freeradius code style and other fixes

[doktornotor]

Code style/other fixes

• Fix code style, whitespace, indentation
• Make things much more readable by leaving out the middle part of the?: ternary operator
• Replace exec() with mwexec()
• Use native PHP functions where possible/suitable
• Replace horrible code using echo redirection from shell with file_put_contents()
• Use openvpn_create_dhparams() to create DH params file
• Do not use code like exec("cd $foo; bar")
• Use full paths to executables in mwexec()
• Improve comments
• Etc. ...

Others:

• Add prominent deprecation warnings to 'Certificates' and 'EAP' tabs regarding the redundant FreeRADIUS Cert Manager feature. See https://redmine.pfsense.org/issues/7170.
• Fix Bug #6928 - "Access-Reject" not logged in MySQL radpostauth table

[rbgarga]

Replace these if statements by a simple call to unlink_if_exists() or @Unlink()

[rbgarga]

Use unlink_if_exists() instead of rm -f

[rbgarga]

I strongly believe this could be removed. MySQL package registers itself to run when /etc/rc.d/ldconfig is called by rc script

[rbgarga]

Looks like this block is not correctly indented

[rbgarga]

Not correctly indented

[rbgarga]

Use unlink_if_exists()

[rbgarga]

Use chmod()

[rbgarga]

Use unlink_if_exists()

[rbgarga]

Use unlink_if_exists()

[rbgarga]

Use chmod()

[doktornotor]

As for the "use chmod()" - it needs to be recursive where chmod -R is being used, not really an option without complicating the code even further. Roger otherwise. Thanks for taking time to read this monster :)

[rbgarga]

@doktornotor it won't complicate too much because certs directory is supposed to contain only files and not subdirectories. You can do it like:

$certs = glob(FREERADIUS_ETC . "/raddb/certs/*");
array_walk($certs, function($cert_file) {
	chmod($cert_file, 0600);
});

[doktornotor]

I'll see what I can do with that. Other than that, unlink_if_exists() does handle globbing correctly, right? (So that all the rm -f junk can be replaced.)

[rbgarga]

Yes, it handles globbing. But anyway, -f is for force removal and not recursive option

[doktornotor]

Well yeah, but the (unreadable) stuff is terminated with * in bunch of places, such as this:
/var/log/radacct/datacounter/$varusersmaxtotaloctetstimerange/used-octets-$varusersusername*
(extremely easy to miss)

Another WTF:
Do you think the recursive chown on $frlib (line 128) really serves any useful purpose now? NFC about how it got there in the first place and why.

[doktornotor]

All done minus chmod(). The array_walk() thing does not work like this (syntax error, unexpected '}') and I'd really rather leave that thing alone, just makes the code unreadable.

[rbgarga]

@doktornotor I've tested array_walk before send it to you, it works. You probably had some copy/paste issue. It's a common PHP usage and also in pfSense you can see it being used at https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php#L59

[doktornotor]

Done. (Note: Pasting from browser can screw newlines and the PHP error is not helpful at all.) So we now have 8 lines of PHP instead of two simple ones. Oh well...

[rbgarga]

Thanks! It's better to have more PHP lines than spawning shell sessions to run system binaries

[doktornotor]

Added a tiny patch for https://redmine.pfsense.org/issues/6928 (verified by a user) - and that's really all here unless some other changes are requested.