kanidm/kanidm_rlm_python/entrypoint.py

import sys
import os
import subprocess
import atexit
import shutil
import signal


MAJOR, MINOR, _, _, _ = sys.version_info

if MAJOR >= 3:
    import configparser
else:
    import ConfigParser as configparser

DEBUG = True

CONFIG = configparser.ConfigParser()
CONFIG.read('/data/config.ini')

CLIENTS = [
    {
        "name": x.split('.')[1],
        "secret": CONFIG.get(x, "secret"),
        "ipaddr": CONFIG.get(x, "ipaddr"),
    }
    for x in CONFIG.sections()
    if x.startswith('client.')
]

print(CLIENTS)

def _sigchild_handler(*args, **kwargs):
    # log.debug("Received SIGCHLD ...")
    os.waitpid(-1, os.WNOHANG)

def write_clients_conf():
    with open('/etc/raddb/clients.conf', 'w') as f:
        for client in CLIENTS:
            f.write('client %s {\n' % client['name'])
            f.write('    ipaddr = %s\n' % client['ipaddr'])
            f.write('    secret = %s\n' % client['secret'])
            f.write('    proto = *\n')
            f.write('}\n')

def setup_certs():
    # copy ca to /etc/raddb/certs/ca.pem
    shutil.copyfile(CONFIG.get("radiusd", "ca"), '/etc/raddb/certs/ca.pem')
    shutil.copyfile(CONFIG.get("radiusd", "dh"), '/etc/raddb/certs/dh')
    # concat key + cert into /etc/raddb/certs/server.pem
    with open('/etc/raddb/certs/server.pem', 'w') as f:
        with open(CONFIG.get("radiusd", "key"), 'r') as r:
            f.write(r.read())
        f.write('\n')
        with open(CONFIG.get("radiusd", "cert"), 'r') as r:
            f.write(r.read())

def run_radiusd():
    global proc
    if DEBUG:
        proc = subprocess.Popen([
            "/usr/sbin/radiusd", "-X"
        ], stderr=subprocess.STDOUT)
    else:
        proc = subprocess.Popen([
            "/usr/sbin/radiusd", "-f",
            "-l", "stdout"
        ], stderr=subprocess.STDOUT)
    print(proc)

    def kill_radius():
        if proc is None:
            pass
        else:
            try:
                os.kill(proc.pid, signal.SIGTERM)
            except:
                # It's already gone ...
                pass
        print("Stopping radiusd ...")
        # To make sure we really do shutdown, we actually re-block on the proc
        # again here to be sure it's done.
        proc.wait()

    atexit.register(kill_radius)

    proc.wait()

if __name__ == '__main__':
    signal.signal(signal.SIGCHLD, _sigchild_handler)
    setup_certs()
    write_clients_conf()
    run_radiusd()
17 radius (#123) Majority of radius integration and tooling complete, including docker files. 2019-10-31 01:48:15 +01:00			`import sys`
			`import os`
			`import subprocess`
			`import atexit`
			`import shutil`
			`import signal`


			`MAJOR, MINOR, _, _, _ = sys.version_info`

			`if MAJOR >= 3:`
			`import configparser`
			`else:`
			`import ConfigParser as configparser`

			`DEBUG = True`

			`CONFIG = configparser.ConfigParser()`
			`CONFIG.read('/data/config.ini')`

			`CLIENTS = [`
			`{`
			`"name": x.split('.')[1],`
			`"secret": CONFIG.get(x, "secret"),`
			`"ipaddr": CONFIG.get(x, "ipaddr"),`
			`}`
			`for x in CONFIG.sections()`
			`if x.startswith('client.')`
			`]`

			`print(CLIENTS)`

			`def _sigchild_handler(args, *kwargs):`
			`# log.debug("Received SIGCHLD ...")`
			`os.waitpid(-1, os.WNOHANG)`

			`def write_clients_conf():`
			`with open('/etc/raddb/clients.conf', 'w') as f:`
			`for client in CLIENTS:`
			`f.write('client %s {\n' % client['name'])`
			`f.write(' ipaddr = %s\n' % client['ipaddr'])`
			`f.write(' secret = %s\n' % client['secret'])`
			`f.write(' proto = *\n')`
			`f.write('}\n')`

			`def setup_certs():`
			`# copy ca to /etc/raddb/certs/ca.pem`
			`shutil.copyfile(CONFIG.get("radiusd", "ca"), '/etc/raddb/certs/ca.pem')`
			`shutil.copyfile(CONFIG.get("radiusd", "dh"), '/etc/raddb/certs/dh')`
			`# concat key + cert into /etc/raddb/certs/server.pem`
			`with open('/etc/raddb/certs/server.pem', 'w') as f:`
			`with open(CONFIG.get("radiusd", "key"), 'r') as r:`
			`f.write(r.read())`
			`f.write('\n')`
			`with open(CONFIG.get("radiusd", "cert"), 'r') as r:`
			`f.write(r.read())`

			`def run_radiusd():`
			`global proc`
			`if DEBUG:`
			`proc = subprocess.Popen([`
			`"/usr/sbin/radiusd", "-X"`
			`], stderr=subprocess.STDOUT)`
			`else:`
			`proc = subprocess.Popen([`
			`"/usr/sbin/radiusd", "-f",`
			`"-l", "stdout"`
			`], stderr=subprocess.STDOUT)`
			`print(proc)`

			`def kill_radius():`
			`if proc is None:`
			`pass`
			`else:`
			`try:`
			`os.kill(proc.pid, signal.SIGTERM)`
			`except:`
			`# It's already gone ...`
			`pass`
			`print("Stopping radiusd ...")`
			`# To make sure we really do shutdown, we actually re-block on the proc`
			`# again here to be sure it's done.`
			`proc.wait()`

			`atexit.register(kill_radius)`

			`proc.wait()`

			`if __name__ == '__main__':`
			`signal.signal(signal.SIGCHLD, _sigchild_handler)`
			`setup_certs()`
			`write_clients_conf()`
			`run_radiusd()`