Commit b3f9d883 authored by Jos Schellevis's avatar Jos Schellevis

Merge branch 'master' of git.opnsense.org:repo/opnsense-core

parents f1df67f5 95babf60
......@@ -189,7 +189,7 @@
<protocol>https</protocol>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<!-- <disableconsolemenu/> -->
<disableconsolemenu/>
<!-- <disablefirmwarecheck/> -->
<!-- <harddiskstandby></harddiskstandby> -->
<disablesegmentationoffloading/>
......@@ -202,6 +202,9 @@
<interval>monthly</interval>
</bogons>
<kill_states/>
<ssh>
<sshdkeyonly/>
</ssh>
</system>
<interfaces>
<wan>
......
......@@ -998,13 +998,65 @@ function setup_serial_port($when="save", $path="") {
}
unset($on_off, $console_type, $serial_type);
fclose($fd);
auto_login();
reload_ttys();
conf_mount_ro();
}
function auto_login()
{
global $config;
/*
* This function appends the autologin extension in /etc/gettytab
* for the main console. This only works with a vanilla config;
* it is likely that manual editing by the user will make this
* function stop working properly. In case of no match, throw a
* little error...
*/
$getty_file = "/etc/gettytab";
$getty_text = explode("\n", file_get_contents($getty_file));
$getty_al = isset($config['system']['disableconsolemenu']) ? "" : "al=root:";
$getty_base = "\t:ht:np:sp#9600:";
$getty_new = $getty_base . $getty_al;
$getty_ok = false;
foreach ($getty_text as $getty_old) {
if (!strncmp($getty_old, $getty_base, strlen($getty_base))) {
if (!strcmp($getty_old, $getty_new)) {
/* already the correct setting */
return;
}
$getty_ok = true;
}
}
if (!$getty_ok) {
log_error(gettext("Could not toggle auto login setting."));
return;
}
$fd = fopen($getty_file, "w");
if (!$fd) {
log_error(gettext("Could not write auto login setting."));
return;
}
foreach ($getty_text as $getty_old) {
if (!strncmp($getty_old, $getty_base, strlen($getty_base))) {
fprintf($fd, "%s\n", $getty_new);
} else {
fprintf($fd, "%s\n", $getty_old);
}
}
fclose($fd);
}
function is_serial_enabled() {
function is_serial_enabled()
{
global $g, $config;
if (!isset($g['enableserial_force']) &&
......@@ -1015,7 +1067,8 @@ function is_serial_enabled() {
return true;
}
function reload_ttys() {
function reload_ttys()
{
// Send a HUP signal to init will make it reload /etc/ttys
posix_kill(1, SIGHUP);
}
......
......@@ -1681,17 +1681,6 @@ function system_reboot_cleanup() {
stop_packages();
}
function system_console_configure()
{
global $config, $g;
if (isset($config['system']['disableconsolemenu'])) {
touch("{$g['varetc_path']}/disableconsole");
} else {
unlink_if_exists("{$g['varetc_path']}/disableconsole");
}
}
function system_dmesg_save()
{
global $g;
......
......@@ -31,21 +31,19 @@
POSSIBILITY OF SUCH DAMAGE.
*/
function rescue_detect_keypress() {
// How long do you want the script to wait before moving on (in seconds)
$timeout=9;
function rescue_detect_keypress()
{
$timeout = 9;
echo "\n";
echo "[ Press R to enter recovery mode or ]\n";
echo "[ press I to launch the installer ]\n\n";
echo "(R)ecovery mode can assist by rescuing config.xml\n";
echo "from a broken hard disk installation, etc.\n\n";
echo "(I)nstaller may be invoked now if you do \n";
echo "not wish to boot into the liveCD environment at this time.\n\n";
echo "(C) continues the LiveCD bootup without further pause.\n\n";
echo "(I)nstaller will be invoked by default.\n\n";
echo "(C)ontinue with LiveCD bootup instead.\n\n";
echo "(R)ecovery mode escapes to a root shell.\n\n";
echo "Timeout before auto boot continues (seconds): {$timeout}";
$key = null;
exec("/bin/stty erase " . chr(8));
while(!in_array($key, array("c", "C", "r","R", "i", "I", "~", "!"))) {
while (!in_array($key, array("c", "C", "r","R", "i", "I"))) {
echo chr(8) . "{$timeout}";
`/bin/stty -icanon min 0 time 25`;
$key = trim(`KEY=\`dd count=1 2>/dev/null\`; echo \$KEY`);
......@@ -53,30 +51,26 @@ function rescue_detect_keypress() {
// Decrement our timeout value
$timeout--;
// If we have reached 0 exit and continue on
if ($timeout == 0)
if ($timeout == 0) {
break;
}
// If R or I was pressed do our logic here
if (in_array($key, array("r", "R"))) {
putenv("TERM=cons25");
echo "\n\nRecovery mode selected...\n";
passthru("/usr/bin/env TERM=cons25 /bin/csh -c /usr/local/installer/lua_installer_rescue");
} elseif (in_array($key, array("i", "I"))) {
putenv("TERM=cons25");
echo "\n\nInstaller mode selected...\n";
passthru("/usr/bin/env TERM=cons25 /bin/csh -c /usr/local/installer/lua_installer");
if(file_exists("/tmp/install_complete")) {
passthru("/usr/local/etc/rc.reboot");
exit;
}
} elseif (in_array($key, array("!", "~"))) {
putenv("TERM=cons25");
echo "\n\nRecovery shell selected...\n";
echo "\n";
echo "\n\n";
if (in_array($key, array("r", "R"))) {
echo "Recovery shell selected...\n\n";
touch("/tmp/donotbootup");
exit;
} elseif (in_array($key, array("c", "C"))) {
/* nothing */
} else {
echo "\n\n";
echo "Installer mode selected...\n";
passthru("/usr/local/etc/rc.installer");
if (file_exists("/tmp/install_complete")) {
passthru("/usr/local/etc/rc.reboot");
exit;
}
}
}
......@@ -301,9 +295,6 @@ echo "done.\n";
/* start load balancer daemon */
relayd_configure();
/* configure console menu */
system_console_configure();
/* start DHCP service */
services_dhcpd_configure();
......
......@@ -14,25 +14,15 @@
# If recovery console shell option has been specified
if [ -f "/tmp/donotbootup" ]; then
/usr/bin/env prompt="%B[%n@%m]%b%/(%h)||RecoveryConsoleShell: " /bin/csh
rm "/tmp/donotbootup"
echo "Rebooting in 5 seconds... CTRL-C to abort..."
sleep 5
rm /tmp/donotbootup
/bin/csh
/usr/local/etc/rc.reboot
exit
# no coming back from here
fi
CONFIG="/cf/conf/config.xml"
WORD="https"
# Set our operating platform
PLATFORM=`cat /usr/local/etc/platform`
# endless loop
while : ; do
product=`grep product_name /usr/local/etc/inc/globals.inc | cut -d'"' -f4`
# Check to see if SSH is running.
if pgrep -q -a -F /var/run/sshd.pid sshd >/dev/null 2>&1; then
sshd_option="14) Disable Secure Shell (sshd)";
......@@ -40,21 +30,24 @@ else
sshd_option="14) Enable Secure Shell (sshd)";
fi
if [ "$PLATFORM" = "cdrom" ]; then
option99="99) Install ${product} to a hard drive, etc."
