plugins: PSR12 for "s" and "w"
This commit is contained in:
parent
e2fff6bade
commit
8f2805ef58
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017-2019 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017-2019 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
@ -89,10 +90,12 @@ class ActionsController extends ApiMutableModelControllerBase
|
|||
|
||||
public function sftpTestConnectionAction()
|
||||
{
|
||||
if ($response = $this->callBackend(
|
||||
["test-sftp-connection"],
|
||||
["sftp_host", "sftp_host_key", "sftp_port", "sftp_user", "sftp_identity_type", "sftp_remote_path", "sftp_chmod", "sftp_chgrp"])) {
|
||||
|
||||
if (
|
||||
$response = $this->callBackend(
|
||||
["test-sftp-connection"],
|
||||
["sftp_host", "sftp_host_key", "sftp_port", "sftp_user", "sftp_identity_type", "sftp_remote_path", "sftp_chmod", "sftp_chgrp"]
|
||||
)
|
||||
) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
|
@ -116,7 +119,9 @@ class ActionsController extends ApiMutableModelControllerBase
|
|||
if (preg_match('/^\[.+\]$/ms', $result) || preg_match('/^\{.+\}$/ms', $result)) {
|
||||
try {
|
||||
$result = json_decode($result, true, 64, JSON_THROW_ON_ERROR);
|
||||
} catch (\Exception $ignored) {/*pass as is when json parsing fails*/}
|
||||
} catch (\Exception $ignored) {
|
||||
/*pass as is when json parsing fails*/
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017-2019 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
@ -92,7 +93,7 @@ class CertificatesController extends ApiMutableModelControllerBase
|
|||
*/
|
||||
public function signAction($uuid)
|
||||
{
|
||||
$result = array("result"=>"failed");
|
||||
$result = array("result" => "failed");
|
||||
if ($this->request->isPost()) {
|
||||
$mdlAcme = new AcmeClient();
|
||||
|
||||
|
@ -116,7 +117,7 @@ class CertificatesController extends ApiMutableModelControllerBase
|
|||
*/
|
||||
public function removekeyAction($uuid)
|
||||
{
|
||||
$result = array("result"=>"failed");
|
||||
$result = array("result" => "failed");
|
||||
$mdlAcme = new AcmeClient();
|
||||
if ($uuid != null) {
|
||||
$node = $mdlAcme->getNodeByReference('certificates.certificate.' . $uuid);
|
||||
|
@ -136,7 +137,7 @@ class CertificatesController extends ApiMutableModelControllerBase
|
|||
*/
|
||||
public function revokeAction($uuid)
|
||||
{
|
||||
$result = array("result"=>"failed");
|
||||
$result = array("result" => "failed");
|
||||
if ($this->request->isPost()) {
|
||||
$mdlAcme = new AcmeClient();
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
@ -136,8 +137,11 @@ class ServiceController extends ApiControllerBase
|
|||
$runStatus = $this->statusAction();
|
||||
|
||||
// stop acmeclient when disabled
|
||||
if ($runStatus['status'] == "running" &&
|
||||
($mdlAcme->settings->enabled->__toString() == 0 || $force_restart)) {
|
||||
if (
|
||||
$runStatus['status'] == "running" &&
|
||||
($mdlAcme->settings->enabled->__toString() == 0 ||
|
||||
$force_restart)
|
||||
) {
|
||||
$this->stopAction();
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
@ -58,9 +59,11 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
$backend = new Backend();
|
||||
|
||||
// Setup cronjob if AcmeClient and AutoRenewal is enabled.
|
||||
if ((string)$mdlAcme->settings->UpdateCron == "" and
|
||||
if (
|
||||
(string)$mdlAcme->settings->UpdateCron == "" and
|
||||
(string)$mdlAcme->settings->autoRenewal == "1" and
|
||||
(string)$mdlAcme->settings->enabled == "1") {
|
||||
(string)$mdlAcme->settings->enabled == "1"
|
||||
) {
|
||||
$mdlCron = new Cron();
|
||||
// NOTE: Only configd actions are valid commands for cronjobs
|
||||
// and they *must* provide a description that is not empty.
|
||||
|
@ -88,9 +91,11 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
$result['result'] = "unable to add cron";
|
||||
}
|
||||
// Delete cronjob if AcmeClient or AutoRenewal is disabled.
|
||||
} elseif ((string)$mdlAcme->settings->UpdateCron != "" and
|
||||
} elseif (
|
||||
(string)$mdlAcme->settings->UpdateCron != "" and
|
||||
((string)$mdlAcme->settings->autoRenewal == "0" or
|
||||
(string)$mdlAcme->settings->enabled == "0")) {
|
||||
(string)$mdlAcme->settings->enabled == "0")
|
||||
) {
|
||||
// Get UUID, clean existin entry
|
||||
$cron_uuid = (string)$mdlAcme->settings->UpdateCron;
|
||||
$mdlAcme->settings->UpdateCron = null;
|
||||
|
@ -133,8 +138,10 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
// Setup only if AcmeClient and HAProxy integration is enabled.
|
||||
// NOTE: We provide HAProxy integration no matter if the HAProxy plugin
|
||||
// is actually enabled or not. This should avoid confusion.
|
||||
if ((string)$mdlAcme->settings->haproxyIntegration == "1" and
|
||||
(string)$mdlAcme->settings->enabled == "1") {
|
||||
if (
|
||||
(string)$mdlAcme->settings->haproxyIntegration == "1" and
|
||||
(string)$mdlAcme->settings->enabled == "1"
|
||||
) {
|
||||
$mdlHAProxy = new \OPNsense\HAProxy\HAProxy();
|
||||
$backend = new Backend();
|
||||
|
||||
|
@ -311,9 +318,11 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
// Ensure HAProxy frontend additions have been applied.
|
||||
foreach ($mdlAcme->getNodeByReference('validations.validation')->iterateItems() as $validation) {
|
||||
// Find all (enabled) validation methods with HAProxy integration.
|
||||
if ((string)$validation->enabled == "1" and
|
||||
if (
|
||||
(string)$validation->enabled == "1" and
|
||||
(string)$validation->method == "http01" and
|
||||
(string)$validation->http_service == "haproxy") {
|
||||
(string)$validation->http_service == "haproxy"
|
||||
) {
|
||||
// Check if HAProxy frontends were specified.
|
||||
if (empty((string)$validation->http_haproxyFrontends)) {
|
||||
// Skip item, no HAProxy frontends were specified.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017-2019 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 Juergen Kellerer
|
||||
* All rights reserved.
|
||||
|
@ -27,7 +28,6 @@
|
|||
|
||||
namespace OPNsense\AcmeClient;
|
||||
|
||||
|
||||
/**
|
||||
* Utility class to execute shell processes and handle their IO.
|
||||
* @package OPNsense\AcmeClient
|
||||
|
@ -74,8 +74,9 @@ class Process
|
|||
|
||||
if ($process_handle) {
|
||||
if ($release) {
|
||||
if (in_array($process_handle, $open_processes))
|
||||
if (in_array($process_handle, $open_processes)) {
|
||||
$open_processes = array_diff($open_processes, [$process_handle]);
|
||||
}
|
||||
} else {
|
||||
$open_processes[] = $process_handle;
|
||||
}
|
||||
|
@ -95,8 +96,9 @@ class Process
|
|||
$this->outputs = $pipes;
|
||||
$this->inputs = [array_shift($this->outputs)];
|
||||
|
||||
foreach ($this->outputs as $stream)
|
||||
foreach ($this->outputs as $stream) {
|
||||
stream_set_blocking($stream, false);
|
||||
}
|
||||
|
||||
self::manageOpenedProcess($this->handle);
|
||||
} else {
|
||||
|
@ -108,8 +110,9 @@ class Process
|
|||
{
|
||||
$this->close();
|
||||
|
||||
if ($this->isRunning())
|
||||
if ($this->isRunning()) {
|
||||
$this->close(true);
|
||||
}
|
||||
}
|
||||
|
||||
public function get($timeout = 5, $max_length = 8192, $ending = PHP_EOL)
|
||||
|
@ -133,14 +136,17 @@ class Process
|
|||
{
|
||||
if ($this->isRunning() && is_resource($stdin = $this->inputs[0]) && !feof($stdin)) {
|
||||
fwrite($stdin, $data);
|
||||
if ($append)
|
||||
if ($append) {
|
||||
fwrite($stdin, $append);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function closeInput()
|
||||
{
|
||||
if (!feof($stdin = $this->inputs[0])) fclose($stdin);
|
||||
if (!feof($stdin = $this->inputs[0])) {
|
||||
fclose($stdin);
|
||||
}
|
||||
}
|
||||
|
||||
public function close($force = false)
|
||||
|
@ -170,8 +176,9 @@ class Process
|
|||
: false;
|
||||
|
||||
if (is_array($status)) {
|
||||
if (!$this->exitCode && $this->exitCode !== 0 && !$status["running"])
|
||||
if (!$this->exitCode && $this->exitCode !== 0 && !$status["running"]) {
|
||||
$this->exitCode = $status["exitcode"];
|
||||
}
|
||||
return $status["running"];
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 Juergen Kellerer
|
||||
* All rights reserved.
