src: varetc_path gone; now we're getting somewhere...

src/etc/inc/captiveportal.inc

@@ -212,7 +212,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
         else
             $message = 0;
 
-        include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
+        include("/var/etc/captiveportal-{$cpzone}-logout.html");
 
     } else {
         // TODO: remove? should be handled by login page
@@ -422,7 +422,7 @@ function captiveportal_configure_zone($cpcfg) {
             $htmltext = get_default_captive_portal_html();
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal_{$cpzone}.html", "w");
+        $fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w");
         if ($fd) {
             // Special case handling.  Convert so that we can pass this page
             // through the PHP interpreter later without clobbering the vars.
@@ -450,7 +450,7 @@ function captiveportal_configure_zone($cpcfg) {
             $errtext = get_default_captive_portal_html();
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html", "w");
+        $fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w");
         if ($fd) {
             // Special case handling.  Convert so that we can pass this page
             // through the PHP interpreter later without clobbering the vars.
@@ -510,7 +510,7 @@ document.location.href="<?=\$my_redirurl;?>";
 EOD;
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html", "w");
+        $fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w");
         if ($fd) {
             fwrite($fd, $logouttext);
             fclose($fd);
@@ -553,9 +553,9 @@ EOD;
         killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
         killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
         killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
-        @unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
-        @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
-        @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
+        @unlink("/var/etc/captiveportal_{$cpzone}.html");
+        @unlink("/var/etc/captiveportal-{$cpzone}-error.html");
+        @unlink("/var/etc/captiveportal-{$cpzone}-logout.html");
 
         captiveportal_radius_stop_all();
 
@@ -637,7 +637,7 @@ function captiveportal_init_webgui_zone($cpcfg)
         }
 
         system_generate_lighty_config(
-	    "{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf",
+	    "/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf",
             $crt,
             $key,
             $ca,
@@ -658,7 +658,7 @@ function captiveportal_init_webgui_zone($cpcfg)
     }
 
     system_generate_lighty_config(
-        "{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf",
+        "/var/etc/lighty-{$cpzone}-CaptivePortal.conf",
         "",
         "",
         "",
@@ -672,12 +672,12 @@ function captiveportal_init_webgui_zone($cpcfg)
 
     @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid");
     /* attempt to start lighttpd */
-    $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf");
+    $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf");
 
     /* fire up https instance */
     if (isset($cpcfg['httpslogin'])) {
         @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
-        $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf");
+        $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf");
     }
 }
 
@@ -1318,9 +1318,9 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
         header("Location: {$redirurl}");
         return;
     } else if ($type == "login")
-        $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
+        $htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html");
     else
-        $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
+        $htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html");
 
     $cpcfg = $config['captiveportal'][$cpzone];
 

src/etc/inc/globals.inc

@@ -37,7 +37,6 @@ $g = array(
 	"factory_shipped_password" => "opnsense",
 	"dhcpd_chroot_path" => "/var/dhcpd",
 	"unbound_chroot_path" => "/var/unbound",
-	"varetc_path" => "/var/etc",
 	"admin_group" => "admins",
 	"product_name" => "OPNsense",
 	"product_website" => "https://opnsense.org",

src/etc/inc/openvpn.auth-user.php

@@ -98,8 +98,8 @@ if (!$username || !$password) {
 /* Replaced by a sed with propper variables used below(ldap parameters). */
 //<template>
 
-if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) {
-	putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca");
+if (file_exists("/var/etc/openvpn/{$modeid}.ca")) {
+	putenv("LDAPTLS_CACERT=/var/etc/openvpn/{$modeid}.ca");
 	putenv("LDAPTLS_REQCERT=never");
 }
 

src/etc/inc/openvpn.inc

@@ -367,10 +367,9 @@ function openvpn_add_custom(& $settings, & $conf) {
 	}
 }
 
-function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") {
-	global $g;
-
-	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.{$directive}";
+function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
+{
+	$fpath = "/var/etc/openvpn/{$mode_id}.{$directive}";
 	openvpn_create_dirs();
 	file_put_contents($fpath, base64_decode($data));
 	//chown($fpath, 'nobody');
@@ -530,7 +529,7 @@ function openvpn_reconfigure($mode, $settings)
 				//  See ticket #1417
 				if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
 					$conf .= "server {$ip} {$mask}\n";
-					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+					$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 					if(is_ipaddr($ipv6))
 						$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
 				}
@@ -557,7 +556,7 @@ function openvpn_reconfigure($mode, $settings)
 					$conf .= "server {$ip} {$mask}\n";
 					if(is_ipaddr($ipv6))
 						$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
-					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+					$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 				} else {
 					if ($settings['serverbridge_dhcp']) {
 						if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) {
@@ -565,7 +564,7 @@ function openvpn_reconfigure($mode, $settings)
 							$biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface']));
 							if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) {
 								$conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n";
-								$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+								$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 							} else {
 								$conf .= "mode server\n";
 							}
@@ -611,7 +610,7 @@ function openvpn_reconfigure($mode, $settings)
 
 		// The management port to listen on
 		// Use unix socket to overcome the problem on any type of server
-		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+		$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
 		//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
 
 		if ($settings['maxclients'])
@@ -663,7 +662,7 @@ function openvpn_reconfigure($mode, $settings)
 			$conf .= "lport 0\n";
 
 		// Use unix socket to overcome the problem on any type of server
-		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+		$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
 
 		// The remote server
 		$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
@@ -691,7 +690,7 @@ function openvpn_reconfigure($mode, $settings)
 		}
 
 		if ($settings['auth_user'] && $settings['auth_pass']) {
-			$up_file = "{$g['varetc_path']}/openvpn/{$mode_id}.up";
+			$up_file = "/var/etc/openvpn/{$mode_id}.up";
 			$conf .= "auth-user-pass {$up_file}\n";
 			$userpass = "{$settings['auth_user']}\n";
 			$userpass .= "{$settings['auth_pass']}\n";
@@ -701,10 +700,10 @@ function openvpn_reconfigure($mode, $settings)
 		if ($settings['proxy_addr']) {
 			$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
 			if ($settings['proxy_authtype'] != "none") {
-				$conf .= " {$g['varetc_path']}/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
+				$conf .= " /var/etc/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
 				$proxypas = "{$settings['proxy_user']}\n";
 				$proxypas .= "{$settings['proxy_passwd']}\n";
-				file_put_contents("{$g['varetc_path']}/openvpn/{$mode_id}.pas", $proxypas);
+				file_put_contents("/var/etc/openvpn/{$mode_id}.pas", $proxypas);
 			}
 			$conf .= " \n";
 		}
@@ -787,18 +786,18 @@ function openvpn_reconfigure($mode, $settings)
 	openvpn_add_custom($settings, $conf);
 
 	openvpn_create_dirs();
-	$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.conf";
+	$fpath = "/var/etc/openvpn/{$mode_id}.conf";
 	file_put_contents($fpath, $conf);
 	unset($conf);
-	$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
+	$fpath = "/var/etc/openvpn/{$mode_id}.interface";
 	file_put_contents($fpath, $interface);
 	//chown($fpath, 'nobody');
 	//chgrp($fpath, 'nobody');
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.interface", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.key", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.tls-auth", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.interface", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.key", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.tls-auth", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
 }
 
 function openvpn_restart($mode, $settings)
@@ -833,7 +832,7 @@ function openvpn_restart($mode, $settings)
 	}
 
 	/* start the new process */
-	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
+	$fpath = "/var/etc/openvpn/{$mode_id}.conf";
 	openvpn_clear_route($mode, $settings);
 	mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
 
@@ -870,7 +869,7 @@ function openvpn_delete($mode, & $settings)
 	mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
 
 	/* remove the configuration files */
-	@array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
+	@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
 }
 
 function openvpn_cleanup_csc($common_name)
@@ -878,10 +877,11 @@ function openvpn_cleanup_csc($common_name)
 	@unlink('/var/etc/openvpn-csc/' . basename($common_name));
 }
 
-function openvpn_resync_csc(& $settings) {
+function openvpn_resync_csc(&$settings)
+{
 	global $g, $config;
 
-	$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
+	$fpath = "/var/etc/openvpn-csc/{$settings['common_name']}";
 
 	if (isset($settings['disable'])) {
 		@unlink($fpath);
@@ -1034,7 +1034,7 @@ function openvpn_get_active_servers($type="multipoint") {
 			$server['conns'] = array();
 			$server['vpnid'] = $settings['vpnid'];
 			$server['mgmt'] = "server{$server['vpnid']}";
-			$socket = "unix://{$g['varetc_path']}/openvpn/{$server['mgmt']}.sock";
+			$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
 			list($tn, $sm) = explode('/', $settings['tunnel_network']);
 
 			if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p"))
@@ -1136,7 +1136,7 @@ function openvpn_get_active_clients() {
 
 			$client['vpnid'] = $settings['vpnid'];
 			$client['mgmt'] = "client{$client['vpnid']}";
-			$socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock";
+			$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
 			$client['status']="down";
 
 			$clients[] = openvpn_get_client_status($client, $socket);
@@ -1255,7 +1255,7 @@ function openvpn_refresh_crls() {
 					if (!empty($settings['crlref'])) {
 						$crl = lookup_crl($settings['crlref']);
 						crl_update($crl);
-						$fpath = $g['varetc_path']."/openvpn/server{$settings['vpnid']}.crl-verify";
+						$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
 						file_put_contents($fpath, base64_decode($crl['text']));
 						@chmod($fpath, 0644);
 					}

src/etc/inc/service-utils.inc

@@ -34,7 +34,6 @@ require_once("vpn.inc");
 require_once("vslb.inc");
 require_once("gwlb.inc");
 
-
 if (!function_exists('get_services')) {
 
 	function get_services() {
@@ -386,7 +385,7 @@ if (!function_exists('service_control_start')) {
 				$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
 				if (($vpnmode == "server") || ($vpnmode == "client")) {
 					$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
-					$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
+					$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
 					if (file_exists($configfile))
 						openvpn_restart_by_vpnid($vpnmode, $id);
 				}
@@ -530,7 +529,7 @@ if (!function_exists('service_control_restart')) {
 				$vpnmode = htmlspecialchars($extras['vpnmode']);
 				if ($vpnmode == "server" || $vpnmode == "client") {
 					$id = htmlspecialchars($extras['id']);
-					$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
+					$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
 					if (file_exists($configfile))
 						openvpn_restart_by_vpnid($vpnmode, $id);
 				}

src/etc/inc/services.inc

@@ -304,7 +304,7 @@ function services_radvd_configure($blacklist = array())
 	}
 
 	/* write radvd.conf */
-	if (!@file_put_contents("{$g['varetc_path']}/radvd.conf", $radvdconf)) {
+	if (!@file_put_contents("/var/etc/radvd.conf", $radvdconf)) {
 		log_error("Error: cannot open radvd.conf in services_radvd_configure().\n");
 		if (file_exists("/var/run/booting"))
 			printf("Error: cannot open radvd.conf in services_radvd_configure().\n");
@@ -1919,7 +1919,7 @@ function services_snmpd_configure()
 			echo gettext("Starting SNMP daemon... ");
 
 		/* generate snmpd.conf */
-		$fd = fopen("{$g['varetc_path']}/snmpd.conf", "w");
+		$fd = fopen("/var/etc/snmpd.conf", "w");
 		if (!$fd) {
 			printf(gettext("Error: cannot open snmpd.conf in services_snmpd_configure().%s"),"\n");
 			return 1;
@@ -2092,7 +2092,7 @@ EOD;
 		}
 
 		/* run bsnmpd */
-		mwexec("/usr/sbin/bsnmpd -c {$g['varetc_path']}/snmpd.conf" .
+		mwexec("/usr/sbin/bsnmpd -c /var/etc/snmpd.conf" .
 			"{$bindlan} -p /var/run/snmpd.pid");
 
 		if (file_exists("/var/run/booting"))
@@ -2143,7 +2143,7 @@ function services_dnsupdate_process($int = '', $updatehost = '', $forced = false
 				/* write private key file
 				   this is dumb - public and private keys are the same for HMAC-MD5,
 				   but nsupdate insists on having both */
-				$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.private", "w");
+				$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.private", "w");
 				$privkey = <<<EOD
 Private-key-format: v1.2
 Algorithm: 157 (HMAC)
@@ -2165,7 +2165,7 @@ EOD;
 					$proto = 2;
 				}
 
