#!/bin/sh /etc/rc.common # Copyright (C) 2006-2011 OpenWrt.org START=70 USE_PROCD=1 PROG=/usr/sbin/radsecproxy CONFFILE=/var/etc/radsecproxy.conf LIST_SEP=" " append_params() { local param local value local section="$1" shift for param in $*; do config_get value "$section" "$param" [ -z "$value" ] && { param=$(echo $param | tr [A-Z] [a-z]) config_get value "$section" "$param" } IFS="$LIST_SEP" for value in $value; do [ -n "$value" ] && echo " $param '$value'" >> "$CONFFILE" done unset IFS done } append_bools() { local param local value local section="$1" shift for param in $*; do config_get_bool value "$section" "$param" [ -z "$value" ] && { param=$(echo $param | tr [A-Z] [a-z]) config_get_bool value "$section" "$param" } [ -n "$value" ] && { [ "$value" -eq 0 ] && echo " $param off" >> "$CONFFILE" [ "$value" -eq 1 ] && echo " $param on" >> "$CONFFILE" } done } radsecproxy_options() { local cfg="$1" append_params "$cfg" \ Include PidFile LogLevel LogDestination FTicksReporting FTicksMAC FTicksKey \ FTicksSyslogFacility ListenUDP ListenTCP ListenTLS ListenDTLS SourceUDP \ SourceTCP SourceTLS SourceDTLS TTLAttribute AddTTL append_bools "$cfg" \ LoopPrevention IPv4Only IPv6Only } tls_block() { local cfg="$1" local name config_get name "$cfg" name echo "tls '$name' {" >> "$CONFFILE" append_params "$cfg" \ Include CACertificateFile CACertificatePath certificateFile certificateKeyFile \ certificateKeyPassword cacheExpiry policyOID append_bools "$cfg" \ CRLCheck echo "}" >> "$CONFFILE" } rewrite_block() { local cfg="$1" local name config_get name "$cfg" name echo "rewrite '$name' {" >> "$CONFFILE" append_params "$cfg" \ Include addAttribute addVendorAttribute removeAttribute removeVendorAttribute \ modifyAttribute echo "}" >> "$CONFFILE" } client_block() { local cfg="$1" local name config_get name "$cfg" name echo "client '$name' {" >> "$CONFFILE" append_params "$cfg" \ Include host type secret tls matchCertificateAttribute duplicateInterval \ AddTTL fticksVISCOUNTRY fticksVISINST rewrite rewriteIn rewriteOut \ rewriteAttribute append_bools "$cfg" \ IPv4Only IPv6Only certificateNameCheck echo "}" >> "$CONFFILE" } server_block() { local cfg="$1" local name config_get name "$cfg" name echo "server '$name' {" >> "$CONFFILE" append_params "$cfg" \ Include host port type secret tls matchCertificateAttribute \ AddTTL rewrite rewriteIn rewriteOut retryCount dynamicLookupCommand \ retryInterval append_bools "$cfg" \ IPv4Only IPv6Only certificateNameCheck statusServer LoopPrevention echo "}" >> "$CONFFILE" } realm_block() { local cfg="$1" local name config_get name "$cfg" name echo "realm '$name' {" >> "$CONFFILE" append_params "$cfg" \ Include server accountingServer replyMessage append_bools "$cfg" \ accountingResponse echo "}" >> "$CONFFILE" } start_service() { mkdir -p $(dirname $CONFFILE) echo "# auto-generated config file from /etc/config/radsecproxy" > $CONFFILE config_load 'radsecproxy' config_foreach radsecproxy_options options config_foreach tls_block tls config_foreach rewrite_block rewrite config_foreach client_block client config_foreach server_block server config_foreach realm_block realm procd_open_instance procd_set_param command $PROG -f -c $CONFFILE procd_set_param file $CONFFILE procd_set_param respawn procd_close_instance } service_triggers() { procd_add_reload_trigger 'radsecproxy' }