radsecproxy.tpl 3.59 KB
Newer Older
1 2 3
## -*- coding: utf-8 -*-
<%!
import re
4 5
def percent_escape(text):
    return re.sub(r'%(?=[0-9A-Fa-f]{2})', r'%25', text)
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
def realm_regex(text):
    if text.find('*.') == 0:
        text = re.sub(r'\.', r'\\.', text)
        text = re.sub(r'\*(?=\\.)', r'.+', text)
        return '"/@%s$"' % text
    else:
        return text
def wildcard_realm_least_precedence(a, b):
    if a.find('*.') == 0 and b.find('*.') != 0:
        return -1
    elif b.find('*.') == 0 and a.find('*.') != 0:
        return 1
    else:
        return 0
%>\
21 22 23 24 25 26 27 28 29
<%
for inst in insts:
    if inst['type'] in (2, 3) and 'clients' in inst:
        for client in inst['clients']:
            if 'usecount' in clients[client]:
                clients[client]['usecount'] = clients[client]['usecount'] + 1
            else:
                clients[client]['usecount'] = 1
%>\
30 31 32 33 34
% for inst in insts:
% if True in [c in inst for c in ['clients', 'realms']]:
#{{{${' ' + inst['id'] if 'id' in inst else ''}
% if inst['type'] in (2, 3) and 'clients' in inst:
% for client in inst['clients']:
35 36 37
% if 'seen' in clients[client]:
# client ${client} defined previously
% else:
38 39
rewrite rewrite-${client}-sp {
        include /etc/radsecproxy.conf.d/rewrite-default-sp.conf
40
% if clients[client]['usecount'] == 1 and 'id' in inst:
41 42 43 44 45 46 47
        addAttribute 126:1${inst['id']}
% endif
}
client ${client} {
        host ${clients[client]['host']}
        IPv4Only on
        type udp
48
        secret ${clients[client]['secret'] | percent_escape}
49
        fticksVISCOUNTRY GR
50
% if clients[client]['usecount'] == 1 and 'id' in inst:
51 52 53 54
        fticksVISINST 1${inst['id']}
% endif
        rewriteIn rewrite-${client}-sp
}
55 56 57 58
% endif
<%
clients[client]['seen'] = True
%>\
59 60 61 62 63 64 65 66 67 68 69 70 71
% endfor
% endif
% if inst['type'] in (1, 3) and 'realms' in inst:
<%doc>
The following one-liner does the equivalent of:

inst_servers = set()
for r in inst['realms']:
    if 'proxy_to' in inst['realms'][r]:
        inst_servers.update(inst['realms'][r]['proxy_to'])
for srv in inst_servers:
</%doc>\
% for srv in set([s for r in inst['realms'] for s in inst['realms'][r]['proxy_to'] if 'proxy_to' in inst['realms'][r]]):
72 73 74
% if 'seen' in servers[srv]:
# server ${srv} defined previously
% else:
75 76 77 78 79 80 81 82
rewrite rewrite-${srv}-idp {
        include /etc/radsecproxy.conf.d/rewrite-default-idp.conf
}
server ${srv}${'-acct' if servers[srv]['rad_pkt_type'] == 'acct' else ''} {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['auth_port'] if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct') else servers[srv]['acct_port']}
83
        secret ${servers[srv]['secret'] | percent_escape}
84 85 86 87 88 89 90 91 92 93 94
% if servers[srv]['status_server'] and servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% if servers[srv]['rad_pkt_type'] == 'auth+acct':
server ${srv}-acct {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['acct_port']}
95
        secret ${servers[srv]['secret'] | percent_escape}
96 97 98 99 100 101
% if servers[srv]['status_server']:
        #StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% endif
102 103 104 105
<%
servers[srv]['seen'] = True
%>\
% endif
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
% endfor
% for realm in sorted([r for r in inst['realms'] if 'proxy_to' in inst['realms'][r]], cmp=wildcard_realm_least_precedence, reverse=True):
realm ${realm | realm_regex} {
% for srv in inst['realms'][realm]['proxy_to']:
% if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        server ${srv}
% endif
% if servers[srv]['rad_pkt_type'] in ('acct', 'auth+acct'):
        accountingserver ${srv}-acct
% endif
% endfor
}
% endfor
% endif
#}}}
% endif
% endfor