From c984f274dc18671223552bd4490eab1200b07339 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 00:09:02 +0100 Subject: [PATCH 01/14] Remove unwanted freeradius restart on install/upgrade (Bug #6404) This breaks things due to restarting the service multiple times once here and more times when custom_php_resync_config_command is run on install, which in turn runs freeradius_settings_resync() which restarts the service, and then freeradius_users_resync() runs which restarts the service yet again. --- net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 8551343271b4..16ad2985d161 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -410,7 +410,6 @@ EOD; exec("ldconfig -m /usr/local/lib/mysql"); // Change owner of freeradius created files exec("chown -R root:wheel /var/log"); - restart_service("radiusd"); } function freeradius_users_resync() { From 7be36fd9a6785a23d9ea2febefb45b0e433cd540 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 00:25:49 +0100 Subject: [PATCH 02/14] Add an argument to skip service restart --- .../files/usr/local/pkg/freeradius.inc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 16ad2985d161..d53f287a342c 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -163,10 +163,9 @@ SERVICENAME="radiusd" EOD; $rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop'; write_rcfile($rcfile); - start_service("radiusd"); } -function freeradius_settings_resync() { +function freeradius_settings_resync($restart_svc = true) { global $config; $conf = ''; @@ -410,6 +409,9 @@ EOD; exec("ldconfig -m /usr/local/lib/mysql"); // Change owner of freeradius created files exec("chown -R root:wheel /var/log"); + if ($restart_svc) { + restart_service("radiusd"); + } } function freeradius_users_resync() { From b388104dfd8e35e18ebe1bf5a5e165fd09b01a37 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 00:27:49 +0100 Subject: [PATCH 03/14] Do not restart service twice on resync It will restart after freeradius_users_resync() is finished. --- net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml index 7b12ab93cb15..a5221da5f43a 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml @@ -497,7 +497,7 @@ freeradius_users_resync(); - freeradius_settings_resync(); + freeradius_settings_resync(false); sleep(1); freeradius_users_resync(); From 6519befde8757ad763b69246770f7c4506cc731e Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 00:34:52 +0100 Subject: [PATCH 04/14] Bump port version --- net/pfSense-pkg-freeradius2/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/pfSense-pkg-freeradius2/Makefile b/net/pfSense-pkg-freeradius2/Makefile index 09da081cc282..e649e38c5b44 100644 --- a/net/pfSense-pkg-freeradius2/Makefile +++ b/net/pfSense-pkg-freeradius2/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-freeradius2 -PORTVERSION= 1.7.4 +PORTVERSION= 1.7.5 CATEGORIES= net MASTER_SITES= # empty DISTFILES= # empty From 0f9126f3610d2051faa4f07ecbf85ccd352e15b9 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 00:59:19 +0100 Subject: [PATCH 05/14] Fix XMLRPC sync madness that was restarting the service 4 times --- .../files/usr/local/pkg/freeradius.inc | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index d53f287a342c..645235bd9e2c 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -414,7 +414,7 @@ EOD; } } -function freeradius_users_resync() { +function freeradius_users_resync($via_rpc = "no") { global $config; $conf = ''; @@ -635,11 +635,13 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - restart_service('radiusd'); + if ($via_rpc == "no") { + restart_service('radiusd'); + } } -function freeradius_authorizedmacs_resync() { +function freeradius_authorizedmacs_resync($via_rpc = "no") { global $config; $conf = ''; @@ -829,7 +831,9 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - restart_service('radiusd'); + if ($via_rpc == "no") { + restart_service('radiusd'); + } } function freeradius_clients_resync() { @@ -2759,14 +2763,12 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncpo // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) // Adding more functions will increase the to sync function freeradius_all_after_XMLRPC_resync() { - - freeradius_users_resync(); - freeradius_authorizedmacs_resync(); + // Only (re)start the service once by passing $via_rpc = 'yes' to the below function calls + freeradius_users_resync('yes'); + freeradius_authorizedmacs_resync('yes'); freeradius_clients_resync(); log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); - - exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart"); } function freeradius_modulescounter_resync() { From 57204cc8cbc262f40629c4d506b84d2ca2e3e842 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 01:28:48 +0100 Subject: [PATCH 06/14] Do not restart when booting either --- .../files/usr/local/pkg/freeradius.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 645235bd9e2c..1dde1cae8c50 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -635,7 +635,9 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - if ($via_rpc == "no") { + // Do not restart on boot + // Will get restarted later by freeradius_clients_resync() if called via XMLRPC sync + if ($via_rpc == "no" && !platform_booting()) { restart_service('radiusd'); } } From 98597de840de49668a9bcc75bc3e2356463d6ef5 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 05:35:09 +0100 Subject: [PATCH 07/14] Remove an evil recursive chown call on /var/log --- net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 1dde1cae8c50..07e7fd625722 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -407,8 +407,7 @@ EOD; // This is to fix the mysqlclient.so which gets lost after reboot exec("ldconfig -m /usr/local/lib/mysql"); - // Change owner of freeradius created files - exec("chown -R root:wheel /var/log"); + if ($restart_svc) { restart_service("radiusd"); } From 22fe45268fc2a14f6c633f342459557c4d729c68 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 10:39:26 +0100 Subject: [PATCH 08/14] Stop creating a symlink to itself instead of /usr/local/etc/raddb directory Probably some leftover from 2.2.x/PBI junk. --- .../files/usr/local/pkg/freeradius.inc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 07e7fd625722..deda00240fdf 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -75,8 +75,11 @@ function freeradius_install_command() { @mkdir("/var/log/radacct/timecounter", 0755, true); @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true); - unlink_if_exists("/usr/local/etc/raddb"); - @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb"); + // Previous package versions were creating a symlink targeting itself here + if (is_link(FREERADIUS_ETC . "/raddb")) { + unlink(FREERADIUS_ETC . "/raddb"); + } + safe_mkdir(FREERADIUS_ETC . "/raddb"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct"); From 17751368a13b95870bf3621f7f261c154ac1dee7 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 10:55:00 +0100 Subject: [PATCH 09/14] Use safe_mkdir() and PHP functions here, fix a broken check --- .../files/usr/local/pkg/freeradius.inc | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index deda00240fdf..12d05265827a 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -176,12 +176,20 @@ function freeradius_settings_resync($restart_svc = true) { $varFREERADIUS_BASE = FREERADIUS_BASE; // We do some checks of some folders which will be deleted after reboot on nanobsd systems - if (!file_exists("/var/log/radacct/")) { exec("mkdir /var/log/radacct"); } - if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); } - if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); } - if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } - if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } - if (!file_exists("/var/log/radacct/")) { exec("chown -R root:wheel /var/log/radacct"); } + safe_mkdir("/var/log/radacct/datacounter/daily"); + safe_mkdir("/var/log/radacct/datacounter/weekly"); + safe_mkdir("/var/log/radacct/datacounter/monthly"); + safe_mkdir("/var/log/radacct/datacounter/forever"); + safe_mkdir("/var/log/radacct/timecounter"); + if (!file_exists("/var/log/radutmp")) { + touch("/var/log/radutmp"); + } + if (!file_exists("/var/log/radwtmp")) { + touch("/var/log/radwtmp"); + } + if (is_dir("/var/log/radacct/")) { + exec("chown -R root:wheel /var/log/radacct"); + } $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; From eb54fa86d291eaa3ff30e26b223784c6eefb7be3 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 11:05:52 +0100 Subject: [PATCH 10/14] Sanitize and fix recursive chown usage If $frlib was empty, the code would run chown -R on the entire /usr/local/lib. Create a function with sanity checks, use PHP's chown()/chgrp() functions instead of exec() and refuse to recursively chown invalid targets. --- .../files/usr/local/pkg/freeradius.inc | 52 ++++++++++++++----- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 12d05265827a..79ca3a93394e 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -39,16 +39,17 @@ define('FREERADIUS_LIB', FREERADIUS_BASE . '/lib'); define('FREERADIUS_ETC', FREERADIUS_BASE . '/etc'); // Check freeradius lib version - $frlib=""; - if (file_exists(FREERADIUS_LIB)) { + $frlib = ""; + if (is_dir(FREERADIUS_LIB)) { $libfiles = scandir(FREERADIUS_LIB); - foreach ($libfiles as $libfile){ - if (preg_match("/freeradius-/",$libfile)) - $frlib=FREERADIUS_LIB . '/' . $libfile; + foreach ($libfiles as $libfile) { + if (preg_match("/freeradius-/", $libfile)) { + $frlib = FREERADIUS_LIB . '/' . $libfile; + } } } - if ($frlib == ""){ - log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_LIB); + if ($frlib == "") { + log_error("freeRADIUS - No freeradius libs found on " . FREERADIUS_LIB); } function freeradius_deinstall_command() { @@ -64,6 +65,29 @@ function freeradius_deinstall_command() { return; } +function freeradius_chown_recursive($dir, $user = "root", $group = "wheel") { + if (empty($dir) || ($dir == '/') || ($dir == '/usr/local') || ($dir == '/usr/local/etc') || ($dir == '/usr/local/lib') || ($dir == '/var/log') || !is_dir($dir)) { + log_error(gettext("[freeradius] Attempted to recursively chown an invalid directory: '{$dir}'")); + return; + } + chown($dir, $user); + chgrp($dir, $group); + $handle = opendir($dir); + if ($handle) { + while (($item = readdir($handle)) !== false) { + if (!empty($item) && ($item != ".") && ($item != "..")) { + $path = "{$dir}/{$item}"; + if (is_file($path)) { + chown($path, $user); + chgrp($path, $group); + } + } + } + } else { + log_error(gettext("[freedarius] freeradius_chown_recursive() call failed; permissions not set for directory: '{$dir}'")); + } +} + function freeradius_install_command() { global $config, $frlib; @@ -82,9 +106,10 @@ function freeradius_install_command() { safe_mkdir(FREERADIUS_ETC . "/raddb"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } - exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct"); - if (file_exists($frlib)) { - exec("chown -R root:wheel {$frlib}"); + freeradius_chown_recursive(FREERADIUS_ETC . "/raddb"); + freeradius_chown_recursive("/var/log/radacct"); + if (is_dir($frlib)) { + freeradius_chown_recursive($frlib); } // creating a backup file of the original policy.conf no matter if user checked this or not @@ -187,9 +212,6 @@ function freeradius_settings_resync($restart_svc = true) { if (!file_exists("/var/log/radwtmp")) { touch("/var/log/radwtmp"); } - if (is_dir("/var/log/radacct/")) { - exec("chown -R root:wheel /var/log/radacct"); - } $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; @@ -418,6 +440,10 @@ EOD; // This is to fix the mysqlclient.so which gets lost after reboot exec("ldconfig -m /usr/local/lib/mysql"); + // Change owner of freeradius created files + if (is_dir("/var/log/radacct/")) { + freeradius_chown_recursive("/var/log/radacct"); + } if ($restart_svc) { restart_service("radiusd"); From bca40752d95ae18e562fb529ecdfaf2052b7fb58 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 11:15:28 +0100 Subject: [PATCH 11/14] Use safe_mkdir() and PHP functions here to match freeradius_settings_resync() --- .../files/usr/local/pkg/freeradius.inc | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 79ca3a93394e..879660599a5f 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -92,20 +92,23 @@ function freeradius_install_command() { global $config, $frlib; // We create here different folders for different counters. - @mkdir("/var/log/radacct/datacounter/daily", 