Project

General

Profile

Regression #13628 » freeradius.patch

Marcos M, 12/06/2022 01:39 PM

View differences:

net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradius.inc
78 78
}
79 79

  
80 80
function freeradius_deinstall_command() {
81
	global $config;
82 81
	$pidFile = "/var/run/radiusd.pid";
83 82
	$i = 0;
84 83

  
......
90 89
	}
91 90

  
92 91
	/* Remove package settings from config if 'Keep Settings' is disabled */
93
	init_config_arr(array('installedpackages', 'freeradiussettings', 'config', 0));
94
	if (isset($config['installedpackages']['freeradiussettings']['config'][0]['keep_settings']) &&
95
	    empty($config['installedpackages']['freeradiussettings']['config'][0]['keep_settings'])) {
92
	if (!config_path_enabled('installedpackages/freeradiussettings/config/0/', 'keep_settings')) {
93
		$uninstall = array(
94
			'installedpackages/freeradius',
95
			'installedpackages/freeradiusauthorizedmacs',
96
			'installedpackages/freeradiusclients',
97
			'installedpackages/freeradiusinterfaces',
98
			'installedpackages/freeradiussettings',
99
			'installedpackages/freeradiuseapconf',
100
			'installedpackages/freeradiussqlconf',
101
			'installedpackages/freeradiusmodulesldap',
102
			'installedpackages/freeradiussync'
103
		);
104

  
96 105
		log_error("[freeRADIUS] Removing all FreeRADIUS settings since 'Keep Settings/Data' is disabled...");
97
		$uninstall = array('freeradius', 'freeradiusauthorizedmacs', 'freeradiusclients', 'freeradiusinterfaces',
98
		'freeradiussettings', 'freeradiuseapconf', 'freeradiussqlconf', 'freeradiusmodulesldap', 'freeradiussync');
99
		foreach ($uninstall as $unin) {
100
			if (is_array($config['installedpackages'][$unin])) {
101
				unset($config['installedpackages'][$unin]);
102
			}
106
		foreach ($uninstall as $path) {
107
			config_del_path($path);
103 108
		}
109

  
104 110
		rmdir_recursive(FREERADIUS_RADDB, false);
105 111
		write_config("[freeRADIUS] Package uninstalled.");
106 112
	}
......
130 136
}
131 137

  
132 138
function freeradius_upgrade_config() {
133
	global $config;
134

  
135 139
	// FreeRADIUS built-in certificate manager was removed (Bug #7170)
136
	if (is_array($config['installedpackages']['freeradiuscerts'])) {
137
		unset($config['installedpackages']['freeradiuscerts']);
138
		log_error(gettext("freeRADIUS: Removing deprecated built-in certificate manager configuration."));
139
	}
140
	if (is_array($config['installedpackages']['freeradiuseapconf']['config'][0])) {
141
		if (isset($config['installedpackages']['freeradiuseapconf']['config'][0]['vareapconfchoosecertmanager'])) {
142
			unset($config['installedpackages']['freeradiuseapconf']['config'][0]['vareapconfchoosecertmanager']);
143
		}
144
		if (isset($config['installedpackages']['freeradiuseapconf']['config'][0]['vareapconfprivatekeypassword'])) {
145
			unset($config['installedpackages']['freeradiuseapconf']['config'][0]['vareapconfprivatekeypassword']);
140
	$deprecated_config_paths = array(
141
		'installedpackages/freeradiuscerts',
142
		'installedpackages/freeradiuseapconf/config/0/vareapconfchoosecertmanager',
143
		'installedpackages/freeradiuseapconf/config/0/vareapconfprivatekeypassword'
144
	);
145

  
146
	$isremoved = false;
147
	foreach ($deprecated_config_paths as $path) {
148
		if (config_get_path($path)) {
149
			$isremoved = true;
150
			config_del_path($path);
146 151
		}
147 152
	}
153

  
154
	if ($isremoved) {
155
		log_error(gettext("freeRADIUS: Removed deprecated built-in certificate manager configuration."));
156
	}
148 157
}
149 158

