diff options
Diffstat (limited to 'config')
-rwxr-xr-x | config/freeradius2/freeradius.inc | 99 | ||||
-rw-r--r-- | config/freeradius2/freeradius.xml | 5 | ||||
-rw-r--r-- | config/freeradius2/freeradiusclients.xml | 4 | ||||
-rw-r--r-- | config/freeradius2/freeradiuseapconf.xml | 14 | ||||
-rw-r--r-- | config/freeradius2/freeradiusinterfaces.xml | 4 | ||||
-rw-r--r-- | config/freeradius2/freeradiussettings.xml | 4 | ||||
-rw-r--r-- | config/freeradius2/freeradiussqlconf.xml | 309 |
7 files changed, 435 insertions, 4 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 38625494..0cf53eb8 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -68,6 +68,13 @@ function freeradius_settings_resync() { $varsettingsmaxspareservers = $varsettings['varsettingsmaxspareservers']; $varsettingsmaxqueuesize = $varsettings['varsettingsmaxqueuesize']; $varsettingsmaxrequestsperserver = $varsettings['varsettingsmaxrequestsperserver']; + + // These lines are uncommented in fuction "freeradius_settings_resync" to INCLUDE / enable eap.conf + $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0]; + $varsqlconfenable = $sqlconf['varsqlconfenable']; + $varsqlconfenablecounter = $sqlconf['varsqlconfenablecounter']; + + $conf = <<<EOD prefix = /usr/local @@ -166,8 +173,19 @@ thread pool { modules { \$INCLUDE \${confdir}/modules/ \$INCLUDE eap.conf - #\$INCLUDE sql.conf + + ### Original line + ### Enable sql.conf INCLUDE + ###\$INCLUDE sql.conf + $varsqlconfenable + + + ### Original line + ### Enable sql/mysql/counter.conf INCLUDE #\$INCLUDE sql/mysql/counter.conf + $varsqlconfenablecounter + + #\$INCLUDE sqlippool.conf } @@ -455,4 +473,83 @@ EOD; restart_service('freeradius'); } + +function freeradius_sqlconf_resync() { + global $config; + $conf = ''; + + $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0]; + + // Variables: SQL + $varsqlconfdatabase = $sqlconf['varsqlconfdatabase']; + $varsqlconfserver = $sqlconf['varsqlconfserver']; + $varsqlconfport = $sqlconf['varsqlconfport']; + $varsqlconflogin = $sqlconf['varsqlconflogin']; + $varsqlconfpassword = $sqlconf['varsqlconfpassword']; + $varsqlconfradiusdb = $sqlconf['varsqlconfradiusdb']; + $varsqlconfaccttable1 = $sqlconf['varsqlconfaccttable1']; + $varsqlconfaccttable2 = $sqlconf['varsqlconfaccttable2']; + $varsqlconfpostauthtable = $sqlconf['varsqlconfpostauthtable']; + $varsqlconfauthchecktable = $sqlconf['varsqlconfauthchecktable']; + $varsqlconfauthreplytable = $sqlconf['varsqlconfauthreplytable']; + $varsqlconfgroupchecktable = $sqlconf['varsqlconfgroupchecktable']; + $varsqlconfgroupreplytable = $sqlconf['varsqlconfgroupreplytable']; + $varsqlconfusergrouptable = $sqlconf['varsqlconfusergrouptable']; + $varsqlconfreadgroups = $sqlconf['varsqlconfreadgroups']; + $varsqlconfdeletestalesessions = $sqlconf['varsqlconfdeletestalesessions']; + $varsqlconfsqltrace = $sqlconf['varsqlconfsqltrace']; + $varsqlconfnumsqlsocks = $sqlconf['varsqlconfnumsqlsocks']; + $varsqlconfconnectfailureretrydelay = $sqlconf['varsqlconfconnectfailureretrydelay']; + $varsqlconflifetime = $sqlconf['varsqlconflifetime']; + $varsqlconfmaxqueries = $sqlconf['varsqlconfmaxqueries']; + $varsqlconfreadclients = $sqlconf['varsqlconfreadclients']; + $varsqlconfnastable = $sqlconf['varsqlconfnastable']; + + // These lines are uncommented in fuction "freeradius_settings_resync" to INCLUDE / enable eap.conf + // $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0]; + // $varsqlconfenable = $sqlconf['varsqlconfenable']; + // $varsqlconfenablecounter = $sqlconf['varsqlconfenablecounter']; + + + $conf .= <<<EOD + +sql { + database = "$varsqlconfdatabase" + driver = "rlm_sql_\${database}" + server = "$varsqlconfserver" + port = $varsqlconfport + login = "$varsqlconflogin" + password = "$varsqlconfpassword" + radius_db = "$varsqlconfradiusdb" + acct_table1 = "$varsqlconfaccttable1" + acct_table2 = "$varsqlconfaccttable2" + postauth_table = "$varsqlconfpostauthtable" + authcheck_table = "$varsqlconfauthchecktable" + authreply_table = "$varsqlconfauthreplytable" + groupcheck_table = "$varsqlconfgroupchecktable" + groupreply_table = "$varsqlconfgroupreplytable" + usergroup_table = "$varsqlconfusergrouptable" + read_groups = $varsqlconfreadgroups + deletestalesessions = $varsqlconfdeletestalesessions + sqltrace = $varsqlconfsqltrace + sqltracefile = \${logdir}/sqltrace.sql + num_sql_socks = $varsqlconfnumsqlsocks + connect_failure_retry_delay = $varsqlconfconnectfailureretrydelay + lifetime = $varsqlconflifetime + max_queries = $varsqlconfmaxqueries + readclients = $varsqlconfreadclients + nas_table = "$varsqlconfnastable" + \$INCLUDE sql/\${database}/dialup.conf +} + +EOD; + + $filename = RADDB . '/sql.conf'; + conf_mount_rw(); + file_put_contents($filename, $conf); + chmod($filename, 0600); + conf_mount_ro(); + + restart_service('freeradius'); +} ?>
\ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index b70b2713..a553e74a 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -85,6 +85,10 @@ <text>EAP</text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> </tabs> <adddeleteeditpagefields> @@ -272,6 +276,7 @@ freeradius_clients_resync(); freeradius_users_resync(); freeradius_eapconf_resync(); + freeradius_sqlconf_resync(); exec("rm -f /usr/local/etc/raddb/sites-enabled/control-socket"); exec("rm -f /usr/local/etc/raddb/sites-enabled/inner-tunnel"); </custom_php_install_command> diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 62c37f3d..cf18458c 100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -71,6 +71,10 @@ <text>EAP</text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> </tabs> <adddeleteeditpagefields> <columnitem> diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index cff17c09..00aaf3bc 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -72,6 +72,10 @@ <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> <active/> </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> </tabs> <fields> <field> @@ -127,20 +131,20 @@ <default_value>4096</default_value> </field> <field> - <name>EAP-TLS and EAP-TLS with OCSP support</name> + <name>EAP-TLS</name> <type>listtopic</type> </field> <field> <fielddescr>Private Key Password</fielddescr> <fieldname>vareapconfprivatekeypassword</fieldname> - <description><![CDATA[Enter the private key of the password. (Default: whatever)]]></description> + <description><![CDATA[Enter the password of the private key. (Default: whatever)]]></description> <type>password</type> <default_value>whatever</default_value> </field> <field> <fielddescr>Private Key File</fielddescr> <fieldname>vareapconfprivatekeyfile</fieldname> - <description><![CDATA[Enter the filename of the private key file. The file <b>must</b> in /usr/local/etc/raddb/certs/ (Default: server.pem)]]></description> + <description><![CDATA[Enter the filename of the private key file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)]]></description> <type>input</type> <default_value>server.pem</default_value> </field> @@ -180,6 +184,10 @@ <default_value>random</default_value> </field> <field> + <name>EAP-TLS with OCSP support</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Enable OCSP</fielddescr> <fieldname>vareapconfocspenable</fieldname> <description><![CDATA[Choose if you like to enable or disable OCSP support. (Default: Disable)]]></description> diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index 22f2b87e..cfc8cb14 100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -71,6 +71,10 @@ <text>EAP</text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> </tabs> <adddeleteeditpagefields> <columnitem> diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index a0b08ab4..2f4189fd 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -72,6 +72,10 @@ <text>EAP</text> <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> </tabs> <fields> <field> diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml new file mode 100644 index 00000000..8a53b923 --- /dev/null +++ b/config/freeradius2/freeradiussqlconf.xml @@ -0,0 +1,309 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>freeradiussqlconf</name> + <version>none</version> + <title>FreeRADIUS: SQL</title> + <aftersaveredirect>pkg_edit.php?xml=freeradiussqlconf.