# If we are on the LiveCD advertise the installer
if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
rmdir ${_tmpdir}
else
option99="99) Launch the installer"
fi
# display a cheap menu
echo " 0) Logout 8) Shell"
echo " 1) Assign Interfaces 9) pfTop"
echo " 2) Set interface(s) IP address 10) Filter Logs"
echo " 3) Reset webConfigurator password 11) Restart webConfigurator"
echo " 4) Reset to factory defaults 12) ${product} Developer Shell"
echo " 3) Reset the root password 11) Restart web interface"
echo " 4) Reset to factory defaults 12) Developer Shell"
echo " 5) Reboot system 13) Upgrade from console"
echo " 6) Halt system ${sshd_option}"
echo " 7) Ping host 15) Restore recent configuration"
if [ "${option99}" != "" ]; then
/bin/echo "${option99}"
echo " 7) Ping host 15) Restore a configuration"
if [ -n "${option99}" ]; then
# flat for alignment...
echo " ${option99}"
fi
echo
......@@ -112,18 +105,13 @@ case ${opmode} in
/usr/local/etc/rc.restore_config_backup
;;
99)
if [ -e /dev/ukbd0 ]; then
env TERM=cons25 /usr/local/installer/lua_installer
else
/usr/local/installer/lua_installer
fi
/usr/local/etc/rc.installer
;;
*)
;;
esac
/usr/local/etc/rc.initial.banner
echo
done
......@@ -24,85 +24,34 @@
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
product=`cat /usr/local/etc/inc/globals.inc | grep product_name | cut -d'"' -f4`
factory_shipped_password=`cat /usr/local/etc/inc/globals.inc | grep factory_shipped_password | cut -d'"' -f4`
factory_shipped_username=`cat /usr/local/etc/inc/globals.inc | grep factory_shipped_username | cut -d'"' -f4`
PRODUCT=`grep product_name /usr/local/etc/inc/globals.inc | cut -d'"' -f4`
USERNAME=`grep factory_shipped_username /usr/local/etc/inc/globals.inc | cut -d'"' -f4`
PASSWORD=`grep factory_shipped_password /usr/local/etc/inc/globals.inc | cut -d'"' -f4`
echo
echo "Launching ${product} Installer..."
echo
# Ensure install-session.sh exists where the installtion was recorded to
touch /tmp/install-session.sh
/sbin/sysctl kern.geom.debugflags=16
/sbin/sysctl kern.geom.debugflags=16 >/dev/null
/sbin/sysctl net.link.ether.inet.log_arp_wrong_iface=0 >/dev/null
/sbin/ifconfig lo0 127.0.0.1/24
/sbin/ifconfig lo0 up
# Check if host is running on VMware -- early boot
if [ `dmesg -a | grep VMware | wc -l` -gt 0 ]; then
touch /var/IS_VMWARE
fi
# Start the backend in the background (must mute all the ouput)
LUA_CPATH='/usr/local/lib/lua/5.0/?.so' /usr/local/bin/lua50 \
-l/usr/local/share/lua/5.0/compat-5.1.lua \
/usr/local/share/dfuibe_lua/main.lua \
/usr/local/share/dfuibe_lua/conf/BSDInstaller.lua \
/usr/local/share/dfuibe_lua/conf/FreeBSD.lua \
/usr/local/share/dfuibe_lua/conf/pfSense.lua > /dev/null 2>&1 &
# Check if host is running on VMware
if [ -f /var/log/dmesg.boot ]; then
if [ `cat /var/log/dmesg.boot | /usr/bin/grep VMware | /usr/bin/wc -l` -gt 0 ]; then
echo -n "VMware detected. The installer will make changes to tune this host."
touch /var/IS_VMWARE
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo "."
fi
/sbin/conscontrol mute on > /dev/null
# Check if host is running on pfSenseDEV
if [ `/sbin/sysctl -n kern.bootfile | /usr/bin/grep pfSense_Dev | /usr/bin/wc -l` -gt 0 ]; then
echo -n "${product} developer iso detected."
touch /var/pfSenseDEV
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo "."
fi
# Launch the frontend goo (must include cons25 for first boot)
TERM=cons25 /usr/local/sbin/dfuife_curses
if [ -f /var/run/dmesg.boot ]; then
ln -s /var/log/dmesg.boot /var/run/dmesg.boot
fi
fi
echo "One moment please..."
echo
echo -n "LUA_CPATH='/usr/local/lib/lua/5.0/?.so' exec /usr/local/bin/lua50 -l/usr/local/share/lua/5.0/compat-5.1.lua " > /tmp/lua50c51
echo "/usr/local/share/dfuibe_lua/main.lua \
/usr/local/share/dfuibe_lua/conf/BSDInstaller.lua \
/usr/local/share/dfuibe_lua/conf/FreeBSD.lua \
/usr/local/share/dfuibe_lua/conf/pfSense.lua " >> /tmp/lua50c51
#/sbin/conscontrol mute on >/dev/null 2>&1
sh /tmp/lua50c51 >/dev/null 2>&1 &
sleep 1
echo Launching Installer NCurses frontend...
