opensourcemirror
/
opnsense-plugins
mirror of https://github.com/opnsense/plugins.git
1
0
Fork 0
Code Issues Releases Wiki Activity

net/radsecproxy: scrub whitespaces

This commit is contained in:
Franco Fichtner 2021-04-14 11:45:41 +02:00
parent 8bc1616baf
commit ee44f5d1e4
22 changed files with 1680 additions and 1678 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
LICENSE
View File

@ -30,6 +30,7 @@ Copyright (c) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
Copyright (c) 2017-2019 Smart-Soft
Copyright (c) 2013 Stanley P. Miller \ stan-qaz
Copyright (c) 2020 Starkstromkonsument
Copyright (c) 2020 Tobias Boehnert
Copyright (c) 2010 Yehuda Katz
Copyright (c) 2015 YoungJoo.Kim <vozltx@gmail.com>
Copyright (c) 2020 devNan0 <nan0@nan0.dev>

1
README.md
View File

@ -56,6 +56,7 @@ net/haproxy -- Reliable, high performance TCP/HTTP load balancer
net/igmp-proxy -- IGMP-Proxy Service
net/mdns-repeater -- Proxy multicast DNS between networks
net/ntopng -- Traffic Analysis and Flow Collection
net/radsecproxy -- RADIUS proxy provides both RADIUS UDP and TCP/TLS (RadSec) transport (development only)
net/relayd -- Relayd Load Balancer
net/shadowsocks -- Secure socks5 proxy
net/siproxd -- Siproxd is a proxy daemon for the SIP protocol

4
net/radsecproxy/src/etc/rc.d/os-radsecproxy
View File

@ -31,13 +31,13 @@ command_args="-c /usr/local/etc/radsecproxy.conf -i ${pidfile}"
start_precmd="radsecproxy_prestart"
stop_postcmd="radsecproxy_poststop"
radsecproxy_prestart()
radsecproxy_prestart()
{
mkdir -p $(dirname $pidfile)
chown ${user}:${group} $(dirname $pidfile)
}
radsecproxy_poststop()
radsecproxy_poststop()
{
rm -f ${pidfile}
}

192
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/dialogClient.xml
View File

@ -1,96 +1,96 @@
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>client.enabled</id>
<label>Enable Client</label>
<type>checkbox</type>
<help>Allow connections from this client</help>
</field>
<field>
<id>client.identifier</id>
<label>Unique identifier</label>
<type>text</type>
<help>Unique identifier for this client</help>
</field>
<field>
<id>client.description</id>
<label>Description</label>
<type>text</type>
<help>Short description of this client</help>
</field>
<field>
<id>client.host</id>
<label>IP / Net</label>
<type>text</type>
<help>The client's IP or net</help>
</field>
<field>
<id>client.type</id>
<label>Type</label>
<type>dropdown</type>
<help>Choose the type of client. Default Radius-clients use UDP.</help>
</field>
<field>
<id>client.secret</id>
<label>Secret</label>
<type>text</type>
<help>The shared RADIUS key with this client. This option is optional for TLS/DTLS and if omitted will default to "radsec". (Note that using a secret other than "radsec" for TLS is a violation of the standard (RFC 6614) and that the proposed standard for DTLS stipulates that the secret must be "radius/dtls".)</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>client.tlsConfig</id>
<label>TLS-Config</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS client you may also specify the tls option. The option value must be the name of a previously defined TLS block. If this option is not specified, the TLS block with the name defaultClient or default will be used if defined (in that order). If the specified TLS block name does not exist, or the option is not specified and none of the defaults exist, the proxy will exit with an error.</help>
</field>
<field>
<id>client.certificateNameCheck</id>
<label>Certificate-Name-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS server, disable the default behaviour of matching CN or SubjectAltName against the specified hostname or IP address.</help>
</field>
<field>
<id>client.matchCertificateAttribute</id>
<label>Match Certificate-Attribute</label>
<advanced>true</advanced>
<type>text</type>
<help>Perform additional validation of certificate attributes (CN | SubjectAltName:URI | SubjectAltName:DNS). Currently matching of CN and SubjectAltName types URI DNS and IP is supported.</help>
</field>
<field>
<id>client.rewriteIn</id>
<label>Rewrite incoming requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages from this client. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
<field>
<id>client.rewriteOut</id>
<label>Rewrite outgoing requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages from this client. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
</form>
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>client.enabled</id>
<label>Enable Client</label>
<type>checkbox</type>
<help>Allow connections from this client</help>
</field>
<field>
<id>client.identifier</id>
<label>Unique identifier</label>
<type>text</type>
<help>Unique identifier for this client</help>
</field>
<field>
<id>client.description</id>
<label>Description</label>
<type>text</type>
<help>Short description of this client</help>
</field>
<field>
<id>client.host</id>
<label>IP / Net</label>
<type>text</type>
<help>The client's IP or net</help>
</field>
<field>
<id>client.type</id>
<label>Type</label>
<type>dropdown</type>
<help>Choose the type of client. Default Radius-clients use UDP.</help>
</field>
<field>
<id>client.secret</id>
<label>Secret</label>
<type>text</type>
<help>The shared RADIUS key with this client. This option is optional for TLS/DTLS and if omitted will default to "radsec". (Note that using a secret other than "radsec" for TLS is a violation of the standard (RFC 6614) and that the proposed standard for DTLS stipulates that the secret must be "radius/dtls".)</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>client.tlsConfig</id>
<label>TLS-Config</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS client you may also specify the tls option. The option value must be the name of a previously defined TLS block. If this option is not specified, the TLS block with the name defaultClient or default will be used if defined (in that order). If the specified TLS block name does not exist, or the option is not specified and none of the defaults exist, the proxy will exit with an error.</help>
</field>
<field>
<id>client.certificateNameCheck</id>
<label>Certificate-Name-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS server, disable the default behaviour of matching CN or SubjectAltName against the specified hostname or IP address.</help>
</field>
<field>
<id>client.matchCertificateAttribute</id>
<label>Match Certificate-Attribute</label>
<advanced>true</advanced>
<type>text</type>
<help>Perform additional validation of certificate attributes (CN | SubjectAltName:URI | SubjectAltName:DNS). Currently matching of CN and SubjectAltName types URI DNS and IP is supported.</help>
</field>
<field>
<id>client.rewriteIn</id>
<label>Rewrite incoming requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages from this client. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
<field>
<id>client.rewriteOut</id>
<label>Rewrite outgoing requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages from this client. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
</form>

142
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/dialogRealm.xml
View File

@ -1,71 +1,71 @@
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>realm.enabled</id>
<label>Enable Realm</label>
<type>checkbox</type>
<help>Enable this realm</help>
</field>
<field>
<id>realm.realm</id>
<label>Realm</label>
<type>text</type>
<help>* | realm | /regex/</help>
</field>
<field>
<id>realm.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this realm and its target</help>
</field>
<field>
<type>section_title</type>
<label>Authentication</label>
</field>
<field>
<id>realm.server</id>
<label>Server</label>
<type>select_multiple</type>
<sortable>true</sortable>
<style>tokenize</style>
<help>If not configured, the proxy will deny all Access-Requests for this realm.</help>
</field>
<field>
<id>realm.replyMessage</id>
<label>Reply-Message</label>
<type>text</type>
<help><![CDATA[Specify a message to be sent back to the client if a Access-Request is denied because no <b>server</b> is configured.]]></help>
</field>
<field>
<type>section_title</type>
<label>Accounting</label>
</field>
<field>
<id>realm.accountingServer</id>
<label>Accounting-Server</label>
<type>select_multiple</type>
<sortable>true</sortable>
<style>tokenize</style>
<help>If not configured, the proxy will silently ignore all Accounting-Requests for this realm.</help>
</field>
<field>
<id>realm.accountingResponse</id>
<label>Accounting-Response</label>
<type>dropdown</type>
<help><![CDATA[Enable sending Accounting-Response instead of ignoring Accounting-Requests when no <b>accoutingServer</b> is configured.]]></help>
</field>
</form>
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>realm.enabled</id>
<label>Enable Realm</label>
<type>checkbox</type>
<help>Enable this realm</help>
</field>
<field>
<id>realm.realm</id>
<label>Realm</label>
<type>text</type>
<help>* | realm | /regex/</help>
</field>
<field>
<id>realm.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this realm and its target</help>
</field>
<field>
<type>section_title</type>
<label>Authentication</label>
</field>
<field>
<id>realm.server</id>
<label>Server</label>
<type>select_multiple</type>
<sortable>true</sortable>
<style>tokenize</style>
<help>If not configured, the proxy will deny all Access-Requests for this realm.</help>
</field>
<field>
<id>realm.replyMessage</id>
<label>Reply-Message</label>
<type>text</type>
<help><![CDATA[Specify a message to be sent back to the client if a Access-Request is denied because no <b>server</b> is configured.]]></help>
</field>
<field>
<type>section_title</type>
<label>Accounting</label>
</field>
<field>
<id>realm.accountingServer</id>
<label>Accounting-Server</label>
<type>select_multiple</type>
<sortable>true</sortable>
<style>tokenize</style>
<help>If not configured, the proxy will silently ignore all Accounting-Requests for this realm.</help>
</field>
<field>
<id>realm.accountingResponse</id>
<label>Accounting-Response</label>
<type>dropdown</type>
<help><![CDATA[Enable sending Accounting-Response instead of ignoring Accounting-Requests when no <b>accoutingServer</b> is configured.]]></help>
</field>
</form>

