WebSVN – ALCASAR – Path Comparison – / – /conf/ Rev 1 and /conf/ Rev HEAD

Ignore whitespace Rev 1 → Rev HEAD

 /conf/lighttpd/vhosts.d/alcasar-with-ssl.conf
 ,0 → 1,72
+$HTTP["url"] =~ ".*" {
+    # Disabling directory listing as default setting
+    dir-listing.activate = "disable"
+}
+# If a wrong url is used, displaying homepage for unprivileged users
+$HTTP["url"] !~ "^/(acc|save)/" {
+    server.error-handler-404 = "/"
+}
+# Error pages
+server.errorfile-prefix = "/var/www/html/errors/error-"
+$SERVER["socket"] == "alcasar.localdomain:443" {
+    ssl.engine = "enable"
+    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
+    ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem"
+    var.server_name = "alcasar.localdomain"
+    server.name = server_name
+    server.document-root = "/var/www/html"
+}
+$HTTP["scheme"] == "https" {
+    alias.url = (
+        "/save" => "/var/Save"
+    )
+    # Digest authentication configuration
+    auth.backend = "htdigest"
+    auth.require = (
+        "/acc/" =>
+        (
+            "method"  => "digest",
+            "realm"   => "ALCASAR Control Center (ACC)",
+            "require" => "valid-user"
+        ),
+        "/save/" =>
+        (
+            "method"  => "digest",
+            "realm"   => "ALCASAR Control Center (ACC)",
+            "require" => "valid-user"
+        )
+    )
+    $HTTP["url"] =~ "^/(acc|save)/" {
+        # Setting digest files according access permissions
+        $HTTP["url"] =~ "^/acc/" {
+            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
+            $HTTP["url"] =~ "^/acc/admin" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
+            }
+            $HTTP["url"] =~ "^/acc/manager/" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
+            }
+            $HTTP["url"] =~ "^/acc/backup/" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
+            }
+        }
+        $HTTP["url"] =~ "^/save" {
+            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
+            # Enabling directory listing
+            dir-listing.activate = "enable"
+        }
+    }
+}
+$HTTP["scheme"] == "http" {
+        # Force HTTPS for specific pages
+        $HTTP["url"] =~ "^/(acc|save)" {
+                $HTTP["host"] =~ ".*" {
+                        url.redirect = (".*" => "https://%0$0")
+                }
+        }
+}

 /conf/lighttpd/vhosts.d/alcasar-without-ssl.conf
 ,0 → 1,75
+$HTTP["url"] =~ ".*" {
+    # Disabling directory listing as default setting
+    dir-listing.activate = "disable"
+}
+# If a wrong url is used, displaying homepage for unprivileged users
+$HTTP["url"] !~ "^/(acc|save)/" {
+    server.error-handler-404 = "/"
+}
+# Error pages
+server.errorfile-prefix = "/var/www/html/errors/error-"
+$SERVER["socket"] == "alcasar.localdomain:443" {
+    ssl.engine = "enable"
+    ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
+    ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem"
+    var.server_name = "alcasar.localdomain"
+    server.name = server_name
+    server.document-root = "/var/www/html"
+}
+$HTTP["scheme"] == "https" {
+    alias.url = (
+        "/save" => "/var/Save"
+    )
+    # Digest authentication configuration
+    auth.backend = "htdigest"
+    auth.require = (
+        "/acc/" =>
+        (
+            "method"  => "digest",
+            "realm"   => "ALCASAR Control Center (ACC)",
+            "require" => "valid-user"
+        ),
+        "/save/" =>
+        (
+            "method"  => "digest",
+            "realm"   => "ALCASAR Control Center (ACC)",
+            "require" => "valid-user"
+        )
+    )
+    $HTTP["url"] =~ "^/(acc|save)/" {
+        # Setting digest files according access permissions
+        $HTTP["url"] =~ "^/acc/" {
+            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
+            $HTTP["url"] =~ "^/acc/admin" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
+            }
+            $HTTP["url"] =~ "^/acc/manager/" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
+            }
+            $HTTP["url"] =~ "^/acc/backup/" {
+                auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
+            }
+        }
+        $HTTP["url"] =~ "^/save" {
+            auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
+            # Enabling directory listing
+            dir-listing.activate = "enable"
+        }
+    }
+}
+$HTTP["scheme"] == "http" {
+        # Force HTTPS for specific pages
+        $HTTP["url"] =~ "^/(acc|save)" {
+                $HTTP["host"] =~ ".*" {
+                        url.redirect = (".*" => "https://%0$0")
+                }
+        }
+}

 /conf/lighttpd/conf.d/fastcgi.conf
 ,0 → 1,16
+#  FastCGI Module
+# ---------------
+#
+# http://www.lighttpd.net/documentation/fastcgi.html
+#
+server.modules += ( "mod_fastcgi" )
+fastcgi.server = (
+        ".php" => (
+                "localhost" => (
+                        "socket" => "/var/lib/php-fpm/php-fpm.sock",
+                        "broken-scriptfilename" => "enable"
+                )
+        )
+)

 /conf/alcasar-e2g-en.html
 ,0 → 1,49
+<!DOCTYPE html>
+<html>
+        <head>
+                <meta charset="UTF-8">
+                <meta name="viewport" content="width=device-width, initial-scale=1.0">
+                <title>Access control</title>
+                <link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/bootstrap.min.css">
+                <link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/index.css">
+                <link rel="icon" href="//alcasar.localdomain/images/favicon-48.ico" type="image/ico">
+        </head>
+        <body>
+        <div class="col-12 col-lg-10 offset-lg-1">
+                <!-- HeaderBox -->
+                <div class="row banner">
+                        <!-- Logo box -->
+                        <div class="img_banner d-none d-sm-block col-3 col-md-2">
+                                <img class="img-fluid img-A" src="//alcasar.localdomain/images/organisme.png">
+                        </div>
+                        <!-- Title -->
+                        <div id="cadre_titre" class="titre_banner col-12 col-sm-6 col-md-8">
+                                <div id="cadre_titre" class="titre_refus">
+                                        <p id="acces_controle" class="titre_refus">Access control</p>
+                                </div>
+                        </div>
+                        <!-- Logo box -->
+                        <div class="img_banner d-none d-sm-block col-3 col-md-2">
+                                <img class="img-fluid img-organisme" src="//alcasar.localdomain/images/logo-alcasar_70.png">
+                        </div>
+                </div>
+                <!-- Main content box -->
+                <div class="row">
+                        <div id="contenu_acces" class="col-12 col-lg-10 offset-lg-1">
+                                <div id="box_url">
+                                        <br>
+                                        You try to connect to a ressource whose content is deemed to contain inappropriate information.
+                                        <table width="80%">
+                                                <tr>
+                                                        <td><img src="//alcasar.localdomain/images/interdit.png"></td>
+                                                        <td>Required WEB site : -URL- <br>category : -CATEGORIES- <br> -REASONGIVEN- </td>
+                                                </tr><tr>
+                                                        <td></td><td><a href="javascript:history.back()">Previous page</a></td>
+                                                </tr>
+                                        </table>
+                                </div>
+                        </div>
+                </div>
+        </div>
+        </body>
+</html>

 /conf/alcasar-e2g-fr.html
 ,0 → 1,49
+<!DOCTYPE html>
+<html>
+        <head>
+                <meta charset="UTF-8">
+                <meta name="viewport" content="width=device-width, initial-scale=1.0">
+                <title>Contrôle d'accès</title>
+                <link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/bootstrap.min.css">
+                <link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/index.css">
+                <link rel="icon" href="//alcasar.localdomain/images/favicon-48.ico" type="image/ico">
+        </head>
+        <body>
+        <div class="col-12 col-lg-10 offset-lg-1">
+                <!-- HeaderBox -->
+                <div class="row banner">
+                        <!-- Logo box -->
+                        <div class="img_banner d-none d-sm-block col-3 col-md-2">
+                                <img class="img-fluid img-A" src="//alcasar.localdomain/images/organisme.png">
+                        </div>
+                        <!-- Title -->
+                        <div id="cadre_titre" class="titre_banner col-12 col-sm-6 col-md-8">
+                                <div id="cadre_titre" class="titre_refus">
+                                        <p id="acces_controle" class="titre_refus">Contrôle d'accès</p>
+                                </div>
+                        </div>
+                        <!-- Logo box -->
+                        <div class="img_banner d-none d-sm-block col-3 col-md-2">
+                                <img class="img-fluid img-organisme" src="//alcasar.localdomain/images/logo-alcasar_70.png">
+                        </div>
+                </div>
+                <!-- Main content box -->
+                <div class="row">
+                        <div id="contenu_acces" class="col-12 col-lg-10 offset-lg-1">
+                                <div id="box_url">
+                                        <br>
+                                        Vous tentez d'accéder à une ressource dont le contenu est réputé contenir des informations inappropriées.
+                                        <table width="80%">
+                                                <tr>
+                                                        <td><img src="//alcasar.localdomain/images/interdit.png"></td>
+                                                        <td>Site demandé : -URL- <br>catégorie : -CATEGORIES- <br> -REASONGIVEN- </td>
+                                                </tr><tr>
+                                                        <td></td><td><a href="javascript:history.back()">Page précédente</a></td>
+                                                </tr>
+                                        </table>
+                                </div>
+                        </div>
+                </div>
+        </div>
+        </body>
+</html>

 /conf/etc/alcasar-iptables-local.sh
 ,0 → 1,79
+#!/bin/sh
+#
+# $Id$
+#
+# Custom rules for ALCASAR firewall
+#
+# Examples:
+#       - Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee)
+#       - allow ICMP from an Internet IP address (Admin_from) to EXTIF
+#       - Deny access to protected networks from internal LAN
+#       - allow SMTP from ALCASAR to an other server
+#       - Allow managers to access ACC from the external network
+#       - Ports Address Translation (PAT) from Internet (one & multiple)
+# This script inherit of alcasar-iptables.sh variables : $INTIF, $EXTIF, $IPTABLES, etc
+# !!Beware, run the script "alcasar-iptables.sh" after changing this file.
+# Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee)
+if [ -s /usr/local/etc/alcasar-iptables-local-mac-filtered ]; then
+        while read mac_line
+        do
+                ip_on=`echo $mac_line|cut -b1`
+                if [ $ip_on != "#" ]
+                then
+                        mac_filtered=`echo $mac_line|cut -d" " -f1`
+                        echo "MAC filtered = $mac_filtered"
+                        $IPTABLES -A FORWARD -i $INTIF        -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP"
+                        $IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP
+                        $IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP
+                        $IPTABLES -A FORWARD -i $INTIF        -m mac --mac-source $mac_filtered -j DROP
+                fi
+        done < /usr/local/etc/alcasar-iptables-local-mac-filtered
+fi
+# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR
+# Allow ping (echo & request) (ICMP N°0 & 8) from Internet
+#$IPTABLES -A INPUT  -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT
+#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT
+# On interdit aux utilisateurs l'accés à d'autres réseaux privés
+# Deny access of users to other private networks
+#protectedNetworks='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16' # (RFC 1918)
+#[ -n "$TUNIF" ] && consultationIF=$TUNIF || consultationIF=$INTIF
+#$IPTABLES -A FORWARD -i $consultationIF -d $protectedNetworks -j DROP
+#$IPTABLES -A FORWARD -o $consultationIF -s $protectedNetworks -j DROP
+# On autorise ALCASAR à contacter un serveur MAIL externe (envoie de rapports, alertes, inscription d'utilisateurs, etc.)
+# Allow ALCASAR to connect to a mail server (send reports, alerts, users registration, etc.)
+#SMTP_IP='192.168.111.5'
+#SMTP_PORT=25
+#$IPTABLES -A OUTPUT -p tcp --dport $SMTP_PORT -d $SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
+#$IPTABLES -A INPUT  -p tcp --sport $SMTP_PORT -s $SMTP_IP -m conntrack --ctstate ESTABLISHED     -j ACCEPT
+# On autorise un admin à accéder à l'ACC depuis l'extérieur (Internet ou le LAN entre ALCASAR et la BOX)
+# Allow managerIP to access ACC from the external network (Internet or LAN between ALCASAR and the broadband router)
+#managerIPs='192.168.0.10'
+#externalPort='34443'
+#$IPTABLES -t mangle -A PREROUTING -i $EXTIF -s $managerIPs -p tcp -d $PUBLIC_IP --dport $externalPort -j MARK --set-mark 100
+#$IPTABLES -t nat    -A PREROUTING -i $EXTIF -s $managerIPs -p tcp -d $PUBLIC_IP --dport $externalPort -j DNAT --to $PRIVATE_IP:443
+#$IPTABLES           -A INPUT      -i $EXTIF -s $managerIPs -p tcp --dport 443 -m mark --mark 100 -j ACCEPT
+# On autorise l'accès depuis Internet (ex: port 11222) vers un equipement du LAN (ex: port 22). L'équipement sur le LAN doit être en IP fixe
+# Access is allowed from Internet (ie: port 11222) to a LAN equipment (ie: port 22). The equipment must be in static IP
+#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p tcp -d $PUBLIC_IP --dport 11222 -j DNAT --to 192.168.182.10:22
+#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p udp -d $PUBLIC_IP --dport 11222 -j DNAT --to 192.168.182.10:22
+#$IPTABLES -A FORWARD -p tcp -d 192.168.182.10 --dport 22 -j ACCEPT
+#$IPTABLES -A FORWARD -p udp -d 192.168.182.10 --dport 22 -j ACCEPT
+# On autorise l'accès depuis Internet (en multiports) vers un équipement du LAN (qui doit être en IP fixe)
+# Access is allowed from Internet (multiports) to a LAN equipment (which must be in static IP)
+#ext_ports=11223:11323; int_ports=12000:12100
+#to_ip=192.168.182.7
+#int_ports_dnat=`echo $int_ports|tr : -`
+#ext_ports_dnat=`echo $ext_ports|tr : -`
+#first_ext_port=`echo $ext_ports|cut -d":" -f1`
+#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p tcp -d $PUBLIC_IP --dport $ext_ports -j DNAT --to $to_ip:$int_ports_dnat/$first_ext_port
+#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $to_ip -m multiport --dports $int_ports -j ACCEPT
+#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p udp -d $PUBLIC_IP --dport $ext_ports -j DNAT --to $to_ip:$int_ports_dnat/$first_ext_port
+#$IPTABLES -A FORWARD -i $EXTIF -p udp -d $to_ip -m multiport --dports $int_ports -j ACCEPT
 Property changes:
 Added: svn:eol-style
 +LF
 \ No newline at end of property
 Added: svn:executable
 +*
 \ No newline at end of property
 Added: svn:keywords
 +Date Author Id
 \ No newline at end of property

 /conf/etc/alcasar-uamdomain-sample
 ,0 → 1,21
+uamdomain=".akamaiedge.net"
+uamdomain=".akamaitechnologies.com"
+uamdomain=".download.microsoft.com"
+uamdomain=".download.windowsupdate.com"
+uamdomain=".ds.download.windowsupdate.com"
+uamdomain=".update.microsoft.com"
+uamdomain=".update.microsoft.com.nsatc.net"
+uamdomain=".windowsupdate.microsoft.com"
+uamdomain="activation.sls.microsoft.com"
+uamdomain="crl.microsoft.com"
+uamdomain="go.microsoft.com"
+uamdomain="ntservicepack.microsoft.com"
+uamdomain="stats.update.microsoft.com"
+uamdomain="time.windows.com"
+uamdomain=".alcasar.net"
+uamdomain=".clamav.net"
+uamdomain=".ubuntu.com"
+uamdomain=".debian.org"
+uamdomain=".mozilla.org"
+uamdomain=".cnd.mozilla.net"
+uamdomain=".macromedia.com"

 /conf/etc/alcasar-bl-categories-enabled
 ,0 → 1,20
+adult
+agressif
+cryptojacking
+dangerous_material
+ddos
+doh
+drogue
+gambling
+hacking
+malware
+marketingware
+mixed_adult
+phishing
+redirector
+remote-control
+sect
+strict_redirector
+strong_redirector
+tricheur
+warez

 /conf/etc/alcasar-global-usage
 ,0 → 1,872
+#
+#       Franck Bourdonnec, and some users want to have a catalog
+#       of database. Some want a per database/file, some want a global one.
+#       this is the global
+#       I only put French and English description
+#       ANY Help on description is welcome (spanish, german, italian, etc.)
+#
+#       NAME : name of tar blacklist
+#       DEFAULT_TYPE : what is the primary use of this blacklist (can be inverted, i.e. for webmail)
+#       SOURCE : Url of the main provider of information
+#       NAME xx: Short name used display in listbox, menu choice etc for xx Language
+#       DESC xx: Description of the blacklist for xx Language
+#
+#       to participate : <mailto:fabrice.prigent@ut-capitole.fr>
+#
+NAME:   adult
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Some adult site from erotic to hard pornography.
+DESC FR: Des sites adultes allant de l'érotique à la pornographie dure.
+DESC RU: Некоторые взрослые сайты от эротики до жесткой порнографии.
+DESC ES: Sitios para adultos, desde erotísmo a pornografía dura.
+NAME EN: Adult (X)
+NAME FR: Adulte (X)
+NAME IT: Siti per adulti (XXX)
+NAME NL: 18+ (X)
+NAME RU: Эротика
+NAME DE: Porno
+NAME ES: Porno
+NAME:   agressif
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Some aggressive sites.
+DESC FR: Quelques sites racistes, antisémites, incitant à la haine.
+DESC RU: Некоторые агрессивные веб-сайты расистского, антисемитского, разжигания ненависти.
+DESC ES: Sitios agresivos, racistas, que incitan a la violencia.
+NAME EN: Aggressive (english)
+NAME FR: Agréssif (anglais)
+NAME IT: Aggressività in inglese)
+NAME NL: Aggressief (engels)
+NAME RU: Агрессия (английский)
+NAME DE: Aggressiver (englisch)
+NAME ES: Agresivo
+NAME:   audio-video
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Some audio and video sites.
+DESC FR: Quelques sites orientés vers l'audio et la vidéo.
+DESC RU: Некоторые сайты, ориентированные на аудио и видео.
+DESC ES: Sitios de audio y vídeo.
+NAME EN: Audio/Video
+NAME FR: Audio/Vidéo
+NAME IT: Audio/Video
+NAME NL: Audio/Video
+NAME RU: Звук/Видео
+NAME DE: Audio/Video
+NAME ES: Audio/Video
+NAME:   blog
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Some blogs sites.
+DESC FR: Quelques sites hébergeant des blogs.
+DESC RU: Некоторые сайты-блоги.
+DESC ES: Sitios de Blogs
+NAME EN: blogs
+NAME FR: blogs
+NAME IT: blogs
+NAME NL: blogs
+NAME DE: blogs
+NAME RU: Блоги.
+NAME ES: blogs
+NAME:   cleaning
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites to disinfect, update and protect computers.
+DESC FR: Sites pour désinfecter et mettre à jour des ordinateurs.
+DESC RU: Сайты для лечения, обновления и защиты компьютеров.
+DESC ES: Sitios para desinfectar, actualizar y proteger ordenadores.
+NAME EN: Cleanup, Antivirus etc
+NAME FR: Nettoyage, Antivirus, etc
+NAME IT: Sicurezza (Antispyware, Antivirus ecc)
+NAME NL: Cleanup, Antivirus etc
+NAME DE: Antivirustools etc
+NAME RU: Очистка, антивирусы и т. д.
+NAME ES: Antivirus, limpieza, etc.
+NAME:   dangerous_material
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites which describe how to make bomb and some dangerous material.
+DESC FR: Sites décrivant des moyens de créer du matériel dangereux (explosif, poison, etc.).
+DESC RU: Сайты, описывающие способы создания опасных материалов(взрывчатые вещества, яды, и т. д.).
+DESC ES: Sitios que describen como hacer bombas y otros materiales peligrosos.
+NAME EN: Dangerous kits
+NAME FR: Assemblages dangereux
+NAME IT: Materiali Pericolosi
+NAME NL: Dangerous kits
+NAME DE: Gef&auml;hrliches Material
+NAME RU: Опасные наборы.
+NAME ES: Materiales peligrosos.
+NAME:   download
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites which propose to download software
+DESC FR: Sites qui permettent de télécharger des logiciels
+NAME EN: Software download
+NAME FR: Telechargement de logiciels
+NAME:   drogue
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites relative to drugs.
+DESC FR: Drogue.
+DESC RU: Сайты, имеющие отношение к наркотикам.
+DESC ES: Sitios relacionados con las drogas.
+NAME EN: Drug
+NAME FR: Drogue
+NAME IT: Droghe
+NAME NL: Verdovende middelen
+NAME RU: Наркотики
+NAME DE: Drogen
+NAME ES: Drogas
+NAME:   financial
+DEFAULT_TYPE: black
+SOURCE: http://www.squidguard.org
+DESC EN: Sites relative financial information.
+DESC FR: Informations financières, bourses.
+DESC RU: Сайты, связанные с финансовой информацией.
+NAME ES: Sitios relacionados con información financiera, bolsas.
+NAME EN: Financial
+NAME FR: Finance
+NAME IT: Financial
+NAME NL: Financial
+NAME RU: Финансы.
+NAME DE: Financial
+NAME ES: Finanzas
+NAME:   forums
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Forums site.
+DESC FR: Forums.
+DESC RU: Сайты-форумы.
+DESC ES: Foros
+NAME EN: Forums
+NAME FR: Forums
+NAME IT: Forum
+NAME NL: Forums
+NAME RU: Форумы
+NAME DE: Foren
+NAME ES: Foros
+NAME:   gambling
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Gambling and games sites, casino, etc.
+DESC FR: Sites de jeux en ligne, casino, etc.
+DESC RU: Азартные игры и игровые сайты, казино.
+DESC ES: Sitios de juego en línea, apuestas, casinos, etc.
+NAME EN: Gambling/Casino games
+NAME FR: Jeux casino
+NAME IT: Gioco d\azzardo/Casino
+NAME NL: Gokken/Casinospelen
+NAME RU: Азартные игры и казино
+NAME DE: Glueckspiel
+NAME ES: Apuestas/Casino
+NAME:   hacking
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Hacking sites.
+DESC FR: Sites de piratage et d'agressions informatiques.
+DESC RU: Сайты о взломе и о компьютерных атаках.
+DESC ES: Sitos de pirateo informático, hackers
+NAME EN: Hacking
+NAME FR: Hacking
+NAME IT: Hacking
+NAME NL: Hacken
+NAME RU: Хакерство
+NAME DE: Hacking
+NAME ES: Hacking
+NAME:   liste_blanche
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: A list of whitelisted sites.
+DESC FR: Une liste de sites en liste blanche.
+DESC IT: Una lista di siti della lista bianca.
+DESC RU: Список сайтов белого списка.
+DESC DE: Eine Liste von Whitelist-Seiten.
+DESC ES: Una lista de sitios de la lista blanca.
+NAME EN: whitelist
+NAME FR: Liste blanche
+NAME IT: lista bianca
+NAME RU: белый список
+NAME DE: weiße Liste
+NAME ES: lista blanca
+NAME:   liste_bu
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: A french list for educational sites. VERY locally oriented. may help libraries.
+DESC FR: Une liste très "univ-tlse1.fr" de sites éducatifs pour notre bibliothèque.
+DESC RU: Французский список образовательных сайтов. ОЧЕНЬ местно ориентированный. Может помочь библиотекам.
+DESC ES: Una lista francesa de sitios educativos. Muy orientada a sitios franceses.
+NAME EN: Schools/Academics (french)
+NAME FR: Bibliothèques universitaires
+NAME IT: Scuola/Università in francese)
+NAME NL: Scholen/Academisch (frans)
+NAME RU: Школы/Академия (французкий)
+NAME DE: Universitaetsbibliothek (frankreich)
+NAME ES: Bibliotecas universitarias (Francesas)
+NAME:   mobile-phone
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites for mobile phone (rings, etc).
+DESC FR: Sites pour les mobiles (sonneries, etc.).
+DESC RU: Сайты для мобильных телефонов (рингтоны и т. д.).
+DESC ES: Sitios para teléfonos móviles (tonos, etc.)
+NAME EN: Mobile phone
+NAME FR: Téléphonie mobile
+NAME IT: Cellulari
+NAME NL: Mobiele telefonie
+NAME RU: Мобильный телефон
+NAME DE: Handy
+NAME ES: Telefonía móvil
+NAME:   phishing
+DEFAULT_TYPE: black
+SOURCE: http://www.surbl.org
+DESC EN: Phishing sites
+DESC FR: Sites de phishing, de pièges bancaires, ou autres.
+DESC RU: Фишинг-сайты, банковские ловушки или другое.
+DESC ES: Sitios relacionados con phishing (suplantación de identidad)
+NAME RU: Фишинг.
+NAME EN: Phishing
+NAME FR: Phishing
+NAME IT: Phishing
+NAME NL: Phishing
+NAME DE: Phishing
+NAME ES: Phishing (suplantación de identidad)
+NAME:   publicite
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Advertisement.
+DESC FR: Publicité.
+DESC RU: Объявления.
+DESC ES: Publicidad
+NAME EN: Ads
+NAME FR: Publicité
+NAME IT: Pubblicità
+NAME NL: Reclame
+NAME RU: Реклама
+NAME DE: Anzeigen
+NAME ES: Publicidad
+NAME:   radio
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Internet radio sites
+DESC FR: Sites de radio sur Internet
+DESC RU: Сайты Интернет радио.
+DESC ES: Sitios de radio por internet.
+NAME EN: Internet radio
+NAME FR: Radio internet
+NAME IT: Internet radio
+NAME NL: Internet radio
+NAME RU: Радио Интернета
+NAME DE: Internet Radio
+NAME ES: Radio internet
+NAME:   redirector
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Some redirector sites, which are used to circumvent filtering.
+DESC FR: Quelques sites qui permettent de contourner les filtres.
+DESC RU: Некоторые перенаправляющие сайты, которые используются для обхода фильтрации.
+DESC ES: Sitios de redirección de contenidos, usados para eludir el filtrado.
+NAME EN: Proxy
+NAME FR: Proxy
+NAME IT: Proxy
+NAME NL: Proxy
+NAME RU: Прокси
+NAME DE: Proxy
+NAME ES: Proxy
+NAME:   strict_redirector
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Same as redirector, but with google, yahoo, and other cache/images search robots.
+DESC FR: Comme redirector, mais avec les moteurs de recherche classiques.
+DESC RU: Тоже, что и redirector, но с google, yahoo и другими поисковыми системами кэшей/изображений.
+DESC ES: Como redirector, pero con google, yahoo y otros motores de búsqueda clásicos.
+NAME EN: Strict Proxy
+NAME FR: Proxy strict
+NAME IT: Strict Proxy
+NAME NL: Strikte Proxy
+NAME RU: Строгое Прокси
+NAME DE: Strickt Proxy
+NAME ES: Proxy estricto
+NAME:   strong_redirector
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Same as strict_redirector, but, for google, yahoo, we are only blocking some terms.
+DESC FR: Comme strict_redirector, mais, pour google et autres, on ne bloque que certains termes.
+DESC RU: Тоже, что и strict_redirector, но для google, yahoo блокируются только некоторые условия.
+DESC ES: Como strict_redirector, pero para google, yahoo y otros sólo bloquean algunos términos.
+NAME EN: Strong Proxy
+NAME FR: Proxy fort
+NAME IT: Strong Proxy
+NAME NL: Strakke Proxy
+NAME RU: Крепкое Прокси
+NAME DE: Stark Proxy
+NAME ES: Proxy fuerte
+NAME:   tricheur
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites which are designed to explains cheating on exams.
+DESC FR: Sites qui expliquent comme tricher aux examens.
+DESC RU: Сайты, которые предназначены для объяснения как смошенничать на экзамене.
+DESC ES: Sitios que explican cómo hacer trampas en los exámenes.
+NAME EN: Cheater
+NAME FR: Tricheur
+NAME IT: Baro
+NAME NL: Cheats
+NAME RU: Мошенник
+NAME DE: Schummler
+NAME ES: Tramposos
+NAME:   warez
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Warez sites.
+DESC FR: Sites distribuant, entre autres, des logiciels ou vidéos pirates.
+DESC RU: Пиратские сайты программного обеспечения.
+DESC ES: Sitios de programas piratas.
+NAME FR: Warez DownloadZ
+NAME EN: Warez DownloadZ
+NAME IT: Warez DownloadZ
+NAME NL: Warez DownloadZ
+NAME RU: Нелегальное программное обеспечение
+NAME DE: Warez
+NAME ES: Programas piratas (Warez)
+NAME:   webmail
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Webmail sites (hotmail like...)
+DESC FR: Webmail que l'on trouve sur internet (hotmail, webmail.univ-tlse1.fr, etc.)
+DESC RU: Почтовые сайты (hotmail, webmail.univ-tlse1.fr и т. д.).
+DESC ES: Sitios de correo electrónico web. (hotmail, gmail, etc.)
+NAME EN: Webmail
+NAME FR: Messagerie Web
+NAME IT: Webmail
+NAME NL: Webmail
+NAME RU: Почта
+NAME DE: Webmail
+NAME ES: Mensajería web (webmail)
+NAME:   games
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: games sites (flash and online games )
+DESC FR: Sites de jeux, en ligne, ou de distributions de jeux.
+DESC RU: Игровые сайты (флеш и онлайн игры).
+DESC ES: Sitios de juegos, en línea, o de distribuciones de juegos.
+NAME RU: Игры.
+NAME EN: Games
+NAME FR: Jeux
+NAME IT: Games
+NAME NL: Games
+NAME DE: Spiele
+NAME ES: Juegos
+NAME:   educational_games
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: educational games sites (flash and online games )
+DESC FR: Sites de jeux éducatifs
+DESC RU: Развивающие игры
+DESC ES: Sitios de juegos educativos
+NAME RU: Развивающие игры
+NAME EN: Educational Games
+NAME FR: Jeux éducatifs
+NAME IT: giochi educativi
+NAME NL: educatieve spellen
+NAME DE: Lernspiele
+NAME ES: Juegos educativos
+NAME:   mixed_adult
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Websites which contains adult sections unstructured
+DESC FR: Sites qui contiennent des portions adultes non structurés
+DESC RU: Сайты, которые содержат неструктурированные разделы для взрослых.
+DESC ES: Sitios que contienen secciones para adultos no estructuradas.
+NAME RU: Смесь для взрослых.
+NAME EN: mixed_adult
+NAME FR: Varies_adultes
+NAME IT: mixed_adult
+NAME NL: mixed_adult
+NAME DE: mixed_adult
+NAME ES: Varios Adultos
+NAME:   filehosting
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Websites which host files (pictures, video, ...)
+DESC FR: Sites qui hébergent des contenus (vidéos, images, sons)
+DESC RU: Веб-сайты, которые хостят файлы (картинки, видео, ...).
+DESC ES: Sitios que almacenan ficheros (imagenes, videos, audio...)
+NAME RU: Хостинг файлов.
+NAME EN: filehosting
+NAME FR: hebergement_fichiers
+NAME IT: filehosting
+NAME NL: filehosting
+NAME DE: filehosting
+NAME ES: Almacenamiento de ficheros
+NAME:   reaffected
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Websites which have been reaffected
+DESC FR: Sites qui ont changé de propriétaire et donc de contenu
+DESC RU: Сайты, которые изменили владельца и, поэтому, содержимое.
+DESC ES: Sitios que han cambiado propietario y por tanto el contenido
+NAME RU: Пострадавшие.
+NAME EN: reaffected
+NAME FR: reaffected
+NAME IT: reaffected
+NAME NL: reaffected
+NAME DE: reaffected
+NAME ES: Sitios reutilizados (reaffected)
+NAME:   sexual_education
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Website which talk about sexual education, and can be misdetected as porn
+DESC FR: Sites qui parlent d éducation sexuelle et qui peuvent être détectés comme pornographiques
+DESC RU: Сайты, которые рассказывают о половом воспитании и могут быть ошибочно определены как порно.
+DESC ES: Sitios con contenidos acerca de la educación sexsual, y podrían ser catalogados por error como porno.
+NAME RU: Сексуальное образование.
+NAME EN: sexual_education
+NAME FR: education sexuelle
+NAME IT: sexual_education
+NAME NL: sexual_education
+NAME DE: sexual_education
+NAME ES: educación sexual
+NAME:   shopping
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Any shopping, selling center
+DESC FR: Sites de vente et achat en ligne
+DESC RU: Сайты "купи-продай".
+DESC ES: Sitios de tiendas, compras en línea.
+NAME RU: Шоппинг.
+NAME EN: shopping
+NAME FR: shopping
+NAME IT: shopping
+NAME NL: shopping
+NAME DE: shopping
+NAME ES: compras (shopping)
+NAME:   dating
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Dating, matching site for single person
+DESC FR: Sites de rencontres
+DESC RU: Сайты знакомств.
+DESC ES: Sitios de citas.
+NAME RU: Знакомства.
+NAME EN: dating
+NAME FR: rencontre
+NAME IT: dating
+NAME NL: dating
+NAME DE: dating
+NAME ES: citas
+NAME:   marketingware
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Very special marketing sites
+DESC FR: Sites de marketing très spéciaux
+DESC RU: Очень специальные маркетинговые сайты.
+DESC ES: Sitios de marketing muy especiales
+NAME RU: Маркетинг
+NAME EN: marketingware
+NAME FR: marketingware
+NAME IT: marketingware
+NAME NL: marketingware
+NAME DE: marketingware
+NAME ES: marketingware
+NAME:   astrology
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Astrology
+DESC FR: Astrologie
+DESC RU: Астрология.
+DESC ES: Astrología
+NAME RU: Астрология.
+NAME EN: Astrology
+NAME FR: Astrology
+NAME IT: Astrology
+NAME NL: Astrology
+NAME DE: Astrology
+NAME ES: Astrología
+NAME:   sect
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sect
+DESC FR: Secte
+DESC RU: Секты.
+DESC ES: Sectas
+NAME RU: Секты.
+NAME EN: Sect
+NAME FR: Secte
+NAME IT: Secte
+NAME NL: Secte
+NAME DE: Secte
+NAME ES: Sectas
+NAME:   celebrity
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Famous people, actors, and magazine which talk about them
+DESC FR: Tout ce qui concerne l actualité dite people
+DESC RU: Известные люди, актеры и журналы, которые говорят о них.
+DESC ES: Personajes famosos, actores y sitios relacionados con ellos
+NAME RU: Знаменитости.
+NAME EN: Celebrity
+NAME FR: Celebrite
+NAME IT: Celebrity
+NAME NL: Celebrity
+NAME DE: Celebrity
+NAME ES: Celebridades (Celebrity)
+NAME:   manga
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Any website related to manga, and cartoons
+DESC FR: Tout ce qui est lié à l'univers des mangas et de la bande dessinée
+DESC RU: Любой веб-сайт, связанный с аниме, комиксами и мультфильмами.
+DESC ES: Sitios relacionados con el manga.
+NAME RU: Аниме.
+NAME EN: Manga
+NAME FR: Manga
+NAME IT: Manga
+NAME NL: Manga
+NAME DE: Manga
+NAME ES: Manga
+NAME:   child
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Any website allowed to child (less than 10 years old)
+DESC FR: Tout ce qui est autorisé pour des enfants
+DESC RU: Любой веб-сайт, разрешенный ребенку (до 10 лет).
+DESC ES: Sitos autorizados para niños (menosres de 10 años)
+NAME RU: Ребенок.
+NAME EN: Child
+NAME FR: Enfant
+NAME IT: Bambino
+NAME NL: Child
+NAME DE: Child
+NAME ES: Niños
+NAME:   malware
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Any website which deliver malware
+DESC FR: Tout site qui injecte des malwares
+DESC RU: Любой сайт, который внедряет вредоносные программы.
+DESC ES: Sitios que inyectan programas dañinos (malware)
+NAME RU: Вредоносные программы.
+NAME EN: Malware
+NAME FR: Malware
+NAME IT: Malware
+NAME NL: Malware
+NAME DE: Malware
+NAME ES: Malware
+NAME:   press
+DEFAULT_TYPE:   white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Any press (informational) site
+DESC FR: Tout site de presse d'information
+DESC RU: Любая пресса (информационные сайты).
+DESC ES: Sitios de prensa (información)
+NAME RU: Пресса.
+NAME EN: Press
+NAME FR: Presse
+NAME IT: Press
+NAME NL: Press
+NAME DE: Press
+NAME ES: Prensa
+NAME: chat
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Chat site
+DESC FR: Site de dialogue et conversation en ligne.
+DESC RU: Сайты-чаты, диалоги.
+DESC ES: Sitios de conversación en línea.
+NAME RU: Чаты.
+NAME EN: Chat
+NAME FR: Tchat
+NAME IT: Chat
+NAME NL: Chat
+NAME DE: Chat
+NAME ES: Chat
+NAME: remote-control
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: site which allow remote control of user s dekstop
+DESC FR: Site permettant la prise de contrôle à distance
+DESC RU: Cайты, которые делают возможным удаленное (дистанционное) управление рабочим столом пользователя.
+DESC ES: Sitios que permiten el control remoto del escritorio del usuario.
+NAME RU: Удаленное управление.
+NAME EN: remote-control
+NAME FR: Prise de controle
+NAME IT: remote-control
+NAME NL: remote-control
+NAME DE: remote-control
+NAME ES: control remoto
+NAME: social_networks
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: All social networks sites
+DESC FR: Tous les sites de réseaux sociaux
+DESC RU: Все сайты социальных сетей.
+DESC ES: Sitios de relaciones sociales
+NAME RU: Социальные сети.
+NAME EN: social_networks
+NAME FR: reseaux sociaux
+NAME IT: social_networks
+NAME NL: social_networks
+NAME DE: social_networks
+NAME ES: relaciones sociales
+NAME:   special
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Special sites.
+DESC FR: Sites spéciaux.
+DESC IT: Siti speciali.
+DESC RU: Специальные сайты.
+DESC DE: Spezielle Seiten.
+DESC ES: Sitios especiales.
+NAME EN: Special
+NAME FR: Spécial
+NAME IT: Speciale
+NAME RU: Специально
+NAME DE: Spezial
+NAME ES: Especial
+NAME: jobsearch
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Site to looking for job
+DESC FR: Site pour trouver un emploi
+DESC RU: Сайты о поиске работы.
+DESC ES: Sitios de búsqueda de empleo
+NAME RU: Поиск работы.
+NAME EN: jobsearch
+NAME FR: emploi
+NAME IT: jobsearch
+NAME NL: jobsearch
+NAME DE: jobsearch
+NAME ES: búsqueda de empleo
+NAME: sports
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sports
+DESC FR: Sports
+DESC RU: Спортивные сайты.
+DESC ES: Sitios de deportes
+NAME RU: Спорт.
+NAME EN: sports
+NAME FR: sports
+NAME IT: sports
+NAME NL: sports
+NAME DE: sports
+NAME ES: deportes
+NAME: bank
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Online bank
+DESC FR: Banque en ligne
+DESC RU: Онлайн банки.
+DESC ES: Banca en línea
+NAME RU: Банки.
+NAME EN: bank
+NAME FR: banques
+NAME IT: bank
+NAME NL: bank
+NAME DE: bank
+NAME ES: banca
+NAME: arjel
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: ARJEL which is a french certification authority for gambling sites
+DESC FR: Sites de pari en ligne certifiés par l ARJEL
+DESC RU: Сайты, сертификацированные французским центром ARJEL для сайтов азартных игр.
+DESC ES: ARJEL, que es una certificación francesa para sitios de apuestas en línea.
+NAME RU: ARJEL.
+NAME EN: arjel
+NAME FR: arjel
+NAME IT: arjel
+NAME NL: arjel
+NAME DE: arjel
+NAME ES: arjel
+NAME: cooking
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites for cooking
+DESC FR: Sites de cuisine
+DESC RU: Сайты для приготовления пищи.
+DESC ES: Sitios de cocina
+NAME RU: Приготовление пищи.
+NAME EN: cooking
+NAME FR: cuisine
+NAME IT: cooking
+NAME NL: cooking
+NAME DE: cooking
+NAME ES: cocina (cooking)
+NAME: lingerie
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites for lingerie
+DESC FR: Sites de lingerie
+DESC RU: Сайты дамского белья.
+DESC ES: Sitios de lencería
+NAME RU: Дамское белье.
+NAME EN: lingerie
+NAME FR: lingerie
+NAME IT: lingerie
+NAME NL: lingerie
+NAME DE: lingerie
+NAME ES: lencería
+NAME: translation
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites for translation
+DESC FR: Sites de traduction
+DESC RU: Сайты для перевода.
+DESC ES: Sitios para traducir.
+NAME RU: Перевод.
+NAME EN: translation
+NAME FR: traduction
+NAME IT: translation
+NAME NL: translation
+NAME DE: translation
+NAME ES: traducción
+NAME: bitcoin
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC EN: Sites for bitcoin mining
+DESC FR: Sites de bitcoin
+DESC ES: Sitios de bitcoin
+NAME RU: bitcoin
+NAME EN: bitcoin
+NAME FR: bitcoin
+NAME IT: bitcoin
+NAME NL: bitcoin
+NAME DE: bitcoin
+NAME ES: bitcoin
+NAME: dialer
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC FR: Sites de dialer
+DESC EN: Dialer Sites
+DESC ES: Sitios de marcadores (dialer)
+NAME RU: dialer
+NAME EN: dialer
+NAME FR: dialer
+NAME IT: dialer
+NAME NL: dialer
+NAME DE: dialer
+NAME ES: marcadores (dialer)
+NAME: ddos
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC FR: Sites de déni de services
+DESC EN: DDoS or Stresser Sites
+DESC ES: Sitios de Deny of services (ddos)
+NAME RU: ddos
+NAME EN: ddos
+NAME FR: ddos
+NAME IT: ddos
+NAME NL: ddos
+NAME DE: ddos
+NAME ES: ddos
+NAME: update
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC FR: Sites d'update pour les OS ou les logiciels
+DESC EN: Update sites for software or OS
+NAME RU: update
+NAME EN: update
+NAME FR: update
+NAME IT: update
+NAME NL: update
+NAME DE: update
+NAME ES: update
+NAME: associations_religieuses
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.univ-tlse1.fr
+DESC FR: Sites d'associations religieuses
+DESC EN: religious_association
+NAME RU: религиозное_объединение
+NAME EN: religious_association
+NAME FR: associations_religieuses
+NAME IT: associazione_religiosa
+NAME NL: religieuze_vereniging
+NAME DE: teligionsgemeinschaft
+NAME ES: asociación_religiosa
+NAME: shortener
+DEFAULT_TYPE: white
+SOURCE: http://squidguard.ut-capitole.fr
+DESC FR: Raccoursisseur d'URL
+DESC EN: URLs shortening sites
+NAME RU: shortener
+NAME EN: shortener
+NAME FR: shortener
+NAME IT: shortener
+NAME NL: shortener
+NAME DE: shortener
+NAME ES: shortener
+NAME: cryptojacking
+DEFAULT_TYPE: black
+SOURCE: http://squidguard.ut-capitole.fr
+DESC FR: Site de mining en hijacking
+DESC EN: Mining site by hijacking
+NAME RU: cryptojacking
+NAME EN: cryptojacking
+NAME FR: cryptojacking
+NAME IT: cryptojacking
+NAME NL: cryptojacking
+NAME DE: cryptojacking
+NAME ES: cryptojacking

