Skip to content
Snippets Groups Projects
Select Git revision
  • 2a5d2c1559c4117e0513dd080a71ca9c2fa88a64
  • master default protected
  • main
  • update_github_actions
  • 144_rocky8_support
  • 195-update-pdk-to-300
  • 144-rocky8
  • add_test_github_test_workflow
  • pdk_2.4.0
  • fix_unclosed_let_block_in_defines_client_spec
  • validation_fixes
  • freeradius_3_0_21_config_updates
  • data_types
  • PrepareBuster
  • travis
  • 4.0.1
  • 4.0.0
  • 3.9.2
  • 3.9.1
  • 3.9.0
  • 3.8.2
  • 3.8.1
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.3
  • 3.4.2
  • 3.4.1
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.3.1
35 results

sql.pp

Blame
    • user avatar
    Add more input validation to the SQL module
    Jonathan Gazeley authored
    2a5d2c15
    History
    user avatar 2a5d2c15
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    sql.pp 2.52 KiB 
    # Configure SQL support for FreeRADIUS
define freeradius::sql (
  $database,
  $password,
  $server = 'localhost',
  $login = 'radius',
  $radius_db = 'radius',
  $num_sql_socks = '${thread[pool].max_servers}',
  $query_file = 'sql/${database}/dialup.conf',
  $lifetime = '0',
  $max_queries = '0',
  $ensure = present,
  $acct_table1 = 'radacct',
  $acct_table2 = 'radacct',
  $postauth_table = 'radpostauth',
  $authcheck_table = 'radcheck',
  $authreply_table = 'radreply',
  $groupcheck_table = 'radgroupcheck',
  $groupreply_table = 'radgroupreply',
  $usergroup_table = 'radusergroup',
  $deletestalesessions = 'yes',
  $sqltrace = 'no',
  $sqltracefile = '${logdir}/sqltrace.sql',
  $connect_failure_retry_delay = '60',
  $nas_table = 'nas',
  $read_groups = 'yes',
  $port = '3306',
  $readclients = 'no',
) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_group    = $::freeradius::params::fr_group

  # Validate our inputs
  # Validate multiple choice options
  unless $database in ['mysql', 'mssql', 'oracle', 'postgresql'] {
    fail('$database must be one of mysql, mssql, oracle, postgresql')
  }

  # Hostnames
  unless (is_hostname($server) or is_ip_address($server) {
    fail('$server must be a valid hostname or IP address')
  }

  # Validate integers
  unless is_integer($port) {
    fail('$port must be an integer')
  }
  unless is_integer($num_sql_socks) {
    fail('$num_sql_socks must be an integer')
  }
  unless is_integer($lifetime) {
    fail('$lifetime must be an integer')
  }
  unless is_integer($max_queries) {
    fail('$max_queries must be an integer')
  }
  unless is_integer($connect_failure_retry_delay) {
    fail('$connect_failure_retry_delay must be an integer')
  }

  # Fake booleans (FR uses yes/no instead of true/false)
  unless $deletestalesessions in ['yes', 'no'] {
    fail('$deletestalesessions must be yes or no')
  }
  unless $sqltrace in ['yes', 'no'] {
    fail('$sqltrace must be yes or no')
  }
  unless $read_groups in ['yes', 'no'] {
        fail('$read_groups must be yes or no')
  }
  unless $readclients in ['yes', 'no'] {
    fail('$readclients must be yes or no')
  }

  # Generate a module config, based on sql.conf
  file { "${fr_basepath}/modules/${name}":
    ensure  => $ensure,
    mode    => '0640',
    owner   => 'root',
    group   => $fr_group,
    content => template('freeradius/sql.conf.erb'),
    require => [Package[$fr_package], Group[$fr_group]],
    notify  => Service[$fr_service],
  }

}