aboutsummaryrefslogtreecommitdiffstats
path: root/config/tinc
diff options
context:
space:
mode:
Diffstat (limited to 'config/tinc')
-rw-r--r--config/tinc/tinc.inc323
1 files changed, 187 insertions, 136 deletions
diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc
index 82d5b453..65f07e32 100644
--- a/config/tinc/tinc.inc
+++ b/config/tinc/tinc.inc
@@ -1,204 +1,255 @@
<?php
-
+/*
+ tinc.inc
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2012-2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* include_once('guiconfig.inc'); is needed for clear_log_file() during package installation while booting.
+ * However, guiconfig.inc includes authgui.inc which requires a valid php session_auth() and exits when not found.
+ * So we include the function here.
+*/
if (!function_exists('clear_log_file')) {
-//include_once('guiconfig.inc'); // needed for clear_log_file() during package installation while booting
-//however guiconfig.inc includes authgui.inc which requires a valid php session_auth(), and exits when not found..
-//so include the function here..
+
function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) {
global $config, $g;
- if ($restart_syslogd)
+ if ($restart_syslogd) {
exec("/usr/bin/killall syslogd");
- if(isset($config['system']['disablesyslogclog'])) {
+ }
+ if (isset($config['system']['disablesyslogclog'])) {
unlink($logfile);
touch($logfile);
} else {
$log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488";
- if(isset($config['system']['usefifolog']))
+ if (isset($config['system']['usefifolog'])) {
exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile));
- else
+ } else {
exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile));
+ }
}
- if ($restart_syslogd)
+ if ($restart_syslogd) {
system_syslogd_start();
+ }
}
}
function tinc_save() {
- global $config;
+ global $config, $configpath;
+ $configpath = '/usr/local/etc/tinc/';
+
conf_mount_rw();
- exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old");
- safe_mkdir("/usr/local/etc/tinc");
- safe_mkdir("/usr/local/etc/tinc/hosts");
- exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI");
+
+ rename("{$configpath}", "{$configpath}.old");
+ safe_mkdir("{$configpath}");
+ safe_mkdir("{$configpath}/hosts");
+ touch("{$configpath}/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI");
$tincconf = &$config['installedpackages']['tinc']['config'][0];
- $fout = fopen("/usr/local/etc/tinc/tinc.conf","w");
+ $fout = fopen("{$configpath}/tinc.conf", "w");
// No proper config, bail out.
- if (!isset($tincconf['name']) || empty($tincconf['name']))
+ if (!isset($tincconf['name']) || empty($tincconf['name'])) {
+ log_error("[tinc] Cannot configure (name not set). Check your configuration.");
return;
+ }
- fwrite($fout, "name=".$tincconf['name']."\n");
- fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n");
- if(!is_array($config['installedpackages']['tinchosts']['config'])) { $config['installedpackages']['tinchosts']['config']=Array(); }
- foreach($config['installedpackages']['tinchosts']['config'] as $host) {
- if($host['connect'])
- {
+ fwrite($fout, "name=" . $tincconf['name'] . "\n");
+ fwrite($fout, "AddressFamily=" . $tincconf['addressfamily'] . "\n");
+ if (!is_array($config['installedpackages']['tinchosts']['config'])) {
+ $config['installedpackages']['tinchosts']['config']= array();
+ }
+ foreach ($config['installedpackages']['tinchosts']['config'] as $host) {
+ if($host['connect']) {
fwrite($fout, "ConnectTo=" . $host['name'] . "\n");
}
-
- $_output = "Address=".$host['address']."\n";
- $_output .= "Subnet=".$host['subnet']."\n";
- $_output .= base64_decode($host['extra'])."\n";
- $_output .= base64_decode($host['cert_pub'])."\n";
- file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output);
- if($host['host_up'])
- {
- file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',str_replace("\r", "", base64_decode($host['host_up']))."\n");
- chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744);
+
+ $_output = "Address=" . $host['address'] . "\n";
+ $_output .= "Subnet=" . $host['subnet'] . "\n";
+ $_output .= base64_decode($host['extra']) . "\n";
+ $_output .= base64_decode($host['cert_pub']) . "\n";
+ file_put_contents("{$configpath}/hosts/" . $host['name'], $_output);
+ if ($host['host_up']) {
+ file_put_contents("{$configpath}/hosts/" . $host['name'] . '-up', str_replace("\r", "", base64_decode($host['host_up'])) . "\n");
+ chmod("{$configpath}/hosts/" . $host['name'] . '-up', 0744);
}
- if($host['host_down'])
- {
- file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',str_replace("\r", "", base64_decode($host['host_down']))."\n");
- chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744);
+ if ($host['host_down']) {
+ file_put_contents("{$configpath}/hosts/" . $host['name'] . '-down', str_replace("\r", "", base64_decode($host['host_down'])) . "\n");
+ chmod("{$configpath}/hosts/" . $host['name'] . '-down', 0744);
}
}
- fwrite($fout, base64_decode($tincconf['extra'])."\n");
+ fwrite($fout, base64_decode($tincconf['extra']) . "\n");
fclose($fout);
// Check if we need to generate a new RSA key pair.