  
150 159
function freeradius_install_command() {
151
	global $config;
152

  
153 160
	// We create here different folders for different counters.
154 161
	safe_mkdir("/var/log/radacct/datacounter/daily");
155 162
	safe_mkdir("/var/log/radacct/datacounter/weekly");
......
282 289
}
283 290

  
284 291
function freeradius_settings_resync($restart_svc = true) {
285
	global $config;
286 292
	$conf = '';
287 293

  
288 294
	// put the constant to a variable
......
303 309
		touch("/var/log/radwtmp");
304 310
	}
305 311

  
306
	if (is_array($config['installedpackages']['freeradiussettings']['config'][0])) {
307
		$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
308
	} else {
309
		$varsettings = array();
310
	}
312
	$varsettings = config_get_path('installedpackages/freeradiussettings/config/0', []);
311 313

  
312 314
	// Variables: General configuration
313 315
	$varsettingsmaxrequests = ($varsettings['varsettingsmaxrequests'] ?: '1024');
......
340 342
	$varsettingsmaxrequestsperserver = ($varsettings['varsettingsmaxrequestsperserver'] ?: '0');
341 343

  
342 344
	// For more details look at freeradius_sqlconf_resync()
343
	if (is_array($config['installedpackages']['freeradiussqlconf']['config'][0])) {
344
		$sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
345
	} else {
346
		$sqlconf = array();
347
	}
345
	$sqlconf = config_get_path('installedpackages/freeradiussqlconf/config/0', []);
348 346

  
349 347
	// Dis-/Enable SQL in "instatiate" section in freeradius_settings_resync() and radiusd.conf SQL SERVER 2
350 348
	if ($sqlconf['varsqlconf2includeenable'] == 'on') {
......
479 477
}
480 478

  
481 479
function freeradius_users_resync($via_rpc = false) {
482
	global $config;
483 480
	$conf = '';
484 481

  
485
	$arrausers = config_get_path('installedpackages/freeradius/config', []);
482
	$arrusers = config_get_path('installedpackages/freeradius/config', []);
486 483

  
487 484
	if (!empty($arrusers)) {
488 485
		foreach ($arrusers as $users) {
......
802 799
	}
803 800
}
804 801

  
805

  
806 802
function freeradius_authorizedmacs_resync($restart_svc = true, $via_rpc = false) {
807 803
	$conf = '';
808 804

  
......
1157 1153
	}
1158 1154
}
1159 1155

  
1160

  
1161

  
1162 1156
function freeradius_eapconf_resync($restart_svc = true) {
1163
	global $config;
1164 1157
	$conf = '';
1165 1158

  
1166
	if (!is_array($config['installedpackages']['freeradiuseapconf']['config'][0])) {
1167
		$config['installedpackages']['freeradiuseapconf']['config'][0] = array();
1168
	}
1169
	$eapconf = & $config['installedpackages']['freeradiuseapconf']['config'][0];
1159
	$eapconf_path = 'installedpackages/freeradiuseapconf/config/0';
1160
	$eapconf = config_get_path($eapconf_path);
1170 1161

  
1171 1162
	// Disable weak EAP types like MD5, and GTC
1172 1163
	if ($eapconf['vareapconfdisableweakeaptypes'] == '') {
......
1194 1185
	// Variables: EAP-TLS
1195 1186
	$vareapconffragmentsize = ($eapconf['vareapconffragmentsize'] ?: '1024');
1196 1187
	$vareapconfincludelength = ($eapconf['vareapconfincludelength'] ?: 'yes');
1197
	$vareapconfcountry = ($eapconf['vareapconfcountry'] ?: '');
1198
	$vareapconfstate = ($eapconf['vareapconfstate'] ?: '');
1199
	$vareapconfcity = ($eapconf['vareapconfcity'] ?: '');
1200
	$vareapconforganization = ($eapconf['vareapconforganization'] ?: '');
1201
	$vareapconfemail = ($eapconf['vareapconfemail'] ?: '');
1202
	$vareapconfcommonname = ($eapconf['vareapconfcommonname'] ?: 'internal-ca');
1203 1188

