/src/usr/local/www/xmlrpc.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/xmlrpc.php @ d35a18fc

-d49018
+<?php
 /*
-            c5d81585
+ * xmlrpc.php
-cb31d
+            Stephen Beaver
-            c5d81585
+ * part of pfSense (https://www.pfsense.org)
-d47
+ * Copyright (c) 2004-2013 BSD Perimeter
  * Copyright (c) 2013-2016 Electric Sheep Fencing
-f2f85c3
+ * Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
-            c5d81585
+ * Copyright (c) 2005 Colin Smith
  * All rights reserved.
-cb31d
+            Stephen Beaver
-            b12ea3fb
+ * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
-cb31d
+            Stephen Beaver
-            b12ea3fb
+ * http://www.apache.org/licenses/LICENSE-2.0
-cb31d
+            Stephen Beaver
-            b12ea3fb
+ * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
-cb31d
+ */
-d49018
+            Colin Smith
-b07c15a
+##|+PRIV
 ##|*IDENT=page-xmlrpclibrary
-f468
+##|*NAME=XMLRPC Library
-b07c15a
+##|*DESCR=Allow access to the 'XMLRPC Library' page.
 ##|*MATCH=xmlrpc.php*
 ##|-PRIV
-            c81ef6e2
+require_once("config.inc");
 require_once("functions.inc");
-            f81e7cc4
+require_once("auth.inc");
-            f6339216
+require_once("filter.inc");
-            c81ef6e2
+require_once("ipsec.inc");
 require_once("vpn.inc");
-fcdccc
+require_once("openvpn.inc");
-cab6335
+require_once("captiveportal.inc");
-            c81ef6e2
+require_once("shaper.inc");
-            f81e7cc4
+require_once("XML/RPC2/Server.php");
-d49018
+            Colin Smith
-            f81e7cc4
+class pfsense_xmlrpc_server {
-            c87f4b70
+            Ermal
-            f81e7cc4
+	private $loop_detected = false;
 	private $remote_addr;
-            c87f4b70
+            Ermal
-            dc5f639f
+	private function auth() {
-            c472f9a1
+		global $config, $userindex;
 		$userindex = index_users();
-            dc5f639f
+		$username = $_SERVER['PHP_AUTH_USER'];
 		$password = $_SERVER['PHP_AUTH_PW'];
-da3de34
+            Colin Smith
-            fb1234ab
+		$login_ok = false;
-            f81e7cc4
+		if (!empty($username) && !empty($password)) {
 			$attributes = array();
 			$authcfg = auth_get_authserver(
 			    $config['system']['webgui']['authmode']);
-            c3638879
+            Scott Ullrich
-            f81e7cc4
+			if (authenticate_user($username, $password,
 			    $authcfg, $attributes) ||
 			    authenticate_user($username, $password)) {
-            fb1234ab
+				$login_ok = true;
-            f81e7cc4
+            Renato Botelho
+		}
-dd2a278
+            Scott Ullrich
-            fb1234ab
+		if (!$login_ok) {
-e0d4751
+			log_auth(sprintf(gettext("webConfigurator authentication error for user '%1\$s' from: %2\$s"),
 			    $username,
 			    $this->remote_addr));
-f46d8
+            Ermal
-            fb1234ab
+			require_once("XML/RPC2/Exception.php");
 			throw new XML_RPC2_FaultException(gettext(
 			    'Authentication failed: Invalid username or password'),
 			    -1);
+		}
 		$user_entry = getUserEntry($username);
 		/*
 		 * admin (uid = 0) is allowed
 		 * or regular user with necessary privilege
 		 */
 		if (isset($user_entry['uid']) && $user_entry['uid'] != '0' &&
 		    !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) {
 			log_auth("webConfigurator authentication error for '" .
 			    $username . "' from " . $this->remote_addr .
