Revision 21d1560f
Added by Ermal LUÇI over 12 years ago
| etc/rc.filter_synchronize | ||
|---|---|---|
| 93 | 93 |
if(file_exists("{$g['varrun_path']}/booting") || $g['booting'])
|
| 94 | 94 |
return; |
| 95 | 95 |
|
| 96 |
$params = array( |
|
| 97 |
XML_RPC_encode($password) |
|
| 98 |
); |
|
| 99 |
|
|
| 100 |
$numberofruns = 0; |
|
| 101 |
while ($numberofruns < 2) {
|
|
| 102 |
$msg = new XML_RPC_Message($method, $params); |
|
| 103 |
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
|
|
| 104 |
$cli->setCredentials($username, $password); |
|
| 105 |
if($numberofruns > 0) |
|
| 106 |
$cli->setDebug(1); |
|
| 107 |
/* send our XMLRPC message and timeout after 240 seconds */ |
|
| 108 |
$resp = $cli->send($msg, "240"); |
|
| 109 |
if(!is_object($resp)) {
|
|
| 110 |
$error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
|
| 111 |
} elseif($resp->faultCode()) {
|
|
| 112 |
$error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
|
| 113 |
} else {
|
|
| 114 |
$parsed_response = XML_RPC_decode($resp->value()); |
|
| 115 |
if(!is_array($parsed_response)) {
|
|
| 116 |
if (trim($parsed_response) == "Authentication failed") {
|
|
| 117 |
$error = "An authentication failure occurred while trying to access {$url}:{$port} ({$method}).";
|
|
| 118 |
log_error($error); |
|
| 119 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 120 |
exit; |
|
| 121 |
} |
|
| 122 |
} else {
|
|
| 123 |
if (!isset($parsed_response['config_version']) || |
|
| 124 |
$parsed_response['config_version'] < $config['version']) {
|
|
| 125 |
update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
|
|
| 126 |
log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
|
|
| 127 |
return false; |
|
| 128 |
} else |
|
| 129 |
return true; |
|
| 96 |
$params = array( |
|
| 97 |
XML_RPC_encode($password) |
|
| 98 |
); |
|
| 99 |
|
|
| 100 |
$numberofruns = 0; |
|
| 101 |
while ($numberofruns < 2) {
|
|
| 102 |
$msg = new XML_RPC_Message($method, $params); |
|
| 103 |
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
|
|
| 104 |
$cli->setCredentials($username, $password); |
|
| 105 |
if($numberofruns > 0) |
|
| 106 |
$cli->setDebug(1); |
|
| 107 |
/* send our XMLRPC message and timeout after 240 seconds */ |
|
| 108 |
$resp = $cli->send($msg, "240"); |
|
| 109 |
if(!is_object($resp)) {
|
|
| 110 |
$error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
|
|
| 111 |
} elseif($resp->faultCode()) {
|
|
| 112 |
$error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
|
| 113 |
} else {
|
|
| 114 |
$parsed_response = XML_RPC_decode($resp->value()); |
|
| 115 |
if(!is_array($parsed_response)) {
|
|
| 116 |
if (trim($parsed_response) == "Authentication failed") {
|
|
| 117 |
$error = "An authentication failure occurred while trying to access {$url}:{$port} ({$method}).";
|
|
| 118 |
log_error($error); |
|
| 119 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 120 |
exit; |
|
| 130 | 121 |
} |
| 122 |
} else {
|
|
| 123 |
if (!isset($parsed_response['config_version']) || |
|
| 124 |
$parsed_response['config_version'] < $config['version']) {
|
|
| 125 |
update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
|
|
| 126 |
log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
|
|
| 127 |
return false; |