202
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/dialogRewrite.xml
View File

@ -1,101 +1,101 @@
<form>
<field>
<id>rewrite.enabled</id>
<label>Enable rewrite-rule</label>
<type>checkbox</type>
<help>Use this rule</help>
</field>
<field>
<id>rewrite.name</id>
<label>Name</label>
<type>text</type>
<help>Unique name for this rule</help>
</field>
<field>
<id>rewrite.description</id>
<label>Description</label>
<type>text</type>
<help>Short description of this rule</help>
</field>
<field>
<id>rewrite.addAttributes</id>
<label>Add attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:value</i>, one per line<br/>Add an attribute to the radius message and set it to value. The attribute must be specified using the numerical attribute id. The value can either be numerical, a string, or a hex value. If the value starts with a number, it is interpreted as a 32bit unsigned integer. Use the character at the start of the value to force string interpretation. When using hex value, it is recommended to also lead with to avoid unintended numeric interpretation. See the CONFIGURATION SYNTAX section for further details.]]></help>
</field>
<field>
<id>rewrite.addVendorAttributes</id>
<label>Add vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:value</i>, one per line<br/>Add a vendor attribute to the radius message, specified by vendor and subattribute. Both vendor and subattribute must be specified as numerical values. The format of value is the same as for addAttribute above.]]></help>
</field>
<field>
<id>rewrite.supplementAttributes</id>
<label>Add supplement-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:value</i>, one per line<br/>Add an attribute to the radius message and set it to value, only if the attribute is not yet present on the message. The format of value is the same as for addAttribute above.]]></help>
</field>
<field>
<id>rewrite.supplementVendorAttributes</id>
<label>Add supplement-vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:value</i>, one per line<br/>Add a vendor attribute to the radius message only if the subattribute of this vendor is not yet present on the message. The format of is the same as for addVendorAttribute above.]]></help>
</field>
<field>
<id>rewrite.modifyAttributes</id>
<label>Modify attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:/regex/replace/</i>, one per line<br/>Modify the given attribute using the regex replace pattern. As above, attribute must be specified by a numerical value. Example usage: modifyAttribute 1:/^(.*)@local$/\1@example.com/]]></help>
</field>
<field>
<id>rewrite.modifyVendorAttributes</id>
<label>Modify vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:/regex/replace/</i>, one per line<br/>Modify the given subattribute of given vendor using the regex replace pattern. Other than the added vendor, the same syntax as for ModifyAttribute applies.]]></help>
</field>
<field>
<id>rewrite.removeAttributes</id>
<label>Remove attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute</i>, one per line<br/>Remove all attributes with the given id.]]></help>
</field>
<field>
<id>rewrite.removeVendorAttributes</id>
<label>Remove vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor[:subattribute]</i>, one per line<br/>Remove all vendor attributes that match the given vendor and subattribute. If the subattribute is omitted, all attributes with the given vendor id are removed.]]></help>
</field>
<field>
<id>rewrite.whitelistMode</id>
<label>Whitelist-mode</label>
<type>dropdown</type>
<help><![CDATA[Enable whitelist mode. All attributes except those configured with <b>WhitelistAttribute</b> or <b>WhitelistVendorAttribute</b> will be removed. While whitelist mode is active, <b>RemoveAttribute</b> and <b>RemoveVendorAttribute</b> statements are ignored.]]></help>
</field>
<field>
<id>rewrite.whitelistAttributes</id>
<label>Whitelist attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute</i>, one per line<br/>Do not remove attributes with the given id when WhitelistMode is on. Ignored otherwise.]]></help>
</field>
<field>
<id>rewrite.whitelistVendorAttributes</id>
<label>Whitelist vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor[:subattribute]</i>, one per line<br/>Do not remove vendor attributes that match the given vendor and subattribute when WhitelistMode is on. Ignored otherwise. If the subattribute is omitted, the complete vendor attribute is whitelisted. Otherwise only the specified subattribute is kept but all other subattributes are removed.]]></help>
</field>
</form>
<form>
<field>
<id>rewrite.enabled</id>
<label>Enable rewrite-rule</label>
<type>checkbox</type>
<help>Use this rule</help>
</field>
<field>
<id>rewrite.name</id>
<label>Name</label>
<type>text</type>
<help>Unique name for this rule</help>
</field>
<field>
<id>rewrite.description</id>
<label>Description</label>
<type>text</type>
<help>Short description of this rule</help>
</field>
<field>
<id>rewrite.addAttributes</id>
<label>Add attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:value</i>, one per line<br/>Add an attribute to the radius message and set it to value. The attribute must be specified using the numerical attribute id. The value can either be numerical, a string, or a hex value. If the value starts with a number, it is interpreted as a 32bit unsigned integer. Use the character at the start of the value to force string interpretation. When using hex value, it is recommended to also lead with to avoid unintended numeric interpretation. See the CONFIGURATION SYNTAX section for further details.]]></help>
</field>
<field>
<id>rewrite.addVendorAttributes</id>
<label>Add vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:value</i>, one per line<br/>Add a vendor attribute to the radius message, specified by vendor and subattribute. Both vendor and subattribute must be specified as numerical values. The format of value is the same as for addAttribute above.]]></help>
</field>
<field>
<id>rewrite.supplementAttributes</id>
<label>Add supplement-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:value</i>, one per line<br/>Add an attribute to the radius message and set it to value, only if the attribute is not yet present on the message. The format of value is the same as for addAttribute above.]]></help>
</field>
<field>
<id>rewrite.supplementVendorAttributes</id>
<label>Add supplement-vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:value</i>, one per line<br/>Add a vendor attribute to the radius message only if the subattribute of this vendor is not yet present on the message. The format of is the same as for addVendorAttribute above.]]></help>
</field>
<field>
<id>rewrite.modifyAttributes</id>
<label>Modify attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute:/regex/replace/</i>, one per line<br/>Modify the given attribute using the regex replace pattern. As above, attribute must be specified by a numerical value. Example usage: modifyAttribute 1:/^(.*)@local$/\1@example.com/]]></help>
</field>
<field>
<id>rewrite.modifyVendorAttributes</id>
<label>Modify vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor:subattribute:/regex/replace/</i>, one per line<br/>Modify the given subattribute of given vendor using the regex replace pattern. Other than the added vendor, the same syntax as for ModifyAttribute applies.]]></help>
</field>
<field>
<id>rewrite.removeAttributes</id>
<label>Remove attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute</i>, one per line<br/>Remove all attributes with the given id.]]></help>
</field>
<field>
<id>rewrite.removeVendorAttributes</id>
<label>Remove vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor[:subattribute]</i>, one per line<br/>Remove all vendor attributes that match the given vendor and subattribute. If the subattribute is omitted, all attributes with the given vendor id are removed.]]></help>
</field>
<field>
<id>rewrite.whitelistMode</id>
<label>Whitelist-mode</label>
<type>dropdown</type>
<help><![CDATA[Enable whitelist mode. All attributes except those configured with <b>WhitelistAttribute</b> or <b>WhitelistVendorAttribute</b> will be removed. While whitelist mode is active, <b>RemoveAttribute</b> and <b>RemoveVendorAttribute</b> statements are ignored.]]></help>
</field>
<field>
<id>rewrite.whitelistAttributes</id>
<label>Whitelist attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>attribute</i>, one per line<br/>Do not remove attributes with the given id when WhitelistMode is on. Ignored otherwise.]]></help>
</field>
<field>
<id>rewrite.whitelistVendorAttributes</id>
<label>Whitelist vendor-attribute(s)</label>
<type>textbox</type>
<help><![CDATA[<i>vendor[:subattribute]</i>, one per line<br/>Do not remove vendor attributes that match the given vendor and subattribute when WhitelistMode is on. Ignored otherwise. If the subattribute is omitted, the complete vendor attribute is whitelisted. Otherwise only the specified subattribute is kept but all other subattributes are removed.]]></help>
</field>
</form>

