From c77b96f6edbd5ec026fb94506b96e2ced042d000 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Fri, 6 Jul 2012 01:58:11 +0300
Subject: freeradius2: modified pfSense version check

---
 config/freeradius2/freeradius.inc | 302 +++++++++++++++++++-------------------
 1 file changed, 150 insertions(+), 152 deletions(-)

(limited to 'config/freeradius2')

diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 7c5cd914..8dd720a9 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -45,20 +45,22 @@ require_once("globals.inc");
 require_once("filter.inc");
 require_once("services.inc");
 
-// Check to find out on which system the package is running
-if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
-	define('RADDB', '/usr/local/etc/raddb');
-	define('USRLOCAL', '/usr/local');
-} else {
-	define('RADDB', '/usr/pbi/freeradius-' . php_uname("m") . '/etc/raddb');
-	define('USRLOCAL', '/usr/pbi/freeradius-' . php_uname("m"));
+// Check pfSense version
+$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
+switch ($pfs_version) {
+	case "1.2":
+	case "2.0":
+		define('FREERADIUS_BASE', '/usr/local');
+		break;
+	default:
+		define('FREERADIUS_BASE', '/usr/pbi/freeradius-' . php_uname("m"));
 }
-// End of system check
+// End: Check pfSense version
 
 function freeradius_deinstall_command() {
 	if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") {
 		exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`");
-		exec("rm -rf " . RADDB);
+		exec("rm -rf " . FREERADIUS_BASE . "/etc/raddb");
 		exec("rm -rf /var/run/radiusd/");
 	}
 }
@@ -68,33 +70,32 @@ function freeradius_install_command() {
 	conf_mount_rw();
 
 	// put the constant to a variable
-	$varRADDB = RADDB;
-	$varUSRLOCAL = USRLOCAL;
+	$varFREERADIUS_BASE = FREERADIUS_BASE;
 
 	// We create here different folders for different counters.
 	if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); }
 	if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter");	}
 	
-	exec("mkdir " . RADDB . "/scripts");
+	exec("mkdir " . FREERADIUS_BASE . "/etc/raddb/scripts");
 	if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
 	if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
-	exec("chown -R root:wheel " . RADDB . " && chown -R root:wheel " . USRLOCAL . "/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct");
+	exec("chown -R root:wheel " . FREERADIUS_BASE . "/etc/raddb && chown -R root:wheel " . FREERADIUS_BASE . "/lib/freeradius-2.1.12 && chown -R root:wheel /var/log/radacct");
 
 	// creating a backup file of the original policy.conf no matter if user checked this or not
-	if (!file_exists(RADDB . "/policy.conf.backup")) {
-		log_error("FreeRADIUS: Creating backup of the original file to " . RADDB . "/policy.conf.backup");
-		copy(RADDB . "/policy.conf", RADDB . "/policy.conf.backup");
+	if (!file_exists(FREERADIUS_BASE . "/etc/raddb/policy.conf.backup")) {
+		log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/policy.conf.backup");
+		copy(FREERADIUS_BASE . "/etc/raddb/policy.conf", FREERADIUS_BASE . "/etc/raddb/policy.conf.backup");
 	}
 
 	// creating a backup file of the original /modules/files no matter if user checked this or not
-	if (!file_exists(RADDB . "/files.backup")) {
-		log_error("FreeRADIUS: Creating backup of the original file to " . RADDB . "/files.backup");
-		copy(RADDB . "/modules/files", RADDB . "/files.backup");
+	if (!file_exists(FREERADIUS_BASE . "/etc/raddb/files.backup")) {
+		log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_BASE . "/etc/raddb/files.backup");
+		copy(FREERADIUS_BASE . "/etc/raddb/modules/files", FREERADIUS_BASE . "/etc/raddb/files.backup");
 	}
 
 	// Disable virtual-server we do not need by default
-	if (file_exists(RADDB . "/sites-enabled/control-socket")) { unlink(RADDB . "/sites-enabled/control-socket"); }
-	if (file_exists(RADDB . "/sites-enabled/inner-tunnel")) { unlink(RADDB . "/sites-enabled/inner-tunnel"); }
+	if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/control-socket"); }
+	if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_BASE . "/etc/raddb/sites-enabled/inner-tunnel"); }
 
