mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-29 01:22:25 +00:00
ucentral: drop legacy packages
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
@@ -12,6 +12,5 @@ patch_folders:
|
||||
- patches/ipq40xx
|
||||
- patches/ipq806x
|
||||
- patches/ipq807x
|
||||
- patches/wifi
|
||||
- patches/rtkmipsel
|
||||
- patches/rest
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ucentral-freeradius
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_MAINTAINER:=John Crispin <john@phrozen.org>
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/ucentral-freeradius
|
||||
SECTION:=ucentral
|
||||
CATEGORY:=uCentral
|
||||
TITLE:=ucentral-freeradius cfg wrapper
|
||||
DEPENDS:=+freeradius3-mod-eap +freeradius3-mod-files +freeradius3-mod-eap-pwd
|
||||
endef
|
||||
|
||||
define Package/ucentral-freeradius/description
|
||||
Allow Wireless client rate limiting
|
||||
endef
|
||||
|
||||
define Build/Prepare
|
||||
mkdir -p $(PKG_BUILD_DIR)
|
||||
endef
|
||||
|
||||
define Build/Compile/Default
|
||||
|
||||
endef
|
||||
Build/Compile = $(Build/Compile/Default)
|
||||
|
||||
define Package/ucentral-freeradius/install
|
||||
$(CP) ./files/* $(1)
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,ucentral-freeradius))
|
||||
@@ -1,8 +0,0 @@
|
||||
config client
|
||||
option name uCentral
|
||||
option ipaddr *
|
||||
option secret secret
|
||||
|
||||
config user
|
||||
option username test
|
||||
option password example
|
||||
@@ -1 +0,0 @@
|
||||
OPTIONS="-d /etc/freeradius3-ucentral"
|
||||
@@ -1,29 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5DCCA8ygAwIBAgIJALUPlXk37qsqMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
|
||||
VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFTAT
|
||||
BgNVBAoMDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBs
|
||||
ZS5vcmcxJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
|
||||
DTIxMDUwNTAyMTMxNloXDTIyMDUwNTAyMTMxNlowgZMxCzAJBgNVBAYTAkZSMQ8w
|
||||
DQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEVMBMGA1UECgwMRXhh
|
||||
bXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9yZzEmMCQG
|
||||
A1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQCi3jwwRL0/sg24rhZ4/s45PwaZn1v7nxJrItvO
|
||||
W6wgPBsOp0gwEeybV6tmw7+R5n1IYPFV1AVz1XckfH459pbxRNPJok7BFCO6Oa0r
|
||||
p2U/rJdXCPKR0Sy2yHEw5ooWraPE6O9swCGv4YjFLTmAsQL2+PRs538ng6s6jYaA
|
||||
Ju9ZKDf7Eic9RFMkudN75KYjaXKDOUVKvMIDW3Jb+MD2iLg8nTbkYdFaUif+zNNU
|
||||
g47svkNRKFlckrYSPU0odC1MMTRzxkirl35NGEi1I+TcXcFhkPH53I9WTxfI7mmq
|
||||
bKQ75i8HJuDKxBbYIOXXnPRYz76G6weHMg4lTXTlod5FgEN5AgMBAAGjggE3MIIB
