Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Projets publics
puppet-freeradius
Commits
4f118df4
Commit
4f118df4
authored
Oct 29, 2019
by
Jonathan Gazeley
Browse files
Add type validation to all parameters
parent
fe4fd491
Changes
27
Hide whitespace changes
Inline
Side-by-side
manifests/attr.pp
View file @
4f118df4
# Install FreeRADIUS config snippets
define
freeradius::attr
(
$source
,
$ensure
=
present
,
$key
=
'User-Name'
,
$prefix
=
'filter'
,
String
$source
,
Freeradius
::
Ensure
$ensure
=
present
,
Optional
[
String
]
$key
=
'User-Name'
,
Optional
[
String
]
$prefix
=
'filter'
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/cert.pp
View file @
4f118df4
# Install FreeRADIUS certificates
define
freeradius::cert
(
$source
=
undef
,
$content
=
undef
,
$type
=
'key'
,
$ensure
=
present
,
Optional
[
String
]
$source
=
undef
,
Optional
[
String
]
$content
=
undef
,
Optional
[
String
]
$type
=
'key'
,
Freeradius
::
Ensure
$ensure
=
present
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/client.pp
View file @
4f118df4
# Install FreeRADIUS clients (WISMs or testing servers)
define
freeradius::client
(
$secret
,
$shortname
=
$title
,
$ip
=
undef
,
$ip6
=
undef
,
$proto
=
undef
,
$require_message_authenticator
=
'no'
,
$virtual_server
=
undef
,
$nastype
=
undef
,
$login
=
undef
,
$password
=
undef
,
$coa_server
=
undef
,
$response_window
=
undef
,
$max_connections
=
undef
,
$lifetime
=
undef
,
$idle_timeout
=
undef
,
$redirect
=
undef
,
$port
=
undef
,
$srcip
=
undef
,
$firewall
=
false
,
$ensure
=
present
,
$attributes
=
[],
$huntgroups
=
undef
,
String
$secret
,
Optional
[
String
]
$shortname
=
$title
,
Optional
[
String
]
$ip
=
undef
,
Optional
[
String
]
$ip6
=
undef
,
Enum
[
'*'
,
'udp'
,
'tcp'
]
$proto
=
undef
,
Freeradius
::
Boolean
$require_message_authenticator
=
'no'
,
Optional
[
String
]
$virtual_server
=
undef
,
Enum
[
'cisco'
,
'computone'
,
'livingston'
,
'juniper'
,
'max40xx'
,
'multitech'
,
'netserver'
,
'pathras'
,
'patton'
,
'portslave'
,
'tc'
,
'usrhiper'
,
'other'
]
$nastype
=
undef
,
Optional
[
String
]
$login
=
undef
,
Optional
[
String
]
$password
=
undef
,
Optional
[
String
]
$coa_server
=
undef
,
Optional
[
String
]
$response_window
=
undef
,
Optional
[
Integer
]
$max_connections
=
undef
,
Optional
[
Integer
]
$lifetime
=
undef
,
Optional
[
Integer
]
$idle_timeout
=
undef
,
Optional
[
String
]
$redirect
=
undef
,
Optional
[
Integer
]
$port
=
undef
,
Optional
[
String
]
$srcip
=
undef
,
Boolean
$firewall
=
false
,
Freeradius
::
Ensure
$ensure
=
present
,
Array
$attributes
=
[],
Optional
[
String
]
$huntgroups
=
undef
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
$fr_basepath
=
$::freeradius::params::fr_basepath
$fr_group
=
$::freeradius::params::fr_group
if
$proto
{
unless
$proto
in
[
'*'
,
'udp'
,
'tcp'
]
{
fail
(
'$proto must be one of udp, tcp or *'
)
}
}
unless
$require_message_authenticator
in
[
'yes'
,
'no'
]
{
fail
(
'$require_message_authenticator must be one of yes or no'
)
}
if
$nastype
{
unless
$nastype
in
[
'cisco'
,
'computone'
,
'livingston'
,
'juniper'
,
'max40xx'
,
'multitech'
,
'netserver'
,
'pathras'
,
'patton'
,
'portslave'
,
'tc'
,
'usrhiper'
,
'other'
]
{
fail
(
'$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other'
)
}
}
file
{
"
${fr_basepath}
/clients.d/
${shortname}
.conf"
:
ensure
=>
$ensure
,
mode
=>
'0640'
,
...