 	// We run this here just to suppress some warnings on syslog if file doesn't exist
 	freeradius_authorizedmacs_resync();
@@ -120,8 +121,8 @@ function freeradius_install_command() {
 
 	$rcfile = array();
 	$rcfile['file'] = 'radiusd.sh';
-	$rcfile['start'] = "$varUSRLOCAL" . '/etc/rc.d/radiusd onestart';
-	$rcfile['stop'] = "$varUSRLOCAL" . '/etc/rc.d/radiusd onestop';
+	$rcfile['start'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestart';
+	$rcfile['stop'] = "$varFREERADIUS_BASE" . '/etc/rc.d/radiusd onestop';
 	write_rcfile($rcfile);
 		conf_mount_ro();
 	start_service("radiusd");
@@ -132,8 +133,7 @@ function freeradius_settings_resync() {
 	$conf = '';
 
 	// put the constant to a variable
-	$varRADDB = RADDB;
-	$varUSRLOCAL = USRLOCAL;
+	$varFREERADIUS_BASE = FREERADIUS_BASE;
 
 	// We do some checks of some folders which will be deleted after reboot on nanobsd systems
 	if (!file_exists("/var/log/radacct/")) { exec("mkdir /var/log/radacct"); }
@@ -203,7 +203,7 @@ function freeradius_settings_resync() {
 
 
 	$conf .= <<<EOD
-prefix = $varUSRLOCAL
+prefix = $varFREERADIUS_BASE
 exec_prefix = \${prefix}
 sysconfdir = \${prefix}/etc
 localstatedir = /var
@@ -242,7 +242,7 @@ extended_expressions = $varsettingsextendedexpressions
 EOD;
 
 // Deletes virtual-server coa by default. Will be re-enabled if there is an interface-type "coa"
-exec("rm -f " . RADDB . "/sites-enabled/coa");
+exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/coa");
 
 $arrinterfaces = $config['installedpackages']['freeradiusinterfaces']['config'];
 	if (is_array($arrinterfaces)  && !empty($arrinterfaces)) {
@@ -269,7 +269,7 @@ EOD;
 			// Begin "if" for interface-type = coa
 			if ($item['varinterfacetype'] == 'coa') {
 			// Enables virtual-server coa because interface-type is coa
-			exec("ln -s " . RADDB . "/sites-available/coa " . RADDB . "/sites-enabled/");
+			exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/coa " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/");
 			$conf .= <<<EOD
 listen {
 		type = $varinterfacetype
@@ -360,7 +360,7 @@ instantiate {
 EOD;
 
 	conf_mount_rw();
-	file_put_contents(RADDB . '/radiusd.conf', $conf);
+	file_put_contents(FREERADIUS_BASE . '/etc/raddb/radiusd.conf', $conf);
 	conf_mount_ro();
 	
 	// "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius.
@@ -538,7 +538,7 @@ if (is_array($arrusers) && !empty($arrusers)) {
 	if ($varusersmaxtotaloctets != '') {
 		if ($varusersreplyitem != '') { $varusersreplyitem .=","; }
 		//create exec script
-		$varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . RADDB . '/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"';
+		$varusersreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varusersusername $varusersmaxtotaloctetstimerange" . '"';
 		// create limit file - will be always overwritten so we can increase limit from GUI
 		exec("`echo $varusersmaxtotaloctets > /var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/max-octets-$varusersusername`");
 		// if used-octets file exist we do NOT overwrite this file!!!
@@ -566,7 +566,7 @@ EOD;
 	} //end foreach
 } // end if
 
-	$filename = RADDB . '/users';
+	$filename = FREERADIUS_BASE . '/etc/raddb/users';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -719,7 +719,7 @@ if (is_array($arrmacs) && !empty($arrmacs)) {
 	if ($varmacsmaxtotaloctets != '') {
 		if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; }
 		//create exec script
-		$varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . RADDB . '/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"';
+		$varmacsreplyitem .= "\n\tExec-Program-Wait = " . '"/bin/sh ' . FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh ' . "$varmacsaddress $varmacsmaxtotaloctetstimerange" . '"';
 		// create limit file - will be always overwritten so we can increase limit from GUI
 		exec("`echo $varmacsmaxtotaloctets > /var/log/radacct/datacounter/$varmacsmaxtotaloctetstimerange/max-octets-$varmacsaddress`");
 		// if used-octets file exist we do NOT overwrite this file!!!
@@ -747,7 +747,7 @@ EOD;
 	} //end foreach
 } // end if
 
-	$filename = RADDB . '/authorized_macs';
+	$filename = FREERADIUS_BASE . '/etc/raddb/authorized_macs';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -818,7 +818,7 @@ EOD;
 	}
 
 	conf_mount_rw();
-	file_put_contents(RADDB . '/clients.conf', $conf);
+	file_put_contents(FREERADIUS_BASE . '/etc/raddb/clients.conf', $conf);
 	conf_mount_ro();
 	
 	freeradius_sync_on_changes();
@@ -886,12 +886,12 @@ function freeradius_eapconf_resync() {
 	// This is for enable/disbable MS SoH in EAP-PEAP and the virtuial-server "soh-server"
 	if ($eapconf['vareapconfpeapsohenable'] == 'Enable') {
 		$vareapconfpeapsoh = 'soh = yes' . "\n\t\t\tsoh_virtual_server = " . '"' . "soh-server" . '"';
-		exec("ln -s " . RADDB . "/sites-available/soh " . RADDB . "/sites-enabled/");
+		exec("ln -s " . FREERADIUS_BASE . "/etc/raddb/sites-available/soh " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/");
 	}
 	else {
 		$vareapconfpeapsoh = '### MS SoH Server is disabled ###';
-			if (file_exists(RADDB . "/sites-enabled/soh")) {
-			exec("rm -f " . RADDB . "/sites-enabled/soh");
+			if (file_exists(FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh")) {
+			exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/sites-enabled/soh");
 			}
 	}
 		
@@ -905,33 +905,33 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
 		$ca_cert = lookup_ca($eapconf["ssl_ca_cert"]);
 		if ($ca_cert != false) {
 			if(base64_decode($ca_cert['prv'])) {
-				file_put_contents(RADDB . "/certs/ca_key.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_key.pem", 
 					base64_decode($ca_cert['prv']));
-				$conf['ssl_ca_key'] = RADDB . '/certs/ca_key.pem';
+				$conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_key.pem';
 			}
 
 
 			if(base64_decode($ca_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/ca_cert.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem", 
 					base64_decode($ca_cert['crt']));
-				$conf['ssl_ca_cert'] = RADDB . "/certs/ca_cert.pem";
+				$conf['ssl_ca_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_cert.pem";
 			}
 
 
 			$svr_cert = lookup_cert($eapconf["ssl_server_cert"]);
 			if ($svr_cert != false) {
 				if(base64_decode($svr_cert['prv'])) {
-					file_put_contents(RADDB . "/certs/server_key.pem", 
+					file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_key.pem", 
 						base64_decode($svr_cert['prv']));
-					$conf['ssl_key'] = RADDB . '/certs/server_key.pem';
+					$conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/server_key.pem';
 				}
 			}
 
 
 			if(base64_decode($svr_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/server_cert.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem", 
 					base64_decode($svr_cert['crt']));
-				$conf['ssl_server_cert'] = RADDB . "/certs/server_cert.pem";
+				$conf['ssl_server_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/server_cert.pem";
 			}
 			
 			
@@ -939,23 +939,23 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
 				$svr_cert = lookup_cert($eapconf["ssl_client_cert"]);
 				if ($svr_cert != false) {
 					if(base64_decode($svr_cert['prv'])) {
-						file_put_contents(RADDB . "/certs/client_key.pem", 
+						file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem", 
 							base64_decode($svr_cert['prv']));
-						$conf['ssl_key'] = RADDB . '/certs/client_key.pem';
+						$conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/client_key.pem';
 					}
 				}
 
 
 				if(base64_decode($svr_cert['crt'])) {
-					file_put_contents(RADDB . "/certs/client_cert.pem", 
+					file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem", 
 						base64_decode($svr_cert['crt']));
-					$conf['ssl_client_cert'] = RADDB . "/certs/client_cert.pem";
+					$conf['ssl_client_cert'] = FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem";
 				}
 			
-			exec("openssl pkcs12 -export -in " . RADDB . "/certs/client_cert.pem -inkey " . RADDB . "/certs/client_key.pem -out " . RADDB . "/certs/client_cert.p12 -passout pass\:");	
+			exec("openssl pkcs12 -export -in " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.pem -inkey " . FREERADIUS_BASE . "/etc/raddb/certs/client_key.pem -out " . FREERADIUS_BASE . "/etc/raddb/certs/client_cert.p12 -passout pass\:");	
 			}
 			
-			$conf['ssl_cert_dir'] = RADDB . '/certs';
+			$conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
 		}
 
 	$vareapconfprivatekeyfile = 'server_key.pem';
@@ -964,11 +964,11 @@ if ($eapconf['vareapconfchoosecertmanager'] == 'on') {
 	
 	// generate new DH and RANDOM file
 	// We create a single empty file just to check if there is really a change from one to another cert manager to avoid building ne DH and random files
-	if (!file_exists(RADDB . "/certs/pfsense_cert_mgr")) {
-		log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . RADDB . "/certs");
-		exec("cd " . RADDB . "/certs && openssl dhparam -out dh 1024");
-		exec("cd " . RADDB . "/certs && dd if=/dev/urandom of=./random count=10");
-		exec("touch " . RADDB . "/certs/pfsense_cert_mgr");
+	if (!file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) {
+		log_error("freeRADIUS: Switched to pfSense Cert-Manager. Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
+		exec("touch " . FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr");
 	}
 }
 
@@ -1063,7 +1063,7 @@ else {
 	}
 EOD;
 
-	$filename = RADDB . '/eap.conf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/eap.conf';
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
 	conf_mount_ro();
@@ -1217,7 +1217,7 @@ sql sql2 {
 }
 EOD;
 
-	$filename = RADDB . '/sql.conf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/sql.conf';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2065,7 +2065,7 @@ post-proxy {
 }
 EOD;
 
-	$filename = RADDB . '/sites-available/default';
+	$filename = FREERADIUS_BASE . '/etc/raddb/sites-available/default';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2160,7 +2160,7 @@ authorityKeyIdentifier	= keyid:always,issuer:always
 basicConstraints	= CA:true
 EOD;
 
-	$filename = RADDB . '/certs/ca.cnf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/certs/ca.cnf';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2245,7 +2245,7 @@ emailAddress		= $varcertsserveremailaddress
 commonName		= "$varcertsservercommonname"
 EOD;
 
-	$filename = RADDB . '/certs/server.cnf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/certs/server.cnf';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2330,7 +2330,7 @@ emailAddress		= $varcertsclientemailaddress
 commonName		= "$varcertsclientcommonname"
 EOD;
 
-	$filename = RADDB . '/certs/client.cnf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/certs/client.cnf';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2363,12 +2363,12 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
 		if ($arrcerts['varcertscreateclient'] == 'yes') {
 		
 		// delete all old certificates and keys
-		log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . RADDB . "/certs");
-		exec("rm -f " . RADDB . "/certs/client.csr");
-		exec("rm -f " . RADDB . "/certs/client.crt");
-		exec("rm -f " . RADDB . "/certs/client.key");
-		exec("rm -f " . RADDB . "/certs/client.pem");
-		exec("rm -f " . RADDB . "/certs/client.tar");
+		log_error("freeRADIUS: deleting all client.csr .crt .key .pem .tar in " . FREERADIUS_BASE . "/etc/raddb/certs");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
 				
 			
 		// run fuction to create ONLY new client.cnf files based on user input from freeradiuscert.xml
@@ -2376,21 +2376,21 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
 	
 	
 		// make bootstrap executable and run to create cert based on client.cnf files
-		exec("chmod 0770 " . RADDB . "/certs/bootstrap");
-		exec(RADDB . "/certs/bootstrap");
+		exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
+		exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
 			
 		// rename client generated XX.pem to client.pem // use regex to replace spaces and so on.
-		$varserial = preg_replace("/\s/","",file_get_contents(RADDB . '/certs/serial.old'));
-		if (file_exists(RADDB . "/certs/$varserial.pem"))
-		rename(RADDB . "/certs/$varserial.pem",RADDB . "/certs/client.pem");
+		$varserial = preg_replace("/\s/","",file_get_contents(FREERADIUS_BASE . '/etc/raddb/certs/serial.old'));
+		if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem"))
+		rename(FREERADIUS_BASE . "/etc/raddb/certs/$varserial.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
 		
 		
 		// tar client-cert files
-		exec("cd " . RADDB . "/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
 		
 		// Make all files in certs folder read/write only for root
-		exec("chmod -R 0600 " . RADDB . "/certs/");
-		log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . RADDB . "/certs/client.tar");
+		exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/");
+		log_error("freeRADIUS: Created new client.csr .crt .key .pem and added them together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
 		}
 	}
 	else {
@@ -2398,18 +2398,18 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
 		if ($arrcerts['varcertsdeleteall'] == 'yes') {
 	
 		// delete all old certificates and keys - deletes certs from pfsense cert-manager IN THIS FOLDER, too.
-		log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . RADDB . "/certs");
-		exec("rm -f " . RADDB . "/certs/ca.pem && rm -f " . RADDB . "/certs/server.pem && rm -f " . RADDB . "/certs/client.pem");
-		exec("rm -f " . RADDB . "/certs/ca.der && rm -f " . RADDB . "/certs/server.der && rm -f " . RADDB . "/certs/client.der");
-		exec("rm -f " . RADDB . "/certs/ca.csr && rm -f " . RADDB . "/certs/server.csr && rm -f " . RADDB . "/certs/client.csr");
-		exec("rm -f " . RADDB . "/certs/ca.crt && rm -f " . RADDB . "/certs/server.crt && rm -f " . RADDB . "/certs/client.crt");
-		exec("rm -f " . RADDB . "/certs/ca.key && rm -f " . RADDB . "/certs/server.key && rm -f " . RADDB . "/certs/client.key");
-		exec("rm -f " . RADDB . "/certs/ca.p12 && rm -f " . RADDB . "/certs/server.p12 && rm -f " . RADDB . "/certs/client.p12");
-		exec("rm -f " . RADDB . "/certs/serial*");
-		exec("rm -f " . RADDB . "/certs/index*");
-		exec("rm -f " . RADDB . "/certs/dh");
-		exec("rm -f " . RADDB . "/certs/random");
-		exec("rm -f " . RADDB . "/certs/client.tar");
+		log_error("freeRADIUS: deleting all CA, Server and Client certs, DH, random and database files in " . FREERADIUS_BASE . "/etc/raddb/certs");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.pem && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.der && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.der");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.csr && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.csr");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.crt && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.crt");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.key && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.key");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/ca.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/server.p12 && rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.p12");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/serial*");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/index*");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/dh");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/random");
+		exec("rm -f " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
 		
 	
 		// run fuctions to create new .cnf files based on user input from freeradiuscert.xml
@@ -2418,28 +2418,28 @@ if ($eapconf['vareapconfchoosecertmanager'] == '') {
 		freeradius_clientcertcnf_resync();
 		
 		// this command deletes the pfsense_cert_mgr checkfile so when we change back to pfsense cert manager a new DH + random file will be created
-		if (file_exists(RADDB . "/certs/pfsense_cert_mgr")) {
-			unlink(RADDB . "/certs/pfsense_cert_mgr");
+		if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr")) {
+			unlink(FREERADIUS_BASE . "/etc/raddb/certs/pfsense_cert_mgr");
 		}
 		
 		// generate new DH and RANDOM file
-		log_error("freeRADIUS: Creating new DH and random file in " . RADDB . "/certs");
-		exec("cd " . RADDB . "/certs && openssl dhparam -out dh 1024");
-		exec("cd " . RADDB . "/certs && dd if=/dev/urandom of=./random count=10");
+		log_error("freeRADIUS: Creating new DH and random file in " . FREERADIUS_BASE . "/etc/raddb/certs");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && openssl dhparam -out dh 1024");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
 		
-		log_error("freeRADIUS: Creating new CA, Server and Client certs in " . RADDB . "/certs");
+		log_error("freeRADIUS: Creating new CA, Server and Client certs in " . FREERADIUS_BASE . "/etc/raddb/certs");
 		// make bootstrap executable and run to create certs based on .cnf files
-		exec("chmod 0770 " . RADDB . "/certs/bootstrap");
-		exec(RADDB . "/certs/bootstrap");
+		exec("chmod 0770 " . FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
+		exec(FREERADIUS_BASE . "/etc/raddb/certs/bootstrap");
 		
 		// rename client generated 02.pem to client.pem
-		if (file_exists(RADDB . "/certs/02.pem"))
-		rename(RADDB . "/certs/02.pem",RADDB . "/certs/client.pem");
+		if (file_exists(FREERADIUS_BASE . "/etc/raddb/certs/02.pem"))
+		rename(FREERADIUS_BASE . "/etc/raddb/certs/02.pem",FREERADIUS_BASE . "/etc/raddb/certs/client.pem");
 		
 		// tar client-cert files
-		exec("cd " . RADDB . "/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
-		exec("chmod -R 0600 " . RADDB . "/certs/");
-		log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . RADDB . "/certs/client.tar");
+		exec("cd " . FREERADIUS_BASE . "/etc/raddb/certs && tar -cf client.tar client.crt client.csr client.key ca.der client.pem");
+		exec("chmod -R 0600 " . FREERADIUS_BASE . "/etc/raddb/certs/");
+		log_error("freeRADIUS: Added client.csr .crt .key .pem together with ca.der in " . FREERADIUS_BASE . "/etc/raddb/certs/client.tar");
 		
 		// If there were changes on the certificates we need to restart freeradius
 		restart_service('radiusd');
@@ -2585,7 +2585,7 @@ function freeradius_all_after_XMLRPC_resync() {
 	
 	log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
 	
-	exec(USRLOCAL . "/etc/rc.d/radiusd onerestart");
+	exec(FREERADIUS_BASE . "/etc/rc.d/radiusd onerestart");
 }
 
 function freeradius_modulescounter_resync() {
@@ -2708,7 +2708,7 @@ counter forever {
 }
 EOD;
 
-	$filename = RADDB . '/modules/counter';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/counter';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2802,7 +2802,7 @@ nt-response=%{%{mschap:NT-Response}:-00}"
 }
 EOD;
 
-	$filename = RADDB . '/modules/mschap';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/mschap';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2847,7 +2847,7 @@ realm ntdomain {
 }
 EOD;
 
-	$filename = RADDB . '/modules/realm';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/realm';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -2898,37 +2898,37 @@ if($arrmodulesldap['varmodulesldapenabletlssupport'] == 'on') {
 		$ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert1"]);
 		if ($ca_cert != false) {
 			if(base64_decode($ca_cert['prv'])) {
-				file_put_contents(RADDB . "/certs/ca_ldap1_key.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_key.pem", 
 					base64_decode($ca_cert['prv']));
-				$conf['ssl_ca_key'] = RADDB . '/certs/ca_ldap1_key.pem';
+				$conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap1_key.pem';
 			}
 
 
 			if(base64_decode($ca_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/ca_ldap1_cert.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem", 
 					base64_decode($ca_cert['crt']));
-				$conf['ssl_ca_cert1'] = RADDB . "/certs/ca_ldap1_cert.pem";
+				$conf['ssl_ca_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap1_cert.pem";
 			}
 
 
 			$svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert1"]);
 			if ($svr_cert != false) {
 				if(base64_decode($svr_cert['prv'])) {
-					file_put_contents(RADDB . "/certs/radius_ldap1_cert.key", 
+					file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.key", 
 						base64_decode($svr_cert['prv']));
-					$conf['ssl_key'] = RADDB . '/certs/radius_ldap1_cert.key';
+					$conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap1_cert.key';
 				}
 			}
 
 
 			if(base64_decode($svr_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/radius_ldap1_cert.crt", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt", 
 					base64_decode($svr_cert['crt']));
-				$conf['ssl_server_cert1'] = RADDB . "/certs/radius_ldap1_cert.crt";
+				$conf['ssl_server_cert1'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap1_cert.crt";
 			}
 
 
-			$conf['ssl_cert_dir'] = RADDB . '/certs';
+			$conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
 		}
 	$varmodulesldapstarttls = "yes";
 }
@@ -2945,37 +2945,37 @@ if($arrmodulesldap['varmodulesldap2enabletlssupport'] == 'on') {
 		$ca_cert = lookup_ca($arrmodulesldap["ssl_ca_cert2"]);
 		if ($ca_cert != false) {
 			if(base64_decode($ca_cert['prv'])) {
-				file_put_contents(RADDB . "/certs/ca_ldap2_key.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_key.pem", 
 					base64_decode($ca_cert['prv']));
-				$conf['ssl_ca_key'] = RADDB . '/certs/ca_ldap2_key.pem';
+				$conf['ssl_ca_key'] = FREERADIUS_BASE . '/etc/raddb/certs/ca_ldap2_key.pem';
 			}
 
 
 			if(base64_decode($ca_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/ca_ldap2_cert.pem", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem", 
 					base64_decode($ca_cert['crt']));
-				$conf['ssl_ca_cert2'] = RADDB . "/certs/ca_ldap2_cert.pem";
+				$conf['ssl_ca_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/ca_ldap2_cert.pem";
 			}
 