204
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/dialogServer.xml
View File

@ -1,102 +1,102 @@
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>server.identifier</id>
<label>Unique identifier</label>
<type>text</type>
<help>Unique identifier for this server</help>
</field>
<field>
<id>server.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this server</help>
</field>
<field>
<id>server.host</id>
<label>Hostname / IP</label>
<type>text</type>
<help>The server's IP or hostname to connect to</help>
</field>
<field>
<id>server.port</id>
<label>Port</label>
<type>text</type>
<help>The port (UDP/TCP) to connect to. If omitted, UDP and TCP will default to 1812 while TLS and DTLS will default to 2083.</help>
</field>
<field>
<id>server.statusServer</id>
<label>Status-Server</label>
<type>dropdown</type>
<help><![CDATA[Enable the use of status-server messages for this server (default <b>off</b>). If statusserver is enabled (<b>on</b>), the proxy will send regular status-server messages to the server to verify that it is alive. Status tracking of the server will solely depend on status-server message and ignore lost requests. This should only be enabled if the server supports it. With the option <b>minimal</b> status-server messages are only sent when regular requests have been lost and no other replies have been received.]]></help>
</field>
<field>
<id>server.type</id>
<label>Type</label>
<type>dropdown</type>
<help>Choose the type of server. Default Radius-clients use UDP.</help>
</field>
<field>
<id>server.secret</id>
<label>Secret</label>
<type>text</type>
<help>The shared RADIUS key with this server. This option is optional for TLS/DTLS and if omitted will default to "radsec". (Note that using a secret other than "radsec" for TLS is a violation of the standard (RFC 6614) and that the proposed standard for DTLS stipulates that the secret must be "radius/dtls".)</help>
</field>
<field>
<id>server.tlsConfig</id>
<label>TLS-Config</label>
<type>dropdown</type>
<help>For a TLS/DTLS client you may also specify the tls option. The option value must be the name of a previously defined TLS block. If this option is not specified, the TLS block with the name defaultClient or default will be used if defined (in that order). If the specified TLS block name does not exist, or the option is not specified and none of the defaults exist, the proxy will exit with an error.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>server.certificateNameCheck</id>
<label>Certificate-Name-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS server, disable the default behaviour of matching CN or SubjectAltName against the specified hostname or IP address.</help>
</field>
<field>
<id>server.matchCertificateAttribute</id>
<label>Match Certificate-Attribute</label>
<advanced>true</advanced>
<type>text</type>
<help>Perform additional validation of certificate attributes (CN | SubjectAltName:URI | SubjectAltName:DNS). Currently matching of CN and SubjectAltName types URI DNS and IP is supported. Note that currently this option can only be specified once in a client block.</help>
</field>
<field>
<id>server.rewriteIn</id>
<label>Rewrite incoming requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages for this server. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
<field>
<id>server.rewriteOut</id>
<label>Rewrite outgoing requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages for this server. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
</form>
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>server.identifier</id>
<label>Unique identifier</label>
<type>text</type>
<help>Unique identifier for this server</help>
</field>
<field>
<id>server.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this server</help>
</field>
<field>
<id>server.host</id>
<label>Hostname / IP</label>
<type>text</type>
<help>The server's IP or hostname to connect to</help>
</field>
<field>
<id>server.port</id>
<label>Port</label>
<type>text</type>
<help>The port (UDP/TCP) to connect to. If omitted, UDP and TCP will default to 1812 while TLS and DTLS will default to 2083.</help>
</field>
<field>
<id>server.statusServer</id>
<label>Status-Server</label>
<type>dropdown</type>
<help><![CDATA[Enable the use of status-server messages for this server (default <b>off</b>). If statusserver is enabled (<b>on</b>), the proxy will send regular status-server messages to the server to verify that it is alive. Status tracking of the server will solely depend on status-server message and ignore lost requests. This should only be enabled if the server supports it. With the option <b>minimal</b> status-server messages are only sent when regular requests have been lost and no other replies have been received.]]></help>
</field>
<field>
<id>server.type</id>
<label>Type</label>
<type>dropdown</type>
<help>Choose the type of server. Default Radius-clients use UDP.</help>
</field>
<field>
<id>server.secret</id>
<label>Secret</label>
<type>text</type>
<help>The shared RADIUS key with this server. This option is optional for TLS/DTLS and if omitted will default to "radsec". (Note that using a secret other than "radsec" for TLS is a violation of the standard (RFC 6614) and that the proposed standard for DTLS stipulates that the secret must be "radius/dtls".)</help>
</field>
<field>
<id>server.tlsConfig</id>
<label>TLS-Config</label>
<type>dropdown</type>
<help>For a TLS/DTLS client you may also specify the tls option. The option value must be the name of a previously defined TLS block. If this option is not specified, the TLS block with the name defaultClient or default will be used if defined (in that order). If the specified TLS block name does not exist, or the option is not specified and none of the defaults exist, the proxy will exit with an error.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>server.certificateNameCheck</id>
<label>Certificate-Name-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help>For a TLS/DTLS server, disable the default behaviour of matching CN or SubjectAltName against the specified hostname or IP address.</help>
</field>
<field>
<id>server.matchCertificateAttribute</id>
<label>Match Certificate-Attribute</label>
<advanced>true</advanced>
<type>text</type>
<help>Perform additional validation of certificate attributes (CN | SubjectAltName:URI | SubjectAltName:DNS). Currently matching of CN and SubjectAltName types URI DNS and IP is supported. Note that currently this option can only be specified once in a client block.</help>
</field>
<field>
<id>server.rewriteIn</id>
<label>Rewrite incoming requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages for this server. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
<field>
<id>server.rewriteOut</id>
<label>Rewrite outgoing requests</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Apply the operations in the specified rewrite block on incoming (request) or outgoing (response) messages for this server. Rewriting incoming messages is done before, outgoing after other processing. If the <b>RewriteIn</b> is not configured, the rewrite blocks <b>defaultClient</b> or <b>default</b> will be applied if defined. No default blocks are applied for <b>RewriteOut</b>.]]></help>
</field>
</form>

136
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/dialogTls.xml
View File

@ -1,68 +1,68 @@
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>tlsConfig.name</id>
<label>Unique name</label>
<type>text</type>
<help>This TLS-config's unique name</help>
</field>
<field>
<id>tlsConfig.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this TLS-config</help>
</field>
<field>
<id>tlsConfig.caCertificateRefId</id>
<label>CA-certificate</label>
<type>dropdown</type>
<help>The CA certificate file used to verify the peers certificate.</help>
</field>
<field>
<id>tlsConfig.proxyCertificateRefId</id>
<label>This server's certificate</label>
<type>dropdown</type>
<help>The server certificate this proxy will use. The file may also contain a certificate chain.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>tlsConfig.policyOids</id>
<label>Policy OIDs</label>
<advanced>true</advanced>
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help>Require the peers certificate to adhere to the policy specified by this oid / these oids.</help>
</field>
<field>
<id>tlsConfig.crlCheck</id>
<label>CRL-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Enable checking peer certificate against the CRL (default off). Note that radsecproxy does not fetch the CRLs itslef. This has to be done separately, e.g. with <b>fetch-crl</b>.]]></help>
</field>
<field>
<id>tlsConfig.cacheExpiry</id>
<label>Cache Expiry (seconds)</label>
<advanced>true</advanced>
<type>text</type>
<help>Specify how many seconds the CA and CRL information should be cached. By default, the CA and CRL are loaded at startup and cached indefinetely. This option may be set to zero to disable caching.</help>
</field>
</form>
<form>
<field>
<type>section_title</type>
<label>General</label>
</field>
<field>
<id>tlsConfig.name</id>
<label>Unique name</label>
<type>text</type>
<help>This TLS-config's unique name</help>
</field>
<field>
<id>tlsConfig.description</id>
<label>Description</label>
<type>text</type>
<help>Short description to identify this TLS-config</help>
</field>
<field>
<id>tlsConfig.caCertificateRefId</id>
<label>CA-certificate</label>
<type>dropdown</type>
<help>The CA certificate file used to verify the peers certificate.</help>
</field>
<field>
<id>tlsConfig.proxyCertificateRefId</id>
<label>This server's certificate</label>
<type>dropdown</type>
<help>The server certificate this proxy will use. The file may also contain a certificate chain.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<id>tlsConfig.policyOids</id>
<label>Policy OIDs</label>
<advanced>true</advanced>
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help>Require the peers certificate to adhere to the policy specified by this oid / these oids.</help>
</field>
<field>
<id>tlsConfig.crlCheck</id>
<label>CRL-Check</label>
<advanced>true</advanced>
<type>dropdown</type>
<help><![CDATA[Enable checking peer certificate against the CRL (default off). Note that radsecproxy does not fetch the CRLs itslef. This has to be done separately, e.g. with <b>fetch-crl</b>.]]></help>
</field>
<field>
<id>tlsConfig.cacheExpiry</id>
<label>Cache Expiry (seconds)</label>
<advanced>true</advanced>
<type>text</type>
<help>Specify how many seconds the CA and CRL information should be cached. By default, the CA and CRL are loaded at startup and cached indefinetely. This option may be set to zero to disable caching.</help>
</field>
</form>

242
net/radsecproxy/src/opnsense/mvc/app/controllers/OPNsense/RadSecProxy/forms/general.xml
View File

@ -1,121 +1,121 @@
<form>
<field>
<id>radsecproxy.general.enabled</id>
<label>Enable RadSecProxy</label>
<type>checkbox</type>
</field>
<field>
<id>radsecproxy.general.logLevel</id>
<label>Loglevel</label>
<type>dropdown</type>
<help>This option specifies the debug level. It must be set to 1, 2, 3, 4 or 5, where 1 logs only serious errors, and 5 logs everything. The default is 2 which logs errors, warnings and a few informational messages.</help>
</field>
<field>
<id>radsecproxy.general.logFullUsername</id>
<label>Log full username</label>
<type>dropdown</type>
<help>This can be set to off to only log the realm in Access-Accept/Reject log messages (for privacy).</help>
</field>
<field>
<id>radsecproxy.general.logMac</id>
<label>Log MAC</label>
<type>dropdown</type>
<help><![CDATA[The LogMAC option can be used to control if and how Calling-Station-Id (the users Ethernet MAC address) is being logged. It can be set to one of <b>Static</b>, <b>Original</b>, <b>VendorHashed</b>, <b>VendorKeyHashed</b>, <b>FullyHashed</b> or <b>FullyKeyHashed</b>. The default value for LogMAC is <b>Original</b>.]]></help>
</field>
<field>
<id>radsecproxy.general.loopPrevention</id>
<label>Loop-prevention</label>
<type>dropdown</type>
<help>When this is enabled (on), a request will never be sent to a server named the same as the client it was received from. I.e., the names of the client block and the server block are compared. Note that this only gives limited protection against loops. It can be used as a basic option and inside server blocks where it overrides the basic setting.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<type>section_title</type>
<label>Listening IPs and Ports</label>
<advanced>true</advanced>
<help>Listen for the address and port for the respective protocol. Normally the proxy will listen to the standard ports if configured to handle clients with the respective protocol. The default ports are 1812 for UDP and TCP and 2083 for TLS and DTLS. On most systems it will do this for all of the systems IP addresses (both IPv4 and IPv6). On some systems however, it may respond to only IPv4 or only IPv6. To specify an alternate port you may use a value on the form *:port where port is any valid port number. If you also want to specify a specific address you can do e.g. 192.168.1.1:1812 or [2001:db8::1]:1812. The port may be omitted if you want the default one. Note that you must use brackets around the IPv6 address. These options may be specified multiple times to listen to multiple addresses and/or ports for each protocol.</help>
</field>
<field>
<id>radsecproxy.general.listenUdp</id>
<label>Listen UDP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenTcp</id>
<label>Listen TCP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenTls</id>
<label>Listen TLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenDtls</id>
<label>Listen DTLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<type>section_title</type>
<label>Source IPs and Ports</label>
<advanced>true</advanced>
<help>This can be used to specify source address and/or source port that the proxy will use for connecting to clients to send messages (e.g. Access Request). The same syntax as for Listen... applies.</help>
</field>
<field>
<id>radsecproxy.general.sourceUdp</id>
<label>Source UDP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceTcp</id>
<label>Source TCP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceTls</id>
<label>Source TLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceDtls</id>
<label>Source DTLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
</form>
<form>
<field>
<id>radsecproxy.general.enabled</id>
<label>Enable RadSecProxy</label>
<type>checkbox</type>
</field>
<field>
<id>radsecproxy.general.logLevel</id>
<label>Loglevel</label>
<type>dropdown</type>
<help>This option specifies the debug level. It must be set to 1, 2, 3, 4 or 5, where 1 logs only serious errors, and 5 logs everything. The default is 2 which logs errors, warnings and a few informational messages.</help>
</field>
<field>
<id>radsecproxy.general.logFullUsername</id>
<label>Log full username</label>
<type>dropdown</type>
<help>This can be set to off to only log the realm in Access-Accept/Reject log messages (for privacy).</help>
</field>
<field>
<id>radsecproxy.general.logMac</id>
<label>Log MAC</label>
<type>dropdown</type>
<help><![CDATA[The LogMAC option can be used to control if and how Calling-Station-Id (the users Ethernet MAC address) is being logged. It can be set to one of <b>Static</b>, <b>Original</b>, <b>VendorHashed</b>, <b>VendorKeyHashed</b>, <b>FullyHashed</b> or <b>FullyKeyHashed</b>. The default value for LogMAC is <b>Original</b>.]]></help>
</field>
<field>
<id>radsecproxy.general.loopPrevention</id>
<label>Loop-prevention</label>
<type>dropdown</type>
<help>When this is enabled (on), a request will never be sent to a server named the same as the client it was received from. I.e., the names of the client block and the server block are compared. Note that this only gives limited protection against loops. It can be used as a basic option and inside server blocks where it overrides the basic setting.</help>
</field>
<field>
<type>section_title</type>
<label>Advanced settings</label>
<advanced>true</advanced>
</field>
<field>
<type>section_title</type>
<label>Listening IPs and Ports</label>
<advanced>true</advanced>
<help>Listen for the address and port for the respective protocol. Normally the proxy will listen to the standard ports if configured to handle clients with the respective protocol. The default ports are 1812 for UDP and TCP and 2083 for TLS and DTLS. On most systems it will do this for all of the systems IP addresses (both IPv4 and IPv6). On some systems however, it may respond to only IPv4 or only IPv6. To specify an alternate port you may use a value on the form *:port where port is any valid port number. If you also want to specify a specific address you can do e.g. 192.168.1.1:1812 or [2001:db8::1]:1812. The port may be omitted if you want the default one. Note that you must use brackets around the IPv6 address. These options may be specified multiple times to listen to multiple addresses and/or ports for each protocol.</help>
</field>
<field>
<id>radsecproxy.general.listenUdp</id>
<label>Listen UDP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenTcp</id>
<label>Listen TCP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenTls</id>
<label>Listen TLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.listenDtls</id>
<label>Listen DTLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<type>section_title</type>
<label>Source IPs and Ports</label>
<advanced>true</advanced>
<help>This can be used to specify source address and/or source port that the proxy will use for connecting to clients to send messages (e.g. Access Request). The same syntax as for Listen... applies.</help>
</field>
<field>
<id>radsecproxy.general.sourceUdp</id>
<label>Source UDP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceTcp</id>
<label>Source TCP</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceTls</id>
<label>Source TLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
<field>
<id>radsecproxy.general.sourceDtls</id>
<label>Source DTLS</label>
<type>text</type>
<advanced>true</advanced>
<help><![CDATA[Format: (address|*)[:port]]]></help>
</field>
</form>

24
net/radsecproxy/src/opnsense/mvc/app/models/OPNsense/RadSecProxy/Menu/Menu.xml
View File

