/CHANGELOG |
---|
7,9 → 7,6 |
- Add LDAPS (LDAP SSL) support. |
- Add a global group named "default" for all users (the "ldap" group still exists for users authenticated through LDAP). |
ACC |
- Add the DHCP relay configuration in ACC. |
CHANGES |
- Do not perform LDAP query for authentication of trusted authorized equipment. |
- Improve script syntax |
/scripts/alcasar-dhcp.sh |
---|
16,14 → 16,22 |
# define DHCP parameters (LAN side) |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` |
PRIVATE_NETWORK_MASK="$PRIVATE_NETWORK/$PRIVATE_PREFIX" # ie.: 192.168.182.0/24 |
EXT_DHCP_IP=`grep ^EXT_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
RELAY_DHCP_IP=`grep ^RELAY_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN |
RELAY_DHCP_PORT=`grep ^RELAY_DHCP_PORT= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX |
EXT_DHCP_IP=`grep ^EXT_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
RELAY_DHCP_IP=`grep ^RELAY_DHCP_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN |
RELAY_DHCP_PORT=`grep ^RELAY_DHCP_PORT= $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off} " |
40,17 → 48,18 |
exit 0 |
;; |
--off|-off) # disable DHCP service |
$SED "s?^DHCP=.*?DHCP=off?g" $ALCASAR_CONF_FILE |
$SED "s?.*statip.*?statip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#nodynip.*?nodynip?g" $CHILLI_CONF_FILE |
$SED "s@^#\?dynip.*@#dynip@g" $CHILLI_CONF_FILE |
if [ -n "$EXT_DHCP_IP" ] && [ "$EXT_DHCP_IP" != "none" ] |
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
if [ "$EXT_DHCP_IP" != "none" ] |
then |
$SED "s?.*dhcpgateway\s.*?dhcpgateway\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
else |
$SED "s?.*dhcpgateway\s.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
fi |
57,15 → 66,17 |
/usr/bin/systemctl restart chilli |
;; |
--on|-on) # enable DHCP service on all range of IP addresses |
$SED "s?^DHCP=.*?DHCP=on?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP=.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT=.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE |
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE |
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
$SED "s@^#\?dynip.*@dynip\t\t$PRIVATE_NETWORK_MASK@g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\s.*?#dhcpgateway\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=$EXT_DHCP_IP?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
*) |
/alcasar.sh |
---|
620,9 → 620,9 |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
echo "EXT_DHCP_IP=" >> $CONF_FILE |
echo "RELAY_DHCP_IP=" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=" >> $CONF_FILE |
echo "EXT_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE |
echo "INT_DNS_DOMAIN=none" >> $CONF_FILE |
echo "INT_DNS_IP=none" >> $CONF_FILE |
echo "INT_DNS_ACTIVE=off" >> $CONF_FILE |
/web/acc/admin/network.php |
---|
57,10 → 57,6 |
$l_DHCP_off = "inactif"; |
$l_DHCP_off_explain = "/!\\ Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation)."; |
$l_static_dhcp_title = "Réservation d'adresses IP statiques"; |
$l_dhcp_relay = "Relais DHCP"; |
$l_dhcp_relay_local_ip = "Adresse IP locale"; |
$l_dhcp_relay_ip = "Adresse IP DHCP"; |
$l_dhcp_relay_port = "Port DHCP"; |
$l_mac_address = "Adresse MAC"; |
$l_ip_address = "Adresse IP"; |
$l_host_name = "Nom d'hôte"; |
115,13 → 111,8 |
$l_DHCP_off = "disabled"; |
$l_DHCP_off_explain = "/!\\ Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)"; |
$l_static_dhcp_title = "Static IP addresses reservation"; |
$l_dhcp_relay = "DHCP relay"; |
$l_dhcp_relay_local_ip = "Locale IP address"; |
$l_dhcp_relay_ip = "DHCP IP address"; |
$l_dhcp_relay_port = "DHCP port"; |
$l_mac_address = "MAC address"; |
$l_ip_address = "IP address"; |
$l_port = "Port"; |
$l_mac_address = "MAC Address"; |
$l_ip_address = "IP Address"; |
$l_host_name = "Host name"; |
$l_del = "Delete from list"; |
$l_add_to_list = "Add"; |
172,12 → 163,10 |
switch ($choix) { |
case 'DHCP_On': |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on'); |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'DHCP_Off': |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off'); |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'new_mac': |
