Rev 2505 | Rev 2712 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log
#!/bin/sh
#
# $Id: alcasar-conup.sh 2692 2019-01-25 23:18:50Z tom.houdayer $
#
# alcasar-conup.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# This script is launched by coova after each successfull login
# Ce script est lancé par coova à chaque connexion d'usager (authentification réussi)
PASSWD_FILE="/root/ALCASAR-passwords.txt"
if [ -z $FRAMED_IP_ADDRESS ]; then
exit 1
fi
# Add user to his IPSET
db_query="SELECT attribute, value FROM (( SELECT attribute, value FROM radreply WHERE (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) AND username='$USER_NAME') UNION ( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) AND username = '$USER_NAME' ORDER BY ug.priority) UNION (SELECT attribute, value FROM radgroupreply WHERE groupname = 'ldap' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')))) attrs GROUP BY attribute;"
db_res=$(mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns)
filter=$(echo "$db_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
statusOpenRequired=$(echo "$db_res" | awk '$1 == "Alcasar-Status-Page-Must-Stay-Open" { print $2 }')
if [ "$filter" == '4' ]; then # HAVP_WL
set_filter="havp_wl"
elif [ "$filter" == '3' ]; then # HAVP_BL
set_filter="havp_bl"
elif [ "$filter" == '2' ]; then # HAVP
set_filter="havp"
else # NOT_FILTERED
set_filter="not_filtered"
fi
if [ "$filterProto" == '4' ]; then # PROFILE 3 (Custom)
set_filterProto="proto_3";
elif [ "$filterProto" == '3' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_filterProto="proto_2";
elif [ "$filterProto" == '2' ]; then # PROFILE 1 (WEB)
set_filterProto="proto_1";
else # PROFILE 0 (Not filtered)
set_filterProto="proto_0";
fi
ipset add $set_filter $FRAMED_IP_ADDRESS
ipset add $set_filterProto $FRAMED_IP_ADDRESS
# Add user IP permanently to current_users.txt if no status_open_required
current_users_file="/var/tmp/havp/current_users.txt"
[ ! -e $current_users_file ] && touch $current_users_file && chown apache:apache $current_users_file
if [ "$statusOpenRequired" == '2' ]; then # no status_open_required
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file
fi
# Debug : show all the coova parse variables (+ $set_filter + $set_filterProto).
# see "/src/chilli.c" for the complete list of parse variables
#echo "-----------------------------------------------" >> /tmp/debug-conup.txt
#echo `date` >> /tmp/debug-conup.txt
#for i in LAYER3 DEV NET MASK ADDR USER_NAME NAS_IP_ADDRESS SERVICE_TYPE FRAMED_IP_ADDRESS FILTER_ID STATE CLASS CUI SESSION_TIMEOUT IDLE_TIMEOUT CALLING_STATION_ID CALLED_STATION_ID NAS_ID NAS_PORT_TYPE ACCT_SESSION_ID ACCT_INTERIM_INTERVAL WISPR_LOCATION_ID WISPR_LOCATION_NAME WISPR_BANDWIDTH_MAX_UP WISPR_BANDWIDTH_MAX_DOWN WISPR-SESSION_TERMINATE_TIME CHILLISPOT_MAX_INPUT_OCTETS CHILLISPOT_MAX_OUTPUT_OCTETS CHILLISPOT_MAX_TOTAL_OCTETS INPUT_OCTETS OUTPUT_OCTETS SESSION_TIME IDLE_TIME LOCATION OLD_LOCATION TERMINATE_CAUSE
#do
# echo "$i : ${!i}" >> /tmp/debug-conup.txt
#done
#echo "set_filter : $set_filter" >> /tmp/debug-conup.txt
#echo "set_filterProto : $set_filterProto" >> /tmp/debug-conup.txt