- Added API call to remove existing system DNS servers

- Updated README.md and prepped for merge to master

Author: jaredhendrickson13

README.md

@@ -17,7 +17,7 @@ _Note: if you do not have shell access to pfSense, you can still install via the
 - While not an enforced requirement, it is STRONGLY recommended that you configure pfSense to use HTTPS instead of HTTP. This ensures that login credentials and/or API tokens remain secure in-transit
 
 # Authentication
-By default, pfSense API uses the same credentials as the webConfigurator. Alternatively, you can configure pfSense API to create secure API client IDs and tokens for API users. To generate, or delete API keys you can navigate to `System > API` in the UI after installation, and change the authentication mode to `API Token`.
+By default, pfSense API uses the same credentials as the webConfigurator. This behavior allows you to configure pfSense from the API out of the box, and user passwords may be changed from the API to immediately add additional security if needed. Alternatively, you can configure pfSense API to create secure API client IDs and tokens for API users. To generate, or delete API keys you can navigate to `System > API` in the UI after installation, and change the authentication mode to `API Token`.
 
 # Response Codes
 `200 (OK)` : API call succeeded<br>
@@ -27,5 +27,8 @@ By default, pfSense API uses the same credentials as the webConfigurator. Altern
 `404 (Not found)` : Either the API endpoint or requested data was not found<br>
 `500 (Server error)` : The API endpoint encountered an unexpected error processing your API request<br>
 
+# Error Codes
+A full list of error codes can be found by navigating to /api/v1/system/api/errors/ after installation. This will return JSON data containing each error code and their corresponding error message. No authentication is required to view the error code library. This also makes API integration with third-party software easy as the API error codes and messages are always just an HTTP call away!
+
 # Rate limit
-There is no limit to API calls at this time
+There is no limit to API calls at this time

pfSense-pkg-API/Makefile

@@ -143,6 +143,12 @@ do-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/modify
 	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/dns/modify/index.php \
 		${STAGEDIR}${PREFIX}/www/api/v1/system/dns/modify
+	# DNS delete servers
+	${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete
+	# DNS delete servers
+	${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete/servers
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/dns/delete/servers/index.php \
+		${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete/servers
 	# Certificates base
 	${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/certificates
 	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/certificates/index.php \

pfSense-pkg-API/files/etc/inc/apicalls.inc

@@ -2275,6 +2275,64 @@ function api_system_dns_modify() {
     }
 }
 
+function api_system_dns_delete_servers() {
+    # VARIABLES
+    global $err_lib, $config, $api_resp, $client_params, $client_id;
+    $read_only_action = false;    // Set whether this action requires read only access
+    $req_privs = array("page-all", "page-system");    // Array of privs allowed
+    $http_method = $_SERVER['REQUEST_METHOD'];    // Save our HTTP method
+    $del_ent = [];
+    # RUN TIME
+    // Check that client is authenticated and authorized
+    if (api_authorized($req_privs, $read_only_action)) {
+        // Check that our HTTP method is POST (UPDATE)
+        if ($http_method === 'POST') {
+            if (isset($client_params['dnsserver'])) {
+                $del_server = $client_params['dnsserver'];
+                $curr_servers = $config["system"]["dnsserver"];
+                $del_server = (!is_array($del_server)) ? array($del_server) : $del_server;
+                foreach ($del_server as $ds) {
+                    // Ensure our config is array
+                    if (!is_array($curr_servers)) {
+                        $curr_servers = array($config["system"]["dnsserver"]);
+                    }
+                    // Loop through each server and check for matches, delete on match
+                    foreach ($curr_servers as $id => $cs) {
+                        if ($ds === $cs) {
+                            $del_ent[] = $ds;
+                            unset($config["system"]["dnsserver"][$id]);
+                        }
+                    }
+                }
+            }
+            // Write our new hostname
+            $_SESSION["Username"] = $client_id;    // Save our CLIENT ID to session data for logging
+            $change_note = " Deleted system DNS servers via API";    // Add a change note
+            write_config(sprintf(gettext($change_note)));    // Apply our configuration change
+            // Update a slew of backend services
+            system_resolvconf_generate();
+            if (isset($config['dnsmasq']['enable'])) {
+                services_dnsmasq_configure();
+            } elseif (isset($config['unbound']['enable'])) {
+                services_unbound_configure();
+            }
+            send_event("service reload dns");
+            filter_configure();
+            // Print our JSON response
+            $api_resp = array("status" => "ok", "code" => 200, "return" => 0);
+            $api_resp["message"] = "Successfully deleted system DNS servers";
+            $api_resp["data"] = $del_ent;
+            return $api_resp;
+        } else {
+            $api_resp = array("status" => "bad request", "code" => 400, "return" => 2);
+            $api_resp["message"] = $err_lib[$api_resp["return"]];
+            return $api_resp;
+        }
+    } else {
+        return $api_resp;
+    }
+}
+
 function api_system_hostname_modify() {
     # VARIABLES
     global $err_lib, $config, $api_resp, $client_params, $client_id;

pfSense-pkg-API/files/etc/inc/apiresp.inc

@@ -20,7 +20,8 @@ function api_error_lib() {
         1004 => "Invalid system certificate key",
         1005 => "System certificate in use",
         1006 => "ARP IP required",
-        1007 => "Invalid system DNS IP address",
+        1007 => "Invalid system DNS server IP address",
+        1008 => "System DNS server IP address required",
         // 2000-2999 reserved for /services API calls
         2000 => "Invalid sshd enable value",
         2001 => "Invalid sshd key only mode",

pfSense-pkg-API/files/usr/local/www/api/v1/system/dns/delete/servers/index.php

@@ -0,0 +1,10 @@
+<?php
+# Copyright 2020 - Jared Hendrickson
+# IMPORTS
+require_once("apicalls.inc");
+
+# RUN API CALL
+$resp = api_system_dns_delete_servers();
+http_response_code($resp["code"]);
+echo json_encode($resp) . PHP_EOL;
+exit();

pfSense-pkg-API/pkg-plist

@@ -64,8 +64,11 @@
 
 @dir /usr/local/www/api/v1/system/dns
 @dir /usr/local/www/api/v1/system/dns/modify
+@dir /usr/local/www/api/v1/system/dns/delete
+@dir /usr/local/www/api/v1/system/dns/delete/servers
 /usr/local/www/api/v1/system/dns/index.php
 /usr/local/www/api/v1/system/dns/modify/index.php
+/usr/local/www/api/v1/system/dns/delete/servers/index.php
 
 @dir /usr/local/www/api/v1/system/certificates
 @dir /usr/local/www/api/v1/system/certificates/add