diff options
Diffstat (limited to 'src/etc/phpshellsessions')
-rw-r--r-- | src/etc/phpshellsessions/changepassword | 79 | ||||
-rw-r--r-- | src/etc/phpshellsessions/disablecarp | 17 | ||||
-rw-r--r-- | src/etc/phpshellsessions/disabledhcpd | 13 | ||||
-rw-r--r-- | src/etc/phpshellsessions/disablereferercheck | 11 | ||||
-rw-r--r-- | src/etc/phpshellsessions/enableallowallwan | 36 | ||||
-rw-r--r-- | src/etc/phpshellsessions/enablecarp | 23 | ||||
-rw-r--r-- | src/etc/phpshellsessions/enablesshd | 12 | ||||
-rw-r--r-- | src/etc/phpshellsessions/externalconfiglocator | 3 | ||||
-rw-r--r-- | src/etc/phpshellsessions/generateguicert | 8 | ||||
-rw-r--r-- | src/etc/phpshellsessions/gitsync | 434 | ||||
-rw-r--r-- | src/etc/phpshellsessions/installpkg | 36 | ||||
-rw-r--r-- | src/etc/phpshellsessions/listpkg | 16 | ||||
-rw-r--r-- | src/etc/phpshellsessions/removepkgconfig | 8 | ||||
-rw-r--r-- | src/etc/phpshellsessions/removeshaper | 25 | ||||
-rw-r--r-- | src/etc/phpshellsessions/restartdhcpd | 4 | ||||
-rw-r--r-- | src/etc/phpshellsessions/restartipsec | 7 | ||||
-rw-r--r-- | src/etc/phpshellsessions/svc | 99 | ||||
-rw-r--r-- | src/etc/phpshellsessions/uninstallpkg | 34 |
18 files changed, 865 insertions, 0 deletions
diff --git a/src/etc/phpshellsessions/changepassword b/src/etc/phpshellsessions/changepassword new file mode 100644 index 0000000..6243fb8 --- /dev/null +++ b/src/etc/phpshellsessions/changepassword @@ -0,0 +1,79 @@ +require_once("config.inc"); +require("auth.inc"); +require_once("functions.inc"); + +global $g, $config, $argv, $userindex; +$userindex = index_users(); + +$args = array_slice($argv, 3); + +$password = ""; +$confpassword = ""; +$username = ""; + +$fp = fopen('php://stdin', 'r'); + +// If the first parameter is empty, ask for username +if (empty($args[0])) { + echo gettext("Enter username: "); + $username = fgets($fp); +} else { + $username = $args[0]; +} +$username = trim($username); + +// If the user does not exist, bail +$user =& getUserEntry($username); +if ($user == NULL) { + printf(gettext("User '%s' does not exist.\n"), $username); + exit(-1); +} else { + printf(gettext("Changing password for '%s'.\n"), $username); +} + +// If the user does exist, prompt for password +while (empty($password)) { + echo gettext("New Password") . ": "; + exec('/bin/stty -echo'); + $password = trim(fgets($fp)); + exec('/bin/stty echo'); + echo "\n"; +} + +// Confirm password +while (empty($confpassword)) { + echo gettext("Confirm New Password") . ": "; + exec('/bin/stty -echo'); + $confpassword = trim(fgets($fp)); + exec('/bin/stty echo'); + echo "\n"; +} + +// Check if user is disabled +if (is_account_disabled($username)) { + echo gettext("Account is disabled, would you like to re-enable? [y|n]") . ": "; + if (strcasecmp(chop(fgets($fp)), "y") == 0) { + unset($user['disabled']); + } +} +// Check if user is expired +if (is_account_expired($username)) { + echo gettext("Account is expired, would you like to clear the expiration date? [y|n]") . ": "; + if (strcasecmp(chop(fgets($fp)), "y") == 0) { + unset($user['expires']); + } +} + +fclose($fp); + +// Compare password and confirm +if ($password == $confpassword) { + //Reset password + local_user_set_password($user, $password); + local_user_set($user); + write_config(sprintf(gettext("password changed for user '%s' from console."), $username)); + exit(0); +} else { + echo gettext("New and Confirm passwords did not match.") . "\n"; + exit(-1); +}
