From be905dcdbdab0983f6b7032378b572ff6ed26c93 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:31:37 +0200
Subject: Update freeradius.inc

---
 config/freeradius2/freeradius.inc | 117 ++++++++++++++++++++++----------------
 1 file changed, 69 insertions(+), 48 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index eecfec84..b25d0af0 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -4,7 +4,7 @@
 /*
 	freeradius.inc
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	Copyright (C) 2013 Marcello Coutinho
 	All rights reserved.
 
@@ -2521,52 +2521,75 @@ conf_mount_ro();
 /* Uses XMLRPC to synchronize the changes to a remote node */
 function freeradius_sync_on_changes() {
 	global $config, $g;
-	$varsyncenablexmlrpc = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc'];
-	$varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'];	
-
-	// if checkbox is NOT checked do nothing
-	if(!$varsyncenablexmlrpc) {
+	if (is_array($config['installedpackages'][freeradiussync'])){
+		$synconchanges = $config['installedpackages'][freeradiussync']['config'][0]['varsyncenablexmlrpc'];
+		$varsynctimeout = $config['installedpackages'][freeradiussync']['config'][0]['varsynctimeout'];
+		}
+	else
+	{
 		return;
 	}
- 
-	log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds.");
-	
-	// if checkbox is checked get IP and password of the destination hosts
-	foreach ($config['installedpackages']['freeradiussync']['config'] as $rs ){
-		foreach($rs['row'] as $sh){
-			// if checkbox is NOT checked do nothing
-			if($sh['varsyncdestinenable']) {
-				$varsyncprotocol 	= $sh['varsyncprotocol'];
-				$sync_to_ip 		= $sh['varsyncipaddress'];
-				$password   		= $sh['varsyncpassword'];
-				$varsyncport 		= $sh['varsyncport'];
-				// check if all credentials are complete for this host
-				if($password && $sync_to_ip && $varsyncport && $varsyncprotocol) {
-					freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol);
+
+	// if checkbox is NOT checked do nothing
+	switch ($synconchanges){
+		case "manual":
+			if (is_array($config['installedpackages'][freeradiussync']['config'][0]['row'])){
+				$rs=$config['installedpackages'][freeradiussync']['config'][0]['row'];
+				}
+			else{
+				log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config.");
+				return;
+				}
+			break;
+		case "auto":
+				if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+					$system_carp=$config['installedpackages']['carpsettings']['config'][0];
+					$rs[0]['varsyncdestinenable']="on";
+					$rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https");
+					$rs[0]['varsyncipaddress']=$system_carp['synchronizetoip'];
+					$rs[0]['varsyncpassword']=$system_carp['password'];
+					$rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443");
+					if (! is_ipaddr($system_carp['synchronizetoip'])){
+						log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config.");
+						return;
+						}
+				}
+				else{
+					log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config.");
+					return;
+				}
+			break;		
+		default:
+			return;
+		break;
+		}
+		if (is_array($rs)){
+			log_error("[FreeRADIUS]: xmlrpc sync is starting with timeout {$varsynctimeout} seconds.");
+			foreach($rs as $sh){
+				if($sh['varsyncdestinenable']){
+					$varsyncprotocol 	= $sh['varsyncprotocol'];
+					$sync_to_ip 		= $sh['varsyncipaddress'];
+					$password   		= $sh['varsyncpassword'];
+					$varsyncport 		= $sh['varsyncport'];
+					if($password && $sync_to_ip)
+						freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout);
+					else
+						log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
 				}
 				else {
-					log_error("FreeRADIUS: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!");
+				log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
 				}
 			}
-			else {
-				log_error("FreeRADIUS: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled");
+			log_error("[FreeRADIUS]: xmlrpc sync is ending.");
 			}
-		}
-	}
-	log_error("FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync).");
 }
 
 /* Do the actual XMLRPC sync */
-function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) {
+function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) {
 	global $config, $g;
 
-	$varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'];
-
-	if($varsynctimeout == '' || $varsynctimeout == 0) {
+	if($varsynctimeout == '' || $varsynctimeout == 0)
 		$varsynctimeout = 150;
-	}
-
-	// log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds.");
 
 	if(!$password)
 		return;
@@ -2600,7 +2623,7 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 
 	/* set a few variables needed for sync code borrowed from filter.inc */
 	$url = $synchronizetoip;
-	log_error("FreeRADIUS: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}.");
+	log_error("[FreeRADIUS]: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}.");
 	$method = 'pfsense.merge_installedpackages_section_xmlrpc';
 	$msg = new XML_RPC_Message($method, $params);
 	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
@@ -2611,22 +2634,22 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 		$resp = $cli->send($msg, $varsynctimeout);
 		if(!$resp) {
 			$error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}.";
-			log_error("FreeRADIUS: $error");
-			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
+			log_error("[FreeRADIUS]: $error");
+			file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
 		} elseif($resp->faultCode()) {
 			$cli->setDebug(1);
 			$resp = $cli->send($msg, $varsynctimeout);
 			$error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
-			log_error("FreeRADIUS: $error");
-			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
+			log_error("[FreeRADIUS]: $error");
+			file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
 		} else {
-			log_error("FreeRADIUS: XMLRPC has synced data successfully with {$url}:{$port}.");
+			log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}.");
 		}
 	