@ -1,12 +1,12 @@
<menu>
<Services>
<RadSecProxy VisibleName="RadSecProxy" cssClass="fa fa-shield fa-fw">
<Basic VisibleName="General" order="10" url="/ui/radsecproxy/general" />
<Clients VisibleName="Clients" order="20" url="/ui/radsecproxy/clients" />
<Servers VisibleName="Servers" order="30" url="/ui/radsecproxy/servers" />
<Realms VisibleName="Realms" order="40" url="/ui/radsecproxy/realms" />
<Tls VisibleName="TLS" order="50" url="/ui/radsecproxy/tls" />
<Rewrites VisibleName="Rewrite-Rules" order="60" url="/ui/radsecproxy/rewrites" />
</RadSecProxy>
</Services>
</menu>
<menu>
<Services>
<RadSecProxy VisibleName="RadSecProxy" cssClass="fa fa-shield fa-fw">
<Basic VisibleName="General" order="10" url="/ui/radsecproxy/general" />
<Clients VisibleName="Clients" order="20" url="/ui/radsecproxy/clients" />
<Servers VisibleName="Servers" order="30" url="/ui/radsecproxy/servers" />
<Realms VisibleName="Realms" order="40" url="/ui/radsecproxy/realms" />
<Tls VisibleName="TLS" order="50" url="/ui/radsecproxy/tls" />
<Rewrites VisibleName="Rewrite-Rules" order="60" url="/ui/radsecproxy/rewrites" />
</RadSecProxy>
</Services>
</menu>

1028
net/radsecproxy/src/opnsense/mvc/app/models/OPNsense/RadSecProxy/RadSecProxy.xml
View File

File diff suppressed because it is too large Load Diff

112
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/clients.volt
View File

@ -1,56 +1,56 @@
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/clients/searchItem/',
get:'/api/radsecproxy/clients/getItem/',
set:'/api/radsecproxy/clients/setItem/',
add:'/api/radsecproxy/clients/addItem/',
del:'/api/radsecproxy/clients/delItem/',
toggle:'/api/radsecproxy/clients/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogClient">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="host" data-type="string">{{ lang._('Host') }}</th>
<th data-column-id="identifier" data-type="string">{{ lang._('Identifier') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogClient,'id':'DialogClient','label':lang._('Edit client')])}}
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/clients/searchItem/',
get:'/api/radsecproxy/clients/getItem/',
set:'/api/radsecproxy/clients/setItem/',
add:'/api/radsecproxy/clients/addItem/',
del:'/api/radsecproxy/clients/delItem/',
toggle:'/api/radsecproxy/clients/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogClient">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="host" data-type="string">{{ lang._('Host') }}</th>
<th data-column-id="identifier" data-type="string">{{ lang._('Identifier') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogClient,'id':'DialogClient','label':lang._('Edit client')])}}

62
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/general.volt
View File

@ -1,31 +1,31 @@
<script type="text/javascript">
$( document ).ready(function() {
var data_get_map = {'frm_GeneralSettings':"/api/radsecproxy/general/get"};
mapDataToFormUI(data_get_map).done(function(data){
$('.selectpicker').selectpicker('refresh');
});
updateServiceControlUI('radsecproxy');
// link save button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
saveFormToEndpoint(url="/api/radsecproxy/general/set",formid='frm_GeneralSettings',callback_ok=function(){
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
});
</script>
<div class="content-box" style="padding-bottom: 1.5em;">
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_GeneralSettings'])}}
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b> <i id="saveAct_progress"></i></button>
</div>
</div>
<script type="text/javascript">
$( document ).ready(function() {
var data_get_map = {'frm_GeneralSettings':"/api/radsecproxy/general/get"};
mapDataToFormUI(data_get_map).done(function(data){
$('.selectpicker').selectpicker('refresh');
});
updateServiceControlUI('radsecproxy');
// link save button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
saveFormToEndpoint(url="/api/radsecproxy/general/set",formid='frm_GeneralSettings',callback_ok=function(){
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
});
</script>
<div class="content-box" style="padding-bottom: 1.5em;">
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_GeneralSettings'])}}
<div class="col-md-12">
<hr />
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b> <i id="saveAct_progress"></i></button>
</div>
</div>

108
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/realms.volt
View File

@ -1,54 +1,54 @@
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/realms/searchItem/',
get:'/api/radsecproxy/realms/getItem/',
set:'/api/radsecproxy/realms/setItem/',
add:'/api/radsecproxy/realms/addItem/',
del:'/api/radsecproxy/realms/delItem/',
toggle:'/api/radsecproxy/realms/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogRealm">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="realm" data-type="string">{{ lang._('Realm') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogRealm,'id':'DialogRealm','label':lang._('Edit realm')])}}
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/realms/searchItem/',
get:'/api/radsecproxy/realms/getItem/',
set:'/api/radsecproxy/realms/setItem/',
add:'/api/radsecproxy/realms/addItem/',
del:'/api/radsecproxy/realms/delItem/',
toggle:'/api/radsecproxy/realms/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogRealm">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="realm" data-type="string">{{ lang._('Realm') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogRealm,'id':'DialogRealm','label':lang._('Edit realm')])}}

108
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/rewrites.volt
View File

@ -1,54 +1,54 @@
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/rewrites/searchItem/',
get:'/api/radsecproxy/rewrites/getItem/',
set:'/api/radsecproxy/rewrites/setItem/',
add:'/api/radsecproxy/rewrites/addItem/',
del:'/api/radsecproxy/rewrites/delItem/',
toggle:'/api/radsecproxy/rewrites/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogRewrite">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogRewrite,'id':'DialogRewrite','label':lang._('Edit rewrite-rule')])}}
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/rewrites/searchItem/',
get:'/api/radsecproxy/rewrites/getItem/',
set:'/api/radsecproxy/rewrites/setItem/',
add:'/api/radsecproxy/rewrites/addItem/',
del:'/api/radsecproxy/rewrites/delItem/',
toggle:'/api/radsecproxy/rewrites/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogRewrite">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogRewrite,'id':'DialogRewrite','label':lang._('Edit rewrite-rule')])}}

112
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/servers.volt
View File

@ -1,56 +1,56 @@
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/servers/searchItem/',
get:'/api/radsecproxy/servers/getItem/',
set:'/api/radsecproxy/servers/setItem/',
add:'/api/radsecproxy/servers/addItem/',
del:'/api/radsecproxy/servers/delItem/',
toggle:'/api/radsecproxy/servers/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogServer">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="host" data-type="string">{{ lang._('Host') }}</th>
<th data-column-id="identifier" data-type="string">{{ lang._('Identifier') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="tlsConfig" data-type="string">{{ lang._('TLS-Config') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogServer,'id':'DialogServer','label':lang._('Edit server')])}}
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/servers/searchItem/',
get:'/api/radsecproxy/servers/getItem/',
set:'/api/radsecproxy/servers/setItem/',
add:'/api/radsecproxy/servers/addItem/',
del:'/api/radsecproxy/servers/delItem/',
toggle:'/api/radsecproxy/servers/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogServer">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="host" data-type="string">{{ lang._('Host') }}</th>
<th data-column-id="identifier" data-type="string">{{ lang._('Identifier') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="type" data-type="string">{{ lang._('Type') }}</th>
<th data-column-id="tlsConfig" data-type="string">{{ lang._('TLS-Config') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogServer,'id':'DialogServer','label':lang._('Edit server')])}}

110
net/radsecproxy/src/opnsense/mvc/app/views/OPNsense/RadSecProxy/tls.volt
View File

@ -1,55 +1,55 @@
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/tls/searchItem/',
get:'/api/radsecproxy/tls/getItem/',
set:'/api/radsecproxy/tls/setItem/',
add:'/api/radsecproxy/tls/addItem/',
del:'/api/radsecproxy/tls/delItem/',
toggle:'/api/radsecproxy/tls/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogTls">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="caCertificateRefId" data-type="string">{{ lang._('CA-certificate') }}</th>
<th data-column-id="proxyCertificateRefId" data-type="string">{{ lang._('Proxy-certificate') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogTls,'id':'DialogTls','label':lang._('Edit TLS-config')])}}
<script>
$( document ).ready(function() {
$("#grid-addresses").UIBootgrid(
{ search:'/api/radsecproxy/tls/searchItem/',
get:'/api/radsecproxy/tls/getItem/',
set:'/api/radsecproxy/tls/setItem/',
add:'/api/radsecproxy/tls/addItem/',
del:'/api/radsecproxy/tls/delItem/',
toggle:'/api/radsecproxy/tls/toggleItem/'
}
);
updateServiceControlUI('radsecproxy');
// link apply button to API set action
$("#saveAct").click(function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
// action to run after successful save, for example reconfigure service.
ajaxCall(url="/api/radsecproxy/service/reconfigure", sendData={},callback=function(data,status) {
// action to run after reload
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
updateServiceControlUI('radsecproxy');
});
});
});
</script>
<table id="grid-addresses" class="table table-condensed table-hover table-striped" data-editDialog="DialogTls">
<thead>
<tr>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Name') }}</th>
<th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="caCertificateRefId" data-type="string">{{ lang._('CA-certificate') }}</th>
<th data-column-id="proxyCertificateRefId" data-type="string">{{ lang._('Proxy-certificate') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
</thead>
<tbody>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button data-action="add" type="button" class="btn btn-xs btn-default"><span class="fa fa-plus"></span></button>
<button data-action="deleteSelected" type="button" class="btn btn-xs btn-default"><span class="fa fa-trash-o"></span></button>
</td>
</tr>
</tfoot>
</table>
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Apply') }}</b> <i id="saveAct_progress"></i></button>
</div>
{{ partial("layout_partials/base_dialog",['fields':formDialogTls,'id':'DialogTls','label':lang._('Edit TLS-config')])}}

2
net/radsecproxy/src/opnsense/scripts/OPNsense/RadSecProxy/generate_certs.php
View File

@ -57,7 +57,7 @@ if (! function_exists('deleteFilesInFolder')) {
{
echo "deleting all files in folder " . $pathToFolder . "\n";
$files = glob($pathToFolder . '/*');
foreach ($files as $file) {
//Make sure that this is a file and not a directory.
if (is_file($file)) {

70
net/radsecproxy/src/opnsense/service/conf/actions.d/actions_radsecproxy.conf
View File

@ -1,35 +1,35 @@
[setup]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;
parameters:
type:script
message:setup radsecproxy service requirements
[start]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy start;
parameters:
type:script
message:starting radsecproxy
[stop]
command:/usr/local/etc/rc.d/radsecproxy stop;
parameters:
type:script
message:stopping radsecproxy
[restart]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy restart;
parameters:
type:script
message:restarting radsecproxy
[reload]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy restart;
parameters:
type:script
message:reloading radsecproxy
[status]
command:/usr/local/etc/rc.d/radsecproxy status;exit 0;
parameters:
type:script_output
message:radsecproxy status
[setup]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;
parameters:
type:script
message:setup radsecproxy service requirements
[start]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy start;
parameters:
type:script
message:starting radsecproxy
[stop]
command:/usr/local/etc/rc.d/radsecproxy stop;
parameters:
type:script
message:stopping radsecproxy
[restart]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy restart;
parameters:
type:script
message:restarting radsecproxy
[reload]
command:/usr/local/opnsense/scripts/OPNsense/RadSecProxy/setup.sh;/usr/local/etc/rc.d/radsecproxy restart;
parameters:
type:script
message:reloading radsecproxy
[status]
command:/usr/local/etc/rc.d/radsecproxy status;exit 0;
parameters:
type:script_output
message:radsecproxy status

4
net/radsecproxy/src/opnsense/service/templates/OPNsense/RadSecProxy/+TARGETS
View File

@ -1,2 +1,2 @@
radsecproxy.conf:/usr/local/etc/radsecproxy.conf
rc.conf.d:/etc/rc.conf.d/radsecproxy
radsecproxy.conf:/usr/local/etc/radsecproxy.conf
rc.conf.d:/etc/rc.conf.d/radsecproxy

480
net/radsecproxy/src/opnsense/service/templates/OPNsense/RadSecProxy/radsecproxy.conf
View File

@ -1,240 +1,240 @@
{% if helpers.exists('OPNsense.radsecproxy.general') and OPNsense.radsecproxy.general.enabled|default("0") == "1" %}
{% set certDir = '/usr/local/etc/radsecproxy.d/certs/' %}
# auto-generated config-file for radsecproxy
###########################################
# GENERAL
###########################################
#PidFile /var/run/radsecproxy.pid
#LogDestination file:///var/log/radsecproxy.log
LogDestination x-syslog:///LOG_DAEMON
{% if OPNsense.radsecproxy.general.logLevel is defined and OPNsense.radsecproxy.general.logLevel != "" %}
LogLevel {{ OPNsense.radsecproxy.general.logLevel }}
{% endif %}
{% if OPNsense.radsecproxy.general.logFullUsername is defined and OPNsense.radsecproxy.general.logFullUsername != "" %}
LogFullUsername {{ OPNsense.radsecproxy.general.logFullUsername }}
{% endif %}
{% if OPNsense.radsecproxy.general.logMac is defined and OPNsense.radsecproxy.general.logMac != "" %}
LogMac {{ OPNsense.radsecproxy.general.logMac }}
{% endif %}
{% if OPNsense.radsecproxy.general.loopPrevention is defined and OPNsense.radsecproxy.general.loopPrevention != "" %}
LoopPrevention {{ OPNsense.radsecproxy.general.loopPrevention }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenUdp is defined and OPNsense.radsecproxy.general.listenUdp != "" %}
ListenUDP {{ OPNsense.radsecproxy.general.listenUdp }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenTcp is defined and OPNsense.radsecproxy.general.listenTcp != "" %}
ListenTCP {{ OPNsense.radsecproxy.general.listenTcp }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenTls is defined and OPNsense.radsecproxy.general.listenTls != "" %}
ListenTLS {{ OPNsense.radsecproxy.general.listenTls }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenDtls is defined and OPNsense.radsecproxy.general.listenDtls != "" %}
ListenDTLS {{ OPNsense.radsecproxy.general.listenDtls }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceUdp is defined and OPNsense.radsecproxy.general.sourceUdp != "" %}
SourceUDP {{ OPNsense.radsecproxy.general.sourceUdp }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceTcp is defined and OPNsense.radsecproxy.general.sourceTcp != "" %}
SourceTCP {{ OPNsense.radsecproxy.general.sourceTcp }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceTls is defined and OPNsense.radsecproxy.general.sourceTls != "" %}
SourceTLS {{ OPNsense.radsecproxy.general.sourceTls }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceDtls is defined and OPNsense.radsecproxy.general.sourceDtls != "" %}
SourceDTLS {{ OPNsense.radsecproxy.general.sourceDtls }}
{% endif %}
###########################################
# TLS-CONFIGS
###########################################
{% for tlsConfig in helpers.toList('OPNsense.radsecproxy.tlsConfigs.tlsConfig') %}
# config for TLS-Config "{{ tlsConfig.description }}"
tls {{ tlsConfig.name }} {
{% if tlsConfig.caCertificateRefId is defined and tlsConfig.caCertificateRefId != "" %}
CACertificateFile {{ certDir}}{{ tlsConfig.name }}_ca-cert.pem
{% endif %}
{% if tlsConfig.proxyCertificateRefId is defined and tlsConfig.proxyCertificateRefId != "" %}
CertificateFile {{ certDir}}{{ tlsConfig.name }}_proxy-cert.pem
CertificateKeyFile {{ certDir}}{{ tlsConfig.name }}_proxy-key.pem
{% endif %}
{% if tlsConfig.policyOids is defined and tlsConfig.policyOids != "" %}
{% for policyOid in tlsConfig.policyOids.split(',') %}
PolicyOID {{ policyOid }}
{% endfor %}
{% endif %}
CRLCheck {{ tlsConfig.crlCheck }}
{% if tlsConfig.cacheExpiry is defined and tlsConfig.cacheExpiry != "" %}
CacheExpiry {{ tlsConfig.cacheExpiry }}
{% endif %}
}
{% endfor %}
###########################################
# REWRITE-RULES
###########################################
{% for rewriteRule in helpers.toList('OPNsense.radsecproxy.rewrites.rewrite') %}
{% if rewriteRule.enabled is defined and rewriteRule.enabled == "1" %}
rewrite {{ rewriteRule.name }} {
{% if rewriteRule.addAttributes is defined and rewriteRule.addAttributes != "" %}
{% for addAttribute in rewriteRule.addAttributes.split("\n") %}
AddAttribute {{ addAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.addVendorAttributes is defined and rewriteRule.addVendorAttributes != "" %}
{% for addVendorAttribute in rewriteRule.addVendorAttributes.split("\n") %}
AddVendorAttribute {{ addVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.supplementAttributes is defined and rewriteRule.supplementAttributes != "" %}
{% for supplementAttribute in rewriteRule.supplementAttributes.split("\n") %}
SupplementAttribute {{ supplementAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.supplementVendorAttributes is defined and rewriteRule.supplementVendorAttributes != "" %}
{% for supplementVendorAttribute in rewriteRule.supplementVendorAttributes.split("\n") %}
SupplementVendorAttribute {{ supplementVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.modifyAttributes is defined and rewriteRule.modifyAttributes != "" %}
{% for modifyAttribute in rewriteRule.modifyAttributes.split("\n") %}
ModifyAttribute {{ modifyAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.modifyVendorAttributes is defined and rewriteRule.modifyVendorAttributes != "" %}
{% for modifyVendorAttribute in rewriteRule.modifyVendorAttributes.split("\n") %}
ModifyVendorAttribute {{ modifyVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.removeAttributes is defined and rewriteRule.removeAttributes != "" %}
{% for removeAttribute in rewriteRule.removeAttributes.split("\n") %}
RemoveAttribute {{ removeAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.removeVendorAttributes is defined and rewriteRule.removeVendorAttributes != "" %}
{% for removeVendorAttribute in rewriteRule.removeVendorAttributes.split("\n") %}
RemoveVendorAttribute {{ removeVendorAttribute }}
{% endfor %}
{% endif %}
WhitelistMode {{ rewriteRule.whitelistMode }}
{% if rewriteRule.whitelistAttributes is defined and rewriteRule.whitelistAttributes != "" %}
{% for whitelistAttribute in rewriteRule.whitelistAttributes.split("\n") %}
WhitelistAttribute {{ whitelistAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.whitelistVendorAttributes is defined and rewriteRule.whitelistVendorAttributes != "" %}
{% for whitelistVendorAttribute in rewriteRule.whitelistVendorAttributes.split("\n") %}
WhitelistVendorAttribute {{ whitelistVendorAttribute }}
{% endfor %}
{% endif %}
}
{% endif %}
{% endfor %}
###########################################
# CLIENTS
###########################################
{% for client in helpers.toList('OPNsense.radsecproxy.clients.client') %}
{% if client.enabled is defined and client.enabled == "1" %}
# config for client "{{ client.description }}"
client {{ client.identifier }} {
Host {{ client.host }}
Type {{ client.type }}
{% if client.secret is defined and client.secret != "" %}
Secret {{ client.secret }}
{% endif %}
{% if client.tlsConfig is defined and client.tlsConfig != "" %}
{% set tlsConfig = helpers.getUUID(client.tlsConfig) %}
Tls {{ tlsConfig.name }}
{% endif %}
CertificateNameCheck {{ client.certificateNameCheck }}
{% if client.matchCertificateAttribute is defined and client.matchCertificateAttribute != "" %}
matchCertificateAttribute {{ client.matchCertificateAttribute }}
{% endif %}
{% if client.rewriteIn is defined and client.rewriteIn != "" %}
{% set rewriteInRule = helpers.getUUID(client.rewriteIn) %}
RewriteIn {{ rewriteInRule.name }}
{% endif %}
{% if client.rewriteOut is defined and client.rewriteOut != "" %}
{% set rewriteOutRule = helpers.getUUID(client.rewriteOut) %}
RewriteOut {{ rewriteOutRule.name }}
{% endif %}
}
{% else %}
# config for client "{{ client.description }}" not enabled, skipping!"
{% endif %}
{% endfor %}
###########################################
# SERVERS
###########################################
{% for server in helpers.toList('OPNsense.radsecproxy.servers.server') %}
# config for server "{{ server.description }}"
server {{ server.identifier }} {
Host {{ server.host }}
{% if server.port is defined and server.port != "" %}
Port {{ server.port }}
{% endif %}
Type {{ server.type }}
{% if server.secret is defined and server.secret != "" %}
Secret {{ server.secret }}
{% endif %}
{% if server.tlsConfig is defined and server.tlsConfig != "" %}
{% set tlsConfig = helpers.getUUID(server.tlsConfig) %}
Tls {{ tlsConfig.name }}
{% endif %}
StatusServer {{ server.statusServer }}
CertificateNameCheck {{ server.certificateNameCheck }}
{% if server.matchCertificateAttribute is defined and server.matchCertificateAttribute != "" %}
matchCertificateAttribute {{ server.matchCertificateAttribute }}
{% endif %}
{% if server.rewriteIn is defined and server.rewriteIn != "" %}
{% set rewriteInRule = helpers.getUUID(server.rewriteIn) %}
RewriteIn {{ rewriteInRule.name }}
{% endif %}
{% if server.rewriteOut is defined and server.rewriteOut != "" %}
{% set rewriteOutRule = helpers.getUUID(server.rewriteOut) %}
RewriteOut {{ rewriteOutRule.name }}
{% endif %}
}
{% endfor %}
###########################################
# REALMS
###########################################
{% for realm in helpers.toList('OPNsense.radsecproxy.realms.realm') %}
{% if realm.enabled is defined and realm.enabled == "1" %}
# config for realm "{{ realm.realm }}"
realm {{ realm.realm }} {
{% if realm.server is defined and realm.server != "" %}
{% for serverUuid in realm.server.split(',') %}
{% set server = helpers.getUUID(serverUuid) %}
Server {{ server.identifier }}
{% endfor %}
{% endif %}
{% if realm.replyMessage is defined and realm.replyMessage != "" %}
ReplyMessage "{{ realm.replyMessage }}"
{% endif %}
{% if realm.accountingResponse is defined and realm.accountingResponse != "" %}
AccountingResponse {{ realm.accountingResponse }}
{% endif %}
}
{% else %}
# config for realm "{{ realm.realm }}" not enabled, skipping!"
{% endif %}
{% endfor %}
{# END OF TEMPLATE #}
{% endif %}
{% if helpers.exists('OPNsense.radsecproxy.general') and OPNsense.radsecproxy.general.enabled|default("0") == "1" %}
{% set certDir = '/usr/local/etc/radsecproxy.d/certs/' %}
# auto-generated config-file for radsecproxy
###########################################