|
||||
|
@ -70,8 +71,10 @@ class SSHKeys
|
|||
if (!is_dir($config_path)) {
|
||||
$dir_created = mkdir($config_path, self::CONFIG_PATH_CREATE_MODE, true);
|
||||
|
||||
Utils::requireThat($dir_created,
|
||||
"Failed creating directory '$config_path' with permission " . self::CONFIG_PATH_CREATE_MODE);
|
||||
Utils::requireThat(
|
||||
$dir_created,
|
||||
"Failed creating directory '$config_path' with permission " . self::CONFIG_PATH_CREATE_MODE
|
||||
);
|
||||
}
|
||||
|
||||
$this->config_path = realpath($config_path);
|
||||
|
@ -85,8 +88,10 @@ class SSHKeys
|
|||
touch($this->known_hosts_file)
|
||||
&& chmod($this->known_hosts_file, self::KNOWN_HOSTS_FILE_CREATE_MODE);
|
||||
|
||||
Utils::requireThat($file_created,
|
||||
"Failed creating file '{$this->known_hosts_file}' with permission " . self::KNOWN_HOSTS_FILE_CREATE_MODE);
|
||||
Utils::requireThat(
|
||||
$file_created,
|
||||
"Failed creating file '{$this->known_hosts_file}' with permission " . self::KNOWN_HOSTS_FILE_CREATE_MODE
|
||||
);
|
||||
}
|
||||
|
||||
return $this->known_hosts_file;
|
||||
|
@ -110,8 +115,9 @@ class SSHKeys
|
|||
$host_key = false;
|
||||
} else {
|
||||
$host_key = self::getHostKeyInfo($host_key);
|
||||
if ($host_key === false)
|
||||
if ($host_key === false) {
|
||||
return ["ok" => false, "error" => "Invalid host_key specified."];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -157,8 +163,7 @@ class SSHKeys
|
|||
$is_key_known = false;
|
||||
if ($known_by_host && $host_key && $host_key === $known_by_host["key_info"]) {
|
||||
$is_key_known = true;
|
||||
|
||||
} else if ($known_by_key) {
|
||||
} elseif ($known_by_key) {
|
||||
if (strcasecmp(trim($host), trim($known_by_key["host"])) != 0) {
|
||||
Utils::log()->info("Host key is in known_hosts but hostname differs. Changing '$host' to '{$known_by_key["host"]}'.");
|
||||
$host = $known_by_key["host"];
|
||||
|
@ -169,18 +174,18 @@ class SSHKeys
|
|||
|
||||
// Check if we don't have a matching known_hosts entry and add or update it as required.
|
||||
if (!$is_key_known && !$no_modification_allowed) {
|
||||
|
||||
// Query the key.
|
||||
$key_type = $host_key ? $host_key["key_type"] : self::DEFAULT_KEY_TYPE;
|
||||
$remote_host_keys = $addKeyInfo($this->queryHostKey($host, $key_type, $port, $query_error));
|
||||
|
||||
// Retry with ALTERNATE_DEFAULT_KEY_TYPE when DEFAULT_KEY_TYPE was applied in the first place.
|
||||
if (empty($remote_host_keys)
|
||||
if (
|
||||
empty($remote_host_keys)
|
||||
&& $query_error
|
||||
&& $query_error["connection_refused"]
|
||||
&& !$host_key
|
||||
&& self::ALTERNATE_DEFAULT_KEY_TYPE != self::DEFAULT_KEY_TYPE) {
|
||||
|
||||
&& self::ALTERNATE_DEFAULT_KEY_TYPE != self::DEFAULT_KEY_TYPE
|
||||
) {
|
||||
$key_type = self::ALTERNATE_DEFAULT_KEY_TYPE;
|
||||
$remote_host_keys = $addKeyInfo($this->queryHostKey($host, $key_type, $port, $query_error));
|
||||
}
|
||||
|
@ -198,18 +203,20 @@ class SSHKeys
|
|||
foreach ($matching_remote_host_keys as $key) {
|
||||
Utils::log()->info("Adding known_hosts entry: " . json_encode($key["key_info"], JSON_UNESCAPED_SLASHES));
|
||||
$ok = file_put_contents($this->knownHostsFile(), $key["host_key"] . PHP_EOL, FILE_APPEND);
|
||||
if (!$ok)
|
||||
if (!$ok) {
|
||||
Utils::log()->error("Failed adding known_hosts entry {$key["host_key"]}");
|
||||
}
|
||||
}
|
||||
|
||||
// Verify that known_hosts contains the correct keys after adding them (using recursion).
|
||||
return $this->trustHost($host, $matching_remote_host_keys[0]["host_key"], $port, true);
|
||||
|
||||
} else {
|
||||
if (empty($remote_host_keys)) {
|
||||
$msg = "No connection to '$host'; Failed querying host key from server.";
|
||||
} else {
|
||||
$remote_infos = array_map(function ($key) { return $key["key_info"]; }, $remote_host_keys);
|
||||
$remote_infos = array_map(function ($key) {
|
||||
return $key["key_info"];
|
||||
}, $remote_host_keys);
|
||||
$msg = "Key mismatch for '$host'; "
|
||||
. "The expected key (" . json_encode($host_key) . ") was not found in (" . json_encode($remote_infos) . ")";
|
||||
}
|
||||
|
@ -241,8 +248,9 @@ class SSHKeys
|
|||
$has_ip = ($ip = gethostbyname($host))
|
||||
&& ($ip !== $host || preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $ip));
|
||||
|
||||
if ($has_ip)
|
||||
if ($has_ip) {
|
||||
$search_list[] = strtolower($ip);
|
||||
}
|
||||
|
||||
// Add FQDN to search list if reverse lookup provides a valid one.
