radsecproxy: UCIfied configuration
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
This commit is contained in:
parent
a5bfa3085e
commit
c6bc1bed73
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=radsecproxy
|
||||
PKG_VERSION:=1.6.7
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/
|
||||
|
@ -43,14 +43,14 @@ TARGET_CFLAGS += -Wno-long-long
|
|||
define Package/radsecproxy/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin/
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/radsecproxy $(1)/usr/sbin/
|
||||
$(INSTALL_DIR) $(1)/etc/
|
||||
$(CP) $(PKG_BUILD_DIR)/radsecproxy.conf-example $(1)/etc/radsecproxy.conf
|
||||
$(INSTALL_DIR) $(1)/etc/config/
|
||||
$(INSTALL_DATA) ./files/radsecproxy.conf $(1)/etc/config/radsecproxy
|
||||
$(INSTALL_DIR) $(1)/etc/init.d/
|
||||
$(INSTALL_BIN) ./files/radsecproxy.init $(1)/etc/init.d/radsecproxy
|
||||
endef
|
||||
|
||||
define Package/radsecproxy/conffiles
|
||||
/etc/radsecproxy.conf
|
||||
/etc/config/radsecproxy
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,radsecproxy))
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
# Sample radsecproxy configuration
|
||||
|
||||
#Basic options
|
||||
config options
|
||||
option include '/etc/radsecproxy.conf'
|
||||
#option LogLevel '3'
|
||||
#option LogDestination 'x-syslog:///'
|
||||
#list ListenUDP '127.0.0.1:1812'
|
||||
#list ListenTLS '0.0.0.0:2083'
|
||||
#list ListenTLS '[::]:2083'