|
| 128 |
} else |
|
| 129 |
return true; |
|
| 131 | 130 |
} |
| 132 |
log_error($error); |
|
| 133 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 134 |
$numberofruns++; |
|
| 135 | 131 |
} |
| 132 |
log_error($error); |
|
| 133 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 134 |
$numberofruns++; |
|
| 135 |
} |
|
| 136 |
|
|
| 136 | 137 |
return false; |
| 137 | 138 |
} |
| 138 | 139 |
|
| ... | ... | |
| 278 | 279 |
|
| 279 | 280 |
if (empty($hasync['synchronizetoip'])) {
|
| 280 | 281 |
log_error("Config sync not being done because of missing sync IP (this is normal on secondary systems).");
|
| 282 |
exit; |
|
| 283 |
} |
|
| 284 |
|
|
| 285 |
/* |
|
| 286 |
* XXX: The way we're finding the port right now is really suboptimal - |
|
| 287 |
* we can't assume that the other machine is setup identically. |
|
| 288 |
*/ |
|
| 289 |
if (!empty($config['system']['webgui']['protocol'])) {
|
|
| 290 |
$synchronizetoip = $config['system']['webgui']['protocol']; |
|
| 291 |
$synchronizetoip .= "://"; |
|
| 292 |
} |
|
| 293 |
|
|
| 294 |
/* if port is empty lets rely on the protocol selection */ |
|
| 295 |
$port = $config['system']['webgui']['port']; |
|
| 296 |
if (empty($port)) {
|
|
| 297 |
if ($config['system']['webgui']['protocol'] == "http") |
|
| 298 |
$port = "80"; |
|
| 299 |
else |
|
| 300 |
$port = "443"; |
|
| 301 |
} |
|
| 302 |
|
|
| 303 |
if(is_ipaddrv6($hasync['synchronizetoip'])) |
|
| 304 |
$hasync['synchronizetoip'] = "[{$hasync['synchronizetoip']}]";
|
|
| 305 |
$synchronizetoip .= $hasync['synchronizetoip']; |
|
| 306 |
if ($hasync['synchronizerules'] != "") {
|
|
| 307 |
if (!is_array($config['filter'])) |
|
| 308 |
$config['filter'] = array(); |
|
| 309 |
$sections[] = 'filter'; |
|
| 310 |
} |
|
| 311 |
if ($hasync['synchronizenat'] != "") {
|
|
| 312 |
if (!is_array($config['nat'])) |
|
| 313 |
$config['nat'] = array(); |
|
| 314 |
$sections[] = 'nat'; |
|
| 315 |
} |
|
| 316 |
if ($hasync['synchronizealiases'] != "") {
|
|
| 317 |
if (!is_array($config['aliases'])) |
|
| 318 |
$config['aliases'] = array(); |
|
| 319 |
$sections[] = 'aliases'; |
|
| 320 |
} |
|
| 321 |
if ($hasync['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) |
|
| 322 |
$sections[] = 'dhcpd'; |
|
| 323 |
if ($hasync['synchronizewol'] != "") {
|
|
| 324 |
if (!is_array($config['wol'])) |
|
| 325 |
$config['wol'] = array(); |
|
| 326 |
$sections[] = 'wol'; |
|
| 327 |
} |
|
| 328 |
if ($hasync['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) |
|
| 329 |
$sections[] = 'shaper'; |
|
| 330 |
if ($hasync['synchronizetrafficshaperlimiter'] != "" and is_array($config['dnshaper'])) |
|
| 331 |
$sections[] = 'dnshaper'; |
|
| 332 |
if ($hasync['synchronizetrafficshaperlayer7'] != "" and is_array($config['l7shaper'])) |
|
| 333 |
$sections[] = 'l7shaper'; |
|
| 334 |
if ($hasync['synchronizestaticroutes'] != "") {
|
|
| 335 |
if (!is_array($config['staticroutes'])) |
|
| 336 |
$config['staticroutes'] = array(); |
|
| 337 |
if (!is_array($config['staticroutes']['route'])) |
|
| 338 |
$config['staticroutes']['route'] = array(); |
|
| 339 |
$sections[] = 'staticroutes'; |
|
| 340 |
if (!is_array($config['gateways'])) |
|
| 341 |
$config['gateways'] = array(); |
|
| 342 |
$sections[] = 'gateways'; |
|
| 343 |
} |
|
| 344 |
if ($hasync['synchronizevirtualip'] != "") {
|
|
| 345 |
if (!is_array($config['virtualip'])) |
|
| 346 |
$config['virtualip'] = array(); |
|
| 347 |
$sections[] = 'virtualip'; |
|
| 348 |
} |
|
| 349 |
if ($hasync['synchronizelb'] != "") {
|
|
| 350 |
if (!is_array($config['load_balancer'])) |
|
| 351 |
$config['load_balancer'] = array(); |
|
| 352 |
$sections[] = 'load_balancer'; |
|
| 353 |
} |
|
| 354 |
if ($hasync['synchronizeipsec'] != "") {
|
|
| 355 |
if (!is_array($config['ipsec'])) |
|
| 356 |
$config['ipsec'] = array(); |
|
| 357 |
$sections[] = 'ipsec'; |
|
| 358 |
} |
|
| 359 |
if ($hasync['synchronizeopenvpn'] != "") {
|
|
| 360 |
if (!is_array($config['openvpn'])) |
|
| 361 |
$config['openvpn'] = array(); |
|
| 362 |
$sections[] = 'openvpn'; |
|
| 363 |
} |
|
| 364 |
if ($hasync['synchronizecerts'] != "" || $hasync['synchronizeopenvpn'] != "") {
|
|
| 365 |
if (!is_array($config['cert'])) |
|
| 366 |
$config['cert'] = array(); |
|
| 367 |
$sections[] = 'cert'; |
|
| 368 |
|
|
| 369 |
if (!is_array($config['ca'])) |
|
| 370 |
$config['ca'] = array(); |
|
| 371 |
$sections[] = 'ca'; |
|
| 372 |
|
|
| 373 |
if (!is_array($config['crl'])) |
|
| 374 |
$config['crl'] = array(); |
|
| 375 |
$sections[] = 'crl'; |
|
| 376 |
} |
|
| 377 |
if ($hasync['synchronizeusers'] != "") {
|
|
| 378 |
$sections[] = 'user'; |
|
| 379 |
$sections[] = 'group'; |
|
| 380 |
} |
|
| 381 |
if ($hasync['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) |
|
| 382 |
$sections[] = 'dnsmasq'; |
|
| 383 |
if ($hasync['synchronizeschedules'] != "" || $hasync['synchronizerules'] != "") {
|
|
| 384 |
if (!is_array($config['schedules'])) |
|
| 385 |
$config['schedules'] = array(); |
|
| 386 |
$sections[] = 'schedules'; |
|
| 387 |
} |
|
| 388 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array($config['captiveportal'])) |
|
| 389 |
$sections[] = 'captiveportal'; |
|
| 390 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) |
|
| 391 |
$sections[] = 'vouchers'; |
|
| 392 |
|
|
| 393 |
if (count($sections) <= 0) {
|
|
| 394 |
log_error("Nothing has been configured to be synched. Skipping....");
|
|
| 395 |
exit; |
|
| 396 |
} |
|
| 397 |
|
|
| 398 |
if (empty($hasync['username'])) |
|
| 399 |
$username = "admin"; |
|
| 400 |
else |
|
| 401 |
$username = $hasync['username']; |
|
| 402 |
|
|
| 403 |
if (!carp_check_version($synchronizetoip, $username, $hasync['password'], $port)) |
|
| 404 |
exit; |
|
| 405 |
|
|
| 406 |
update_filter_reload_status("Signaling CARP reload signal...");
|
|
| 407 |
carp_sync_xml($synchronizetoip, $username, $hasync['password'], $sections, $port); |
|
| 408 |
$cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
|
|
| 409 |
$params = array( |
|
| 410 |
XML_RPC_encode($hasync['password']) |
|
| 411 |
); |
|
| 412 |
|
|
| 413 |
$msg = new XML_RPC_Message('pfsense.filter_configure', $params);
|
|
| 414 |
$cli->setCredentials($username, $hasync['password']); |
|
| 415 |
$resp = $cli->send($msg, "900"); |
|
| 416 |
|
|
| 417 |
if (!is_object($resp)) {
|
|
| 418 |
$error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}.";
|
|
| 419 |
log_error($error); |
|
| 420 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 421 |