|
||||
$has_fqdn = $has_ip
|
||||
|
@ -250,8 +258,9 @@ class SSHKeys
|
|||
&& $reverse_fqdn !== $ip
|
||||
&& gethostbyname($reverse_fqdn) === $ip;
|
||||
|
||||
if ($has_fqdn && isset($reverse_fqdn))
|
||||
if ($has_fqdn && isset($reverse_fqdn)) {
|
||||
$search_list[] = strtolower($reverse_fqdn);
|
||||
}
|
||||
|
||||
// Build unique search list (dedup list)
|
||||
$search_list = array_filter($search_list, function ($value, $index) use (&$search_list) {
|
||||
|
@ -295,16 +304,18 @@ class SSHKeys
|
|||
$lines = [];
|
||||
while (($line = $p->get(60)) !== false) {
|
||||
$line = trim($line);
|
||||
if (empty($line) || $line[0] == "#")
|
||||
if (empty($line) || $line[0] == "#") {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!$failed) {
|
||||
foreach ($expected_errors as $err)
|
||||
foreach ($expected_errors as $err) {
|
||||
if (preg_match($err[1], $line)) {
|
||||
$error = [$err[0] => true];
|
||||
$failed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$lines[] = $line;
|
||||
|
@ -327,8 +338,9 @@ class SSHKeys
|
|||
if (empty($keys)) {
|
||||
Utils::log()->info("Couldn't fetch public host key ($key_type) from {$host}:{$port}");
|
||||
|
||||
if (!is_array($error) || empty($error))
|
||||
if (!is_array($error) || empty($error)) {
|
||||
$error = ["connection_refused" => true];
|
||||
}
|
||||
}
|
||||
|
||||
return $keys;
|
||||
|
@ -349,8 +361,9 @@ class SSHKeys
|
|||
$lines = [];
|
||||
while (($line = $p->get()) !== false) {
|
||||
$line = trim($line);
|
||||
if (empty($line) || $line[0] == "#")
|
||||
if (empty($line) || $line[0] == "#") {
|
||||
continue;
|
||||
}
|
||||
|
||||
$lines[] = $line;
|
||||
}
|
||||
|
@ -366,8 +379,7 @@ class SSHKeys
|
|||
"host_key" => $lines[0],
|
||||
"host_query" => $name_or_ip,
|
||||
];
|
||||
|
||||
} else if ($p->exitCode != 1 /* 1 == NOT_FOUND */) {
|
||||
} elseif ($p->exitCode != 1 /* 1 == NOT_FOUND */) {
|
||||
$output = empty($lines)
|
||||
? ""
|
||||
: PHP_EOL . join(PHP_EOL, $lines);
|
||||
|
@ -377,8 +389,9 @@ class SSHKeys
|
|||
}
|
||||
}
|
||||
|
||||
if (empty($keys))
|
||||
if (empty($keys)) {
|
||||
Utils::log()->info("Didn't find $host in known_hosts");
|
||||
}
|
||||
|
||||
return $keys;
|
||||
}
|
||||
|
@ -394,8 +407,9 @@ class SSHKeys
|
|||
|
||||
if ($p = Process::open(["ssh-keygen", "-R", $host, "-f", $this->knownHostsFile()])) {
|
||||
$ok = $p->close() === 0;
|
||||
if (!$ok)
|
||||
if (!$ok) {
|
||||
Utils::log()->error("Failed removing known hosts for $host. Return code was: {$p->exitCode}");
|
||||
}
|
||||
}
|
||||
|
||||
return $ok;
|
||||
|
@ -438,8 +452,9 @@ class SSHKeys
|
|||
Utils::requireThat(in_array($identity_type, self::IDENTITY_TYPES), "Identity type '$identity_type' unknown.");
|
||||
|
||||
list($key_type, $key_size) = explode('_', $identity_type, 2);
|
||||
if (!$key_size && self::DEFAULT_IDENTITY_KEY_BITS[$key_type] > 0)
|
||||
if (!$key_size && self::DEFAULT_IDENTITY_KEY_BITS[$key_type] > 0) {
|
||||
$key_size = self::DEFAULT_IDENTITY_KEY_BITS[$key_type];
|
||||
}
|
||||
|
||||
$identity_path = "{$this->config_path}/id.{$identity_type}";
|
||||
|
||||
|
@ -451,17 +466,20 @@ class SSHKeys
|
|||
"-N", "",
|
||||
];
|
||||
|
||||
if (intval($key_size) > 0)
|
||||
if (intval($key_size) > 0) {
|
||||
array_push($generate_key, "-b", $key_size);
|
||||
}
|
||||
|
||||
if ($p = Process::open($generate_key)) {
|
||||
while (($line = $p->get(10)) !== false) {
|
||||
Utils::log()->info("SSH keygen: $line");
|
||||
}
|
||||
|
||||
Utils::requireThat($p->close() == 0,
|
||||
Utils::requireThat(
|
||||
$p->close() == 0,
|
||||
"Failed generating identity $identity_path: Error code: {$p->exitCode}" . PHP_EOL
|
||||
. "Command: " . join(" ", $generate_key));
|
||||
. "Command: " . join(" ", $generate_key)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -479,15 +497,17 @@ class SSHKeys
|
|||
{
|
||||
$restrictions = ['restrict'];
|
||||
|
||||
if ($command)
|
||||
if ($command) {
|
||||
$restrictions[] = 'command="' . $command . '"';
|
||||
}
|
||||
|
||||
$restrict_ip = empty(trim($outgoing_ip))
|
||||
? (empty(trim($host)) ? false : self::getOutgoingIpFor($host))
|
||||
: $outgoing_ip;
|
||||
|
||||
if ($restrict_ip)
|
||||
if ($restrict_ip) {
|
||||
$restrictions[] = 'from="' . $restrict_ip . '"';
|
||||
}
|
||||
|
||||
|
||||
return count($restrictions) > 1
|
||||
|
@ -506,17 +526,19 @@ class SSHKeys
|
|||
$interface = null;
|
||||
|
||||
if ($p = Process::open(["route", "-n", "get", $ip])) {
|
||||
while (($line = $p->get(10)) !== false)
|
||||
while (($line = $p->get(10)) !== false) {
|
||||
if (preg_match('/\s*interface:\s*([^\s]+).*$/', $line, $matches)) {
|
||||
$interface = $matches[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($interface && $p = Process::open(["ifconfig", $interface, "inet"])) {
|
||||
while (($line = $p->get(10)) !== false)
|
||||
while (($line = $p->get(10)) !== false) {
|
||||
if (preg_match('/\s*inet\s+([^\s]+)\s+netmask.*/', $line, $matches)) {
|
||||
return $matches[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 Juergen Kellerer
|
||||
* All rights reserved.
|
||||
|
@ -27,7 +28,6 @@
|
|||
|
||||
namespace OPNsense\AcmeClient;
|
||||
|
||||
|
||||
/**
|
||||
* Wrapper around the 'sftp' commandline client.
|
||||
* @package OPNsense\AcmeClient
|
||||
|
@ -96,9 +96,12 @@ class SftpClient
|
|||
// Handle client side identity
|
||||
$identity = $this->ssh_keys->getIdentity($this->identity_type, true);
|
||||
if (is_file($identity) && is_readable($identity)) {
|
||||
array_push($cmd,
|
||||
"-i", $identity,
|
||||
"-oPreferredAuthentications=publickey");
|
||||
array_push(
|
||||
$cmd,
|
||||
"-i",
|
||||
$identity,
|
||||
"-oPreferredAuthentications=publickey"
|
||||
);
|
||||
} else {
|
||||
Utils::log()->error("Failed adding client identity ($identity). Connect will likely fail.");
|
||||
}
|
||||
|
@ -119,7 +122,7 @@ class SftpClient
|
|||
return false;
|
||||
}
|
||||
|
||||
private function processAvailableInput(float $timeout = 0, $expected_lines = 0, Callable $lines_consumer = null, $remaining_timeout = 0)
|
||||
private function processAvailableInput(float $timeout = 0, $expected_lines = 0, callable $lines_consumer = null, $remaining_timeout = 0)
|
||||
{
|
||||
Utils::requireThat($this->process !== null, "SFTP: process not connected");
|
||||
|
||||
|
@ -139,18 +142,22 @@ class SftpClient
|
|||
while (($line = $this->process->get($timeout)) !== false) {
|
||||
foreach ($expected_errors as $ee) {
|
||||
if (preg_match($ee[1], $line)) {
|
||||
if (!$this->failed_status || $ee[0] !== "connection_closed")
|
||||
if (!$this->failed_status || $ee[0] !== "connection_closed") {
|
||||
$this->failed_status = [$ee[0] => true, "error" => trim($line)];
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$consumed = ($lines_consumer && $lines_consumer($line) === true);
|
||||
if (!$consumed)
|
||||
if (!$consumed) {
|
||||
Utils::log()->info("SFTP: " . rtrim($line));
|
||||
}
|
||||
|
||||
if (!$lines_consumer || $consumed) {
|
||||
if (--$expected_lines <= 0) $timeout = $remaining_timeout;
|
||||
if (--$expected_lines <= 0) {
|
||||
$timeout = $remaining_timeout;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -166,15 +173,17 @@ class SftpClient
|
|||
|
||||
$this->process = null;
|
||||
|
||||
if ($this->failed_status && $this->failed_status["connection_closed"])
|
||||
if ($this->failed_status && $this->failed_status["connection_closed"]) {
|
||||
$this->clearError();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function lastError($timeout = 0.5)
|
||||
{
|
||||
if ($this->failed_status === false)
|
||||
if ($this->failed_status === false) {
|
||||
$this->processAvailableInput($timeout);
|
||||
}
|
||||
return $this->failed_status;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 Juergen Kellerer
|
||||
* All rights reserved.
|
||||
|
@ -27,7 +28,6 @@
|
|||
|
||||
namespace OPNsense\AcmeClient;
|
||||
|
||||
|
||||
/**
|
||||
* Handles file uploads via SFTP.
|
||||
* @package OPNsense\AcmeClient
|
||||
|
@ -103,12 +103,14 @@ class SftpUploader
|
|||
$content_written = file_put_contents($local_file, $content);
|
||||
Utils::requireThat($content_written > 0, "Failed writing content of '$remote_file' to '$local_file', disk full?");
|
||||
|
||||
if (($time = intval($content_last_modified)) && $time > 0)
|
||||
if (($time = intval($content_last_modified)) && $time > 0) {
|
||||
touch($local_file, $time);
|
||||
}
|
||||
|
||||
$remote_file = trim($remote_file);
|
||||
if (empty($remote_file))
|
||||
if (empty($remote_file)) {
|
||||
$remote_file = basename($local_file);
|
||||
}
|
||||
|
||||
$local_file = $this->addFile($local_file, $remote_file, $chmod, $chgrp);
|
||||
$this->pending_files[$local_file]["delete_source"] = true;
|
||||
|
@ -171,7 +173,6 @@ class SftpUploader
|
|||
|
||||
// Uploading the files
|
||||
foreach ($files_to_upload as $file) {
|
||||
|
||||
// Managing pending files.
|
||||
$local_file = $this->current_file = $file["source"];
|
||||
|
||||
|
@ -187,11 +188,11 @@ class SftpUploader
|
|||
|
||||
// Changing remote directory if required.
|
||||
if (($target_dir = dirname($file["target"])) !== $remote_path) {
|
||||
|
||||
$absolute_target_dir = $this->sftp->resolve($target_dir, $remote_base_path);
|
||||
Utils::requireThat(
|
||||
$absolute_target_dir && strpos($absolute_target_dir, $remote_base_path) === 0,
|
||||
"Illegal target directory '$absolute_target_dir' is not below '$remote_base_path'");
|
||||
"Illegal target directory '$absolute_target_dir' is not below '$remote_base_path'"
|
||||
);
|
||||
|
||||
$dir_names = preg_split('-/+-', substr($absolute_target_dir, strlen($remote_base_path)), 0, PREG_SPLIT_NO_EMPTY);
|
||||
if (count($dir_names) == 1) {
|
||||
|
@ -263,8 +264,9 @@ class SftpUploader
|
|||
if ($error = $this->sftp->put($local_file, $remote_filename, $preserve_times_and_mod)->lastError()) {
|
||||
Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'", $error);
|
||||
|
||||
if ($error["permission_denied"] !== true)
|
||||
if ($error["permission_denied"] !== true) {
|
||||
$retry_with_permission_change = false;
|
||||
}
|
||||
|
||||
if ($retry_with_permission_change) {
|
||||
Utils::log()->info("Retrying file '{$local_file}' to '{$file["target"]}' with adjusted permissions");
|
||||
|
@ -279,15 +281,13 @@ class SftpUploader
|
|||
|
||||
// Second attempt when initial failed or was skipped due to write protection (only possible if we have chmod defined to reset permissions later)
|
||||
if ($retry_with_permission_change) {
|
||||
|
||||
$this->sftp->chmod($remote_filename, '0600');
|
||||
|
||||
if ($error = $this->sftp->put($local_file, $remote_filename)->lastError()) {
|
||||
Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'", $error);
|
||||
return self::UPLOAD_ERROR_NO_PERMISSION;
|
||||
}
|
||||
|
||||
} else if ($remote_is_readonly) {
|
||||
} elseif ($remote_is_readonly) {
|
||||
Utils::log()->error("Failed uploading file '{$local_file}' to '{$file["target"]}'. Existing file is write protected.");
|
||||
return self::UPLOAD_ERROR_NO_PERMISSION;
|
||||
}
|
||||
|
@ -316,18 +316,20 @@ class SftpUploader
|
|||
|
||||
$this->current_file = null;
|
||||
|
||||
if (empty($this->pending_files))
|
||||
if (empty($this->pending_files)) {
|
||||
$this->temporaryFile(true);
|
||||
}
|
||||
|
||||
return self::UPLOAD_SUCCESS;
|
||||
}
|
||||
|
||||
private function deleteSourceIfRequested($file)
|
||||
{
|
||||
if (isset($this->pending_files[$file])
|
||||
if (
|
||||
isset($this->pending_files[$file])
|
||||
&& is_array($existing = $this->pending_files[$file])
|
||||
&& $existing["delete_source"] === true) {
|
||||
|
||||
&& $existing["delete_source"] === true
|
||||
) {
|
||||
unlink($existing["source"]);
|
||||
}
|
||||
}
|
||||
|
@ -344,8 +346,9 @@ class SftpUploader
|
|||
register_shutdown_function(function () use (&$shared_temporary_files) {
|
||||
$count = 0;
|
||||
foreach ($shared_temporary_files as $temporary_files) {
|
||||
if (!is_iterable($temporary_files))
|
||||
if (!is_iterable($temporary_files)) {
|
||||
continue;
|
||||
}
|
||||
foreach ($temporary_files as $file) {
|
||||
if (is_file($file)) {
|
||||
unlink($file);
|
||||
|
@ -354,8 +357,9 @@ class SftpUploader
|
|||
}
|
||||
}
|
||||
|
||||
if ($count > 0)
|
||||
if ($count > 0) {
|
||||
Utils::log()->info("Removed $count files in shutdown hook instead of object destruction.");
|
||||
}
|
||||
|
||||
$shared_temporary_files = [];
|
||||
});
|
||||
|
@ -373,11 +377,12 @@ class SftpUploader
|
|||
// Dealing with temp file creation or cleanup
|
||||
if ($delete_all) {
|
||||
foreach ($temporary_files as $file) {
|
||||
if (is_file($file)) unlink($file);
|
||||
if (is_file($file)) {
|
||||
unlink($file);
|
||||
}
|
||||
}
|
||||
|
||||
unset($shared_temporary_files[$index]);
|
||||
|
||||
} else {
|
||||
if ($file = tempnam(sys_get_temp_dir(), "sftp-upload-")) {
|
||||
$file = realpath($file);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 Juergen Kellerer
|
||||
* All rights reserved.
|
||||
|
@ -73,7 +74,6 @@ class Utils
|
|||
);
|
||||
}
|
||||
};
|
||||
|
||||
} else {
|
||||
$logger = new class implements ILogger
|
||||
{
|
||||
|
@ -117,9 +117,9 @@ class Utils
|
|||
$combined_path = $file;
|
||||
|
||||
if (empty($file) || $file[0] != DIRECTORY_SEPARATOR) {
|
||||
|
||||
if (empty($base) || $base[0] != DIRECTORY_SEPARATOR)
|
||||
if (empty($base) || $base[0] != DIRECTORY_SEPARATOR) {
|
||||
$base = realpath(($base ?: "."));
|
||||
}
|
||||
|
||||
$combined_path = $base . DIRECTORY_SEPARATOR . $file;
|
||||
}
|
||||
|
@ -127,15 +127,17 @@ class Utils
|
|||
$path = [];
|
||||
|
||||
foreach (explode(DIRECTORY_SEPARATOR, $combined_path) as $part) {
|
||||
if (empty($part) || $part === '.')
|
||||
if (empty($part) || $part === '.') {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($part !== '..')
|
||||
if ($part !== '..') {
|
||||
array_push($path, $part);
|
||||
else if (!empty($path))
|
||||
} elseif (!empty($path)) {
|
||||
array_pop($path);
|
||||
else
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return DIRECTORY_SEPARATOR . join(DIRECTORY_SEPARATOR, $path);
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Frank Wall
|
||||
* Copyright (C) 2015 Deciso B.V.
|
||||
|
|
|
@ -78,23 +78,23 @@ if (isset($options["C"])) {
|
|||
switch ($options["a"]) {
|
||||
case 'sign':
|
||||
$result = cert_action_validator($options["c"]);
|
||||
echo json_encode(array('status'=>$result));
|
||||
echo json_encode(array('status' => $result));
|
||||
break;
|
||||
case 'renew':
|
||||
$result = cert_action_validator($options["c"]);
|
||||
echo json_encode(array('status'=>$result));
|
||||
echo json_encode(array('status' => $result));
|
||||
break;
|
||||
case 'remove':
|
||||
$result = cert_action_validator($options["c"]);
|
||||
echo json_encode(array('status'=>$result));
|
||||
echo json_encode(array('status' => $result));
|
||||
break;
|
||||
case 'removekey':
|
||||
$result = cert_action_validator($options["c"]);
|
||||
echo json_encode(array('status'=>$result));
|
||||
echo json_encode(array('status' => $result));
|
||||
break;
|
||||
case 'revoke':
|
||||
$result = cert_action_validator($options["c"]);
|
||||
echo json_encode(array('status'=>$result));
|
||||
echo json_encode(array('status' => $result));
|
||||
break;
|
||||
default:
|
||||
echo "ERROR: invalid argument specified\n";
|
||||
|
@ -112,7 +112,7 @@ function cert_action_validator($opt_cert_id)
|
|||
{
|
||||
global $options;
|
||||
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient;
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient();
|
||||
|
||||
// Store certs here after successful issue/renewal. Required for automations.
|
||||
$restart_certs = array();
|
||||
|
@ -459,7 +459,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
|
|||
|
||||
// Required to run pre-defined commands.
|
||||
$backend = new Backend();
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient;
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient();
|
||||
|
||||
// Collect account information
|
||||
$account_conf_dir = "/var/etc/acme-client/accounts/" . $acctObj->id;
|
||||
|
@ -511,7 +511,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
|
|||
$last_update_time = new \DateTime();
|
||||
$last_update_time->setTimestamp($last_update);
|
||||
$renew_interval = (string)$certObj->renewInterval;
|
||||
$next_update = $last_update_time->add(new \DateInterval('P'.$renew_interval.'D'));
|
||||
$next_update = $last_update_time->add(new \DateInterval('P' . $renew_interval . 'D'));
|
||||
|
||||
// Check if it's time to renew the cert.
|
||||
if (isset($options["F"]) or ($current_time >= $next_update)) {
|
||||
|
@ -899,7 +899,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
|
|||
switch ((string)$certObj->aliasmode) {
|
||||
case 'automatic':
|
||||
$name = "_acme-challenge." . ltrim((string)$certObj->name, '*.');
|
||||
if ($dst = dns_get_record($name, DNS_CNAME )) {
|
||||
if ($dst = dns_get_record($name, DNS_CNAME)) {
|
||||
$altnames .= "--domain-alias " . $dst[0]['target'] . " ";
|
||||
}
|
||||
break;
|
||||
|
@ -923,7 +923,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
|
|||
switch ((string)$certObj->aliasmode) {
|
||||
case 'automatic':
|
||||
$name = "_acme-challenge." . ltrim($altname, '*.');
|
||||
if ($dst = dns_get_record($name, DNS_CNAME )) {
|
||||
if ($dst = dns_get_record($name, DNS_CNAME)) {
|
||||
$altnames .= "--domain-alias " . $dst[0]['target'] . " ";
|
||||
}
|
||||
break;
|
||||
|
@ -935,7 +935,6 @@ function run_acme_validation($certObj, $valObj, $acctObj)
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1409,12 +1408,12 @@ function dump_postponed_updates()
|
|||
500 => 'internal error',
|
||||
];
|
||||
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient;
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient();
|
||||
|
||||
foreach ($postponed_updates as $pupdate) {
|
||||
$_statusCode = $pupdate['statusCode'];
|
||||
$_uuid = $pupdate['uuid'];
|
||||
$node = $modelObj->getNodeByReference('certificates.certificate.'.$_uuid);
|
||||
$node = $modelObj->getNodeByReference('certificates.certificate.' . $_uuid);
|
||||
if ($node != null) {
|
||||
log_error("AcmeClient: storing status '" . $status_descr[$_statusCode] . "' for cert " . (string)$node->name);
|
||||
$node->statusCode = $_statusCode;
|
||||
|
@ -1492,7 +1491,7 @@ function local_cert_get_cn($crt, $decode = true)
|
|||
}
|
||||
|
||||
// taken from system_camanager.php
|
||||
function local_ca_import(& $ca, $str, $key = "", $serial = 0)
|
||||
function local_ca_import(&$ca, $str, $key = "", $serial = 0)
|
||||
{
|
||||
global $config;
|
||||
|
||||
|
@ -1518,7 +1517,7 @@ function local_ca_import(& $ca, $str, $key = "", $serial = 0)
|
|||
if (is_array($config['ca'])) {
|
||||
foreach ($config['ca'] as & $oca) {
|
||||
$issuer = cert_get_issuer($oca['crt']);
|
||||
if ($ca['refid']<>$oca['refid'] && $issuer==$subject) {
|
||||
if ($ca['refid'] <> $oca['refid'] && $issuer == $subject) {
|
||||
$oca['caref'] = $ca['refid'];
|
||||
}
|
||||
}
|
||||
|
@ -1526,7 +1525,7 @@ function local_ca_import(& $ca, $str, $key = "", $serial = 0)
|
|||
if (is_array($config['cert'])) {
|
||||
foreach ($config['cert'] as & $cert) {
|
||||
$issuer = cert_get_issuer($cert['crt']);
|
||||
if ($issuer==$subject) {
|
||||
if ($issuer == $subject) {
|
||||
$cert['caref'] = $ca['refid'];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ $HIGHWINDS_API_URL = 'https://striketracker.highwinds.com/api/v1/accounts';
|
|||
|
||||
function find_certificate($acme_cert_id)
|
||||
{
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient;
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient();
|
||||
$configObj = Config::getInstance()->object();
|
||||
if (isset($configObj->OPNsense->AcmeClient->certificates) && $configObj->OPNsense->AcmeClient->certificates->count() > 0) {
|
||||
foreach ($configObj->OPNsense->AcmeClient->certificates->children() as $certObj) {
|
||||
|
@ -93,7 +93,7 @@ function export_certificate($cert_refid)
|
|||
|
||||
function upload_certificate($cert_name, $cert_refid, $acme_cert_id, $acme_automation_id)
|
||||
{
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient;
|
||||
$modelObj = new OPNsense\AcmeClient\AcmeClient();
|
||||
$configObj = Config::getInstance()->object();
|
||||
if (isset($configObj->OPNsense->AcmeClient->actions) && $configObj->OPNsense->AcmeClient->actions->count() > 0) {
|
||||
foreach ($configObj->OPNsense->AcmeClient->actions->children() as $automObj) {
|
||||
|
|
|
@ -154,15 +154,15 @@ function commandShowIdentity(array &$options): int
|
|||
|
||||
$keys = new SSHKeys(configPath());
|
||||
if (($id_file = $keys->getIdentity($identity_type)) && is_readable($id_file)) {
|
||||
|
||||
if (!isset($options["unrestricted"])
|
||||
&& ($restrictions = SSHKeys::getIdentityRestrictions($host, $source_ip))) {
|
||||
if (
|
||||
!isset($options["unrestricted"])
|
||||
&& ($restrictions = SSHKeys::getIdentityRestrictions($host, $source_ip))
|
||||
) {
|
||||
echo "$restrictions ";
|
||||
}
|
||||
|
||||
echo file_get_contents($id_file);
|
||||
return EXITCODE_SUCCESS;
|
||||
|
||||
} else {
|
||||
Utils::log()->error("Failed getting identity. See log output for details.");
|
||||
}
|
||||
|
@ -197,14 +197,14 @@ function commandTestConnection(array &$options): int
|
|||
|
||||
if ($result["success"]) {
|
||||
$result["actions"][] = "upload-tested";
|
||||
|
||||
} else {
|
||||
if ($error = $sftp->lastError(3))
|
||||
if ($error = $sftp->lastError(3)) {
|
||||
$result = array_merge($result, $error);
|
||||
}
|
||||
|
||||
if ($upload_result === SftpUploader::UPLOAD_ERROR_CHGRP_FAILED) {
|
||||
$result["chgrp_failed"] = true;
|
||||
} else if ($upload_result === SftpUploader::UPLOAD_ERROR_CHMOD_FAILED) {
|
||||
} elseif ($upload_result === SftpUploader::UPLOAD_ERROR_CHMOD_FAILED) {
|
||||
$result["chmod_failed"] = true;
|
||||
}
|
||||
}
|
||||
|
@ -215,8 +215,9 @@ function commandTestConnection(array &$options): int
|
|||
SftpUploader::UPLOAD_ERROR_CHMOD_FAILED]);
|
||||
|
||||
if ($remove_file) {
|
||||
if ($error = $sftp->clearError()->rm($filename)->lastError(3))
|
||||
if ($error = $sftp->clearError()->rm($filename)->lastError(3)) {
|
||||
Utils::log()->error("Failed removing upload test file '$filename'", $error);
|
||||
}
|
||||
}
|
||||
|
||||
$sftp->close();
|
||||
|
@ -233,15 +234,15 @@ function commandUpload(array &$options): int
|
|||
// Includes host, upload all certs to the same host.
