-
Notifications
You must be signed in to change notification settings - Fork 274
/
configuration.functions
254 lines (220 loc) · 10.5 KB
/
configuration.functions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#!/bin/bash
export PF_CONF_PATH="/usr/local/pf/conf/pf.conf"
function ipcalc_wrapper() {
if is_deb_based; then
ipcalc-ng $@
else
ipcalc $@
fi
}
function get_config_files() {
files=`perl -I/usr/local/pf/lib_perl/lib/perl5 -I/usr/local/pf/lib -Mpf::file_paths -e 'print join("\n", @pf::file_paths::stored_config_files) . "\n"'`
files="$files /usr/local/pf/conf/pfconfig.conf"
files="$files `cat add_files.txt`"
echo $files
}
function restore_config_files() {
echo "Restoring configuration files"
dump_dir="$1"
files=`get_config_files`
for f in $files; do
echo "Restoring $f"
mkdir -p `dirname $f`
check_code $?
if [ -f $dump_dir$f ]; then
cp -a "$dump_dir$f" $f
check_code $?
chown pf: $f
check_code $?
else
echo "WARN: Unable to find $f in the restore directory"
fi
done
}
function list_pf_interfaces() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "print join(\"\n\", Config::IniFiles->new( -file => '$PF_CONF_PATH')->GroupMembers('interface')) . \"\n\"" | sed 's/^interface //g'
}
function get_os_ip_address() {
ip -br -o a show dev $1 | egrep -o '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1
}
function get_os_ip_cidr() {
ip -br -o a show dev $1 | egrep -o '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+' | head -1
}
function get_os_netmask() {
ip_cidr=`get_os_ip_cidr $1`
ipcalc_wrapper $ip_cidr | grep "^Netmask:" | egrep -o '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'
}
function get_os_network() {
ip_cidr=`get_os_ip_cidr $1`
get_ip_network $ip_cidr
}
function get_ip_network() {
ipcalc_wrapper $1 --class-prefix | grep '^Network' | egrep -o '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'
}
function get_pf_ip_address() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "print Config::IniFiles->new( -file => '$PF_CONF_PATH')->val('interface $1', 'ip')"
}
function pf_has_network() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/networks.conf') ; \$c->SectionExists('$1') ? exit(0) : exit(1)"
}
function rewrite_pf_ip_address() {
int="$1"
old_ip=`get_pf_ip_address $int`
new_ip="$2"
new_mask="$3"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->setval('interface $int', 'ip', '$new_ip') ; \$c->RewriteConfig"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->setval('interface $int', 'mask', '$new_mask') ; \$c->RewriteConfig"
echo "Changed IP settings of $int to $new_ip/$new_mask in pf.conf"
if [ "`get_ip_network $old_ip`" = "`get_ip_network $new_ip`" ]; then
# This will rewrite references to the old IP in layer 2 networks
network=`get_os_network $int`
if pf_has_network $network; then
echo "Rewriting gateway and DNS server of $network to point to $new_ip"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/networks.conf') ; \$c->setval('$network', 'gateway', '$new_ip') ; \$c->RewriteConfig"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/networks.conf') ; \$c->setval('$network', 'dns', '$new_ip') ; \$c->RewriteConfig"
fi
# This will rewrite references to the old IP in any routed networks
echo "Rewriting $old_ip to $new_ip in networks.conf"
old_ip_escaped=`echo "$old_ip" | sed 's/\./\\./g'`
sed -i 's/=\s*'$old_ip_escaped'\s*$/='$new_ip'/g' /usr/local/pf/conf/networks.conf
else
echo "The new IP ($new_ip) is not in the same network as the previous IP address ($old_ip). This tool will not be able to migrate the configuration in networks.conf. Make sure you adjust it manually with the new IP settings after this script completes. Press enter to continue..."
read
fi
}
function rename_interface() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->RenameSection('interface $1', 'interface $2') ; \$c->RewriteConfig"
echo "Renamed $1 to $2 in pf.conf"
}
function delete_interface() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->DeleteSection('interface $1') ; \$c->RewriteConfig"
echo "Deleted interface $1 in pf.conf"
}
function get_pf_interface_type() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "print Config::IniFiles->new( -file => '$PF_CONF_PATH')->val('interface $1', 'type')"
}
function handle_interface_exists() {
interface="$1"
os_ip=`get_os_ip_address $interface`
os_netmask=`get_os_netmask $interface`
pf_ip=`get_pf_ip_address $interface`
if [ "$os_ip" == "$pf_ip" ]; then
echo "IP address on $interface is the same on the operating system as it is in pf.conf. Nothing to do for this one!"
else
sub_splitter
if prompt "IP address on interface $interface differs from the one in pf.conf. If you wish to use $pf_ip as the IP address on this server, you need to change the IP before running this script or after. Do you want to adjust pf.conf to use $os_ip on $interface?"; then
echo "Rewritting IP address for $interface to $os_ip with netmask $os_netmask in pf.conf"
rewrite_pf_ip_address $interface $os_ip $os_netmask
check_code $?
