Skip to content

Commit 84554e1

Browse files
- Added API call to remove existing system DNS servers
- Updated README.md and prepped for merge to master
1 parent d8c8e10 commit 84554e1

File tree

6 files changed

+84
-3
lines changed

6 files changed

+84
-3
lines changed

README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ _Note: if you do not have shell access to pfSense, you can still install via the
1717
- While not an enforced requirement, it is STRONGLY recommended that you configure pfSense to use HTTPS instead of HTTP. This ensures that login credentials and/or API tokens remain secure in-transit
1818

1919
# Authentication
20-
By default, pfSense API uses the same credentials as the webConfigurator. Alternatively, you can configure pfSense API to create secure API client IDs and tokens for API users. To generate, or delete API keys you can navigate to `System > API` in the UI after installation, and change the authentication mode to `API Token`.
20+
By default, pfSense API uses the same credentials as the webConfigurator. This behavior allows you to configure pfSense from the API out of the box, and user passwords may be changed from the API to immediately add additional security if needed. Alternatively, you can configure pfSense API to create secure API client IDs and tokens for API users. To generate, or delete API keys you can navigate to `System > API` in the UI after installation, and change the authentication mode to `API Token`.
2121

2222
# Response Codes
2323
`200 (OK)` : API call succeeded<br>
@@ -27,5 +27,8 @@ By default, pfSense API uses the same credentials as the webConfigurator. Altern
2727
`404 (Not found)` : Either the API endpoint or requested data was not found<br>
2828
`500 (Server error)` : The API endpoint encountered an unexpected error processing your API request<br>
2929

30+
# Error Codes
31+
A full list of error codes can be found by navigating to /api/v1/system/api/errors/ after installation. This will return JSON data containing each error code and their corresponding error message. No authentication is required to view the error code library. This also makes API integration with third-party software easy as the API error codes and messages are always just an HTTP call away!
32+
3033
# Rate limit
31-
There is no limit to API calls at this time
34+
There is no limit to API calls at this time

pfSense-pkg-API/Makefile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,12 @@ do-install:
143143
${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/modify
144144
${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/dns/modify/index.php \
145145
${STAGEDIR}${PREFIX}/www/api/v1/system/dns/modify
146+
# DNS delete servers
147+
${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete
148+
# DNS delete servers
149+
${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete/servers
150+
${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/dns/delete/servers/index.php \
151+
${STAGEDIR}${PREFIX}/www/api/v1/system/dns/delete/servers
146152
# Certificates base
147153
${MKDIR} ${STAGEDIR}${PREFIX}/www/api/v1/system/certificates
148154
${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/api/v1/system/certificates/index.php \

pfSense-pkg-API/files/etc/inc/apicalls.inc

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2275,6 +2275,64 @@ function api_system_dns_modify() {
22752275
}
22762276
}
22772277

2278+
function api_system_dns_delete_servers() {
2279+
# VARIABLES
2280+
global $err_lib, $config, $api_resp, $client_params, $client_id;
2281+
$read_only_action = false; // Set whether this action requires read only access
2282+
$req_privs = array("page-all", "page-system"); // Array of privs allowed
2283+
$http_method = $_SERVER['REQUEST_METHOD']; // Save our HTTP method
2284+
$del_ent = [];
2285+
# RUN TIME
2286+
// Check that client is authenticated and authorized
2287+
if (api_authorized($req_privs, $read_only_action)) {
2288+
// Check that our HTTP method is POST (UPDATE)
2289+
if ($http_method === 'POST') {
2290+
if (isset($client_params['dnsserver'])) {
2291+
$del_server = $client_params['dnsserver'];
2292+
$curr_servers = $config["system"]["dnsserver"];
2293+
$del_server = (!is_array($del_server)) ? array($del_server) : $del_server;
2294+
foreach ($del_server as $ds) {
2295+
// Ensure our config is array
2296+
if (!is_array($curr_servers)) {
2297+
$curr_servers = array($config["system"]["dnsserver"]);
2298+
}
2299+
// Loop through each server and check for matches, delete on match
2300+
foreach ($curr_servers as $id => $cs) {
2301+
if ($ds === $cs) {
2302+
$del_ent[] = $ds;
2303+
unset($config["system"]["dnsserver"][$id]);
2304+
}
2305+
}
2306+
}
2307+
}
2308+
// Write our new hostname
2309+
$_SESSION["Username"] = $client_id; // Save our CLIENT ID to session data for logging
2310+
$change_note = " Deleted system DNS servers via API"; // Add a change note
2311+
write_config(sprintf(gettext($change_note))); // Apply our configuration change
2312+
// Update a slew of backend services
2313+
system_resolvconf_generate();
2314+
if (isset($config['dnsmasq']['enable'])) {
2315+
services_dnsmasq_configure();
2316+
} elseif (isset($config['unbound']['enable'])) {
2317+
services_unbound_configure();
2318+
}
2319+
send_event("service reload dns");
2320+
filter_configure();
2321+
// Print our JSON response
2322+
$api_resp = array("status" => "ok", "code" => 200, "return" => 0);
2323+
$api_resp["message"] = "Successfully deleted system DNS servers";
2324+
$api_resp["data"] = $del_ent;
2325+
return $api_resp;
2326+
} else {
2327+
$api_resp = array("status" => "bad request", "code" => 400, "return" => 2);
2328+
$api_resp["message"] = $err_lib[$api_resp["return"]];
2329+
return $api_resp;
2330+
}
2331+
} else {
2332+
return $api_resp;
2333+
}
2334+
}
2335+
22782336
function api_system_hostname_modify() {
22792337
# VARIABLES
22802338
global $err_lib, $config, $api_resp, $client_params, $client_id;

pfSense-pkg-API/files/etc/inc/apiresp.inc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@ function api_error_lib() {
2020
1004 => "Invalid system certificate key",
2121
1005 => "System certificate in use",
2222
1006 => "ARP IP required",
23-
1007 => "Invalid system DNS IP address",
23+
1007 => "Invalid system DNS server IP address",
24+
1008 => "System DNS server IP address required",
2425
// 2000-2999 reserved for /services API calls
2526
2000 => "Invalid sshd enable value",
2627
2001 => "Invalid sshd key only mode",
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
<?php
2+
# Copyright 2020 - Jared Hendrickson
3+
# IMPORTS
4+
require_once("apicalls.inc");
5+
6+
# RUN API CALL
7+
$resp = api_system_dns_delete_servers();
8+
http_response_code($resp["code"]);
9+
echo json_encode($resp) . PHP_EOL;
10+
exit();

pfSense-pkg-API/pkg-plist

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,11 @@
6464

6565
@dir /usr/local/www/api/v1/system/dns
6666
@dir /usr/local/www/api/v1/system/dns/modify
67+
@dir /usr/local/www/api/v1/system/dns/delete
68+
@dir /usr/local/www/api/v1/system/dns/delete/servers
6769
/usr/local/www/api/v1/system/dns/index.php
6870
/usr/local/www/api/v1/system/dns/modify/index.php
71+
/usr/local/www/api/v1/system/dns/delete/servers/index.php
6972

7073
@dir /usr/local/www/api/v1/system/certificates
7174
@dir /usr/local/www/api/v1/system/certificates/add

0 commit comments

Comments
 (0)