Merge pull request #92 from jaredhendrickson13/v116_fixes

v1.1.6 Fixes & Features

Author: jaredhendrickson13

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATPortForwardCreate.inc

@@ -79,10 +79,8 @@ class APIFirewallNATPortForwardCreate extends APIModel {
     private function __validate_target() {
         # Require client to pass in an internal target for the port forward
         if (isset($this->initial_data['target'])) {
-            # Require the target to either be a valid IPv4 or IPv6 address
-            if (is_ipaddrv4($this->initial_data['target'])) {
-                $this->validated_data["target"] = $this->initial_data['target'];
-            } elseif (alias_in_use($this->initial_data['target'])) {
+            # Require the target to either be a valid IPv4 or alias
+            if (in_array(is_ipaddroralias($this->initial_data['target']), [4, true])) {
                 $this->validated_data["target"] = $this->initial_data['target'];
             } else {
                 $this->errors[] = APIResponse\get(4009);
@@ -98,7 +96,7 @@ class APIFirewallNATPortForwardCreate extends APIModel {
             # Require client to pass in a local port to forward to the target
             if (isset($this->initial_data['local-port'])) {
                 # Require the port to be a valid TCP/UDP port or range
-                if (is_port_or_range(strval($this->initial_data['local-port']))) {
+                if (is_port_or_range_or_alias(strval($this->initial_data['local-port']))) {
                     $this->validated_data["local-port"] = $this->initial_data['local-port'];
                 } else {
                     $this->errors[] = APIResponse\get(4010);
@@ -142,7 +140,7 @@ class APIFirewallNATPortForwardCreate extends APIModel {
         if ($this->port_required) {
             $this->initial_data['srcport'] = str_replace("-", ":", $this->initial_data['srcport']);
             # Require port to be a valid port or range, or be any
-            if (!is_port_or_range($this->initial_data['srcport']) and $this->initial_data['srcport'] !== "any") {
+            if (!is_port_or_range_or_alias($this->initial_data['srcport']) and $this->initial_data['srcport'] !== "any") {
                     $this->errors[] = APIResponse\get(4013);
             }
             # If our value is not any, replace the port range character with a - and save the value
@@ -157,7 +155,7 @@ class APIFirewallNATPortForwardCreate extends APIModel {
         if ($this->port_required) {
             $this->initial_data['dstport'] = str_replace("-", ":", $this->initial_data['dstport']);
             # Require port to be a valid port or range, or be any
-            if (!is_port_or_range($this->initial_data['dstport']) and $this->initial_data['dstport'] !== "any") {
+            if (!is_port_or_range_or_alias($this->initial_data['dstport']) and $this->initial_data['dstport'] !== "any") {
                 $this->errors[] = APIResponse\get(4014);
             }
             # If our value is not any, replace the port range character with a - and save the value

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATPortForwardUpdate.inc

@@ -101,10 +101,8 @@ class APIFirewallNATPortForwardUpdate extends APIModel {
     private function __validate_target() {
         # Optionally allow client to update internal target for the port forward
         if (isset($this->initial_data['target'])) {
-            # Require the target to either be a valid IPv4 or IPv6 address
-            if (is_ipaddrv4($this->initial_data['target'])) {
-                $this->validated_data["target"] = $this->initial_data['target'];
-            } elseif (alias_in_use($this->initial_data['target'])) {
+            # Require the target to either be a valid IPv4 or alias
+            if (in_array(is_ipaddroralias($this->initial_data['target']), [4, true])) {
                 $this->validated_data["target"] = $this->initial_data['target'];
             } else {
                 $this->errors[] = APIResponse\get(4009);
@@ -118,7 +116,7 @@ class APIFirewallNATPortForwardUpdate extends APIModel {
             # Require client to pass in a local port to forward to the target
             if (isset($this->initial_data['local-port'])) {
                 # Require the port to be a valid TCP/UDP port or range
-                if (is_port_or_range(strval($this->initial_data['local-port']))) {
+                if (is_port_or_range_or_alias(strval($this->initial_data['local-port']))) {
                     $this->validated_data["local-port"] = $this->initial_data['local-port'];
                 } else {
                     $this->errors[] = APIResponse\get(4010);
@@ -173,7 +171,7 @@ class APIFirewallNATPortForwardUpdate extends APIModel {
         if ($this->port_required or (isset($this->initial_data['srcport']) and $this->port_protocol)) {
             $this->initial_data['srcport'] = str_replace("-", ":", $this->initial_data['srcport']);
             # Require port to be a valid port or range, or be any
-            if (!is_port_or_range($this->initial_data['srcport']) and $this->initial_data['srcport'] !== "any") {
+            if (!is_port_or_range_or_alias($this->initial_data['srcport']) and $this->initial_data['srcport'] !== "any") {
                     $this->errors[] = APIResponse\get(4013);
             }
             # If our value is not any, replace the port range character with a - and save the value
@@ -188,7 +186,7 @@ class APIFirewallNATPortForwardUpdate extends APIModel {
         if ($this->port_required or (isset($this->initial_data['dstport']) and $this->port_protocol)) {
             $this->initial_data['dstport'] = str_replace("-", ":", $this->initial_data['dstport']);
             # Require port to be a valid port or range, or be any
-            if (!is_port_or_range($this->initial_data['dstport']) and $this->initial_data['dstport'] !== "any") {
+            if (!is_port_or_range_or_alias($this->initial_data['dstport']) and $this->initial_data['dstport'] !== "any") {
                 $this->errors[] = APIResponse\get(4014);
             }
             # If our value is not any, replace the port range character with a - and save the value

pfSense-pkg-API/files/etc/inc/api/models/APISystemDNSRead.inc

@@ -39,8 +39,21 @@ class APISystemDNSRead extends APIModel {
         if (array_key_exists("dnsallowoverride", $this->config["system"])) {
             $this->validated_data["dnsallowoverride"] = true;
         }
-        if (array_key_exists("dnslocalhost", $this->config["system"])) {
-            $this->validated_data["dnslocalhost"] = true;
+
+        # Validate this field as needed for pfSense 2.4.x
+        # TODO: remove this conditional once pfSense 2.4 nears EOL
+        if (APITools\get_pfsense_version()["program"] < 250) {
+            if (array_key_exists("dnslocalhost", $this->config["system"])) {
+                $this->validated_data["dnslocalhost"] = true;
+            }
+        }
+        else {
+            if ($this->config["system"]["dnslocalhost"] === "remote") {
+                $this->validated_data["dnslocalhost"] = false;
+            } else {
+                $this->validated_data["dnslocalhost"] = true;
+            }
         }
+
     }
 }

pfSense-pkg-API/files/etc/inc/api/models/APISystemDNSServerCreate.inc

@@ -27,34 +27,28 @@ class APISystemDNSServerCreate extends APIModel {
     }
 
     public function action() {
+        # Write changes to config and apply backend changes
         $this->config["system"]["dnsserver"] = $this->validated_data["dnsserver"];
-        $this->write_config();    // Apply our configuration change
+        $this->write_config();
+        $this->apply_backend_changes();
 
-        // Update a slew of backend services
-        system_resolvconf_generate();
-        if (isset($this->config['dnsmasq']['enable'])) {
-            services_dnsmasq_configure();
-        } elseif (isset($this->config['unbound']['enable'])) {
-            services_unbound_configure();
-        }
-
-        // Reload DNS services and firewall filter
-        send_event("service reload dns");
-        filter_configure();
         return APIResponse\get(0, $this->validated_data);
     }
 
     public function validate_payload() {
-        if (isset($this->initial_data['dnsserver'])) {
-            $this->validated_data["dnsserver"] = $this->config["system"]["dnsserver"];
+        $this->validated_data["dnsserver"] = $this->config["system"]["dnsserver"];
+        $this->__validate_dnsserver();
+    }
 
+    public function __validate_dnsserver() {
+        # Validate the optional `dnsserver` payload value
+        if (isset($this->initial_data['dnsserver'])) {
             # If values are not an array, convert it
             if (!is_array($this->initial_data["dnsserver"])) {
                 $this->initial_data["dnsserver"] = array($this->initial_data["dnsserver"]);
             }
             if (!is_array($this->validated_data["dnsserver"])) {
                 $this->validated_data["dnsserver"] = [$this->validated_data["dnsserver"]];
-
             }
 