/conf/etc/alcasar-site-direct
0,0 → 1,0

 /conf/etc/alcasar-services
 ,0 → 1,11
+#icmp -
+#ssh 22
+#smtp 25
+#http 80
+#pop 110
+#imap2 143
+#imap3 220
+#https 443
+#ipp 631
+#pop3s 995
+#imaps 993

/conf/etc/alcasar-iptables-local-mac-filtered
--- etc/alcasar-uamallowed-sample (nonexistent)
+++ etc/alcasar-uamallowed-sample (revision 3194)
@@ -0,0 +1,2 @@
+uamallowed="192.168.10.21"
+uamallowed="172.16.1.0/24"

 /conf/freeradius-web/config.php
 ,0 → 1,113
+<?php
+extract($_GET);
+extract($_POST);
+extract($_COOKIE);
+foreach($_POST as $key => $value){
+        ${$key} = $value;
+}
+# If using sessions set use_session to 1 to also cache the config file
+#
+$use_session = 0;
+unset($config);
+unset($nas_list);
+if ($use_session){
+        // Start session
+        @session_start();
+        if (isset($_SESSION['config']))
+                $config = $_SESSION['config'];
+        if (isset($_SESSION['nas_list']))
+                $nas_list = $_SESSION['nas_list'];
+}
+if (!isset($config)){
+        $ARR=file("/etc/freeradius-web/admin.conf");
+        $EXTRA_ARR = array();
+        foreach($ARR as $val) {
+                $val=chop($val);
+                if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                        continue;
+                list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
+                if (preg_match("/%\{(.+)\}/",$v,$matches)){
+                        $val=$config[$matches[1]];
+                        $v=preg_replace("/%\{$matches[1]\}/",$val,$v);
+                }
+                if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
+                        $nas_list[$matches[1]][$matches[2]] = $v;
+                if ($key == 'INCLUDE'){
+                        if (is_readable($v))
+                                array_push($EXTRA_ARR,file($v));
+                        else
+                                echo "<b>Error: File '$v' does not exist or is not readable</b><br>\n";
+                }
+                else
+                        $config["$key"]="$v";
+        }
+        foreach($EXTRA_ARR as $val1) {
+                foreach($val1 as $val){
+                        $val=chop($val);
+                        if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                                continue;
+                        list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
+                        if (preg_match("/%\{(.+)\}/",$v,$matches)){
+                                $val=$config[$matches[1]];
+                                $v=preg_replace("/%\{$matches[1]\}/",$val,$v);
+                        }
+                        if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
+                                $nas_list[$matches[1]][$matches[2]] = $v;
+                        $config["$key"]="$v";
+                }
+        }
+        if ($use_session){
+                session_register('config');
+                session_register('nas_list');
+        }
+}
+if ($use_session == 0 && $config['general_use_session'] == 'yes'){
+        // Start session
+        @session_start();
+        if (isset($nas_list))
+                session_register('nas_list');
+}
+//Make sure we are only passed allowed strings in username
+if (isset($login)){
+        if ($login != '')
+        {
+                $accent = "âêôûéàèùîáâãäçèéêëìíîïñòóôõöùúûü";
+                $login = preg_replace("/[^\w$accent\.\/\@\:\-]/",'',$login);
+        }
+        if ($login != '' && $config['general_strip_realms'] == 'yes'){
+                $realm_del = ($config['general_realm_delimiter'] != '') ? $config['general_realm_delimiter'] : '@';
+                $realm_for = ($config['general_realm_format'] != '') ? $config['general_realm_format'] : 'suffix';
+                $new = explode($realm_del,$login,2);
+                if (count($new) == 2)
+                        $login = ($realm_for == 'suffix') ? $new[0] : $new[1];
+        }
+}
+unset($mappings);
+if (isset($_SESSION['mappings']))
+        $mappings = $_SESSION['mappings'];
+if (!isset($mappings) && $config['general_username_mappings_file'] != ''){
+        $ARR = file($config['general_username_mappings_file']);
+        foreach($ARR as $val){
+                $val=chop($val);
+                if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                        continue;
+                list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3);
+                if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin')
+                        $mappings["$key"][$realm] = $v;
+                if ($realm == 'nasdb'){
+                        $NAS_ARR = array();
+                        $NAS_ARR = explode(',',$v);
+                        foreach ($nas_list as $key => $nas){
+                                foreach ($NAS_ARR as $nas_check){
+                                        if ($nas_check == $nas['name'])
+                                                unset($nas_list[$key]);
+                                }
+                        }
+                }
+        }
+        if ($config['general_use_session'] == 'yes')
+                session_register('mappings');
+}
+@header('Content-type: text/html; charset='.$config['general_charset'].';');
+?>

 /conf/freeradius-web/sql.attrmap
 ,0 → 1,59
+#
+# A mapping between the attributes used by dialup_admin and the attribute
+# names that will be stored in the SQL database
+#
+# Attributes that are not contained in this file are assumed to be reply
+# items and map to the same name as the one used by dialup_admin
+#
+# Format:
+# checkItem|replyItem   Attribute-In-Dialup-Admin       Attribute-In-SQL
+#
+#
+checkItem       Auth-Type                       Auth-Type
+checkItem       Simultaneous-Use                Simultaneous-Use
+checkItem       Called-Station-Id               Called-Station-Id
+checkItem       Calling-Station-Id              Calling-Station-Id
+checkItem       Dialup-Access                   none
+checkItem       Max-All-Session                 Max-All-Session
+checkItem       Max-Daily-Session               Max-Daily-Session
+checkItem       Max-Weekly-Session              Max-Weekly-Session
+checkItem       Max-Monthly-Session             Max-Monthly-Session
+checkItem       Login-Time                      Login-Time
+checkItem       Expiration                      Expiration
+replyItem       Service-Type                    Service-Type
+replyItem       Framed-Protocol                 Framed-Protocol
+replyItem       Framed-IP-Address               Framed-IP-Address
+replyItem       Framed-IP-Netmask               Framed-IP-Netmask
+replyItem       Framed-Route                    Framed-Route
+replyItem       Framed-Routing                  Framed-Routing
+replyItem       Filter-Id                       Filter-Id
+replyItem       Framed-MTU                      Framed-MTU
+replyItem       Framed-Compression              Framed-Compression
+replyItem       Login-IP-Host                   Login-IP-Host
+replyItem       Login-Service                   Login-Service
+replyItem       Login-TCP-Port                  Login-TCP-Port
+replyItem       Callback-Number                 Callback-Number
+replyItem       Callback-Id                     Callback-Id
+replyItem       Framed-IPX-Network              Framed-IPX-Network
+replyItem       Class                           Class
+replyItem       Session-Timeout                 Session-Timeout
+replyItem       Idle-Timeout                    Idle-Timeout
+replyItem       Termination-Action              Termination-Action
+replyItem       Login-LAT-Service               Login-LAT-Service
+replyItem       Login-LAT-Node                  Login-LAT-Node
+replyItem       Login-LAT-Group                 Login-LAT-Group
+replyItem       Framed-AppleTalk-Link           Framed-AppleTalk-Link
+replyItem       Framed-AppleTalk-Network        Framed-AppleTalk-Network
+replyItem       Framed-AppleTalk-Zone           Framed-AppleTalk-Zone
+replyItem       Port-Limit                      Port-Limit
+replyItem       Login-LAT-Port                  Login-LAT-Port
+replyitem       Reply-Message                   Reply-Message
+replyItem       Dialup-Lock-Msg                 Reply-Message
+replyItem       User-Password                   User-Password
+replyItem       WISPr-Redirection-URL           WISPr-Redirection-URL
+checkItem       Alcasar-Expire-After            Alcasar-Expire-After
+checkItem       CoovaChilli-Max-Total-Octets-Daily      CoovaChilli-Max-Total-Octets-Daily
+checkItem       CoovaChilli-Max-Total-Octets-Monthly    CoovaChilli-Max-Total-Octets-Monthly
+checkItem       CoovaChilli-Max-Total-Octets    CoovaChilli-Max-Total-Octets

 /conf/freeradius-web/user_edit.attrs
 ,0 → 1,65
+#
+#       Attributes which will be visible in the user/group edit pages
+#       File from free-radiusweb project.
+#       Addons for ALCASAR by Steweb and Rexy
+#
+#       Format: Attribute       Comment
+#
+Expiration                      <a href="help/expiration_help.html" target=lt_help onclick=window.open("help/expiration_help.html","lt_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Expiration Help Page"><font color="blue">Date d'expiration</font></a>
+Simultaneous-Use                <a href="help/simultaneous_use_help.html" target=su_help onclick=window.open("help/simultaneous_use_help.html","su_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Simultaneous Use Help Page"><font color="blue">Nombre de sessions simultan&eacute;es</font></a>
+Alcasar-Expire-After                    <a href="help/max_all_session_help.html" target=st_help onclick=window.open("help/max_all_session_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Max connection Time Help Page"><font color="blue">Dur&eacute;e totale de connexion autoris&eacute;e</font></a><BR>(en secondes)
+Session-Timeout                 <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Dur&eacute;e maximale d'une session</font></a><BR>(en secondes)
+Max-All-Session                 <a href="help/max_all_session_help.html" target=st_help onclick=window.open("help/max_all_session_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Max connection Time Help Page"><font color="blue">Dur&eacute;e totale de connexion autoris&eacute;e</font></a><BR>(en secondes)
+Max-Monthly-Session             <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Dur&eacute;e limite mensuelle</font></a><BR>(en secondes)
+#Max-Weekly-Session             Weekly Limit (secs)
+Max-Daily-Session               <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Dur&eacute;e limite journali&egrave;re</font></a><BR>(en secondes)
+Login-Time                      <a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue">P&eacute;riode hebdomadaire</font></a>
+#CoovaChilli-Max-Input-Octets   <a href="help/coovachilli_max_input_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_input_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Input Octets Help Page"><font color="blue">Nombre d'octets max. en &eacute;mission</font></a><BR>(en octets)
+#CoovaChilli-Max-Output-Octets  <a href="help/coovachilli_max_output_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_output_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Output Octets Help Page"><font color="blue">Nombre d'octets max. en r&eacute;ception</font></a><BR>(en octets)
+CoovaChilli-Max-Total-Octets    <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Help Page"><font color="blue">Nombre d'octets max. total transmit</font></a><BR>(en octets)
+CoovaChilli-Max-Total-Octets-Monthly    <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Monthly Help Page"><font color="blue">Nombre d'octets max. total transmit par mois</font></a><BR>(en octets)
+CoovaChilli-Max-Total-Octets-Daily      <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Daily Help Page"><font color="blue">Nombre d'octets max. total transmit par jour</font></a><BR>(en octets)
+CoovaChilli-Bandwidth-Max-Up    <a href="help/coovachilli_bandwidth_max_up_help.html" target=st_help onclick=window.open("help/coovachilli_bandwidth_max_up_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Up Help Page"><font color="blue">Bande passante montante max.</font></a><BR>(en kbits/seconde)
+CoovaChilli-Bandwidth-Max-Down  <a href="help/coovachilli_bandwidth_max_down_help.html" target=st_help onclick=window.open("help/coovachilli_bandwidth_max_down_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Down Help Page"><font color="blue">Bande passante descendante max.</font></a><BR>(en kbits/seconde)
+WISPr-Redirection-URL           <a href="help/wispr_redirection_url_help.html" target=st_help onclick=window.open("help/wispr_redirection_url_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Down Help Page"><font color="blue">URL de redirection</font></a><BR>
+#
+##Auth-Type                     <a href="help/auth_type_help.html" target=su_help onclick=window.open("help/auth_type_help.html","su_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Auth-Type Help Page"><font color="blue">Auth-Type</font></a>
+#Framed-Protocol                <a href="help/framed_protocol_help.html" target=fpr_help onclick=window.open("help/framed_protocol_help.htlml","fpr_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-Protocol Help PPage"><font color="blue">Protocol</font></a>
+#Framed-IP-Address              <a href="help/framed_ip_address_help.html" target=fia_help onclick=window.open("help/framed_ip_address_help.html","fia_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-IP-Address Help Page"><font color="blue">IP Address</font></a>
+#Framed-IP-Netmask              IP Netmask
+#Framed-Route                   Route
+#Framed-Routing
+#Filter-Id                      <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a>
+#Framed-MTU                     <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a>
+#Framed-Compression             <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a>
+#Service-Type                   <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a>
+#Login-IP-Host
+#Login-Service
+#Login-TCP-Port
+#Callback-Number                <a href="help/callback_number_help.html" target=fid_help onclick=window.open("help/callback_number_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-Number Help Page"><font color="blue">Callback-Number</font></a>
+#Callback-Id                    <a href="help/callback_id_help.html" target=fid_help onclick=window.open("help/callback_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-ID Help Page"><font color="blue">Callback-ID</font></a>
+#Framed-IPX-Network
+#Class                          <a href="help/class_help.html" target=fid_help onclick=window.open("help/class_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Class Help Page"><font color="blue">Class</font></a>
+#Idle-Timeout                   <a href="help/idle_timeout_help.html" target=it_help onclick=window.open("help/idle_timeout_help.html","it_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Idle Timeout Help Page"><font color="blue">Idle Timeout</font></a>
+#Termination-Action
+#Login-LAT-Service
+#Login-LAT-Node
+#Login-LAT-Group
+#Framed-AppleTalk-Link
+#Framed-AppleTalk-Network
+#Framed-AppleTalk-Zone
+#Port-Limit                     <a href="help/port_limit_help.html" target=pl_help onclick=window.open("help/port_limit_help.html","pl_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Port Limit Help Page"><font color="blue">Port Limit</font></a>
+#Login-LAT-Port
+#Dialup-Access                  <a href="help/dialup_access_help.html" target=da_help onclick=window.open("help/dialup_access_help.html","da_help","width=560,height=200,toolbar=no,scrollbars=no,resizable=yes") title="Dialup Access Help Page"><font color="blue">Dialup Access (use FALSE to lock)</font></a>
+#Dialup-Lock-Msg                <a href="help/lock_message_help.html" target=lm_help onclick=window.open("help/lock_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Lock Message Help Page"><font color="blue">Lock Message</font></a>
+#Reply-Message                  <a href="help/reply_message_help.html" target=lm_help onclick=window.open("help/reply_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Reply-Message Help Page"><font color="blue">Reply-Message</font></a>
+#Login-Time                     <a href="login_time_create.php?val=$name1&first=yes" target=lt_create onclick=window.open("login_time_create.php?val=$name1&first=yes","lt_create","width=600,height=490,toolbar=no,scrollbars=yes,resizable=yes") title="Login-Time Creation Page"><font color="blue">P&eacute;riode hebdomadaire</font></a><a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue"><BR>(Format UUCP)</font></a>
+#
+# Uncomment this if you are using ldap and you are using user regular profiles.
+# Also make sure that Regular-Profile maps to the correct ldap attribute in
+# extra.ldap-attrmap
+#
+#Regular-Profile                User Regular Profile DN
+Alcasar-Filter                  <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a>
+Alcasar-Protocols-Filter                <a href="help/protocols_help.html" target=help onclick=window.open("help/protocols_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Protocol filtering Help Page"><font color="blue">Protocol filtering</font></a>
+Alcasar-Status-Page-Must-Stay-Open      <a href="help/statusOpenRequired_help.html" target=help onclick=window.open("help/statusOpenRequired_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Status open required Help Page"><font color="blue">Status open required</font></a>

