Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2500 → Rev 2501

/CHANGELOG
11,6 → 11,7
- Add "nfsen", "fail2ban" and "vnstat" services to the ACC system page.
 
CHANGES
- Explode the "Filter-Id" RADIUS attribute into ALCASAR vendor attributes (they can now be set independently and with a good user/group priority).
 
BUGS
- alcasar.sh : Fix exiting on wrong hardware architecture
/alcasar.sh
28,13 → 28,13
# testing : connectivity tests, free space test and mageia version test
# init : Installation of RPM and scripts
# network : Network parameters
# ACC : ALCASAR Control Center installation
# CA : Certification Authority initialization
# ACC : ALCASAR Control Center installation
# CA : Certification Authority initialization
# time_server : NTPd configuration
# init_db : Initilization of radius database managed with MariaDB
# freeradius : FreeRadius initialisation
# chilli : coovachilli initialisation (+authentication page)
# dansguardian : DansGuardian filtering HTTP proxy configuration
# dansguardian : DansGuardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
# ulogd : log system in userland (match NFLOG target of iptables)
41,13 → 41,13
# nfsen : Configuration of Nfsen Netflow grapher
# dnsmasq : Name server configuration
# vnstat : little network stat daemon
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
# cron : Logs export + watchdog + connexion statistics
# fail2ban : Fail2ban IDS installation and configuration
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
# msec : Mandriva security package configuration
# letsencrypt : Let's Encrypt client
# post_install : Security, log rotation, etc.
# post_install : Security, log rotation, etc.
 
DEBUG_ALCASAR='off'; export DEBUG_ALCASAR # Debug mode = wait (hit key) after each function
DATE=`date '+%d %B %Y - %Hh%M'`
934,6 → 934,8
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
 
# Add ALCASAR dictionary
cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
cat << EOF > /etc/raddb/clients.conf
/conf/freeradius-web/user_edit.attrs
27,7 → 27,7
#Framed-IP-Netmask IP Netmask
#Framed-Route Route
#Framed-Routing
Filter-Id <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a>
#Filter-Id <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a>
#Framed-MTU <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a>
#Framed-Compression <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a>
#Service-Type <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a>
58,3 → 58,6
# extra.ldap-attrmap
#
#Regular-Profile User Regular Profile DN
Alcasar-Filter <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a>
Alcasar-Filter-Proto <a href="help/protocols_help.html" target=help onclick=window.open("help/protocols_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Protocol filtering Help Page"><font color="blue">Protocol filtering</font></a>
Alcasar-Status-Open-Required <a href="help/statusOpenRequired_help.html" target=help onclick=window.open("help/statusOpenRequired_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Status open required Help Page"><font color="blue">Status open required</font></a>
/conf/radius/dictionary.alcasar
0,0 → 1,33
# -*- text -*-
##############################################################################
#
# ALCASAR dictionary.
#
# $Id$
#
##############################################################################
 
VENDOR Alcasar 35134
 
BEGIN-VENDOR Alcasar
 
ATTRIBUTE Alcasar-Filter 1 integer
VALUE Alcasar-Filter None 1
VALUE Alcasar-Filter HAVP 2
VALUE Alcasar-Filter BL 3
VALUE Alcasar-Filter WL 4
 
ATTRIBUTE Alcasar-Filter-Proto 2 integer
VALUE Alcasar-Filter-Proto None 1
VALUE Alcasar-Filter-Proto Web 2
VALUE Alcasar-Filter-Proto Commons 3
VALUE Alcasar-Filter-Proto Custom 4
 
ATTRIBUTE Alcasar-Imputability-Warning 3 integer
VALUE Alcasar-Imputability-Warning Yes 1
 
ATTRIBUTE Alcasar-Status-Open-Required 4 integer
VALUE Alcasar-Status-Open-Required Yes 1
VALUE Alcasar-Status-Open-Required No 2
 
END-VENDOR Alcasar
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:keywords
+Id
\ No newline at end of property
/scripts/alcasar-condown.sh
9,50 → 9,49
# This script is launched by coova after each logout
# Ce script est lancé par coova à chaque déconnexion d'usager
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
 
if [ -z $FRAMED_IP_ADDRESS ]; then
exit 1
fi
 
# Remove user from his IPSET (depending on FILTER_ID)
# Remove user from his IPSET
 
# FilterID Byte N°0 to 7
# 0: profile_1 (WEB)
# 1: profile_2 (WEB + Mail + Remote access)
# 2: profile_3 (Custom)
# 3: warn_user (if imputability report has been generated)
# 4: status_open_required (check user activity through status page)
# 5: WL
# 6: BL
# 7: HAVP
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username = '$USER_NAME' ORDER BY ug.priority)) attrs GROUP BY attribute;"
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns)
 
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Filter-Proto" { print $2 }')
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Open-Required" { print $2 }')
 
if [ "$filter" == '4' ]; then # HAVP_WL
set_filter="havp_wl"
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL
elif [ "$filter" == '3' ]; then # HAVP_BL
set_filter="havp_bl"
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP
elif [ "$filter" == '2' ]; then # HAVP
set_filter="havp"
else # NOT_FILTERED
else # NOT_FILTERED
set_filter="not_filtered"
fi
 
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom)
set_proto="proto_3";
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_proto="proto_2";
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB)
set_proto="proto_1";
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom)
set_filterProto="proto_3";
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_filterProto="proto_2";
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB)
set_filterProto="proto_1";
else # PROFILE 0 (Not filtered)
set_proto="proto_0";
set_filterProto="proto_0";
fi
 
ipset del $set_filter $FRAMED_IP_ADDRESS
ipset del $set_proto $FRAMED_IP_ADDRESS
ipset del $set_filter $FRAMED_IP_ADDRESS
ipset del $set_filterProto $FRAMED_IP_ADDRESS
 
# Remove IP address from active users
current_users_file="/var/tmp/havp/current_users.txt"
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
 
# Debug : show all the coova parse variables (+ $set_filter + $set_proto).
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto).
# see "/src/chilli.c" for the complete list of parse variables
#echo "-----------------------------------------------" >> /tmp/debug-condown.txt
#echo `date` >> /tmp/debug-condown.txt
61,4 → 60,4
# echo "$i : ${!i}" >> /tmp/debug-condown.txt
#done
#echo "set_filter : $set_filter" >> /tmp/debug-condown.txt
#echo "set_proto : $set_proto" >> /tmp/debug-condown.txt
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-condown.txt
/scripts/alcasar-conup.sh
9,53 → 9,52
# This script is launched by coova after each successfull login
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi)
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
 
if [ -z $FRAMED_IP_ADDRESS ]; then
exit 1
fi
 
# Add user to his IPSET (depending on FILTER_ID)
# Add user to his IPSET
 
# FilterID Byte N°0 to 7
# 0: profile_1 (WEB)
# 1: profile_2 (WEB + Mail + Remote access)
# 2: profile_3 (Custom)
# 3: warn_user (if imputability report has been generated)
# 4: status_open_required (check user activity through status page)
# 5: WL
# 6: BL
# 7: HAVP
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username = '$USER_NAME' ORDER BY ug.priority)) attrs GROUP BY attribute;"
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns)
 
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Filter-Proto" { print $2 }')
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Open-Required" { print $2 }')
 
if [ "$filter" == '4' ]; then # HAVP_WL
set_filter="havp_wl"
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL
elif [ "$filter" == '3' ]; then # HAVP_BL
set_filter="havp_bl"
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP
elif [ "$filter" == '2' ]; then # HAVP
set_filter="havp"
else # NOT_FILTERED
else # NOT_FILTERED
set_filter="not_filtered"
fi
 
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom)
set_proto="proto_3";
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_proto="proto_2";
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB)
set_proto="proto_1";
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom)
set_filterProto="proto_3";
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_filterProto="proto_2";
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB)
set_filterProto="proto_1";
else # PROFILE 0 (Not filtered)
set_proto="proto_0";
set_filterProto="proto_0";
fi
 
ipset add $set_filter $FRAMED_IP_ADDRESS
ipset add $set_proto $FRAMED_IP_ADDRESS
ipset add $set_filter $FRAMED_IP_ADDRESS
ipset add $set_filterProto $FRAMED_IP_ADDRESS
 
