Revision 79f7bc7f
Added by Renato Botelho over 7 years ago
| src/etc/inc/auth.inc | ||
|---|---|---|
| 417 | 417 |
return false; |
| 418 | 418 |
} |
| 419 | 419 |
|
| 420 |
function local_sync_accounts() {
|
|
| 420 |
function local_sync_accounts($u2add, $u2del, $g2add, $g2del) {
|
|
| 421 |
global $config, $debug; |
|
| 422 |
|
|
| 423 |
if (empty($u2add) && empty($u2del) && empty($g2add) && empty($g2del)) {
|
|
| 424 |
/* Nothing to be done here */ |
|
| 425 |
return; |
|
| 426 |
} |
|
| 427 |
|
|
| 428 |
foreach($u2del as $user) {
|
|
| 429 |
if ($user['uid'] < 2000 || $user['uid'] > 65000) {
|
|
| 430 |
continue; |
|
| 431 |
} |
|
| 432 |
|
|
| 433 |
/* |
|
| 434 |
* If a crontab was created to user, pw userdel will be |
|
| 435 |
* interactive and can cause issues. Just remove crontab |
|
| 436 |
* before run it when necessary |
|
| 437 |
*/ |
|
| 438 |
unlink_if_exists("/var/cron/tabs/{$user['name']}");
|
|
| 439 |
$cmd = "/usr/sbin/pw userdel -n " . |
|
| 440 |
escapeshellarg($user['name']); |
|
| 441 |
if ($debug) {
|
|
| 442 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
|
| 443 |
} |
|
| 444 |
mwexec($cmd); |
|
| 445 |
local_group_del_user($user); |
|
| 446 |
|
|
| 447 |
$system_user = $config['system']['user']; |
|
| 448 |
for ($i = 0; $i < count($system_user); $i++) {
|
|
| 449 |
if ($system_user[$i]['name'] == $user['name']) {
|
|
| 450 |
unset($config['system']['user'][$i]); |
|
| 451 |
break; |
|
| 452 |
} |
|
| 453 |
} |
|
| 454 |
} |
|
| 455 |
|
|
| 456 |
foreach($g2del as $group) {
|
|
| 457 |
if ($group['gid'] < 1999 || $group['gid'] > 65000) {
|
|
| 458 |
continue; |
|
| 459 |
} |
|
| 460 |
|
|
| 461 |
$cmd = "/usr/sbin/pw groupdel -g " . |
|
| 462 |
escapeshellarg($group['name']); |
|
| 463 |
if ($debug) {
|
|
| 464 |
log_error(sprintf(gettext("Running: %s"), $cmd));
|
|
| 465 |
} |
|
| 466 |
mwexec($cmd); |
|
| 467 |
|
|
| 468 |
$system_group = $config['system']['group']; |
|
| 469 |
for ($i = 0; $i < count($system_group); $i++) {
|
|
| 470 |
if ($system_group[$i]['name'] == $group['name']) {
|
|
| 471 |
unset($config['system']['group'][$i]); |
|
| 472 |
break; |
|
| 473 |
} |
|
| 474 |
} |
|
| 475 |
} |
|
| 476 |
|
|
| 477 |
foreach ($u2add as $user) {
|
|
| 478 |
$config['system']['user'][] = $user; |
|
| 479 |
} |
|
| 480 |
|
|
| 481 |
foreach ($g2add as $group) {
|
|
| 482 |
$config['system']['group'][] = $group; |
|
| 483 |
} |
|
| 484 |
|
|
| 485 |
write_config("Sync'd users and groups via XMLRPC");
|
|
| 486 |
|
|
| 487 |
/* make sure the all group exists */ |
|
| 488 |
$allgrp = getGroupEntryByGID(1998); |
|
| 489 |
local_group_set($allgrp, true); |
|
| 490 |
|
|
| 491 |
foreach ($u2add as $user) {
|
|
| 492 |
local_user_set($user); |
|
| 493 |
} |
|
| 494 |
|
|
| 495 |
foreach ($g2add as $group) {
|
|
| 496 |
local_group_set($group); |
|
| 497 |
} |
|
| 498 |
} |
|
| 499 |
|
|
| 500 |
function local_reset_accounts() {
|
|
| 421 | 501 |
global $debug, $config; |
| 422 | 502 |
|
| 423 | 503 |
/* remove local users to avoid uid conflicts */ |
| ... | ... | |
| 491 | 571 |
local_group_set($group); |
| 492 | 572 |
} |
| 493 | 573 |
} |
| 494 |
|
|
| 495 |
|
|
| 496 | 574 |
} |
