From aff94b55a366f70dff854f214d4e43b1b376aac9 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 22 Mar 2017 08:17:27 +0100 Subject: [PATCH] openvpn: naming and call conventions, pull more internal code into plugin Looking at openvpn_configure_server() and openvpn_configure_client() it becomes a bit clearer why they take a config.xml subset: it's beause the write_config() ordering was flipped. We could probably now pass an ID and let the code figure out if it is a client or server... --- src/etc/inc/interfaces.inc | 23 +--- src/etc/inc/plugins.inc.d/openvpn.inc | 127 +++++++++++++------ src/etc/inc/plugins.inc.d/openvpn/wizard.inc | 4 +- src/etc/inc/xmlrpc/legacy.inc | 1 - src/etc/rc.bootup | 2 +- src/etc/rc.newwanip | 9 +- src/etc/rc.newwanipv6 | 17 +-- src/www/system_gateway_groups.php | 2 +- src/www/vpn_openvpn_client.php | 5 +- src/www/vpn_openvpn_csc.php | 4 +- src/www/vpn_openvpn_server.php | 7 +- 11 files changed, 112 insertions(+), 89 deletions(-) diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 0c9580214..59b9b5e65 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -2486,26 +2486,9 @@ function interface_virtual_create($interface) interfaces_gre_configure(0, $interface); } elseif (substr($interface, 0, 3) == "gif") { interfaces_gif_configure(0, $interface); - } elseif (substr($interface, 0, 5) == "ovpns") { - if (isset($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as $server) { - if ($interface == "ovpns{$server['vpnid']}") { - log_error("OpenVPN: Resync server {$server['description']}"); - openvpn_resync('server', $server); - } - } - unset($server); - } - } elseif (substr($interface, 0, 5) == "ovpnc") { - if (isset($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as $client) { - if ($interface == "ovpnc{$client['vpnid']}") { - log_error("OpenVPN: Resync server {$client['description']}"); - openvpn_resync('client', $client); - } - } - unset($client); - } + } elseif (substr($interface, 0, 4) == "ovpn") { + /* XXX this looks like a plugin spot... */ + openvpn_configure_interface($interface); } elseif (substr($interface, 0, 4) == "lagg") { interfaces_lagg_configure($interface); } elseif (substr($interface, 0, 6) == "bridge") { diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc index e7d2a1cc5..0c68190f6 100644 --- a/src/etc/inc/plugins.inc.d/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -30,6 +30,14 @@ POSSIBILITY OF SUCH DAMAGE. */ +function openvpn_configure() +{ + return array( + 'interface' => array('openvpn_configure_do:2'), + 'remote' => array('openvpn_configure_do'), + ); +} + function openvpn_syslog() { $logfacilities = array(); @@ -995,14 +1003,13 @@ function openvpn_delete($mode, & $settings) @array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*")); } - /** * generate config (text) data for a single client specific override * @param array $settings csc item * @param array $server openvpn server item * @return string */ -function openvpn_resync_csc_conf($settings, $server) +function openvpn_csc_conf($settings, $server) { $conf = ''; if (!empty($settings['block'])) { @@ -1065,7 +1072,7 @@ function openvpn_resync_csc_conf($settings, $server) /** * resync all client specific overrides */ -function openvpn_resync_csc() +function openvpn_configure_csc() { global $config; $generated_cscs = array(); @@ -1087,7 +1094,7 @@ function openvpn_resync_csc() if (!isset($generated_cscs[$server['vpnid']])) { $generated_cscs[$vpnid] = array(); } - $conf = openvpn_resync_csc_conf($settings, $server); + $conf = openvpn_csc_conf($settings, $server); $target_filename = "/var/etc/openvpn-csc/".$vpnid."/".$settings['common_name']; file_put_contents($target_filename, $conf); chown($target_filename, 'nobody'); @@ -1136,13 +1143,46 @@ function openvpn_prepare_all($verbose = false) } } -function openvpn_resync($mode, $settings) +function openvpn_configure_interface($interface) { - openvpn_reconfigure($mode, $settings); - openvpn_restart($mode, $settings); + global $config; + + if (substr($interface, 0, 5) == 'ovpns') { + if (isset($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $server) { + if ($interface == "ovpns{$server['vpnid']}") { + log_error("OpenVPN: Resync server {$server['description']}"); + openvpn_configure_server($server); + } + } + unset($server); + } + } elseif (substr($interface, 0, 5) == 'ovpnc') { + if (isset($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as $client) { + if ($interface == "ovpnc{$client['vpnid']}") { + log_error("OpenVPN: Resync server {$client['description']}"); + openvpn_configure_client($client); + } + } + unset($client); + } + } } -function openvpn_resync_all($interface = null, $verbose = false) +function openvpn_configure_client($settings) +{ + openvpn_reconfigure('client', $settings); + openvpn_restart('client', $settings); +} + +function openvpn_configure_server($settings) +{ + openvpn_reconfigure('server', $settings); + openvpn_restart('server', $settings); +} + +function openvpn_configure_do($verbose = false, $interface = '') { global $config; @@ -1152,12 +1192,11 @@ function openvpn_resync_all($interface = null, $verbose = false) return; } - if ($verbose) { - echo 'Syncing OpenVPN settings...'; - flush(); - } - if (!empty($interface)) { + $interface_real = get_real_interface($interface); + if (substr($interface_real, 0, 4) == 'ovpn') { + return; + } log_error(sprintf( 'Resyncing OpenVPN instances for interface %s.', convert_friendly_interface_to_friendly_descr($interface) @@ -1166,17 +1205,23 @@ function openvpn_resync_all($interface = null, $verbose = false) log_error('Resyncing OpenVPN instances.'); } + if ($verbose) { + echo 'Syncing OpenVPN settings...'; + flush(); + } + foreach (array('server', 'client') as $mode) { if (isset($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as &$settings) { if (empty($interface) || $interface == $settings['interface']) { - openvpn_resync($mode, $settings); + openvpn_reconfigure($mode, $settings); + openvpn_restart($mode, $settings); } } } } - openvpn_resync_csc(); + openvpn_configure_csc(); if ($verbose) { echo "done.\n"; @@ -1532,31 +1577,36 @@ function openvpn_get_remote_access_servers() } // Resync and restart all VPNs using a gateway group. -function openvpn_resync_gwgroup($gwgroupname = "") { +function openvpn_configure_gwgroup($gwgroupname = '') +{ global $config; - if (!empty($gwgroupname)) { - if (isset($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { - if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); - openvpn_resync('server', $settings); - } - } - } - - if (isset($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { - if ($gwgroupname == $settings['interface']) { - log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); - openvpn_resync('client', $settings); - } - } - } - // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. - } else { - log_error("openvpn_resync_gwgroup called with null gwgroup parameter."); + if (empty($gwgroupname)) { + log_error("openvpn_configure_gwgroup() called without gwgroup parameter."); + return; } + + if (isset($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " server " . $settings["description"] . "."); + openvpn_reconfigure('server', $settings); + openvpn_restart('server', $settings); + } + } + } + + if (isset($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as & $settings) { + if ($gwgroupname == $settings['interface']) { + log_error("Resyncing OpenVPN for gateway group " . $gwgroupname . " client " . $settings["description"] . "."); + openvpn_reconfigure('client', $settings); + openvpn_restart('client', $settings); + } + } + } + + // Note: no need to resysnc Client Specific (csc) here, as changes to the OpenVPN real interface do not effect these. } function openvpn_refresh_crls() @@ -1614,7 +1664,8 @@ function openvpn_resync_if_needed($mode, $ovpn_settings, $interface) } if ($resync_needed == true) { log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); - openvpn_resync($mode, $ovpn_settings); + openvpn_reconfigure($mode, $ovpn_settings); + openvpn_restart($mode, $ovpn_settings); } } diff --git a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc index 230fb154c..1725ef823 100644 --- a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc +++ b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc @@ -731,9 +731,11 @@ function step12_submitphpaction() $config['openvpn']['openvpn-server'][] = $server; - openvpn_resync('server', $server); write_config(); + openvpn_configure_server($server); + openvpn_configure_csc(); + header(url_safe('Location: /vpn_openvpn_server.php')); exit; } diff --git a/src/etc/inc/xmlrpc/legacy.inc b/src/etc/inc/xmlrpc/legacy.inc index 40e6ad54b..2234799de 100644 --- a/src/etc/inc/xmlrpc/legacy.inc +++ b/src/etc/inc/xmlrpc/legacy.inc @@ -137,7 +137,6 @@ function filter_configure_xmlrpc() local_sync_accounts(); plugins_configure('dns'); services_dhcpd_configure(); - openvpn_resync_all(); plugins_configure('remote'); return true; diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index d9bbcb862..89af4a494 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -93,7 +93,7 @@ system_syslogd_start(true); openvpn_prepare_all(true); interfaces_configure(true); -openvpn_resync_all(null, true); +openvpn_configure_do(true); system_resolvconf_generate(true); filter_configure_sync(true); diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip index a017d8f23..0094e0dd8 100755 --- a/src/etc/rc.newwanip +++ b/src/etc/rc.newwanip @@ -181,16 +181,11 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface @file_put_contents("/var/db/{$interface}_cacheip", $curwanip); } - /* start OpenVPN server & clients */ - if (substr($interface_real, 0, 4) != "ovpn") { - openvpn_resync_all($interface); - } + /* reload plugins */ + plugins_configure('interface', false, array($interface)); /* reload graphing functions */ enable_rrd_graphing(); - - /* reload plugins */ - plugins_configure('interface', false, array($interface)); } /* reload filter, don't try to sync to carp slave */ diff --git a/src/etc/rc.newwanipv6 b/src/etc/rc.newwanipv6 index 1849facde..48b8e59dd 100755 --- a/src/etc/rc.newwanipv6 +++ b/src/etc/rc.newwanipv6 @@ -121,13 +121,9 @@ if (is_ipaddrv6($oldipv6)) { if ($curwanipv6 == $oldipv6) { // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. if (in_array($config['interfaces'][$interface]['ipaddrv6'], array('pppoe', 'pptp', 'ppp'))) { - /* XXX WHY IN GODS NAME IS THIS CALLED TWICE AND CUT SHORT?? */ + /* XXX migrate this: we should unify the reload */ ipsec_configure_do(false, $inteface); - - /* start OpenVPN server & clients */ - if (substr($interface_real, 0, 4) != "ovpn") { - openvpn_resync_all($interface); - } + openvpn_configure_do(false, $interface); } return; } elseif (does_interface_exist($interface_real)) { @@ -137,13 +133,8 @@ if (is_ipaddrv6($oldipv6)) { file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6); } -/* start OpenVPN server & clients */ -if (substr($interface_real, 0, 4) != 'ovpn') { - openvpn_resync_all($interface); -} +/* reload plugins */ +plugins_configure('interface', false, array($interface)); /* reload graphing functions */ enable_rrd_graphing(); - -/* reload plugins */ -plugins_configure('interface', false, array($interface)); diff --git a/src/www/system_gateway_groups.php b/src/www/system_gateway_groups.php index 27283929b..f7426ebaa 100644 --- a/src/www/system_gateway_groups.php +++ b/src/www/system_gateway_groups.php @@ -72,7 +72,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { foreach ($a_gateway_groups as $gateway_group) { $gw_subsystem = 'gwgroup.' . $gateway_group['name']; if (is_subsystem_dirty($gw_subsystem)) { - openvpn_resync_gwgroup($gateway_group['name']); + openvpn_configure_gwgroup($gateway_group['name']); clear_subsystem_dirty($gw_subsystem); } } diff --git a/src/www/vpn_openvpn_client.php b/src/www/vpn_openvpn_client.php index 9adb17183..78447a89c 100644 --- a/src/www/vpn_openvpn_client.php +++ b/src/www/vpn_openvpn_client.php @@ -167,8 +167,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } else { $a_client[$id]['disable'] = true; } - openvpn_resync('client', $a_client[$id]); write_config(); + openvpn_configure_client($a_client[$id]); } header(url_safe('Location: /vpn_openvpn_client.php')); exit; @@ -335,9 +335,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $a_client[] = $client; } - openvpn_resync('client', $client); write_config(); + openvpn_configure_client($client); + header(url_safe('Location: /vpn_openvpn_client.php')); exit; } diff --git a/src/www/vpn_openvpn_csc.php b/src/www/vpn_openvpn_csc.php index bb05442d0..df92c081b 100644 --- a/src/www/vpn_openvpn_csc.php +++ b/src/www/vpn_openvpn_csc.php @@ -121,7 +121,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $a_csc[$id]['disable'] = true; } write_config(); - openvpn_resync_csc(); + openvpn_configure_csc(); } header(url_safe('Location: /vpn_openvpn_csc.php')); exit; @@ -222,7 +222,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { @unlink('/var/etc/openvpn-csc/' . basename($old_csc_cn)); } write_config(); - openvpn_resync_csc(); + openvpn_configure_csc(); header(url_safe('Location: /vpn_openvpn_csc.php')); exit; diff --git a/src/www/vpn_openvpn_server.php b/src/www/vpn_openvpn_server.php index 8ef156ffd..724b9531d 100644 --- a/src/www/vpn_openvpn_server.php +++ b/src/www/vpn_openvpn_server.php @@ -149,8 +149,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } else { $a_server[$id]['disable'] = true; } - openvpn_resync('server', $a_server[$id]); write_config(); + openvpn_configure_server($a_server[$id]); } header(url_safe('Location: /vpn_openvpn_server.php')); exit; @@ -401,9 +401,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $a_server[] = $server; } - openvpn_resync('server', $server); write_config(); - openvpn_resync_csc(); // dump client specific overrides, the required set may have changed + + openvpn_configure_server($server); + openvpn_configure_csc(); header(url_safe('Location: /vpn_openvpn_server.php')); exit;