 			    " not enough privileges");
 			require_once("XML/RPC2/Exception.php");
 			throw new XML_RPC2_FaultException(gettext(
 			    'Authentication failed: not enough privileges'),
 			    -2);
+		}
 		return;
-dd2a278
+            Scott Ullrich
-            f81e7cc4
+            Renato Botelho
 	private function array_overlay($a1, $a2) {
 		foreach ($a1 as $k => $v) {
 			if (!array_key_exists($k, $a2)) {
 				continue;
+			}
 			if (is_array($v) && is_array($a2[$k])) {
 				$a1[$k] = $this->array_overlay($v, $a2[$k]);
 			} else {
 				$a1[$k] = $a2[$k];
+			}
+		}
 		return $a1;
-f215d
+            Phil Davis
-            c3638879
+            Scott Ullrich
-            f81e7cc4
+	public function __construct() {
 		global $config;
-            c3638879
+            Scott Ullrich
-            f82f991c
+		$this->remote_addr = $_SERVER['REMOTE_ADDR'];
-f46d8
+            Ermal
-            f81e7cc4
+		/* grab sync to ip if enabled */
 		if (isset($config['hasync']['synchronizetoip']) &&
-d44b2cb
+		    $config['hasync']['synchronizetoip'] == $this->remote_addr) {
-            f81e7cc4
+			$this->loop_detected = true;
+		}
-dd2a278
+            Scott Ullrich
-f46d8
+            Ermal
-            f81e7cc4
+	/**
 	 * Get host version information
+	 *
 	 * @return array
 	 */
-            de3f6463
+	public function host_firmware_version($dummy, $timeout) {
-f26f187
+		ini_set('default_socket_timeout', $timeout);
-            dc5f639f
+		$this->auth();
-            f81e7cc4
+		return host_firmware_version();
+	}
-dc3a7d
+            Colin Smith
-            f81e7cc4
+	/**
 	 * Executes a PHP block of code
+	 *
 	 * @param string $code
+	 *
 	 * @return bool
 	 */
-            dc5f639f
+	public function exec_php($code) {
 		$this->auth();
-f46d8
+            Ermal
-            f81e7cc4
+		eval($code);
 		if ($toreturn) {
 			return $toreturn;
+		}
-            c87f4b70
+            Ermal
-            f81e7cc4
+		return true;
-dd2a278
+            Scott Ullrich
-f46d8
+            Ermal
-            f81e7cc4
+	/**
 	 * Executes shell commands
+	 *
 	 * @param string $code
+	 *
 	 * @return bool
 	 */
-            dc5f639f
+	public function exec_shell($code) {
 		$this->auth();
-d49018
+            Colin Smith
-            f81e7cc4
+		mwexec($code);
 		return true;
+	}
-dc3a7d
+            Colin Smith
-            f81e7cc4
+	/**
 	 * Backup chosen config sections
+	 *
 	 * @param array $section
+	 *
 	 * @return array
 	 */
-            dc5f639f
+	public function backup_config_section($section) {
 		$this->auth();
-f46d8
+            Ermal
-            f81e7cc4
+		global $config;
-            d026178f
+            Renato Botelho
-            f81e7cc4
+		return array_intersect_key($config, array_flip($section));
-            fb0eb20b
+            Ermal
-            c87f4b70
+            Ermal
-            f81e7cc4
+	/**
 	 * Restore defined config section into local config
+	 *
 	 * @param array $sections
+	 *
 	 * @return bool
 	 */
-f26f187
+	public function restore_config_section($sections, $timeout) {
 		ini_set('default_socket_timeout', $timeout);
-            dc5f639f
+		$this->auth();
-            f81e7cc4
+            Renato Botelho
-fcdccc
+		global $config, $cpzone, $cpzoneid, $old_config;
-b99e1e5
+            jim-p
-            f81e7cc4
+		$old_config = $config;
 		if ($this->loop_detected) {
 			log_error("Disallowing CARP sync loop");
 			return true;
+		}
 		/*
 		 * Some sections should just be copied and not merged or we end
 		 * up unable to sync the deletion of the last item in a section
 		 */
 		$sync_full_sections = array(
 			'aliases',
 			'ca',
 			'cert',
 			'crl',
 			'dhcpd',
-caa
+			'dhcrelay',
 			'dhcrelay6',
-            c9a96f16
+			'dnshaper',
-            f81e7cc4
+			'dnsmasq',
 			'filter',
 			'ipsec',
 			'nat',
 			'openvpn',
 			'schedules',
-            c9a96f16
+			'shaper',
-            f81e7cc4
+			'unbound',
 			'wol',
 		);
 		$syncd_full_sections = array();
 		foreach ($sync_full_sections as $section) {
 			if (!isset($sections[$section])) {
 				continue;
+			}
 			$config[$section] = $sections[$section];
 			unset($sections[$section]);
 			$syncd_full_sections[] = $section;
-b99e1e5
+            jim-p
-b0a43
+		/* If captive portal sync is enabled on primary node, remove local CP on the secondary */
 		if (is_array($config['captiveportal']) && is_array($sections['captiveportal'])) {
-cab6335
+			foreach ($config['captiveportal'] as $zone => $item) {
-b0a43
+				if (!isset($sections['captiveportal'][$zone])) {
 					$cpzone = $zone;
 					unset($config['captiveportal'][$cpzone]['enable']);
 					captiveportal_configure_zone($config['captiveportal'][$cpzone]);
 					unset($config['captiveportal'][$cpzone]);
 					if (isset($config['voucher'][$cpzone])) {
 						unset($config['voucher'][$cpzone]);
+					}
-            c31f4e95
+					unlink_if_exists("/var/db/captiveportal{$cpzone}.db");
 					unlink_if_exists("/var/db/captiveportal_usedmacs_{$cpzone}.db");
 					unlink_if_exists("/var/db/voucher_{$cpzone}_*.db");
-cab6335
+            Renato Botelho
+			}
+		}
-            d3cc158c
+		/* Only touch users if users are set to synchronize from the primary node
 		 * See https://redmine.pfsense.org/issues/8450
 		 */
 		if ($sections['system']['user'] && $sections['system']['group']) {
 			$g2add = array();
 			$g2del = array();
 			$g2del_idx = array();
 			$g2keep = array();
 			if (is_array($sections['system']['group'])) {
