From f4023ddfa50859a391e300e2c773593fc099a689 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Sat, 31 Dec 2011 00:14:26 +0000 Subject: freeradius2 updates: pkg v1.3.9 --- config/freeradius2/freeradius.inc | 163 +++++++++++++++++++++++--- config/freeradius2/freeradius.xml | 27 +++-- config/freeradius2/freeradius_view_config.php | 3 +- config/freeradius2/freeradiuscerts.xml | 14 ++- config/freeradius2/freeradiusclients.xml | 6 +- config/freeradius2/freeradiuseapconf.xml | 6 +- config/freeradius2/freeradiusinterfaces.xml | 4 + config/freeradius2/freeradiussettings.xml | 4 + config/freeradius2/freeradiussqlconf.xml | 4 + config/freeradius2/freeradiussync.xml | 138 ++++++++++++++++++++++ pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 12 files changed, 336 insertions(+), 37 deletions(-) create mode 100644 config/freeradius2/freeradiussync.xml diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 29d4cf12..0b02f176 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -38,6 +38,12 @@ require_once('config.inc'); require_once('service-utils.inc'); +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); +require_once("filter.inc"); +require_once("services.inc"); define('RADDB', '/usr/local/etc/raddb'); @@ -124,8 +130,7 @@ function freeradius_settings_resync() { $varsqlconfincludecounter = '$INCLUDE sql/mysql/counter.conf'; $varsqlconfinstantiate = 'sql'; } - - if ($sqlconf['varsqlconfincludeenable'] == 'Disable') { + else { $varsqlconfinclude = '#$INCLUDE sql.conf'; $varsqlconfincludecounter = '#$INCLUDE sql/mysql/counter.conf'; $varsqlconfinstantiate = '#sql'; @@ -291,6 +296,7 @@ EOD; conf_mount_rw(); file_put_contents(RADDB . '/radiusd.conf', $conf); conf_mount_ro(); + restart_service("freeradius"); } @@ -388,7 +394,8 @@ EOD; file_put_contents($filename, $conf); chmod($filename, 0600); conf_mount_ro(); - + + freeradius_sync_on_changes(); restart_service('freeradius'); } @@ -411,26 +418,14 @@ function freeradius_clients_resync() { client $varclientshortname { $varclientipversion = $varclientip - - ### udp or tcp - udp is default proto = $varclientproto secret = $varclientsharedsecret - - ### RFC5080: User Message-Authenticator in Access-Request. But older sqitches, accesspoints, NAS do not include that. Default: no require_message_authenticator = $varrequiremessageauthenticator - - ### Takes only effect if you use TCP as protocol. This is the mirror of "max_requests" from "Settings" tab. Default 16 max_connections = $varclientmaxconnections shortname = $varclientshortname - - ### Optional: Used by checkrad.pl for simultaneous use checks. Default: other nastype = $varclientnastype - - ### Optional: will be used in future releases #login = !root #password = someadminpas - - ### Additional configuration needed. See: raddb/sites-available/originate-coa #virtual_server = home1 #coa_server = coa } @@ -452,6 +447,8 @@ EOD; conf_mount_rw(); file_put_contents(RADDB . '/clients.conf', $conf); conf_mount_ro(); + + freeradius_sync_on_changes(); restart_service("freeradius"); } @@ -1792,4 +1789,140 @@ function freeradius_allcertcnf_resync() { restart_service('freeradius'); } } + +// ##### The following part is based on the code of pfblocker ##### + +/* Uses XMLRPC to synchronize the changes to a remote node */ +function freeradius_sync_on_changes() { + global $config, $g; + $varsyncenablexmlrpc = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc']; + + // if checkbox is NOT checked do nothing + if(!$varsyncenablexmlrpc) { + return; + } + + log_error("freeRADIUS is starting XMLRPC process (freeradius_do_xmlrpc_sync)."); + + // if checkbox is checked get IP and password of the destination hosts + foreach ($config['installedpackages']['freeradiussync']['config'] as $rs ){ + foreach($rs['row'] as $sh){ + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + if($password && $sync_to_ip) + freeradius_do_xmlrpc_sync($sync_to_ip, $password); + } + } + log_error("freeRADIUS has finished XMLRPC process (freeradius_do_xmlrpc_sync)."); +} + +/* Do the actual XMLRPC sync */ +function freeradius_do_xmlrpc_sync($sync_to_ip, $password) { + global $config, $g; + + if(!$password) + return; + + if(!$sync_to_ip) + return; + + // Check and choose correct protocol type, port number and IP address + $xmlrpc_sync_neighbor = $sync_to_ip; + if($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } + $port = $config['system']['webgui']['port']; + /* if port is empty lets rely on the protocol selection */ + if($port == "") { + if($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } + $synchronizetoip .= $sync_to_ip; + + /* xml will hold the sections to sync */ + $xml = array(); + $xml['freeradius'] = $config['installedpackages']['freeradius']; + $xml['freeradiusclients'] = $config['installedpackages']['freeradiusclients']; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); + + /* set a few variables needed for sync code borrowed from filter.inc */ + $url = $synchronizetoip; + log_error("Beginning freeRADIUS XMLRPC sync with {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + if($g['debug']) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 250 seconds */ + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while freeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while freeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + } else { + log_error("freeRADIUS XMLRPC has synced data successfully with {$url}:{$port}."); + } + + /* tell freeradius to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/freeradius.inc');\n"; + // pfblocker just needed one fuction to reload after XMLRPC. freeRADIUS needs more so we point to a fuction below which contains all fuctions + $execcmd .= "freeradius_all_after_XMLRPC_resync();"; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("freeRADIUS XMLRPC is reloading data on {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while freeRADIUS was attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while freeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + } else { + log_error("freeRADIUS XMLRPC has reloaded data successfully on {$url}:{$port} (pfsense.exec_php)."); + } + +} + +// ##### The part above is based on the code of pfblocker ##### + +// This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) +// Adding more functions will increase the to sync +function freeradius_all_after_XMLRPC_resync() { + + freeradius_users_resync(); + freeradius_clients_resync(); + + log_error("freeRADIUS has finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + + exec("/usr/local/etc/rc.d/radiusd onerestart"); +} + ?> \ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 9b49c0a1..264df467 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -65,7 +65,7 @@ Users /pkg.php?xml=freeradius.xml - + NAS / Clients @@ -95,6 +95,10 @@ View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + /usr/local/www/ @@ -131,6 +135,11 @@ 0755 http://www.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml + + /usr/local/pkg/ + 0755 + http://www.pfsense.org/packages/config/freeradius2/freeradiussync.xml + /usr/local/pkg/ 0755 @@ -142,17 +151,13 @@ varusersusername - Description - description + Simult. Connections + varuserssimultaneousconnect IP Address varusersframedipaddress - - Simultaneous Connections - varuserssimultaneousconnect - Expiration Date varusersexpiration @@ -169,6 +174,10 @@ VLAN ID varusersvlanid + + Description + description + @@ -310,10 +319,6 @@ freeradius_sqlconf_resync(); freeradius_settings_resync(); freeradius_serverdefault_resync(); - freeradius_clientcertcnf_resync(); - freeradius_servercertcnf_resync(); - freeradius_cacertcnf_resync(); - freeradius_allcertcnf_resync(); exec("rm -f /usr/local/etc/raddb/sites-enabled/control-socket"); exec("rm -f /usr/local/etc/raddb/sites-enabled/inner-tunnel"); diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index 7242851d..14e37455 100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -59,7 +59,7 @@ else{ if(strstr($pfSversion, "1.2")) $one_two = true; - $pgtitle = "Services: freeRADIUS View Configuration"; + $pgtitle = "FreeRADIUS: View Configuration"; include("head.inc"); ?> @@ -87,6 +87,7 @@ else{ $tab_array[] = array(gettext("SQL"), false, "/pkg_edit.php?xml=freeradiussqlconf.xml&id=0"); $tab_array[] = array(gettext("Certificates"), false, "/pkg_edit.php?xml=freeradiuscerts.xml&id=0"); $tab_array[] = array(gettext("View config"), true, "/freeradius_view_config.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=freeradiussync.xml&id=0"); display_top_tabs($tab_array); ?> diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index 629a92ae..34ab5a03 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -78,11 +78,15 @@ Certificates /pkg_edit.php?xml=freeradiuscerts.xml&id=0 - + View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + @@ -174,7 +178,7 @@ Key Creation Algorithm varcertsdefaultmd - There seems to be some OS do not support all algorithms. (Default: md5)]]> + There seems to be some OS which do not support all algorithms. (Default: md5)]]> select md5 @@ -273,11 +277,9 @@ - freeradius_allcertcnf_resync(); - freeradius_eapconf_resync(); + freeradius_allcertcnf_resync(); - freeradius_allcertcnf_resync(); - freeradius_eapconf_resync(); + freeradius_allcertcnf_resync(); \ No newline at end of file diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 8040242e..61afd4f5 100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -82,7 +82,11 @@ View config /freeradius_view_config.php - + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + + Client IP Address diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index 6639ec57..759c6065 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -46,7 +46,7 @@ Currently there are no FAQ items provided. freeradiuseapconf none - FreeRADIUS: Settings + FreeRADIUS: EAP pkg_edit.php?xml=freeradiuseapconf.xml&id=0 /usr/local/pkg/freeradius.inc @@ -83,6 +83,10 @@ View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index 9d720020..3819908e 100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -82,6 +82,10 @@ View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 7a4c14fb..34999917 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -83,6 +83,10 @@ View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml index 226f021d..b8fc829d 100644 --- a/config/freeradius2/freeradiussqlconf.xml +++ b/config/freeradius2/freeradiussqlconf.xml @@ -83,6 +83,10 @@ View config /freeradius_view_config.php + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml new file mode 100644 index 00000000..12a73ed0 --- /dev/null +++ b/config/freeradius2/freeradiussync.xml @@ -0,0 +1,138 @@ + + + + + + + + Describe your package requirements here + Currently there are no FAQ items provided. + freeradiussync + 2.1.12 + FreeRADIUS: XMLRPC Sync + /usr/local/pkg/freeradius.inc + + FreeRADIUS + Modify FreeRADIUS users, clients, and settings. +
Services
+ /pkg.php?xml=freeradiussync.xml +
+ + FreeRADIUS + radiusd.sh + radiusd + + + + + Users + /pkg.php?xml=freeradius.xml + + + NAS / Clients + /pkg.php?xml=freeradiusclients.xml + + + Interfaces + /pkg.php?xml=freeradiusinterfaces.xml + + + Settings + /pkg_edit.php?xml=freeradiussettings.xml&id=0 + + + EAP + /pkg_edit.php?xml=freeradiuseapconf.xml&id=0 + + + SQL + /pkg_edit.php?xml=freeradiussqlconf.xml&id=0 + + + Certificates + /pkg_edit.php?xml=freeradiuscerts.xml&id=0 + + + View config + /freeradius_view_config.php + + + XMLRPC Sync + /pkg_edit.php?xml=freeradiussync.xml&id=0 + + + + + + freeRADIUS XMLRPC Sync + listtopic + + + Automatically sync freeRADIUS configuration changes? + varsyncenablexmlrpc + + Important: Only Users and NAS / Clients will be synced.]]> + checkbox + + + Destination Server + none + rowhelper + + + Destination IP Address + varsyncipaddress + + input + 20 + + + Destination Admin Password + varsyncpassword + + password + 20 + + + + + + freeradius_sync_on_changes(); + + + freeradius_sync_on_changes(); + +
diff --git a/pkg_config.8.xml b/pkg_config.8.xml index a1a20a15..530e4c48 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -792,7 +792,7 @@ Do not use together with freeradius package. Both are using the same XML files.]]> http://forum.pfsense.org/index.php/topic,43675.0.html System - 2.1.12 pkg v1.3.8 + 2.1.12 pkg v1.3.9 BETA 2.0 nachtfalkeaw@web.de diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 5a756a89..a4e37689 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -834,7 +834,7 @@ Do not use together with freeradius package. Both are using the same XML files.]]> http://forum.pfsense.org/index.php/topic,43675.0.html System - 2.1.12 pkg v1.3.8 + 2.1.12 pkg v1.3.9 BETA 2.0 nachtfalkeaw@web.de -- cgit v1.2.3 From ea8e8474c2ef5d2997b0b65424f5ba4e5510fd6f Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Sat, 31 Dec 2011 00:27:47 +0000 Subject: Added copyright --- config/freeradius2/freeradiussync.xml | 56 +++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 25 deletions(-) mode change 100644 => 100755 config/freeradius2/freeradiussync.xml diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml old mode 100644 new mode 100755 index 12a73ed0..4a15c8d2 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -3,40 +3,46 @@ - +Copyright (C) 2011 Marcello Coutinho +based on pfblocker_sync.xml +All rights reserved. + +Based on m0n0wall (http://m0n0.ch/wall) +Copyright (C) 2003-2006 Manuel Kasper . +All rights reserved. +*/ /* ========================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. +1. Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. +*/ /* ========================================================================== */ - ]]> +]]> Describe your package requirements here Currently there are no FAQ items provided. -- cgit v1.2.3