aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/freeradius2/freeradius.inc122
-rw-r--r--config/freeradius2/freeradiusclients.xml12
-rw-r--r--config/haproxy/haproxy.inc13
-rw-r--r--config/haproxy/haproxy.xml3
-rwxr-xr-xconfig/haproxy/haproxy_global.php2
-rw-r--r--config/mailreport/mail_reports.inc2
-rw-r--r--config/tinydns/tinydns_status.php6
7 files changed, 96 insertions, 64 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index a5f8d15f..ac65ed88 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -56,26 +56,15 @@ function freeradius_deinstall_command() {
function freeradius_install_command() {
global $config;
conf_mount_rw();
- /*
- $handle = opendir(RADDB);
- while (false != ($file = readdir($handle))) {
- if (false != ($pos = strpos($file, '.sample'))) {
- $newfile = substr($file, 0, $pos);
- if (copy(RADDB . "/$file", RADDB . "/$newfile"))
- unlink(RADDB . "/$file");
- }
- }
- closedir($handle);
- */
// We create here different folders for different counters.
- exec("chown -R root:wheel /usr/local/etc/raddb");
+ if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); }
+ if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); }
+
exec("mkdir /usr/local/etc/raddb/scripts");
- exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12");
- exec("touch /var/log/radutmp && touch /var/log/radwtmp");
- exec("mkdir /var/log/radacct/datacounter/daily" && "mkdir /var/log/radacct/datacounter/weekly" && "mkdir /var/log/radacct/datacounter/monthly" && "mkdir /var/log/radacct/datacounter/forever");
- exec("mkdir /var/log/radacct/timecounter");
- exec("chown -R root:wheel /var/log");
+ if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); }
+ if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); }
+ exec("chown -R root:wheel /usr/local/etc/raddb && chown -R root:wheel /usr/local/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct");
// creating a backup file of the original policy.conf no matter if user checked this or not
if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) {
@@ -94,37 +83,38 @@ function freeradius_install_command() {
if (file_exists("/usr/local/etc/raddb/sites-enabled/inner-tunnel")) { unlink("/usr/local/etc/raddb/sites-enabled/inner-tunnel"); }
// We need some additional files in /usr/local/lib for the LDAP module. We fetch these files dependent on the architecture.
- // For i386 systems
- if (exec("uname -m") == "i386") {
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10");
- exec("chmod 0755 /usr/local/lib/libasn1.so.10");
- exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
- exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
- exec("chmod 0755 /usr/local/lib/libhx509.so.10");
- exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
- exec("chmod 0755 /usr/local/lib/libroken.so.10");
- }
- // For amd64 systems
- else {
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10");
- exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10");
- exec("chmod 0755 /usr/local/lib/libasn1.so.10");
- exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
- exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
- exec("chmod 0755 /usr/local/lib/libhx509.so.10");
- exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
- exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ if (!file_exists("/usr/local/lib/libasn1.so.10") || !file_exists("/usr/local/lib/libgssapi.so.10") || !file_exists("/usr/local/lib/libheimntlm.so.10") || !file_exists("/usr/local/lib/libhx509.so.10") || !file_exists("/usr/local/lib/ldd/libkrb5.so.10") || !file_exists("/usr/local/lib/libroken.so.10")) {
+ // For i386 systems
+ if (exec("uname -m") == "i386") {
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libasn1.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libgssapi.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libheimntlm.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libhx509.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libkrb5.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/All/ldd/libroken.so.10");
+ exec("chmod 0755 /usr/local/lib/libasn1.so.10");
+ exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
+ exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
+ exec("chmod 0755 /usr/local/lib/libhx509.so.10");
+ exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
+ exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ }
+ // For amd64 systems
+ else {
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libasn1.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libgssapi.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libheimntlm.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libhx509.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libkrb5.so.10");
+ exec("cd /usr/local/lib/ && fetch http://e-sac.siteseguro.ws/pfsense/8/amd64/All/ldd/libroken.so.10");
+ exec("chmod 0755 /usr/local/lib/libasn1.so.10");
+ exec("chmod 0755 /usr/local/lib/libgssapi.so.10");
+ exec("chmod 0755 /usr/local/lib/libheimntlm.so.10");
+ exec("chmod 0755 /usr/local/lib/libhx509.so.10");
+ exec("chmod 0755 /usr/local/lib/ldd/libkrb5.so.10");
+ exec("chmod 0755 /usr/local/lib/libroken.so.10");
+ }
}
-
// We run this here just to suppress some warnings on syslog if file doesn't exist
freeradius_authorizedmacs_resync();
@@ -789,6 +779,23 @@ function freeradius_clients_resync() {
$varrequiremessageauthenticator = $item['varrequiremessageauthenticator'];
$varclientnastype = $item['varclientnastype'];
$varclientmaxconnections = $item['varclientmaxconnections'];
+ $varclientlogininput = ($item['varclientlogininput']?$item['varclientlogininput']:'### login = !root ###');
+ $varclientpasswordinput = ($item['varclientpasswordinput']?$item['varclientpasswordinput']:'### password = someadminpass ###');
+
+ if ($item['varclientlogininput'] == '') {
+ $varclientlogin = '### login = !root ###';
+ }
+ else {
+ $varclientlogin = "login = $varclientlogininput";
+ }
+ if ($item['varclientpasswordinput'] == '') {
+ $varclientpassword = '### password = someadminpass ###';
+ }
+ else {
+ $varclientpassword = "password = $varclientpasswordinput";
+ }
+
+
$conf .= <<<EOD
client "$varclientshortname" {
@@ -799,10 +806,8 @@ client "$varclientshortname" {
max_connections = $varclientmaxconnections
shortname = $varclientshortname
nastype = $varclientnastype
- #login = !root
- #password = someadminpas
- #virtual_server = home1
- #coa_server = coa
+ $varclientlogin
+ $varclientpassword
}
EOD;
@@ -831,6 +836,8 @@ EOD;
function freeradius_eapconf_resync() {
global $config;
+ // We make this write enabled here because embedded systems need to write certs in ../raddb/certs/ folder
+ conf_mount_rw();
$conf = '';
$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
@@ -1064,7 +1071,6 @@ else {
EOD;
$filename = RADDB . '/eap.conf';
- conf_mount_rw();
file_put_contents($filename, $conf);
chmod($filename, 0640);
conf_mount_ro();
@@ -2341,6 +2347,8 @@ EOD;
function freeradius_allcertcnf_resync() {
global $config;
+ // We need to make this write enabled for embedded systems to write certs
+ conf_mount_rw();
// Only proceed these steps if freeRADIUS Cert-Manager is activated. if pfSense cert manager is used skip this.
@@ -2448,6 +2456,8 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
else {
return;
}
+// Read-only because of embedded systems
+conf_mount_r0();
} //end of function
// ##### The following part is based on the code of pfblocker #####
@@ -3952,12 +3962,8 @@ function freeradius_modulesmotp_resync() {
$conf .= <<<EOD
exec motp {
wait = yes
- program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{User-Name} %{User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
- input_pairs = reply
- #output_pairs = config
- }
-
-
+ program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
+ }
EOD;
$filename = RADDB . '/modules/motp';
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index be066937..2bf24ecc 100644
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -221,6 +221,18 @@
<default_value>16</default_value>
</field>
<field>
+ <fielddescr>NAS Login</fielddescr>
+ <fieldname>varclientlogininput</fieldname>
+ <description><![CDATA[If your NAS supports it you can use SNMP or finger for simultaneous-use checks instead of (s)radutmp file and accounting. Leave empty to choose (s)radutmp. (Default: empty)]]></description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>NAS Password</fielddescr>
+ <fieldname>varclientpasswordinput</fieldname>
