From: Youfu Zhang <1315097+zhangyoufu@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:54:49 +0000 (+0800)
Subject: Add UBNT dictionary (#4818)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b22cff7cce26363cb393178d1bed4935337cbc99;p=thirdparty%2Ffreeradius-server.git

Add UBNT dictionary (#4818)
---

diff --git a/share/dictionary/radius/dictionary b/share/dictionary/radius/dictionary
index 14677f82bca..cd703b768ed 100644
--- a/share/dictionary/radius/dictionary
+++ b/share/dictionary/radius/dictionary
@@ -309,6 +309,7 @@ $INCLUDE dictionary.trapeze
 $INCLUDE dictionary.travelping
 $INCLUDE dictionary.tripplite
 $INCLUDE dictionary.tropos
+$INCLUDE dictionary.ubnt
 $INCLUDE dictionary.ukerna
 $INCLUDE dictionary.unisphere
 $INCLUDE dictionary.unix
diff --git a/share/dictionary/radius/dictionary.ubnt b/share/dictionary/radius/dictionary.ubnt
new file mode 100644
index 00000000000..4adbe331eb2
--- /dev/null
+++ b/share/dictionary/radius/dictionary.ubnt
@@ -0,0 +1,58 @@
+# -*- text -*-
+# Copyright (C) 2022 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+##############################################################################
+#
+#	From UI Community and reverse engineering
+#
+#	$Id$
+#
+##############################################################################
+
+VENDOR		UBNT				41112
+
+BEGIN-VENDOR	UBNT
+
+#
+# Data rate limiting attributes
+#
+
+# for UAP series running 4.0.59+
+# source: https://community.ui.com/questions/RADIUS-Dictionary/c2fbeeac-3b86-493c-88cb-0dc4b3e47912#answer/c6cce5df-d6e2-42b4-8069-2e3f636cd6a9
+
+ATTRIBUTE	Data-Rate-DL				1	integer64
+ATTRIBUTE	Data-Rate-DL-Burst			2	integer64
+ATTRIBUTE	Data-Rate-UL				3	integer64
+ATTRIBUTE	Data-Rate-UL-Burst			4	integer64
+
+#
+# PSK RADIUS attributes
+#
+
+# source: reverse engineering wpad from UAP-AC-Pro 6.2.44 firmware
+
+# Vanilla hostapd wpa_psk_file allows an optional keyid field, to help identify
+# which psk was used by a client. While wpa_psk_radius only retrieves Tunnel-
+# Password from RADIUS server and does not support specifying a keyid along
+# with the password. UBNT introduced new attributes to make that possible.
+
+ATTRIBUTE	Tunnel-Password-Entry			5	tlv
+# Only the first password and first keyid in this tlv will be used.
+# If you want to provide multiple passwords, you have to send them in separate VSAs.
+
+ATTRIBUTE	Tunnel-Password				.2	string	encrypt=2
+# treat as passphrase if 8~63 characters
+# treat as psk if 64 characters hex
+
+ATTRIBUTE	Tunnel-Password-Keyid			.3	string	encrypt=2
+# maximum length 31 characters
+# keyid is consumed by hostapd control interface (AP_STA_CONNECTED event, STA MIB)
+# keyid may be attached to RADIUS accounting message, see UBNT-Station-Keyid below
+# keyid is not available on ubus interface
+
+ATTRIBUTE	Station-Keyid				6	string	encrypt=2
+# require radius_acct_send_keyid=1 in hostapd configuration
+# aka. aaa.%d.radius_acct_send_keyid.status=enabled in UniFi configuration
+
+END-VENDOR	UBNT