Skip to content

O
OpnSense
Commit 7773bb31 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

src: varetc_path gone; now we're getting somewhere...

parent fffc9000
Hide whitespace changes
Inline Side-by-side
Showing with 79 additions and 84 deletions
src/etc/inc/captiveportal.inc
View file @ 7773bb31
......@@ -212,7 +212,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
else
$message = 0;
include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
include("/var/etc/captiveportal-{$cpzone}-logout.html");
} else {
// TODO: remove? should be handled by login page
......@@ -422,7 +422,7 @@ function captiveportal_configure_zone($cpcfg) {
$htmltext = get_default_captive_portal_html();
}
$fd = @fopen("{$g['varetc_path']}/captiveportal_{$cpzone}.html", "w");
$fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w");
if ($fd) {
// Special case handling. Convert so that we can pass this page
// through the PHP interpreter later without clobbering the vars.
......@@ -450,7 +450,7 @@ function captiveportal_configure_zone($cpcfg) {
$errtext = get_default_captive_portal_html();
}
$fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html", "w");
$fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w");
if ($fd) {
// Special case handling. Convert so that we can pass this page
// through the PHP interpreter later without clobbering the vars.
......@@ -510,7 +510,7 @@ document.location.href="<?=\$my_redirurl;?>";
EOD;
}
$fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html", "w");
$fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w");
if ($fd) {
fwrite($fd, $logouttext);
fclose($fd);
......@@ -553,9 +553,9 @@ EOD;
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
@unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
@unlink("/var/etc/captiveportal_{$cpzone}.html");
@unlink("/var/etc/captiveportal-{$cpzone}-error.html");
@unlink("/var/etc/captiveportal-{$cpzone}-logout.html");
captiveportal_radius_stop_all();
......@@ -637,7 +637,7 @@ function captiveportal_init_webgui_zone($cpcfg)
}
system_generate_lighty_config(
"{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf",
"/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf",
$crt,
$key,
$ca,
......@@ -658,7 +658,7 @@ function captiveportal_init_webgui_zone($cpcfg)
}
system_generate_lighty_config(
"{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf",
"/var/etc/lighty-{$cpzone}-CaptivePortal.conf",
"",
"",
"",
......@@ -672,12 +672,12 @@ function captiveportal_init_webgui_zone($cpcfg)
@unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid");
/* attempt to start lighttpd */
$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf");
$res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf");
/* fire up https instance */
if (isset($cpcfg['httpslogin'])) {
@unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
$res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf");
$res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf");
}
}
......@@ -1318,9 +1318,9 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
header("Location: {$redirurl}");
return;
} else if ($type == "login")
$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
$htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html");
else
$htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
$htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html");
$cpcfg = $config['captiveportal'][$cpzone];
......
src/etc/inc/globals.inc
View file @ 7773bb31
......@@ -37,7 +37,6 @@ $g = array(
"factory_shipped_password" => "opnsense",
"dhcpd_chroot_path" => "/var/dhcpd",
"unbound_chroot_path" => "/var/unbound",
"varetc_path" => "/var/etc",
"admin_group" => "admins",
"product_name" => "OPNsense",
"product_website" => "https://opnsense.org",
......
src/etc/inc/openvpn.auth-user.php
View file @ 7773bb31
......@@ -98,8 +98,8 @@ if (!$username || !$password) {
/* Replaced by a sed with propper variables used below(ldap parameters). */
//<template>
if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) {
putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca");
if (file_exists("/var/etc/openvpn/{$modeid}.ca")) {
putenv("LDAPTLS_CACERT=/var/etc/openvpn/{$modeid}.ca");
putenv("LDAPTLS_REQCERT=never");
}
......
