radsecproxy: UCIfied configuration

Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>

net/radsecproxy/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=radsecproxy
 PKG_VERSION:=1.6.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/
@@ -43,14 +43,14 @@ TARGET_CFLAGS += -Wno-long-long
 define Package/radsecproxy/install
 	$(INSTALL_DIR) $(1)/usr/sbin/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/radsecproxy $(1)/usr/sbin/
-	$(INSTALL_DIR) $(1)/etc/
-	$(CP) $(PKG_BUILD_DIR)/radsecproxy.conf-example $(1)/etc/radsecproxy.conf
+	$(INSTALL_DIR) $(1)/etc/config/
+	$(INSTALL_DATA) ./files/radsecproxy.conf $(1)/etc/config/radsecproxy
 	$(INSTALL_DIR) $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/radsecproxy.init $(1)/etc/init.d/radsecproxy
 endef
 
 define Package/radsecproxy/conffiles
-/etc/radsecproxy.conf
+/etc/config/radsecproxy
 endef
 
 $(eval $(call BuildPackage,radsecproxy))

net/radsecproxy/files/radsecproxy.conf

@@ -0,0 +1,43 @@
+# Sample radsecproxy configuration
+
+#Basic options
+config options
+	option include '/etc/radsecproxy.conf'
+	#option LogLevel '3'
+	#option LogDestination 'x-syslog:///'
+	#list ListenUDP '127.0.0.1:1812'
+	#list ListenTLS '0.0.0.0:2083'
+	#list ListenTLS '[::]:2083'
+
+#config tls
+#	option name 'default'
+#	option CACertificatePath '/etc/ssl/certs'
+#	option certificateFile '/etc/ssl/certs/host.example.com.pem'
+#	option certificateKeyFile '/etc/ssl/private/host.example.com.key.pem'
+
+#config client
+#	option name 'localhost'
+#	option type 'udp'
+#	option secret 'mysecret'
+
+#config server
+#	option name '[2001:db8::1]'
+#	option type 'tls'
+#	option secret 'radsec'
+#	option statusServer '1'
+
+# Please note that ordering of realm blocks is important
+
+#config realm
+#	option name '/myabc\.com$'
+#	option replyMessage 'Misconfigured client: default realm of Intel PRO/Wireless supplicant!'
+#
+
+#config realm
+#	option name '/^$/'
+#	option replyMessage 'Misconfigured client: empty realm!'
+#
+
+#config realm
+#	option name '*'
+#	list server '[2001:db8::1]'

net/radsecproxy/files/radsecproxy.init

@@ -5,12 +5,138 @@ START=70
 
 USE_PROCD=1
 PROG=/usr/sbin/radsecproxy
-CONFFILE=/etc/radsecproxy.conf
+CONFFILE=/var/etc/radsecproxy.conf
+LIST_SEP="
+"
+append_params() {
+	local param
+	local value
+	local section="$1"
+	shift
+	for param in $*; do
+		config_get value "$section" "$param"
+		[ -z "$value" ] && {
+			param=$(echo $param | tr [A-Z] [a-z])
+			config_get value "$section" "$param"
+		}
+		IFS="$LIST_SEP"
+		for value in $value; do
+			[ -n "$value" ] && echo "    $param '$value'" >> "$CONFFILE"
+		done
+		unset IFS
+	done
+}
+
+append_bools() {
+	local param
+	local value
+	local section="$1"
+	shift
+	for param in $*; do
+		config_get_bool value "$section" "$param"
+		[ -z "$value" ] && {
+			param=$(echo $param | tr [A-Z] [a-z])
+			config_get_bool value "$section" "$param"
+		}
+		[ -n "$value" ] && {
+			[ "$value" -eq 0 ] && echo "    $param off" >> "$CONFFILE"
+			[ "$value" -eq 1 ] && echo "    $param on" >> "$CONFFILE"
+		}
+	done
+}
+
+radsecproxy_options() {
+	local cfg="$1"
+	append_params "$cfg" \
+		Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \
+		FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \
+		SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL
+	append_bools "$cfg" \
+		LoopPrevention IPv4Only IPv6Only
+}
+
+tls_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "tls '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \
+		certificateKeyPassword cacheExpiry policyOID
+	append_bools "$cfg" \
+		CRLCheck
+	echo "}" >> "$CONFFILE"
+}
+
+rewrite_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "rewrite '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \
+		modifyAttribute
+	echo "}" >> "$CONFFILE"
+}
+
+client_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "client '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include host type secret tls matchCertificateAttribute duplicateInterval \
+		AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \
+		rewriteAttribute
+	append_bools "$cfg" \
+		IPv4Only IPv6Only certificateNameCheck
+	echo "}" >> "$CONFFILE"
+}
+
+server_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "server '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include host port type secret tls matchCertificateAttribute \
+		AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \
+		retryInterval
+	append_bools "$cfg" \
+		IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention
+	echo "}" >> "$CONFFILE"
+}
+
+realm_block() {
+	local cfg="$1"
+	local name
+	config_get name "$cfg" name
+	echo "realm '$name' {" >> "$CONFFILE"
+	append_params "$cfg" \
+		Include server accountingServer replyMessage
+	append_bools "$cfg" \
+		accountingResponse
+	echo "}" >> "$CONFFILE"
+}
 
 start_service() {
+	mkdir -p $(dirname $CONFFILE)
+	echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE
+	config_load 'radsecproxy'
+	config_foreach radsecproxy_options options
+	config_foreach tls_block tls
+	config_foreach rewrite_block rewrite
+	config_foreach client_block client
+	config_foreach server_block server
+	config_foreach realm_block realm
+
 	procd_open_instance
 	procd_set_param command $PROG -f -c $CONFFILE
 	procd_set_param file $CONFFILE
 	procd_set_param respawn
 	procd_close_instance
 }
+
+service_triggers() {
+	procd_add_reload_trigger 'radsecproxy'
+}