radsecproxy.tpl 3.79 KB
Newer Older
1 2 3
## -*- coding: utf-8 -*-
<%!
import re
4 5
def percent_escape(text):
    return re.sub(r'%(?=[0-9A-Fa-f]{2})', r'%25', text)
6 7 8 9 10 11 12 13 14 15 16 17 18 19
def realm_regex(text):
    if text.find('*.') == 0:
        text = re.sub(r'\.', r'\\.', text)
        text = re.sub(r'\*(?=\\.)', r'.+', text)
        return '"/@%s$"' % text
    else:
        return text
def wildcard_realm_least_precedence(a, b):
    if a.find('*.') == 0 and b.find('*.') != 0:
        return -1
    elif b.find('*.') == 0 and a.find('*.') != 0:
        return 1
    else:
        return 0
20 21 22
def deduplicated_list(seq):
    seen = set()
    return [x for x in seq if not (x in seen or seen.add(x))]
23
%>\
24 25 26 27 28 29 30 31 32
<%
for inst in insts:
    if inst['type'] in (2, 3) and 'clients' in inst:
        for client in inst['clients']:
            if 'usecount' in clients[client]:
                clients[client]['usecount'] = clients[client]['usecount'] + 1
            else:
                clients[client]['usecount'] = 1
%>\
33 34 35 36 37
% for inst in insts:
% if True in [c in inst for c in ['clients', 'realms']]:
#{{{${' ' + inst['id'] if 'id' in inst else ''}
% if inst['type'] in (2, 3) and 'clients' in inst:
% for client in inst['clients']:
38 39 40
% if 'seen' in clients[client]:
# client ${client} defined previously
% else:
41 42
rewrite rewrite-${client}-sp {
        include /etc/radsecproxy.conf.d/rewrite-default-sp.conf
43
% if clients[client]['usecount'] == 1 and 'id' in inst:
44 45 46 47 48 49 50
        addAttribute 126:1${inst['id']}
% endif
}
client ${client} {
        host ${clients[client]['host']}
        IPv4Only on
        type udp
51
        secret ${clients[client]['secret'] | percent_escape}
52
        fticksVISCOUNTRY GR
53
% if clients[client]['usecount'] == 1 and 'id' in inst:
54 55 56 57
        fticksVISINST 1${inst['id']}
% endif
        rewriteIn rewrite-${client}-sp
}
58 59 60 61
% endif
<%
clients[client]['seen'] = True
%>\
62 63 64 65 66 67
% endfor
% endif
% if inst['type'] in (1, 3) and 'realms' in inst:
<%doc>
The following one-liner does the equivalent of:

68
inst_servers = []
69 70
for r in inst['realms']:
    if 'proxy_to' in inst['realms'][r]:
71 72 73
        inst_servers.append(inst['realms'][r]['proxy_to'])
# deduplicate like set, but preserve order
inst_servers = deduplicated_list(inst_servers)
74 75
for srv in inst_servers:
</%doc>\
76
% for srv in deduplicated_list([s for r in inst['realms'] for s in inst['realms'][r]['proxy_to'] if 'proxy_to' in inst['realms'][r]]):
77 78 79
% if 'seen' in servers[srv]:
# server ${srv} defined previously
% else:
80 81 82 83 84 85 86 87
rewrite rewrite-${srv}-idp {
        include /etc/radsecproxy.conf.d/rewrite-default-idp.conf
}
server ${srv}${'-acct' if servers[srv]['rad_pkt_type'] == 'acct' else ''} {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['auth_port'] if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct') else servers[srv]['acct_port']}
88
        secret ${servers[srv]['secret'] | percent_escape}
89 90 91 92 93 94 95 96 97 98 99
% if servers[srv]['status_server'] and servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% if servers[srv]['rad_pkt_type'] == 'auth+acct':
server ${srv}-acct {
        host ${servers[srv]['host']}
        IPv4Only on
        type udp
        port ${servers[srv]['acct_port']}
100
        secret ${servers[srv]['secret'] | percent_escape}
101 102 103 104 105 106
% if servers[srv]['status_server']:
        #StatusServer on
% endif
        rewriteIn rewrite-${srv}-idp
}
% endif
107 108 109 110
<%
servers[srv]['seen'] = True
%>\
% endif
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
% endfor
% for realm in sorted([r for r in inst['realms'] if 'proxy_to' in inst['realms'][r]], cmp=wildcard_realm_least_precedence, reverse=True):
realm ${realm | realm_regex} {
% for srv in inst['realms'][realm]['proxy_to']:
% if servers[srv]['rad_pkt_type'] in ('auth', 'auth+acct'):
        server ${srv}
% endif
% if servers[srv]['rad_pkt_type'] in ('acct', 'auth+acct'):
        accountingserver ${srv}-acct
% endif
% endfor
}
% endfor
% endif
#}}}
% endif
% endfor