Commit 845b96d4 authored by Franco Fichtner's avatar Franco Fichtner

system: tighten serial handling around /etc/ttys

parent 0273d265
......@@ -1782,11 +1782,6 @@ function system_reboot($sync = false)
}
}
function system_console_configure()
{
setup_serial_port();
}
function system_setup_sysctl()
{
activate_sysctls();
......@@ -1926,7 +1921,7 @@ function load_thermal_module()
}
}
function setup_serial_port($sync = true)
function system_console_configure()
{
global $config;
......@@ -1936,8 +1931,8 @@ function setup_serial_port($sync = true)
// ** serial console - write out /boot.config
if ($serial_enabled) {
file_put_contents('/boot.config', "-S{$serialspeed} -D\n");
} elseif (file_exists('/boot.config')) {
unlink('/boot.config');
} else {
@unlink('/boot.config');
}
// ** console settings in /boot/loader.conf
......@@ -1970,14 +1965,10 @@ function setup_serial_port($sync = true)
@file_put_contents('/boot/loader.conf', $new_loader_conf);
// ** setup /etc/ttys
// minimize chances of /etc/ttys corruption, keep a copy of the original ttys file
if (!file_exists('/etc/ttys.opnsense') || filesize('/etc/ttys.opnsense') < 100) {
copy('/etc/ttys', '/etc/ttys.opnsense');
}
$fd = fopen("/etc/ttys", "w");
$on_off = $serial_enabled ? 'on' : 'off';
$etc_ttys_lines = explode("\n", file_get_contents('/etc/ttys'));
$fd = fopen('/etc/ttys', 'w');
$on_off_secure = $serial_enabled ? 'onifconsole secure' : 'off secure';
$terminal_type = 'cons25'; /* XXX standard is 'xterm' for virtual, 'vt100' for serial */
if (isset($config['system']['disableconsolemenu'])) {
$console_type = 'Pc';
$serial_type = 'std.' . $serialspeed;
......@@ -1985,24 +1976,28 @@ function setup_serial_port($sync = true)
$console_type = 'al.Pc';
$serial_type = 'al.' . $serialspeed;
}
foreach(explode("\n", file_get_contents("/etc/ttys.opnsense")) as $tty) {
if (stristr($tty, "ttyv0")) {
fwrite($fd, "ttyv0 \"/usr/libexec/getty {$console_type}\" cons25 on secure\n");
} elseif (stristr($tty, "ttyu0")) {
fwrite($fd, "ttyu0 \"/usr/libexec/getty {$serial_type}\" cons25 {$on_off} secure\n");
} elseif (!empty($tty)) {
fwrite($fd, $tty . "\n");
foreach ($etc_ttys_lines as $tty) {
if (strpos($tty, 'ttyv0') === 0) {
/* first virtual terminal */
fwrite($fd, "ttyv0\t\"/usr/libexec/getty {$console_type}\"\t\t{$terminal_type}\ton secure\n");
continue;
}
foreach (array('ttyu0', 'ttyu1', 'ttyu2', 'ttyu3') as $serialport) {
if (strpos($tty, $serialport) === 0) {
/* each serial terminal */
fwrite($fd, "{$serialport}\t\"/usr/libexec/getty {$serial_type}\"\t{$terminal_type}\t{$on_off_secure}\n");
/* skip to next line in outer loop */
continue 2;
}
}
fclose($fd);
if ($sync) {
reload_ttys();
if (!empty($tty)) {
/* all other lines stay the same */
fwrite($fd, $tty . "\n");
}
}
}
fclose($fd);
function reload_ttys()
{
/* force init(8) to reload /etc/ttys */
exec('/bin/kill -HUP 1');
}
......@@ -2015,7 +2010,6 @@ function reset_factory_defaults($sync = true)
{
mwexec('/bin/rm -r /conf/*');
disable_security_checks();
setup_serial_port(false);
/* as we go through a special case directly reboot */
$shutdown_cmd = '/sbin/shutdown -or now';
......
......@@ -153,6 +153,9 @@ set_device_perms();
unmute_kernel_msgs();
echo "done.\n";
/* configure console menu */
system_console_configure();
/* Display live system's early boot options */
if (is_install_media()) {
rescue_detect_keypress();
......@@ -275,9 +278,6 @@ echo "done.\n";
/* start load balancer daemon */
relayd_configure();
/* configure console menu */
system_console_configure();
/* start DHCP service */
services_dhcpd_configure();
......@@ -305,9 +305,6 @@ $ipsec_dynamic_hosts = ipsec_configure();
/* start SNMP service */
services_snmpd_configure();
/* lock down console if necessary */
reload_ttys();
/* load graphing functions */
enable_rrd_graphing();
......
