From 7869c580b4c42147bf138b67700e1bada8a7929c Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 11 Jun 2010 15:59:30 -0400
Subject: Properly sync CA/Certs when syncing OpenVPN (might need to be its own
 option, but forced on for OpenVPN). Also adds capability (though not enabled)
 to sync users. That will need more thought. Ticket #645

---
 etc/rc.filter_synchronize | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

(limited to 'etc/rc.filter_synchronize')

diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize
index e29bfb1..0a6cdb8 100755
--- a/etc/rc.filter_synchronize
+++ b/etc/rc.filter_synchronize
@@ -161,10 +161,18 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens
                 /*  we can't use array_intersect_key()
                  *  due to the vip 'special case'
                  */
-                if ($section != 'virtualip')
-                        $xml[$section] = $config_copy[$section];
-                else
-                        $xml[$section] = backup_vip_config_section();
+		switch ($section) {
+			case 'virtualip':
+				$xml[$section] = backup_vip_config_section();
+				break;
+			case 'cert':
+			case 'ca':
+			case 'user':
+				$xml['system'][$section] = $config_copy['system'][$section];
+				break;
+			default:
+				$xml[$section] = $config_copy[$section];
+		}
         }
 
         $params = array(
@@ -257,10 +265,11 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) {
                                 $sections[] = 'load_balancer';
                          if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec']))
                                 $sections[] = 'ipsec';
-                         if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn']))
+                         if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) {
                                 $sections[] = 'openvpn';
-                         if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd']))
-                                $sections[] = 'dhcpd';
+                                $mergesections[] = 'cert';
+                                $mergesections[] = 'ca';
+                         }
                          if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq']))
                                 $sections[] = 'dnsmasq';
                          if ($carp['synchronizeschedules'] != "" and is_array($config['schedules']))
@@ -268,6 +277,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) {
                          if (count($sections) > 0) {
                                 update_filter_reload_status("Signaling CARP reload signal...");
                                 carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port);
+				if (is_array($mergesections))
+					carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section');
                                 $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
 				$params = array(
 					XML_RPC_encode($carp['password'])
-- 
cgit v1.1