0755, true); - @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); - @mkdir("/var/log/radacct/datacounter/monthly", 0755, true); - @mkdir("/var/log/radacct/datacounter/forever", 0755, true); - @mkdir("/var/log/radacct/timecounter", 0755, true); - @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true); + safe_mkdir("/var/log/radacct/datacounter/daily"); + safe_mkdir("/var/log/radacct/datacounter/weekly"); + safe_mkdir("/var/log/radacct/datacounter/monthly"); + safe_mkdir("/var/log/radacct/datacounter/forever"); + safe_mkdir("/var/log/radacct/timecounter"); + if (!file_exists("/var/log/radutmp")) { + touch("/var/log/radutmp"); + } + if (!file_exists("/var/log/radwtmp")) { + touch("/var/log/radwtmp"); + } // Previous package versions were creating a symlink targeting itself here if (is_link(FREERADIUS_ETC . "/raddb")) { unlink(FREERADIUS_ETC . "/raddb"); } - safe_mkdir(FREERADIUS_ETC . "/raddb"); - if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } - if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } + safe_mkdir(FREERADIUS_ETC . "/raddb/scripts"); freeradius_chown_recursive(FREERADIUS_ETC . "/raddb"); freeradius_chown_recursive("/var/log/radacct"); if (is_dir($frlib)) { From 960e97ae53c3f477edd26739aba7e3ff0048c63c Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 11:28:46 +0100 Subject: [PATCH 12/14] Prevent install failure if unlink() fails here --- net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 879660599a5f..949e1ffc32f3 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -106,7 +106,7 @@ function freeradius_install_command() { // Previous package versions were creating a symlink targeting itself here if (is_link(FREERADIUS_ETC . "/raddb")) { - unlink(FREERADIUS_ETC . "/raddb"); + @unlink(FREERADIUS_ETC . "/raddb"); } safe_mkdir(FREERADIUS_ETC . "/raddb/scripts"); freeradius_chown_recursive(FREERADIUS_ETC . "/raddb"); From de8f640429e952b003d837f1172307e9194a83c4 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 12:34:44 +0100 Subject: [PATCH 13/14] Use boolean for $via_rpc --- .../files/usr/local/pkg/freeradius.inc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index 949e1ffc32f3..ea1f9999727f 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -453,7 +453,7 @@ EOD; } } -function freeradius_users_resync($via_rpc = "no") { +function freeradius_users_resync($via_rpc = false) { global $config; $conf = ''; @@ -676,13 +676,13 @@ EOD; freeradius_sync_on_changes(); // Do not restart on boot // Will get restarted later by freeradius_clients_resync() if called via XMLRPC sync - if ($via_rpc == "no" && !platform_booting()) { + if ($via_rpc === false && !platform_booting()) { restart_service('radiusd'); } } -function freeradius_authorizedmacs_resync($via_rpc = "no") { +function freeradius_authorizedmacs_resync($via_rpc = false) { global $config; $conf = ''; @@ -872,7 +872,7 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - if ($via_rpc == "no") { + if ($via_rpc === false) { restart_service('radiusd'); } } @@ -2804,9 +2804,9 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncpo // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) // Adding more functions will increase the to sync function freeradius_all_after_XMLRPC_resync() { - // Only (re)start the service once by passing $via_rpc = 'yes' to the below function calls - freeradius_users_resync('yes'); - freeradius_authorizedmacs_resync('yes'); + // Only (re)start the service once by passing $via_rpc = true to the below function calls + freeradius_users_resync(true); + freeradius_authorizedmacs_resync(true); freeradius_clients_resync(); log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); From af938f7d085c75cc49ff30994444f44dc2a0540f Mon Sep 17 00:00:00 2001 From: doktornotor Date: Thu, 26 Jan 2017 13:53:40 +0100 Subject: [PATCH 14/14] Add $restart_svc argument to more functions Needed to avoid more restarts madness --- .../files/usr/local/pkg/freeradius.inc | 45 +++++++++++++------ 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc index ea1f9999727f..36ac81da0022 100644 --- a/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc +++ b/net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc @@ -38,6 +38,17 @@ $bash_path = FREERADIUS_BASE . "/bin/bash"; define('FREERADIUS_LIB', FREERADIUS_BASE . '/lib'); define('FREERADIUS_ETC', FREERADIUS_BASE . '/etc'); +/* + * List of functions that directly call restart_service('radiusd') + * (with optional parameters to be passed to avoid that behaviour) + * freeradius_settings_resync($restart_svc = true) + * freeradius_users_resync($via_rpc = false) + * freeradius_authorizedmacs_resync($restart_svc = true, $via_rpc = false) + * freeradius_clients_resync($restart_svc = true) + * freeradius_eapconf_resync($restart_svc = true) + * freeradius_modulesldap_resync($restart_svc = true) +*/ + // Check freeradius lib version $frlib = ""; if (is_dir(FREERADIUS_LIB)) { @@ -132,7 +143,7 @@ function freeradius_install_command() { if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); } // We run this here just to suppress some warnings on syslog if file doesn't exist - freeradius_authorizedmacs_resync(); + freeradius_authorizedmacs_resync(false, false); // These two functions create the module and the dictionary entry for Mobile-One-Time-Password freeradius_dictionary_resync(); @@ -150,9 +161,9 @@ function freeradius_install_command() { // Initialize some config files - the functions below call other functions freeradius_sqlconf_resync(); - freeradius_eapconf_resync(); - freeradius_clients_resync(); - freeradius_modulesldap_resync(); + freeradius_eapconf_resync(false); + freeradius_clients_resync(false); + freeradius_modulesldap_resync(false); $rcfile = array(); $rcfile['file'] = 'radiusd.sh'; @@ -682,7 +693,7 @@ EOD; } -function freeradius_authorizedmacs_resync($via_rpc = false) { +function freeradius_authorizedmacs_resync($restart_svc = true, $via_rpc = false) { global $config; $conf = ''; @@ -872,12 +883,12 @@ EOD; conf_mount_ro(); freeradius_sync_on_changes(); - if ($via_rpc === false) { + if ($restart_svc === true && $via_rpc === false) { restart_service('radiusd'); } } -function freeradius_clients_resync() { +function freeradius_clients_resync($restart_svc = true) { global $config; $conf = ''; @@ -947,7 +958,7 @@ EOD; -function freeradius_eapconf_resync() { +function freeradius_eapconf_resync($restart_svc = true) { global $config; // We make this write enabled here because embedded systems need to write certs in ../raddb/certs/ folder conf_mount_rw(); @@ -1020,7 +1031,7 @@ function freeradius_eapconf_resync() { // This is for the pfsense cert manager // Depends on "freeradius_get_server_certs" and "freeradius_get_ca_certs" -if ($eapconf['vareapconfchoosecertmanager'] == 'on') { + if ($eapconf['vareapconfchoosecertmanager'] == 'on') { $ca_cert = lookup_ca($eapconf["ssl_ca_cert"]); if ($ca_cert != false) { @@ -1194,7 +1205,9 @@ EOD; chmod($filename, 0640); conf_mount_ro(); - restart_service('radiusd'); + if ($restart_svc) { + restart_service('radiusd'); + } } // Gets started from freeradiuseapconf.xml @@ -2804,9 +2817,11 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncpo // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users) // Adding more functions will increase the to sync function freeradius_all_after_XMLRPC_resync() { - // Only (re)start the service once by passing $via_rpc = true to the below function calls + // Only (re)start the service once by passing $restart_svc = false + // and/or $via_rpc = true to the below function calls freeradius_users_resync(true); - freeradius_authorizedmacs_resync(true); + // Do not restart service + freeradius_authorizedmacs_resync(false, true); freeradius_clients_resync(); log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); @@ -3079,7 +3094,7 @@ EOD; } -function freeradius_modulesldap_resync() { +function freeradius_modulesldap_resync($restart_svc = true) { global $config; $conf = ''; @@ -3684,7 +3699,9 @@ EOD; // We need to rebuild "freeradius_serverdefault_resync" before restart service // "freeradius_serverdefault_resync" needs to restart other dependencies so we are pointing directly to "freeradius_settings_resync()" freeradius_serverdefault_resync(); - restart_service("radiusd"); + if ($restart_svc) { + restart_service("radiusd"); + } }