pfrest
diff --git a/‎docs/documentation.json‎
Lines changed: 216 additions & 0 deletions b/‎docs/documentation.json‎
Lines changed: 216 additions & 0 deletions
diff --git a/‎pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc‎
Lines changed: 2 additions & 2 deletions b/‎pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdRead.inc‎
Lines changed: 3 additions & 1 deletion b/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdRead.inc‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdTimeServerCreate.inc‎
Lines changed: 2 additions & 2 deletions b/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdTimeServerCreate.inc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdUpdate.inc‎
Lines changed: 48 additions & 14 deletions b/‎pfSense-pkg-API/files/etc/inc/api/models/APIServicesNTPdUpdate.inc‎
Lines changed: 48 additions & 14 deletions
@@ -7404,6 +7404,105 @@
 				{
 					"name": "NTPD",
 					"item": [
+						{
+							"name": "TIME_SERVER",
+							"item": [
+								{
+									"name": "Create NTPd Time Server",
+									"request": {
+										"method": "POST",
+										"header": [],
+										"body": {
+											"mode": "raw",
+											"raw": "{\n    \"timeserver\": \"ntp.pool.org\", \n    \"ispool\": true, \n    \"prefer\": true, \n    \"noselect\": false\n}",
+											"options": {
+												"raw": {
+													"language": "json"
+												}
+											}
+										},
+										"url": {
+											"raw": "https://{{$hostname}}/api/v1/services/ntpd/time_server?timeserver=string&ispool=boolean&noselect=boolean&prefer=boolean",
+											"protocol": "https",
+											"host": [
+												"{{$hostname}}"
+											],
+											"path": [
+												"api",
+												"v1",
+												"services",
+												"ntpd",
+												"time_server"
+											],
+											"query": [
+												{
+													"key": "timeserver",
+													"value": "string",
+													"description": "Specify the IP or hostname of the NTP time server to add."
+												},
+												{
+													"key": "ispool",
+													"value": "boolean",
+													"description": "Specify whether or not this time server represents an NTP server pool or a single NTP server. "
+												},
+												{
+													"key": "noselect",
+													"value": "boolean",
+													"description": "Enable or disable this NTP time server from selection. If `true`, the time server will be eligible for selection. If `false, the NTP server will remain In the configuration but not used."
+												},
+												{
+													"key": "prefer",
+													"value": "boolean",
+													"description": "Enable or disable this NTP time server as a preferred NTP time server. If `true`, this time server will take preference over other time servers."
+												}
+											]
+										},
+										"description": "Add a new NTP time server to the NTPd configuration.<br><br>\n\n_Requires at least one of the following privileges:_ [`page-all`, `page-services-ntpd`]"
+									},
+									"response": []
+								},
+								{
+									"name": "Delete NTPd Time Server",
+									"request": {
+										"method": "DELETE",
+										"header": [],
+										"body": {
+											"mode": "raw",
+											"raw": "{\n    \"timeserver\": \"ntp.pool.org\"\n}",
+											"options": {
+												"raw": {
+													"language": "json"
+												}
+											}
+										},
+										"url": {
+											"raw": "https://{{$hostname}}/api/v1/services/ntpd/time_server?timeserver=string",
+											"protocol": "https",
+											"host": [
+												"{{$hostname}}"
+											],
+											"path": [
+												"api",
+												"v1",
+												"services",
+												"ntpd",
+												"time_server"
+											],
+											"query": [
+												{
+													"key": "timeserver",
+													"value": "string",
+													"description": "Specify the IP or hostname of the NTP time server to delete. If more than one time server exists with this value, only the first match will be deleted. In the case that all time servers were deleted, the default time server `pool.ntp.org` will be written."
+												}
+											]
+										},
+										"description": "Delete an existing NTP time server from the NTPd configuration.<br><br>\n\n_Requires at least one of the following privileges:_ [`page-all`, `page-services-ntpd`]"
+									},
+									"response": []
+								}
+							],
+							"description": "API endpoints that create, read, update and delete NTPd configuration."
+						},
 						{
 							"name": "Start NTPd Service",
 							"request": {
@@ -7436,6 +7535,123 @@
 							},
 							"response": []
 						},
+						{
+							"name": "Read NTPd Service",
+							"protocolProfileBehavior": {
+								"disableBodyPruning": true
+							},
+							"request": {
+								"method": "GET",
+								"header": [],
+								"body": {
