freeradius service handling fixes (Bug #6404), fix chown handling and various bugs

net/pfSense-pkg-freeradius2/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-freeradius2
-PORTVERSION=	1.7.4
+PORTVERSION=	1.7.5
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.inc

@@ -39,16 +39,17 @@ define('FREERADIUS_LIB', FREERADIUS_BASE . '/lib');
 define('FREERADIUS_ETC', FREERADIUS_BASE . '/etc');
 
 // Check freeradius lib version
-	$frlib="";
-	if (file_exists(FREERADIUS_LIB)) {
+	$frlib = "";
+	if (is_dir(FREERADIUS_LIB)) {
 		$libfiles = scandir(FREERADIUS_LIB);
-		foreach ($libfiles as $libfile){
-			if (preg_match("/freeradius-/",$libfile))
-				$frlib=FREERADIUS_LIB . '/' . $libfile;
+		foreach ($libfiles as $libfile) {
+			if (preg_match("/freeradius-/", $libfile)) {
+				$frlib = FREERADIUS_LIB . '/' . $libfile;
+			}
 		}
 	}
-	if ($frlib == ""){
-		log_error("freeRADIUS - No freeradius lib found on ".FREERADIUS_LIB);
+	if ($frlib == "") {
+		log_error("freeRADIUS - No freeradius libs found on " . FREERADIUS_LIB);
 	}
 
 function freeradius_deinstall_command() {
@@ -64,24 +65,54 @@ function freeradius_deinstall_command() {
 	return;
 }
 
+function freeradius_chown_recursive($dir, $user = "root", $group = "wheel") {
+	if (empty($dir) || ($dir == '/') || ($dir == '/usr/local') || ($dir == '/usr/local/etc') || ($dir == '/usr/local/lib') || ($dir == '/var/log') || !is_dir($dir)) {
+		log_error(gettext("[freeradius] Attempted to recursively chown an invalid directory: '{$dir}'"));
+		return;
+	}
+	chown($dir, $user);
+	chgrp($dir, $group);
+	$handle = opendir($dir);
+	if ($handle) {
+		while (($item = readdir($handle)) !== false) {
+			if (!empty($item) && ($item != ".") && ($item != "..")) {
+				$path = "{$dir}/{$item}";
+				if (is_file($path)) {
+					chown($path, $user);
+					chgrp($path, $group);
+				}
+			}
+		}
+	} else {
+		log_error(gettext("[freedarius] freeradius_chown_recursive() call failed; permissions not set for directory: '{$dir}'"));
+	}
+}
+
 function freeradius_install_command() {
 	global $config, $frlib;
 
 	// We create here different folders for different counters.
-	@mkdir("/var/log/radacct/datacounter/daily", 0755, true);
-	@mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
-	@mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
-	@mkdir("/var/log/radacct/datacounter/forever", 0755, true);
-	@mkdir("/var/log/radacct/timecounter", 0755, true);
-	@mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
-
-	unlink_if_exists("/usr/local/etc/raddb");
-	@symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
-	if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
-	if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
-	exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
-	if (file_exists($frlib)) {
-		exec("chown -R root:wheel {$frlib}");
+	safe_mkdir("/var/log/radacct/datacounter/daily");
+	safe_mkdir("/var/log/radacct/datacounter/weekly");
+	safe_mkdir("/var/log/radacct/datacounter/monthly");
+	safe_mkdir("/var/log/radacct/datacounter/forever");
+	safe_mkdir("/var/log/radacct/timecounter");
+	if (!file_exists("/var/log/radutmp")) {
+		touch("/var/log/radutmp");
+	}
+	if (!file_exists("/var/log/radwtmp")) {
+		touch("/var/log/radwtmp");
+	}
+
+	// Previous package versions were creating a symlink targeting itself here
+	if (is_link(FREERADIUS_ETC . "/raddb")) {
+		@unlink(FREERADIUS_ETC . "/raddb");
+	}
+	safe_mkdir(FREERADIUS_ETC . "/raddb/scripts");
+	freeradius_chown_recursive(FREERADIUS_ETC . "/raddb");
+	freeradius_chown_recursive("/var/log/radacct");
+	if (is_dir($frlib)) {
+		freeradius_chown_recursive($frlib);
 	}
 
