openvpn: naming and call conventions, pull more internal code into plugin

Looking at openvpn_configure_server() and openvpn_configure_client()
it becomes a bit clearer why they take a config.xml subset: it's beause
the write_config() ordering was flipped.  We could probably now pass
an ID and let the code figure out if it is a client or server...

src/etc/inc/interfaces.inc

@@ -2486,26 +2486,9 @@ function interface_virtual_create($interface)
         interfaces_gre_configure(0, $interface);
     } elseif (substr($interface, 0, 3) == "gif") {
         interfaces_gif_configure(0, $interface);
-    } elseif (substr($interface, 0, 5) == "ovpns") {
-        if (isset($config['openvpn']['openvpn-server'])) {
-            foreach ($config['openvpn']['openvpn-server'] as $server) {
-                if ($interface == "ovpns{$server['vpnid']}") {
-                    log_error("OpenVPN: Resync server {$server['description']}");
-                    openvpn_resync('server', $server);
-                }
-            }
-            unset($server);
-        }
-    } elseif (substr($interface, 0, 5) == "ovpnc") {
-        if (isset($config['openvpn']['openvpn-client'])) {
-            foreach ($config['openvpn']['openvpn-client'] as $client) {
-                if ($interface == "ovpnc{$client['vpnid']}") {
-                    log_error("OpenVPN: Resync server {$client['description']}");
-                    openvpn_resync('client', $client);
-                }
-            }
-            unset($client);
-        }
+    } elseif (substr($interface, 0, 4) == "ovpn") {
+        /* XXX this looks like a plugin spot... */
+        openvpn_configure_interface($interface);
     } elseif (substr($interface, 0, 4) == "lagg") {
         interfaces_lagg_configure($interface);
     } elseif (substr($interface, 0, 6) == "bridge") {

src/etc/inc/plugins.inc.d/openvpn.inc

@@ -30,6 +30,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+function openvpn_configure()
+{
+    return array(
+        'interface' => array('openvpn_configure_do:2'),
+        'remote' => array('openvpn_configure_do'),
+    );
+}
+
 function openvpn_syslog()
 {
     $logfacilities = array();
@@ -995,14 +1003,13 @@ function openvpn_delete($mode, & $settings)
     @array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
 }
 
-
 /**
  * generate config (text) data for a single client specific override
  * @param array $settings csc item
  * @param array $server openvpn server item
  * @return string
  */
-function openvpn_resync_csc_conf($settings, $server)
+function openvpn_csc_conf($settings, $server)
 {
     $conf = '';
     if (!empty($settings['block'])) {
@@ -1065,7 +1072,7 @@ function openvpn_resync_csc_conf($settings, $server)
 /**
  * resync all client specific overrides
  */
-function openvpn_resync_csc()
+function openvpn_configure_csc()
 {
     global $config;
     $generated_cscs = array();
@@ -1087,7 +1094,7 @@ function openvpn_resync_csc()
                         if (!isset($generated_cscs[$server['vpnid']])) {
                             $generated_cscs[$vpnid] = array();
                         }
-                        $conf = openvpn_resync_csc_conf($settings, $server);
+                        $conf = openvpn_csc_conf($settings, $server);
                         $target_filename = "/var/etc/openvpn-csc/".$vpnid."/".$settings['common_name'];
                         file_put_contents($target_filename, $conf);
                         chown($target_filename, 'nobody');
@@ -1136,13 +1143,46 @@ function openvpn_prepare_all($verbose = false)
     }
 }
 
-function openvpn_resync($mode, $settings)
+function openvpn_configure_interface($interface)
 {
-    openvpn_reconfigure($mode, $settings);
-    openvpn_restart($mode, $settings);
+    global $config;
+
+    if (substr($interface, 0, 5) == 'ovpns') {
+       if (isset($config['openvpn']['openvpn-server'])) {
+            foreach ($config['openvpn']['openvpn-server'] as $server) {
+                if ($interface == "ovpns{$server['vpnid']}") {
+                    log_error("OpenVPN: Resync server {$server['description']}");
+                    openvpn_configure_server($server);
+                }
+            }
+            unset($server);
+        }
+    } elseif (substr($interface, 0, 5) == 'ovpnc') {
+        if (isset($config['openvpn']['openvpn-client'])) {
+            foreach ($config['openvpn']['openvpn-client'] as $client) {
+                if ($interface == "ovpnc{$client['vpnid']}") {
+                    log_error("OpenVPN: Resync server {$client['description']}");
+                    openvpn_configure_client($client);
+                }
+            }
+            unset($client);
+        }
+    }
+}
+
+function openvpn_configure_client($settings)
+{
+    openvpn_reconfigure('client', $settings);
+    openvpn_restart('client', $settings);
+}
+
+function openvpn_configure_server($settings)
+{
+    openvpn_reconfigure('server', $settings);
+    openvpn_restart('server', $settings);
 }
 