} elseif($resp->faultCode()) {
|
|
| 422 |
$error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
|
| 423 |
log_error($error); |
|
| 424 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 281 | 425 |
} else {
|
| 282 |
/* |
|
| 283 |
* XXX: The way we're finding the port right now is really suboptimal - |
|
| 284 |
* we can't assume that the other machine is setup identically. |
|
| 285 |
*/ |
|
| 286 |
if (!empty($config['system']['webgui']['protocol'])) {
|
|
| 287 |
$synchronizetoip = $config['system']['webgui']['protocol']; |
|
| 288 |
$synchronizetoip .= "://"; |
|
| 289 |
} |
|
| 290 |
|
|
| 291 |
/* if port is empty lets rely on the protocol selection */ |
|
| 292 |
$port = $config['system']['webgui']['port']; |
|
| 293 |
if (empty($port)) {
|
|
| 294 |
if ($config['system']['webgui']['protocol'] == "http") |
|
| 295 |
$port = "80"; |
|
| 296 |
else |
|
| 297 |
$port = "443"; |
|
| 298 |
} |
|
| 299 |
|
|
| 300 |
if(is_ipaddrv6($hasync['synchronizetoip'])) |
|
| 301 |
$hasync['synchronizetoip'] = "[{$hasync['synchronizetoip']}]";
|
|
| 302 |
$synchronizetoip .= $hasync['synchronizetoip']; |
|
| 303 |
if ($hasync['synchronizerules'] != "") {
|
|
| 304 |
if (!is_array($config['filter'])) |
|
| 305 |
$config['filter'] = array(); |
|
| 306 |
$sections[] = 'filter'; |
|
| 307 |
} |
|
| 308 |
if ($hasync['synchronizenat'] != "") {
|
|
| 309 |
if (!is_array($config['nat'])) |
|
| 310 |
$config['nat'] = array(); |
|
| 311 |
$sections[] = 'nat'; |
|
| 312 |
} |
|
| 313 |
if ($hasync['synchronizealiases'] != "") {
|
|
| 314 |
if (!is_array($config['aliases'])) |
|
| 315 |
$config['aliases'] = array(); |
|
| 316 |
$sections[] = 'aliases'; |
|
| 317 |
} |
|
| 318 |
if ($hasync['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) |
|
| 319 |
$sections[] = 'dhcpd'; |
|
| 320 |
if ($hasync['synchronizewol'] != "") {
|
|
| 321 |
if (!is_array($config['wol'])) |
|
| 322 |
$config['wol'] = array(); |
|
| 323 |
$sections[] = 'wol'; |
|
| 324 |
} |
|
| 325 |
if ($hasync['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) {
|
|
| 326 |
$sections[] = 'shaper'; |
|
| 327 |
} |
|
| 328 |
if ($hasync['synchronizetrafficshaperlimiter'] != "" and is_array($config['dnshaper'])) {
|
|
| 329 |
$sections[] = 'dnshaper'; |
|
| 330 |
} |
|
| 331 |
if ($hasync['synchronizetrafficshaperlayer7'] != "" and is_array($config['l7shaper'])) {
|
|
| 332 |
$sections[] = 'l7shaper'; |
|
| 333 |
} |
|
| 334 |
if ($hasync['synchronizestaticroutes'] != "") {
|
|
| 335 |
if (!is_array($config['staticroutes'])) |
|
| 336 |
$config['staticroutes'] = array(); |
|
| 337 |
if (!is_array($config['staticroutes']['route'])) |
|
| 338 |
$config['staticroutes']['route'] = array(); |
|
| 339 |
$sections[] = 'staticroutes'; |
|
| 340 |
if (!is_array($config['gateways'])) |
|
| 341 |
$config['gateways'] = array(); |
|
| 342 |
$sections[] = 'gateways'; |
|
| 343 |
} |
|
| 344 |
if ($hasync['synchronizevirtualip'] != "") {
|
|
| 345 |
if (!is_array($config['virtualip'])) |
|
| 346 |
$config['virtualip'] = array(); |
|
| 347 |
$sections[] = 'virtualip'; |
|
| 348 |
} |
|
| 349 |
if ($hasync['synchronizelb'] != "") {
|
|
| 350 |
if (!is_array($config['load_balancer'])) |
|
| 351 |
$config['load_balancer'] = array(); |
|
| 352 |
$sections[] = 'load_balancer'; |
