Skip to content

O
OpnSense
Commit c7ca7fc8 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

integrate new xmlrpc client, needs testing.

parent 869f61c2
Hide whitespace changes
Inline Side-by-side
Showing with 86 additions and 112 deletions
src/etc/rc.filter_synchronize
View file @ c7ca7fc8
...@@ -36,8 +36,8 @@ require_once("config.inc"); ...@@ -36,8 +36,8 @@ require_once("config.inc");
require_once("functions.inc"); require_once("functions.inc");
require_once("filter.inc"); require_once("filter.inc");
require_once("shaper.inc"); require_once("shaper.inc");
require_once("xmlrpc.inc");
require_once("interfaces.inc"); require_once("interfaces.inc");
require_once("XMLRPC_client.inc") ;
/* /*
* backup_vip_config_section($section): returns as an xml file string of * backup_vip_config_section($section): returns as an xml file string of
...@@ -83,58 +83,47 @@ function remove_special_characters($string) { ...@@ -83,58 +83,47 @@ function remove_special_characters($string) {
return $string; return $string;
} }
function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') { function carp_check_version($url, $username, $password, $method = 'opnsense.host_firmware_version') {
global $config, $g; global $config, $g;
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
return; return;
} }
$params = array(
XML_RPC_encode($password) $client = new SimpleXMLRPC_Client($url,240);
); $client->setCredentials($username, $password);
if ($client->query($method)) {
$numberofruns = 0; $remote_version = $client->getResponse();
while ($numberofruns < 2) { } else {
$msg = new XML_RPC_Message($method, $params); // propagate error to log
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $error = "An error occurred while attempting XMLRPC sync with username {$username} and {$url} " . $client->error ;
$cli->setCredentials($username, $password); log_error($error);
if($numberofruns > 0) file_notice("sync_settings", $error, "Settings Sync", "");
$cli->setDebug(1); // print communication details on failure
/* send our XMLRPC message and timeout after 240 seconds */ echo $client->getDetails();
$resp = $cli->send($msg, "240"); return false ;
if(!is_object($resp)) { }
$error = "A communications error occurred while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
} elseif($resp->faultCode()) { if (!is_array($remote_version) && trim($remote_version) == "Authentication failed") {
$error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); $error = "An authentication failure occurred while trying to access {$url} ({$method}).";
} else {
$parsed_response = XML_RPC_decode($resp->value());
if(!is_array($parsed_response)) {
if (trim($parsed_response) == "Authentication failed") {
$error = "An authentication failure occurred while trying to access {$url}:{$port} ({$method}).";
log_error($error);
file_notice("sync_settings", $error, "Settings Sync", "");
exit;
}
} else {
if (!isset($parsed_response['config_version']) ||
$parsed_response['config_version'] < $config['version']) {
update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
return false;
} else
return true;
}
}
log_error($error); log_error($error);
file_notice("sync_settings", $error, "Settings Sync", ""); file_notice("sync_settings", $error, "Settings Sync", "");
$numberofruns++; exit;
} }
return false; if (!isset($remote_version['config_version']) ||
$remote_version['config_version'] < $config['version']) {
update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!");
return false;
} else {
return true;
}
} }
function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { function carp_sync_xml($url, $username, $password, $sections, $method = 'opnsense.restore_config_section') {
global $config, $g; global $config, $g;
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
...@@ -229,44 +218,29 @@ function carp_sync_xml($url, $username, $password, $sections, $port = 80, $metho ...@@ -229,44 +218,29 @@ function carp_sync_xml($url, $username, $password, $sections, $port = 80, $metho
} }
} }
$params = array(
XML_RPC_encode($password), $client = new SimpleXMLRPC_Client($url,240);
XML_RPC_encode($xml) $client->setCredentials($username, $password);
); if ($client->query($method, $xml)) {
$response = $client->getResponse();
$numberofruns = 0; } else {
while ($numberofruns < 2) { // propagate error to log
log_error("Beginning XMLRPC sync to {$url}:{$port}."); $error = "An error occurred while attempting XMLRPC sync with username {$username} and {$url} " . $client->error ;
$msg = new XML_RPC_Message($method, $params); log_error($error);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); file_notice("sync_settings", $error, "Settings Sync", "");
$cli->setCredentials($username, $password); // print communication details on failure
if($numberofruns > 0) echo $client->getDetails();
$cli->setDebug(1); return false ;
/* send our XMLRPC message and timeout after 240 seconds */ }
$resp = $cli->send($msg, "240");
if(!is_object($resp)) { if (!is_array($response) && trim($response) == "Authentication failed") {
