From be905dcdbdab0983f6b7032378b572ff6ed26c93 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:31:37 +0200 Subject: Update freeradius.inc --- config/freeradius2/freeradius.inc | 117 ++++++++++++++++++++++---------------- 1 file changed, 69 insertions(+), 48 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index eecfec84..b25d0af0 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -4,7 +4,7 @@ /* freeradius.inc part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke Copyright (C) 2013 Marcello Coutinho All rights reserved. @@ -2521,52 +2521,75 @@ conf_mount_ro(); /* Uses XMLRPC to synchronize the changes to a remote node */ function freeradius_sync_on_changes() { global $config, $g; - $varsyncenablexmlrpc = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout']; - - // if checkbox is NOT checked do nothing - if(!$varsyncenablexmlrpc) { + if (is_array($config['installedpackages'][freeradiussync'])){ + $synconchanges = $config['installedpackages'][freeradiussync']['config'][0]['varsyncenablexmlrpc']; + $varsynctimeout = $config['installedpackages'][freeradiussync']['config'][0]['varsynctimeout']; + } + else + { return; } - - log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds."); - - // if checkbox is checked get IP and password of the destination hosts - foreach ($config['installedpackages']['freeradiussync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - // if checkbox is NOT checked do nothing - if($sh['varsyncdestinenable']) { - $varsyncprotocol = $sh['varsyncprotocol']; - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - $varsyncport = $sh['varsyncport']; - // check if all credentials are complete for this host - if($password && $sync_to_ip && $varsyncport && $varsyncprotocol) { - freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol); + + // if checkbox is NOT checked do nothing + switch ($synconchanges){ + case "manual": + if (is_array($config['installedpackages'][freeradiussync']['config'][0]['row'])){ + $rs=$config['installedpackages'][freeradiussync']['config'][0]['row']; + } + else{ + log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['varsyncdestinenable']="on"; + $rs[0]['varsyncprotocol']=($config['system']['webgui']['protocol']!=""?$config['system']['webgui']['protocol']:"https"); + $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; + $rs[0]['varsyncpassword']=$system_carp['password']; + $rs[0]['varsyncport']=($config['system']['webgui']['port']!=""?$config['system']['webgui']['port']:"443"); + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config."); + return; + } + } + else{ + log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no system backup hosts to push FreeRADIUS config."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)){ + log_error("[FreeRADIUS]: xmlrpc sync is starting with timeout {$varsynctimeout} seconds."); + foreach($rs as $sh){ + if($sh['varsyncdestinenable']){ + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + if($password && $sync_to_ip) + freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout); + else + log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); } else { - log_error("FreeRADIUS: XMLRPC Sync with {$sh['varsyncipaddress']} has incomplete credentials. No XMLRPC Sync done!"); + log_error("[FreeRADIUS]: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); } } - else { - log_error("FreeRADIUS: XMLRPC Sync with {$sh['varsyncipaddress']} is disabled"); + log_error("[FreeRADIUS]: xmlrpc sync is ending."); } - } - } - log_error("FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync)."); } /* Do the actual XMLRPC sync */ -function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) { +function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol,$varsynctimeout) { global $config, $g; - $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout']; - - if($varsynctimeout == '' || $varsynctimeout == 0) { + if($varsynctimeout == '' || $varsynctimeout == 0) $varsynctimeout = 150; - } - - // log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync) with timeout {$varsynctimeout} seconds."); if(!$password) return; @@ -2600,7 +2623,7 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; - log_error("FreeRADIUS: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}."); + log_error("[FreeRADIUS]: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -2611,22 +2634,22 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn $resp = $cli->send($msg, $varsynctimeout); if(!$resp) { $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; - log_error("FreeRADIUS: $error"); - file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + log_error("[FreeRADIUS]: $error"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error("FreeRADIUS: $error"); - file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + log_error("[FreeRADIUS]: $error"); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); } else { - log_error("FreeRADIUS: XMLRPC has synced data successfully with {$url}:{$port}."); + log_error("[FreeRADIUS]: XMLRPC has synced data successfully with {$url}:{$port}."); } - /* tell freeradius to reload our settings on the destionation sync host. */ + /* tell FreeRADIUS to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/freeradius.inc');\n"; - // pfblocker just needed one fuction to reload after XMLRPC. freeRADIUS needs more so we point to a fuction below which contains all fuctions + // pfblocker just needed one fuction to reload after XMLRPC. FreeRADIUS needs more so we point to a fuction below which contains all fuctions $execcmd .= "freeradius_all_after_XMLRPC_resync();"; /* assemble xmlrpc payload */ @@ -2635,7 +2658,7 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn XML_RPC_encode($execcmd) ); - log_error("FreeRADIUS XMLRPC is reloading data on {$url}:{$port}."); + log_error("[FreeRADIUS]: XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); @@ -2643,21 +2666,19 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn if(!$resp) { $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; log_error($error); - file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $varsynctimeout); $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); - file_notice("sync_settings", $error, "freeradius Settings Sync", ""); + file_notice("sync_settings", $error, "FreeRADIUS Settings Sync", ""); } else { - log_error("FreeRADIUS: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); + log_error("[FreeRADIUS]: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); } } -// ##### The part above is based on the code of pfblocker ##### - // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) // Adding more functions will increase the to sync function freeradius_all_after_XMLRPC_resync() { -- cgit v1.2.3 From 6e033cc99fd2ce45810acfb911592e985a50829d Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:31:54 +0300 Subject: Update freeradiussync.xml --- config/freeradius2/freeradiussync.xml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index 5f1acc74..fb6f6200 100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -9,8 +9,8 @@ /* freeradiussync.xml part of pfSense (http://www.pfSense.com) -Copyright (C) 2011 - 2012 Alexander Wilke -Copyright (C) 2011 Marcello Coutinho +Copyright (C) 2013 Alexander Wilke +Copyright (C) 2013 Marcello Coutinho based on pfblocker_sync.xml All rights reserved. @@ -111,23 +111,29 @@ POSSIBILITY OF SUCH DAMAGE. - freeRADIUS XMLRPC Sync + FreeRADIUS XMLRPC Sync listtopic - Automatically sync freeRADIUS configuration changes? + Enable Sync varsyncenablexmlrpc - Only Users, MACs and NAS / Clients will be synced.
- Important: Only sync from host A to B, A to C but do not enable XMLRPC sync to A. This will result in a loop!]]>
- checkbox + Important: While using "Sync to hosts defined below", only sync from host A to B, A to C but do not enable XMLRPC sync to A. This will result in a loop!]]> + select + + auto + + + + +
- XMLRPC timeout + XMLRPC timeout varsynctimeout input - 150 + 150 5 @@ -166,7 +172,7 @@ POSSIBILITY OF SUCH DAMAGE. input 3 - + GUI Admin Password varsyncpassword -- cgit v1.2.3 From 10298ebe139820c150f5a7c48f2bb34d513e133e Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:32:22 +0300 Subject: Update freeradius.xml --- config/freeradius2/freeradius.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index fdadab89..981ce25b 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -9,7 +9,7 @@ /* freeradius.