/usr/local/sbin/dfuife_curses
#/sbin/conscontrol mute off >/dev/null 2>&1
/sbin/conscontrol mute off > /dev/null
if [ ! -f /tmp/install_complete ]; then
echo Installation did not finish correctly.
echo "The installation was aborted."
echo
exit
fi
......@@ -123,7 +72,7 @@ echo
echo
echo
echo
echo "${product} is now rebooting"
echo "${PRODUCT} is now rebooting"
echo
echo "After the reboot is complete, open a web browser and"
echo "enter https://192.168.1.1 (or the LAN IP Address) in the"
......@@ -133,23 +82,14 @@ echo "You might need to acknowledge the HTTPS certificate if "
echo "your browser reports it as untrusted. This is normal"
echo "as a self-signed certificate is used by default."
echo
echo "*DEFAULT Username*: ${factory_shipped_username}"
echo "*DEFAULT Password*: ${factory_shipped_password}"
echo "*DEFAULT Username*: ${USERNAME}"
echo "*DEFAULT Password*: ${PASSWORD}"
echo
echo Rebooting in 5 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 4 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 3 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 2 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 1 second.. CTRL-C to abort.
sleep 1
echo
echo ${product} is now rebooting.
for n in 5 4 3 2 1; do
echo Rebooting in $n seconds. CTRL-C to abort.
sleep 1
done
echo
reboot
......@@ -2,9 +2,8 @@
<?php
/*
Copyright 2004 Scott K Ullrich
Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
Copyright (C) 2004 Scott K Ullrich
Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
......@@ -34,6 +33,8 @@ require_once("config.inc");
require_once("functions.inc");
require_once("shaper.inc");
killbyname('sshd');
if (!isset($config['system']['enablesshd'])) {
return;
}
......@@ -43,6 +44,10 @@ if (!is_subsystem_dirty('sshdkeys')) {
conf_mount_rw();
}
if (file_exists('/conf/sshd/ssh_host_key') && !file_exists('/etc/ssh/ssh_host_key')) {
mwexec('/bin/cp -p /conf/sshd/* /etc/ssh/');
}
$keys = array(
'ssh_host_key',
'ssh_host_key.pub',
......@@ -56,93 +61,61 @@ $keys = array(
'ssh_host_ed25519_key.pub'
);
/* restore ssh data for nanobsd platform */
if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) {
echo "Restoring SSH from /conf/sshd/";
exec("/bin/cp -p /conf/sshd/* /etc/ssh/");
/* make sure host private key permissions aren't too open so sshd won't complain */
foreach($keys as $f2c) {
if(file_exists("/etc/ssh/{$f2c}"))
chmod("/etc/ssh/{$f2c}", 0600);
}
}
/* if any of these files are 0 bytes then they are corrupted.
* remove them
*/
foreach($keys as $f2c) {
if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) {
unlink_if_exists('/etc/ssh/ssh_host*');
break;
unlink("/etc/ssh/{$f2c}");
}
}
if (!is_dir("/var/empty")) {
/* make ssh home directory */
mkdir("/var/empty", 0555);
}
/* make ssh home directory */
@mkdir("/var/empty", 0555, true);
if(!file_exists("/var/log/lastlog")) {
/* Login related files. */
@touch("/var/log/lastlog");
}
/* Login related files. */
touch("/var/log/lastlog");
$sshConfigDir = "/etc/ssh";
if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
if (isset($config['system']['ssh']['port'])) {
$sshport = $config['system']['ssh']['port'];
else
} else {
$sshport = 22;
}
/*
* XXX ZOMG sshd_config BOOTSTRAPPING ACTION
*
* We can't just ditch the system file by default and roll
* our own. Instead, use the current file to find the actual
* settings that need toggling, then toggle them!
