blob: f070f2aadd5e4a85cb008d355e3c205ed52553e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=70
USE_PROCD=1
PROG=/usr/sbin/radsecproxy
CONFFILE=/var/etc/radsecproxy.conf
LIST_SEP="
"
append_params() {
local param
local value
local section="$1"
shift
for param in "$@"; do
config_get value "$section" "$param"
[ -z "$value" ] && {
param=$(echo "$param" | tr 'A-Z' 'a-z')
config_get value "$section" "$param"
}
IFS="$LIST_SEP"
for value in $value; do
[ -n "$value" ] && echo " $param '$value'" >> "$CONFFILE"
done
unset IFS
done
}
append_bools() {
local param
local value
local section="$1"
shift
for param in "$@"; do
config_get_bool value "$section" "$param"
[ -z "$value" ] && {
param=$(echo "$param" | tr 'A-Z' 'a-z')
config_get_bool value "$section" "$param"
}
[ -n "$value" ] && {
[ "$value" -eq 0 ] && echo " $param off" >> "$CONFFILE"
[ "$value" -eq 1 ] && echo " $param on" >> "$CONFFILE"
}
done
}
radsecproxy_options() {
local cfg="$1"
append_params "$cfg" \
Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \
FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \
SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL
append_bools "$cfg" \
LoopPrevention IPv4Only IPv6Only
}
tls_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "tls '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \
certificateKeyPassword cacheExpiry policyOID
append_bools "$cfg" \
CRLCheck
echo "}" >> "$CONFFILE"
}
rewrite_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "rewrite '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \
modifyAttribute
echo "}" >> "$CONFFILE"
}
client_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "client '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include host type secret tls matchCertificateAttribute duplicateInterval \
AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \
rewriteAttribute
append_bools "$cfg" \
IPv4Only IPv6Only certificateNameCheck
echo "}" >> "$CONFFILE"
}
server_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "server '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include host port type secret tls matchCertificateAttribute \
AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \
retryInterval
append_bools "$cfg" \
IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention
echo "}" >> "$CONFFILE"
}
realm_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "realm '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include server accountingServer replyMessage
append_bools "$cfg" \
accountingResponse
echo "}" >> "$CONFFILE"
}
start_service() {
mkdir -p $(dirname $CONFFILE)
echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE
config_load 'radsecproxy'
config_foreach radsecproxy_options options
config_foreach tls_block tls
config_foreach rewrite_block rewrite
config_foreach client_block client
config_foreach server_block server
config_foreach realm_block realm
procd_open_instance
procd_set_param command $PROG -f -c $CONFFILE
procd_set_param file $CONFFILE
procd_set_param respawn
procd_close_instance
}
service_triggers() {
procd_add_reload_trigger 'radsecproxy'
}
|