diff options
author | Jim P <jim@pingle.org> | 2011-12-22 15:42:52 -0800 |
---|---|---|
committer | Jim P <jim@pingle.org> | 2011-12-22 15:42:52 -0800 |
commit | 19bfae2e3084c99657e09d9d79c35a4737321783 (patch) | |
tree | 53a10580a420bf24b0b1843b9a4f0f76e84af417 /config/freeradius2/freeradius.inc | |
parent | b8dde24254b9093b679a90f3470fce1fada69c89 (diff) | |
parent | 32fd2a716b6619debba6b6a5e5775f71b7432449 (diff) | |
download | pfsense-packages-19bfae2e3084c99657e09d9d79c35a4737321783.tar.gz pfsense-packages-19bfae2e3084c99657e09d9d79c35a4737321783.tar.bz2 pfsense-packages-19bfae2e3084c99657e09d9d79c35a4737321783.zip |
Merge pull request #158 from Nachtfalkeaw/master
Added information on freeradius cert-manager that there are some disava…
Diffstat (limited to 'config/freeradius2/freeradius.inc')
-rwxr-xr-x | config/freeradius2/freeradius.inc | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 28e209b0..5395fdd2 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -1533,7 +1533,7 @@ function freeradius_allcertcnf_resync() { $varcertscreateclient = ($arrcerts['varcertscreateclient']?$arrcerts['varcertscreateclient']:'no'); // General variables for deleting: CA, Server, Client - $varcertsdeleteall = ($arrcerts['varcertsdeleteall']?$arrcerts['varcertsdeleteall']:'yes'); + $varcertsdeleteall = ($arrcerts['varcertsdeleteall']?$arrcerts['varcertsdeleteall']:'no'); if ($arrcerts['varcertscreateclient'] == 'yes') { @@ -1543,8 +1543,8 @@ function freeradius_allcertcnf_resync() { exec("rm -f /usr/local/etc/raddb/certs/client.crt"); exec("rm -f /usr/local/etc/raddb/certs/client.key"); exec("rm -f /usr/local/etc/raddb/certs/client.tar"); - - + + // run fuction to create ONLY new client.cnf files based on user input from freeradiuscert.xml freeradius_clientcertcnf_resync(); @@ -1552,11 +1552,18 @@ function freeradius_allcertcnf_resync() { // make bootstrap executable and run to create cert based on client.cnf files exec("chmod 0770 /usr/local/etc/raddb/certs/bootstrap"); exec("/usr/local/etc/raddb/certs/bootstrap"); - - // make bootstrap read-write only for root - exec("chmod 0600 /usr/local/etc/raddb/certs/bootstrap"); - exec("cd /usr/local/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der"); - exec("chmod 0600 /usr/local/etc/raddb/certs/client.tar"); + + // rename client generated XX.pem to client.pem // use regex to replace spaces and so on. + $varserial = preg_replace("/\s/","",file_get_contents('/usr/local/etc/raddb/certs/serial.old')); + if (file_exists("/usr/local/etc/raddb/certs/$varserial.pem")) + rename("/usr/local/etc/raddb/certs/$varserial.pem","/usr/local/etc/raddb/certs/client.pem"); + + + // tar client-cert files + exec("cd /usr/local/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); + + // Make all files in certs folder re-only for root + exec("chmod -R 0600 /usr/local/etc/raddb/certs/"); } @@ -1570,8 +1577,11 @@ function freeradius_allcertcnf_resync() { exec("rm -f /usr/local/etc/raddb/certs/*.key"); exec("rm -f /usr/local/etc/raddb/certs/*.p12"); exec("rm -f /usr/local/etc/raddb/certs/serial*"); - exec("rm -f /usr/local/etc/raddb/certs/index.txt*"); + exec("rm -f /usr/local/etc/raddb/certs/index*"); + exec("rm -f /usr/local/etc/raddb/certs/dh"); + exec("rm -f /usr/local/etc/raddb/certs/random"); exec("rm -f /usr/local/etc/raddb/certs/client.tar"); + // run fuctions to create new .cnf files based on user input from freeradiuscert.xml freeradius_cacertcnf_resync(); @@ -1586,11 +1596,14 @@ function freeradius_allcertcnf_resync() { // make bootstrap executable and run to create certs based on .cnf files exec("chmod 0770 /usr/local/etc/raddb/certs/bootstrap"); exec("/usr/local/etc/raddb/certs/bootstrap"); - - // make bootstrap read-write only for root - exec("chmod 0600 /usr/local/etc/raddb/certs/bootstrap"); - exec("cd /usr/local/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der"); - exec("chmod 0600 /usr/local/etc/raddb/certs/client.tar"); + + // rename client generated 02.pem to client.pem + if (file_exists("/usr/local/etc/raddb/certs/02.pem")) + rename("/usr/local/etc/raddb/certs/02.pem","/usr/local/etc/raddb/certs/client.pem"); + + // tar client-cert files + exec("cd /usr/local/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem"); + exec("chmod -R 0600 /usr/local/etc/raddb/certs/"); // If there were changes on the certificates we need to restart freeradius restart_service('freeradius'); |