From c25675834ed53c4846e96520a52b1e1b0a0b6d79 Mon Sep 17 00:00:00 2001 From: Ely Deckers Date: Fri, 18 Feb 2022 12:58:53 +0100 Subject: [PATCH] Use correct method names and hide private --- pfsense_zbx.php | 1022 ++++++++++++++++++++++++----------------------- 1 file changed, 517 insertions(+), 505 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 98e0f9f..f5bedf6 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -96,23 +96,6 @@ define('SMART_DEV_STATUS', [ SMART_DEV_UNKNOWN => SMART_UNKNOWN ]); -define("DHCP_SECTIONS", [ - "failover" => function () { - echo PfzCommands::pfz_dhcp_check_failover(); - }, -]); - -define("OPENVPN_SERVER_VALUES", [ - // Client Connections: is an array so it is sufficient to count elements - "conns" => fn($server_value) => is_array($server_value) ? count($server_value) : 0, - "status" => fn($server_value) => PfzCommands::pfz_value_mapping("openvpn.server.status", $server_value), - "mode" => fn($server_value) => PfzCommands::pfz_value_mapping("openvpn.server.mode", $server_value) -]); - -define("IPSEC_PH1_VALUES", [ - 'status' => fn($ike_id) => PfzCommands::pfz_ipsec_status($ike_id), - 'disabled' => fn() => "0", -]); define("SERVICES_VALUES", [ "status" => function ($service) { @@ -303,9 +286,24 @@ class Util class PfzDiscoveries { + public static function pfz_gw() + { + $gws = PfEnv::return_gateways_status(true); + + $json_string = '{"data":['; + foreach ($gws as $gw) { + $json_string .= '{"{#GATEWAY}":"' . $gw['name'] . '"'; + $json_string .= '},'; + } + $json_string = rtrim($json_string, ","); + $json_string .= "]}"; + + echo $json_string; + } + // Interface Discovery // Improved performance - public static function pfz_interface_discovery($is_wan = false, $is_cron = false) + private static function discover_interface($is_wan = false, $is_cron = false) { $ifdescrs = PfEnv::get_configured_interface_with_descr(true); $ifaces = PfEnv::get_interface_arr(); @@ -354,9 +352,14 @@ class PfzDiscoveries echo $json_string; } - public static function pfz_openvpn_serverdiscovery() + public static function pfz_wan($is_wan = false, $is_cron = false) { - $servers = PfzCommands::pfz_openvpn_get_all_servers(); + self::discover_interface(true); + } + + public static function pfz_openvpn_server() + { + $servers = PfzOpenVpn::get_all_openvpn_servers(); $json_string = '{"data":['; @@ -374,9 +377,9 @@ class PfzDiscoveries } // OpenVPN Server/User-Auth Discovery - public static function pfz_openvpn_server_userdiscovery() + public static function pfz_openvpn_server_user() { - $servers = PfzCommands::pfz_openvpn_get_all_servers(); + $servers = PfzOpenVpn::get_all_openvpn_servers(); $json_string = '{"data":['; @@ -405,94 +408,8 @@ class PfzDiscoveries echo $json_string; } - public static function pfz_gw_discovery() - { - $gws = PfEnv::return_gateways_status(true); - - $json_string = '{"data":['; - foreach ($gws as $gw) { - $json_string .= '{"{#GATEWAY}":"' . $gw['name'] . '"'; - $json_string .= '},'; - } - $json_string = rtrim($json_string, ","); - $json_string .= "]}"; - - echo $json_string; - } - - // IPSEC Discovery - public static function pfz_ipsec_discovery_ph1() - { - - require_once("ipsec.inc"); - $config = PfEnv::cfg(); - PfEnv::init_config_arr(array('ipsec', 'phase1')); - $a_phase1 = &$config['ipsec']['phase1']; - - $json_string = '{"data":['; - - foreach ($a_phase1 as $data) { - $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; - $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; - $json_string .= '},'; - } - - $json_string = rtrim($json_string, ","); - $json_string .= "]}"; - - echo $json_string; - - } - - public static function pfz_ipsec_discovery_ph2() - { - - require_once("ipsec.inc"); - - $config = PfEnv::cfg(); - PfEnv::init_config_arr(array('ipsec', 'phase2')); - $a_phase2 = &$config['ipsec']['phase2']; - - $json_string = '{"data":['; - - foreach ($a_phase2 as $data) { - $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; - $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; - $json_string .= ',"{#UNIQID}":"' . $data['uniqid'] . '"'; - $json_string .= ',"{#REQID}":"' . $data['reqid'] . '"'; - $json_string .