 /conf/freeradius-web/admin.conf.orig
 ,0 → 1,351
+#
+# Main Configuration File
+#
+# it can be default or whatever language. Only greek are supported
+# from non latin alphabet languages
+# These attribute only apply for ldap not for sql
+#
+general_prefered_lang: en
+general_prefered_lang_name: English
+#
+# The charset which will be added as a meta tag in all pages
+#
+general_charset: iso-8859-1
+#
+# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
+# are utf8 encoded.
+#
+#general_decode_normal_attributes: yes
+#
+# The directory where dialupadmin is installed
+#
+general_base_dir: /usr/share/freeradius-web
+#
+# The base directory of the freeradius radius installation
+#
+general_radiusd_base_dir: /usr
+general_domain: company.com
+#
+# Set it to yes to use sessions and cache the various mappings
+# You can also set use_session = 1 in config.php to also cache
+# the admin.conf
+#
+# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
+#Remember to use the 'Clear Cache' page if you use sessions and do any changes
+#in any of the configuration files.
+#
+general_use_session: no
+#
+# This is used by the failed logins page. It states the default back time
+# in minutes.
+#
+general_most_recent_fl: 30
+#
+# Realm setup
+#
+# Set general_strip_realms to yes in order  to stip realms from usernames.
+# By default realms are not striped
+#general_strip_realms: yes
+#
+# The delimiter used  in realms. Default is @
+#
+general_realm_delimiter: @
+#
+# The format of the realms. Can be either suffix (realm is after the username)
+# or prefix (realm is before the username). Default is suffix
+#
+general_realm_format: suffix
+#
+#
+# Determines if the administrator will be able to see and change the user password through
+# the user edit page
+general_show_user_password: yes
+general_raddb_dir: /etc/raddb
+general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
+# Need to fix admin.conf file parser
+#general_clients_conf: %{general_raddb_dir}/clients.conf
+general_clients_conf: /etc/raddb/clients.conf
+general_sql_attrmap: /etc/freeradius-web/sql.attrmap
+general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs
+general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap
+general_username_mappings_file: /etc/freeradius-web/username.mappings
+#
+# it can be either ldap or sql
+# This affects the user base not accounting. Accounting is always in sql
+#
+general_lib_type: sql
+#
+# Define which attributes will be visible in the user edit page
+#
+general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs
+#
+# Used by the Accounting Report Generator
+#
+general_sql_attrs_file: /etc/freeradius-web/sql.attrs
+#
+# Set default values for various attributes
+#
+general_default_file: /etc/freeradius-web/default.vals
+#general_ld_library_path: /usr/local/snmpd/lib
+#
+# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
+# querying the nas
+# This is used by the online users page
+#
+general_finger_type: snmp
+#
+# Defines the nas type. This is only used by snmpfinger
+# cisco, usrhiper and lucent are supported for now
+#
+general_nas_type: cisco
+general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
+#
+# Used by the 'Disconnect User' button in the Clear Open Sessions page
+# Uses the Cisco AAA Session MIB or a telnet session
+#
+general_sessionclear_bin: %{general_base_dir}/bin/clearsession
+#
+# Can be one of telnet or snmp
+#
+general_sessionclear_method: snmp
+general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
+#
+# this information is used from the server check page
+#
+general_test_account_login: test
+general_test_account_password: testpass
+#
+# These are used as default values for the user test page
+#
+general_radius_server: localhost
+general_radius_server_port: 1812
+#
+# can be either pap or chap
+#
+general_radius_server_auth_proto: pap
+#
+# sorry, single valued for now. Should become something like
+# password[server-name]: xxxxx
+#
+general_radius_server_secret: XXXXXX
+general_auth_request_file: /etc/freeradius-web/auth.request
+#
+# can be one of crypt,md5,clear
+#
+general_encryption_method: crypt
+#
+# can be either asc (older dates first) or desc (recent dates first)
+# This is used in the user accounting and badusers pages
+#
+general_accounting_info_order: desc
+#
+# Use the totacct table in the user statistics page instead of the radacct
+# table. That will make the page run quicker. totacct should have data for
+# this to work :-)
+#
+general_stats_use_totacct: no
+#
+# If set to yes then we only allow each administrator to examine it's own entries
+# in the badusers table
+#
+general_restrict_badusers_access: no
+#
+# If set to yes then we restrict access to the nas administration page only to those
+# users which are allowed by their username mapping (nasadmin is set to yes)
+#
+general_restrict_nasadmin_access: no
+INCLUDE: /etc/freeradius-web/naslist.conf
+INCLUDE: /etc/freeradius-web/captions.conf
+#
+# The ldap server to connect to.
+# Both ldap_server and ldap_write_server can be a space-separated
+# list of ldap hostnames. In that case the library will try to connect
+# to the servers in the order that they appear. If the first host is down
+# ldap_connect will ask for the second ldap host and so on.
+#
+ldap_server: ldap.%{general_domain}
+#
+# There are many cases where we have a small write master and
+# a lot of fast read only replicas. If that is the case uncomment
+# ldap_write_server and point it to the write master. It will be
+# used only when writing to the directory, not when reading
+#
+#ldap_write_server: master.%{general_domain}
+ldap_base: dc=company,dc=com
+ldap_binddn: cn=Directory Manager
+ldap_bindpw: XXXXXXX
+ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
+ldap_default_dn: uid=default-dialup,%{ldap_base}
+ldap_regular_profile_attr: dialupregularprofile
+#
+# If set to yes then the HTTP credentials (http authentication)
+# will be used to bind to the ldap server instead of ldap_binddn
+# and ldap_bindpw. That way multiple admins with different rights
+# on the ldap database can connect through one dialup_admin interface.
+# The ldap_binddn and ldap_bindpw are still needed to find the DN
+# to bind with (http authentication will only provide us with a
+# username). As a result the ldap_binddn should be able to do a search
+# with a filter of (uid=<username>). Normally, the anonymous (empty DN)
+# user can do that.
+#ldap_use_http_credentials: yes
+#
+# If we are using http credentials we can map a specific username to the
+# directory manager (which usually does not correspond to a specific username)
+#
+#ldap_directory_manager: cn=Directory Manager
+#ldap_map_to_directory_manager: admin
+#
+# Uncomment to enable ldap debug
+#
+ldap_debug: true
+#
+# Allow for defining the ldap filter used when searching for a user
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+# %mu: mappings for userdb
+# %ma: mappings for accounting
+# %mn: mappings for nasdb
+# %mN: mappings for nas administration
+#
+# One use of this would be to restrict access to only the user's belonging to
+# a specific administrator like this:
+# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
+#
+#ldap_filter: (uid=%u)
+#
+# If ldap_userdn is set then we use that for user dns, we don't perform an ldap
+# search. This can be somewhat faster. The variables supported for ldap_filter
+# are also supported here
+#
+#ldap_userdn: uid=%u,%{ldap_base}
+#
+# can be one of mysql,pg,oracle,sqlrelay where:
+# mysq: MySQL database (port 3306)
+# pg: PostgreSQL database (port 5432)
+# oracle: Oracle database (port 1521)
+# sqlrelay: SQL Relay
+#
+sql_type: mysql
+sql_server: localhost
+sql_port: 3306
+sql_username: dialup_admin
+sql_password: XXXXXX
+sql_database: radius
+sql_accounting_table: radacct
+sql_badusers_table: badusers
+sql_check_table: radcheck
+sql_reply_table: radreply
+sql_user_info_table: userinfo
+sql_groupcheck_table: radgroupcheck
+sql_groupreply_table: radgroupreply
+sql_usergroup_table: radusergroup
+sql_total_accounting_table: totacct
+sql_nas_table: nas
+#
+# If set to true then we show all the available groups with the groups
+# that the user is a member of highlighted in the user edit page.
+# Otherwise we only show the groups he is a member of.
+sql_show_all_groups: true
+#
+# This variable is used by the scripts in the bin folder
+# It should contain the path to the sql binary used to run
+# sql commands (mysql, psql, oracle and sqlrelay are only supported for now)
+sql_command: /usr/bin/mysql
+#sql_command: /usr/bin/psql
+#sql_command: /usr/bin/sqlplus
+#
+# This variable is used by the scripts in the bin folder
+# It should contain the snmp type and  path to the binary
+# used to run snmp commands.
+# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
+general_snmp_type: net
+general_snmpwalk_command: /usr/bin/snmpwalk
+general_snmpget_command: /usr/bin/snmpget
+#
+# Uncomment to enable sql debug
+#
+sql_debug: true
+#
+# If set to yes then the HTTP credentials (http authentication)
+# will be used to connect to the sql server instead of sql_username
+# and sql_password. That way multiple admins with different rights
+# on the sql database can connect through one dialup_admin interface.
+#sql_use_http_credentials: yes
+#
+# If set the query will be added to all of the queries on the accounting
+# table
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+# %mu: mappings for userdb
+# %ma: mappings for accounting
+# %mn: mappings for nasdb
+# %mN: mappings for nas administration
+#sql_accounting_extra_query: %ma
+#
+# true or false
+#
+sql_use_user_info_table: true
+sql_use_operators: true
+#
+# Set this to the value of the default_user_profile in your
+# sql.conf if that one is set. If it is not set leave blank
+# or commented out
+#sql_default_user_profile: DEFAULT
+#
+#
+sql_password_attribute: User-Password
+sql_date_format: Y-m-d
+sql_full_date_format: Y-m-d H:i:s
+#
+# Used in the accounting report generator so that we
+# don't return too many results
+#
+sql_row_limit: 40
+#
+# These options are used by the log_badlogins script and by the
+# mysql driver
+#
+# Set the sql connect timeout (secs)
+sql_connect_timeout: 3
+# Give a space separated list of extra mysql servers to connect to when
+# logging bad logins or adding users in the badusers table
+#sql_extra_servers: sql2.company.com sql3.company.com
+#
+# Default values for the various user limits in case the counter module
+# is used to impose such limits.
+# The value should be the user limit in seconds or none for nothing
+# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are
+# using sql or ldap) for per user attributes. The mapping should be made to
+# the attributes configured in the counter module. The attributes used by
+# dialupadmin will always be the ones appearing in the attribute mapping files
+# so you should make sure they are mapped to the correct attributes
+#
+#counter_default_daily: 14400
+#counter_default_weekly: 72000
+counter_default_daily: none
+counter_default_weekly: none
+counter_default_monthly: none
+#
+# Since calculating monthly usage can be quite expensive we make
+# it configurable
+# This is not needed if the monthly limit is not none
+#counter_monthly_calculate_usage: true
+# some of the date/time related functions need to know what timezone we are in
+timezone: Europe/Luxembourg

 /conf/freeradius-web/config.php.orig
 ,0 → 1,117
+<?php
+#
+# Things should work even if register_globals is set to off
+#
+$testVer=intval(str_replace(".", "",'4.1.0'));
+$curVer=intval(str_replace(".", "",phpversion()));
+if( $curVer >= $testVer )
+        import_request_variables('GPC');
+# If using sessions set use_session to 1 to also cache the config file
+#
+$use_session = 0;
+unset($config);
+unset($nas_list);
+if ($use_session){
+        // Start session
+        @session_start();
+        if (isset($_SESSION['config']))
+                $config = $_SESSION['config'];
+        if (isset($_SESSION['nas_list']))
+                $nas_list = $_SESSION['nas_list'];
+}
+if (!isset($config)){
+        $ARR=file("/etc/freeradius-web/admin.conf");
+        $EXTRA_ARR = array();
+        foreach($ARR as $val) {
+                $val=chop($val);
+                if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                        continue;
+                list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
+                if (preg_match("/%\{(.+)\}/",$v,$matches)){
+                        $val=$config[$matches[1]];
+                        $v=preg_replace("/%\{$matches[1]\}/",$val,$v);
+                }
+                if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
+                        $nas_list[$matches[1]][$matches[2]] = $v;
+                if ($key == 'INCLUDE'){
+                        if (is_readable($v))
+                                array_push($EXTRA_ARR,file($v));
+                        else
+                                echo "<b>Error: File '$v' does not exist or is not readable</b><br>\n";
+                }
+                else
+                        $config["$key"]="$v";
+        }
+        foreach($EXTRA_ARR as $val1) {
+                foreach($val1 as $val){
+                        $val=chop($val);
+                        if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                                continue;
+                        list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
+                        if (preg_match("/%\{(.+)\}/",$v,$matches)){
+                                $val=$config[$matches[1]];
+                                $v=preg_replace("/%\{$matches[1]\}/",$val,$v);
+                        }
+                        if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
+                                $nas_list[$matches[1]][$matches[2]] = $v;
+                        $config["$key"]="$v";
+                }
+        }
+        if ($use_session){
+                session_register('config');
+                session_register('nas_list');
+        }
+}
+if ($use_session == 0 && $config[general_use_session] == 'yes'){
+        // Start session
+        @session_start();
+        if (isset($nas_list))
+                session_register('nas_list');
+}
+//Make sure we are only passed allowed strings in username
+if ($login != '')
+        $login = preg_replace("/[^\w\.\/\@\:\-]/",'',$login);
+if ($login != '' && $config[general_strip_realms] == 'yes'){
+        $realm_del = ($config[general_realm_delimiter] != '') ? $config[general_realm_delimiter] : '@';
+        $realm_for = ($config[general_realm_format] != '') ? $config[general_realm_format] : 'suffix';
+        $new = explode($realm_del,$login,2);
+        if (count($new) == 2)
+                $login = ($realm_for == 'suffix') ? $new[0] : $new[1];
+}
+unset($mappings);
+if (isset($_SESSION['mappings']))
+        $mappings = $_SESSION['mappings'];
+if (!isset($mappings) && $config[general_username_mappings_file] != ''){
+        $ARR = file($config[general_username_mappings_file]);
+        foreach($ARR as $val){
+                $val=chop($val);
+                if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
+                        continue;
+                list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3);
+                if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin')
+                        $mappings["$key"][$realm] = $v;
+                if ($realm == 'nasdb'){
+                        $NAS_ARR = array();
+                        $NAS_ARR = preg_split('/,/',$v);
+                        foreach ($nas_list as $key => $nas){
+                                foreach ($NAS_ARR as $nas_check){
+                                        if ($nas_check == $nas[name])
+                                                unset($nas_list[$key]);
+                                }
+                        }
+                }
+        }
+        if ($config[general_use_session] == 'yes')
+                session_register('mappings');
+}
+date_default_timezone_set($config[timezone]);
+//Include missing.php if needed
+if (!function_exists('array_change_key_case'))
+        include_once('../lib/missing.php');
+@header('Content-type: text/html; charset='.$config[general_charset].';');
+?>

 /conf/freeradius-web/sql.attrs
 ,0 → 1,30
+# Used by the Accounting Report Generator page
+#
+# Mysql attributes              Description             Show    Use function
+#
+RadAcctId                       Accounting Id           no
+AcctSessionId                   Session Id              no
+AcctUniqueId                    Unique Id               no
+UserName                        User Name               yes
+GroupName                       Group Name              yes
+Realm                           Realm                   no
+NASIPAddress                    Nas IP Address          no
+NASPortId                       Nas Port                no
+NASPortType                     NAS Port Type           no
+AcctStartTime                   Login Time              yes
+AcctStopTime                    Logout Time             yes
+AcctSessionTime                 Session Time            yes     time2str
+AcctAuthentic                   AcctAuthentic           no
+ConnectInfo_start               Start Connect Info      no
+ConnectInfo_stop                Stop Connect Info       no
+AcctInputOctets                 Upload                  yes     bytes2str
+AcctOutputOctets                Download                yes     bytes2str
+CalledStationId                 CalledStationId         no
+CallingStationId                Caller Id               no
+AcctTerminateCause              Terminate Cause         no
+ServiceType                     Service Type            no
+FramedProtocol                  Protocol                no
+FramedIPAddress                 Client IP Address       yes
+AcctStartDelay                  Accounting Start Delay  no      time2str
+AcctStopDelay                   Accounting Stop Delay   no      time2str
+XAscendSessionSvrKey            X Ascend SessionSVR     no

 /conf/freeradius-web/sql.attrs.orig
 ,0 → 1,28
+# Used by the Accounting Report Generator page
+#
+# Mysql attributes              Description             Show    Use function
+#
+RadAcctId                       Accounting Id           no
+AcctSessionId                   Session Id              no
+AcctUniqueId                    Unique Id               no
+UserName                        User Name               yes
+Realm                           Realm                   no
+NASIPAddress                    NAS IP Address          yes
+NASPortId                       NAS Port                yes
+NASPortType                     NAS Port Type           no
+AcctStartTime                   Login Time              yes
+AcctStopTime                    Logout Time             yes
+AcctSessionTime                 Session Time            yes     time2str
+AcctAuthentic                   AcctAuthentic           no
+ConnectInfo_start               Start Connect Info      no
+ConnectInfo_stop                Stop Connect Info       no
+AcctInputOctets                 Upload                  yes     bytes2str
+AcctOutputOctets                Download                yes     bytes2str
+CalledStationId                 CalledStationId         no
+CallingStationId                Caller Id               no
+AcctTerminateCause              Terminate Cause         no
+ServiceType                     Service Type            no
+FramedProtocol                  Protocol                no
+FramedIPAddress                 Client IP Address       yes
+AcctStartDelay                  Accounting Start Delay  no      time2str
+AcctStopDelay                   Accounting Stop Delay   no      time2str

 /conf/freeradius-web/user_edit.attrs.orig
 ,0 → 1,49
+#
+#       Attributes which will be visible in the user/group edit pages
+#
+#       Format: Attribute       Comment
+#
+#
+#Auth-Type                      <a href="help/auth_type_help.html" target=su_help onclick=window.open("help/auth_type_help.html","su_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Auth-Type Help Page"><font color="blue">Auth-Type</font></a>
+#Simultaneous-Use               <a href="help/simultaneous_use_help.html" target=su_help onclick=window.open("help/simultaneous_use_help.html","su_help","width=560,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Simultaneous Use Help Page"><font color="blue">Simultaneous Use</font></a>
+Framed-Protocol                 <a href="help/framed_protocol_help.html" target=fpr_help onclick=window.open("help/framed_protocol_help.htlml","fpr_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-Protocol Help PPage"><font color="blue">Protocol</font></a>
+Framed-IP-Address               <a href="help/framed_ip_address_help.html" target=fia_help onclick=window.open("help/framed_ip_address_help.html","fia_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-IP-Address Help Page"><font color="blue">IP Address</font></a>
+Framed-IP-Netmask               IP Netmask
+#Framed-Route           Route
+#Framed-Routing
+#Filter-Id                      <a href="help/filter_id_help.html" target=fid_help onclick=window.open("help/filter_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Filter-ID Help Page"><font color="blue">Filter ID</font></a>
+Framed-MTU                      <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a>
+Framed-Compression              <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a>
+Service-Type                    <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a>
+#Login-IP-Host
+#Login-Service
+#Login-TCP-Port
+#Callback-Number        <a href="help/callback_number_help.html" target=fid_help onclick=window.open("help/callback_number_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-Number Help Page"><font color="blue">Callback-Number</font></a>
+#Callback-Id    <a href="help/callback_id_help.html" target=fid_help onclick=window.open("help/callback_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-ID Help Page"><font color="blue">Callback-ID</font></a>
+#Framed-IPX-Network
+#Class  <a href="help/class_help.html" target=fid_help onclick=window.open("help/class_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Class Help Page"><font color="blue">Class</font></a>
+Session-Timeout                 <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Session Timeout</font></a>
+Idle-Timeout                    <a href="help/idle_timeout_help.html" target=it_help onclick=window.open("help/idle_timeout_help.html","it_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Idle Timeout Help Page"><font color="blue">Idle Timeout</font></a>
+#Termination-Action
+#Login-LAT-Service
+#Login-LAT-Node
+#Login-LAT-Group
+#Framed-AppleTalk-Link
+#Framed-AppleTalk-Network
+#Framed-AppleTalk-Zone
+Port-Limit                      <a href="help/port_limit_help.html" target=pl_help onclick=window.open("help/port_limit_help.html","pl_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Port Limit Help Page"><font color="blue">Port Limit</font></a>
+#Login-LAT-Port
+#Dialup-Access                  <a href="help/dialup_access_help.html" target=da_help onclick=window.open("help/dialup_access_help.html","da_help","width=560,height=200,toolbar=no,scrollbars=no,resizable=yes") title="Dialup Access Help Page"><font color="blue">Dialup Access (use FALSE to lock)</font></a>
+Dialup-Lock-Msg                 <a href="help/lock_message_help.html" target=lm_help onclick=window.open("help/lock_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Lock Message Help Page"><font color="blue">Lock Message</font></a>
+#Reply-Message  <a href="help/reply_message_help.html" target=lm_help onclick=window.open("help/reply_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Reply-Message Help Page"><font color="blue">Reply-Message</font></a>
+#Max-Daily-Session              Daily Limit (secs)
+#Max-Weekly-Session             Weekly Limit (secs)
+#Max-Monthly-Session            Monthly Limit (secs)
+#Login-Time                     <a href="login_time_create.php?val=$name1&first=yes" target=lt_create onclick=window.open("login_time_create.php?val=$name1&first=yes","lt_create","width=600,height=490,toolbar=no,scrollbars=yes,resizable=yes") title="Login-Time Creation Page"><font color="blue">User Login Period </font></a>(<a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue">UUCP </font></a>Format)
+#Expiration                     <a href="help/expiration_help.html" target=lt_help onclick=window.open("help/expiration_help.html","lt_help","width=600,height=180,toolbar=no,scrollbars=no,resizable=yes") title="Expiration Help Page"><font color="blue">User Expiration Date</font></a>
+#
+# Uncomment this if you are using ldap and you are using user regular profiles.
+# Also make sure that Regular-Profile maps to the correct ldap attribute in
+# extra.ldap-attrmap
+#
+#Regular-Profile                User Regular Profile DN