| 497 | 575 |
|
| 498 | 576 |
function local_user_set(& $user) {
|
| src/etc/inc/upgrade_config.inc | ||
|---|---|---|
| 1481 | 1481 |
} |
| 1482 | 1482 |
|
| 1483 | 1483 |
/* sync all local account information */ |
| 1484 |
local_sync_accounts();
|
|
| 1484 |
local_reset_accounts();
|
|
| 1485 | 1485 |
} |
| 1486 | 1486 |
|
| 1487 | 1487 |
|
| ... | ... | |
| 3410 | 3410 |
} |
| 3411 | 3411 |
|
| 3412 | 3412 |
/* sync all local account information */ |
| 3413 |
local_sync_accounts();
|
|
| 3413 |
local_reset_accounts();
|
|
| 3414 | 3414 |
} |
| 3415 | 3415 |
|
| 3416 | 3416 |
function upgrade_104_to_105() {
|
| ... | ... | |
| 4717 | 4717 |
// if there was a space in a group name, there may be multiple |
| 4718 | 4718 |
// groups with the same name in the group file. To prevent pw |
| 4719 | 4719 |
// from getting into a neverending loop, delete all user-defined |
| 4720 |
// groups here. local_sync_accounts will run shortly after this
|
|
| 4720 |
// groups here. local_reset_accounts will run shortly after this
|
|
| 4721 | 4721 |
// and add them back. redmine #6012 |
| 4722 | 4722 |
if ($cleargroups) {
|
| 4723 | 4723 |
foreach ($config['system']['group'] as $grp) {
|
| src/etc/rc.bootup | ||
|---|---|---|
| 260 | 260 |
echo "done.\n"; |
| 261 | 261 |
|
| 262 | 262 |
echo "Synchronizing user settings..."; |
| 263 |
local_sync_accounts();
|
|
| 263 |
local_reset_accounts();
|
|
| 264 | 264 |
echo "done.\n"; |
| 265 | 265 |
|
| 266 | 266 |
if ($realmem > 0 and $realmem < 65) {
|
| src/etc/rc.filter_synchronize | ||
|---|---|---|
| 215 | 215 |
} |
| 216 | 216 |
|
| 217 | 217 |
$rpc_client = new pfsense_xmlrpc_client(); |
| 218 |
$resp = $rpc_client->xmlrpc_method('restore_config_section', $xml);
|
|
| 218 |
$resp = $rpc_client->xmlrpc_method('restore_config_section', $xml, 900);
|
|
| 219 | 219 |
if ($resp != null) {
|
| 220 | 220 |
$url = $rpc_client->getUrl(); |
| 221 | 221 |
update_filter_reload_status("XMLRPC sync successfully completed with {$url}.");
|
| ... | ... | |
| 364 | 364 |
if (!carp_sync_xml($sections)) {
|
| 365 | 365 |
return; |
| 366 | 366 |
} |
| 367 |
|
|
| 368 |
$rpc_client = new pfsense_xmlrpc_client(); |
|
| 369 |
$resp = $rpc_client->xmlrpc_method('filter_configure', "", 900);
|
|
| 370 |
|
|
| 371 | 367 |
} |
| src/usr/local/www/xmlrpc.php | ||
|---|---|---|
| 227 | 227 |
$syncd_full_sections[] = $section; |
| 228 | 228 |
} |
| 229 | 229 |
|
| 230 |
$g2add = array(); |
|
| 231 |
$g2del = array(); |
|
| 232 |
$g2del_idx = array(); |
|
| 233 |
$g2keep = array(); |
|
| 234 |
if (is_array($sections['system']['group'])) {
|
|
| 235 |
$local_groups = isset($config['system']['group']) |
|
| 236 |
? $config['system']['group'] |
|
| 237 |
: array(); |
|
| 238 |
|
|
| 239 |
foreach ($sections['system']['group'] as $group) {
|
|
| 240 |
$idx = array_search($group['name'], |
|
| 241 |
array_column($local_groups, 'name')); |
|
| 242 |
|
|
| 243 |
if ($idx === false) {
|
|
| 244 |
$g2add[] = $group; |
|
| 245 |
} else if ($group['gid'] < 1999) {
|
|
| 246 |
$g2keep[] = $idx; |
|
| 247 |
} else if ($group != $local_groups[$idx]) {
|
|
| 248 |
$g2add[] = $group; |
|
| 249 |
$g2del[] = $group; |
|
| 250 |
$g2del_idx[] = $idx; |
|
| 251 |
} else {
|
|
| 252 |
$g2keep[] = $idx; |
|
| 253 |
} |
|
| 254 |
} |
|
| 255 |
} |
|
| 256 |
if (is_array($config['system']['group'])) {
|
|
| 257 |
foreach ($config['system']['group'] as $idx => $group) {
|
|
| 258 |
if (array_search($idx, $g2keep) === false && |
|
| 259 |
array_search($idx, $g2del_idx) === false) {
|
|
| 260 |
$g2del[] = $group; |
|
| 261 |
$g2del_idx[] = $idx; |
|
| 262 |
} |
|
| 263 |
} |
|
| 264 |
} |
|
| 265 |
unset($sections['system']['group'], $g2keep, $g2del_idx); |
|
| 266 |
|
|
| 267 |
$u2add = array(); |
|
| 268 |
$u2del = array(); |
|
| 269 |
$u2del_idx = array(); |
|
| 270 |
$u2keep = array(); |
|
| 271 |
if (is_array($sections['system']['user'])) {
|
|
| 272 |
$local_users = isset($config['system']['user']) |
|
| 273 |
? $config['system']['user'] |
|
| 274 |
: array(); |
|
| 275 |
|
|
| 276 |
foreach ($sections['system']['user'] as $user) {
|
|
| 277 |
$idx = array_search($user['name'], |
|
| 278 |
array_column($local_users, 'name')); |
|
| 279 |
|
|
| 280 |
if ($idx === false) {
|
|
| 281 |
$u2add[] = $user; |
|
| 282 |
} else if ($user['uid'] < 2000) {
|
|
| 283 |
$u2keep[] = $idx; |
|
| 284 |
} else if ($user != $local_users[$idx]) {
|
|
| 285 |
$u2add[] = $user; |
|
| 286 |
$u2del[] = $user; |
|
| 287 |
$u2del_idx[] = $idx; |
|
| 288 |
} else {
|
|
| 289 |
$u2keep[] = $idx; |
|
| 290 |
} |
|
| 291 |
} |
|
| 292 |
} |
|
| 293 |
if (is_array($config['system']['user'])) {
|
|
| 294 |
foreach ($config['system']['user'] as $idx => $user) {
|
|
| 295 |
if (array_search($idx, $u2keep) === false && |
|
| 296 |
array_search($idx, $u2del_idx) === false) {
|
|
| 297 |
$u2del[] = $user; |
|
| 298 |
$u2del_idx[] = $idx; |
|
| 299 |
} |
|
| 300 |
} |
|
| 301 |
} |
|
| 302 |
unset($sections['system']['user'], $u2keep, $u2del_idx); |
|
| 303 |
|
|
| 230 | 304 |
$vipbackup = array(); |
| 231 | 305 |
$oldvips = array(); |
| 232 | 306 |
if (isset($sections['virtualip']) && |
| ... | ... | |
| 391 | 465 |
|
| 392 | 466 |
unset($old_config); |
| 393 | 467 |
|
| 468 |
local_sync_accounts($u2add, $u2del, $g2add, $g2del); |
|
| 469 |
filter_configure(false); |
|
| 470 |
|
|
| 394 | 471 |
return true; |
| 395 | 472 |
} |
| 396 | 473 |
|
| ... | ... | |
| 453 | 530 |
* |
| 454 | 531 |
* @return bool |
| 455 | 532 |
*/ |
| 456 |
public function filter_configure() {
|
|
| 533 |
public function filter_configure($reset_accounts = true) {
|
|
| 457 | 534 |
$this->auth(); |
| 458 | 535 |
|
| 459 | 536 |
global $g, $config; |
| ... | ... | |
| 499 | 576 |
*/ |
| 500 | 577 |
services_dhcpd_configure(); |
| 501 | 578 |
|
| 502 |
local_sync_accounts(); |
|
| 579 |
if ($reset_accounts) {
|
|
| 580 |
local_reset_accounts(); |
|
| 581 |
} |
|
| 503 | 582 |
|
| 504 | 583 |
return true; |
| 505 | 584 |
} |
Also available in: Unified diff
Fix #7469
only being used /etc/rc.bootup
groups to be added and/or deleted
rc.filter_synchronize since it's now called internally from
restore_config_section.
from user/group sections. Instead check for new/modified/deleted
items and create necessary arrays to be passed to local_syng_accounts
call a full reset of users/groups using local_reset_accounts()