Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2885 → Rev 2886

/scripts/alcasar-condown.sh
6,25 → 6,24
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is launched by coova after each logout
# This script is started by coova after each logout
# Ce script est lancé par coova à chaque déconnexion d'usager
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
 
if [ -z $FRAMED_IP_ADDRESS ]; then
exit 1
fi
 
# Remove user from his IPSET
db_query_additionalGroups='' # before alcasar-3.4, filter types was in "FILTER_ID" attribute
[ -n "$FILTER_ID" ] && db_query_additionalGroups="( SELECT attribute, value FROM radgroupreply WHERE groupname = '$FILTER_ID' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION "
# Retrieve 2 alcasar special radius attributes (search order : default group, then user's group, then user)
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ORDER BY ug.priority ) UNION \
$db_query_additionalGroups \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) \
) attrs GROUP BY attribute;"
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns)
db_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
 
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
49,6 → 48,7
set_filterProto="proto_0";
fi
 
# Remove user from his IPSET
ipset del $set_filter $FRAMED_IP_ADDRESS
ipset del $set_filterProto $FRAMED_IP_ADDRESS
 
57,7 → 57,7
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
 
#############################
## Debug : show all the coova parse variables (+ $set_filter + $set_filterProto).
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter).
## see "/src/chilli.c" for the complete list of parse variables
#debug_file="/tmp/debug-condown.txt"
#echo "-----------------------------------------------" >> $debug_file
73,7 → 73,7
# fi
#done
#echo >> $debug_file
#echo "set_filter : $set_filter" >> $debug_file
#echo "set_filterProto : $set_filterProto" >> $debug_file
#echo "ALCASAR-Filter : $set_filter" >> $debug_file
#echo "ALCASAR-Protocols-Filter : $set_filterProto" >> $debug_file
## END Debug
#################################
/scripts/alcasar-conup.sh
6,26 → 6,25
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is launched by coova after each successfull login
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi)
# This script is started by coova after each successfull login
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi)
 
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
 
if [ -z $FRAMED_IP_ADDRESS ]; then
exit 1
fi
 
# Retrieve alcasar special radius attributes
db_query_additionalGroups=''
[ -n "$FILTER_ID" ] && db_query_additionalGroups="( SELECT attribute, value FROM radgroupreply WHERE groupname = '$FILTER_ID' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION "
# Retrieve 3 alcasar special radius attributes (search order : default group, then user's group, then user)
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \
$db_query_additionalGroups \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \
) attrs GROUP BY attribute;"
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns)
db_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
 
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
53,10 → 52,13
set_filterProto="proto_0";
fi
 
# Add user to his IPSET
ipset add $set_filter $FRAMED_IP_ADDRESS
ipset add $set_filterProto $FRAMED_IP_ADDRESS
 
# If status page isn't required, add user_IP with flag PERM in /tmp/current_users.txt
# If status page isn't required :
# -add user_IP with flag PERM in /tmp/current_users.txt (watchdog remove these @IP at midnight)
# if the user has the "Expiration" attribute, add its @MAC as an authenticated user (with the same user's attributes)
if [ "$statusPageRequired" == '2' ]; then # Status page is not required
current_users_file="/tmp/current_users.txt"
if [ ! -e $current_users_file ]; then
66,7 → 68,7
fi
 
#############################
## Debug : show all the coova parse variables (+ $set_filter + $set_filterProto).
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open).
## see "/src/chilli.c" for the complete list of parse variables
#debug_file="/tmp/debug-conup.txt"
#echo "-----------------------------------------------" >> $debug_file
82,8 → 84,8
# fi
#done
#echo >> $debug_file
#echo "set_filter : $set_filter" >> $debug_file
#echo "set_filterProto : $set_filterProto" >> $debug_file
#echo "statusPageRequired : $statusPageRequired" >> $debug_file
#echo "ALCASAR-Filter : $set_filter" >> $debug_file
#echo "ALCASAR-Protocols-Filter : $set_filterProto" >> $debug_file
#echo "Alcasar-Status-Page-Must-Stay-Open : $statusPageRequired" >> $debug_file
## END DEBUG
#################################
/scripts/alcasar-test-debug-conup.sh
4,7 → 4,7
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
 
# Retrieve alcasar special radius attributes
# Retrieve 3 ALCASAR special radius attributes (search order : default group, then user's group, then user)
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \
18,8 → 18,8
echo "USER_NAME = $USER_NAME; filter = $filter; filterproto = $filterProto; statusOpenRequired = $statusOpenRequired";
 
# If status page isn't required :
# -add user_IP with flag PERM in /tmp/current_users.txt
# -add user_@MAC as an authenticated user (until "expiration_date")
# -add user_IP with the flag 'PERM' in /tmp/current_users.txt
# -add user_@MAC as an authenticated (with the same user's attributes)
if [ "$statusOpenRequired" == '2' ]; then # Status page is not required
echo ""
db_query="SELECT attribute, value FROM ( \
/scripts/alcasar-watchdog.sh
124,10 → 124,14
lan_test
exit 0
;;
--disconnect-permanent-users)
/bin/sed -i '/PERM/d' $current_users_file
exit 0
;;
*)
lan_test
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
# process each equipment known by chilli to check if IP address is usurped (with arping)
# process each equipment known by chilli
for system in `/usr/sbin/chilli_query list | grep -v "0\.0\.0\.0"`
do
active_ip=`echo $system |cut -d" " -f2`
134,7 → 138,6
active_session=`echo $system |cut -d" " -f5`
active_mac=`echo $system | cut -d" " -f1`
active_user=`echo $system |cut -d" " -f6`
# We disconnect inactive user here :
# We check if the user isn't an auth @MAC and if he is still connected
if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
if [ -e $current_users_file ]; then