diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/README | 48 | ||||
| -rw-r--r-- | tools/naptr-eduroam.sh | 72 | ||||
| -rwxr-xr-x | tools/radsec-dynsrv.sh | 51 |
3 files changed, 0 insertions, 171 deletions
diff --git a/tools/README b/tools/README deleted file mode 100644 index 4e6d2bc..0000000 --- a/tools/README +++ /dev/null @@ -1,48 +0,0 @@ -Mail[1] to the radsecproxy mailing list Wed, 14 Apr 2010 from Stefan -Winter explaining the radsec-dynsrv.sh and naptr-eduroam.sh scripts. - ------------------------------------------------------------- -Hi, - -the radsec-dynsrv.sh script right now looks up _radsec._tcp.$REALM. For -eduroam, the production discovery will rely on S-NAPTRs of "s" type and -subsequent SRVs. - -I have attached a preliminary version of the discovery script which -takes this logic into account. It could use some public scrutiny (where -"public" might very well evaluate to Kolbjørn Barmen, who wrote the SRV -script and knows much more about bash scripting than I do *cough cough*). - -As with the other script, you call - -naptr-eduroam.sh <realm> - -If you need a test case, the DNS domain restena.lu has the NAPTR and the -SRV record live in place. On my system, you get: - -> ./naptr-eduroam.sh restena.lu -server dynamic_radsec.restena.lu { -host radius-1.restena.lu:2083 -type TLS -} - -with our live DNS data (radius-1.restena.lu isn't really -production-ready yet though). - -If you're curious, the S-NAPTR for eduroam right now is - -x-eduroam:radius.tls - -with a possibility of a later IETF allocation of either - -aaa:radius.tls (probable) -eduroam:radius.tls (wishful thinking) - -, in which case changing the script to use the new ones is trivial. - -Greetings, - -Stefan Winter ------------------------------------------------------------- - -[1] https://postlister.uninett.no/sympa/arc/radsecproxy/2010-04/msg00011.html diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh deleted file mode 100644 index 9bc6c45..0000000 --- a/tools/naptr-eduroam.sh +++ /dev/null @@ -1,72 +0,0 @@ -#! /bin/bash - -# Example script! -# This script looks up radsec srv records in DNS for the one -# realm given as argument, and creates a server template based -# on that. It currently ignores weight markers, but does sort -# servers on priority marker, lowest number first. -# For host command this is coloumn 5, for dig it is coloumn 1. - -usage() { - echo "Usage: ${0} <realm>" - exit 1 -} - -test -n "${1}" || usage - -REALM="${1}" -DIGCMD=$(command -v dig) -HOSTCMD=$(command -v host) - -dig_it_srv() { - ${DIGCMD} +short srv $SRV_HOST | sort -k1 | - while read line ; do - set $line ; PORT=$3 ; HOST=$4 - echo -e "\thost ${HOST%.}:${PORT}" - done -} - -dig_it_naptr() { - ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -k1 | - while read line ; do - set $line ; TYPE=$3 ; HOST=$6 - if [ "$TYPE" == "\"s\"" ]; then { - SRV_HOST=${HOST%.} - dig_it_srv; }; fi - done -} - -host_it_srv() { - ${HOSTCMD} -t srv $SRV_HOST | sort -k5 | - while read line ; do - set $line ; PORT=$7 ; HOST=$8 - echo -e "\thost ${HOST%.}:${PORT}" - done -} - -host_it_naptr() { - ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -k5 | - while read line ; do - set $line ; TYPE=$7 ; HOST=${10} - if [ "$TYPE" == "\"s\"" ]; then { - SRV_HOST=${HOST%.} - host_it_srv; }; fi - - done -} - -if test -x "${DIGCMD}" ; then - SERVERS=$(dig_it_naptr) -elif test -x "${HOSTCMD}" ; then - SERVERS=$(host_it_naptr) -else - echo "${0} requires either \"dig\" or \"host\" command." - exit 1 -fi - -if test -n "${SERVERS}" ; then - echo -e "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}" - exit 0 -fi - -exit 0 diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh deleted file mode 100755 index 7a74b6d..0000000 --- a/tools/radsec-dynsrv.sh +++ /dev/null @@ -1,51 +0,0 @@ -#! /bin/bash - -# Example script! -# This script looks up radsec srv records in DNS for the one -# realm given as argument, and creates a server template based -# on that. It currently ignores weight markers, but does sort -# servers on priority marker, lowest number first. -# For host command this is coloumn 5, for dig it is coloumn 1. - -usage() { - echo "Usage: ${0} <realm>" - exit 1 -} - -test -n "${1}" || usage - -REALM="${1}" -DIGCMD=$(command -v digaaa) -HOSTCMD=$(command -v host) - -dig_it() { - ${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -k1 | - while read line ; do - set $line ; PORT=$3 ; HOST=$4 - echo -e "\thost ${HOST%.}:${PORT}" - done -} - -host_it() { - ${HOSTCMD} -t srv _radsec._tcp.${REALM} | sort -k5 | - while read line ; do - set $line ; PORT=$7 ; HOST=$8 - echo -e "\thost ${HOST%.}:${PORT}" - done -} - -if test -x "${DIGCMD}" ; then - SERVERS=$(dig_it) -elif test -x "${HOSTCMD}" ; then - SERVERS=$(host_it) -else - echo "${0} requires either \"dig\" or \"host\" command." - exit 1 -fi - -if test -n "${SERVERS}" ; then - echo -e "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}" - exit 0 -fi - -exit 0 |