 				$local_groups = isset($config['system']['group'])
 				    ? $config['system']['group']
 				    : array();
 				foreach ($sections['system']['group'] as $group) {
 					$idx = array_search($group['name'],
 					    array_column($local_groups, 'name'));
 					if ($idx === false) {
 						$g2add[] = $group;
 					} else if ($group['gid'] < 1999) {
 						$g2keep[] = $idx;
 					} else if ($group != $local_groups[$idx]) {
 						$g2add[] = $group;
 						$g2del[] = $group;
 						$g2del_idx[] = $idx;
 					} else {
 						$g2keep[] = $idx;
+					}
-f7bc7f
+            Renato Botelho
+			}
-            d3cc158c
+			if (is_array($config['system']['group'])) {
 				foreach ($config['system']['group'] as $idx => $group) {
 					if (array_search($idx, $g2keep) === false &&
 					    array_search($idx, $g2del_idx) === false) {
 						$g2del[] = $group;
 						$g2del_idx[] = $idx;
+					}
-f7bc7f
+            Renato Botelho
+			}
-            d3cc158c
+			unset($sections['system']['group'], $g2keep, $g2del_idx);
 			$u2add = array();
 			$u2del = array();
 			$u2del_idx = array();
 			$u2keep = array();
 			if (is_array($sections['system']['user'])) {
 				$local_users = isset($config['system']['user'])
 				    ? $config['system']['user']
 				    : array();
 				foreach ($sections['system']['user'] as $user) {
 					$idx = array_search($user['name'],
 					    array_column($local_users, 'name'));
 					if ($idx === false) {
 						$u2add[] = $user;
-            f9ed5d57
+					} else if (($user['uid'] < 2000) && ($sections['hasync']['adminsync'] != 'on')) {
-            d3cc158c
+						$u2keep[] = $idx;
 					} else if ($user != $local_users[$idx]) {
 						$u2add[] = $user;
 						$u2del[] = $user;
 						$u2del_idx[] = $idx;
 					} else {
 						$u2keep[] = $idx;
+					}
-f7bc7f
+            Renato Botelho
+			}
-            d3cc158c
+			if (is_array($config['system']['user'])) {
 				foreach ($config['system']['user'] as $idx => $user) {
 					if (array_search($idx, $u2keep) === false &&
 					    array_search($idx, $u2del_idx) === false) {
 						$u2del[] = $user;
 						$u2del_idx[] = $idx;
+					}
-f7bc7f
+            Renato Botelho
+			}
-            d3cc158c
+			unset($sections['system']['user'], $u2keep, $u2del_idx);
-f7bc7f
+            Renato Botelho
-            b8963db6
+		$voucher = array();
 		if (is_array($sections['voucher'])) {
 			/* Save voucher rolls to process after merge */
 			$voucher = $sections['voucher'];
 			foreach($sections['voucher'] as $zone => $item) {
 				unset($sections['voucher'][$zone]['roll']);
-ef0830
+				// Note : This code can be safely deleted once #97 fix has been applied and deployed to pfSense stable release.
 				// Please do not delete this code before
-            b8963db6
+				if (isset($config['voucher'][$zone]['vouchersyncdbip'])) {
 					$sections['voucher'][$zone]['vouchersyncdbip'] =
 					    $config['voucher'][$zone]['vouchersyncdbip'];
 				} else {
 					unset($sections['voucher'][$zone]['vouchersyncdbip']);
+				}
 				if (isset($config['voucher'][$zone]['vouchersyncusername'])) {
 					$sections['voucher'][$zone]['vouchersyncusername'] =
 					    $config['voucher'][$zone]['vouchersyncusername'];
 				} else {
 					unset($sections['voucher'][$zone]['vouchersyncusername']);
+				}
 				if (isset($config['voucher'][$zone]['vouchersyncpass'])) {
 					$sections['voucher'][$zone]['vouchersyncpass'] =
 					    $config['voucher'][$zone]['vouchersyncpass'];
 				} else {
 					unset($sections['voucher'][$zone]['vouchersyncpass']);
+				}
-ef0830
+				// End note.
-            b8963db6
+            Renato Botelho
+		}
-ef0830
+		if (is_array($sections['captiveportal'])) {
 			// Captiveportal : Backward HA settings should remain local.
 			foreach ($sections['captiveportal'] as $zone => $cp) {
 				if (isset($config['captiveportal'][$zone]['enablebackwardsync'])) {
 					$sections['captiveportal'][$zone]['enablebackwardsync'] = $config['captiveportal'][$zone]['enablebackwardsync'];
 				} else {
 					unset($sections['captiveportal'][$zone]['enablebackwardsync']);
+				}
 				if (isset($config['captiveportal'][$zone]['backwardsyncip'])) {
 					$sections['captiveportal'][$zone]['backwardsyncip'] = $config['captiveportal'][$zone]['backwardsyncip'];
 				} else {
 					unset($sections['captiveportal'][$zone]['backwardsyncip']);
+				}
 				if (isset($config['captiveportal'][$zone]['backwardsyncuser'])) {
 					$sections['captiveportal'][$zone]['backwardsyncuser'] = $config['captiveportal'][$zone]['backwardsyncuser'];
 				} else {
 					unset($sections['captiveportal'][$zone]['backwardsyncuser']);
+				}
 				if (isset($config['captiveportal'][$zone]['backwardsyncpassword'])) {
 					$sections['captiveportal'][$zone]['backwardsyncpassword'] = $config['captiveportal'][$zone]['backwardsyncpassword'];
 				} else {
 					unset($sections['captiveportal'][$zone]['vouchersyncpass']);
+				}
-            b8963db6
+            Renato Botelho
-ef0830
+			$config['captiveportal'] = $sections['captiveportal'];
 			unset($sections['captiveportal']);
-            b8963db6
+            Renato Botelho
-            f81e7cc4
+		$vipbackup = array();
 		$oldvips = array();
 		if (isset($sections['virtualip']) &&
 		    is_array($config['virtualip']['vip'])) {
 			foreach ($config['virtualip']['vip'] as $vip) {
-            c14781e3
+				if ($vip['mode'] == "carp") {
-            f81e7cc4
+					$key = $vip['interface'] .
 					    "_vip" . $vip['vhid'];
 					$oldvips[$key]['content'] =
 					    $vip['password'] .
 					    $vip['advskew'] .
 					    $vip['subnet'] .
 					    $vip['subnet_bits'] .
 					    $vip['advbase'];
 					$oldvips[$key]['interface'] =
 					    $vip['interface'];
 					$oldvips[$key]['subnet'] =
 					    $vip['subnet'];
 				} else if ($vip['mode'] == "ipalias" &&
 				    (substr($vip['interface'], 0, 4) == '_vip'
 				    || strstr($vip['interface'], "lo0"))) {
 					$oldvips[$vip['subnet']]['content'] =
 					    $vip['interface'] .
 					    $vip['subnet'] .
 					    $vip['subnet_bits'];
 					$oldvips[$vip['subnet']]['interface'] =
 					    $vip['interface'];
 					$oldvips[$vip['subnet']]['subnet'] =
 					    $vip['subnet'];
 				} else if (($vip['mode'] == "ipalias" ||
 				    $vip['mode'] == 'proxyarp') &&
 				    !(substr($vip['interface'], 0, 4) == '_vip')
 				    || strstr($vip['interface'], "lo0")) {
-            51611440
+					$vipbackup[] = $vip;
-            c14781e3
+            Renato Botelho
-            51611440
+            Ermal
-b5c3e7
+            Ermal
-            f51d4f98
+            Ermal
-            f81e7cc4
+		/* For vip section, first keep items sent from the master */
 		$config = array_merge_recursive_unique($config, $sections);
-            51611440
+            Ermal
-cab6335
+            Renato Botelho
-            b8963db6
+		/* Remove locally items removed remote */
 		foreach ($voucher as $zone => $item) {
 			/* No rolls on master, delete local ones */
 			if (!is_array($item['roll'])) {
 				unset($config['voucher'][$zone]['roll']);
+			}
+		}
 		$l_rolls = array();
 		if (is_array($config['voucher'])) {
 			foreach ($config['voucher'] as $zone => $item) {
 				if (!is_array($item['roll'])) {
 					continue;
+				}
 				foreach ($item['roll'] as $idx => $roll) {
 					/* Make it easy to find roll by # */
 					$l_rolls[$zone][$roll['number']] = $idx;
+				}
+			}
+		}
 		/*
 		 * Process vouchers sent by primary node and:
 		 * - Add new items
 		 * - Update existing items based on 'lastsync' field
 		 */
 		foreach ($voucher as $zone => $item) {
 			if (!is_array($item['roll'])) {
 				continue;
+			}
-            d35a18fc
+			foreach ($item['roll'] as $roll) {
-            b8963db6
+				if (!isset($l_rolls[$zone][$roll['number']])) {
 					$config['voucher'][$zone]['roll'][] =
 					    $roll;
 					continue;
+				}
 				$l_roll_idx = $l_rolls[$zone][$roll['number']];
-            c6c398c6
+				init_config_arr(array('voucher', $zone));
-            b8963db6
+				$l_vouchers = &$config['voucher'][$zone];
 				$l_roll = $l_vouchers['roll'][$l_roll_idx];
 				if (!isset($l_roll['lastsync'])) {
 					$l_roll['lastsync'] = 0;
+				}
 				if (isset($roll['lastsync']) &&
 				    $roll['lastsync'] != $l_roll['lastsync']) {
 					$l_vouchers['roll'][$l_roll_idx] =
 					    $roll;
 					unset($l_rolls[$zone][$roll['number']]);
+				}
+			}
+		}
 		/*
 		 * At this point $l_rolls contains only items that are not
 		 * present on primary node. They must be removed
 		 */
 		foreach ($l_rolls as $zone => $item) {
-            d35a18fc
+			foreach ($item as $idx) {
-            b8963db6
+				unset($config['voucher'][$zone][$idx]);
+			}
+		}
-            f81e7cc4
+		/*
 		 * Then add ipalias and proxyarp types already defined
 		 * on the backup
 		 */
 		if (is_array($vipbackup) && !empty($vipbackup)) {
 			if (!is_array($config['virtualip'])) {
 				$config['virtualip'] = array();
+			}
 			if (!is_array($config['virtualip']['vip'])) {
 				$config['virtualip']['vip'] = array();
+			}
 			foreach ($vipbackup as $vip) {
 				array_unshift($config['virtualip']['vip'], $vip);
+			}
-f215d
+            Phil Davis
-            51611440
+            Ermal
-            f81e7cc4
+		/* Log what happened */
-cb29dac
+		$mergedkeys = implode(", ", array_merge(array_keys($sections),
-            f81e7cc4
+		    $syncd_full_sections));
 		write_config(sprintf(gettext(
 		    "Merged in config (%s sections) from XMLRPC client."),
 		    $mergedkeys));
 		/*
 		 * The real work on handling the vips specially
-b0b50b
+		 * This is a copy of interfaces_vips_configure with addition of
-            f81e7cc4
+		 * not reloading existing/not changed carps
 		 */
-fcdccc
+		$force_filterconfigure = false;
-            f81e7cc4
+		if (isset($sections['virtualip']) &&
 		    is_array($config['virtualip']) &&
 		    is_array($config['virtualip']['vip'])) {
 			$carp_setuped = false;
 			$anyproxyarp = false;
 			foreach ($config['virtualip']['vip'] as $vip) {
 				$key = "{$vip['interface']}_vip{$vip['vhid']}";
 				if ($vip['mode'] == "carp" &&
 				    isset($oldvips[$key])) {
 					if ($oldvips[$key]['content'] ==
 					    $vip['password'] .