# Add user IP permanently to current_users.txt if no status_open_required
current_users_file="/var/tmp/havp/current_users.txt"
[ ! -e $current_users_file ] && touch $current_users_file && chown apache:apache $current_users_file
if [ ${FILTER_ID:4:1} == '1' ]; then # no status_open_required
if [ "$statusOpenRequired" == '2' ]; then # no status_open_required
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file
fi
 
# Debug : show all the coova parse variables (+ $set_filter + $set_proto).
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto).
# see "/src/chilli.c" for the complete list of parse variables
#echo "-----------------------------------------------" >> /tmp/debug-conup.txt
#echo `date` >> /tmp/debug-conup.txt
64,5 → 63,5
# echo "$i : ${!i}" >> /tmp/debug-conup.txt
#done
#echo "set_filter : $set_filter" >> /tmp/debug-conup.txt
#echo "set_proto : $set_proto" >> /tmp/debug-conup.txt
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-conup.txt
 
/scripts/alcasar-generate_log.sh
156,21 → 156,10
echo "</body>" >> $TMP_HTML
echo "</HTML>" >> $TMP_HTML
 
#inform users about that by setting the fourth bit of Filter-Id at 1.
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
# inform users about that by setting the Alcasar-Imputability-Warning attribute
QUERY="INSERT INTO radreply (username, attribute, value, op) SELECT ui.username, 'Alcasar-Imputability-Warning', '1' , ':=' FROM userinfo ui LEFT JOIN radreply rr ON rr.username = ui.username AND rr.attribute = 'Alcasar-Imputability-Warning' WHERE rr.username IS NULL;"
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
 
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ]
then
for user in $(cat $TMP_USERS)
do
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;"
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
done
fi
rm $TMP_USERS
 
 
/usr/bin/wkhtmltopdf $TMP_HTML $TMP_PDF
 
 
/web/acc/manager/htdocs/group_new.php
5,23 → 5,13
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Status-Open-Required']) && isset($_POST['Filter-Id']))
{
$filterId = (int)$_POST['Filter-Id'];
$FilterProto = (int)$_POST['Filter-Proto'];
$statusOpenRequired = (int)($_POST['Status-Open-Required'].'000');
$filterId = $filterId+$FilterProto+$statusOpenRequired;
$_POST['Filter-Id'] = str_pad($filterId, 8, '0', STR_PAD_LEFT);
// Update Alcasar-Status-Open-Required
if ((isset($_POST['Alcasar-Status-Open-Required'])) && ($_POST['Alcasar-Status-Open-Required'] === '2')) {
$_POST['Idle-Timeout'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout'] = '';
}
if (isset($_POST['Status-Open-Required'])) {
if ($_POST['Status-Open-Required'] === '1') {
$_POST['Idle-Timeout'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout'] = '';
}
$_POST['Idle-Timeout_op'] = '=';
}
$_POST['Idle-Timeout_op'] = '=';
 
require('/etc/freeradius-web/config.php');
 
