interfaces: add ability to lock vital interfaces

They will prevent any interface mismatch and individual deletion from the GUI on the assignment page. PR: https://forum.opnsense.org/index.php?topic=5667.0
opnsense · Aug 7, 2017 · 81aed98 · 81aed98
1 parent bd6c566
commit 81aed98
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 28 deletions.
diff --git a/src/etc/inc/console.inc b/src/etc/inc/console.inc
@@ -1,7 +1,7 @@
 <?php
 
 /*
- * Copyright (C) 2015-2016 Franco Fichtner <franco@opnsense.org>
+ * Copyright (C) 2015-2017 Franco Fichtner <franco@opnsense.org>
  * Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com>
  * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
  * All rights reserved.
@@ -48,6 +48,23 @@ function timeout($timer = 5)
     return $key;
 }
 
+function is_interface_mismatch()
+{
+    foreach (legacy_config_get_interfaces(array("virtual" => false)) as $ifname => $ifcfg) {
+        if (!empty($ifcfg['lock'])) {
+            /* Do not mismatch if any lock was issued */
+            break;
+        } elseif (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^tinc|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
+            /* Do not check these interfaces */
+            continue;
+        } elseif (does_interface_exist($ifcfg['if']) == false) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 function set_networking_interfaces_ports($probe = false)
 {
     global $config;

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
@@ -4913,21 +4913,3 @@ function get_carp_interface_status($carpinterface)
     }
     return;
 }
-
-function is_interface_mismatch()
-{
-    global $config;
-
-    if (isset($config['interfaces'])) {
-        foreach (legacy_config_get_interfaces(array("virtual" => false)) as $ifname => $ifcfg) {
-            if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^tinc|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
-                /* Do not check these interfaces */
-                continue;
-            } elseif (does_interface_exist($ifcfg['if']) == false) {
-                return true;
-            }
-        }
-    }
-
-    return false;
-}
diff --git a/src/www/interfaces.php b/src/www/interfaces.php
@@ -356,6 +356,7 @@ function get_wireless_channel_info($interface) {
         $pconfig[$fieldname] = isset($a_interfaces[$if][$fieldname]) ? $a_interfaces[$if][$fieldname] : null;
     }
     $pconfig['enable'] = isset($a_interfaces[$if]['enable']);
+    $pconfig['lock'] = isset($a_interfaces[$if]['lock']);
     $pconfig['blockpriv'] = isset($a_interfaces[$if]['blockpriv']);
     $pconfig['blockbogons'] = isset($a_interfaces[$if]['blockbogons']);
     $pconfig['dhcp6-ia-pd-send-hint'] = isset($a_interfaces[$if]['dhcp6-ia-pd-send-hint']);
@@ -409,8 +410,8 @@ function get_wireless_channel_info($interface) {
     $pconfig['pppoe_dialondemand'] = isset($a_ppps[$pppid]['ondemand']);
     $pconfig['pptp_dialondemand'] = isset($a_ppps[$pppid]['ondemand']);
     $pconfig['pppoe_password'] = $pconfig['password']; // pppoe password field
-    $pconfig['pppoe_username'] =  $pconfig['username'];
-    $pconfig['pppoe_hostuniq'] =  $pconfig['hostuniq'];
+    $pconfig['pppoe_username'] = $pconfig['username'];
+    $pconfig['pppoe_hostuniq'] = $pconfig['hostuniq'];
     $pconfig['pppoe_idletimeout'] = $pconfig['idletimeout'];
 
     $pconfig['pptp_username'] = $pconfig['username'];
@@ -536,6 +537,11 @@ interface_bring_down($ifapply, $ifcfgo);
         if (isset($a_interfaces[$if]['enable'])) {
             unset($a_interfaces[$if]['enable']);
         }
+        if (!empty($pconfig['lock'])) {
+            $a_interfaces[$if]['lock'] = true;
+        } elseif (isset($a_interfaces[$if]['lock'])) {
+            unset($a_interfaces[$if]['lock']);
+        }
         if (isset($a_interfaces[$if]['wireless'])) {
             interface_sync_wireless_clones($a_interfaces[$if], false);
         }
@@ -903,7 +909,7 @@ interface_sync_wireless_clones($a_interfaces[$if], false);
                     } elseif (strlen($pconfig['key' . $i]) == 28) {
                         continue;
                     } else {
-                        $input_errors[] =  gettext("Invalid WEP key size. Sizes should be 40 (64) bit keys or 104 (128) bit.");
+                        $input_errors[] = gettext("Invalid WEP key size. Sizes should be 40 (64) bit keys or 104 (128) bit.");
                     }
                 }
             }
@@ -928,7 +934,8 @@ interface_sync_wireless_clones($a_interfaces[$if], false);
             }
             //
             $new_config['descr'] = preg_replace('/[^a-z_0-9]/i', '', $pconfig['descr']);
-            $new_config['enable'] =  !empty($pconfig['enable']);
+            $new_config['enable'] = !empty($pconfig['enable']);
+            $new_config['lock'] = !empty($pconfig['lock']);
             $new_config['spoofmac'] = $pconfig['spoofmac'];
 
             $new_config['blockpriv'] = !empty($pconfig['blockpriv']);
@@ -1641,10 +1648,17 @@ function toggle_allcfg() {
                     </thead>
                     <tbody>
                       <tr>
-                        <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Enable"); ?></td>
+                        <td><i class="fa fa-info-circle text-muted"></i> <?= gettext('Enable') ?></td>
+                        <td>
+                          <input id="enable" name="enable" type="checkbox" value="yes" <?=!empty($pconfig['enable']) ? 'checked="checked"' : '' ?>/>
+                          <strong><?= gettext('Enable Interface') ?></strong>
+                        </td>
+                      </tr>
+                      <tr>
+                        <td><i class="fa fa-info-circle text-muted"></i> <?= gettext('Lock') ?></td>
                         <td>
-                          <input id="enable" name="enable" type="checkbox" value="yes" <?=!empty($pconfig['enable']) ? "checked=\"checked\"" : "";?> />
-                          <strong><?=gettext("Enable Interface"); ?></strong>
+                          <input id="lock" name="lock" type="checkbox" value="yes" <?=!empty($pconfig['lock']) ? 'checked="checked"' : '' ?>/>
+                          <strong><?= gettext('Prevent interface removal') ?></strong>
                         </td>
                       </tr>
                     </tbody>

diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php
@@ -424,9 +424,13 @@ interface_configure($ifname, true);
                           </select>
                         </td>
                         <td>
-                          <button title="<?=gettext("delete interface");?>" data-toggle="tooltip" data-id="<?=$ifname;?>" class="btn btn-default act_delete" type="submit">
-                            <span class="fa fa-trash text-muted"></span>
+<?php
+                          if (empty($iface['lock'])): ?>
+                          <button title="<?= html_safe(gettext('Delete interface')) ?>" data-toggle="tooltip" data-id="<?=$ifname;?>" class="btn btn-default act_delete" type="submit">
+                            <span class="fa fa-trash"></span>
                           </button>
+<?php
+                          endif ?>
                         </td>
                       </tr>
 <?php