 					    $vip['advskew'] .
 					    $vip['subnet'] .
 					    $vip['subnet_bits'] .
 					    $vip['advbase'] &&
 					    does_vip_exist($vip)) {
 						unset($oldvips[$key]);
 						/*
 						 * Skip reconfiguring this vips
 						 * since nothing has changed.
 						 */
 						continue;
-ed1624
+            Ermal
-fda51cd
+            jim-p
-            f81e7cc4
+				} elseif ($vip['mode'] == "ipalias" &&
-fda51cd
+				    (substr($vip['interface'], 0, 4) == '_vip'
 				    || strstr($vip['interface'], "lo0")) &&
-            f81e7cc4
+				    isset($oldvips[$vip['subnet']])) {
 					$key = $vip['subnet'];
 					if ($oldvips[$key]['content'] ==
 					    $vip['interface'] .
 					    $vip['subnet'] .
 					    $vip['subnet_bits'] &&
 					    does_vip_exist($vip)) {
 						unset($oldvips[$key]);
 						/*
 						 * Skip reconfiguring this vips
 						 * since nothing has changed.
 						 */
 						continue;
-a5cf
+            Ermal
-            f81e7cc4
+					unset($oldvips[$key]);
-a5cf
+            Ermal
-            51611440
+            Ermal
-            f81e7cc4
+				switch ($vip['mode']) {
-f215d
+				case "proxyarp":
 					$anyproxyarp = true;
 					break;
 				case "ipalias":
 					interface_ipalias_configure($vip);
 					break;
 				case "carp":
-            f81e7cc4
+					$carp_setuped = true;
-c15b353
+					if (does_vip_exist($vip) && isset($oldvips[$key]['vhid']) &&
 					    ($oldvips[$key]['vhid'] ^ $vip['vhid'])) {
 						/* properly remove the old VHID
 						 * see https://redmine.pfsense.org/issues/12202 */
 						$realif = get_real_interface($vip['interface']);
 						mwexec("/sbin/ifconfig {$realif} " .
 							escapeshellarg($vip['subnet']) . " -alias");
 						$ipalias_reload = true;
 					} else {
 						$ipalias_reload = false;
+					}
 					interface_carp_configure($vip, false, $ipalias_reload);
-f215d
+					break;
-            f81e7cc4
+            Renato Botelho
-fcdccc
+				$force_filterconfigure = true;
-            51611440
+            Ermal
-            f81e7cc4
+            Renato Botelho
 			/* Cleanup remaining old carps */
 			foreach ($oldvips as $oldvipar) {
 				$oldvipif = get_real_interface(
 				    $oldvipar['interface']);
 				if (empty($oldvipif)) {
 					continue;
+				}
-            e7cac368
+				/* do not remove VIP if the IP address remains the same */
 				foreach ($config['virtualip']['vip'] as $vip) {
 					if ($vip['subnet'] == $oldvipar['subnet']) {
 						continue 2;
+					}
+				}
-f215d
+				if (is_ipaddrv6($oldvipar['subnet'])) {
-            f81e7cc4
+					 mwexec("/sbin/ifconfig " .
 					     escapeshellarg($oldvipif) .
 					     " inet6 " .
 					     escapeshellarg($oldvipar['subnet']) .
 					     " delete");
-f215d
+				} else {
-            f81e7cc4
+					pfSense_interface_deladdress($oldvipif,
 					    $oldvipar['subnet']);
-f215d
+            Phil Davis
-            e3cffd6c
+            Ermal LUÇI
-            f81e7cc4
+			if ($carp_setuped == true) {
 				interfaces_sync_setup();
+			}
 			if ($anyproxyarp == true) {
 				interface_proxyarp_configure();
+			}
-            51611440
+            Ermal
-            f81e7cc4
+            Renato Botelho
-f7bc7f
+		local_sync_accounts($u2add, $u2del, $g2add, $g2del);
-fcdccc
+		$this->filter_configure(false, $force_filterconfigure);
 		unset($old_config);
-f7bc7f
+            Renato Botelho
-            f81e7cc4
+		return true;
-f215d
+            Phil Davis
-            d026178f
+            Renato Botelho
-            f81e7cc4
+	/**
 	 * Merge items into installedpackages config section
+	 *
 	 * @param array $section
+	 *
 	 * @return bool
 	 */
-f26f187
+	public function merge_installedpackages_section($section, $timeout) {
 		ini_set('default_socket_timeout', $timeout);
-            dc5f639f
+		$this->auth();
-            d026178f
+            Renato Botelho
-            f81e7cc4
+		global $config;
-d49018
+            Colin Smith
-            f81e7cc4
+		if ($this->loop_detected) {
 			log_error("Disallowing CARP sync loop");
 			return true;
+		}
-ae5cfc
+            Scott Ullrich
-            f81e7cc4
+		$config['installedpackages'] = array_merge(
 		    $config['installedpackages'], $section);
-cb29dac
+		$mergedkeys = implode(", ", array_keys($section));
-            f81e7cc4
+		write_config(sprintf(gettext(
 		    "Merged in config (%s sections) from XMLRPC client."),
 		    $mergedkeys));
-f46d8
+            Ermal
-            f81e7cc4
+		return true;
-            fb0eb20b
+            Ermal
-            c87f4b70
+            Ermal
-            f81e7cc4
+	/**
 	 * Merge items into config
+	 *
 	 * @param array $section
+	 *
 	 * @return bool
 	 */
-f26f187
+	public function merge_config_section($section, $timeout) {
 		ini_set('default_socket_timeout', $timeout);
-            dc5f639f
+		$this->auth();
-f46d8
+            Ermal
-            f81e7cc4
+		global $config;
-ae5cfc
+            Scott Ullrich
-            f81e7cc4
+		if ($this->loop_detected) {
 			log_error("Disallowing CARP sync loop");
 			return true;
+		}
-            dc1cd85d
+            Scott Ullrich
-            f81e7cc4
+		$config_new = $this->array_overlay($config, $section);
 		$config = $config_new;
-cb29dac
+		$mergedkeys = implode(", ", array_keys($section));
-            f81e7cc4
+		write_config(sprintf(gettext(
 		    "Merged in config (%s sections) from XMLRPC client."),
 		    $mergedkeys));
-            c87f4b70
+            Ermal
-            f81e7cc4
+		return true;
-            fb0eb20b
+            Ermal
-            c87f4b70
+            Ermal
-            f81e7cc4
+	/**
 	 * Wrapper for filter_configure()
+	 *
 	 * @return bool
-b5da70
+	 */
-fcdccc
+	private function filter_configure($reset_accounts = true, $force = false) {
 		global $g, $config, $old_config;
-            f81e7cc4
+            Renato Botelho
 		filter_configure();
 		system_routing_configure();
 		setup_gateways_monitor();
-fcdccc
+            Viktor G
 		/* do not restart unchanged services on XMLRPC sync,
 		 * see https://redmine.pfsense.org/issues/11082
 		 */
 		if (is_array($config['openvpn']) || is_array($old_config['openvpn'])) {
 			foreach (array("server", "client") as $type) {
 				$remove_id = array();
 				if (is_array($old_config['openvpn']["openvpn-{$type}"])) {
 					foreach ($old_config['openvpn']["openvpn-{$type}"] as & $old_settings) {
 						$remove_id[] = $old_settings['vpnid'];
+					}
+				}
 				if (!is_array($config['openvpn']["openvpn-{$type}"])) {
 					continue;
+				}
 				foreach ($config['openvpn']["openvpn-{$type}"] as & $settings) {
 					$new_instance = true;
 					if (in_array($settings['vpnid'], $remove_id)) {
 						$remove_id = array_diff($remove_id, array($settings['vpnid']));
+					}
 					if (is_array($old_config['openvpn']["openvpn-{$type}"])) {
 						foreach ($old_config['openvpn']["openvpn-{$type}"] as & $old_settings) {
 							if ($settings['vpnid'] == $old_settings['vpnid']) {
 								$new_instance = false;
 								if (($settings != $old_settings) || $force) {
 									/* restart changed openvpn instance */
 									openvpn_resync($type, $settings);
 									break;
+								}
+							}
+						}
+					}
 					if ($new_instance) {
 						/* start new openvpn instance */
 						openvpn_resync($type, $settings);
+					}
+				}
 				if (!empty($remove_id)) {
 					foreach ($remove_id as $id) {
 						/* stop/delete removed openvpn instances */
 						openvpn_delete($type, array('vpnid' => $id));
+					}
+				}
+			}
 			/* no service restart required */
 			openvpn_resync_csc_all();
+		}
-            f81e7cc4
+            Renato Botelho
-ae26227
+		/* run ipsec_configure() on any IPsec change, see https://redmine.pfsense.org/issues/12075 */
 		if (((is_array($config['ipsec']) || is_array($old_config['ipsec'])) &&
 		    ($config['ipsec'] != $old_config['ipsec'])) ||
 		    $force) {
 			ipsec_configure();
+		}
-            f81e7cc4
+		/*
 		 * The DNS Resolver and the DNS Forwarder may both be active so
 		 * long as * they are running on different ports.
 		 * See ticket #5882
 		 */
-fcdccc
+		if (((is_array($config['dnsmasq']) || is_array($old_config['dnsmasq'])) &&
 		    ($config['dnsmasq'] != $old_config['dnsmasq'])) ||
 		    $force) {
 			if (isset($config['dnsmasq']['enable'])) {
 				/* Configure dnsmasq but tell it NOT to restart DHCP */
 				services_dnsmasq_configure(false);
 			} else {
 				/* kill any running dnsmasq instance */
 				if (isvalidpid("{$g['varrun_path']}/dnsmasq.pid")) {
 					sigkillbypid("{$g['varrun_path']}/dnsmasq.pid",
 					    "TERM");
+				}
-            f81e7cc4
+            Renato Botelho
-b5da70
+            jim-p
-fcdccc
+		if (((is_array($config['unbound']) || is_array($old_config['unbound'])) &&
 		    ($config['unbound'] != $old_config['unbound'])) ||
 		    $force) {
 			if (isset($config['unbound']['enable'])) {
 				/* Configure unbound but tell it NOT to restart DHCP */
 				services_unbound_configure(false);
 			} else {
 				/* kill any running Unbound instance */
 				if (isvalidpid("{$g['varrun_path']}/unbound.pid")) {
 					sigkillbypid("{$g['varrun_path']}/unbound.pid",
 					    "TERM");
+				}
-            f81e7cc4
+            Renato Botelho
-b5da70
+            jim-p
-f46d8
+            Ermal
-            f81e7cc4
+		/*
 		 * Call this separately since the above are manually set to
 		 * skip the DHCP restart they normally perform.
 		 * This avoids restarting dhcpd twice as described on
 		 * ticket #3797
 		 */
-fcdccc
+		if (((is_array($config['dhcpd']) || is_array($old_config['dhcpd'])) &&
 		    ($config['dhcpd'] != $old_config['dhcpd'])) ||
 		    $force) {
 			services_dhcpd_configure();
+		}
-f46d8
+            Ermal
-caa
+		if (((is_array($config['dhcrelay']) || is_array($old_config['dhcrelay'])) &&
 		    ($config['dhcrelay'] != $old_config['dhcrelay'])) ||
 		    $force) {
 			services_dhcrelay_configure();
+		}
 		if (((is_array($config['dhcrelay6']) || is_array($old_config['dhcrelay6'])) &&
 		    ($config['dhcrelay6'] != $old_config['dhcrelay6'])) ||
 		    $force) {
 			services_dhcrelay6_configure();
+		}
-f7bc7f
+		if ($reset_accounts) {
 			local_reset_accounts();
+		}
-            c87f4b70
+            Ermal
-fcdccc
+		if ((is_array($config['captiveportal']) || is_array($old_config['captiveportal']) &&
 		    ($config['captiveportal'] != $old_config['captiveportal'])) ||
 		    $force) {
 			captiveportal_configure();
+		}
 		if ((is_array($config['voucher']) || is_array($old_config['voucher']) &&
 		    ($config['voucher'] != $old_config['voucher'])) ||
 		    $force) {
 			voucher_configure();
+		}
-cab6335
+            Renato Botelho
-            f81e7cc4
+		return true;
-dd2a278
+            Scott Ullrich
-f46d8
+            Ermal
-            24600471
+	/**
 	 * Wrapper for captiveportal connected users and
 	 * active/expired vouchers synchronization
+	 *
 	 * @param array $arguments
+	 *
 	 * @return array
 	 */
-f26f187
+	public function captive_portal_sync($arguments, $timeout) {
 		ini_set('default_socket_timeout', $timeout);
-            24600471
+		$this->auth();
 		// Note : no protection against CARP loop is done here, and this is in purpose.
 		// This function is used for bi-directionnal sync, which is precisely what CARP loop protection is supposed to prevent.
 		// CARP loop has to be managed within functions using captive_portal_sync()
 		global $g, $config, $cpzone;
 		if (empty($arguments['op']) || empty($arguments['zone']) || empty($config['captiveportal'][$arguments['zone']])) {
 			return false;
+		}
 		$cpzone = $arguments['zone'];
 		if ($arguments['op'] === 'get_databases') {
 			$active_vouchers = array();
 			$expired_vouchers = array();
-            a81a6edc
+			$usedmacs = '';
-            24600471
+            Augustin-FL
 			if (is_array($config['voucher'][$cpzone]['roll'])) {
-            d35a18fc
+				foreach($config['voucher'][$cpzone]['roll'] as $roll) {
-            24600471
+					$expired_vouchers[$roll['number']] = base64_encode(voucher_read_used_db($roll['number']));
 					$active_vouchers[$roll['number']] = voucher_read_active_db($roll['number']);
+				}
+			}
-            a81a6edc
+			if (!empty($config['captiveportal'][$cpzone]['freelogins_count']) &&
 			    !empty($config['captiveportal'][$cpzone]['freelogins_resettimeout'])) {
 				$usedmacs = captiveportal_read_usedmacs_db();
+			}
-            24600471
+			// base64 is here for safety reasons, as we don't fully control
 			// the content of these arrays.
 			$returndata = array('connected_users' => base64_encode(serialize(captiveportal_read_db())),
 			'active_vouchers' => base64_encode(serialize($active_vouchers)),
-            a81a6edc
+			'expired_vouchers' => base64_encode(serialize($expired_vouchers)),
 			'usedmacs' => base64_encode(serialize($usedmacs)));
-            24600471
+            Augustin-FL
 			return $returndata;
 		} elseif ($arguments['op'] === 'connect_user') {
 			$user = unserialize(base64_decode($arguments['user']));
 			$user['attributes']['allow_time'] = $user['allow_time'];
 			// pipeno might be different between primary and secondary
 			$pipeno = captiveportal_get_next_dn_ruleno('auth');
 			return portal_allow($user['clientip'], $user['clientmac'], $user['username'], $user['password'], null,
 			    $user['attributes'], $pipeno, $user['authmethod'], $user['context'], $user['sessionid']);
-a778ba9
+		} elseif ($arguments['op'] === 'disconnect_user') {
 			$session = unserialize(base64_decode($arguments['session']));
 			/* read database again, as pipeno might be different between primary & secondary */
 			$sessionid = SQLite3::escapeString($session['sessionid']);
 			$local_dbentry = captiveportal_read_db("WHERE sessionid = '{$sessionid}'");
 			if (!empty($local_dbentry) && count($local_dbentry) == 1) {
 				return captiveportal_disconnect($local_dbentry[0], $session['term_cause'], $session['stop_time'], true);
 			} else {
 				return false;
+			}
 		} elseif ($arguments['op'] === 'remove_entries') {
 			$entries = unserialize(base64_decode($arguments['entries']));
 			return captiveportal_remove_entries($entries, true);
-            78784180
+		} elseif ($arguments['op'] === 'disconnect_all') {
 			$arguments = unserialize(base64_decode($arguments['arguments']));
 			return captiveportal_disconnect_all($arguments['term_cause'], $arguments['logout_reason'], true);
-e3f81
+		} elseif ($arguments['op'] === 'write_vouchers') {
 			$arguments = unserialize(base64_decode($arguments['arguments']));
 			if (is_array($arguments['active_and_used_vouchers_bitmasks'])) {
 				foreach ($arguments['active_and_used_vouchers_bitmasks'] as $roll => $used) {
 					if (is_array($used)) {
 						foreach ($used as $u) {
 							voucher_write_used_db($roll, base64_encode($u));
+						}
 					} else {
 						voucher_write_used_db($roll, base64_encode($used));
+					}
+				}
+			}
 			foreach ($arguments['active_vouchers'] as $roll => $active_vouchers) {
 				voucher_write_active_db($roll, $active_vouchers);
+			}
 			return true;
-            a81a6edc
+		} elseif ($arguments['op'] === 'write_usedmacs') {
 			$arguments = unserialize(base64_decode($arguments['arguments']));
 			captiveportal_write_usedmacs_db($arguments['usedmacs']);
 			return true;
-            24600471
+            Augustin-FL
+	}
-            f81e7cc4
+	/**
 	 * Wrapper for configuring CARP interfaces
+	 *
 	 * @return bool
 	 */
-            dc5f639f
+	public function interfaces_carp_configure() {
 		$this->auth();
-            efe7562e
+            Scott Ullrich
-            f81e7cc4
+		if ($this->loop_detected) {
 			log_error("Disallowing CARP sync loop");
 			return true;
+		}
-            0567899d
+            Ermal
-            f81e7cc4
+		interfaces_vips_configure();
-            e501de37
+            Ermal
-            f81e7cc4
+		return true;
+	}
-            e501de37
+            Ermal
-            f81e7cc4
+	/**
 	 * Wrapper for rc.reboot
+	 *
 	 * @return bool
 	 */
-            dc5f639f
+	public function reboot() {
 		$this->auth();
-            e501de37
+            Ermal
-            f81e7cc4
+		mwexec_bg("/etc/rc.reboot");
-f46d8
+            Ermal
-            f81e7cc4
+		return true;
-dd2a278
+            Scott Ullrich
-            d9064267
+            Colin Smith
-            f3f98e97
+// run script until its done and can 'unlock' the xmlrpc.lock, this prevents hanging php-fpm / webgui
-b0
+ignore_user_abort(true);
-af2d
+set_time_limit(0);
-d78c87
+$xmlrpclockkey = lock('xmlrpc', LOCK_EX);
-            f81e7cc4
+XML_RPC2_Backend::setBackend('php');
 $HTTP_RAW_POST_DATA = file_get_contents('php://input');
 $options = array(
 	'prefix' => 'pfsense.',
 	'encoding' => 'utf-8',
-f78ae1d
+	'autoDocument' => false,
-d49018
+);
-            b298dd06
+            Scott Ullrich
-            f81e7cc4
+$server = XML_RPC2_Server::create(new pfsense_xmlrpc_server(), $options);
 $server->handleCall();
-d78c87
+            Ermal
-            f81e7cc4
+unlock($xmlrpclockkey);
-b581a8a
+            Scott Ullrich
-            de63649b
+?>

Project

General

Profile

pfSense