-	/* tell freeradius to reload our settings on the destionation sync host. */
+	/* tell FreeRADIUS to reload our settings on the destionation sync host. */
 	$method = 'pfsense.exec_php';
 	$execcmd  = "require_once('/usr/local/pkg/freeradius.inc');\n";
-	// pfblocker just needed one fuction to reload after XMLRPC. freeRADIUS needs more so we point to a fuction below which contains all fuctions
+	// pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions
 	$execcmd .= "freeradius_all_after_XMLRPC_resync();";
 	
 	/* assemble xmlrpc payload */
@@ -2635,7 +2658,7 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 		XML_RPC_encode($execcmd)
 	);
 
-	log_error("FreeRADIUS XMLRPC is reloading data on {$url}:{$port}.");
+	log_error("[FreeRADIUS]: XMLRPC is reloading data on {$url}:{$port}.");
 	$msg = new XML_RPC_Message($method, $params);
 	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
 	$cli->setCredentials('admin', $password);
@@ -2643,21 +2666,19 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 		if(!$resp) {
 			$error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
 			log_error($error);
-			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
+			file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
 		} elseif($resp->faultCode()) {
 			$cli->setDebug(1);
 			$resp = $cli->send($msg, $varsynctimeout);
 			$error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
 			log_error($error);
-			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
+			file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", "");
 		} else {
-			log_error("FreeRADIUS: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
+			log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php).");
 		}
 
 }
 
-// ##### The part above is based on the code of pfblocker #####
-
 // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users)
 // Adding more functions will increase the to sync
 function freeradius_all_after_XMLRPC_resync() {
-- 
cgit v1.2.3


From 6e033cc99fd2ce45810acfb911592e985a50829d Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:31:54 +0300
Subject: Update freeradiussync.xml

---
 config/freeradius2/freeradiussync.xml | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml
index 5f1acc74..fb6f6200 100644
--- a/config/freeradius2/freeradiussync.xml
+++ b/config/freeradius2/freeradiussync.xml
@@ -9,8 +9,8 @@
 /*
 freeradiussync.xml
 part of pfSense (http://www.pfSense.com)
-Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
-Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
+Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
+Copyright (C) 2013 Marcello Coutinho <marcellocoutinho@gmail.com>
 based on pfblocker_sync.xml
 All rights reserved.
 
@@ -111,23 +111,29 @@ POSSIBILITY OF SUCH DAMAGE.
 	</tabs>
 	<fields>
 		<field>
-			<name>freeRADIUS XMLRPC Sync</name>
+			<name>FreeRADIUS XMLRPC Sync</name>
 			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Automatically sync freeRADIUS configuration changes?</fielddescr>
+			<fielddescr>Enable Sync</fielddescr>
 			<fieldname>varsyncenablexmlrpc</fieldname>
 			<description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br>
-						Only <b>Users</b>, <b>MACs</b> and <b>NAS / Clients</b> will be synced.<br>
-						<b>Important:</b> Only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
-			<type>checkbox</type>
+						<b>Important:</b> While using "Sync to hosts defined below", only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description>
+			<type>select</type>
+			<required/>
+			<default_value>auto</default_value>
+			<options>
+				<option><name>Sync to configured system backup server</name><value>auto</value></option>
+				<option><name>Sync to host(s) defined below</name><value>manual</value></option>
+				<option><name>Do not sync this package configuration</name><value>disabled</value></option>
+			</options>
 		</field>
 		<field>
-                        <fielddescr>XMLRPC timeout</fielddescr>
+			<fielddescr>XMLRPC timeout</fielddescr>
 			<fieldname>varsynctimeout</fieldname>
 			<description><![CDATA[Timeout in seconds for the XMLRPC timeout. Default: 150]]></description>
 			<type>input</type>
-                        <default_value>150</default_value>
+						<default_value>150</default_value>
 			<size>5</size>
 		</field>
 
@@ -166,7 +172,7 @@ POSSIBILITY OF SUCH DAMAGE.
 					<type>input</type>
 					<size>3</size>
 				</rowhelperfield>
-                                <rowhelperfield>
+				<rowhelperfield>
 					<fielddescr>GUI Admin Password</fielddescr>
 					<fieldname>varsyncpassword</fieldname>
 					<description><![CDATA[Password of the user "admin" on the destination host.]]></description>
-- 
cgit v1.2.3


From 10298ebe139820c150f5a7c48f2bb34d513e133e Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:32:22 +0300
Subject: Update freeradius.xml

---
 config/freeradius2/freeradius.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index fdadab89..981ce25b 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -9,7 +9,7 @@
 /*
 	freeradius.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
-- 
cgit v1.2.3


From a15ea5a75ab06de8f3e98dab0c1e9fa8e8bd6e20 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:32:58 +0300
Subject: Update freeradius_view_config.php

---
 config/freeradius2/freeradius_view_config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php
index a29e1a55..a1943653 100644
--- a/config/freeradius2/freeradius_view_config.php
+++ b/config/freeradius2/freeradius_view_config.php
@@ -2,7 +2,7 @@
 /*
 	freeradius_view_config.php
 	part of pfSense (http://www.pfsense.com/)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
 	based on postfix_view_config.php
 	based on varnish_view_config.
-- 
cgit v1.2.3


From bf92725509e87c0c4150f32bfe9dbd3499413b83 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:33:18 +0300
Subject: Update freeradiusauthorizedmacs.xml

---
 config/freeradius2/freeradiusauthorizedmacs.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml
index 173f8f00..235d0218 100644
--- a/config/freeradius2/freeradiusauthorizedmacs.xml
+++ b/config/freeradius2/freeradiusauthorizedmacs.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiusauthorizedmacs.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
-- 
cgit v1.2.3


From 05a393a0e8bf7f268794f87174c5232ef6d9b3fe Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:33:39 +0200
Subject: Update freeradiuscerts.xml

---
 config/freeradius2/freeradiuscerts.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml
index 21f18643..6108215b 100644
--- a/config/freeradius2/freeradiuscerts.xml
+++ b/config/freeradius2/freeradiuscerts.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiuscerts.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -290,4 +290,4 @@
 	<custom_php_resync_config_command>
 		freeradius_allcertcnf_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From 8653493d06dce57f5fbf1c8c9ff450b2a53b5ac9 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:34:20 +0300
Subject: Update freeradiusclients.xml

---
 config/freeradius2/freeradiusclients.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 87d8a11f..215a751e 100644
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiusclients.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -246,4 +246,4 @@
 	<custom_php_resync_config_command>
 		freeradius_clients_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From 980f2e3c1b8042999bb44bd2d809a466a4251779 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:34:47 +0200
Subject: Update freeradiuseapconf.xml

---
 config/freeradius2/freeradiuseapconf.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index a2dd2b99..8f8e4dc7 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiuseapconf.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	Copyright (C) 2013 Marcello Coutinho (revocation list code)
 	All rights reserved.
 
-- 
cgit v1.2.3


From 6e95fa38730e2dad08271b02d131e225e74d9e99 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:35:07 +0300
Subject: Update freeradiusinterfaces.xml

---
 config/freeradius2/freeradiusinterfaces.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml
index c944ac17..1233f72f 100644
--- a/config/freeradius2/freeradiusinterfaces.xml
+++ b/config/freeradius2/freeradiusinterfaces.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiusinterfaces.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -185,4 +185,4 @@
 	<custom_php_resync_config_command>
 		freeradius_settings_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From 59fc08b400e0be930aafcb0891e0fe01797ffad7 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:35:24 +0300
Subject: Update freeradiusmodulesldap.xml

---
 config/freeradius2/freeradiusmodulesldap.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index 0fa98493..593670d4 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiusmodulesldap.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -705,4 +705,4 @@
 	<custom_php_resync_config_command>
 		freeradius_modulesldap_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From eeec3e5c03ea516d5fa9f17baf272f7960e22b2f Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:35:46 +0200
Subject: Update freeradiussettings.xml

---
 config/freeradius2/freeradiussettings.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 4bc98723..c66b29d7 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiussettings.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -376,4 +376,4 @@
 	<custom_php_resync_config_command>
 		freeradius_settings_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From a26dab69db8d9decc563ee15be04f19c35f91fa0 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 22:36:04 +0300
Subject: Update freeradiussqlconf.xml

---
 config/freeradius2/freeradiussqlconf.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index 6851711c..2d20c2a6 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -9,7 +9,7 @@
 /*
 	freeradiussqlconf.xml
 	part of pfSense (http://www.pfSense.com)
-	Copyright (C) 2011 - 2012 Alexander Wilke <nachtfalkeaw@web.de>
+	Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
 	All rights reserved.
 