-				$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.key", "w");
+				$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.key", "w");
 				fwrite($fd, "{$keyname} IN KEY {$flags} {$proto} 157 {$dnsupdate['keydata']}\n");
 				fclose($fd);
 
@@ -2218,13 +2218,13 @@ EOD;
 				$upinst .= "\n";	/* mind that trailing newline! */
 
 				if ($need_update) {
-					@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
+					@file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
 					unset($upinst);
 					/* invoke nsupdate */
-					$cmd = "/usr/local/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
+					$cmd = "/usr/local/bin/nsupdate -k /var/etc/K{$i}{$keyname}+157+00000.key";
 					if (isset($dnsupdate['usetcp']))
 						$cmd .= " -v";
-					$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
+					$cmd .= " /var/etc/nsupdatecmds{$i}";
 					mwexec_bg($cmd);
 					unset($cmd);
 				}
@@ -2380,5 +2380,3 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont
 	}
 	configure_cron();
 }
-
-?>

src/etc/inc/system.inc

@@ -549,13 +549,13 @@ function system_staticroutes_configure($interface = "", $update_dns = false) {
 			array_unique($filterdns_list);
 			foreach ($filterdns_list as $hostname)
 				$hostnames .= "cmd {$hostname} '/usr/local/opnsense/service/configd_ctl.py \"routedns reload\"'\n";
-			file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
+			file_put_contents("/var/etc/filterdns-route.hosts", $hostnames);
 			unset($hostnames);
 
 			if (isvalidpid('/var/run/filterdns-route.pid')) {
 				killbypid('/var/run/filterdns-route.pid', 'HUP');
 			} else {
-				mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
+				mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c /var/etc/filterdns-route.hosts -d 1");
 			}
 		} else {
 			killbypid('/var/run/filterdns-route.pid');
@@ -744,7 +744,7 @@ EOD;
 EOD;
 		}
 		/* write syslog.conf */
-		if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
+		if (!@file_put_contents("/var/etc/syslog.conf", $syslogconf)) {
 			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
 			unset($syslogconf);
 			return 1;
@@ -771,7 +771,7 @@ EOD;
 			}
 		}
 
-		$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
+		$syslogd_extra = "-f /var/etc/syslog.conf {$sourceip}";
 	}
 
 	if (isvalidpid('/var/run/syslog.pid')) {
@@ -845,7 +845,7 @@ function system_webgui_start()
 	}
 
 	/* generate lighttpd configuration */
-	system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
+	system_generate_lighty_config("/var/etc/lighty-webConfigurator.conf",
 		$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
 		"cert.pem", "ca.pem");
 
@@ -858,7 +858,7 @@ function system_webgui_start()
 	mwexec('/usr/local/etc/rc.php_ini_setup');
 
 	/* attempt to start lighthttpd and return true if ok */
-	return !mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
+	return !mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf");
 }
 
 function system_generate_lighty_config(
@@ -1088,9 +1088,9 @@ EOD;
 		$lighty_config .= "\n";
 		$lighty_config .= "## ssl configuration\n";
 		$lighty_config .= "ssl.engine = \"enable\"\n";
-		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+		$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
 		if($ca <> "")
-			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
+			$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
 	}
 	$lighty_config .= " }\n";
 
@@ -1142,30 +1142,30 @@ EOD;
 	$ca = str_replace("\n\n", "\n", $ca);
 
 	if($cert <> "" and $key <> "") {
-		$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
+		$fd = fopen("/var/etc/{$cert_location}", "w");
 		if (!$fd) {
 			printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
 			return 1;
 		}
-		chmod("{$g['varetc_path']}/{$cert_location}", 0600);
+		chmod("/var/etc/{$cert_location}", 0600);
 		fwrite($fd, $cert);
 		fwrite($fd, "\n");
 		fwrite($fd, $key);
 		fclose($fd);
 		if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
-			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
+			$fd = fopen("/var/etc/{$ca_location}", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
 				return 1;
 			}
-			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
+			chmod("/var/etc/{$ca_location}", 0600);
 			fwrite($fd, $ca);
 			fclose($fd);
 		}
 		$lighty_config .= "\n";
 		$lighty_config .= "## " . gettext("ssl configuration") . "\n";
 		$lighty_config .= "ssl.engine = \"enable\"\n";
-		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+		$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
 
