WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh

 #!/bin/bash
-# $Id: alcasar-watchdog.sh 2106 2017-01-05 18:35:29Z richard $
+# $Id: alcasar-watchdog.sh 2107 2017-01-05 22:23:35Z raphael.pion $
 # alcasar-watchdog.sh
 # by Rexy
 # This script is distributed under the Gnu General Public License (GPL)
 # Ce script prévient les usagers de l'indisponibilité de l'accès Internet
 private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
 private_ip_mask=${private_ip_mask:=192.168.182.1/24}
 PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
 PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
 tmp_file="/tmp/watchdog.txt"
-tmp_users_file="/tmp/current_users.txt"
+current_users_file="/tmp/current_users.txt"
 DIR_WEB="/var/www/html"
 Index_Page="$DIR_WEB/index.php"
 IPTABLES="/sbin/iptables"
 TUNIF="tun0"						# listen device for chilli daemon
 OLDIFS=$IFS
 		lan_test
 		exit 0
 		;;
 	*)
 		lan_test
-		# read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed)
-		if [ -e $tmp_file ]; then
-			cat $tmp_file | while read noresponse
-			do
-				noresponse_ip=`echo $noresponse | cut -d" " -f1`
-				noresponse_mac=`echo $noresponse | cut -d" " -f2`
-				noresponse_user=`echo $noresponse | cut -d" " -f3`
-				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $noresponse_ip)
-				if [ $(echo $data_users | wc -l) -eq 1 ] #if it still connected ...
-	       			then
-					if [[ $noresponse_user != $noresponse_mac ]] # we let @mac auth equipments connected
-						then
-						logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."
-						echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user"
-						/usr/sbin/chilli_query logout $noresponse_mac
-					fi
-				fi
-			done
-			rm $tmp_file
-#			if [ -e $tmp_users_file ]; then
-#				rm $tmp_users_file
-#			fi
-		fi
-		# this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open)
-		if [ -e $tmp_users_file ]; then
-			for ip_user in $(cat $tmp_users_file)
-			do
-				# Check if thses users are also connected for chilli
-				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $ip_user)
-				if [ $(echo $data_users | wc -l) -eq 0 ] #if user not in the file $tmp_users_file  (it means that status.php has been closed)
-				then
-					#save info in tmp_file
-					active_ip=`echo $data_user |cut -d" " -f2`
-		                        active_mac=`echo $data_user | cut -d" " -f1`
-		                        active_user=`echo $data_user |cut -d" " -f6`
-					echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected.
-				fi
-			done
-			rm $tmp_users_file
-		else
-			for system in $(/usr/sbin/chilli_query list |grep -v "\.0\.0\.0" | awk '$5 == 1')
-			do
-				#disconnect all users
-                                active_ip=`echo $system |cut -d" " -f2`
-                                active_mac=`echo $system | cut -d" " -f1`
-                                active_user=`echo $system |cut -d" " -f6`
-                                echo "$active_ip $active_mac $active_user" >> $tmp_file
-			done
-		fi
+		# We disconnect inactive users (its means that status.php has been closed)
+		# Each user inform about his connectivity by filling in /tmp/current_users.txt his own @IP
 		# process each equipment known by chilli to check if any equipment is usurped (@MAC)
 		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
 		do
 			active_ip=`echo $system |cut -d" " -f2`
 			active_session=`echo $system |cut -d" " -f5`
 			active_mac=`echo $system | cut -d" " -f1`
 			active_user=`echo $system |cut -d" " -f6`
+			#We disconnect inactive user here :
+			#We check if this is not an auth @MAC and if he is still connected
+			if [ "$active_user" != "$active_mac" ] && [ $(echo $system | awk '$5 == 1' | wc -c) -gt 1 ]; then
+				# If /tmp/current_user.txt exists ...
+				if [ -e $current_users_file ]; then
+					# We check if user @IP is in 'current_users.txt'
+					cmp_user_ok=$(cat $current_users_file | grep $active_ip | wc -w)
+					# If this @IP is not in this file, we disconnect this user.
+					if [ $cmp_user_ok -eq 0 ]; then
+						logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)."
+						echo "Disconnect : $active_ip $active_mac $active_user"
+						/usr/sbin/chilli_query logout $active_mac
+					fi
+					# We clean 'current_users.txt'. Every user need to inform their @IP everytime to prove thier connectivity.
+					sed -i 'd' $current_users_file
+				else # If /tmp/current_user.txt does not exists we disconnect every users.
+					logger "Le fichier /tmp/current_users.txt n'existe pas."
+					logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)."
+					echo "Disconnect : $active_ip $active_mac $active_user"
+					/usr/sbin/chilli_query logout $active_mac
+				fi
+			fi
 			# process only equipment with an authenticated user
 			if [[ $(expr $active_session) -eq 1 ]]
 			then
 				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
 				# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.
 			fi
 		done
 		;;
 esac
 IFS=$OLDIFS

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh – Rev 2106 → 2107