Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2273 → Rev 2274

/alcasar.sh
1218,8 → 1218,9
sslcertfile /etc/pki/tls/certs/alcasar.crt
redirssl
EOF
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
# create files for "DHCP static ip" and "DHCP static ip info". Reserve the second IP address for INTIF (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers-info
# create files for trusted domains and urls
touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
chown root:apache $DIR_DEST_ETC/alcasar-*
/scripts/alcasar-conf.sh
325,7 → 325,7
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info
# dnsmasq
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf /etc/dnsmasq-blackhole.conf
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
/scripts/alcasar-macdown.sh
3,7 → 3,6
# $Id$
#
# Le script 'macdown' est appelé par coovachilli pendant le DHCP down (release)
# Depuis la version 3.1 de ALCASAR, le système d'interception a changé.
# Pour une adresse mac authorisée pour laquelle coovachilli effectue un DHCP release, l'@IP sera retiré de l'ipset 'not_filtered'
 
if [ -z $CALLING_STATION_ID ]; then
17,7 → 16,7
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2)
 
 
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then # only for authenticated MAC
#Lecture du Filter-Id de l'équipement authentifié afin de le retirer de son ipset
PASSWD_FILE="/root/ALCASAR-passwords.txt"
QUERY="SELECT value FROM radreply WHERE attribute='Filter-Id' AND username='$current_mac';"
/scripts/alcasar-macup.sh
3,8 → 3,7
# $Id$
#
# Le script 'macup' est appelé par coovachilli lorsqu'il attribut une @IP à une @MAC.
# Depuis la version 3.1 de ALCASAR, le système d'interception a changé. On doit traiter les authorisations par adresse MAC en amont
# Pour une adresse mac authorisée, nous stockons sont @IP dans l'ipset 'not_filtered'
# Il permet d'affecter le bon ipset aux @MAC authorisées
 
if [ -z $CALLING_STATION_ID ]; then
exit 1
17,7 → 16,7
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2)
 
 
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then # only for authenticated MAC
#Lecture du filter-id dans la DB radius afin de placer l'équipement réseau dans le bon ipset
#Un équipement autorisé "à chaud" sera placé dans l'ipset 'not_filtered' + pas de filtrage de protocole (proto_0)
PASSWD_FILE="/root/ALCASAR-passwords.txt"
/web/acc/admin/network.php
6,8 → 6,9
*********************/
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers");
define ("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info");
define ("DNS_LOCAL_FILE", "/usr/local/etc/alcasar-dns-name");
$conf_files=array(CONF_FILE,ETHERS_FILE,DNS_LOCAL_FILE);
$conf_files=array(CONF_FILE,ETHERS_FILE,ETHERS_INFO_FILE,DNS_LOCAL_FILE);
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/';
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';
$network_modification=0;
120,10 → 121,14
}
if ($insert == "True")
{
$line = $new_mac_addr . " " . $new_ip_addr . " #" . trim($_POST['info'],"\x00..\x20") . "\n";
$line = $new_mac_addr . " " . $new_ip_addr . "\n";
$pointeur=fopen(ETHERS_FILE,"a");
fwrite ($pointeur, $line);
fclose ($pointeur);
$pointeur=fopen(ETHERS_INFO_FILE,"a");
fwrite ($pointeur, $line);
fclose ($pointeur);
$line = $new_mac_addr . " " . $new_ip_addr . " #" . trim($_POST['info'],"\x00..\x20") . "\n";
exec ("sudo /usr/bin/systemctl reload chilli");
}
}
136,6 → 141,8
{
$ether_file=ETHERS_FILE;
exec("/bin/sed -i \"/^$key/d\" $ether_file");
$ether_file=ETHERS_INFO_FILE;
exec("/bin/sed -i \"/^$key/d\" $ether_file");
exec ("sudo /usr/bin/systemctl reload chilli");
}
}
/web/acc/admin/network2.php
12,7 → 12,7
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5]));
unset ($output);unset ($detail);
$line_exist=False;
$tab=file(ETHERS_FILE);
$tab=file(ETHERS_INFO_FILE);
if ($tab) # le fichier n'est pas vide
{
foreach ($tab as $line)
/web/acc/manager/htdocs/activity.php
13,8 → 13,8
* READ CONF FILES *
*********************/
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers");
$conf_files=array(CONF_FILE,ETHERS_FILE);
define ("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info");
$conf_files=array(CONF_FILE,ETHERS_INFO_FILE);
foreach ($conf_files as $file){
if (!file_exists($file)){
exit("Requested file ".$file." isn't present");}
129,7 → 129,7
{
echo "<td>$detail[0]";
}
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers |cut -d' ' -f3", $mac_in_ether_file);
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info |cut -d' ' -f3", $mac_in_ether_file);
if (!empty($mac_in_ether_file[0]))
{
echo " - <b>" . ltrim($mac_in_ether_file[0],'#') . "</b>";