  
1204 1189
	// Variables: Cache
1205 1190
	$vareapconfcacheenablecache = ($eapconf['vareapconfcacheenablecache'] ?: 'no');
......
1221 1206
	$vareapconfpeapdefaulteaptype = ($eapconf['vareapconfpeapdefaulteaptype'] ?: 'mschapv2');
1222 1207
	$vareapconfpeapcopyrequesttotunnel = ($eapconf['vareapconfpeapcopyrequesttotunnel'] ?: 'no');
1223 1208
	$vareapconfpeapusetunneledreply = ($eapconf['vareapconfpeapusetunneledreply'] ? 1 : 0);
1224
	$vareapconfpeapsohenable = ($eapconf['vareapconfpeapsohenable'] ?: 'Disable');
1225 1209

  
1226 1210
	// This is for enable/disbable MS SoH in EAP-PEAP and the virtuial-server "soh-server"
1227 1211
	if ($eapconf['vareapconfpeapsohenable'] == 'Enable') {
......
1238 1222
		unlink_if_exists(FREERADIUS_SITESENABLED . "/soh");
1239 1223
	}
1240 1224

  
1241

  
1242 1225
	// For pfSense cert manager
1243 1226
	$ca_cert = lookup_ca($eapconf["ssl_ca_cert"]);
1244 1227
	if ($ca_cert == false) {
1245
		if (!is_array($config['ca'])) {
1246
			$config['ca'] = array();
1247
		}
1248
		$a_ca =& $config['ca'];
1249

  
1250
		if (!is_array($config['cert'])) {
1251
			$config['cert'] = array();
1252
		}
1253
		$a_cert =& $config['cert'];
1254

  
1255 1228
		/* Generate CA with generic details */
1256 1229
		$ca = array();
1257 1230
		$ca['refid'] = uniqid();
......
1264 1237
		} else {
1265 1238
			$eapconf["ssl_ca_cert"] = $ca['refid'];
1266 1239
			$ca_cert = $ca;
1240
			$a_ca = config_get_path('ca');
1267 1241
			$a_ca[] = $ca;
1242
			config_set_path('ca', $a_ca);
1268 1243
			$cert = array();
1269 1244
			$cert['refid'] = uniqid();
1270 1245
			$cert['descr'] = "FreeRADIUS Server Certificate";
......
1276 1251
				file_notice("FreeRADIUS", gettext("Cannot create temporary FreeRADIUS certificate. Visit Services > FreeRADIUS > EAP tab and configure server certificates in the 'Certificates for TLS' section: " . openssl_error_string()));
1277 1252
				$cert_error = true;
1278 1253
			} else {
1254
				$a_cert = config_get_path('cert');
1279 1255
				$a_cert[] = $cert;
1256
				config_set_path('cert', $a_cert);
1280 1257
				$eapconf["ssl_server_cert"] = $cert['refid'];
1281 1258
			}
1282 1259
		}
......
1304 1281
				file_put_contents(FREERADIUS_CERTS . "/server_key.pem", base64_decode($svr_cert['prv']));
1305 1282
			}
1306 1283
			if (base64_decode($svr_cert['crt'])) {
1307
				file_put_contents(FREERADIUS_CERTS . "/server_cert.pem", 
1284
				file_put_contents(FREERADIUS_CERTS . "/server_cert.pem",
1308 1285
					base64_decode($svr_cert['crt']) . "\n" .
1309 1286
					ca_chain($svr_cert));
1310 1287
			}
......
1354 1331
		$vareapconftlsminversion = '1.0';
1355 1332
	}
1356 1333

  
1334
	config_set_path($eapconf_path, $eapconf);
1335

  
1357 1336
	$conf .= <<<EOD
1358 1337
### EAP
1359 1338
eap {
......
1682 1661
	file_put_contents($filename, $conf);
1683 1662
	chmod($filename, 0640);
1684 1663