|
||||
|
||||
#config tls
|
||||
# option name 'default'
|
||||
# option CACertificatePath '/etc/ssl/certs'
|
||||
# option certificateFile '/etc/ssl/certs/host.example.com.pem'
|
||||
# option certificateKeyFile '/etc/ssl/private/host.example.com.key.pem'
|
||||
|
||||
#config client
|
||||
# option name 'localhost'
|
||||
# option type 'udp'
|
||||
# option secret 'mysecret'
|
||||
|
||||
#config server
|
||||
# option name '[2001:db8::1]'
|
||||
# option type 'tls'
|
||||
# option secret 'radsec'
|
||||
# option statusServer '1'
|
||||
|
||||
# Please note that ordering of realm blocks is important
|
||||
|
||||
#config realm
|
||||
# option name '/myabc\.com$'
|
||||
# option replyMessage 'Misconfigured client: default realm of Intel PRO/Wireless supplicant!'
|
||||
#
|
||||
|
||||
#config realm
|
||||
# option name '/^$/'
|
||||
# option replyMessage 'Misconfigured client: empty realm!'
|
||||
#
|
||||
|
||||
#config realm
|
||||
# option name '*'
|
||||
# list server '[2001:db8::1]'
|
|
@ -5,12 +5,138 @@ START=70
|
|||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/radsecproxy
|
||||
CONFFILE=/etc/radsecproxy.conf
|
||||
CONFFILE=/var/etc/radsecproxy.conf
|
||||
LIST_SEP="
|
||||
"
|
||||
append_params() {
|
||||
local param
|
||||
local value
|
||||
local section="$1"
|
||||
shift
|
||||
for param in $*; do
|
||||
config_get value "$section" "$param"
|
||||
[ -z "$value" ] && {
|
||||
param=$(echo $param | tr [A-Z] [a-z])
|
||||
config_get value "$section" "$param"
|
||||
}
|
||||
IFS="$LIST_SEP"
|
||||
for value in $value; do
|
||||
[ -n "$value" ] && echo " $param '$value'" >> "$CONFFILE"
|
||||
done
|
||||
unset IFS
|
||||
done
|
||||
}
|
||||
|
||||
append_bools() {
|
||||
local param
|
||||
local value
|
||||
local section="$1"
|
||||
shift
|
||||
for param in $*; do
|
||||
config_get_bool value "$section" "$param"
|
||||
[ -z "$value" ] && {
|
||||
param=$(echo $param | tr [A-Z] [a-z])
|
||||
config_get_bool value "$section" "$param"
|
||||
}
|
||||
[ -n "$value" ] && {
|
||||
[ "$value" -eq 0 ] && echo " $param off" >> "$CONFFILE"
|
||||
[ "$value" -eq 1 ] && echo " $param on" >> "$CONFFILE"
|
||||
}
|
||||
done
|
||||
}
|
||||
|
||||
radsecproxy_options() {
|
||||
local cfg="$1"
|
||||
append_params "$cfg" \
|
||||
Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \
|
||||
FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \
|
||||
SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL
|
||||
append_bools "$cfg" \
|
||||
LoopPrevention IPv4Only IPv6Only
|
||||
}
|
||||
|
||||
tls_block() {
|
||||
local cfg="$1"
|
||||
local name
|
||||
config_get name "$cfg" name
|
||||
echo "tls '$name' {" >> "$CONFFILE"
|
||||
append_params "$cfg" \
|
||||
Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \
|
||||
certificateKeyPassword cacheExpiry policyOID
|
||||
append_bools "$cfg" \
|
||||
CRLCheck
|
||||
echo "}" >> "$CONFFILE"
|
||||
}
|
||||
|
||||
rewrite_block() {
|
||||
local cfg="$1"
|
||||
local name
|
||||
config_get name "$cfg" name
|
||||
echo "rewrite '$name' {" >> "$CONFFILE"
|
||||
append_params "$cfg" \
|
||||
Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \
|
||||
modifyAttribute
|
||||
echo "}" >> "$CONFFILE"
|
||||
}
|
||||
|
||||
client_block() {
|
||||
local cfg="$1"
|
||||
local name
|
||||
config_get name "$cfg" name
|
||||
echo "client '$name' {" >> "$CONFFILE"
|
||||
append_params "$cfg" \
|
||||
Include host type secret tls matchCertificateAttribute duplicateInterval \
|
||||
AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \
|
||||
rewriteAttribute
|
||||
append_bools "$cfg" \
|
||||
IPv4Only IPv6Only certificateNameCheck
|
||||
echo "}" >> "$CONFFILE"
|
||||
}
|
||||
|
||||
server_block() {
|
||||
local cfg="$1"
|
||||
local name
|
||||
config_get name "$cfg" name
|
||||
echo "server '$name' {" >> "$CONFFILE"
|
||||
append_params "$cfg" \
|
||||
Include host port type secret tls matchCertificateAttribute \
|
||||
AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \
|
||||
retryInterval
|
||||
append_bools "$cfg" \
|
||||
IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention
|
||||
echo "}" >> "$CONFFILE"
|
||||
}
|
||||
|
||||
realm_block() {
|
||||
local cfg="$1"
|
||||
local name
|
||||
config_get name "$cfg" name
|
||||
echo "realm '$name' {" >> "$CONFFILE"
|
||||
append_params "$cfg" \
|
||||
Include server accountingServer replyMessage
|
||||
append_bools "$cfg" \
|
||||
accountingResponse
|
||||
echo "}" >> "$CONFFILE"
|
||||
}
|
||||
|
||||
start_service() {
|
||||
mkdir -p $(dirname $CONFFILE)
|
||||
echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE
|
||||
config_load 'radsecproxy'
|
||||
config_foreach radsecproxy_options options
|
||||
config_foreach tls_block tls
|
||||
config_foreach rewrite_block rewrite
|
||||
config_foreach client_block client
|
||||
config_foreach server_block server
|
||||
config_foreach realm_block realm
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG -f -c $CONFFILE
|
||||
procd_set_param file $CONFFILE
|
||||
procd_set_param respawn
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger 'radsecproxy'
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue