/scripts/alcasar-generate_log.sh |
---|
156,10 → 156,21 |
echo "</body>" >> $TMP_HTML |
echo "</HTML>" >> $TMP_HTML |
# inform users about that by setting the Alcasar-Imputability-Warning attribute |
QUERY="INSERT INTO radreply (username, attribute, value, op) SELECT ui.username, 'Alcasar-Imputability-Warning', '1' , ':=' FROM userinfo ui LEFT JOIN radreply rr ON rr.username = ui.username AND rr.attribute = 'Alcasar-Imputability-Warning' WHERE rr.username IS NULL;" |
#inform users about that by setting the fourth bit of Filter-Id at 1. |
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ] |
then |
for user in $(cat $TMP_USERS) |
do |
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
done |
fi |
rm $TMP_USERS |
/usr/bin/wkhtmltopdf $TMP_HTML $TMP_PDF |
/scripts/alcasar-conup.sh |
---|
9,52 → 9,53 |
# This script is launched by coova after each successfull login |
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi) |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
# Add user to his IPSET |
# Add user to his IPSET (depending on FILTER_ID) |
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username = '$USER_NAME' ORDER BY ug.priority)) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
# FilterID Byte N°0 to 7 |
# 0: profile_1 (WEB) |
# 1: profile_2 (WEB + Mail + Remote access) |
# 2: profile_3 (Custom) |
# 3: warn_user (if imputability report has been generated) |
# 4: status_open_required (check user activity through status page) |
# 5: WL |
# 6: BL |
# 7: HAVP |
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Filter-Proto" { print $2 }') |
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Open-Required" { print $2 }') |
if [ "$filter" == '4' ]; then # HAVP_WL |
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL |
set_filter="havp_wl" |
elif [ "$filter" == '3' ]; then # HAVP_BL |
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL |
set_filter="havp_bl" |
elif [ "$filter" == '2' ]; then # HAVP |
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP |
set_filter="havp" |
else # NOT_FILTERED |
else # NOT_FILTERED |
set_filter="not_filtered" |
fi |
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom) |
set_filterProto="proto_3"; |
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_filterProto="proto_2"; |
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB) |
set_filterProto="proto_1"; |
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom) |
set_proto="proto_3"; |
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_proto="proto_2"; |
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB) |
set_proto="proto_1"; |
else # PROFILE 0 (Not filtered) |
set_filterProto="proto_0"; |
set_proto="proto_0"; |
fi |
ipset add $set_filter $FRAMED_IP_ADDRESS |
ipset add $set_filterProto $FRAMED_IP_ADDRESS |
ipset add $set_filter $FRAMED_IP_ADDRESS |
ipset add $set_proto $FRAMED_IP_ADDRESS |
# Add user IP permanently to current_users.txt if no status_open_required |
current_users_file="/var/tmp/havp/current_users.txt" |
[ ! -e $current_users_file ] && touch $current_users_file && chown apache:apache $current_users_file |
if [ "$statusOpenRequired" == '2' ]; then # no status_open_required |
if [ ${FILTER_ID:4:1} == '1' ]; then # no status_open_required |
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file |
fi |
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
# Debug : show all the coova parse variables (+ $set_filter + $set_proto). |
# see "/src/chilli.c" for the complete list of parse variables |
#echo "-----------------------------------------------" >> /tmp/debug-conup.txt |
#echo `date` >> /tmp/debug-conup.txt |
63,5 → 64,5 |
# echo "$i : ${!i}" >> /tmp/debug-conup.txt |
#done |
#echo "set_filter : $set_filter" >> /tmp/debug-conup.txt |
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-conup.txt |
#echo "set_proto : $set_proto" >> /tmp/debug-conup.txt |
/scripts/alcasar-condown.sh |
---|
9,49 → 9,50 |
# This script is launched by coova after each logout |
# Ce script est lancé par coova à chaque déconnexion d'usager |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
# Remove user from his IPSET |
# Remove user from his IPSET (depending on FILTER_ID) |
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username = '$USER_NAME' ORDER BY ug.priority)) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
# FilterID Byte N°0 to 7 |
# 0: profile_1 (WEB) |
# 1: profile_2 (WEB + Mail + Remote access) |
# 2: profile_3 (Custom) |
# 3: warn_user (if imputability report has been generated) |
# 4: status_open_required (check user activity through status page) |
# 5: WL |
# 6: BL |
# 7: HAVP |
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Filter-Proto" { print $2 }') |
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Open-Required" { print $2 }') |
if [ "$filter" == '4' ]; then # HAVP_WL |
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL |
set_filter="havp_wl" |
elif [ "$filter" == '3' ]; then # HAVP_BL |
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL |
set_filter="havp_bl" |
elif [ "$filter" == '2' ]; then # HAVP |
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP |
set_filter="havp" |
else # NOT_FILTERED |
else # NOT_FILTERED |
set_filter="not_filtered" |
fi |
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom) |
set_filterProto="proto_3"; |
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_filterProto="proto_2"; |
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB) |
set_filterProto="proto_1"; |
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom) |
set_proto="proto_3"; |
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_proto="proto_2"; |
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB) |
set_proto="proto_1"; |
else # PROFILE 0 (Not filtered) |
set_filterProto="proto_0"; |
set_proto="proto_0"; |
fi |
ipset del $set_filter $FRAMED_IP_ADDRESS |
ipset del $set_filterProto $FRAMED_IP_ADDRESS |
ipset del $set_filter $FRAMED_IP_ADDRESS |
ipset del $set_proto $FRAMED_IP_ADDRESS |
# Remove IP address from active users |
current_users_file="/var/tmp/havp/current_users.txt" |
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file |
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
# Debug : show all the coova parse variables (+ $set_filter + $set_proto). |
# see "/src/chilli.c" for the complete list of parse variables |
#echo "-----------------------------------------------" >> /tmp/debug-condown.txt |
#echo `date` >> /tmp/debug-condown.txt |
60,4 → 61,4 |
# echo "$i : ${!i}" >> /tmp/debug-condown.txt |
#done |
#echo "set_filter : $set_filter" >> /tmp/debug-condown.txt |
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-condown.txt |
#echo "set_proto : $set_proto" >> /tmp/debug-condown.txt |