/**
* retrieve system activity (top)
* @return array
*/
public function getActivityAction()
{
$backend = new Backend();
$response = $backend->configdpRun("system diag activity json");
$activity = json_decode($response, true);
return $activity;
}
/**
* test HelloWorld
*/
public function testAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$bckresult = json_decode(trim($backend->configdRun("helloworld test")), true);
if ($bckresult !== null) {
// only return valid json type responses
return $bckresult;
}
}
return array("message" => "unable to run config action");
}
/**
* disconnect a client
* @param string|int $zoneid zoneid
* @return array|mixed
*/
public function disconnectAction($zoneid = 0)
{
if ($this->request->isPost() && $this->request->hasPost('sessionId')) {
$backend = new Backend();
$statusRAW = $backend->configdpRun("captiveportal disconnect", array($zoneid, $this->request->getPost('sessionId'), 'json'));
$status = json_decode($statusRAW, true);
if ($status != null) {
return $status;
} else {
return array("status" => "Illegal response");
}
}
return array();
}
/**
* restart cron service
* @return array
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
// generate template
$backend->configdRun("template reload OPNsense.Cron");
// (res)start daemon
$backend->configdRun("cron restart");
return array("status" => "ok");
} else {
return array("status" => "failed");
}
}
/**
* retrieve system ndp table contents
* @return array
*/
public function getNdpAction()
{
$backend = new Backend();
$response = $backend->configdpRun("interface list ndp json");
$ndptable = json_decode($response, true);
$intfmap = $this->getInterfaceNames();
// merge ndp output with interface names
if (is_array($ndptable)) {
foreach ($ndptable as &$ndpentry) {
if (array_key_exists($ndpentry['intf'], $intfmap)) {
$ndpentry['intf_description'] = $intfmap[$ndpentry['intf']];
} else {
$ndpentry['intf_description'] = "";
}
}
}
return $ndptable;
}
/**
* reconfigure ipfw, generate config and reload
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
$backend->configdRun("template reload OPNsense.IPFW");
$bckresult = trim($backend->configdRun("ipfw reload"));
if ($bckresult == "OK") {
$status = "ok";
} else {
$status = "error reloading shaper (" . $bckresult . ")";
}
return array("status" => $status);
} else {
return array("status" => "failed");
}
}
/**
* reconfigure captive portal
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
// the ipfw rules need to know about all the zones, so we need to reload ipfw for the portal to work
$backend->configdRun("template reload OPNsense.IPFW");
$bckresult = trim($backend->configdRun("ipfw reload"));
if ($bckresult == "OK") {
// TODO: implement portal webservers restart/reconfigure
$status = "ok";
} else {
$status = "error reloading captive portal (" . $bckresult . ")";
}
return array("status" => $status);
} else {
return array("status" => "failed");
}
}
/**
* generate validation data (list of known configd actions)
*/
public function eventPostLoading()
{
if (!array_key_exists($this->internalCacheKey, self::$internalOptionList)) {
self::$internalOptionList[$this->internalCacheKey] = array();
$backend = new Backend();
$service_tempfile = "/tmp/configdmodelfield.data";
// check configd daemon for list of available actions, cache results as long as configd is not restarted
if (!file_exists($service_tempfile) || filemtime($service_tempfile) < $backend->getLastRestart()) {
$response = $backend->configdRun("configd actions json", false, 20);
$actions = json_decode($response, true);
if (is_array($actions)) {
file_put_contents($service_tempfile, $response);
}
} else {
$actions = json_decode(file_get_contents($service_tempfile), true);
if (!is_array($actions)) {
$actions = array();
}
}
foreach ($actions as $key => $value) {
// use filters to determine relevance
$isMatched = true;
foreach ($this->internalFilters as $filterKey => $filterData) {
if (array_key_exists($filterKey, $value)) {
$fieldData = $value[$filterKey];
if (!preg_match($filterData, $fieldData)) {
$isMatched = false;
}
}
}
if ($isMatched) {
if (!isset($value['description']) || $value['description'] == '') {
self::$internalOptionList[$this->internalCacheKey][$key] = $key;
} else {
self::$internalOptionList[$this->internalCacheKey][$key] = $value['description'];
}
}
}
}
}
/**
* logoff client
* @param int|string zone id number
* @return array
*/
public function logoffAction($zoneid = 0)
{
if ($this->request->isOptions()) {
// return empty result on CORS preflight
return array();
} else {
$this->sessionClose();
$clientSession = $this->clientSession((string) $zoneid);
if ($clientSession['clientState'] == 'AUTHORIZED' && $clientSession['authenticated_via'] != '---ip---' && $clientSession['authenticated_via'] != '---mac---') {
// you can only disconnect a connected client
$backend = new Backend();
$statusRAW = $backend->configdpRun("captiveportal disconnect", array($zoneid, $clientSession['sessionId'], 'json'));
$status = json_decode($statusRAW, true);
if ($status != null) {
return $status;
}
}
}
return array("clientState" => "UNKNOWN", "ipAddress" => $this->getClientIp());
}
/**
* reconfigure IDS
*/
public function reconfigureAction()
{
$status = "failed";
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$mdlIDS = new IDS();
$runStatus = $this->statusAction();
if ($runStatus['status'] == "running" && (string) $mdlIDS->general->enabled == 0) {
$this->stopAction();
}
$backend = new Backend();
$bckresult = trim($backend->configdRun("template reload OPNsense.IDS"));
if ($bckresult == "OK") {
if ((string) $mdlIDS->general->enabled == 1) {
$bckresult = trim($backend->configdRun("ids install rules"));
if ($bckresult == "OK") {
if ($runStatus['status'] == 'running') {
$status = $this->restartAction()['response'];
} else {
$status = $this->startAction()['response'];
}
} else {
$status = "error installing ids rules (" . $bckresult . ")";
}
} else {
$status = "OK";
}
} else {
$status = "error generating ids template (" . $bckresult . ")";
}
}
return array("status" => $status);
}
/**
* list local and remote packages
* @return array
*/
public function infoAction()
{
$this->sessionClose();
// long running action, close session
$keys = array('name', 'version', 'comment', 'flatsize', 'locked');
$backend = new Backend();
$response = array();
/* package infos are flat lists with 3 pipes as delimiter */
foreach (array('local', 'remote') as $type) {
$current = $backend->configdRun("firmware {$type}");
$current = explode("\n", trim($current));
$response[$type] = array();
foreach ($current as $line) {
$expanded = explode('|||', $line);
$translated = array();
$index = 0;
if (count($expanded) != count($keys)) {
continue;
}
foreach ($keys as $key) {
$translated[$key] = $expanded[$index++];
}
$response[$type][] = $translated;
}
}
return $response;
}
/**
* list all available logs
* @return array list of alert logs
* @throws \Exception
*/
public function getAlertLogsAction()
{
$backend = new Backend();
$response = $backend->configdRun("ids list alertlogs");
$result = json_decode($response, true);
if ($result != null) {
$logs = array();
foreach ($result as $log) {
$log['modified'] = date('Y/m/d G:i', $log['modified']);
$logs[] = $log;
}
return $logs;
} else {
return array();
}
}
/**
* fetch acls
* @return array
*/
public function fetchaclsAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
// generate template
$backend->configdRun("template reload OPNsense.Proxy");
// fetch files
$response = $backend->configdRun("proxy fetchacls");
return array("response" => $response, "status" => "ok");
} else {
return array("response" => array());
}
}
/**
* reconfigure squid, generate config and reload
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$mdlProxy = new Proxy();
$backend = new Backend();
$runStatus = $this->statusAction();
// stop squid when disabled
if ($runStatus['status'] == "running" && $mdlProxy->general->enabled->__toString() == 0) {
$this->stopAction();
}
// generate template
$backend->configdRun("template reload OPNsense.Proxy");
// (res)start daemon
if ($mdlProxy->general->enabled->__toString() == 1) {
if ($runStatus['status'] == "running") {
$backend->configdRun("proxy reconfigure");
} else {
$this->startAction();
}
}
return array("status" => "ok");
} else {
return array("status" => "failed");
}
}
/**
* retrieve upgrade status (and log file of current process)
*/
public function upgradestatusAction()
{
$backend = new Backend();
$result = array("status" => "running");
$cmd_result = trim($backend->configdRun("firmware upgrade_status"));
$result['log'] = $cmd_result;
if (trim($cmd_result) == "Execute error") {
$result["status"] = "error";
} elseif (strpos($cmd_result, '***DONE***') !== false) {
$result["status"] = "done";
} elseif (strpos($cmd_result, '***REBOOT***') !== false) {
$result["status"] = "reboot";
}
return $result;
}
/**
* toggle usage of rule file or set enabled / disabled depending on parameters