 /conf/freeradius-web/admin.conf
 ,0 → 1,351
+#
+# Main Configuration File
+#
+# it can be default or whatever language. Only greek are supported
+# from non latin alphabet languages
+# These attribute only apply for ldap not for sql
+#
+general_prefered_lang: en
+general_prefered_lang_name: English
+#
+# The charset which will be added as a meta tag in all pages
+#
+general_charset: utf-8
+#
+# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
+# are utf8 encoded.
+#
+#general_decode_normal_attributes: yes
+#
+# The directory where dialupadmin is installed
+#
+general_base_dir: /usr/share/freeradius-web
+#
+# The base directory of the freeradius radius installation
+#
+general_radiusd_base_dir: /usr
+general_domain: localdomain
+#
+# Set it to yes to use sessions and cache the various mappings
+# You can also set use_session = 1 in config.php to also cache
+# the admin.conf
+#
+# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
+#Remember to use the 'Clear Cache' page if you use sessions and do any changes
+#in any of the configuration files.
+#
+general_use_session: no
+#
+# This is used by the failed logins page. It states the default back time
+# in minutes.
+#
+general_most_recent_fl: 30
+#
+# Realm setup
+#
+# Set general_strip_realms to yes in order  to stip realms from usernames.
+# By default realms are not striped
+general_strip_realms: no
+#
+# The delimiter used  in realms. Default is @
+#
+general_realm_delimiter: @
+#
+# The format of the realms. Can be either suffix (realm is after the username)
+# or prefix (realm is before the username). Default is suffix
+#
+general_realm_format: suffix
+#
+#
+# Determines if the administrator will be able to see and change the user password through
+# the user edit page
+general_show_user_password: yes
+general_raddb_dir: /etc/raddb
+general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
+# Need to fix admin.conf file parser
+#general_clients_conf: %{general_raddb_dir}/clients.conf
+general_clients_conf: /etc/raddb/clients.conf
+general_sql_attrmap: /etc/freeradius-web/sql.attrmap
+general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs
+general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap
+general_username_mappings_file: /etc/freeradius-web/username.mappings
+#
+# it can be either ldap or sql
+# This affects the user base not accounting. Accounting is always in sql
+#
+general_lib_type: sql
+#
+# Define which attributes will be visible in the user edit page
+#
+general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs
+#
+# Used by the Accounting Report Generator
+#
+general_sql_attrs_file: /etc/freeradius-web/sql.attrs
+#
+# Set default values for various attributes
+#
+general_default_file: /etc/freeradius-web/default.vals
+#general_ld_library_path: /usr/local/snmpd/lib
+#
+# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
+# querying the nas
+# This is used by the online users page
+#
+# general_finger_type: snmp
+#
+# Defines the nas type. This is only used by snmpfinger
+# cisco, usrhiper and lucent are supported for now
+#
+general_nas_type: cisco
+general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
+#
+# Used by the 'Disconnect User' button in the Clear Open Sessions page
+# Uses the Cisco AAA Session MIB or a telnet session
+#
+general_sessionclear_bin: %{general_base_dir}/bin/clearsession
+#
+# Can be one of telnet or snmp
+#
+general_sessionclear_method: snmp
+general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
+#
+# this information is used from the server check page
+#
+general_test_account_login: test
+general_test_account_password: testpass
+#
+# These are used as default values for the user test page
+#
+general_radius_server: localhost
+general_radius_server_port: 1812
+#
+# can be either pap or chap
+#
+general_radius_server_auth_proto: pap
+#
+# sorry, single valued for now. Should become something like
+# password[server-name]: xxxxx
+#
+general_radius_server_secret: XXXXXX
+general_auth_request_file: /etc/freeradius-web/auth.request
+#
+# can be one of crypt,md5,clear
+#
+general_encryption_method: crypt
+#
+# can be either asc (older dates first) or desc (recent dates first)
+# This is used in the user accounting and badusers pages
+#
+general_accounting_info_order: desc
+#
+# Use the totacct table in the user statistics page instead of the radacct
+# table. That will make the page run quicker. totacct should have data for
+# this to work :-)
+#
+general_stats_use_totacct: yes
+#
+# If set to yes then we only allow each administrator to examine it's own entries
+# in the badusers table
+#
+general_restrict_badusers_access: no
+#
+# If set to yes then we restrict access to the nas administration page only to those
+# users which are allowed by their username mapping (nasadmin is set to yes)
+#
+general_restrict_nasadmin_access: no
+INCLUDE: /etc/freeradius-web/naslist.conf
+INCLUDE: /etc/freeradius-web/captions.conf
+#
+# The ldap server to connect to.
+# Both ldap_server and ldap_write_server can be a space-separated
+# list of ldap hostnames. In that case the library will try to connect
+# to the servers in the order that they appear. If the first host is down
+# ldap_connect will ask for the second ldap host and so on.
+#
+ldap_server: ldap.%{general_domain}
+#
+# There are many cases where we have a small write master and
+# a lot of fast read only replicas. If that is the case uncomment
+# ldap_write_server and point it to the write master. It will be
+# used only when writing to the directory, not when reading
+#
+#ldap_write_server: master.%{general_domain}
+ldap_base: dc=company,dc=com
+ldap_binddn: cn=Directory Manager
+ldap_bindpw: XXXXXXX
+ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
+ldap_default_dn: uid=default-dialup,%{ldap_base}
+ldap_regular_profile_attr: dialupregularprofile
+#
+# If set to yes then the HTTP credentials (http authentication)
+# will be used to bind to the ldap server instead of ldap_binddn
+# and ldap_bindpw. That way multiple admins with different rights
+# on the ldap database can connect through one dialup_admin interface.
+# The ldap_binddn and ldap_bindpw are still needed to find the DN
+# to bind with (http authentication will only provide us with a
+# username). As a result the ldap_binddn should be able to do a search
+# with a filter of (uid=<username>). Normally, the anonymous (empty DN)
+# user can do that.
+#ldap_use_http_credentials: yes
+#
+# If we are using http credentials we can map a specific username to the
+# directory manager (which usually does not correspond to a specific username)
+#
+#ldap_directory_manager: cn=Directory Manager
+#ldap_map_to_directory_manager: admin
+#
+# Uncomment to enable ldap debug
+#
+ldap_debug: true
+#
+# Allow for defining the ldap filter used when searching for a user
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+# %mu: mappings for userdb
+# %ma: mappings for accounting
+# %mn: mappings for nasdb
+# %mN: mappings for nas administration
+#
+# One use of this would be to restrict access to only the user's belonging to
+# a specific administrator like this:
+# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
+#
+#ldap_filter: (uid=%u)
+#
+# If ldap_userdn is set then we use that for user dns, we don't perform an ldap
+# search. This can be somewhat faster. The variables supported for ldap_filter
+# are also supported here
+#
+#ldap_userdn: uid=%u,%{ldap_base}
+#
+# can be one of mysql,pg,oracle,sqlrelay where:
+# mysq: MySQL database (port 3306)
+# pg: PostgreSQL database (port 5432)
+# oracle: Oracle database (port 1521)
+# sqlrelay: SQL Relay
+#
+sql_type: mysql
+sql_server: localhost
+sql_port: 3306
+sql_username: radius
+sql_password: HAeXEjS0
+sql_database: radius
+sql_accounting_table: radacct
+sql_badusers_table: badusers
+sql_check_table: radcheck
+sql_reply_table: radreply
+sql_user_info_table: userinfo
+sql_groupcheck_table: radgroupcheck
+sql_groupreply_table: radgroupreply
+sql_usergroup_table: radusergroup
+sql_total_accounting_table: totacct
+sql_nas_table: nas
+#
+# If set to true then we show all the available groups with the groups
+# that the user is a member of highlighted in the user edit page.
+# Otherwise we only show the groups he is a member of.
+sql_show_all_groups: true
+#
+# This variable is used by the scripts in the bin folder
+# It should contain the path to the sql binary used to run
+# sql commands (mysql, psql, oracle and sqlrelay are only supported for now)
+sql_command: /usr/bin/mysql
+#sql_command: /usr/bin/psql
+#sql_command: /usr/bin/sqlplus
+#
+# This variable is used by the scripts in the bin folder
+# It should contain the snmp type and  path to the binary
+# used to run snmp commands.
+# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
+general_snmp_type: net
+general_snmpwalk_command: /usr/bin/snmpwalk
+general_snmpget_command: /usr/bin/snmpget
+#
+# Uncomment to enable sql debug
+#
+sql_debug: false
+#
+# If set to yes then the HTTP credentials (http authentication)
+# will be used to connect to the sql server instead of sql_username
+# and sql_password. That way multiple admins with different rights
+# on the sql database can connect through one dialup_admin interface.
+#sql_use_http_credentials: yes
+#
+# If set the query will be added to all of the queries on the accounting
+# table
+# Variables supported:
+# %u: username
+# %U: username provided though http authentication
+# %mu: mappings for userdb
+# %ma: mappings for accounting
+# %mn: mappings for nasdb
+# %mN: mappings for nas administration
+#sql_accounting_extra_query: %ma
+#
+# true or false
+#
+sql_use_user_info_table: true
+sql_use_operators: true
+#
+# Set this to the value of the default_user_profile in your
+# sql.conf if that one is set. If it is not set leave blank
+# or commented out
+#sql_default_user_profile: DEFAULT
+#
+#
+sql_password_attribute: Crypt-Password
+sql_date_format: Y-m-d
+sql_full_date_format: Y-m-d H:i:s
+#
+# Used in the accounting report generator so that we
+# don't return too many results
+#
+sql_row_limit: 40
+#
+# These options are used by the log_badlogins script and by the
+# mysql driver
+#
+# Set the sql connect timeout (secs)
+sql_connect_timeout: 3
+# Give a space separated list of extra mysql servers to connect to when
+# logging bad logins or adding users in the badusers table
+#sql_extra_servers: sql2.company.com sql3.company.com
+#
+# Default values for the various user limits in case the counter module
+# is used to impose such limits.
+# The value should be the user limit in seconds or none for nothing
+# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are
+# using sql or ldap) for per user attributes. The mapping should be made to
+# the attributes configured in the counter module. The attributes used by
+# dialupadmin will always be the ones appearing in the attribute mapping files
+# so you should make sure they are mapped to the correct attributes
+#
+#counter_default_daily: 14400
+#counter_default_weekly: 72000
+counter_default_daily: none
+counter_default_weekly: none
+counter_default_monthly: none
+#
+# Since calculating monthly usage can be quite expensive we make
+# it configurable
+# This is not needed if the monthly limit is not none
+#counter_monthly_calculate_usage: true
+# some of the date/time related functions need to know what timezone we are in
+timezone: Europe/Luxembourg

/conf/freeradius-web/naslist.conf
0,0 → 1,5
nas1_name: alcasar
nas1_model: Portail captif
nas1_ip: 192.168.182.1
nas1_port_num: 0
nas1_community: public

 /conf/freeradius-web/accounting.attrs
 ,0 → 1,20
+# Used by the User Accounting, the User finger and the Failed Logins page
+#
+# For the user finger page only callerid(9) and
+# ip address(4) are applicable
+#
+# For the Failed Logins page only looged in(2), server(7),
+# terminate cause(8) and callerid(9) are applicable
+#
+# attribute number              Description             Show in         Show in         Show in
+#                                                       User Accounting User Finger     Failed Logins
+#
+type                    no              no              no
+logged in               yes             no              yes
+session time            yes             no              no
+ip address              no              yes             no
+upload                  yes             no              no
+download                yes             no              no
+server                  yes             no              yes
+terminate cause         yes             no              yes
+callerid                yes             yes             yes

/conf/freeradius-web/auth.request
0,0 → 1,5
#
# Extra attributes that the test user/check server pages will send to
# the RADIUS server
#
Service-Type = Framed-User

/conf/freeradius-web/captions.conf
0,0 → 1,0
general_caption_finger_free_lines: free lines

 /conf/freeradius-web/default.vals
 ,0 → 1,17
+#
+# Uncomment and edit these lines if you add corresponding default
+# values in the users file
+#
+#Simultaneous-Use: 1
+#Framed-IP-Address: 255.255.255.254
+#Framed-IP-Netmask: 255.255.255.255
+#Framed-MTU: 1500
+#Framed-Protocol: PPP
+#Framed-Compression: Van-Jacobson-TCP-IP
+#Session-Timeout: 14400
+#Idle-Timeout: 600
+#Port-Limit: 1
+#Max-Weekly-Session: 72000
+#Max-Daily-Session: 14400
+#Login-Time:
+#Auth-Type: LDAP

 /conf/freeradius-web/extra.ldap-attrmap
 ,0 → 1,12
+#
+# An extra file for radius -> ldap attribute mapping
+#
+checkItem       Dialup-Lock-Msg         radiuslockmsg
+checkItem       User-Password           userpassword
+checkItem       Regular-Profile         radiusProfileDn
+checkItem       Check-Item              radiusCheckItem         generic
+checkItem       Max-Daily-Session       radiusMaxDailySession
+checkItem       Max-Weekly-Session      radiusMaxWeeklySession
+checkItem       Max-Monthly-Session     radiusMaxMonthlySession
+replyItem       Reply-Item              radiusReplyItem         generic

 /conf/freeradius-web/sql.attrmap.default
 ,0 → 1,52
+#
+# A mapping between the attributes used by dialup_admin and the attribute
+# names that will be stored in the SQL database
+#
+# Attributes that are not contained in this file are assumed to be reply
+# items and map to the same name as the one used by dialup_admin
+#
+# Format:
+# checkItem|replyItem   Attribute-In-Dialup-Admin       Attribute-In-SQL
+#
+#
+checkItem       Auth-Type                       Auth-Type
+checkItem       Simultaneous-Use                Simultaneous-Use
+checkItem       Called-Station-Id               Called-Station-Id
+checkItem       Calling-Station-Id              Calling-Station-Id
+checkItem       Dialup-Access                   none
+checkItem       Max-Daily-Session               Max-Daily-Session
+checkItem       Max-Weekly-Session              Max-Weekly-Session
+checkItem       Max-Monthly-Session             Max-Monthly-Session
+checkItem       Login-Time                      Login-Time
+checkItem       Expiration                      Expiration
+replyItem       Service-Type                    Service-Type
+replyItem       Framed-Protocol                 Framed-Protocol
+replyItem       Framed-IP-Address               Framed-IP-Address
+replyItem       Framed-IP-Netmask               Framed-IP-Netmask
+replyItem       Framed-Route                    Framed-Route
+replyItem       Framed-Routing                  Framed-Routing
+replyItem       Filter-Id                       Filter-Id
+replyItem       Framed-MTU                      Framed-MTU
+replyItem       Framed-Compression              Framed-Compression
+replyItem       Login-IP-Host                   Login-IP-Host
+replyItem       Login-Service                   Login-Service
+replyItem       Login-TCP-Port                  Login-TCP-Port
+replyItem       Callback-Number                 Callback-Number
+replyItem       Callback-Id                     Callback-Id
+replyItem       Framed-IPX-Network              Framed-IPX-Network
+replyItem       Class                           Class
+replyItem       Session-Timeout                 Session-Timeout
+replyItem       Idle-Timeout                    Idle-Timeout
+replyItem       Termination-Action              Termination-Action
+replyItem       Login-LAT-Service               Login-LAT-Service
+replyItem       Login-LAT-Node                  Login-LAT-Node
+replyItem       Login-LAT-Group                 Login-LAT-Group
+replyItem       Framed-AppleTalk-Link           Framed-AppleTalk-Link
+replyItem       Framed-AppleTalk-Network        Framed-AppleTalk-Network
+replyItem       Framed-AppleTalk-Zone           Framed-AppleTalk-Zone
+replyItem       Port-Limit                      Port-Limit
+replyItem       Login-LAT-Port                  Login-LAT-Port
+replyitem       Reply-Message                   Reply-Message
+replyItem       Dialup-Lock-Msg                 Reply-Message
+replyItem       User-Password                   User-Password

 /conf/freeradius-web/username.mappings
 ,0 → 1,21
+# Username mappings
+# Format:
+# Username:realm:query
+#
+# where realm is:
+# accounting: for the map to be used when querying the accounting db
+# userdb: for the map to be used when querying the user db
+# nasdb: To only map specific NASes to the username (separated by ,)
+# nasadmin: To allow the user to use the nas_admin page (yes or no)
+#
+library-admin:accounting:AND nasipaddress = '123.123.123.123'
+library-admin:userdb:AND Admin = 'library-admin'
+library-admin:nasdb:nas.lib.company.com
+library-admin:nasadmin:no
+#
+lab-admin:accounting:AND nasipaddress =  '123.123.124.123'
+lab-admin:userdb:AND Admin = 'lab-admin'
+lab-admin:nasdb:nas.lab.company.com
+lab-admin:nasadmin:no
+#
+admin:nasadmin:yes

/conf/letsencrypt-client/acme.sh-3.0.7.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/conf/logrotate.d/admin_log
0,0 → 1,6
/var/Save/security/acc_access.log {
rotate 12
monthly
missingok
notifempty
}
Property changes:
Added: svn:executable
+*
\ No newline at end of property

 /conf/logrotate.d/ulogd
 ,0 → 1,39
+/var/log/ulogd/ulogd.log {
+    missingok
+    notifempty
+    create 0640 ulogd ulogd
+    sharedscripts
+}
+/var/log/firewall/traceability.log {
+    missingok
+    notifempty
+    rotate 52
+    weekly
+    dateext
+    sharedscripts
+    postrotate
+        /usr/bin/systemctl restart ulogd-traceability
+    endscript
+}
+/var/log/firewall/ssh.log {
+    missingok
+    notifempty
+    rotate 52
+    weekly
+    dateext
+    sharedscripts
+    postrotate
+        /usr/bin/systemctl restart ulogd-ssh
+    endscript
+}
+/var/log/firewall/ext-access.log {
+    missingok
+    notifempty
+    rotate 52
+    weekly
+    dateext
+    sharedscripts
+    postrotate
+        /usr/bin/systemctl restart ulogd-ext-access
+    endscript
+}
 Property changes:
 Added: svn:keywords
 +Id Author Date
 \ No newline at end of property

 /conf/logrotate.d/unbound-blacklist
 ,0 → 1,11
+/var/log/unbound/unbound-blacklist.log {
+    missingok
+    notifempty
+    rotate 52
+    weekly
+    dateext
+    sharedscripts
+    postrotate
+        /usr/bin/systemctl restart unbound-blacklist
+    endscript
+}

/conf/logrotate.d/gammu
0,0 → 1,7
/var/log/gammu-smsd/gammu-smsd.log {
monthly
rotate 12
nocreate
missingok
compress
}

 /conf/sudoers
 ,0 → 1,57
+# sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+#
+# Host alias specification
+Host_Alias      LAN_ORG=192.168.182.0/255.255.255.0,localhost           #réseau de l'organisme
+# User alias specification
+User_Alias      ADMIN=sysadmin                          # local admin account
+User_Alias      ADMWEB=apache                           # web server owner
+User_Alias      SMS=gammu_smsd                          # gammu-smsd owner
+# Cmnd alias specification
+Cmnd_Alias      NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh,/usr/local/bin/alcasar-ssh.sh                # network commands
+Cmnd_Alias      URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update            # packages managment
+Cmnd_Alias      BYPASS=/usr/local/bin/alcasar-bypass.sh                 # authentication bypass
+Cmnd_Alias      RADDB=/usr/bin/radwho,/usr/sbin/chilli_query            # manage users in command line
+Cmnd_Alias      SQL=/usr/local/bin/alcasar-mysql.sh                     # export users database
+Cmnd_Alias      SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh            # create conf backup file
+Cmnd_Alias      EXPORT=/usr/local/bin/alcasar-archive.sh                # export/save the log files
+Cmnd_Alias      BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh    # manage the filtering system
+Cmnd_Alias      NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset   # manage the firewall
+Cmnd_Alias      LOGOUT=/usr/local/bin/alcasar-logout.sh                 # disconnect the users
+Cmnd_Alias      UAM=/usr/local/bin/alcasar-uamallowed.sh                # manage the trusted websites (uamallowed)
+Cmnd_Alias      SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown           # manage the linux services
+Cmnd_Alias      GAMMU=/usr/local/bin/alcasar-sms.sh                     # manage the SMS subsystem
+Cmnd_Alias      SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert *   # manage the certificates
+Cmnd_Alias      HTDIGEST=/usr/local/bin/alcasar-profil.sh               # manage htdigest groups
+Cmnd_Alias      LOG_GEN=/usr/local/bin/alcasar-generate_log.sh          # create log PDF from ACC
+Cmnd_Alias      LDAP=/usr/local/bin/alcasar-ldap.sh                     # enable/disable LDAP connection
+Cmnd_Alias      IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh       # enable/disable raw capture of Iot (pcap) --> in activity ACC page
+Cmnd_Alias      WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh               # enable/disable wifi4eu integration (logo + snippet)
+Cmnd_Alias      MAIL_SERVICE=/usr/local/bin/alcasar-mail-install.sh     # manage mail service
+# Defaults specification
+# Defaults syslog=auth
+# Runas alias specification
+# User privilege specification
+root    ALL=(ALL) ALL
+# Uncomment to allow people in group wheel to run all commands
+# %wheel        ALL=(ALL)       ALL
+# Same thing without a password
+# %wheel        ALL=(ALL)       NOPASSWD: ALL
+# Samples
+# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
+# %users  localhost=/sbin/shutdown -h now
+ADMWEB  LAN_ORG=(root)  NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU,MAIL_SERVICE
+ADMIN   LAN_ORG=(root)  NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
+SMS     LAN_ORG=(root)  NOPASSWD: GAMMU
 Property changes:
 Added: svn:keywords
 +Id Author Date
 \ No newline at end of property

 /conf/bashrc
 ,0 → 1,57
+# $Id$
+# /etc/bashrc
+ORGANISME=""
+# System wide functions and aliases
+# Environment stuff goes in /etc/profile
+# by default, we want this to get set.
+# Even for non-interactive, non-login shells.
+if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then
+        umask 002
+else
+        umask 022
+fi
+# are we an interactive shell?
+if [ "$PS1" ]; then
+    i='${USER}@${HOSTNAME%%.*}:$([[ "${PWD}" =~ ^"${HOME}"(/|$) ]] && echo "~${PWD#${HOME}}" || echo "${PWD}")'
+    case $TERM in
+        xterm*)
+            PROMPT_COMMAND='echo -ne "\033]0;'${i}'\007"'
+            ;;
+        screen)
+            PROMPT_COMMAND='echo -ne "\033_'${i}'\033\\"'
+            ;;
+        *)
+            ;;
+    esac
+    unset i
+#    [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "        # default
+# color prompt
+        if [ `id -un` = root ]; then
+                PS1='\e[31;1;40m\]\h-$ORGANISME[\w]\$\e[37;0;40m\] '
+                alias ll='ls -al --color'
+        else
+                PS1='\e[32;1;40m\]\h-$ORGANISME[\w]\$\e[37;0;40m\] '
+        fi
+        if [ -z "$loginsh" ]; then # We're not a login shell
+        # Not all scripts in profile.d are compatible with other shells
+        # TODO: make the scripts compatible or check the running shell by
+        # themselves.
+                if [ -n "${BASH_VERSION}${KSH_VERSION}${ZSH_VERSION}" ]; then
+                for i in /etc/profile.d/*.sh; do
+                        if [ -x $i ]; then
+                                . $i
+                        fi
+                done
+                unset i
+                fi
+        fi
+fi
+unset loginsh
 Property changes:
 Added: svn:keywords
 +Id Author Date
 \ No newline at end of property

 /conf/radius/alcasar
 ,0 → 1,123
+server default {
+listen {
+        type = auth
+        ipaddr = *
+        port = 0
+        limit {
+                max_connections = 16
+                lifetime = 0
+                idle_timeout = 30
+        }
+}
+listen {
+        type = acct
+        ipaddr = *
+        port = 0
+        limit {
+                max_pps = 0
+        }
+}
+authorize {
+        sql { notfound = 1 }
+        if (notfound) {
+                update reply {
+                        Reply-Message := "Username not found"
+                }
+                reject
+        }
+        expire_on_login { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your usage time has been reached"
+                }
+                reject
+        }
+        noresetcounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum usage time has been reached"
+                }
+                reject
+        }
+        monthlycounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum monthly usage time has been reached"
+                }
+                reject
+        }
+        dailycounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum daily usage time has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxAllTotalOctets { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum usage volume has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum monthly usage volume has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum daily usage volume has been reached"
+                }
+                reject
+        }
+        expiration { userlock = 1 }
+        if (userlock) {
+                update reply {
+                        Reply-Message := "Your expiration date has been reached"
+                }
+                userlock
+        }
+        logintime { userlock = 1 }
+        if (userlock) {
+                update reply {
+                        Reply-Message := "You are out your allowed time period"
+                }
+                userlock
+        }
+        pap
+}
+authenticate {
+        Auth-Type PAP {
+                pap
+        }
+}
+accounting {
+        sql
+}
+session {
+        sql
+}
+post-auth {
+        Post-Auth-Type REJECT {
+                update reply {
+                        Reply-Message = "Login failed"
+                }
+                attr_filter.access_reject
+        }
+}
+}

 /conf/radius/alcasar-with-ldap
 ,0 → 1,139
+server default {
+listen {
+        type = auth
+        ipaddr = *
+        port = 0
+        limit {
+                max_connections = 16
+                lifetime = 0
+                idle_timeout = 30
+        }
+}
+listen {
+        type = acct
+        ipaddr = *
+        port = 0
+        limit {
+                max_pps = 0
+        }
+}
+authorize {
+#       if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
+        if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
+                ldap { fail = 1 }
+                if ((ok || updated) && User-Password) {
+                        update control {
+                                Auth-Type := LDAP
+                                Tmp-String-0 := "ldap" # AuthType SQL group
+                        }
+                        update reply {
+                                Filter-Id := "%{control:Tmp-String-0}"
+                        }
+                }
+        }
+        sql { notfound = 1 }
+        if ((notfound) && (!control:Auth-Type)) {
+                update reply {
+                        Reply-Message := "Username not found"
+                }
+                reject
+        }
+        expire_on_login { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your usage time has been reached"
+                }
+                reject
+        }
+        noresetcounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum usage time has been reached"
+                }
+                reject
+        }
+        monthlycounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum monthly usage time has been reached"
+                }
+                reject
+        }
+        dailycounter { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum daily usage time has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxAllTotalOctets { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum usage volume has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum monthly usage volume has been reached"
+                }
+                reject
+        }
+        counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
+        if (reject) {
+                update reply {
+                        Reply-Message := "Your maximum daily usage volume has been reached"
+                }
+                reject
+        }
+        expiration { userlock = 1 }
+        if (userlock) {
+                update reply {
+                        Reply-Message := "Your expiration date has been reached"
+                }
+                userlock
+        }
+        logintime { userlock = 1 }
+        if (userlock) {
+                update reply {
+                        Reply-Message := "You are out your allowed time period"
+                }
+                userlock
+        }
+        pap
+}
+authenticate {
+        Auth-Type PAP {
+                pap
+        }
+        Auth-Type LDAP {
+                ldap
+        }
+}
+accounting {
+        sql
+}
+session {
+        sql
+}
+post-auth {
+        Post-Auth-Type REJECT {
+                update reply {
+                        Reply-Message = "Login failed"
+                }
+                attr_filter.access_reject
+        }
+}
+}

 /conf/radius/queries.conf
 ,0 → 1,341
+# -*- text -*-
+##
+## query.conf -- MySQL configuration for default schema (schema.sql)
+##
+        # Safe characters list for sql queries. Everything else is replaced
+        # with their mime-encoded equivalents.
+        # The default list should be ok (define in 'expr' module
+        #safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
+        #######################################################################
+        #  Query config:  Username
+        #######################################################################
+        # This is the username that will get substituted, escaped, and added
+        # as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used below
+        # everywhere a username substitution is needed so you you can be sure
+        # the username passed from the client is escaped properly.
+        #
+        #  Uncomment the next line, if you want the sql_user_name to mean:
+        #
+        #    Use Stripped-User-Name, if it's there.
+        #    Else use User-Name, if it's there,
+        #    Else use hard-coded string "DEFAULT" as the user name.
+        #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
+        #
+        sql_user_name = "%{User-Name}"
+        #######################################################################
+        #  Default profile
+        #######################################################################
+        # This is the default profile. It is found in SQL by group membership.
+        # That means that this profile must be a member of at least one group
+        # which will contain the corresponding check and reply items.
+        # This profile will be queried in the authorize section for every user.
+        # The point is to assign all users a default profile without having to
+        # manually add each one to a group that will contain the profile.
+        # The SQL module will also honor the User-Profile attribute. This
+        # attribute can be set anywhere in the authorize section (ie the users
+        # file). It is found exactly as the default profile is found.
+        # If it is set then it will *overwrite* the default profile setting.
+        # The idea is to select profiles based on checks on the incoming packets,
+        # not on user group membership. For example:
+        # -- users file --
+        # DEFAULT       Service-Type == Outbound-User, User-Profile := "outbound"
+        # DEFAULT       Service-Type == Framed-User, User-Profile := "framed"
+        #
+        # By default the default_user_profile is not set
+        #
+        #default_user_profile = "DEFAULT"
+        #######################################################################
+        #  NAS Query
+        #######################################################################
+        #  This query retrieves the radius clients
+        #
+        #  0. Row ID (currently unused)
+        #  1. Name (or IP address)
+        #  2. Shortname
+        #  3. Type
+        #  4. Secret
+        #######################################################################
+        # nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
+        #######################################################################
+        #  Authorization Queries
+        #######################################################################
+        #  These queries compare the check items for the user
+        #  in ${authcheck_table} and setup the reply items in
+        #  ${authreply_table}.  You can use any query/tables
+        #  you want, but the return data for each row MUST
+        #  be in the  following order:
+        #
+        #  0. Row ID (currently unused)
+        #  1. UserName/GroupName
+        #  2. Item Attr Name
+        #  3. Item Attr Value
+        #  4. Item Attr Operation
+        #######################################################################
+        # Use these for case sensitive usernames.
+        authorize_check_query = "SELECT id, username, attribute, value, op \
+         FROM ${authcheck_table} \
+         WHERE username = BINARY '%{SQL-User-Name}' \
+         ORDER BY id"
+        authorize_reply_query = "SELECT id, username, attribute, value, op \
+         FROM ${authreply_table} \
+         WHERE username = BINARY '%{SQL-User-Name}' \
+         ORDER BY id"
+        # The default queries are case insensitive. (for compatibility with
+        # older versions of FreeRADIUS)
+#       authorize_check_query = "SELECT id, username, attribute, value, op \
+#          FROM ${authcheck_table} \
+#          WHERE username = '%{SQL-User-Name}' \
+#          ORDER BY id"
+#       authorize_reply_query = "SELECT id, username, attribute, value, op \
+#          FROM ${authreply_table} \
+#          WHERE username = '%{SQL-User-Name}' \
+#          ORDER BY id"
+        # Use these for case sensitive usernames.
+#       group_membership_query = "SELECT groupname \
+#         FROM ${usergroup_table} \
+#         WHERE username = BINARY '%{SQL-User-Name}' \
+#         ORDER BY priority"
+#       group_membership_query = "SELECT groupname \
+#          FROM ${usergroup_table} \
+#          WHERE username = '%{SQL-User-Name}' \
+#          ORDER BY priority"
+        group_membership_query = "SELECT '%{SQL-User-Name}'"
+#       authorize_group_check_query = "SELECT id, groupname, attribute, \
+#          Value, op \
+#          FROM ${groupcheck_table} \
+#          WHERE groupname = '%{Sql-Group}' \
+#          ORDER BY id"
+#       authorize_group_reply_query = "SELECT id, groupname, attribute, \
+#          value, op \
+#          FROM ${groupreply_table} \
+#          WHERE groupname = '%{Sql-Group}' \
+#          ORDER BY id"
+        authorize_group_check_query = "SELECT id, '%{SQL-User-Name}', attribute, value, op FROM ( \
+           ( SELECT id, attribute, value, op FROM ${groupcheck_table} gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '%{SQL-User-Name}' ORDER BY ug.priority) UNION \
+           ( SELECT id, attribute, value, op FROM ${groupcheck_table} WHERE groupname = '%{control:Tmp-String-0}') UNION \
+           ( SELECT id, attribute, value, op FROM ${groupcheck_table} WHERE groupname = 'default') \
+         ) attrs GROUP BY attribute"
+        authorize_group_reply_query = "SELECT id, '%{SQL-User-Name}', attribute, value, op FROM ( \
+           ( SELECT id, attribute, value, op FROM ${groupreply_table} gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '%{SQL-User-Name}' ORDER BY ug.priority) UNION \
+           ( SELECT id, attribute, value, op FROM ${groupreply_table} WHERE groupname = '%{control:Tmp-String-0}') UNION \
+           ( SELECT id, attribute, value, op FROM ${groupreply_table} WHERE groupname = 'default') \
+         ) attrs GROUP BY attribute"
+        #######################################################################
+        #  Accounting Queries
+        #######################################################################
+        # accounting_onoff_query        - query for Accounting On/Off packets
+        # accounting_update_query       - query for Accounting update packets
+        # accounting_update_query_alt   - query for Accounting update packets
+        #                               (alternate in case first query fails)
+        # accounting_start_query        - query for Accounting start packets
+        # accounting_start_query_alt    - query for Accounting start packets
+        #                               (alternate in case first query fails)
+        # accounting_stop_query         - query for Accounting stop packets
+        # accounting_stop_query_alt     - query for Accounting start packets
+        #                               (alternate in case first query doesn't
+        #                                affect any existing rows in the table)
+        #######################################################################
+        accounting_onoff_query = "\
+          UPDATE ${acct_table1} \
+          SET \
+             acctstoptime       =  '%S', \
+             acctsessiontime    =  unix_timestamp('%S') - \
+                                   unix_timestamp(acctstarttime), \
+             acctterminatecause =  '%{Acct-Terminate-Cause}', \
+             acctstopdelay      =  %{%{Acct-Delay-Time}:-0} \
+          WHERE acctstoptime IS NULL \
+          AND nasipaddress      =  '%{NAS-IP-Address}' \
+          AND acctstarttime     <= '%S'"
+        accounting_update_query = " \
+          UPDATE ${acct_table1} \
+          SET \
+             framedipaddress = '%{Framed-IP-Address}', \
+             acctsessiontime     = '%{Acct-Session-Time}', \
+             acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 | \
+                                   '%{%{Acct-Input-Octets}:-0}', \
+             acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+                                   '%{%{Acct-Output-Octets}:-0}' \
+          WHERE acctsessionid = '%{Acct-Session-Id}' \
+          AND username        = BINARY '%{SQL-User-Name}' \
+          AND nasipaddress    = '%{NAS-IP-Address}'"
+        accounting_update_query_alt = " \
+          INSERT INTO ${acct_table1} \
+            (acctsessionid,    acctuniqueid,      username, \
+             realm,            nasipaddress,      nasportid, \
+             nasporttype,      acctstarttime,     acctsessiontime, \
+             acctauthentic,    connectinfo_start, acctinputoctets, \
+             acctoutputoctets, calledstationid,   callingstationid, \
+             servicetype,      framedprotocol,    framedipaddress, \
+             acctstartdelay,   xascendsessionsvrkey) \
+          VALUES \
+            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
+             BINARY '%{SQL-User-Name}', \
+             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
+             '%{NAS-Port-Type}', \
+             DATE_SUB('%S', \
+                      INTERVAL (%{%{Acct-Session-Time}:-0} + \
+                                %{%{Acct-Delay-Time}:-0}) SECOND), \
+                      '%{Acct-Session-Time}', \
+             '%{Acct-Authentic}', '', \
+             '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
+             '%{%{Acct-Input-Octets}:-0}', \
+             '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+             '%{%{Acct-Output-Octets}:-0}', \
+             '%{Called-Station-Id}', '%{Calling-Station-Id}', \
+             '%{Service-Type}', '%{Framed-Protocol}', \
+             '%{Framed-IP-Address}', \
+             '0', '%{X-Ascend-Session-Svr-Key}')"
+        accounting_start_query = " \
+          INSERT INTO ${acct_table1} \
+            (acctsessionid,    acctuniqueid,     username, \
+             realm,            nasipaddress,     nasportid, \
+             nasporttype,      acctstarttime,    acctstoptime, \
+             acctsessiontime,  acctauthentic,    connectinfo_start, \
+             connectinfo_stop, acctinputoctets,  acctoutputoctets, \
+             calledstationid,  callingstationid, acctterminatecause, \
+             servicetype,      framedprotocol,   framedipaddress, \
+             acctstartdelay,   acctstopdelay,    xascendsessionsvrkey) \
+          VALUES \
+            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
+             BINARY '%{SQL-User-Name}', \
+             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
+             '%{NAS-Port-Type}', '%S', NULL, \
+             '0', '%{Acct-Authentic}', '%{Connect-Info}', \
+             '', '0', '0', \
+             '%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
+             '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
+             '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
+        accounting_start_query_alt  = " \
+          UPDATE ${acct_table1} SET \
+             acctstarttime     = '%S', \
+             acctstartdelay    = '%{%{Acct-Delay-Time}:-0}', \
+             connectinfo_start = '%{Connect-Info}' \
+          WHERE acctsessionid  = '%{Acct-Session-Id}' \
+          AND username         = BINARY '%{SQL-User-Name}' \
+          AND nasipaddress     = '%{NAS-IP-Address}'"
+        accounting_stop_query = " \
+          UPDATE ${acct_table2} SET \
+             acctstoptime       = '%S', \
+             acctsessiontime    = '%{Acct-Session-Time}', \
+             acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
+                                  '%{%{Acct-Input-Octets}:-0}', \
+             acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+                                  '%{%{Acct-Output-Octets}:-0}', \
+             acctterminatecause = '%{Acct-Terminate-Cause}', \
+             acctstopdelay      = '%{%{Acct-Delay-Time}:-0}', \
+             connectinfo_stop   = '%{Connect-Info}' \
+          WHERE acctsessionid   = '%{Acct-Session-Id}' \
+          AND username          = BINARY '%{SQL-User-Name}' \
+          AND nasipaddress      = '%{NAS-IP-Address}'"
+        accounting_stop_query_alt = " \
+          INSERT INTO ${acct_table2} \
+            (acctsessionid, acctuniqueid, username, \
+             realm, nasipaddress, nasportid, \
+             nasporttype, acctstarttime, acctstoptime, \
+             acctsessiontime, acctauthentic, connectinfo_start, \
+             connectinfo_stop, acctinputoctets, acctoutputoctets, \
+             calledstationid, callingstationid, acctterminatecause, \
+             servicetype, framedprotocol, framedipaddress, \
+             acctstartdelay, acctstopdelay) \
+          VALUES \
+            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
+             BINARY '%{SQL-User-Name}', \
+             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
+             '%{NAS-Port-Type}', \
+             DATE_SUB('%S', \
+                 INTERVAL (%{%{Acct-Session-Time}:-0} + \
+                 %{%{Acct-Delay-Time}:-0}) SECOND), \
+             '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \
+             '%{Connect-Info}', \
+             '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
+             '%{%{Acct-Input-Octets}:-0}', \
+             '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+             '%{%{Acct-Output-Octets}:-0}', \
+             '%{Called-Station-Id}', '%{Calling-Station-Id}', \
+             '%{Acct-Terminate-Cause}', \
+             '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
+             '0', '%{%{Acct-Delay-Time}:-0}')"
+# We add the following patch (freeradius V2 to V3) in order ALCASAR works
+# be carefull : 'tolower' need now the 'expr' module
+accounting {
+        reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+        type {
+                accounting-on {
+                        query = "${....accounting_onoff_query}"
+                }
+                accounting-off {
+                        query = "${....accounting_onoff_query}"
+                }
+                start {
+                        query = "${....accounting_start_query}"
+                        query = "${....accounting_start_query_alt}"
+                }
+                interim-update {
+                        query = "${....accounting_update_query}"
+                        query = "${....accounting_update_query_alt}"
+                }
+                stop {
+                        query = "${....accounting_stop_query}"
+                        query = "${....accounting_stop_query_alt}"
+                }
+        }
+}
+        #######################################################################
+        # Simultaneous Use Checking Queries
+        #######################################################################
+        # simul_count_query     - query for the number of current connections
+        #                       - If this is not defined, no simultaneouls use checking
+        #                       - will be performed by this module instance
+        # simul_verify_query    - query to return details of current connections for verification
+        #                       - Leave blank or commented out to disable verification step
+        #                       - Note that the returned field order should not be changed.
+        #######################################################################
+        # Uncomment simul_count_query to enable simultaneous use checking
+        simul_count_query = "SELECT COUNT(*) \
+                             FROM ${acct_table1} \
+                             WHERE username = BINARY '%{SQL-User-Name}' \
+                             AND acctstoptime IS NULL"
+        #simul_verify_query  = "SELECT radacctid, acctsessionid, username, \
+                               #nasipaddress, nasportid, framedipaddress, \
+                               #callingstationid, framedprotocol \
+                               #FROM ${acct_table1} \
+                               #WHERE username = '%{SQL-User-Name}' \
+                               #AND acctstoptime IS NULL"
+        #######################################################################
+        # Authentication Logging Queries
+        #######################################################################
+        # postauth_query                - Insert some info after authentication
+        #######################################################################
+#                          (username, pass, reply, authdate) \
+#                          '%{%{User-Password}:-%{Chap-Password}}', \
+        postauth_query = "INSERT INTO ${postauth_table} \
+                          (username, reply, authdate) \
+                          VALUES ( \
+                          BINARY '%{User-Name}', \
+                          '%{reply:Packet-Type}', '%S')"
+# We add the following patch (freeradius V2 to V3) in order ALCASAR works
+post-auth {
+        query = "${..postauth_query}"
+}

 /conf/radius/ldap-alcasar
 ,0 → 1,44
+# -*- text -*-
+#  Lightweight Directory Access Protocol (LDAP) module for ALCASAR
+ldap {
+        server = "localhost"
+        port = 389
+        identity = "cn=alcasaradmin;cn=Users;dc=serverad;dc=com"
+        password = "mypass"
+        base_dn = "cn=Users;dc=serverad;dc=com"
+        user {
+                base_dn = "${..base_dn}"
+                # "samaccountname=" for AD; "uid=" for LDAP
+                filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})
+        }
+        options {
+                chase_referrals = yes
+                rebind = yes
+                res_timeout = 10
+                srv_timelimit = 3
+                net_timeout = 1
+                idle = 60
+                probes = 3
+                interval = 3
+#               ldap_debug = 0x0129
+        }
+        tls {
+#               start_tls = yes
+#               ca_file = /etc/raddb/certs/alcasar-ldaps.crt
+#               ca_path = ${certdir}
+#               certificate_file = /path/to/radius.crt
+#               private_key_file = /path/to/radius.key
+#               random_file = /dev/urandom
+#               require_cert = 'demand'
+        }
+        pool {
+                start = 5
+                min = 3
+                max = 10
+                uses = 0
+                retry_delay = 30
+                lifetime = 0
+                idle_timeout = 60
+        }
+}

 /conf/radius/sqlcounter
 ,0 → 1,70
+sqlcounter dailycounter {
+        sql_module_instance = sql
+        counter_name = Daily-Session-Time
+        check_name = Max-Daily-Session
+        reply_name = Session-Timeout
+        key = User-Name
+        reset = daily
+        query = "SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'), 0)"
+}
+sqlcounter monthlycounter {
+        sql_module_instance = sql
+        counter_name = Monthly-Session-Time
+        check_name = Max-Monthly-Session
+        reply_name = Session-Timeout
+        key = User-Name
+        reset = monthly
+        query = "SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'), 0)"
+}
+sqlcounter noresetcounter {
+        sql_module_instance = sql
+        counter_name = Max-All-Session-Time
+        check_name = Max-All-Session
+        key = User-Name
+        reset = never
+        query = "SELECT IFNULL(SUM(AcctSessionTime), 0) FROM radacct WHERE username='%{${key}}'"
+}
+sqlcounter expire_on_login {
+        sql_module_instance = sql
+        counter_name = Alcasar-Expire-After-Initial-Login
+        check_name = Alcasar-Expire-After
+        key = User-Name
+        reset = never
+        query = "SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacct WHERE username='%{${key}}' ORDER BY acctstarttime LIMIT 1), 0)"
+}
+sqlcounter counterCoovaChilliMaxTotalOctetsDaily {
+        sql_module_instance = sql
+        counter_name = CoovaChilli-Max-Total-Octets-Daily
+        check_name = CoovaChilli-Max-Total-Octets-Daily
+        counter_type = data
+        reply_name = CoovaChilli-Max-Total-Octets
+        key = User-Name
+        reset = daily
+        query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)), 0) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'"
+}
+sqlcounter counterCoovaChilliMaxTotalOctetsMonthly {
+        sql_module_instance = sql
+        counter_name = CoovaChilli-Max-Total-Octets-Monthly
+        check_name = CoovaChilli-Max-Total-Octets-Monthly
+        counter_type = data
+        reply_name = CoovaChilli-Max-Total-Octets
+        key = User-Name
+        reset = monthly
+        query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'"
+}
+sqlcounter counterCoovaChilliMaxAllTotalOctets {
+        sql_module_instance = sql
+        counter_name = CoovaChilli-Max-All-Total-Octets
+        check_name = CoovaChilli-Max-Total-Octets
+        counter_type = data
+        reply_name = CoovaChilli-Max-Total-Octets
+        key = User-Name
+        reset = never
+        query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE username='%{${key}}'"
+}

 /conf/radius/dictionary.alcasar
 ,0 → 1,37
+# -*- text -*-
+##############################################################################
+#
+#       ALCASAR dictionary.
+#
+#       $Id$
+#
+##############################################################################
+VENDOR          Alcasar                                 35134
+BEGIN-VENDOR    Alcasar
+ATTRIBUTE       Alcasar-Filter                          1       integer
+VALUE           Alcasar-Filter          None            1
+VALUE           Alcasar-Filter          HAVP            2
+VALUE           Alcasar-Filter          BL              3
+VALUE           Alcasar-Filter          WL              4
+ATTRIBUTE       Alcasar-Protocols-Filter                        2       integer
+VALUE           Alcasar-Protocols-Filter        None            1
+VALUE           Alcasar-Protocols-Filter        Web             2
+VALUE           Alcasar-Protocols-Filter        Commons         3
+VALUE           Alcasar-Protocols-Filter        Custom          4
+ATTRIBUTE       Alcasar-Imputability-Warning            3       integer
+VALUE           Alcasar-Imputability-Warning    Yes     1
+ATTRIBUTE       Alcasar-Status-Page-Must-Stay-Open              4       integer
+VALUE           Alcasar-Status-Page-Must-Stay-Open      Yes     1
+VALUE           Alcasar-Status-Page-Must-Stay-Open      No      2
+ATTRIBUTE       Alcasar-Expire-After                    5       integer
+ATTRIBUTE       Alcasar-Reconnect-Timeout               6       integer
+END-VENDOR      Alcasar
 Property changes:
 Added: svn:eol-style
 +LF
 \ No newline at end of property
 Added: svn:keywords
 +Id
 \ No newline at end of property

/conf/nfsen/nfsen-ng.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

 /conf/banner
 ,0 → 1,9
+       db        88           ,ad8888ba,         db         ad88888ba         db        88888888ba
+      d88b       88          d8"'    `"8b       d88b       d8"     "8b       d88b       88      "8b
+     d8'`8b      88         d8'                d8'`8b      Y8,              d8'`8b      88      ,8P
+    d8'  `8b     88         88                d8'  `8b     `Y8aaaaa,       d8'  `8b     88aaaaaa8P'
+   d8YaaaaY8b    88         88               d8YaaaaY8b      `"""""8b,    d8YaaaaY8b    88""""88'
+  d8""""""""8b   88         Y8,             d8""""""""8b           `8b   d8""""""""8b   88    `8b
+ d8'        `8b  88          Y8a.    .a8P  d8'        `8b  Y8a     a8P  d8'        `8b  88     `8b
+d8'          `8b 88888888888  `"Y8888Y"'  d8'          `8b  "Y88888P"  d8'          `8b 88      `8b

 /conf/empty-gammu-smsd-db.sql
 ,0 → 1,482
+--
+-- Database for Gammu SMSD
+--
+-- In case you get errors about not supported charset, please
+-- replace utf8mb4 with utf8.
+-- --------------------------------------------------------
+--
+-- Table structure for table `gammu`
+--
+CREATE TABLE `gammu` (
+  `Version` integer NOT NULL default '0' PRIMARY KEY
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+--
+-- Dumping data for table `gammu`
+--
+INSERT INTO `gammu` (`Version`) VALUES (17);
+-- --------------------------------------------------------
+--
+-- Table structure for table `inbox`
+--
+CREATE TABLE `inbox` (
+  `UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+  `ReceivingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `Text` text NOT NULL,
+  `SenderNumber` varchar(20) NOT NULL default '',
+  `Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression',
+  `UDH` text NOT NULL,
+  `SMSCNumber` varchar(20) NOT NULL default '',
+  `Class` integer NOT NULL default '-1',
+  `TextDecoded` text NOT NULL,
+  `ID` integer unsigned NOT NULL auto_increment,
+  `RecipientID` text NOT NULL,
+  `Processed` enum('false','true') NOT NULL default 'false',
+  `Status` integer NOT NULL default '-1',
+  PRIMARY KEY `ID` (`ID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+-- --------------------------------------------------------
+--
+-- Table structure for table `outbox`
+--
+CREATE TABLE `outbox` (
+  `UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+  `InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `SendingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `SendBefore` time NOT NULL DEFAULT '23:59:59',
+  `SendAfter` time NOT NULL DEFAULT '00:00:00',
+  `Text` text,
+  `DestinationNumber` varchar(20) NOT NULL default '',
+  `Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression',
+  `UDH` text,
+  `Class` integer default '-1',
+  `TextDecoded` text NOT NULL,
+  `ID` integer unsigned NOT NULL auto_increment,
+  `MultiPart` enum('false','true') default 'false',
+  `RelativeValidity` integer default '-1',
+  `SenderID` varchar(255),
+  `SendingTimeOut` timestamp NULL default '0000-00-00 00:00:00',
+  `DeliveryReport` enum('default','yes','no') default 'default',
+  `CreatorID` text NOT NULL,
+  `Retries` int(3) default 0,
+  `Priority` integer default 0,
+  `Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error','Reserved') NOT NULL default 'Reserved',
+  `StatusCode` integer NOT NULL default '-1',
+  PRIMARY KEY `ID` (`ID`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+CREATE INDEX outbox_date ON outbox(SendingDateTime, SendingTimeOut);
+CREATE INDEX outbox_sender ON outbox(SenderID(250));
+-- --------------------------------------------------------
+--
+-- Table structure for table `outbox_multipart`
+--
+CREATE TABLE `outbox_multipart` (
+  `Text` text,
+  `Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression',
+  `UDH` text,
+  `Class` integer default '-1',
+  `TextDecoded` text,
+  `ID` integer unsigned NOT NULL default '0',
+  `SequencePosition` integer NOT NULL default '1',
+  `Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error','Reserved') NOT NULL default 'Reserved',
+  `StatusCode` integer NOT NULL default '-1',
+  PRIMARY KEY (`ID`, `SequencePosition`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+-- --------------------------------------------------------
+--
+-- Table structure for table `phones`
+--
+CREATE TABLE `phones` (
+  `ID` text NOT NULL,
+  `UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+  `InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `TimeOut` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `Send` enum('yes','no') NOT NULL default 'no',
+  `Receive` enum('yes','no') NOT NULL default 'no',
+  `IMEI` varchar(35) NOT NULL,
+  `IMSI` varchar(35) NOT NULL,
+  `NetCode` varchar(10) default 'ERROR',
+  `NetName` varchar(35) default 'ERROR',
+  `Client` text NOT NULL,
+  `Battery` integer NOT NULL DEFAULT -1,
+  `Signal` integer NOT NULL DEFAULT -1,
+  `Sent` int NOT NULL DEFAULT 0,
+  `Received` int NOT NULL DEFAULT 0,
+  PRIMARY KEY (`IMEI`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+-- --------------------------------------------------------
+--
+-- Table structure for table `sentitems`
+--
+CREATE TABLE `sentitems` (
+  `UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+  `InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `SendingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00',
+  `DeliveryDateTime` timestamp NULL,
+  `Text` text NOT NULL,
+  `DestinationNumber` varchar(20) NOT NULL default '',
+  `Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression',
+  `UDH` text NOT NULL,
+  `SMSCNumber` varchar(20) NOT NULL default '',
+  `Class` integer NOT NULL default '-1',
+  `TextDecoded` text NOT NULL,
+  `ID` integer unsigned NOT NULL default '0',
+  `SenderID` varchar(255) NOT NULL,
+  `SequencePosition` integer NOT NULL default '1',
+  `Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error') NOT NULL default 'SendingOK',
+  `StatusError` integer NOT NULL default '-1',
+  `TPMR` integer NOT NULL default '-1',
+  `RelativeValidity` integer NOT NULL default '-1',
+  `CreatorID` text NOT NULL,
+  `StatusCode` integer NOT NULL default '-1',
+  PRIMARY KEY (`ID`, `SequencePosition`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+CREATE INDEX sentitems_date ON sentitems(DeliveryDateTime);
+CREATE INDEX sentitems_tpmr ON sentitems(TPMR);
+CREATE INDEX sentitems_dest ON sentitems(DestinationNumber);
+CREATE INDEX sentitems_sender ON sentitems(SenderID(250));
+--
+-- Triggers for setting default timestamps
+--
+DELIMITER //
+CREATE TRIGGER inbox_timestamp BEFORE INSERT ON inbox
+FOR EACH ROW
+BEGIN
+    IF NEW.ReceivingDateTime = '0000-00-00 00:00:00' THEN
+        SET NEW.ReceivingDateTime = CURRENT_TIMESTAMP();
+    END IF;
+END;//
+CREATE TRIGGER outbox_timestamp BEFORE INSERT ON outbox
+FOR EACH ROW
+BEGIN
+    IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN
+        SET NEW.InsertIntoDB = CURRENT_TIMESTAMP();
+    END IF;
+    IF NEW.SendingDateTime = '0000-00-00 00:00:00' THEN
+        SET NEW.SendingDateTime = CURRENT_TIMESTAMP();
+    END IF;
+    IF NEW.SendingTimeOut = '0000-00-00 00:00:00' THEN
+        SET NEW.SendingTimeOut = CURRENT_TIMESTAMP();
+    END IF;
+END;//
+CREATE TRIGGER phones_timestamp BEFORE INSERT ON phones
+FOR EACH ROW
+BEGIN
+    IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN
+        SET NEW.InsertIntoDB = CURRENT_TIMESTAMP();
+    END IF;
+    IF NEW.TimeOut = '0000-00-00 00:00:00' THEN
+        SET NEW.TimeOut = CURRENT_TIMESTAMP();
+    END IF;
+END;//
+CREATE TRIGGER sentitems_timestamp BEFORE INSERT ON sentitems
+FOR EACH ROW
+BEGIN
+    IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN
+        SET NEW.InsertIntoDB = CURRENT_TIMESTAMP();
+    END IF;
+    IF NEW.SendingDateTime = '0000-00-00 00:00:00' THEN
+        SET NEW.SendingDateTime = CURRENT_TIMESTAMP();
+    END IF;
+END;//
+DELIMITER ;
+----------------------------------------
+-----   ALCASAR specific table  --------
+----------------------------------------
+--
+-- Table structure for table `SMS_ban_perm`
+--
+CREATE TABLE IF NOT EXISTS `SMS_ban_perm` (
+  `SenderNumber` varchar(20) CHARACTER SET utf8 NOT NULL,
+  `Expiration` varchar(255) CHARACTER SET utf8 NOT NULL,
+  `Perm` int(11) NOT NULL,
+  `date_add` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`SenderNumber`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf32;
+--
+-- Table structure for table `SMS_ban_temp`
+--
+CREATE TABLE IF NOT EXISTS `SMS_ban_temp` (
+  `ID` int(11) NOT NULL AUTO_INCREMENT,
+  `SenderNumber` varchar(20) NOT NULL,
+  PRIMARY KEY (`ID`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+--
+-- Table structure for table `SMS_country`
+--
+CREATE TABLE IF NOT EXISTS `SMS_country` (
+  `name` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+  `id` varchar(20) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+  `status` int(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`name`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+--
+-- Dumping data for table `SMS_country`
+--
+INSERT INTO `SMS_country` (`name`, `id`, `status`) VALUES
+('Afghanistan', '+93', 0),
+('Afrique du Sud', '+27', 0),
+('Albanie', '+355', 0),
+('Algerie', '+213', 0),
+('Allemagne', '+49', 0),
+('Andorre', '+376', 0),
+('Angleterre', '+44', 0),
+('Angola', '+244', 0),
+('Anguilla', '+1264', 0),
+('Antigua et Barbuda', '+1268', 0),
+('Arabie Saoudite', '+966', 0),
+('Argentine', '+54', 0),
+('Armenie', '+374', 0),
+('Aruba', '+297', 0),
+('Australie', '+61', 0),
+('Autriche', '+43', 0),
+('Azerbaidjan', '+994', 0),
+('Bahamas', '+1242', 0),
+('Bahrein', '+973', 0),
+('Bangladesh', '+880', 0),
+('Barbade', '+1246', 0),
+('Belgique', '+32', 0),
+('Benin', '+229', 0),
+('Bermudes', '+1441', 0),
+('Bhoutan', '+975', 0),
+('Bielorussie', '+375', 0),
+('Birmanie', '+95', 0),
+('Bolivie', '+591', 0),
+('Bonaire', '+599', 0),
+('Bosnie', '+387', 0),
+('Botswana', '+267', 0),
+('Bresil', '+55', 0),
+('Brunei', '+673', 0),
+('Bulgarie', '+359', 0),
+('Burkina Faso', '+226', 0),
+('Burundi', '+257', 0),
+('Cambodge', '+855', 0),
+('Cameroun', '+237', 0),
+('Canada', '+1', 0),
+('Cap Vert', '+238', 0),
+('Chili', '+56', 0),
+('Chine', '+86', 0),
+('Chypre', '+357', 0),
+('Colombie', '+57', 0),
+('Comores', '+269', 0),
+('Congo RDC', '+243', 0),
+('Congo RPC', '+242', 0),
+('Coree du Nord', '+850', 0),
+('Coree du Sud', '+82', 0),
+('Costa Rica 1', '+501', 0),
+('Costa Rica 2', '+506', 0),
+('Cote d Ivoire', '+225', 0),
+('Croatie', '+385', 0),
+('Cuba', '+53', 0),
+('Curacao', '+599', 0),
+('Danemark', '+45', 0),
+('Djibouti', '+253', 0),
+('Dominique', '+1767', 0),
+('Egypte', '+20', 0),
+('El Salvador', '+503', 0),
+('Emirats Arabes Unis', '+971', 0),
+('Equateur', '+593', 0),
+('Erythree', '+291', 0),
+('Espagne', '+34', 0),
+('Estonie', '+372', 0),
+('Etats-Unis', '+1', 0),
+('Ethiopie', '+251', 0),
+('Falklands Malouines', '+500', 0),
+('Finlande', '+358', 0),
+('France', '+33', 1),
+('Gabon', '+241', 0),
+('Gambie', '+220', 0),
+('Georgie', '+995', 0),
+('Ghana', '+233', 0),
+('Gibraltar', '+350', 0),
+('Grece', '+30', 0),
+('Grenade', '+1473', 0),
+('Groenland', '+299', 0),
+('Guadeloupe', '+590', 0),
+('Guatemala', '+502', 0),
+('Guernesey', '+441481', 0),
+('Guinee', '+224', 0),
+('Guinee Bissau', '+245', 0),
+('Guinee Equatoriale', '+240', 0),
+('Guyana', '+5921', 0),
+('Guyane France', '+594', 0),
+('Haiti', '+509', 0),
+('Herm', '+441481', 0),
+('Honduras', '+504', 0),
+('Hong Kong', '+852', 0),
+('Hongrie', '+36', 0),
+('Ile de Ascension', '+247', 0),
+('Ile Maurice', '+230', 0),
+('Iles Cayman', '+1345', 0),
+('Iles Christmas', '+61', 0),
+('Iles Coco', '+61', 0),
+('Iles Cook', '+682', 0),
+('Iles Fidji', '+679', 0),
+('Iles Mariannes', '+1670', 0),
+('Iles Marshall', '+692', 0),
+('Iles Salomon', '+677', 0),
+('Iles Vierges GB', '+1284', 0),
+('Iles Vierges USA', '+1340', 0),
+('Inde', '+91', 0),
+('Indonesie', '+62', 0),
+('Irak', '+964', 0),
+('Iran', '+98', 0),
+('Irlande', '+353', 0),
+('Islande', '+354', 0),
+('Israel', '+972', 0),
+('Italie', '+39', 0),
+('Jamaique', '+1876', 0),
+('Japon', '+81', 0),
+('Jersey', '+441534', 0),
+('Jordanie', '+962', 0),
+('Kazakhstan', '+7', 0),
+('Kenya', '+254', 0),
+('Kirghizistan', '+996', 0),
+('Kiribati', '+686', 0),
+('Koweit', '+965', 0),
+('Laos', '+856', 0),
+('Lesotho', '+266', 0),
+('Lettonie', '+371', 0),
+('Liban', '+961', 0),
+('Libye', '+218', 0),
+('Liechtenstein', '+423', 0),
+('Lituanie', '+370', 0),
+('Luxembourg', '+352', 0),
+('Macao', '+853', 0),
+('Macedoine', '+389', 0),
+('Madagascar', '+261', 0),
+('Malaisie', '+60', 0),
+('Malawi', '+265', 0),
+('Maldives', '+960', 0),
+('Mali', '+223', 0),
+('Malte', '+356', 0),
+('Maroc', '+212', 0),
+('Martinique', '+596', 0),
+('Mauritanie', '+222', 0),
+('Mayotte', '+269', 0),
+('Mexique', '+52', 0),
+('Micronesie', '+691', 0),
+('Moldavie', '+373', 0),
+('Monaco', '+377', 0),
+('Mongolie', '+9761', 0),
+('Montserrat', '+1664', 0),
+('Mozambique', '+258', 0),
+('Namibie', '+264', 0),
+('Nauru', '+674', 0),
+('Nepal', '+977', 0),
+('Nicaragua', '+505', 0),
+('Niger', '+227', 0),
+('Nigeria', '+2349', 0),
+('Norvege', '+47', 0),
+('Nouvelle Caledonie', '+687', 0),
+('Nouvelle Zelande', '+64', 0),
+('Oman', '+968', 0),
+('Ouganda', '+2560', 0),
+('Ouzbekistan', '+998', 0),
+('Pakistan', '+92', 0),
+('Palau', '+680', 0),
+('Palestine', '+970', 0),
+('Panama', '+507', 0),
+('Papouasie Nouvelle Guinee', '+675', 0),
+('Paraguay', '+595', 0),
+('Pays-Bas', '+31', 0),
+('Perou', '+51', 0),
+('Philippines', '+63', 0),
+('Pologne', '+48', 0),
+('Polynesie France', '+689', 0),
+('Porto Rico', '+1787', 0),
+('Portugal', '+351', 0),
+('Qatar', '+974', 0),
+('Republique Centrafricaine', '+236', 0),
+('Republique Dominicaine', '+1809', 0),
+('Republique Tcheque', '+420', 0),
+('Reunion', '+262', 0),
+('Roumanie', '+40', 0),
+('Royaume Uni', '+44', 0),
+('Russie', '+7', 0),
+('Rwanda', '+250', 0),
+('Saint Marin (Rep.)', '+378', 0),
+('Sainte Lucie', '+1758', 0),
+('Samoa occidental', '+685', 0),
+('Sao Tome et Principe', '+239', 0),
+('Senegal', '+221', 0),
+('Serbie', '+381', 0),
+('Sercq', '+441481', 0),
+('Seychelles', '+248', 0),
+('Sierra Leone', '+232', 0),
+('Singapour', '+65', 0),
+('Slovaquie', '+421', 0),
+('Slovenie', '+386', 0),
+('Somalie', '+252', 0),
+('Soudan', '+249', 0),
+('Sri Lanka', '+94', 0),
+('St Kitts', '+1869', 0),
+('St Pierre et Miquelon', '+508', 0),
+('St Vincent et les Grenadines', '+1784', 0),
+('Suede', '+46', 0),
+('Suisse', '+41', 0),
+('Surinam', '+597', 0),
+('Swaziland', '+268', 0),
+('Syrie', '+963', 0),
+('Tadjikistan', '+992', 0),
+('Taiwan', '+886', 0),
+('Tanzanie', '+255', 0),
+('Tchad', '+235', 0),
+('Thailande', '+661', 0),
+('Togo', '+228', 0),
+('Tonga', '+676', 0),
+('Trinidad et Tobago', '+1868', 0),
+('Tunisie', '+216', 0),
+('Turkmenistan', '+993', 0),
+('Turks et Caicos', '+1649', 0),
+('Turquie', '+90', 0),
+('Tuvalu', '+688', 0),
+('Ukraine', '+380', 0),
+('Uruguay', '+598', 0),
+('Vanuatu', '+678', 0),
+('Vatican', '+379', 0),
+('Venezuela', '+58', 0),
+('Vietnam', '+84', 0),
+('Wallis et Futuna', '+681', 0),
+('Yemen', '+967', 0),
+('Zambie', '+260', 0),
+('Zimbabwe', '+263', 0),
+('FILTRAGE', 'fr', 0);