...
manifests/config.pp
View file @
4f118df4
# Install FreeRADIUS config snippets
define
freeradius::config
(
$source
=
undef
,
$content
=
undef
,
$ensure
=
present
,
Optional
[
String
]
$source
=
undef
,
Optional
[
String
]
$content
=
undef
,
Freeradius
::
Ensure
$ensure
=
present
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/dictionary.pp
View file @
4f118df4
# Install FreeRADIUS custom dictionaries
define
freeradius::dictionary
(
$source
=
undef
,
$content
=
undef
,
$order
=
50
,
$ensure
=
present
,
Optional
[
String
]
$source
=
undef
,
Optional
[
String
]
$content
=
undef
,
Optional
[
Integer
]
$order
=
50
,
Freeradius
::
Ensure
$ensure
=
'
present
'
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
@@ -11,7 +11,7 @@ define freeradius::dictionary (
$fr_group
=
$::freeradius::params::fr_group
if
!
$source
and
!
$content
{
fail
(
'source or content parameter
should
be provided'
)
fail
(
'source or content parameter
must
be provided'
)
}
# Install dictionary in dictionary.d
...
...
manifests/home_server.pp
View file @
4f118df4
# Configure a home_server for proxy config
define
freeradius::home_server
(
$secret
,
$type
=
'auth'
,
$ipaddr
=
undef
,
$ipv6addr
=
undef
,
$virtual_server
=
undef
,
$port
=
1812
,
$proto
=
'udp'
,
$status_check
=
undef
,
String
$secret
,
Enum
[
'auth'
,
'acct'
,
'auth+acct'
,
'coa'
]
$type
=
'auth'
,
Optional
[
String
]
$ipaddr
=
undef
,
Optional
[
String
]
$ipv6addr
=
undef
,
Optional
[
String
]
$virtual_server
=
undef
,
Optional
[
Integer
]
$port
=
1812
,
Enum
[
'udp'
,
'tcp'
]
$proto
=
'udp'
,
Enum
[
'none'
,
'status-server'
,
'request'
]
$status_check
=
'none'
,
)
{
$fr_basepath
=
$::freeradius::params::fr_basepath
# Validate multiple choice options
unless
$type
in
[
'auth'
,
'acct'
,
'auth+acct'
,
'coa'
]
{
fail
(
'$type must be one of auth, acct, auth+acct, coa'
)
}
unless
$proto
in
[
'udp'
,
'tcp'
]
{
fail
(
'$type must be one of udp, tcp'
)
}
# Validate integers
unless
is_integer
(
$port
)
{
fail
(
'$port must be an integer'
)
}
if
$status_check
{
unless
$status_check
in
[
'none'
,
'status-server'
,
'request'
]
{
fail
(
'$status_check must be one of none, status-server, request'
)
}
}
# Configure config fragment for this home server
concat::fragment
{
"homeserver-
${name}
"
:
target
=>
"
${fr_basepath}
/proxy.conf"
,
...
...
@@ -37,4 +18,3 @@ define freeradius::home_server (
order
=>
10
,
}
}
manifests/home_server_pool.pp
View file @
4f118df4
# Configure home server pools
define
freeradius::home_server_pool
(
$home_server
,
$type
=
'fail-over'
,
$virtual_server
=
undef
,
$fallback
=
undef
,
String
$home_server
,
Enum
[
'fail-over'
,
'load-balance'
,
'client-balance'
,
'client-port-balance'
,
'keyed-balance'
]
$type
=
'fail-over'
,
Optional
[
String
]
$virtual_server
=
undef
,
Optional
[
String
]
$fallback
=
undef
,
)
{
$fr_basepath
=
$::freeradius::params::fr_basepath
# Validate multi-value options
unless
$type
in
[
'fail-over'
,
'load-balance'
,
'client-balance'
,
'client-port-balance'
,
'keyed-balance'
]
{
fail
(
'$type must be one of fail-over, load-balance, client-balance, client-port-balance, keyed-balance'
)
}
# Configure config fragment for this home server
concat::fragment
{
"homeserverpool-
${name}
"
:
target
=>
"
${fr_basepath}
/proxy.conf"
,
...
...
manifests/huntgroup.pp
View file @
4f118df4
# Install FreeRADIUS huntgroups
define
freeradius::huntgroup
(
$ensure
=
present
,
$huntgroup
=
$title
,
$conditions
=
[],
$order
=
50
,
Freeradius
::
Ensure
$ensure
=
present
,
Optional
[
String
]
$huntgroup
=
$title
,
Optional
[
Array
[
String
]]
$conditions
=
[],
Optional
[
Integer
]
$order
=
50
,
)
{
$fr_basepath
=
$::freeradius::params::fr_basepath
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/init.pp
View file @
4f118df4
# Base class to install FreeRADIUS
class
freeradius
(
$control_socket
=
false
,
$max_servers
=
'
4096
'
,
$max_requests
=
'
4096
'
,
$mysql_support
=
false
,
$pgsql_support
=
false
,
$perl_support
=
false
,
$utils_support
=
false
,
$ldap_support
=
false
,
$dhcp_support
=
false
,
$krb5_support
=
false
,
$wpa_supplicant
=
false
,
$winbind_support
=
false
,
$log_destination
=
'files'
,
$syslog
=
false
,
$log_auth
=
'no'
,
$preserve_mods
=
true
,
$correct_escapes
=
true
,
$manage_logpath
=
true
,
$package_ensure
=
'installed'
,
$radacctdir
=
$freeradius::params::radacctdir
,
Boolean
$control_socket
=
false
,
Integer
$max_servers
=
4096
,
Integer
$max_requests
=
4096
,
Boolean
$mysql_support
=
false
,
Boolean
$pgsql_support
=
false
,
Boolean
$perl_support
=
false
,
Boolean
$utils_support
=
false
,
Boolean
$ldap_support
=
false
,
Boolean
$dhcp_support
=
false
,
Boolean
$krb5_support
=
false
,
Boolean
$wpa_supplicant
=
false
,
Boolean
$winbind_support
=
false
,
String
$log_destination
=
'files'
,
Boolean
$syslog
=
false
,
Freeradius
::
Boolean
$log_auth
=
'no'
,
Boolean
$preserve_mods
=
true
,
Boolean
$correct_escapes
=
true
,
Boolean
$manage_logpath
=
true
,
Optional
[
String
]
$package_ensure
=
'installed'
,
String
$radacctdir
=
$freeradius::params::radacctdir
,
)
inherits
freeradius::params
{
if
$freeradius::fr_version
!~
/^3/
{
...
...
@@ -29,8 +29,6 @@ class freeradius (
validate_re
(
$log_destination
,
'^(files|syslog|stdout|stderr)$'
,
"log_destination value (
${log_destination}
) is not a valid value"
)
validate_re
(
$package_ensure
,
'^(installed|latest)$'
,
'package_ensure must be one of installed, latest'
)
if
$control_socket
==
true
{
warning
(
'Use of the control_socket parameter in the freeradius class is deprecated. Please use the freeradius::control_socket class instead.'
)
}
...
...
manifests/instantiate.pp
View file @
4f118df4
# Instantiate a module in global config
define
freeradius::instantiate
(
$ensure
=
present
,
Freeradius
::
Ensure
$ensure
=
present
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/krb5.pp
View file @
4f118df4
# Configure Kerberos support for FreeRADIUS
define
freeradius::krb5
(
$keytab
,
$principal
,
$start
=
"
\$
{thread[pool].start_servers}"
,
$min
=
"
\$
{thread[pool].min_spare_servers}"
,
$max
=
"
\$
{thread[pool].max_servers}"
,
$spare
=
"
\$
{thread[pool].max_spare_servers}"
,
$ensure
=
'present'
,
String
$keytab
,
String
$principal
,
Freeradius
::
Integer
$start
=
"
\$
{thread[pool].start_servers}"
,
Freeradius
::
Integer
$min
=
"
\$
{thread[pool].min_spare_servers}"
,
Freeradius
::
Integer
$max
=
"
\$
{thread[pool].max_servers}"
,
Freeradius
::
Integer
$spare
=
"
\$
{thread[pool].max_spare_servers}"
,
Freeradius
::
Ensure
$ensure
=
'present'
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/ldap.pp
View file @
4f118df4
# Configure LDAP support for FreeRADIUS
define
freeradius::ldap
(
$identity
,
$password
,
$basedn
,
$server
=
[
'localhost'
],
$port
=
389
,
$uses
=
0
,
$idle
=
60
,
$probes
=
3
,
$interval
=
3
,
$timeout
=
10
,
$start
=
"
\$
{thread[pool].start_servers}"
,
$min
=
"
\$
{thread[pool].min_spare_servers}"
,
$max
=
"
\$
{thread[pool].max_servers}"
,
$spare
=
"
\$
{thread[pool].max_spare_servers}"
,
$ensure
=
'present'
,
$starttls
=
'no'
,
$cafile
=
undef
,
$certfile
=
undef
,
$keyfile
=
undef
,
String
$identity
,
String
$password
,
String
$basedn
,
Array
[
String
]
$server
=
[
'localhost'
],
Integer
$port
=
389
,
Integer
$uses
=
0
,
Integer
$idle
=
60
,
Integer
$probes
=
3
,
Integer
$interval
=
3
,
Integer
$timeout
=
10
,
Freeradius
::
Integer
$start
=
"
\$
{thread[pool].start_servers}"
,
Freeradius
::
Integer
$min
=
"
\$
{thread[pool].min_spare_servers}"
,
Freeradius
::
Integer
$max
=
"
\$
{thread[pool].max_servers}"
,
Freeradius
::
Integer
$spare
=
"
\$
{thread[pool].max_spare_servers}"
,
Freeradius
::
Ensure
$ensure
=
'present'
,
Freeradius
::
Boolean
$starttls
=
'no'
,
Optional
[
String
]
$cafile
=
undef
,
Optional
[
String
]
$certfile
=
undef
,
Optional
[
String
]
$keyfile
=
undef
,
$requirecert
=
'allow'
,
)
{
warning
(
'The use of freeradius::ldap is deprecated. You must use freeradius::module::ldap instead'
)
...
...
manifests/listen.pp
View file @
4f118df4
# == Define freeradius::listen
#
define
freeradius::listen
(
$ensure
=
'present'
,
Freeradius
::
Ensure
$ensure
=
'present'
,
Enum
[
'auth'
,
'acct'
,
'proxy'
,
'detail'
,
'status'
,
'coa'
]
$type
=
'auth'
,
$ip
=
undef
,
$ip6
=
undef
,
Integer
$port
=
0
,
$interface
=
undef
,
Array
$clients
=
[],
Integer
$max_connections
=
16
,
Integer
$lifetime
=
0
,
Integer
$idle_timeout
=
30
,
Optional
[
String
]
$ip
=
undef
,
Optional
[
String
]
$ip6
=
undef
,
Integer
$port
=
0
,
String
$interface
=
undef
,
Array
[
String
]
$clients
=
[],
Integer
$max_connections
=
16
,
Integer
$lifetime
=
0
,
Integer
$idle_timeout
=
30
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
$fr_basepath
=
$::freeradius::params::fr_basepath
$fr_group
=
$::freeradius::params::fr_group
#
# Parameters' validation
# Parameter validation
if
$ip
and
$ip
!=
'*'
and
!
is_ip_address
(
$ip
)
{
fail
(
'ip must be a valid IP address or \'*\''
)
}
...
...
@@ -28,7 +27,7 @@ define freeradius::listen (
}
if
$ip
and
$ip6
{
fail
(
'Only of ip
and
ip6 can be used'
)
fail
(
'Only
one
of ip
or
ip6 can be used'
)
}
file
{
"
${fr_basepath}
/listen.d/
${name}
.conf"
:
...
...
manifests/module.pp
View file @
4f118df4
# Install FreeRADIUS modules
define
freeradius::module
(
$source
=
undef
,
$content
=
undef
,
$ensure
=
present
,
$preserve
=
false
,
Optional
[
String
]
$source
=
undef
,
Optional
[
String
]
$content
=
undef
,
Freeradius
::
Ensure
$ensure
=
present
,
Boolean
$preserve
=
false
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/module/ippool.pp
View file @
4f118df4
...
...
@@ -4,7 +4,7 @@ define freeradius::module::ippool (
String
$range_start
,
String
$range_stop
,
String
$netmask
,
$ensure
=
'present'
,
Freeradius
::
Ensure
$ensure
=
'present'
,
Optional
[
Integer
]
$cache_size
=
undef
,
String
$filename
=
"
\$
{db_dir}/db.
${name}
"
,
String
$ip_index
=
"
\$
{db_dir}/db.
${name}
.index"
,
...
...
manifests/module/ldap.pp
View file @
4f118df4
# Configure LDAP support for FreeRADIUS
define
freeradius::module::ldap
(
String
$basedn
,
Enum
[
'present'
,
'absent'
]
$ensure
=
'present'
,
$server
=
[
'localhost'
],
Freeradius
::
Ensure
$ensure
=
'present'
,
Array
[
String
]
$server
=
[
'localhost'
],
Integer
$port
=
389
,
Optional
[
String
]
$identity
=
undef
,
Optional
[
String
]
$password
=
undef
,
...
...
@@ -70,19 +70,13 @@ define freeradius::module::ldap (
$fr_group
=
$::freeradius::params::fr_group
# Validate our inputs
# Hostnames
$serverarray
=
any2array
(
$server
)
unless
is_array
(
$serverarray
)
{
fail
(
'$server must be an array of hostnames or IP addresses'
)
}
# FR3.0 format server = 'ldap1.example.com, ldap1.example.com, ldap1.example.com'
# FR3.1 format server = 'ldap1.example.com'
# server = 'ldap2.example.com'
# server = 'ldap3.example.com'
$serverconcatarray
=
$::freeradius_version
?
{
/^3
\.
0
\.
/
=>
any2array
(
join
(
$server
array
,
','
)),
default
=>
$server
array
,
/^3
\.
0
\.
/
=>
any2array
(
join
(
$server
,
','
)),
default
=>
$server
,
}
# Generate a module config, based on ldap.conf
...
...
manifests/module/perl.pp
View file @
4f118df4
...
...
@@ -3,7 +3,7 @@
# Create the perl module configuration for FreeRADIUS
#
define
freeradius::module::perl
(
$ensure
=
file
,
Optional
[
String
]
$ensure
=
file
,
String
$moddir
=
"
${fr_moduleconfigpath}
/perl"
,
Optional
[
String
]
$perl_filename
=
undef
,
Optional
[
String
]
$path
=
undef
,
...
...
manifests/policy.pp
View file @
4f118df4
# Install FreeRADIUS policies
define
freeradius::policy
(
$source
,
$order
=
50
,
$ensure
=
present
,
Optional
[
String
]
$source
,
Optional
[
Integer
]
$order
=
50
,
Freeradius
::
Ensure
$ensure
=
present
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
manifests/realm.pp
View file @
4f118df4
# Set up proxy realms
define
freeradius::realm
(
$virtual_server
=
undef
,
$auth_pool
=
undef
,
$acct_pool
=
undef
,
$pool
=
undef
,
$nostrip
=
false
,
$order
=
30
,
Optional
[
String
]
$virtual_server
=
undef
,
Optional
[
String
]
$auth_pool
=
undef
,
Optional
[
String
]
$acct_pool
=
undef
,
Optional
[
String
]
$pool
=
undef
,
Optional
[
Boolean
]
$nostrip
=
false
,
Optional
[
Integer
]
$order
=
30
,
)
{
$fr_basepath
=
$::freeradius::params::fr_basepath
# Validate bools
unless
is_bool
(
$nostrip
)
{
fail
(
'nostrip must be true or false'
)
}
# Configure config fragment for this realm
concat::fragment
{
"realm-
${name}
"
:
target
=>
"
${fr_basepath}
/proxy.conf"
,
...
...
manifests/script.pp
View file @
4f118df4
# Install FreeRADIUS helper scripts
define
freeradius::script
(
$source
,
$ensure
=
present
,
String
$source
,
Freeradius
::
Ensure
$ensure
=
present
,
)
{
$fr_package
=
$::freeradius::params::fr_package
$fr_service
=
$::freeradius::params::fr_service
...
...
Prev
1
2
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment