diff options
Diffstat (limited to 'config/freeradius2/freeradius.inc')
-rw-r--r-- | config/freeradius2/freeradius.inc | 61 |
1 files changed, 44 insertions, 17 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 38093780..eecfec84 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -5,6 +5,7 @@ freeradius.inc part of pfSense (http://www.pfSense.com) Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de> + Copyright (C) 2013 Marcello Coutinho All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -47,16 +48,24 @@ require_once("services.inc"); // Check pfSense version $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); -switch ($pfs_version) { - case "1.2": - case "2.0": - define('FREERADIUS_BASE', '/usr/local'); - break; - default: - define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m")); +if ($pfs_version > 2.0){ + define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m")); +} +else{ + define('FREERADIUS_BASE', '/usr/local'); } -// End: Check pfSense version +// Check freeradius lib version + $frlib=""; + $libfiles = scandir(FREERADIUS_BASE . "/lib/"); + foreach ($libfiles as $libfile){ + if (preg_match("/freeradius-/",$libfile)) + $frlib=FREERADIUS_BASE . "/lib/{$libfile}"; + } + if ($frlib == ""){ + log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_BASE."/lib"); + } + function freeradius_deinstall_command() { if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`"); @@ -68,7 +77,7 @@ function freeradius_deinstall_command() { function freeradius_install_command() { global $config; conf_mount_rw(); - + // put the constant to a variable $varFREERADIUS_BASE = FREERADIUS_BASE; @@ -79,7 +88,7 @@ function freeradius_install_command() { exec("mkdir " . FREERADIUS_BASE . "/etc/raddb/scripts"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } - exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel " . FREERADIUS_BASE . "/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct"); + exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel {$frlib} && chown -R root:wheel /var/log/radacct"); // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists(FREERADIUS_BASE . "/etc/raddb/policy.conf.backup")) { @@ -213,7 +222,7 @@ raddbdir = \${sysconfdir}/raddb radacctdir = \${logdir}/radacct confdir = \${raddbdir} run_dir = \${localstatedir}/run -libdir = \${exec_prefix}/lib/freeradius-2.1.12 +libdir = {$frlib} pidfile = \${run_dir}/radiusd.pid db_dir = \${raddbdir} name = radiusd @@ -948,12 +957,18 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { if(base64_decode($ca_cert['crt'])) { + $crl_cert = lookup_crl($eapconf["ssl_ca_crl"]); + if ($crl_cert != false){ + $crl=base64_decode($crl_cert['text']); + $check_crl="check_crl = yes"; + } + else{ + $check_crl="check_crl = no"; + } file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem", - base64_decode($ca_cert['crt'])); + base64_decode($ca_cert['crt']). $crl); $conf['ssl_ca_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem"; } - - $svr_cert = lookup_cert($eapconf["ssl_server_cert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { @@ -970,7 +985,7 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { $conf['ssl_server_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem"; } - + /* Not needed anymore because pfsense can do this by default if ($eapconf['vareapconfenableclientp12'] == 'on') { $svr_cert = lookup_cert($eapconf["ssl_client_cert"]); if ($svr_cert != false) { @@ -990,7 +1005,7 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') { exec("openssl pkcs12 -export -in " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem -inkey " . FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem -out " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.p12 -passout pass\:"); } - + */ $conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs'; } @@ -1055,7 +1070,7 @@ else { random_file = \${certdir}/random fragment_size = $vareapconffragmentsize include_length = $vareapconfincludelength - # check_crl = yes + {$check_crl} CA_path = \${cadir} $vareapconfcheckcertissuer $vareapconfcheckcertcn @@ -1120,6 +1135,18 @@ function freeradius_get_ca_certs() { } // Gets started from freeradiuseapconf.xml +function freeradius_get_ca_crl() { + global $config; + $crl_arr = array(); + $crl_arr[] = array('refid' => 'none', 'descr' => 'none'); + + foreach ($config['crl'] as $crl) { + $crl_arr[] = array('refid' => $crl['refid'], 'descr' => $crl['descr']); + } + return $crl_arr; +} + +// Gets started from freeradiuseapconf.xml function freeradius_get_server_certs() { global $config; $cert_arr = array(); |