aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2/freeradius.inc
diff options
context:
space:
mode:
authorAlexander Wilke <nachtfalkeaw@web.de>2012-02-21 00:46:42 +0100
committerAlexander Wilke <nachtfalkeaw@web.de>2012-02-21 00:46:42 +0100
commit219424fbe4fd9d45d8a89981578db3ea18ae57ac (patch)
treee7d2430a0bfd0be2b610a5033356d0d24c6b0a65 /config/freeradius2/freeradius.inc
parenta2c86c6b8e7c7ebef9fa22eb46264f1dcf511734 (diff)
downloadpfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.tar.gz
pfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.tar.bz2
pfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.zip
- some checks if we really need to download some files
- make parts of writeable (certs) so that it can be used on embedded systems
Diffstat (limited to 'config/freeradius2/freeradius.inc')
-rw-r--r--config/freeradius2/freeradius.inc91
1 files changed, 43 insertions, 48 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index dbfee18a..ac65ed88 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -56,26 +56,15 @@ function freeradius_deinstall_command() {
function freeradius_install_command() {
global $config;
conf_mount_rw();
- /*
- $handle = opendir(RADDB);
- while (false != ($file = readdir($handle))) {
- if (false != ($pos = strpos($file, '.sample'))) {
- $newfile = substr($file, 0, $pos);
- if (copy(RADDB . "/$file", RADDB . "/$newfile"))
- unlink(RADDB . "/$file");
- }
- }
- closedir($handle);
- */
// We create here different folders for different counters.
- exec("chown -R root:wheel /usr/local/etc/raddb");
+ if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); }
+ if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); }
+
exec("mkdir /usr/local/etc/raddb/scripts");
- exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12");
- exec("touch /var/log/radutmp && touch /var/log/radwtmp");
- exec("mkdir /var/log/radacct/datacounter/daily" && "mkdir /var/log/radacct/datacounter/weekly" && "mkdir /var/log/radacct/datacounter/monthly" && "mkdir /var/log/radacct/datacounter/forever");
- exec("mkdir /var/log/radacct/timecounter");
- exec("chown -R root:wheel /var/log");
+ if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); }
+ if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); }
+ exec("chown -R root:wheel /usr/local/etc/raddb && chown -R root:wheel /usr/local/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct");
// creating a backup file of the original policy.conf no matter if user checked this or not
if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) {
@@ -94,37 +83,38 @@ function freeradius_install_command() {
if (file_exists("/usr/local/etc/raddb/sites-enabled/inner-tunnel")) { unlink("/usr/local/etc/raddb/sites-enabled/inner-tunnel"); }
// We need some additional files in /usr/local/lib for the LDAP module. We fetch these files dependent on the architecture.
- // For i386 systems
- if (exec("uname -m") == "i386") {
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10");
- exec("chmod 0755 /usr/local/lib/libasn1.so.10");
- exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
- exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
- exec("chmod 0755 /usr/local/lib/libhx509.so.10");
- exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
- exec("chmod 0755 /usr/local/lib/libroken.so.10");
- }
- // For amd64 systems
- else {
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10");
- exec("chmod 0755 /usr/local/lib/libasn1.so.10");
- exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
- exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
- exec("chmod 0755 /usr/local/lib/libhx509.so.10");
- exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
- exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ if (!file_exists("/usr/local/lib/libasn1.so.10") || !file_exists("/usr/local/lib/libgssapi.so.10") || !file_exists("/usr/local/lib/libheimntlm.so.10") || !file_exists("/usr/local/lib/libhx509.so.10") || !file_exists("/usr/local/lib/ldd/libkrb5.so.10") || !file_exists("/usr/local/lib/libroken.so.10")) {
+ // For i386 systems
+ if (exec("uname -m") == "i386") {
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10");
+ exec("chmod 0755 /usr/local/lib/libasn1.so.10");
+ exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
+ exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
+ exec("chmod 0755 /usr/local/lib/libhx509.so.10");
+ exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
+ exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ }
+ // For amd64 systems
+ else {
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10");
+ exec("chmod 0755 /usr/local/lib/libasn1.so.10");
+ exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
+ exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
+ exec("chmod 0755 /usr/local/lib/libhx509.so.10");
+ exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
+ exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ }
}
-
// We run this here just to suppress some warnings on syslog if file doesn't exist
freeradius_authorizedmacs_resync();
@@ -846,6 +836,8 @@ EOD;
function freeradius_eapconf_resync() {
global $config;
+ // We make this write enabled here because embedded systems need to write certs in ../raddb/certs/ folder
+ conf_mount_rw();
$conf = '';
$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
@@ -1079,7 +1071,6 @@ else {
EOD;
$filename = RADDB . '/eap.conf';
- conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
conf_mount_ro();
@@ -2356,6 +2347,8 @@ EOD;
function freeradius_allcertcnf_resync() {
global $config;
+ // We need to make this write enabled for embedded systems to write certs
+ conf_mount_rw();
// Only proceed these steps if freeRADIUS Cert-Manager is activated. if pfSense cert manager is used skip this.
@@ -2463,6 +2456,8 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
else {
return;
}
+// Read-only because of embedded systems
+conf_mount_r0();
} //end of function
// ##### The following part is based on the code of pfblocker #####