\ No newline at end of file diff --git a/src/etc/phpshellsessions/disablecarp b/src/etc/phpshellsessions/disablecarp new file mode 100644 index 0000000..1673269 --- /dev/null +++ b/src/etc/phpshellsessions/disablecarp @@ -0,0 +1,17 @@ +! echo "Disabling CARP..." +require_once("config.inc"); +require_once("interfaces.inc"); +require_once("util.inc"); + +set_single_sysctl("net.inet.carp.allow", "0"); +if (is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + switch ($vip['mode']) { + case "carp": + interface_vip_bring_down($vip); + sleep(1); + break; + } + } +} diff --git a/src/etc/phpshellsessions/disabledhcpd b/src/etc/phpshellsessions/disabledhcpd new file mode 100644 index 0000000..4dc029c --- /dev/null +++ b/src/etc/phpshellsessions/disabledhcpd @@ -0,0 +1,13 @@ +global $config; + +$config = parse_config(true); + +unset($config['dhcpd']); + +echo "Disabling DHCP Server on all interfaces..."; + +write_config("pfSsh.php disabled dhcp on all interfaces"); + +services_dhcpd_configure(); + +echo "done.\n";
\ No newline at end of file diff --git a/src/etc/phpshellsessions/disablereferercheck b/src/etc/phpshellsessions/disablereferercheck new file mode 100644 index 0000000..97d444a --- /dev/null +++ b/src/etc/phpshellsessions/disablereferercheck @@ -0,0 +1,11 @@ +global $config; + +$config = parse_config(true); + +$config['system']['webgui']['nohttpreferercheck'] = true; + +echo "Disabling HTTP referer check..."; + +write_config("PHP shell disabled HTTP referer check"); + +echo "done.\n"; diff --git a/src/etc/phpshellsessions/enableallowallwan b/src/etc/phpshellsessions/enableallowallwan new file mode 100644 index 0000000..5ce4f0f --- /dev/null +++ b/src/etc/phpshellsessions/enableallowallwan @@ -0,0 +1,36 @@ +global $config; +require_once("filter.inc"); +require("shaper.inc"); +$config = parse_config(true); +echo "Adding allow all rule...\n"; +$filterent = array(); +$filterent["type"] = "pass"; +$filterent["interface"] = "wan"; +$filterent["source"]["any"] = ""; +$filterent["destination"]["any"] = ""; +$filterent["statetype"] = "keep state"; +$filterent["os"] = ""; +$filterent["descr"] = "Allow all ipv4 via pfSsh.php"; +$config["filter"]["rule"][] = $filterent; +$filterent = array(); +$filterent["type"] = "pass"; +$filterent["ipprotocol"] = "inet6"; +$filterent["interface"] = "wan"; +$filterent["source"]["any"] = ""; +$filterent["destination"]["any"] = ""; +$filterent["statetype"] = "keep state"; +$filterent["os"] = ""; +$filterent["descr"] = "Allow all ipv6 via pfSsh.php"; +$config["filter"]["rule"][] = $filterent; +echo "Turning off block private networks (if on)...\n"; +unset($config["interfaces"]["wan"]["blockpriv"]); +echo "Turning off block bogon networks (if on)...\n"; +unset($config["interfaces"]["wan"]["blockbogons"]); +unlink_if_exists("/tmp/config.cache"); +write_config("pfSsh.php added allow all wan rule"); +unlink_if_exists("/tmp/config.cache"); +unset($config['interfaces']['wan']['blockbogons']); +$config = parse_config(true); +echo "Reloading the filter configuration..."; +filter_configure_sync(); +echo "\n\n";
\ No newline at end of file diff --git a/src/etc/phpshellsessions/enablecarp b/src/etc/phpshellsessions/enablecarp new file mode 100644 index 0000000..276f29a --- /dev/null +++ b/src/etc/phpshellsessions/enablecarp @@ -0,0 +1,23 @@ +! echo "Enabling CARP..." +require_once("config.inc"); +require_once("interfaces.inc"); +require_once("util.inc"); + +if (is_array($config['virtualip']['vip'])) { + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + switch ($vip['mode']) { + case "carp": + interface_carp_configure($vip); + sleep(1); + break; + case "ipalias": + if (strpos($vip['interface'], '_vip')) { + interface_ipalias_configure($vip); + } + break; + } + } +} +interfaces_sync_setup(); +set_single_sysctl("net.inet.carp.allow", "1"); diff --git a/src/etc/phpshellsessions/enablesshd b/src/etc/phpshellsessions/enablesshd new file mode 100644 index 0000000..0dc76de --- /dev/null +++ b/src/etc/phpshellsessions/enablesshd @@ -0,0 +1,12 @@ +global $config; +echo "Starting enablesshd..."; +require("config.inc"); +echo "."; +$config = parse_config(true); +echo "."; +$config['system']['enablesshd'] = true; +echo "."; +write_config("pfSsh.php enabled sshd"); +echo "\nEnabling SSHD, please wait..."; +send_event("service reload sshd"); +echo "\n\n"; diff --git a/src/etc/phpshellsessions/externalconfiglocator b/src/etc/phpshellsessions/externalconfiglocator new file mode 100644 index 0000000..84534b3 --- /dev/null +++ b/src/etc/phpshellsessions/externalconfiglocator @@ -0,0 +1,3 @@ + +include("/etc/ecl.php"); + diff --git a/src/etc/phpshellsessions/generateguicert b/src/etc/phpshellsessions/generateguicert new file mode 100644 index 0000000..925ab60 --- /dev/null +++ b/src/etc/phpshellsessions/generateguicert @@ -0,0 +1,8 @@ +require_once("system.inc"); + +echo gettext("Generating a new self-signed SSL certificate for the GUI..."); +$cert = system_webgui_create_certificate(); +echo gettext("Done.\n"); +echo gettext("Restarting webConfigurator..."); +send_event("service restart webgui"); +echo gettext("Done.\n");
\ No newline at end of file diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync new file mode 100644 index 0000000..aced804 --- /dev/null +++ b/src/etc/phpshellsessions/gitsync @@ -0,0 +1,434 @@ +/* cvs_sync + * Written by Scott Ullrich + * (C)2005-2007 Scott Ullrich + * (C)2010-2012 Erik Fonnesbeck + * Part of the pfSense project pfSsh.php subsystem + */ + +require_once("globals.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("rrd.inc"); +require_once("pfsense-utils.inc"); + +$GIT_PKG = "git"; // Either "git" or the full package URL +$GIT_BIN= "/usr/local/bin/git"; +$GIT_REPO = "git://github.com/pfsense/pfsense.git"; +$DEFAULT_BRANCH = "master"; +$CODIR = "/root/pfsense"; +$GITSYNC_MERGE = "/root/.gitsync_merge"; + +/* NOTE: Set branches here */ +$branches = array( + "master" => "2.2 development branch", + "RELENG_2_2" => "2.2.* release branch", + "RELENG_2_1" => "2.1.* release branch", + "RELENG_2_0" => "2.0.* release branch", + "RELENG_1_2" => "1.2.* release branch", + "build_commit" => "The commit originally used to build the image" +); + +global $g; +global $argv; +global $command_split; + +if (is_array($command_split)) { + $temp_args = array_slice($command_split, 2); +} else { + $temp_args = array_slice($argv, 3); +} + +$valid_args = array( + "--minimal" => "\tPerform a minimal copy of only the updated files.\n" . + "\tNot recommended if the system has files modified by any method other\n" . + "\tthan gitsync.\n", + "--help" => "\tDisplay this help list.\n" + ); +$args = array(); +$arg_count = 0; +while (!empty($temp_args)) { + $arg = array_shift($temp_args); + if ($arg[0] == '-') { + switch ($arg) { + case "--help": + echo "Usage: playback gitsync [options] [[repository] <branch>]\nOptions:\n"; + foreach($valid_args as $arg_name => $arg_desc) { + echo $arg_name . "\n" . $arg_desc; + } + exit; + case "--upgrading": + // Disables all interactive functions and neither PHP + // nor the web GUI will be killed or restarted. + $upgrading = true; + case (isset($valid_args[$arg])): + $args[$arg] = true; + break; + default: + echo "Invalid option: {$arg}\nUse --help for usage information.\n"; + exit; + } + } else { + $args[$arg_count++] = $arg; + } +} + +unlink_if_exists("/tmp/config.cache"); +conf_mount_rw(); + +if (!file_exists($GIT_BIN)) { + require_once("pkg-utils.inc"); + + echo "Cannot find git, installing...\n"; + if (!pkg_call('install -y -q git-lite')) { + echo "\nERROR: Unable to install git pkg.