$new_mac_addr = trim($_POST['add_mac']); |
212,8 → 201,7 |
} |
} |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'del_mac': |
foreach ($_POST as $key => $value) { |
if ($value == 'on') { |
224,17 → 212,8 |
exec('sudo /usr/bin/systemctl reload chilli'); |
} |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'dhcp_relay': // DHCP relay |
// TODO : check DHCP relay before apply? |
file_put_contents(CONF_FILE, str_replace('EXT_DHCP_IP='.$conf['EXT_DHCP_IP'], 'EXT_DHCP_IP='.trim($_POST['dhcp_relay_ext_ip']), file_get_contents(CONF_FILE))); |
file_put_contents(CONF_FILE, str_replace('RELAY_DHCP_IP='.$conf['RELAY_DHCP_IP'], 'RELAY_DHCP_IP='.trim($_POST['dhcp_relay_ip']), file_get_contents(CONF_FILE))); |
file_put_contents(CONF_FILE, str_replace('RELAY_DHCP_PORT='.$conf['RELAY_DHCP_PORT'], 'RELAY_DHCP_PORT='.trim($_POST['dhcp_relay_port']), file_get_contents(CONF_FILE))); |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
case 'new_host': |
$add_host = trim($_POST['add_host']); |
$add_ip = trim($_POST['add_ip']); |
258,8 → 237,7 |
} |
} |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'del_host': |
foreach ($_POST as $key => $value) { |
if ($value == 'on') { |
268,8 → 246,7 |
exec("sudo /usr/local/bin/alcasar-dns-local.sh --del $del_ip $del_host[1]"); |
} |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
break; |
case 'default_cert': // Restore default certificate |
exec('sudo alcasar-importcert.sh -d'); |
702,85 → 679,75 |
</form> |
</td></tr> |
<?php if ($conf['DHCP'] === 'on'): ?> |
<tr><td colspan="2" align="center"><?= $l_static_dhcp_title ?></td></tr> |
<tr><td width="50%" align="center" valign="middle"> |
<form action="network.php" method="POST"> |
<?php |
if ($conf['DHCP'] === 'on') { |
require('network2.php'); |
} |
?> |
</table> |
<br> |
<table width="100%" cellspacing="0" cellpadding="0" border="0"> |
<tr><th><?= $l_local_dns?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" cellspacing="0" cellpadding="5" border="1"> |
<tr> |
<td width="50%" align="center"> |
<form action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info<th><?= $l_del ?></th></tr> |
<tr><th><?= $l_ip_address ?></th><th><?= $l_host_name ?></th><th><?= $l_del ?></th></tr> |
<?php |
// Read the "ether" file |
exec('sudo /sbin/ip link show '.escapeshellarg($conf["INTIF"]), $output); |
$detail = explode(' ', $output[1]); |
$intif_mac_addr = strtoupper(str_replace(':', '-', $detail[5])); |
unset($output); unset($detail); |
// Read the "dns_local" file |
$line_exist = false; |
$tab = file(ETHERS_INFO_FILE); |
if ($tab) { // le fichier n'est pas vide |
$tab = file(DNS_LOCAL_FILE); |
if ($tab) { // not empty |
foreach ($tab as $line) { |
$fields = explode(' ', $line); |
$mac_addr = $fields[0]; |
$ip_addr = $fields[1]; |
$info = (isset($fields[2])) ? $fields[2] : ' '; |
echo '<tr>'; |
echo "<td>$mac_addr</td>"; |
echo "<td>$ip_addr</td>"; |
if ($mac_addr !== $intif_mac_addr) { |
echo '<td>'.ltrim($info, '#').'</td>'; |
echo "<td><input type=\"checkbox\" name=\"$mac_addr\"></td>"; |
$line_exist=True; |
} else { |
echo '<td>ALCASAR</td>'; |
echo '<td></td>'; |
if (preg_match ('/^\d+/', $line)) { # begin with one or several digit |
$line_exist = true; |
$field = preg_split("/\s+/",$line); # split with one or several whitespace (or tab) |
$ip_addr = $field[0]; |
$host_name = $field[1]; |
echo "<tr><td>$ip_addr</td>"; |
echo "<td>$host_name</td>"; |
if (($ip_addr == "127.0.0.1")|($host_name == "alcasar")) { |
echo "<td>";} |
else { |
echo "<td><input type=\"checkbox\" name=\"$ip_addr|$host_name\">"; |
} |
echo "</td></tr>"; |
} |
echo '</tr>'; |
} |
} |
if (!$line_exist) { |
echo '<tr><td colspan="3" style="text-align: center;font-style: italic;">'.$l_empty.'</td></tr>'; |
} |
?> |
</table> |
<?php if ($line_exist): ?> |
<input type="hidden" name="choix" value="del_mac"> |
<input type="hidden" name="choix" value="del_host"> |
<input type="submit" value="<?= $l_apply ?>"> |
<?php endif; ?> |
</form> |
</td><td width="50%" valign="middle" align="center"> |
<form name="new_mac" action="network.php" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info</th><td></td></tr> |
