WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 2419 2017-09-30 17:40:32Z richard $
+#  $Id: alcasar.sh 2420 2017-10-01 18:56:46Z richard $
 # alcasar.sh
 # ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
 # Ce programme est un logiciel libre ; This software is free and open source
 radius ()
+{
 	cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/
 	chown -R radius:radius /etc/raddb
 	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
-# Set radius.conf parameters
+# Set radius global parameters (radius.conf)
 	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
 	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
 	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
-# remove the proxy function
-	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
+	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
-	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
-# remove EAP module
-#	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
-# listen on loopback (should be modified later if EAP enabled)
-#	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
-# enable the  SQL module (and SQL counter)
-	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
-# only include modules for ALCASAR needs
-	$SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
+	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
-	$SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*\#	daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
-# remvove virtual server and copy our conf file
-	rm -f /etc/raddb/sites-enabled/*
-       	cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
-	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
-	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
-	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
-	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
-# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
-#	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
-# client.conf configuration (coova on 127.0.0.1)
+# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
 	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
 	cat << EOF > /etc/raddb/clients.conf
 client 127.0.0.1 {
 	secret = $secretradius
 	shortname = localhost
+}
 EOF
+# Set Virtual server (remvove all except "alcasar virtual site")
+	rm -f /etc/raddb/sites-enabled/*
+    cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
+	chown radius:apache /etc/raddb/sites-available/alcasar
+	chmod 660 /etc/raddb/sites-available/alcasar
+	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
+# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
-# sql.conf modification
+# Set modules
+# Set only usefull modules for ALCASAR
+    rm -rf  /etc/raddb/mods-enabled/*
+    for mods in sql sqlcounter attr_filter expiration logintime ldap pap
+        do
+        ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
+        done
+# Configure SQL mod (TODO :and SQL counter)
-	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
+	[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
+    cp $DIR_CONF/radius/sql /etc/raddb/mods-available/sql
+    chown radius:radius /etc/raddb/mods-available/sql
-	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
+	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
-	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
+	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
-	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
+	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
+#	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
+#	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
-	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
+#	$SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
+#	$SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
+#	$SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
+#	$SED "s?^[\t ]*\#	daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
+#	$SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
+#	$SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
-# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.)
+# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
-	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
+	[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
-	cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
+	cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
+	chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
-# counter.conf modification (change the Max-All-Session-Time counter)
+# sqlcounter.conf modifications (change the Max-All-Session-Time counter)
 	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
 	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
-	chown -R radius:radius /etc/raddb/sql/mysql/*
 # make certain that mysql is up before radius start
 	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
 	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
 	/usr/bin/systemctl daemon-reload
+ # Allow apache to change some conf files (ie : ldap on/off)
+ chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
 } # End radius ()
 ##################################################################################
 ##			Fonction "chilli"					##
 ## - Création du fichier d'initialisation et de configuration de coova-chilli	##
 /var/log/firewall/*                     root.apache     640
 /etc/security/msec/perm.local           root.root       640
 /etc/security/msec/level.local          root.root       640
 /etc/freeradius-web                     root.apache     750
 /etc/freeradius-web/admin.conf          root.apache     640
-/etc/raddb/dictionnary                  root.apache     640
-/etc/raddb/ldap.attrmap                 root.radius     640
-/etc/raddb/hints                        root.radius     640
+/etc/raddb/client.conf                  radius.radius   640
-/etc/raddb/huntgroups                   root.radius     640
-/etc/raddb/attrs.access_reject          root.radius     640
-/etc/raddb/attrs.accounting_response    root.radius     640
-/etc/raddb/acct_users                   root.radius     640
+/etc/raddb/radius.conf                  radius.radius   640
-/etc/raddb/preproxy_users               root.radius     640
-/etc/raddb/modules/ldap                 radius.apache   660
+/etc/raddb/mods-available/ldap          radius.apache   660
 /etc/raddb/sites-available/alcasar      radius.apache   660
 /etc/pki/*                              root.apache     750
 /var/log/netflow/porttracker            root.apache     770
 /var/log/netflow/porttracker/*          root.apache     660
 EOF

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 2419 → 2420