Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2005 → Rev 2006

/alcasar.sh
502,7 → 502,6
echo "EXT_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "INT_DNS_DOMAIN=none" >> $CONF_FILE
echo "INT_DNS_IP=none" >> $CONF_FILE
echo "INT_DNS_ACTIVE=off" >> $CONF_FILE
/conf/sudoers
14,14 → 14,14
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # to manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
/scripts/alcasar-condown.sh
16,22 → 16,112
 
# Remove user from the SET (function of his filtering level)
 
case $FILTER_ID in
# HAVP
"00000001")
set="havp"
;;
# HAVP + Blacklist
"00000011")
set="havp_bl"
;;
# HAVP + Whitelist
"00000101")
set="havp_wl"
;;
# No filtering
*)
set="not_filtered"
;;
esac
#12345678
#1-> profile1
#2-> profile2
#3-> profile3
#6-> WL
#7-> BL
#8-> HAVP
 
if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP
then
set="havp"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL
then
set="havp_bl"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL
then
set="havp_wl"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
 
 
if [ -z "$set" ] #NOT_FILTERED
then
set="not_filtered"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
 
ipset del $set $FRAMED_IP_ADDRESS
ipset del $set_proto $FRAMED_IP_ADDRESS
/scripts/alcasar-conup.sh
14,23 → 14,117
# echo "$i : ${!i}" >> /tmp/debug-conup.txt
#done
ipset del not_auth_yet $FRAMED_IP_ADDRESS
 
 
# Add user to the SET (function of his filtering level)
case $FILTER_ID in
# HAVP
"00000001")
set="havp"
;;
# HAVP + Blacklist
"00000011")
set="havp_bl"
;;
# HAVP + Whitelist
"00000101")
set="havp_wl"
;;
# No filtering
*)
set="not_filtered"
;;
esac
 
#12345678
#1-> profile1
#2-> profile2
#3-> profile3
#6-> WL
#7-> BL
#8-> HAVP
 
if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP
then
set="havp"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
 
if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL
then
set="havp_bl"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL
then
set="havp_wl"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
 
 
if [ -z "$set" ] #NOT_FILTERED
then
set="not_filtered"
if [ ${FILTER_ID:0:1} -eq '1' ]
then
set_proto="proto_1";
fi
 
if [ ${FILTER_ID:1:1} -eq '1' ]
then
set_proto="proto_2";
fi
if [ ${FILTER_ID:2:1} -eq '1' ]
then
set_proto="proto_3";
fi
 
if [ -z "$set_proto" ]
then
set_proto="proto_0";
fi
fi
 
 
ipset add $set $FRAMED_IP_ADDRESS
ipset add $set_proto $FRAMED_IP_ADDRESS
/scripts/alcasar-iptables.sh
33,8 → 33,6
dns1=${dns1:=208.67.220.220}
dns2=${dns2:=208.67.222.222}
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off)
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
62,6 → 60,10
ipset save havp_wl >> $TMP_users_set_save
ipset save not_auth_yet >> $TMP_users_set_save
ipset save users_list >> $TMP_users_set_save
ipset save proto_0 >> $TMP_users_set_save
ipset save proto_1 >> $TMP_users_set_save
ipset save proto_2 >> $TMP_users_set_save
ipset save proto_3 >> $TMP_users_set_save
fi
 
# loading of NetFlow probe (ipt_NETFLOW kernel module)
150,6 → 152,11
ipset add users_list havp_bl
ipset add users_list not_filtered
ipset add users_list not_auth_yet
#pour les filtrages de protocole par utilisateur
ipset create proto_0 hash:net hashsize 1024
ipset create proto_1 hash:net hashsize 1024
ipset create proto_2 hash:net hashsize 1024
ipset create proto_3 hash:net hashsize 1024
fi
 
