 @@ function unlock($cfglckkey = 0) { function send_event($cmd) { global $g; - $fd = fsockopen($g['event_address']); - if ($fd) { - fwrite($fd, $cmd); - $resp = fread($fd, 4096); - if ($resp != "OK\n") - log_error("send_event: sent {$cmd} got {$resp}"); - fclose($fd); + $try = 0; + while ($try < 3) { + $fd = @fsockopen($g['event_address']); + if ($fd) { + fwrite($fd, $cmd); + $resp = fread($fd, 4096); + if ($resp != "OK\n") + log_error("send_event: sent {$cmd} got {$resp}"); + fclose($fd); + $try = 3; + } else + mwexec_bg("/usr/bin/nice -n20 /usr/local/sbin/check_reload_status"); + $try++; } } @@ -1043,7 +1049,7 @@ function safe_mkdir($path, $mode=0755) { global $g; if (!is_file($path) && !is_dir($path)) { - return @mkdir($path, $mode); + return @mkdir($path, $mode, true); } else { return false; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d3ec496..c5802fc 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -86,10 +86,7 @@ function vpn_ipsec_configure($ipchg = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - if(isset($config['ipsec']['preferoldsa'])) - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); - else - mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); + vpn_ipsec_configure_preferoldsa(); $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -159,7 +156,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = "{$rg} = value"; + $dnswatch_list[] = "{$rg}=value"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) @@ -1711,4 +1708,11 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { return true; } +function vpn_ipsec_configure_preferoldsa() { + global $config; + if(isset($config['ipsec']['preferoldsa'])) + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); + else + mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); +} ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 5efa4d7..6f7a53f 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -284,10 +284,6 @@ function post_cvssync_commands() { echo "===> Upgrading configuration (if needed)...\n"; convert_config(); - echo "===> Restarting check_reload_status...\n"; - exec("killall check_reload_status"); - mwexec_bg("nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status"); - echo "===> Configuring filter..."; exec("/etc/rc.filter_configure_sync"); exec("pfctl -f /tmp/rules.debug"); @@ -308,7 +304,7 @@ function post_cvssync_commands() { fwrite($fd, "#!/bin/sh\n"); fwrite($fd, "sleep 5\n"); fwrite($fd, "killall php\n"); - fwrite($fd, "touch /tmp/restart_webgui\n"); + fwrite($fd, "/usr/local/sbin/pfSctl -c 'service restart webgui'\n"); fclose($fd); mwexec_bg("sh /tmp/restart_lighty"); echo "\n"; @@ -4,7 +4,7 @@ # /etc/rc - master bootup script, invokes php setup # part of pfSense by Scott Ullrich -# Copyright (C) 2004 Scott Ullrich, All rights reserved. +# Copyright (C) 2004-2010 Scott Ullrich, All rights reserved. # originally based on m0n0wall (http://neon1.net/m0n0wall) # Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. # All rights reserved. @@ -328,12 +328,19 @@ fi echo "done." +# Ensure gettytab is of a sane size +if [ `/bin/ls -la /etc/gettytab | /usr/bin/awk '{ print $5'}` -lt 512 ]; then + echo ">>> Restoring /etc/gettytab due to unusal size" + echo ">>> Restoring /etc/gettytab due to unusal size" | /usr/bin/logger + cp /etc/gettytab.bak /etc/gettytab +fi + # Recreate capabilities DB cap_mkdb /etc/login.conf # Run the php.ini setup file and populate # /usr/local/etc/php.ini and /usr/local/lib/php.ini -. /etc/rc.php_ini_setup +/etc/rc.php_ini_setup nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status diff --git a/etc/rc.bootup b/etc/rc.bootup index 3e5647b..d6574ee 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -263,7 +263,7 @@ echo "done.\n"; if($avail > 0 and $avail < 65) { echo "System has less than 65 megabytes of ram {$avail}. Delaying webConfigurator startup.\n"; /* start webConfigurator up on final pass */ - touch("/tmp/restart_webgui"); + mwexec("/usr/local/sbin/pfSctl -c 'service restart webgui'"); } else { /* start web server */ system_webgui_start(); diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index b8ab26a..5182f30 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -134,7 +134,9 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $vipcnt = count($config_copy['virtualip']['vip']); for ($x = 0; $x < $vipcnt; $x++) { $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); - if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") + if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or + $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp" or + $config_copy['virtualip']['vip'][$x]['mode'] == "ipalias") unset ($config_copy['virtualip']['vip'][$x]); } } @@ -322,4 +324,4 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } -?>
\ No newline at end of file +?> diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 57c48bd..9d3d484 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -63,7 +63,7 @@ log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) ( if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); - interface_configure($interface); + send_event("interface reconfigure {$interface}"); exit; } @@ -81,6 +81,9 @@ file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); if (is_ipaddr($oldip) && $curwanip == $oldip) exit; +/* reconfigure static routes (kernel may have deleted them) */ +system_routing_configure($interface); + /* reconfigure our gateway monitor */ setup_gateways_monitor(); |