diff options
author | Alexander Wilke <nachtfalkeaw@web.de> | 2012-02-21 00:46:42 +0100 |
---|---|---|
committer | Alexander Wilke <nachtfalkeaw@web.de> | 2012-02-21 00:46:42 +0100 |
commit | 219424fbe4fd9d45d8a89981578db3ea18ae57ac (patch) | |
tree | e7d2430a0bfd0be2b610a5033356d0d24c6b0a65 /config/freeradius2 | |
parent | a2c86c6b8e7c7ebef9fa22eb46264f1dcf511734 (diff) | |
download | pfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.tar.gz pfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.tar.bz2 pfsense-packages-219424fbe4fd9d45d8a89981578db3ea18ae57ac.zip |
- some checks if we really need to download some files
- make parts of writeable (certs) so that it can be used on embedded systems
Diffstat (limited to 'config/freeradius2')
-rw-r--r-- | config/freeradius2/freeradius.inc | 91 |
1 files changed, 43 insertions, 48 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index dbfee18a..ac65ed88 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -56,26 +56,15 @@ function freeradius_deinstall_command() { function freeradius_install_command() { global $config; conf_mount_rw(); - /* - $handle = opendir(RADDB); - while (false != ($file = readdir($handle))) { - if (false != ($pos = strpos($file, '.sample'))) { - $newfile = substr($file, 0, $pos); - if (copy(RADDB . "/$file", RADDB . "/$newfile")) - unlink(RADDB . "/$file"); - } - } - closedir($handle); - */ // We create here different folders for different counters. - exec("chown -R root:wheel /usr/local/etc/raddb"); + if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); } + if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); } + exec("mkdir /usr/local/etc/raddb/scripts"); - exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12"); - exec("touch /var/log/radutmp && touch /var/log/radwtmp"); - exec("mkdir /var/log/radacct/datacounter/daily" && "mkdir /var/log/radacct/datacounter/weekly" && "mkdir /var/log/radacct/datacounter/monthly" && "mkdir /var/log/radacct/datacounter/forever"); - exec("mkdir /var/log/radacct/timecounter"); - exec("chown -R root:wheel /var/log"); + if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } + if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } + exec("chown -R root:wheel /usr/local/etc/raddb && chown -R root:wheel /usr/local/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct"); // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) { @@ -94,37 +83,38 @@ function freeradius_install_command() { if (file_exists("/usr/local/etc/raddb/sites-enabled/inner-tunnel")) { unlink("/usr/local/etc/raddb/sites-enabled/inner-tunnel"); } // We need some additional files in /usr/local/lib for the LDAP module. We fetch these files dependent on the architecture. - // For i386 systems - if (exec("uname -m") == "i386") { - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10"); - exec("chmod 0755 /usr/local/lib/libasn1.so.10"); - exec("chmod 0755 /usr/local/lib/libgssapi.so.10"); - exec("chmod 0755 /usr/local/lib/libheimntlm.so.10"); - exec("chmod 0755 /usr/local/lib/libhx509.so.10"); - exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10"); - exec("chmod 0755 /usr/local/lib/libroken.so.10"); - } - // For amd64 systems - else { - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10"); - exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10"); - exec("chmod 0755 /usr/local/lib/libasn1.so.10"); - exec("chmod 0755 /usr/local/lib/libgssapi.so.10"); - exec("chmod 0755 /usr/local/lib/libheimntlm.so.10"); - exec("chmod 0755 /usr/local/lib/libhx509.so.10"); - exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10"); - exec("chmod 0755 /usr/local/lib/libroken.so.10"); + if (!file_exists("/usr/local/lib/libasn1.so.10") || !file_exists("/usr/local/lib/libgssapi.so.10") || !file_exists("/usr/local/lib/libheimntlm.so.10") || !file_exists("/usr/local/lib/libhx509.so.10") || !file_exists("/usr/local/lib/ldd/libkrb5.so.10") || !file_exists("/usr/local/lib/libroken.so.10")) { + // For i386 systems + if (exec("uname -m") == "i386") { + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10"); + exec("chmod 0755 /usr/local/lib/libasn1.so.10"); + exec("chmod 0755 /usr/local/lib/libgssapi.so.10"); + exec("chmod 0755 /usr/local/lib/libheimntlm.so.10"); + exec("chmod 0755 /usr/local/lib/libhx509.so.10"); + exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10"); + exec("chmod 0755 /usr/local/lib/libroken.so.10"); + } + // For amd64 systems + else { + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10"); + exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10"); + exec("chmod 0755 /usr/local/lib/libasn1.so.10"); + exec("chmod 0755 /usr/local/lib/libgssapi.so.10"); + exec("chmod 0755 /usr/local/lib/libheimntlm.so.10"); + exec("chmod 0755 /usr/local/lib/libhx509.so.10"); + exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10"); + exec("chmod 0755 /usr/local/lib/libroken.so.10"); + } } - // We run this here just to suppress some warnings on syslog if file doesn't exist freeradius_authorizedmacs_resync(); @@ -846,6 +836,8 @@ EOD; function freeradius_eapconf_resync() { global $config; + // We make this write enabled here because embedded systems need to write certs in ../raddb/certs/ folder + conf_mount_rw(); $conf = ''; $eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0]; @@ -1079,7 +1071,6 @@ else { EOD; $filename = RADDB . '/eap.conf'; - conf_mount_rw(); file_put_contents($filename, $conf); chmod($filename, 0640); conf_mount_ro(); @@ -2356,6 +2347,8 @@ EOD; function freeradius_allcertcnf_resync() { global $config; + // We need to make this write enabled for embedded systems to write certs + conf_mount_rw(); // Only proceed these steps if freeRADIUS Cert-Manager is activated. if pfSense cert manager is used skip this. @@ -2463,6 +2456,8 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') { else { return; } +// Read-only because of embedded systems +conf_mount_r0(); } //end of function // ##### The following part is based on the code of pfblocker ##### |