 
 			$svr_cert = lookup_cert($arrmodulesldap["ssl_server_cert2"]);
 			if ($svr_cert != false) {
 				if(base64_decode($svr_cert['prv'])) {
-					file_put_contents(RADDB . "/certs/radius_ldap2_cert.key", 
+					file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.key", 
 						base64_decode($svr_cert['prv']));
-					$conf['ssl_key'] = RADDB . '/certs/radius_ldap2_cert.key';
+					$conf['ssl_key'] = FREERADIUS_BASE . '/etc/raddb/certs/radius_ldap2_cert.key';
 				}
 			}
 
 
 			if(base64_decode($svr_cert['crt'])) {
-				file_put_contents(RADDB . "/certs/radius_ldap2_cert.crt", 
+				file_put_contents(FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt", 
 					base64_decode($svr_cert['crt']));
-				$conf['ssl_server_cert2'] = RADDB . "/certs/radius_ldap2_cert.crt";
+				$conf['ssl_server_cert2'] = FREERADIUS_BASE . "/etc/raddb/certs/radius_ldap2_cert.crt";
 			}
 
 
-			$conf['ssl_cert_dir'] = RADDB . '/certs';
+			$conf['ssl_cert_dir'] = FREERADIUS_BASE . '/etc/raddb/certs';
 		}
 	$varmodulesldap2starttls = "yes";
 }
@@ -3098,7 +3098,7 @@ else {
 	$varmodulesldap2keepaliveidle = ($arrmodulesldap['varmodulesldap2keepaliveidle']?$arrmodulesldap['varmodulesldap2keepaliveidle']:'60');
 	$varmodulesldap2keepaliveprobes = ($arrmodulesldap['varmodulesldap2keepaliveprobes']?$arrmodulesldap['varmodulesldap2keepaliveprobes']:'3');
 	$varmodulesldap2keepaliveinterval = ($arrmodulesldap['varmodulesldap2keepaliveinterval']?$arrmodulesldap['varmodulesldap2keepaliveinterval']:'3');
-$raddb = RADDB;
+$raddb = FREERADIUS_BASE . '/etc/raddb';
 $conf .= <<<EOD
 # -*- text -*-
 #
@@ -3447,7 +3447,7 @@ ldap ldap2{
 }
 EOD;
 
-	$filename = RADDB . '/modules/ldap';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/ldap';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -3468,29 +3468,29 @@ function freeradius_plainmacauth_resync() {
 	$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
 	
 	// defining variables with filename path
-	$filepolicyconf = RADDB . '/policy.conf';
-	$filepolicyconfbackup = RADDB . '/policy.conf.backup';
-	$filemodulesfiles = RADDB . '/modules/files';
-	$filemodulesfilesbackup = RADDB . '/files.backup';
+	$filepolicyconf = FREERADIUS_BASE . '/etc/raddb/policy.conf';
+	$filepolicyconfbackup = FREERADIUS_BASE . '/etc/raddb/policy.conf.backup';
+	$filemodulesfiles = FREERADIUS_BASE . '/etc/raddb/modules/files';
+	$filemodulesfilesbackup = FREERADIUS_BASE . '/etc/raddb/files.backup';
 	
 	// If unchecked then plain mac auth is disabled and backups of the original files will be restored
 	if ($varsettings['varsettingsenablemacauth'] == '') {
 		// This is a check - only restore files if they aren't already
-		if (file_exists(RADDB . "/plain_macauth_enabled")) {
+		if (file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) {
 			log_error("FreeRADIUS: Plain-MAC-Auth disabled. Restoring the original file from {$filepolicyconfbackup} and {$filemodulesfilesbackup}");
 			copy($filepolicyconfbackup, $filepolicyconf);
 			copy($filemodulesfilesbackup, $filemodulesfiles);
-			unlink(RADDB . "/plain_macauth_enabled");
+			unlink(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled");
 			freeradius_serverdefault_resync();
 		}
 	}
 	// If checked then plain mac auth is enabled
 	else {
 		// This is a check - only modify files if they aren't already
-		if (!file_exists(RADDB . "/plain_macauth_enabled")) {
+		if (!file_exists(FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled")) {
 			freeradius_modulesfiles_resync();
 			freeradius_policyconf_resync();
-			exec("cd " . RADDB . " && touch " . RADDB . "/plain_macauth_enabled");
+			exec("cd " . FREERADIUS_BASE . "/etc/raddb && touch " . FREERADIUS_BASE . "/etc/raddb/plain_macauth_enabled");
 			log_error("FreeRADIUS: Plain-MAC-Auth enabled. Modified {$filepolicyconf} and {$filemodulesfiles}");
 			freeradius_serverdefault_resync();
 		}
@@ -3552,7 +3552,7 @@ files authorized_macs {
 }
 EOD;
 
