/web/acc/admin/activity.php |
---|
27,6 → 27,7 |
fclose($ouvre); |
$tmp = explode("/",$conf["PRIVATE_IP"]); |
$private_ip=$tmp[0]; |
require('/etc/freeradius-web/config.php'); |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
90,47 → 91,53 |
<th>$l_user</th> |
<th>$l_action</th> |
</tr>"; |
$output = array(); $nb_ligne = 0; |
$output = array(); $output_mac = array(); $nb_ligne = 0; |
exec ('sudo /sbin/ip link show eth1 |grep ether|cut -d" " -f6', $output_mac); |
$eth1_mac_addr=strtoupper(str_replace(":","-",$output_mac[0])); |
exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output); |
while (list(,$ligne) = each($output)){ |
$detail = explode (" ", $ligne); |
if ($detail[1] != $private_ip){ |
$nb_ligne ++; |
echo "<FORM action='".$_SERVER['PHP_SELF']."' method=POST>"; |
echo "<TR>"; |
echo "<TD>".$nb_ligne."</TD>"; |
echo "<TD>".$detail[1]."</TD>"; |
echo "<TD>".$detail[0]."</TD>"; |
echo "<TD>"; |
# authenticated equipment |
if ($detail[4] == "1"){ |
# by MAC address |
if ($detail[5] == $detail[0]){ |
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed</a>"; |
echo "</TD><TD> "; |
} |
# by user |
else { |
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>"; |
echo "</TD>"; |
echo "<TD>"; |
echo "<INPUT type='hidden' name='action' value='user_disconnect'>"; |
echo "<INPUT type='hidden' name='user' value='$detail[5]'>"; |
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>"; |
echo "<INPUT type=submit value='$l_disconnect'>"; |
} |
} |
# equipment without authenticated user |
else { |
echo " "; |
$nb_ligne ++; |
echo "<FORM action='".$_SERVER['PHP_SELF']."' method=POST>"; |
echo "<TR>"; |
echo "<TD>".$nb_ligne."</TD>"; |
echo "<TD>".$detail[1]."</TD>"; |
echo "<TD>".$detail[0]."</TD>"; |
echo "<TD>"; |
# authenticated equipment |
if ($detail[4] == "1"){ |
# by MAC address |
if ($detail[5] == $detail[0]){ |
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed</a>"; |
echo "</TD><TD> "; |
} |
# by user |
else { |
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>"; |
echo "</TD>"; |
echo "<TD>"; |
echo "<INPUT type='hidden' name='action' value='mac_disconnect'>"; |
echo "<INPUT type='hidden' name='action' value='user_disconnect'>"; |
echo "<INPUT type='hidden' name='user' value='$detail[5]'>"; |
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>"; |
echo "<INPUT type='submit' value='$l_dissociate'>"; |
echo "<INPUT type=submit value='$l_disconnect'>"; |
} |
} |
echo "</TD></TR></FORM>"; |
# equipment without authenticated user |
else if (($detail[0] == $eth1_mac_addr) || ($detail[1] == $private_ip)){ |
echo "ALCASAR system"; |
echo "</TD>"; |
echo "<TD>"; |
echo " "; |
} |
else { |
echo " "; |
echo "</TD>"; |
echo "<TD>"; |
echo "<INPUT type='hidden' name='action' value='mac_disconnect'>"; |
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>"; |
echo "<INPUT type='submit' value='$l_dissociate'>"; |
} |
echo "</TD></TR></FORM>"; |
} |
?> |
</td></tr> |
/alcasar.sh |
---|
281,12 → 281,12 |
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE |
echo "$secretradius" >> $PASSWD_FILE |
chmod 640 $PASSWD_FILE |
# On installe les scripts et fichiers de configuration d'ALCASAR |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh} |
# Scripts and conf files copy |
# - in /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh} |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar* |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh} |
# - in /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh} |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar* |
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services} |
# - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services} |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar* |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh |
357,19 → 357,20 |
fi |
# Define LAN side global parameters |
hostname $HOSTNAME |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0) |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0) |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side) |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0) |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0) |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side) |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF (eth1) |
# Define Internet parameters |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF |
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS |
980,8 → 981,8 |
#dhcprelayagent |
#dhcpgatewayport |
EOF |
# création du fichier d'allocation d'adresses IP statiques |
touch $DIR_DEST_ETC/alcasar-ethers |
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
# create files for trusted domains and urls |
touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain |
chown root:apache $DIR_DEST_ETC/alcasar-* |
/conf/sudoers |
---|
12,7 → 12,7 |
User_Alias ADMWEB=apache # compte lié à l'interface de gestion |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/arping,/sbin/arp,/usr/sbin/arpscan,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/arpscan,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # gestion des paquetages |
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne |
/CHANGELOG |
---|
4,12 → 4,12 |
---------------------- 2.6.1 ----------------- |
Bugs |
- The embedded documentation is in right version |
- fix the dhcp static address for eth1 (intif) |
ACC |
- show user information when trusted equipment are listed (better than only MAC address) |
- main page : doesn't show the date of installation in the version field (can be confused) |
Install |
- show the GPL |
---------------------- 2.6.0.1 ----------------- |
Bugs |
- the deleted library fpdf has been restored |
/scripts/alcasar-conf.sh |
---|
77,7 → 77,6 |
mkdir $DIR_UPDATE/etc/ |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
# particularité des versions |
rm -f $DIR_UPDATE/etc/alcasar-macallowed # macallowed is replaced with macauth |
# si version <= 2.0 |
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ]) |
then |
176,17 → 175,20 |
echo "DNS_FILTERING=on" >> $CONF_FILE |
fi |
fi |
# DHCP mode can be "off/half/full" since V2.6 |
# since V2.6 |
# macallowed is replaced with macauth since |
rm -f $DIR_UPDATE/etc/alcasar-macallowed |
# DHCP mode can be "off/half/full" |
DHCP_mode=`cat $CONF_FILE|grep DHCP=|cut -d"=" -f2` |
if [ $DHCP_mode = "on" ]; then |
$SED "s?^DHCP=on.*?DHCP=full?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6 |
fi |
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6 |
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus |
$SED "/^EXT_LAN/d" $CONF_FILE |
# la catégorie de sites filtrés "ip" n'existe plus depuis la V2.6 |
# la catégorie de sites filtrés "ip" n'existe plus |
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist |
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/etc/alcasar-bl-categories-enabled |
# bing et Youtube sont ajoutés au safesearching depuis la V2.6 |
# bing et Youtube sont ajoutés au safesearching |
Bing=`grep bing $DIR_UPDATE/urlregexplist | wc -l` |
if [ $Bing -ne "1" ]; then |
SafeSearch=`grep ^\"\(\^http\:\/\/ $DIR_UPDATE/urlregexplist | wc -l` |
206,7 → 208,7 |
EOF |
fi |
fi |
# la variable YOUTUBE_ID est déclarée dans le fichier de conf depuis la V2.6 |
# la variable YOUTUBE_ID est déclarée dans le fichier de conf |
YOUTUBE_ID=`grep ^YOUTUBE_ID $CONF_FILE | cut -d"=" -f2` |
YOUTUBE_ID=${YOUTUBE_ID:="-1"} |
if [ $YOUTUBE_ID = "-1" ]; then |