= ',"{#EXTID}":"' . $data['ikeid'] . '.' . $data['reqid'] . '"'; - $json_string .= '},'; - } - - $json_string = rtrim($json_string, ","); - $json_string .= "]}"; - - echo $json_string; - - } - - public static function pfz_dhcpfailover_discovery() - { - //System public static functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait - require_once("system.inc"); - $leases = PfEnv::system_get_dhcpleases(); - - $json_string = '{"data":['; - - if (count($leases['failover']) > 0) { - foreach ($leases['failover'] as $data) { - $json_string .= '{"{#FAILOVER_GROUP}":"' . str_replace(" ", "__", $data['name']) . '"'; - } - } - - $json_string = rtrim($json_string, ","); - $json_string .= "]}"; - - echo $json_string; - } - // OpenVPN Client Discovery - public static function pfz_openvpn_clientdiscovery() + public static function pfz_openvpn_client() { $clients = PfEnv::openvpn_get_active_clients(); @@ -541,73 +458,87 @@ class PfzDiscoveries echo $json_string; } -} -class PfzCommands -{ - // Testing function, for template creating purpose - public static function pfz_test() + public static function pfz_interfaces($is_wan = false, $is_cron = false) { - $line = "-------------------\n"; + self::discover_interface(); + } - $ovpn_servers = self::pfz_openvpn_get_all_servers(); - echo "OPENVPN Servers:\n"; - print_r($ovpn_servers); - echo $line; - - $ovpn_clients = PfEnv::openvpn_get_active_clients(); - echo "OPENVPN Clients:\n"; - print_r($ovpn_clients); - echo $line; - - $ifdescrs = PfEnv::get_configured_interface_with_descr(true); - $ifaces = array(); - foreach ($ifdescrs as $ifdescr => $ifname) { - $ifinfo = PfEnv::get_interface_info($ifdescr); - $ifaces[$ifname] = $ifinfo; - } - echo "Network Interfaces:\n"; - print_r($ifaces); - print_r(PfEnv::get_interface_arr()); - print_r(PfEnv::get_configured_interface_list()); - echo $line; - - $services = PfEnv::get_services(); - echo "Services: \n"; - print_r($services); - echo $line; - - echo "IPsec: \n"; + // IPSEC Discovery + public static function pfz_ipsec_ph1() + { require_once("ipsec.inc"); $config = PfEnv::cfg(); PfEnv::init_config_arr(array('ipsec', 'phase1')); - PfEnv::init_config_arr(array('ipsec', 'phase2')); - $a_phase2 = &$config['ipsec']['phase2']; - $status = PfEnv::ipsec_list_sa(); - echo "IPsec Status: \n"; - print_r($status); - $a_phase1 = &$config['ipsec']['phase1']; - $a_phase2 = &$config['ipsec']['phase2']; - echo "IPsec Config Phase 1: \n"; - print_r($a_phase1); + $json_string = '{"data":['; - echo "IPsec Config Phase 2: \n"; - print_r($a_phase2); + foreach ($a_phase1 as $data) { + $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; + $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; + $json_string .= '},'; + } - echo $line; + $json_string = rtrim($json_string, ","); + $json_string .= "]}"; + + echo $json_string; - //Packages - echo "Packages: \n"; - require_once("pkg-utils.inc"); - $installed_packages = PfEnv::get_pkg_info('all', false, true); - print_r($installed_packages); } + public static function pfz_ipsec_ph2() + { + require_once("ipsec.inc"); + + $config = PfEnv::cfg(); + PfEnv::init_config_arr(array('ipsec', 'phase2')); + $a_phase2 = &$config['ipsec']['phase2']; + + $json_string = '{"data":['; + + foreach ($a_phase2 as $data) { + $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; + $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; + $json_string .= ',"{#UNIQID}":"' . $data['uniqid'] . '"'; + $json_string .= ',"{#REQID}":"' . $data['reqid'] . '"'; + $json_string .= ',"{#EXTID}":"' . $data['ikeid'] . '.' . $data['reqid'] . '"'; + $json_string .= '},'; + } + + $json_string = rtrim($json_string, ","); + $json_string .= "]}"; + + echo $json_string; + + } + + public static function pfz_dhcpfailover() + { + //System public static functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait + require_once("system.inc"); + $leases = PfEnv::system_get_dhcpleases(); + + $json_string = '{"data":['; + + if (count($leases['failover']) > 0) { + foreach ($leases['failover'] as $data) { + $json_string .