# GENERAL
###########################################
#PidFile /var/run/radsecproxy.pid
#LogDestination file:///var/log/radsecproxy.log
LogDestination x-syslog:///LOG_DAEMON
{% if OPNsense.radsecproxy.general.logLevel is defined and OPNsense.radsecproxy.general.logLevel != "" %}
LogLevel {{ OPNsense.radsecproxy.general.logLevel }}
{% endif %}
{% if OPNsense.radsecproxy.general.logFullUsername is defined and OPNsense.radsecproxy.general.logFullUsername != "" %}
LogFullUsername {{ OPNsense.radsecproxy.general.logFullUsername }}
{% endif %}
{% if OPNsense.radsecproxy.general.logMac is defined and OPNsense.radsecproxy.general.logMac != "" %}
LogMac {{ OPNsense.radsecproxy.general.logMac }}
{% endif %}
{% if OPNsense.radsecproxy.general.loopPrevention is defined and OPNsense.radsecproxy.general.loopPrevention != "" %}
LoopPrevention {{ OPNsense.radsecproxy.general.loopPrevention }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenUdp is defined and OPNsense.radsecproxy.general.listenUdp != "" %}
ListenUDP {{ OPNsense.radsecproxy.general.listenUdp }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenTcp is defined and OPNsense.radsecproxy.general.listenTcp != "" %}
ListenTCP {{ OPNsense.radsecproxy.general.listenTcp }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenTls is defined and OPNsense.radsecproxy.general.listenTls != "" %}
ListenTLS {{ OPNsense.radsecproxy.general.listenTls }}
{% endif %}
{% if OPNsense.radsecproxy.general.listenDtls is defined and OPNsense.radsecproxy.general.listenDtls != "" %}
ListenDTLS {{ OPNsense.radsecproxy.general.listenDtls }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceUdp is defined and OPNsense.radsecproxy.general.sourceUdp != "" %}
SourceUDP {{ OPNsense.radsecproxy.general.sourceUdp }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceTcp is defined and OPNsense.radsecproxy.general.sourceTcp != "" %}
SourceTCP {{ OPNsense.radsecproxy.general.sourceTcp }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceTls is defined and OPNsense.radsecproxy.general.sourceTls != "" %}
SourceTLS {{ OPNsense.radsecproxy.general.sourceTls }}
{% endif %}
{% if OPNsense.radsecproxy.general.sourceDtls is defined and OPNsense.radsecproxy.general.sourceDtls != "" %}
SourceDTLS {{ OPNsense.radsecproxy.general.sourceDtls }}
{% endif %}
###########################################
# TLS-CONFIGS
###########################################
{% for tlsConfig in helpers.toList('OPNsense.radsecproxy.tlsConfigs.tlsConfig') %}
# config for TLS-Config "{{ tlsConfig.description }}"
tls {{ tlsConfig.name }} {
{% if tlsConfig.caCertificateRefId is defined and tlsConfig.caCertificateRefId != "" %}
CACertificateFile {{ certDir}}{{ tlsConfig.name }}_ca-cert.pem
{% endif %}
{% if tlsConfig.proxyCertificateRefId is defined and tlsConfig.proxyCertificateRefId != "" %}
CertificateFile {{ certDir}}{{ tlsConfig.name }}_proxy-cert.pem
CertificateKeyFile {{ certDir}}{{ tlsConfig.name }}_proxy-key.pem
{% endif %}
{% if tlsConfig.policyOids is defined and tlsConfig.policyOids != "" %}
{% for policyOid in tlsConfig.policyOids.split(',') %}
PolicyOID {{ policyOid }}
{% endfor %}
{% endif %}
CRLCheck {{ tlsConfig.crlCheck }}
{% if tlsConfig.cacheExpiry is defined and tlsConfig.cacheExpiry != "" %}
CacheExpiry {{ tlsConfig.cacheExpiry }}
{% endif %}
}
{% endfor %}
###########################################
# REWRITE-RULES
###########################################
{% for rewriteRule in helpers.toList('OPNsense.radsecproxy.rewrites.rewrite') %}
{% if rewriteRule.enabled is defined and rewriteRule.enabled == "1" %}
rewrite {{ rewriteRule.name }} {
{% if rewriteRule.addAttributes is defined and rewriteRule.addAttributes != "" %}
{% for addAttribute in rewriteRule.addAttributes.split("\n") %}
AddAttribute {{ addAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.addVendorAttributes is defined and rewriteRule.addVendorAttributes != "" %}
{% for addVendorAttribute in rewriteRule.addVendorAttributes.split("\n") %}
AddVendorAttribute {{ addVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.supplementAttributes is defined and rewriteRule.supplementAttributes != "" %}
{% for supplementAttribute in rewriteRule.supplementAttributes.split("\n") %}
SupplementAttribute {{ supplementAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.supplementVendorAttributes is defined and rewriteRule.supplementVendorAttributes != "" %}
{% for supplementVendorAttribute in rewriteRule.supplementVendorAttributes.split("\n") %}
SupplementVendorAttribute {{ supplementVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.modifyAttributes is defined and rewriteRule.modifyAttributes != "" %}
{% for modifyAttribute in rewriteRule.modifyAttributes.split("\n") %}
ModifyAttribute {{ modifyAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.modifyVendorAttributes is defined and rewriteRule.modifyVendorAttributes != "" %}
{% for modifyVendorAttribute in rewriteRule.modifyVendorAttributes.split("\n") %}
ModifyVendorAttribute {{ modifyVendorAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.removeAttributes is defined and rewriteRule.removeAttributes != "" %}
{% for removeAttribute in rewriteRule.removeAttributes.split("\n") %}
RemoveAttribute {{ removeAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.removeVendorAttributes is defined and rewriteRule.removeVendorAttributes != "" %}
{% for removeVendorAttribute in rewriteRule.removeVendorAttributes.split("\n") %}
RemoveVendorAttribute {{ removeVendorAttribute }}
{% endfor %}
{% endif %}
WhitelistMode {{ rewriteRule.whitelistMode }}
{% if rewriteRule.whitelistAttributes is defined and rewriteRule.whitelistAttributes != "" %}
{% for whitelistAttribute in rewriteRule.whitelistAttributes.split("\n") %}
WhitelistAttribute {{ whitelistAttribute }}
{% endfor %}
{% endif %}
{% if rewriteRule.whitelistVendorAttributes is defined and rewriteRule.whitelistVendorAttributes != "" %}
{% for whitelistVendorAttribute in rewriteRule.whitelistVendorAttributes.split("\n") %}
WhitelistVendorAttribute {{ whitelistVendorAttribute }}
{% endfor %}
{% endif %}
}
{% endif %}
{% endfor %}
###########################################
# CLIENTS
###########################################
{% for client in helpers.toList('OPNsense.radsecproxy.clients.client') %}
{% if client.enabled is defined and client.enabled == "1" %}
# config for client "{{ client.description }}"
client {{ client.identifier }} {
Host {{ client.host }}
Type {{ client.type }}
{% if client.secret is defined and client.secret != "" %}
Secret {{ client.secret }}
{% endif %}
{% if client.tlsConfig is defined and client.tlsConfig != "" %}
{% set tlsConfig = helpers.getUUID(client.tlsConfig) %}
Tls {{ tlsConfig.name }}
{% endif %}
CertificateNameCheck {{ client.certificateNameCheck }}
{% if client.matchCertificateAttribute is defined and client.matchCertificateAttribute != "" %}
matchCertificateAttribute {{ client.matchCertificateAttribute }}
{% endif %}
{% if client.rewriteIn is defined and client.rewriteIn != "" %}
{% set rewriteInRule = helpers.getUUID(client.rewriteIn) %}
RewriteIn {{ rewriteInRule.name }}
{% endif %}
{% if client.rewriteOut is defined and client.rewriteOut != "" %}
{% set rewriteOutRule = helpers.getUUID(client.rewriteOut) %}
RewriteOut {{ rewriteOutRule.name }}
{% endif %}
}
{% else %}
# config for client "{{ client.description }}" not enabled, skipping!"
{% endif %}
{% endfor %}
###########################################
# SERVERS
###########################################
{% for server in helpers.toList('OPNsense.radsecproxy.servers.server') %}
# config for server "{{ server.description }}"
server {{ server.identifier }} {
Host {{ server.host }}
{% if server.port is defined and server.port != "" %}
Port {{ server.port }}
{% endif %}
Type {{ server.type }}
{% if server.secret is defined and server.secret != "" %}
Secret {{ server.secret }}
{% endif %}
{% if server.tlsConfig is defined and server.tlsConfig != "" %}
{% set tlsConfig = helpers.getUUID(server.tlsConfig) %}
Tls {{ tlsConfig.name }}
{% endif %}
StatusServer {{ server.statusServer }}
CertificateNameCheck {{ server.certificateNameCheck }}
{% if server.matchCertificateAttribute is defined and server.matchCertificateAttribute != "" %}
matchCertificateAttribute {{ server.matchCertificateAttribute }}
{% endif %}
{% if server.rewriteIn is defined and server.rewriteIn != "" %}
{% set rewriteInRule = helpers.getUUID(server.rewriteIn) %}
RewriteIn {{ rewriteInRule.name }}
{% endif %}
{% if server.rewriteOut is defined and server.rewriteOut != "" %}
{% set rewriteOutRule = helpers.getUUID(server.rewriteOut) %}
RewriteOut {{ rewriteOutRule.name }}
{% endif %}
}
{% endfor %}
###########################################
# REALMS
###########################################
{% for realm in helpers.toList('OPNsense.radsecproxy.realms.realm') %}
{% if realm.enabled is defined and realm.enabled == "1" %}
# config for realm "{{ realm.realm }}"
realm {{ realm.realm }} {
{% if realm.server is defined and realm.server != "" %}
{% for serverUuid in realm.server.split(',') %}
{% set server = helpers.getUUID(serverUuid) %}
Server {{ server.identifier }}
{% endfor %}
{% endif %}
{% if realm.replyMessage is defined and realm.replyMessage != "" %}
ReplyMessage "{{ realm.replyMessage }}"
{% endif %}
{% if realm.accountingResponse is defined and realm.accountingResponse != "" %}
AccountingResponse {{ realm.accountingResponse }}
{% endif %}
}
{% else %}
# config for realm "{{ realm.realm }}" not enabled, skipping!"
{% endif %}
{% endfor %}
{# END OF TEMPLATE #}
{% endif %}

14
net/radsecproxy/src/opnsense/service/templates/OPNsense/RadSecProxy/rc.conf.d
View File

@ -1,7 +1,7 @@
{% if helpers.exists('OPNsense.radsecproxy.general.enabled') and OPNsense.radsecproxy.general.enabled == '1' %}
radsecproxy_enable="YES"
{% else %}
radsecproxy_enable="NO"
{% endif %}
radsecproxy_user="root"
radsecproxy_group="wheel"
{% if helpers.exists('OPNsense.radsecproxy.general.enabled') and OPNsense.radsecproxy.general.enabled == '1' %}
radsecproxy_enable="YES"
{% else %}
radsecproxy_enable="NO"
{% endif %}
radsecproxy_user="root"
radsecproxy_group="wheel"