Permalink
Browse files

Make sure ACLs are saved correctly

  • Loading branch information...
1 parent 519597b commit 8fccab671fdade6b67cba2b5523ae2591f1d7425 Warren Baker committed Jan 29, 2014
Showing with 51 additions and 23 deletions.
  1. +28 −4 etc/inc/unbound.inc
  2. +23 −19 usr/local/www/services_unbound_acls.php
View
@@ -133,14 +133,17 @@ EOF;
}
// Configure static Host entries
- $host_entries = unbound_add_host_entries();
+ unbound_add_host_entries();
// Configure Domain Overrides
- $domain_overrides = unbound_add_domain_overrides();
+ unbound_add_domain_overrides();
// Configure Unbound statistics
$statistics = unbound_statistics();
+ // Configure Unbound access-lists
+ unbound_acls_config();
+
// Add custom Unbound options
if ($config['unbound']['custom_options']) {
$custom_option = "# Unbound custom option";
@@ -322,8 +325,8 @@ function sync_unbound_service() {
function unbound_acl_id_used($id) {
global $config;
- if (is_array($config['installedpackages']['unboundacls']['config']))
- foreach ($config['installedpackages']['unboundacls']['config'] as & $acls)
+ if (is_array($config['unbound']['acls']))
+ foreach($config['unbound']['acls'] as & $acls)
if ($id == $acls['aclid'])
return true;
@@ -585,4 +588,25 @@ EOF;
return $stats;
}
+// Unbound Access lists
+function unbound_acls_config() {
+ global $config;
+
+ // Configure the ACLs
+ if (is_array($config['unbound']['acls'])) {
+ $unboundcfg = "";
+ foreach($config['unbound']['acls'] as $unbound_acl) {
+ $unboundcfg .= "#{$unbound_acl['aclname']}\n";
+ foreach($unbound_acl['row'] as $network) {
+ if ($unbound_acl['aclaction'] == "allow snoop")
+ $unbound_acl['aclaction'] = "allow_snoop";
+ $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n";
+ }
+ }
+ // Write out Access list
+ file_put_contents("{$g['unbound_chroot_path']}/access_lists.conf", $unboundcfg);
+ } else
+ return;
+}
+
?>
@@ -97,31 +97,35 @@
}
if (!$input_errors) {
-
if ($pconfig['Submit'] == gettext("Save")) {
- if (!$a_acls[$id])
- $a_acls[$id]['aclid'] = $id;
-
- if (isset($id) && $a_acls[$id]) {
- $a_acls[$id]['aclid'] = $pconfig['aclid'];
- $a_acls[$id]['aclname'] = $pconfig['aclname'];
- $a_acls[$id]['aclaction'] = $pconfig['aclaction'];
- $a_acls[$id]['description'] = $pconfig['description'];
- $a_acls[$id]['row'] = array();
- foreach ($networkacl as $acl)
- $a_acls[$id]['row'][] = $acl;
- write_config();
- mark_subsystem_dirty("unbound");
- }
+ $acl_entry = array();
+ $acl_entry['aclid'] = $pconfig['aclid'];
+ $acl_entry['aclname'] = $pconfig['aclname'];
+ $acl_entry['aclaction'] = $pconfig['aclaction'];
+ $acl_entry['description'] = $pconfig['description'];
+ $acl_entry['aclid'] = $pconfig['aclid'];
+ $acl_entry['row'] = array();
+ foreach ($networkacl as $acl)
+ $acl_entry['row'][] = $acl;
+
+ if (isset($id) && $a_acls[$id])
+ $a_acls[$id] = $acl_entry;
+ else
+ $a_acls[] = $acl_entry;
+
+
+ mark_subsystem_dirty("unbound");
+ write_config();
+
pfSenseHeader("/services_unbound_acls.php");
exit;
}
if ($pconfig['apply']) {
- clear_subsystem_dirty("unbound");
- $retval = 0;
- $retval = services_unbound_configure();
- $savemsg = get_std_save_message($retval);
+ clear_subsystem_dirty("unbound");
+ $retval = 0;
+ $retval = services_unbound_configure();
+ $savemsg = get_std_save_message($retval);
}
}
}

0 comments on commit 8fccab6

Please sign in to comment.