start to hide IPsec and OpenVPN for pluginification

9b694b70 · Franco Fichtner · 2058b1cf · 9b694b70 · 9b694b70 · 9b694b70
Commit 9b694b70 authored Mar 11, 2017 by Franco Fichtner
29 changed files
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -1452,3 +1452,90 @@ function openvpn_get_remote_access_servers()
    }
    return $result;
 }
+
+// Resync and restart all VPNs using a gateway group.
+function openvpn_resync_gwgroup($gwgroupname = "") {
+    global $config;
+
+    if (!empty($gwgroupname)) {
+        if (isset($config['openvpn']['openvpn-server'])) {
+            foreach ($config['openvpn']['openvpn-server'] as & $settings) {
+                if ($gwgroupname == $settings['interface']) {
+                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
+                    openvpn_resync('server', $settings);
+                }
+            }
+        }
+
+        if (isset($config['openvpn']['openvpn-client'])) {
+            foreach ($config['openvpn']['openvpn-client'] as & $settings) {
+                if ($gwgroupname == $settings['interface']) {
+                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
+                    openvpn_resync('client', $settings);
+                }
+            }
+        }
+        // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
+    } else {
+        log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
+    }
+}
+
+function openvpn_refresh_crls()
+{
+    global $config;
+
+    openvpn_create_dirs();
+
+    if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
+        foreach ($config['openvpn']['openvpn-server'] as $settings) {
+            if (empty($settings) || isset($settings['disable'])) {
+                continue;
+            }
+            // Write the settings for the keys
+            switch($settings['mode']) {
+                case 'p2p_tls':
+                case 'server_tls':
+                case 'server_tls_user':
+                case 'server_user':
+                    if (!empty($settings['crlref'])) {
+                        $crl = lookup_crl($settings['crlref']);
+                        crl_update($crl);
+                        $fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
+                        file_put_contents($fpath, base64_decode($crl['text']));
+                        @chmod($fpath, 0644);
+                    }
+                    break;
+            }
+        }
+    }
+}
+
+function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
+{
+	global $config;
+
+	$resync_needed = true;
+	if (isset($ovpn_settings['disable'])) {
+		$resync_needed = false;
+	} else {
+		if (!empty($interface)) {
+			$mode_id = $mode . $ovpn_settings['vpnid'];
+			$fpath = "/var/etc/openvpn/{$mode_id}.interface";
+			if (file_exists($fpath)) {
+				$current_device = file_get_contents($fpath);
+				$current_device = trim($current_device, " \t\n");
+				$new_device = get_failover_interface($ovpn_settings['interface']);
+				if (isset($config['interfaces'][$interface])) {
+					$this_device = $config['interfaces'][$interface]['if'];
+					if (($current_device == $new_device) && ($current_device != $this_device))
+						$resync_needed = false;
+				}
+			}
+		}
+	}
+	if ($resync_needed == true) {
+		log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
+		openvpn_resync($mode, $ovpn_settings);
+	}
+}
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -37,9 +37,16 @@
 * from system.inc, but its movable parts belong to
 * system.inc, while all services belong to their own
 * files.  Maybe eventually this will change...
+ *
+ * ... it does, but now we also chain IPsec and OpenVPN
+ * through this in order to remove the widespread usage
+ * of includes and switch them for a cleaner "services.inc"
+ * include.
 */
 require_once('dyndns.class');
 require_once('plugins.inc.d/dnsmasq.inc');
+require_once('ipsec.inc');
+require_once('openvpn.inc');
 require_once('plugins.inc.d/unbound.inc');

 function generate_ipv6_from_mac($mac)

--- a/src/etc/inc/xmlrpc/legacy.inc
+++ b/src/etc/inc/xmlrpc/legacy.inc
@@ -127,7 +127,6 @@ function filter_configure_xmlrpc()
    require_once("system.inc");
    require_once("util.inc");
    require_once("interfaces.inc");
-    require_once("openvpn.inc");
    require_once("services.inc");
    require_once("rrd.inc");

@@ -156,8 +155,8 @@ function restore_config_section_xmlrpc($new_config)
    global $config;

    require_once("interfaces.inc");
+    require_once("services.inc");
    require_once("filter.inc");
-    require_once("ipsec.inc");

    // save old config
    $old_config = $config;

--- a/src/etc/inc/xmlrpc/service.inc
+++ b/src/etc/inc/xmlrpc/service.inc
@@ -31,9 +31,7 @@
 require_once("services.inc");
 require_once("system.inc");
 require_once('util.inc');
-require_once("openvpn.inc");
 require_once("filter.inc");
-require_once("ipsec.inc");
 require_once("interfaces.inc");
 require_once("rrd.inc");


--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -45,8 +45,6 @@ $inc_files = array(
    'services.inc',
    'system.inc',
    'filter.inc',
-    'ipsec.inc',
-    'openvpn.inc',
    'rrd.inc',
 );