             # Loop through each requested DNS server and ensure it is valid. Add this to our existing servers.
@@ -67,7 +61,25 @@ class APISystemDNSServerCreate extends APIModel {
                     $this->validated_data["dnsserver"][] = $ds;
                 }
             }
-            $this->validated_data = array_filter($this->validated_data);
+
+            # Ensure array values are unique, reindexed and purge duplicate items
+            $this->validated_data["dnsserver"] = array_filter($this->validated_data["dnsserver"]);
+            $this->validated_data["dnsserver"] = array_unique($this->validated_data["dnsserver"]);
+            $this->validated_data["dnsserver"] = array_values($this->validated_data["dnsserver"]);
+        }
+    }
+
+    public function apply_backend_changes() {
+        # Update a slew of backend services
+        system_resolvconf_generate();
+        if (isset($this->config['dnsmasq']['enable'])) {
+            services_dnsmasq_configure();
+        } elseif (isset($this->config['unbound']['enable'])) {
+            services_unbound_configure();
         }
+
+        # Reload DNS services and firewall filter
+        send_event("service reload dns");
+        filter_configure();
     }
 }

pfSense-pkg-API/files/etc/inc/api/models/APISystemDNSServerDelete.inc

@@ -27,37 +27,56 @@ class APISystemDNSServerDelete extends APIModel {
     }
 
     public function action() {
-        $this->write_config();    // Apply our configuration change
-        // Update a slew of backend services
-        system_resolvconf_generate();
-        if (isset($this->config['dnsmasq']['enable'])) {
-            services_dnsmasq_configure();
-        } elseif (isset($this->config['unbound']['enable'])) {
-            services_unbound_configure();
-        }
-        send_event("service reload dns");
-        filter_configure();
+        $this->config["system"]["dnsserver"] = $this->validated_data["dnsserver"];
+        $this->write_config();
+        $this->apply_backend_changes();
         return APIResponse\get(0, $this->validated_data);
     }
 
     public function validate_payload() {
+        $this->validated_data["dnsserver"] = $this->config["system"]["dnsserver"];
+        $this->__validate_dnsserver();
+    }
+
+    private function __validate_dnsserver() {
+        # Validate the optional `dnsserver` payload value
         if (isset($this->initial_data['dnsserver'])) {
             $del_server = $this->initial_data['dnsserver'];
-            $curr_servers = $this->config["system"]["dnsserver"];
             $del_server = (!is_array($del_server)) ? array($del_server) : $del_server;
+
+            # Ensure our config is array
+            if (!is_array($this->validated_data["dnsserver"])) {
+                $this->validated_data["dnsserver"] = array($this->validated_data["dnsserver"]);
+            }
+
+            # Loop through each requested DNS server to delete
             foreach ($del_server as $ds) {
-                // Ensure our config is array
-                if (!is_array($curr_servers)) {
-                    $curr_servers = array($this->config["system"]["dnsserver"]);
-                }
-                // Loop through each server and check for matches, delete on match
-                foreach ($curr_servers as $id => $cs) {
+                # Loop through each server and check for matches, delete on match
+                foreach ($this->validated_data["dnsserver"] as $id => $cs) {
                     if ($ds === $cs) {
-                        $this->validated_data["dnsserver"][] = $ds;
-                        unset($this->config["system"]["dnsserver"][$id]);
+                        unset($this->validated_data["dnsserver"][$id]);
                     }
                 }
             }
+
+            # Ensure array values are unique, reindexed and purge duplicate items
+            $this->validated_data["dnsserver"] = array_filter($this->validated_data["dnsserver"]);
+            $this->validated_data["dnsserver"] = array_unique($this->validated_data["dnsserver"]);
+            $this->validated_data["dnsserver"] = array_values($this->validated_data["dnsserver"]);
         }
     }
+
+    public function apply_backend_changes() {
+        # Update a slew of backend services
+        system_resolvconf_generate();
+        if (isset($this->config['dnsmasq']['enable'])) {
+            services_dnsmasq_configure();
+        } elseif (isset($this->config['unbound']['enable'])) {
+            services_unbound_configure();
+        }
+
+        # Reload DNS services and firewall filter
+        send_event("service reload dns");
+        filter_configure();
+    }
 }

