Subversion Repositories ALCASAR

<?php

/********************

* READ CONF FILES   *

*********************/

define("CONF_FILE", "/usr/local/etc/alcasar.conf");

define("ETHERS_INFO_FILE", "/usr/local/etc/alcasar-ethers-info");

$conf_files=array(CONF_FILE,ETHERS_INFO_FILE);

foreach ($conf_files as $file) {

	if (!file_exists($file)) {

		exit("Requested file ".$file." isn't present");

	}

	if (!is_readable($file)) {

		exit("Can't read the file ".$file);

	}

}

$alcasar_conf_file = '/usr/local/etc/alcasar.conf';

$file_conf = fopen($alcasar_conf_file, 'r');

if (!$file_conf) {

	exit('Error opening the file '.$alcasar_conf_file);

}

while (!feof($file_conf)) {

	$buffer = fgets($file_conf, 4096);

	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {

		$tmp = explode('=', $buffer, 2);

		$conf[trim($tmp[0])] = trim($tmp[1]);

	}

}

fclose($file_conf);

$tmp = explode("/",$conf["PRIVATE_IP"]);

$intif = $conf["INTIF"];

$private_ip=$tmp[0];

require('/etc/freeradius-web/config.php');

# Choice of language

$Language = 'en';

if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {

	$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);

	$Language = strtolower(substr(chop($Langue[0]), 0, 2));

}

if ($Language === 'fr') {

	$l_activity = "Activité sur le réseau de consultation";

	$l_ip_adr = "Adresse IP";

	$l_mac_adr = "Adresse MAC";

	$l_user = "Usager";

	$l_mac_allowed = "@MAC autorisée";

	$l_mac_temporarily_allowed = "@MAC autorisée temporairement";

	$l_action = "Action";

	$l_dissociate = "Dissocier @IP";

	$l_disconnect = "Déconnecter";

	$l_stop_capture_disconnect = "Arrêter la capture et se déconnecter";

	$l_refresh = "Cette page est rafraichie toutes les 30 secondes";

	$l_edit_user = "Editer l'utilisateur";

	$l_connect = "Autoriser temporairement";

	$l_captureon = "Autoriser et capturer";

	$l_captureoff = "Arrêter la capture";

	$l_captureonly_on = "Capturer";

} else if ($Language === 'es') {

	$l_activity = "Actividad en la LAN";

	$l_ip_adr = "Dirección IP";

	$l_mac_adr = "MAC Adress";

	$l_user = "Usuario";

	$l_mac_allowed = "@MAC autorizada";

	$l_mac_temporarily_allowed = "@MAC temporalmente autorizada";

	$l_action = "Acción";

	$l_dissociate = "Liberar @IP";

	$l_disconnect = "Desconectar";

	$l_stop_capture_disconnect = "Deje de capturar y desconecte";

	$l_refresh = "Esta información es actualizada cada 30''";

	$l_edit_user = "usuario de edición"; 

	$l_connect = "Permitir temporalmente";

	$l_captureon = "Autorizar y capturar";

	$l_captureoff = "Detener la captura";

	$l_captureonly_on = "Captura";

} else {

	$l_activity = "Activity on the consultation LAN";

	$l_ip_adr = "IP Adress";

	$l_mac_adr = "MAC Adress";

	$l_user = "User";

	$l_mac_allowed = "@MAC allowed";

	$l_mac_temporarily_allowed = "@MAC temporarily allowed";

	$l_action = "Action";

	$l_dissociate = "Dissociate @IP";

	$l_disconnect = "Disconnect";

	$l_stop_capture_disconnect = "Stop capture and disconnect";

	$l_refresh = "This frame is refreshed every 30'";

	$l_edit_user = "Edit user";

	$l_connect = "Temporarily authorize";

	$l_captureon = "Authorize and capture";

	$l_captureoff = "Stop capture";

	$l_captureonly_on = "Capture";

}

if (isset($_POST['action'])){

	switch ($_POST['action']){

		case "$l_disconnect" :

			$mac= $_POST['mac_addr'];

			exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));

			unset($_POST['mac_addr']);

		break;

		case "$l_stop_capture_disconnect" :

			$mac= $_POST['mac_addr'];

			exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');

			$file = '/tmp/capture_'.$mac.'.pcap';

			if (file_exists($file))

			{

				header('Content-Description : File Transfer');

				header('Content-Type: application/octet-stream');

				header('Content-disposition: attachement; filename='.basename($file).'');

				header('Expires: 0');

				header('Cache-Control: must-revalidate');

				header('Pragma: public');

				header('Content-Lenght: '.filesize($file));

				readfile($file);

				exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$macc);

				exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));

				unset($_POST['mac_addr']);

				exit;

			}

		break;

		case "$l_dissociate" :

			exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr']));

			unset($_POST['mac_addr']);

		break;

		case "$l_connect" :

			exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));

			unset($_POST['mac_addr']);

		break;

		case "$l_captureon" :

			$mac= $_POST['mac_addr'];

			exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');

			exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));

			unset($_POST['mac_addr']);

		break;

		case "$l_captureonly_on" :

			$mac= $_POST['mac_addr'];

			exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');

		break;	

		case "$l_captureoff" :

			$mac= $_POST['mac_addr'];

			exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');

			$file = '/tmp/capture_'.$mac.'.pcap';

			if (file_exists($file))

			{

				header('Content-Description : File Transfer');

				header('Content-Type: application/octet-stream');

				header('Content-disposition: attachement; filename='.basename($file).'');

				header('Expires: 0');

				header('Cache-Control: must-revalidate');

				header('Pragma: public');

				header('Content-Lenght: '.filesize($file));

				readfile($file);

				exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$mac);

				unset($_POST['mac_addr']);

				exit;

			}

		break;

	}

}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html><!-- written by Rexy -->

<head>

<meta HTTP-EQUIV="Refresh" CONTENT="30">

<meta http-equiv="Content-Type" content="text/html; charset=<?= $config['general_charset'] ?>">

<title>Activity</title>

<link rel="stylesheet" type="text/css" href="/css/acc.css">

</head>

<body>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr><th><?= $l_activity ?></th></tr>

<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>

</table>

<table width="100%" border=1 cellspacing=0 cellpadding=1>

	<tr><td valign="middle" align="center"><?= $l_refresh ?><br>

	<table border=1 width="80%" cellpadding=2 cellspacing=0>

		<tr>

			<th>#</th>

			<th><?= $l_ip_adr ?></th>

			<th><?= $l_mac_adr ?></th>

			<th><?= $l_user ?></th>

			<th><?= $l_action ?></th>

		</tr>

		<?php

		$IoT_capture = $conf["IOT_CAPTURE"];

		$output = array(); $detail = array(); $nb_ligne = 0;

		exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output); // retrieve ALCASAR MAC address

		$detail = explode (" " , $output[1]);

		$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5]));

		unset ($output);unset ($detail);

		exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output); 

		while (list(,$ligne) = each($output)){

			$detail = explode (" ", $ligne);

			$nb_ligne ++;

			echo "<tr valign=\"middle\">";

			echo "<td>".$nb_ligne."</td>";

			echo "<td>".$detail[1]."</td>";

			if(file_exists('/usr/share/arp-scan/ieee-oui.txt')) // for each device on LAN, retrieve the MAC manufacturer

			{

				$oui_id = substr(str_replace("-","",$detail[0]),0,6);

				exec ("grep $oui_id /usr/share/arp-scan/ieee-oui.txt | cut -f2", $mac_manufacturer);

				if(empty($mac_manufacturer[0]))

				{

					$mac_manufacturer[0] = "Unknown";

				}

				echo "<td>$detail[0] <font size=\"1\">($mac_manufacturer[0])</font>";

				unset($mac_manufacturer);

			}

			else

			{

				echo "<td>$detail[0]";

			}

			exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info |cut -d' ' -f3", $mac_in_ether_file);

			if (!empty($mac_in_ether_file[0]))

			{

				echo " - <b>" . ltrim($mac_in_ether_file[0],'#') . "</b>";

			}

			echo "</td><td>";

			if ($detail[4] == "1"){ // authenticated equipment

				$login = $detail[5];

				unset ($found_users); unset ($cn);

				$search = $login; $search_IN = 'username'; // is user in database ?

				if (is_file("../lib/sql/find.php"))

				include("../lib/sql/find.php");

				if (isset ($found_users)) // user is in database

				{

					if (is_file("../lib/sql/user_info.php")) //retrieve user info (especialy $cn)

						include("../lib/sql/user_info.php");

				}

				if (! isset ($cn)){ $cn='-';}

				# The user is an allowed MAC address

					if ($detail[5] == $detail[0]){

						if (isset ($found_users)) { #MAC is in database

							echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user\">$l_mac_allowed";if ($cn != '-'){ echo " ($cn)";};echo "</a>";

							echo "</td><td>";

						}

						else { #MAC is temporarily allowed

							echo "<b>$l_mac_temporarily_allowed</b>";

							echo "</td><td>";

							echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";

							echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";

							if($IoT_capture == "on")

							{

								if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON")

								{

									echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_stop_capture_disconnect\">";

									echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";

								}

 								else

								{

									echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";

									echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";

								}

							}

							else

								echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";

							echo "</FORM></TD>";

						}

						# Disable temporarily @MAC access

					}

				# The user is a humanoide ;-)

					else {

						if ($cn != '-') { echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5] ($cn)</a>";}

						else { echo "<a href=\"/acc/manager/htdocs/user_admin.php?login=$detail[5]\" title=\"$l_edit_user $detail[5]\">$detail[5]</a>";}

						echo "<TD>";

						echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";

						echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";

						echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";

						echo "</FORM></TD>";

						}

					}

			# equipment without authenticated user

			else if (($detail[0] == $intif_mac_addr) || ($detail[1] == $private_ip)){

				echo "ALCASAR system";

				echo "<TD>";

				echo " ";

				echo "</TD>";

				}	

			else {  

				echo " ";

				echo "<TD>";		

				echo "<FORM action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";

				# Dissociate user (... or other) who is not connected yet

				echo "<INPUT type=\"hidden\" name=\"mac_addr\" value=\"$detail[0]\">";

				exec ("grep $detail[0] /usr/local/etc/alcasar-ethers-info", $mac_in_ether_file);

				if (empty($mac_in_ether_file[1]))

				{

					echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_dissociate\">"; // Dissociate only MAC not in ether file (dhcp)

				}

				echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_connect\">"; // Enable temporarily @MAC access

				if($IoT_capture == "on")

				{

					if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON")

					{

						echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";

					}

					else

					{

						echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">";

						echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";

					}

				}

				echo "</FORM></TD>";

			}

			unset ($mac_in_ether_file);

			echo "</tr>";

		}

		?>

	</table>

	</td></tr>

</table>

</html>