= '{"{#FAILOVER_GROUP}":"' . str_replace(" ", "__", $data['name']) . '"'; + } + } + + $json_string = rtrim($json_string, ","); + $json_string .= "]}"; + + echo $json_string; + } +} + +class PfzSpeedtest +{ // Interface Speedtest - public static function pfz_interface_speedtest_value($ifname, $value) + public static function pfz_interface_speedtest_value($if_name, $value) { $tvalue = explode(".", $value); @@ -617,7 +548,7 @@ class PfzCommands } //If the interface has a gateway is considered WAN, so let's do the speedtest - $filename = "/tmp/speedtest-$ifname"; + $filename = "/tmp/speedtest-$if_name"; if (file_exists($filename)) { $speedtest_data = json_decode(file_get_contents($filename), true); @@ -629,34 +560,8 @@ class PfzCommands echo $speedtest_data[$value][$subvalue]; } } - } - // This is supposed to run via cron job - public static function pfz_speedtest_cron() - { - require_once("services.inc"); - $ifdescrs = PfEnv::get_configured_interface_with_descr(true); - $ifaces = PfEnv::get_interface_arr(); - $pf_interface_name = ''; - $subvalue = false; - - $ifcs = PfzDiscoveries::pfz_interface_discovery(true, true); - - foreach ($ifcs as $ifname) { - - foreach ($ifdescrs as $ifn => $ifd) { - $ifinfo = PfEnv::get_interface_info($ifn); - if ($ifinfo['hwif'] == $ifname) { - $pf_interface_name = $ifn; - break; - } - } - - self::pfz_speedtest_exec($ifname, $ifinfo['ipaddr']); - - } - } // Installs a cron job for speedtests public static function pfz_speedtest_cron_install($enable = true) @@ -666,10 +571,10 @@ class PfzCommands PfEnv::install_cron_job($command, $enable, $minute = "*/15", "*", "*", "*", "*", "root", true); } - public static function pfz_speedtest_exec($ifname, $ipaddr): bool + public static function pfz_speedtest_exec($if_name, $ip_address): bool { - $filename = "/tmp/speedtest-$ifname"; + $filename = "/tmp/speedtest-$if_name"; $filetemp = "$filename.tmp"; $filerun = "/tmp/speedtest-run"; @@ -683,7 +588,7 @@ class PfzCommands if (file_exists($filerun) == false) { touch($filerun); - $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filetemp"; + $st_command = "/usr/local/bin/speedtest --source $ip_address --json > $filetemp"; exec($st_command); rename($filetemp, $filename); @unlink($filerun); @@ -692,69 +597,90 @@ class PfzCommands return true; } +} - - // OpenVPN Server Discovery - public static function pfz_openvpn_get_all_servers() +class PfzOpenVpn +{ + public static function get_all_openvpn_servers() { $servers = PfEnv::openvpn_get_active_servers(); $sk_servers = PfEnv::openvpn_get_active_servers("p2p"); $servers = array_merge($servers, $sk_servers); return ($servers); } +} - public static function pfz_retrieve_server_value($maybe_server, $value_key) +class PfzCommands +{ + public static function pfz_discovery($section) { - if (empty($maybe_server)) { - return null; + $is_known_section = in_array(strtolower($section), DISCOVERY_SECTION_HANDLERS); + if (!$is_known_section) { + return; } - $raw_value = $maybe_server[$value_key]; - - if (in_array($maybe_server["mode"], ["server_user", "server_tls_user", "server_tls"])) { - return $raw_value == "" ? "server_user_listening" : $raw_value; - } - - if ($maybe_server["mode"] == "p2p_tls") { - // For p2p_tls, ensure we have one client, and return up if it's the case - if ($raw_value == "") { - $has_at_least_one_connection = - is_array($maybe_server["conns"]) && count($maybe_server["conns"]) > 0; - - return $has_at_least_one_connection ? "up" : "down"; - } - } - - return $raw_value; + DISCOVERY_SECTION_HANDLERS[$section](); } - // Get OpenVPN Server Value - public static function pfz_openvpn_server_value($server_id, $value_key) + public static function pfz_gw_value($gw, $value_key) { - $servers = self::pfz_openvpn_get_all_servers(); + $gws = PfEnv::return_gateways_status(true); + if (array_key_exists($gw, $gws)) { + $value = $gws[$gw][$value_key]; + if ($value_key == "status") { + //Issue #70: Gateway Forced Down + if ($gws[$gw]["substatus"] <> "none") + $value = $gws[$gw]["substatus"]; + + $value = self::pfz_value_mapping("gateway.status", $value); + } + echo $value; + } + } + + public static function pfz_gw_status() + { + echo implode(",", + array_map( + fn($gw) => sprintf("%s.%s", $gw['name'], $gw['status']), + PfEnv::return_gateways_status(true))); + } + + public static function pfz_if_speedtest_value($if_name, $value) + { + PfzSpeedtest::pfz_speedtest_cron_install(); + PfzSpeedtest::pfz_interface_speedtest_value($if_name, $value); + } + + public static function pfz_openvpn_servervalue($server_id, $value_key) + { + $servers = self::get_all_openvpn_servers(); $maybe_server = Util::array_first($servers, fn($s) => $s['vpnid'] == $server_id); - $server_value = self::pfz_retrieve_server_value($maybe_server, $value_key); + $server_value = self::get_server_value($maybe_server, $value_key); - $is_known_value_key = array_key_exists($value_key, OPENVPN_SERVER_VALUES); - if ($is_known_value_key) { - echo OPENVPN_SERVER_VALUES[$value_key]($server_value); + if ($value_key == "conns") { + echo is_array($server_value) ? count($server_value) : 0; + return; + } + + if (in_array($value_key, ["status", "mode"])) { + echo PfzCommands::pfz_value_mapping("openvpn.server.status", $server_value); return; } echo $server_value; } - // Get OpenVPN User Connected Value - public static function pfz_openvpn_server_uservalue($unique_id, $value_key, $default = "") + private static function pfz_openvpn_server_uservalue_($unique_id, $value_key, $default = "") { $unique_id = Util::replace_special_chars($unique_id, true); $atpos = strpos($unique_id, '+'); $server_id = substr($unique_id, 0, $atpos); $user_id = substr($unique_id, $atpos + 1); - $servers = self::pfz_openvpn_get_all_servers(); + $servers = PfzOpenVpn::get_all_openvpn_servers(); foreach ($servers as $server) { if ($server['vpnid'] == $server_id) { foreach ($server['conns'] as $conn) { @@ -764,11 +690,22 @@ class PfzCommands } } } - if ($value == "") $value = $default; - echo $value; + + return ($value == "") ? $default : $value; } - public static function pfz_openvpn_client_value($client_id, $value_key, $fallback_value = "none") + public static function pfz_openvpn_server_uservalue($unique_id, $value_key) + { + return self::pfz_openvpn_server_uservalue_($unique_id, $value_key); + } + + public static function pfz_openvpn_server_uservalue_numeric($unique_id, $value_key) + { + return self::pfz_openvpn_server_uservalue_($unique_id, $value_key, "0"); + } + + + public static function pfz_openvpn_clientvalue($client_id, $value_key, $fallback_value = "none") { $clients = PfEnv::openvpn_get_active_clients(); @@ -788,9 +725,6 @@ class PfzCommands return ($maybe_value == "") ? $fallback_value : $maybe_value; } - // Get service value - // 2020-03-27: Added space replace in service name for issue #12 - // 2020-09-28: Corrected Space Replace public static function pfz_service_value($name, $value) { $services = PfEnv::get_services(); @@ -825,172 +759,6 @@ class PfzCommands } } - public static function pfz_gw_value($gw, $value_key) - { - $gws = PfEnv::return_gateways_status(true); - if (array_key_exists($gw, $gws)) { - $value = $gws[$gw][$value_key]; - if ($value_key == "status") { - //Issue #70: Gateway Forced Down - if ($gws[$gw]["substatus"] <> "none") - $value = $gws[$gw]["substatus"]; - - $value = self::pfz_value_mapping("gateway.status", $value); - } - echo $value; - } - } - - public static function pfz_ipsec_ph1($ike_id, $value_key) - { - // Get Value from IPsec Phase 1 Configuration - // If Getting "disabled" value only check item presence in config array - require_once("ipsec.inc"); - $config = PfEnv::cfg(); - PfEnv::init_config_arr(array('ipsec', 'phase1')); - $a_phase1 = &$config['ipsec']['phase1']; - - $is_known_ipsec_key = array_key_exists($value_key, IPSEC_PH1_VALUES); - if ($is_known_ipsec_key) { - echo IPSEC_PH1_VALUES[$value_key]($ike_id); - return; - } - - $maybe_ike_match = Util::array_first($a_phase1, fn($d) => $d["ikeid"] == $ike_id); - if (empty($maybe_ike_match)) { - echo ""; - return; - } - - if (!array_key_exists($value_key, $maybe_ike_match)) { - echo ""; - return; - } - - if ($value_key == 'disabled') { - echo "1"; - return; - } - - echo self::pfz_value_mapping("ipsec." . $value_key, $maybe_ike_match[$value_key]); - } - - public static