/scripts/alcasar-condown.sh |
---|
6,25 → 6,24 |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is launched by coova after each logout |
# This script is started by coova after each logout |
# Ce script est lancé par coova à chaque déconnexion d'usager |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
# Remove user from his IPSET |
db_query_additionalGroups='' # before alcasar-3.4, filter types was in "FILTER_ID" attribute |
[ -n "$FILTER_ID" ] && db_query_additionalGroups="( SELECT attribute, value FROM radgroupreply WHERE groupname = '$FILTER_ID' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION " |
# Retrieve 2 alcasar special radius attributes (search order : default group, then user's group, then user) |
db_query="SELECT attribute, value FROM ( \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION \ |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ORDER BY ug.priority ) UNION \ |
$db_query_additionalGroups \ |
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) \ |
) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
db_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns) |
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }') |
49,6 → 48,7 |
set_filterProto="proto_0"; |
fi |
# Remove user from his IPSET |
ipset del $set_filter $FRAMED_IP_ADDRESS |
ipset del $set_filterProto $FRAMED_IP_ADDRESS |
57,7 → 57,7 |
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file |
############################# |
## Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter). |
## see "/src/chilli.c" for the complete list of parse variables |
#debug_file="/tmp/debug-condown.txt" |
#echo "-----------------------------------------------" >> $debug_file |
73,7 → 73,7 |
# fi |
#done |
#echo >> $debug_file |
#echo "set_filter : $set_filter" >> $debug_file |
#echo "set_filterProto : $set_filterProto" >> $debug_file |
#echo "ALCASAR-Filter : $set_filter" >> $debug_file |
#echo "ALCASAR-Protocols-Filter : $set_filterProto" >> $debug_file |
## END Debug |
################################# |
/scripts/alcasar-conup.sh |
---|
6,26 → 6,25 |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is launched by coova after each successfull login |
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi) |
# This script is started by coova after each successfull login |
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi) |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
# Retrieve alcasar special radius attributes |
db_query_additionalGroups='' |
[ -n "$FILTER_ID" ] && db_query_additionalGroups="( SELECT attribute, value FROM radgroupreply WHERE groupname = '$FILTER_ID' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION " |
# Retrieve 3 alcasar special radius attributes (search order : default group, then user's group, then user) |
db_query="SELECT attribute, value FROM ( \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \ |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \ |
$db_query_additionalGroups \ |
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \ |
) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
db_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns) |
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }') |
53,10 → 52,13 |
set_filterProto="proto_0"; |
fi |
# Add user to his IPSET |
ipset add $set_filter $FRAMED_IP_ADDRESS |
ipset add $set_filterProto $FRAMED_IP_ADDRESS |
# If status page isn't required, add user_IP with flag PERM in /tmp/current_users.txt |
# If status page isn't required : |
# -add user_IP with flag PERM in /tmp/current_users.txt (watchdog remove these @IP at midnight) |
# if the user has the "Expiration" attribute, add its @MAC as an authenticated user (with the same user's attributes) |
if [ "$statusPageRequired" == '2' ]; then # Status page is not required |
current_users_file="/tmp/current_users.txt" |
if [ ! -e $current_users_file ]; then |
66,7 → 68,7 |
fi |
############################# |
## Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open). |
## see "/src/chilli.c" for the complete list of parse variables |
#debug_file="/tmp/debug-conup.txt" |
#echo "-----------------------------------------------" >> $debug_file |
82,8 → 84,8 |
# fi |
#done |
#echo >> $debug_file |
#echo "set_filter : $set_filter" >> $debug_file |
#echo "set_filterProto : $set_filterProto" >> $debug_file |
#echo "statusPageRequired : $statusPageRequired" >> $debug_file |
#echo "ALCASAR-Filter : $set_filter" >> $debug_file |
#echo "ALCASAR-Protocols-Filter : $set_filterProto" >> $debug_file |
#echo "Alcasar-Status-Page-Must-Stay-Open : $statusPageRequired" >> $debug_file |
## END DEBUG |
################################# |
/scripts/alcasar-test-debug-conup.sh |
---|
4,7 → 4,7 |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
# Retrieve alcasar special radius attributes |
# Retrieve 3 ALCASAR special radius attributes (search order : default group, then user's group, then user) |
db_query="SELECT attribute, value FROM ( \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \ |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \ |
18,8 → 18,8 |
echo "USER_NAME = $USER_NAME; filter = $filter; filterproto = $filterProto; statusOpenRequired = $statusOpenRequired"; |
# If status page isn't required : |
# -add user_IP with flag PERM in /tmp/current_users.txt |
# -add user_@MAC as an authenticated user (until "expiration_date") |
# -add user_IP with the flag 'PERM' in /tmp/current_users.txt |
# -add user_@MAC as an authenticated (with the same user's attributes) |
if [ "$statusOpenRequired" == '2' ]; then # Status page is not required |
echo "" |
db_query="SELECT attribute, value FROM ( \ |
/scripts/alcasar-watchdog.sh |
---|
124,10 → 124,14 |
lan_test |
exit 0 |
;; |
--disconnect-permanent-users) |
/bin/sed -i '/PERM/d' $current_users_file |
exit 0 |
;; |
*) |
lan_test |
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file) |
# process each equipment known by chilli to check if IP address is usurped (with arping) |
# process each equipment known by chilli |
for system in `/usr/sbin/chilli_query list | grep -v "0\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
134,7 → 138,6 |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
active_user=`echo $system |cut -d" " -f6` |
# We disconnect inactive user here : |
# We check if the user isn't an auth @MAC and if he is still connected |
if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then |
if [ -e $current_users_file ]; then |