#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=70
USE_PROCD=1
PROG=/usr/sbin/radsecproxy
CONFFILE=/var/etc/radsecproxy.conf
LIST_SEP="
"
append_params() {
local param
local value
local section="$1"
shift
for param in "$@"; do
config_get value "$section" "$param"
[ -z "$value" ] && {
param=$(echo "$param" | tr 'A-Z' 'a-z')
config_get value "$section" "$param"
}
IFS="$LIST_SEP"
for value in $value; do
[ -n "$value" ] && echo " $param '$value'" >> "$CONFFILE"
done
unset IFS
done
}
append_bools() {
local param
local value
local section="$1"
shift
for param in "$@"; do
config_get_bool value "$section" "$param"
[ -z "$value" ] && {
param=$(echo "$param" | tr 'A-Z' 'a-z')
config_get_bool value "$section" "$param"
}
[ -n "$value" ] && {
[ "$value" -eq 0 ] && echo " $param off" >> "$CONFFILE"
[ "$value" -eq 1 ] && echo " $param on" >> "$CONFFILE"
}
done
}
radsecproxy_options() {
local cfg="$1"
append_params "$cfg" \
Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \
FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \
SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL
append_bools "$cfg" \
LoopPrevention IPv4Only IPv6Only
}
tls_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "tls '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \
certificateKeyPassword cacheExpiry policyOID
append_bools "$cfg" \
CRLCheck
echo "}" >> "$CONFFILE"
}
rewrite_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "rewrite '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \
modifyAttribute
echo "}" >> "$CONFFILE"
}
client_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "client '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include host type secret tls matchCertificateAttribute duplicateInterval \
AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \
rewriteAttribute
append_bools "$cfg" \
IPv4Only IPv6Only certificateNameCheck
echo "}" >> "$CONFFILE"
}
server_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "server '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include host port type secret tls matchCertificateAttribute \
AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \
retryInterval
append_bools "$cfg" \
IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention
echo "}" >> "$CONFFILE"
}
realm_block() {
local cfg="$1"
local name
config_get name "$cfg" name
echo "realm '$name' {" >> "$CONFFILE"
append_params "$cfg" \
Include server accountingServer replyMessage
append_bools "$cfg" \
accountingResponse
echo "}" >> "$CONFFILE"
}
start_service() {
mkdir -p $(dirname $CONFFILE)
echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE
config_load 'radsecproxy'
config_foreach radsecproxy_options options
config_foreach tls_block tls
config_foreach rewrite_block rewrite
config_foreach client_block client
config_foreach server_block server
config_foreach realm_block realm
procd_open_instance
procd_set_param command $PROG -f -c $CONFFILE
procd_set_param file $CONFFILE
procd_set_param respawn
procd_close_instance
}
service_triggers() {
procd_add_reload_trigger 'radsecproxy'
}