diff options
| author | jim-p <jimp@pfsense.org> | 2010-06-11 15:59:30 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-06-11 16:01:10 -0400 |
| commit | 7869c580b4c42147bf138b67700e1bada8a7929c (patch) | |
| tree | 50160b2b230024c3a6788479d2333dc17eb6b53e /etc | |
| parent | c3fef0c9b4635323f6047ea213640363bcb5cf2e (diff) | |
| download | pfsense-7869c580b4c42147bf138b67700e1bada8a7929c.zip pfsense-7869c580b4c42147bf138b67700e1bada8a7929c.tar.gz | |
Properly sync CA/Certs when syncing OpenVPN (might need to be its own option, but forced on for OpenVPN). Also adds capability (though not enabled) to sync users. That will need more thought. Ticket #645
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.filter_synchronize | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index e29bfb1..0a6cdb8 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -161,10 +161,18 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens /* we can't use array_intersect_key() * due to the vip 'special case' */ - if ($section != 'virtualip') - $xml[$section] = $config_copy[$section]; - else - $xml[$section] = backup_vip_config_section(); + switch ($section) { + case 'virtualip': + $xml[$section] = backup_vip_config_section(); + break; + case 'cert': + case 'ca': + case 'user': + $xml['system'][$section] = $config_copy['system'][$section]; + break; + default: + $xml[$section] = $config_copy[$section]; + } } $params = array( @@ -257,10 +265,11 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $sections[] = 'load_balancer'; if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) $sections[] = 'ipsec'; - if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) + if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) { $sections[] = 'openvpn'; - if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) - $sections[] = 'dhcpd'; + $mergesections[] = 'cert'; + $mergesections[] = 'ca'; + } if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) $sections[] = 'dnsmasq'; if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) @@ -268,6 +277,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if (count($sections) > 0) { update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + if (is_array($mergesections)) + carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) |