*/
/* Include default configuration for pfSense */
$sshconf = "# This file is automatically generated at startup\n";
$sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";
$sshconf .= "PermitRootLogin yes\n";
$sshconf = "# This file was automatically generated by /usr/local/etc/rc.sshd\n";
$sshconf .= "Port {$sshport}\n";
$sshconf .= "Protocol 2\n";
/* XXX a couple of those need moar cleanups: */
$sshconf .= "Compression yes\n";
$sshconf .= "ClientAliveInterval 30\n";
$sshconf .= "UseDNS no\n";
$sshconf .= "X11Forwarding no\n";
$sshconf .= "PubkeyAuthentication yes\n";
$sshconf .= "Subsystem\tsftp\tinternal-sftp\n";
if (isset($config['system']['ssh']['permitrootlogin'])) {
$sshconf .= "PermitRootLogin yes\n";
}
if (isset($config['system']['ssh']['sshdkeyonly'])) {
$sshconf .= "# Login via Key only\n";
$sshconf .= "PasswordAuthentication no\n";
$sshconf .= "ChallengeResponseAuthentication no\n";
$sshconf .= "PubkeyAuthentication yes\n";
} else {
$sshconf .= "# Login via Key and Password\n";
$sshconf .= "PasswordAuthentication yes\n";
$sshconf .= "ChallengeResponseAuthentication yes\n";
$sshconf .= "PubkeyAuthentication yes\n";
}
$sshconf .= "# override default of no subsystems\n";
$sshconf .= "Subsystem sftp /usr/libexec/sftp-server\n";
/* Only allow protocol 2, because we say so */
$sshconf .= "Protocol 2\n";
/* Run the server on another port if we have one defined */
$sshconf .= "Port $sshport\n";
/* Hide FreeBSD version */
$sshconf .= "VersionAddendum \n";
/* Write the new sshd config file */
@file_put_contents("/etc/ssh/sshd_config", $sshconf);
/* mop up from a badly implemented ssh keys -> cf backup */
if($config['ssh']['dsa_key'] <> "") {
unset($config['ssh']['dsa_key']);
unset($config['ssh']['ecdsa_key']);
unset($config['ssh']['ed25519_key']);
unset($config['ssh']['rsa_key']);
unset($config['ssh']['rsa1_key']);
unset($config['ssh']['dsa']);
unset($config['ssh']['rsa']);
unset($config['ssh']['rsa1']);
unset($config['ssh']['ak']);
write_config("Clearing SSH keys from config.xml");
}
file_put_contents('/etc/ssh/sshd_config', $sshconf);
/* are we already running? if so exit */
if(is_subsystem_dirty('sshdkeys')) {
unset($keys);
if (is_subsystem_dirty('sshdkeys')) {
return;
}
......@@ -156,40 +129,29 @@ foreach ($keys as $f2c) {
}
if ($generate_keys) {
/* remove previous keys and regen later */
file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", "");
unlink_if_exists('/etc/ssh/ssh_host_*');
log_error(_('Started creating your SSH keys. SSH startup is being delayed a wee bit.'));
mark_subsystem_dirty('sshdkeys');
echo " Generating Keys:\n";
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
$_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key");
mwexec('/bin/rm /etc/ssh/ssh_host_*', true);
mwexec("/usr/bin/ssh-keygen -t rsa1 -N '' -f {$sshConfigDir}/ssh_host_key");
mwexec("/usr/bin/ssh-keygen -t rsa -N '' -f {$sshConfigDir}/ssh_host_rsa_key");
mwexec("/usr/bin/ssh-keygen -t dsa -N '' -f {$sshConfigDir}/ssh_host_dsa_key");
mwexec("/usr/bin/ssh-keygen -t ecdsa -N '' -f {$sshConfigDir}/ssh_host_ecdsa_key");