 	// creating a backup file of the original policy.conf no matter if user checked this or not
@@ -163,23 +194,27 @@ SERVICENAME="radiusd"
 EOD;
 	$rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop';
 	write_rcfile($rcfile);
-	start_service("radiusd");
 }
 
-function freeradius_settings_resync() {
+function freeradius_settings_resync($restart_svc = true) {
 	global $config;
 	$conf = '';
 
 	// put the constant to a variable
 	$varFREERADIUS_BASE = FREERADIUS_BASE;
 
 	// We do some checks of some folders which will be deleted after reboot on nanobsd systems
-	if (!file_exists("/var/log/radacct/")) { exec("mkdir /var/log/radacct"); }
-	if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); }
-	if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); }
-	if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
-	if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
-	if (!file_exists("/var/log/radacct/")) { exec("chown -R root:wheel /var/log/radacct"); }
+	safe_mkdir("/var/log/radacct/datacounter/daily");
+	safe_mkdir("/var/log/radacct/datacounter/weekly");
+	safe_mkdir("/var/log/radacct/datacounter/monthly");
+	safe_mkdir("/var/log/radacct/datacounter/forever");
+	safe_mkdir("/var/log/radacct/timecounter");
+	if (!file_exists("/var/log/radutmp")) {
+		touch("/var/log/radutmp");
+	}
+	if (!file_exists("/var/log/radwtmp")) {
+		touch("/var/log/radwtmp");
+	}
 
 	$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
 
@@ -409,11 +444,16 @@ EOD;
 	// This is to fix the mysqlclient.so which gets lost after reboot
 	exec("ldconfig -m /usr/local/lib/mysql");
 	// Change owner of freeradius created files
-	exec("chown -R root:wheel /var/log");
-	restart_service("radiusd");
+	if (is_dir("/var/log/radacct/")) {
+		freeradius_chown_recursive("/var/log/radacct");
+	}
+
+	if ($restart_svc) {
+		restart_service("radiusd");
+	}
 }
 
-function freeradius_users_resync() {
+function freeradius_users_resync($via_rpc = "no") {
 global $config;
 
 $conf = '';
@@ -634,11 +674,15 @@ EOD;
 	conf_mount_ro();
 
 	freeradius_sync_on_changes();
-	restart_service('radiusd');
+	// Do not restart on boot
+	// Will get restarted later by freeradius_clients_resync() if called via XMLRPC sync
+	if ($via_rpc == "no" && !platform_booting()) {
+		restart_service('radiusd');
+	}
 }
 
 
-function freeradius_authorizedmacs_resync() {
+function freeradius_authorizedmacs_resync($via_rpc = "no") {
 global $config;
 
 $conf = '';
@@ -828,7 +872,9 @@ EOD;
 	conf_mount_ro();
 
 	freeradius_sync_on_changes();
-	restart_service('radiusd');
+	if ($via_rpc == "no") {
+		restart_service('radiusd');
+	}
 }
 
 function freeradius_clients_resync() {
@@ -2758,14 +2804,12 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncpo
 // This function restarts all other needed functions after XMLRPC so that the content of .XML + .INC will be written in the files (clients.conf, users)
 // Adding more functions will increase the to sync
 function freeradius_all_after_XMLRPC_resync() {
-
-	freeradius_users_resync();
-	freeradius_authorizedmacs_resync();
+	// Only (re)start the service once by passing $via_rpc = 'yes' to the below function calls
+	freeradius_users_resync('yes');
+	freeradius_authorizedmacs_resync('yes');
 	freeradius_clients_resync();
 
 	log_error("[FreeRADIUS]: Finished XMLRPC process. It should be OK. For more information look at the host which started sync.");
-
-	exec(FREERADIUS_ETC . "/rc.d/radiusd onerestart");
 }
 
 function freeradius_modulescounter_resync() {

net/pfSense-pkg-freeradius2/files/usr/local/pkg/freeradius.xml

@@ -497,7 +497,7 @@
 		freeradius_users_resync();
 	</custom_delete_php_command>
 	<custom_php_resync_config_command>
-		freeradius_settings_resync();
+		freeradius_settings_resync(false);
 		sleep(1);
 		freeradius_users_resync();
 	</custom_php_resync_config_command>