--- a/src/etc/rc.filter_configure_sync
+++ b/src/etc/rc.filter_configure_sync
@@ -30,7 +30,6 @@
 require_once("config.inc");
 require_once("util.inc");
 require_once("filter.inc");
-require_once("ipsec.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");

--- a/src/etc/rc.initial.setlanip
+++ b/src/etc/rc.initial.setlanip
@@ -30,9 +30,7 @@
 /* parse the configuration and include all functions used below */
 require_once("config.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("util.inc");
-require_once("ipsec.inc");
 require_once("filter.inc");
 require_once("rrd.inc");
 require_once("util.inc");

--- a/src/etc/rc.initial.setports
+++ b/src/etc/rc.initial.setports
@@ -31,12 +31,10 @@ require_once("config.inc");
 require_once("config.console.inc");
 require_once("filter.inc");
 require_once("util.inc");
-require_once("ipsec.inc");
 require_once("rrd.inc");
 require_once("system.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");

 system_console_mute();


--- a/src/etc/rc.interfaces_wan_configure
+++ b/src/etc/rc.interfaces_wan_configure
@@ -32,8 +32,6 @@ require_once('auth.inc');
 require_once("util.inc");
 require_once("filter.inc");
 require_once("system.inc");
-require_once('ipsec.inc');
-require_once('openvpn.inc');
 require_once("interfaces.inc");
 require_once("services.inc");


--- a/src/etc/rc.linkup
+++ b/src/etc/rc.linkup
@@ -31,8 +31,6 @@ require_once("config.inc");
 require_once('auth.inc');
 require_once("filter.inc");
 require_once("interfaces.inc");
-require_once('ipsec.inc');
-require_once('openvpn.inc');
 require_once("util.inc");
 require_once("system.inc");
 require_once("services.inc");

--- a/src/etc/rc.newwanip
+++ b/src/etc/rc.newwanip
@@ -31,8 +31,6 @@
 require_once("config.inc");
 require_once('auth.inc');
 require_once("filter.inc");
-require_once('ipsec.inc');
-require_once("openvpn.inc");
 require_once("rrd.inc");
 require_once("util.inc");
 require_once("system.inc");

--- a/src/etc/rc.newwanipv6
+++ b/src/etc/rc.newwanipv6
@@ -32,8 +32,6 @@
 require_once("config.inc");
 require_once("interfaces.inc");
 require_once("filter.inc");
-require_once('ipsec.inc');
-require_once("openvpn.inc");
 require_once("services.inc");
 require_once("rrd.inc");
 require_once("util.inc");

--- a/src/etc/rc.openvpn
+++ b/src/etc/rc.openvpn
@@ -61,35 +61,6 @@ function gateway_is_gwgroup_member($name)
 	return $members;
 }

-function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
-{
-	global $config;
-
-	$resync_needed = true;
-	if (isset($ovpn_settings['disable'])) {
-		$resync_needed = false;
-	} else {
-		if (!empty($interface)) {
-			$mode_id = $mode . $ovpn_settings['vpnid'];
-			$fpath = "/var/etc/openvpn/{$mode_id}.interface";
-			if (file_exists($fpath)) {
-				$current_device = file_get_contents($fpath);
-				$current_device = trim($current_device, " \t\n");
-				$new_device = get_failover_interface($ovpn_settings['interface']);
-				if (isset($config['interfaces'][$interface])) {
-					$this_device = $config['interfaces'][$interface]['if'];
-					if (($current_device == $new_device) && ($current_device != $this_device))
-						$resync_needed = false;
-				}
-			}
-		}
-	}
-	if ($resync_needed == true) {
-		log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
-		openvpn_resync($mode, $ovpn_settings);
-	}
-}
-
 function try_lock($lock, $timeout = 5)
 {
 	if (!$lock) {

--- a/src/etc/rc.reload_all
+++ b/src/etc/rc.reload_all
@@ -29,10 +29,8 @@

 require_once("config.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("filter.inc");
 require_once("auth.inc");
-require_once('ipsec.inc');
 require_once('rrd.inc');
 require_once("util.inc");
 require_once("system.inc");

--- a/src/etc/rc.reload_interfaces
+++ b/src/etc/rc.reload_interfaces
@@ -30,8 +30,6 @@
 require_once("config.inc");
 require_once("filter.inc");
 require_once("util.inc");
-require_once("openvpn.inc");
-require_once('ipsec.inc');
 require_once("system.inc");
 require_once("interfaces.inc");
 require_once("services.inc");

--- a/src/www/interfaces.php
+++ b/src/www/interfaces.php
@@ -36,8 +36,6 @@ require_once("filter.inc");
 require_once("rrd.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("ipsec.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 /***************************************************************************************************************

--- a/src/www/interfaces_assign.php
+++ b/src/www/interfaces_assign.php
@@ -33,8 +33,6 @@ require_once("filter.inc");
 require_once("rrd.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("ipsec.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 function list_interfaces() {

--- a/src/www/interfaces_bridge_edit.php
+++ b/src/www/interfaces_bridge_edit.php
@@ -30,7 +30,6 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 if (!isset($config['bridges']) || !is_array($config['bridges'])) {