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/freeradius.inc</include_file> + <tabs> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + </tab> + <tab> + <text>EAP</text> + <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> + </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + <active/> + </tab> + </tabs> + <fields> + <field> + <name>Enable SQL Database</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable SQL Configuration</fielddescr> + <fieldname>varsqlconfenable</fieldname> + <description><![CDATA[You need to enable this so that eap.conf will be included in radiusd.conf. (Default: Disable)<br> + $INCLUDE sql.conf]]></description> + <type>select</type> + <default_value>#\$INCLUDE sql.conf</default_value> + <options> + <option><name>Disbale</name><value>#\$INCLUDE sql.conf</value></option> + <option><name>Enable</name><value>$INCLUDE sql.conf</value></option> + </options> + </field> + <field> + <fielddescr>Enable MySQL Counter</fielddescr> + <fieldname>varsqlconfenablecounter</fieldname> + <description><![CDATA[You need to enable this so that eap.conf will be included in radiusd.conf. (Default: Disable)<br> + $INCLUDE sql/mysql/counter.conf]]></description> + <type>select</type> + <default_value>#\$INCLUDE sql/mysql/counter.conf</default_value> + <options> + <option><name>Disbale</name><value>#\$INCLUDE sql/mysql/counter.conf</value></option> + <option><name>Enable</name><value>$INCLUDE sql/mysql/counter.conf</value></option> + </options> + </field> + <field> + <name>SQL Database Configuration</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Database Type</fielddescr> + <fieldname>varsqlconfdatabase</fieldname> + <description><![CDATA[Choose the database type. (Default: mysql)]]></description> + <type>select</type> + <default_value>mysql</default_value> + <options> + <option><name>MySQL</name><value>mysql</value></option> + <option><name>MsSQL</name><value>mssql</value></option> + <option><name>Oracle</name><value>oracle</value></option> + <option><name>PostgreSQL</name><value>postgresql</value></option> + </options> + </field> + <field> + <fielddescr>Server IP Address</fielddescr> + <fieldname>varsqlconfserver</fieldname> + <description><![CDATA[Enter the IP address of the database server (Default: localhost)]]></description> + <type>input</type> + <default_value>localhost</default_value> + </field> + <field> + <fielddescr>Server Port Address</fielddescr> + <fieldname>varsqlconfport</fieldname> + <description><![CDATA[Enter the port address of the database server (Default: 3306)]]></description> + <type>input</type> + <default_value>3306</default_value> + </field> + <field> + <fielddescr>Database Username</fielddescr> + <fieldname>varsqlconflogin</fieldname> + <description><![CDATA[Enter the username of the database server (Default: radius)]]></description> + <type>input</type> + <default_value>radius</default_value> + </field> + <field> + <fielddescr>Database Password</fielddescr> + <fieldname>varsqlconfpassword</fieldname> + <description><![CDATA[Enter the password of the database server (Default: radpass)]]></description> + <type>password</type> + <default_value>radpass</default_value> + </field> + <field> + <fielddescr>Database Table Configuration</fielddescr> + <fieldname>varsqlconfradiusdb</fieldname> + <description><![CDATA[Choose database table configuration: (Default: radius) <br> + For all <b>except</b> Oracle choose: <b>radius</b> <br> + For Oracle change and paste the following line according your environment:<br> + <b>(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))</b>]]></description> + <type>input</type> + <default_value>radius</default_value> + </field> + <field> + <fielddescr>Accounting Table 1 (Start)</fielddescr> + <fieldname>varsqlconfaccttable1</fieldname> + <description><![CDATA[This is the accounting "Start" table. If you want to log "Start" and "Stop" to the same table choose the same name for both. (Default: radacct)]]></description> + <type>input</type> + <default_value>radacct</default_value> + </field> + <field> + <fielddescr>Accounting Table 2 (Stop)</fielddescr> + <fieldname>varsqlconfaccttable2</fieldname> + <description><![CDATA[This is the accounting "Stop" table. If you want to log "Stop" and "Stop" to the same table choose the same name for both. (Default: radacct)]]></description> + <type>input</type> + <default_value>radacct</default_value> + </field> + <field> + <fielddescr>Post Auth Table</fielddescr> + <fieldname>varsqlconfpostauthtable</fieldname> + <description><![CDATA[Choose Post Auth Table. (Default: radpostauth)]]></description> + <type>input</type> + <default_value>radpostauth</default_value> + </field> + <field> + <fielddescr>Auth Check Table</fielddescr> + <fieldname>varsqlconfauthchecktable</fieldname> + <description><![CDATA[Choose Auth