From 36f6ed351af7712b07f2e1d37155d91bc883c893 Mon Sep 17 00:00:00 2001
From: bcyrill <cyrill@bannwart.info>
Date: Mon, 2 Jul 2012 22:20:06 +0200
Subject: Use Certificate Manager in Captive Portal settings

---
 etc/inc/captiveportal.inc  | 17 ++++++++++-------
 etc/inc/certs.inc          | 14 +++++++++++++-
 etc/inc/globals.inc        |  2 +-
 etc/inc/upgrade_config.inc | 39 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 9 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 653139a..ba9d7e4 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -454,16 +454,19 @@ function captiveportal_init_webgui_zone($cpcfg) {
 	$use_fastcgi = true;
 
 	if (isset($cpcfg['httpslogin'])) {
-		$cert = base64_decode($cpcfg['certificate']);
-		if (isset($cpcfg['cacertificate']))
-			$cacert = base64_decode($cpcfg['cacertificate']);
-		else
-			$cacert = "";
-		$key = base64_decode($cpcfg['private-key']);
+		$cert = lookup_cert($cpcfg['certref']);
+		$cert_crt = base64_decode($cert['crt']);
+		$cert_prv = base64_decode($cert['prv']);
+		if (isset($cpcfg['caref'])) {
+			$ca = lookup_ca($cpcfg['caref']);
+			$ca_crt = base64_decode($ca['crt']);
+		}
+		else 
+			$ca_crt = "";
 		/* generate lighttpd configuration */
 		$listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 1);
 		system_generate_lighty_config("{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf",
-			$cert, $key, $cacert, "lighty-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal",
+			$cert_crt, $cert_prv, $ca_crt, "lighty-{$cpzone}-CaptivePortal-SSL.pid", $listenporthttps, "/usr/local/captiveportal",
 			"cert-portal.pem", "ca-portal.pem", "1", $use_fastcgi, $cpzone);
 	}
 
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index ec3227d..862e91b 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -528,12 +528,24 @@ function is_webgui_cert($certref) {
 		return true;
 }
 
+function is_captiveportal_cert($certref) {
+	global $config;
+	if (!is_array($config['captiveportal']))
+		return;
+	foreach ($config['captiveportal'] as $portal) {
+		if ($portal['enable'] && $portal['httpslogin_enable'] && ($portal['certref'] == $certref))
+			return true;
+	}
+	return false;
+}
+
 function cert_in_use($certref) {
 	return (is_webgui_cert($certref) ||
 		is_user_cert($certref) ||
 		is_openvpn_server_cert($certref) ||
 		is_openvpn_client_cert($certref) ||
-		is_ipsec_cert($certref));
+		is_ipsec_cert($certref) ||
+		is_captiveportal_cert($certref));
 }
 
 /*
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 519f28c..23c3a92 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -77,7 +77,7 @@ $g = array(
 	"disablecrashreporter" => false,
 	"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
 	"debug" => false,
-	"latest_config" => "8.8",
+	"latest_config" => "8.9",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "101",
 	"minimum_ram_warning_text" => "128 MB",
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index bd12830..88faba4 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -2883,4 +2883,43 @@ function upgrade_087_to_088() {
 		$config['system']['crypto_hardware'] = "glxsb";
 	}
 }
+
+function upgrade_088_to_089() {
+  global $config;
+  if (!is_array($config['ca']))
+    $config['ca'] = array();
+  if (!is_array($config['cert']))
+    $config['cert'] = array();
+    
+  /* migrate captive portal ssl to certifcate mngr */
+  if (is_array($config['captiveportal'])) {
+    foreach ($config['captiveportal'] as $id => &$setting) {
+      if (isset($setting['httpslogin'])) {
+        /* create cert entry */
+        $cert = array();
+        $cert['refid'] = uniqid();
+        $cert['descr'] = "Captive Portal SSL Cert - {$setting['zone']}";
+        $cert['crt'] = $setting['certificate'];
+        $cert['prv'] = $setting['private-key'];
+        $config['cert'][] = $cert;
+        
+        /* create cert reference */
+        unset($setting['certificate']);
+        unset($setting['private-key']);
+        $setting['certref'] = $cert['refid'];
+        
+        /* create ca entry */
+        $ca = array();
+        $ca['refid'] = uniqid();
+        $ca['descr'] = "Captive Portal SSL CA - {$setting['zone']}";
+        $ca['crt'] = $setting['cacertificate'];
+        $config['ca'][] = $ca;
+
+        /* create ca reference */
+        unset($setting['cacertificate']);
+        $setting['caref'] = $ca['refid'];
+      }
+    }
+  }
+}
 ?>
-- 
cgit v1.1