|
||||
MzAdBgNVHQ4EFgQU4XyrFousF2fZ9vdcMWBuhPJhlawwgcgGA1UdIwSBwDCBvYAU
|
||||
4XyrFousF2fZ9vdcMWBuhPJhlayhgZmkgZYwgZMxCzAJBgNVBAYTAkZSMQ8wDQYD
|
||||
VQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEVMBMGA1UECgwMRXhhbXBs
|
||||
ZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9yZzEmMCQGA1UE
|
||||
AwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCCQC1D5V5N+6rKjAPBgNV
|
||||
HRMBAf8EBTADAQH/MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly93d3cuZXhhbXBs
|
||||
ZS5vcmcvZXhhbXBsZV9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAI+nEdd9G7VI
|
||||
xLlvFE8B49CjYX1Bbn3dxbSmpcF0SPG49ZnjH1H54y7ab64nWOMVxrwDurqdo0z9
|
||||
dNuazYD0WeAKoHOW5/CJ0LCuZ5AJIAvxrUpeoSF7SnycjzKx9UwGfXQxrYvykuM4
|
||||
ihpq2c41ezLtKxRnvBSDMJPWGx1jBKDjEtu1K7IAxhL20L2MCNRE6ut96g2KtEdG
|
||||
4hHyM42QelCalJgXfLzp1bsl75k7dMy9Bj3Qbq6nc1+egdQG2dDNJkcHgwTkEmDf
|
||||
DTWtEkZlkRrQPqgs6TANxR594flikBx/2sOmfRxfhuq8p1wW/7B5hHjLVi7AGLBS
|
||||
toZcDP6CBn8=
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,8 +0,0 @@
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEAw6U9O9lNo45nVpheg8+DLoGQDvs7kTPHn/I3mxLWUDsWE6QghUhS
|
||||
TX2pvkZDzSsWGHKMz7vJm3h2C8p7R3nhAI/LX1iCZkGKYvCsR7pHhCSujFtGiBqc
|
||||
XeXE5j2pQpB9G6UFql+7gqRSV+mw4MckoR1bqI1W4ibH/vnAOJOVq8PQucMITsqY
|
||||
JIhFJdVMJRIR5rPfZnaGdeokljE1tnK5/ycWfjYGp2fBLbTqGu7G7LSvzb8+VttF
|
||||
nVTDbbdp1LBQzxYj0a0MS54jLOxxDKM0C/HVn71hMnLTakASGu3qcMkMwuiLzX1i
|
||||
MNMsi7dYnGWXA1AcICag61CYqlJ3AccMgwIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
@@ -1,61 +0,0 @@
|
||||
Bag Attributes
|
||||
localKeyID: AB 3D 8E E1 1B 78 0B 8E 15 2B 3F A7 E7 D3 B4 B8 7A 91 94 89
|
||||
subject=/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.org
|
||||
issuer=/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.org/CN=Example Certificate Authority
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCRlIx
|
||||
DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF
|
||||
eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUub3JnMSYw
|
||||
JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTA1MDUw
|
||||
MjEzMTZaFw0yMjA1MDUwMjEzMTZaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS
|
||||
YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT
|
||||
ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
|
||||
b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEqpvZdH9B6iMpI2
|
||||
b5titfABWy6aaI6SYHna8TS5FF/i/xzjyhGmEQ2S38aHECw1dxYuKOGuvNcABVWu
|
||||
WmakdFwcTFkPRg7RSQBgktWCVfkPRukQ8roMS9by9rbRdtT0VeC229WigWzUNiuA
|
||||
BrtJCDMdzdbh2bNBCKXpxsx9yI5bv1ZdlRmixyA4XE4wseGFy1RZaCEZ56aiF0M1