- if ($tincconf['gen_rsa'])
- {
- safe_mkdir("/usr/local/etc/tinc/tmp");
- exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K");
- $tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub'));
- $tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv'));
+ if ($tincconf['gen_rsa']) {
+ safe_mkdir("{$configpath}/tmp");
+ exec("/usr/local/sbin/tincd -c {$configpath}/tmp -K");
+ $tincconf['cert_pub'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.pub"));
+ $tincconf['cert_key'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.priv"));
$tincconf['gen_rsa'] = false;
$config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub'];
$config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key'];
$config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa'];
- rmdir_recursive("/usr/local/etc/tinc/tmp");
- write_config();
+ rmdir_recursive("{$configpath}/tmp");
+ write_config("[tinc] New RSA key pair generated.");
}
$_output = "Subnet=" . $tincconf['localsubnet'] . "\n";
$_output .= base64_decode($tincconf['host_extra']) . "\n";
$_output .= base64_decode($tincconf['cert_pub']) . "\n";
- file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output);
- file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n");
- chmod("/usr/local/etc/tinc/rsa_key.priv", 0600);
- if($tincconf['tinc_up'])
- {
+ file_put_contents("{$configpath}/hosts/" . $tincconf['name'], $_output);
+ file_put_contents("{$configpath}/rsa_key.priv", base64_decode($tincconf['cert_key']) . "\n");
+ chmod("{$configpath}/rsa_key.priv", 0600);
+ if ($tincconf['tinc_up']) {
$_output = base64_decode($tincconf['tinc_up']) . "\n";
- }
- else
- {
+ } else {
$_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n";
$_output .= "ifconfig \$INTERFACE group tinc\n";
}
- file_put_contents('/usr/local/etc/tinc/tinc-up',$_output);
- chmod("/usr/local/etc/tinc/tinc-up", 0744);
- if($tincconf['tinc_down'])
- {
- file_put_contents('/usr/local/etc/tinc/tinc-down',str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n");
- chmod("/usr/local/etc/tinc/tinc-down", 0744);
- }
- if($tincconf['host_up'])
- {
- file_put_contents('/usr/local/etc/tinc/host-up',str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n");
- chmod("/usr/local/etc/tinc/host-up", 0744);
- }
- if($tincconf['host_down'])
- {
- file_put_contents('/usr/local/etc/tinc/host-down',str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n");
- chmod("/usr/local/etc/tinc/host-down", 0744);
- }
- if($tincconf['subnet_up'])
- {
- file_put_contents('/usr/local/etc/tinc/subnet-up',str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n");
- chmod("/usr/local/etc/tinc/subnet-up", 0744);
- }
- if($tincconf['subnet_down'])
- {
- file_put_contents('/usr/local/etc/tinc/subnet-down',str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n");
- chmod("/usr/local/etc/tinc/subnet-down", 0744);
- }
- system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null");
- rmdir_recursive("/usr/local/etc/tinc.old");
+ file_put_contents("{$configpath}/tinc-up", $_output);
+ chmod("{$configpath}/tinc-up", 0744);
+ if ($tincconf['tinc_down']) {
+ file_put_contents("{$configpath}/tinc-down", str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n");
+ chmod("{$configpath}/tinc-down", 0744);
+ }
+ if ($tincconf['host_up']) {
+ file_put_contents("{$configpath}/host-up", str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n");
+ chmod("{$configpath}/host-up", 0744);
+ }
+ if ($tincconf['host_down']) {
+ file_put_contents("{$configpath}/host-down", str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n");
+ chmod("{$configpath}/host-down", 0744);
+ }
+ if ($tincconf['subnet_up']) {
+ file_put_contents("{$configpath}/subnet-up", str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n");
+ chmod("{$configpath}/subnet-up", 0744);
+ }
+ if ($tincconf['subnet_down']) {
+ file_put_contents("{$configpath}/subnet-down", str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n");
+ chmod("{$configpath}/subnet-down", 0744);
+ }
+
+ $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pfs_version == "2.2") {
+ $pbietcpath = '/usr/pbi/tinc-' . php_uname("m") . '/local/etc';
+ unlink_if_exists("{$pbietcpath}/tinc");
+ symlink($configpath, "{$pbietcpath}/tinc");
+ }
+
+ if ($tincconf['enable'] != "") {
+ restart_service("tinc");
+ } elseif (is_process_running("tincd")); {
+ stop_service("tinc");
+ }
+ rmdir_recursive("/usr/local/etc/tinc.old");
conf_mount_ro();
}
function tinc_install() {
global $config;
+
safe_mkdir("/usr/local/etc/tinc");
safe_mkdir("/usr/local/etc/tinc/hosts");
- $_rcfile['file']='tinc.sh';
- $_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t";
- $_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t";
- write_rcfile($_rcfile);
+ $rc['file'] = 'tinc.sh';
+ $rc['start'] .= "/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t";
+ $rc['stop'] .= "/usr/local/sbin/tincd --kill \n\t";
+ write_rcfile($rc);
unlink_if_exists("/usr/local/etc/rc.d/tincd");
clear_log_file("/var/log/tinc.log");
-
- conf_mount_rw();
- /* Create Interface Group */
- if (!is_array($config['ifgroups']['ifgroupentry']))
- $config['ifgroups']['ifgroupentry'] = array();
-
- $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
- $ifgroupentry = array();
- $ifgroupentry['members'] = '';
- $ifgroupentry['descr'] = 'tinc mesh VPN interface group';
- $ifgroupentry['ifname'] = 'tinc';
- $a_ifgroups[] = $ifgroupentry;
+ /* Create Interface Group */
+ if (!is_array($config['ifgroups']['ifgroupentry'])) {
+ $config['ifgroups']['ifgroupentry'] = array();
+ }
- /* XXX: Do not remove this. */
- mwexec("/bin/rm -f /tmp/config.cache");
+ $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
+ $ifgroupentry = array();
+ $ifgroupentry['members'] = '';
+ $ifgroupentry['descr'] = 'tinc mesh VPN interface group';
+ $ifgroupentry['ifname'] = 'tinc';
+ $a_ifgroups[] = $ifgroupentry;
- write_config();
+ /* XXX: Do not remove this. WTH?! */
+ mwexec("/bin/rm -f /tmp/config.cache");
- conf_mount_ro();
+ write_config("[tinc] Package installed.");
}
function tinc_deinstall() {
global $config;
- /* Remove Interface Group */
- conf_mount_rw();
- if (!is_array($config['ifgroups']['ifgroupentry']))
- $config['ifgroups']['ifgroupentry'] = array();
-
- $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-
- $myid=-1;
- $i = 0;
- foreach ($a_ifgroups as $ifgroupentry)
- {
- if($ifgroupentry['ifname']=='tinc')
- {
- $myid=$i;
- break;
- }
- $i++;
- }
-
- if ($myid >= 0 && $a_ifgroups[$myid])
- {
- $members = explode(" ", $a_ifgroups[$_GET['id']]['members']);
- foreach ($members as $ifs)
- {
- $realif = get_real_interface($ifs);
- if ($realif)
- mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname']));
- }
- unset($a_ifgroups[$myid]);
- mwexec("/bin/rm -f /tmp/config.cache");
- write_config();
- }
- conf_mount_ro();
+ /* Remove Interface Group */
+ if (!is_array($config['ifgroups']['ifgroupentry'])) {
+ $config['ifgroups']['ifgroupentry'] = array();
+ }
+
+ $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
+
+ $myid = -1;
+ $i = 0;
+ foreach ($a_ifgroups as $ifgroupentry) {
+ if ($ifgroupentry['ifname'] == 'tinc') {
+ $myid = $i;
+ break;
+ }
+ $i++;
+ }
+
+ if ($myid >= 0 && $a_ifgroups[$myid]) {
+ $members = explode(" ", $a_ifgroups[$_GET['id']]['members']);
+ foreach ($members as $ifs) {
+ $realif = get_real_interface($ifs);
+ if ($realif) {
+ mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname']));
+ }
+ }
+ unset($a_ifgroups[$myid]);
+ /* WTH?! */
+ mwexec("/bin/rm -f /tmp/config.cache");
+ write_config("[tinc] Package uninstalled.");
+ }
rmdir_recursive("/var/tmp/tinc");
rmdir_recursive("/usr/local/etc/tinc*");
- unlink_if_exists("/usr/local/etc/rc.d/tinc.sh");
}
+function tinc_validate_input($post, &$input_errors) {
+ if ($post['localip']) {
+ if ((!is_ipaddr($post['localip'])) && (!is_hostname($post['localip']))) {
+ $input_errors[] = gettext("'Local IP' must be a valid IP address or hostname.");
+ }
+ }
+ if ($post['address']) {
+ if ((!is_ipaddr($post['address'])) && (!is_hostname($post['address']))) {
+ $input_errors[] = gettext("'Host Address' must be a valid IP address or hostname.");
+ }
+ }
+ if (($post['localsubnet']) && (!is_subnet($post['localsubnet']))) {
+ $input_errors[] = gettext("'Local Subnet' must be a valid subnet.");
+ }
+ if (($post['subnet']) && (!is_subnet($post['subnet']))) {
+ $input_errors[] = gettext("'Subnet' must be a valid subnet.");
+ }
+}
?>