 /conf/grub-10_linux
 ,0 → 1,307
+#! /bin/sh
+set -e
+# grub-mkconfig helper script.
+# Copyright (C) 2006,2007,2008,2009,2010  Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+. "$pkgdatadir/grub-mkconfig_lib"
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+if [ -e /boot/grub2/user.cfg ] && grep -q GRUB2_PASSWORD /boot/grub2/user.cfg; then
+    CLASS="--class gnu-linux --class gnu --class os --unrestricted"
+fi
+if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
+  OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})"
+  CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}"
+else
+  OS="${GRUB_DISTRIBUTOR}"
+  CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
+fi
+# loop-AES arranges things so that /dev/loop/X can be our root device, but
+# the initrds that Linux uses don't like that.
+case ${GRUB_DEVICE} in
+  /dev/loop/*|/dev/loop[0-9])
+    GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
+  ;;
+esac
+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
+# and mounting btrfs requires user space scanning, so force UUID in this case.
+if  [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
+    || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" && [ "x${DURING_INSTALL}" != "x1" ] ) \
+    || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
+  LINUX_ROOT_DEVICE=${GRUB_DEVICE}
+else
+  LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
+fi
+case x"$GRUB_FS" in
+    xbtrfs)
+        rootsubvol="`make_system_path_relative_to_its_root /`"
+        rootsubvol="${rootsubvol#/}"
+        if [ "x${rootsubvol}" != x ]; then
+            GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
+        fi;;
+    xzfs)
+        rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
+        bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
+        LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}"
+        ;;
+esac
+mktitle ()
+{
+  local OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})"
+  local OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})"
+  local titlestr="${OS_NAME} (%s) ${OS_VERS}"
+  echo -n ${titlestr}
+}
+title_correction_code=
+linux_entry ()
+{
+  os="$1"
+  version="$2"
+  type="$3"
+  args="$4"
+  sixteenbit=""
+  linuxefi="linux"
+  initrdefi="initrd"
+  case "$machine" in
+    i?86|x86_64)
+        sixteenbit="16"
+        linuxefi="linuxefi"
+        initrdefi="initrdefi"
+        ;;
+    aarch64)
+        linuxefi="linux"
+        initrdefi="initrd"
+        ;;
+  esac
+  if [ -z "$boot_device_id" ]; then
+      boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+  fi
+  if [ x$type != xsimple ] ; then
+      case $type in
+          recovery)
+              title="$(printf "$(mktitle) (recovery mode)" "${version}")" ;;
+          *)
+              title="$(printf "$(mktitle)" "${version}")" ;;
+      esac
+      if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
+          replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
+          quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
+          title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
+      fi
+      echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+  else
+      echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+  fi
+  if [ x$type != xrecovery ] ; then
+      save_default_entry | grub_add_tab
+  fi
+  # Use ELILO's generic "efifb" when it's known to be available.
+  # FIXME: We need an interface to select vesafb in case efifb can't be used.
+  if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
+      echo "    load_video" | sed "s/^/$submenu_indentation/"
+      if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \
+          && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then
+          echo "        set gfxpayload=keep" | sed "s/^/$submenu_indentation/"
+      fi
+  else
+      if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
+          echo "        load_video" | sed "s/^/$submenu_indentation/"
+      fi
+      echo "    set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/"
+  fi
+  echo "        insmod gzio" | sed "s/^/$submenu_indentation/"
+  if [ x$dirname = x/ ]; then
+    if [ -z "${prepare_root_cache}" ]; then
+      prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)"
+    fi
+    printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/"
+  else
+    if [ -z "${prepare_boot_cache}" ]; then
+      prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
+    fi
+    printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
+  fi
+  if [ -d /sys/firmware/efi ]; then
+    sed "s/^/$submenu_indentation/" << EOF
+        ${linuxefi} ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+EOF
+  else
+    sed "s/^/$submenu_indentation/" << EOF
+        linux${sixteenbit} ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+EOF
+  fi
+  if test -n "${initrd}" ; then
+    if [ -d /sys/firmware/efi ]; then
+      sed "s/^/$submenu_indentation/" << EOF
+        ${initrdefi} ${rel_dirname}/${initrd}
+EOF
+    else
+      sed "s/^/$submenu_indentation/" << EOF
+        initrd${sixteenbit} ${rel_dirname}/${initrd}
+EOF
+    fi
+  fi
+  if test -n "${fdt}" ; then
+    sed "s/^/$submenu_indentation/" << EOF
+        devicetree      ${rel_dirname}/${fdt}
+EOF
+  fi
+  sed "s/^/$submenu_indentation/" << EOF
+}
+EOF
+}
+machine=`uname -m`
+case "x$machine" in
+    xi?86 | xx86_64)
+        list=
+        for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do
+            if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+        done ;;
+    *)
+        list=
+        for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do
+                  if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+        done ;;
+esac
+case "$machine" in
+    i?86) GENKERNEL_ARCH="x86" ;;
+    mips|mips64) GENKERNEL_ARCH="mips" ;;
+    mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
+    arm*) GENKERNEL_ARCH="arm" ;;
+    *) GENKERNEL_ARCH="$machine" ;;
+esac
+prepare_boot_cache=
+prepare_root_cache=
+boot_device_id=
+title_correction_code=
+# Extra indentation to add to menu entries in a submenu. We're not in a submenu
+# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
+submenu_indentation=""
+is_top_level=true
+while [ "x$list" != "x" ] ; do
+  linux=`version_find_latest $list`
+  gettext_printf "Found linux image: %s\n" "$linux" >&2
+  basename=`basename $linux`
+  dirname=`dirname $linux`
+  rel_dirname=`make_system_path_relative_to_its_root $dirname`
+  version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
+  alt_version=`echo $version | sed -e "s,\.old$,,g"`
+  linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
+  initrd=
+  for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
+           "initrd-${version}" "initramfs-${version}.img" \
+           "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+           "initrd-${alt_version}" "initramfs-${alt_version}.img" \
+           "initramfs-genkernel-${version}" \
+           "initramfs-genkernel-${alt_version}" \
+           "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
+           "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+    if test -e "${dirname}/${i}" ; then
+      initrd="$i"
+      break
+    fi
+  done
+  fdt=
+  for i in "dtb-${version}" "dtb-${alt_version}"; do
+    if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then
+      fdt="${i}/${GRUB_DEFAULT_DTB}"
+      break
+    fi
+  done
+  config=
+  for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+    if test -e "${i}" ; then
+      config="${i}"
+      break
+    fi
+  done
+  initramfs=
+  if test -n "${config}" ; then
+      initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
+  fi
+  if test -n "${initrd}" ; then
+    gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2
+  elif test -z "${initramfs}" ; then
+    # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs.  Since there's
+    # no initrd or builtin initramfs, it can't work here.
+    linux_root_device_thisversion=${GRUB_DEVICE}
+  fi
+  if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then
+    GRUB_DISABLE_SUBMENU="true"
+  fi
+  if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then
+    linux_entry "${OS}" "${version}" simple \
+    "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+    submenu_indentation="$grub_tab"
+    if [ -z "$boot_device_id" ]; then
+        boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+    fi
+    # TRANSLATORS: %s is replaced with an OS name
+    echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
+    is_top_level=false
+  fi
+  linux_entry "${OS}" "${version}" advanced \
+              "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+  if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
+    linux_entry "${OS}" "${version}" recovery \
+                "failsafe ${GRUB_CMDLINE_LINUX}"
+  fi
+  list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
+done
+# If at least one kernel was found, then we need to
+# add a closing '}' for the submenu command.
+if [ x"$is_top_level" != xtrue ]; then
+  echo '}'
+fi
+echo "$title_correction_code"
 Property changes:
 Added: svn:executable
 +*
 \ No newline at end of property

 /conf/empty-radiusd-db.sql
 ,0 → 1,245
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+--
+-- Table structure for table `radacct`
+--
+DROP TABLE IF EXISTS `radacct`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radacct` (
+  `radacctid`            bigint(21)  NOT NULL AUTO_INCREMENT,
+  `acctsessionid`        varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `acctuniqueid`         varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `username`             varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `groupname`            varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `realm`                varchar(64) COLLATE utf8_bin DEFAULT '',
+  `nasipaddress`         varchar(15) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `nasportid`            varchar(15) COLLATE utf8_bin DEFAULT NULL,
+  `nasporttype`          varchar(32) COLLATE utf8_bin DEFAULT NULL,
+  `acctstarttime`        datetime    DEFAULT NULL,
+  `acctstoptime`         datetime    DEFAULT NULL,
+  `acctsessiontime`      int(12)     DEFAULT NULL,
+  `acctauthentic`        varchar(32) COLLATE utf8_bin DEFAULT NULL,
+  `connectinfo_start`    varchar(50) COLLATE utf8_bin DEFAULT NULL,
+  `connectinfo_stop`     varchar(50) COLLATE utf8_bin DEFAULT NULL,
+  `acctinputoctets`      bigint(20)  DEFAULT NULL,
+  `acctoutputoctets`     bigint(20)  DEFAULT NULL,
+  `calledstationid`      varchar(50) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `callingstationid`     varchar(50) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `acctterminatecause`   varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `servicetype`          varchar(32) COLLATE utf8_bin DEFAULT NULL,
+  `framedprotocol`       varchar(32) COLLATE utf8_bin DEFAULT NULL,
+  `framedipaddress`      varchar(15) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `acctstartdelay`       int(12)     DEFAULT NULL,
+  `acctstopdelay`        int(12)     DEFAULT NULL,
+  `xascendsessionsvrkey` varchar(10) COLLATE utf8_bin DEFAULT NULL,
+  PRIMARY KEY (`radacctid`),
+  KEY `username` (`username`),
+  KEY `framedipaddress` (`framedipaddress`),
+  KEY `acctsessionid` (`acctsessionid`),
+  KEY `acctsessiontime` (`acctsessiontime`),
+  KEY `acctuniqueid` (`acctuniqueid`),
+  KEY `acctstarttime` (`acctstarttime`),
+  KEY `acctstoptime` (`acctstoptime`),
+  KEY `nasipaddress` (`nasipaddress`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radcheck`
+--
+DROP TABLE IF EXISTS `radcheck`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radcheck` (
+  `id`        int(11)      unsigned NOT NULL AUTO_INCREMENT,
+  `username`  varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `attribute` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `op`        char(2)      COLLATE utf8_bin NOT NULL DEFAULT '==',
+  `value`     varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`),
+  KEY `username` (`username`(32))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radgroupcheck`
+--
+DROP TABLE IF EXISTS `radgroupcheck`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radgroupcheck` (
+  `id`        int(11)      unsigned NOT NULL AUTO_INCREMENT,
+  `groupname` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `attribute` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `op`        char(2)      COLLATE utf8_bin NOT NULL DEFAULT '==',
+  `value`     varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`),
+  KEY `groupname` (`groupname`(32))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radgroupreply`
+--
+DROP TABLE IF EXISTS `radgroupreply`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radgroupreply` (
+  `id`        int(11)      unsigned NOT NULL AUTO_INCREMENT,
+  `groupname` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `attribute` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `op`        char(2)      COLLATE utf8_bin NOT NULL DEFAULT '=',
+  `value`     varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`),
+  KEY `groupname` (`groupname`(32))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radreply`
+--
+DROP TABLE IF EXISTS `radreply`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radreply` (
+  `id`        int(11)      unsigned NOT NULL AUTO_INCREMENT,
+  `username`  varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `attribute` varchar(64)  COLLATE utf8_bin NOT NULL DEFAULT '',
+  `op`        char(2)      COLLATE utf8_bin NOT NULL DEFAULT '=',
+  `value`     varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`),
+  KEY `username` (`username`(32))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radusergroup`
+--
+DROP TABLE IF EXISTS `radusergroup`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radusergroup` (
+  `username`  varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `groupname` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `priority`  int(11)     NOT NULL DEFAULT '1',
+  KEY `username` (`username`(32))
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `radpostauth`
+--
+DROP TABLE IF EXISTS `radpostauth`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `radpostauth` (
+  `id`       int(11)     NOT NULL AUTO_INCREMENT,
+  `username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `pass`     varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `reply`    varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `authdate` timestamp   NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `mtotacct`
+--
+DROP TABLE IF EXISTS `mtotacct`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `mtotacct` (
+  `mtotacctid`      bigint(21)  NOT NULL AUTO_INCREMENT,
+  `username`        varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `acctdate`        date        NOT NULL DEFAULT '0000-00-00',
+  `connnum`         bigint(12)  DEFAULT NULL,
+  `conntotduration` bigint(12)  DEFAULT NULL,
+  `connmaxduration` bigint(12)  DEFAULT NULL,
+  `connminduration` bigint(12)  DEFAULT NULL,
+  `inputoctets`     bigint(12)  DEFAULT NULL,
+  `outputoctets`    bigint(12)  DEFAULT NULL,
+  `nasipaddress`    varchar(15) COLLATE utf8_bin DEFAULT NULL,
+  PRIMARY KEY (`mtotacctid`),
+  KEY `username` (`username`),
+  KEY `acctdate` (`acctdate`),
+  KEY `UserOnDate` (`username`,`acctdate`),
+  KEY `nasipaddress` (`nasipaddress`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `totacct`
+--
+DROP TABLE IF EXISTS `totacct`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `totacct` (
+  `totacctid`       bigint(21)  NOT NULL AUTO_INCREMENT,
+  `username`        varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `acctdate`        date        NOT NULL DEFAULT '0000-00-00',
+  `connnum`         bigint(12)  DEFAULT NULL,
+  `conntotduration` bigint(12)  DEFAULT NULL,
+  `connmaxduration` bigint(12)  DEFAULT NULL,
+  `connminduration` bigint(12)  DEFAULT NULL,
+  `inputoctets`     bigint(12)  DEFAULT NULL,
+  `outputoctets`    bigint(12)  DEFAULT NULL,
+  `nasipaddress`    varchar(15) COLLATE utf8_bin DEFAULT NULL,
+  PRIMARY KEY (`totacctid`),
+  KEY `username` (`username`),
+  KEY `acctdate` (`acctdate`),
+  KEY `UserOnDate` (`username`,`acctdate`),
+  KEY `nasipaddress` (`nasipaddress`),
+  KEY `nasipaddressOnDate` (`acctdate`,`nasipaddress`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+--
+-- Table structure for table `userinfo`
+--
+DROP TABLE IF EXISTS `userinfo`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `userinfo` (
+  `id`         int(10)      NOT NULL AUTO_INCREMENT,
+  `username`   varchar(64)  COLLATE utf8_bin DEFAULT NULL,
+  `name`       varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  `mail`       varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  `department` varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  `workphone`  varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  `homephone`  varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  `mobile`     varchar(200) COLLATE utf8_bin DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `username` (`username`),
+  KEY `department` (`department`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
+/*!40101 SET character_set_client = @saved_cs_client */;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

 /conf/ulogd-sample.conf
 ,0 → 1,41
+# Example of a simple configuration for ulogd with ALCASAR
+[global]
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
+user="ulogd"
+group="ulogd"
+# logfile for status messages
+logfile="/var/log/ulogd/ulogd.log"
+# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
+#loglevel=8
+######################################################################
+# PLUGIN OPTIONS
+######################################################################
+# We have to configure and load only the plugins we want to use
+# general rules:
+# 1. load the plugins _first_ from the global section
+# 2. options for each plugin in seperate section below
+plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so"
+plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so"
+# this is a stack for ULOG packet-based logging via LOGEMU
+stack=log1:NFLOG,base1:BASE,ifil:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+[log1]
+group=CHANGEVALUE

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1 → Rev HEAD