260,11 → 250,21
$help_link = "help/wispr_redirection_url_help.html";
$desc = $l_wispr_redirection;
break;
case 'Filter-Id' :
case 'Alcasar-Filter' :
$advanced = false;
$help_link = "help/filtering_help.html";
$desc = $l_filtering;
break;
case 'Alcasar-Filter-Proto' :
$advanced = false;
$help_link = "help/protocols_help.html";
$desc = $l_proto;
break;
case 'Alcasar-Status-Open-Required' :
$advanced = false;
$help_link = "help/statusOpenRequired_help.html";
$desc = $l_statusOpenRequired;
break;
default:
$advanced = true;
break;
289,9 → 289,6
case 'Expiration' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\":=\">:=";
break;
case 'Filter-Id' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\":=\">:=";
break;
case 'Session-Timeout' :
case 'ChilliSpot-Max-Input-Octets' :
case 'ChilliSpot-Max-Output-Octets' :
299,6 → 296,9
case 'ChilliSpot-Bandwidth-Max-Up' :
case 'ChilliSpot-Bandwidth-Max-Down' :
case 'WISPr-Redirection-URL' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\"=\">=";
break;
default :
337,11 → 337,11
case 'Max-Monthly-Session' :
case 'Login-Time' :
case 'Expiration' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\":=\">";
break;
case 'Filter-Id' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\":=\">";
break;
case 'Session-Timeout' :
case 'ChilliSpot-Max-Input-Octets' :
case 'ChilliSpot-Max-Output-Octets' :
413,14 → 413,28
/*Ajout du calendrier pour choisir la date*/
echo"<input id=\"popup_container\" type=\"text\" name=\"$name\" value=\"$val\" size=\"20\">";
break;
case 'Filter-Id' :
echo "<select name='Filter-Id'>";
echo "<option value=\"\">$l_filtering_none</option>";
echo "<option value=\"00000001\">$l_filtering_havp</option>";
echo "<option value=\"00000011\">$l_filtering_havp_bl</option>";
echo "<option value=\"00000101\">$l_filtering_havp_wl</option>";
case 'Alcasar-Filter' :
echo "<select name=\"$name\">";
echo "<option value=\"\"></option>";
echo "<option value=\"1\">$l_filtering_none</option>";
echo "<option value=\"2\">$l_filtering_havp</option>";
echo "<option value=\"3\">$l_filtering_havp_bl</option>";
echo "<option value=\"4\">$l_filtering_havp_wl</option>";
echo "</select>";
break;
case 'Alcasar-Filter-Proto' :
echo "<select name=\"$name\">";
echo "<option value=\"\"></option>";
echo "<option value=\"1\">$l_proto_0</option>";
echo "<option value=\"2\">$l_proto_1</option>";
echo "<option value=\"3\">$l_proto_2</option>";
echo "<option value=\"4\">$l_proto_3</option>";
echo "</select>";
break;
case 'Alcasar-Status-Open-Required' :
echo "<label><input type=\"radio\" name=\"$name\" value=\"\" checked>$l_yes</label>
<label><input type=\"radio\" name=\"$name\" value=\"2\">$l_no</label>";
break;
default :
echo "<input type=\"text\" name=\"$name\" value=\"$val\" size=\"20\">";
break;
429,33 → 443,6
/*fin Ajout*/
}
 
/*Network protocole filtering*/
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/protocols_help.html" target="help" onclick="window.open('help/protocols_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_proto</font></a>
</td>
<td width=20>
EOM;
echo" <select name='Filter-Proto'>
<option value=\"00000000\" selected>$l_proto_0</option>
<option value=\"10000000\" >$l_proto_1</option>
<option value=\"01000000\" >$l_proto_2</option>
<option value=\"00100000\" >$l_proto_3</option>
</select></td></tr>";
 
// User need to keep status page open
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/statusOpenRequired_help.html" target=help onclick="window.open('help/statusOpenRequired_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_statusOpenRequired</font></a>
</td>
EOM;
echo "<td width=20>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"0\" checked>$l_yes</label>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"1\">$l_no</label>
</select></td>
</tr>";
echo "</table><BR>";
 
}
/web/acc/manager/htdocs/user_edit.php
5,23 → 5,13
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Status-Open-Required']) && isset($_POST['Filter-Id0']))
{
$filterId = (int)$_POST['Filter-Id0'];
$FilterProto = (int)$_POST['Filter-Proto'];
$statusOpenRequired = (int)($_POST['Status-Open-Required'].'000');
$filterId = $filterId+$FilterProto+$statusOpenRequired;
$_POST['Filter-Id0'] = str_pad($filterId, 8, '0', STR_PAD_LEFT);
// Update Alcasar-Status-Open-Required
if ((isset($_POST['Alcasar-Status-Open-Required0'])) && ($_POST['Alcasar-Status-Open-Required0'] === '2')) {
$_POST['Idle-Timeout0'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout0'] = '';
}
if (isset($_POST['Status-Open-Required'])) {
if ($_POST['Status-Open-Required'] === '1') {
$_POST['Idle-Timeout0'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout0'] = '';
}
$_POST['Idle-Timeout0_op'] = '=';
}
$_POST['Idle-Timeout0_op'] = '=';
 
require('/etc/freeradius-web/config.php');
require('../lib/attrshow.php');
195,7 → 185,7
$login = array_values($member_groups)[0];
include("../lib/$config[general_lib_type]/group_info.php");
$login = $login_saved;
 
foreach ($show_attrs as $key => $desc) {
if ($key === 'Idle-Timeout') continue;
$name = $attrmap["$key"];
287,37 → 277,40
case 'WISPr-Redirection-URL' :
$grp_redir = $val;
break;
case 'Filter-Id' :
if (empty($val)) {
$val = '00000000'; // Set no filters if value is not set
}
 
if ($val[5] === '1') {
case 'Alcasar-Filter' :
if ($val === '4') {
$grp_filter = $l_filtering_havp_wl;
} else if ($val[6] === '1') {
} else if ($val === '3') {
$grp_filter = $l_filtering_havp_bl;
} else if ($val[7] === '1') {
} else if ($val === '2') {
$grp_filter = $l_filtering_havp;
} else if ($val === '1') {
$grp_filter = $l_filtering_none;
} else {
$grp_filter = $l_filtering_none;
$grp_filter = '';
}
 
if ($val[2] === '1') {
$grp_proto = $l_proto_3;
} else if ($val[1] === '1') {
$grp_proto = $l_proto_2;
} else if ($val[0] === '1') {
$grp_proto = $l_proto_1;
break;
case 'Alcasar-Filter-Proto' :
if ($val === '4') {
$grp_filterProto = $l_proto_3;
} else if ($val === '3') {
$grp_filterProto = $l_proto_2;
} else if ($val === '2') {
$grp_filterProto = $l_proto_1;
} else if ($val === '1') {
$grp_filterProto = $l_proto_0;
} else {
$grp_proto = $l_proto_0;
$grp_filterProto = '';
}
 
if ($val[4] === '0') {
break;
case 'Alcasar-Status-Open-Required' :
if ($val === '2') {
$grp_statusOpenRequired = $l_no;
} else if ($val === '1') {
$grp_statusOpenRequired = $l_yes;
} else {
$grp_statusOpenRequired = $l_no;
$grp_statusOpenRequired = '';
}
break;
}
}
499,11 → 492,21
$help_link = "help/wispr_redirection_url_help.html";
$desc = $l_wispr_redirection;
break;
case 'Filter-Id' :
case 'Alcasar-Filter' :
$advanced = false;
$help_link = "help/filtering_help.html";
$desc = $l_filtering;
break;
case 'Alcasar-Filter-Proto' :
$advanced = false;
$help_link = "help/protocols_help.html";
$desc = $l_proto;
break;
case 'Alcasar-Status-Open-Required' :
$advanced = false;
$help_link = "help/statusOpenRequired_help.html";
$desc = $l_statusOpenRequired;
break;
default:
$advanced = true;
break;
527,7 → 530,6
case 'Max-Monthly-Session' :
case 'Login-Time' :
case 'Expiration' :
case 'Filter-Id' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\":=\">:=</option></select></td>";
break;
case 'Session-Timeout' :
537,6 → 539,9
case 'ChilliSpot-Bandwidth-Max-Up' :
case 'ChilliSpot-Bandwidth-Max-Down' :
case 'WISPr-Redirection-URL' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\"=\">=</option></select></td>";
break;
default :
575,7 → 580,6
case 'Max-Monthly-Session' :
case 'Login-Time' :
case 'Expiration' :
case 'Filter-Id' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\":=\">";
break;
case 'Session-Timeout' :
585,6 → 589,9
case 'ChilliSpot-Bandwidth-Max-Up' :
case 'ChilliSpot-Bandwidth-Max-Down' :
case 'WISPr-Redirection-URL' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\"=\">";
break;
default :
655,9 → 662,15
case 'WISPr-Redirection-URL' :
echo "$grp_redir";
break;
case 'Filter-Id' :
case 'Alcasar-Filter' :
echo "$grp_filter";
break;
case 'Alcasar-Filter-Proto' :
echo "$grp_filterProto";
break;
case 'Alcasar-Status-Open-Required' :
echo "$grp_statusOpenRequired";
break;
default :
break;
}
697,27 → 710,28
/*Ajout du calendrier pour choisir la date*/
echo"<input id=\"popup_container\" type=\"text\" name=\"$name1\" value=\"$val\" size=\"20\">";
break;
case 'Filter-Id' :
if (empty($val)) {
$val = '00000000'; // Set no filters if value is not set
}
 
