Subversion Repositories ALCASAR

Rev

Rev 3269 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3269 Rev 3302
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
#
 2 
#
3 
# $Id: alcasar-condown.sh 3269 2025-04-21 21:57:13Z rexy $
 3 
# $Id: alcasar-condown.sh 3302 2025-10-20 22:47:58Z rexy $
4 
#
 4 
#
5 
# alcasar-condown.sh
 5 
# alcasar-condown.sh
6 
# by Rexy & Pierre RIVAULT
 6 
# by Rexy & Pierre RIVAULT
7 
# This script is distributed under the Gnu General Public License (GPL)
 7 
# This script is distributed under the Gnu General Public License (GPL)
8 
 
 8 
 
Line 16... Line 16...
16 
 
 16 
 
17 
if [ -z $FRAMED_IP_ADDRESS ]; then
 17 
if [ -z $FRAMED_IP_ADDRESS ]; then
18 
	exit 1
 18 
	exit 1
19 
fi
 19 
fi
20 
 
 20 
 
21 
# Retrieve 2 alcasar special radius attributes (search order : default group, then user's group, then user)
 - 
 
22 
db_query="SELECT attribute, value FROM ( \
 21 
# Remove the user from their IPSETs
23 
 	( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) UNION \
 - 
 
24 
	( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ORDER BY ug.priority ) UNION \
 - 
 
25 
	( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter')) ) \
 - 
 
26 
) attrs GROUP BY attribute;"
 22 
for set_filter in av_wl av_bl av not_filtered
27 
db_res=$(mariadb -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
 - 
 
28 
 
 23 
do
29 
filter=$(echo "$db_res"      | awk '$1 == "Alcasar-Filter"           { print $2 }')
 24 
	ipset del -exist $set_filter $FRAMED_IP_ADDRESS
30 
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
 - 
 
31 
 
 25 
done
32 
if [ "$filter" == '4' ]; then	# AV_WL
 26 
for set_filterProto in proto_0 proto_1 proto_2 proto_3
33 
	set_filter="av_wl"
 - 
 
34 
elif [ "$filter" == '3' ]; then	# AV_BL
 - 
 
35 
	set_filter="av_bl"
 - 
 
36 
elif [ "$filter" == '2' ]; then	# AV
 - 
 
37 
	set_filter="av"
 - 
 
38 
else				# NOT_FILTERED
 - 
 
39 
	set_filter="not_filtered"
 - 
 
40 
fi
 27 
do
41 
 
 - 
 
42 
if [ "$filterProto" == '4' ]; then	# PROFILE 3 (Custom)
 - 
 
43 
	set_filterProto="proto_3";
 - 
 
44 
elif [ "$filterProto" == '3' ]; then	# PROFILE 2 (WEB + Mail + Remote access)
 - 
 
45 
	set_filterProto="proto_2";
 - 
 
46 
elif [ "$filterProto" == '2' ]; then	# PROFILE 1 (WEB)
 - 
 
47 
	set_filterProto="proto_1";
 - 
 
48 
else					# PROFILE 0 (Not filtered)
 - 
 
49 
	set_filterProto="proto_0";
 28 
	ipset del -exist $set_filterProto $FRAMED_IP_ADDRESS
50 
fi
 29 
done
51 
 
 30 
 
52 
# Remove user from his IPSET
 - 
 
53 
ipset del $set_filter      $FRAMED_IP_ADDRESS
 - 
 
54 
ipset del $set_filterProto $FRAMED_IP_ADDRESS
 - 
 
55 
 
 31 
 
56 
# Remove IP address from active users list
 32 
# Remove IP address from active users list
57 
current_users_file="/tmp/current_users.txt"
 33 
current_users_file="/tmp/current_users.txt"
58 
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
 34 
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
59 
 
 35 
 
60 
# Remove user_IP from ipset of load balancing
 36 
# Remove user_IP from load-balancing ipset
61 
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
 37 
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
62 
for (( i = 0 ; i <= $nb_gw ; i++ ));do
 38 
for (( i = 0 ; i <= $nb_gw ; i++ ));do
63 
	gw="gw$i"
 39 
	gw="gw$i"
64 
	ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1
 40 
	ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1
65 
	if [ $? -eq 0 ];then
 41 
	if [ $? -eq 0 ];then