From c6bc1bed739e7f34c98c1046d0ec42249e774f7b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Caletka?= Date: Thu, 21 Jul 2016 14:15:53 +0200 Subject: [PATCH] radsecproxy: UCIfied configuration MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Ondřej Caletka --- net/radsecproxy/Makefile | 8 +- net/radsecproxy/files/radsecproxy.conf | 43 +++++++++ net/radsecproxy/files/radsecproxy.init | 128 ++++++++++++++++++++++++- 3 files changed, 174 insertions(+), 5 deletions(-) create mode 100644 net/radsecproxy/files/radsecproxy.conf diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile index 52b52e94f7..eded9323ce 100644 --- a/net/radsecproxy/Makefile +++ b/net/radsecproxy/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=radsecproxy PKG_VERSION:=1.6.7 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/ @@ -43,14 +43,14 @@ TARGET_CFLAGS += -Wno-long-long define Package/radsecproxy/install $(INSTALL_DIR) $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/radsecproxy $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/etc/ - $(CP) $(PKG_BUILD_DIR)/radsecproxy.conf-example $(1)/etc/radsecproxy.conf + $(INSTALL_DIR) $(1)/etc/config/ + $(INSTALL_DATA) ./files/radsecproxy.conf $(1)/etc/config/radsecproxy $(INSTALL_DIR) $(1)/etc/init.d/ $(INSTALL_BIN) ./files/radsecproxy.init $(1)/etc/init.d/radsecproxy endef define Package/radsecproxy/conffiles -/etc/radsecproxy.conf +/etc/config/radsecproxy endef $(eval $(call BuildPackage,radsecproxy)) diff --git a/net/radsecproxy/files/radsecproxy.conf b/net/radsecproxy/files/radsecproxy.conf new file mode 100644 index 0000000000..33e7e2768e --- /dev/null +++ b/net/radsecproxy/files/radsecproxy.conf @@ -0,0 +1,43 @@ +# Sample radsecproxy configuration + +#Basic options +config options + option include '/etc/radsecproxy.conf' + #option LogLevel '3' + #option LogDestination 'x-syslog:///' + #list ListenUDP '127.0.0.1:1812' + #list ListenTLS '0.0.0.0:2083' + #list ListenTLS '[::]:2083' + +#config tls +# option name 'default' +# option CACertificatePath '/etc/ssl/certs' +# option certificateFile '/etc/ssl/certs/host.example.com.pem' +# option certificateKeyFile '/etc/ssl/private/host.example.com.key.pem' + +#config client +# option name 'localhost' +# option type 'udp' +# option secret 'mysecret' + +#config server +# option name '[2001:db8::1]' +# option type 'tls' +# option secret 'radsec' +# option statusServer '1' + +# Please note that ordering of realm blocks is important + +#config realm +# option name '/myabc\.com$' +# option replyMessage 'Misconfigured client: default realm of Intel PRO/Wireless supplicant!' +# + +#config realm +# option name '/^$/' +# option replyMessage 'Misconfigured client: empty realm!' +# + +#config realm +# option name '*' +# list server '[2001:db8::1]' diff --git a/net/radsecproxy/files/radsecproxy.init b/net/radsecproxy/files/radsecproxy.init index 39bdc6e4ba..7b22396ecf 100644 --- a/net/radsecproxy/files/radsecproxy.init +++ b/net/radsecproxy/files/radsecproxy.init @@ -5,12 +5,138 @@ START=70 USE_PROCD=1 PROG=/usr/sbin/radsecproxy -CONFFILE=/etc/radsecproxy.conf +CONFFILE=/var/etc/radsecproxy.conf +LIST_SEP=" +" +append_params() { + local param + local value + local section="$1" + shift + for param in $*; do + config_get value "$section" "$param" + [ -z "$value" ] && { + param=$(echo $param | tr [A-Z] [a-z]) + config_get value "$section" "$param" + } + IFS="$LIST_SEP" + for value in $value; do + [ -n "$value" ] && echo " $param '$value'" >> "$CONFFILE" + done + unset IFS + done +} + +append_bools() { + local param + local value + local section="$1" + shift + for param in $*; do + config_get_bool value "$section" "$param" + [ -z "$value" ] && { + param=$(echo $param | tr [A-Z] [a-z]) + config_get_bool value "$section" "$param" + } + [ -n "$value" ] && { + [ "$value" -eq 0 ] && echo " $param off" >> "$CONFFILE" + [ "$value" -eq 1 ] && echo " $param on" >> "$CONFFILE" + } + done +} + +radsecproxy_options() { + local cfg="$1" + append_params "$cfg" \ + Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \ + FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \ + SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL + append_bools "$cfg" \ + LoopPrevention IPv4Only IPv6Only +} + +tls_block() { + local cfg="$1" + local name + config_get name "$cfg" name + echo "tls '$name' {" >> "$CONFFILE" + append_params "$cfg" \ + Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \ + certificateKeyPassword cacheExpiry policyOID + append_bools "$cfg" \ + CRLCheck + echo "}" >> "$CONFFILE" +} + +rewrite_block() { + local cfg="$1" + local name + config_get name "$cfg" name + echo "rewrite '$name' {" >> "$CONFFILE" + append_params "$cfg" \ + Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \ + modifyAttribute + echo "}" >> "$CONFFILE" +} + +client_block() { + local cfg="$1" + local name + config_get name "$cfg" name + echo "client '$name' {" >> "$CONFFILE" + append_params "$cfg" \ + Include host type secret tls matchCertificateAttribute duplicateInterval \ + AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \ + rewriteAttribute + append_bools "$cfg" \ + IPv4Only IPv6Only certificateNameCheck + echo "}" >> "$CONFFILE" +} + +server_block() { + local cfg="$1" + local name + config_get name "$cfg" name + echo "server '$name' {" >> "$CONFFILE" + append_params "$cfg" \ + Include host port type secret tls matchCertificateAttribute \ + AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \ + retryInterval + append_bools "$cfg" \ + IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention + echo "}" >> "$CONFFILE" +} + +realm_block() { + local cfg="$1" + local name + config_get name "$cfg" name + echo "realm '$name' {" >> "$CONFFILE" + append_params "$cfg" \ + Include server accountingServer replyMessage + append_bools "$cfg" \ + accountingResponse + echo "}" >> "$CONFFILE" +} start_service() { + mkdir -p $(dirname $CONFFILE) + echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE + config_load 'radsecproxy' + config_foreach radsecproxy_options options + config_foreach tls_block tls + config_foreach rewrite_block rewrite + config_foreach client_block client + config_foreach server_block server + config_foreach realm_block realm + procd_open_instance procd_set_param command $PROG -f -c $CONFFILE procd_set_param file $CONFFILE procd_set_param respawn procd_close_instance } + +service_triggers() { + procd_add_reload_trigger 'radsecproxy' +} -- 2.30.2