+ <description><![CDATA[If your NAS supports it you can use SNMP or finger for simultaneous-use checks instead of (s)radutmp file and accounting. Leave empty to choose (s)radutmp. (Default: empty)]]></description>
+ <type>input</type>
+ </field>
+ <field>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
<description><![CDATA[Enter any description you like for this client.]]></description>
diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc
index 72d9535d..96b57190 100644
--- a/config/haproxy/haproxy.inc
+++ b/config/haproxy/haproxy.inc
@@ -59,7 +59,7 @@ $a_acltypes[] = array('name' => 'source_ip', 'descr' => 'Source IP',
'mode' => '', 'syntax' => 'src');
function haproxy_custom_php_deinstall_command() {
- exec("rm /usr/local/sbin/haproxy");
+ exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`");
exec("rm /usr/local/pkg/haproxy.inc");
exec("rm /usr/local/www/haproxy*");
exec("rm /usr/local/etc/rc.d/haproxy.sh");
@@ -156,6 +156,17 @@ EOD;
fclose($fd);
exec("/etc/rc.d/devd restart");
+ /* Workaround for the old package deleting the binary on unload instead of the package */
+ if (!file_exists("/usr/local/sbin/haproxy")) {
+ if (substr(trim(`uname -r`), 0, 1) == "8") {
+ exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`");
+ if (trim(`uname -m`) == 'i386')
+ exec("pkg_add -r http://e-sac.siteseguro.ws/pfsense/8/All/haproxy-1.4.18.tbz");
+ else
+ exec("pkg_add -r http://e-sac.siteseguro.ws/pfsense/8/amd64/All/haproxy-1.4.18.tbz");
+ }
+ }
+
/* Do XML upgrade from haproxy 0.31 to haproxy-dev */
if (is_array($config['installedpackages']['haproxy']['ha_servers'])) {
/* We have an old config */
diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml
index ee2a2263..0c897dc7 100644
--- a/config/haproxy/haproxy.xml
+++ b/config/haproxy/haproxy.xml
@@ -96,10 +96,13 @@
<custom_php_resync_config_command>
</custom_php_resync_config_command>
<custom_php_install_command>
+ /*
+ included in package install
$freebsdv=trim(`uname -r | cut -d'.' -f1`);
conf_mount_rw();
`fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`;
exec("chmod a+rx /usr/local/sbin/haproxy");
+ */
haproxy_custom_php_install_command();
</custom_php_install_command>
<custom_php_deinstall_command>
diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php
index 1ef28005..340c578b 100755
--- a/config/haproxy/haproxy_global.php
+++ b/config/haproxy/haproxy_global.php
@@ -289,7 +289,7 @@ function enable_change(enable_change) {
foreach($config['virtualip']['vip'] as $carp):
if ($carp['mode'] != "carp") continue;
$ipaddress = $carp['subnet'];
- $carp_int = find_carp_interface($ipaddress);
+ $carp_int = trim(find_carp_interface($ipaddress));
?>
<option value="<?=$carp_int;?>"
<?php if (isset($pconfig['carpdev']) && $carp_int == $pconfig['carpdev']) echo "selected"; ?>>
diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc
index 0460bbc6..48fbc868 100644
--- a/config/mailreport/mail_reports.inc
+++ b/config/mailreport/mail_reports.inc
@@ -195,7 +195,7 @@ function mail_report_send($headertext, $attachments) {
if(is_array($attachments)) {
foreach($attachments as $filename) {
$shortname = basename($filename);
- $mail->AddEmbeddedImage("$filename", $shortname, "$filename");
+ $mail->AddEmbeddedImage($filename, $shortname, $shortname);
$mail->Body .= "<br/><br/>{$shortname}<br/><img src=\"cid:{$shortname}\" />\n";
}
}
diff --git a/config/tinydns/tinydns_status.php b/config/tinydns/tinydns_status.php
index 147001af..3a4b8545 100644
--- a/config/tinydns/tinydns_status.php
+++ b/config/tinydns/tinydns_status.php
@@ -87,8 +87,8 @@ if(strstr($pfSversion, "1.2"))
<?php
$pingdir = return_dir_as_array("/var/db/pingstatus");
-if(file_exists("/service/tinydns/root/data"))
- $tinydns_data = file_get_contents("/service/tinydns/root/data");
+if(file_exists("/var/run/service/tinydns/root/data"))
+ $tinydns_data = file_get_contents("/var/run/service/tinydns/root/data");
else
$tinydns_data = "";
if($config['installedpackages']['tinydnsdomains'])
@@ -146,7 +146,7 @@ foreach($config['installedpackages']['tinydnsdomains']['config'] as $ping) {
echo $ipaddress;
if($row['loadbalance'])
echo " (LB)";
- if(stristr($tinydns_data, "+{$hostname}:{$row['monitorip']}"))
+ if(stristr($tinydns_data, "+{$hostname}:{$row['failoverip']}"))
$inservice = "<FONT COLOR='GREEN'>YES</FONT>";
else
$inservice = "<FONT COLOR='BLUE'>NO</FONT>";