-	$filename = RADDB . '/modules/files';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/files';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -3778,7 +3778,7 @@ policy {
 }
 EOD;
 
-	$filename = RADDB . '/policy.conf';
+	$filename = FREERADIUS_BASE . '/etc/raddb/policy.conf';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -3801,8 +3801,8 @@ function freeradius_motp_resync() {
 	
 	// check if disabled then we delete bash und otpverify.sh script
 	if ($varsettings['varsettingsmotpenable'] == '') {
-		if (file_exists(RADDB . "/scripts/otpverify.sh")) {
-			unlink(RADDB . "/scripts/otpverify.sh");
+		if (file_exists(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh")) {
+			unlink(FREERADIUS_BASE . "/etc/raddb/scripts/otpverify.sh");
 		}
 		if (exec("cd /var/db/pkg && ls | grep bash") == "bash-4.1.7") {
 			exec("cd /var/db/pkg && pkg_delete `ls | grep bash`");
@@ -3947,7 +3947,7 @@ exit 11
 
 
 EOD;
-	$filename = RADDB . '/scripts/otpverify.sh';
+	$filename = FREERADIUS_BASE . '/etc/raddb/scripts/otpverify.sh';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0750);
@@ -3963,17 +3963,16 @@ function freeradius_modulesmotp_resync() {
 	$conf = '';
 
 	// put the constant to a variable
-	$varRADDB = RADDB;
-	$varUSRLOCAL = USRLOCAL;
+	$varFREERADIUS_BASE = FREERADIUS_BASE;
 
 	$conf .= <<<EOD
 exec motp {
 		wait = yes
-		program = "/usr/local/bin/bash $varRADDB/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
+		program = "/usr/local/bin/bash $varFREERADIUS_BASE/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
 	}	
 EOD;
 
-	$filename = RADDB . '/modules/motp';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/motp';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -3986,29 +3985,28 @@ function freeradius_modulesdatacounter_resync() {
 	$conf = '';
 
 	// put the constant to a variable
-	$varRADDB = RADDB;
-	$varUSRLOCAL = USRLOCAL;
+	$varFREERADIUS_BASE = FREERADIUS_BASE;
 
 	$conf .= <<<EOD
 exec datacounterdaily {
 		wait = yes
-		program = "/bin/sh $varRADDB/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+		program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
 	}
 exec datacounterweekly {
 		wait = yes
-		program = "/bin/sh $varRADDB/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+		program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
 	}
 exec datacountermonthly {
 		wait = yes
-		program = "/bin/sh $varRADDB/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+		program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
 	}
 exec datacounterforever {
 		wait = yes
-		program = "/bin/sh $varRADDB/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
+		program = "/bin/sh $varFREERADIUS_BASE/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets}"
 	}	
 EOD;
 
-	$filename = RADDB . '/modules/datacounter_acct';
+	$filename = FREERADIUS_BASE . '/etc/raddb/modules/datacounter_acct';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
@@ -4047,7 +4045,7 @@ else
 fi
 EOD;
 
-	$filename = RADDB . '/scripts/datacounter_auth.sh';
+	$filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_auth.sh';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0750);
@@ -4095,7 +4093,7 @@ fi
 
 EOD;
 
-	$filename = RADDB . '/scripts/datacounter_acct.sh';
+	$filename = FREERADIUS_BASE . '/etc/raddb/scripts/datacounter_acct.sh';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0750);
@@ -4163,7 +4161,7 @@ ATTRIBUTE 		MOTP-Offset 			902 	string
 
 EOD;
 
-	$filename = RADDB . '/dictionary';
+	$filename = FREERADIUS_BASE . '/etc/raddb/dictionary';
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0640);
-- 
cgit v1.2.3