|
||||
if (isset($options["host"])) {
|
||||
return uploadCertificatesToHost($options);
|
||||
|
||||
} else {
|
||||
// Find the actions associated with the given certs.
|
||||
$tasks = [];
|
||||
$cert_ids = preg_split('/[,;\s]+/', $options["certificates"] ?: "", 0, PREG_SPLIT_NO_EMPTY);
|
||||
foreach (findCertificates($cert_ids, false) as $id => $cert) {
|
||||
foreach ($cert["automations"] as $action_id) {
|
||||
if (!isset($tasks[$action_id]))
|
||||
if (!isset($tasks[$action_id])) {
|
||||
$tasks[$action_id] = [];
|
||||
}
|
||||
$tasks[$action_id][] = $id;
|
||||
}
|
||||
}
|
||||
|
@ -251,17 +252,16 @@ function commandUpload(array &$options): int
|
|||
if (!empty($cert_list) && ($task_options = getOptionsById($action_id, true))) {
|
||||
$task_options = array_merge($options, $task_options, ["certificates" => join(",", $cert_list)]);
|
||||
$result = uploadCertificatesToHost($task_options);
|
||||
if ($result != EXITCODE_SUCCESS)
|
||||
if ($result != EXITCODE_SUCCESS) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
} else if (isset($options["host"])) {
|
||||
} elseif (isset($options["host"])) {
|
||||
return uploadCertificatesToHost($options);
|
||||
|
||||
} else {
|
||||
Utils::log()->error("No work to do, neither --host nor --certificates is present.");
|
||||
return EXITCODE_ERROR_NOTHING_TO_UPLOAD;
|
||||
|
@ -283,11 +283,11 @@ function uploadCertificatesToHost(array $options): int
|
|||
|
||||
addFilesToUpload($options, $uploader);
|
||||
|
||||
if (empty($uploader->pending()))
|
||||
if (empty($uploader->pending())) {
|
||||
return EXITCODE_ERROR_NOTHING_TO_UPLOAD;
|
||||
}
|
||||
|
||||
for ($max_restarts = 5; !empty($uploader->pending()) && $max_restarts > 0; $max_restarts--) {
|
||||
|
||||
$result = $uploader->upload();
|
||||
|
||||
if ($result != SftpUploader::UPLOAD_SUCCESS) {
|
||||
|
@ -370,10 +370,12 @@ function getCommand()
|
|||
$command = null;
|
||||
$parsed_args = getopt("", ["command::"]);
|
||||
foreach (COMMANDS as $name => $cmd) {
|
||||
if (in_array($name, $GLOBALS["argv"]) || $parsed_args["command"] === $name)
|
||||
if (in_array($name, $GLOBALS["argv"]) || $parsed_args["command"] === $name) {
|
||||
$command = $cmd;
|
||||
if ($cmd["default"] === true)
|
||||
}
|
||||
if ($cmd["default"] === true) {
|
||||
$default = $cmd;
|
||||
}
|
||||
}
|
||||
|
||||
return $command ?: $default;
|
||||
|
@ -385,9 +387,12 @@ function getActionById($automation_id)
|
|||
$client = $config->OPNsense->AcmeClient;
|
||||
|
||||
foreach ($client->actions->children() as $action) {
|
||||
if ($automation_id === (string)$action->attributes()["uuid"]
|
||||
|| $automation_id === (string)$action->id)
|
||||
if (
|
||||
$automation_id === (string)$action->attributes()["uuid"]
|
||||
|| $automation_id === (string)$action->id
|
||||
) {
|
||||
return $action;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
|
@ -395,7 +400,9 @@ function getActionById($automation_id)
|
|||
|
||||
function getOptionsById($automation_id, $silent = false)
|
||||
{
|
||||
if (!$silent) Utils::log()->info("Reading options from automation: $automation_id");
|
||||
if (!$silent) {
|
||||
Utils::log()->info("Reading options from automation: $automation_id");
|
||||
}
|
||||
|
||||
if (is_object($action = getActionById($automation_id))) {
|
||||
if ($action->enabled && "upload_sftp" === (string)$action->type) {
|
||||
|
@ -414,7 +421,7 @@ function getOptionsById($automation_id, $silent = false)
|
|||
"ca-name" => trim((string)$action->sftp_filename_ca),
|
||||
"certificates" => "", // defaults to all (= empty), may be overridden via CLI
|
||||
];
|
||||
} else if (!$silent) {
|
||||
} elseif (!$silent) {
|
||||
Utils::log()->error("Ignoring disabled or invalid automation '$automation_id'");
|
||||
}
|
||||
} else {
|
||||
|
@ -434,14 +441,12 @@ function addFilesToUpload(array $options, SftpUploader &$uploader)
|
|||
$cert_ids = preg_split('/[,;\s]+/', $options["certificates"] ?: "", 0, PREG_SPLIT_NO_EMPTY);
|
||||
|
||||
foreach (findCertificates($cert_ids) as $cert) {
|
||||
|
||||
if (!isset($cert["content"])) {
|
||||
Utils::log()->error("Ignoring upload for cert '{$cert["name"]}', since it is not available in trust storage.");
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach ($cert["content"] as $name => $content) {
|
||||
|
||||
if (empty($content)) {
|
||||
Utils::log()->error("Content for '{$name}.pem' in cert '{$cert["name"]}' is empty, skipping it.");
|
||||
continue;
|
||||
|
@ -463,44 +468,46 @@ function addFilesToUpload(array $options, SftpUploader &$uploader)
|
|||
? stripcslashes($cert[$index])
|
||||
: "__unknown-template-param__{$index}__";
|
||||
},
|
||||
$path_part);
|
||||
$path_part
|
||||
);
|
||||
|
||||
// Sanitize user input. Allow unicode chars, numbers and some special characters [_-@.].
|
||||
// Also replace all ".." with "." to avoid upwards tree traversal.
|
||||
return preg_replace(['/\.+/', '/[^\w\d_\-@.]+/uim'], ['.', '-'], trim($path_part));
|
||||
},
|
||||
preg_split('-[/\\\\]+-', $target_path, 0, PREG_SPLIT_NO_EMPTY)));
|
||||
preg_split('-[/\\\\]+-', $target_path, 0, PREG_SPLIT_NO_EMPTY)
|
||||
));
|
||||
|
||||
|
||||
// Add the file to upload (if valid)
|
||||
if (!empty($target_path)
|
||||
if (
|
||||
!empty($target_path)
|
||||
&& preg_match('-^(?!/).+?(?<!/)$-', $target_path) /* must neither begin nor end with '/' */
|
||||
&& !preg_match('-^[/.]+$-', $target_path) /* must not only consist of '/' and '.' */) {
|
||||
|
||||
&& !preg_match('-^[/.]+$-', $target_path) /* must not only consist of '/' and '.' */
|
||||
) {
|
||||
$mod = $name === "key"
|
||||
? $chmod_key
|
||||
: $chmod;
|
||||
|
||||
$uploader->addContent($content, $target_path, $cert["updated"], $mod, $chgrp);
|
||||
|
||||
} else {
|
||||
Utils::log()->error("Cannot add '{$name}.pem' since the upload path '$target_path' is invalid.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($uploader->pending()))
|
||||
if (empty($uploader->pending())) {
|
||||
Utils::log()->error("Didn't find any certificates to upload (cert-ids: " . (empty($cert_ids) ? "*all*" : join(", ", $cert_ids)) . ").");
|
||||
|
||||
} else if (isset($options["files"])) {
|
||||
}
|
||||
} elseif (isset($options["files"])) {
|
||||
$files = preg_split('/[,;\s]+/', $options["files"] ?: "", 0, PREG_SPLIT_NO_EMPTY);
|
||||
foreach ($files as $file) {
|
||||
$uploader->addFile($file, "", $chmod, $chgrp);
|
||||
};
|
||||
|
||||
if (empty($uploader->pending()))
|
||||
if (empty($uploader->pending())) {
|
||||
Utils::log()->error("Didn't files to upload (files: " . join(", ", $files) . ").");
|
||||
|
||||
}
|
||||
} else {
|
||||
Utils::log()->error("Neither '--certificates' nor '--files' was specified. Have nothing to upload.");
|
||||
}
|
||||
|
@ -508,7 +515,9 @@ function addFilesToUpload(array $options, SftpUploader &$uploader)
|
|||
|
||||
function findCertificates(array $certificate_ids_or_names, $load_content = true): array
|
||||
{
|
||||
if (!class_exists("OPNsense\\Core\\Config")) return [];
|
||||
if (!class_exists("OPNsense\\Core\\Config")) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$config = OPNsense\Core\Config::getInstance()->object();
|
||||
$client = $config->OPNsense->AcmeClient;
|
||||
|
@ -521,13 +530,15 @@ function findCertificates(array $certificate_ids_or_names, $load_content = true)
|
|||
$id = (string)$cert->id;
|
||||
$name = (string)$cert->name;
|
||||
|
||||
if (empty($certificate_ids_or_names)
|
||||
if (
|
||||
empty($certificate_ids_or_names)
|
||||
|| in_array($id, $certificate_ids_or_names)
|
||||
|| in_array($name, $certificate_ids_or_names)) {
|
||||
|
||||
|| in_array($name, $certificate_ids_or_names)
|
||||
) {
|
||||
if ($cert->enabled == 0) {
|
||||
if (!empty($certificate_ids_or_names))
|
||||
if (!empty($certificate_ids_or_names)) {
|
||||
Utils::log()->error("Certificate '{$name}' (id: $id) is disabled, skipping it.");
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
@ -547,8 +558,9 @@ function findCertificates(array $certificate_ids_or_names, $load_content = true)
|
|||
if ($load_content && ($certificates = exportCertificates($refids))) {
|
||||
foreach ($result as &$cert_info) {
|
||||
$id = $cert_info["content_id"];
|
||||
if (isset($certificates[$id]))
|
||||
if (isset($certificates[$id])) {
|
||||
$cert_info["content"] = $certificates[$id];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -584,7 +596,9 @@ function configPath(): string
|
|||
__DIR__
|
||||
];
|
||||
foreach ($paths as $path) {
|
||||
if (is_dir($path)) return $path . DIRECTORY_SEPARATOR . 'sftp-config';
|
||||
if (is_dir($path)) {
|
||||
return $path . DIRECTORY_SEPARATOR . 'sftp-config';
|
||||
}
|
||||
}
|
||||
die("Failed detecting config path");
|
||||
}
|
||||
|
@ -607,16 +621,18 @@ function main()
|
|||
if (isset($options["h"]) || isset($options["help"])) {
|
||||
help();
|
||||
} else {
|
||||
if (isset($options["log"]))
|
||||
if (isset($options["log"])) {
|
||||
Utils::log(true)->info("Logging to stdout enabled");
|
||||
}
|
||||
|
||||
$options = array_filter($options, function ($value) {
|
||||
return !is_string($value)
|
||||
|| (!empty($value = trim($value)) && $value !== "__default_value");
|
||||
});
|
||||
|
||||
if (isset($options["automation-id"]))
|
||||
if (isset($options["automation-id"])) {
|
||||
$options = array_merge(getOptionsById($options["automation-id"]), $options);
|
||||
}
|
||||
|
||||
if (is_callable($runner = $command["implementation"])) {
|
||||
$code = $runner($options);
|
||||
|
|
|
@ -32,8 +32,10 @@ function clamav_services()
|
|||
|
||||
$services = array();
|
||||
|
||||
if (isset($config['OPNsense']['clamav']['general']['enabled']) &&
|
||||
$config['OPNsense']['clamav']['general']['enabled'] == 1) {
|
||||
if (
|
||||
isset($config['OPNsense']['clamav']['general']['enabled']) &&
|
||||
$config['OPNsense']['clamav']['general']['enabled'] == 1
|
||||
) {
|
||||
$services[] = array(
|
||||
'description' => gettext('ClamAV Daemon'),
|
||||
'configd' => array(
|
||||
|
@ -46,8 +48,10 @@ function clamav_services()
|
|||
);
|
||||
}
|
||||
|
||||
if (isset($config['OPNsense']['clamav']['general']['fc_enabled']) &&
|
||||
$config['OPNsense']['clamav']['general']['fc_enabled'] == 1) {
|
||||
if (
|
||||
isset($config['OPNsense']['clamav']['general']['fc_enabled']) &&
|
||||
$config['OPNsense']['clamav']['general']['fc_enabled'] == 1
|
||||
) {
|
||||
$services[] = array(
|
||||
'description' => gettext('freshclam daemon'),
|
||||
'configd' => array(
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2019 Michael Muenz <m.muenz@gmail.com>
|
||||
*
|
||||
|
|
|
@ -51,7 +51,7 @@ function tinc_syslog()
|
|||
|
||||
foreach ($mdl->networks->network->iterateItems() as $network) {
|
||||
if ($network->enabled == '1') {
|
||||
$logfacilities['tinc']['facility'][] = 'tinc.'.$network->name;
|
||||
$logfacilities['tinc']['facility'][] = 'tinc.' . $network->name;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2016 Deciso B.V.
|
||||
*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2016 Deciso B.V.
|
||||
*
|
||||
|
@ -53,7 +54,7 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
$node = $this->getModel()->networks->network->Add();
|
||||
return array("network" => $node->getNodes());
|
||||
} else {
|
||||
$node = $this->getModel()->getNodeByReference('networks.network.'.$uuid);
|
||||
$node = $this->getModel()->getNodeByReference('networks.network.' . $uuid);
|
||||
if ($node != null) {
|
||||
// return node
|
||||
return array("network" => $node->getNodes());
|
||||
|
@ -71,7 +72,7 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
{
|
||||
if ($this->request->isPost() && $this->request->hasPost("network")) {
|
||||
if ($uuid != null) {
|
||||
$node = $this->getModel()->getNodeByReference('networks.network.'.$uuid);
|
||||
$node = $this->getModel()->getNodeByReference('networks.network.' . $uuid);
|
||||
} else {
|
||||
$node = $this->getModel()->networks->network->Add();
|
||||
}
|
||||
|
@ -85,7 +86,7 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
}
|
||||
return $this->validateAndSave($node, 'network');
|
||||
}
|
||||
return array("result"=>"failed");
|
||||
return array("result" => "failed");
|
||||
}
|
||||
|
||||
|
||||
|
@ -160,7 +161,7 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
$node = $this->getModel()->hosts->host->Add();
|
||||
return array("host" => $node->getNodes());
|
||||
} else {
|
||||
$node = $this->getModel()->getNodeByReference('hosts.host.'.$uuid);
|
||||
$node = $this->getModel()->getNodeByReference('hosts.host.' . $uuid);
|
||||
if ($node != null) {
|
||||
// return node
|
||||
return array("host" => $node->getNodes());
|
||||
|
@ -178,14 +179,14 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
{
|
||||
if ($this->request->isPost() && $this->request->hasPost("host")) {
|
||||
if ($uuid != null) {
|
||||
$node = $this->getModel()->getNodeByReference('hosts.host.'.$uuid);
|
||||
$node = $this->getModel()->getNodeByReference('hosts.host.' . $uuid);
|
||||
} else {
|
||||
$node = $this->getModel()->hosts->host->Add();
|
||||
}
|
||||
$node->setNodes($this->request->getPost("host"));
|
||||
return $this->validateAndSave($node, 'host');
|
||||
}
|
||||
return array("result"=>"failed");
|
||||
return array("result" => "failed");
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2016 Deciso B.V.
|
||||
*
|
||||
|
|
|
@ -44,7 +44,7 @@ class GeneralController extends ApiMutableModelControllerBase
|
|||
/* override default set action */
|
||||
public function setAction()
|
||||
{
|
||||
$result = array('result'=>'failed');
|
||||
$result = array('result' => 'failed');
|
||||
if ($this->request->isPost()) {
|
||||
$mdl = new General();
|
||||
$mdl->setNodes($this->request->getPost('general'));
|
||||
|
@ -55,7 +55,7 @@ class GeneralController extends ApiMutableModelControllerBase
|
|||
if (!array_key_exists('validations', $result)) {
|
||||
$result['validations'] = array();
|
||||
}
|
||||
$result['validations']['general.'.$msg->getField()] = $msg->getMessage();
|
||||
$result['validations']['general.' . $msg->getField()] = $msg->getMessage();
|
||||
}
|
||||
|
||||
if ($valMsgs->count() == 0) {
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Fabian Franz
|
||||
*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2015 - 2017 Deciso B.V.
|
||||
* Copyright (C) 2017 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
Copyright (C) 2017 Fabian Franz
|
||||
All rights reserved.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
namespace OPNsense\Tor;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
namespace OPNsense\Tor;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
namespace OPNsense\Tor;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
namespace OPNsense\Tor;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
namespace OPNsense\Tor;
|
||||
|
||||
use OPNsense\Base\BaseModel;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2018 David Harrigan
|
||||
* Copyright (C) 2017 Deciso B.V.
