Configure pfSense through xml/rpc



  • Hi,

    after some search and tries, i am on my way to try to configure pfSense - well, Squidguard, exactly - through XML/RPC. My goal is to provide 'normal' users with a simple interface to configure internet access for groups of computers. I started my search in this post (16399, http://forum.pfsense.org/index.php/topic,16399.0.html ), then recently found some topics about XML/RPC.

    I did some tries which worked with the pfsense.php_eval function.

    Ive got some questions.

    I am first bothered by the fact that I have to send the admin credentials in plain text over the network (currently using http:80). Is there a particular reason why the password is not crypt()ed on client side of the rpc, and compared to the crypt()ed passwd on server? Would I break something if I would modify the xmlrpc_auth() in this respect?

    Then: I plan to have the simple interface on another server, which authenticates users through PHP against an LDAP-Server. When allowed, a webgui allows users to configure access for a group of computer (classroom). Upon validation, the change request is sent to the pfsense server through XML/RPC. Is this approach ok, I mean, feasible and secure?

    I'm still not clear, which rpc function I'll have to call. backup/restore_config? exec_shell? exec_php? a new, written by me? If you've any clue, i would be glad…

    Thanks in advance,

    Jean-Marie.


Locked