1 files changed, 127 insertions, 1 deletions

diff --git a/net/radsecproxy/files/radsecproxy.init b/net/radsecproxy/files/radsecproxy.init
index 39bdc6e4b..7b22396ec 100644
--- a/net/radsecproxy/files/radsecproxy.init
+++ b/net/radsecproxy/files/radsecproxy.init
@@ -5,12 +5,138 @@ START=70
 
 USE_PROCD=1
 PROG=/usr/sbin/radsecproxy
-CONFFILE=/etc/radsecproxy.conf
+CONFFILE=/var/etc/radsecproxy.conf
+LIST_SEP="
+"
+append_params() {
+	local param
+	local value
+	local section="$1"
+	shift
+	for param in $*; do
+		config_get value "$section" "$param"
+		[ -z "$value" ] && {
+			param=$(echo $param | tr [A-Z] [a-z])
+			config_get value "$section" "$param"
+		}
+		IFS="$LIST_SEP"
+		for value in $value; do
+			[ -n "$value" ] && echo "    $param '$value'" >> "$CONFFILE"
+		done
+		unset IFS
+	done
+}
+
+append_bools() {
+	local param
+	local value
+	local section="$1"
+	shift
+	for param in $*; do
+		config_get_bool value "$section" "$param"
+		[ -z "$value" ] && {
+			param=$(echo $param | tr [A-Z] [a-z])
+			config_get_bool value "$section" "$param"
+		}
+		[ -n "$value" ] && {
+			[ "$value" -eq 0 ] && echo "    $param off" >> "$CONFFILE"
+			[ "$value" -eq 1 ] && echo "    $param on" >> "$CONFFILE"
+		}
+	done
+}
+
+radsecproxy_options() {
+	local cfg="$1"
+	append_params "$cfg" \
+		Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \
+		FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \
+		SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL
+	append_bools "$cfg" \
+		LoopPrevention IPv4Only IPv6Only
+}
+
+tls_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "tls '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \
+		certificateKeyPassword cacheExpiry policyOID
+	append_bools "$cfg" \
+		CRLCheck
+	echo "}" >> "$CONFFILE"
+}
+
+rewrite_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "rewrite '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \
+		modifyAttribute
+	echo "}" >> "$CONFFILE"
+}
+
+client_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "client '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include host type secret tls matchCertificateAttribute duplicateInterval \
+		AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \
+		rewriteAttribute
+	append_bools "$cfg" \
+		IPv4Only IPv6Only certificateNameCheck
+	echo "}" >> "$CONFFILE"
+}
+
+server_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "server '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include host port type secret tls matchCertificateAttribute \
+		AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \
+		retryInterval
+	append_bools "$cfg" \
+		IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention
+	echo "}" >> "$CONFFILE"
+}
+
+realm_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "realm '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include server accountingServer replyMessage
+	append_bools "$cfg" \
+		accountingResponse
+	echo "}" >> "$CONFFILE"
+}
 
 start_service() {
+	mkdir -p $(dirname $CONFFILE)
+	echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE
+	config_load 'radsecproxy'
+	config_foreach radsecproxy_options options
+	config_foreach tls_block tls
+	config_foreach rewrite_block rewrite
+	config_foreach client_block client
+	config_foreach server_block server
+	config_foreach realm_block realm
+
 	procd_open_instance
 	procd_set_param command $PROG -f -c $CONFFILE
 	procd_set_param file $CONFFILE
 	procd_set_param respawn
 	procd_close_instance
 }
+
+service_triggers() {
+	procd_add_reload_trigger 'radsecproxy'
+}