scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-10-29 09:32:34 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

ucentral-schema: update to latest HEAD

Browse Source 
* add redsec multi realm and NAPTR support

Fixes: WIFI-3757
Fixes: WIFI-3759
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
2021-09-20 10:40:28 +02:00
parent 5f26f65e46
commit 8fcd427384
3 changed files with 72 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
feeds/ucentral/ucentral-schema/Makefile
View File

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2021-02-15 PKG_SOURCE_DATE:=2021-02-15
PKG_SOURCE_VERSION:=edc4e20030a308d71b616beab93b512beafebef6 PKG_SOURCE_VERSION:=c068e3d05df9302f8352515874b82d143c142c77
PKG_MAINTAINER:=John Crispin <john@phrozen.org> PKG_MAINTAINER:=John Crispin <john@phrozen.org>
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause

20
feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json
View File

@@ -37,12 +37,12 @@
}, },
"radius": { "radius": {
"authentication": { "authentication": {
"host": "localhost", "host": "127.0.0.1",
"port": 1812, "port": 1812,
"secret": "secret" "secret": "secret"
}, },
"accounting": { "accounting": {
"host": "localhost", "host": "127.0.0.1",
"port": 1813, "port": 1813,
"secret": "secret" "secret": "secret"
} }
@@ -101,8 +101,20 @@
"port": 22 "port": 22
}, },
"radius-proxy": { "radius-proxy": {
"host": "192.168.1.10", "realms": [
"secret": "secret" {
"realm": "test",
"host": "192.168.1.10",
"secret": "secret",
"ca-certificate": "Zm9vbwo=",
"certificate": "Zm9vbwo=",
"private-key": "Zm9vbwo="
}, {
"realm": "*",
"auto-discover": true,
"use-local-certificates": true
}
]
} }
} }
} }

55
feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh Executable file
View File

@@ -0,0 +1,55 @@
#! /bin/sh
usage() {
echo "Usage: ${0} <realm>"
exit 1
}
test -n "${1}" || usage
REALM="${1}"
DIGCMD=$(command -v dig)
PRINTCMD=$(command -v printf)
validate_host() {
echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
}
validate_port() {
echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
}
srv_lookup() {
${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
while read line ; do
set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
fi
done
}
naptr_lookup() {
${DIGCMD} +short naptr ${REALM} | grep aaa+auth:radius.tls.tcp | sort -n -k1 |
while read line; do
set $line ; TYPE=$3 ; HOST=$6
if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
SRV_HOST=${HOST%.}
srv_lookup
fi
done
}
if test -x "${DIGCMD}" ; then
SERVERS=$(naptr_lookup)
else
echo "${0} requires \"dig\" command."
exit 1
fi
if test -n "${SERVERS}" ; then
$PRINTCMD "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}\n"
exit 0
fi
exit 10 # No server found.