  
1685

  
1686 1664
	freeradius_sync_on_changes();
1687 1665
	if ($restart_svc === true) {
1688 1666
		restart_service("radiusd");
......
1691 1669

  
1692 1670
// Gets started from freeradiuseapconf.xml
1693 1671
function freeradius_get_ca_crl() {
1694
	global $config;
1695 1672
	$crl_arr = array();
1696 1673
	$crl_arr[] = array('refid' => 'none', 'descr' => 'none');
1697 1674

  
1698
	if (is_array($config['crl'])) {
1699
		foreach ($config['crl'] as $crl) {
1700
			$crl_arr[] = array('refid' => $crl['refid'], 'descr' => $crl['descr']);
1701
		}
1675
	foreach (config_get_path('crl', []) as $crl) {
1676
		$crl_arr[] = array('refid' => $crl['refid'], 'descr' => $crl['descr']);
1702 1677
	}
1703 1678
	return $crl_arr;
1704 1679
}
......
1706 1681
function freeradius_sqlconf_resync() {
1707 1682
	$conf = '';
1708 1683

  
1709
	$sqlconf = config_get_path('installedpackages/freeradiussqlconf/config', []);
1684
	$sqlconf = config_get_path('installedpackages/freeradiussqlconf/config/0', []);
1710 1685

  
1711 1686
	// Variables: SQL DATABASE 1
1712 1687
	$varsqlconfdatabase = ($sqlconf['varsqlconfdatabase'] ?: 'mysql');
......
1893 1868
	\$INCLUDE \${modconfdir}/sql/counter/\${dialect}/\${.:instance}.conf
1894 1869
}
1895 1870

  
1896

  
1897 1871
EOD;
1898 1872

  
1899 1873
	$filename = FREERADIUS_MODSENABLED . '/sqlcounter';
......
1921 1895
function freeradius_serverdefault_resync() {
1922 1896
	$conf = '';
1923 1897

  
1924
	$arrmodulesldap = config_get_path('installedpackages/freeradiusmodulesldap/config', []);
1898
	// Get Variables from freeradiusmodulesldap.xml
1899
	$arrmodulesldap = config_get_path('installedpackages/freeradiusmodulesldap/config/0', []);
1925 1900

  
1926 1901
	// failover/loadbalancing mode
1927 1902
	$varmodulesldap2failover = ($arrmodulesldap['varmodulesldap2failover'] ?: 'redundant');
......
1983 1958
		@unlink_if_exists(FREERADIUS_MODSENABLED . '/ldap');
1984 1959
	}
1985 1960

  
1986
	$sqlconf = config_get_path('installedpackages/freeradiussqlconf/config', []);
1987

  
1988
	$varsqlconfenableauthorize = ($sqlconf['varsqlconfenableauthorize'] ?: 'Disable');
1989
	$varsqlconfenableaccounting = ($sqlconf['varsqlconfenableaccounting'] ?: 'Disable');
1990
	$varsqlconfenablesession = ($sqlconf['varsqlconfenablesession'] ?: 'Disable');
1991
	$varsqlconfenablepostauth = ($sqlconf['varsqlconfenablepostauth'] ?: 'Disable');
1992

  
1993
	// Get Variables from freeradiussqlconf.xml for DATABASE 2
1994
	$varsqlconf2enableauthorize = ($sqlconf['varsqlconf2enableauthorize'] ?: 'Disable');
1995
	$varsqlconf2enableaccounting = ($sqlconf['varsqlconf2enableaccounting'] ?: 'Disable');
1996
	$varsqlconf2enablesession = ($sqlconf['varsqlconf2enablesession'] ?: 'Disable');
1997
	$varsqlconf2enablepostauth = ($sqlconf['varsqlconf2enablepostauth'] ?: 'Disable');
1961
	// Get Variables from freeradiussqlconf.xml for DATABASE 1
1962
	$sqlconf = config_get_path('installedpackages/freeradiussqlconf/config/0', []);
1998 1963

  
1999 1964
	// authorize section DATABASE 2
2000 1965
	if (($sqlconf['varsqlconf2includeenable'] == 'on') && ($sqlconf['varsqlconf2enableauthorize'] == 'Enable')) {
......
2108 2073
		$varsqlconfpostauthtypereject = '# sql';
2109 2074
	}
2110 2075

  
2111
	$varsettings = config_get_path('installedpackages/freeradiussettings/config', []);
2076
	// Changing authorize section for plain mac auth
2077
	// Variables: If not using 802.1x, mac address must be known
2078
	$varsettings = config_get_path('installedpackages/freeradiussettings/config/0', []);
2112 2079

  
2113 2080
	// If unchecked we need the normal EAP section.
2114 2081
	if (!$varsettings['varsettingsenablemacauth']) {
......
2209 2176
		} // endforeach
2210 2177
	} // endif empty
2211 2178

  
2212

  
2213 2179
	$conf .= <<<EOD
2214 2180

  
2215 2181
authorize {
......
2415 2381

  
2416 2382
/* Uses XMLRPC to synchronize the changes to a remote node */
2417 2383
function freeradius_sync_on_changes() {
2418
	global $config;
2419

  
2420
	if (is_array($config['installedpackages']['freeradiussync'])) {
2421
		$synconchanges = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc'];
2422
		$varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'] ?: '150';
2423
	} else {
2424
		return;
2425
	}
2384
	$synconchanges = config_get_path('installedpackages/freeradiussync/config/0/varsyncenablexmlrpc');
2385
	$varsynctimeout = config_get_path('installedpackages/freeradiussync/config/0/varsynctimeout') ?: '150';
2426 2386

  
2427 2387
	// if checkbox is NOT checked do nothing
2428 2388
	switch ($synconchanges) {
2429 2389
		case "manual":
2430
			if (is_array($config['installedpackages']['freeradiussync']['config'][0]['row'])) {
2431
				$rs = $config['installedpackages']['freeradiussync']['config'][0]['row'];
2432
			} else {
2390
			$rs = config_get_path('installedpackages/freeradiussync/config/0/row');
2391
			if (!is_array($rs)) {
2433 2392
				log_error("[FreeRADIUS]: XMLRPC sync is enabled but there are no hosts configured as replication targets.");
2434 2393
				return;
2435 2394
			}
2436 2395
			break;
2437 2396
		case "auto":
2438
			if (is_array($config['hasync'])) {
2439
				$system_carp = $config['hasync'];
2440
				$rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
2441
				$rs[0]['varsyncusername'] = $system_carp['username'];
2442
				$rs[0]['varsyncpassword'] = $system_carp['password'];
2443
				$rs[0]['varsyncdestinenable'] = FALSE;
2444

  
2445
				// XMLRPC sync is currently only supported over connections using the same protocol and port as this system
2446
				if ($config['system']['webgui']['protocol'] == "http") {
2447
					$rs[0]['varsyncprotocol'] = "http";
2448
					$rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '80';
2449
				} else {
2450
					$rs[0]['varsyncprotocol'] = "https";
2451
					$rs[0]['varsyncport'] = $config['system']['webgui']['port'] ?: '443';
2452
				}
2453
				if ($system_carp['synchronizetoip'] == "") {
2454
					log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
2455
					return;
2456
				} else {
2457
					$rs[0]['varsyncdestinenable'] = TRUE;
2458
				}
2397
			$system_carp = config_get_path('hasync');
2398
			if (!is_array($system_carp)) {
2399
				log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
2400
				return;
2401
			}
2402

  
2403
			$rs[0]['varsyncipaddress'] = $system_carp['synchronizetoip'];
2404
			$rs[0]['varsyncusername'] = $system_carp['username'];
2405
			$rs[0]['varsyncpassword'] = $system_carp['password'];
2406
			$rs[0]['varsyncdestinenable'] = FALSE;
2407