-function openvpn_resync_all($interface = null, $verbose = false)
+function openvpn_configure_do($verbose = false, $interface = '')
 {
     global $config;
 
@@ -1152,12 +1192,11 @@ function openvpn_resync_all($interface = null, $verbose = false)
         return;
     }
 
-    if ($verbose) {
-        echo 'Syncing OpenVPN settings...';
-        flush();
-    }
-
     if (!empty($interface)) {
+        $interface_real = get_real_interface($interface);
+        if (substr($interface_real, 0, 4) == 'ovpn') {
+            return;
+        }
         log_error(sprintf(
             'Resyncing OpenVPN instances for interface %s.',
             convert_friendly_interface_to_friendly_descr($interface)
@@ -1166,17 +1205,23 @@ function openvpn_resync_all($interface = null, $verbose = false)
         log_error('Resyncing OpenVPN instances.');
     }
 
+    if ($verbose) {
+        echo 'Syncing OpenVPN settings...';
+        flush();
+    }
+
     foreach (array('server', 'client') as $mode) {
         if (isset($config['openvpn']["openvpn-{$mode}"])) {
             foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) {
                 if (empty($interface) || $interface == $settings['interface']) {
-                    openvpn_resync($mode, $settings);
+                    openvpn_reconfigure($mode, $settings);
+                    openvpn_restart($mode, $settings);
                 }
             }
         }
     }
 
-    openvpn_resync_csc();
+    openvpn_configure_csc();
 
     if ($verbose) {
         echo "done.\n";
@@ -1532,31 +1577,36 @@ function openvpn_get_remote_access_servers()
 }
 
 // Resync and restart all VPNs using a gateway group.
-function openvpn_resync_gwgroup($gwgroupname = "") {
+function openvpn_configure_gwgroup($gwgroupname = '')
+{
     global $config;
 
-    if (!empty($gwgroupname)) {
-        if (isset($config['openvpn']['openvpn-server'])) {
-            foreach ($config['openvpn']['openvpn-server'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
-                    openvpn_resync('server', $settings);
-                }
+    if (empty($gwgroupname)) {
+        log_error("openvpn_configure_gwgroup() called without gwgroup parameter.");
+        return;
+    }
+
+    if (isset($config['openvpn']['openvpn-server'])) {
+        foreach ($config['openvpn']['openvpn-server'] as & $settings) {
+            if ($gwgroupname == $settings['interface']) {
+                log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . ".");
+                openvpn_reconfigure('server', $settings);
+                openvpn_restart('server', $settings);
             }
         }
+    }
 
-        if (isset($config['openvpn']['openvpn-client'])) {
-            foreach ($config['openvpn']['openvpn-client'] as & $settings) {
-                if ($gwgroupname == $settings['interface']) {
-                    log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
-                    openvpn_resync('client', $settings);
-                }
+    if (isset($config['openvpn']['openvpn-client'])) {
+        foreach ($config['openvpn']['openvpn-client'] as & $settings) {
+            if ($gwgroupname == $settings['interface']) {
+                log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . ".");
+                openvpn_reconfigure('client', $settings);
+                openvpn_restart('client', $settings);
             }
         }
-        // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
-    } else {
-        log_error("openvpn_resync_gwgroup called with null gwgroup parameter.");
     }
+
+    // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these.
 }
 
 function openvpn_refresh_crls()
@@ -1614,7 +1664,8 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface)
     }
     if ($resync_needed == true) {
         log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
-        openvpn_resync($mode, $ovpn_settings);
+        openvpn_reconfigure($mode, $ovpn_settings);
+        openvpn_restart($mode, $ovpn_settings);
     }
 }
 

src/etc/inc/plugins.inc.d/openvpn/wizard.inc

@@ -731,9 +731,11 @@ function step12_submitphpaction()
 
     $config['openvpn']['openvpn-server'][] = $server;
 
-    openvpn_resync('server', $server);
     write_config();
 
+    openvpn_configure_server($server);
+    openvpn_configure_csc();
+
     header(url_safe('Location: /vpn_openvpn_server.php'));
     exit;
 }

src/etc/inc/xmlrpc/legacy.inc

@@ -137,7 +137,6 @@ function filter_configure_xmlrpc()
     local_sync_accounts();
     plugins_configure('dns');
     services_dhcpd_configure();
-    openvpn_resync_all();
     plugins_configure('remote');
 
     return true;

src/etc/rc.bootup

@@ -93,7 +93,7 @@ system_syslogd_start(true);
 
 openvpn_prepare_all(true);
 interfaces_configure(true);
-openvpn_resync_all(null, true);
+openvpn_configure_do(true);
 
 system_resolvconf_generate(true);
 filter_configure_sync(true);

src/etc/rc.newwanip

@@ -181,16 +181,11 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
         @file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
     }
 
-    /* start OpenVPN server & clients */
-    if (substr($interface_real, 0, 4) != "ovpn") {
-        openvpn_resync_all($interface);
-    }
+    /* reload plugins */
+    plugins_configure('interface', false, array($interface));
 
     /* reload graphing functions */
     enable_rrd_graphing();
-
-    /* reload plugins */
-    plugins_configure('interface', false, array($interface));
 }
 
 /* reload filter, don't try to sync to carp slave */

src/etc/rc.newwanipv6

@@ -121,13 +121,9 @@ if (is_ipaddrv6($oldipv6)) {
     if ($curwanipv6 == $oldipv6) {
         // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing.
         if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) {
-            /* XXX WHY IN GODS NAME IS THIS CALLED TWICE AND CUT SHORT?? */
+            /* XXX migrate this: we should unify the reload */
             ipsec_configure_do(false, $inteface);
-
-            /* start OpenVPN server & clients */
-            if (substr($interface_real, 0, 4) != "ovpn") {
-                openvpn_resync_all($interface);
-            }
+            openvpn_configure_do(false, $interface);
         }
         return;
     } elseif (does_interface_exist($interface_real)) {
@@ -137,13 +133,8 @@ if (is_ipaddrv6($oldipv6)) {
     file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
 }
 
-/* start OpenVPN server & clients */
-if (substr($interface_real, 0, 4) != 'ovpn') {
-    openvpn_resync_all($interface);
-}
+/* reload plugins */
+plugins_configure('interface', false, array($interface));
 
 /* reload graphing functions */
 enable_rrd_graphing();
-
-/* reload plugins */
-plugins_configure('interface', false, array($interface));

src/www/system_gateway_groups.php

@@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         foreach ($a_gateway_groups as $gateway_group) {
             $gw_subsystem = 'gwgroup.' . $gateway_group['name'];
             if (is_subsystem_dirty($gw_subsystem)) {
-                openvpn_resync_gwgroup($gateway_group['name']);
+                openvpn_configure_gwgroup($gateway_group['name']);
                 clear_subsystem_dirty($gw_subsystem);
             }
         }

src/www/vpn_openvpn_client.php

@@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             } else {
                 $a_client[$id]['disable'] = true;
             }
-            openvpn_resync('client', $a_client[$id]);
             write_config();
+            openvpn_configure_client($a_client[$id]);
         }
         header(url_safe('Location: /vpn_openvpn_client.php'));
         exit;
@@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_client[] = $client;
             }
 
-            openvpn_resync('client', $client);
             write_config();
 
+            openvpn_configure_client($client);
+
             header(url_safe('Location: /vpn_openvpn_client.php'));
             exit;
         }

src/www/vpn_openvpn_csc.php

@@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_csc[$id]['disable'] = true;
             }
             write_config();
-            openvpn_resync_csc();
+            openvpn_configure_csc();
         }
         header(url_safe('Location: /vpn_openvpn_csc.php'));
         exit;
@@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 @unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn));
             }
             write_config();
-            openvpn_resync_csc();
+            openvpn_configure_csc();
 
             header(url_safe('Location: /vpn_openvpn_csc.php'));
             exit;

src/www/vpn_openvpn_server.php

@@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             } else {
                 $a_server[$id]['disable'] = true;
             }
-            openvpn_resync('server', $a_server[$id]);
             write_config();
+            openvpn_configure_server($a_server[$id]);
         }
         header(url_safe('Location: /vpn_openvpn_server.php'));
         exit;
@@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $a_server[] = $server;
             }
 
-            openvpn_resync('server', $server);
             write_config();
-            openvpn_resync_csc(); // dump client specific overrides, the required set may have changed
+
+            openvpn_configure_server($server);
+            openvpn_configure_csc();
 
             header(url_safe('Location: /vpn_openvpn_server.php'));
             exit;