Commit 6b3bff0f authored by Franco Fichtner's avatar Franco Fichtner

src: start to prune varrun_path foo

Style and sanity splatter all over while at it.
parent ca9ab9b6
...@@ -203,7 +203,7 @@ function index_groups() ...@@ -203,7 +203,7 @@ function index_groups()
$groupindex = array(); $groupindex = array();
if (is_array($config['system']['group'])) { if (isset($config['system']['group'])) {
$i = 0; $i = 0;
foreach($config['system']['group'] as $groupent) { foreach($config['system']['group'] as $groupent) {
$groupindex[$groupent['name']] = $i; $groupindex[$groupent['name']] = $i;
...@@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid) ...@@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid)
{ {
global $config; global $config;
if (is_array($config['system']['group'])) { if (isset($config['system']['group'])) {
foreach ($config['system']['group'] as & $group) { foreach ($config['system']['group'] as & $group) {
if ($group['gid'] == $gid) { if ($group['gid'] == $gid) {
return $group; return $group;
...@@ -518,7 +518,8 @@ function local_user_get_groups($user, $all = false) ...@@ -518,7 +518,8 @@ function local_user_get_groups($user, $all = false)
global $config; global $config;
$groups = array(); $groups = array();
if (!is_array($config['system']['group'])) {
if (!isset($config['system']['group'])) {
return $groups; return $groups;
} }
...@@ -540,8 +541,9 @@ function local_user_set_groups($user, $new_groups = null) ...@@ -540,8 +541,9 @@ function local_user_set_groups($user, $new_groups = null)
{ {
global $config, $groupindex; global $config, $groupindex;
if (!is_array($config['system']['group'])) if (!isset($config['system']['group'])) {
return; return;
}
$cur_groups = local_user_get_groups($user, true); $cur_groups = local_user_get_groups($user, true);
$mod_groups = array(); $mod_groups = array();
...@@ -680,33 +682,31 @@ function ldap_test_connection($authcfg) ...@@ -680,33 +682,31 @@ function ldap_test_connection($authcfg)
function ldap_setup_caenv($authcfg) function ldap_setup_caenv($authcfg)
{ {
global $g;
require_once("certs.inc"); require_once("certs.inc");
unset($caref); unset($caref);
if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) { if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
putenv('LDAPTLS_REQCERT=never'); putenv('LDAPTLS_REQCERT=never');
return; return;
} else { }
$caref = lookup_ca($authcfg['ldap_caref']);
if (!$caref) { $caref = lookup_ca($authcfg['ldap_caref']);
log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref'])); if (!$caref) {
/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */ log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref']));
putenv('LDAPTLS_REQCERT=hard'); /* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
return;
}
if (!is_dir("{$g['varrun_path']}/certs"))
@mkdir("{$g['varrun_path']}/certs");
if (file_exists("{$g['varrun_path']}/certs/{$caref['refid']}.ca"))
@unlink("{$g['varrun_path']}/certs/{$caref['refid']}.ca");
file_put_contents("{$g['varrun_path']}/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
@chmod("{$g['varrun_path']}/certs/{$caref['refid']}.ca", 0600);
putenv('LDAPTLS_REQCERT=hard'); putenv('LDAPTLS_REQCERT=hard');
/* XXX: Probably even the hashed link should be created for this? */ return;
putenv("LDAPTLS_CACERTDIR={$g['varrun_path']}/certs");
putenv("LDAPTLS_CACERT={$g['varrun_path']}/certs/{$caref['refid']}.ca");
} }
@mkdir("/var/run/certs");
@unlink("/var/run/certs/{$caref['refid']}.ca");
file_put_contents("/var/run/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
@chmod("/var/run/certs/{$caref['refid']}.ca", 0600);
putenv('LDAPTLS_REQCERT=hard');
/* XXX: Probably even the hashed link should be created for this? */
putenv("LDAPTLS_CACERTDIR=/var/run/certs");
putenv("LDAPTLS_CACERT=/var/run/certs/{$caref['refid']}.ca");
} }
function ldap_test_bind($authcfg) function ldap_test_bind($authcfg)
...@@ -1261,12 +1261,14 @@ function auth_get_authserver_list() { ...@@ -1261,12 +1261,14 @@ function auth_get_authserver_list() {
