aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2/freeradius.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/freeradius2/freeradius.inc')
-rw-r--r--config/freeradius2/freeradius.inc61
1 files changed, 44 insertions, 17 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 38093780..eecfec84 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -5,6 +5,7 @@
freeradius.inc
part of pfSense (http://www.pfSense.com)
Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+ Copyright (C) 2013 Marcello Coutinho
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -47,16 +48,24 @@ require_once("services.inc");
// Check pfSense version
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
-switch ($pfs_version) {
- case "1.2":
- case "2.0":
- define('FREERADIUS_BASE', '/usr/local');
- break;
- default:
- define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m"));
+if ($pfs_version > 2.0){
+ define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m"));
+}
+else{
+ define('FREERADIUS_BASE', '/usr/local');
}
-// End: Check pfSense version
+// Check freeradius lib version
+ $frlib="";
+ $libfiles = scandir(FREERADIUS_BASE . "/lib/");
+ foreach ($libfiles as $libfile){
+ if (preg_match("/freeradius-/",$libfile))
+ $frlib=FREERADIUS_BASE . "/lib/{$libfile}";
+ }
+ if ($frlib == ""){
+ log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_BASE."/lib");
+ }
+
function freeradius_deinstall_command() {
if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`");
@@ -68,7 +77,7 @@ function freeradius_deinstall_command() {
function freeradius_install_command() {
global $config;
conf_mount_rw();
-
+
// put the constant to a variable
$varFREERADIUS_BASE = FREERADIUS_BASE;
@@ -79,7 +88,7 @@ function freeradius_install_command() {
exec("mkdir " . FREERADIUS_BASE . "/etc/raddb/scripts");
if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); }
if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); }
- exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel " . FREERADIUS_BASE . "/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct");
+ exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct");
// creating a backup file of the original policy.conf no matter if user checked this or not
if (!file_exists(FREERADIUS_BASE . "/etc/raddb/policy.conf.backup")) {
@@ -213,7 +222,7 @@ raddbdir = \${sysconfdir}/raddb
radacctdir = \${logdir}/radacct
confdir = \${raddbdir}
run_dir = \${localstatedir}/run
-libdir = \${exec_prefix}/lib/freeradius-2.1.12
+libdir = {$frlib}
pidfile = \${run_dir}/radiusd.pid
db_dir = \${raddbdir}
name = radiusd
@@ -948,12 +957,18 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
if(base64_decode($ca_cert['crt'])) {
+ $crl_cert = lookup_crl($eapconf["ssl_ca_crl"]);
+ if ($crl_cert != false){
+ $crl=base64_decode($crl_cert['text']);
+ $check_crl="check_crl = yes";
+ }
+ else{
+ $check_crl="check_crl = no";
+ }
file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem",
- base64_decode($ca_cert['crt']));
+ base64_decode($ca_cert['crt']). $crl);
$conf['ssl_ca_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem";
}
-
-
$svr_cert = lookup_cert($eapconf["ssl_server_cert"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
@@ -970,7 +985,7 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
$conf['ssl_server_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem";
}
-
+ /* Not needed anymore because pfsense can do this by default
if ($eapconf['vareapconfenableclientp12'] == 'on') {
$svr_cert = lookup_cert($eapconf["ssl_client_cert"]);
if ($svr_cert != false) {
@@ -990,7 +1005,7 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
exec("openssl pkcs12 -export -in " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem -inkey " . FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem -out " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.p12 -passout pass\:");
}
-
+ */
$conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
}
@@ -1055,7 +1070,7 @@ else {
random_file = \${certdir}/random
fragment_size = $vareapconffragmentsize
include_length = $vareapconfincludelength
- # check_crl = yes
+ {$check_crl}
CA_path = \${cadir}
$vareapconfcheckcertissuer
$vareapconfcheckcertcn
@@ -1120,6 +1135,18 @@ function freeradius_get_ca_certs() {
}
// Gets started from freeradiuseapconf.xml
+function freeradius_get_ca_crl() {
+ global $config;
+ $crl_arr = array();
+ $crl_arr[] = array('refid' => 'none', 'descr' => 'none');
+
+ foreach ($config['crl'] as $crl) {
+ $crl_arr[] = array('refid' => $crl['refid'], 'descr' => $crl['descr']);
+ }
+ return $crl_arr;
+}
+
+// Gets started from freeradiuseapconf.xml
function freeradius_get_server_certs() {
global $config;
$cert_arr = array();
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 03:24:46 +0000