#
# old_revision [3edab012da616ce157be76d8fe9ac9495cf006f0]
#
# patch "pf/conf/documentation.conf"
#  from [c9a0d92690fe2b1b395439ff193e2c08595ed5d5]
#    to [572fa2bb76bea001528621fb9932b8a21bb15e80]
# 
# patch "pf/conf/pf.conf.defaults"
#  from [649ed98995a58f33e40ee39107a6fca590d478d2]
#    to [08cefcf5110c1a9d2dbdcde0416dcb9ef8a5dfde]
# 
# patch "pf/lib/pf/pfcmd/checkup.pm"
#  from [7145ae1e5706022bac17719f14e268ee20ca4ba5]
#    to [c3f4f951dbfc14cf2d0acb344cb5d631be7de9b6]
# 
# patch "pf/lib/pf/pfcmd/help.pm"
#  from [3f035a049b59e489a57befc1f6722a33bf59d348]
#    to [61c539a7c09462c1d82e4709d60a77288a1dc15a]
# 
# patch "pf/lib/pf/pfcmd.pm"
#  from [7ef18136dd395c5cbc97533ff11de73d29d0a525]
#    to [ec879fd08190ba6e8cdfecaab32ff831866d4470]
# 
# patch "pf/lib/pf/services.pm"
#  from [6b4325c1df129d4f61e495cb3364ab8d19c8b4c8]
#    to [b6eefbdd5080e09d8424e6b64d15528542085d32]
#
============================================================
--- pf/conf/documentation.conf	c9a0d92690fe2b1b395439ff193e2c08595ed5d5
+++ pf/conf/documentation.conf	572fa2bb76bea001528621fb9932b8a21bb15e80
@@ -205,6 +205,13 @@ EOT
 running the RPMed version.
 EOT
 
+[services.radiusd]
+type=text
+description=<<EOT
+Location of the RADIUS binary.  Only necessary to change if you are not
+running the RPMed version.
+EOT
+
 [services.snmptrapd]
 type=text
 description=<<EOT
@@ -834,6 +841,13 @@ EOT
 Should named be started ?
 EOT
 
+[vlan.radiusd]
+type=toggle
+options=enabled|disabled
+description=<<EOT
+Should radiusd be started ?
+EOT
+
 [vlan.bounce_duration]
 type=time
 description=<<EOT
============================================================
--- pf/conf/pf.conf.defaults	649ed98995a58f33e40ee39107a6fca590d478d2
+++ pf/conf/pf.conf.defaults	08cefcf5110c1a9d2dbdcde0416dcb9ef8a5dfde
@@ -512,6 +512,11 @@ snmptrapd=/usr/sbin/snmptrapd
 # services.snmptrapd
 # Location of the snmptrapd binary.  Only necessary to change if you are not using the RPMed version.
 snmptrapd=/usr/sbin/snmptrapd
+# 
+# services.radiusd
+# 
+# Location of the named binary.  Only necessary to change if you are not running the RPMed version.
+radiusd=/usr/sbin/radiusd
 
 [dhcp]
 #
============================================================
--- pf/lib/pf/pfcmd/checkup.pm	7145ae1e5706022bac17719f14e268ee20ca4ba5
+++ pf/lib/pf/pfcmd/checkup.pm	c3f4f951dbfc14cf2d0acb344cb5d631be7de9b6
@@ -76,6 +76,10 @@ sub sanity_check {
     interfaces_defined();
     interfaces();
 
+    if ( isenabled($Config{'vlan'}{'radius'} ) ) {
+        freeradius();
+    }
+
     if ( isenabled($Config{'trapping'}{'detection'}) ) {
         ids_snort();
     }
@@ -164,6 +168,19 @@ sub interfaces {
 
 }
 
+=item freeradius
+
+Validation related to the FreeRADIUS daemon
+
+=cut
+sub freeradius {
+
+    if ( !-x $Config{'services'}{'radiusd'} ) {
+        add_problem( $FATAL, "radiusd binary is not executable / does not exist!" );
+    }
+
+}
+
 =item ids_snort
 
 Validation related to the Snort IDS usage 
============================================================
--- pf/lib/pf/pfcmd/help.pm	3f035a049b59e489a57befc1f6722a33bf59d348
+++ pf/lib/pf/pfcmd/help.pm	61c539a7c09462c1d82e4709d60a77288a1dc15a
@@ -104,6 +104,7 @@ watch acts as a service watcher which ca
   pfmon            | PF ARP monitoring daemon
   pfredirect       | bogus POP3/SMTP servers
   pfsetvlan        | PF VLAN isolation daemon
+  radiusd          | FreeRADIUS daemon
   snmptrapd        | SNMP trap receiver daemon
   snort            | if stopped or restarted, pfredirect must also be restarted
 EOT
============================================================
--- pf/lib/pf/pfcmd.pm	7ef18136dd395c5cbc97533ff11de73d29d0a525
+++ pf/lib/pf/pfcmd.pm	ec879fd08190ba6e8cdfecaab32ff831866d4470
@@ -283,7 +283,7 @@ sub parseCommandLine {
                                  $ }xms,
         'service'         => qr{ ^ ( dhcpd | httpd | named | pfdetect 
                                      | pf | pfdhcplistener | pfmon 
-                                     | pfredirect | pfsetvlan | snmptrapd 
+                                     | pfredirect | pfsetvlan | radiusd | snmptrapd 
                                      | snort )
                                    \s+
                                    ( restart | start | status | stop
============================================================
--- pf/lib/pf/services.pm	6b4325c1df129d4f61e495cb3364ab8d19c8b4c8
+++ pf/lib/pf/services.pm	b6eefbdd5080e09d8424e6b64d15528542085d32
@@ -41,7 +41,7 @@ Readonly our @ALL_SERVICES => (
 use pf::SwitchFactory;
 
 Readonly our @ALL_SERVICES => (
-    'named', 'dhcpd', 'snort', 
+    'named', 'dhcpd', 'snort', 'radiusd', 
     'httpd', 'snmptrapd', 
     'pfdetect', 'pfredirect', 'pfsetvlan', 'pfdhcplistener', 'pfmon'
 );
@@ -66,6 +66,9 @@ if ( isenabled( $Config{'trapping'}{'det
         . $monitor_int
         . " -N -D -l $install_dir/var";
 }
+if ( isenabled( $Config{'vlan'}{'radiusd'} ) ) {
+    $flags{'radiusd'}        = "";
+}
 
 =head1 SUBROUTINES
 
@@ -83,7 +86,7 @@ sub service_ctl {
     my $exe = basename($service);
     $logger->info("$service $action");
     if ( $exe
-        =~ /^(named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|snort|httpd|apache2|snmptrapd|pfsetvlan)$/
+        =~ /^(named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|snort|radiusd|httpd|apache2|snmptrapd|pfsetvlan)$/
         )
     {
         $exe = $1;
@@ -98,6 +101,9 @@ sub service_ctl {
                     )
                     );
                 return (0)
+                    if ( $exe =~ /radiusd/
+                    && !isenabled( $Config{'vlan'}{'radiusd'} ) );
+                return (0)
                     if ( $exe =~ /snort/
                     && !isenabled( $Config{'trapping'}{'detection'} ) );
                 return (0)
@@ -119,8 +125,7 @@ sub service_ctl {
                     );
                 if ( $daemon =~ /(named|dhcpd|snort|httpd|snmptrapd)/
                     && !$quick )
-                {
-                    my $confname = "generate_" . $daemon . "_conf";
+                {                    my $confname = "generate_" . $daemon . "_conf";
                     $logger->info(
                         "Generating configuration file for $exe ($confname)");
                     my %serviceHash = (
@@ -136,8 +141,8 @@ sub service_ctl {
                         print "No such sub: $confname\n";
                     }
                 }
-                if (  ( $service =~ /named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|snort|httpd|snmptrapd|pfsetvlan/ )
-                      && ( $daemon =~ /named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|snort|httpd|snmptrapd|pfsetvlan/ )
+                if (  ( $service =~ /named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|radiusd|snort|httpd|snmptrapd|pfsetvlan/ )
+                      && ( $daemon =~ /named|dhcpd|pfdhcplistener|pfmon|pfdetect|pfredirect|radiusd|snort|httpd|snmptrapd|pfsetvlan/ )
                       && ( defined( $flags{$daemon} ) ) ) {
                     if ( $daemon ne 'pfdhcplistener' ) {
                         if ( $daemon eq 'dhcpd' ) {
@@ -246,6 +251,10 @@ sub service_list {
         if ( $service eq "snort" ) {
             $snortflag = 1
                 if ( isenabled( $Config{'trapping'}{'detection'} ) );
+        } elsif ( $service eq "radiusd" ) {
+            push @finalServiceList, $service
+                if ( isenabled( $Config{'vlan'}{'radiusd'} )
+                     && $Config{'network'}{'mode'} =~ /^vlan$/i );
         } elsif ( $service eq "pfdetect" ) {
             push @finalServiceList, $service
                 if ( isenabled( $Config{'trapping'}{'detection'} ) );