aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2/freeradius.inc
diff options
context:
space:
mode:
authorAlexander Wilke <nachtfalkeaw@web.de>2011-12-31 14:24:32 +0000
committerAlexander Wilke <nachtfalkeaw@web.de>2011-12-31 14:24:32 +0000
commit1f4bc1be263879aa41e32a6aa576e98f4f4a4223 (patch)
treee1163ab3d67f60e7e7f4a9db294a08085bfcee97 /config/freeradius2/freeradius.inc
parente8d0d126b43ded738cdc9e4a49039ea4f674afff (diff)
downloadpfsense-packages-1f4bc1be263879aa41e32a6aa576e98f4f4a4223.tar.gz
pfsense-packages-1f4bc1be263879aa41e32a6aa576e98f4f4a4223.tar.bz2
pfsense-packages-1f4bc1be263879aa41e32a6aa576e98f4f4a4223.zip
freeradius2 updates: pkg v1.4.0
Diffstat (limited to 'config/freeradius2/freeradius.inc')
-rwxr-xr-xconfig/freeradius2/freeradius.inc34
1 files changed, 25 insertions, 9 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 0b02f176..6b1cfb9d 100755
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -82,7 +82,7 @@ function freeradius_install_command() {
conf_mount_rw();
write_rcfile($rcfile);
conf_mount_ro();
- start_service("freeradius");
+ restart_service("freeradius");
}
function freeradius_settings_resync() {
@@ -297,6 +297,8 @@ EOD;
file_put_contents(RADDB . '/radiusd.conf', $conf);
conf_mount_ro();
+ // "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius.
+ freeradius_serverdefault_resync();
restart_service("freeradius");
}
@@ -488,7 +490,8 @@ function freeradius_eapconf_resync() {
// The filenames of pfsense cert manager are different from freeradius cert manager so it is possible to store both in the same folder at any time.
-// This is for the pfsense cert manager
+// This is for the pfsense cert manager
+// Depends on "freeradius_get_server_certs" and "freeradius_get_ca_certs"
if ($vareapconfchoosecertmanager == 'pfsensecertmgr') {
$ca_cert = lookup_ca($eapconf["ssl_ca_cert"]);
@@ -530,7 +533,9 @@ if ($vareapconfchoosecertmanager == 'pfsensecertmgr') {
$vareapconfprivatekeyfile = 'server_key.pem';
$vareapconfcertificatefile = 'server_cert.pem';
$vareapconfcafile = 'ca_cert.pem';
+
// generate new DH and RANDOM file
+ log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in /usr/local/etc/raddb/certs");
exec("cd /usr/local/etc/raddb/certs && openssl dhparam -out dh 1024");
exec("cd /usr/local/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
}
@@ -638,7 +643,7 @@ EOD;
restart_service('freeradius');
}
-
+// Gets started from freeradiuseapconf.xml
function freeradius_get_ca_certs() {
global $config;
$ca_arr = array();
@@ -650,6 +655,7 @@ function freeradius_get_ca_certs() {
return $ca_arr;
}
+// Gets started from freeradiuseapconf.xml
function freeradius_get_server_certs() {
global $config;
$cert_arr = array();
@@ -734,8 +740,11 @@ EOD;
file_put_contents($filename, $conf);
chmod($filename, 0600);
conf_mount_ro();
-
- restart_service('freeradius');
+
+ // We don't need a restart at this time because there are additional changes needed in:
+ // "freeradius_settings_resync" and "freeradius_serverdefault_resync".
+ // restart_service('freeradius');
+ freeradius_settings_resync();
}
function freeradius_serverdefault_resync() {
@@ -1434,8 +1443,9 @@ EOD;
file_put_contents($filename, $conf);
chmod($filename, 0600);
conf_mount_ro();
-
- restart_service('freeradius');
+
+ // No need to restart here because the restart of the service will be done in "freeradius_settings_resync"
+ // restart_service('freeradius');
}
function freeradius_cacertcnf_resync() {
@@ -1719,9 +1729,11 @@ function freeradius_allcertcnf_resync() {
if ($arrcerts['varcertscreateclient'] == 'yes') {
// delete all old certificates and keys
+ log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in /usr/local/etc/raddb/certs");
exec("rm -f /usr/local/etc/raddb/certs/client.csr");
exec("rm -f /usr/local/etc/raddb/certs/client.crt");
exec("rm -f /usr/local/etc/raddb/certs/client.key");
+ exec("rm -f /usr/local/etc/raddb/certs/client.pem");
exec("rm -f /usr/local/etc/raddb/certs/client.tar");
@@ -1744,12 +1756,14 @@ function freeradius_allcertcnf_resync() {
// Make all files in certs folder read/write only for root
exec("chmod -R 0600 /usr/local/etc/raddb/certs/");
+ log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in /usr/local/etc/raddb/certs/client.tar");
}
if ($arrcerts['varcertsdeleteall'] == 'yes') {
// delete all old certificates and keys - deletes certs from pfsense cert-manager IN THIS FOLDER, too.
+ log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in /usr/local/etc/raddb/certs");
exec("rm -f /usr/local/etc/raddb/certs/*.pem");
exec("rm -f /usr/local/etc/raddb/certs/*.der");
exec("rm -f /usr/local/etc/raddb/certs/*.csr");
@@ -1769,10 +1783,11 @@ function freeradius_allcertcnf_resync() {
freeradius_clientcertcnf_resync();
// generate new DH and RANDOM file
+ log_error("freeRADIUS: Creating new DH and random file in /usr/local/etc/raddb/certs");
exec("cd /usr/local/etc/raddb/certs && openssl dhparam -out dh 1024");
exec("cd /usr/local/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
-
+ log_error("freeRADIUS: Creating new CA, Server and Client certs in /usr/local/etc/raddb/certs");
// make bootstrap executable and run to create certs based on .cnf files
exec("chmod 0770 /usr/local/etc/raddb/certs/bootstrap");
exec("/usr/local/etc/raddb/certs/bootstrap");
@@ -1784,7 +1799,8 @@ function freeradius_allcertcnf_resync() {
// tar client-cert files
exec("cd /usr/local/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
exec("chmod -R 0600 /usr/local/etc/raddb/certs/");
-
+ log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in /usr/local/etc/raddb/certs/client.tar");
+
// If there were changes on the certificates we need to restart freeradius
restart_service('freeradius');
}