ucentral-schema: update to latest HEAD

* add redsec multi realm and NAPTR support Fixes: WIFI-3757 Fixes: WIFI-3759 Signed-off-by: John Crispin <john@phrozen.org>
2025-10-29 09:32:34 +00:00 · 2021-09-20 10:40:28 +02:00
parent 5f26f65e46
commit 8fcd427384
3 changed files with 72 additions and 5 deletions
--- a/feeds/ucentral/ucentral-schema/Makefile
+++ b/feeds/ucentral/ucentral-schema/Makefile
@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=edc4e20030a308d71b616beab93b512beafebef6
+PKG_SOURCE_VERSION:=c068e3d05df9302f8352515874b82d143c142c77

 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
--- a/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json
+++ b/feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json
@@ -37,12 +37,12 @@
 					},
 					"radius": {
 						"authentication": {
-							"host": "localhost",
+							"host": "127.0.0.1",
 							"port": 1812,
 							"secret": "secret"
 						},
 						"accounting": {
-							"host": "localhost",
+							"host": "127.0.0.1",
 							"port": 1813,
 							"secret": "secret"
 						}
@@ -101,8 +101,20 @@
 			"port": 22
 		},
 		"radius-proxy": {
-			"host": "192.168.1.10",
-			"secret": "secret"
+			"realms": [
+				{
+					"realm": "test",
+					"host": "192.168.1.10",
+					"secret": "secret",
+					"ca-certificate": "Zm9vbwo=",
+					"certificate": "Zm9vbwo=",
+					"private-key": "Zm9vbwo="
+				}, {
+					"realm": "*",
+					"auto-discover": true,
+					"use-local-certificates": true
+				}
+			]
 		}
 	}
 }
--- a/feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh
+++ b/feeds/ucentral/ucentral-schema/files/usr/libexec/naptr_lookup.sh
@@ -0,0 +1,55 @@
+#! /bin/sh
+
+usage() {
+   echo "Usage: ${0} <realm>"
+   exit 1
+}
+
+test -n "${1}" || usage
+
+REALM="${1}"
+DIGCMD=$(command -v dig)
+PRINTCMD=$(command -v printf)
+
+validate_host() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
+}
+
+validate_port() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
+}
+
+srv_lookup() {
+   ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
+   while read line ; do
+      set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
+      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then 
+         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      fi
+   done
+}
+
+naptr_lookup() {
+    ${DIGCMD} +short naptr ${REALM} | grep aaa+auth:radius.tls.tcp | sort -n -k1 |
+    while read line; do
+    set $line ; TYPE=$3 ; HOST=$6
+    if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
+        SRV_HOST=${HOST%.}
+        srv_lookup
+    fi
+    done
+}
+
+if test -x "${DIGCMD}" ; then
+   SERVERS=$(naptr_lookup)
+else
+   echo "${0} requires \"dig\" command."
+   exit 1
+fi
+
+if test -n "${SERVERS}" ; then
+        $PRINTCMD "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}\n"
+        exit 0
+fi
+
+exit 10				# No server found.