Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 976 → Rev 977

/web/acc/admin/activity.php
27,6 → 27,7
fclose($ouvre);
$tmp = explode("/",$conf["PRIVATE_IP"]);
$private_ip=$tmp[0];
require('/etc/freeradius-web/config.php');
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
90,47 → 91,53
<th>$l_user</th>
<th>$l_action</th>
</tr>";
$output = array(); $nb_ligne = 0;
$output = array(); $output_mac = array(); $nb_ligne = 0;
exec ('sudo /sbin/ip link show eth1 |grep ether|cut -d" " -f6', $output_mac);
$eth1_mac_addr=strtoupper(str_replace(":","-",$output_mac[0]));
exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output);
while (list(,$ligne) = each($output)){
$detail = explode (" ", $ligne);
if ($detail[1] != $private_ip){
$nb_ligne ++;
echo "<FORM action='".$_SERVER['PHP_SELF']."' method=POST>";
echo "<TR>";
echo "<TD>".$nb_ligne."</TD>";
echo "<TD>".$detail[1]."</TD>";
echo "<TD>".$detail[0]."</TD>";
echo "<TD>";
# authenticated equipment
if ($detail[4] == "1"){
# by MAC address
if ($detail[5] == $detail[0]){
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed</a>";
echo "</TD><TD>&nbsp;";
}
# by user
else {
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>";
echo "</TD>";
echo "<TD>";
echo "<INPUT type='hidden' name='action' value='user_disconnect'>";
echo "<INPUT type='hidden' name='user' value='$detail[5]'>";
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>";
echo "<INPUT type=submit value='$l_disconnect'>";
}
}
# equipment without authenticated user
else {
echo "&nbsp;";
$nb_ligne ++;
echo "<FORM action='".$_SERVER['PHP_SELF']."' method=POST>";
echo "<TR>";
echo "<TD>".$nb_ligne."</TD>";
echo "<TD>".$detail[1]."</TD>";
echo "<TD>".$detail[0]."</TD>";
echo "<TD>";
# authenticated equipment
if ($detail[4] == "1"){
# by MAC address
if ($detail[5] == $detail[0]){
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed</a>";
echo "</TD><TD>&nbsp;";
}
# by user
else {
echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>";
echo "</TD>";
echo "<TD>";
echo "<INPUT type='hidden' name='action' value='mac_disconnect'>";
echo "<INPUT type='hidden' name='action' value='user_disconnect'>";
echo "<INPUT type='hidden' name='user' value='$detail[5]'>";
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>";
echo "<INPUT type='submit' value='$l_dissociate'>";
echo "<INPUT type=submit value='$l_disconnect'>";
}
}
echo "</TD></TR></FORM>";
# equipment without authenticated user
else if (($detail[0] == $eth1_mac_addr) || ($detail[1] == $private_ip)){
echo "ALCASAR system";
echo "</TD>";
echo "<TD>";
echo "&nbsp;";
}
else {
echo "&nbsp;";
echo "</TD>";
echo "<TD>";
echo "<INPUT type='hidden' name='action' value='mac_disconnect'>";
echo "<INPUT type='hidden' name='mac_addr' value='$detail[0]'>";
echo "<INPUT type='submit' value='$l_dissociate'>";
}
echo "</TD></TR></FORM>";
}
?>
</td></tr>
/alcasar.sh
281,12 → 281,12
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
echo "$secretradius" >> $PASSWD_FILE
chmod 640 $PASSWD_FILE
# On installe les scripts et fichiers de configuration d'ALCASAR
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
# Scripts and conf files copy
# - in /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
# - in /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
# - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
357,19 → 357,20
fi
# Define LAN side global parameters
hostname $HOSTNAME
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
 
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF (eth1)
# Define Internet parameters
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
980,8 → 981,8
#dhcprelayagent
#dhcpgatewayport
EOF
# création du fichier d'allocation d'adresses IP statiques
touch $DIR_DEST_ETC/alcasar-ethers
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
# create files for trusted domains and urls
touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
chown root:apache $DIR_DEST_ETC/alcasar-*
/conf/sudoers
12,7 → 12,7
User_Alias ADMWEB=apache # compte lié à l'interface de gestion
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/arping,/sbin/arp,/usr/sbin/arpscan,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/arpscan,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # gestion des paquetages
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne
/CHANGELOG
4,12 → 4,12
---------------------- 2.6.1 -----------------
Bugs
- The embedded documentation is in right version
- fix the dhcp static address for eth1 (intif)
ACC
- show user information when trusted equipment are listed (better than only MAC address)
- main page : doesn't show the date of installation in the version field (can be confused)
Install
- show the GPL
 
---------------------- 2.6.0.1 -----------------
Bugs
- the deleted library fpdf has been restored
/scripts/alcasar-conf.sh
77,7 → 77,6
mkdir $DIR_UPDATE/etc/
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
# particularité des versions
rm -f $DIR_UPDATE/etc/alcasar-macallowed # macallowed is replaced with macauth
# si version <= 2.0
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ])
then
176,17 → 175,20
echo "DNS_FILTERING=on" >> $CONF_FILE
fi
fi
# DHCP mode can be "off/half/full" since V2.6
# since V2.6
# macallowed is replaced with macauth since
rm -f $DIR_UPDATE/etc/alcasar-macallowed
# DHCP mode can be "off/half/full"
DHCP_mode=`cat $CONF_FILE|grep DHCP=|cut -d"=" -f2`
if [ $DHCP_mode = "on" ]; then
$SED "s?^DHCP=on.*?DHCP=full?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6
fi
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus
$SED "/^EXT_LAN/d" $CONF_FILE
# la catégorie de sites filtrés "ip" n'existe plus depuis la V2.6
# la catégorie de sites filtrés "ip" n'existe plus
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/etc/alcasar-bl-categories-enabled
# bing et Youtube sont ajoutés au safesearching depuis la V2.6
# bing et Youtube sont ajoutés au safesearching
Bing=`grep bing $DIR_UPDATE/urlregexplist | wc -l`
if [ $Bing -ne "1" ]; then
SafeSearch=`grep ^\"\(\^http\:\/\/ $DIR_UPDATE/urlregexplist | wc -l`
206,7 → 208,7
EOF
fi
fi
# la variable YOUTUBE_ID est déclarée dans le fichier de conf depuis la V2.6
# la variable YOUTUBE_ID est déclarée dans le fichier de conf
YOUTUBE_ID=`grep ^YOUTUBE_ID $CONF_FILE | cut -d"=" -f2`
YOUTUBE_ID=${YOUTUBE_ID:="-1"}
if [ $YOUTUBE_ID = "-1" ]; then