\n"; + return; + } +} + +# Remove mainline if exists (older) +if (is_dir("/root/pfsense/mainline")) { + exec("rm -rf /root/pfsense/mainline"); +} + +# Remove RELENG_1_2 if exists (older) +if (is_dir("/root/pfsense/RELENG_1_2")) { + exec("rm -rf /root/pfsense/RELENG_1_2"); +} + +# Remove HEAD if exists (older) +if (is_dir("/root/pfsense/HEAD")) { + exec("rm -rf /root/pfsense/HEAD"); +} + +if (file_exists("/root/cvssync_backup.tgz")) { + $backup_date = `ls -lah /root/cvssync_backup.tgz | awk '{ print $6,$7,$8 }'`; + $tmp = array("RESTORE" => "Restores prior CVSSync backup data performed at {$backup_date}"); + $branches = array_merge($branches, $tmp); +} + +if (is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} config remote.origin.url", $output_str, $ret); + if (is_array($output_str) && !empty($output_str[0])) { + $GIT_REPO = $output_str[0]; + } + unset($output_str); +} + +if (!$args[0] && !$upgrading) { + echo "\nCurrent repository is $GIT_REPO\n"; + echo "\nPlease select which branch you would like to sync against:\n\n"; + foreach ($branches as $branchname => $branchdesc) { + echo "{$branchname} \t {$branchdesc}\n"; + } + echo "\nOr alternatively you may enter a custom RCS branch URL (Git or HTTP).\n\n"; + $branch = readline("> "); + echo "\n"; +} else { + $branch = $args[0]; +} + +if ($args[1] == "NOBACKUP") { + $nobackup = true; +} else { + $nobackup = false; +} + +// If the repository has been fetched before, build a list of its branches. +if (is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} branch -r", $branch_list, $ret); + if ($ret == 0 && is_array($branch_list)) { + foreach ($branch_list as $branch_item) { + $branch_item = substr(strrchr($branch_item, "/"), 1); + if (!isset($branches[$branch_item])) { + $branches[$branch_item] = " "; + } + } + } +} + +$found = false; +foreach ($branches as $branchname => $branchdesc) { + if ($branchname == $branch) { + $found = true; + } +} +if (!$found) { + if (isURL($branch) && !$upgrading) { + if ($args[1]) { + $GIT_REPO = $branch; + $branch = $args[1]; + $found = true; + } else { + echo "\n"; + echo "NOTE: $branch was not found.\n\n"; + $command = readline("Is this a custom GIT URL? [y]? "); + if (strtolower($command) == "y" or $command == "") { + $GIT_REPO = $branch; + $command = readline("Checkout which branch [${DEFAULT_BRANCH}]? "); + if ($command == "") { + $branch = $DEFAULT_BRANCH; + } + if ($command) { + $branch = $command; + } + $found = true; + } + } + } + if (!$found) { + echo "\nNo valid branch found. Exiting.\n\n"; + conf_mount_ro(); + exit; + } +} + +$merge_repos = array(); +if (file_exists($GITSYNC_MERGE)) { + $gitsync_merges = file($GITSYNC_MERGE, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!empty($gitsync_merges) && is_array($gitsync_merges)) { + echo "\n===> Automatic merge list read from ${GITSYNC_MERGE}\n"; + foreach ($gitsync_merges as $merge_line_num => $merge_line) { + $merge_comments = explode("#", trim($merge_line)); + if (empty($merge_comments[0])) { + continue; + } + + $merge_line = explode(" ", trim($merge_comments[0])); + if (count($merge_line) != 2 || empty($merge_line[0]) || empty($merge_line[1])) { + echo "\nLine " . ($merge_line_num + 1) . " does not have the correct parameter count or has improper spacing.\n"; + echo "Expected parameters: repository_url branch\n"; + echo "Line read: " . implode(" ", $merge_line) . "\n\n"; + echo "Aborting automatic merge.\n\n"; + $merge_repos = array(); + break; + } + $merge_repos[] = array('repo' => $merge_line[0], 'branch' => $merge_line[1]); + } + } +} +if (!$args[0] && !$upgrading) { + do { + echo "\nAdd a custom RCS branch URL (Git or HTTP) to merge in or press enter if done.\n\n"; + $merge_repo = readline("> "); + if (!empty($merge_repo)) { + $merge_branch = readline("Merge which branch [${DEFAULT_BRANCH}]? "); + if ($merge_branch == "") { + $merge_repos[] = array('repo' => $merge_repo, 'branch' => $DEFAULT_BRANCH); + } else if ($merge_branch) { + $merge_repos[] = array('repo' => $merge_repo, 'branch' => $merge_branch); + } + } + } while (!empty($merge_repo)); +} + +if ($branch == "RESTORE" && $g['platform'] == "pfSense") { + if (!file_exists("/root/cvssync_backup.tgz")) { + echo "Sorry, we could not find a previous CVSSync backup file.