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) -- cgit v1.2.3 From a15ea5a75ab06de8f3e98dab0c1e9fa8e8bd6e20 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:32:58 +0300 Subject: Update freeradius_view_config.php --- config/freeradius2/freeradius_view_config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php index a29e1a55..a1943653 100644 --- a/config/freeradius2/freeradius_view_config.php +++ b/config/freeradius2/freeradius_view_config.php @@ -2,7 +2,7 @@ /* freeradius_view_config.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke Copyright (C) 2011 Marcello Coutinho based on postfix_view_config.php based on varnish_view_config. -- cgit v1.2.3 From bf92725509e87c0c4150f32bfe9dbd3499413b83 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:33:18 +0300 Subject: Update freeradiusauthorizedmacs.xml --- config/freeradius2/freeradiusauthorizedmacs.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index 173f8f00..235d0218 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -9,7 +9,7 @@ /* freeradiusauthorizedmacs.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) -- cgit v1.2.3 From 05a393a0e8bf7f268794f87174c5232ef6d9b3fe Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:33:39 +0200 Subject: Update freeradiuscerts.xml --- config/freeradius2/freeradiuscerts.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index 21f18643..6108215b 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -9,7 +9,7 @@ /* freeradiuscerts.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -290,4 +290,4 @@ freeradius_allcertcnf_resync(); - \ No newline at end of file + -- cgit v1.2.3 From 8653493d06dce57f5fbf1c8c9ff450b2a53b5ac9 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:34:20 +0300 Subject: Update freeradiusclients.xml --- config/freeradius2/freeradiusclients.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index 87d8a11f..215a751e 100644 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -9,7 +9,7 @@ /* freeradiusclients.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -246,4 +246,4 @@ freeradius_clients_resync(); - \ No newline at end of file + -- cgit v1.2.3 From 980f2e3c1b8042999bb44bd2d809a466a4251779 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:34:47 +0200 Subject: Update freeradiuseapconf.xml --- config/freeradius2/freeradiuseapconf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index a2dd2b99..8f8e4dc7 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -9,7 +9,7 @@ /* freeradiuseapconf.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke Copyright (C) 2013 Marcello Coutinho (revocation list code) All rights reserved. -- cgit v1.2.3 From 6e95fa38730e2dad08271b02d131e225e74d9e99 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:35:07 +0300 Subject: Update freeradiusinterfaces.xml --- config/freeradius2/freeradiusinterfaces.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml index c944ac17..1233f72f 100644 --- a/config/freeradius2/freeradiusinterfaces.xml +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -9,7 +9,7 @@ /* freeradiusinterfaces.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -185,4 +185,4 @@ freeradius_settings_resync(); - \ No newline at end of file + -- cgit v1.2.3 From 59fc08b400e0be930aafcb0891e0fe01797ffad7 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:35:24 +0300 Subject: Update freeradiusmodulesldap.xml --- config/freeradius2/freeradiusmodulesldap.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index 0fa98493..593670d4 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -9,7 +9,7 @@ /* freeradiusmodulesldap.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -705,4 +705,4 @@ freeradius_modulesldap_resync(); - \ No newline at end of file + -- cgit v1.2.3 From eeec3e5c03ea516d5fa9f17baf272f7960e22b2f Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:35:46 +0200 Subject: Update freeradiussettings.xml --- config/freeradius2/freeradiussettings.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 4bc98723..c66b29d7 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -9,7 +9,7 @@ /* freeradiussettings.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -376,4 +376,4 @@ freeradius_settings_resync(); - \ No newline at end of file + -- cgit v1.2.3 From a26dab69db8d9decc563ee15be04f19c35f91fa0 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 22:36:04 +0300 Subject: Update freeradiussqlconf.xml --- config/freeradius2/freeradiussqlconf.