* @param $filename (target) rule file name
* @param $enabled desired state enabled(1)/disabled(1), leave empty for toggle
* @return array status 0/1 or error
* @throws \Exception
* @throws \Phalcon\Validation\Exception
*/
public function toggleInstalledRulesetAction($filename, $enabled = null)
{
$result = array("status" => "none");
if ($this->request->isPost()) {
$backend = new Backend();
$response = $backend->configdRun("ids list installablerulesets");
$data = json_decode($response, true);
if ($data != null && array_key_exists("items", $data) && array_key_exists($filename, $data['items'])) {
$node = $this->getModel()->getFileNode($filename);
if ($enabled == "0" || $enabled == "1") {
$node->enabled = (string) $enabled;
} elseif ((string) $node->enabled == "1") {
$node->enabled = "0";
} else {
$node->enabled = "1";
}
$result['status'] = $node->enabled;
$this->getModel()->serializeToConfig();
Config::getInstance()->save();
} else {
$result['status'] = "error";
}
}
return $result;
}
/**
* Reconfigure zones ( generate and load ruleset )
*/
public function reconfigure()
{
$backend = new Backend();
if ($this->isEnabled()) {
$ruleset_filename = FactoryDefault::getDefault()->get('config')->globals->temp_path . "/ipfw.rules";
$response = $backend->configdRun("template reload OPNsense.IPFW");
if (trim($response) == "OK") {
// load ruleset when ruleset is successfully loaded
$this->shell->exec("/etc/rc.d/ipfw start");
}
// update tables
$this->update();
// after reinit all accounting rules are vanished, reapply them for active sessions
$this->loadAccounting();
} else {
// captiveportal is disabled, create new config and reload ipfw
$response = $backend->configdRun("template reload OPNsense.IPFW");
$this->shell->exec("/etc/rc.d/ipfw start");
}
}
/**
* retrieve SystemHealth Data (previously called RRD Graphs)
* @param string $rrd
* @param int $from
* @param int $to
* @param int $max_values
* @param bool $inverse
* @param int $detail
* @return array
*/
public function getSystemHealthAction($rrd = "", $from = 0, $to = 0, $max_values = 120, $inverse = false, $detail = -1)
{
/**
* $rrd = rrd filename without extension
* $from = from timestamp (0=min)
* $to = to timestamp (0=max)
* $max_values = limit datapoint as close as possible to this number (or twice if detail (zoom) + overview )
* $inverse = Inverse every odd row (multiply by -1)
* $detail = limits processing of dataSets to max given (-1 = all ; 1 = 0,1 ; 2 = 0,1,2 ; etc)
*/
$rrd_details = $this->getRRDdetails($rrd)["data"];
if ($rrd_details['filename'] != "") {
$backend = new Backend();
$response = $backend->configdpRun("systemhealth fetch ", array($rrd_details['filename']));
$xml = simplexml_load_string($response);
} else {
$xml = false;
}
if ($xml !== false) {
// we only use the average databases in any RRD, remove the rest to avoid strange behaviour.
for ($count = count($xml->rra) - 1; $count >= 0; $count--) {
if (trim((string) $xml->rra[$count]->cf) != "AVERAGE") {
unset($xml->rra[$count]);
}
}
$data_sets_full = $this->getDataSetInfo($xml);
// get dataSet information to include in answer
if ($inverse == 'true') {
$inverse = true;
} else {
$inverse = false;
}
if ((int) $detail >= 0) {
for ($count = count($xml->rra) - 1; $count > $detail; $count--) {
unset($xml->rra[$count]);
}
}
// determine available dataSets within range and how to handle them
$selected_archives = $this->getSelection($this->getDataSetInfo($xml), $from, $to, $max_values);
// get condensed dataSets and translate them to d3 usable data
$result = $this->translateD3($this->getCondensedArchive($xml, $selected_archives), $inverse, $rrd_details["field_units"]);
return ["sets" => $data_sets_full, "d3" => $result, "title" => $rrd_details["title"] != "" ? $rrd_details["title"] . " | " . ucfirst($rrd_details['itemName']) : ucfirst($rrd_details['itemName']), "y-axis_label" => $rrd_details["y-axis_label"]];
// return details and d3 data
} else {
return ["sets" => [], "d3" => [], "title" => "error", "y-axis_label" => ""];
}
}
/**
* list local and remote packages
* @return array
*/
public function infoAction()
{
$this->sessionClose();
// long running action, close session
$response = array('local' => array(), 'remote' => array());
$backend = new Backend();
$remote = $backend->configdRun('firmware remote');
$local = $backend->configdRun('firmware local');
/*
* pkg(8) returns malformed json by simply outputting each
* indivudual package json block... fix it up for now.
