radsecproxy.tpl 3.21 KB
Newer Older
1 2 3
## -*- coding: utf-8 -*-
<%!
import re
4 5
def percent_escape(text):
    return re.sub(r'%(?=[0-9A-Fa-f]{2})', r'%25', text)
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
def realm_regex(text):
    if text.find('*.') == 0:
        text = re.sub(r'\.', r'\\.', text)
        text = re.sub(r'\*(?=\\.)', r'.+', text)
        return '"/@%s$"' % text
    else:
        return text
def wildcard_realm_least_precedence(a, b):
    if a.find('*.') == 0 and b.find('*.') != 0:
        return -1
    elif b.find('*.') == 0 and a.find('*.') != 0:
        return 1
    else:
        return 0
%>\
% for inst in insts:
% if True in [c in inst for c in ['clients', 'realms']]:
#{{{${' ' + inst['id'] if 'id' in inst else ''}
% if inst['type'] in (2, 3) and 'clients' in inst:
% for client in inst['clients']:
26 27 28
% if 'seen' in clients[client]:
# client ${client} defined previously
% else:
29 30 31 32 33 34 35 36 37 38
rewrite rewrite-${client}-sp {
        include /etc/radsecproxy.conf.d/rewrite-default-sp.conf
% if 'id' in inst:
        addAttribute 126:1${inst['id']}
% endif
}
client ${client} {
        host ${clients[client]['host']}
        IPv4Only on
        type udp
39
        secret ${clients[client]['secret'] | percent_escape}
40 41 42 43 44 45
        fticksVISCOUNTRY GR
% if 'id' in inst:
        fticksVISINST 1${inst['id']}
% endif
        rewriteIn rewrite-${client}-sp
}
46 47 48 49
% endif
<%
clients[client]['seen'] = True
%>\
50 51 52 53 54 55 56 57 58 59 60 61 62
% endfor
% endif
% if inst['type'] in (1, 3) and 'realms' in inst:
<%doc>
The following one-liner does the equivalent of:

inst_servers = set()
for r in inst['realms']:
    if 'proxy_to' in inst['realms'][r]:
        inst_servers.update(inst['realms'][r]['proxy_to'])
for srv in inst_servers:
</%doc>\
% for srv in set([s for r in inst['realms'] for s in inst['realms'][r]['proxy_to'] if 'proxy_to' in inst['realms'][r]]):
63 64 65
% if 'seen' in servers[srv]:
# server ${srv} defined previously
% else:
66 67 68 69 70 71 72 73
rewrite rewrite-${srv}-idp {
        include /etc/radsecproxy.conf.d/rewrite-default-idp.conf
}
server ${srv}${'-acct' if servers[srv]['rad_pkt_type'] == 'acct' else ''} {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['auth_port'] if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct') else servers[srv]['acct_port']}
74
        secret ${servers[srv]['secret'] | percent_escape}
75 76 77 78 79 80 81 82 83 84 85
% if servers[srv]['status_server'] and servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% if servers[srv]['rad_pkt_type'] == 'auth+acct':
server ${srv}-acct {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['acct_port']}
86
        secret ${servers[srv]['secret'] | percent_escape}
87 88 89 90 91 92
% if servers[srv]['status_server']:
        #StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% endif
93 94 95 96
<%
servers[srv]['seen'] = True
%>\
% endif
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
% endfor
% for realm in sorted([r for r in inst['realms'] if 'proxy_to' in inst['realms'][r]], cmp=wildcard_realm_least_precedence, reverse=True):
realm ${realm | realm_regex} {
% for srv in inst['realms'][realm]['proxy_to']:
% if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        server ${srv}
% endif
% if servers[srv]['rad_pkt_type'] in ('acct', 'auth+acct'):
        accountingserver ${srv}-acct
% endif
% endfor
}
% endfor
% endif
#}}}
% endif
% endfor