From 8fccab671fdade6b67cba2b5523ae2591f1d7425 Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Wed, 29 Jan 2014 21:51:33 +0200 Subject: Make sure ACLs are saved correctly --- etc/inc/unbound.inc | 32 +++++++++++++++++++++---- usr/local/www/services_unbound_acls.php | 42 ++++++++++++++++++--------------- 2 files changed, 51 insertions(+), 23 deletions(-) diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 8fcf7b0..008f845 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -133,14 +133,17 @@ EOF; } // Configure static Host entries - $host_entries = unbound_add_host_entries(); + unbound_add_host_entries(); // Configure Domain Overrides - $domain_overrides = unbound_add_domain_overrides(); + unbound_add_domain_overrides(); // Configure Unbound statistics $statistics = unbound_statistics(); + // Configure Unbound access-lists + unbound_acls_config(); + // Add custom Unbound options if ($config['unbound']['custom_options']) { $custom_option = "# Unbound custom option"; @@ -322,8 +325,8 @@ function sync_unbound_service() { function unbound_acl_id_used($id) { global $config; - if (is_array($config['installedpackages']['unboundacls']['config'])) - foreach ($config['installedpackages']['unboundacls']['config'] as & $acls) + if (is_array($config['unbound']['acls'])) + foreach($config['unbound']['acls'] as & $acls) if ($id == $acls['aclid']) return true; @@ -585,4 +588,25 @@ EOF; return $stats; } +// Unbound Access lists +function unbound_acls_config() { + global $config; + + // Configure the ACLs + if (is_array($config['unbound']['acls'])) { + $unboundcfg = ""; + foreach($config['unbound']['acls'] as $unbound_acl) { + $unboundcfg .= "#{$unbound_acl['aclname']}\n"; + foreach($unbound_acl['row'] as $network) { + if ($unbound_acl['aclaction'] == "allow snoop") + $unbound_acl['aclaction'] = "allow_snoop"; + $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; + } + } + // Write out Access list + file_put_contents("{$g['unbound_chroot_path']}/access_lists.conf", $unboundcfg); + } else + return; +} + ?> \ No newline at end of file diff --git a/usr/local/www/services_unbound_acls.php b/usr/local/www/services_unbound_acls.php index 2bf4d53..08393ba 100644 --- a/usr/local/www/services_unbound_acls.php +++ b/usr/local/www/services_unbound_acls.php @@ -97,31 +97,35 @@ if ($_POST) { } if (!$input_errors) { - if ($pconfig['Submit'] == gettext("Save")) { - if (!$a_acls[$id]) - $a_acls[$id]['aclid'] = $id; - - if (isset($id) && $a_acls[$id]) { - $a_acls[$id]['aclid'] = $pconfig['aclid']; - $a_acls[$id]['aclname'] = $pconfig['aclname']; - $a_acls[$id]['aclaction'] = $pconfig['aclaction']; - $a_acls[$id]['description'] = $pconfig['description']; - $a_acls[$id]['row'] = array(); - foreach ($networkacl as $acl) - $a_acls[$id]['row'][] = $acl; - write_config(); - mark_subsystem_dirty("unbound"); - } + $acl_entry = array(); + $acl_entry['aclid'] = $pconfig['aclid']; + $acl_entry['aclname'] = $pconfig['aclname']; + $acl_entry['aclaction'] = $pconfig['aclaction']; + $acl_entry['description'] = $pconfig['description']; + $acl_entry['aclid'] = $pconfig['aclid']; + $acl_entry['row'] = array(); + foreach ($networkacl as $acl) + $acl_entry['row'][] = $acl; + + if (isset($id) && $a_acls[$id]) + $a_acls[$id] = $acl_entry; + else + $a_acls[] = $acl_entry; + + + mark_subsystem_dirty("unbound"); + write_config(); + pfSenseHeader("/services_unbound_acls.php"); exit; } if ($pconfig['apply']) { - clear_subsystem_dirty("unbound"); - $retval = 0; - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + clear_subsystem_dirty("unbound"); + $retval = 0; + $retval = services_unbound_configure(); + $savemsg = get_std_save_message($retval); } } } -- cgit v1.1