+									"mode": "raw",
+									"raw": "{\n    \n}",
+									"options": {
+										"raw": {
+											"language": "json"
+										}
+									}
+								},
+								"url": {
+									"raw": "https://{{$hostname}}/api/v1/services/ntpd",
+									"protocol": "https",
+									"host": [
+										"{{$hostname}}"
+									],
+									"path": [
+										"api",
+										"v1",
+										"services",
+										"ntpd"
+									]
+								},
+								"description": "Read the ntpd service configuration.<br><br>\n\n_Requires at least one of the following privileges:_ [`page-all`, `page-services-ntpd`]"
+							},
+							"response": []
+						},
+						{
+							"name": "Update NTPd Service",
+							"request": {
+								"method": "PUT",
+								"header": [],
+								"body": {
+									"mode": "raw",
+									"raw": "{\n    \"interface\": [\"WAN\", \"lan\", \"lo0\"],\n    \"orphan\": 15,\n    \"logpeer\": true,\n    \"logsys\": true,\n    \"clockstats\": true,\n    \"loopstats\": false,\n    \"peerstats\": true,\n    \"statsgraph\": true,\n    \"timeservers\": [\n      {\"timeserver\": \"ntp.pool.org\", \"ispool\": true, \"prefer\": true, \"noselect\": false}\n    ]\n  }",
+									"options": {
+										"raw": {
+											"language": "json"
+										}
+									}
+								},
+								"url": {
+									"raw": "https://{{$hostname}}/api/v1/services/ntpd?interface=array&time_servers=array&orphan=integer&leapsec=string&statsgraph=boolean&logpeer=boolean&logsys=boolean&clockstats=boolean&loopstats=boolean&peerstats=boolean",
+									"protocol": "https",
+									"host": [
+										"{{$hostname}}"
+									],
+									"path": [
+										"api",
+										"v1",
+										"services",
+										"ntpd"
+									],
+									"query": [
+										{
+											"key": "interface",
+											"value": "array",
+											"description": "Update the Interfaces NTPd will listen on. This must be an array of strings. You may specify either the physical Interface ID, the pfSense Interface ID or the descriptive Interface name. To match any Interface, simply pass In an empty array. e.g. `[\"wan\", \"em1\", \"lo0\", \"LAN\"]` (optional)"
+										},
+										{
+											"key": "time_servers",
+											"value": "array",
+											"description": "Update the time servers used by the system. This must be an array of objects. Each object may use the parameters available In the /api/v1/services/ntpd/time_server endpoint. To revert to the default timeserver, you may pass In an empty array. Specifying this field will overwrite any existing time servers. To simply add or remove time servers, use the /api/v1/services/ntpd/time_server endpoint as it Is less taxing on the system. e.g. `[{\"timeserver\": \"pool.ntp.org\", \"ispool\": true\", \"prefer\": true, \"noselect\": false}]` (optional)"
+										},
+										{
+											"key": "orphan",
+											"value": "integer",
+											"description": "Update the orphan mode value. This must be a value between `1` and `15`. Orphan mode allows the system clock to be used when no other clocks are available. The number here specifies the stratum reported during orphan mode and should normally be set to a number high enough to insure that any other servers available to clients are preferred over this server. (optional)"
+										},
+										{
+											"key": "leapsec",
+											"value": "string",
+											"description": "Update the leap seconds configuration. This should be the contents of the leap seconds file received from the IERS. (optional)"
+										},
+										{
+											"key": "statsgraph",
+											"value": "boolean",
+											"description": "Enable or disable RRD graphs of NTP metrics. (optional)"
+										},
+										{
+											"key": "logpeer",
+											"value": "boolean",
+											"description": "Enable or disable the logging of peer messages. (optional)"
+										},
+										{
+											"key": "logsys",
+											"value": "boolean",
+											"description": "Enable or disable the logging of system messages. (optional)"
+										},
+										{
+											"key": "clockstats",
+											"value": "boolean",
+											"description": "Enable or disable the logging of reference clock statistics. (optional)"
+										},
+										{
+											"key": "loopstats",
+											"value": "boolean",
+											"description": "Enable or disable the logging of clock discipline statistics. (optional)"
+										},
+										{
+											"key": "peerstats",
+											"value": "boolean",
+											"description": "Enable or disable the logging of NTP peer statistics. (optional)"
+										}
+									]
+								},
+								"description": "Update the ntpd service configuration.<br><br>\n\n_Requires at least one of the following privileges:_ [`page-all`, `page-services-ntpd`]"
+							},
+							"response": []
+						},
 						{
 							"name": "Restart NTPd Service",
 							"request": {
 