|
||||
q5slld4L3vfDFPSAQhk87G0jw+HipO6q51X8zCwwySAYbdqErUxLOHCL1rIO3Im5
|
||||
46dspVyEMperT6kVM2cxFpphPUvHdiDhwxT/fWomzXA1ElvMKg6se1En5HVip9dn
|
||||
i1mjmQIDAQABo2kwZzATBgNVHSUEDDAKBggrBgEFBQcDATA2BgNVHR8ELzAtMCug
|
||||
KaAnhiVodHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMBgGA1Ud
|
||||
IAQRMA8wDQYLKwYBBAGCvmgBAwIwDQYJKoZIhvcNAQELBQADggEBAFynmC8gLhmc
|
||||
Y/GeSg35LBNapllIns8lnneF/D3fJ0JrlkYUGH8I6nQiH5838J235omkjue2hyy8
|
||||
w40NQqL5N5wv29gUhbRJgNxEBg0CcWP9gfT/H54gdrhiewfspyxApyLQVuGqf2px
|
||||
Ba6STD41jnvGVf1L7WB0MueypxD0hTb6vgQjbcp+2yBUWyR2RhFVMcrdbmJFRdwF
|
||||
aui4gksF2UWSsXhmy88tc0Xw4svbR+sepQhIidYg3U0qVh6iaXrds7LqNo6XAfn3
|
||||
ss+lc0efkX6UOg4gQNhO9RMAYi9ONbw0x8xgdjKAQLbvEmT+nbFu82DkhuwxjRIE
|
||||
a89fVn5xduo=
|
||||
-----END CERTIFICATE-----
|
||||
Bag Attributes
|
||||
localKeyID: AB 3D 8E E1 1B 78 0B 8E 15 2B 3F A7 E7 D3 B4 B8 7A 91 94 89
|
||||
Key Attributes: <No Attributes>
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIaErHBLSTVqECAggA
|
||||
MBQGCCqGSIb3DQMHBAgcNkbiAf7DVgSCBMjDeGJkfFxUKTEfRzyUvh8Y8ij62IgR
|
||||
r+SmuQadDNoIzVv0sPbAkUVRB/NA/zYkwfrF4CWNdT+S9LvpnrMGsncjrxWZUu2J
|
||||
PmUxddJa/TCHCQ0BM+Cw6EktOVhb9kiXCANH1sf/3AtoU7x89CrHAyMAyBRc6MIo
|
||||
m94CEczqkLKt9TAdsEw87rgBjIN1PDaHJjC3sl6nvqACuibd8OiiL8V0Fv1isjYK
|
||||
daxfZCWLuvW42OJ2pt4bIwS6VBbkJrIPsFJUUSgkpXUVniB/mtgaxafU3FpR5jU8
|
||||
kbUAjjQAqrvj8AL6fjzTbZsOHWOz0wo/5wt9HebqwoopCvUNTPOaNZ5pKYC2FWB0
|
||||
Eh4sIShq9qdAASjEgt6vJGiTO6OBVx6AxrtKUGPj4NFNkhQy4Frpy22qRcX5fd9T
|
||||
QNP7hEWkPLGxRzxtxuYCVHu7Uwk99OA1xsaLx+2RttfbPThKxTXJa6OZHAZBVa14
|
||||
1kcFRBJbK0O6r4ni5dR7/SdcnuSj1yJusdcU5Fgdn+8F5J7qPB+Pr59EIxLRraL8
|
||||
8KvpAYunGPhR71FnxmWXbXRl0IEwvtJ+zsX4nfSDn0i9SNeGunBD2wtK6izq3dWw
|
||||
FRI4o5tGm8uA4bRD2am5NAZoEnuKqnfDpnqpHEakKBLC1QOhPvRqGWP/IdZC1bCy
|
||||
WF0KGjJYyQ1m638RzYaxfuUVZ3Vwm2YQTcixAfAdpGHkIRhc0cAuOEekSbftFTrV
|
||||
fRPKI0AFxVswJVsnUsnbyFcmSXaVkcVeDgRzcJ/4bQWOsLNdeJXozVd0zd0lxJf2
|
||||
rjVbbO056luwtdCN6G9d1OwIDk0H16lmcHkQ23Omvw45vCBhKcQiEEoCwsNSfJ/n
|
||||
vxvXgY2txvgt5WASNIwJmBsRUIbev6daV2zOKtfRFGNQh7PujwPKIglAWib8q05n
|
||||
sdUSQi77nRY0YHIP3Og9f+brZCxR0U4zylZa6NXlzo4nO+8GcrjYF6jxfXk179oK
|
||||
SOiqnCZ4K1EBDSJgWNexRrpNEdBW4JMfduV+BKIUUt4tieFL8CQMiO3/IATQzDSm
|
||||
ehyDPcXmc/DHiW4wt3fOkqy2huDReu6u7YPf6xUS+XiyLnPvWXIe9Y1ofvUjpCeS
|
||||
FAh+HBWaYLhOoO7Nj0/8MtOpeK0w4eUJvTCenwtBd9AnxLX55sY3/dRVtOZcOtwH
|
||||
FSBnTkEGs5yW/eNZI4DsKhHA7MmwbWaV9C8CgRnKoSQq+PvDGD3pq80NjJxz/l6X
|
||||
2uETwOPYgAjekQs7bZSB8P5xkzUT1zXCCsJBJFzIPOs5kvVG7BqwBbHbJUt/g1/1
|
||||
bOzCR53fzuq7dKnPyGSD8J8Y7dXdYPHYy4jqwMnDKqstahGlq4lE8rRcLvP47Z/v
|
||||
9+9Aa3hmmpTfkjVE+q99oZamK9zFWiWNhyeaNJuTXJaToW4Gj5h7d4T5xsBWwyhG
|
||||
JkZhbkMYlqp2zDxyW18wAznTVZutfu4Wx0Ot/JU3ye6BarJD/hWeOF51QD0fyrFV
|
||||
q5NX1CS/T8cO5mFTRqdqQXzXJaPKST4SSu0pDRrYLKnGuGrUQMVszjcv/TQkjs0u
|
||||
UbZJXNozsK9EXCrtokDSjMXzjob8t+MwzgU9AtzO7JnAa1jvLYq2ggODHOOCVRyz
|
||||
bO0=
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
@@ -1,11 +0,0 @@
|
||||
client 0.0.0.0/0 {
|
||||
ipaddr = *
|
||||
secret = uSyncRad1u5
|
||||
require_message_authenticator = no
|
||||
shortname = usync
|
||||
limit {
|
||||
max_connections = 16
|
||||
lifetime = 0
|
||||
idle_timeout = 30
|
||||
}
|
||||
}
|
||||
@@ -1,49 +0,0 @@
|
||||
#
|
||||
# This is the local dictionary file which can be
|
||||
# edited by local administrators. It will be loaded
|
||||
# AFTER the main dictionary files are loaded.
|
||||
#
|
||||
# As of version 3.0.2, FreeRADIUS will automatically
|
||||
# load the main dictionary files from
|
||||
#
|
||||
# ${prefix}/share/freeradius/dictionary
|
||||
#
|
||||
# It is no longer necessary for this file to $INCLUDE
|
||||
# the main dictionaries. However, if the $INCLUDE
|
||||
# line is here, nothing bad will happen.
|
||||
#
|
||||
# Any new/changed attributes MUST be placed in this file.
|
||||
# The pre-defined dictionaries SHOULD NOT be edited.
|
||||
#
|
||||
# See "man dictionary" for documentation on its format.
|
||||
#
|
||||
# $Id: eed5d70f41b314f9ed3f006a22d9f9a2be2c9516 $
|
||||
#
|
||||
|
||||
#
|
||||
# All local attributes and $INCLUDE's should go into
|
||||
# this file.
|
||||
#
|
||||
|
||||
# If you want to add entries to the dictionary file,
|
||||
# which are NOT going to be placed in a RADIUS packet,
|
||||
# add them to the 'dictionary.local' file.
|
||||
#
|
||||
# The numbers you pick should be between 3000 and 4000.
|
||||
# These attributes will NOT go into a RADIUS packet.
|
||||
#
|
||||
# If you want that, you will need to use VSAs. This means
|
||||
# requesting allocation of a Private Enterprise Code from
|
||||
# http://iana.org. We STRONGLY suggest doing that only if
|
||||
# you are a vendor of RADIUS equipment.
|
||||
#
|
||||
# See RFC 6158 for more details.
|
||||
# http://ietf.org/rfc/rfc6158.txt
|
||||
#
|
||||
|
||||
#
|
||||
# These attributes are examples
|
||||
#
|
||||
#ATTRIBUTE My-Local-String 3000 string
|
||||
#ATTRIBUTE My-Local-IPAddr 3001 ipaddr
|
||||
#ATTRIBUTE My-Local-Integer 3002 integer
|
||||
@@ -1 +0,0 @@
|
||||
john Cleartext-Password := "SuperGeheim"
|
||||
@@ -1 +0,0 @@
|
||||
john Cleartext-Password := "SuperGeheim"
|
||||
@@ -1,13 +0,0 @@
|
||||
eap {
|
||||
default_eap_type = pwd
|
||||
timer_expire = 60
|
||||
ignore_unknown_eap_types = no
|
||||
cisco_accounting_username_bug = no
|
||||
max_sessions = ${max_requests}
|
||||
|
||||
pwd {
|
||||
group = 19
|
||||
server_id = theserver@example.com
|
||||
fragment_size = 1020
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
files {
|
||||
moddir = ${modconfdir}/${.:instance}
|
||||
filename = ${moddir}/authorize
|
||||
acctusersfile = ${moddir}/accounting
|
||||
}
|
||||
@@ -1,117 +0,0 @@
|
||||
# We check for this prefix to determine whether the class
|
||||
# value was generated by this server. It should be changed
|
||||
# so that it is globally unique.
|
||||
class_value_prefix = 'ai:'
|
||||
|
||||
#
|
||||
# Replacement for the old rlm_acct_unique module
|
||||
#
|
||||
acct_unique {
|
||||
#
|
||||
# If we have a class attribute in the format
|
||||
# 'auth_id:[0-9a-f]{32}' it'll have a local value
|
||||
# (defined by insert_acct_class), this ensures
|
||||
# uniqueness and suitability.
|
||||
#
|
||||
# We could just use the Class attribute as
|
||||
# Acct-Unique-Session-Id, but this may cause problems
|
||||
# with NAS that carry Class values across between
|
||||
# multiple linked sessions. So we rehash class with
|
||||
# Acct-Session-ID to provide a truely unique session
|
||||
# identifier.
|
||||
#
|
||||
# Using a Class/Session-ID combination is more robust
|
||||
# than using elements in the Accounting-Request,
|
||||
# which may be subject to change, such as
|
||||
# NAS-IP-Address, Client-IP-Address and
|
||||
# NAS-Port-ID/NAS-Port.
|
||||
#
|
||||
# This policy should ensure that session data is not
|
||||
# affected if NAS IP addresses change, or the client
|
||||
# roams to a different 'port' whilst maintaining its
|
||||
# initial authentication session (Common in a
|
||||
# wireless environment).
|
||||
#
|
||||
update request {
|
||||
&Tmp-String-9 := "${policy.class_value_prefix}"
|
||||
}
|
||||
|
||||
if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && \
|
||||
("%{string:&Class}" =~ /^${policy.class_value_prefix}([0-9a-f]{32})/i)) {
|
||||
update request {
|
||||
&Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Not All devices respect RFC 2865 when dealing with
|
||||
# the class attribute, so be prepared to use the
|
||||
# older style of hashing scheme if a class attribute
|
||||
# is not included
|
||||
#
|
||||
else {
|
||||
update request {
|
||||
&Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Insert a (hopefully unique) value into class
|
||||
#
|
||||
insert_acct_class {
|
||||
update reply {
|
||||
&Class = "${policy.class_value_prefix}%{md5:%t,%I,%{Packet-Src-Port},%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name}}"
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Merges Acct-[Input|Output]-Octets and Acct-[Input|Output]-Gigawords into Acct-[Input|Output]-Octets64
|
||||
#
|
||||
# If the &Attr-Foo doesn't exist, it's value is taken as zero.
|
||||
#
|
||||
acct_counters64.preacct {
|
||||
update request {
|
||||
&Acct-Input-Octets64 = "%{expr:(&Acct-Input-Gigawords << 32) | &Acct-Input-Octets}"
|
||||
&Acct-Output-Octets64 = "%{expr:(&Acct-Output-Gigawords << 32) | &Acct-Output-Octets}"
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# There is a delay between sending the Access-Accept and receiving
|
||||
# the corresponding Accounting-Request "start" packet. This delay
|
||||
# can be leveraged by a user to bypass Simultaneous-Use checks.
|
||||
#
|
||||
# The user can start up multiple sessions at the same time. When
|
||||
# that happens, both Simultaneous-Use checks are performed before any
|
||||
# Accounting-Request packet is received. Both Simultaneous-Use
|
||||
# checks will result in "no user session" in the radacct table, and
|
||||
# both sessions will be allowed. At some point later in time, the
|
||||
# Accounting-Request packets are received. But by then it's too
|
||||
# late.
|
||||
#
|
||||
# The solution is to insert a temporary session into the "radacct"
|
||||
# table, during the "post-auth" section. This is done by
|
||||
# uncommenting the "sql_session_start" entry in
|
||||
# sites-enabled/default. Then, reading
|
||||
# raddb/mods-config/sql/main/*/queries.conf, and looking for the
|
||||
# "sql_session_start" comments. Follow the instructions there to
|
||||
# finalize the configuration.
|
||||
#
|
||||
# The server will then create a temporary entry in "radacct" before
|
||||
# it returns the Access-Request. Any other Access-Request which is
|
||||
# received at the same time will then have it's Simultaneous-Use
|
||||
# check see that entry, and will be rejected.
|
||||
#
|
||||
# Subsequent Accounting-Request packets for the first session will
|
||||
# then UPDATE (not INSERT) the data for the session.
|
||||
#
|
||||
# There is still a small race condition as the Simultaneous-Use
|
||||
# checks are not done at the same time as updating radacct. But the
|
||||
# window of opportunity is much smaller. i.e. milliseconds, instead
|
||||
# of seconds.
|
||||
#
|
||||
sql_session_start.post-auth {
|
||||
acct_unique
|
||||
sql.accounting
|
||||
}
|
||||
@@ -1,85 +0,0 @@
|
||||
#
|
||||
# Response caching to handle proxy failovers
|
||||
#
|
||||
Xeap.authorize {
|
||||
cache_eap
|
||||
if (ok) {
|
||||
#
|
||||
# Expire previous cache entry
|
||||
#
|
||||
if (&control:State) {
|
||||
update control {
|
||||
&Cache-TTL := 0
|
||||
}
|
||||
cache_eap
|
||||
|
||||
update control {
|
||||
&State !* ANY
|
||||
}
|
||||
}
|
||||
|
||||
handled
|
||||
}
|
||||
else {
|
||||
eap.authorize
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Populate cache with responses from the EAP module
|
||||
#
|
||||
Xeap.authenticate {
|
||||
eap {
|
||||
handled = 1
|
||||
}
|
||||
if (handled) {
|
||||
cache_eap.authorize
|
||||
|
||||
handled
|
||||
}
|
||||
|
||||
cache_eap.authorize
|
||||
}
|
||||
|
||||
#
|
||||
# Forbid all EAP types. Enable this by putting "forbid_eap"
|
||||
# into the "authorize" section.
|
||||
#
|
||||
forbid_eap {
|
||||
if (&EAP-Message) {
|
||||
reject
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Forbid all non-EAP types outside of an EAP tunnel.
|
||||
#
|
||||
permit_only_eap {
|
||||
if (!&EAP-Message) {
|
||||
# We MAY be inside of a TTLS tunnel.
|
||||
# PEAP and EAP-FAST require EAP inside of
|
||||
# the tunnel, so this check is OK.
|
||||
# If so, then there MUST be an outer EAP message.
|
||||
if (!&outer.request || !&outer.request:EAP-Message) {
|
||||
reject
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Remove Reply-Message from response if were doing EAP
|
||||
#
|
||||
# Be RFC 3579 2.6.5 compliant - EAP-Message and Reply-Message should
|
||||
# not be present in the same response.
|
||||
#
|
||||
remove_reply_message_if_eap {
|
||||
if (&reply:EAP-Message && &reply:Reply-Message) {
|
||||
update reply {
|
||||
&Reply-Message !* ANY
|
||||
}
|
||||
}
|
||||
else {
|
||||
noop
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
prefix = /usr
|
||||
exec_prefix = /usr
|
||||
sysconfdir = /etc
|
||||
localstatedir = /var
|
||||
sbindir = /usr/sbin
|
||||
logdir = /var/log
|
||||
raddbdir = /etc/freeradius3
|
||||
radacctdir = /var/db/radacct
|
||||
name = radiusd
|
||||
confdir = ${raddbdir}
|
||||
modconfdir = ${confdir}/mods-config
|
||||
certdir = ${confdir}/certs
|
||||
cadir = ${confdir}/certs
|
||||
run_dir = ${localstatedir}/run/${name}
|
||||
db_dir = ${raddbdir}
|
||||
libdir = /usr/lib/freeradius3
|
||||
pidfile = ${run_dir}/${name}.pid
|
||||
correct_escapes = true
|
||||
max_request_time = 30
|
||||
cleanup_delay = 5
|
||||
max_requests = 16384
|
||||
hostname_lookups = no
|
||||
log {
|
||||
destination = syslog
|
||||
colourise = yes
|
||||
syslog_facility = daemon
|
||||
stripped_names = no
|
||||
auth = no
|
||||
auth_badpass = no
|
||||
auth_goodpass = no
|
||||
msg_denied = "You are already logged in - access denied"
|
||||
}
|
||||
|
||||
checkrad = ${sbindir}/checkrad
|
||||
security {
|
||||
allow_core_dumps = no
|
||||
max_attributes = 200
|
||||
reject_delay = 1
|
||||
status_server = yes
|
||||
}
|
||||
|
||||
proxy_requests = no
|
||||
$INCLUDE clients.conf
|
||||
|
||||
thread pool {
|
||||
start_servers = 5
|
||||
max_servers = 32
|
||||
min_spare_servers = 3
|
||||
max_spare_servers = 10
|
||||
max_requests_per_server = 0
|
||||
auto_limit_acct = no
|
||||
}
|
||||
|
||||
modules {
|
||||
$INCLUDE mods-enabled/
|
||||
}
|
||||
|
||||
policy {
|
||||
$INCLUDE policy.d/
|
||||
}
|
||||
|
||||
$INCLUDE sites-enabled/
|
||||
@@ -1,33 +0,0 @@
|
||||
server default {
|
||||
|
||||
listen {
|
||||
type = auth
|
||||
ipaddr = *
|
||||
port = 0
|
||||
# interface = eth0
|
||||
limit {
|
||||
max_connections = 16
|
||||
lifetime = 0
|
||||
idle_timeout = 30
|
||||
}
|
||||
}
|
||||
|
||||
listen {
|
||||
type = acct
|
||||
ipaddr = *
|
||||
port = 0
|
||||
# interface = eth0
|
||||
}
|
||||
|
||||
authorize {
|
||||
eap {
|
||||
ok = return
|
||||
}
|
||||
files
|
||||
}
|
||||
|
||||
authenticate {
|
||||
eap
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,19 +0,0 @@
|
||||
server inner-tunnel {
|
||||
listen {
|
||||
ipaddr = 127.0.0.1
|
||||
port = 18120
|
||||
type = auth
|
||||
}
|
||||
|
||||
authorize {
|
||||
eap {
|
||||
ok = return
|
||||
}
|
||||
files
|
||||
}
|
||||
|
||||
authenticate {
|
||||
eap
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
john Cleartext-Password := "SuperGeheim"
|
||||
@@ -1,16 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
|
||||
START=49
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/libexec/ucentral-radiusd.sh
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger radiusd
|
||||
}
|
||||
|
||||
start_service() {
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG"
|
||||
procd_close_instance
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /lib/functions.sh
|
||||
|
||||
config_load radiusd
|
||||
|
||||
user_add() {
|
||||
config_get username $1 username
|
||||
config_get password $1 password
|
||||
[ -z "$username" -o -z "$password" ] && return
|
||||
echo -e "$username\tCleartext-Password := \"$password\"" >> /etc/freeradius3-ucentral/mods-config/files/authorize
|
||||
echo -e "$username\tCleartext-Password := \"$password\"" >> /etc/freeradius3-ucentral/mods-config/files/accounting
|
||||
chmod 0600 /etc/freeradius3-ucentral/mods-config/files/authorize
|
||||
chmod 0600 /etc/freeradius3-ucentral/mods-config/files/accounting
|
||||
}
|
||||
|
||||
rm /etc/freeradius3-ucentral/mods-config/files/authorize
|
||||
rm /etc/freeradius3-ucentral/mods-config/files/accounting
|
||||
config_foreach user_add user
|
||||
|
||||
client_add() {
|
||||
config_get name $1 name
|
||||
config_get secret $1 secret
|
||||
config_get ipaddr $1 ipaddr "*"
|
||||
config_get netmask $1 netmask 0
|
||||
|
||||
echo "client $name {
|
||||
ipaddr = $ipaddr
|
||||
secret = $secret
|
||||
require_message_authenticator = no
|
||||
shortname = $name
|
||||
limit {
|
||||
max_connections = 16
|
||||
lifetime = 0
|
||||
idle_timeout = 30
|
||||
}
|
||||
}
|
||||
" >> /etc/freeradius3-ucentral/clients.conf
|
||||
chmod 0600 /etc/freeradius3-ucentral/clients.conf
|
||||
}
|
||||
|
||||
rm /etc/freeradius3-ucentral/clients.conf
|
||||
config_foreach client_add client
|
||||
|
||||
/etc/init.d/radiusd restart
|
||||
@@ -1,32 +0,0 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ucentral-mqtt
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL=https://github.com/blogic/ucentral-mqtt.git
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_DATE:=2022-11-27
|
||||
PKG_SOURCE_VERSION:=6323938ad7f6b1b9dc172cdf6831dd7085c30100
|
||||
|
||||
PKG_MAINTAINER:=John Crispin <john@phrozen.org>
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
include $(INCLUDE_DIR)/cmake.mk
|
||||
|
||||
define Package/ucentral-mqtt
|
||||
SECTION:=ucentral
|
||||
CATEGORY:=uCentral
|
||||
TITLE:=OpenWrt uCentral mqtt client
|
||||
DEPENDS:=+libubox +libubus +libblobmsg-json +libmosquitto-ssl
|
||||
endef
|
||||
|
||||
define Package/ucentral-mqtt/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config/
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ucentral-mqtt $(1)/usr/sbin/
|
||||
$(INSTALL_BIN) ./files/ucentral-mqtt $(1)/etc/init.d/
|
||||
$(INSTALL_BIN) ./files/umqtt.config $(1)/etc/config/umqtt
|
||||
$(INSTALL_BIN) ./files/ucentral_stats.sh $(1)/usr/sbin
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,ucentral-mqtt))
|
||||
@@ -1,39 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
|
||||
START=80
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/ucentral-mqtt
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger ucentral umqtt
|
||||
}
|
||||
|
||||
start_service() {
|
||||
. /lib/functions.sh
|
||||
|
||||
config_load 'ucentral'
|
||||
config_get serial 'config' 'serial'
|
||||
config_get venue 'config' 'venue'
|
||||
|
||||
config_load 'umqtt'
|
||||
config_get username 'mqtt' 'username'
|
||||
config_get password 'mqtt' 'password'
|
||||
config_get server 'mqtt' 'server'
|
||||
config_get port 'mqtt' 'port'
|
||||
config_get debug 'mqtt' 'debug' 0
|
||||
config_get debug 'mqtt' 'enable' 0
|
||||
|
||||
[ "$enable" -eq 1 ] || return 0
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG"
|
||||
[ -n "$serial" ] && procd_append_param command -S $serial
|
||||
[ -n "$username" ] && procd_append_param command -u $username
|
||||
[ -n "$password" ] && procd_append_param command -p $password
|
||||
[ -n "$server" ] && procd_append_param command -s $server
|
||||
[ -n "$port" ] && procd_append_param command -P $port
|
||||
[ -n "$venue" ] && procd_append_param command -v $venue
|
||||
[ "$debug" -eq 0 ] || procd_append_param command -d
|
||||
procd_set_param respawn
|
||||
procd_close_instance
|
||||
}
|
||||
@@ -1,4 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
ucode -m ubus -i /usr/share/ucentral/state.uc -E cfg=/etc/ucentral/ucentral.active > /tmp/ucentral.stats
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
config ucentral mqtt
|
||||
option enable 0
|
||||
option username 'test'
|
||||
option password 'test'
|
||||
option server '192.168.178.9'
|
||||
option port '8883'
|
||||
Reference in New Issue
Block a user