#############################
362,55 → 369,80
# Autorisation des retours de connexions légitimes
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# If protocols filter is activate
if [ $PROTOCOLS_FILTERING = on ]; then
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...)
nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1`
if [ $nb_uamallowed != "0" ]
then
while read ip_allowed_line
do
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NFLOG --nflog-prefix "RULE IP-allowed -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-uamallowed
fi
# Autorisation du HTTP et des protocoles non commentés
# Allow HTTP and non comment protocols
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j ACCEPT
while read svc_line
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...)
nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1`
if [ $nb_uamallowed != "0" ]
then
while read ip_allowed_line
do
svc_on=`echo $svc_line|cut -b1`
if [ $svc_on != "#" ]
then
svc_name=`echo $svc_line|cut -d" " -f1`
svc_port=`echo $svc_line|cut -d" " -f2`
if [ $svc_name = "icmp" ]
then
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT
else
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NFLOG --nflog-prefix "RULE IP-allowed -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-uamallowed
fi
 
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NFLOG --nflog-prefix "RULE F_UDP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT
fi
 
 
#filtrage protocole par utilisateur (on autorise le HTTP pour tous)
#profile 1 : HTTP/S only
for proto in $(echo http https)
do
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-P1$proto -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j NFLOG --nflog-prefix "RULE F_UDP-P1$proto -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_1 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j ACCEPT
done
 
#profile 2 : HTTP/S, POP3S, IMAP/S, FTP, SSH/SFTP
for proto in $(echo http https pop3 pop3s imap imaps ftp sftp ssh)
do
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-P2$proto -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $proto -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j NFLOG --nflog-prefix "RULE F_UDP-P2$proto -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_2 src -s $PRIVATE_NETWORK_MASK -p udp --dport $proto -m state --state NEW -j ACCEPT
done
 
#profile 3 personalisables via l'ACC
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-P3http -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j ACCEPT
while read svc_line
do
svc_on=`echo $svc_line|cut -b1`
if [ $svc_on != "#" ]
then
svc_name=`echo $svc_line|cut -d" " -f1`
svc_port=`echo $svc_line|cut -d" " -f2`
if [ $svc_name = "icmp" ]
then
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT
else
 
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NFLOG --nflog-prefix "RULE F_TCP-P3$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NFLOG --nflog-prefix "RULE F_UDP-P3$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT
fi
done < /usr/local/etc/alcasar-services
# Rejet explicite des autres protocoles
# reject the others protocols
$IPTABLES -A FORWARD -i $TUNIF -j NFLOG --nflog-prefix "RULE F_filter -- REJECT "
$IPTABLES -A FORWARD -i $TUNIF -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A FORWARD -i $TUNIF -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -p icmp -j REJECT
fi
fi
done < /usr/local/etc/alcasar-services
 
# Rejet explicite des autres protocoles pour P1, P2, P3 et les autres
# reject the others protocols for P1,P2, P3 and other
$IPTABLES -A FORWARD -i $TUNIF -m set ! --match-set proto_0 src -j NFLOG --nflog-prefix "RULE F_filterP1 -- REJECT "
$IPTABLES -A FORWARD -i $TUNIF -m set ! --match-set proto_0 src -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A FORWARD -i $TUNIF -m set ! --match-set proto_0 src -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set ! --match-set proto_0 src -p icmp -j REJECT
 
 
 
# Autorisation des connections sortant du LAN
# Allow forward connections with log
#$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT "
/web/acc/admin/protocols_filter.php
16,10 → 16,7
if($Language == 'fr'){
$l_remove="Retirer de la liste";
$l_title_proto = "Filtrage de protocoles r&eacute;seau";
$l_protocolsfilter_on="Le filtrage de protocoles r&eacute;seau est actuellement activ&eacute;";
$l_protocolsfilter_off="Le filtrage de protocoles réseau est actuellement désactiv&eacute";
$l_switch_on="Activer le filtrage";
$l_switch_off="D&eacute;sactiver le filtrage";
$l_protocolsfilter="Vous pouvez personnaliser le profile de filtrage protocole 'personnalisable' ici. Vous pouvez ensuite l'attribuer à des utilisateurs via l'éditeur ou la création d'utilisateur.";
$l_comment_on="&Agrave; l'exclusion du WEB (port 80), les protocoles r&eacute;seaux sont interdits.<BR>Choisissez ci-dessous les protocoles que vous autorisez";
$l_comment_off="(tous les protocoles réseau sont autoris&eacute;s)";
$l_protocols="Protocoles autoris&eacute;s";
33,10 → 30,7
else {
$l_remove="Remove from list";
$l_title_proto = "Network protocols filter";
$l_protocolsfilter_on="Actually, the network protocols filter is enable";
$l_protocolsfilter_off="Actually, the network protocols filter is disable";
$l_switch_on="Switch the Filter on";
$l_switch_off="Switch the Filter off";
$l_protocolsfilter="You can change your \"custom\" protocol filtering here. You can set it to a user from ACC (create user / edit user)";
$l_comment_on="(choose the authorized network protocols)";
$l_comment_on="Except for the WEB (port 80), all protocols are blocked.<BR>Choose in the list below, the protocols you want authorize";
$l_comment_off="(all the network protocols are allowed for authenticated users)";
79,12 → 73,6
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
case 'NF_On' :
exec ("sudo /usr/local/bin/alcasar-nf.sh -on");
break;
case 'NF_Off' :
exec ("sudo /usr/local/bin/alcasar-nf.sh -off");
break;
case 'new_port' :
if ((trim($_POST['add_port']) != "80") and ($_POST['add_port'] != "") and ($_POST['add_proto'] != "") and (is_numeric($_POST['add_port'])))
{
152,19 → 140,6
exec ("sudo /usr/local/bin/alcasar-iptables.sh -on");
break;
}
# default values
if (is_file (CONF_FILE))
{
$tab=file(CONF_FILE);
if ($tab)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "PROTOCOLS_FILTERING") {$PROTOCOLS_FILTERING=trim($field[1]);}
}
}
}
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?echo "$l_title_proto";?></th></tr>
172,25 → 147,12
</table>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr>
 
<?
if ($PROTOCOLS_FILTERING == "on")
{
echo "<td colspan=\"2\" valign=\"middle\" align=\"left\">";
echo "<CENTER><H3>$l_protocolsfilter_on</H3>$l_comment_on</CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"NF_Off\">";
echo "<input type=submit value=\"$l_switch_off\">";
echo "</FORM></td></tr>";
require ('protocols_filter2.php');
}
else
{
echo "<td valign=\"middle\" align=\"left\">";
echo "<CENTER><H3>$l_protocolsfilter_off</H3>$l_comment_off</CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"NF_On\">";
echo "<input type=submit value=\"$l_switch_on\">";
echo "</FORM></td></tr>";
echo "</table></body></html>";
}
 
echo "<td colspan=\"2\" valign=\"middle\" align=\"left\">";
echo "<CENTER><H3>$l_protocolsfilter_on</H3>$l_comment_on</CENTER>";
require ('protocols_filter2.php');
 
?>
 
/web/acc/manager/htdocs/group_new.php
1,5 → 1,15
<?php
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Filter-Id']))
{
$upId = (int)$_POST['Filter-Proto'];
$downId = (int)$_POST['Filter-Id'];
$upId = $upId+$downId;
$upId = str_pad($upId, 8, '0', STR_PAD_LEFT);
$_POST['Filter-Id'] = $upId;
}
 
if (!isset ($create)) $create=0;
if (!isset ($login)) $login='';
if (!isset ($selected)) $selected=array();
350,6 → 360,24
}
/*fin Ajout*/
}
 
/*protocole filter*/
print <<<EOM
<tr>
<td class="etiquette" colspan=$colspan>
$l_proto
</td>
<td width=20>
EOM;
/*Choix de la langue du ticket d'impression*/
echo" <select name='Filter-Proto'>
<option value=\"00000000\" selected>$l_proto_0</option>
<option value=\"10000000\" >$l_proto_1</option>
<option value=\"01000000\" >$l_proto_2</option>
<option value=\"00100000\" >$l_proto_3</option>
</select></td></tr>";
 
echo "</table><BR>";
}
if ($create == 1)
/web/acc/manager/htdocs/user_edit.php
2,6 → 2,17
//gestion de la langue
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Filter-Id0']))
{
$upId = (int)$_POST['Filter-Proto'];
$downId = (int)$_POST['Filter-Id0'];
$upId = $upId+$downId;
$upId = str_pad($upId, 8, '0', STR_PAD_LEFT);
$_POST['Filter-Id0'] = $upId;
}
 
require('/etc/freeradius-web/config.php');
require('../lib/attrshow.php');
require('../lib/defaults.php');
268,21 → 279,105
$grp_redir="<td bgcolor=\"#BEBEBE\">$val</td>";
break;
case 'Filter-Id' :
switch($val)
$grp_proto_select = array();
$grp_proto_select[0] = '';
$grp_proto_select[1] = '';
$grp_proto_select[2] = '';
$grp_proto_select[3] = '';
//WL
if($val[5] == '1')
{
case "00000001":
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp</td>";
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp_wl</td>";
if($val[0] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_1</td>";
break;
case "00000011":
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp_bl</td>";
}
if($val[1] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_2</td>";
break;
case "00000101":
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp_wl</td>";
}
if($val[2] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_3</td>";
break;
default :
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_none</td>";
}
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_0</td>";
break;
break;
}
//BL
if($val[6] == '1')
{
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp_bl</td>";
if($val[0] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_1</td>";
break;
}
if($val[1] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_2</td>";
break;
}
if($val[2] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_3</td>";
break;
}
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_0</td>";
break;
}
//HAVP
if($val[7] == '1')
{
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_havp</td>";
if($val[0] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_1</td>";
break;
}
if($val[1] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_2</td>";
break;
}
if($val[2] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_3</td>";
break;
}
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_0</td>";
break;
}
else
{
$grp_filter="<td bgcolor=\"#BEBEBE\">$l_filtering_none</td>";
if($val[0] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_1</td>";
break;
}
if($val[1] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_2</td>";
break;
}
if($val[2] == '1')
{
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_3</td>";
break;
}
$grp_proto="<td bgcolor=\"#BEBEBE\">$l_proto_0</td>";
break;
}
break;
}
}
545,21 → 640,102
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_redir<td><input type=text name=\"$name1\" value=\"$val\" size=20></td>";
break;
case 'Filter-Id' :
switch($val)
$proto_select = array();
$proto_select[0] = '';
$proto_select[1] = '';
$proto_select[2] = '';
$proto_select[3] = '';
//WL
if($val[6] == '1')
{
case "00000001":
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\">$l_filtering_none</option><option value=\"00000001\" selected=\"selected\">$l_filtering_havp</option><option value=\"00000011\">$l_filtering_havp_bl</option><option value=\"00000101\">$l_filtering_havp_wl</option></select></td>";
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\">$l_filtering_none</option><option value=\"00000001\">$l_filtering_havp</option><option value=\"00000011\" selected=\"selected\">$l_filtering_havp_bl</option><option value=\"00000101\">$l_filtering_havp_wl</option></select></td>";
if($val[0] == '1')
{
$proto_select[1] = "selected";
break;
case "00000011":
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\">$l_filtering_none</option><option value=\"00000001\">$l_filtering_havp</option><option value=\"00000011\" selected=\"selected\">$l_filtering_havp_bl</option><option value=\"00000101\">$l_filtering_havp_wl</option></select></td>";
}
if($val[1] == '1')
{
$proto_select[2] = "selected";
break;
case "00000101":
}
if($val[2] == '1')
{
$proto_select[3] = "selected";
break;
}
$proto_select[0] = "selected";
break;
}
//BL
if($val[5] == '1')
{
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\">$l_filtering_none</option><option value=\"00000001\">$l_filtering_havp</option><option value=\"00000011\">$l_filtering_havp_bl</option><option value=\"00000101\" selected=\"selected\">$l_filtering_havp_wl</option></select></td>";
if($val[0] == '1')
{
$proto_select[1] = "selected";
break;
default :
}
if($val[1] == '1')
{
$proto_select[2] = "selected";
break;
}
if($val[2] == '1')
{
$proto_select[3] = "selected";
break;
}
$proto_select[0] = "selected";
break;
}
//HAVP
if($val[7] == '1')
{
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\">$l_filtering_none</option><option value=\"00000001\" selected=\"selected\">$l_filtering_havp</option><option value=\"00000011\">$l_filtering_havp_bl</option><option value=\"00000101\">$l_filtering_havp_wl</option></select></td>";
if($val[0] == '1')
{
$proto_select[1] = "selected";
break;
}
if($val[1] == '1')
{
$proto_select[2] = "selected";
break;
}
if($val[2] == '1')
{
$proto_select[3] = "selected";
break;
}
$proto_select[0] = "selected";
break;
}
else //none
{
echo "<td><select name=$oper_name><option $selected[$op_eq] value=\"=\">=</td>$grp_filter<td><select name=\"$name1\"><option value=\"00000000\" selected=\"selected\">$l_filtering_none</option><option value=\"00000001\">$l_filtering_havp</option><option value=\"00000011\">$l_filtering_havp_bl</option><option value=\"00000101\">$l_filtering_havp_wl</option></select></td>";
if($val[0] == '1')
{
$proto_select[1] = "selected";
break;
}
if($val[1] == '1')
{
$proto_select[2] = "selected";
break;
}
if($val[2] == '1')
{
$proto_select[3] = "selected";
break;
}
$proto_select[0] = "selected";
break;
}
break;
default :
print <<<EOM
590,6 → 766,31
EOM;
}
}
/*protocole filter*/
print <<<EOM
<tr>
<td class="etiquette" colspan=2>
<a href="help/protocols_help.html" target=help onclick=window.open("help/protocols_help.html","help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="$l_click_for_help"><font color="blue">$l_proto</font></a>
</td>
EOM;
if(isset($member_groups) && $user_type != 'group')
{
echo $grp_proto;
}
echo "<td width=20>";
echo"<select name='Filter-Proto'>
<option value=\"00000000\" $proto_select[0]>$l_proto_0</option>
<option value=\"10000000\" $proto_select[1]>$l_proto_1</option>
<option value=\"01000000\" $proto_select[2]>$l_proto_2</option>
<option value=\"00100000\" $proto_select[3]>$l_proto_3</option>
</select></td>
</tr>";
if ($user_type != 'group'){
echo <<<EOM
<tr>
/web/acc/manager/htdocs/user_new.php
1,5 → 1,15
<?php
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Filter-Id']))
{
$upId = (int)$_POST['Filter-Proto'];
$downId = (int)$_POST['Filter-Id'];
$upId = $upId+$downId;
$upId = str_pad($upId, 8, '0', STR_PAD_LEFT);
$_POST['Filter-Id'] = $upId;
}
 
if (!isset ($create)) $create=0;
if (!isset ($show)) $show=0;
// ticket d'impression (thank's to Geoffroy MUSITELLI)
380,9 → 390,27
}
}
}
/*protocole filter*/
print <<<EOM
<tr>
<td class="etiquette" colspan=$colspan>
<a href="help/protocols_help.html" target=help onclick=window.open("help/protocols_help.html","help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="$l_click_for_help"><font color="blue">$l_proto</font></a>
</td>
<td width=20>
EOM;
/*Choix de la langue du ticket d'impression*/
echo" <select name='Filter-Proto'>
<option value=\"00000000\" selected>$l_proto_0</option>
<option value=\"10000000\" >$l_proto_1</option>
<option value=\"01000000\" >$l_proto_2</option>
<option value=\"00100000\" >$l_proto_3</option>
</select></td></tr>";
print <<<EOM
<tr>
<td class="etiquette" colspan=$colspan>
$l_lang_ticket
</td>
<td width=20>
/web/acc/manager/htdocs/user_new2.php
15,6 → 15,16
if(!isset($selected)) $selected = array();
if(!isset($selected['='])) $selected['='] = '';
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Filter-Id']))
{
$upId = (int)$_POST['Filter-Proto'];
$downId = (int)$_POST['Filter-Id'];
$upId = $upId+$downId;
$upId = str_pad($upId, 8, '0', STR_PAD_LEFT);
$_POST['Filter-Id'] = $upId;
}
 
require('/etc/freeradius-web/config.php');
if($show == 2)
{
408,9 → 418,26
}
}
}
/*protocole filter*/
print <<<EOM
<tr>
<td class="etiquette" colspan=$colspan>
$l_proto
</td>
<td width=20>
EOM;
/*Choix de la langue du ticket d'impression*/
echo" <select name='Filter-Proto'>
<option value=\"00000000\" selected>$l_proto_0</option>
<option value=\"10000000\" >$l_proto_1</option>
<option value=\"01000000\" >$l_proto_2</option>
<option value=\"00100000\" >$l_proto_3</option>
</select></td></tr>";
print <<<EOM
<tr>
<td class="etiquette" colspan=$colspan>
$l_lang_ticket
</td>
<td width=20>
/web/acc/manager/lib/langues.php
117,6 → 117,11
$l_user_exists = "existe déjà !";
$l_group_desc = "<h2>Attributs Groupe</h2>";
$l_user_desc = "<h2>Attributs Utilisateur</h2>";
$l_proto="Profile de protocole de filtrage";
$l_proto_0="Aucun";
$l_proto_1="Navigation Web";
$l_proto_2="Navigation Web, Messagerie et Serveur distant";
$l_proto_3="Personnalisable";
break;
default :
//English
227,6 → 232,11
$l_user_exists = "already exists !";
$l_group_desc = "<h2>Group Attributes</h2>";
$l_user_desc = "<h2>User Attributes</h2>";
$l_proto="Protocol filtering";
$l_proto_0="None";
$l_proto_1="Web browsing";
$l_proto_2="Web browsing, Mail et server administration";
$l_proto_3="Custom";
break;
}
?>
/web/acc/phpsysinfo/includes/lang/en.php
55,7 → 55,6
$text['enable'] = "enable";
$text['disable'] = "disable";
$text['web_antivirus'] = "WEB antivirus";
$text['net_filter'] = "Network protocols filter";
$text['cert_expiration_date'] = "Certificate expiration date";
//
 
/web/acc/phpsysinfo/includes/lang/fr.php
55,7 → 55,6
$text['enable'] = "actif";
$text['disable'] = "inactif";
$text['web_antivirus'] = "Antivirus de flux WEB";
$text['net_filter'] = "Filtre de protocoles r&eacute;seau";
$text['cert_expiration_date'] = "Date d'expiration du certificat";
//
 
/web/acc/phpsysinfo/includes/xml/portail.php
107,9 → 107,6
$nbr_user = request ('user');
$nbr_grp = request ('group');
$nbr_user_online = exec ("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5 | grep \"1\" | wc -l");
if (filtrageTest("/usr/local/etc/alcasar.conf", "/^PROTOCOLS_FILTERING=on/")){
$network_filter_status = $text['enable'];}
else { $network_filter_status = $text['disable'];}
if ((filtrageTest("/var/www/html/index.php","/network_pb = False/")) && (internetTest($INSTALLEDVERSION))){
$internet_status = "<img src='/images/state_ok.gif'>".$text['enable'];
$version = dns_get_record("version.alcasar.net",DNS_TXT);
140,10 → 137,6
. " <td><font size=\"-1\">" . $nbr_grp . "</font></td>\n"
. " </tr>\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['net_filter'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $network_filter_status . "</font></td>\n"
. " </tr>\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['bl-version'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $VERSIONBL . "</font></td>\n"
. " </tr>\n"