<tr><td>Ex. : 12-2F-36-A4-DF-43</td><td>Ex. : 192.168.182.10</td><td>Ex. : Switch<td></td></tr> |
<tr><td><input type="text" name="add_mac" size="17"></td> |
<td><input type="text" name="add_ip" size="10"></td> |
<td><input type="text" name="info" size="10"></td> |
<td> |
<input type="hidden" name="choix" value="new_mac"> |
<input type="submit" class="button" value="<?= $l_add_to_list ?>" onclick="return MAC_Control('new_mac');"> |
</td> |
</tr></table> |
</td> |
<td width="50%" valign="middle" align="center"> |
<form name="new_host" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr> |
<th><?= $l_ip_address ?></th><th><?= $l_host_name ?></th><td></td> |
</tr> |
<tr> |
<td>Ex. : 192.168.182.10</td><td>Ex. : my_nas</td><td></td> |
</tr> |
<tr> |
<td><input type="text" name="add_ip" size="10"><input type="hidden" name="choix" value="new_host"></td> |
<td><input type="text" name="add_host" size="17"></td> |
<td><input type=submit class=button value="<?= $l_add_to_list ?>"></td> |
</tr> |
</table> |
</form> |
</td></tr> |
<?php else: ?> |
<tr><td colspan="2" align="center"><?= $l_dhcp_relay ?></td></tr> |
<tr> |
<td colspan="2" align="center"> |
<form name="new_host" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr> |
<th><label for="dhcp_relay_ip"><?= $l_dhcp_relay_local_ip ?></label></th><td><input type="text" name="dhcp_relay_ip" id="dhcp_relay_ip" value="<?= $conf['RELAY_DHCP_IP'] ?>" size="32"></td> |
</tr> |
<tr> |
<th><label for="dhcp_relay_ext_ip"><?= $l_dhcp_relay_ip ?></label></th><td><input type="text" name="dhcp_relay_ext_ip" id="dhcp_relay_ext_ip" value="<?= $conf['EXT_DHCP_IP'] ?>" size="32"></td> |
</tr> |
<tr> |
<th><label for="dhcp_relay_port"><?= $l_dhcp_relay_port ?></label></th><td><input type="text" name="dhcp_relay_port" id="dhcp_relay_port" value="<?= $conf['RELAY_DHCP_PORT'] ?>" size="32"></td> |
</tr> |
</table> |
<input type="hidden" name="choix" value="dhcp_relay"> |
<input type="submit" value="<?= $l_apply ?>"> |
</form> |
</td> |
</tr> |
<?php endif; ?> |
</td> |
</tr> |
</table> |
<br> |
/web/acc/admin/network2.php |
---|
0,0 → 1,56 |
<tr><td colspan="2" align="center"><?= $l_static_dhcp_title ?></td></tr> |
<tr><td width="50%" align="center" valign="middle"> |
<form action="network.php" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info<th><?= $l_del ?></th></tr> |
<?php |
// Read the "ether" file |
exec('sudo /sbin/ip link show '.escapeshellarg($conf["INTIF"]), $output); |
$detail = explode(' ', $output[1]); |
$intif_mac_addr = strtoupper(str_replace(':', '-', $detail[5])); |
unset($output); unset($detail); |
$line_exist = false; |
$tab = file(ETHERS_INFO_FILE); |
if ($tab) { // le fichier n'est pas vide |
foreach ($tab as $line) { |
$fields = explode(' ', $line); |
$mac_addr = $fields[0]; |
$ip_addr = $fields[1]; |
$info = (isset($fields[2])) ? $fields[2] : ' '; |
echo '<tr>'; |
echo "<td>$mac_addr</td>"; |
echo "<td>$ip_addr</td>"; |
if ($mac_addr !== $intif_mac_addr) { |
echo '<td>'.ltrim($info, '#').'</td>'; |
echo "<td><input type=\"checkbox\" name=\"$mac_addr\"></td>"; |
$line_exist=True; |
} else { |
echo '<td>ALCASAR</td>'; |
echo '<td></td>'; |
} |
echo '</tr>'; |
} |
} |
?> |
</table> |
<?php if ($line_exist): ?> |
<input type="hidden" name="choix" value="del_mac"> |
<input type="submit" value="<?= $l_apply ?>"> |
<?php endif; ?> |
</form> |
</td><td width="50%" valign="middle" align="center"> |
<form name="new_mac" action="network.php" method="POST"> |
<table cellspacing="2" cellpadding="3" border="1"> |
<tr><th><?= $l_mac_address ?></th><th><?= $l_ip_address ?></th><th>Info</th><td></td></tr> |
<tr><td>Ex. : 12-2F-36-A4-DF-43</td><td>Ex. : 192.168.182.10</td><td>Ex. : Switch<td></td></tr> |
<tr><td><input type="text" name="add_mac" size="17"></td> |
<td><input type="text" name="add_ip" size="10"></td> |
<td><input type="text" name="info" size="10"></td> |
<td> |
<input type="hidden" name="choix" value="new_mac"> |
<input type="submit" class="button" value="<?= $l_add_to_list ?>" onclick="return MAC_Control('new_mac');"> |
</td> |
</tr></table> |
</form> |
</td></tr> |