Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Added support for XMLRPC sync for squid configuration #417

Closed
wants to merge 4 commits into from

2 participants

@p1nky

With the last commit I've patched the squid package to add support for XMLRPC configuration sync to remote (backup) pfSense.

p1nky added some commits
@p1nky p1nky - There should be an option to bind the proxy server either or interf…
…ace address or a virtual IP.

  Until that option will be added, selecting an interface the proxy will bind on interface address
  AND any virtual IP configurated on it.
ca3d6ce
@p1nky p1nky - There should be an option to bind the proxy server either or interf…
…ace address or a virtual IP.

  Until that option will be added, selecting an interface the proxy will bind on interface address
  AND any virtual IP configurated on it.
47035d0
@p1nky p1nky Merge branch 'master' of https://github.com/p1nky/pfsense-packages bf8faf8
@p1nky p1nky Added support for XMLRPC configuration sync to remote (backup) pfSens…
…e server
7fbb3ab
@p1nky

I'm sorry, I wanted to request a pull for only the last patch (7fbb3ab).

@cbuechler
Owner

You'll have to re-submit and ensure it's rebased before pull.

@cbuechler cbuechler closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 26, 2013
  1. @p1nky

    - There should be an option to bind the proxy server either or interf…

    p1nky authored
    …ace address or a virtual IP.
    
      Until that option will be added, selecting an interface the proxy will bind on interface address
      AND any virtual IP configurated on it.
  2. @p1nky

    - There should be an option to bind the proxy server either or interf…

    p1nky authored
    …ace address or a virtual IP.
    
      Until that option will be added, selecting an interface the proxy will bind on interface address
      AND any virtual IP configurated on it.
  3. @p1nky
Commits on Mar 31, 2013
  1. @p1nky
This page is out of date. Refresh to see the latest.
View
128 config/squid/squid.inc
@@ -539,6 +539,109 @@ function squid_validate_auth($post, $input_errors) {
}
}
+function squid_validate_sync($post, $input_errors) {
+ if ( isset($post['synconchanges']) ) {
+ $ipaddress = $post['ipaddress'];
+ if (!empty($ipaddress) && !is_ipaddr($ipaddress))
+ $input_errors[] = "The value '$ipaddress' is not a valid IP address";
+ }
+}
+
+function squid_do_xmlrpc_sync($sync_to_ip, $password) {
+ global $config;
+
+ if(!isset($password) || !isset($sync_to_ip) )
+ return;
+
+ $synconchanges = $config['installedpackages']['squidsync']['config'][0]['synconchanges'];
+ if ( !isset($synconchanges) )
+ return;
+
+ // build xmlrpc url
+ $proto = $config['system']['webgui']['protocol'];
+ if( !isset($proto) ) {
+ $proto = "https";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if( !isset($port) ) {
+ if($proto == "https")
+ $port = "443";
+ else
+ $port = "80";
+ }
+ $url = $proto . "://" . $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ log_error("Include squid config");
+ $xml['squid'] = $config['installedpackages']['squid'];
+ $xml['squidcache'] = $config['installedpackages']['squidcache'];
+ $xml['squidauth'] = $config['installedpackages']['squidauth'];
+ $xml['squidnac'] = $config['installedpackages']['squidnac'];
+ $xml['squidupstream'] = $config['installedpackages']['squidupstream'];
+
+ if (count($xml) > 0){
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+ log_error("Beginning squid XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ /* send our XMLRPC message and timeout after 250 seconds */
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "Squid Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "Squid Settings Sync", "");
+ } else {
+ log_error("squid XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+
+ /* tell squid to reload our settings on the destionation sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/squid.inc');\n";
+ $execcmd .= "squid_resync();";
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("squid XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "squid Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "squid Settings Sync", "");
+ } else {
+ log_error("squid XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+ }
+}
+
+
function squid_install_cron($should_install) {
global $config, $g;
if($g['booting']==true)
@@ -629,6 +732,14 @@ function squid_resync_general() {
if($real_ifaces[$i][0]) {
$conf .= "http_port {$real_ifaces[$i][0]}:$port\n";
}
+ // XXX: bind on Virtual IP too.
+ if($config['virtualip']['vip']) {
+ foreach($config['virtualip']['vip'] as $vip) {
+ if($vip['interface'] == $iface) {
+ $conf .= "http_port {$vip['subnet']}:$port\n";
+ }
+ }
+ }
}
if (($settings['transparent_proxy'] == 'on')) {
$conf .= "http_port 127.0.0.1:" . $settings['proxy_port'] . " transparent\n";
@@ -1183,6 +1294,23 @@ function squid_resync() {
}
filter_configure();
conf_mount_ro();
+
+ //
+ // XMLRPC Sync
+ //
+ $synconchanges = $config['installedpackages']['squidsync']['config'][0]['synconchanges'];
+ if( isset($synconchanges) && $synconchanges ) {
+ log_error("[Proxy server] Starting XMLRPC sync.");
+ foreach ($config['installedpackages']['squidsync']['config'] as $rs) {
+ foreach($rs['row'] as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if( isset($password) && isset($sync_to_ip) )
+ squid_do_xmlrpc_sync($sync_to_ip, $password);
+ }
+ }
+ log_error("[Proxy server] Ending XMLRPC sync.");
+ }
}
function squid_print_javascript_auth() {
View
10 config/squid/squid.xml
@@ -91,6 +91,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<!-- Installation -->
<additional_files_needed>
@@ -148,6 +152,11 @@
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/squid/swapstate_check.php</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://packages.optimalab.it/packages/config/squid-cattolica/squid_sync.xml</item>
+ </additional_files_needed>
<fields>
<field>
<fielddescr>Proxy interface</fielddescr>
@@ -338,6 +347,7 @@
squid_install_command();
squid_resync();
exec("/bin/rm -f /usr/local/etc/rc.d/squid");
+ exec("/usr/bin/chgrp proxy /var/db/samba/winbindd_privileged/");
</custom_php_install_command>
<custom_php_deinstall_command>
squid_deinstall_command();
View
4 config/squid/squid_auth.xml
@@ -79,6 +79,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<fields>
<field>
View
4 config/squid/squid_cache.xml
@@ -79,6 +79,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<fields>
<field>
View
4 config/squid/squid_nac.xml
@@ -79,6 +79,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<fields>
<field>
View
126 config/squid/squid_sync.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ squid_sync.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2007 to whom it may belong
+ All rights reserved.
+
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>squidsync</name>
+ <version>none</version>
+ <title>Proxy server: XMLRPC Sync</title>
+ <include_file>/usr/local/pkg/squid.inc</include_file>
+ <tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=squid.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Upstream Proxy</text>
+ <url>/pkg_edit.php?xml=squid_upstream.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Cache Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_cache.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Access Control</text>
+ <url>/pkg_edit.php?xml=squid_nac.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Traffic Mgmt</text>
+ <url>/pkg_edit.php?xml=squid_traffic.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Auth Settings</text>
+ <url>/pkg_edit.php?xml=squid_auth.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Local Users</text>
+ <url>/pkg.php?xml=squid_users.xml</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Proxy server XMLRPC Sync</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Automatically sync Proxy server configuration changes</fielddescr>
+ <fieldname>synconchanges</fieldname>
+ <description>pfSense will automatically sync changes to the hosts defined below.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Remote Server</fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>IP Address</fielddescr>
+ <fieldname>ipaddress</fieldname>
+ <description>IP Address of remote server</description>
+ <type>input</type>
+ <size>20</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Password</fielddescr>
+ <fieldname>password</fieldname>
+ <description>Password for remote server.</description>
+ <type>password</type>
+ <size>20</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ </fields>
+ <custom_php_validation_command>
+ squid_validate_sync($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ squid_resync();
+ </custom_php_resync_config_command>
+</packagegui>
View
4 config/squid/squid_traffic.xml
@@ -79,6 +79,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<fields>
<field>
View
4 config/squid/squid_upstream.xml
@@ -79,6 +79,10 @@
<text>Local Users</text>
<url>/pkg.php?xml=squid_users.xml</url>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<fields>
<field>
View
4 config/squid/squid_users.xml
@@ -81,6 +81,10 @@
<url>/pkg.php?xml=squid_users.xml</url>
<active/>
</tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=squid_sync.xml&amp;id=0</url>
+ </tab>
</tabs>
<adddeleteeditpagefields>
<columnitem>
Something went wrong with that request. Please try again.