return $list; return $list;
} }
function getUserGroups($username, $authcfg) { function getUserGroups($username, $authcfg)
{
global $config; global $config;
$allowed_groups = array(); $allowed_groups = array();
$member_groups = array();
switch($authcfg['type']) { switch ($authcfg['type']) {
case 'ldap': case 'ldap':
$allowed_groups = @ldap_get_groups($username, $authcfg); $allowed_groups = @ldap_get_groups($username, $authcfg);
break; break;
...@@ -1278,11 +1280,12 @@ function getUserGroups($username, $authcfg) { ...@@ -1278,11 +1280,12 @@ function getUserGroups($username, $authcfg) {
break; break;
} }
$member_groups = array(); if (isset($config['system']['group'])) {
if (is_array($config['system']['group'])) { foreach ($config['system']['group'] as $group) {
foreach ($config['system']['group'] as $group) if (in_array($group['name'], $allowed_groups)) {
if (in_array($group['name'], $allowed_groups))
$member_groups[] = $group['name']; $member_groups[] = $group['name'];
}
}
} }
return $member_groups; return $member_groups;
......
...@@ -405,7 +405,7 @@ function captiveportal_configure_zone($cpcfg) { ...@@ -405,7 +405,7 @@ function captiveportal_configure_zone($cpcfg) {
} else } else
captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']}).");
/* kill any running minicron */ /* kill any running minicron */
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid"); killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
/* initialize minicron interval value */ /* initialize minicron interval value */
$croninterval = $cpcfg['croninterval'] ? $cpcfg['croninterval'] : 60; $croninterval = $cpcfg['croninterval'] ? $cpcfg['croninterval'] : 60;
...@@ -521,19 +521,23 @@ EOD; ...@@ -521,19 +521,23 @@ EOD;
captiveportal_write_elements(); captiveportal_write_elements();
/* kill any running mini_httpd */ /* kill any running mini_httpd */
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid"); killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
/* start up the webserving daemon */ /* start up the webserving daemon */
captiveportal_init_webgui_zone($cpcfg); captiveportal_init_webgui_zone($cpcfg);
/* Kill any existing prunecaptiveportal processes */ /* Kill any existing prunecaptiveportal processes */
if (file_exists("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid")) killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
/* start pruning process (interval defaults to 60 seconds) */ /* start pruning process (interval defaults to 60 seconds) */
mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/cp_prunedb_{$cpzone}.pid " . mwexecf(
"/usr/local/etc/rc.prunecaptiveportal {$cpzone}"); '/usr/local/bin/minicron %s %s %s %s',
$croninterval,
"/var/run/cp_prunedb_{$cpzone}.pid",
'/usr/local/etc/rc.prunecaptiveportal',
$cpzone
);
/* generate radius server database */ /* generate radius server database */
unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db"); unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
...@@ -546,9 +550,9 @@ EOD; ...@@ -546,9 +550,9 @@ EOD;
} }
} else { } else {
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid"); killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid"); killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
@unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html"); @unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html"); @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html"); @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
...@@ -567,7 +571,6 @@ EOD; ...@@ -567,7 +571,6 @@ EOD;
/* Release allocated pipes for this zone */ /* Release allocated pipes for this zone */
captiveportal_free_dnrules(); captiveportal_free_dnrules();
if (empty($config['captiveportal'])) if (empty($config['captiveportal']))
set_single_sysctl("net.link.ether.ipfw", "0"); set_single_sysctl("net.link.ether.ipfw", "0");
else { else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment