Fix an issue with MAC rewriting policy; Make a better effort to store…

… auto-generated FreeRADIUS cert info to avoid duplication.
pfsense · Aug 29, 2017 · 592cbf3 · 592cbf3
1 parent 12e3b0d
commit 592cbf3
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 21 deletions.
diff --git a/net/pfSense-pkg-freeradius3/Makefile b/net/pfSense-pkg-freeradius3/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-freeradius3
-PORTVERSION=	0.12
+PORTVERSION=	0.13
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradius.inc b/net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradius.inc
@@ -1074,11 +1074,10 @@ function freeradius_eapconf_resync($restart_svc = true) {
 	global $config;
 	$conf = '';
 
-	if (is_array($config['installedpackages']['freeradiuseapconf']['config'][0])) {
-		$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
-	} else {
-		$eapconf = array();
+	if (!is_array($config['installedpackages']['freeradiuseapconf']['config'][0])) {
+		$config['installedpackages']['freeradiuseapconf']['config'][0] = array();
 	}
+	$eapconf = & $config['installedpackages']['freeradiuseapconf']['config'][0];
 
 	// Disable weak EAP types like MD5, GTC, LEAP
 	if ($eapconf['vareapconfdisableweakeaptypes'] == '') {
@@ -3256,7 +3255,7 @@ function freeradius_plainmacauth_resync() {
 function freeradius_policyd_resync() {
 	$conf = <<<EOD
 pfs_rewrite_calling_station_id {
-	if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
+	if (&Calling-Station-Id && (&Calling-Station-Id =~ /^\${policy.mac-addr-regexp}\$/i)) {
 		update request {
 			&Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
 		}
@@ -4066,21 +4065,6 @@ function freeradius_validate_interfaces($post, &$input_errors) {
 /* General Settings input validation */
 function freeradius_validate_settings($post, &$input_errors) {
 	global $config;
-	// Force users to configure certificates for EAP
-	if (is_array($config['installedpackages']['freeradiuseapconf']['config'][0])) {
-		$eapconf = $config['installedpackages']['freeradiuseapconf']['config'][0];
-	} else {
-		$input_errors[] = "Please, configure and save EAP settings first. Note that setting the SSL CA/Server Certificate is required.";
-		$eapconf = array();
-	}
-/*
-	if ($eapconf['ssl_ca_cert'] == 'none') {
-		$input_errors[] = "Please, configure the 'SSL CA Certificate' on the EAP tab first and save settings there.";
-	}
-	if ($eapconf['ssl_server_cert'] == 'none') {
-		$input_errors[] = "Please, configure the 'SSL Server Certificate' on the EAP tab first and save settings there.";
-	}
-*/
 	// Maximum Requests Tracked
 	if ($post['varsettingsmaxrequests'] != '' && !is_numericint($post['varsettingsmaxrequests'])) {
 		$input_errors[] = "The 'Maximum Requests Tracked' field must contain an integer value.";

diff --git a/net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradiussettings.xml b/net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradiussettings.xml
@@ -519,6 +519,7 @@
 		freeradius_settings_resync();
 	</custom_delete_php_command>
 	<custom_php_resync_config_command>
+		freeradius_eapconf_resync(false);
 		freeradius_settings_resync();
 	</custom_php_resync_config_command>
 	<custom_php_validation_command>