Skip to content
Snippets Groups Projects
Commit 4f118df4 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Add type validation to all parameters

parent fe4fd491
No related branches found
No related tags found
No related merge requests found
Showing
with 133 additions and 189 deletions
# Install FreeRADIUS config snippets
define freeradius::attr (
$source,
$ensure = present,
$key = 'User-Name',
$prefix = 'filter',
String $source,
Freeradius::Ensure $ensure = present,
Optional[String] $key = 'User-Name',
Optional[String] $prefix = 'filter',
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Install FreeRADIUS certificates
define freeradius::cert (
$source = undef,
$content = undef,
$type = 'key',
$ensure = present,
Optional[String] $source = undef,
Optional[String] $content = undef,
Optional[String] $type = 'key',
Freeradius::Ensure $ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Install FreeRADIUS clients (WISMs or testing servers)
define freeradius::client (
$secret,
$shortname = $title,
$ip = undef,
$ip6 = undef,
$proto = undef,
$require_message_authenticator = 'no',
$virtual_server = undef,
$nastype = undef,
$login = undef,
$password = undef,
$coa_server = undef,
$response_window = undef,
$max_connections = undef,
$lifetime = undef,
$idle_timeout = undef,
$redirect = undef,
$port = undef,
$srcip = undef,
$firewall = false,
$ensure = present,
$attributes = [],
$huntgroups = undef,
String $secret,
Optional[String] $shortname = $title,
Optional[String] $ip = undef,
Optional[String] $ip6 = undef,
Enum['*', 'udp', 'tcp'] $proto = undef,
Freeradius::Boolean $require_message_authenticator = 'no',
Optional[String] $virtual_server = undef,
Enum['cisco', 'computone', 'livingston', 'juniper', 'max40xx', 'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] $nastype = undef,
Optional[String] $login = undef,
Optional[String] $password = undef,
Optional[String] $coa_server = undef,
Optional[String] $response_window = undef,
Optional[Integer] $max_connections = undef,
Optional[Integer] $lifetime = undef,
Optional[Integer] $idle_timeout = undef,
Optional[String] $redirect = undef,
Optional[Integer] $port = undef,
Optional[String] $srcip = undef,
Boolean $firewall = false,
Freeradius::Ensure $ensure = present,
Array $attributes = [],
Optional[String] $huntgroups = undef,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
if $proto {
unless $proto in ['*', 'udp', 'tcp'] {
fail('$proto must be one of udp, tcp or *')
}
}
unless $require_message_authenticator in ['yes', 'no'] {
fail('$require_message_authenticator must be one of yes or no')
}
if $nastype {
unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
}
}
file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
......
# Install FreeRADIUS config snippets
define freeradius::config (
$source = undef,
$content = undef,
$ensure = present,
Optional[String] $source = undef,
Optional[String] $content = undef,
Freeradius::Ensure $ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Install FreeRADIUS custom dictionaries
define freeradius::dictionary (
$source = undef,
$content = undef,
$order = 50,
$ensure = present,
Optional[String] $source = undef,
Optional[String] $content = undef,
Optional[Integer] $order = 50,
Freeradius::Ensure $ensure = 'present',
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......@@ -11,7 +11,7 @@ define freeradius::dictionary (
$fr_group = $::freeradius::params::fr_group
if !$source and !$content {
fail('source or content parameter should be provided')
fail('source or content parameter must be provided')
}
# Install dictionary in dictionary.d
......
# Configure a home_server for proxy config
define freeradius::home_server (
$secret,
$type = 'auth',
$ipaddr = undef,
$ipv6addr = undef,
$virtual_server = undef,
$port = 1812,
$proto = 'udp',
$status_check = undef,
String $secret,
Enum['auth', 'acct', 'auth+acct', 'coa'] $type = 'auth',
Optional[String] $ipaddr = undef,
Optional[String] $ipv6addr = undef,
Optional[String] $virtual_server = undef,
Optional[Integer] $port = 1812,
Enum['udp', 'tcp'] $proto = 'udp',
Enum['none', 'status-server', 'request'] $status_check = 'none',
) {
$fr_basepath = $::freeradius::params::fr_basepath
# Validate multiple choice options
unless $type in ['auth', 'acct', 'auth+acct', 'coa'] {
fail('$type must be one of auth, acct, auth+acct, coa')
}
unless $proto in ['udp', 'tcp'] {
fail('$type must be one of udp, tcp')
}
# Validate integers
unless is_integer($port) {
fail('$port must be an integer')
}
if $status_check {
unless $status_check in ['none', 'status-server', 'request'] {
fail('$status_check must be one of none, status-server, request')
}
}
# Configure config fragment for this home server
concat::fragment { "homeserver-${name}":
target => "${fr_basepath}/proxy.conf",
......@@ -37,4 +18,3 @@ define freeradius::home_server (
order => 10,
}
}
# Configure home server pools
define freeradius::home_server_pool (
$home_server,
$type = 'fail-over',
$virtual_server = undef,
$fallback = undef,
String $home_server,
Enum['fail-over', 'load-balance', 'client-balance', 'client-port-balance', 'keyed-balance'] $type = 'fail-over',
Optional[String] $virtual_server = undef,
Optional[String] $fallback = undef,
) {
$fr_basepath = $::freeradius::params::fr_basepath
# Validate multi-value options
unless $type in ['fail-over', 'load-balance', 'client-balance', 'client-port-balance', 'keyed-balance'] {
fail('$type must be one of fail-over, load-balance, client-balance, client-port-balance, keyed-balance')
}
# Configure config fragment for this home server
concat::fragment { "homeserverpool-${name}":
target => "${fr_basepath}/proxy.conf",
......
# Install FreeRADIUS huntgroups
define freeradius::huntgroup (
$ensure = present,
$huntgroup = $title,
$conditions = [],
$order = 50,
Freeradius::Ensure $ensure = present,
Optional[String] $huntgroup = $title,
Optional[Array[String]] $conditions = [],
Optional[Integer] $order = 50,
) {
$fr_basepath = $::freeradius::params::fr_basepath
$fr_service = $::freeradius::params::fr_service
......
# Base class to install FreeRADIUS
class freeradius (
$control_socket = false,
$max_servers = '4096',
$max_requests = '4096',
$mysql_support = false,
$pgsql_support = false,
$perl_support = false,
$utils_support = false,
$ldap_support = false,
$dhcp_support = false,
$krb5_support = false,
$wpa_supplicant = false,
$winbind_support = false,
$log_destination = 'files',
$syslog = false,
$log_auth = 'no',
$preserve_mods = true,
$correct_escapes = true,
$manage_logpath = true,
$package_ensure = 'installed',
$radacctdir = $freeradius::params::radacctdir,
Boolean $control_socket = false,
Integer $max_servers = 4096,
Integer $max_requests = 4096,
Boolean $mysql_support = false,
Boolean $pgsql_support = false,
Boolean $perl_support = false,
Boolean $utils_support = false,
Boolean $ldap_support = false,
Boolean $dhcp_support = false,
Boolean $krb5_support = false,
Boolean $wpa_supplicant = false,
Boolean $winbind_support = false,
String $log_destination = 'files',
Boolean $syslog = false,
Freeradius::Boolean $log_auth = 'no',
Boolean $preserve_mods = true,
Boolean $correct_escapes = true,
Boolean $manage_logpath = true,
Optional[String] $package_ensure = 'installed',
String $radacctdir = $freeradius::params::radacctdir,
) inherits freeradius::params {
if $freeradius::fr_version !~ /^3/ {
......@@ -29,8 +29,6 @@ class freeradius (
validate_re($log_destination, '^(files|syslog|stdout|stderr)$',
"log_destination value (${log_destination}) is not a valid value")
validate_re($package_ensure, '^(installed|latest)$', 'package_ensure must be one of installed, latest')
if $control_socket == true {
warning('Use of the control_socket parameter in the freeradius class is deprecated. Please use the freeradius::control_socket class instead.')
}
......
# Instantiate a module in global config
define freeradius::instantiate (
$ensure = present,
Freeradius::Ensure $ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Configure Kerberos support for FreeRADIUS
define freeradius::krb5 (
$keytab,
$principal,
$start = "\${thread[pool].start_servers}",
$min = "\${thread[pool].min_spare_servers}",
$max = "\${thread[pool].max_servers}",
$spare = "\${thread[pool].max_spare_servers}",
$ensure = 'present',
String $keytab,
String $principal,
Freeradius::Integer $start = "\${thread[pool].start_servers}",
Freeradius::Integer $min = "\${thread[pool].min_spare_servers}",
Freeradius::Integer $max = "\${thread[pool].max_servers}",
Freeradius::Integer $spare = "\${thread[pool].max_spare_servers}",
Freeradius::Ensure $ensure = 'present',
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Configure LDAP support for FreeRADIUS
define freeradius::ldap (
$identity,
$password,
$basedn,
$server = ['localhost'],
$port = 389,
$uses = 0,
$idle = 60,
$probes = 3,
$interval = 3,
$timeout = 10,
$start = "\${thread[pool].start_servers}",
$min = "\${thread[pool].min_spare_servers}",
$max = "\${thread[pool].max_servers}",
$spare = "\${thread[pool].max_spare_servers}",
$ensure = 'present',
$starttls = 'no',
$cafile = undef,
$certfile = undef,
$keyfile = undef,
String $identity,
String $password,
String $basedn,
Array[String] $server = ['localhost'],
Integer $port = 389,
Integer $uses = 0,
Integer $idle = 60,
Integer $probes = 3,
Integer $interval = 3,
Integer $timeout = 10,
Freeradius::Integer $start = "\${thread[pool].start_servers}",
Freeradius::Integer $min = "\${thread[pool].min_spare_servers}",
Freeradius::Integer $max = "\${thread[pool].max_servers}",
Freeradius::Integer $spare = "\${thread[pool].max_spare_servers}",
Freeradius::Ensure $ensure = 'present',
Freeradius::Boolean $starttls = 'no',
Optional[String] $cafile = undef,
Optional[String] $certfile = undef,
Optional[String] $keyfile = undef,
$requirecert = 'allow',
) {
warning('The use of freeradius::ldap is deprecated. You must use freeradius::module::ldap instead')
......
# == Define freeradius::listen
#
define freeradius::listen (
$ensure = 'present',
Freeradius::Ensure $ensure = 'present',
Enum['auth','acct','proxy','detail','status','coa'] $type = 'auth',
$ip = undef,
$ip6 = undef,
Optional[String] $ip = undef,
Optional[String] $ip6 = undef,
Integer $port = 0,
$interface = undef,
Array $clients = [],
String $interface = undef,
Array[String] $clients = [],
Integer $max_connections = 16,
Integer $lifetime = 0,
Integer $idle_timeout = 30,
......@@ -17,8 +17,7 @@ define freeradius::listen (
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
#
# Parameters' validation
# Parameter validation
if $ip and $ip != '*' and !is_ip_address($ip) {
fail('ip must be a valid IP address or \'*\'')
}
......@@ -28,7 +27,7 @@ define freeradius::listen (
}
if $ip and $ip6 {
fail('Only of ip and ip6 can be used')
fail('Only one of ip or ip6 can be used')
}
file { "${fr_basepath}/listen.d/${name}.conf":
......
# Install FreeRADIUS modules
define freeradius::module (
$source = undef,
$content = undef,
$ensure = present,
$preserve = false,
Optional[String] $source = undef,
Optional[String] $content = undef,
Freeradius::Ensure $ensure = present,
Boolean $preserve = false,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
......@@ -4,7 +4,7 @@ define freeradius::module::ippool (
String $range_start,
String $range_stop,
String $netmask,
$ensure = 'present',
Freeradius::Ensure $ensure = 'present',
Optional[Integer] $cache_size = undef,
String $filename = "\${db_dir}/db.${name}",
String $ip_index = "\${db_dir}/db.${name}.index",
......
# Configure LDAP support for FreeRADIUS
define freeradius::module::ldap (
String $basedn,
Enum['present','absent'] $ensure = 'present',
$server = ['localhost'],
Freeradius::Ensure $ensure = 'present',
Array[String] $server = ['localhost'],
Integer $port = 389,
Optional[String] $identity = undef,
Optional[String] $password = undef,
......@@ -70,19 +70,13 @@ define freeradius::module::ldap (
$fr_group = $::freeradius::params::fr_group
# Validate our inputs
# Hostnames
$serverarray = any2array($server)
unless is_array($serverarray) {
fail('$server must be an array of hostnames or IP addresses')
}
# FR3.0 format server = 'ldap1.example.com, ldap1.example.com, ldap1.example.com'
# FR3.1 format server = 'ldap1.example.com'
# server = 'ldap2.example.com'
# server = 'ldap3.example.com'
$serverconcatarray = $::freeradius_version ? {
/^3\.0\./ => any2array(join($serverarray, ',')),
default => $serverarray,
/^3\.0\./ => any2array(join($server, ',')),
default => $server,
}
# Generate a module config, based on ldap.conf
......
......@@ -3,7 +3,7 @@
# Create the perl module configuration for FreeRADIUS
#
define freeradius::module::perl (
$ensure = file,
Optional[String] $ensure = file,
String $moddir = "${fr_moduleconfigpath}/perl",
Optional[String] $perl_filename = undef,
Optional[String] $path = undef,
......
# Install FreeRADIUS policies
define freeradius::policy (
$source,
$order = 50,
$ensure = present,
Optional[String] $source,
Optional[Integer] $order = 50,
Freeradius::Ensure $ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
# Set up proxy realms
define freeradius::realm (
$virtual_server = undef,
$auth_pool = undef,
$acct_pool = undef,
$pool = undef,
$nostrip = false,
$order = 30,
Optional[String] $virtual_server = undef,
Optional[String] $auth_pool = undef,
Optional[String] $acct_pool = undef,
Optional[String] $pool = undef,
Optional[Boolean] $nostrip = false,
Optional[Integer] $order = 30,
) {
$fr_basepath = $::freeradius::params::fr_basepath
# Validate bools
unless is_bool($nostrip) {
fail('nostrip must be true or false')
}
# Configure config fragment for this realm
concat::fragment { "realm-${name}":
target => "${fr_basepath}/proxy.conf",
......
# Install FreeRADIUS helper scripts
define freeradius::script (
$source,
$ensure = present,
String $source,
Freeradius::Ensure $ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment