Create tools/ directory and move shell scripts there.

tools/README

@@ -0,0 +1,48 @@
+Mail[1] to the radsecproxy mailing list Wed, 14 Apr 2010 from Stefan
+Winter explaining the radsec-dynsrv.sh and naptr-eduroam.sh scripts.
+
+------------------------------------------------------------
+Hi,
+
+the radsec-dynsrv.sh script right now looks up _radsec._tcp.$REALM. For
+eduroam, the production discovery will rely on S-NAPTRs of "s" type and
+subsequent SRVs.
+
+I have attached a preliminary version of the discovery script which
+takes this logic into account. It could use some public scrutiny (where
+"public" might very well evaluate to Kolbjørn Barmen, who wrote the SRV
+script and knows much more about bash scripting than I do *cough cough*).
+
+As with the other script, you call
+
+naptr-eduroam.sh <realm>
+
+If you need a test case, the DNS domain restena.lu has the NAPTR and the
+SRV record live in place. On my system, you get:
+
+> ./naptr-eduroam.sh restena.lu
+server dynamic_radsec.restena.lu {
+host radius-1.restena.lu:2083
+type TLS
+}
+
+with our live DNS data (radius-1.restena.lu isn't really
+production-ready yet though).
+
+If you're curious, the S-NAPTR for eduroam right now is
+
+x-eduroam:radius.tls
+
+with a possibility of a later IETF allocation of either
+
+aaa:radius.tls (probable)
+eduroam:radius.tls (wishful thinking)
+
+, in which case changing the script to use the new ones is trivial.
+
+Greetings,
+
+Stefan Winter
+------------------------------------------------------------
+
+[1] https://postlister.uninett.no/sympa/arc/radsecproxy/2010-04/msg00011.html

tools/naptr-eduroam.sh

@@ -0,0 +1,72 @@
+#! /bin/bash
+
+# Example script!
+# This script looks up radsec srv records in DNS for the one
+# realm given as argument, and creates a server template based
+# on that. It currently ignores weight markers, but does sort
+# servers on priority marker, lowest number first.
+# For host command this is coloumn 5, for dig it is coloumn 1.
+
+usage() {
+   echo "Usage: ${0} <realm>"
+   exit 1
+}
+
+test -n "${1}" || usage
+
+REALM="${1}"
+DIGCMD=$(command -v dig)
+HOSTCMD=$(command -v host)
+
+dig_it_srv() {
+   ${DIGCMD} +short srv $SRV_HOST | sort -k1 |
+   while read line ; do
+      set $line ; PORT=$3 ; HOST=$4
+      echo -e "\thost ${HOST%.}:${PORT}"
+   done
+}
+
+dig_it_naptr() {
+   ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -k1 |
+   while read line ; do
+      set $line ; TYPE=$3 ; HOST=$6
+      if [ "$TYPE" == "\"s\"" ]; then { 
+	SRV_HOST=${HOST%.}
+	dig_it_srv; }; fi
+   done
+}
+
+host_it_srv() {
+   ${HOSTCMD} -t srv $SRV_HOST | sort -k5 | 
+   while read line ; do
+      set $line ; PORT=$7 ; HOST=$8 
+      echo -e "\thost ${HOST%.}:${PORT}"
+   done
+}
+
+host_it_naptr() {
+   ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -k5 | 
+   while read line ; do
+      set $line ; TYPE=$7 ; HOST=${10}
+      if [ "$TYPE" == "\"s\"" ]; then {
+        SRV_HOST=${HOST%.}
+        host_it_srv; }; fi
+
+   done
+}
+
+if test -x "${DIGCMD}" ; then
+   SERVERS=$(dig_it_naptr)
+elif test -x "${HOSTCMD}" ; then
+   SERVERS=$(host_it_naptr)
+else
+   echo "${0} requires either \"dig\" or \"host\" command."
+   exit 1
+fi
+
+if test -n "${SERVERS}" ; then
+        echo -e "server dynamic_radsec.${REALM} {\n${SERVERS}\n\ttype TLS\n}"
+        exit 0
+fi
+
+exit 0