|
| 353 |
} |
|
| 354 |
if ($hasync['synchronizeipsec'] != "") {
|
|
| 355 |
if (!is_array($config['ipsec'])) |
|
| 356 |
$config['ipsec'] = array(); |
|
| 357 |
$sections[] = 'ipsec'; |
|
| 358 |
} |
|
| 359 |
if ($hasync['synchronizeopenvpn'] != "") {
|
|
| 360 |
if (!is_array($config['openvpn'])) |
|
| 361 |
$config['openvpn'] = array(); |
|
| 362 |
$sections[] = 'openvpn'; |
|
| 363 |
} |
|
| 364 |
if ($hasync['synchronizecerts'] != "" || $hasync['synchronizeopenvpn'] != "") {
|
|
| 365 |
if (!is_array($config['cert'])) |
|
| 366 |
$config['cert'] = array(); |
|
| 367 |
$sections[] = 'cert'; |
|
| 368 |
|
|
| 369 |
if (!is_array($config['ca'])) |
|
| 370 |
$config['ca'] = array(); |
|
| 371 |
$sections[] = 'ca'; |
|
| 372 |
|
|
| 373 |
if (!is_array($config['crl'])) |
|
| 374 |
$config['crl'] = array(); |
|
| 375 |
$sections[] = 'crl'; |
|
| 376 |
} |
|
| 377 |
if ($hasync['synchronizeusers'] != "") {
|
|
| 378 |
$sections[] = 'user'; |
|
| 379 |
$sections[] = 'group'; |
|
| 380 |
} |
|
| 381 |
if ($hasync['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) |
|
| 382 |
$sections[] = 'dnsmasq'; |
|
| 383 |
if ($hasync['synchronizeschedules'] != "") {
|
|
| 384 |
if (!is_array($config['schedules'])) |
|
| 385 |
$config['schedules'] = array(); |
|
| 386 |
$sections[] = 'schedules'; |
|
| 387 |
} |
|
| 388 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array($config['captiveportal'])) |
|
| 389 |
$sections[] = 'captiveportal'; |
|
| 390 |
if ($hasync['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) |
|
| 391 |
$sections[] = 'vouchers'; |
|
| 392 |
if (count($sections) > 0) {
|
|
| 393 |
if (empty($hasync['username'])) |
|
| 394 |
$username = "admin"; |
|
| 395 |
else |
|
| 396 |
$username = $hasync['username']; |
|
| 397 |
|
|
| 398 |
if (carp_check_version($synchronizetoip, $username, $hasync['password'], $port)) {
|
|
| 399 |
update_filter_reload_status("Signaling CARP reload signal...");
|
|
| 400 |
carp_sync_xml($synchronizetoip, $username, $hasync['password'], $sections, $port); |
|
| 401 |
$cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
|
|
| 402 |
$params = array( |
|
| 403 |
XML_RPC_encode($hasync['password']) |
|
| 404 |
); |
|
| 405 |
|
|
| 406 |
$msg = new XML_RPC_Message('pfsense.filter_configure', $params);
|
|
| 407 |
$cli->setCredentials($username, $hasync['password']); |
|
| 408 |
$resp = $cli->send($msg, "900"); |
|
| 409 |
|
|
| 410 |
if(!is_object($resp)) {
|
|
| 411 |
$error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}.";
|
|
| 412 |
log_error($error); |
|
| 413 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 414 |
} elseif($resp->faultCode()) {
|
|
| 415 |
$error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
|
|
| 416 |
log_error($error); |
|
| 417 |
file_notice("sync_settings", $error, "Settings Sync", "");
|
|
| 418 |
} else {
|
|
| 419 |
log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}.");
|
|
| 420 |
$numberofruns = 3; |
|
| 421 |
} |
|
| 422 |
} |
|
| 423 |
} |
|
| 424 |
} |
|
| 426 |
log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}.");
|
|
| 427 |
$numberofruns = 3; |
|
| 428 |
} |
|
| 425 | 429 |
} |
| 426 | 430 |
|
| 427 | 431 |
?> |
Also available in: Unified diff
Make this code readble