aboutsummaryrefslogtreecommitdiffstats
path: root/config/imspector-dev/imspector.inc
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2012-05-09 17:08:59 -0300
committermarcelloc <marcellocoutinho@gmail.com>2012-05-09 17:08:59 -0300
commitd164882b708cbcd4231f1d66ea7c07ee6f1aa5fd (patch)
treeb2bda627a570f0ad3521368091f8d44d5496a5f2 /config/imspector-dev/imspector.inc
parent1546ec2a191a7d44cdc862926cd3c76896f4aa55 (diff)
downloadpfsense-packages-d164882b708cbcd4231f1d66ea7c07ee6f1aa5fd.tar.gz
pfsense-packages-d164882b708cbcd4231f1d66ea7c07ee6f1aa5fd.tar.bz2
pfsense-packages-d164882b708cbcd4231f1d66ea7c07ee6f1aa5fd.zip
imspector-dev - include rpc xml code and fix restart process
Diffstat (limited to 'config/imspector-dev/imspector.inc')
-rw-r--r--config/imspector-dev/imspector.inc166
1 files changed, 139 insertions, 27 deletions
diff --git a/config/imspector-dev/imspector.inc b/config/imspector-dev/imspector.inc
index d1a65b20..6f1cf92c 100644
--- a/config/imspector-dev/imspector.inc
+++ b/config/imspector-dev/imspector.inc
@@ -32,6 +32,7 @@
require_once("config.inc");
require_once("functions.inc");
+ require_once("service-utils.inc");
/* IMSpector */
@@ -39,7 +40,6 @@
define('IMSPECTOR_ETC', '/usr/local/etc/imspector');
define('IMSPECTOR_CONFIG', IMSPECTOR_ETC . '/imspector.conf');
- function imspector_notice ($msg) { syslog(LOG_NOTICE, "imspector: {$msg}"); }
function imspector_warn ($msg) { syslog(LOG_WARNING, "imspector: {$msg}"); }
function ims_text_area_decode($text){
@@ -51,12 +51,6 @@
mwexec(IMSPECTOR_RCFILE.' '.$action);
}
- function imspector_running () {
- if((int)exec('pgrep imspector | wc -l') > 0)
- return true;
- return false;
- }
-
function write_imspector_config($file, $text) {
$conf = fopen($file, 'w');
if(!$conf) {
@@ -177,11 +171,12 @@
write_config();
/*continue sync process*/
+ log_error("Imspector: Saving changes.");
config_lock();
/* remove existing rules */
- exec('/sbin/pfctl -a imspector -Fr');
- exec('/sbin/pfctl -a imspector -Fn');
+ exec('/sbin/pfctl -a imspector -Fr > /dev/null');
+ exec('/sbin/pfctl -a imspector -Fn > /dev/null');
$ifaces_active = '';
@@ -217,8 +212,11 @@
imspector_warn("Could not resolve real interface for {$iface}");
}
}
-
+
+
+ /*reload rules*/
if($pf_rules) {
+ log_error("Imspector: Reloading rules.");
exec("echo \"{$pf_rules}\" | /sbin/pfctl -a imspector -f -");
conf_mount_rw();
@@ -348,7 +346,7 @@
/* generate rc file start and stop */
$stop = <<<EOD
/bin/pkill -x imspector
-
+/bin/sleep 1
EOD;
$start = $stop."\n\tldconfig -m /usr/local/lib/mysql\n";
$start .= "\t/usr/local/sbin/imspector -c \"".IMSPECTOR_CONFIG."\"";
@@ -360,18 +358,7 @@ EOD;
)
);
- conf_mount_ro();
-
- /* if imspector not running start it */
- if(!imspector_running()) {
- imspector_notice("Starting service on interface: {$ifaces_active}");
- imspector_action('start');
- }
- /* or restart imspector if settings were changed */
- elseif($_POST['iface_array']) {
- imspector_notice("Restarting service on interface: {$ifaces_active}");
- imspector_action('restart');
- }
+ conf_mount_ro();
}
}
@@ -381,9 +368,9 @@ EOD;
if(file_exists(IMSPECTOR_RCFILE)) {
if(!$ims_config['enable'])
- imspector_notice('Stopping service: imspector disabled');
+ log_error('Impsector: Stopping service: imspector disabled');
else
- imspector_notice('Stopping service: no interfaces and/or protocols selected');
+ log_error('Impsector: Stopping service: no interfaces and/or protocols selected');
imspector_action('stop');
@@ -395,9 +382,23 @@ EOD;
@unlink(IMSPECTOR_ETC . '/acl_whitelist.txt');
conf_mount_ro();
}
+ }
+ else{
+ /* if imspector not running start it */
+ if(!is_process_running('imspector')) {
+ log_error("Impsector: Starting service on interface: {$ifaces_active}");
+ imspector_action('start');
+ }
+ /* or restart imspector if settings were changed */
+ else{
+ log_error("Impsector: Restarting service on interface: {$ifaces_active}");
+ imspector_action('restart');
+ }
}
-
- config_unlock();
+ config_unlock();
+
+ /*check xmlrpc sync*/
+ imspector_sync_on_changes();
}
function imspector_get_ca_certs() {
@@ -421,4 +422,115 @@ EOD;
}
return $cert_arr;
}
+
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function imspector_sync_on_changes() {
+ global $config, $g;
+
+ $synconchanges = $config['installedpackages']['imspectorsync']['config'][0]['synconchanges'];
+ if(!$synconchanges)
+ return;
+ log_error("Imspector: xmlrpc sync is starting.");
+ foreach ($config['installedpackages']['imspectorsync']['config'] as $rs ){
+ foreach($rs['row'] as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if($password && $sync_to_ip)
+ imspector_do_xmlrpc_sync($sync_to_ip, $password);
+ }
+ }
+ log_error("Imspector: xmlrpc sync is ending.");
+}
+/* Do the actual XMLRPC sync */
+function imspector_do_xmlrpc_sync($sync_to_ip, $password) {
+ global $config, $g;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+ $username="admin";
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['imspector'] = $config['installedpackages']['imspector'];
+ $xml['imspectorreplacements'] = $config['installedpackages']['imspectorreplacements'];
+ $xml['imspectoracls'] = $config['installedpackages']['imspectoracls'];
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("Imspector: Beginning XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 250 seconds */
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "imspector Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "imspector Settings Sync", "");
+ } else {
+ log_error("imspector XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell imspector to reload our settings on the destionation sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/imspector.inc');\n";
+ $execcmd .= "sync_package_imspector();";
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("imspector XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting imspector XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "imspector Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting imspector XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "imspector Settings Sync", "");
+ } else {
+ log_error("imspector XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+
+}
?> \ No newline at end of file