mwexec("/usr/bin/ssh-keygen -t ed25519 -N '' -f {$sshConfigDir}/ssh_host_ed25519_key");
clear_subsystem_dirty('sshdkeys');
file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys. SSH is now started.", "SSH Startup", "");
log_error(_('Completed creating your SSH keys. SSH will now be started.'));
}
/* kill existing sshd process, server only, not the childs */
$sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
if($sshd_pid <> "") {
echo "stopping ssh process $sshd_pid \n";
@posix_kill($sshd_pid, SIGTERM);
}
/* Launch new server process */
$status = mwexec("/usr/sbin/sshd");
if($status <> 0) {
file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", "");
echo "error!\n";
echo "Reloading sshd...";
if (mwexec('/usr/sbin/sshd')) {
echo "failed.\n";
} else {
echo "done.\n";
}
// NanoBSD
if($g['platform'] == "nanobsd") {
if(!is_dir("/conf/sshd"))
mkdir("/conf/sshd", 0750);
$_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
}
/* back up files in case they are useful */
@mkdir('/conf/sshd', 0777, true);
mwexec('/bin/cp -p /etc/ssh/ssh_host* /conf/sshd');
conf_mount_ro();
unset($keys);
#!/bin/sh
#
# Launch BSD Installer with fake "installer root"
# Copyright 2004-2009 Scott Ullrich
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
product=`cat /usr/local/etc/inc/globals.inc | grep product_name | cut -d'"' -f4`
factory_shipped_password=`cat /usr/local/etc/inc/globals.inc | grep factory_shipped_password | cut -d'"' -f4`
factory_shipped_username=`cat /usr/local/etc/inc/globals.inc | grep factory_shipped_username | cut -d'"' -f4`
echo
echo "Launching ${product} Installer config.xml rescue..."
echo
echo "One moment please..."
echo
# Ensure install-session.sh exists where the installtion was recorded to
touch /tmp/install-session.sh
/sbin/sysctl kern.geom.debugflags=16
/sbin/sysctl net.link.ether.inet.log_arp_wrong_iface=0 >/dev/null
/sbin/ifconfig lo0 127.0.0.1/24
/sbin/ifconfig lo0 up
# Check if host is running on VMware
if [ -f /var/log/dmesg.boot ]; then
if [ `cat /var/log/dmesg.boot | /usr/bin/grep VMware | /usr/bin/wc -l` -gt 0 ]; then
echo -n "VMware detected. The installer will make changes to tune this host."
touch /var/IS_VMWARE
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo "."
fi
# Check if host is running on pfSenseDEV
if [ `/sbin/sysctl -n kern.bootfile | /usr/bin/grep pfSense_Dev | /usr/bin/wc -l` -gt 0 ]; then
echo -n "${product} developer iso detected."
touch /var/pfSenseDEV
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo "."
fi
if [ -f /var/run/dmesg.boot ]; then
ln -s /var/log/dmesg.boot /var/run/dmesg.boot
fi
fi
echo Launching LUA Installer...
echo -n "LUA_CPATH='/usr/local/lib/lua/5.0/?.so' exec /usr/local/bin/lua50 -l/usr/local/share/lua/5.0/compat-5.1.lua " > /tmp/lua50c51
echo "/usr/local/share/dfuibe_lua/main.lua \
/usr/local/share/dfuibe_lua/conf/BSDInstaller.lua \
/usr/local/share/dfuibe_lua/conf/FreeBSD.lua \
/usr/local/share/dfuibe_lua/conf/pfSense_rescue.lua " >> /tmp/lua50c51
#/sbin/conscontrol mute on >/dev/null 2>&1
sh /tmp/lua50c51 >/dev/null 2>&1 &
sleep 1
echo Launching Installer NCurses frontend...
/usr/local/sbin/dfuife_curses
#/sbin/conscontrol mute off >/dev/null 2>&1
if [ ! -f /tmp/install_complete ]; then
echo Installation did not finish correctly.
exit
fi
clear
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo
echo "${product} is now rebooting"
echo
echo "After the reboot is complete, open a web browser and"
echo "enter http://192.168.1.1 (or the LAN IP Address) in the"
echo "location bar."
echo
echo "*DEFAULT Username*: ${factory_shipped_username}"
echo "*DEFAULT Password*: ${factory_shipped_password}"
echo
echo Rebooting in 5 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 4 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 3 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 2 seconds. CTRL-C to abort.
sleep 1
echo Rebooting in 1 second.. CTRL-C to abort.
sleep 1
echo
echo ${product} is now rebooting.
echo
reboot
<?php
/* $Id$ */
/*
system_advanced_admin.php
part of pfSense
Copyright (C) 2005-2010 Scott Ullrich
......@@ -67,6 +66,7 @@ $pconfig['primaryconsole'] = $config['system']['primaryconsole'];
$pconfig['enablesshd'] = $config['system']['enablesshd'];
$pconfig['sshport'] = $config['system']['ssh']['port'];
$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
$pconfig['sshdpermitrootlogin'] = isset($config['system']['ssh']['permitrootlogin']);
$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
$a_cert =& $config['cert'];
......@@ -108,6 +108,11 @@ if ($_POST) {
else if (isset($config['system']['ssh']['sshdkeyonly']))
unset($config['system']['ssh']['sshdkeyonly']);
if($_POST['sshdpermitrootlogin'] == "yes")
$config['system']['ssh']['permitrootlogin'] = "enabled";
else if (isset($config['system']['ssh']['permitrootlogin']))
unset($config['system']['ssh']['permitrootlogin']);
ob_flush();
flush();
......@@ -191,11 +196,11 @@ if ($_POST) {
else
unset($config['system']['enablesshd']);
$sshd_keyonly = isset($config['system']['sshdkeyonly']);
$sshd_keyonly = isset($config['system']['ssh']['sshdkeyonly']);
if ($_POST['sshdkeyonly'])
$config['system']['sshdkeyonly'] = true;
$config['system']['ssh']['sshdkeyonly'] = true;
else
unset($config['system']['sshdkeyonly']);
unset($config['system']['ssh']['sshdkeyonly']);
$sshd_port = $config['system']['ssh']['port'];
if ($_POST['sshport'])
......@@ -203,10 +208,18 @@ if ($_POST) {
else if (isset($config['system']['ssh']['port']))
unset($config['system']['ssh']['port']);
$sshd_permitrootlogin = $config['system']['ssh']['permitrootlogin'];
if ($_POST['sshdpermitrootlogin'])
$config['system']['ssh']['permitrootlogin'] = $_POST['sshdpermitrootlogin'];
else if (isset($config['system']['ssh']['permitrootlogin']))
unset($config['system']['ssh']['permitrootlogin']);
if (($sshd_enabled != $config['system']['enablesshd']) ||
($sshd_keyonly != $config['system']['sshdkeyonly']) ||
($sshd_port != $config['system']['ssh']['port']))
($sshd_keyonly != $config['system']['ssh']['sshdkeyonly']) ||
($sshd_port != $config['system']['ssh']['port']) ||
($sshd_permitrootlogin != $config['system']['ssh']['permitrootlogin'])) {
$restart_sshd = true;
}
if ($restart_webgui) {
global $_SERVER;
......@@ -503,6 +516,16 @@ include("head.inc");
<strong><?=gettext("Enable Secure Shell"); ?></strong>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Root Login"); ?></td>
<td width="78%" class="vtable">
<input name="sshdpermitrootlogin" type="checkbox" id="sshdpermitrootlogin" value="yes" <?php if ($pconfig['sshdpermitrootlogin']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Enable root user login"); ?></strong>
<br />
<?=gettext("Root login is generally discouraged. It is advised "); ?>
<?=gettext("to log in via another user and switch to root afterwards."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Authentication Method"); ?></td>
<td width="78%" class="vtable">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment