diff options
Diffstat (limited to 'etc')
70 files changed, 134 insertions, 172 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 435933c..ad98c5c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -577,7 +577,7 @@ function local_user_del($user) { local_group_del_user($user); } -function local_user_set_password(& $user, $password) { +function local_user_set_password(&$user, $password) { $user['password'] = crypt($password); $user['md5-hash'] = md5($password); @@ -590,8 +590,6 @@ function local_user_set_password(& $user, $password) { $ustr.= sprintf("%X", $a); } - // Generate the NT-HASH from the unicode string - $user['nt-hash'] = bin2hex(hash("md4", $ustr)); } function local_user_get_groups($user, $all = false) { @@ -1365,6 +1363,24 @@ function radius_backed($username, $passwd, $authcfg, &$attributes = array()) { return $ret; } +/* + $attributes must contain a "class" key containing the groups and local + groups must exist to match. +*/ +function radius_get_groups($attributes) { + $groups = array(); + if (!empty($attributes) && is_array($attributes) && !empty($attributes['class'])) { + $groups = explode(";", $attributes['class']); + foreach ($groups as & $grp) { + $grp = trim($grp); + if (strtolower(substr($grp, 0, 3)) == "ou=") { + $grp = substr($grp, 3); + } + } + } + return $groups; +} + function get_user_expiration_date($username) { $user = getUserEntry($username); if ($user['expires']) { @@ -1423,7 +1439,7 @@ function auth_get_authserver_list() { return $list; } -function getUserGroups($username, $authcfg) { +function getUserGroups($username, $authcfg, &$attributes = array()) { global $config; $allowed_groups = array(); @@ -1433,6 +1449,7 @@ function getUserGroups($username, $authcfg) { $allowed_groups = @ldap_get_groups($username, $authcfg); break; case 'radius': + $allowed_groups = @radius_get_groups($attributes); break; default: $user = getUserEntry($username); @@ -1504,14 +1521,16 @@ function session_auth() { } /* Validate incoming login request */ + $attributes = array(); if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || + if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg, $attributes) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { // Generate a new id to avoid session fixation session_regenerate_id(); $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; + $_SESSION['user_radius_attributes'] = $attributes; $_SESSION['last_access'] = time(); $_SESSION['protocol'] = $config['system']['webgui']['protocol']; if (!isset($config['system']['webgui']['quietlogin'])) { diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 3126794..721be47 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -54,7 +54,7 @@ if (!session_auth()) { * We give them access only to the appropriate pages based on * the user or group privileges. */ -$allowedpages = getAllowedPages($_SESSION['Username']); +$allowedpages = getAllowedPages($_SESSION['Username'], $_SESSION['user_radius_attributes']); /* * redirect to first allowed page if requesting a wrong url diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php index 8e8386d..2589598 100755 --- a/etc/inc/ipsec.auth-user.php +++ b/etc/inc/ipsec.auth-user.php @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* ipsec.auth-user.php diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index d017c61..e108a4f 100644 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/inc/openvpn.tls-verify.php b/etc/inc/openvpn.tls-verify.php index 023ec19..9e21342 100644 --- a/etc/inc/openvpn.tls-verify.php +++ b/etc/inc/openvpn.tls-verify.php @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 5f8e0dc..2cedc52 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -32,7 +32,7 @@ */ /* - pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/pfctl /usr/local/bin/php /usr/bin/netstat + pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/pfctl /usr/local/bin/php-cgi /usr/bin/netstat pfSense_BUILDER_BINARIES: /bin/df /usr/bin/grep /usr/bin/awk /bin/rm /usr/sbin/pwd_mkdb /usr/bin/host pfSense_BUILDER_BINARIES: /sbin/kldload pfSense_MODULE: utils @@ -676,7 +676,7 @@ if (!function_exists('php_check_syntax')) { fwrite($fout, $code_to_check); fwrite($fout, "\n\n?>\n"); fclose($fout); - $command = "/usr/local/bin/php -l {$g['tmp_path']}/codetocheck.php"; + $command = "/usr/local/bin/php-cgi -l {$g['tmp_path']}/codetocheck.php"; $output = exec_command($command); if (stristr($output, "Errors parsing") == false) { echo "false\n"; @@ -695,7 +695,7 @@ if (!function_exists('php_check_syntax')) { if (!function_exists('php_check_syntax')) { function php_check_syntax($code_to_check, &$errormessage) { return false; - $command = "/usr/local/bin/php -l " . escapeshellarg($code_to_check); + $command = "/usr/local/bin/php-cgi -l " . escapeshellarg($code_to_check); $output = exec_command($command); if (stristr($output, "Errors parsing") == false) { echo "false\n"; diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index 7549844..851643b 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -278,7 +278,7 @@ function getPrivPages(& $entry, & $allowed_pages) { } } -function getAllowedPages($username) { +function getAllowedPages($username, &$attributes = array()) { global $config, $_SESSION; if (!function_exists("ldap_connect")) { @@ -292,6 +292,8 @@ function getAllowedPages($username) { // obtain ldap groups if we are in ldap mode if ($authcfg['type'] == "ldap") { $allowed_groups = @ldap_get_groups($username, $authcfg); + } elseif ($authcfg['type'] == "radius") { + $allowed_groups = @radius_get_groups($attributes); } if (!$allowed_groups) { // search for a local user by name diff --git a/etc/inc/radius.inc b/etc/inc/radius.inc index 709607f..ac610bd 100644 --- a/etc/inc/radius.inc +++ b/etc/inc/radius.inc @@ -484,7 +484,7 @@ class Auth_RADIUS extends PEAR { break; case RADIUS_CLASS: - $this->attributes['class'] = radius_cvt_int($data); + $this->attributes['class'] = radius_cvt_string($data); break; case RADIUS_FRAMED_PROTOCOL: diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index b15f8eb..86148d6 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -236,7 +236,7 @@ function enable_rrd_graphing() { $tar = "/usr/bin/tar"; $pfctl = "/sbin/pfctl"; $sysctl = "/sbin/sysctl"; - $php = "/usr/local/bin/php"; + $php = "/usr/local/bin/php-cgi"; $cpustats = "/usr/local/sbin/cpustats"; $spamd_gather = "/usr/local/bin/spamd_gather_stats.php"; $ifconfig = "/sbin/ifconfig"; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 2ef0144..333261d 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1491,7 +1491,7 @@ EOD; if (count($dhcpdv6ifs) > 0) { mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf {$g['varrun_path']}/dhcpdv6.pid " . join(" ", $dhcpdv6ifs)); - mwexec("/usr/local/sbin/dhcpleases6 -c \"/usr/local/bin/php -f /usr/local/sbin/prefixes.php|/bin/sh\" -l {$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"); + mwexec("/usr/local/sbin/dhcpleases6 -c \"/usr/local/bin/php-cgi -f /usr/local/sbin/prefixes.php|/bin/sh\" -l {$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases"); } if (platform_booting()) { print gettext("done.") . "\n"; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index d7c6226..41e798e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1232,7 +1232,7 @@ fastcgi.server = ( ".php" => "PHP_FCGI_CHILDREN" => "{$max_php_children}", "PHP_FCGI_MAX_REQUESTS" => "500" ), - "bin-path" => "/usr/local/bin/php" + "bin-path" => "/usr/local/bin/php-cgi" ) ) ) diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index bf18fcb..7075fa6 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -392,6 +392,9 @@ function voucher_auth($voucher_received, $test = 0) { foreach ($a_vouchers_received as $voucher) { $v = escapeshellarg($voucher); if (strlen($voucher) < 3) { + $test_result[] = "{$voucher} invalid: Too short!"; + captiveportal_syslog("{$voucher} invalid: Too short!"); + $error++; continue; // seems too short to be a voucher! } diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index e90e65c..cae1bcf 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -77,6 +77,7 @@ /etc/rc.d/pcvt /etc/rc.d/ramdisk /etc/rc.d/ramdisk-own +/etc/rc.d/rootmfs /etc/rc.d/rwho /etc/rc.d/sendmail /etc/rc.d/swap1 @@ -93,10 +94,7 @@ /etc/usbd.conf /etc/version_base /etc/version_kernel -/kernels/kernel_Dev.gz -/kernels/kernel_uniprocessor.gz -/kernels/kernel_wrap.gz -/kernels/kernel_wrap_Dev.gz +/kernels /lib/libalias.so.5 /lib/libalias.so.6 /lib/libbegemot.so.2 diff --git a/etc/phpshellsessions/enableallowallwan b/etc/phpshellsessions/enableallowallwan index 94c0b7b..5ce4f0f 100644 --- a/etc/phpshellsessions/enableallowallwan +++ b/etc/phpshellsessions/enableallowallwan @@ -24,6 +24,8 @@ $filterent["descr"] = "Allow all ipv6 via pfSsh.php"; $config["filter"]["rule"][] = $filterent; echo "Turning off block private networks (if on)...\n"; unset($config["interfaces"]["wan"]["blockpriv"]); +echo "Turning off block bogon networks (if on)...\n"; +unset($config["interfaces"]["wan"]["blockbogons"]); unlink_if_exists("/tmp/config.cache"); write_config("pfSsh.php added allow all wan rule"); unlink_if_exists("/tmp/config.cache"); diff --git a/etc/rc.banner b/etc/rc.banner index 183e542..5e64dae 100755 --- a/etc/rc.banner +++ b/etc/rc.banner @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ diff --git a/etc/rc.bootup b/etc/rc.bootup index d49adee..d27f795 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.bootup diff --git a/etc/rc.captiveportal_configure b/etc/rc.captiveportal_configure index c20dbdd..45c26bf 100755 --- a/etc/rc.captiveportal_configure +++ b/etc/rc.captiveportal_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.captiveportal_configure_mac b/etc/rc.captiveportal_configure_mac index 2006f27..b0daf68 100755 --- a/etc/rc.captiveportal_configure_mac +++ b/etc/rc.captiveportal_configure_mac @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.captiveportal_configure_mac diff --git a/etc/rc.carpbackup b/etc/rc.carpbackup index 4110faa..6961bc8 100755 --- a/etc/rc.carpbackup +++ b/etc/rc.carpbackup @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.carpmaster b/etc/rc.carpmaster index cde290d..022fe8f 100755 --- a/etc/rc.carpmaster +++ b/etc/rc.carpmaster @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.conf_mount_ro b/etc/rc.conf_mount_ro index f1d95c4..6beb5e8 100755 --- a/etc/rc.conf_mount_ro +++ b/etc/rc.conf_mount_ro @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.conf_mount_rw b/etc/rc.conf_mount_rw index b333f37..b153e36 100755 --- a/etc/rc.conf_mount_rw +++ b/etc/rc.conf_mount_rw @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.d/rootmfs b/etc/rc.d/rootmfs deleted file mode 100755 index 23534dc..0000000 --- a/etc/rc.d/rootmfs +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2005 Dario Freni -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# $Id: rootmfs.rc,v 1.1.1.1 2008/03/25 19:58:16 sullrich Exp $ -# - -# PROVIDE: rootmfs -# REQUIRE: mountcritlocal -# BEFORE: var - -. /etc/rc.subr - -name="rootmfs" -kenvrootsize=`kenv -q freesbie.rootsize` -rootsize=${kenvrootsize:-"20m"} - -load_rc_config $name - -tempdir=/tmp - -echo "Generating MFS /root partition" - -device=$(mdconfig -a -t malloc -o compress -s ${rootsize}) -bsdlabel -w ${device} auto -newfs -n -m 2 /dev/${device} > /dev/null 2>&1 -mount -o noatime /dev/${device} ${tempdir} - -back=$PWD - -cd /root -find . -print -depth | cpio -dump --quiet ${tempdir} - -cd $back - -mtree -PUer -q -p ${tempdir} < /etc/mtree/root.dist > /dev/null 2>&1 - -umount ${tempdir} -mount -o noatime /dev/${device} /root diff --git a/etc/rc.dhclient_cron b/etc/rc.dhclient_cron index f091a50..a38932d 100755 --- a/etc/rc.dhclient_cron +++ b/etc/rc.dhclient_cron @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.dyndns.update b/etc/rc.dyndns.update index 717d71a..543b5a0 100755 --- a/etc/rc.dyndns.update +++ b/etc/rc.dyndns.update @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.expireaccounts b/etc/rc.expireaccounts index 7aa897d..3befa17 100755 --- a/etc/rc.expireaccounts +++ b/etc/rc.expireaccounts @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.filter_configure b/etc/rc.filter_configure index 4fb1a45..2c996e9 100755 --- a/etc/rc.filter_configure +++ b/etc/rc.filter_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* @@ -40,4 +40,4 @@ get_interface_arr(true); unlink_if_exists("/tmp/config.cache"); filter_configure(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.filter_configure_sync b/etc/rc.filter_configure_sync index b0d60d9..86ab309 100755 --- a/etc/rc.filter_configure_sync +++ b/etc/rc.filter_configure_sync @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.filter_configure_xmlrpc b/etc/rc.filter_configure_xmlrpc index 5dfe11e..584cc9c 100755 --- a/etc/rc.filter_configure_xmlrpc +++ b/etc/rc.filter_configure_xmlrpc @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.filter_configure_xmlrpc diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 85befde..f31fa34 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.filter_synchronize diff --git a/etc/rc.firmware b/etc/rc.firmware index 5d140fe..e8d549f 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -23,7 +23,7 @@ if [ $# -eq 3 ]; then fi file_notice() { - /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF + /usr/local/bin/php-cgi -q -d auto_prepend_file=config.inc <<ENDOFF <?php require_once("globals.inc"); require_once("functions.inc"); @@ -253,12 +253,12 @@ pfSenseNanoBSDupgrade) cp /boot/loader.conf.local /tmp/$GLABEL_SLICE/boot/loader.conf.local fi - # If /tmp/$GLABEL_SLICE/tmp/post_upgrade_command exists + # If /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command exists # after update then execute the command. echo "Checking for post_upgrade_command..." >> /conf/upgrade_log.txt - if [ -f /tmp/$GLABEL_SLICE/tmp/post_upgrade_command ]; then + if [ -f /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command ]; then echo "Found post_upgrade_command, executing ($GLABEL_SLICE)..." >> /conf/upgrade_log.txt - sh /tmp/$GLABEL_SLICE/tmp/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1 + sh /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1 fi # Update fstab @@ -371,10 +371,10 @@ pfSenseupgrade) remove_chflags # Do we have a pre-upgrade hook in the update file? - if [ `tar tvzf $IMG | grep /tmp/pre_upgrade_command | wc -l` -gt 0 ]; then - tar xzvf $IMG -C / ./tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 - chmod a+rx /tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 - sh /tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 + if [ `tar tvzf $IMG | grep /usr/local/share/pfSense/pre_upgrade_command | wc -l` -gt 0 ]; then + tar xzvf $IMG -C / ./usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 + chmod a+rx /usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 + sh /usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 fi echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 @@ -431,13 +431,13 @@ pfSenseupgrade) # Remove saved commit ID for gitsync rm -f /etc/version.gitsync - # If /tmp/post_upgrade_command exists after update + # If /usr/local/share/pfSense/post_upgrade_command exists after update # then execute the command. - if [ -f /tmp/post_upgrade_command ]; then - if [ ! -x /tmp/post_upgrade_command ]; then - chmod ug+x /tmp/post_upgrade_command + if [ -f /usr/local/share/pfSense/post_upgrade_command ]; then + if [ ! -x /usr/local/share/pfSense/post_upgrade_command ]; then + chmod ug+x /usr/local/share/pfSense/post_upgrade_command fi - /tmp/post_upgrade_command >> /conf/upgrade_log.txt 2>&1 + /usr/local/share/pfSense/post_upgrade_command >> /conf/upgrade_log.txt 2>&1 fi # remove unused files diff --git a/etc/rc.firmware_auto b/etc/rc.firmware_auto index 45153a3..5b355df 100755 --- a/etc/rc.firmware_auto +++ b/etc/rc.firmware_auto @@ -53,7 +53,7 @@ if [ "$DLHASH" = "$FILEHASH" ]; then echo "sha256 hashes match." | logger -p daemon.info -i -t AutoUpgrade echo "Beginning ${product} upgrade." | wall if [ "$PLATFORM" = "nanobsd" ]; then - /usr/local/bin/php /etc/rc.conf_mount_rw + /usr/local/bin/php-cgi /etc/rc.conf_mount_rw fi if [ -r "/tmp/custom.tgz" ]; then sh /etc/rc.firmware pfSenseupgrade /tmp/latest.tgz /tmp/custom.tgz diff --git a/etc/rc.initial.defaults b/etc/rc.initial.defaults index 6c7d13d..6901dae 100755 --- a/etc/rc.initial.defaults +++ b/etc/rc.initial.defaults @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 5e17924..2dff066 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php diff --git a/etc/rc.initial.halt b/etc/rc.initial.halt index 39c4086..9ff189b 100755 --- a/etc/rc.initial.halt +++ b/etc/rc.initial.halt @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.password b/etc/rc.initial.password index f694739..b5e01ed 100755 --- a/etc/rc.initial.password +++ b/etc/rc.initial.password @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.ping b/etc/rc.initial.ping index 32bd756..055d556 100755 --- a/etc/rc.initial.ping +++ b/etc/rc.initial.ping @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.reboot b/etc/rc.initial.reboot index fdc426e..38f9e3b 100755 --- a/etc/rc.initial.reboot +++ b/etc/rc.initial.reboot @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 893146a..e33a05a 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -q +#!/usr/local/bin/php-cgi -q <?php /* $Id$ */ /* diff --git a/etc/rc.initial.setports b/etc/rc.initial.setports index e85e323..147912f 100755 --- a/etc/rc.initial.setports +++ b/etc/rc.initial.setports @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* @@ -48,4 +48,4 @@ /* reload graphing functions */ enable_rrd_graphing(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.initial.store_config_to_removable_device b/etc/rc.initial.store_config_to_removable_device index ee1dda4..a40df6f 100755 --- a/etc/rc.initial.store_config_to_removable_device +++ b/etc/rc.initial.store_config_to_removable_device @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.initial.toggle_sshd b/etc/rc.initial.toggle_sshd index 997f3c1..695a6c1 100755 --- a/etc/rc.initial.toggle_sshd +++ b/etc/rc.initial.toggle_sshd @@ -1,4 +1,4 @@ -#! /usr/local/bin/php -f +#! /usr/local/bin/php-cgi -f <?php /* rc.initial.toggle_sshd diff --git a/etc/rc.interfaces_carp_configure b/etc/rc.interfaces_carp_configure index 050fbc8..33a0b38 100755 --- a/etc/rc.interfaces_carp_configure +++ b/etc/rc.interfaces_carp_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* @@ -36,4 +36,4 @@ require_once("shaper.inc"); interfaces_carp_configure(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.interfaces_lan_configure b/etc/rc.interfaces_lan_configure index ed41fba..2924cf9 100755 --- a/etc/rc.interfaces_lan_configure +++ b/etc/rc.interfaces_lan_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.interfaces_opt_configure b/etc/rc.interfaces_opt_configure index aaa27c6..c00877a 100755 --- a/etc/rc.interfaces_opt_configure +++ b/etc/rc.interfaces_opt_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.interfaces_wan_configure b/etc/rc.interfaces_wan_configure index 7e7eb7b..9b064d0 100755 --- a/etc/rc.interfaces_wan_configure +++ b/etc/rc.interfaces_wan_configure @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.kill_states b/etc/rc.kill_states index ca70729..715c860 100755 --- a/etc/rc.kill_states +++ b/etc/rc.kill_states @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.kill_states diff --git a/etc/rc.linkup b/etc/rc.linkup index ed7ea23..153cd49 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.linkup - devd hotplug actions diff --git a/etc/rc.nanobsd_switch_boot_slice b/etc/rc.nanobsd_switch_boot_slice index fa68a42..58dbcc6 100755 --- a/etc/rc.nanobsd_switch_boot_slice +++ b/etc/rc.nanobsd_switch_boot_slice @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -q +#!/usr/local/bin/php-cgi -q <?php require_once("globals.inc"); require_once("config.inc"); diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 27e02d5..7c5428a 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.newipsecdns diff --git a/etc/rc.newroutedns b/etc/rc.newroutedns index ba8ca32..de3a081 100755 --- a/etc/rc.newroutedns +++ b/etc/rc.newroutedns @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.newroutedns diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 6c6d617..01d211c 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.newwanip diff --git a/etc/rc.newwanipv6 b/etc/rc.newwanipv6 index 827fcaa..1030d96 100755 --- a/etc/rc.newwanipv6 +++ b/etc/rc.newwanipv6 @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.newwanipv6 diff --git a/etc/rc.notify_message b/etc/rc.notify_message index 87988d3..fec1949 100755 --- a/etc/rc.notify_message +++ b/etc/rc.notify_message @@ -1,4 +1,4 @@ -#!/usr/local/bin/php +#!/usr/local/bin/php-cgi <?php /* rc.notify_message diff --git a/etc/rc.ntpdate b/etc/rc.ntpdate index 4272acb..4bdc647 100755 --- a/etc/rc.ntpdate +++ b/etc/rc.ntpdate @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id: */ /* diff --git a/etc/rc.openvpn b/etc/rc.openvpn index e54d6d5..cda8067 100755 --- a/etc/rc.openvpn +++ b/etc/rc.openvpn @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.openvpn diff --git a/etc/rc.packages b/etc/rc.packages index 59fb5ca..cdca880 100755 --- a/etc/rc.packages +++ b/etc/rc.packages @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 76c6d75..0013b58 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -27,7 +27,7 @@ # Set our operating platform PLATFORM=`/bin/cat /etc/platform` -MIN_REALMEM_FOR_APC=512 +MIN_REALMEM_FOR_OPCACHE=512 if [ -d /usr/local/lib/php/20121212 ]; then EXTENSIONSDIR="/usr/local/lib/php/20121212/" @@ -55,28 +55,28 @@ REALMEM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/ export REALMEM export LOWMEM -if [ ${REALMEM} -lt $MIN_REALMEM_FOR_APC ]; then +if [ ${REALMEM} -lt $MIN_REALMEM_FOR_OPCACHE ]; then LOWMEM="TRUE" - echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected. Not enabling APC." - echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected. Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup + echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache" + echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache" | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup else - # Calculate APC SHM size according + # Calculate opcache memory size according # to detected memory values if [ "$AVAILMEM" -gt "135" ]; then - APCSHMEMSIZE="10M" + OPCACHEMEMSIZE="10" fi if [ "$AVAILMEM" -gt "256" ]; then - APCSHMEMSIZE="20M" + OPCACHEMEMSIZE="20" fi if [ "$AVAILMEM" -gt "384" ]; then - APCSHMEMSIZE="25M" + OPCACHEMEMSIZE="25" fi if [ "$AVAILMEM" -gt "512" ]; then - APCSHMEMSIZE="30M" + OPCACHEMEMSIZE="30" fi if [ "$AVAILMEM" -gt "784" ]; then - APCSHMEMSIZE="50M" + OPCACHEMEMSIZE="50" fi fi @@ -91,7 +91,7 @@ fi # be done automatically by the script below. PHPMODULES="standard" if [ "$LOWMEM" != "TRUE" ]; then - PHPMODULES="$PHPMODULES apc" + PHPMODULES="$PHPMODULES opcache" fi # Config read/write PHPMODULES="$PHPMODULES xml libxml dom" @@ -164,7 +164,7 @@ fi if [ -f /usr/local/lib/php.ini ]; then /bin/rm /usr/local/lib/php.ini fi -LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php-cgi -m | /usr/bin/grep -v "\["` # Fetch the timezone from the XML and set it here. We set it later too in the running scripts TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` @@ -274,10 +274,10 @@ if [ "$LOWMEM" != "TRUE" ]; then /bin/cat >>/usr/local/lib/php.ini <<EOF -; APC Settings -apc.enabled="1" -apc.enable_cli="0" -apc.shm_size="${APCSHMEMSIZE}" +; opcache Settings +opcache.enabled="1" +opcache.enable_cli="0" +opcache.memory_consumption="${OPCACHEMEMSIZE}" EOF fi @@ -386,7 +386,7 @@ for EXT in $PHPMODULES; do done # Check loaded modules and remove anything that did not load correctly -LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php-cgi -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\["` for EXT in $PHPMODULESLC; do SHOULDREMOVE="true" for LM in $LOADED_MODULES; do @@ -396,7 +396,7 @@ for EXT in $PHPMODULESLC; do done # Handle low memory situations if [ "$LOWMEM" = "TRUE" ]; then - if [ "$EXT" = "apc" ]; then + if [ "$EXT" = "opcache" ]; then SHOULDREMOVE="true" fi if [ "$EXT" = "xcache" ]; then diff --git a/etc/rc.prunecaptiveportal b/etc/rc.prunecaptiveportal index 7dff6a2..c4b760a 100755 --- a/etc/rc.prunecaptiveportal +++ b/etc/rc.prunecaptiveportal @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.reload_all b/etc/rc.reload_all index 6dcc55b..162553c 100755 --- a/etc/rc.reload_all +++ b/etc/rc.reload_all @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.reload_interfaces b/etc/rc.reload_interfaces index edf34a8..e34588f 100755 --- a/etc/rc.reload_interfaces +++ b/etc/rc.reload_interfaces @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.resolv_conf_generate b/etc/rc.resolv_conf_generate index 1ed9845..e37203b 100755 --- a/etc/rc.resolv_conf_generate +++ b/etc/rc.resolv_conf_generate @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* rc.resolv_conf_generate diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui index 8efcf9d..7a0bcd3 100755 --- a/etc/rc.restart_webgui +++ b/etc/rc.restart_webgui @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php diff --git a/etc/rc.restore_config_backup b/etc/rc.restore_config_backup index 295f427..b64e023 100755 --- a/etc/rc.restore_config_backup +++ b/etc/rc.restore_config_backup @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -q +#!/usr/local/bin/php-cgi -q <?php require_once('config.inc'); @@ -126,4 +126,4 @@ while (true) { fclose($fp); die; -?>
\ No newline at end of file +?> diff --git a/etc/rc.savevoucher b/etc/rc.savevoucher index 8f2d88d..22e592d 100755 --- a/etc/rc.savevoucher +++ b/etc/rc.savevoucher @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* part of m0n0wall (http://m0n0.ch/wall) diff --git a/etc/rc.start_packages b/etc/rc.start_packages index 66f4f63..3d8bbbc 100755 --- a/etc/rc.start_packages +++ b/etc/rc.start_packages @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.stop_packages b/etc/rc.stop_packages index b7a87f1..995248a 100755 --- a/etc/rc.stop_packages +++ b/etc/rc.stop_packages @@ -1,5 +1,5 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php require_once("pkg-utils.inc"); stop_packages(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.update_alias_url_data b/etc/rc.update_alias_url_data index bf4f48f..fd56b43 100755 --- a/etc/rc.update_alias_url_data +++ b/etc/rc.update_alias_url_data @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* $Id$ */ /* diff --git a/etc/rc.update_urltables b/etc/rc.update_urltables index 1c2913a..c4dfeb1 100755 --- a/etc/rc.update_urltables +++ b/etc/rc.update_urltables @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -q +#!/usr/local/bin/php-cgi -q <?php require_once("config.inc"); require_once("util.inc"); @@ -1,4 +1,4 @@ -#!/usr/local/bin/php -f +#!/usr/local/bin/php-cgi -f <?php /* sshd - Modified to work on disk based system |
