aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/freeradius2/freeradius.inc38
-rw-r--r--config/freeradius2/freeradius.xml5
-rw-r--r--pkg_config.8.xml2
-rw-r--r--pkg_config.8.xml.amd642
4 files changed, 30 insertions, 17 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index f3a28e54..9e231722 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -365,11 +365,11 @@ EOD;
conf_mount_ro();
// "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius.
- freeradius_serverdefault_resync();
freeradius_modulescounter_resync();
freeradius_modulesmschap_resync();
freeradius_modulesrealm_resync();
freeradius_plainmacauth_resync();
+
// This is to fix the mysqlclient.so which gets lost after reboot
exec("ldconfig -m /usr/local/lib/mysql");
// Change owner of freeradius created files
@@ -1095,6 +1095,7 @@ EOD;
// We don't need a restart at this time because there are additional changes needed in:
// "freeradius_settings_resync" and "freeradius_serverdefault_resync".
// restart_service('radiusd');
+ freeradius_serverdefault_resync();
freeradius_settings_resync();
}
@@ -2208,6 +2209,12 @@ EOD;
function freeradius_allcertcnf_resync() {
global $config;
+
+
+// Only proceed these steps if freeRADIUS Cert-Manager is activated. if pfSense cert manager is used skip this.
+$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
+if ($eapconf['vareapconfchoosecertmanager'] == '') {
+
$arrcerts = $config['installedpackages']['freeradiuscerts']['config'][0];
@@ -2217,7 +2224,9 @@ function freeradius_allcertcnf_resync() {
// General variables for deleting: CA, Server, Client
$varcertsdeleteall = ($arrcerts['varcertsdeleteall']?$arrcerts['varcertsdeleteall']:'no');
-
+ // If all certs should be deleted, we do not need to delete and recreate client-certs first.
+ if ($arrcerts['varcertsdeleteall'] == 'no') {
+
if ($arrcerts['varcertscreateclient'] == 'yes') {
// delete all old certificates and keys
@@ -2250,18 +2259,19 @@ function freeradius_allcertcnf_resync() {
exec("chmod -R 0600 /usr/local/etc/raddb/certs/");
log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in /usr/local/etc/raddb/certs/client.tar");
}
-
+ }
+ else {
if ($arrcerts['varcertsdeleteall'] == 'yes') {
// delete all old certificates and keys - deletes certs from pfsense cert-manager IN THIS FOLDER, too.
log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in /usr/local/etc/raddb/certs");
- exec("rm -f /usr/local/etc/raddb/certs/*.pem");
- exec("rm -f /usr/local/etc/raddb/certs/*.der");
- exec("rm -f /usr/local/etc/raddb/certs/*.csr");
- exec("rm -f /usr/local/etc/raddb/certs/*.crt");
- exec("rm -f /usr/local/etc/raddb/certs/*.key");
- exec("rm -f /usr/local/etc/raddb/certs/*.p12");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.pem && rm -f /usr/local/etc/raddb/certs/server.pem && rm -f /usr/local/etc/raddb/certs/client.pem");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.der && rm -f /usr/local/etc/raddb/certs/server.der && rm -f /usr/local/etc/raddb/certs/client.der");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.csr && rm -f /usr/local/etc/raddb/certs/server.csr && rm -f /usr/local/etc/raddb/certs/client.csr");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.crt && rm -f /usr/local/etc/raddb/certs/server.crt && rm -f /usr/local/etc/raddb/certs/client.crt");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.key && rm -f /usr/local/etc/raddb/certs/server.key && rm -f /usr/local/etc/raddb/certs/client.key");
+ exec("rm -f /usr/local/etc/raddb/certs/ca.p12 && rm -f /usr/local/etc/raddb/certs/server.p12 && rm -f /usr/local/etc/raddb/certs/client.p12");
exec("rm -f /usr/local/etc/raddb/certs/serial*");
exec("rm -f /usr/local/etc/raddb/certs/index*");
exec("rm -f /usr/local/etc/raddb/certs/dh");
@@ -2296,7 +2306,12 @@ function freeradius_allcertcnf_resync() {
// If there were changes on the certificates we need to restart freeradius
restart_service('radiusd');
}
+ }
+} //end choose pfSense cert-manager
+else {
+ return;
}
+} //end of function
// ##### The following part is based on the code of pfblocker #####
@@ -3302,7 +3317,8 @@ EOD;
// We need to rebuild "freeradius_serverdefault_resync" before restart service
// "freeradius_serverdefault_resync" needs to restart other dependencies so we are pointing directly to "freeradius_settings_resync()"
- freeradius_settings_resync();
+ freeradius_serverdefault_resync();
+ restart_service("radiusd");
}
@@ -3330,6 +3346,8 @@ function freeradius_plainmacauth_resync() {
freeradius_modulesfiles_resync();
freeradius_policyconf_resync();
}
+
+ freeradius_serverdefault_resync();
}
function freeradius_modulesfiles_resync() {
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index aab6e29b..4cee8c98 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -416,11 +416,6 @@
</custom_php_resync_config_command>
<custom_php_install_command>
freeradius_install_command();
- freeradius_clients_resync();
- freeradius_users_resync();
- freeradius_authorizedmacs_resync();
- freeradius_eapconf_resync();
- freeradius_sqlconf_resync();
</custom_php_install_command>
<custom_php_deinstall_command>
freeradius_deinstall_command();
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 066e1dfd..e0104729 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -807,7 +807,7 @@
On pfSense docs there is a how-to which could help you on porting users.]]></descr>
<pkginfolink>http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
<category>System</category>
- <version>2.1.12 pkg v1.5.3</version>
+ <version>2.1.12 pkg v1.5.4</version>
<status>BETA</status>
<required_version>2.0</required_version>
<maintainer>nachtfalkeaw@web.de</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 56afe4e8..60fdcd26 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -853,7 +853,7 @@
On pfSense docs there is a how-to which could help you on porting users.]]></descr>
<pkginfolink>http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink>
<category>System</category>
- <version>2.1.12 pkg v1.5.3</version>
+ <version>2.1.12 pkg v1.5.4</version>
<status>BETA</status>
<required_version>2.0</required_version>
<maintainer>nachtfalkeaw@web.de</maintainer>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 00:16:30 +0000