function pfz_ipsec_ph2($uniqid, $value_key) - { - require_once("ipsec.inc"); - $config = PfEnv::cfg(); - PfEnv::init_config_arr(array('ipsec', 'phase2')); - $a_phase2 = &$config['ipsec']['phase2']; - - $valuecfr = explode(".", $value_key); - - switch ($valuecfr[0]) { - case 'status': - $idarr = explode(".", $uniqid); - $statuskey = "state"; - if (isset($valuecfr[1])) $statuskey = $valuecfr[1]; - $value = self::pfz_ipsec_status($idarr[0], $idarr[1], $statuskey); - break; - case 'disabled': - $value = "0"; - } - - foreach ($a_phase2 as $data) { - if ($data['uniqid'] == $uniqid) { - if (array_key_exists($value_key, $data)) { - if ($value_key == 'disabled') - $value = "1"; - else - $value = self::pfz_value_mapping("ipsec_ph2." . $value_key, $data[$value_key], $data[$value_key]); - break; - } - } - } - echo $value; - } - - public static function pfz_ipsec_status($ike_id, $req_id = -1, $value_key = 'state') - { - - require_once("ipsec.inc"); - $config = PfEnv::cfg(); - PfEnv::init_config_arr(array('ipsec', 'phase1')); - - $a_phase1 = &$config['ipsec']['phase1']; - $conmap = array(); - foreach ($a_phase1 as $ph1ent) { - if (function_exists('get_ipsecifnum')) { - if (PfEnv::get_ipsecifnum($ph1ent['ikeid'], 0)) { - $cname = "con" . PfEnv::get_ipsecifnum($ph1ent['ikeid'], 0); - } else { - $cname = "con{$ph1ent['ikeid']}00000"; - } - } else { - $cname = ipsec_conid($ph1ent); - } - - $conmap[$cname] = $ph1ent['ikeid']; - } - - $status = PfEnv::ipsec_list_sa(); - $ipsecconnected = array(); - - $carp_status = self::pfz_carp_status(false); - - //Phase-Status match borrowed from status_ipsec.php - if (is_array($status)) { - foreach ($status as $l_ikeid => $ikesa) { - - if (isset($ikesa['con-id'])) { - $con_id = substr($ikesa['con-id'], 3); - } else { - $con_id = filter_var($ike_id, FILTER_SANITIZE_NUMBER_INT); - } - $con_name = "con" . $con_id; - if ($ikesa['version'] == 1) { - $ph1idx = $conmap[$con_name]; - $ipsecconnected[$ph1idx] = $ph1idx; - } else { - if (!PfEnv::ipsec_ikeid_used($con_id)) { - // probably a v2 with split connection then - $ph1idx = $conmap[$con_name]; - $ipsecconnected[$ph1idx] = $ph1idx; - } else { - $ipsecconnected[$con_id] = $ph1idx = $con_id; - } - } - if ($ph1idx == $ike_id) { - if ($req_id != -1) { - // Asking for Phase2 Status Value - foreach ($ikesa['child-sas'] as $childsas) { - if ($childsas['reqid'] == $req_id) { - if (strtolower($childsas['state']) == 'rekeyed') { - //if state is rekeyed go on - $tmp_value = $childsas[$value_key]; - } else { - $tmp_value = $childsas[$value_key]; - break; - } - } - } - } else { - $tmp_value = $ikesa[$value_key]; - } - - break; - } - } - } - - if ($value_key == "state") { - $v = self::pfz_value_mapping('ipsec.state', strtolower($tmp_value)); - - return ($carp_status != 0) ? $v + (10 * ($carp_status - 1)) : $v; - } - - return $tmp_value; - } - function pfz_temperature_sensors_discovery() { @@ -1078,8 +846,354 @@ class PfzCommands } + // System Information + public static function pfz_get_system_value($section) + { + if ($section === "packages_update") { + echo self::get_outdated_packages(); + return; + } + + $system_pkg_version = PfEnv::get_system_pkg_version(); + $version = $system_pkg_version["version"]; + $installed_version = $system_pkg_version["installed_version"]; + + if ($section === "new_version_available") { + echo Util::b2int($version != $installed_version); + return; + } + + if (array_key_exists($section, $system_pkg_version)) { + echo $system_pkg_version[$section]; + } + } + + public static function pfz_ipsec_ph1($ike_id, $value_key) + { + // Get Value from IPsec Phase 1 Configuration + // If Getting "disabled" value only check item presence in config array + require_once("ipsec.inc"); + $config = PfEnv::cfg(); + PfEnv::init_config_arr(array('ipsec', 'phase1')); + $a_phase1 = &$config['ipsec']['phase1']; + + if ($value_key == "status") { + echo PfzCommands::get_ipsec_status($ike_id); + return; + } + + if ($value_key == "disabled") { + echo "0"; + return; + } + + $maybe_ike_match = Util::array_first($a_phase1, fn($d) => $d["ikeid"] == $ike_id); + if (empty($maybe_ike_match)) { + echo ""; + return; + } + + if (!array_key_exists($value_key, $maybe_ike_match)) { + echo ""; + return; + } + + echo self::pfz_value_mapping("ipsec." . $value_key, $maybe_ike_match[$value_key]); + } + + public static function pfz_ipsec_ph2($uniqid, $value_key) + { + require_once("ipsec.inc"); + $config = PfEnv::cfg(); + PfEnv::init_config_arr(array('ipsec', 'phase2')); + $a_phase2 = &$config['ipsec']['phase2']; + + $valuecfr = explode(".", $value_key); + + switch ($valuecfr[0]) { + case 'status': + $idarr = explode(".", $uniqid); + $statuskey = "state"; + if (isset($valuecfr[1])) $statuskey = $valuecfr[1]; + $value = self::get_ipsec_status($idarr[0], $idarr[1], $statuskey); + break; + case 'disabled': + $value = "0"; + } + + foreach ($a_phase2 as $data) { + if ($data['uniqid'] == $uniqid) { + if (array_key_exists($value_key, $data)) { + if ($value_key == 'disabled') + $value = "1"; + else + $value = self::pfz_value_mapping("ipsec_ph2." . $value_key, $data[$value_key], $data[$value_key]); + break; + } + } + } + echo $value; + } + + public static function pfz_dhcp($section) + { + if ($section != "failover") { + return; + } + + echo PfzCommands::check_dhcp_failover(); + } + + // File is present + public static function pfz_file_exists($filename) + { + echo Util::b2int(file_exists($filename)); + } + + public static function pfz_speedtest_cron() + { + require_once("services.inc"); + $ifdescrs = PfEnv::get_configured_interface_with_descr(true); + $ifaces = PfEnv::get_interface_arr(); + $pf_interface_name = ''; + $subvalue = false; + + $ifcs = PfzDiscoveries::pfz_interface_discovery(true, true); + + foreach ($ifcs as $if_name) { + + foreach ($ifdescrs as $ifn => $ifd) { + $if_info = PfEnv::get_interface_info($ifn); + if ($if_info['hwif'] == $if_name) { + $pf_interface_name = $ifn; + break; + } + } + + PfzSpeedtest::pfz_speedtest_exec($if_name, $if_info['ipaddr']); + } + } + + public static function pfz_cron_cleanup() + { + PfzSpeedtest::pfz_speedtest_cron_install(false); + } + + // S.M.A.R.T Status + // Taken from /usr/local/www/widgets/widgets/smart_status.widget.php + public static function pfz_smart_status() + { + foreach (PfEnv::get_smart_drive_list() as $dev) { ## for each found drive do + $dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit} +/^SMART Health Status/ {print $2;exit}'")); ## get SMART state from drive + $is_known_state = array_key_exists($dev_state, SMART_DEV_STATUS); + if (!$is_known_state) { + return SMART_ERROR; // ED This is probably a bug, status should be echoed + } + + $status = SMART_DEV_STATUS[$dev_state]; + if ($status !== SMART_OK) { + return $status; // ED This is probably a bug, status should be echoed + } + } + + echo SMART_OK; + } + + public static function pfz_cert_date($value_key) + { + $config = PfEnv::cfg(); + + $value = 0; + foreach (array("cert", "ca") as $cert_type) { + switch ($value_key) { + case "validFrom.max": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[PfEnv::CRT])); + if ($value == 0 or $value < $certinfo['validFrom_time_t']) $value = $certinfo['validFrom_time_t']; + } + break; + case "validTo.min": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[PfEnv::CRT])); + if ($value == 0 or $value > $certinfo['validTo_time_t']) $value = $certinfo['validTo_time_t']; + } + break; + } + } + echo $value; + } + + // Testing function, for template creating purpose + public static function pfz_test() + { + $line = "-------------------\n"; + + $ovpn_servers = PfzOpenVpn::get_all_openvpn_servers(); + echo "OPENVPN Servers:\n"; + print_r($ovpn_servers); + echo $line; + + $ovpn_clients = PfEnv::openvpn_get_active_clients(); + echo "OPENVPN Clients:\n"; + print_r($ovpn_clients); + echo $line; + + $ifdescrs = PfEnv::get_configured_interface_with_descr(true); + $ifaces = array(); + foreach ($ifdescrs as $ifdescr => $ifname) { + $ifinfo = PfEnv::get_interface_info($ifdescr); + $ifaces[$ifname] = $ifinfo; + } + echo "Network Interfaces:\n"; + print_r($ifaces); + print_r(PfEnv::get_interface_arr()); + print_r(PfEnv::get_configured_interface_list()); + echo $line; + + $services = PfEnv::get_services(); + echo "Services: \n"; + print_r($services); + echo $line; + + echo "IPsec: \n"; + + require_once("ipsec.inc"); + $config = PfEnv::cfg(); + PfEnv::init_config_arr(array('ipsec', 'phase1')); + PfEnv::init_config_arr(array('ipsec', 'phase2')); + $a_phase2 = &$config['ipsec']['phase2']; + $status = PfEnv::ipsec_list_sa(); + echo "IPsec Status: \n"; + print_r($status); + + $a_phase1 = &$config['ipsec']['phase1']; + $a_phase2 = &$config['ipsec']['phase2']; + + echo "IPsec Config Phase 1: \n"; + print_r($a_phase1); + + echo "IPsec Config Phase 2: \n"; + print_r($a_phase2); + + echo $line; + + //Packages + echo "Packages: \n"; + require_once("pkg-utils.inc"); + $installed_packages = PfEnv::get_pkg_info('all', false, true); + print_r($installed_packages); + } + + + private static function get_server_value($maybe_server, $value_key) + { + if (empty($maybe_server)) { + return null; + } + + $raw_value = $maybe_server[$value_key]; + + if (in_array($maybe_server["mode"], ["server_user", "server_tls_user", "server_tls"])) { + return $raw_value == "" ? "server_user_listening" : $raw_value; + } + + if ($maybe_server["mode"] == "p2p_tls") { + // For p2p_tls, ensure we have one client, and return up if it's the case + if ($raw_value == "") { + $has_at_least_one_connection = + is_array($maybe_server["conns"]) && count($maybe_server["conns"]) > 0; + + return $has_at_least_one_connection ? "up" : "down"; + } + } + + return $raw_value; + } + + private static function get_ipsec_status($ike_id, $req_id = -1, $value_key = 'state') + { + + require_once("ipsec.inc"); + $config = PfEnv::cfg(); + PfEnv::init_config_arr(array('ipsec', 'phase1')); + + $a_phase1 = &$config['ipsec']['phase1']; + $conmap = array(); + foreach ($a_phase1 as $ph1ent) { + if (function_exists('get_ipsecifnum')) { + if (PfEnv::get_ipsecifnum($ph1ent['ikeid'], 0)) { + $cname = "con" . PfEnv::get_ipsecifnum($ph1ent['ikeid'], 0); + } else { + $cname = "con{$ph1ent['ikeid']}00000"; + } + } else { + $cname = ipsec_conid($ph1ent); + } + $conmap[$cname] = $ph1ent['ikeid']; + } + + $status = PfEnv::ipsec_list_sa(); + $ipsecconnected = array(); + + $carp_status = self::pfz_carp_status(false); + + //Phase-Status match borrowed from status_ipsec.php + if (is_array($status)) { + foreach ($status as $l_ikeid => $ikesa) { + + if (isset($ikesa['con-id'])) { + $con_id = substr($ikesa['con-id'], 3); + } else { + $con_id = filter_var($ike_id, FILTER_SANITIZE_NUMBER_INT); + } + $con_name = "con" . $con_id; + if ($ikesa['version'] == 1) { + $ph1idx = $conmap[$con_name]; + $ipsecconnected[$ph1idx] = $ph1idx; + } else { + if (!PfEnv::ipsec_ikeid_used($con_id)) { + // probably a v2 with split connection then + $ph1idx = $conmap[$con_name]; + $ipsecconnected[$ph1idx] = $ph1idx; + } else { + $ipsecconnected[$con_id] = $ph1idx = $con_id; + } + } + if ($ph1idx == $ike_id) { + if ($req_id != -1) { + // Asking for Phase2 Status Value + foreach ($ikesa['child-sas'] as $childsas) { + if ($childsas['reqid'] == $req_id) { + if (strtolower($childsas['state']) == 'rekeyed') { + //if state is rekeyed go on + $tmp_value = $childsas[$value_key]; + } else { + $tmp_value = $childsas[$value_key]; + break; + } + } + } + } else { + $tmp_value = $ikesa[$value_key]; + } + + break; + } + } + } + + if ($value_key == "state") { + $v = self::pfz_value_mapping('ipsec.state', strtolower($tmp_value)); + + return ($carp_status != 0) ? $v + (10 * ($carp_status - 1)) : $v; + } + + return $tmp_value; + } + // DHCP Checks (copy of status_dhcp_leases.php, waiting for pfsense 2.5) - public static function pfz_remove_duplicate($array, $field) + private static function remove_duplicates($array, $field): array { foreach ($array as $sub) { $cmp[] = $sub[$field]; @@ -1092,7 +1206,7 @@ class PfzCommands } // Get DHCP Arrays (copied from status_dhcp_leases.php, waiting for pfsense 2.5, in order to use system_get_dhcpleases();) - public static function pfz_dhcp_get($value_key) + private static function get_dhcp($value_key) { @@ -1226,11 +1340,11 @@ class PfzCommands } /* remove duplicate items by mac address */ if (count($leases) > 0) { - $leases = self::pfz_remove_duplicate($leases, "ip"); + $leases = self::remove_duplicates($leases, "ip"); } if (count($pools) > 0) { - $pools = self::pfz_remove_duplicate($pools, "name"); + $pools = self::remove_duplicates($pools, "name"); asort($pools); } @@ -1248,37 +1362,17 @@ class PfzCommands } - // Gateway Discovery - public static function pfz_gw_rawstatus() - { - echo implode(",", - array_map( - fn($gw) => sprintf("%s.%s", $gw['name'], $gw['status']), - PfEnv::return_gateways_status(true))); - } - - public static function pfz_dhcp_check_failover() + private static function check_dhcp_failover() { // Check DHCP Failover Status // Returns number of failover pools which state is not normal or // different than peer state - $failover = self::pfz_dhcp_get("failover"); + $failover = self::get_dhcp("failover"); return count(array_filter($failover, fn($f) => ($f["mystate"] != "normal") || ($f["mystate"] != $f["peerstate"]))); } - public static function pfz_dhcp($section, $value_key = "") - { - $is_known_section = array_key_exists($section, DHCP_SECTIONS); - if (!$is_known_section) { - return; - } - - DHCP_SECTIONS[$section](); - } - - // Packages - public static function pfz_packages_uptodate() + private static function get_outdated_packages() { require_once("pkg-utils.inc"); $installed_packages = PfEnv::get_pkg_info("all", false, true); @@ -1289,80 +1383,6 @@ class PfzCommands fn($p) => $p["version"] != $p["installed_version"])); } - // System Information - public static function pfz_get_system_value($section) - { - if ($section === "packages_update") { - echo self::pfz_packages_uptodate(); - return; - } - - $system_pkg_version = PfEnv::get_system_pkg_version(); - $version = $system_pkg_version["version"]; - $installed_version = $system_pkg_version["installed_version"]; - - if ($section === "new_version_available") { - echo Util::b2int($version != $installed_version); - return; - } - - if (array_key_exists($section, $system_pkg_version)) { - echo $system_pkg_version[$section]; - } - } - - // S.M.A.R.T Status - // Taken from /usr/local/www/widgets/widgets/smart_status.widget.php - public static function pfz_get_smart_status() - { - foreach (PfEnv::get_smart_drive_list() as $dev) { ## for each found drive do - $dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit} -/^SMART Health Status/ {print $2;exit}'")); ## get SMART state from drive - $is_known_state = array_key_exists($dev_state, SMART_DEV_STATUS); - if (!$is_known_state) { - return SMART_ERROR; // ED This is probably a bug, status should be echoed - } - - $status = SMART_DEV_STATUS[$dev_state]; - if ($status !== SMART_OK) { - return $status; // ED This is probably a bug, status should be echoed - } - } - - echo SMART_OK; - } - - // Certificats validity date - public static function pfz_get_cert_date($value_key) - { - $config = PfEnv::cfg(); - - $value = 0; - foreach (array("cert", "ca") as $cert_type) { - switch ($value_key) { - case "validFrom.max": - foreach ($config[$cert_type] as $cert) { - $certinfo = openssl_x509_parse(base64_decode($cert[PfEnv::CRT])); - if ($value == 0 or $value < $certinfo['validFrom_time_t']) $value = $certinfo['validFrom_time_t']; - } - break; - case "validTo.min": - foreach ($config[$cert_type] as $cert) { - $certinfo = openssl_x509_parse(base64_decode($cert[PfEnv::CRT])); - if ($value == 0 or $value > $certinfo['validTo_time_t']) $value = $certinfo['validTo_time_t']; - } - break; - } - } - echo $value; - } - - // File is present - public static function pfz_file_exists($filename) - { - echo Util::b2int(file_exists($filename)); - } - // Value mappings // Each value map is represented by an associative array public static function pfz_value_mapping($value_name, $value, $default_value = "0") @@ -1383,15 +1403,7 @@ class PfzCommands return $is_value_with_known_mapping ? $value_mapping[$value] : $default_value; } - public static function pfz_discovery($section) - { - $is_known_section = in_array(strtolower($section), DISCOVERY_SECTION_HANDLERS); - if (!$is_known_section) { - return; - } - DISCOVERY_SECTION_HANDLERS[$section](); - } } function build_method_lookup(string $clazz): array