diff options
| author | bcyrill <cyrill@bannwart.info> | 2012-07-02 22:20:06 +0200 |
|---|---|---|
| committer | bcyrill <cyrill@bannwart.info> | 2012-07-02 22:20:06 +0200 |
| commit | 36f6ed351af7712b07f2e1d37155d91bc883c893 (patch) | |
| tree | c1bac956558b822fa40617a70d4f9ce3f00c2932 /etc | |
| parent | e0a45ce03c033d40afbcd9a64b16dc686a000465 (diff) | |
| download | pfsense-36f6ed351af7712b07f2e1d37155d91bc883c893.zip pfsense-36f6ed351af7712b07f2e1d37155d91bc883c893.tar.gz | |
Use Certificate Manager in Captive Portal settings
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 17 | ||||
| -rw-r--r-- | etc/inc/certs.inc | 14 | ||||
| -rw-r--r-- | etc/inc/globals.inc | 2 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 39 |
4 files changed, 63 insertions, 9 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 653139a..ba9d7e4 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -454,16 +454,19 @@ function captiveportal_init_webgui_zone($cpcfg) { $use_fastcgi = true; if (isset($cpcfg['httpslogin'])) { - $cert = base64_decode($cpcfg['certificate']); - if (isset($cpcfg['cacertificate'])) - $cacert = base64_decode($cpcfg['cacertificate']); - else - $cacert = ""; - $key = base64_decode($cpcfg['private-key']); + $cert = lookup_cert($cpcfg['certref']); + $cert_crt = base64_decode($cert['crt']); + $cert_prv = base64_decode($cert['prv']); + if (isset($cpcfg['caref'])) { + $ca = lookup_ca($cpcfg['caref']); + $ca_crt = base64_decode($ca['crt']); + } + else + $ca_crt = ""; /* generate lighttpd configuration */ $listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 1); system_generate_lighty_config("{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf", - $cert, $key, $cacert, "lighty-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal", + $cert_crt, $cert_prv, $ca_crt, "lighty-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal", "cert-portal.pem", "ca-portal.pem", "1", $use_fastcgi, $cpzone); } diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index ec3227d..862e91b 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -528,12 +528,24 @@ function is_webgui_cert($certref) { return true; } +function is_captiveportal_cert($certref) { + global $config; + if (!is_array($config['captiveportal'])) + return; + foreach ($config['captiveportal'] as $portal) { + if ($portal['enable'] && $portal['httpslogin_enable'] && ($portal['certref'] == $certref)) + return true; + } + return false; +} + function cert_in_use($certref) { return (is_webgui_cert($certref) || is_user_cert($certref) || is_openvpn_server_cert($certref) || is_openvpn_client_cert($certref) || - is_ipsec_cert($certref)); + is_ipsec_cert($certref) || + is_captiveportal_cert($certref)); } /* diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 519f28c..23c3a92 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,7 +77,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "8.8", + "latest_config" => "8.9", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index bd12830..88faba4 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2883,4 +2883,43 @@ function upgrade_087_to_088() { $config['system']['crypto_hardware'] = "glxsb"; } } + +function upgrade_088_to_089() { + global $config; + if (!is_array($config['ca'])) + $config['ca'] = array(); + if (!is_array($config['cert'])) + $config['cert'] = array(); + + /* migrate captive portal ssl to certifcate mngr */ + if (is_array($config['captiveportal'])) { + foreach ($config['captiveportal'] as $id => &$setting) { + if (isset($setting['httpslogin'])) { + /* create cert entry */ + $cert = array(); + $cert['refid'] = uniqid(); + $cert['descr'] = "Captive Portal SSL Cert - {$setting['zone']}"; + $cert['crt'] = $setting['certificate']; + $cert['prv'] = $setting['private-key']; + $config['cert'][] = $cert; + + /* create cert reference */ + unset($setting['certificate']); + unset($setting['private-key']); + $setting['certref'] = $cert['refid']; + + /* create ca entry */ + $ca = array(); + $ca['refid'] = uniqid(); + $ca['descr'] = "Captive Portal SSL CA - {$setting['zone']}"; + $ca['crt'] = $setting['cacertificate']; + $config['ca'][] = $ca; + + /* create ca reference */ + unset($setting['cacertificate']); + $setting['caref'] = $ca['refid']; + } + } + } +} ?> |
