From a4f7ab6ec229d15aa6b7606516090b73ba50ff2a Mon Sep 17 00:00:00 2001
From: Daniel Stefan Haischt <dsh@pfsense.org>
Date: Sun, 21 Jan 2007 00:06:40 +0000
Subject: * results of a coding binge ...

---
 packages/freenas/pkg/freenas_services.inc | 90 +++++++++++++++++++++++++++----
 packages/freenas/pkg/freenas_utils.inc    |  1 +
 2 files changed, 81 insertions(+), 10 deletions(-)

(limited to 'packages/freenas/pkg')

diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc
index 5c206413..1bd9b980 100644
--- a/packages/freenas/pkg/freenas_services.inc
+++ b/packages/freenas/pkg/freenas_services.inc
@@ -40,8 +40,9 @@
                                                                               */
 /* ========================================================================== */
 
-define (FTP_BACKEND_PAM, "pam");
-define (FTP_BACKEND_PLAINTEXT, "plaintext");
+define ("FTP_BACKEND_PAM", "pam");
+define ("FTP_BACKEND_PLAINTEXT", "plaintext");
+define ("NFS_SERVICE_PORTS", "111 2049");
 
 $freenas_config =& $config['installedpackages']['freenas']['config'][0];
 
@@ -410,12 +411,26 @@ function services_nfs_configure() {
       return 1;
     }
 
-    list($network,$subnet) = 
-    explode('/', $freenas_config['nfs']['nfsnetwork']);
-
-    $subnet = gen_subnet_mask($subnet);
     $a_mount = &$freenas_config['mounts']['mount'];
 
+    /* TODO: ATM network authorization does not work on a per mount basis */
+    if (is_array($freenas_config['nfs']['nfsnetwork'])) {
+      $a_nfsnetworks = array();
+      $pfnetworks = array();
+      
+      foreach ($freenas_config['nfs']['nfsnetwork'] as $netel) {
+        list($network,$subnet) = 
+        explode('/', $netel);
+    
+        $subnet = gen_subnet_mask($subnet);
+        $a_nfsnetworks[] = "-network {$network} -mask {$subnet}";
+        $pfnetworks[] = $network;
+      }
+      
+      $nfsnetworks_str = implode(' ', $a_nfsnetworks);
+      services_setup_transparency_for("nfs", implode(" ", $pfnetworks));
+    }
+
     foreach ($a_mount as $mount) {
       /* -mapall and -maproot mutually exclusive */
       $mapping = $freenas_config['nfs']['mapall'] == "yes" ? "-mapall=root" : "-maproot=root";
@@ -425,28 +440,83 @@ function services_nfs_configure() {
 EOD;
 
       $nfsconf .= <<<EOD
--network {$network} -mask $subnet
+{$nfsnetworks_str}
 
 EOD;
 
     } // end foreach
+
     
     fwrite($fd, $nfsconf);
     fclose($fd);
 
     /* run rpcbind, nfsd and mountd */
-    mwexec("/usr/sbin/rpcbind");
-    mwexec("/usr/sbin/nfsd -u -t -n 4");
+    mwexec("/usr/sbin/rpcbind -h {$freenas_config['nfs']['bindto']}");
+    mwexec("/usr/sbin/nfsd -h {$freenas_config['nfs']['bindto']} -u -t -n 4");
     mwexec("/usr/sbin/mountd -r {$g['varetc_path']}/exports");
     mwexec("/usr/sbin/rpc.lockd");
     mwexec("/usr/sbin/rpc.statd");
 
     if ($g['booting']) { echo "done\n"; }
-  } // end if
+  } else {
+    services_remove_transparency_for("nfs");
+  }// end if
 
   return 0;
 }
 
+function services_remove_transparency_for($whom) {
+  $service_result = mwexec ("pfctl -a \"passin-package-freenas-{$whom}\" -F rules");
+  if($service_result <> 0) {
+    file_notice("FREENAS", "There were error(s) flushing the exclude table", "FREENAS", "");
+  }
+}
+
+function services_setup_transparency_for($whom, $networks) {
+  global $config, $freenas_config;
+  
+  if ($whom == "" || $networks == "") { return; }
+  
+  $generatedLANSubnet = gen_subnet($config['interfaces']['lan']['ipaddr'],
+                                   $config['interfaces']['lan']['subnet']);
+  $aliases = "";
+  
+  /* stolen from filter.inc */
+  $real_wanif = get_real_wan_interface();
+  $wanip = find_interface_ip($real_wanif);
+  
+  $wan_aliases = " " . link_ip_to_carp_interface($wanip);
+  
+  if (link_int_to_bridge_interface("wan"))
+    $wan_aliases .= " " . link_int_to_bridge_interface("wan");
+  
+  if ($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "pptp") {
+    $aliases .= "ng0 = \"{ {$config['interfaces']['wan']['if']} {$real_wanif} }\" \n";
+    $aliases .= "wan = \"{ {$config['interfaces']['wan']['if']} {$wan_aliases} ng0 }\"\n";
+  } else {
+    $aliases .= "wan = \"{ {$real_wanif} {$wan_aliases} }\"\n";
+  }
+  
+  $trans_file = fopen("/tmp/freenas-{$whom}.rules","w");
+  fwrite($trans_file, "{$aliases}\n");
+  
+  switch ($whom) {
+    case "nfs":
+      $nfs_ports = explode(" ", NFS_SERVICE_PORTS);
+      
+      foreach ($nfs_ports as $port) {
+        fwrite($trans_file, "pass in quick on \$wan proto { tcp udp } from { {$networks} } to {$freenas_config['nfs']['bindto']} port = {$port} keep state  label \"FreeNAS related rule for {$whom}-{$port}\"\n");
+      }
+      break;
+  }
+  fclose($trans_file);
+  $service_result = mwexec ("pfctl -a \"passin-package-freenas-{$whom}\" -f /tmp/freenas-{$whom}.rules");
+  if($service_result <> 0) {
+    file_notice("FREENAS", "There were error(s) loading the transparency rules", "FREENAS", "");
+  }
+  //add_trans_table($whom);
+}
+
 function services_ftpd_configure() {
   global $freenas_config, $g;
   // services_vsftpd_configure();
diff --git a/packages/freenas/pkg/freenas_utils.inc b/packages/freenas/pkg/freenas_utils.inc
index 1e812412..6e5d8872 100644
--- a/packages/freenas/pkg/freenas_utils.inc
+++ b/packages/freenas/pkg/freenas_utils.inc
@@ -585,6 +585,7 @@ function get_ata_disks_list() {
           if ($dmesgtab[0]!="" && (strcasecmp($dmesgtab[0],$diskname) == 0) &&
               strcmp($dmesgtab[1],"DMA") !=0) {
             $disklist[$diskname]['size'] = $dmesgtab[1];
+          }
         } // end if
       } // end foreach
     } // end if
-- 
cgit v1.2.3