@@ -542,13 +542,13 @@ function get($id, $data=[], $all=false) {
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "NTPd timeserver must be valid IP address or FQDN"
+            "message" => "NTPd timeserver must be valid IP address or hostname"
         ],
         2050 => [
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Maximum limit of 10 NTPd timeservers has been met"
+            "message" => "Maximum limit of 10 NTPd timeservers exceeded"
         ],
         2051 => [
             "status" => "bad request",
 
@@ -27,7 +27,9 @@ class APIServicesNTPdRead extends APIModel {
     public function action() {
         # Return the current NTP configuration if it exists, otherwise return empty array
         if (isset($this->config["ntpd"])) {
-            return APIResponse\get(0, $this->config["ntpd"]);
+            $data = $this->config["ntpd"];
+            $data["timeservers"] = explode(" ", $this->config["system"]["timeservers"]);
+            return APIResponse\get(0, $data);
         } else {
             return APIResponse\get(0, []);
         }
 
@@ -32,7 +32,7 @@ class APIServicesNTPdTimeServerCreate extends APIModel {
     public function action() {
         # Save our updated configuration. Note this updates configuration in two different places.
         $this->config["ntpd"] = $this->validated_data;
-        $this->config["system"]["timeservers"] = implode(" ", $this->timeservers);
+        $this->config["system"]["timeservers"] = implode(" ", array_filter($this->timeservers));
         $this->write_config();
 
         # Reconfigure NTP to apply the changes then return the response
@@ -62,7 +62,7 @@ class APIServicesNTPdTimeServerCreate extends APIModel {
         # NTP service settings. Do not use the validated_data property to track valid timeserver input.
         if (isset($this->initial_data["timeserver"])) {
             # Ensure the value is a valid IP address or hostname
-            if (is_ipaddr($this->initial_data["timeserver"]) or is_fqdn($this->initial_data["timeserver"])) {
+            if (is_ipaddr($this->initial_data["timeserver"]) or is_hostname($this->initial_data["timeserver"])) {
                 $this->timeservers[] = $this->initial_data['timeserver'];
             } else {
                 $this->errors[] = APIResponse\get(2049);
 
@@ -30,16 +30,21 @@ class APIServicesNTPdUpdate extends APIModel {
         # Save our updated configuration
         $this->config["ntpd"] = $this->validated_data;
         $this->write_config();
+        $this->__validate_timeservers(true);    // Revalidate timeservers. This time create if valid.
 
-        # Apply our change and return the response. Include all configured timeservers from system > timeservers as it
-        # is need to provide the full context of the configuration
+        # Apply our change to the backend
         system_ntp_configure();
+
+        # Update our return values and return the response. Get the updated NTPd configuration and add the timeservers
+        # from system > timeservers to provide full context of the NTP configuration.
+        $this->validated_data = $this->config["ntpd"];
         $this->validated_data["timeservers"] = explode(" ", $this->config["system"]["timeservers"]);;
         return APIResponse\get(0, $this->validated_data);
     }
 
     public function validate_payload() {
         $this->__validate_interface();
+        $this->__validate_timeservers();
         $this->__validate_orphan();
         $this->__validate_logsys();
         $this->__validate_logpeer();
@@ -73,22 +78,43 @@ class APIServicesNTPdUpdate extends APIModel {
         }
     }
 
-    private function __validate_timeservers() {
+    private function __validate_timeservers($create=false) {
         # Check for our optional 'timeservers' payload value
         if (isset($this->initial_data["timeservers"])) {
-            # Loop through each requested timeserver and ensure it is valid
-            foreach ($this->initial_data["timeservers"] as $timeserver) {
-                # Use the APIServicesNTPdTimeServerCreate model to validate each requested time server. This essentially
-                # creates a nested/internal API call to validate/create NTPd timeservers
-                $cts = new APIServicesNTPdTimeServerCreate();
-                $cts->initial_data = $timeserver;
-                $cts->validate_payload();
-
-                # If errors were encountered while validating the payload, save those errors to this models error field
-                if (!empty($cts->errors)) {
-                    $this->errors = $this->errors + $cts->errors;
+            # Only proceed if 10 or less timeservers were specified.
+            if (is_array($this->initial_data["timeservers"]) and count($this->initial_data["timeservers"]) <= 10) {
+                # Assume default if empty array was passed in
+                if (empty($this->initial_data["timeservers"])) {
+                    $this->initial_data["timeservers"][] = ["timeserver"=>"pool.ntp.org", "ispool"=>true];
+                }
+
+                # Unset all existing timeservers.
+                unset($this->config["system"]["timeservers"]);
+                unset($this->config["ntpd"]["ispool"]);
+                unset($this->config["ntpd"]["noselect"]);
+                unset($this->config["ntpd"]["prefer"]);
+
+                # Loop through each requested timeserver and ensure it is valid
+                foreach ($this->initial_data["timeservers"] as $timeserver) {
+                    # Use the APIServicesNTPdTimeServerCreate model to validate each requested time server. This
+                    # essentiall creates a nested/internal API call to validate/create NTPd timeservers
+                    $cts = new APIServicesNTPdTimeServerCreate();
+                    $cts->initial_data = $timeserver;
+                    $cts->validate_payload();
+
+                    # If errors were encountered validating the payload, save those errors to this models error field
+                    if (!empty($cts->errors)) {
+                        $this->errors = $this->errors + $cts->errors;
+                    } # Otherwise, if our created parameter is true, create this timeserver after validation
+                    elseif ($create === true) {
+                        $cts->action();
+                    }
                 }
             }
+            # If our limit was exceeded return an error
+            else {
+                $this->errors[] = APIResponse\get(2050);
+            }
         }
     }
 
@@ -180,4 +206,12 @@ class APIServicesNTPdUpdate extends APIModel {
 
         return $if_list;
     }
+
+    # Private method to create the validated timeservers
+    private function __create_timeservers() {
+        # Only proceed if timeservers were requested and no errors were found
+        if (isset($this->initial_data["timeservers"]) and empty($this->create_timeserver->errors)) {
+            $this->create_timeserver->action();
+        }
+    }
 }