--- a/src/www/interfaces_gif_edit.php
+++ b/src/www/interfaces_gif_edit.php
@@ -30,7 +30,6 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 if (!isset($config['gifs']) || !is_array($config['gifs'])) {

--- a/src/www/interfaces_gre_edit.php
+++ b/src/www/interfaces_gre_edit.php
@@ -30,7 +30,6 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 if (!isset($config['gres']) || !is_array($config['gres'])) {

--- a/src/www/interfaces_lagg_edit.php
+++ b/src/www/interfaces_lagg_edit.php
@@ -30,7 +30,6 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 /**

--- a/src/www/interfaces_vlan_edit.php
+++ b/src/www/interfaces_vlan_edit.php
@@ -30,7 +30,6 @@
 require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("services.inc");

 if (!isset($config['vlans']) || !is_array($config['vlans'])) {

--- a/src/www/status_interfaces.php
+++ b/src/www/status_interfaces.php
@@ -32,8 +32,6 @@ require_once("guiconfig.inc");
 require_once("system.inc");
 require_once("services.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
-require_once("services.inc");

 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!empty($_POST['if']) && !empty($_POST['submit'])) {

--- a/src/www/status_services.php
+++ b/src/www/status_services.php
@@ -31,9 +31,7 @@
 require_once("guiconfig.inc");
 require_once("services.inc");
 require_once("system.inc");
-require_once("openvpn.inc");
 require_once("filter.inc");
-require_once("ipsec.inc");
 require_once("interfaces.inc");
 require_once("rrd.inc");


--- a/src/www/system_advanced_misc.php
+++ b/src/www/system_advanced_misc.php
@@ -31,7 +31,7 @@

 require_once("guiconfig.inc");
 require_once("filter.inc");
-require_once("ipsec.inc");
+require_once("services.inc");
 require_once("system.inc");
 require_once("interfaces.inc");


--- a/src/www/system_crlmanager.php
+++ b/src/www/system_crlmanager.php
@@ -28,39 +28,7 @@
 */

 require_once('guiconfig.inc');
-require_once('openvpn.inc');
-
-function openvpn_refresh_crls()
-{
-    global $config;
-
-    openvpn_create_dirs();
-
-    if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
-        foreach ($config['openvpn']['openvpn-server'] as $settings) {
-            if (empty($settings) || isset($settings['disable'])) {
-                continue;
-            }
-            // Write the settings for the keys
-            switch($settings['mode']) {
-                case 'p2p_tls':
-                case 'server_tls':
-                case 'server_tls_user':
-                case 'server_user':
-                    if (!empty($settings['crlref'])) {
-                        $crl = lookup_crl($settings['crlref']);
-                        crl_update($crl);
-                        $fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
-                        file_put_contents($fpath, base64_decode($crl['text']));
-                        @chmod($fpath, 0644);
-                    }
-                    break;
-            }
-        }
-    }
-}
-
-
+require_once('services.inc');

 function cert_unrevoke($cert, & $crl) {
    global $config;
@@ -85,6 +53,7 @@ function cert_unrevoke($cert, & $crl) {
    }
    return false;
 }
+
 // openssl_crl_status messages from certs.inc
 global $openssl_crl_status;


--- a/src/www/system_gateway_groups.php
+++ b/src/www/system_gateway_groups.php
@@ -29,40 +29,10 @@

 require_once("guiconfig.inc");
 require_once("interfaces.inc");
-require_once("openvpn.inc");
 require_once("system.inc");
 require_once("services.inc");
 require_once("rrd.inc");

-// Resync and restart all VPNs using a gateway group.
-function openvpn_resync_gwgroup($gwgroupname = "") {
-    global $config;
-
-    if (!empty($gwgroupname)) {
-        if (isset($config['openvpn']['openvpn-server'])) {
-            foreach ($config['openvpn']['openvpn-server'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
-                    openvpn_resync('server', $settings);
-                }
-            }
-        }
-
-        if (isset($config['openvpn']['openvpn-client'])) {
-            foreach ($config['openvpn']['openvpn-client'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
-                    openvpn_resync('client', $settings);
-                }
-            }
-        }
-        // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
-    } else {
-        log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
-    }
-}
-
-
 if (!isset($config['gateways']['gateway_group']) || !is_array($config['gateways']['gateway_group'])) {
    $a_gateway_groups = array();
 } else {

--- a/src/www/system_gateway_groups_edit.php
+++ b/src/www/system_gateway_groups_edit.php
@@ -28,7 +28,6 @@
 */

 require_once("guiconfig.inc");
-require_once("ipsec.inc");
 require_once("services.inc");
 require_once("interfaces.inc");


--- a/src/www/widgets/widgets/services_status.widget.php
+++ b/src/www/widgets/widgets/services_status.widget.php
@@ -32,7 +32,6 @@
 require_once("guiconfig.inc");
 require_once("services.inc");
 require_once("system.inc");
-require_once("ipsec.inc");
 require_once("interfaces.inc");

 $services = services_get();