-
Notifications
You must be signed in to change notification settings - Fork 589
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
freeradius code style and other fixes #272
Conversation
…precation warning here See https://redmine.pfsense.org/issues/7170
…deprecation warning about FreeRADIUS Cert Manager here See https://redmine.pfsense.org/issues/7170
} | ||
if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { | ||
unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace these if statements by a simple call to unlink_if_exists() or @Unlink()
// Deletes virtual-server coa by default. Will be re-enabled if there is an interface-type "coa" | ||
exec("rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/coa"); | ||
// Deletes virtual-server coa by default. Will be re-enabled if there is an interface-type "coa" | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/sites-enabled/coa"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use unlink_if_exists() instead of rm -f
// This is to fix the mysqlclient.so which gets lost after reboot | ||
exec("ldconfig -m /usr/local/lib/mysql"); | ||
// XXX: Probably some PBI leftover, remove? | ||
mwexec("/sbin/ldconfig -m /usr/local/lib/mysql"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I strongly believe this could be removed. MySQL package registers itself to run when /etc/rc.d/ldconfig is called by rc script
|
||
$arrusers = $config['installedpackages']['freeradius']['config']; | ||
// Variables for users file defined parameters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this block is not correctly indented
foreach ($arrmacs as $macs) { | ||
|
||
// Variables for authorized_macs file defined parameters | ||
$varmacsaddress = $macs['varmacsaddress']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not correctly indented
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/client.crt"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/client.key"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/client.pem"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use unlink_if_exists()
mwexec("/usr/bin/tar -C " . FREERADIUS_ETC . "/raddb/certs -cf " . FREERADIUS_ETC . "/raddb/certs/client.tar client.crt client.csr client.key ca.der client.pem"); | ||
|
||
// Make all files in certs folder read/write only for root | ||
mwexec("/bin/chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use chmod()
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/index*"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/dh"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/random"); | ||
mwexec("/bin/rm -f " . FREERADIUS_ETC . "/raddb/certs/client.tar"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use unlink_if_exists()
// this command deletes the pfsense_cert_mgr checkfile so when we change back to pfsense cert manager a new DH + random file will be created | ||
if (file_exists(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr")) { | ||
unlink(FREERADIUS_ETC . "/raddb/certs/pfsense_cert_mgr"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use unlink_if_exists()
|
||
// tar client-cert files | ||
mwexec("/usr/bin/tar -C " . FREERADIUS_ETC . "/raddb/certs -cf " . FREERADIUS_ETC . "/raddb/certs/client.tar client.crt client.csr client.key ca.der client.pem"); | ||
mwexec("/bin/chmod -R 0600 " . FREERADIUS_ETC . "/raddb/certs/"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use chmod()
As for the "use chmod()" - it needs to be recursive where |
@doktornotor it won't complicate too much because certs directory is supposed to contain only files and not subdirectories. You can do it like:
|
I'll see what I can do with that. Other than that, |
Yes, it handles globbing. But anyway, -f is for force removal and not recursive option |
Well yeah, but the (unreadable) stuff is terminated with Another WTF: |
All done minus chmod(). The array_walk() thing does not work like this ( |
@doktornotor I've tested array_walk before send it to you, it works. You probably had some copy/paste issue. It's a common PHP usage and also in pfSense you can see it being used at https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php#L59 |
Done. (Note: Pasting from browser can screw newlines and the PHP error is not helpful at all.) So we now have 8 lines of PHP instead of two simple ones. Oh well... |
Thanks! It's better to have more PHP lines than spawning shell sessions to run system binaries |
Confirmed working by a user in https://redmine.pfsense.org/issues/6928#note-5
Added a tiny patch for https://redmine.pfsense.org/issues/6928 (verified by a user) - and that's really all here unless some other changes are requested. |
ChangeLog: [decof/du/tru64] Remove support because the os is no longer updated for more than 10 years [openstep/nextstep] Remove support because the os is no longer updated for more than 20 years Add experimental build system based on Autotools (#270) Fixed LTsock testing on darwin (#272) Remove NEW and OLD folders (#6) Fix FreeBSD testcases (#271) Rewrite documentation and publish at https://lsof.readthedocs.io/
2.2.1 2023-01-20 Detect tables used in the query of a PREPARE statement (#273) Expose recursive walk functionality via walk! (#268) Retain schema in name when parsing out functions (#272) https://github.com/pganalyze/pg_query/blob/main/CHANGELOG.md
Code style/other fixes
?:
ternary operatorexec("cd $foo; bar")
Others: