Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2707 → Rev 2708

/CHANGELOG
7,6 → 7,9
- Add LDAPS (LDAP SSL) support.
- Add a global group named "default" for all users (the "ldap" group still exists for users authenticated through LDAP).
 
ACC
- Add the DHCP relay configuration in ACC.
 
CHANGES
- Do not perform LDAP query for authentication of trusted authorized equipment.
- Improve script syntax
/alcasar.sh
620,9 → 620,9
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
echo "EXT_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
echo "EXT_DHCP_IP=" >> $CONF_FILE
echo "RELAY_DHCP_IP=" >> $CONF_FILE
echo "RELAY_DHCP_PORT=" >> $CONF_FILE
echo "INT_DNS_DOMAIN=none" >> $CONF_FILE
echo "INT_DNS_IP=none" >> $CONF_FILE
echo "INT_DNS_ACTIVE=off" >> $CONF_FILE
/scripts/alcasar-dhcp.sh
16,22 → 16,14
# define DHCP parameters (LAN side)
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX
EXT_DHCP_IP=`grep ^EXT_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe
RELAY_DHCP_IP=`grep ^RELAY_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN
RELAY_DHCP_PORT=`grep ^RELAY_DHCP_PORT= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut
PRIVATE_NETWORK_MASK="$PRIVATE_NETWORK/$PRIVATE_PREFIX" # ie.: 192.168.182.0/24
EXT_DHCP_IP=`grep ^EXT_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe
RELAY_DHCP_IP=`grep ^RELAY_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN
RELAY_DHCP_PORT=`grep ^RELAY_DHCP_PORT= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67}
 
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off} "
48,18 → 40,17
exit 0
;;
--off|-off) # disable DHCP service
$SED "s?^DHCP=.*?DHCP=off?g" $ALCASAR_CONF_FILE
$SED "s?.*statip.*?statip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#nodynip.*?nodynip?g" $CHILLI_CONF_FILE
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE
if [ "$EXT_DHCP_IP" != "none" ]
$SED "s@^#\?dynip.*@#dynip@g" $CHILLI_CONF_FILE
if [ -n "$EXT_DHCP_IP" ] && [ "$EXT_DHCP_IP" != "none" ]
then
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\s.*?dhcpgateway\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
else
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\s.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
fi
66,17 → 57,15
/usr/bin/systemctl restart chilli
;;
--on|-on) # enable DHCP service on all range of IP addresses
$SED "s?^DHCP=.*?DHCP=on?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_IP=.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_PORT=.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=$EXT_DHCP_IP?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE
$SED "s@^#\?dynip.*@dynip\t\t$PRIVATE_NETWORK_MASK@g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\s.*?#dhcpgateway\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
/usr/bin/systemctl restart chilli
;;
*)
/web/acc/admin/network2.php
File deleted
/web/acc/admin/network.php
57,6 → 57,10
$l_DHCP_off = "inactif";
$l_DHCP_off_explain = "/!\\ Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation).";
$l_static_dhcp_title = "Réservation d'adresses IP statiques";
$l_dhcp_relay = "Relais DHCP";
$l_dhcp_relay_local_ip = "Adresse IP locale";
$l_dhcp_relay_ip = "Adresse IP DHCP";
$l_dhcp_relay_port = "Port DHCP";
$l_mac_address = "Adresse MAC";
$l_ip_address = "Adresse IP";
$l_host_name = "Nom d'hôte";
111,8 → 115,13
$l_DHCP_off = "disabled";
$l_DHCP_off_explain = "/!\\ Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)";
$l_static_dhcp_title = "Static IP addresses reservation";
$l_mac_address = "MAC Address";
$l_ip_address = "IP Address";
$l_dhcp_relay = "DHCP relay";
$l_dhcp_relay_local_ip = "Locale IP address";
$l_dhcp_relay_ip = "DHCP IP address";
$l_dhcp_relay_port = "DHCP port";
$l_mac_address = "MAC address";
$l_ip_address = "IP address";
$l_port = "Port";
$l_host_name = "Host name";
$l_del = "Delete from list";
$l_add_to_list = "Add";
163,10 → 172,12
switch ($choix) {
case 'DHCP_On':
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on');
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
case 'DHCP_Off':
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off');
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_mac':
$new_mac_addr = trim($_POST['add_mac']);
201,7 → 212,8
}
}
}
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
case 'del_mac':
foreach ($_POST as $key => $value) {
if ($value == 'on') {
212,8 → 224,17
exec('sudo /usr/bin/systemctl reload chilli');
}
}
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'dhcp_relay': // DHCP relay
// TODO : check DHCP relay before apply?
file_put_contents(CONF_FILE, str_replace('EXT_DHCP_IP='.$conf['EXT_DHCP_IP'], 'EXT_DHCP_IP='.trim($_POST['dhcp_relay_ext_ip']), file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('RELAY_DHCP_IP='.$conf['RELAY_DHCP_IP'], 'RELAY_DHCP_IP='.trim($_POST['dhcp_relay_ip']), file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('RELAY_DHCP_PORT='.$conf['RELAY_DHCP_PORT'], 'RELAY_DHCP_PORT='.trim($_POST['dhcp_relay_port']), file_get_contents(CONF_FILE)));
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_host':
$add_host = trim($_POST['add_host']);
$add_ip = trim($_POST['add_ip']);
237,7 → 258,8
}
}
}
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
case 'del_host':
foreach ($_POST as $key => $value) {
if ($value == 'on') {
246,7 → 268,8
exec("sudo /usr/local/bin/alcasar-dns-local.sh --del $del_ip $del_host[1]");
}
}
break;
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'default_cert': // Restore default certificate
exec('sudo alcasar-importcert.sh -d');
679,75 → 702,85
</form>
</td></tr>
 
<?php
if ($conf['DHCP'] === 'on') {
require('network2.php');
}
?>
</table>
<br>
 
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><th><?= $l_local_dns?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" cellspacing="0" cellpadding="5" border="1">
<tr>
<td width="50%" align="center">
<form action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST">
<?php if ($conf['DHCP'] === 'on'): ?>
<tr><td colspan="2" align="center"><?= $l_static_dhcp_title ?></td></tr>
<tr><td width="50%" align="center" valign="middle">
<form action="network.php" method="POST">
<table cellspacing="2" cellpadding="3" border="1">
<tr><th><?= $l_ip_address ?></th><th><?= $l_host_name ?></th><th><?= $l_del ?></th></tr>
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info<th><?= $l_del ?></th></tr>
<?php
// Read the "dns_local" file
// Read the "ether" file
exec('sudo /sbin/ip link show '.escapeshellarg($conf["INTIF"]), $output);
$detail = explode(' ', $output[1]);
$intif_mac_addr = strtoupper(str_replace(':', '-', $detail[5]));
unset($output); unset($detail);
$line_exist = false;
$tab = file(DNS_LOCAL_FILE);
if ($tab) { // not empty
$tab = file(ETHERS_INFO_FILE);
if ($tab) { // le fichier n'est pas vide
foreach ($tab as $line) {
if (preg_match ('/^\d+/', $line)) { # begin with one or several digit
$line_exist = true;
$field = preg_split("/\s+/",$line); # split with one or several whitespace (or tab)
$ip_addr = $field[0];
$host_name = $field[1];
echo "<tr><td>$ip_addr</td>";
echo "<td>$host_name</td>";
if (($ip_addr == "127.0.0.1")|($host_name == "alcasar")) {
echo "<td>";}
else {
echo "<td><input type=\"checkbox\" name=\"$ip_addr|$host_name\">";
}
echo "</td></tr>";
$fields = explode(' ', $line);
$mac_addr = $fields[0];
$ip_addr = $fields[1];
$info = (isset($fields[2])) ? $fields[2] : ' ';
 
echo '<tr>';
echo "<td>$mac_addr</td>";
echo "<td>$ip_addr</td>";
if ($mac_addr !== $intif_mac_addr) {
echo '<td>'.ltrim($info, '#').'</td>';
echo "<td><input type=\"checkbox\" name=\"$mac_addr\"></td>";
$line_exist=True;
} else {
echo '<td>ALCASAR</td>';
echo '<td></td>';
}
echo '</tr>';
}
}
if (!$line_exist) {
echo '<tr><td colspan="3" style="text-align: center;font-style: italic;">'.$l_empty.'</td></tr>';
}
?>
</table>
<?php if ($line_exist): ?>
<input type="hidden" name="choix" value="del_host">
<input type="hidden" name="choix" value="del_mac">
<input type="submit" value="<?= $l_apply ?>">
<?php endif; ?>
</form>
</td>
<td width="50%" valign="middle" align="center">
<form name="new_host" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST">
<table cellspacing="2" cellpadding="3" border="1">
<tr>
<th><?= $l_ip_address ?></th><th><?= $l_host_name ?></th><td></td>
</tr>
<tr>
<td>Ex. : 192.168.182.10</td><td>Ex. : my_nas</td><td></td>
</tr>
<tr>
<td><input type="text" name="add_ip" size="10"><input type="hidden" name="choix" value="new_host"></td>
<td><input type="text" name="add_host" size="17"></td>
<td><input type=submit class=button value="<?= $l_add_to_list ?>"></td>
</tr>
</table>
</td><td width="50%" valign="middle" align="center">
<form name="new_mac" action="network.php" method="POST">
<table cellspacing="2" cellpadding="3" border="1">
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info</th><td></td></tr>
<tr><td>Ex. : 12-2F-36-A4-DF-43</td><td>Ex. : 192.168.182.10</td><td>Ex. : Switch<td></td></tr>
<tr><td><input type="text" name="add_mac" size="17"></td>
<td><input type="text" name="add_ip" size="10"></td>
<td><input type="text" name="info" size="10"></td>
<td>
<input type="hidden" name="choix" value="new_mac">
<input type="submit" class="button" value="<?= $l_add_to_list ?>" onclick="return MAC_Control('new_mac');">
</td>
</tr></table>
</form>
</td>
</tr>
</td></tr>
<?php else: ?>
<tr><td colspan="2" align="center"><?= $l_dhcp_relay ?></td></tr>
<tr>
<td colspan="2" align="center">
<form name="new_host" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST">
<table cellspacing="2" cellpadding="3" border="1">
<tr>
<th><label for="dhcp_relay_ip"><?= $l_dhcp_relay_local_ip ?></label></th><td><input type="text" name="dhcp_relay_ip" id="dhcp_relay_ip" value="<?= $conf['RELAY_DHCP_IP'] ?>" size="32"></td>
</tr>
<tr>
<th><label for="dhcp_relay_ext_ip"><?= $l_dhcp_relay_ip ?></label></th><td><input type="text" name="dhcp_relay_ext_ip" id="dhcp_relay_ext_ip" value="<?= $conf['EXT_DHCP_IP'] ?>" size="32"></td>
</tr>
<tr>
<th><label for="dhcp_relay_port"><?= $l_dhcp_relay_port ?></label></th><td><input type="text" name="dhcp_relay_port" id="dhcp_relay_port" value="<?= $conf['RELAY_DHCP_PORT'] ?>" size="32"></td>
</tr>
</table>
<input type="hidden" name="choix" value="dhcp_relay">
<input type="submit" value="<?= $l_apply ?>">
</form>
</td>
</tr>
<?php endif; ?>
</table>
<br>