 	Based on m0n0wall (http://m0n0.ch/wall)
@@ -621,4 +621,4 @@
 	<custom_php_resync_config_command>
 		freeradius_sqlconf_resync();
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+</packagegui>
-- 
cgit v1.2.3


From 5223696b3a7a23ba41bd2bac40a700e5fe6f83c0 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:37:05 +0200
Subject: Update freeradiussqlconf.xml

---
 config/freeradius2/freeradiussqlconf.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index 2d20c2a6..bb72a07a 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -45,7 +45,7 @@
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>freeradiussqlconf</name>
-	<version>none</version>
+	<version>2.2.0</version>
 	<title>FreeRADIUS: SQL</title>
 	<aftersaveredirect>pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</aftersaveredirect>
 	<include_file>/usr/local/pkg/freeradius.inc</include_file>
-- 
cgit v1.2.3


From 2a87876eda5ee8edee174255c876e66ba2fe6cde Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:37:33 +0200
Subject: Update freeradiussync.xml

---
 config/freeradius2/freeradiussync.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml
index fb6f6200..be678e5a 100644
--- a/config/freeradius2/freeradiussync.xml
+++ b/config/freeradius2/freeradiussync.xml
@@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE.
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>freeradiussync</name>
-	<version>2.1.12</version>
+	<version>2.2.0</version>
 	<title>FreeRADIUS: XMLRPC Sync</title>
 	<include_file>/usr/local/pkg/freeradius.inc</include_file>
 	<menu>
-- 
cgit v1.2.3


From 583a59a4407f59c63b3c32a38a3da2bb460b74d6 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:38:02 +0200
Subject: Update freeradiussettings.xml

---
 config/freeradius2/freeradiussettings.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index c66b29d7..1d908ca4 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -45,7 +45,7 @@
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>freeradiussettings</name>
-	<version>none</version>
+	<version>2.2.0</version>
 	<title>FreeRADIUS: Settings</title>
 	<aftersaveredirect>pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</aftersaveredirect>
 	<include_file>/usr/local/pkg/freeradius.inc</include_file>
-- 
cgit v1.2.3


From a32c1d2e42a6cc2c6aab67ca5525b1b120261f47 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:38:24 +0200
Subject: Update freeradiusmodulesldap.xml

---
 config/freeradius2/freeradiusmodulesldap.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index 593670d4..c7b5e79d 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -45,7 +45,7 @@
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>freeradiusmodulesldap</name>
-	<version>none</version>
+	<version>2.2.0</version>
 	<title>FreeRADIUS: LDAP</title>
 	<aftersaveredirect>pkg_edit.php?xml=freeradiusmodulesldap.xml&amp;id=0</aftersaveredirect>
 	<include_file>/usr/local/pkg/freeradius.inc</include_file>
-- 
cgit v1.2.3


From d3178a170ce1465624d4e9b51d8925a76da6d01c Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Wed, 15 May 2013 21:39:11 +0200
Subject: Update freeradius.xml

---
 config/freeradius2/freeradius.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 981ce25b..c9381c81 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -45,7 +45,7 @@
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
 	<name>freeradius</name>
-	<version>2.1.12</version>
+	<version>2.2.0</version>
 	<title>FreeRADIUS: Users</title>
 	<include_file>/usr/local/pkg/freeradius.inc</include_file>
 	<menu>
-- 
cgit v1.2.3


From fdfa7527690bbfead02e9df8c54116a32f92c833 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Thu, 16 May 2013 12:12:13 +0300
Subject: freeradius2: generalize the XMLRPC Sync options to make it consistent
 with other packages

---
 config/freeradius2/freeradius.inc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'config')

diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index b25d0af0..b2df3d0b 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -2521,9 +2521,9 @@ conf_mount_ro();
 /* Uses XMLRPC to synchronize the changes to a remote node */
 function freeradius_sync_on_changes() {
 	global $config, $g;
-	if (is_array($config['installedpackages'][freeradiussync'])){
-		$synconchanges = $config['installedpackages'][freeradiussync']['config'][0]['varsyncenablexmlrpc'];
-		$varsynctimeout = $config['installedpackages'][freeradiussync']['config'][0]['varsynctimeout'];
+	if (is_array($config['installedpackages']['freeradiussync'])){
+		$synconchanges = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc'];
+		$varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'];
 		}
 	else
 	{
@@ -2533,8 +2533,8 @@ function freeradius_sync_on_changes() {
 	// if checkbox is NOT checked do nothing
 	switch ($synconchanges){
 		case "manual":
-			if (is_array($config['installedpackages'][freeradiussync']['config'][0]['row'])){
-				$rs=$config['installedpackages'][freeradiussync']['config'][0]['row'];
+			if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])){
+				$rs=$config['installedpackages']['freeradiussync']['config'][0]['row'];
 				}
 			else{
 				log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config.");
-- 
cgit v1.2.3


From 39f4ee8a301be1328d5aafa5c029c24546cdb73f Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 16 May 2013 14:44:35 -0300
Subject: squid3-dev - include more options to ssl_crt, new
 custom_refresh_patter on cache tab, fix auth plugins names

---
 config/squid3/33/squid.inc       | 107 +++++++++++++++++++++++++++------------
 config/squid3/33/squid.xml       |  14 +++--
 config/squid3/33/squid_cache.xml |  11 +++-
 3 files changed, 94 insertions(+), 38 deletions(-)

(limited to 'config')

diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index 94c85a7e..4ca1672f 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -777,6 +777,41 @@ function squid_install_cron($should_install) {
 	configure_cron();
 }
 
+function squid_check_ca_hashes(){
+	global $config,$g;
+	
+	#check certificates
+	$cert_count=0;
+	if (is_dir(SQUID_LOCALBASE. '/share/certs'))
+		if ($handle = opendir(SQUID_LOCALBASE.'/usr/local/share/certs')) {
+    		while (false !== ($file = readdir($handle)))
+        		if (preg_match ("/\d+.0/",$file))
+            		$cert_count++;
+        	}
+    closedir($handle);
+	if ($cert_count < 10){
+		conf_mount_rw();
+		#create ca-root hashes from ca-root-nss package
+		log_error("Creating root certificate bundle hashes from the Mozilla Project");
+		$cas=file(SQUID_LOCALBASE.'/share/certs/ca-root-nss.crt');
+		$cert=0;
+		foreach ($cas as $ca){
+	    	if (preg_match("/--BEGIN CERTIFICATE--/",$ca))
+				$cert=1;
+			if ($cert == 1)
+				$crt.=$ca;
+			if (preg_match("/-END CERTIFICATE-/",$ca)){
+				file_put_contents("/tmp/cert.pem",$crt, LOCK_EX);
+				$cert_hash=array();
+				exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash);
+				file_put_contents(SQUID_LOCALBASE."/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX);
+				$crt="";
+				$cert=0;
+				}
+			}
+		}
+}
+
 function squid_resync_general() {
 	global $g, $config, $valid_acls;
 
@@ -785,10 +820,10 @@ function squid_resync_general() {
 	else
 		$settings=array();
 	$conf = "# This file is automatically generated by pfSense\n";
-	$conf .= "# Do not edit manually !\n";
+	$conf .= "# Do not edit manually !\n\n";
 	#Check ssl interception
-	$sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5);
 	if (($settings['ssl_proxy'] == 'on')) {
+		squid_check_ca_hashes();
 		$srv_cert = lookup_cert($settings["dcert"]);
 		if ($srv_cert != false) {
 			if(base64_decode($srv_cert['prv'])) {
@@ -803,15 +838,19 @@ function squid_resync_general() {
 				squid_chown_recursive("/var/squid/lib/ssl_db/", 'proxy', 'proxy');
 				$crt_pk=SQUID_CONFBASE."/serverkey.pem";
 				file_put_contents($crt_pk,base64_decode($srv_cert['prv']).base64_decode($srv_cert['crt']));
-						
-				$ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size={$sslcrtd_children}MB cert={$crt_pk}\n";
-				$interception_checks="";
+				$sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5);
+				$ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk}\n";
+				$interception_checks  = "sslcrtd_program ".SQUID_LOCALBASE."/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048\n";
+				$interception_checks .= "sslcrtd_children {$sslcrtd_children}\n";
+				$interception_checks .= 'sslproxy_capath '.SQUID_LOCALBASE.'/share/certs'."\n";
 				if (preg_match("/sslproxy_cert_error/",$settings["interception_checks"]))
 					$interception_checks.="sslproxy_cert_error allow all\n";
 				if (preg_match("/sslproxy_flags/",$settings["interception_checks"]))
 					$interception_checks.="sslproxy_flags DONT_VERIFY_PEER\n";
-				if ($settings["interception_adapt"] != "")
-					$interception_checks.="sslproxy_cert_adapt {$settings["interception_adapt"]}\n";
+				if ($settings["interception_adapt"] != ""){
+					foreach (explode(",",$settings["interception_adapt"]) as $adapt)
+						$interception_checks.="sslproxy_cert_adapt {$adapt} all\n";
+					}
 			}
 		}
 	}
@@ -887,7 +926,7 @@ function squid_resync_general() {
 	$logdir_cache = $logdir . '/cache.log';
 	$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
 
-	$conf .= <<<EOD
+	$conf .= <<< EOD
 icp_port {$icp_port}
 dns_v4_first {$dns_v4_first}
 pid_filename {$pidfile}
@@ -900,7 +939,6 @@ cache_mgr {$email}
 access_log {$logdir_access}
 cache_log {$logdir_cache}
 cache_store_log none
-sslcrtd_children {$sslcrtd_children}
 {$interception_checks}
 
 EOD;
@@ -912,7 +950,7 @@ $rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate'];
 $conf .= "logfile_rotate {$rotate}\n";
 squid_install_cron(true);
 
-	$conf .= <<<EOD
+	$conf .= <<< EOD
 shutdown_lifetime 3 seconds
 
 EOD;
@@ -987,7 +1025,7 @@ if(empty($settings['cache_dynamic_content'])){
 }
 else{
 	if(preg_match('/youtube/',$settings['refresh_patterns'])){
-		$conf.=<<<EOC
+		$conf.=<<< EOC
 # Break HTTP standard for flash videos. Keep them in cache even if asked not to.
 refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
 
@@ -998,7 +1036,7 @@ cache allow youtube
 EOC;
 	}
 	if(preg_match('/windows/',$settings['refresh_patterns'])){
-		$conf.=<<<EOC
+		$conf.=<<< EOC
 
 # Windows Update refresh_pattern
 range_offset_limit -1
@@ -1010,7 +1048,7 @@ EOC;
 		}
 
 if(preg_match('/symantec/',$settings['refresh_patterns'])){
-		$conf.=<<<EOC
+		$conf.=<<< EOC
 
 # Symantec refresh_pattern
 range_offset_limit -1
@@ -1020,7 +1058,7 @@ refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 re
 EOC;
 		}
 if(preg_match('/avast/',$settings['refresh_patterns'])){
-		$conf.=<<<EOC
+		$conf.=<<< EOC
 
 # Avast refresh_pattern
 range_offset_limit -1
@@ -1029,7 +1067,7 @@ refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-i
 EOC;
 		}
 if(preg_match('/avira/',$settings['refresh_patterns'])){
-		$conf.=<<<EOC
+		$conf.=<<< EOC
 
 # Avira refresh_pattern
 range_offset_limit -1
@@ -1037,18 +1075,21 @@ refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43
 
 EOC;
 	}
-	$refresh_conf=<<<EOC
+	$refresh_conf=<<< EOC
 	
 # Add any of your own refresh_pattern entries above these.
 refresh_pattern ^ftp:    1440  20%  10080
 refresh_pattern ^gopher:  1440  0%  1440
 refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
 refresh_pattern .    0  20%  4320
+
 EOC;
-  
 }
-	
-	$conf .= <<<EOD
+
+	If ($settings['custom_refresh_patterns'] !="")
+		$conf .= sq_text_area_decode($settings['custom_refresh_patterns']);
+		
+	$conf .= <<< EOD
 cache_mem $memory_cache_size MB
 maximum_object_size_in_memory {$max_objsize_in_mem} KB
 memory_replacement_policy {$memory_policy}
@@ -1067,11 +1108,12 @@ EOD;
 	if (!empty($donotcache)) {
 		file_put_contents(SQUID_ACLDIR . '/donotcache.acl', $donotcache);
 		$conf .= 'acl donotcache dstdomain "' . SQUID_ACLDIR . "/donotcache.acl\"\n";
-		$conf .= 'cache deny donotcache';
+		$conf .= "cache deny donotcache\n";
 	}
 	elseif (file_exists(SQUID_ACLDIR . '/donotcache.acl')) {
      unlink(SQUID_ACLDIR . '/donotcache.acl');
     }
+    $conf .= "cache allow all\n";
 	return $conf.$refresh_conf;
 }
 
@@ -1133,7 +1175,7 @@ function squid_resync_nac() {
 	$addtl_sslports = $settings['addtl_sslports'];
 	$port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
 	$ssl_port = ($settings['ssl_proxy_port'] ? $settings['ssl_proxy_port'] : 3127);
-	$conf = <<<EOD
+	$conf = <<< EOD
 
 # Setup some default acls
 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
@@ -1152,7 +1194,6 @@ acl connect method CONNECT
 acl HTTP proto HTTP
 acl HTTPS proto HTTPS
 
-
 EOD;
 
 	$allowed_subnets = preg_replace("/\s+/"," ",sq_text_area_decode($settings['allowed_subnets']));
@@ -1187,7 +1228,7 @@ EOD;
     }
 	}
 
-	$conf .= <<<EOD
+	$conf .= <<< EOD
 http_access allow manager localhost
 
 EOD;
@@ -1204,7 +1245,7 @@ EOD;
 			}
 		}
 	
-  $conf .= <<<EOD
+  $conf .= <<< EOD
   
 http_access deny manager
 http_access allow purge localhost
@@ -1262,7 +1303,7 @@ function squid_resync_antivirus(){
 			$clwarn="clwarn.cgi.pt_BR";	
 		copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}","/usr/local/www/clwarn.cgi");
 		
-		$conf = <<<EOF
+		$conf = <<< EOF
 icap_enable on
 icap_send_client_ip {$icap_send_client_ip}
 icap_send_client_username {$icap_send_client_username} 
@@ -1412,7 +1453,7 @@ function squid_resync_traffic() {
 		$perhost = -1;
 	else
 		$perhost *= 1024;
-	$conf .= <<<EOD
+	$conf .= <<< EOD
 delay_pools 1
 delay_class 1 2
 delay_parameters 1 $overall/$overall $perhost/$perhost
@@ -1608,23 +1649,23 @@ function squid_resync_auth() {
 		$prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy');
 		switch ($auth_method) {
 			case 'local':
-				$conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/ncsa_auth ' . SQUID_PASSWD . "\n";
+				$conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/baisc_ncsa_auth ' . SQUID_PASSWD . "\n";
 				break;
 			case 'ldap':
 				$port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : '');
 				$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
-				$conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";
+				$conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/basic_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";
 				break;
 			case 'radius':
 				$port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : '');
-				$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/squid_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
+				$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
 				break;
 			case 'msnt':
-				$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/msnt_auth\n";
+				$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n";
 				squid_resync_msnt();
 				break;
 		}
-		$conf .= <<<EOD
+		$conf .= <<< EOD
 auth_param basic children $processes
 auth_param basic realm $prompt
 auth_param basic credentialsttl $auth_ttl minutes
@@ -1788,7 +1829,7 @@ function squid_print_javascript_auth() {
 
 	// No authentication for transparent proxy
 	if ($transparent_proxy) {
-		$javascript = <<<EOD
+		$javascript = <<< EOD
 <script language="JavaScript">
 <!--
 function on_auth_method_changed() {
@@ -1816,7 +1857,7 @@ function on_auth_method_changed() {
 EOD;
 	}
 	else {
-		$javascript = <<<EOD
+		$javascript = <<< EOD
 <script language="JavaScript">
 <!--
 function on_auth_method_changed() {
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index 25c1b212..dbaf0895 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -401,11 +401,17 @@
 		<size>3</size>
 		</field>
 		<field>
-			<fielddescr>sslcrtd adapt</fielddescr>
+			<fielddescr>Certificate adapt</fielddescr>
 			<fieldname>interception_adapt</fieldname>
-			<description><![CDATA[Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br>Hint: setCommonName ssl::certDomainMismatch<br><a target=_new href='http://wiki.squid-cache.org/Features/MimicSslServerCert'>wiki doc with reference</a>]]></description>
-			<type>input</type>
-			<size>70</size>
+			<description><![CDATA[Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br>Hint: Set subject CN<br><a target=_new href='http://wiki.squid-cache.org/Features/MimicSslServerCert'>wiki doc with reference</a>]]></description>
+			<type>select</type>
+			<options>
+					<option><name>Sets the "Not After" (setValidAfter).</name><value>setValidAfter</value></option>
+					<option><name>Sets the "Not Before" (setValidBefore).</name><value>setValidBefore</value></option>
+					<option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option>
+			</options>
+			<multiple/>
+			<size>3</size>
 		</field>
 		<field>
 			<name>Logging Settings</name>
diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml
index 9d982dcb..26d6463c 100755
--- a/config/squid3/33/squid_cache.xml
+++ b/config/squid3/33/squid_cache.xml
@@ -284,7 +284,16 @@
 			</options>
 			<multiple/>
 			<size>06</size>
-		</field>		
+		</field>
+		<field>
+			<fielddescr>Custom refresh_patterns</fielddescr>
+			<fieldname>custom_refresh_patterns</fieldname>
+			<description>Enter custom refresh_patterns for better dynamic cache. This options will be included only if dynamic cache is enabled.</description>
+			<type>textarea</type>
+			<cols>67</cols>
+			<rows>5</rows>
+			<encoding>base64</encoding>
+		</field>
 	</fields>
 	<custom_php_command_before_form>
 		if($_POST['harddisk_cache_size'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']) {
-- 
cgit v1.2.3


From 3f58411b952db4ecc1f3e002ab0a5721498235ba Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 16 May 2013 16:17:44 -0300
Subject: squid3-dev - fix typos

---
 config/squid3/33/squid.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index 4ca1672f..89a11961 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -1649,7 +1649,7 @@ function squid_resync_auth() {
 		$prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy');
 		switch ($auth_method) {
 			case 'local':
-				$conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/baisc_ncsa_auth ' . SQUID_PASSWD . "\n";
+				$conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/basic_ncsa_auth ' . SQUID_PASSWD . "\n";
 				break;
 			case 'ldap':
 				$port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : '');
@@ -1691,7 +1691,7 @@ EOD;
 
 		// Include squidguard denied acl log in squid
 		if ($settingsconfig['log_sqd'])
-			$conf .="http_access deny passowrd sglog\n";
+			$conf .="http_access deny password sglog\n";
 			
 		// Allow the other ACLs as long as they authenticate
 		foreach ($password as $acl)
-- 
cgit v1.2.3


From 60b11790e713d6b110c662bcd6f864a4e51a0ff4 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 16 May 2013 16:15:30 -0400
Subject: Rework "order" field code for squidguard target categories, to avoid
 a php error when no other target categories exist.