$error = "A communications error occurred while attempting XMLRPC sync with username {$username} {$url}:{$port}."; $error = "An authentication failure occurred while trying to access {$url} ({$method}).";
log_error($error); log_error($error);
file_notice("sync_settings", $error, "Settings Sync", ""); file_notice("sync_settings", $error, "Settings Sync", "");
} elseif($resp->faultCode()) { exit;
$error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Settings Sync", "");
} else {
$parsed_response = XML_RPC_decode($resp->value());
if(!is_array($parsed_response) && trim($parsed_response) == "Authentication failed") {
$error = "An authentication failure occurred while trying to access {$url}:{$port} ($method).";
log_error($error);
file_notice("sync_settings", $error, "Settings Sync", "");
exit;
} else {
log_error("XMLRPC sync successfully completed with {$url}:{$port}.");
update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}.");
}
$numberofruns = 3;
}
$numberofruns++;
} }
return true;
} }
global $g; global $g;
...@@ -283,28 +257,24 @@ if (is_array($config['hasync'])) { ...@@ -283,28 +257,24 @@ if (is_array($config['hasync'])) {
log_error("Config sync not being done because of missing sync IP (this is normal on secondary systems)."); log_error("Config sync not being done because of missing sync IP (this is normal on secondary systems).");
exit; exit;
} }
if(is_ipaddrv6($hasync['synchronizetoip']))
$hasync['synchronizetoip'] = "[{$hasync['synchronizetoip']}]";
/* /*
* XXX: The way we're finding the port right now is really suboptimal - * XXX: The way we're finding the port right now is really suboptimal -
* we can't assume that the other machine is setup identically. * we can't assume that the other machine is setup identically.
*/ */
if (!empty($config['system']['webgui']['protocol'])) { if (!empty($config['system']['webgui']['protocol'])) {
$synchronizetoip = $config['system']['webgui']['protocol']; $port = $config['system']['webgui']['port'];
$synchronizetoip .= "://"; if (!empty($port)) {
$synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'].':'.$port;
} elseif ($config['system']['webgui']['protocol'] == "http") {
$synchronizeto = $config['system']['webgui']['protocol'] . '://'.$hasync['synchronizetoip'] ;
} else {
}
} }
/* if port is empty lets rely on the protocol selection */
$port = $config['system']['webgui']['port'];
if (empty($port)) {
if ($config['system']['webgui']['protocol'] == "http")
$port = "80";
else
$port = "443";
}
if(is_ipaddrv6($hasync['synchronizetoip']))
$hasync['synchronizetoip'] = "[{$hasync['synchronizetoip']}]";
$synchronizetoip .= $hasync['synchronizetoip'];
if ($hasync['synchronizerules'] != "") { if ($hasync['synchronizerules'] != "") {
if (!is_array($config['filter'])) if (!is_array($config['filter']))
$config['filter'] = array(); $config['filter'] = array();
...@@ -405,30 +375,34 @@ if (is_array($config['hasync'])) { ...@@ -405,30 +375,34 @@ if (is_array($config['hasync'])) {
else else
$username = $hasync['username']; $username = $hasync['username'];
if (!carp_check_version($synchronizetoip, $username, $hasync['password'], $port)) if (!carp_check_version($synchronizeto, $username, $hasync['password'], $port))
exit; exit;
update_filter_reload_status("Signaling CARP reload signal..."); update_filter_reload_status("Signaling CARP reload signal...");
carp_sync_xml($synchronizetoip, $username, $hasync['password'], $sections, $port); carp_sync_xml($synchronizeto, $username, $hasync['password'], $sections, $port);
$cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
$params = array( $client = new SimpleXMLRPC_Client($synchronizeto,240);
XML_RPC_encode($hasync['password']) $client->setCredentials($username, $hasync['password']);
); if ($client->query("opnsense.filter_configure")) {
$response = $client->getResponse();
$msg = new XML_RPC_Message('pfsense.filter_configure', $params); } else {
$cli->setCredentials($username, $hasync['password']); // propagate error to log
$resp = $cli->send($msg, "900"); $error = "An error occurred while attempting XMLRPC sync with username {$username} and {$url} " . $client->error ;
log_error($error);
if (!is_object($resp)) { file_notice("sync_settings", $error, "Settings Sync", "");
$error = "A communications error occurred while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}."; // print communication details on failure
log_error($error); echo $client->getDetails();
file_notice("sync_settings", $error, "Settings Sync", ""); return false ;
} elseif($resp->faultCode()) { }
$error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
if (!is_array($response) && trim($response) == "Authentication failed") {
$error = "An authentication failure occurred while trying to access {$url} ({$method}).";
log_error($error); log_error($error);
file_notice("sync_settings", $error, "Settings Sync", ""); file_notice("sync_settings", $error, "Settings Sync", "");
} else { exit;
log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}.");
$numberofruns = 3;
} }
log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}.");
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023