9,53 → 9,52 |
# This script is launched by coova after each successfull login |
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi) |
|
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
|
if [ -z $FRAMED_IP_ADDRESS ]; then |
exit 1 |
fi |
|
# Add user to his IPSET (depending on FILTER_ID) |
# Add user to his IPSET |
|
# FilterID Byte N°0 to 7 |
# 0: profile_1 (WEB) |
# 1: profile_2 (WEB + Mail + Remote access) |
# 2: profile_3 (Custom) |
# 3: warn_user (if imputability report has been generated) |
# 4: status_open_required (check user activity through status page) |
# 5: WL |
# 6: BL |
# 7: HAVP |
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute='Alcasar-Filter' OR attribute='Alcasar-Filter-Proto' OR attribute='Alcasar-Status-Open-Required') AND username = '$USER_NAME' ORDER BY ug.priority)) attrs GROUP BY attribute;" |
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns) |
|
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL |
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }') |
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Filter-Proto" { print $2 }') |
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Open-Required" { print $2 }') |
|
if [ "$filter" == '4' ]; then # HAVP_WL |
set_filter="havp_wl" |
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL |
elif [ "$filter" == '3' ]; then # HAVP_BL |
set_filter="havp_bl" |
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP |
elif [ "$filter" == '2' ]; then # HAVP |
set_filter="havp" |
else # NOT_FILTERED |
set_filter="not_filtered" |
fi |
|
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom) |
set_proto="proto_3"; |
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_proto="proto_2"; |
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB) |
set_proto="proto_1"; |
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom) |
set_filterProto="proto_3"; |
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_filterProto="proto_2"; |
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB) |
set_filterProto="proto_1"; |
else # PROFILE 0 (Not filtered) |
set_proto="proto_0"; |
set_filterProto="proto_0"; |
fi |
|
ipset add $set_filter $FRAMED_IP_ADDRESS |
ipset add $set_proto $FRAMED_IP_ADDRESS |
ipset add $set_filterProto $FRAMED_IP_ADDRESS |
|
# Add user IP permanently to current_users.txt if no status_open_required |
current_users_file="/var/tmp/havp/current_users.txt" |
[ ! -e $current_users_file ] && touch $current_users_file && chown apache:apache $current_users_file |
if [ ${FILTER_ID:4:1} == '1' ]; then # no status_open_required |
if [ "$statusOpenRequired" == '2' ]; then # no status_open_required |
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file |
fi |
|
# Debug : show all the coova parse variables (+ $set_filter + $set_proto). |
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto). |
# see "/src/chilli.c" for the complete list of parse variables |
#echo "-----------------------------------------------" >> /tmp/debug-conup.txt |
#echo `date` >> /tmp/debug-conup.txt |
64,5 → 63,5 |
# echo "$i : ${!i}" >> /tmp/debug-conup.txt |
#done |
#echo "set_filter : $set_filter" >> /tmp/debug-conup.txt |
#echo "set_proto : $set_proto" >> /tmp/debug-conup.txt |
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-conup.txt |
|