if ($val[5] === '1') {
$selected = 'havp_wl';
} else if ($val[6] === '1') {
$selected = 'havp_bl';
} else if ($val[7] === '1') {
$selected = 'havp';
} else {
$selected = 'not_filtered';
}
case 'Alcasar-Filter' :
echo "<select name=\"$name1\">";
echo "<option value=\"00000000\"".(($selected === 'not_filtered') ? ' selected' : '').">$l_filtering_none</option>";
echo "<option value=\"00000001\"".(($selected === 'havp') ? ' selected' : '').">$l_filtering_havp</option>";
echo "<option value=\"00000011\"".(($selected === 'havp_bl') ? ' selected' : '').">$l_filtering_havp_bl</option>";
echo "<option value=\"00000101\"".(($selected === 'havp_wl') ? ' selected' : '').">$l_filtering_havp_wl</option>";
echo "<option value=\"\"".(($val === '') ? ' selected' : '')."></option>";
echo "<option value=\"1\"".(($val === '1') ? ' selected' : '').">$l_filtering_none</option>";
echo "<option value=\"2\"".(($val === '2') ? ' selected' : '').">$l_filtering_havp</option>";
echo "<option value=\"3\"".(($val === '3') ? ' selected' : '').">$l_filtering_havp_bl</option>";
echo "<option value=\"4\"".(($val === '4') ? ' selected' : '').">$l_filtering_havp_wl</option>";
echo "</select>";
break;
case 'Alcasar-Filter-Proto' :
echo "<select name=\"$name1\">";
echo "<option value=\"\"".(($val === '') ? ' selected' : '')."></option>";
echo "<option value=\"1\"".(($val === '1') ? ' selected' : '').">$l_proto_0</option>";
echo "<option value=\"2\"".(($val === '2') ? ' selected' : '').">$l_proto_1</option>";
echo "<option value=\"3\"".(($val === '3') ? ' selected' : '').">$l_proto_2</option>";
echo "<option value=\"4\"".(($val === '4') ? ' selected' : '').">$l_proto_3</option>";
echo "</select>";
break;
case 'Alcasar-Status-Open-Required' :
echo "<label><input type=\"radio\" name=\"$name1\" value=\"\"".(($val !== '2') ? ' checked' : '').">$l_yes</label>
<label><input type=\"radio\" name=\"$name1\" value=\"2\"".(($val === '2') ? ' checked' : '').">$l_no</label>";
break;
default :
echo "<input type=\"text\" name=\"$name1\" value=\"$val\" size=\"20\">";
break;
725,58 → 739,7
echo '</td>';
}
}
/*protocole filter*/
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/protocols_help.html" target=help onclick="window.open('help/protocols_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_proto</font></a>
</td>
EOM;
if(isset($member_groups) && $user_type != 'group') {
echo "<td bgcolor=\"#BEBEBE\">$grp_proto</td>";
}
 
if ($val[2] === '1') {
$selected = 'proto_3';
} else if ($val[1] === '1') {
$selected = 'proto_2';
} else if ($val[0] === '1') {
$selected = 'proto_1';
} else {
$selected = 'proto_0';
}
echo "<td width=20>";
echo "<select name='Filter-Proto'>
<option value=\"00000000\"".(($selected === 'proto_0') ? ' selected' : '').">$l_proto_0</option>
<option value=\"10000000\"".(($selected === 'proto_1') ? ' selected' : '').">$l_proto_1</option>
<option value=\"01000000\"".(($selected === 'proto_2') ? ' selected' : '').">$l_proto_2</option>
<option value=\"00100000\"".(($selected === 'proto_3') ? ' selected' : '').">$l_proto_3</option>
</select></td>
</tr>";
 
// User need to keep status page open
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/statusOpenRequired_help.html" target=help onclick="window.open('help/statusOpenRequired_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_statusOpenRequired</font></a>
</td>
EOM;
if(isset($member_groups) && $user_type != 'group') {
echo "<td bgcolor=\"#BEBEBE\">$grp_statusOpenRequired</td>";
}
if ($val[4] === '0') {
$selected = true;
} else {
$selected = false;
}
echo "<td width=20>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"0\"".(($selected) ? ' checked' : '').">$l_yes</label>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"1\"".((!$selected) ? ' checked' : '').">$l_no</label>
</select></td>
</tr>";
 
 
if ($user_type != 'group') {
echo <<<EOM
<tr>
/web/acc/manager/htdocs/user_new.php
5,23 → 5,13
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
 
//update Filter-Id for protocol filtering
if (isset($_POST['Filter-Proto']) && isset($_POST['Status-Open-Required']) && isset($_POST['Filter-Id']))
{
$filterId = (int)$_POST['Filter-Id'];
$FilterProto = (int)$_POST['Filter-Proto'];
$statusOpenRequired = (int)($_POST['Status-Open-Required'].'000');
$filterId = $filterId+$FilterProto+$statusOpenRequired;
$_POST['Filter-Id'] = str_pad($filterId, 8, '0', STR_PAD_LEFT);
// Update Alcasar-Status-Open-Required
if ((isset($_POST['Alcasar-Status-Open-Required'])) && ($_POST['Alcasar-Status-Open-Required'] === '2')) {
$_POST['Idle-Timeout'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout'] = '';
}
if (isset($_POST['Status-Open-Required'])) {
if ($_POST['Status-Open-Required'] === '1') {
$_POST['Idle-Timeout'] = '600'; // 10 minutes
} else {
$_POST['Idle-Timeout'] = '';
}
$_POST['Idle-Timeout_op'] = '=';
}
$_POST['Idle-Timeout_op'] = '=';
 
require('/etc/freeradius-web/config.php');
 
335,11 → 325,21
$help_link = "help/wispr_redirection_url_help.html";
$desc = $l_wispr_redirection;
break;
case 'Filter-Id' :
case 'Alcasar-Filter' :
$advanced = false;
$help_link = "help/filtering_help.html";
$desc = $l_filtering;
break;
case 'Alcasar-Filter-Proto' :
$advanced = false;
$help_link = "help/protocols_help.html";
$desc = $l_proto;
break;
case 'Alcasar-Status-Open-Required' :
$advanced = false;
$help_link = "help/statusOpenRequired_help.html";
$desc = $l_statusOpenRequired;
break;
default:
$advanced = true;
break;
364,9 → 364,6
case 'Expiration' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\":=\">:=</option></select></td>";
break;
case 'Filter-Id' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\":=\">:=</option></select></td>";
break;
case 'Session-Timeout' :
case 'ChilliSpot-Max-Input-Octets' :
case 'ChilliSpot-Max-Output-Octets' :
374,6 → 371,9
case 'ChilliSpot-Bandwidth-Max-Up' :
case 'ChilliSpot-Bandwidth-Max-Down' :
case 'WISPr-Redirection-URL' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<td><select name=\"$oper_name\"><option $selected[$op_eq] value=\"=\">=</option></select></td>";
break;
default :
414,9 → 414,6
case 'Expiration' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\":=\">";
break;
case 'Filter-Id' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\":=\">";
break;
case 'Session-Timeout' :
case 'ChilliSpot-Max-Input-Octets' :
case 'ChilliSpot-Max-Output-Octets' :
424,6 → 421,9
case 'ChilliSpot-Bandwidth-Max-Up' :
case 'ChilliSpot-Bandwidth-Max-Down' :
case 'WISPr-Redirection-URL' :
case 'Alcasar-Filter' :
case 'Alcasar-Filter-Proto' :
case 'Alcasar-Status-Open-Required' :
echo "<input type=\"hidden\" name=\"$oper_name\" value=\"=\">";
break;
default :
487,14 → 487,28
/*Ajout du calendrier pour choisir la date*/
echo"<input id=\"popup_container\" type=\"text\" name=\"$name\" value=\"$val\" size=\"20\">";
break;
case 'Filter-Id' :
echo "<select name='Filter-Id'>";
echo "<option value=\"\">$l_filtering_none</option>";
echo "<option value=\"00000001\">$l_filtering_havp</option>";
echo "<option value=\"00000011\">$l_filtering_havp_bl</option>";
echo "<option value=\"00000101\">$l_filtering_havp_wl</option>";
case 'Alcasar-Filter' :
echo "<select name=\"$name\">";
echo "<option value=\"\"></option>";
echo "<option value=\"1\">$l_filtering_none</option>";
echo "<option value=\"2\">$l_filtering_havp</option>";
echo "<option value=\"3\">$l_filtering_havp_bl</option>";
echo "<option value=\"4\">$l_filtering_havp_wl</option>";
echo "</select>";
break;
case 'Alcasar-Filter-Proto' :
echo "<select name=\"$name\">";
echo "<option value=\"\"></option>";
echo "<option value=\"1\">$l_proto_0</option>";
echo "<option value=\"2\">$l_proto_1</option>";
echo "<option value=\"3\">$l_proto_2</option>";
echo "<option value=\"4\">$l_proto_3</option>";
echo "</select>";
break;
case 'Alcasar-Status-Open-Required' :
echo "<label><input type=\"radio\" name=\"$name\" value=\"\" checked>$l_yes</label>
<label><input type=\"radio\" name=\"$name\" value=\"2\">$l_no</label>";
break;
default :
echo "<input type=\"text\" name=\"$name\" value=\"$val\" size=\"20\">";
break;
503,37 → 517,9
echo '</td>';
}
 
/*Network protocole filtering*/
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/protocols_help.html" target="help" onclick="window.open('help/protocols_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_proto</font></a>
</td>
<td width=20>
EOM;
echo" <select name='Filter-Proto'>
<option value=\"00000000\" selected>$l_proto_0</option>
<option value=\"10000000\" >$l_proto_1</option>
<option value=\"01000000\" >$l_proto_2</option>
<option value=\"00100000\" >$l_proto_3</option>
</select></td></tr>";
 
// User need to keep status page open
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
<a href="help/statusOpenRequired_help.html" target=help onclick="window.open('help/statusOpenRequired_help.html','help','width=600,height=250,toolbar=no,scrollbars=no,resizable=yes')" title="$l_click_for_help"><font color="blue">$l_statusOpenRequired</font></a>
</td>
EOM;
echo "<td width=20>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"0\" checked>$l_yes</label>
<label><input type=\"radio\" name=\"Status-Open-Required\" value=\"1\">$l_no</label>
</select></td>
</tr>";
 
 
print <<<EOM
<tr>
<td class="etiquette" colspan="$colspan">
$l_lang_ticket
</td>
/web/acc/manager/lib/sql/group_info.php
100,8 → 100,9
unset($key);
if ($val == '')
continue;
$key = $rev_attrmap["$val"];
if ((!isset($key)) || (empty($key))) {
if ((isset($rev_attrmap["$val"])) && (!empty($rev_attrmap["$val"]))) {
$key = $rev_attrmap["$val"];
} else {
$key = $val;
$attrmap["$key"] = $val;
$attr_type["$key"] = 'replyItem';
/web/intercept.php
455,15 → 455,13
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link) {
$user_uid = da_sql_escape_string($link, $_GET['uid']);
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid' AND attribute='Filter-Id'";
$sql = "SELECT value FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
$res = @da_sql_query($link, $config, $sql); // on affiche pas les erreurs
if ($res) {
$row = @da_sql_fetch_array($res, $config);
$filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
if ($filter_id[3] === '1') {
//set the fourth bit of filter-id to '0'
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
$res = mysqli_multi_query($link,$sql);
if ($row['value'] === '1') {
$sql = "DELETE FROM radreply WHERE username='$user_uid' AND attribute='Alcasar-Imputability-Warning'";
@da_sql_query($link, $config, $sql);
header('Location: '.(($conf['HTTPS_LOGIN'] === 'on') ? 'https' : 'http').'://'.$conf['HOSTNAME'].'.'.$conf['DOMAIN'].'/index.php?warn=1&url='.urlencode($_GET['userurl'])); //we present to user information about imputability logs
exit();
}