elif prompt "Do you wish to delete $interface from pf.conf?"; then
delete_interface $interface
else
echo "Leaving $interface untouched in pf.conf. Make sure you adjust the IP on the operating system and in pf.conf after the import."
fi
fi
}
function handle_network_change() {
echo "Checking interfaces in pf.conf for any necessary network configuration changes"
for interface in `list_pf_interfaces`; do
sub_splitter
echo "Found interface $interface in pf.conf"
if ip a show dev $interface > /dev/null && get_os_ip_address $interface >/dev/null; then
handle_interface_exists $interface
check_code $?
else
stop_it=""
while [ -z "$stop_it" ]; do
sub_splitter
ip a show | sed -r 's/^([0-9])/Option \1/'
sub_splitter
echo "Cannot find interface $interface on the system or this interface doesn't have an IP address. This interface is defined as '`get_pf_interface_type $interface`' in the configuration"
echo -n "Please select a new interface to replace $interface from the list above or press enter to delete the interface from pf.conf: "
read new_int_choice
if [ -n "$new_int_choice" ]; then
new_int_name=`ip a show | egrep -o '^'$new_int_choice': .+?:' | sed -r 's/^[0-9]+: //g' | sed 's/:$//g' | sed 's/@.*$//' | grep -P '.+' || echo "$new_int_choice"`
if [ -z "$new_int_name" ] || ! get_os_ip_address $new_int_name >/dev/null; then
echo "ERROR: Invalid interface choice! Make sure the interface you select has a valid IP address."
else
if prompt "Are you sure you want to use $new_int_name? "; then
rename_interface $interface $new_int_name
handle_interface_exists $new_int_name
stop_it="yes"
fi
fi
else
if prompt "Are you sure you want to delete interface $interface from pf.conf"; then
delete_interface $interface
stop_it="yes"
fi
fi
done
fi
done
}
function get_configuration_upgrade_scripts() {
since="$1"
scripts=""
for version in `versions_since $since`; do
scripts="$scripts `ls /usr/local/pf/addons/upgrade/to-$version-*`"
done
echo $scripts
}
function upgrade_imported_configuration() {
dump_version=`egrep -o '[0-9]+\.[0-9]+\.[0-9]+$' usr/local/pf/conf/pf-release`
echo "Detected version $dump_version in the export's pf-release"
upgrade_configuration $dump_version
}
function upgrade_configuration() {
previous_version="$1"
echo "Starting the upgrade of the configuration from $previous_version"
for script in `get_configuration_upgrade_scripts $previous_version`; do
sub_splitter
echo "Running $script"
$script
done
}
function restore_certificates() {
cp -a usr/local/pf/conf/ssl/* /usr/local/pf/conf/ssl/
cp -a usr/local/pf/raddb/certs/* /usr/local/pf/raddb/certs/
}
function restore_profile_templates() {
if [ -d usr/local/pf/html/captive-portal/profile-templates ]; then
echo "Found profile templates to restore"
rm -fr /usr/local/pf/html/captive-portal/profile-templates
cp -a usr/local/pf/html/captive-portal/profile-templates /usr/local/pf/html/captive-portal/profile-templates
else
echo "No profile templates to restore"
fi
}
function adjust_configuration() {
echo "Setting localhost as the database host"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/pfconfig.conf') ; \$c->setval('mysql', 'host', 'localhost') ; \$c->RewriteConfig"
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->setval('database', 'host', 'localhost') ; \$c->RewriteConfig"
if get_pfconfig_database_port; then
delete_pfconfig_database_port
fi
if get_pf_database_port; then
delete_pf_database_port
fi
}
function get_pfconfig_database_port() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/pfconfig.conf') ; \$c->exists('mysql', 'port') ? exit(0) : exit(1)"
}
function get_pf_database_port() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->exists('database', 'port') ? exit(0) : exit(1)"
}
function delete_pfconfig_database_port() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '/usr/local/pf/conf/pfconfig.conf') ; \$c->delval('mysql', 'port') ; \$c->RewriteConfig"
echo "Deleted database port in pfconfig.conf"
}
function delete_pf_database_port() {
perl -MConfig::IniFiles -I/usr/local/pf/lib_perl/lib/perl5/ -e "\$c = Config::IniFiles->new( -file => '$PF_CONF_PATH') ; \$c->delval('database', 'port') ; \$c->RewriteConfig"
echo "Deleted database port in pf.conf"
}
function is_cluster() {
[ `perl -I/usr/local/pf/lib_perl/lib/perl5/ -I/usr/local/pf/lib -Mpf::config::cluster -e 'print $cluster_enabled'` -eq 1 ]
}
function get_pf_version_in_export() {
export_dir=$1
egrep -o '[0-9]+\.[0-9]+\.[0-9]+$' $export_dir/usr/local/pf/conf/pf-release
}