\n"; + conf_mount_ro(); + exit(); + } + echo "===> Restoring previous CVSSync backup... Please wait...\n"; + exec("tar Uxpf /root/cvssync_backup.tgz -C /"); + post_cvssync_commands(); + conf_mount_ro(); + exit(); +} else { + $nobackup = true; // do not backup embedded, livecd +} + +if ($nobackup == false) { + echo "===> Backing up current pfSense information...\n"; + echo "===> Please wait... "; + exec("tar czPf /root/cvssync_backup.tgz --exclude /root --exclude /dev --exclude /tmp --exclude /var/run --exclude /var/empty /"); + $size = filesize("/root/cvssync_backup.tgz"); + echo "{$size} bytes.\n\n"; + sleep(5); +} + +echo "===> Checking out $branch\n"; + +// Git commands for resetting to the specified branch +if ($branch == "build_commit") { + $git_cmd = array( + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} branch " . escapeshellarg($branch) . " 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} checkout -f " . escapeshellarg($branch) . " 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} reset --hard " . escapeshellarg(trim(file_get_contents("/etc/version.lastcommit"))) + ); +} else { + $git_cmd = array( + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} branch " . escapeshellarg($branch) . " " . escapeshellarg("origin/{$branch}") . " 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} checkout -f " . escapeshellarg($branch) . " 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} reset --hard " . escapeshellarg("origin/{$branch}") + ); +} + +// Git 'er done! +if (is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { + echo "===> Fetching updates...\n"; + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} config remote.origin.url " . escapeshellarg($GIT_REPO)); + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} fetch"); + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} clean -f -f -x -d"); + run_cmds($git_cmd); +} else { + exec("mkdir -p $CODIR/pfSenseGITREPO"); + echo "Executing cd $CODIR/pfSenseGITREPO && {$GIT_BIN} clone $GIT_REPO pfSenseGITREPO\n"; + exec("cd $CODIR/pfSenseGITREPO && {$GIT_BIN} clone " . escapeshellarg($GIT_REPO) . " pfSenseGITREPO"); + if (is_dir("$CODIR/pfSenseGITREPO/pfSense")) { + exec("mv $CODIR/pfSenseGITREPO/pfSense $CODIR/pfSenseGITREPO/pfSenseGITREPO"); + } + if (is_dir("$CODIR/pfSenseGITREPO/mainline")) { + exec("mv $CODIR/pfSenseGITREPO/mainline $CODIR/pfSenseGITREPO/pfSenseGITREPO"); + } + run_cmds($git_cmd); +} + +foreach ($merge_repos as $merge_repo) { + echo "===> Merging branch {$merge_repo['branch']} from {$merge_repo['repo']}\n"; + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} pull " . escapeshellarg($merge_repo['repo']) . " " . escapeshellarg($merge_repo['branch']), $output_str, $ret); + unset($output_str); + if ($ret <> 0) { + echo "\nMerge failed. Aborting sync.\n\n"; + run_cmds($git_cmd); + conf_mount_ro(); + exit; + } +} + +if (isset($args["--minimal"])) { + if (file_exists("/etc/version.gitsync")) { + $old_revision = trim(file_get_contents("/etc/version.gitsync")); + } else if (file_exists("/etc/version.lastcommit")) { + $old_revision = trim(file_get_contents("/etc/version.lastcommit")); + } + $files_to_copy = strtr(shell_exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} diff --name-only " . escapeshellarg($old_revision)), "\n", " "); +} else { + $files_to_copy = '--exclude .git .'; +} + +// Save new commit ID for later minimal file copies +exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} rev-parse -q --verify HEAD > /etc/version.gitsync"); + +exec("mkdir -p /tmp/lighttpd/cache/compress/"); + +// Nuke CVS and pfSense tarballs +exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name CVS -exec rm -rf {} \; 2>/dev/null"); +exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name pfSense.tgz -exec rm {} \; 2>/dev/null"); + +// Remove files that we do not want to overwrite the system with +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/crontab 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/master.passwd 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/passwd 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/fstab 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/ttys 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/group 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/fstab 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/platform 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/boot/device.hints 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/boot/loader.conf 2>/dev/null"); +exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/boot/loader.rc 2>/dev/null"); +exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/conf*"); +exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/cf 2>/dev/null"); +exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/root/.shrc"); +exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/root/.tcshrc"); +exec("rm -f ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/syslog.conf 2>/dev/null"); + +echo "===> Installing new files...\n"; + +if ($g['platform'] == "pfSense") { + $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - {$files_to_copy} | (cd / ; tar -Uxpf -)"; +} else { + $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - {$files_to_copy} | (cd / ; tar -xpf -) 2>/dev/null"; +} + +if (!empty($files_to_copy)) { + exec($command); +} else { + echo "Already up-to-date.\n"; + $upgrading = true; +} + +// Reset the repository to restore the deleted files +exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} reset --hard >/dev/null 2>/dev/null"); + +// Remove obsolete files +$files_to_remove = file("/etc/pfSense.obsoletedfiles"); +foreach ($files_to_remove as $file_to_remove) { + if (file_exists($file_to_remove)) { + exec("/bin/rm -f $file_to_remove"); + } +} + +if (!$upgrading) { + post_cvssync_commands(); +} + +echo "===> Checkout complete.\n"; +echo "\n"; +if (!$upgrading) { + echo "Your system is now sync'd and PHP and Lighty will be restarted in 5 seconds.\n\n"; +} else { + echo "Your system is now sync'd.\n\n"; +} + +function post_cvssync_commands() { + echo "===> Removing FAST-CGI temporary files...\n"; + exec("find /tmp -name \"php-fastcgi.socket*\" -exec rm -rf {} \;"); + exec("find /tmp -name \"*.tmp\" -exec rm -rf {} \;"); + + exec("rm -rf /tmp/xcache/* 2>/dev/null"); + + echo "===> Upgrading configuration (if needed)...\n"; + convert_config(); + + echo "===> Configuring filter..."; + exec("/etc/rc.filter_configure_sync"); + exec("pfctl -f /tmp/rules.debug"); + echo "\n"; + + if (file_exists("/etc/rc.php_ini_setup")) { + echo "===> Running /etc/rc.php_ini_setup..."; + exec("/etc/rc.php_ini_setup"); + echo "\n"; + } + + /* lock down console if necessary */ + echo "===> Locking down the console if needed...\n"; + reload_ttys(); + + echo "===> Signaling PHP and Lighty restart..."; + $fd = fopen("/tmp/restart_lighty", "w"); + fwrite($fd, "#!