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2017 Fabian Franz
|
||||
*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
|
||||
*
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2017 Michael Muenz <m.muenz@gmail.com>
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
Copyright (C) 2017 Michael Muenz <m.muenz@gmail.com>
|
||||
All rights reserved.
|
||||
|
|
|
@ -70,7 +70,7 @@ class ServiceController extends ApiControllerBase
|
|||
|
||||
$backend = new Backend();
|
||||
|
||||
$output = $backend->configdpRun("smart", array("info", $type, "/dev/".$device));
|
||||
$output = $backend->configdpRun("smart", array("info", $type, "/dev/" . $device));
|
||||
|
||||
return array("output" => $output);
|
||||
}
|
||||
|
@ -96,7 +96,7 @@ class ServiceController extends ApiControllerBase
|
|||
|
||||
$backend = new Backend();
|
||||
|
||||
$output = $backend->configdpRun("smart", array("log", $type, "/dev/".$device));
|
||||
$output = $backend->configdpRun("smart", array("log", $type, "/dev/" . $device));
|
||||
|
||||
return array("output" => $output);
|
||||
}
|
||||
|
@ -122,7 +122,7 @@ class ServiceController extends ApiControllerBase
|
|||
|
||||
$backend = new Backend();
|
||||
|
||||
$output = $backend->configdpRun("smart", array("test", $type, "/dev/".$device));
|
||||
$output = $backend->configdpRun("smart", array("test", $type, "/dev/" . $device));
|
||||
|
||||
return array("output" => $output);
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ class ServiceController extends ApiControllerBase
|
|||
|
||||
$backend = new Backend();
|
||||
|
||||
$output = $backend->configdpRun("smart", array("abort", "/dev/".$device));
|
||||
$output = $backend->configdpRun("smart", array("abort", "/dev/" . $device));
|
||||
|
||||
return array("output" => $output);
|
||||
}
|
||||
|
|
|
@ -32,8 +32,10 @@ function cicap_services()
|
|||
|
||||
$services = array();
|
||||
|
||||
if (isset($config['OPNsense']['cicap']['general']['enabled']) &&
|
||||
$config['OPNsense']['cicap']['general']['enabled'] == 1) {
|
||||
if (
|
||||
isset($config['OPNsense']['cicap']['general']['enabled']) &&
|
||||
$config['OPNsense']['cicap']['general']['enabled'] == 1
|
||||
) {
|
||||
$services[] = array(
|
||||
'description' => gettext('C-ICAP server'),
|
||||
'configd' => array(
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
@ -180,7 +181,7 @@ class LogsController extends ApiControllerBase
|
|||
*/
|
||||
private function vhost_exists($uuid)
|
||||
{
|
||||
$data = $this->nginx->getNodeByReference('http_server.'. $uuid);
|
||||
$data = $this->nginx->getNodeByReference('http_server.' . $uuid);
|
||||
return isset($data);
|
||||
}
|
||||
|
||||
|
@ -190,7 +191,7 @@ class LogsController extends ApiControllerBase
|
|||
*/
|
||||
private function stream_exists($uuid)
|
||||
{
|
||||
$data = $this->nginx->getNodeByReference('stream_server.'. $uuid);
|
||||
$data = $this->nginx->getNodeByReference('stream_server.' . $uuid);
|
||||
return isset($data);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
|
||||
Copyright (C) 2018 Fabian Franz
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
Copyright (C) 2017 Fabian Franz
|
||||
All rights reserved.
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#!/usr/local/bin/php
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Copyright (C) 2018 Fabian Franz
|
||||
*
|
||||
|
@ -28,7 +29,6 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
require_once('config.inc');
|
||||
use OPNsense\Core\Config;
|
||||
use OPNsense\Nginx\Nginx;
|
||||
|
|
|
@ -38,7 +38,7 @@ $server_uuid = $_SERVER['SERVER-UUID'];
|
|||
|
||||
function password_auth_test($username, $password, $auth_server)
|
||||
{
|
||||
$authFactory = new OPNsense\Auth\AuthenticationFactory;
|
||||
$authFactory = new OPNsense\Auth\AuthenticationFactory();
|
||||
$authenticator = $authFactory->get($auth_server);
|
||||
return $authenticator->authenticate($username, $password);
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ if ($server == 'global') {
|
|||
switch ($mode) {
|
||||
case 'error':
|
||||
case 'access':
|
||||
if ($data = $nginx->getNodeByReference('http_server.'. $server)) {
|
||||
if ($data = $nginx->getNodeByReference('http_server.' . $server)) {
|
||||
$server_names = (string)$data->servername;
|
||||
if (empty($server_names)) {
|
||||
die('{"error": "The server entry has no server name"}');
|
||||
|
@ -91,7 +91,7 @@ switch ($mode) {
|
|||
break;
|
||||
case 'streamerror':
|
||||
case 'streamaccess':
|
||||
if ($data = $nginx->getNodeByReference('stream_server.'. $server)) {
|
||||
if ($data = $nginx->getNodeByReference('stream_server.' . $server)) {
|
||||
$lines = [];
|
||||
$mode = str_replace('stream', '', $mode);
|
||||
$log_file_name = $log_prefix . 'stream_' . $server . '.' . $mode . $log_suffix;
|
||||
|
|
|
@ -92,7 +92,7 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
|
|||
if ($this->request->isPost()) {
|
||||
$backend = new Backend();
|
||||
$cnf = Config::getInstance()->object();
|
||||
$fqdn = $cnf->system->hostname .'.'.$cnf->system->domain;
|
||||
$fqdn = $cnf->system->hostname . '.' . $cnf->system->domain;
|
||||
$username = escapeshellarg($this->request->getPost("login"));
|
||||
$pass = escapeshellarg($this->request->getPost("password"));
|
||||
|
||||
|
@ -111,7 +111,7 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
|
|||
{
|
||||
$backend = new Backend();
|
||||
$cnf = Config::getInstance()->object();
|
||||
$hostname = $cnf->system->hostname .'.'.$cnf->system->domain;
|
||||
$hostname = $cnf->system->hostname . '.' . $cnf->system->domain;
|
||||
|
||||
// LDAP
|
||||
$methods = explode(',', $cnf->OPNsense->proxy->forward->authentication->method);
|
||||
|
|
|
@ -306,11 +306,13 @@ class SettingsController extends ApiMutableModelControllerBase
|
|||
$ldapBindURL .= strpos($server['host'], "::") !== false ? "[{$server['host']}]" : $server['host'];
|
||||
$ldapBindURL .= !empty($server['ldap_port']) ? ":{$server['ldap_port']}" : "";
|
||||
$ldap_auth_server = $authFactory->get($server["name"]);
|
||||
if ($ldap_auth_server->connect(
|
||||
$ldapBindURL,
|
||||
$server["ldap_binddn"],
|
||||
$server["ldap_bindpw"]
|
||||
) == false) {
|
||||
if (
|
||||
$ldap_auth_server->connect(
|
||||
$ldapBindURL,
|
||||
$server["ldap_binddn"],
|
||||
$server["ldap_bindpw"]
|
||||
) == false
|
||||
) {
|
||||
return gettext("Error connecting to LDAP server");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue