diff --git a/feeds/ucentral/ucentral-schema/Makefile b/feeds/ucentral/ucentral-schema/Makefile index 346f79208..7a8a577a3 100644 --- a/feeds/ucentral/ucentral-schema/Makefile +++ b/feeds/ucentral/ucentral-schema/Makefile @@ -6,7 +6,7 @@ PKG_RELEASE:=1 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git PKG_SOURCE_PROTO:=git PKG_SOURCE_DATE:=2021-02-15 -PKG_SOURCE_VERSION:=edc4e20030a308d71b616beab93b512beafebef6 +PKG_SOURCE_VERSION:=c068e3d05df9302f8352515874b82d143c142c77 PKG_MAINTAINER:=John Crispin PKG_LICENSE:=BSD-3-Clause diff --git a/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json b/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json index c676aa383..216376211 100644 --- a/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json +++ b/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json @@ -37,12 +37,12 @@ }, "radius": { "authentication": { - "host": "localhost", + "host": "127.0.0.1", "port": 1812, "secret": "secret" }, "accounting": { - "host": "localhost", + "host": "127.0.0.1", "port": 1813, "secret": "secret" } @@ -101,8 +101,20 @@ "port": 22 }, "radius-proxy": { - "host": "192.168.1.10", - "secret": "secret" + "realms": [ + { + "realm": "test", + "host": "192.168.1.10", + "secret": "secret", + "ca-certificate": "Zm9vbwo=", + "certificate": "Zm9vbwo=", + "private-key": "Zm9vbwo=" + }, { + "realm": "*", + "auto-discover": true, + "use-local-certificates": true + } + ] } } } diff --git a/feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh b/feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh new file mode 100755 index 000000000..00f3a8b98 --- /dev/null +++ b/feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh @@ -0,0 +1,55 @@ +#! /bin/sh + +usage() { + echo "Usage: ${0} " + exit 1 +} + +test -n "${1}" || usage + +REALM="${1}" +DIGCMD=$(command -v dig) +PRINTCMD=$(command -v printf) + +validate_host() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$' +} + +validate_port() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$' +} + +srv_lookup() { + ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 | + while read line ; do + set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4) + if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then + $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + fi + done +} + +naptr_lookup() { + ${DIGCMD} +short naptr ${REALM} | grep aaa+auth:radius.tls.tcp | sort -n -k1 | + while read line; do + set $line ; TYPE=$3 ; HOST=$6 + if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then + SRV_HOST=${HOST%.} + srv_lookup + fi + done +} + +if test -x "${DIGCMD}" ; then + SERVERS=$(naptr_lookup) +else + echo "${0} requires \"dig\" command." + exit 1 +fi + +if test -n "${SERVERS}" ; then + $PRINTCMD "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}\n" + exit 0 +fi + +exit 10 # No server found.