Check Table. (Default: radcheck)]]></description> + <type>input</type> + <default_value>radcheck</default_value> + </field> + <field> + <fielddescr>Auth Reply Table</fielddescr> + <fieldname>varsqlconfauthreplytable</fieldname> + <description><![CDATA[Choose Auth Reply Table. (Default: radreply)]]></description> + <type>input</type> + <default_value>radreply</default_value> + </field> + <field> + <fielddescr>Group Check Table</fielddescr> + <fieldname>varsqlconfgroupchecktable</fieldname> + <description><![CDATA[Choose Group Check Table. (Default: radgroupcheck)]]></description> + <type>input</type> + <default_value>radgroupcheck</default_value> + </field> + <field> + <fielddescr>Group Reply Table</fielddescr> + <fieldname>varsqlconfgroupreplytable</fieldname> + <description><![CDATA[Choose Group Check Table. (Default: radgroupreply)]]></description> + <type>input</type> + <default_value>radgroupreply</default_value> + </field> + <field> + <fielddescr>User Group Table</fielddescr> + <fieldname>varsqlconfusergrouptable</fieldname> + <description><![CDATA[Choose Group Check Table. (Default: radusergroup)]]></description> + <type>input</type> + <default_value>radusergroup</default_value> + </field> + <field> + <fielddescr>Read the Group Tables</fielddescr> + <fieldname>varsqlconfreadgroups</fieldname> + <description><![CDATA[If set to <b>yes</b> (default) we read the group tables.<br> + If set to <b>no</b> the user <b>must</b> have Fall-Through = Yes in the radreply table]]></description> + <type>select</type> + <default_value>yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Delete Stale Sessions</fielddescr> + <fieldname>varsqlconfdeletestalesessions</fieldname> + <description><![CDATA[Remove stale session if checkrad does not see a double login. (Default: yes)]]></description> + <type>select</type> + <default_value>yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Print all SQL Statements</fielddescr> + <fieldname>varsqlconfsqltrace</fieldname> + <description><![CDATA[Print all SQL statements when in debug mode. (Default: no)]]></description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Number of SQL Connections</fielddescr> + <fieldname>varsqlconfnumsqlsocks</fieldname> + <description><![CDATA[Number of SQL connections to make to the server. (Default: 5)]]></description> + <type>input</type> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Failed Database Connection Delay</fielddescr> + <fieldname>varsqlconfconnectfailureretrydelay</fieldname> + <description><![CDATA[Number of seconds btween a retry after a failed database connection. (Default: 60)]]></description> + <type>input</type> + <default_value>60</default_value> + </field> + <field> + <fielddescr>SQL Socket Lifetime</fielddescr> + <fieldname>varsqlconflifetime</fieldname> + <description><![CDATA[If you are having network issues such as TCP sessions expiring, you may need to set the socket lifetime. If set to non-zero, any open connections will be closed X seconds after they were first opened. (Default: 0)]]></description> + <type>input</type> + <default_value>0</default_value> + </field> + <field> + <fielddescr>SQL Socket Maximum Queries</fielddescr> + <fieldname>varsqlconfmaxqueries</fieldname> + <description><![CDATA[If you have issues with SQL sockets lasting too long, you can limit the number of queries performed over one socket. After X queries, the socket will be closed. Use 0 for no limit. (Default: 0)]]></description> + <type>input</type> + <default_value>0</default_value> + </field> + <field> + <fielddescr>Read Clients from Database</fielddescr> + <fieldname>varsqlconfreadclients</fieldname> + <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description> + <type>select</type> + <default_value>yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>RADIUS Client Table</fielddescr> + <fieldname>varsqlconfnastable</fieldname> + <description><![CDATA[Choose the table to keep RADIUS client info. (Default: nas)]]></description> + <type>input</type> + <default_value>nas</default_value> + </field> + </fields> + <custom_delete_php_command> + freeradius_sqlconf_resync(); + freeradius_settings_resync(); + </custom_delete_php_command> + <custom_php_resync_config_command> + freeradius_sqlconf_resync(); + freeradius_settings_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file |