/bin/sh\n"); + fwrite($fd, "sleep 5\n"); + fwrite($fd, "/usr/local/sbin/pfSctl -c 'service restart webgui'\n"); + if (file_exists("/var/etc/lighty-CaptivePortal.conf")) { + fwrite($fd, "/usr/local/sbin/lighttpd -f /var/etc/lighty-CaptivePortal.conf\n"); + } + fclose($fd); + mwexec_bg("sh /tmp/restart_lighty"); + echo "\n"; + +} + +function isUrl($url = "") { + if ($url) { + if (strstr($url, "rcs.pfsense.org") or + strstr($url, "mainline") or + strstr($url, ".git") or + strstr($url, "git://")) { + return true; + } + } + return false; +} + +function run_cmds($cmds) { + global $debug; + foreach ($cmds as $cmd) { + if ($debug) { + echo "Running $cmd"; + } + exec($cmd); + } +} + +conf_mount_ro(); diff --git a/src/etc/phpshellsessions/installpkg b/src/etc/phpshellsessions/installpkg new file mode 100644 index 0000000..1ac71bf --- /dev/null +++ b/src/etc/phpshellsessions/installpkg @@ -0,0 +1,36 @@ +require_once("config.inc"); +require_once("util.inc"); +require_once("pkg-utils.inc"); + +global $g, $config, $argv, $command_split; + +if (is_array($command_split)) { + $args = array_slice($command_split, 1); +} else { + $args = array_slice($argv, 2); +} + +$pkg_name = $args[0]; + +echo "Installing package \"{$pkg_name}\"...\n"; + +echo "Trying to fetch package info..."; +$pkg_info = get_pkg_info(); +if ($pkg_info) { + echo " Done.\n"; +} else { + echo "\n" . gettext(' >>> Unable to get pkg info.') . "\n"; + return; +} + +$static_output = ""; +$pkg_interface = "console"; + +if (empty($pkg_info[$pkg_name])) { + echo "\nPackage not found.\n"; + return; +} + +install_package($pkg_name); + +echo "\nDone.\n"; diff --git a/src/etc/phpshellsessions/listpkg b/src/etc/phpshellsessions/listpkg new file mode 100644 index 0000000..ed2c793 --- /dev/null +++ b/src/etc/phpshellsessions/listpkg @@ -0,0 +1,16 @@ +require_once("config.inc"); +require_once("util.inc"); + +global $g, $config; + +echo "Installed packages:\n"; + +foreach ($config['installedpackages']['package'] as $package) { + $name = str_pad("{$package['name']}-{$package['version']}", 30); + $descr = $package['descr']; + $line = "{$name} {$descr}"; + if (strlen($line) > 80) { + $line = substr($line, 0, 77) . "..."; + } + echo "{$line}\n"; +} diff --git a/src/etc/phpshellsessions/removepkgconfig b/src/etc/phpshellsessions/removepkgconfig new file mode 100644 index 0000000..ea365bf --- /dev/null +++ b/src/etc/phpshellsessions/removepkgconfig @@ -0,0 +1,8 @@ +global $config; +$config = parse_config(true); +unset($config['installedpackages']); +echo "Clearing package configuration information...\n"; +write_config("pfSsh.php cleared package configuration data."); +$config = parse_config(true); +echo "Removing startup files from /usr/local/etc/rc.d/...\n"; +exec("rm /usr/local/etc/rc.d/*"); diff --git a/src/etc/phpshellsessions/removeshaper b/src/etc/phpshellsessions/removeshaper new file mode 100644 index 0000000..298e618 --- /dev/null +++ b/src/etc/phpshellsessions/removeshaper @@ -0,0 +1,25 @@ +require("config.inc"); +require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); +require_once("rrd.inc"); + +/* Much of this borrowed from firewall_shaper.php */ + +echo gettext("Removing shaper settings...\n"); + +unset($config['shaper']['queue']); +unset($queue); +unset($altq); + +foreach ($config['filter']['rule'] as $key => $rule) { + if (isset($rule['wizard']) && $rule['wizard'] == "yes") { + unset($config['filter']['rule'][$key]); + } +} +if (write_config()) { + echo gettext("Shaper Successfully Removed.\n"); +} else { + echo gettext("Unable to write config.xml (Access Denied?)\n"); +} +filter_configure();
\ No newline at end of file diff --git a/src/etc/phpshellsessions/restartdhcpd b/src/etc/phpshellsessions/restartdhcpd new file mode 100644 index 0000000..e24c842 --- /dev/null +++ b/src/etc/phpshellsessions/restartdhcpd @@ -0,0 +1,4 @@ +! echo "Killing dhcp server..." +! killall dhcpd +! echo "Restarting dhcp server..." +services_dhcpd_configure(); diff --git a/src/etc/phpshellsessions/restartipsec b/src/etc/phpshellsessions/restartipsec new file mode 100644 index 0000000..ebbe9b3 --- /dev/null +++ b/src/etc/phpshellsessions/restartipsec @@ -0,0 +1,7 @@ +! echo "Restarting ipsec..." +require_once("config.inc"); +require_once("filter.inc"); +require_once("auth.inc"); +require_once("ipsec.inc"); +require_once("vpn.inc"); +vpn_ipsec_configure(true); diff --git a/src/etc/phpshellsessions/svc b/src/etc/phpshellsessions/svc new file mode 100644 index 0000000..ee1ab40 --- /dev/null +++ b/src/etc/phpshellsessions/svc @@ -0,0 +1,99 @@ +require_once("config.inc"); +require_once("util.inc"); +require_once("service-utils.inc"); + +function usage() { + echo "Usage: playback svc <action> <service name> [service-specific options]\n\n"; + echo "Examples:\n"; + echo "playback svc stop dhcpd\n"; + echo "playback svc restart openvpn client 2\n"; + echo "playback svc stop captiveportal zone1\n"; + echo "\n"; +} + +global $g, $config, $argv, $command_split; + +if (is_array($command_split)) { + $args = array_slice($command_split, 2); +} else { + $args = array_slice($argv, 3); +} + +if (empty($args[0])) { + usage(); +} + +$extras = array(); + +// start, stop, restart +$action = $args[0]; + +// dhcpd, openvpn, etc. +$svc_name = $args[1]; + +// Handle servive-specific options. +switch ($svc_name) { + case "openvpn": + if (in_array($args[2], array("server", "client"))) { + $extras['vpnmode'] = $args[2]; + } else { + echo "Invalid OpenVPN mode (server, client)\n"; + return; + } + if (is_numeric($args[3])) { + $extras['id'] = $args[3]; + } else { + echo "Invalid OpenVPN ID, must be numeric\n"; + return; + } + $vpnsvc = find_service_by_openvpn_vpnid($extras['id']); + if (empty($vpnsvc)) { + echo "No OpenVPN client or server found with that ID.\n"; + return; + } + break; + case "captiveportal": + if (is_validaliasname($args[2])) { + $extras['zone'] = $args[2]; + } else { + echo "Invalid Captive Portal Zone.\n"; + return; + } + $cpzone = find_service_by_cp_zone($extras['zone']); + if (empty($cpzone)) { + echo "No Captive Portal Zone found with that name.\n"; + return; + } + break; +} + +switch ($action) { + case "restart": + echo "Attempting to issue {$action} to {$svc_name} service...\n"; + $savemsg = service_control_restart($svc_name, $extras); + break; + case "start": + echo "Attempting to issue {$action} to {$svc_name} service...\n"; + $savemsg = service_control_start($svc_name, $extras); + break; + case "stop": + echo "Attempting to issue {$action} to {$svc_name} service...\n"; + $savemsg = service_control_stop($svc_name, $extras); + break; + case "status": + switch ($svc_name) { + case "openvpn": + $service = $vpnsvc; + break; + case "captiveportal": + $service = $cpzone; + break; + default: + $service = find_service_by_name($svc_name); + break; + } + $savemsg = get_service_status($service) ? "Service {$svc_name} is running." : "Service {$svc_name} is stopped."; + break; +} + +echo "\n{$savemsg}\n"; diff --git a/src/etc/phpshellsessions/uninstallpkg b/src/etc/phpshellsessions/uninstallpkg new file mode 100644 index 0000000..9030e56 --- /dev/null +++ b/src/etc/phpshellsessions/uninstallpkg @@ -0,0 +1,34 @@ +require_once("config.inc"); +require_once("util.inc"); +require_once("pkg-utils.inc"); + +global $g, $config, $argv, $command_split; + +if (is_array($command_split)) { + $args = array_slice($command_split, 1); +} else { + $args = array_slice($argv, 2); +} + +$pkg_name = $args[0]; +$pkg_info = array(); + +echo "Removing package \"{$pkg_name}\"...\n"; + +foreach ($config['installedpackages']['package'] as $package) { + if ($pkg_name == $package['name']) { + $pkg_info = $package; + } +} + +$static_output = ""; +$pkg_interface = "console"; + +if (empty($pkg_info)) { + echo "\nPackage not installed.\n"; + return; +} + +uninstall_package($pkg_name); + +echo "\nDone.\n"; |