  
2408
			// XMLRPC sync is currently only supported over connections using the same protocol and port as this system
2409
			if (config_get_path('system/webgui/protocol') == "http") {
2410
				$rs[0]['varsyncprotocol'] = "http";
2411
				$rs[0]['varsyncport'] = config_get_path('system/webgui/port') ?: '80';
2459 2412
			} else {
2413
				$rs[0]['varsyncprotocol'] = "https";
2414
				$rs[0]['varsyncport'] = config_get_path('system/webgui/port') ?: '443';
2415
			}
2416
			if ($system_carp['synchronizetoip'] == "") {
2460 2417
				log_error("[FreeRADIUS]: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets.");
2461 2418
				return;
2419
			} else {
2420
				$rs[0]['varsyncdestinenable'] = TRUE;
2462 2421
			}
2463 2422
			break;
2464 2423
		default:
......
2511 2470

  
2512 2471
/* Do the actual XMLRPC sync */
2513 2472
function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout) {
2514
	global $config, $g;
2515

  
2516 2473
	/* Detect boot process, do nothing during boot. */
2517 2474
	if (platform_booting()) {
2518 2475
		return;
......
2529 2486
	$syncsections = array('freeradius', 'freeradiusauthorizedmacs', 'freeradiusclients', 'freeradiusinterfaces',
2530 2487
	'freeradiussettings', 'freeradiuseapconf', 'freeradiussqlconf', 'freeradiusmodulesldap');
2531 2488
	foreach ($syncsections as $section) {
2532
		if (is_array($config['installedpackages'][$section])) {
2533
			$xml[$section] = $config['installedpackages'][$section];
2489
		if (is_array(config_get_path("installedpackages/{$section}"))) {
2490
			$xml[$section] = config_get_path("installedpackages/{$section}");
2534 2491
		}
2535 2492
	}
2536 2493

  
......
2570 2527
		$msg = new XML_RPC_Message($method, $params);
2571 2528
		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
2572 2529
		$cli->setCredentials($username, $password);
2573
		if ($g['debug']) {
2530
		if (g_has('debug')) {
2574 2531
			$cli->setDebug(1);
2575 2532
		}
2576 2533
		/* Send our XMLRPC message and timeout after defined sync timeout value */
......
2635 2592
}
2636 2593

  
2637 2594
function freeradius_modulescounter_resync() {
2638
	global $config;
2639 2595
	$conf = '';
2640 2596

  
2641 2597
	$conf .= <<<EOD
......
2696 2652
}
2697 2653

  
2698 2654
function freeradius_modulesmschap_resync() {
2699
	global $config;
2700 2655
	$conf = '';
2701 2656

  
2702 2657
	$conf .= <<<EOD
......
2748 2703
}
2749 2704

  
2750 2705
function freeradius_modulesrealm_resync() {
2751
	global $config;
2752 2706
	$conf = '';
2753 2707

  
2754 2708
	$conf .= <<<EOD
......
2794 2748
}
2795 2749

  
2796 2750
function freeradius_modulesldap_resync($restart_svc = true) {
2797
	global $config;
2798 2751
	$raddb = FREERADIUS_RADDB;
2799 2752
	$conf = '';
2800 2753

  
2801
	$arrmodulesldap = config_get_path('installedpackages/freeradiusmodulesldap/config', []);
2754
	$arrmodulesldap = config_get_path('installedpackages/freeradiusmodulesldap/config/0', []);
2802 2755

  
2803 2756
	// Enable and Disable LDAP for "authorize" and "authenticate" will be done in freeradius_serverdefault_resync()
2804 2757
	// redundatnt-load-balancing will there be done, too
......
2905 2858
	}
2906 2859

  
2907 2860
	// Miscellaneous Configuration + MS Active Directory Compatibility ldap1
2908
	$varmodulesldapmsadcompatibilityenable = ($arrmodulesldap['varmodulesldapmsadcompatibilityenable'] ?: 'Disable');
2909 2861
	if ($arrmodulesldap['varmodulesldapmsadcompatibilityenable'] == 'Disable') {
2910 2862
		$varmodulesldapmsadcompatibility = '### MS Active Directory Compatibility is disabled ###';
2911 2863
	} else {
......
2918 2870
	}
2919 2871

  
2920 2872
	// Miscellaneous Configuration + MS Active Directory Compatibility ldap2
2921
	$varmodulesldap2msadcompatibilityenable = ($arrmodulesldap['varmodulesldap2msadcompatibilityenable'] ?: 'Disable');
2922 2873
	if ($arrmodulesldap['varmodulesldap2msadcompatibilityenable'] == 'Disable') {
2923 2874
		$varmodulesldap2msadcompatibility = '### MS Active Directory Compatibility is disabled ###';
2924 2875
	} else {
......
3303 3254
}
3304 3255

  
3305 3256
function freeradius_plainmacauth_resync() {
3306
	global $config;
3307
	$conf = '';
3308

  
3309 3257
	// Variables: If not using 802.1x, mac address must be known
3310
	$varsettings = config_get_path('installedpackages/freeradiussettings/config', []);
3258
	$varsettings = config_get_path('installedpackages/freeradiussettings/config/0', []);
3311 3259

  
3312 3260
	// defining variables with filename path
3313 3261
	$filemodulesfiles = FREERADIUS_MODSENABLED . '/files';
......
3359 3307
}
3360 3308

  
3361 3309
function freeradius_modulesfiles_resync() {
3362
	global $config;
3363 3310
	$conf = '';
3364 3311

  
3365 3312
	$conf .= <<<EOD
......
3389 3336
}
3390 3337

  
3391 3338
function freeradius_motp_resync() {
3392
	global $config, $bash_path;
3339
	global $bash_path;
3393 3340
	$conf = '';
3394 3341

  
3395
	$varsettings = config_get_path('installedpackages/freeradiussettings/config', []);
3342
	$varsettings = config_get_path('installedpackages/freeradiussettings/config/0', []);
3396 3343

  
3397 3344
	$varsettingsmotptimespan = ($varsettings['varsettingsmotptimespan'] ?: '2');
3398 3345
	$varsettingsmotptimespanbeforeafter = $varsettingsmotptimespan + $varsettingsmotptimespan;
......
3532 3479
}
3533 3480

  
3534 3481
function freeradius_modulesmotp_resync() {
3535
	global $config, $bash_path;
3482
	global $bash_path;
3536 3483
	$conf = '';
3537 3484

  
3538 3485
	// put the constant to a variable
......
3555 3502
}
3556 3503

  
3557 3504
function freeradius_modulesgoogleauth_resync() {
3558
	global $config;
3559 3505
	$conf = '';
3560 3506

  
3561 3507
	// put the constant to a variable
......
3585 3531
}
3586 3532

  
3587 3533
function freeradius_modulesdatacounter_resync() {
3588
	global $config;
3589 3534
	$conf = '';
3590 3535

  
3591 3536
	// put the constant to a variable
......
3618 3563
}
3619 3564

  
3620 3565
function freeradius_datacounter_auth_resync() {
3621
	global $config;
3622 3566
	$conf = '';
3623 3567

  
3624 3568
	$conf .= <<<EOD
......
3628 3572
USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z._:-]/X/g' `
3629 3573
TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' `
3630 3574

  
3631

  
3632 3575
### This is to make sure there is a used-octets file after the cronjob resetted the counter
3633 3576
if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ] && [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then
3634 3577
	echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"
......
3656 3599
}
3657 3600

  
3658 3601
function freeradius_datacounter_acct_resync() {
3659
	global $config;
3660 3602
	$conf = '';
3661 3603

  
3662 3604
	$conf .= <<<EOD
......
3715 3657
}
3716 3658

  
3717 3659
function freeradius_dictionary_resync() {
3718
	global $config;
3719 3660
	$conf = '';
3720 3661

  
3721 3662
	$conf .= <<<EOD
......
3740 3681

  
3741 3682
/* Users input validation */
3742 3683
function freeradius_validate_users($post, &$input_errors) {
3743

  
3744 3684
	// Username
3745 3685
	if (($post['varusersmotpenable'] == 'on') && !preg_match('/^[a-zA-Z0-9_.-]*$/', $post['varusersusername'])) {
3746 3686
		$input_errors[] = "The 'Username' field may only contain a-z, A-Z, 0-9, underscore, period and hyphen (regex /^[a-zA-Z0-9_.-]*$/).";
......
3948 3888

  
3949 3889
/* MACs input validation */
3950 3890
function freeradius_validate_macs($post, &$input_errors) {
3951

  
3952 3891
	// MAC Address
3953 3892
	if (!empty($post['varmacsaddress'])) {
3954 3893
		if (!preg_match('/^[0-9A-F]{2}(?:[-:][0-9A-F]{2}){5}$/i', $post['varmacsaddress'])) {
......
4111 4050

  
4112 4051
/* NAS/Clients input validation */
4113 4052
function freeradius_validate_clients($post, &$input_errors) {
4114

  
4115 4053
	// Client IP Address
4116 4054
	if ($post['varclientip'] != '*') {
4117 4055
		if (preg_match('/^(.+)\/(\d+)$/',$post['varclientip'], $matches)) {
......
4156 4094

  
4157 4095
/* Interfaces input validation */
4158 4096
function freeradius_validate_interfaces($post, &$input_errors) {
4159

  
4160 4097
	// Interface IP Address
4161 4098
	if (empty($post['varinterfaceip'])) {
4162 4099
		$input_errors[] = "The 'Interface IP Address' field must not be empty.";
......
4192 4129

  
4193 4130
/* General Settings input validation */
4194 4131
function freeradius_validate_settings($post, &$input_errors) {
4195
	global $config;
4196 4132
	// Maximum Requests Tracked
4197 4133
	if ($post['varsettingsmaxrequests'] != '' && !is_numericint($post['varsettingsmaxrequests'])) {
4198 4134
		$input_errors[] = "The 'Maximum Requests Tracked' field must contain an integer value.";
......
4290 4226

  
4291 4227
/* EAP settings input validation */
4292 4228
function freeradius_validate_eap($post, &$input_errors) {
4293

  
4294 4229
	// Disable Weak EAP Types sanity check
4295 4230
	if ($post['vareapconfdisableweakeaptypes'] == 'on') {
4296 4231
		if (in_array($post['vareapconfdefaulteaptype'], array('md5', 'gtc'))) {
......
4346 4281

  
4347 4282
/* SQL settings input validation */
4348 4283
function freeradius_validate_sql($post, &$input_errors) {
4349

  
4350 4284
	// SQL Server Address
4351 4285
	if ($post['varsqlconfincludeenable'] == 'on') {
4352 4286
		if (empty($post['varsqlconfserver'])) {
......
4460 4394

  
4461 4395
}
4462 4396

  
4463

  
4464 4397
/* LDAP settings input validation */
4465 4398
function freeradius_validate_ldap($post, &$input_errors) {
4466
	global $config;
4467

  
4468 4399
	// LDAP Server Address
4469 4400
	if ($post['varmodulesldapenableauthorize'] == 'on') {
4470 4401
		if (empty($post['varmodulesldapserver'])) {
......
4585 4516
}
4586 4517

  
4587 4518
function freeradius_plugin_certificates($pluginparams) {
4588
	global $config;
4589 4519
	$result = array();
4590 4520
	init_config_arr(array('installedpackages', 'freeradiuseapconf', 'config'));
4591
	$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
4521
	$eapconf = config_get_path('installedpackages/freeradiuseapconf/config/0', []);
4592 4522

  
4593 4523
	if (($pluginparams['type'] == 'certificates') && !empty($eapconf)) {
4594 4524
		if (($pluginparams['event'] == 'used_ca') && !empty($eapconf['ssl_ca_cert'])) {
(3-3/3)