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml index 6851711c..2d20c2a6 100644 --- a/config/freeradius2/freeradiussqlconf.xml +++ b/config/freeradius2/freeradiussqlconf.xml @@ -9,7 +9,7 @@ /* freeradiussqlconf.xml part of pfSense (http://www.pfSense.com) - Copyright (C) 2011 - 2012 Alexander Wilke + Copyright (C) 2013 Alexander Wilke All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) @@ -621,4 +621,4 @@ freeradius_sqlconf_resync(); - \ No newline at end of file + -- cgit v1.2.3 From 5223696b3a7a23ba41bd2bac40a700e5fe6f83c0 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:37:05 +0200 Subject: Update freeradiussqlconf.xml --- config/freeradius2/freeradiussqlconf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml index 2d20c2a6..bb72a07a 100644 --- a/config/freeradius2/freeradiussqlconf.xml +++ b/config/freeradius2/freeradiussqlconf.xml @@ -45,7 +45,7 @@ Describe your package requirements here Currently there are no FAQ items provided. freeradiussqlconf - none + 2.2.0 FreeRADIUS: SQL pkg_edit.php?xml=freeradiussqlconf.xml&id=0 /usr/local/pkg/freeradius.inc -- cgit v1.2.3 From 2a87876eda5ee8edee174255c876e66ba2fe6cde Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:37:33 +0200 Subject: Update freeradiussync.xml --- config/freeradius2/freeradiussync.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index fb6f6200..be678e5a 100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE. Describe your package requirements here Currently there are no FAQ items provided. freeradiussync - 2.1.12 + 2.2.0 FreeRADIUS: XMLRPC Sync /usr/local/pkg/freeradius.inc -- cgit v1.2.3 From 583a59a4407f59c63b3c32a38a3da2bb460b74d6 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:38:02 +0200 Subject: Update freeradiussettings.xml --- config/freeradius2/freeradiussettings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index c66b29d7..1d908ca4 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -45,7 +45,7 @@ Describe your package requirements here Currently there are no FAQ items provided. freeradiussettings - none + 2.2.0 FreeRADIUS: Settings pkg_edit.php?xml=freeradiussettings.xml&id=0 /usr/local/pkg/freeradius.inc -- cgit v1.2.3 From a32c1d2e42a6cc2c6aab67ca5525b1b120261f47 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:38:24 +0200 Subject: Update freeradiusmodulesldap.xml --- config/freeradius2/freeradiusmodulesldap.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index 593670d4..c7b5e79d 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -45,7 +45,7 @@ Describe your package requirements here Currently there are no FAQ items provided. freeradiusmodulesldap - none + 2.2.0 FreeRADIUS: LDAP pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0 /usr/local/pkg/freeradius.inc -- cgit v1.2.3 From d3178a170ce1465624d4e9b51d8925a76da6d01c Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Wed, 15 May 2013 21:39:11 +0200 Subject: Update freeradius.xml --- config/freeradius2/freeradius.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 981ce25b..c9381c81 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -45,7 +45,7 @@ Describe your package requirements here Currently there are no FAQ items provided. freeradius - 2.1.12 + 2.2.0 FreeRADIUS: Users /usr/local/pkg/freeradius.inc -- cgit v1.2.3 From fdfa7527690bbfead02e9df8c54116a32f92c833 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Thu, 16 May 2013 12:12:13 +0300 Subject: freeradius2: generalize the XMLRPC Sync options to make it consistent with other packages --- config/freeradius2/freeradius.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index b25d0af0..b2df3d0b 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -2521,9 +2521,9 @@ conf_mount_ro(); /* Uses XMLRPC to synchronize the changes to a remote node */ function freeradius_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages'][freeradiussync'])){ - $synconchanges = $config['installedpackages'][freeradiussync']['config'][0]['varsyncenablexmlrpc']; - $varsynctimeout = $config['installedpackages'][freeradiussync']['config'][0]['varsynctimeout']; + if (is_array($config['installedpackages']['freeradiussync'])){ + $synconchanges = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc']; + $varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout']; } else { @@ -2533,8 +2533,8 @@ function freeradius_sync_on_changes() { // if checkbox is NOT checked do nothing switch ($synconchanges){ case "manual": - if (is_array($config['installedpackages'][freeradiussync']['config'][0]['row'])){ - $rs=$config['installedpackages'][freeradiussync']['config'][0]['row']; + if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])){ + $rs=$config['installedpackages']['freeradiussync']['config'][0]['row']; } else{ log_error("[FreeRADIUS]: xmlrpc sync is enabled but there is no hosts to push on FreeRADIUS config."); -- cgit v1.2.3 From 39f4ee8a301be1328d5aafa5c029c24546cdb73f Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Thu, 16 May 2013 14:44:35 -0300 Subject: squid3-dev - include more options to ssl_crt, new custom_refresh_patter on cache tab, fix auth plugins names --- config/squid3/33/squid.inc | 107 +++++++++++++++++++++++++++------------ config/squid3/33/squid.xml | 14 +++-- config/squid3/33/squid_cache.xml | 11 +++- 3 files changed, 94 insertions(+), 38 deletions(-) (limited to 'config') diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index 94c85a7e..4ca1672f 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -777,6 +777,41 @@ function squid_install_cron($should_install) { configure_cron(); } +function squid_check_ca_hashes(){ + global $config,$g; + + #check certificates + $cert_count=0; + if (is_dir(SQUID_LOCALBASE. '/share/certs')) + if ($handle = opendir(SQUID_LOCALBASE.'/usr/local/share/certs')) { + while (false !== ($file = readdir($handle))) + if (preg_match ("/\d+.0/",$file)) + $cert_count++; + } + closedir($handle); + if ($cert_count < 10){ + conf_mount_rw(); + #create ca-root hashes from ca-root-nss package + log_error("Creating root certificate bundle hashes from the Mozilla Project"); + $cas=file(SQUID_LOCALBASE.'/share/certs/ca-root-nss.crt'); + $cert=0; + foreach ($cas as $ca){ + if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) + $cert=1; + if ($cert == 1) + $crt.=$ca; + if (preg_match("/-END CERTIFICATE-/",$ca)){ + file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); + $cert_hash=array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); + file_put_contents(SQUID_LOCALBASE."/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); + $crt=""; + $cert=0; + } + } + } +} + function squid_resync_general() { global $g, $config, $valid_acls; @@ -785,10 +820,10 @@ function squid_resync_general() { else $settings=array(); $conf = "# This file is automatically generated by pfSense\n"; - $conf .= "# Do not edit manually !\n"; + $conf .= "# Do not edit manually !\n\n"; #Check ssl interception - $sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5); if (($settings['ssl_proxy'] == 'on')) { + squid_check_ca_hashes(); $srv_cert = lookup_cert($settings["dcert"]); if ($srv_cert != false) { if(base64_decode($srv_cert['prv'])) { @@ -803,15 +838,19 @@ function squid_resync_general() { squid_chown_recursive("/var/squid/lib/ssl_db/", 'proxy', 'proxy'); $crt_pk=SQUID_CONFBASE."/serverkey.pem"; file_put_contents($crt_pk,base64_decode($srv_cert['prv']).base64_decode($srv_cert['crt'])); - - $ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size={$sslcrtd_children}MB cert={$crt_pk}\n"; - $interception_checks=""; + $sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5); + $ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk}\n"; + $interception_checks = "sslcrtd_program ".SQUID_LOCALBASE."/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048\n"; + $interception_checks .= "sslcrtd_children {$sslcrtd_children}\n"; + $interception_checks .= 'sslproxy_capath '.SQUID_LOCALBASE.'/share/certs'."\n"; if (preg_match("/sslproxy_cert_error/",$settings["interception_checks"])) $interception_checks.="sslproxy_cert_error allow all\n"; if (preg_match("/sslproxy_flags/",$settings["interception_checks"])) $interception_checks.="sslproxy_flags DONT_VERIFY_PEER\n"; - if ($settings["interception_adapt"] != "") - $interception_checks.="sslproxy_cert_adapt {$settings["interception_adapt"]}\n"; + if ($settings["interception_adapt"] != ""){ + foreach (explode(",",$settings["interception_adapt"]) as $adapt) + $interception_checks.="sslproxy_cert_adapt {$adapt} all\n"; + } } } } @@ -887,7 +926,7 @@ function squid_resync_general() { $logdir_cache = $logdir . '/cache.log'; $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); - $conf .= <<