pfSense-pkg-API/files/etc/inc/api/models/APISystemDNSUpdate.inc

@@ -27,47 +27,67 @@ class APISystemDNSUpdate extends APIModel {
     }
 
     public function action() {
-        $this->write_config();    // Apply our configuration change
-        // Update a slew of backend services
-        system_resolvconf_generate();
-        if (isset($this->config['dnsmasq']['enable'])) {
-            services_dnsmasq_configure();
-        } elseif (isset($this->config['unbound']['enable'])) {
-            services_unbound_configure();
-        }
-
-        // Reload DNS services and firewall filter
-        send_event("service reload dns");
-        filter_configure();
+        $this->write_config();
+        $this->apply_backend_changes();
         return APIResponse\get(0, (new APISystemDNSRead())->action()["data"]);
     }
 
     public function validate_payload() {
-        if (isset($this->initial_data['dnsserver'])) {
-            $this->initial_data["dnsserver"] = $this->initial_data['dnsserver'];
-            // If value is not an array, convert it
-            if (!is_array($this->initial_data["dnsserver"])) {
-                $this->initial_data["dnsserver"] = array($this->initial_data["dnsserver"]);
-            }
-            // Loop through our DNS servers and check that entry is valid
-            foreach ($this->initial_data["dnsserver"] as $ds) {
-                // Check if our DNS server is valid
-                if (!is_ipaddrv4($ds) and !is_ipaddrv6($ds)) {
-                    $this->errors[] = APIResponse\get(1007);
-                }
-            }
-            // Add our system DNS values to validated data
-            $this->config["system"]["dnsserver"] = $this->initial_data["dnsserver"];
-        }
+        $this->__validate_dnsserver();
+        $this->__validate_dnsallowoverride();
+        $this->__validate_dnslocalhost();
+    }
+
+    private function __validate_dnsallowoverride() {
         if ($this->initial_data['dnsallowoverride'] === true) {
             $this->config["system"]["dnsallowoverride"] = "";
         } elseif ($this->initial_data['dnsallowoverride'] === false) {
             unset($this->config["system"]["dnsallowoverride"]);
         }
-        if ($this->initial_data['dnslocalhost'] === true) {
-            $this->config["system"]["dnslocalhost"] = "";
-        } elseif ($this->initial_data['dnslocalhost'] === false) {
-            unset($this->config["system"]["dnslocalhost"]);
+    }
+
+    private function __validate_dnslocalhost() {
+        # Validate this field as needed for pfSense 2.4.x
+        # TODO: remove this conditional once pfSense 2.4 nears EOL
+        if (APITools\get_pfsense_version()["program"] < 250) {
+            if ($this->initial_data['dnslocalhost'] === true) {
+                $this->config["system"]["dnslocalhost"] = "";
+            } elseif ($this->initial_data['dnslocalhost'] === false) {
+                unset($this->config["system"]["dnslocalhost"]);
+            }
         }
+        # Validate this field as needed for pfSense 2.5+
+        else {
+            if ($this->initial_data['dnslocalhost'] === true) {
+                unset($this->config["system"]["dnslocalhost"]);
+            } elseif ($this->initial_data['dnslocalhost'] === false) {
+                $this->config["system"]["dnslocalhost"] = "remote";
+            }
+        }
+    }
+
+    private function __validate_dnsserver() {
+        if (isset($this->initial_data['dnsserver'])) {
+            # Use an internal API call to the APISystemDNSServerCreate model
+            $dns_server_c = new APISystemDNSServerCreate();
+            $dns_server_c->initial_data["dnsserver"] = $this->initial_data["dnsserver"];
+            $dns_server_c->__validate_dnsserver();
+            $this->errors = $this->errors + $dns_server_c->errors;
+            $this->config["system"]["dnsserver"] = $dns_server_c->validated_data["dnsserver"];
+        }
+    }
+
+    public function apply_backend_changes() {
+        # Update a slew of backend services
+        system_resolvconf_generate();
+        if (isset($this->config['dnsmasq']['enable'])) {
+            services_dnsmasq_configure();
+        } elseif (isset($this->config['unbound']['enable'])) {
+            services_unbound_configure();
+        }
+
+        # Reload DNS services and firewall filter
+        send_event("service reload dns");
+        filter_configure();
     }
 }