/alcasar.sh |
---|
1218,8 → 1218,9 |
sslcertfile /etc/pki/tls/certs/alcasar.crt |
redirssl |
EOF |
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0) |
# create files for "DHCP static ip" and "DHCP static ip info". Reserve the second IP address for INTIF (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers-info |
# create files for trusted domains and urls |
touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain |
chown root:apache $DIR_DEST_ETC/alcasar-* |
/scripts/alcasar-conf.sh |
---|
325,7 → 325,7 |
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf |
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries |
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers |
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info |
# dnsmasq |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf /etc/dnsmasq-blackhole.conf |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
/scripts/alcasar-macdown.sh |
---|
3,7 → 3,6 |
# $Id$ |
# |
# Le script 'macdown' est appelé par coovachilli pendant le DHCP down (release) |
# Depuis la version 3.1 de ALCASAR, le système d'interception a changé. |
# Pour une adresse mac authorisée pour laquelle coovachilli effectue un DHCP release, l'@IP sera retiré de l'ipset 'not_filtered' |
if [ -z $CALLING_STATION_ID ]; then |
17,7 → 16,7 |
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2) |
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then |
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then # only for authenticated MAC |
#Lecture du Filter-Id de l'équipement authentifié afin de le retirer de son ipset |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
QUERY="SELECT value FROM radreply WHERE attribute='Filter-Id' AND username='$current_mac';" |
/scripts/alcasar-macup.sh |
---|
3,8 → 3,7 |
# $Id$ |
# |
# Le script 'macup' est appelé par coovachilli lorsqu'il attribut une @IP à une @MAC. |
# Depuis la version 3.1 de ALCASAR, le système d'interception a changé. On doit traiter les authorisations par adresse MAC en amont |
# Pour une adresse mac authorisée, nous stockons sont @IP dans l'ipset 'not_filtered' |
# Il permet d'affecter le bon ipset aux @MAC authorisées |
if [ -z $CALLING_STATION_ID ]; then |
exit 1 |
17,7 → 16,7 |
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2) |
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then |
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then # only for authenticated MAC |
#Lecture du filter-id dans la DB radius afin de placer l'équipement réseau dans le bon ipset |
#Un équipement autorisé "à chaud" sera placé dans l'ipset 'not_filtered' + pas de filtrage de protocole (proto_0) |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
/web/acc/admin/network.php |
---|
6,8 → 6,9 |
*********************/ |
define ("CONF_FILE", "/usr/local/etc/alcasar.conf"); |
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers"); |
define ("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info"); |
define ("DNS_LOCAL_FILE", "/usr/local/etc/alcasar-dns-name"); |
$conf_files=array(CONF_FILE,ETHERS_FILE,DNS_LOCAL_FILE); |
$conf_files=array(CONF_FILE,ETHERS_FILE,ETHERS_INFO_FILE,DNS_LOCAL_FILE); |
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/'; |
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/'; |
$network_modification=0; |
120,10 → 121,14 |
} |
if ($insert == "True") |
{ |
$line = $new_mac_addr . " " . $new_ip_addr . " #" . trim($_POST['info'],"\x00..\x20") . "\n"; |
$line = $new_mac_addr . " " . $new_ip_addr . "\n"; |
$pointeur=fopen(ETHERS_FILE,"a"); |
fwrite ($pointeur, $line); |
fclose ($pointeur); |
$pointeur=fopen(ETHERS_INFO_FILE,"a"); |
fwrite ($pointeur, $line); |
fclose ($pointeur); |
$line = $new_mac_addr . " " . $new_ip_addr . " #" . trim($_POST['info'],"\x00..\x20") . "\n"; |
exec ("sudo /usr/bin/systemctl reload chilli"); |
} |
} |
136,6 → 141,8 |
{ |
$ether_file=ETHERS_FILE; |
exec("/bin/sed -i \"/^$key/d\" $ether_file"); |
$ether_file=ETHERS_INFO_FILE; |
exec("/bin/sed -i \"/^$key/d\" $ether_file"); |
exec ("sudo /usr/bin/systemctl reload chilli"); |
} |
} |
/web/acc/admin/network2.php |
---|
12,7 → 12,7 |
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5])); |
unset ($output);unset ($detail); |
$line_exist=False; |
$tab=file(ETHERS_FILE); |
$tab=file(ETHERS_INFO_FILE); |
if ($tab) # le fichier n'est pas vide |
{ |
foreach ($tab as $line) |
/web/acc/manager/htdocs/activity.php |
---|
13,8 → 13,8 |
* READ CONF FILES * |
*********************/ |
define ("CONF_FILE", "/usr/local/etc/alcasar.conf"); |
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers"); |
$conf_files=array(CONF_FILE,ETHERS_FILE); |
define ("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info"); |
$conf_files=array(CONF_FILE,ETHERS_INFO_FILE); |
foreach ($conf_files as $file){ |
if (!file_exists($file)){ |
exit("Requested file ".$file." isn't present");} |
129,7 → 129,7 |
{ |
echo "<td>$detail[0]"; |
} |
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers |cut -d' ' -f3", $mac_in_ether_file); |
exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info |cut -d' ' -f3", $mac_in_ether_file); |
if (!empty($mac_in_ether_file[0])) |
{ |
echo " - <b>" . ltrim($mac_in_ether_file[0],'#') . "</b>"; |