Esempio n. 1
0
    $config['virtualip']['vip'] = array();
}
$a_vip =& $config['virtualip']['vip'];
if ($_POST) {
    $pconfig = $_POST;
    if ($_POST['apply']) {
        if (file_exists('/tmp/.firewall_virtual_ip.apply')) {
            $toapplylist = unserialize(file_get_contents('/tmp/.firewall_virtual_ip.apply'));
            foreach ($toapplylist as $vid => $ovip) {
                if (!empty($ovip)) {
                    interface_vip_bring_down($ovip);
                }
                if ($a_vip[$vid]) {
                    switch ($a_vip[$vid]['mode']) {
                        case "ipalias":
                            interface_ipalias_configure($a_vip[$vid]);
                            break;
                        case "proxyarp":
                            interface_proxyarp_configure($a_vip[$vid]['interface']);
                            break;
                        case "carp":
                            interface_carp_configure($a_vip[$vid]);
                            break;
                        default:
                            break;
                    }
                }
            }
            @unlink('/tmp/.firewall_virtual_ip.apply');
        }
        $retval = 0;
Esempio n. 2
0
function restore_config_section_xmlrpc($raw_params)
{
    global $config, $xmlrpc_g;
    $old_config = $config;
    $old_ipsec_enabled = ipsec_enabled();
    if (xmlrpc_loop_detect()) {
        log_error("Disallowing CARP sync loop");
        return;
    }
    $params = xmlrpc_params_to_php($raw_params);
    if (!xmlrpc_auth($params)) {
        xmlrpc_authfail();
        return $xmlrpc_g['return']['authfail'];
    }
    /*
     * Make sure it doesn't end up with both dnsmasq and unbound enabled
     * simultaneously in secondary
     * */
    if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) {
        unset($config['dnsmasq']['enable']);
        services_dnsmasq_configure();
    } else {
        if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) {
            unset($config['unbound']['enable']);
            services_unbound_configure();
        }
    }
    // Some sections should just be copied and not merged or we end
    //   up unable to sync the deletion of the last item in a section
    $sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6');
    $sync_full_done = array();
    foreach ($sync_full as $syncfull) {
        if (isset($params[0][$syncfull])) {
            $config[$syncfull] = $params[0][$syncfull];
            unset($params[0][$syncfull]);
            $sync_full_done[] = $syncfull;
        }
    }
    $vipbackup = array();
    $oldvips = array();
    if (isset($params[0]['virtualip'])) {
        if (is_array($config['virtualip']['vip'])) {
            foreach ($config['virtualip']['vip'] as $vipindex => $vip) {
                if ($vip['mode'] == "carp") {
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}";
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface'];
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet'];
                } else {
                    if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) {
                        $oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}";
                        $oldvips[$vip['subnet']]['interface'] = $vip['interface'];
                        $oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
                    } else {
                        if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) {
                            $vipbackup[] = $vip;
                        }
                    }
                }
            }
        }
    }
    // For vip section, first keep items sent from the master
    $config = array_merge_recursive_unique($config, $params[0]);
    /* Then add ipalias and proxyarp types already defined on the backup */
    if (is_array($vipbackup) && !empty($vipbackup)) {
        if (!is_array($config['virtualip'])) {
            $config['virtualip'] = array();
        }
        if (!is_array($config['virtualip']['vip'])) {
            $config['virtualip']['vip'] = array();
        }
        foreach ($vipbackup as $vip) {
            array_unshift($config['virtualip']['vip'], $vip);
        }
    }
    /* Log what happened */
    $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done));
    write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
    /*
     * The real work on handling the vips specially
     * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps
     */
    if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
        $carp_setuped = false;
        $anyproxyarp = false;
        foreach ($config['virtualip']['vip'] as $vip) {
            if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) {
                if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") {
                    if (does_vip_exist($vip)) {
                        unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
                        continue;
                        // Skip reconfiguring this vips since nothing has changed.
                    }
                }
            } else {
                if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
                    if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") {
                        if (does_vip_exist($vip)) {
                            unset($oldvips[$vip['subnet']]);
                            continue;
                            // Skip reconfiguring this vips since nothing has changed.
                        }
                    }
                    unset($oldvips[$vip['subnet']]);
                }
            }
            switch ($vip['mode']) {
                case "proxyarp":
                    $anyproxyarp = true;
                    break;
                case "ipalias":
                    interface_ipalias_configure($vip);
                    break;
                case "carp":
                    if ($carp_setuped == false) {
                        $carp_setuped = true;
                    }
                    interface_carp_configure($vip);
                    break;
            }
        }
        /* Cleanup remaining old carps */
        foreach ($oldvips as $oldvipar) {
            $oldvipif = get_real_interface($oldvipar['interface']);
            if (!empty($oldvipif)) {
                if (is_ipaddrv6($oldvipar['subnet'])) {
                    mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
                } else {
                    pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
                }
            }
        }
        if ($carp_setuped == true) {
            interfaces_sync_setup();
        }
        if ($anyproxyarp == true) {
            interface_proxyarp_configure();
        }
    }
    if ($old_ipsec_enabled !== ipsec_enabled()) {
        vpn_ipsec_configure();
    }
    unset($old_config);
    return $xmlrpc_g['return']['true'];
}
Esempio n. 3
0
 /**
  * Restore defined config section into local config
  *
  * @param string $username
  * @param string $password
  * @param array $sections
  *
  * @return bool
  */
 public function restore_config_section($username, $password, $sections)
 {
     $this->auth($username, $password);
     global $config;
     $old_config = $config;
     $old_ipsec_enabled = ipsec_enabled();
     if ($this->loop_detected) {
         log_error("Disallowing CARP sync loop");
         return true;
     }
     /*
      * Some sections should just be copied and not merged or we end
      * up unable to sync the deletion of the last item in a section
      */
     $sync_full_sections = array('aliases', 'ca', 'cert', 'crl', 'dhcpd', 'dhcpv6', 'dnsmasq', 'filter', 'ipsec', 'load_balancer', 'nat', 'openvpn', 'schedules', 'unbound', 'wol');
     $syncd_full_sections = array();
     foreach ($sync_full_sections as $section) {
         if (!isset($sections[$section])) {
             continue;
         }
         $config[$section] = $sections[$section];
         unset($sections[$section]);
         $syncd_full_sections[] = $section;
     }
     $vipbackup = array();
     $oldvips = array();
     if (isset($sections['virtualip']) && is_array($config['virtualip']['vip'])) {
         foreach ($config['virtualip']['vip'] as $vip) {
             if ($vip['mode'] == "carp") {
                 $key = $vip['interface'] . "_vip" . $vip['vhid'];
                 $oldvips[$key]['content'] = $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'];
                 $oldvips[$key]['interface'] = $vip['interface'];
                 $oldvips[$key]['subnet'] = $vip['subnet'];
             } else {
                 if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) {
                     $oldvips[$vip['subnet']]['content'] = $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'];
                     $oldvips[$vip['subnet']]['interface'] = $vip['interface'];
                     $oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
                 } else {
                     if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) {
                         $vipbackup[] = $vip;
                     }
                 }
             }
         }
     }
     /* For vip section, first keep items sent from the master */
     $config = array_merge_recursive_unique($config, $sections);
     /*
      * Then add ipalias and proxyarp types already defined
      * on the backup
      */
     if (is_array($vipbackup) && !empty($vipbackup)) {
         if (!is_array($config['virtualip'])) {
             $config['virtualip'] = array();
         }
         if (!is_array($config['virtualip']['vip'])) {
             $config['virtualip']['vip'] = array();
         }
         foreach ($vipbackup as $vip) {
             array_unshift($config['virtualip']['vip'], $vip);
         }
     }
     /* Log what happened */
     $mergedkeys = implode(",", array_merge(array_keys($sections), $syncd_full_sections));
     write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
     /*
      * The real work on handling the vips specially
      * This is a copy of intefaces_vips_configure with addition of
      * not reloading existing/not changed carps
      */
     if (isset($sections['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
         $carp_setuped = false;
         $anyproxyarp = false;
         foreach ($config['virtualip']['vip'] as $vip) {
             $key = "{$vip['interface']}_vip{$vip['vhid']}";
             if ($vip['mode'] == "carp" && isset($oldvips[$key])) {
                 if ($oldvips[$key]['content'] == $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'] && does_vip_exist($vip)) {
                     unset($oldvips[$key]);
                     /*
                      * Skip reconfiguring this vips
                      * since nothing has changed.
                      */
                     continue;
                 }
             } elseif ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
                 $key = $vip['subnet'];
                 if ($oldvips[$key]['content'] == $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'] && does_vip_exist($vip)) {
                     unset($oldvips[$key]);
                     /*
                      * Skip reconfiguring this vips
                      * since nothing has changed.
                      */
                     continue;
                 }
                 unset($oldvips[$key]);
             }
             switch ($vip['mode']) {
                 case "proxyarp":
                     $anyproxyarp = true;
                     break;
                 case "ipalias":
                     interface_ipalias_configure($vip);
                     break;
                 case "carp":
                     $carp_setuped = true;
                     interface_carp_configure($vip);
                     break;
             }
         }
         /* Cleanup remaining old carps */
         foreach ($oldvips as $oldvipar) {
             $oldvipif = get_real_interface($oldvipar['interface']);
             if (empty($oldvipif)) {
                 continue;
             }
             if (is_ipaddrv6($oldvipar['subnet'])) {
                 mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
             } else {
                 pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
             }
         }
         if ($carp_setuped == true) {
             interfaces_sync_setup();
         }
         if ($anyproxyarp == true) {
             interface_proxyarp_configure();
         }
     }
     if ($old_ipsec_enabled !== ipsec_enabled()) {
         vpn_ipsec_configure();
     }
     unset($old_config);
     return true;
 }
Esempio n. 4
0
        $savemsg = gettext("CARP has been enabled.");
        if (is_array($config['virtualip']['vip'])) {
            $viparr =& $config['virtualip']['vip'];
            foreach ($viparr as $vip) {
                switch ($vip['mode']) {
                    case "carp":
                        interface_carp_configure($vip);
                        sleep(1);
                        break;
                    case "carpdev-dhcp":
                        interface_carpdev_configure($vip);
                        sleep(1);
                        break;
                    case "ipalias":
                        if (strstr($vip['interface'], "_vip")) {
                            interface_ipalias_configure($vip);
                        }
                        break;
                }
            }
        }
        interfaces_carp_setup();
        mwexec("/sbin/sysctl net.inet.carp.allow=1");
    }
}
$status = get_carp_status();
$pgtitle = array(gettext("Status"), gettext("CARP"));
include "head.inc";
?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
Esempio n. 5
0
function restore_config_section_xmlrpc($raw_params)
{
    global $config, $xmlrpc_g;
    $params = xmlrpc_params_to_php($raw_params);
    if (!xmlrpc_auth($params)) {
        xmlrpc_authfail();
        return $xmlrpc_g['return']['authfail'];
    }
    // Some sections should just be copied and not merged or we end
    //   up unable to sync the deletion of the last item in a section
    $sync_full = array('ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules');
    $sync_full_done = array();
    foreach ($sync_full as $syncfull) {
        if (isset($params[0][$syncfull])) {
            $config[$syncfull] = $params[0][$syncfull];
            unset($params[0][$syncfull]);
            $sync_full_done[] = $syncfull;
        }
    }
    $vipbackup = array();
    $oldvips = array();
    if (isset($params[0]['virtualip'])) {
        if (is_array($config['virtualip']['vip'])) {
            foreach ($config['virtualip']['vip'] as $vipindex => $vip) {
                if ($vip['mode'] == "carp") {
                    $oldvips["{$vip['interface']}_vip{$vip['vhid']}"] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}";
                } else {
                    if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip")) {
                        $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}";
                    } else {
                        if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !strstr($vip['interface'], "_vip")) {
                            $vipbackup[] = $vip;
                        }
                    }
                }
            }
        }
    }
    // For vip section, first keep items sent from the master
    $config = array_merge_recursive_unique($config, $params[0]);
    /* Then add ipalias and proxyarp types already defined on the backup */
    if (is_array($vipbackup) && !empty($vipbackup)) {
        if (!is_array($config['virtualip'])) {
            $config['virtualip'] = array();
        }
        if (!is_array($config['virtualip']['vip'])) {
            $config['virtualip']['vip'] = array();
        }
        foreach ($vipbackup as $vip) {
            array_unshift($config['virtualip']['vip'], $vip);
        }
    }
    /* Log what happened */
    $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done));
    write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
    /* 
     * The real work on handling the vips specially
     * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps
     */
    if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
        $carp_setuped = false;
        $anyproxyarp = false;
        foreach ($config['virtualip']['vip'] as $vip) {
            if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) {
                if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") {
                    if (does_vip_exist($vip)) {
                        unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
                        continue;
                        // Skip reconfiguring this vips since nothing has changed.
                    }
                }
                unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
            } else {
                if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
                    if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") {
                        if (does_vip_exist($vip)) {
                            unset($oldvips[$vip['subnet']]);
                            continue;
                            // Skip reconfiguring this vips since nothing has changed.
                        }
                    }
                    unset($oldvips[$vip['subnet']]);
                }
            }
            switch ($vip['mode']) {
                case "proxyarp":
                    $anyproxyarp = true;
                    break;
                case "ipalias":
                    interface_ipalias_configure(&$vip);
                    break;
                case "carp":
                    if ($carp_setuped == false) {
                        $carp_setuped = true;
                    }
                    interface_carp_configure($vip);
                    break;
                case "carpdev-dhcp":
                    interface_carpdev_configure($vip);
                    break;
            }
        }
        /* Cleanup remaining old carps */
        foreach ($oldvips as $oldvipif => $oldvippar) {
            if (!is_ipaddr($oldvipif) && does_interface_exist($oldvipif)) {
                pfSense_interface_destroy($oldvipif);
            }
        }
        if ($carp_setuped == true) {
            interfaces_carp_setup();
        }
        if ($anyproxyarp == true) {
            interface_proxyarp_configure();
        }
    }
    return $xmlrpc_g['return']['true'];
}