 		// Harden SSL a bit for PCI conformance testing
 		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
@@ -1192,7 +1192,7 @@ EOD;
 		}
 
 		if(!(empty($ca) || (strlen(trim($ca)) == 0)))
-			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
+			$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
 	}
 
 	// Add HTTP to HTTPS redirect

src/etc/inc/voucher.inc

@@ -60,7 +60,7 @@ function voucher_expire($voucher_received) {
 			continue;   // seems too short to be a voucher!
 
 		unset($output);
-		$_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output);
+		$_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output);
 		list($status, $roll, $nr) = explode(" ", $output[0]);
 		if ($status == "OK") {
 			// check if we have this ticket on a registered roll for this ticket
@@ -165,7 +165,7 @@ function voucher_auth($voucher_received, $test = 0) {
 		if (strlen($voucher) < 3)
 			continue;   // seems too short to be a voucher!
 
-		$result = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v");
+		$result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v");
 		list($status, $roll, $nr) = explode(" ", $result);
 		if ($status == "OK") {
 			if (!$first_voucher) {
@@ -303,7 +303,7 @@ function voucher_configure_zone($sync = false)
 
 	/* write public key used to verify vouchers */
 	$pubkey = base64_decode($config['voucher'][$cpzone]['publickey']);
-	$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.public", "w");
+	$fd = fopen("/var/etc/voucher_{$cpzone}.public", "w");
 	if (!$fd) {
 		captiveportal_syslog("Voucher error: cannot write voucher.public\n");
 		unlock($voucherlck);
@@ -311,10 +311,10 @@ function voucher_configure_zone($sync = false)
 	}
 	fwrite($fd, $pubkey);
 	fclose($fd);
-	@chmod("{$g['varetc_path']}/voucher_{$cpzone}.public", 0600);
+	@chmod("/var/etc/voucher_{$cpzone}.public", 0600);
 
 	/* write config file used by voucher binary to decode vouchers */
-	$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.cfg", "w");
+	$fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w");
 	if (!$fd) {
 		captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n");
 		unlock($voucherlck);
@@ -322,7 +322,7 @@ function voucher_configure_zone($sync = false)
 	}
 	fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n");
 	fclose($fd);
-	@chmod("{$g['varetc_path']}/voucher_{$cpzone}.cfg", 0600);
+	@chmod("/var/etc/voucher_{$cpzone}.cfg", 0600);
 	unlock($voucherlck);
 
 	if (!$sync) {

src/etc/inc/vslb.inc

@@ -183,8 +183,7 @@ function relayd_configure($kill_first=false) {
 		}
 	}
 
-
-	$fd = fopen("{$g['varetc_path']}/relayd.conf", "w");
+	$fd = fopen('/var/etc/relayd.conf', 'w');
 	$conf .= "log updates \n";
 
 	/* Global timeout, interval and prefork settings
@@ -355,13 +354,13 @@ function relayd_configure($kill_first=false) {
 	if (is_process_running('relayd')) {
 		if (! empty($vs_a)) {
 			if ($kill_first) {
-				mwexec('pkill relayd');
+				killbyname('relayd');
 				/* Remove all active relayd anchors now that relayd is no longer running. */
-				cleanup_lb_anchor("*");
-				mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
+				cleanup_lb_anchor('*');
+				mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
 			} else {
 				// it's running and there is a config, just reload
-				mwexec("/usr/local/sbin/relayctl reload");
+				mwexec('/usr/local/sbin/relayctl reload');
 			}
 		} else {
 			/*
@@ -371,7 +370,7 @@ function relayd_configure($kill_first=false) {
 			 * mwexec('/usr/local/sbin/relayctl stop');
 			 *  returns "command failed"
 			 */
-			mwexec('pkill relayd');
+			killbyname('relayd');
 			/* Remove all active relayd anchors now that relayd is no longer running. */
 			cleanup_lb_anchor("*");
 		}
@@ -379,8 +378,8 @@ function relayd_configure($kill_first=false) {
 		if (! empty($vs_a)) {
 			// not running and there is a config, start it
 			/* Remove all active relayd anchors so it can start fresh. */
-			cleanup_lb_anchor("*");
-			mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
+			cleanup_lb_anchor('*');
+			mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
 		}
 	}
 }