Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 3189 → Rev 3190

/gpl-warning.txt
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
/gpl-warning.fr.txt
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
/CHANGELOG.md
1,4 → 1,12
# ALCASAR CHANGELOG
 
## 3.7.0 (SVN revision: 3180)
* NEWS
* CHANGES
* ACC
* BUGS
* SECURITY
* WEB
## 3.6.1 (SVN revision: 3180)
* NEWS
* CHANGES
/VERSION
1,0 → 0,0
3.6.1
3.7.0b
/alcasar.sh
74,9 → 74,38
{
if [ $Lang == "fr" ]
then
cat $DIR_INSTALL/gpl-warning.fr.txt | more
echo " *******************************"
echo " **** Licence d'utilisation ****"
echo " *******************************"
echo
echo "ALCASAR est un logiciel libre"
echo
echo "Avant de l'installer, vous devez accepter les termes de sa licence 'GPL-V3'"
echo "Le descriptif de cette licence est disponible dans le fichier 'GPL-3.0.txt'"
echo "Une traduction française est disponible dans le fichier 'GPL-3.0.fr.txt'."
echo
echo "Les objectifs de cette licence sont de garantir à l'utilisateur :"
echo "- La liberté d'exécuter le logiciel, pour n'importe quel usage ;"
echo "- La liberté d'étudier et d'adapter le logiciel à ses besoins ;"
echo "- La liberté de redistribuer des copies ;"
echo "- L'obligation de faire bénéficier à la communauté les versions modifiées."
echo
else
cat $DIR_INSTALL/gpl-warning.txt | more
echo " *******************************"
echo " **** User License ****"
echo " *******************************"
echo
echo "ALCASAR is an open source software"
echo
echo "Before install it, you must understand and accept the license 'GPL-V3'"
echo "you can read this license in the file 'GPL-3.0.txt'"
echo
echo "The goals of this license are :"
echo "- the freedom of using the software ;"
echo "- the freedom of studying et adapting it for its own uses ;"
echo "- the freedom of redistributing copies of it ;"
echo "- the compulsory of giving the modify versions to the community"
echo
fi
response=0
PTN='^[oOyYnN]?$'
105,7 → 134,7
 
########################################################
## "system_testing" ##
## - Test Mageia version ##
## - Test distribution version ##
## - Test ALCASAR version (if already installed) ##
## - Test free space on /var (>10G) ##
## - Test Internet access ##
114,30 → 143,11
{
# Test of Mageia version
# extract the current Mageia version and hardware architecture (X86_64)
fic=`cat /etc/product.id`
unknown_os=0
old="$IFS"
IFS=","
set $fic
for i in "$@"
do
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
then
DISTRIBUTION=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
then
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
ARCH=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
done
if [ "$ARCH" != "x86_64" ]
fic="/etc/product.id"
DISTRIBUTION_NAME=`cat $fic|cut -d"," -f2|cut -d"=" -f2`
DISTRIBUTION_VERSION=`cat $fic|cut -d"," -f4|cut -d"=" -f2`
DISTRIBUTION_ARCH=`cat $fic|cut -d"," -f7|cut -d"=" -f2`
if [ "$DISTRIBUTION_ARCH" != "x86_64" ]
then
if [ $Lang == "fr" ]
then echo "Votre architecture matérielle doit être en 64bits"
145,8 → 155,7
fi
exit 1
fi
IFS="$old"
if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || (( "$CURRENT_VERSION" != "7" ) && ( "$CURRENT_VERSION" != "8" ))]]
if [[("$DISTRIBUTION_NAME" != "Mageia" ) || (( "$DISTRIBUTION_VERSION" != "8" ) && ( "$DISTRIBUTION_VERSION" != "9" ))]]
then
if [ -e /var/tmp/alcasar-conf.tar.gz ] # update
then
370,7 → 379,7
fi
echo -n "."
# Test if default GW is alive
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
arp_reply=`LANG=en_US.UTF8 /usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
if [ "$(expr $arp_reply)" -eq 0 ]
then
if [ $Lang == "fr" ]
2224,7 → 2233,7
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
vm_vga=`lsmod | grep -c -E "virtio|vmwgfx"` # test if in VM
if [ $vm_vga == 0 ] # is not a VM
then
cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
2369,7 → 2378,7
echo "/^kernel/" > /etc/urpmi/skip.list
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
echo "/^freeradius/" >> /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\* wkhtmltopdf freeradius?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel* wkhtmltopdf freeradius" >> /etc/dnf/dnf.conf
/iso/build-iso.sh
180,7 → 180,7
 
# Generating the iso file
# Parameters for xorriso found using the following command on the Magiea iso file used in ressource folder
# ex: xorriso -indev Mageia-7.1-x86_64.iso -report_el_torito as_mkisofs
# ex: xorriso -indev Mageia-X.Y-x86_64.iso -report_el_torito as_mkisofs
cd ${MAGEIA_NEW_DIR} && xorriso -as mkisofs \
-V $newName \
--grub2-mbr --interval:local_fs:0s-15s:zero_mbrpt:$FULL_PATH_ISO_IN \
/rpms/CoovaChilli/coova-chilli-1.6.spec
4,17 → 4,17
Summary: CoovaChilli is an open-source software access controller for captive portal hotspots
Name: coova-chilli
Version: 1.6
Release: 2%{?dist}
Release: 1%{?dist}
License: GPLv3
Packager: Richard REY (Rexy)
Group: System/Servers
URL: https://coova.github.io/CoovaChilli
Source: %{name}-%{version}.tar.gz
Patch0: chilli.h.patch
Patch1: chilli_limits.h.patch
Patch2: redir.c.patch
Patch3: Makefile.am.patch
Patch4: CoovaChilliLib.py.patch
Patch 0: chilli.h.patch
Patch 1: chilli_limits.h.patch
Patch 2: redir.c.patch
Patch 3: Makefile.am.patch
Patch 4: CoovaChilliLib.py.patch
BuildRequires: gengetopt
BuildRequires: libtool
BuildRequires: openssl-devel
32,11 → 32,11
%prep
%setup -q -n %{name}-%{version}
 
%patch0 -p3
%patch1 -p0
%patch2 -p0
%patch3 -p0
%patch4 -p0
%patch 0 -p3
%patch 1 -p0
%patch 2 -p0
%patch 3 -p0
%patch 4 -p0
 
cp ../../SOURCES/SHA256.c ./src/SHA256.c
cp ../../SOURCES/SHA256.h ./src/SHA256.h
93,20 → 93,22
%exclude %{_libdir}/python/CoovaChilliLib.py*
 
%changelog
* Mon Apr 08 2024 Richard REY (aka Rexy) - 1.6-1.mga9
- 1.6 release for Mageia9
* Fri Oct 14 2022 Paul BAESKENS (aka StaringCat) - 1.6-1.mga8
- Add SHA256 in PAP protocol
* Sat Jul 23 2022 Richard REY (aka Rexy) - 1.6-1.mga8
- 1.6 release
- 1.6 release for Mageia8
* Wed Feb 24 2021 Richard REY (aka Rexy) - 1.6-1.mga7
- 1.6 release
- 1.6 release for Mageia7
* Fri May 22 2020 Richard REY (aka Rexy) - 1.5-1.mga7
- 1.5 release
- 1.5 release for Mageia7
* Mon May 22 2017 Tom Houdayer - 1.4-3.mga5
- Add mDNS support
* Sat May 06 2017 Tom Houdayer - 1.4-2.mga5
- Add OpenSSL support
* Mon Dec 19 2016 Rexy for ALCASAR project
- 1.4-1 release
- 1.4-1 release for Mageia5
* Sun Nov 13 2016 Rexy for ALCASAR project
- 1.3.2-2 release (including the code resolving IPSEC bug #255 & #301)
* Tue Oct 25 2016 Rexy for ALCASAR project
/rpms/x86_64/coova-chilli-1.6-2.mga8.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/wget-1.21.3-1.mga8.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/coova-chilli-1.6-1.mga9.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/rpms/x86_64/wget-1.21.4-1.mga9.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-bl-autoupdate.sh
39,7 → 39,7
#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
# MAX_TLD=18
#fi
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
# search for correction grep -E "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
 
usage="Usage: alcasar-bl-autoupdate.sh { -update_cat or --update_cat | -update_ossi-bl-candc or --update_ossi-bl-candc }"
/scripts/alcasar-bl.sh
107,7 → 107,7
#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
# MAX_TLD=18
#fi
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
# search for correction grep -E "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
/scripts/alcasar-conf.sh
212,7 → 212,7
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
if ! echo $PRIVATE_IP_MASK | egrep -q $PTN
if ! echo $PRIVATE_IP_MASK | grep -q -E $PTN
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
226,7 → 226,7
DNS1=`echo $DHCP_DNS_servers | cut -d"," -f1`
DNS2=`echo $DHCP_DNS_servers | cut -d"," -f2`
else
if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
if ! echo $PUBLIC_IP_MASK | grep -q -E $PTN
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
234,19 → 234,19
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
PUBLIC_GATEWAY=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
if ! echo $PUBLIC_GATEWAY | egrep -q $PTN
if ! echo $PUBLIC_GATEWAY | grep -q -E $PTN
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
DNS1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
if ! echo $DNS1 | egrep -q $PTN
if ! echo $DNS1 | grep -q -E $PTN
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
if ! echo $DNS2 | egrep -q $PTN
if ! echo $DNS2 | grep -q -E $PTN
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
/scripts/alcasar-daemon.sh
44,7 → 44,7
-after-update)
# TODO : check precisely which processes should be restarted (reboot the system or restart alcasar processes)
# extract processes name : for i in `dnf needs-restarting|cut -d " " -f3|sort -u|tr -d ":"|rev|cut -d"/" -f1|rev`;do;echo $i;done
# system_processes=`dnf needs-restarting|egrep 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
# system_processes=`dnf needs-restarting|grep -E 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
nb_processes=`dnf needs-restarting|wc -l`
if [ $nb_processes -ne 0 ]; then
reboot
/scripts/alcasar-iptables-bypass.sh
23,7 → 23,7
if [[ "$public_ip_mask" == "dhcp" ]]
then
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN`
public_ip_mask=`ip addr show $EXTIF | grep -o -E $PTN`
fi
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
SSH_LAN=`grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2` # SSH LAN port
/scripts/alcasar-iptables.sh
27,7 → 27,7
then
dhcp_on_extif="on"
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN`
public_ip_mask=`ip addr show $EXTIF | grep -o -E $PTN`
fi
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
478,7 → 478,7
else
custom_tcp_protocols_list=`echo $custom_tcp_protocols_list","$svc_port`
fi
udp_svc=`egrep "[[:space:]]$svc_port/udp" /etc/services|wc -l`
udp_svc=`grep -E "[[:space:]]$svc_port/udp" /etc/services|wc -l`
if [ $udp_svc = "1" ] # udp service exist
then
if [ "$custom_udp_protocols_list" == "" ]
/scripts/alcasar-rpm.sh
9,10 → 9,10
 
Lang=`echo $LANG|cut -c 1-2`
SED="/bin/sed -i"
VERSION="8"
VERSION="9"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8"
KERNEL="kernel-server-6.6.22-1.mga9"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# (old) perl-Socket6 : needed by nfsen
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
20,7 → 20,7
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
# "sudo" : needed after a reinstallation (to be investigated)
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntpsec bind-utils openssh-server rng-utils rsync fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
 
rpm_repository_sync ()
{
41,7 → 41,6
# restore previous rpm conf file & removed RPMs
[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg
urpmi --no-verify-rpm --auto rpms/$ARCH/wkhtmltopdf*.rpm
urpmi --auto --quiet freeradius-ldap lighttpd-mod_auth
echo
if [ $Lang == "fr" ]
then
53,28 → 52,6
fi
}
 
# extract the current Mageia version and hardware architecture (i586 ou X64)
fic=`cat /etc/product.id`
old="$IFS"
IFS=","
set $fic
for i in $*
do
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
then
DISTRIBUTION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
then
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
ARCH=`echo $i|cut -d"=" -f2`
fi
done
IFS="$old"
 
# We prefer wget than curl
urpmi --no-verify-rpm --auto rpms/$ARCH/wget*.rpm
 
130,15 → 107,12
 
# At this time, we only skip Kernel update
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
 
# Remove some RPMs in order to avoid error and automatic update
urpme wkhtmltopdf freeradius-ldap lighttpd-mod_auth
 
# download the kernel used by ALCASAR
if [ $Lang == "fr" ]
then
/scripts/alcasar-uninstall.sh
396,7 → 396,7
 
# Reset "skip.list" (we keep "kernel" in order not to download kernel we don't want to have)
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
/scripts/alcasar-watchdog.sh
82,7 → 82,7
if [ "$MULTIWAN" == "off" ] || [ "$MULTIWAN" == "Off" ]
then
IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
if [ $arp_reply -eq "0" ]
then
LAN_DOWN="2"
164,7 → 164,7
# IP usurpation test : process only equipment with an authenticated user
if [[ $(expr $active_session) -eq 1 ]]
then
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
if [[ $(expr $arp_reply) -gt 1 ]]
then
/web/acc/welcome.php
22,7 → 22,7
}
// router test
function routerTest($host,$nic) {
$out = exec("(sudo arping -I$nic -c1 $host|grep response|cut -d' ' -f2)");
$out = exec("(sudo LANG=en_US.UTF-8 arping -I$nic -c1 $host|grep response|cut -d' ' -f2)");
return ($out == "1") ? true : false;
}