---
 config/squidGuard/squidguard.inc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/squidGuard/squidguard.inc b/config/squidGuard/squidguard.inc
index f3126649..1ea1b5a5 100644
--- a/config/squidGuard/squidguard.inc
+++ b/config/squidGuard/squidguard.inc
@@ -645,10 +645,11 @@ function squidguard_before_form_dest($pkg) {
 	$i=0;
 	foreach($pkg['fields']['field'] as $field) {
 		# order
-		if (is_array($destination_items) && $field['fieldname'] == 'order') {
+		if ($field['fieldname'] == 'order') {
 			$fld = &$pkg['fields']['field'][$i];
-			foreach($destination_items as $nmkey => $nm)
-				$fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
+			if (is_array($destination_items))
+				foreach($destination_items as $nmkey => $nm)
+					$fld['options']['option'][] = array('name'=>$nm, 'value'=>$nmkey);
 			$fld['options']['option'][] = array('name'=>'--- Last ---', 'value'=>'9999');
 			$fld['options']['option'][] = array('name'=>'-----', 'value'=>''); # ! this is must be last !
 		}
-- 
cgit v1.2.3


From cfd5b4ea97b817685d4f64cb2ca1b0fa1313ba86 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 16 May 2013 18:38:21 -0300
Subject: squid3-dev - change ssl filtering cert combo from server-cert to
 ca-cert

---
 config/squid3/33/squid.inc | 11 +++++++----
 config/squid3/33/squid.xml | 11 ++++++-----
 2 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'config')

diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index 89a11961..8eb9f2fa 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -824,7 +824,7 @@ function squid_resync_general() {
 	#Check ssl interception
 	if (($settings['ssl_proxy'] == 'on')) {
 		squid_check_ca_hashes();
-		$srv_cert = lookup_cert($settings["dcert"]);
+		$srv_cert = lookup_ca($settings["dca"]);
 		if ($srv_cert != false) {
 			if(base64_decode($srv_cert['prv'])) {
 				#check if ssl_db was initilized by squid
@@ -836,13 +836,15 @@ function squid_resync_general() {
 				}
 				#force squid user permission on /var/squid/lib/ssl_db/
 				squid_chown_recursive("/var/squid/lib/ssl_db/", 'proxy', 'proxy');
+				# cert, key, version, cipher,options, clientca, cafile, capath, crlfile, dhparams,sslflags, and sslcontext
 				$crt_pk=SQUID_CONFBASE."/serverkey.pem";
+				$crt_capath=SQUID_LOCALBASE."/share/certs/";
 				file_put_contents($crt_pk,base64_decode($srv_cert['prv']).base64_decode($srv_cert['crt']));
 				$sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5);
-				$ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk}\n";
+				$ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk} capath={$crt_capath}\n";
 				$interception_checks  = "sslcrtd_program ".SQUID_LOCALBASE."/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048\n";
 				$interception_checks .= "sslcrtd_children {$sslcrtd_children}\n";
-				$interception_checks .= 'sslproxy_capath '.SQUID_LOCALBASE.'/share/certs'."\n";
+				$interception_checks .= "sslproxy_capath {$crt_capath}\n";
 				if (preg_match("/sslproxy_cert_error/",$settings["interception_checks"]))
 					$interception_checks.="sslproxy_cert_error allow all\n";
 				if (preg_match("/sslproxy_flags/",$settings["interception_checks"]))
@@ -1087,9 +1089,10 @@ EOC;
 }
 
 	If ($settings['custom_refresh_patterns'] !="")
-		$conf .= sq_text_area_decode($settings['custom_refresh_patterns']);
+		$conf .= sq_text_area_decode($settings['custom_refresh_patterns'])."\n";
 		
 	$conf .= <<< EOD
+	
 cache_mem $memory_cache_size MB
 maximum_object_size_in_memory {$max_objsize_in_mem} KB
 memory_replacement_policy {$memory_policy}
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index dbaf0895..d64aabb9 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -370,12 +370,13 @@
 			<default_value>3129</default_value>
 		</field>
 		<field>
-			<fielddescr>Cert</fielddescr>
-			<fieldname>dcert</fieldname>
-			<description><![CDATA[Select Certificate to use in SSL interception<br>
-								To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description>
+			<fielddescr>CA</fielddescr>
+			<fieldname>dca</fieldname>
+			<description><![CDATA[Select Certificate Authority to use when SSL interception is enabled.<br>
+								To create a CA on pfsense, go to <strong>system -> Cert Manager<strong><br>
+								Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.]]></description>
 	    	<type>select_source</type>
-			<source><![CDATA[$config['cert']]]></source>
+			<source><![CDATA[$config['ca']]]></source>
 			<source_name>descr</source_name>
 			<source_value>refid</source_value>
 		</field>
-- 
cgit v1.2.3