src/etc/inc/openvpn.inc
View file @ 7773bb31
......@@ -367,10 +367,9 @@ function openvpn_add_custom(& $settings, & $conf) {
}
}
function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") {
global $g;
$fpath = $g['varetc_path']."/openvpn/{$mode_id}.{$directive}";
function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
{
$fpath = "/var/etc/openvpn/{$mode_id}.{$directive}";
openvpn_create_dirs();
file_put_contents($fpath, base64_decode($data));
//chown($fpath, 'nobody');
......@@ -530,7 +529,7 @@ function openvpn_reconfigure($mode, $settings)
// See ticket #1417
if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
$conf .= "server {$ip} {$mask}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
if(is_ipaddr($ipv6))
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
}
......@@ -557,7 +556,7 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "server {$ip} {$mask}\n";
if(is_ipaddr($ipv6))
$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else {
if ($settings['serverbridge_dhcp']) {
if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) {
......@@ -565,7 +564,7 @@ function openvpn_reconfigure($mode, $settings)
$biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface']));
if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) {
$conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n";
$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
$conf .= "client-config-dir /var/etc/openvpn-csc\n";
} else {
$conf .= "mode server\n";
}
......@@ -611,7 +610,7 @@ function openvpn_reconfigure($mode, $settings)
// The management port to listen on
// Use unix socket to overcome the problem on any type of server
$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
if ($settings['maxclients'])
......@@ -663,7 +662,7 @@ function openvpn_reconfigure($mode, $settings)
$conf .= "lport 0\n";
// Use unix socket to overcome the problem on any type of server
$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
// The remote server
$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
......@@ -691,7 +690,7 @@ function openvpn_reconfigure($mode, $settings)
}
if ($settings['auth_user'] && $settings['auth_pass']) {
$up_file = "{$g['varetc_path']}/openvpn/{$mode_id}.up";
$up_file = "/var/etc/openvpn/{$mode_id}.up";
$conf .= "auth-user-pass {$up_file}\n";
$userpass = "{$settings['auth_user']}\n";
$userpass .= "{$settings['auth_pass']}\n";
......@@ -701,10 +700,10 @@ function openvpn_reconfigure($mode, $settings)
if ($settings['proxy_addr']) {
$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
if ($settings['proxy_authtype'] != "none") {
$conf .= " {$g['varetc_path']}/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
$conf .= " /var/etc/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
$proxypas = "{$settings['proxy_user']}\n";
$proxypas .= "{$settings['proxy_passwd']}\n";
file_put_contents("{$g['varetc_path']}/openvpn/{$mode_id}.pas", $proxypas);
file_put_contents("/var/etc/openvpn/{$mode_id}.pas", $proxypas);
}
$conf .= " \n";
}
......@@ -787,18 +786,18 @@ function openvpn_reconfigure($mode, $settings)
openvpn_add_custom($settings, $conf);
openvpn_create_dirs();
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.conf";
$fpath = "/var/etc/openvpn/{$mode_id}.conf";
file_put_contents($fpath, $conf);
unset($conf);
$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
$fpath = "/var/etc/openvpn/{$mode_id}.interface";
file_put_contents($fpath, $interface);
//chown($fpath, 'nobody');
//chgrp($fpath, 'nobody');
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.interface", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.key", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.tls-auth", 0600);
@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.interface", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.key", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.tls-auth", 0600);
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
}
function openvpn_restart($mode, $settings)
