| 2896 |
rexy |
1 |
#! /bin/bash
|
|
|
2 |
# script test&debug.sh
|
|
|
3 |
# by Rexy
|
|
|
4 |
# This script is distributed under the Gnu General Public License (GPL)
|
|
|
5 |
|
|
|
6 |
# This script tests the following behaviour :
|
|
|
7 |
# - Retreive 3 special attributes of a user ('test' by default). It Retrieves theses attributes from default group, then from user's group, then from its account
|
|
|
8 |
# - test if the attribute "Alcasar-Status-Page-Must-Stay-Open" is set to "2", then retrieve the "expiration" attribute
|
|
|
9 |
# - if the "expiration" attribute exists then create a new user (login = user's @MAC) and duplicates all user's attributes
|
|
|
10 |
|
|
|
11 |
|
|
|
12 |
PASSWD_FILE="/root/ALCASAR-passwords.txt"
|
|
|
13 |
USER_NAME="test"
|
|
|
14 |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
|
|
|
15 |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
|
|
|
16 |
|
|
|
17 |
# Retrieve 3 ALCASAR special radius attributes (search order : default group, then user's group, then user)
|
|
|
18 |
db_query="SELECT attribute, value FROM ( \
|
|
|
19 |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
|
|
|
20 |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \
|
|
|
21 |
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \
|
|
|
22 |
) attrs GROUP BY attribute;"
|
|
|
23 |
db_radreply_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
|
|
|
24 |
|
|
|
25 |
filter=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
|
|
|
26 |
filterProto=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
|
|
|
27 |
statusOpenRequired=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Status-Page-Must-Stay-Open" { print $2 }')
|
|
|
28 |
echo "USER_NAME = $USER_NAME; filter = $filter; filterproto = $filterProto; statusOpenRequired = $statusOpenRequired";
|
|
|
29 |
|
|
|
30 |
# If status page isn't required :
|
|
|
31 |
# -add user_IP with the flag 'PERM' in /tmp/current_users.txt
|
|
|
32 |
# -add user_@MAC as an authenticated (with the same user's attributes)
|
|
|
33 |
if [ "$statusOpenRequired" == '2' ]; then # Status page is not required
|
|
|
34 |
echo ""
|
|
|
35 |
# Retrieve "expiration" attribute from radcheck
|
|
|
36 |
db_query="SELECT attribute, value FROM ( \
|
|
|
37 |
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' AND attribute = 'Expiration' ) UNION \
|
|
|
38 |
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND attribute = 'Expiration' ORDER BY ug.priority ) UNION \
|
|
|
39 |
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' AND attribute = 'Expiration' ) \
|
|
|
40 |
) attrs GROUP BY attribute;"
|
|
|
41 |
db_radcheck_expiration_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
|
|
|
42 |
# if a expiration date exists we retrieve all radreply attributes
|
|
|
43 |
if [ `echo $db_radcheck_expiration_res|wc -l` == '1' ]; then
|
|
|
44 |
echo "###########################"
|
|
|
45 |
echo "## Attributs radreply"
|
|
|
46 |
db_query="SELECT attribute, value FROM ( \
|
|
|
47 |
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' ) UNION \
|
|
|
48 |
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
|
|
|
49 |
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' ) \
|
|
|
50 |
) attrs GROUP BY attribute;"
|
|
|
51 |
mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns | while IFS= read -r loop
|
|
|
52 |
do
|
|
|
53 |
attr=`echo $loop|cut -d" " -f1`
|
|
|
54 |
attr_value=`echo $loop|cut -d" " -f2-`
|
|
|
55 |
echo "$attr = $attr_value"
|
|
|
56 |
done
|
|
|
57 |
# if a expiration date exists we retrieve all radcheck attributes
|
|
|
58 |
echo "## Attributs radcheck"
|
|
|
59 |
db_query="SELECT attribute, value FROM ( \
|
|
|
60 |
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' ) UNION \
|
|
|
61 |
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
|
|
|
62 |
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' ) \
|
|
|
63 |
) attrs GROUP BY attribute;"
|
|
|
64 |
mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns | while IFS= read -r loop
|
|
|
65 |
do
|
|
|
66 |
attr=`echo $loop|cut -d" " -f1`
|
|
|
67 |
attr_value=`echo $loop|cut -d" " -f2-`
|
|
|
68 |
echo "$attr = $attr_value"
|
|
|
69 |
done
|
|
|
70 |
fi
|
|
|
71 |
fi
|