Subversion Repositories ALCASAR

Rev

Rev 2106 | Rev 2108 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2106 Rev 2107
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-watchdog.sh 2106 2017-01-05 18:35:29Z richard $
2
# $Id: alcasar-watchdog.sh 2107 2017-01-05 22:23:35Z raphael.pion $
3
 
3
 
4
# alcasar-watchdog.sh
4
# alcasar-watchdog.sh
5
# by Rexy
5
# by Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
7
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
Line 19... Line 19...
19
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
19
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
20
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
20
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
21
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
21
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
22
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
22
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
23
tmp_file="/tmp/watchdog.txt"
23
tmp_file="/tmp/watchdog.txt"
24
tmp_users_file="/tmp/current_users.txt"
24
current_users_file="/tmp/current_users.txt"
25
DIR_WEB="/var/www/html"
25
DIR_WEB="/var/www/html"
26
Index_Page="$DIR_WEB/index.php"
26
Index_Page="$DIR_WEB/index.php"
27
IPTABLES="/sbin/iptables"
27
IPTABLES="/sbin/iptables"
28
TUNIF="tun0"						# listen device for chilli daemon
28
TUNIF="tun0"						# listen device for chilli daemon
29
OLDIFS=$IFS
29
OLDIFS=$IFS
Line 103... Line 103...
103
		lan_test
103
		lan_test
104
		exit 0
104
		exit 0
105
		;;
105
		;;
106
	*)
106
	*)
107
		lan_test
107
		lan_test
108
		# read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed)
-
 
109
		if [ -e $tmp_file ]; then
-
 
110
			cat $tmp_file | while read noresponse
-
 
111
			do
-
 
112
				noresponse_ip=`echo $noresponse | cut -d" " -f1`
-
 
113
				noresponse_mac=`echo $noresponse | cut -d" " -f2`
-
 
114
				noresponse_user=`echo $noresponse | cut -d" " -f3`
-
 
115
				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $noresponse_ip)
-
 
116
				if [ $(echo $data_users | wc -l) -eq 1 ] #if it still connected ...
-
 
117
	       			then
-
 
118
					if [[ $noresponse_user != $noresponse_mac ]] # we let @mac auth equipments connected
-
 
119
						then 
-
 
120
						logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."
-
 
121
						echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user"
-
 
122
						/usr/sbin/chilli_query logout $noresponse_mac
-
 
123
					fi
-
 
124
				fi
-
 
125
                                
-
 
126
			done
-
 
127
			rm $tmp_file
-
 
128
#			if [ -e $tmp_users_file ]; then
-
 
129
#				rm $tmp_users_file
-
 
130
#			fi
-
 
131
 
-
 
132
		fi
-
 
133
 
-
 
134
		# this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open)
-
 
135
		if [ -e $tmp_users_file ]; then 
-
 
136
			for ip_user in $(cat $tmp_users_file)
-
 
137
			do
-
 
138
				# Check if thses users are also connected for chilli
-
 
139
				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $ip_user)
-
 
140
				if [ $(echo $data_users | wc -l) -eq 0 ] #if user not in the file $tmp_users_file  (it means that status.php has been closed)
-
 
141
				then
-
 
142
					#save info in tmp_file
-
 
143
					active_ip=`echo $data_user |cut -d" " -f2`
-
 
144
		                        active_mac=`echo $data_user | cut -d" " -f1`
-
 
145
		                        active_user=`echo $data_user |cut -d" " -f6`
-
 
146
					echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected.
-
 
147
				fi
-
 
148
			done
-
 
149
			rm $tmp_users_file
-
 
150
		else
-
 
151
			for system in $(/usr/sbin/chilli_query list |grep -v "\.0\.0\.0" | awk '$5 == 1')
-
 
152
			do
-
 
153
				#disconnect all users
-
 
154
                                active_ip=`echo $system |cut -d" " -f2`
-
 
155
                                active_mac=`echo $system | cut -d" " -f1`
-
 
156
                                active_user=`echo $system |cut -d" " -f6`
-
 
157
                                echo "$active_ip $active_mac $active_user" >> $tmp_file
-
 
158
			done
-
 
159
		fi
-
 
160
 
-
 
161
 
108
 
-
 
109
		# We disconnect inactive users (its means that status.php has been closed)
-
 
110
		# Each user inform about his connectivity by filling in /tmp/current_users.txt his own @IP
162
		# process each equipment known by chilli to check if any equipment is usurped (@MAC)
111
		# process each equipment known by chilli to check if any equipment is usurped (@MAC)
163
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
112
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
164
		do
113
		do
165
			active_ip=`echo $system |cut -d" " -f2`
114
			active_ip=`echo $system |cut -d" " -f2`
166
			active_session=`echo $system |cut -d" " -f5`
115
			active_session=`echo $system |cut -d" " -f5`
167
			active_mac=`echo $system | cut -d" " -f1`
116
			active_mac=`echo $system | cut -d" " -f1`
168
			active_user=`echo $system |cut -d" " -f6`
117
			active_user=`echo $system |cut -d" " -f6`
-
 
118
			
-
 
119
			#We disconnect inactive user here :
-
 
120
			#We check if this is not an auth @MAC and if he is still connected
-
 
121
			if [ "$active_user" != "$active_mac" ] && [ $(echo $system | awk '$5 == 1' | wc -c) -gt 1 ]; then
-
 
122
				# If /tmp/current_user.txt exists ...
-
 
123
				if [ -e $current_users_file ]; then
-
 
124
					# We check if user @IP is in 'current_users.txt'
-
 
125
					cmp_user_ok=$(cat $current_users_file | grep $active_ip | wc -w)
-
 
126
					# If this @IP is not in this file, we disconnect this user.
-
 
127
					if [ $cmp_user_ok -eq 0 ]; then
-
 
128
						logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)."
-
 
129
						echo "Disconnect : $active_ip $active_mac $active_user"
-
 
130
						/usr/sbin/chilli_query logout $active_mac
-
 
131
					fi
-
 
132
					# We clean 'current_users.txt'. Every user need to inform their @IP everytime to prove thier connectivity.
-
 
133
					sed -i 'd' $current_users_file
-
 
134
				else # If /tmp/current_user.txt does not exists we disconnect every users.
-
 
135
					logger "Le fichier /tmp/current_users.txt n'existe pas."
-
 
136
					logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)."
-
 
137
					echo "Disconnect : $active_ip $active_mac $active_user"
-
 
138
					/usr/sbin/chilli_query logout $active_mac
-
 
139
				fi
-
 
140
			fi
-
 
141
 
-
 
142
 
-
 
143
 
169
			# process only equipment with an authenticated user
144
			# process only equipment with an authenticated user
170
			if [[ $(expr $active_session) -eq 1 ]]
145
			if [[ $(expr $active_session) -eq 1 ]]
171
			then
146
			then
172
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
147
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
173
				# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.
148
				# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.
Line 181... Line 156...
181
			fi
156
			fi
182
		done
157
		done
183
		;;
158
		;;
184
esac	
159
esac	
185
IFS=$OLDIFS
160
IFS=$OLDIFS
-
 
161