diff options
author | Jim P <jim@pingle.org> | 2013-12-30 09:33:34 -0800 |
---|---|---|
committer | Jim P <jim@pingle.org> | 2013-12-30 09:33:34 -0800 |
commit | e9dda46c22167494b35a26c7cc7d431337f9be9f (patch) | |
tree | 645b252caaaed47d4b4cb01ec13a1f82ff1f9530 /config/haproxy-devel/haproxy_utils.inc | |
parent | dbc6411d871d60e7b997d4f664da2294fc192748 (diff) | |
parent | 55d0f4d0d4a48da8c47a5da8a97cb4c00bb067b1 (diff) | |
download | pfsense-packages-e9dda46c22167494b35a26c7cc7d431337f9be9f.tar.gz pfsense-packages-e9dda46c22167494b35a26c7cc7d431337f9be9f.tar.bz2 pfsense-packages-e9dda46c22167494b35a26c7cc7d431337f9be9f.zip |
Merge pull request #564 from PiBa-NL/haproxy-devel_1.5dev21
haproxy-devel, 1.5dev21, multiple certs for 1 frontend, no default_backend if acls used, agent-check, html cleanup
Diffstat (limited to 'config/haproxy-devel/haproxy_utils.inc')
-rw-r--r-- | config/haproxy-devel/haproxy_utils.inc | 141 |
1 files changed, 126 insertions, 15 deletions
diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc index f4df2433..058efc98 100644 --- a/config/haproxy-devel/haproxy_utils.inc +++ b/config/haproxy-devel/haproxy_utils.inc @@ -41,6 +41,7 @@ function haproxy_interface_ip($interfacebindname,$userfriendly=false){ $result = $item['name']; return $result; } + function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,localhost,real,carp,ipalias"){ // returns a list of ALL interface/IPs that can be used to bind a service to. // filtered by the conditions given in the two filter parameters. @@ -73,9 +74,18 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l continue; if (!isset($ifdetail['ipaddr'])) continue; + $descr = $ifdetail['descr']; + if (!$descr){ + if ($if == "wan" && !$ifdetail['descr']) + $descr = "WAN"; + else if ($if == "lan" && !$ifdetail['descr']) + $descr = "LAN"; + else + $descr = $if; + } $item = array(); - $item[ip] = get_interface_ip($if); - $item[name] = $ifdetail['descr'].' address (IPv4)'; + $item['ip'] = get_interface_ip($if); + $item['name'] = "$descr address (IPv4)"; $bindable[$if.'_ipv4'] = $item; } } @@ -103,6 +113,9 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l } } } + if (!isset($config['system']['ipv6allow'])) + return $bindable;// skip adding the IPv6 addresses if those are not 'allowed' + if (in_array("ipv6",$ipverions)){ if (in_array('any',$interfacetypes)){ $item = array(); @@ -122,9 +135,18 @@ function haproxy_get_bindable_interfaces($ipv="ipv4,ipv6", $interfacetype="any,l continue; if (!isset($ifdetail['ipaddrv6'])) continue; + $descr = $ifdetail['descr']; + if (!$descr){ + if ($if == "wan" && !$ifdetail['descr']) + $descr = "WAN"; + else if ($if == "lan" && !$ifdetail['descr']) + $descr = "LAN"; + else + $descr = $if; + } $item = array(); - $item[ip] = get_interface_ipv6($if); - $item[name] = $ifdetail['descr'].' address (IPv6)'; + $item['ip'] = get_interface_ipv6($if); + $item['name'] = "$descr address (IPv6)"; $bindable[$if.'_ipv6'] = $item; } } @@ -225,6 +247,69 @@ function haproxy_recalculate_certifcate_chain(){ return $items_recalculated; } +function get_certificat_usage($refid) { + $usage = array(); + $cert = lookup_cert($refid); + if (is_cert_revoked($cert)) + $usage[] = "Revoked"; + if (is_webgui_cert($refid)) + $usage[] = "webConfigurator"; + if (is_user_cert($refid)) + $usage[] = "User Cert"; + if (is_openvpn_server_cert($refid)) + $usage[] = "OpenVPN Server"; + if (is_openvpn_client_cert($refid)) + $usage[] = "OpenVPN Client"; + if (is_ipsec_cert($cert['refid'])) + $usage[] = "IPsec Tunnel"; + if (function_exists("is_captiveportal_cert")) + if (is_captiveportal_cert($refid)) + $usage[] = "Captive Portal"; + + return $usage; +} +function get_certificates_server($get_includeWebCert=false) { + // This function (is intended to) provide a uniform way to retrieve a list of server certificates + global $config; + $certificates=array(); + $a_cert = &$config['cert']; + foreach ($a_cert as $cert) + { + if ($get_ca == false && is_webgui_cert($cert['refid'])) + continue; + + $purpose = cert_get_purpose($cert['crt']); + //$certserverpurpose = $purpose['server'] == 'Yes' ? " [Server certificate]" : ""; + $certserverpurpose = ""; + + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; + + $usagestr=""; + $usage = get_certificat_usage($cert['refid']); + foreach($usage as $use){ + $usagestr .= " " . $use; + } + if ($usagestr != "") + $usagestr = " (".trim($usagestr).")"; + + $certificates[$cert['refid']]['name'] = $cert['descr'] . $caname . $certserverpurpose . $inuse . $revoked . $usagestr; + } + return $certificates; +} + + function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { $offset = str_repeat(' ',$nestID); $itemName = "item$nestID"; @@ -241,25 +326,51 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName $subNodeName = "item$nestID"; phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; - } else - echo "{$offset}{$nodeName}['$key'] = '$item';\n"; + } else { + $item = json_encode($item); + echo "{$offset}{$nodeName}['$key'] = $item;\n"; + } } } } function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { - phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); + phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); +} + +function haproxy_html_select_options($keyvaluelist, $selected="") { + $result = ""; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + if ($desc['deprecated'] && $key != $selected){ + continue; + } + $name = htmlspecialchars($desc['name']); + $result .= "<option value='{$key}' {$selectedhtml}>{$name}</option>"; + } + return $result; } -function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { +function haproxy_js_select_options($keyvaluelist, $selected="") { + $result = ""; + foreach($keyvaluelist as $key => $desc){ + $selectedhtml = $key == $selected ? "selected" : ""; + if ($desc['deprecated'] && $key != $selected){ + continue; + } + $name = htmlspecialchars($desc['name']); + $result .= "<option value='{$key}' {$selectedhtml}>{$name}<\/option>"; + } + return $result; +} + +function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="", $style="") { if (count($keyvaluelist)>0){ if ($onchangeEvent != "") - $onchangeEvent .= " onchange=$onchangeEvent"; - echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent>"; - foreach($keyvaluelist as $key => $desc){ - $selectedhtml = $key == $selected ? "selected" : ""; - $name = htmlspecialchars($desc['name']); - echo "<option value=\"{$key}\" {$selectedhtml}>{$name}</option>"; - } + $onchangeEvent = " onchange='$onchangeEvent'"; + if ($style != "") + $style = " style='$style'"; + echo "<select name=\"$name\" id=\"$name\" class=\"formselect\"$onchangeEvent$style>"; + echo haproxy_html_select_options($keyvaluelist, $selected); echo "</select>"; } else { echo $listEmptyMessage; |