Added API models to update NTP settings, create NTP timeservers, and delete NTP timeservers. Added API endpoints for /api/v1/services/ntpd and /api/v1/services/ntpd/time_server

Author: jaredhendrickson13

pfSense-pkg-API/files/etc/inc/api/endpoints/APIServicesNTPd.inc

@@ -0,0 +1,26 @@
+<?php
+//   Copyright 2021 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIEndpoint.inc");
+
+class APIServicesNTPd extends APIEndpoint {
+    public function __construct() {
+        $this->url = "/api/v1/services/ntpd";
+    }
+
+    protected function get() {
+        return (new APIServicesNTPdRead())->call();
+    }
+}

pfSense-pkg-API/files/etc/inc/api/endpoints/APIServicesNTPdTimeServer.inc

@@ -0,0 +1,30 @@
+<?php
+//   Copyright 2021 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIEndpoint.inc");
+
+class APIServicesNTPdTimeServer extends APIEndpoint {
+    public function __construct() {
+        $this->url = "/api/v1/services/ntpd/time_server";
+    }
+
+    protected function post() {
+        return (new APIServicesNTPdTimeServerCreate())->call();
+    }
+
+    protected function delete() {
+        return (new APIServicesNTPdTimeServerDelete())->call();
+    }
+}

pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc

@@ -520,6 +520,42 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "DHCPd static mapping ID does not exist"
         ],
+        2046 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "NTPd orphan value must be between 1 and 15"
+        ],
+        2047 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Unknown NTPd interface specified"
+        ],
+        2048 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "NTPd timeserver value is required"
+        ],
+        2049 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "NTPd timeserver must be valid IP address or FQDN"
+        ],
+        2050 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Maximum limit of 10 NTPd timeservers has been met"
+        ],
+        2051 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "NTPd timeserver does not exist"
+        ],
 
         // 3000-3999 reserved for /interfaces API calls
         3000 => [
@@ -1744,6 +1780,7 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "Authentication server name already in use"
         ],
+
         //6000-6999 reserved for /routing API calls
         6000 => [
             "status" => "bad request",

pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdRead.inc

@@ -0,0 +1,35 @@
+<?php
+//   Copyright 2021 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+
+class APIServicesNTPdRead extends APIModel {
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->privileges = ["page-all", "page-services-ntpd"];
+    }
+
+    public function action() {
+        # Return the current NTP configuration if it exists, otherwise return empty array
+        if (isset($this->config["ntpd"])) {
+            return APIResponse\get(0, $this->config["ntpd"]);
+        } else {
+            return APIResponse\get(0, []);
+        }
+    }
+}

pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdTimeServerCreate.inc

@@ -0,0 +1,96 @@
+<?php
+//   Copyright 2021 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+
+class APIServicesNTPdTimeServerCreate extends APIModel {
+    public $timeservers;
+
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->privileges = ["page-all", "page-services-ntpd"];
+        $this->change_note = "Added NTP timeserver via API";
+        $this->validated_data = $this->config["ntpd"];
+        $this->timeservers = explode(" ", $this->config["system"]["timeservers"]);
+    }
+
+    public function action() {
+        # Save our updated configuration. Note this updates configuration in two different places.
+        $this->config["ntpd"] = $this->validated_data;
+        $this->config["system"]["timeservers"] = implode(" ", $this->timeservers);
+        $this->write_config();
+
+        # Reconfigure NTP to apply the changes. Since values are stored in two places, simply return the initial data.
+        system_ntp_configure();
+        return APIResponse\get(0, $this->initial_data);
+    }
+
+    public function validate_payload() {
+        $this->__validate_timeserver_limit();
+        $this->__validate_timeserver();
+        $this->__validate_ispool();
+        $this->__validate_noselect();
+        $this->__validate_prefer();
+    }
+
+    private function __validate_timeserver_limit() {
+        # Before adding a new timeserver, ensure we are not already at our maximum limit
+        if (count($this->timeservers) > 10) {
+            $this->errors[] = APIResponse\get(2050);
+        }
+    }
+
+    private function __validate_timeserver() {
+        # Check for our required 'timeserver' payload value
+        # Timeservers must be tracked separately as they are stored under system > timeservers rather than the
+        # NTP service settings. Do not use the validated_data property to track valid timeserver input.
+        if (isset($this->initial_data["timeserver"])) {
+            # Ensure the value is a valid IP address or hostname
+            if (is_ipaddr($this->initial_data["timeserver"]) or is_fqdn($this->initial_data["timeserver"])) {
+                $this->timeservers[] = $this->initial_data['timeserver'];
+            } else {
+                $this->errors[] = APIResponse\get(2049);
+            }
+        } else {
+            $this->errors[] = APIResponse\get(2048);
+        }
+    }
+
+    private function __validate_ispool() {
+        # Check for our optional 'ispool' payload value
+        if ($this->initial_data['ispool'] === true) {
+            $this->validated_data["ispool"] = $this->validated_data["ispool"].$this->initial_data["timeserver"]." ";
+        }
+    }
+
+    private function __validate_noselect() {
+        # Check for our optional 'noselect' payload value
+        if ($this->initial_data['noselect'] === true) {
+            $this->validated_data["noselect"] = $this->validated_data["noselect"].$this->initial_data["timeserver"]." ";
+        }
+    }
+
+    private function __validate_prefer() {
+        # Check for our optional 'prefer' payload value
+        if ($this->initial_data['prefer'] === true) {
+            $this->validated_data["prefer"] = $this->validated_data["prefer"].$this->initial_data["timeserver"]." ";
+        }
+    }
+
+
+}

pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdTimeServerDelete.inc

@@ -0,0 +1,80 @@
+<?php
+//   Copyright 2021 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+
+class APIServicesNTPdTimeServerDelete extends APIModel {
+    public $timeservers;
+
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->privileges = ["page-all", "page-services-ntpd"];
+        $this->change_note = "Deleted NTP timeserver via API";
+        $this->validated_data = $this->config["ntpd"];
+        $this->timeservers = explode(" ", $this->config["system"]["timeservers"]);
+    }
+
+    public function action() {
+        # Save our updated configuration. Note this updates configuration in two different places.
+        $this->config["ntpd"] = $this->validated_data;
+        $this->config["system"]["timeservers"] = implode(" ", $this->timeservers);
+        $this->write_config();
+
+        # Reconfigure NTP to apply the changes. Since values are stored in two places, simply return the initial data.
+        system_ntp_configure();
+        return APIResponse\get(0, $this->initial_data);
+    }
+
+    public function validate_payload() {
+        $this->__validate_timeserver();
+    }
+
+    private function __validate_timeserver() {
+        # Before deleting the timeserver, ensure it exists
+        if (in_array($this->initial_data["timeserver"], $this->timeservers)) {
+            # Remove the timeserver from our system timeservers
+            unset($this->timeservers[array_search($this->initial_data["timeserver"], $this->timeservers)]);
+
+            # Remove the timeserver from the ntpd ispool
+            $ispool_arr = explode(" ", $this->validated_data["ispool"]);
+            if (in_array($this->initial_data["timeserver"], $ispool_arr)) {
+                unset($ispool_arr[array_search($this->initial_data["timeserver"], $ispool_arr)]);
+                $this->validated_data["ispool"] = implode(" ", $ispool_arr);
+            }
+
+            # Remove the timeserver from the ntpd noselect
+            $noselect_arr = explode(" ", $this->validated_data["noselect"]);
+            if (in_array($this->initial_data["timeserver"], $noselect_arr)) {
+                unset($noselect_arr[array_search($this->initial_data["timeserver"], $noselect_arr)]);
+                $this->validated_data["noselect"] = implode(" ", $noselect_arr);
+            }
+
+            # Remove the timeserver from the ntpd prefer
+            $prefer_arr = explode(" ", $this->validated_data["prefer"]);
+            if (in_array($this->initial_data["timeserver"], $prefer_arr)) {
+                unset($prefer_arr[array_search($this->initial_data["timeserver"], $prefer_arr)]);
+                $this->validated_data["prefer"] = implode(" ", $prefer_arr);
+            }
+        }
+        # Otherwise, return error if the request name server does not exist
+        else {
+            $this->errors[] = APIResponse\get(2051);
+        }
+    }
+
+}