Subversion Repositories ALCASAR

Rev

Rev 2817 | Rev 2887 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

<?php
/********************
* READ CONF FILES   *
*********************/
define("CONF_FILE", "/usr/local/etc/alcasar.conf");
define("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info");
$conf_files=array(CONF_FILE,ETHERS_INFO_FILE);
foreach ($conf_files as $file) {
        if (!file_exists($file)) {
                exit("Requested file ".$file." isn't present");
        }
        if (!is_readable($file)) {
                exit("Can't read the file ".$file);
        }
}

$alcasar_conf_file = '/usr/local/etc/alcasar.conf';
$file_conf = fopen($alcasar_conf_file, 'r');
if (!$file_conf) {
        exit('Error opening the file '.$alcasar_conf_file);
}
while (!feof($file_conf)) {
        $buffer = fgets($file_conf, 4096);
        if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
                $tmp = explode('=', $buffer, 2);
                $conf[trim($tmp[0])] = trim($tmp[1]);
        }
}
fclose($file_conf);

$tmp = explode("/",$conf["PRIVATE_IP"]);
$intif = $conf["INTIF"];
$private_ip=$tmp[0];
require('/etc/freeradius-web/config.php');
# Choice of language
$Language = 'en';
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
        $Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
        $Language = strtolower(substr(chop($Langue[0]), 0, 2));
}
if ($Language === 'fr') {
        $l_activity = "Activité sur le réseau de consultation";
        $l_ip_adr = "Adresse IP";
        $l_mac_adr = "Adresse MAC";
        $l_user = "Usager";
        $l_mac_allowed = "@MAC autorisée";
        $l_mac_temporarily_allowed = "@MAC autorisée temporairement";
        $l_action = "Action";
        $l_dissociate = "Dissocier @IP";
        $l_disconnect = "Déconnecter";
        $l_stop_capture_disconnect = "Arrêter la capture et se déconnecter";
        $l_refresh = "Cette page est rafraichie toutes les 30 secondes";
        $l_edit_user = "Editer l'utilisateur";
        $l_connect = "Autoriser temporairement";
        $l_captureon = "Autoriser et capturer";
        $l_captureoff = "Arrêter la capture";
        $l_captureonly_on = "Capturer";
} else if ($Language === 'es') {
        $l_activity = "Actividad en la LAN";
        $l_ip_adr = "Dirección IP";
        $l_mac_adr = "MAC Adress";
        $l_user = "Usuario";
        $l_mac_allowed = "@MAC autorizada";
        $l_mac_temporarily_allowed = "@MAC temporalmente autorizada";
        $l_action = "Acción";
        $l_dissociate = "Liberar @IP";
        $l_disconnect = "Desconectar";
        $l_stop_capture_disconnect = "Deje de capturar y desconecte";
        $l_refresh = "Esta información es actualizada cada 30''";
        $l_edit_user = "usuario de edición"; 
        $l_connect = "Permitir temporalmente";
        $l_captureon = "Autorizar y capturar";
        $l_captureoff = "Detener la captura";
        $l_captureonly_on = "Captura";
} else {
        $l_activity = "Activity on the consultation LAN";
        $l_ip_adr = "IP Adress";
        $l_mac_adr = "MAC Adress";
        $l_user = "User";
        $l_mac_allowed = "@MAC allowed";
        $l_mac_temporarily_allowed = "@MAC temporarily allowed";
        $l_action = "Action";
        $l_dissociate = "Dissociate @IP";
        $l_disconnect = "Disconnect";
        $l_stop_capture_disconnect = "Stop capture and disconnect";
        $l_refresh = "This frame is refreshed every 30'";
        $l_edit_user = "Edit user";
        $l_connect = "Temporarily authorize";
        $l_captureon = "Authorize and capture";
        $l_captureoff = "Stop capture";
        $l_captureonly_on = "Capture";
}

if (isset($_POST['action'])){
        switch ($_POST['action']){
                case "$l_disconnect" :
                        $mac= $_POST['mac_addr'];
                        exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));
                        unset($_POST['mac_addr']);
                break;
                case "$l_stop_capture_disconnect" :
                        $mac= $_POST['mac_addr'];
                        exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');
                        $file = '/tmp/capture_'.$mac.'.pcap';
                        if (file_exists($file))
                        {
                                header('Content-Description : File Transfer');
                                header('Content-Type: application/octet-stream');
                                header('Content-disposition: attachement; filename='.basename($file).'');
                                header('Expires: 0');
                                header('Cache-Control: must-revalidate');
                                header('Pragma: public');
                                header('Content-Lenght: '.filesize($file));
                                readfile($file);
                                exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$macc);
                                exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));
                                unset($_POST['mac_addr']);
                                exit;
                        }
                break;
                case "$l_dissociate" :
                        exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr']));
                        unset($_POST['mac_addr']);
                break;
                case "$l_connect" :
                        exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));
                        unset($_POST['mac_addr']);
                break;
                case "$l_captureon" :
                        $mac= $_POST['mac_addr'];
                        exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');
                        exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));
                        unset($_POST['mac_addr']);
                break;
                case "$l_captureonly_on" :
                        $mac= $_POST['mac_addr'];
                        exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');
                break;  
                case "$l_captureoff" :
                        $mac= $_POST['mac_addr'];
                        exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');
                        $file = '/tmp/capture_'.$mac.'.pcap';
                        if (file_exists($file))
                        {
                                header('Content-Description : File Transfer');
                                header('Content-Type: application/octet-stream');
                                header('Content-disposition: attachement; filename='.basename($file).'');
                                header('Expires: 0');
                                header('Cache-Control: must-revalidate');
                                header('Pragma: public');
                                header('Content-Lenght: '.filesize($file));
                                readfile($file);
                                exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$mac);
                                unset($_POST['mac_addr']);
                                exit;
                        }
                break;
        }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><!-- written by Rexy -->
<head>
<meta HTTP-EQUIV="Refresh" CONTENT="30">
<meta http-equiv="Content-Type" content="text/html; charset=<?= $config['general_charset'] ?>">
<title>Activity</title>
<link rel="stylesheet" type="text/css" href="/css/acc.css">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?= $l_activity ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
        <tr><td valign="middle" align="center"><?= $l_refresh ?><br>
        <table border=1 width="80%" cellpadding=2 cellspacing=0>
                <tr>
                        <th>#</th>
                        <th><?= $l_ip_adr ?></th>
                        <th><?= $l_mac_adr ?></th>
                        <th><?= $l_user ?></th>
                        <th><?= $l_action ?></th>
                </tr>
                <?php
                $IoT_capture = $conf["IOT_CAPTURE"];
                $output = array(); $detail = array(); $nb_ligne = 0;
                exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output); // retrieve ALCASAR MAC address
                $detail = explode (" " , $output[1]);
                $intif_mac_addr=strtoupper(str_replace(":","-",$detail[5]));
                unset ($output);unset ($detail);
                exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output); 
                while (list(,$ligne) = each($output)){
                        $detail = explode (" ", $ligne);
                        $nb_ligne ++;
                        echo "<tr valign=\"middle\">";
                        echo "<td>".$nb_ligne."</td>";
                        echo "<td>".$detail[1]."</td>";
                        if(file_exists('/usr/share/arp-scan/ieee-oui.txt')) // for each device on LAN, retrieve the MAC manufacturer
                        {
                                $oui_id = substr(str_replace("-","",$detail[0]),0,6);
                                exec ("grep $oui_id /usr/share/arp-scan/ieee-oui.txt | cut -f2", $mac_manufacturer);
                                if(empty($mac_manufacturer[0]))
                                {
                                        $mac_manufacturer[0] = "Unknown";
                                }
                                echo "<td>$detail[0] <font size=\"1\">($mac_manufacturer[0])</font>";
                                unset($mac_manufacturer);
                        }
                        else
                        {
                                echo "<td>$detail[0]";
                        }
                        exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info |cut -d' ' -f3", $mac_in_ether_file);
                        if (!empty($mac_in_ether_file[0]))
                        {
                                echo " - <b>" . ltrim($mac_in_ether_file[0],'#') . "</b>";
                        }
                        echo "</td><td>";
                        if ($detail[4] == "1"){ // authenticated equipment
                                $login = $detail[5];
                                unset ($found_users); unset ($cn);
                                $search = $login; $search_IN = 'username'; // is user in database ?
                                if (is_file("../lib/sql/find.php"))
                                include("../lib/sql/find.php");
                                if (isset ($found_users)) // user is in database
                                {
                                        if (is_file("../lib/sql/user_info.php")) //retrieve user info (especialy $cn)
                                                include("../lib/sql/user_info.php");
                                }
                                if (! isset ($cn)){ $cn='-';}
                                # The user is an allowed MAC address
                                        if ($detail[5] == $detail[0]){
                                                if (isset ($found_users)) { #MAC is in database
                                                        echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed";if ($cn != '-'){ echo " ($cn)";};echo "</a>";
                                                        echo "</td><td>";
                                                }
                                                else { #MAC is temporarily allowed
                                                        echo "<b>$l_mac_temporarily_allowed</b>";
                                                        echo "</td><td>";
                                                        echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
                                                        echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";

                                                        if($IoT_capture == "on")
                                                        {
                                                                if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON")
                                                                {
                                                                        echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_stop_capture_disconnect\">";
                                                                        echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";
                                                                }
                                                                else
                                                                {
                                                                        echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";
                                                                        echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";
                                                                }
                                                        }
                                                        else
                                                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";

                                                        echo "</FORM></TD>";
                                                }
                                                # Disable temporarily @MAC access
                                        }
                                # The user is a humanoide ;-)
                                        else {
                                                if ($cn != '-') { echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5] ($cn)</a>";}
                                                else { echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>";}
                                                echo "<TD>";
                                                echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
                                                echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";
                                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";
                                                echo "</FORM></TD>";
                                                }
                                        }
                        # equipment without authenticated user
                        else if (($detail[0] == $intif_mac_addr) || ($detail[1] == $private_ip)){
                                echo "ALCASAR system";
                                echo "<TD>";
                                echo "&nbsp;";
                                echo "</TD>";
                                }       
                        else {  
                                echo "&nbsp;";
                                echo "<TD>";            
                                echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
                                # Dissociate user (... or other) who is not connected yet
                                echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";
                                exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info", $mac_in_ether_file);
                                if (empty($mac_in_ether_file[1]))
                                {
                                        echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_dissociate\">"; // Dissociate only MAC not in ether file (dhcp)
                                }
                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_connect\">"; // Enable temporarily @MAC access
                                
                                if($IoT_capture == "on")
                                {
                                        if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON")
                                        {
                                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";
                                        }
                                        else
                                        {
                                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">";
                                                echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";
                                        }
                                }
                                echo "</FORM></TD>";
                        }
                        unset ($mac_in_ether_file);
                        echo "</tr>";
                }
                ?>
        </table>
        </td></tr>
</table>
</html>