*/
$local = str_replace("\n}\n", "\n},\n", trim($local));
$local = json_decode('[' . $local . ']', true);
if ($local != null) {
$keep = array('name', 'version', 'comment', 'www', 'flatsize', 'licenses', 'desc', 'categories');
foreach ($local as $infos) {
$stripped = array();
foreach ($infos as $key => $info) {
if (in_array($key, $keep)) {
$stripped[$key] = $info;
}
}
$response['local'][] = $stripped;
}
}
/* Remote packages are only a flat list */
$remote = explode("\n", trim($remote));
foreach ($remote as $name) {
/* keep layout compatible with the above */
$response['remote'][] = array('name' => $name);
}
return $response;
}
/**
* toggle usage of rule file or set enabled / disabled depending on parameters
* @param $filenames (target) rule file name, or list of filenames separated by a comma
* @param $enabled desired state enabled(1)/disabled(1), leave empty for toggle
* @return array status 0/1 or error
* @throws \Exception
* @throws \Phalcon\Validation\Exception
*/
public function toggleInstalledRulesetAction($filenames, $enabled = null)
{
$update_count = 0;
$result = array("status" => "none");
if ($this->request->isPost()) {
$backend = new Backend();
$response = $backend->configdRun("ids list installablerulesets");
$data = json_decode($response, true);
foreach (explode(",", $filenames) as $filename) {
if ($data != null && array_key_exists("items", $data) && array_key_exists($filename, $data['items'])) {
$node = $this->getModel()->getFileNode($filename);
if ($enabled == "0" || $enabled == "1") {
$node->enabled = (string) $enabled;
} elseif ((string) $node->enabled == "1") {
$node->enabled = "0";
} else {
$node->enabled = "1";
}
// only update result state if all items until now are ok
if ($result['status'] != 'error') {
$result['status'] = $node->enabled;
}
$update_count++;
} else {
$result['status'] = "error";
}
}
if ($update_count > 0) {
$this->getModel()->serializeToConfig();
Config::getInstance()->save();
}
}
return $result;
}
/**
* save template, updates existing or create new.
* @return string
*/
public function saveTemplateAction()
{
if ($this->request->isPost() && $this->request->hasPost("name")) {
$this->sessionClose();
$templateName = $this->request->getPost("name", "striptags");
$mdlCP = new CaptivePortal();
if ($this->request->hasPost("uuid")) {
$uuid = $this->request->getPost("uuid", "striptags");
$template = $mdlCP->getNodeByReference('templates.template.' . $uuid);
if ($template == null) {
return array("name" => $templateName, "error" => "node not found");
}
} else {
$template = $mdlCP->getTemplateByName($templateName);
}
// cleanse input content, we only want to save changed files into our config
if (strlen($this->request->getPost("content", "striptags", "")) > 20 || strlen((string) $template->content) == 0) {
$temp_filename = 'cp_' . (string) $template->getAttributes()['uuid'] . '.tmp';
file_put_contents('/tmp/' . $temp_filename, $this->request->getPost("content", "striptags", ""));
// strip defaults and unchanged files from template (standard js libs, etc)
$backend = new Backend();
$response = $backend->configdpRun("captiveportal strip_template", array($temp_filename));
unlink('/tmp/' . $temp_filename);
$result = json_decode($response, true);
if ($result != null && !array_key_exists('error', $result)) {
$template->content = $result['payload'];
} else {
return array("name" => $templateName, "error" => $result['error']);
}
}
$template->name = $templateName;
$valMsgs = $mdlCP->performValidation();
$errorMsg = "";
foreach ($valMsgs as $field => $msg) {
if ($errorMsg != "") {
$errorMsg .= " , ";
}
$errorMsg .= $msg->getMessage();
}
if ($errorMsg != "") {
return array("name" => (string) $template->name, "error" => $errorMsg);
} else {
// data is valid, save and return.
$mdlCP->serializeToConfig();
Config::getInstance()->save();
return array("name" => (string) $template->name);
}
}
return null;
}
/**
* list available classtypes
* @return array
* @throws \Exception
*/
public function listRuleClasstypesAction()
{
$backend = new Backend();
$response = $backend->configdRun("ids list classtypes");
$data = json_decode($response, true);
if ($data != null && array_key_exists("items", $data)) {
return $data;
} else {
return array();
}
}