......@@ -109,6 +109,59 @@ $etc_shells = <<<EOF
EOF;
$etc_ttys = <<<EOF
#
# \$FreeBSD$
# @(#)ttys 5.1 (Berkeley) 4/17/89
#
# This file specifies various information about terminals on the system.
# It is used by several different programs. Common entries for the
# various columns include:
#
# name The name of the terminal device.
#
# getty The program to start running on the terminal. Typically a
# getty program, as the name implies. Other common entries
# include none, when no getty is needed, and xdm, to start the
# X Window System.
#
# type The initial terminal type for this port. For hardwired
# terminal lines, this will contain the type of terminal used.
# For virtual consoles, the correct type is typically xterm.
# Other common values include dialup for incoming modem ports, and
# unknown when the terminal type cannot be predetermined.
#
# status Must be on or off. If on, init will run the getty program on
# the specified port. If the word "secure" appears, this tty
# allows root login.
#
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure
#
ttyv0 "/usr/libexec/getty Pc" xterm on secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" xterm on secure
ttyv2 "/usr/libexec/getty Pc" xterm on secure
ttyv3 "/usr/libexec/getty Pc" xterm on secure
ttyv4 "/usr/libexec/getty Pc" xterm on secure
ttyv5 "/usr/libexec/getty Pc" xterm on secure
ttyv6 "/usr/libexec/getty Pc" xterm on secure
ttyv7 "/usr/libexec/getty Pc" xterm on secure
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu1 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu2 "/usr/libexec/getty 3wire" vt100 onifconsole secure
ttyu3 "/usr/libexec/getty 3wire" vt100 onifconsole secure
# Dumb console
dcons "/usr/libexec/getty std.9600" vt100 off secure
EOF;
function recover_ports()
{
$actions = array(
......@@ -151,7 +204,7 @@ function recover_rebuild()
passthru('/bin/sync');
}
function recover_base($etc_group, $etc_master_passwd, $etc_shells)
function recover_base($etc_group, $etc_master_passwd, $etc_shells, $etc_ttys)
{
echo "===> Restoring /etc/group\n";
file_put_contents('/etc/group', $etc_group);
......@@ -162,6 +215,9 @@ function recover_base($etc_group, $etc_master_passwd, $etc_shells)
echo "===> Restoring /etc/shells\n";
file_put_contents('/etc/shells', $etc_shells);
echo "===> Restoring /etc/ttys\n";
file_put_contents('/etc/ttys', $etc_ttys);
recover_rebuild();
}
......@@ -175,13 +231,13 @@ $stage = isset($argv[1]) ? $argv[1] : 'both';
switch ($stage) {
case 'base':
recover_base($etc_group, $etc_master_passwd, $etc_shells);
recover_base($etc_group, $etc_master_passwd, $etc_shells, $etc_ttys);
break;
case 'pkg':
recover_pkg();
break;
default:
recover_base($etc_group, $etc_master_passwd, $etc_shells);
recover_base($etc_group, $etc_master_passwd, $etc_shells, $etc_ttys);
recover_pkg();
break;
}
......@@ -442,7 +442,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
convert_config();
$savemsg = gettext("The m0n0wall configuration has been restored and upgraded to OPNsense.");
}
setup_serial_port();
} else {
$input_errors[] = gettext("The configuration could not be restored.");
}
......
......@@ -231,7 +231,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."), $url);
}
setup_serial_port();
system_console_configure();
system_hosts_generate();
// Restart DNS in case dns rebinding toggled
......@@ -506,7 +506,7 @@ include("head.inc");
<td><a id="help_for_enableserial" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial Terminal"); ?></td>
<td width="78%">
<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?=!empty($pconfig['enableserial']) ? "checked=\"checked\"" : "";?> />
<strong><?=gettext("Enables the first serial port with 115200/8/N/1 by default, or another speed selectable below."); ?></strong>
<strong><?=gettext("Enable serial ports with 115200/8/N/1 by default, or another speed selectable below."); ?></strong>
<div class="hidden" for="help_for_enableserial">
<?=gettext("Note: This will redirect the console output and messages to the serial port. You can still access the console menu from the internal video card/keyboard. A null modem serial cable or adapter is required to use the serial console."); ?>
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment