6,26 → 6,25 |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
|
# This script is launched by coova after each successfull login |
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi) |
# This script is started by coova after each successfull login |
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi) |
|
|
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
|
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
|
# Retrieve alcasar special radius attributes |
db_query_additionalGroups='' |
[ -n "$FILTER_ID" ] && db_query_additionalGroups="( SELECT attribute, value FROM radgroupreply WHERE groupname = '$FILTER_ID' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION " |
# Retrieve 3 alcasar special radius attributes (search order : default group, then user's group, then user) |
db_query="SELECT attribute, value FROM ( \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \ |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \ |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \ |
$db_query_additionalGroups \ |
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \ |
) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
db_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns) |
|
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }') |
53,10 → 52,13 |
set_filterProto="proto_0"; |
fi |
|
# Add user to his IPSET |
ipset add $set_filter $FRAMED_IP_ADDRESS |
ipset add $set_filterProto $FRAMED_IP_ADDRESS |
|
# If status page isn't required, add user_IP with flag PERM in /tmp/current_users.txt |
# If status page isn't required : |
# -add user_IP with flag PERM in /tmp/current_users.txt (watchdog remove these @IP at midnight) |
# if the user has the "Expiration" attribute, add its @MAC as an authenticated user (with the same user's attributes) |
if [ "$statusPageRequired" == '2' ]; then # Status page is not required |
current_users_file="/tmp/current_users.txt" |
if [ ! -e $current_users_file ]; then |
66,7 → 68,7 |
fi |
|
############################# |
## Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open). |
## see "/src/chilli.c" for the complete list of parse variables |
#debug_file="/tmp/debug-conup.txt" |
#echo "-----------------------------------------------" >> $debug_file |
82,8 → 84,8 |
# fi |
#done |
#echo >> $debug_file |
#echo "set_filter : $set_filter" >> $debug_file |
#echo "set_filterProto : $set_filterProto" >> $debug_file |
#echo "statusPageRequired : $statusPageRequired" >> $debug_file |
#echo "ALCASAR-Filter : $set_filter" >> $debug_file |
#echo "ALCASAR-Protocols-Filter : $set_filterProto" >> $debug_file |
#echo "Alcasar-Status-Page-Must-Stay-Open : $statusPageRequired" >> $debug_file |
## END DEBUG |
################################# |