......@@ -833,7 +832,7 @@ function openvpn_restart($mode, $settings)
}
/* start the new process */
$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
$fpath = "/var/etc/openvpn/{$mode_id}.conf";
openvpn_clear_route($mode, $settings);
mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
......@@ -870,7 +869,7 @@ function openvpn_delete($mode, & $settings)
mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
/* remove the configuration files */
@array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
}
function openvpn_cleanup_csc($common_name)
......@@ -878,10 +877,11 @@ function openvpn_cleanup_csc($common_name)
@unlink('/var/etc/openvpn-csc/' . basename($common_name));
}
function openvpn_resync_csc(& $settings) {
function openvpn_resync_csc(&$settings)
{
global $g, $config;
$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
$fpath = "/var/etc/openvpn-csc/{$settings['common_name']}";
if (isset($settings['disable'])) {
@unlink($fpath);
......@@ -1034,7 +1034,7 @@ function openvpn_get_active_servers($type="multipoint") {
$server['conns'] = array();
$server['vpnid'] = $settings['vpnid'];
$server['mgmt'] = "server{$server['vpnid']}";
$socket = "unix://{$g['varetc_path']}/openvpn/{$server['mgmt']}.sock";
$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
list($tn, $sm) = explode('/', $settings['tunnel_network']);
if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p"))
......@@ -1136,7 +1136,7 @@ function openvpn_get_active_clients() {
$client['vpnid'] = $settings['vpnid'];
$client['mgmt'] = "client{$client['vpnid']}";
$socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock";
$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
$client['status']="down";
$clients[] = openvpn_get_client_status($client, $socket);
......@@ -1255,7 +1255,7 @@ function openvpn_refresh_crls() {
if (!empty($settings['crlref'])) {
$crl = lookup_crl($settings['crlref']);
crl_update($crl);
$fpath = $g['varetc_path']."/openvpn/server{$settings['vpnid']}.crl-verify";
$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
file_put_contents($fpath, base64_decode($crl['text']));
@chmod($fpath, 0644);
}
......
src/etc/inc/service-utils.inc
View file @ 7773bb31
......@@ -34,7 +34,6 @@ require_once("vpn.inc");
require_once("vslb.inc");
require_once("gwlb.inc");
if (!function_exists('get_services')) {
function get_services() {
......@@ -386,7 +385,7 @@ if (!function_exists('service_control_start')) {
$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
if (($vpnmode == "server") || ($vpnmode == "client")) {
$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
if (file_exists($configfile))
openvpn_restart_by_vpnid($vpnmode, $id);
}
......@@ -530,7 +529,7 @@ if (!function_exists('service_control_restart')) {
$vpnmode = htmlspecialchars($extras['vpnmode']);
if ($vpnmode == "server" || $vpnmode == "client") {
$id = htmlspecialchars($extras['id']);
$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
if (file_exists($configfile))
openvpn_restart_by_vpnid($vpnmode, $id);
}
......
src/etc/inc/services.inc
View file @ 7773bb31
......@@ -304,7 +304,7 @@ function services_radvd_configure($blacklist = array())
}
/* write radvd.conf */
if (!@file_put_contents("{$g['varetc_path']}/radvd.conf", $radvdconf)) {
if (!@file_put_contents("/var/etc/radvd.conf", $radvdconf)) {
log_error("Error: cannot open radvd.conf in services_radvd_configure().\n");
if (file_exists("/var/run/booting"))
printf("Error: cannot open radvd.conf in services_radvd_configure().\n");
......@@ -1919,7 +1919,7 @@ function services_snmpd_configure()
echo gettext("Starting SNMP daemon... ");
/* generate snmpd.conf */
$fd = fopen("{$g['varetc_path']}/snmpd.conf", "w");
$fd = fopen("/var/etc/snmpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open snmpd.conf in services_snmpd_configure().%s"),"\n");
return 1;
......@@ -2092,7 +2092,7 @@ EOD;
}
/* run bsnmpd */
mwexec("/usr/sbin/bsnmpd -c {$g['varetc_path']}/snmpd.conf" .
mwexec("/usr/sbin/bsnmpd -c /var/etc/snmpd.conf" .
"{$bindlan} -p /var/run/snmpd.pid");
if (file_exists("/var/run/booting"))
......@@ -2143,7 +2143,7 @@ function services_dnsupdate_process($int = '', $updatehost = '', $forced = false
/* write private key file
this is dumb - public and private keys are the same for HMAC-MD5,
but nsupdate insists on having both */
$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.private", "w");
$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.private", "w");
$privkey = <<<EOD
Private-key-format: v1.2
Algorithm: 157 (HMAC)
......@@ -2165,7 +2165,7 @@ EOD;
$proto = 2;
}
$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.key", "w");
$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.key", "w");
fwrite($fd, "{$keyname} IN KEY {$flags} {$proto} 157 {$dnsupdate['keydata']}\n");
fclose($fd);
......@@ -2218,13 +2218,13 @@ EOD;
$upinst .= "\n"; /* mind that trailing newline! */
if ($need_update) {
@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
@file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
unset($upinst);
/* invoke nsupdate */
$cmd = "/usr/local/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
$cmd = "/usr/local/bin/nsupdate -k /var/etc/K{$i}{$keyname}+157+00000.key";
if (isset($dnsupdate['usetcp']))
$cmd .= " -v";
$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
$cmd .= " /var/etc/nsupdatecmds{$i}";
mwexec_bg($cmd);
unset($cmd);
}
......@@ -2380,5 +2380,3 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont
}
configure_cron();
}
?>
src/etc/inc/system.inc
View file @ 7773bb31
......@@ -549,13 +549,13 @@ function system_staticroutes_configure($interface = "", $update_dns = false) {
array_unique($filterdns_list);
foreach ($filterdns_list as $hostname)
$hostnames .= "cmd {$hostname} '/usr/local/opnsense/service/configd_ctl.py \"routedns reload\"'\n";
file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
file_put_contents("/var/etc/filterdns-route.hosts", $hostnames);
unset($hostnames);
if (isvalidpid('/var/run/filterdns-route.pid')) {
killbypid('/var/run/filterdns-route.pid', 'HUP');
} else {
mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c /var/etc/filterdns-route.hosts -d 1");
}
} else {
killbypid('/var/run/filterdns-route.pid');
......@@ -744,7 +744,7 @@ EOD;
EOD;
}
/* write syslog.conf */
if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
if (!@file_put_contents("/var/etc/syslog.conf", $syslogconf)) {
printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
unset($syslogconf);
return 1;
......@@ -771,7 +771,7 @@ EOD;
}
}
$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
$syslogd_extra = "-f /var/etc/syslog.conf {$sourceip}";
}
if (isvalidpid('/var/run/syslog.pid')) {
......@@ -845,7 +845,7 @@ function system_webgui_start()
}
/* generate lighttpd configuration */
system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
system_generate_lighty_config("/var/etc/lighty-webConfigurator.conf",
$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
"cert.pem", "ca.pem");
......@@ -858,7 +858,7 @@ function system_webgui_start()
mwexec('/usr/local/etc/rc.php_ini_setup');
/* attempt to start lighthttpd and return true if ok */
return !mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
return !mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf");
}
function system_generate_lighty_config(
......@@ -1088,9 +1088,9 @@ EOD;
$lighty_config .= "\n";
$lighty_config .= "## ssl configuration\n";
$lighty_config .= "ssl.engine = \"enable\"\n";
$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
if($ca <> "")
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
}
$lighty_config .= " }\n";
......@@ -1142,30 +1142,30 @@ EOD;
$ca = str_replace("\n\n", "\n", $ca);
if($cert <> "" and $key <> "") {
$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
$fd = fopen("/var/etc/{$cert_location}", "w");
if (!$fd) {
printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
return 1;
}
chmod("{$g['varetc_path']}/{$cert_location}", 0600);
chmod("/var/etc/{$cert_location}", 0600);
fwrite($fd, $cert);
fwrite($fd, "\n");
fwrite($fd, $key);
fclose($fd);
if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
$fd = fopen("/var/etc/{$ca_location}", "w");
if (!$fd) {
printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
return 1;
}
chmod("{$g['varetc_path']}/{$ca_location}", 0600);
chmod("/var/etc/{$ca_location}", 0600);
fwrite($fd, $ca);
fclose($fd);
}
$lighty_config .= "\n";
$lighty_config .= "## " . gettext("ssl configuration") . "\n";
$lighty_config .= "ssl.engine = \"enable\"\n";
$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
// Harden SSL a bit for PCI conformance testing
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
......@@ -1192,7 +1192,7 @@ EOD;
}
if(!(empty($ca) || (strlen(trim($ca)) == 0)))
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
}
// Add HTTP to HTTPS redirect
......
src/etc/inc/voucher.inc
View file @ 7773bb31
......@@ -60,7 +60,7 @@ function voucher_expire($voucher_received) {
continue; // seems too short to be a voucher!
unset($output);
$_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output);
$_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output);
list($status, $roll, $nr) = explode(" ", $output[0]);
if ($status == "OK") {
// check if we have this ticket on a registered roll for this ticket
......@@ -165,7 +165,7 @@ function voucher_auth($voucher_received, $test = 0) {
if (strlen($voucher) < 3)
continue; // seems too short to be a voucher!
$result = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v");
$result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v");
list($status, $roll, $nr) = explode(" ", $result);
if ($status == "OK") {
if (!$first_voucher) {
......@@ -303,7 +303,7 @@ function voucher_configure_zone($sync = false)
/* write public key used to verify vouchers */
$pubkey = base64_decode($config['voucher'][$cpzone]['publickey']);
$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.public", "w");
$fd = fopen("/var/etc/voucher_{$cpzone}.public", "w");
if (!$fd) {
captiveportal_syslog("Voucher error: cannot write voucher.public\n");
unlock($voucherlck);
......@@ -311,10 +311,10 @@ function voucher_configure_zone($sync = false)
}
fwrite($fd, $pubkey);
fclose($fd);
@chmod("{$g['varetc_path']}/voucher_{$cpzone}.public", 0600);
@chmod("/var/etc/voucher_{$cpzone}.public", 0600);
/* write config file used by voucher binary to decode vouchers */
$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.cfg", "w");
$fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w");
if (!$fd) {
captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n");
unlock($voucherlck);
......@@ -322,7 +322,7 @@ function voucher_configure_zone($sync = false)
}
fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n");
fclose($fd);
@chmod("{$g['varetc_path']}/voucher_{$cpzone}.cfg", 0600);
@chmod("/var/etc/voucher_{$cpzone}.cfg", 0600);
unlock($voucherlck);
if (!$sync) {
......
src/etc/inc/vslb.inc
View file @ 7773bb31
......@@ -183,8 +183,7 @@ function relayd_configure($kill_first=false) {
}
}
$fd = fopen("{$g['varetc_path']}/relayd.conf", "w");
$fd = fopen('/var/etc/relayd.conf', 'w');
$conf .= "log updates \n";
/* Global timeout, interval and prefork settings
......@@ -355,13 +354,13 @@ function relayd_configure($kill_first=false) {
if (is_process_running('relayd')) {
if (! empty($vs_a)) {
if ($kill_first) {
mwexec('pkill relayd');
killbyname('relayd');
/* Remove all active relayd anchors now that relayd is no longer running. */
cleanup_lb_anchor("*");
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
cleanup_lb_anchor('*');
mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
} else {
// it's running and there is a config, just reload
mwexec("/usr/local/sbin/relayctl reload");
mwexec('/usr/local/sbin/relayctl reload');
}
} else {
/*
......@@ -371,7 +370,7 @@ function relayd_configure($kill_first=false) {
* mwexec('/usr/local/sbin/relayctl stop');
* returns "command failed"
*/
mwexec('pkill relayd');
killbyname('relayd');
/* Remove all active relayd anchors now that relayd is no longer running. */
cleanup_lb_anchor("*");
}
......@@ -379,8 +378,8 @@ function relayd_configure($kill_first=false) {
if (! empty($vs_a)) {
// not running and there is a config, start it
/* Remove all active relayd anchors so it can start fresh. */
cleanup_lb_anchor("*");
mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
cleanup_lb_anchor('*');
mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023